Operating Systems

32TB of Windows 10 Internal Builds, Core Source Code Leak Online (theregister.co.uk) 201

According to an exclusive report via The Register, "a massive trove of Microsoft's internal Windows operating system builds and chunks of its core source code have leaked online." From the report: The data -- some 32TB of installation images and software blueprints that compress down to 8TB -- were uploaded to betaarchive.com, the latest load of files provided just earlier this week. It is believed the data has been exfiltrated from Microsoft's in-house systems since around March. The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code. Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels. In addition to this, hundreds of top-secret builds of Windows 10 and Windows Server 2016, none of which have been released to the public, have been leaked along with copies of officially released versions.

NSA Opens GitHub Account, Lists 32 Projects Developed By the Agency (thehackernews.com) 64

An anonymous reader quotes a report from The Hacker News: The National Security Agency (NSA) -- the United States intelligence agency which is known for its secrecy and working in the dark -- has finally joined GitHub and launched an official GitHub page. GitHub is an online service designed for sharing code amongst programmers and open source community, and so far, the NSA is sharing 32 different projects as part of the NSA Technology Transfer Program (TTP), while some of these are "coming soon." "The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace," the agency wrote on the program's page. "OSS invites the cooperative development of technology, encouraging broad use and adoption. The public benefits by adopting, enhancing, adapting, or commercializing the software. The government benefits from the open source community's enhancements to the technology." Many of the projects the agency listed are years old that have been available on the Internet for some time. For example, SELinux (Security-Enhanced Linux) has been part of the Linux kernel for years.

Intel Quietly Discontinues Galileo, Joule, and Edison Development Boards (intel.com) 95

Intel is discontinuing its Galileo, Joule, and Edison lineups of development boards. The chip-maker quietly made the announcement last week. From company's announcement: Intel Corporation will discontinue manufacturing and selling all skus of the Intel Galileo development board. Shipment of all Intel Galileo product skus ordered before the last order date will continue to be available from Intel until December 16, 2017. [...] Intel will discontinue manufacturing and selling all skus of the Intel Joule Compute Modules and Developer Kits (known as Intel 500 Series compute modules in People's Republic of China). Shipment of all Intel Joule products skus ordered before the last order date will continue to be available from Intel until December 16, 2017. Last time orders (LTO) for any Intel Joule products must be placed with Intel by September 16, 2017. [...] Intel will discontinue manufacturing and selling all skus of the Intel Edison compute modules and developer kits. Shipment of all Intel Edison product skus ordered before the last order date will continue to be available from Intel until December 16, 2017. Last time orders (LTO) for any Intel Edison products must be placed with Intel by September 16, 2017. All orders placed with Intel for Intel Edison products are non-cancelable and non-returnable after September 16, 2017. The company hasn't shared any explanation for why it is discontinuing the aforementioned development boards. Intel launched the Galileo, an Arduino-compatible mini computer in 2013, the Edison in 2014, and the Joule last year. The company touted the Joule as its "most powerful dev kit." You can find the announcement posts here.

Community Ports 'Visual Studio Code' To Chromebooks, Raspberry Pi (infoworld.com) 79

An anonymous reader quotes InfoWorld: A community build project led by developer Jay Rodgers is making Visual Studio Code, Microsoft's lightweight source code editor, available for Chromebooks, Raspberry Pi boards, and other devices based on 32-bit or 64-bit ARM processors. Supporting Linux and Chrome OS as well as the DEB (Debian) and RPM package formats, the automated builds of Visual Studio Code are intended for less-common platforms that might not otherwise receive them. Obvious beneficiaries will be IoT developers focused on ARM devices -- and the Raspberry Pi in particular -- who will find it helpful to have the editor directly on the device they're programming against... Rodgers said the lure of Visual Studio Code for him was its user-friendly interface, making it approachable for new users.

What Happens When Software Companies Are Liable For Security Vulnerabilities? (techbeacon.com) 221

mikeatTB shares an article from TechRepublic: Software engineers have largely failed at security. Even with the move toward more agile development and DevOps, vulnerabilities continue to take off... Things have been this way for decades, but the status quo might soon be rocked as software takes an increasingly starring role in an expanding range of products whose failure could result in bodily harm and even death. Anything less than such a threat might not be able to budge software engineers into taking greater security precautions. While agile and DevOps are belatedly taking on the problems of creating secure software, the original Agile Manifesto did not acknowledge the threat of vulnerabilities as a problem, but focused on "working software [as] the primary measure of progress..."

"People are doing exactly what they are being incentivized to do," says Joshua Corman, director of the Cyber Statecraft Initiative for the Atlantic Council and a founder of the Rugged Manifesto, a riff on the original Agile Manifesto with a skew toward security. "There is no software liability and there is no standard of care or 'building code' for software, so as a result, there are security holes in your [products] that are allowing attackers to compromise you over and over." Instead, almost every software program comes with a disclaimer to dodge liability for issues caused by the software. End-User License Agreements (EULAs) have been the primary way that software makers have escaped liability for vulnerabilities for the past three decades. Experts see that changing, however.

The article suggests incentives for security should be built into the development process -- with one security professional warning that in the future, "legal precedent will likely result in companies absorbing the risk of open source code."

Announcing 'build', Auto-Configuration In 1000 Lines Of Makefile (github.com) 103

Christophe de Dinechin created the XL programming language -- and as descubes he's also Slashdot reader #35,093. Today he shares his latest project, a simple makefile-based build system that he's split from ELFE/XL: Most open-source projects use tools such as autoconf and automake. For C and C++ projects, build is a make-based alternative that offers auto-configuration, build logs, colorization, testing and install targets, in about 1000 lines of makefile. A sample makefile looks like this:

CONFIG= <stdio.h> <iostream> clearenv libm
include $(BUILD)rules.mk


The Size of iPhone's Top Apps Has Increased by 1,000% in Four Years (sensortower.com) 128

Research firm Sensor Tower shares an analysis: As the minimum storage capacity of iPhone continues to increase -- it sits at 32 GB today on the iPhone 7, double the the iPhone 5S's 16 GB circa 2013 -- it's not surprising that the size of apps themselves is getting larger. In fact, Apple raised the app size cap from 2 GB to 4 GB in early 2015. What's surprising is how much faster they're increasing in size compared to device storage itself. According to Sensor Tower's analysis of App Intelligence, the total space required by the top 10 most installed U.S. iPhone apps has grown from 164 MB in May 2013 to about 1.8 GB last month, an 11x or approximately 1,000 percent increase in just four years. [...] Of the top 10 most popular U.S. iPhone apps, the minimum growth we saw in app size since May 2013 was 6x for both Spotify and Facebook's Messenger. As the chart above shows, other apps, especially Snapchat, have grown considerably more. In fact, Snapchat is more than 50 times larger than it was four years ago, clocking in at 203 MB versus just 4 MB at the start of the period we looked at. It's not the largest app among the top 10, however. That distinction goes to Facebook, which, at 388 MB, is 12 times larger than it was in May 2013 when it occupied 32 MB. It grew by about 100 MB in one update during September of last year.

Developers Who Use Spaces Make More Money Than Those Who Use Tabs (stackoverflow.blog) 515

An anonymous reader writes: Do you use tabs or spaces for code indentation? This is a bit of a "holy war" among software developers; one that's been the subject of many debates and in-jokes. I use spaces, but I never thought it was particularly important. But today we're releasing the raw data behind the Stack Overflow 2017 Developer Survey, and some analysis suggests this choice matters more than I expected. There were 28,657 survey respondents who provided an answer to tabs versus spaces and who considered themselves a professional developer (as opposed to a student or former programmer). Within this group, 40.7% use tabs and 41.8% use spaces (with 17.5% using both). Of them, 12,426 also provided their salary. Analyzing the data leads us to an interesting conclusion. Coders who use spaces for indentation make more money than ones who use tabs, even if they have the same amount of experience. Indeed, the median developer who uses spaces had a salary of $59,140, while the median tabs developer had a salary of $43,750.
The Almighty Buck

Report Reveals In-App Purchase Scams In the App Store (macrumors.com) 48

In a Medium article titled How to Make $80,000 Per Month On the Apple App Store, Johnny Lin uncovers a scamming trend in which apps advertising fake services are making thousands of dollars a month from in-app purchases. The practice works by manipulating search ads to promote dubious apps in the App Store and then preys on unsuspecting users via the in-app purchase mechanism. MacRumors reports: "I scrolled down the list in the Productivity category and saw apps from well-known companies like Dropbox, Evernote, and Microsoft," said Lin. "That was to be expected. But what's this? The #10 Top Grossing Productivity app (as of June 7th, 2017) was an app called 'Mobile protection :Clean & Security VPN.' Given the terrible title of this app (inconsistent capitalization, misplaced colon, and grammatically nonsensical 'Clean & Security VPN?'), I was sure this was a bug in the rankings algorithm. So I check Sensor Tower for an estimate of the app's revenue, which showed ... $80,000 per month?? That couldn't possibly be right. Now I was really curious." To learn how this could be, Lin installed and ran the app, and was soon prompted to start a "free trial" for an "anti-virus scanner" (iOS does not need anti-virus software thanks to Apple's sandboxing rules for individual apps). Tapping on the trial offer then threw up a Touch ID authentication prompt containing the text "You will pay $99.99 for a 7-day subscription starting Jun 9, 2017." Lin was one touch away from paying $400 a month for a non-existent service offered by a scammer. Lin dug deeper and found several other similar apps making money off the same scam, suggesting a wider disturbing trend, with scam apps regularly showing up in the App Store's top grossing lists.

Apple's App Store Guidelines Now Allow Executable Code in Educational Apps and Developer Tools (macstories.net) 13

An anonymous reader writes: Apple made several changes to the App Store Review Guidelines during WWDC last week, including an easing of the prohibition against downloading and executing code on an iOS device. The ban on executable code remains intact, but rule 2.5.2 now also provides that: "Apps designed to teach, develop, or test executable code may, in limited circumstances, download code provided that such code is not used for other purposes. Such apps must make the source code provided by the Application completely viewable and editable by the user.

Ask Slashdot: Will Python Become The Dominant Programming Language? 808

An anonymous reader shares their thoughts on language popuarity: In the PYPL index, which is based on Google searches and is supposed to be forward looking, the trend is unmistakable. Python is rising fast and Java and others are declining. Combine this with the fact that Python is now the most widely taught language in the universities. In fields such as data science and machine learning, Python is already dominating. "Python where you can, C++ where you must" enterprises are following suit too, especially in data science but for everything else from web development to general purpose computing...

People who complain that you can't build large scale systems without a compiler likely over-rely on the latter and are slaves to IDEs. If you write good unit tests and enforce Test Driven Development, the compiler becomes un-necessary and gets in the way. You are forced to provide too much information to it (also known as boilerplate) and can't quickly refactor code, which is necessary for quick iterations.

The original submission ends with a question: "Is Python going to dominate in the future?" Slashdot readers should have some interesting opinions on this. So leave your own thoughts in the comments. Will Python become the dominant programming language?

Ask Slashdot: How Can Programmers Move Into AI Jobs? 121

"I have the seriously growing suspicion that AI is coming for us programmers and IT experts faster than we might want to admit," writes long-time Slashdot reader Qbertino. So he's contemplating a career change -- and wondering what AI work is out there now, and how can he move into it? Is anything popping up in the industry and AI hype? (And what are these positions called, what do they precisely do, and what are the skills needed to do them?) I suspect something like an "AI Architect", planning AI setups and clearly defining the boundaries of what the AI is supposed to do and explore.

Then I presume the requirements for something like an "AI Maintainer" and/or "AI Trainer" which would probably resemble something like an admin of a big data storage, looking at statistics and making educated decisions on which "AI Training Paths" the AI should continue to explore to gain the skill required and deciding when the "AI" is ready to be let go on to the task... And what about Tensor Flow? Should I toy around with it or are we past that stage already and will others do AI setup and installation better than me before I know how this thing really works...?

Is there a degree program, or other paths to skill and knowledge, for a programmer who's convinced that "AI is today what the web was in 1993"? And if AI of the future ends up tied to specific providers -- AI as a service -- then are there specific vendors he should be focusing on (besides Google?) Leave your best suggestions in the comments. How can programmers move into AI jobs?

Does Silicon Valley Need More Labor Unions? (salon.com) 187

Salon recently talked to Jeffrey Buchanan, who two years ago co-founded a labor rights group "that highlights the plight of security officers, food-service workers, janitors and shuttle-bus drivers in the region." An anonymous reader quotes their report: The situation among Silicon Valley's low-wage contract workers has become so perilous that in January, thousands of security guards working at immensely profitable companies like Facebook and Cisco followed the shuttle-bus drivers and voted to unionize in an effort to collectively bargain for higher wages and better benefits. The upcoming labor contract negotiations between the roughly 3,000 security guards (represented by SEIU United Service Workers West) and their employers is one of the biggest developments in Silicon Valley labor organizing to happen this year. Buchanan says there's also a broader push this year to get tech companies to be proactive in ensuring these workers can make ends meet, even if these companies have to pay more for the services they procure...

A paper published last year by University of California at Santa Cruz researchers Chris Brenner and Kyle Neering estimates between 19,000 and 39,000 contracted service workers are employed in the Valley at any given time... An additional 78,000 workers are at risk of becoming contract employees, according to the study, a number which includes administrative assistants, sales representatives and medium-wage computer programmers. This is part of a larger societal shift in which salaried workers are converted to contractors -- a transition that benefits business owners, in that they don't have to pay benefits and can hire and fire contractors at will.

Buchanan's group represents contractors typically earning "as little as $20,000 a year." But Salon's headline argues that "programmers may be next" in the drive to organize contractors.

Developer Accidentally Deletes Production Database On Their First Day On The Job (qz.com) 418

An anonymous reader quotes Quartz: "How screwed am I?" asked a recent user on Reddit, before sharing a mortifying story. On the first day as a junior software developer at a first salaried job out of college, his or her copy-and-paste error inadvertently erased all data from the company's production database. Posting under the heartbreaking handle cscareerthrowaway567, the user wrote, "The CTO told me to leave and never come back. He also informed me that apparently legal would need to get involved due to severity of the data loss. I basically offered and pleaded to let me help in someway to redeem my self and i was told that I 'completely fucked everything up.'"
The company's backups weren't working, according to the post, so the company is in big trouble now. Though Qz adds that "the court of public opinion is on the new guy's side. In a poll on the tech site the Register, less than 1% of 5,400 respondents thought the new developer should be fired. Forty-five percent thought the CTO should go."

App Store Now Requires Developers To Use Official API To Request App Ratings, Disallows Custom Prompts (9to5mac.com) 34

One of the new App Store policy changes made this week is the addition of section 1.1.7, which requires developers to use the official in-app rating UI added in iOS 10.3 and states that they "will disallow custom review prompts" going forward. 9to5Mac reports: When the new App Store rating API was introduced in the iOS 10.3 beta period at the start of the year, adoption was optional but Apple warned that it would eventually become mandatory. It seems that time has come. Here's the relevant addition to the App Store Review guidelines: "Use the provided API to prompt users to review your app; this functionality allows customers to provide an App Store rating and review without the inconvenience of leaving your app, and we will disallow custom review prompts." The language is pretty clear-cut, use the Apple API and stop using custom implementations. The change to the Apple API has some advantages and drawbacks for developers and users.

Ask Slashdot: What Types of Jobs Are Opening Up In the New Field of AI? 133

Qbertino writes: I'm about to move on in my career after having a "short rethink and regroup break" and was for quite some time now thinking about getting into perhaps a new programming language and technology, like NodeJS or Java/Kotlin or something. But I have the seriously growing suspicion that artificial intelligence is coming for us programmers and IT experts faster than we might want to admit. Just last weekend I heard myself saying to a friend who was a pioneer on the web, "AI is today what the web was in 1993" -- I think that to be very true. So just 20 minutes ago I started thinking and wondering about what types of jobs there are in AI. Is anything popping up in the industry from the AI hype and what are these positions called, what do they precisely do and what are the skills needed to do them? I suspect something like an "AI Architect" for planning AI setups and clearly defining the boundaries of what the AI is supposed to do and explore. Then I presume the requirements for something like an "AI Maintainer" and/or "AI Trainer," which would probably resemble something like an admin of a big data storage, looking at statistics and making educated decisions on which "AI Training Paths" the AI should continue to explore to gain the skill required and deciding when the "AI" is ready to be let go on to the task. You're seeing we -- AFAIK -- don't even have names for these positions yet, but I suspect, just as in the internet/web boom 20 years ago, that is about to change *very* fast.

And what about Tensor Flow? Should I toy around with it or are we past that stage already and will others do AI setup and installation better than me before I know how this thing really works? Because I also suspect most of the AI work for humans will closely be tied to services and providers such as Google. You know, renting "AI" as you rent webspace or subscribe to bandwidth today. Any services and industry vendors I should look into -- besides the obvious Google that is? In a nutshell, what work is there in the field of AI that can be done and how do I move into that? Like now. And what should I maybe get a degree in if I want to be on top of this AI thing? And how would you go about gaining skill and knowledge on AI today, and I mean literally, today. I know, tons of questions but insightful advice is requested from an educated slashdot crowd. And I bet I'm not the only one interested in this topic. Thanks.

Google Launches Android O Developer Preview 3 With Final APIs (venturebeat.com) 16

An anonymous reader quotes a report from VentureBeat: Google today launched the third Android O developer preview, available for download now at developer.android.com and via the Android Beta Program. The preview includes an updated SDK with system images for the Nexus 5X, Nexus 6P, Nexus Player, Pixel, Pixel XL, Pixel C, and the official Android Emulator, and there's even an emulator for testing Android Wear 2.0 on Android O. The big highlight with this preview is that the Android O APIs are now final. Google launched the first Android O developer preview in March and the second developer preview in May at its I/O 2017 developer conference. Google is planning to release one more preview with near-final system images in July and has slated the final version for release "later this summer" (in Q3 2017). Developer Preview 3 includes the latest version of the Android O platform with the final API level 26 and "hundreds of bug fixes and optimizations."

EU Seeks New Powers To Obtain Data 'Directly' From Tech Firms (zdnet.com) 40

Zack Whittaker reports via ZDNet: European authorities are seeking new powers to allow police and intelligence agencies to directly obtain user data stored on the continent by U.S. tech companies. The move comes in the wake of an uptick in terrorist attacks, including several attacks in Britain and France, among others across the bloc. Tech companies have been asked to do more to help law enforcement, while police have long argued the process for gathering data overseas is slow and cumbersome. The bloc's justice commissioner, Vera Jourova, presented several plans to a meeting of justice ministers in Luxembourg on Thursday to speed up access for EU police forces to obtain evidence -- including one proposal to allow police to obtain data "directly" from the cloud servers of U.S. tech companies in urgent cases. "Commissioner Jourova presented at the Justice Council three legislative options to improve access to e-evidence," said Christian Wiga, an EU spokesperson, in an email. "Based on the discussion between justice ministers, the Commission will now prepare a legislative proposal," he added. Discussions are thought to have included what kind of data could be made available, ranging from geolocation data to the contents of private messages. Such powers would only be used in "emergency" situations, said Jourova, adding that safeguards would require police to ensure that each request is "necessary" and "proportionate." Further reading: Reuters

Apple's 'Planet of the Apps' Reality Show Is 'Bland, Tepid, Barely Competent Knock-off of 'Shark Tank' (variety.com) 78

On Tuesday, Apple made its debut into the world of original television programming with "Planet of the Apps," a reality show that brings app developers in a competition to try to get mentoring and assistance from hosts Jessica Alba, will.i.am, Gwyneth Paltrow and entrepreneur Gary Vaynerchuk. Contestants describe their proposals as they ride an escalator down onto a stage where the judges sit, and then fire questions at the app developer. The problem? Critics aren't pleased. An anonymous reader shares a Variety report: Apple's first offering, "Planet of the Apps," feels like something that was developed at a cocktail party, and not given much more rigorous thought or attention after the pitcher of mojitos was drained. It's not terrible, but essentially, it's a bland, tepid, barely competent knock-off of " Shark Tank." Apple made its name on game-changing innovations, but this show is decidedly not one of them. The program's one slick innovation is the escalator pitch. You read that right; I didn't mistype "elevator pitch." The show begins with an overly brief set-up segment, which doesn't spend much time explaining the rules of the show, and which also assumes that a viewer will know who host Zane Lowe is, though a reasonably large chunk of the audience won't. Soon enough, app developers step into a pitch room with a very long escalator in the middle of it. As the four judges listen (often with looks of glacial boredom on their faces), the aspiring creators have one minute of escalator time to tout the product they want funding for. After the app makers get to the bottom of the conveyance, the judges (or "advisors") vote yea or nay. As long as one judge has given the developers a green light, they can continue making their pitch.
Operating Systems

Ubuntu Works With GNOME To Improve HiDPI Support On Linux Desktop (omgubuntu.co.uk) 85

An anonymous reader shares an article: Canonical is playing host to a 'fractional scaling hackfest' in its Taipei offices this week. Both GNOME developers and Ubuntu developers are in attendance, ready to wrestle with the aim: improve GNOME HiDPI support. Ubuntu's Unity desktop (I'm told, anyhow) plays fairly nice with high DPI monitors because the shell supports fractional scaling (though most apps, I believe, do not). Furthermore, users can tweak some high DPI settings to better suit their display(s). GNOME Shell also supports HiDPI monitors, but has, until now, been a little less flexible about it. "Currently, we only allow to scale windows by integral factors (typically 2). This proves somewhat limiting as there are many systems that are just in between the dpi ranges that are good for scale factor 2, or unscaled," the hackfest page explains.

Slashdot Top Deals