Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Canada

Canada's Top Mountie Issues Blistering Memo On IT Failures (www.cbc.ca) 108

Reader Freshly Exhumed writes: RCMP Commissioner Bob Paulson has levelled a blistering memo obtained by the CBC on how critical IT failures have increased by 129 per cent since Shared Services Canada took over tech support for the entire government five years ago. Not only that, the memo says, the duration of each outage has increased by 98 per cent. "Its 'one size fits all' IT shared services model has negatively impacted police operations, public and officer safety and the integrity of the criminal justice system," reads the memo. A list of specific incidents includes an 11-hour network computer outage on Jan. 18 that downed every Mountie's BlackBerry, affected dispatching, and prevented the RCMP and 240 other police forces from accessing the Canadian Police Information Centre database.
Government

Security Lapse Exposed New York Airport's Critical Servers For a Year (zdnet.com) 45

An anonymous reader quotes a report from ZDNet: A security lapse at a New York international airport left its server backups exposed on the open internet for almost a year, ZDNet has found. The internet-connected storage drive contained several backup images of servers used by Stewart International Airport, but neither the backup drive nor the disk images were password protected, allowing anyone to access their contents. Since April last year, the airport had been inadvertently leaking its own highly-sensitive files as a result of the drive's misconfiguration. Vickery, who also posted an analysis of his findings, said the drive "was, in essence, acting as a public web server" because the airport was backing up unprotected copies of its systems to a Buffalo-branded drive, installed by a contract third-party IT specialist. When contacted Thursday, the contractor dismissed the claims and would not comment further. Though the listing still appears on Shodan, the search engine for unprotected devices and databases, the drive has since been secured. The files contained eleven disk images, accounting for hundreds of gigabytes of files and folders, which when mounted included dozens of airport staff email accounts, sensitive human resources files, interoffice memos, payroll data, and what appears to be a large financial tracking database. Many of the files we reviewed include "confidential" internal airport documents, which contain schematics and details of other core infrastructure.
Microsoft

Microsoft Creates Skype Lite Especially For India (cnet.com) 45

There's a new Skype app in town, and it is made just for India. According to a report on CNET: Microsoft is the latest US tech giant to help keep Indians connected. Skype Lite is a new version of the company's popular video and voice-calling app that's "built in India." Skype Lite functions much like its big brother Skype, but it's designed to work well on low-speed, 2G networks, which are still prevalent in India and many developing nations. It uses less data and battery power than the fully fledged app, and at 13MB it's around a third of the download size. Skype Lite, available for Android, also uses India's controversial Aadhaar biometric authentication.
AI

Microsoft Research Developing An AI To Put Coders Out of a Job (mspoweruser.com) 337

jmcbain writes: Are you a software programmer who voted in a recent Slashdot poll that a robot/AI would never take your job? Unfortunately, you're wrong. Microsoft, in collaboration with the University of Cambridge, is developing such an AI. This software "can turn your descriptions into working code in seconds," reports MSPoweruser. "Called DeepCoder, the software can take requirements by the developer, search through a massive database of code snippets and deliver working code in seconds, a significant advance in the state of the art in program synthesis." New Scientist describes program synthesis as "creating new programs by piecing together lines of code taken from existing software -- just like a programmer might. Given a list of inputs and outputs for each code fragment, DeepCoder learned which pieces of code were needed to achieve the desired result overall." The original research paper can be read here.
The Courts

SAP License Fees Also Due For Indirect Users, Court Rules (networkworld.com) 123

SAP's licensing fees "apply even to related applications that only offer users indirect visibility of SAP data," according to a Thursday ruling by a U.K. judge. Slashdot reader ahbond quotes Network World: The consequences could be far-reaching for businesses that have integrated their customer-facing systems with an SAP database, potentially leaving them liable for license fees for every customer that accesses their online store. "If any SAP systems are being indirectly triggered, even if incidentally, and from anywhere in the world, then there are uncategorized and unpriced costs stacking up in the background," warned Robin Fry, a director at software licensing consultancy Cerno Professional Services, who has been following the case...

What's in dispute was whether the SAP PI license fee alone is sufficient to allow Diageo's sales staff and customers to access the SAP data store via the Salesforce apps, or whether, as SAP claims, those staff and customers had to be named as users and a corresponding license fee paid. On Thursday, the judge sided with SAP on that question.

Open Source

MariaDB Fixes Business Source License, Releases MaxScale 2.1 (perens.com) 17

Creator of The Open Source Definition and longtime Slashdot reader Bruce Perens writes: MariaDB is releasing MaxScale 2.1, a new version of their database routing proxy, and has modified its timed-transition-to-Open-Source "Business Source License" to make it more acceptable to the Open Source community and more easily usable by other companies. I've blogged the issues I had with the license and how MariaDB has fixed them, and Kaj Arno has blogged the MariaDB side of the story. Here's an excerpt from Perens' blog post: "The BSL is a parameterized license. The licensor chooses the license which is transitioned to, the date of the transition, and the limitation. The problem with this is that it was so parameterized that if you told someone the license was 'BSL 1.0,' they would not have any idea what license they really had. It might transition to any of 100 Open Source licenses, or to a non-Open-Source license. The transition might happen in a month, or next century. The limitation might be that you could only have three commercial servers, or that you indentured your firstborn son (OK, that's going overboard, but you get the picture)." He continues, "So, I didn't like that 'BSL' didn't really say what the license did, and I didn't feel that was the best thing for the users or the community. I asked MariaDB to fix it. Together we have arrived at constraints on the parameters and minimum privileges that will take the new BSL much closer to being one license while still allowing licensors some latitude to choose parameters."
Databases

Story Of a Country Which Has Built a Centralized Biometrics Database Of 1.1B People But Appears To Be Mishandling It Now (mashable.com) 60

In a bid to get more Indians to have a birth certificate or any sort of ID card, India announced Aadhaar project in 2009. At the time, there were more Indians without these ID cards than those with. As a result of this, much of the government funding for the citizens were disappearing before they could see them. But according to several security experts, lawyers, politicians and journalists, the government is using poor security practices, and this is exposing the biometrics data -- photo, name, address, fingerprint, iris info -- of people at risk. More than 1.1 billion people -- and 99 percent of all adults -- in India have enrolled themselves to the system. From a report: "There are two fundamental flaws in Aadhaar: it is poorly designed, and it is being poorly verified," Member of Parliament and privacy advocate, Rajeev Chandrasekhar told Mashable India. Another issue with Aadhaar is, Chandrasekhar explains, there is no firm legislation to safeguard the privacy and rights of the billion people who have enrolled into the system. There's little a person whose Aadhaar data has been compromised could do. [...] "Aadhaar is remote, covert, and non-consensual," he told Mashable India, adding the existence of a central database of any kind, but especially in the context of the Aadhaar, and at the scale it is working is appalling. Abraham said fingerprint and iris data of a person can be stolen with little effort -- a "gummy bear" which sells for a few cents, can store one's fingerprint, while a high-resolution camera can capture one's iris data. The report goes on to say that the Indian government is also not telling how the data is being shared with private companies. Experts cited in the story have expressed concerns that those companies (some of which are run by people who were previously members of the team which designed the framework of Aadhaar) can store and create a parallel database of their own. On top of that, the government is making Aadhaar mandatory for availing several things including registration for nation-wide examinations, but in the beginning it promised Aadhaar will be used only to help poor get grocery at subsidized prices.
Microsoft

Microsoft's Open-Source Graph Engine Takes On Neo4j (infoworld.com) 17

An anonymous reader quotes a report from InfoWorld: Sometimes the relationships between the data you've gathered are more important than the data itself. That's when a graph processing system comes in handy. It's an important but often poorly understood method for exploring how items in a data set are interrelated. Microsoft's been exploring this area since at least 2013, when it published a paper describing the Trinity project, a cloud-based, in-memory graph engine. The fruits of the effort, known as the Microsoft Graph Engine, are now available as an MIT-licensed open source project as an alternative to the likes of Neo4j or the Linux Foundation's recently announced JanusGraph. Microsoft calls Graph Engine (GE) as "both a RAM store and a computation engine." Data can be inserted into GE and retrieved at high speed since it's kept in-memory and only written back to disk as needed. It can work as a simple key-value store like Memcached, but Redis may be the better comparison, since GE stores data in strongly typed schemas (string, integer, and so on). How does all this shape up against the leading open source graph database, Neo4j? For one, Neo4j has been in the market longer and has an existing user base. It's also available in both an open source community edition and a commercial product, whereas GE is only an open source project right now.
Government

Face Recognition + Mandatory Police Body Cameras = Mass Surveillance? (siliconvalley.com) 110

Facial recognition software is already in use, and it has privacy advocates worried. An anonymous reader quotes the Bay Area Newsgroup. Southern California-based FaceFirst sells its facial recognition technology to retail stores, which use it to identify shoplifters who have been banned from the store, and alert management if they return. Corporate offices and banks also use the software to recognize people who are wanted by police... Several local law enforcement agencies have expressed interest in the technology, but so far none have had the budget for it. FaceFirst sells software police officers can install on their smartphones and use to identify people in the field from up to 12 feet away.

Some privacy experts worry facial recognition technology will show up next in police body cameras, with potentially dangerous consequences... The problem, say privacy advocates, is that all kinds of people come into contact with police, including many who are never suspected of any crimes. So lots of innocent people could be caught up in a police database fed by face-recognizing body cameras. The body cameras could turn into a "massive mobile surveillance network," said Jeramie Scott, national security counsel for the Electronic Privacy Information Center.

One-third of America's police departments use body cameras. (And just in San Jose, there's already 450 neighborhood cameras that have also agreed to share their footage for police investigations.) The new technologies concern the ACLU's policy director for technology and civil liberties. "You have very powerful systems being purchased, most often in secret, with little-to-no public debate and no process in place to make sure that there are policies in place to safeguard community members."
Programming

GitHub Commits Reveal The Top 'Weekend Programming' Languages (medium.com) 149

An anonymous reader writes: Google "developer advocate" Felipe Hoffa has determined the top "weekend programming languages," those which see the biggest spike in commit activity on the weekends. "Clearly 2016 was a year dedicated to play with functional languages, up and coming paradigms, and scripting 3d worlds," he writes, revealing that the top weekend programming languages are:

Rust, Glsl, D, Haskell, Common Lisp, Kicad, Emacs Lisp, Lua, Scheme, Julia, Elm, Eagle, Racket, Dart, Nsis, Clojure, Kotlin, Elixir, F#, Ocaml

Earlier this week another data scientist calculated ended up with an entirely different list by counting the frequency of each language's tag in StackOverflow questions. But Hoffa's analysis was performed using Google's BigQuery web service, and he's also compiled a list of 2016's least popular weekend languages -- the ones people seem to prefer using at the office rather than in their own free time.

Nginx, Matlab, Processing, Vue, Fortran, Visual Basic, Objective-C++, Plsql, Plpgsql, Web Ontology Language, Smarty, Groovy, Batchfile, Objective-C, Powershell, Xslt, Cucumber, Hcl, Puppet, Gcc Machine Description

What's most interesting is the changes over time. In the last year Perl has become more popular than Java, PHP, and ASP as a weekend programming language. And Rust "used to be a weekday language," Hoffa writes, but it soon also grew more popular for Saturdays and Sunday. Meanwhile, "The more popular Go grows, the more it settles as a weekday language," while Puppet "is the champion of weekday coders." Ruby on the other hand, is "slowly leaving the week and embracing the weekend."

Hoffa is also a long-time Slashdot reader who analyzed one billion files on GitHub last summer to determine whether they'd been indented with spaces or tabs. But does this new list resonate with anybody? What languages are you using for your weekend coding projects?
Education

Pioneering Data Genius Hans Rosling Passes Away At Age 68 (bbc.com) 53

An anonymous reader writes: On Tuesday, Sweden's prime minister tweeted that Hans Rosling "made human progress across our world come alive for millions," and the public educator will probably best be remembered as the man who could condense 200 years of global history into four minutes. He was a geek's geek, a former professor of global health who "dropped out" because he wanted to help start a nonprofit about data. Specifically, it urged data-based decisions for global development policy, and the Gapminder foundation created the massive Trendalyzer tool which let users build their own data visualizations. Eventually they handed off the tool to Google who used it with open-source scientific datasets. The BBC describes Rosling as a "public educator" with a belief that facts "could correct 'global ignorance' about the reality of the world, which 'has never been less bad.'" Rosling's TED talks include "The Best Data You've Never Seen" and "How Not To Be Ignorant About The World," and in 2015 he also gave a talk titled "How to Beat Ebola." Hans Rosling died Tuesday at age 68.
Facebook

DC Inauguration Protestors Are Being Hit With Facebook Data Searches (citylab.com) 341

During the protests over the inauguration of Donald Trump, more than 230 protestors were arrested -- many of which were charged with rioting and had their phones seized by Washington, D.C., police. One of the individuals who was arrested received an email from Facebook's "Law Enforcement Response Team," which raises the question: Did D.C. police ask Facebook to reveal information about this arrestee? CityLab reports: In an emailed response to CityLab's request for more information, Rachel Reid, a spokesperson for the D.C. Metropolitan Police Department, responded that "MPD does not comment on investigative tactics." The District of Columbia United States Attorney's Office -- the agency leading the prosecution of Inauguration protesters -- has not yet responded to CityLab's inquiry. CityLab also asked Facebook about the email. "We don't comment on individual requests," company spokesperson Jay Nancarrow said. He referred CityLab to the site's law enforcement guidelines page and to its Government Requests Report database, where the public can see how many legal processes it receives from countries worldwide. According to this database, U.S. law enforcement requested information on the accounts of 38,951 users over January to June of 2016, and they received some type of data in 80 percent of cases. Which "legal process" authorities sent to Facebook for information on the protester matters considerably in terms of how much data they can seize for investigation. According to Facebook's legal guidelines, a search warrant, for example, could allow Facebook to give away content data including "messages, photos, videos, timeline posts, and location information." A subpoena or a court order would give authorities less information, but would still include the individual's "name, length of service, credit card information, email address(es), and a recent login/logout IP address(es)."
Cloud

RethinkDB Gets Acquired By the Cloud Native Compute Foundation; Joins the Linux Foundation (techcrunch.com) 21

An anonymous reader writes:The Cloud Native Compute Foundation (CNCF) today announced that it has acquired the RethinkDB copyright and assets, including its code, and contributed it to The Linux Foundation. RethinkDB, which had raised about $12.2 million in venture capital for its open-source database, went out of business in October 2016. The CNCF says it paid $25,000 to complete this transaction. The code will now be available under the Apache license.
DRM

DRM Company Denuvo Forgets To Secure Its Server, Leaks Two Years Of Emails (torrentfreak.com) 77

Denuvo "left several private directories on its website open to the public," TorrentFreak wrote Sunday, calling it "an embarrassing blunder" for the digital rights management company. "Members of the cracking community are downloading and scrutinizing the contents," the site reports, with one of the finds being an 11-megabyte text file which apparently contains every message sent through Denuvo's web site since 2014. An anonymous reader writes: There's a message from Google's security team, one from Capcom Japan, and "dozens of emails from angry pirates, each looking to vent their anger," according to TorrentFreak. Ars Technica reports that there's also a 2015 message from Microsoft about "an upcoming initiative," as well as messages several game studios, and even one from the producers of Mavis Beacon Teaches Typing. "Combing the log file brings up countless spam messages, along with complaints, confused 'why won't this game work' queries from apparent pirates, and even threats (an example: 'for what you did to arkham knight I will find you and I will kill you and all of your loved ones, this I promise you CEO of this SHIT drm')."

"Since Denuvo's contact page does not contain a link to a private e-mail address -- only a contact form and a phone number to the company's Austrian headquarters -- the form appears to also have been used by many game developers and publishers." And in addition, "much of Denuvo's web database content appears to be entirely unsecured, with root directories for 'fileadmin' and 'logs' sitting in the open right now."

In addition, there's also a slideshow -- which has since been uploaded to Imgur -- bragging that "With over 300 man years of development experience among us, we clearly know what we're doing."
Open Source

How Open Sourcing Made Apache Kafka A Dominant Streaming Platform (techrepublic.com) 48

Open sourced in 2010, the Apache Kafka distributed streaming platform is now used at more than a third of Fortune 500 companies (as well as seven of the world's top 10 banks). An anonymous reader writes: Co-creator Neha Narkhede says "We saw the need for a distributed architecture with microservices that we could scale quickly and robustly. The legacy systems couldn't help us anymore." In a new interview with TechRepublic, Narkhede explains that while working at LinkedIn, "We had the vision of building the entire company's business logic as stream processors that express transformations on streams of data... [T]hough Kafka started off as a very scalable messaging system, it grew to complete our vision of being a distributed streaming platform."

Narkhede became the CTO and co-founder of Confluent, which supports enterprise installations of Kafka, and now says that being open source "helps you build a pipeline for your product and reduce the cost of sales... [T]he developer is the new decision maker. If the product experience is tailored to ensure that the developers are successful and the technology plays a critical role in your business, you have the foundational pieces of building a growing and profitable business around an open-source technology... Kafka is used as the source-of-truth pipeline carrying critical data that businesses rely on for real-time decision-making."

Security

Anonymous Takes Down 10,613 Dark Web Portals (bleepingcomputer.com) 120

An anonymous reader writes: Anonymous hackers have breached Freedom Hosting II, a popular Dark Web hosting provider, and have taken down 10,613 .onion sites. In a message left on all Freedom Hosting II sites, the hackers claim to have found massive troves of child pornography imagery hosted on the company's servers. The hackers dumped 74GB of server files (half of which they say contained child pornography) and a database dump of 2.3GB. Security researcher Chris Monteiro has analyzed some of the dumped data. He says he discovered .onion URLs hosting botnets, fraud sites, sites peddling hacked data, weird fetish portals, more weird stuff, and child abuse websites targeting both English- and Russian-speaking buyers. Freedom Hosting II hosts about a fifth of all .onion URLs. The first Freedom Hosting service was targeted by Anonymous in 2011 and eventually shut down in 2013 after the FBI also found child pornography hosted on its sites.
Communications

IMDb Is Shutting Down Its Long-Running, Popular Message Boards After 16 Years (polygon.com) 168

An anonymous reader quotes a report from Polygon: After 16 years, IMDb's message boards and the ability to privately message other users is shutting down, with many members of the community openly mourning the loss of the section. IMDb, which stands from the Internet Movie Database, is one of the world's biggest databases for film and television. According to the company, there is information on more than 4.1 million titles and 7.7 million personalities available on the site as of January 2017. The message board, which was introduced in 2001, reportedly remains one of the most used services on the website, but despite that, the company is getting ready to shut it down, citing a desire to foster a positive environment and serve its audience the best way it can. "After in-depth discussion and examination, we have concluded that IMDb's message boards are no longer providing a positive, useful experience for the vast majority of our more than 250 million monthly users worldwide," a statement on the site reads. "The decision to retire a long-standing feature was made only after careful consideration and was based on data and traffic. Because IMDb's message boards continue to be utilized by a small but passionate community of IMDb users, we announced our decision to disable our message boards on February 3, 2017 but will leave them open for two additional weeks so that users will have ample time to archive any message board content they'd like to keep for personal use. During this two-week transition period, which concludes on February 19, 2017, IMDb message board users can exchange contact information with any other board users they would like to remain in communication with (since once we shut down the IMDb message boards, users will no longer be able to send personal messages to one another)."
Data Storage

GitLab.com Melts Down After Wrong Directory Deleted, Backups Fail (theregister.co.uk) 356

An anonymous reader quotes a report from The Register: Source-code hub Gitlab.com is in meltdown after experiencing data loss as a result of what it has suddenly discovered are ineffectual backups. On Tuesday evening, Pacific Time, the startup issued the sobering series of tweets, starting with "We are performing emergency database maintenance, GitLab.com will be taken offline" and ending with "We accidentally deleted production data and might have to restore from backup. Google Doc with live notes [link]." Behind the scenes, a tired sysadmin, working late at night in the Netherlands, had accidentally deleted a directory on the wrong server during a frustrating database replication process: he wiped a folder containing 300GB of live production data that was due to be replicated. Just 4.5GB remained by the time he canceled the rm -rf command. The last potentially viable backup was taken six hours beforehand. That Google Doc mentioned in the last tweet notes: "This incident affected the database (including issues and merge requests) but not the git repos (repositories and wikis)." So some solace there for users because not all is lost. But the document concludes with the following: "So in other words, out of 5 backup/replication techniques deployed none are working reliably or set up in the first place." At the time of writing, GitLab says it has no estimated restore time but is working to restore from a staging server that may be "without webhooks" but is "the only available snapshot." That source is six hours old, so there will be some data loss.
United Kingdom

UK 'Pirates' Get 20-Day Grace Period After Each Warning (torrentfreak.com) 35

UK Internet providers will soon begin sending piracy warnings to subscribers whose accounts are used to share copyright-infringing material. The associated "Get It Right" campaign has now published a detailed website, answering the most asked questions, while adding some new information as well. From a report: "After an Educational Email has been sent, there is a 20 day grace period during which time you will not receive any further emails. However, if further copyright infringement activity occurs and is detected after the 20 day grace period, you may receive another email from your ISP," the FAQ reads. Almost three weeks is significantly longer than the 7-days the U.S. equivalent has. Also good to know is that if no other piracy incidents are recorded in the future, all data is scrapped from the database after 12 months.

Slashdot Top Deals