Security

Equifax's Data Breach By the Numbers: 146 Million Social Security Numbers, 99 Million Addresses, and More (theregister.co.uk) 69

Several months after the data breach was first reported, Equifax has published the details on the personal records and sensitive information stolen in the cybersecurity incident. The good news: the number of individuals affected by the network intrusion hasn't increased from the 146.6 million Equifax previously announced, but extra types of records accessed by the hackers have turned up in Mandiant's ongoing audit of the security breach," reports The Register. From the report: Late last week, the company gave the numbers in letters to the various U.S. congressional committees investigating the network infiltration, and on Monday, it submitted a letter to the SEC, corporate America's financial watchdog. As well as the -- take a breath -- 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information and 209,000 payment cards (number and expiry date) exposed, the company said there were also 38,000 American drivers' licenses and 3,200 passport details lifted, too.

The further details emerged after Mandiant's investigators helped "standardize certain data elements for further analysis to determine the consumers whose personally identifiable information was stolen." The extra data elements, the company said, didn't involve any individuals not already known to be part of the super-hack, so no additional consumer notifications are required.

Programming

Microsoft Adds Support For JavaScript Functions in Excel (bleepingcomputer.com) 171

An anonymous reader shares a report: At the Build 2018 developer conference that's taking place these days in Seattle, USA, Microsoft announced support for custom JavaScript functions in Excel. What this means is that Excel users will be able to use JavaScript code to create a custom Excel formula that will appear in Excel's default formula database. Users will then be able to insert and call these formulas from within Excel spreadsheets, but have a JavaScript interpreter compute the spreadsheet data instead of Excel's native engine. "Office developers have been wanting to write JavaScript custom functions for many reasons," Microsoft says, "such as: (1) Calculate math operations, like whether a number is prime. (2) Bring information from the web, like a bank account balance. (3) Stream live data, like a stock price."
Microsoft

Microsoft Hopes Money Will Entice More Developers (engadget.com) 134

At Build conference, Microsoft announced that starting later this year, all consumer apps (except games) sold in the Microsoft Store will ship a whopping 95 percent of the revenue earned from app and in-app purchases to the developer. From a report: That is, if the customer purchases the app via a deep or direct link. If the customer gets your app via a Microsoft-assisted method, like getting featured on the Microsoft Store, then devs will get 85 percent of the revenue, which is still a pretty good amount.
GNU is Not Unix

GCC 8.1 Compiler Introduces Initial C++20 Support (gnu.org) 90

"Are you tired of your existing compilers? Want fresh new language features and better optimizations?" asks an announcement on the GCC mailing list touting "a major release containing substantial new functionality not available in GCC 7.x or previous GCC releases."

An anonymous reader writes: GNU has released the GCC 8.1 compiler with initial support for the C++20 (C++2A) revision of C++ currently under development. This annual update to the GNU Compiler Collection also comes with many other new features/improvements including but not limited to new ARM CPU support, support for next-generation Intel CPUs, AMD HSA IL, and initial work on Fortran 2018 support.
China

China's Bungled Drone Display Breaks World Record (bbc.com) 67

Chinese company EHang has broken the Guinness World Record for the most drones flown simultaneously, despite them failing to coordinate for a light show. The company programmed a fleet of 1,374 drones to fly in set patterns, "but failed to spell out the date and the record-setting number of drones," reports the BBC. From the report: The South China Morning Post called the event an "epic fail." The record was previously held by U.S. technology company Intel, which flew 1,218 aircraft at the 2018 Pyeongchang Winter Olympic Games in February. Intel's show was pre-recorded before being aired during the opening ceremony, due to "possible freezing weather and strong winds." According to the South China Morning Post, EHang was paid 10.5 million yuan ($1.65 million) for the Labor Day performance in the north-western city of Xi'an. You can watch a video of the drone display here.
Cloud

Google Releases Open Source Framework For Building 'Enclaved' Apps For Cloud (arstechnica.com) 21

An anonymous reader quotes a report from Ars Technica: Today, Google is releasing an open source framework for the development of "confidential computing" cloud applications -- a software development kit that will allow developers to build secure applications that run across multiple cloud architectures even in shared (and not necessarily trusted) environments. The framework, called Asylo, is currently experimental but could eventually make it possible for developers to address some of the most basic concerns about running applications in any multi-tenant environment. Container systems like Docker and Kubernetes are designed largely to allow untrusted applications to run without exposing the underlying operating system to badness. Asylo (Greek for "safe place") aims to solve the opposite problem -- allowing absolutely trusted applications to run "Trusted Execution Environments" (TEEs), which are specialized execution environments that act as enclaves and protect applications from attacks on the underlying platform they run on.
Programming

One Of LLVM's Top Contributors Quits Development Over Code of Conduct, Outreach Program (phoronix.com) 1235

Rafael Avila de Espindola is the fifth most active contributor to LLVM with more than 4,300 commits since 2006, but now he has decided to part ways with the project. From a report: Rafael posted a rather lengthy mailing list message to fellow LLVM developers today entitled I am leaving llvm. He says the reason for abandoning LLVM development after 12 years is due to changes in the community. In particular, the "social injustice" brought on the organization's new LLVM Code of Conduct and its decision to participate in this year's Outreachy program to encourage women and other minority groups to get involved with free software development. "I am definitely sad to lose Rafael from the LLVM project, but it is critical to the long term health of the project that we preserve an inclusive community. I applaud Rafael for standing by his personal principles, this must have been a hard decision," Chris Lattner, tweeted Thursday.
Education

Ask Slashdot: What Should I Study? 214

A fellow Slashdot reader is seeking advice on a new field of study: After many years at the same company, I'm now thinking of a change. At my current place of work, I have worked on many different projects, from server side development, to UI development, and most recently, a lot of data science work. If I were to rate myself, I consider myself to be a good developer, thorough, conscientious and always willing to learn new things. Even my recent foray into data science (though not entirely new, since my graduate studies specialized in machine learning) has had reasonable success, and ideally, I'd really like to continue working in this space.

But, I'm starting to feel in a rut and I'm looking for a change. And looking outside my company, I'm not sure how to begin. Should I hit the books again? Should I focus on any specific technologies? I haven't particularly kept up with new technology -- after working for so long, I tend to think of that as something I can learn, when I need to. Any advice on how I should go about preparing for interviews? I'm quite willing to put in a few months of work into prep, so all suggestions are welcome!
Wireless Networking

Researchers Want To Turn Your Entire House Into a Co-Processor Using the Local Wi-Fi Signal (arstechnica.com) 102

An anonymous reader shares an excerpt from a report via Ars Technica: Researchers are proposing an idea to make your computer bigger. They are suggesting an extreme and awesome form of co-processing. They want to turn your entire house into a co-processor using the local Wi-Fi signal. Why, you may be asking, do we even want to do this in the first place? The real answer is to see if we can. But the answer given to funding agencies is thermal management. In a modern processor, if all the transistors were working all the time, it would be impossible to keep the chip cool. Instead, portions of the chip are put to sleep, even if that might mean slowing up a computation. But if, like we do with video cards, we farm out a large portion of certain calculations to a separate device, we might be able to make better use of the available silicon.

So, how do you compute with Wi-Fi in your bedroom? The basic premise is that waves already perform computations as they mix with each other, it's just that those computations are random unless we make some effort to control them. When two waves overlap, we measure the combination of the two: the amplitude of one wave is added to the amplitude of the other. Depending on the history of the two waves, one may have a negative amplitude, while the other may have a positive amplitude, allowing for simple computation. The idea here is to control the path that each wave takes so that, when they're added together, they perform the exact computation that we want them to. The classic example is the Fourier transform. A Fourier transform takes an object and breaks it down into a set of waves. If these waves are added together, the object is rebuilt. You can see an example of this in the animation here.

Facebook

As Controversy Swirls, Facebook Dials Down the Swagger On Its Developer Conference (theverge.com) 26

In the recent years, Facebook has used its developer conference -- F8 -- as an opportunity to showcase the most bleeding technologies: Type with your brain. 'Hear' with your skin. And in the event of an emergency, a helicopter to the rescue with some free internet access. But that was a different time. In the recent months, the company has faced backlash for Cambridge Analytica scandal, and reportedly delayed plans to launch a Amazon Echo-like speaker. But perhaps the biggest surprise for developers came this month when Facebook deprecated APIs to limit the amount of data developers had access to -- forcing many to seriously rethink their business model as their existence revolved around access to users' data. So how does the company plan to cherish its developer ecosystem at the two-day long F8 conference starting tomorrow? The Verge reports: The bruising series of events leading up to F8 is expected to produce a more muted affair than in previous years. (Much of the event had to be reworked in recent weeks after the company began shutting down APIs, people familiar with the matter told The Verge.) On one hand, the event, which takes places Tuesday and Wednesday in San Jose, is still very much on. Facebook says it's the biggest F8 ever, with more than 50 sessions available to a record crowd of 5,000 attendees. But the company acknowledges that the event comes at a time when Facebook is radically rethinking its relationship with those developers.

[...] It remains to be see whether the company will get a warm reception from partners who have been blindsided by the changes. Justin Krause runs a startup named Pod that builds a smart calendar app for iOS. Until this month, the app integrated with Facebook to put events from the social app onto your calendar. Then, in the wake of this month's Congressional hearings, Facebook revoked Pod's access to the calendar API without warning. "They didn't announce that they were revoking this data or send errors -- they just started sending empty lists, silently," Krause said. [...] In any case, it promises to be Facebook's strangest developer conference ever -- it's the only one to be held in the midst of a massive API shutdown.

Programming

Stack Overflow Admits It Hasn't Been Welcoming To 'Newer Coders, Women, People of Color, and Others'; Outlines How It Plans To Change That (stackoverflow.blog) 618

Paul Fernhout writes: Jay Hanlon, executive vice president of culture and experience at Stack Overflow, penned a column on the company's blog last week in which he admitted the "painful truth" that "too many people experience Stack Overflow as a hostile or elitist place, especially newer coders, women, people of color, and others in marginalized groups." Hanlon, added, "our employees and community have cared about this for a long time, but we've struggled to talk about it publicly or to sufficiently prioritize it in recent years. And results matter more than intentions." The post adds: "Now, that's not because most Stack Overflow contributors are hostile jerks. The majority of them are generous and kind. Sure, a few are... just generous, I guess? But our active users regularly express their frustration that we haven't done more to make outsiders feel more welcome. The real problem isn't the community -- it's us:

We trained users to tell other users what they're doing wrong, but we didn't provide new folks with the necessary guidance to do it right. We failed to give our regular users decent tools to review content and easily find what they're looking for. We sent mixed messages over the years about whether we're a site for "experts" or for anyone who codes."

Books

New Book Describes 'Bluffing' Programmers in Silicon Valley (theguardian.com) 292

Long-time Slashdot reader Martin S. pointed us to this an excerpt from the new book Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley by Portland-based investigator reporter Corey Pein.

The author shares what he realized at a job recruitment fair seeking Java Legends, Python Badasses, Hadoop Heroes, "and other gratingly childish classifications describing various programming specialities." I wasn't the only one bluffing my way through the tech scene. Everyone was doing it, even the much-sought-after engineering talent. I was struck by how many developers were, like myself, not really programmers, but rather this, that and the other. A great number of tech ninjas were not exactly black belts when it came to the actual onerous work of computer programming. So many of the complex, discrete tasks involved in the creation of a website or an app had been automated that it was no longer necessary to possess knowledge of software mechanics. The coder's work was rarely a craft. The apps ran on an assembly line, built with "open-source", off-the-shelf components. The most important computer commands for the ninja to master were copy and paste...

[M]any programmers who had "made it" in Silicon Valley were scrambling to promote themselves from coder to "founder". There wasn't necessarily more money to be had running a startup, and the increase in status was marginal unless one's startup attracted major investment and the right kind of press coverage. It's because the programmers knew that their own ladder to prosperity was on fire and disintegrating fast. They knew that well-paid programming jobs would also soon turn to smoke and ash, as the proliferation of learn-to-code courses around the world lowered the market value of their skills, and as advances in artificial intelligence allowed for computers to take over more of the mundane work of producing software. The programmers also knew that the fastest way to win that promotion to founder was to find some new domain that hadn't yet been automated. Every tech industry campaign designed to spur investment in the Next Big Thing -- at that time, it was the "sharing economy" -- concealed a larger programme for the transformation of society, always in a direction that favoured the investor and executive classes.

"I wasn't just changing careers and jumping on the 'learn to code' bandwagon," he writes at one point. "I was being steadily indoctrinated in a specious ideology."
Java

Oracle Sets End Date for Business Java 8 Updates (infoworld.com) 85

An anonymous reader quotes InfoWorld: Further clarifying its ongoing support plans for Java SE 8, Oracle will require businesses to have a commercial license to get updates after January 2019. In an undated bulletin about the revision, Oracle said public updates for Java SE 8 released after January 2019 will not be available for business, commercial, or production use without a commercial license. However, public updates for Java SE 8 will be available for individual, personal use through at least the end of 2020.

Oracle advises enterprises to review the Oracle Java SE Support Roadmap to assess support requirements to migrate to a later release or obtain a commercial license... Oracle advises developers to review roadmaps for Java SE 8 and beyond and take appropriate action based on their application and its distribution model.

Programming

Go Programming Language Gets A New Logo and Branding (golang.org) 120

After an "extensive design process," the Go programming language has a "new look and logo," according to Google's lead for Go developer relations, product, and strategy. (Promising that this won't affect Go's gopher mascot.) Our logo follows the brand's core philosophy of simplicity over complexity... The circular shape of the letters hints at the eyes of the Go gopher, creating a familiar shape and allowing the mark and the mascot to pair well together... In addition to our brand guide we have also developed a presentation theme. This presentation theme will enable us to have a consistent representation of Go in person at meetups and conferences as well as online.

Go community members are welcome to use this theme for their own presentations. The presentations are available as Google Slides presentations. We chose Google Slides as it is easy to share and maintain updates. People are welcome to port them to keynote, PowerPoint, etc. Like this blog and all our gopher images, the slide themes are Creative Commons Attribution 3.0 licensed... The brand guide, logo and themes are copyrighted by the Go authors. The brand guide contains the guidelines for acceptable logo use.

It's been more than eight years since the language's launch, and "we wanted the Go brand to reflect where we have been and convey where we are going."
Programming

Drupal Warns of New Remote-Code Bug, the Second in Four Weeks (arstechnica.com) 50

For the second time in a month, websites that use the Drupal content management system are confronted with a stark choice: install a critical update or risk having your servers infected with ransomware or other nasties. From a report: Maintainers of the open-source CMS built on the PHP programming language released an update patching critical remote-code vulnerability on Wednesday. The bug, formally indexed as CVE-2018-7602, exists within multiple subsystems of Drupal 7.x and 8.x. Drupal maintainers didn't provide details on how the vulnerability can be exploited other than to say attacks work remotely. The maintainers rated the vulnerability "critical" and urged websites to patch it as soon as possible.

Slashdot Top Deals