Encryption

FBI Repeatedly Overstated Encryption Threat Figures To Congress, Public (techcrunch.com) 127

mi shares a report from The Washington Post (Warning: source may be paywalled; alternative source): The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000.

Over a period of seven months, FBI Director Christopher A. Wray cited the inflated figure as the most compelling evidence for the need to address what the FBI calls "Going Dark" -- the spread of encrypted software that can block investigators' access to digital data even with a court order. "The FBI's initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,'' the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.

Open Source

The Percentage of Open Source Code in Proprietary Apps is Rising (helpnetsecurity.com) 56

Zeljka Zorz, writing for Help Net Security: The number of open source components in the codebase of proprietary applications keeps rising and with it the risk of those apps being compromised by attackers leveraging vulnerabilities in them, a recent report has shown. Compiled after examining the findings from the anonymized data of over 1,100 commercial codebases audited in 2017 by the Black Duck On-Demand audit services group, the report revealed two interesting findings:

96 percent of the scanned applications contain open source components, with an average 257 components per application. The average percentage of open source in the codebases of the applications scanned grew from 36% last year to 57%, suggesting that a large number of applications now contain much more open source than proprietary code.

Open Source

Tesla Releases Some of Its Software To Comply With Open-Source Licenses (sfconservancy.org) 24

Jeremy Allison - Sam shares a blog post from Software Freedom Conservancy, congratulating Tesla on their first public step toward GPL compliance: Conservancy rarely talks publicly about specifics in its ongoing GNU General Public License (GPL) enforcement and compliance activity, in accordance with our Principles of Community Oriented GPL Enforcement. We usually keep our compliance matters confidential -- not for our own sake -- but for the sake of violators who request discretion to fix their mistakes without fear of public reprisal. We're thus glad that, this week, Tesla has acted publicly regarding its current GPL violations and has announced that they've taken their first steps toward compliance. While Tesla acknowledges that they still have more work to do, their recent actions show progress toward compliance and a commitment to getting all the way there.
Businesses

Fed Up With Apple's Policies, App Developers Form a 'Union' (wired.com) 108

Even as Apple has addressed some of the concerns outlined by iOS developers in the recent years, many say it's not enough. As the iOS App Store approaches its tenth anniversary, some app developers are still arguing for better App Store policies, ones that they say will allow them to make a better living as independent app makers. On Friday, a small group of developers, including one who recently made a feature-length film about the App Store and app culture, are forming a union to lobby for just that. From a report: In an open letter to Apple that published this morning, a group identifying themselves as The Developers Union wrote that "it's been difficult for developers to earn a living by writing software" built on Apple's existing values. The group then asked Apple to allow free trials for apps, which would give customers "the chance to experience our work for themselves, before they have to commit to making a purchase."

The grassroots effort is being lead by Jake Schumacher, the director of App: The Human Story; software developer Roger Ogden and product designer Loren Morris, who both worked for a timesheet app that was acquired last year; and Brent Simmons, a veteran developer who has made apps like NetNewsWire, MarsEdit, and Vesper, which he co-created with respected Apple blogger John Gruber.

Programming

Ask Slashdot: What's the Most Sophisticated Piece of Software Ever Written? (quora.com) 235

An anonymous reader writes: Stuxnet is the most sophisticated piece of software ever written, given the difficulty of the objective: Deny Iran's efforts to obtain weapons grade uranium without need for diplomacy or use of force, John Byrd, CEO of Gigantic Software (formerly Director of Sega and SPM at EA), argues in a blog post, which is being widely shared in developer circles, with most agreeing with Byrd's conclusion.

He writes, "It's a computer worm. The worm was written, probably, between 2005 and 2010. Because the worm is so complex and sophisticated, I can only give the most superficial outline of what it does. This worm exists first on a USB drive. Someone could just find that USB drive laying around, or get it in the mail, and wonder what was on it. When that USB drive is inserted into a Windows PC, without the user knowing it, that worm will quietly run itself, and copy itself to that PC. It has at least three ways of trying to get itself to run. If one way doesn't work, it tries another. At least two of these methods to launch itself were completely new then, and both of them used two independent, secret bugs in Windows that no one else knew about, until this worm came along."

"Once the worm runs itself on a PC, it tries to get administrator access on that PC. It doesn't mind if there's antivirus software installed -- the worm can sneak around most antivirus software. Then, based on the version of Windows it's running on, the worm will try one of two previously unknown methods of getting that administrator access on that PC. Until this worm was released, no one knew about these secret bugs in Windows either. At this point, the worm is now able to cover its tracks by getting underneath the operating system, so that no antivirus software can detect that it exists. It binds itself secretly to that PC, so that even if you look on the disk for where the worm should be, you will see nothing. This worm hides so well, that the worm ran around the Internet for over a year without any security company in the world recognizing that it even existed."
What do Slashdot readers think?
Education

Carnegie Mellon Launches Undergraduate Degree In AI (cmu.edu) 76

Earlier this week, Carnegie Mellon University announced plans to offer an undergrad degree in artificial intelligence. The news may be especially attractive for students given how much tech giants have been ramping up their AI efforts in the recent years, and how U.S. News & World Report ranked Carnegie Mellon University as the No. 1 graduate school for AI. An anonymous reader shares the announcement with us: Carnegie Mellon University's School of Computer Science will offer a new undergraduate degree in artificial intelligence beginning this fall, providing students with in-depth knowledge of how to transform large amounts of data into actionable decisions. SCS has created the new AI degree, the first offered by a U.S. university, in response to extraordinary technical breakthroughs in AI and the growing demand by students and employers for training that prepares people for careers in AI.

The bachelor's degree program in computer science teaches students to think broadly about methods that can accomplish a wide variety of tasks across many disciplines, said Reid Simmons, research professor of robotics and computer science and director of the new AI degree program. The bachelor's degree in AI will focus more on how complex inputs -- such as vision, language and huge databases -- are used to make decisions or enhance human capabilities, he added. AI majors will receive the same solid grounding in computer science and math courses as other computer science students. In addition, they will have additional course work in AI-related subjects such as statistics and probability, computational modeling, machine learning, and symbolic computation. Simmons said the program also would include a strong emphasis on ethics and social responsibility. This will include independent study opportunities in using AI for social good, such as improving transportation, health care or education.

GNU is Not Unix

Richard Stallman Demands Return Of Abortion Joke To libc Documentation (theregister.co.uk) 522

An anonymous reader quotes The Register: Late last month, open-source contributor Raymond Nicholson proposed a change to the manual for glibc, the GNU implementation of the C programming language's standard library, to remove "the abortion joke," which accompanied the explanation of libc's abort() function... The joke, which has been around since the 1990s and is referred to as a censorship joke by those supporting its inclusion, reads as follows:

25.7.4 Aborting a Program... Future Change Warning: Proposed Federal censorship regulations may prohibit us from giving you information about the possibility of calling this function. We would be required to say that this is not an acceptable way of terminating a program.

On April 30, the proposed change was made, removing the passage from the documentation. That didn't sit well with a number of people involved in the glibc project, including the joke's author, none other than Free Software Foundation president and firebrand Richard Stallman, who argued that the removal of the joke qualified as censorship... Carlos O'Donnell, a senior software engineer at Red Hat, recommended avoiding jokes altogether, a position supported by many of those weighing in on the issue. Among those voicing opinions, a majority appears to favor removal.

But in a post to the project mailing list, Stallman wrote "Please do not remove it. GNU is not a purely technical project, so the fact that this is not strictly and grimly technical is not a reason to remove this." He added later that "I exercise my authority over glibc very rarely -- and when I have done so, I have talked with the official maintainers. So rarely that some of you thought that you are entirely autonomous. But that is not the case. On this particular question, I made a decision long ago and stated it where all of you could see it."

The Register reports that "On Monday, the joke was restored by project contributor Alexandre Oliva, having taken Stallman's demand as approval to do so."
Programming

Microsoft Adds Support For JavaScript Functions in Excel (bleepingcomputer.com) 171

An anonymous reader shares a report: At the Build 2018 developer conference that's taking place these days in Seattle, USA, Microsoft announced support for custom JavaScript functions in Excel. What this means is that Excel users will be able to use JavaScript code to create a custom Excel formula that will appear in Excel's default formula database. Users will then be able to insert and call these formulas from within Excel spreadsheets, but have a JavaScript interpreter compute the spreadsheet data instead of Excel's native engine. "Office developers have been wanting to write JavaScript custom functions for many reasons," Microsoft says, "such as: (1) Calculate math operations, like whether a number is prime. (2) Bring information from the web, like a bank account balance. (3) Stream live data, like a stock price."
Microsoft

Microsoft Hopes Money Will Entice More Developers (engadget.com) 134

At Build conference, Microsoft announced that starting later this year, all consumer apps (except games) sold in the Microsoft Store will ship a whopping 95 percent of the revenue earned from app and in-app purchases to the developer. From a report: That is, if the customer purchases the app via a deep or direct link. If the customer gets your app via a Microsoft-assisted method, like getting featured on the Microsoft Store, then devs will get 85 percent of the revenue, which is still a pretty good amount.
GNU is Not Unix

GCC 8.1 Compiler Introduces Initial C++20 Support (gnu.org) 90

"Are you tired of your existing compilers? Want fresh new language features and better optimizations?" asks an announcement on the GCC mailing list touting "a major release containing substantial new functionality not available in GCC 7.x or previous GCC releases."

An anonymous reader writes: GNU has released the GCC 8.1 compiler with initial support for the C++20 (C++2A) revision of C++ currently under development. This annual update to the GNU Compiler Collection also comes with many other new features/improvements including but not limited to new ARM CPU support, support for next-generation Intel CPUs, AMD HSA IL, and initial work on Fortran 2018 support.
Businesses

'Biology Will Be the Next Big Computing Platform' (wired.com) 70

An anonymous reader writes: "Amazon, but for Crispr." It's a notion that may sound far-fetched -- but it's exactly what Synthego, a Silicon Valley biotech startup, wants to be. Synthego's first product let scientists order a custom Crispr kit and have it delivered within a week; in the next few weeks, the startup will add custom Crispr'd human cell lines to its on-demand offerings, which will help scientists working on potentially life-saving medicines. Crispr, as this WIRED guide explains, "is a new class of molecular tools that scientists can use to precisely target and cut any kind of genetic material." It's revolutionizing biology -- but neither of Synthego's founders is a biologist. Turns out, in the ever-expanding industry around genome engineering, that's hardly a disqualifier.

Across the country, companies are trying to snag a seat on the fast-moving Crispr train. There's Inscripta, which is gunning to be the Apple of gene-editing by building the biological equivalent of the personal computer. In theory, that hardware will make gene editing as easy as pushing a button. And then there's Twist Biosciences, which can print out a powerful Crispr guide (the tool that identifies the bits of genetic code a scientist is hoping to target) on a single semiconductor chip -- the Intel of genome engineering, if you will. As Megan Molteni writes, "all these analogies to the computing industry are more than just wordplay." Rather, they offer a language for understanding the complex world of Crispr. "Crispr is making biology more programmable than ever before," Molteni writes. "And the biotech execs staking their claims in Crispr's backend systems have read their Silicon Valley history. They're betting biology will be the next great computing platform, DNA will be the code that runs it, and Crispr will be the programming language."

China

China's Bungled Drone Display Breaks World Record (bbc.com) 67

Chinese company EHang has broken the Guinness World Record for the most drones flown simultaneously, despite them failing to coordinate for a light show. The company programmed a fleet of 1,374 drones to fly in set patterns, "but failed to spell out the date and the record-setting number of drones," reports the BBC. From the report: The South China Morning Post called the event an "epic fail." The record was previously held by U.S. technology company Intel, which flew 1,218 aircraft at the 2018 Pyeongchang Winter Olympic Games in February. Intel's show was pre-recorded before being aired during the opening ceremony, due to "possible freezing weather and strong winds." According to the South China Morning Post, EHang was paid 10.5 million yuan ($1.65 million) for the Labor Day performance in the north-western city of Xi'an. You can watch a video of the drone display here.
Programming

One Of LLVM's Top Contributors Quits Development Over Code of Conduct, Outreach Program (phoronix.com) 1235

Rafael Avila de Espindola is the fifth most active contributor to LLVM with more than 4,300 commits since 2006, but now he has decided to part ways with the project. From a report: Rafael posted a rather lengthy mailing list message to fellow LLVM developers today entitled I am leaving llvm. He says the reason for abandoning LLVM development after 12 years is due to changes in the community. In particular, the "social injustice" brought on the organization's new LLVM Code of Conduct and its decision to participate in this year's Outreachy program to encourage women and other minority groups to get involved with free software development. "I am definitely sad to lose Rafael from the LLVM project, but it is critical to the long term health of the project that we preserve an inclusive community. I applaud Rafael for standing by his personal principles, this must have been a hard decision," Chris Lattner, tweeted Thursday.
Wireless Networking

Researchers Want To Turn Your Entire House Into a Co-Processor Using the Local Wi-Fi Signal (arstechnica.com) 102

An anonymous reader shares an excerpt from a report via Ars Technica: Researchers are proposing an idea to make your computer bigger. They are suggesting an extreme and awesome form of co-processing. They want to turn your entire house into a co-processor using the local Wi-Fi signal. Why, you may be asking, do we even want to do this in the first place? The real answer is to see if we can. But the answer given to funding agencies is thermal management. In a modern processor, if all the transistors were working all the time, it would be impossible to keep the chip cool. Instead, portions of the chip are put to sleep, even if that might mean slowing up a computation. But if, like we do with video cards, we farm out a large portion of certain calculations to a separate device, we might be able to make better use of the available silicon.

So, how do you compute with Wi-Fi in your bedroom? The basic premise is that waves already perform computations as they mix with each other, it's just that those computations are random unless we make some effort to control them. When two waves overlap, we measure the combination of the two: the amplitude of one wave is added to the amplitude of the other. Depending on the history of the two waves, one may have a negative amplitude, while the other may have a positive amplitude, allowing for simple computation. The idea here is to control the path that each wave takes so that, when they're added together, they perform the exact computation that we want them to. The classic example is the Fourier transform. A Fourier transform takes an object and breaks it down into a set of waves. If these waves are added together, the object is rebuilt. You can see an example of this in the animation here.

Programming

Stack Overflow Admits It Hasn't Been Welcoming To 'Newer Coders, Women, People of Color, and Others'; Outlines How It Plans To Change That (stackoverflow.blog) 618

Paul Fernhout writes: Jay Hanlon, executive vice president of culture and experience at Stack Overflow, penned a column on the company's blog last week in which he admitted the "painful truth" that "too many people experience Stack Overflow as a hostile or elitist place, especially newer coders, women, people of color, and others in marginalized groups." Hanlon, added, "our employees and community have cared about this for a long time, but we've struggled to talk about it publicly or to sufficiently prioritize it in recent years. And results matter more than intentions." The post adds: "Now, that's not because most Stack Overflow contributors are hostile jerks. The majority of them are generous and kind. Sure, a few are... just generous, I guess? But our active users regularly express their frustration that we haven't done more to make outsiders feel more welcome. The real problem isn't the community -- it's us:

We trained users to tell other users what they're doing wrong, but we didn't provide new folks with the necessary guidance to do it right. We failed to give our regular users decent tools to review content and easily find what they're looking for. We sent mixed messages over the years about whether we're a site for "experts" or for anyone who codes."

Books

New Book Describes 'Bluffing' Programmers in Silicon Valley (theguardian.com) 292

Long-time Slashdot reader Martin S. pointed us to this an excerpt from the new book Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley by Portland-based investigator reporter Corey Pein.

The author shares what he realized at a job recruitment fair seeking Java Legends, Python Badasses, Hadoop Heroes, "and other gratingly childish classifications describing various programming specialities." I wasn't the only one bluffing my way through the tech scene. Everyone was doing it, even the much-sought-after engineering talent. I was struck by how many developers were, like myself, not really programmers, but rather this, that and the other. A great number of tech ninjas were not exactly black belts when it came to the actual onerous work of computer programming. So many of the complex, discrete tasks involved in the creation of a website or an app had been automated that it was no longer necessary to possess knowledge of software mechanics. The coder's work was rarely a craft. The apps ran on an assembly line, built with "open-source", off-the-shelf components. The most important computer commands for the ninja to master were copy and paste...

[M]any programmers who had "made it" in Silicon Valley were scrambling to promote themselves from coder to "founder". There wasn't necessarily more money to be had running a startup, and the increase in status was marginal unless one's startup attracted major investment and the right kind of press coverage. It's because the programmers knew that their own ladder to prosperity was on fire and disintegrating fast. They knew that well-paid programming jobs would also soon turn to smoke and ash, as the proliferation of learn-to-code courses around the world lowered the market value of their skills, and as advances in artificial intelligence allowed for computers to take over more of the mundane work of producing software. The programmers also knew that the fastest way to win that promotion to founder was to find some new domain that hadn't yet been automated. Every tech industry campaign designed to spur investment in the Next Big Thing -- at that time, it was the "sharing economy" -- concealed a larger programme for the transformation of society, always in a direction that favoured the investor and executive classes.

"I wasn't just changing careers and jumping on the 'learn to code' bandwagon," he writes at one point. "I was being steadily indoctrinated in a specious ideology."
Programming

Go Programming Language Gets A New Logo and Branding (golang.org) 120

After an "extensive design process," the Go programming language has a "new look and logo," according to Google's lead for Go developer relations, product, and strategy. (Promising that this won't affect Go's gopher mascot.) Our logo follows the brand's core philosophy of simplicity over complexity... The circular shape of the letters hints at the eyes of the Go gopher, creating a familiar shape and allowing the mark and the mascot to pair well together... In addition to our brand guide we have also developed a presentation theme. This presentation theme will enable us to have a consistent representation of Go in person at meetups and conferences as well as online.

Go community members are welcome to use this theme for their own presentations. The presentations are available as Google Slides presentations. We chose Google Slides as it is easy to share and maintain updates. People are welcome to port them to keynote, PowerPoint, etc. Like this blog and all our gopher images, the slide themes are Creative Commons Attribution 3.0 licensed... The brand guide, logo and themes are copyrighted by the Go authors. The brand guide contains the guidelines for acceptable logo use.

It's been more than eight years since the language's launch, and "we wanted the Go brand to reflect where we have been and convey where we are going."
AI

Tesla Autopilot Crisis Deepens With Loss of Third Autopilot Boss In 18 Months (arstechnica.com) 173

An anonymous reader quotes a report from Ars Technica: It is no secret that Tesla's Autopilot project is struggling. Last summer, we covered a report that Tesla was bleeding talent from its Autopilot division. Tesla Autopilot head Sterling Anderson quit Tesla at the end of 2016. His replacement was Chris Lattner, who had previously created the Swift programming language at Apple. But Lattner only lasted six months before departing last June. Now Lattner's replacement, Jim Keller, is leaving Tesla as well.

Keller was a well-known chip designer at AMD before he was recruited to lead Tesla's hardware engineering efforts for Autopilot in 2016. Keller has been working to develop custom silicon for Autopilot, potentially replacing the Nvidia chips being used in today's Tesla vehicles. When Lattner left Tesla last June, Keller was given broader authority over the Autopilot program as a whole. Keller's departure comes just weeks after the death of Walter Huang, a driver whose Model X vehicle slammed into a concrete lane divider in Mountain View, California. Tesla has said Autopilot was engaged at the time of the crash. Tesla has since gotten into public feuds with both Huang's family and the National Transportation Safety Board, the federal agency investigating the crash.
"Today is Jim Keller's last day at Tesla, where he has overseen low-voltage hardware, Autopilot software and infotainment," Tesla said in a statement to Electrek. "Prior to joining Tesla, Jim's core passion was microprocessor engineering, and he's now joining a company where he'll be able to once again focus on this exclusively."
Programming

Drupal Warns of New Remote-Code Bug, the Second in Four Weeks (arstechnica.com) 50

For the second time in a month, websites that use the Drupal content management system are confronted with a stark choice: install a critical update or risk having your servers infected with ransomware or other nasties. From a report: Maintainers of the open-source CMS built on the PHP programming language released an update patching critical remote-code vulnerability on Wednesday. The bug, formally indexed as CVE-2018-7602, exists within multiple subsystems of Drupal 7.x and 8.x. Drupal maintainers didn't provide details on how the vulnerability can be exploited other than to say attacks work remotely. The maintainers rated the vulnerability "critical" and urged websites to patch it as soon as possible.
Programming

GitHub Launches Bot-Powered Learning Lab for New Developers (venturebeat.com) 9

An anonymous reader quotes VentureBeat: GitHub is launching a new bot-powered learning lab to help budding developers get up to speed on all things GitHub... The GitHub Learning Lab, which officially launched Thursday, builds on GitHub's prior history of training people, except this time GitHub is using bots to expedite the learning process. There is no videoconferencing or webcasts here. "After training thousands of people to use Git and GitHub, the GitHub Training Team has established a tried-and-true method for helping new developers retain more information and ramp up quickly as they begin their software journeys," the company said in a blog post. "And now, we're making those experiences accessible to developers everywhere with GitHub Learning Lab."

The bot helps users work through issues in a repository environment, passing comment on any work that you do while checking over pull requests -- notifications of changes you've made -- in a similar fashion to how a human project lead might do. If the bot isn't able to help with a specific question you have, there are humans on hand too via the GitHub Learning Lab forum, which includes outside experts and members of GitHub's in-house training team.

Slashdot Top Deals