Slashdot Mirror

Microsoft "has been quietly lobbying against Right to Repair legislation, which would prevent Microsoft from penalizing customers when they open up their devices," claims MSPoweruser: Jeff Morris, Democratic member of the [Washington state] House of Representatives claims Microsoft has blocked legislation from being passed despite strong bipartisan support. In an interview on iFixit's Repair Radio [YouTube], Rep. Jeff Morris said that "word on the street" was that Microsoft, "marshalled forces to keep the bill from moving out of the House Rules committee." He claimed "there was a tax proposal here ... to pay for STEM education," and that "in exchange for Microsoft support[ing that tax,] having Right to Repair die..." was a condition, as well as another privacy policy Microsoft wanted to advance.
The state representative hedged that "I can't confirm or deny this, because I have not seen a smoking gun."

But he also told his interviewer that to paint a discouraging picture of the landscape after passage of the bill, "Microsoft was going around telling our members that they wouldn't sell Surface Tablets in Washington any longer."

Verizon is sending out an update for millions of its routers after security researchers discovered vulnerabilities that could allow potential attackers to take over the devices. From a report: Researchers from Tenable, a security company, detailed three vulnerabilities with Verizon's Fios Quantum Gateway router on Tuesday. The company said it disclosed these security flaws to Verizon last December, and that the company issued a fix on March 13. Verizon said that a small percentage of its customers did not get the update automatically, and will still need a patch to protect against this security flaw. "We were recently made aware of three vulnerabilities related to login and password information on the Broadband Home Router Fios-G1100," a Verizon spokesman said in a statement.

"As soon as we were made aware of these vulnerabilities, we took immediate action to remediate them and are issuing patches." The company said that several customers with a particular type of router did not get the update, but said that people affected will not need to take any action. If your router's firmware is running version 02.02.00.13, you're up to date and safe from the vulnerabilities.

Amazon is planning a vast expansion of its free streaming service on its Fire TV devices and has asked marketers to commit millions of dollars to support new channels and expanded content offerings, multiple people who held discussions with the company told Cheddar. From a report: Amazon has talked to executives at media companies and advertising agencies about its plans to include more ad-supported streaming channels to compete with Roku and Pluto TV, which offer free access to TV shows and movies with commercials. Advertisers are reluctant to pledge millions of dollars before they know what content Amazon would make available on the new channels, sources said. Some buyers said Amazon is asking for as much as a large cable network for advertising commitments. Since contracts for shows and movies to appear on the new services Amazon is planning are still being negotiated, there's little guaranteed programming to advertise against.

An anonymous reader quotes a report from The Verge: Google said today that it would require its extended, non-employee workforce in the United States receive comprehensive health care coverage, a $15 minimum wage, and 12 weeks of parental leave. The move follows protests from employees and other workers at Google who have pushed the company to offer more benefits. Google relies on a massive staff of temporary, vendor, and contract workers, many of whom are supplied by third parties and aren't offered the same benefits as full Google employees. The disparity has led to calls for better conditions for the workers. Today, The Guardian reported that more than 900 employees have signed a letter supporting temporary workers whose contracts for work on Google Assistant were shortened.

In a statement announcing the changes, Google said it would require companies that provide temporary and vendor staff to offer health care benefits, including mental health, pediatric, oral, and dental services, as well as a minimum of eight paid days of sick leave. Workforce providers will also be required to pay workers at least $15 per hour and offer $5,000 per year in tuition reimbursement. The wage requirements will go into effect at the end of the year, Google said, and the health care requirements will start before 2022. The Tech Workers Coalition, which has organized tech industry workers, criticized that timeline. "Changes announced today apply to no one working right now -- but workers can't wait years to pay rent, see doctors and care for their families," the organization said in a tweet.

An anonymous reader quotes a report from MIT Technology Review: Almost a thousand Google staff, academic researchers, and other tech industry figures have signed a letter protesting the makeup of an independent council that Google created to guide the ethics of its AI projects. The search giant announced the creation of the council last week at EmTech Digital, MIT Technology Review's event in San Francisco. Known as the Advanced Technology External Advisory Council (ATEAC), it has eight members including economists, philosophers, policymakers, and technologists with expertise in issues like algorithmic bias. It is meant to hold four meetings a year, starting this month, and write reports designed to provide feedback on projects at the company that use artificial intelligence.

But two of those members proved controversial. One, Dyan Gibbens, is CEO of Trumbull, a company that develops autonomous systems for the defense industry -- a contentious choice given that thousands of Google employees protested the company's decision to supply the US Air Force with AI for drone imaging. The greatest outrage, though, has come over the inclusion of Kay Coles James, president of the Heritage Foundation, a think tank that opposes regulating carbon emissions, takes a hard line on immigration, and has argued against the protection of LGBTQ rights. The creation of ATEAC -- and the inclusion of Gibbens and James -- may in fact have been designed to appease Google's right-wing critics. At roughly the same time the council was announced, Sundar Pichai, Google's CEO, was meeting with President Donald Trump. Trump later tweeted: "He stated strongly that he is totally committed to the U.S. Military, not the Chinese Military. [We] also discussed political fairness and various things that Google can do for our Country. Meeting ended very well!" "Not only are James' views counter to Google's stated values," the letter states, "but they are directly counter to the project of ensuring that the development and application of AI prioritizes justice over profit. Such a project should instead place representatives from vulnerable communities at the center of decision-making."

"Machines will need to make ethical decisions, and we will be responsible for those decisions," argues Mike Loukides, O'Reilly Media's vice president of content strategy: We are surrounded by systems that make ethical decisions: systems approving loans, trading stocks, forwarding news articles, recommending jail sentences, and much more. They act for us or against us, but almost always without our consent or even our knowledge. In recent articles, I've suggested the ethics of artificial intelligence itself needs to be automated. But my suggestion ignores the reality that ethics has already been automated... The sheer number of decisions that need to be made means that we can't expect humans to make those decisions. Every time data moves from one site to another, from one context to another, from one intent to another, there is an action that requires some kind of ethical decision...

Ethical problems arise when a company's interest in profit comes before the interests of the users. We see this all the time: in recommendations designed to maximize ad revenue via "engagement"; in recommendations that steer customers to Amazon's own products, rather than other products on their platform. The customer's interest must always come before the company's. That applies to recommendations in a news feed or on a shopping site, but also how the customer's data is used and where it's shipped. Facebook believes deeply that "bringing the world closer together" is a social good but, as Mary Gray said on Twitter, when we say that something is a "social good," we need to ask: "good for whom?" Good for advertisers? Stockholders? Or for the people who are being brought together? The answers aren't all the same, and depend deeply on who's connected and how....

It's time to start building the systems that will truly assist us to manage our data.
The article argues that spam filters provide a surprisingly good set of first design principles. They work in the background without interfering with users, but always allow users to revoke their decisions, and proactively seek out user input in ambiguous or unclear situations.

But in the real world beyond our inboxes, "machines are already making ethical decisions, and often doing so badly. Spam detection is the exception, not the rule."

Some of the same podcasters who first extolled AirPods are now complaining about them, reports the Atlantic: The battery can no longer hold a charge, they say, rendering them functionally useless. Apple bloggers agree: "AirPods are starting to show their age for early adopters," Zac Hall, an editor at 9to5Mac, wrote in a post in January, detailing how he frequently hears a low-battery warning in his AirPods now. Earlier this month, Apple Insider tested a pair of AirPods purchased in 2016 against a pair from 2018, and found that the older pair died after two hours and 16 minutes. "That's less than half the stated battery life for a new pair," the writer William Gallagher concluded. Desmond Hughes, who is 35 and lives in Newport News, Virginia, has noticed a similar thing about his own set: At first, their charge lasted five hours, but now they sometimes last only half an hour. He frequently listens to one while charging the other -- not optimal conditions for expensive headphones. He's now gearing up to plunk down more money on another pair....

The lithium-ion batteries that power AirPods are everywhere. One industry report forecast that sales would grow to $109.72 billion by 2026, from $36.2 billion in 2018. They charge faster, last longer, and pack more power into a small space than other types of batteries do. But they die faster, too, often after just a few years, because every time you charge them, they degrade a little. They can also catch fire or explode if they become damaged, so technology companies make them difficult, if not impossible, for consumers to replace themselves. The result: A lot of barely chargeable AirPods and wireless mice and Bluetooth speakers are ending up in the trash as consumers go through products -- even expensive ones -- faster than ever....

Of the 3.4 million tons of electronic waste generated in America in 2012 -- an 80 percent increase from 2000 -- just 29 percent was recycled.
The article notes that Wednesday Apple announced a new generation of AirPods -- but "did not say whether the devices would have longer lives."

They also report that Apple "does allow consumers to pay for what it calls a 'battery replacement' for AirPods, but each 'replaced' AirPod is $49."

Medium's technology publication ran a 3,600-word investigation into a mystery that began when a 66-year-old New York woman Googled directions to her neighborhood, "and found that the app had changed the name of her community..." It's just as well no one contacted Google, because Google wasn't the company that renamed the Fruit Belt to Medical Park. When residents investigated, they found the misnomer repeated on several major apps and websites including HERE, Bing, Uber, Zillow, Grubhub, TripAdvisor, and Redfin... Monica Stephens, a geographer at the University at Buffalo who studies digital maps and misinformation, immediately suspected the geographic clearinghouse Pitney Bowes. Founded in 1920 as a maker of postage meters -- the machines that stamp mail with proof it's been sent -- Pitney Bowes expanded into neighborhood data in 2016 when it bought the leading U.S. provider, Maponics. In its 15-year run, Maponics had supplied neighborhood data to companies from Airbnb to Twitter to the Houston Chronicle. And it had also just acquired a longtime competitor, Urban Mapping, which has previously supplied Facebook, Microsoft, MapQuest, Yahoo, and Apple. Though Pitney Bowes is far from a household name, the $3.4 billion data broker is "a huge company at this point," says Stephens, with enough influence to inadvertently rename a neighborhood across hundreds of sites...

In the early 2000s, Urban Mapping offered new college grads $15 to $25 per hour to comb local blogs, home listings, city plans, and brochures for possible neighborhood names and locations. Maponics, meanwhile, used nascent technologies such as computer vision and natural language processing to pull neighborhoods from images and blocks of text, one former executive with the company said... I visited the Buffalo Central Library to find the source of the error... Sure enough, one of the librarians located a single planning office map that used the "Medical Park" label. It was a 1999 report on poverty and housing conditions -- long since relegated to a dusty shelf stacked with old binders and file folders... Somehow, likely in the early 2000s, this map made its way into what is now the Pitney Bowes data set -- and from there, was hoovered into Google Maps and out onto the wider internet. Buffalo published another map in 2017, with the Fruit Belt clearly marked, and broadcast on the city's open data portal. For whatever reason, Pitney Bowes and its customers never picked that map up.
This is not the first time Google Maps has seemed to spontaneously rename a neighborhood. But for Fruit Belt the reporter's query eventually prompted corrections to the maps on Redfin, TripAdvisor, Zillow, Grubhub, and Google Maps. But the article argues that when it comes to how city names are represented online, "the process is too opaque to scrutinize in public. And that ambiguity foments a sense of powerlessness."

Pitney Bowes doesn't even have a method for submitting corrections. Yet, "In an emailed statement, a spokesperson for Google defended its use of third-party neighborhood sources. 'Overall, this provides a comprehensive and up-to-date map,' the spokesperson said, 'but when we're made aware of errors, we work quickly to fix them.'"

An anonymous reader quotes a report from Engadget: Alphabet offshoot Jigsaw is launching a Chrome extension designed to help moderate toxic comments on social media. The new open-source tool, dubbed "Tune," builds on the machine learning smarts introduced in Jigsaw's "Perspective" tech to help sites like Facebook and Twitter set the "volume" of abusive comments. Using "filter mix" controls, users can either turn toxic comments off altogether (what's known as "zen mode") or show selective types of posts containing attacks, insults, or profanity. Tune also works with Reddit, YouTube and Disqus. Jigsaw admits that Tune is still an experiment, meaning it may not spot all forms of toxicity or could hide non-offensive comments. "We're constantly working to improve the underlying technology, and users can easily give feedback right in the tool to help us improve our algorithms," C.J. Adams, Jigsaw product manager, wrote in a blog post.

Democratic presidential candidate Elizabeth Warren is proposing to break up technology companies, including Amazon.com, Google and Facebook, calling them anti-competitive behemoths that are crowding out competition. From a report: "Twenty-five years ago, Facebook, Google, and Amazon didn't exist. Now they are among the most valuable and well-known companies in the world," Warren wrote in a post on the blogging platform Medium. "It's a great story -- but also one that highlights why the government must break up monopolies and promote competitive markets." Warren's call also comes as Democrats have begun to plan for increased oversight of tech companies after winning control of the House in the 2018 midterm elections. On Wednesday, House and Senate Democrats introduced legislation to establish strong net neutrality protections that would look to prevent major service providers from using their power to manipulate how users experience the internet. Update: In a statement, Warren's team said that the proposal would also apply to Apple. "They would have to structurally separate -- choosing between, for example, running the App Store or offering their own apps," a spokesperson said.

Over at Quartz, Ephrat Livni reports that a 60 Minutes story about gender equality accidentally proved the persistence of patriarchy. Reader theodp shares the report: Good intentions are nice, but they aren't enough, the TV news show 60 Minutes recently proved. The show's producers apparently meant well when they decided to do a segment on women in technology and the gender gap, which aired on March 4. But they ended up punching women in the gut, as the founder and CEO of Girls Who Code, Reshma Saujani, puts it in her response to the segment. Ultimately, 60 Minutes featured a man, Code.org CEO Hadi Partovi. His [tech-backed] organization's mission is to expand access to computer science education in schools.

Women technologists like Saujani who were tapped to appear on the show about a year ago and worked with producers to provide research and interviews, ended up on the cutting room floor while Partovi spoke on their behalf. Here is the cruel irony: As a result, 60 Minutes' segment was accidentally exceptionally effective-it proved that women in tech really can't catch a break. [...] Ayah Bdeir, the founder of STEM learning toy company littleBits, also responded to the episode in a Medium post. She noted that she worked with 60 Minutes for a year, planning interviews, providing research, talking to the producers and reporters, telling her story and that of her organization, which is focused on closing the gender gap in technology. Yet producers wrote to her last August to say that the focus of the segment had shifted and that littleBits would no longer be central in the story. In an email, a producer explained to her, 'It's not that the important points you made in your interview are ignored in the story, or that you didn't make them very effectively, they're just made by others'.

Over at Quartz, Ephrat Livni reports that a 60 Minutes story about gender equality accidentally proved the persistence of patriarchy. Reader theodp shares the report: Good intentions are nice, but they aren't enough, the TV news show 60 Minutes recently proved. The show's producers apparently meant well when they decided to do a segment on women in technology and the gender gap, which aired on March 4. But they ended up punching women in the gut, as the founder and CEO of Girls Who Code, Reshma Saujani, puts it in her response to the segment. Ultimately, 60 Minutes featured a man, Code.org CEO Hadi Partovi. His [tech-backed] organization's mission is to expand access to computer science education in schools.

Women technologists like Saujani who were tapped to appear on the show about a year ago and worked with producers to provide research and interviews, ended up on the cutting room floor while Partovi spoke on their behalf. Here is the cruel irony: As a result, 60 Minutes' segment was accidentally exceptionally effective-it proved that women in tech really can't catch a break. [...] Ayah Bdeir, the founder of STEM learning toy company littleBits, also responded to the episode in a Medium post. She noted that she worked with 60 Minutes for a year, planning interviews, providing research, talking to the producers and reporters, telling her story and that of her organization, which is focused on closing the gender gap in technology. Yet producers wrote to her last August to say that the focus of the segment had shifted and that littleBits would no longer be central in the story. In an email, a producer explained to her, 'It's not that the important points you made in your interview are ignored in the story, or that you didn't make them very effectively, they're just made by others'.

Over at Quartz, Ephrat Livni reports that a 60 Minutes story about gender equality accidentally proved the persistence of patriarchy. Reader theodp shares the report: Good intentions are nice, but they aren't enough, the TV news show 60 Minutes recently proved. The show's producers apparently meant well when they decided to do a segment on women in technology and the gender gap, which aired on March 4. But they ended up punching women in the gut, as the founder and CEO of Girls Who Code, Reshma Saujani, puts it in her response to the segment. Ultimately, 60 Minutes featured a man, Code.org CEO Hadi Partovi. His [tech-backed] organization's mission is to expand access to computer science education in schools.

Women technologists like Saujani who were tapped to appear on the show about a year ago and worked with producers to provide research and interviews, ended up on the cutting room floor while Partovi spoke on their behalf. Here is the cruel irony: As a result, 60 Minutes' segment was accidentally exceptionally effective-it proved that women in tech really can't catch a break. [...] Ayah Bdeir, the founder of STEM learning toy company littleBits, also responded to the episode in a Medium post. She noted that she worked with 60 Minutes for a year, planning interviews, providing research, talking to the producers and reporters, telling her story and that of her organization, which is focused on closing the gender gap in technology. Yet producers wrote to her last August to say that the focus of the segment had shifted and that littleBits would no longer be central in the story. In an email, a producer explained to her, 'It's not that the important points you made in your interview are ignored in the story, or that you didn't make them very effectively, they're just made by others'.

theodp writes: Facebook may be facing the threat of a multi-billion dollar FTC fine for privacy lapses that included allowing companies to obtain users' email addresses from their friends, but that didn't discourage Bill Gates from taking to Twitter to urge his 46.5 million followers to give up the names and email addresses of teachers so they can be contacted by tech-bankrolled Code.org for a chance to receive a "Computer Science Scholarship" (attend Professional Development workshops). Or Amazon. Or Google. "The success of our professional learning program depends on the work of our partners to spread the word," explained Code.org in a Medium Post. "Corporate partners like Amazon, Infosys, and Google are rallying their employees and communities to nominate a teacher, and so are fellow teachers, parents, and students. We couldn't do it without you! [...] Code.org (and these scholarships) are supported by: Amazon, Bill and Melinda Gates Foundation, Facebook, Google, Infosys Foundation USA, Microsoft [...] Code.org has prepared almost 100,000 educators to teach our courses, and they give our program rave reviews. We welcome teachers from all subject areas-no CS experience needed!"

In May, Code.org announced it was crowdsourcing a database of U.S. K-12 schools that teach -- or don't teach -- CS, with a goal to "gather data for 100% of U.S. schools by the end of 2018." The database would be used by the nonprofit and the CS community to "make our shared vision [for every school to teach computer science] a reality." Several months later, Amazon disclosed its involvement with the data collection effort, explaining it "will help us bring access to the schools that need it most." Amazon on Thursday announced it had selected 1,000 high schools to receive Amazon-funded CS classes and will be tapping another lucky 1,000 schools in the next few months. An Amazon press release said the company hopes to "inspire and educate 10 million children and young adults each year from underprivileged, underrepresented, and underserved communities to pursue careers in the fast-growing field of computer science and coding" through its Amazon Future Engineer program, which the e-tailer describes as "a four-part, childhood-to-career program."

A new take on the age-old question: Should you rewrite your application from scratch, or is that "the single worst strategic mistake that any software company can make"? Turns out there are more than two options for dealing with a mature codebase. Herb Caudill: Almost two decades ago, Joel Spolsky excoriated Netscape for rewriting their codebase in his landmark essay Things You Should Never Do . He concluded that a functioning application should never, ever be rewritten from the ground up. His argument turned on two points: The crufty-looking parts of the application's codebase often embed hard-earned knowledge about corner cases and weird bugs. A rewrite is a lengthy undertaking that keeps you from improving on your existing product, during which time the competition is gaining on you.

For many, Joel's conclusion became an article of faith; I know it had a big effect on my thinking at the time. In the following years, I read a few contrarian takes arguing that, under certain circumstances, it made a lot of sense to rewrite from scratch. For example: Sometimes the legacy codebase really is messed up beyond repair, such that even simple changes require a cascade of changes to other parts of the code. The original technology choices might be preventing you from making necessary improvements. Or, the original technology might be obsolete, making it hard (or expensive) to recruit quality developers.

The correct answer, of course, is that it depends a lot on the circumstances. Yes, sometimes it makes more sense to gradually refactor your legacy code. And yes, sometimes it makes sense to throw it all out and start over. But those aren't the only choices. Let's take a quick look at six stories, and see what lessons we can draw.

Maximiliano Firtman: Chrome 72 for Android shipped the long-awaited Trusted Web Activity feature, which means we can now distribute PWAs in the Google Play Store! I played with the feature for a while, digging into the APIs and here you have a summary of what's going on, what to expect and how to use it today. Chrome 72 for Android is now shipping from the Play Store to all users and this version included Trusted Web Activity (TWA), that in a nutshell is a way to open Chrome in standalone mode (without any toolbar or Chrome UI) within the scope of our own native Android package. Let me start saying that the publishing process is not straightforward as it should be (such as "enter your URL" in the Play Console and it's done). It's also not a way to use the currently available WebAPK and publish it in the store. It's a Java API that communicates through services with Chrome and seem to be in the early stages, so there is a lot of manual work to do yet today.

Google acquired DeepMind for $500 million in 2014, and its AI programs later beat the world's best player in Go, as well as the top AI chess programs. But when its AlphaStar system beat two top Starcraft II players -- was it cheating?

Long-time Slashdot reader AmiMoJo quotes BoingBoing: It claimed the AI was limited to what human players can physically do, putting its achievement in the realm of strategic analysis rather than finger twitchery. But there's a problem: it was often tracked clicking with superhuman speed and efficiency.

Aleksi Pietikainen writes "It is deeply unsatisfying to have prominent members of this research project make claims of human-like mechanical limitations when the agent is very obviously breaking them and winning its games specifically because it is demonstrating superhuman execution."
"It wasn't an entirely fair fight," argues Ars Technica, noting the limitations DeepMind placed on its AI "seem to imply that AlphaStar could take 50 actions in a single second or 15 actions per second for three seconds." And in addition, "This API may allow the software to glean more information... " After playing back some of AlphaZero's back-to-back 5-0 victories over StarCraft pros, the company staged a final live match between AlphaStar and [top Starcraft II player Grzegorz "MaNa"] Komincz. This match used a new version of AlphaStar with an important new limitation: it was forced to use a camera view that tried to simulate the limitations of the human StarCraft interface. The new interface only allowed AlphaStar to see a small portion of the battlefield at once, and it could only issue orders to units that were in its current field of view....

We don't know exactly why Komincz won this game after losing the previous five. It doesn't seem like the limitation of the camera view directly explains AlphaStar's inability to respond effectively to the drop attack from the Warp Prism. But a reasonable conjecture is that the limitations of the camera view degraded AlphaStar's performance across the board, preventing it from producing units quite as effectively or managing its troops with quite the same deadly precision in the opening minutes.

Long-time Slashdot reader AmiMoJo shares this article from the Verge: An autonomous food delivery robot burst into flames on a Berkeley, California walkway, as first reported by The Daily Californian. Kiwi, the startup that makes and manages the one hundred-strong fleet of robots, issued a statement to say that the fire was quickly extinguished by a passerby before the city's fire department arrived and doused the machine in foam.... It said that it believed the fire was caused by human error, when a faulty battery was manually inserted into the robot, eventually causing thermal runaway -- the same issue that resulted in the recall of Samsung's Galaxy Note 7 phones. Kiwi says that a new piece of software will "rigorously monitor the state of each battery" to prevent anything like this from happening again.

Kiwi said the incident resulted in "some smoke and minor flames." But video captured of the event shows the robot engulfed in the kind of fiercely burning fireball typically associated with battery fires.
Though no one was hurt, Kiwi's fleet of 100 delivery robots was still deactivated while the company investigated the fiery wreck.

Steve Dower, a Python developer at Microsoft, describes how the language become popular internally: In 2010, our few Pythonistas were flying under the radar, in case somebody noticed that they could reassign a few developers to their own project. The team was small, leftover from a previous job, but was chipping away at a company culture that suffered from "not invented here" syndrome: Python was a language that belonged to other people, and so Microsoft was not interested. Over the last eight years, the change has been dramatic. Many Microsoft products now include Python support, and some of the newest only support Python. Some of our critical tools are written in Python, and we are actively investing in the language and community....

In 2018, we are out and proud about Python, supporting it in our developer tools such as Visual Studio and Visual Studio Code, hosting it in Azure Notebooks, and using it to build end-user experiences like the Azure CLI. We employ five core CPython developers and many other contributors, are strong supporters of open-source data science through NumFOCUS and PyData, and regularly sponsor, host, and attend Python events around the world.
"We often felt like a small startup within a very large company" Downer writes, in a post for the Medium community "Microsoft Open Source Stories."

Steve Dower, a Python developer at Microsoft, describes how the language become popular internally: In 2010, our few Pythonistas were flying under the radar, in case somebody noticed that they could reassign a few developers to their own project. The team was small, leftover from a previous job, but was chipping away at a company culture that suffered from "not invented here" syndrome: Python was a language that belonged to other people, and so Microsoft was not interested. Over the last eight years, the change has been dramatic. Many Microsoft products now include Python support, and some of the newest only support Python. Some of our critical tools are written in Python, and we are actively investing in the language and community....

In 2018, we are out and proud about Python, supporting it in our developer tools such as Visual Studio and Visual Studio Code, hosting it in Azure Notebooks, and using it to build end-user experiences like the Azure CLI. We employ five core CPython developers and many other contributors, are strong supporters of open-source data science through NumFOCUS and PyData, and regularly sponsor, host, and attend Python events around the world.
"We often felt like a small startup within a very large company" Downer writes, in a post for the Medium community "Microsoft Open Source Stories."

"it is clear to me that open source -- now several decades old and fully adult -- is going through its own midlife crisis," writes Joyent CTO Bryan Cantrill. [O]pen source business models are really tough, selling software-as-a-service is one of the most natural of them, the cloud service providers are really good at it -- and their commercial appetites seem boundless. And, like a new cherry red two-seater sports car next to a minivan in a suburban driveway, some open source companies are dealing with this crisis exceptionally poorly: they are trying to restrict the way that their open source software can be used. These companies want it both ways: they want the advantages of open source -- the community, the positivity, the energy, the adoption, the downloads -- but they also want to enjoy the fruits of proprietary software companies in software lock-in and its concomitant monopolistic rents.

If this were entirely transparent (that is, if some bits were merely being made explicitly proprietary), it would be fine: we could accept these companies as essentially proprietary software companies, albeit with an open source loss-leader. But instead, these companies are trying to license their way into this self-contradictory world: continuing to claim to be entirely open source, but perverting the license under which portions of that source are available. Most gallingly, they are doing this by hijacking open source nomenclature. Of these, the laughably named commons clause is the worst offender (it is plainly designed to be confused with the purely virtuous creative commons), but others...are little better...
"[T]heir business model isn't their community's problem, and they should please stop trying to make it one," Cantrill writes, adding letter that "As we collectively internalize that open source is not a business model on its own, we will likely see fewer VC-funded open source companies (though I'm honestly not sure that that's a bad thing)..." He also points out that "Even though the VC that led the last round wants to puke into a trashcan whenever they hear it, business models like 'support', 'services' and 'training' are entirely viable!"

Jay Kreps, Co-founder of @confluentinc, has posted a rebuttal on Medium. "How do you describe a license that lets you run, modify, fork, and redistribute the code and do virtually anything other than offer a competing SaaS offering of the product? I think Bryan's sentiment may be that it should be called the Evil Proprietary Corruption of Open Source License or something like that, but, well, we disagree."

An anonymous reader quotes a report from Ars Technica: Legislation to restore net neutrality rules now has 180 supporters in the U.S. House of Representatives, but that's 38 votes short of the amount needed before the end of the month. The Congressional Review Act (CRA) resolution, already approved by the Senate, would reverse the Federal Communications Commission's repeal of net neutrality rules. But 218 signatures from U.S. representatives (a majority) are needed to force a full vote in the House before Congress adjourns at the end of the year.

Net neutrality advocates previously said they needed 218 signatures by December 10 to force a vote. But an extension of Congress' session provided a little more time. "[Now that the Congressional session has officially been extended, members of Congress could be in town as late as December 21st," net neutrality advocacy group Fight for the Future wrote yesterday. "This means we have until the end of the year to get as many lawmakers as possible signed on to restore net neutrality." A discharge petition that would force a vote on the CRA resolution gained three new supports in the past two weeks, but even if all Democrats were on board it still wouldn't be enough to force a vote. Republicans have a 236-197 House majority, and only one House Republican has signed the petition.

An anonymous reader writes: Karspesky security researcher Sergey Golovanov writes about recent cybertheft incidents involving hardware backdoors planted by criminals. Each attack had a common springboard: an unknown device directly connected to the company's local network. In some cases, it was the central office, in others a regional office, sometimes located in another country. At least eight banks in Eastern Europe were the targets of the attacks, which caused damage estimated in the tens of millions of dollars. Hardware backdoors are cheap and immune to antivirus. A firmware modified OpenWrt based router can provide covert remote access, painless packet captures, and secure VPN connections with the flip of a switch. Will a flashlight and a ladder be common tools of computer security someday? After the cybercriminals entered a organization's building, connected a device to the local network and scanned the local network seeking to gain access to the resources, they proceeded to stage three. "Here they logged into the target system and used remote access software to retain access," writes Golovanov. "Next, malicious services created using msfvenom were started on the compromised computer. Because the hackers used fileless attacks (PDF) and PowerShell, they were able to avoid whitelisting technologies and domain policies. If they encountered a whitelisting that could not be bypassed, or PowerShell was blocked on the target computer, the cybercriminals used impacket, and winexesvc.exe or psexec.exe to run executable files remotely."

Though Blockchain has been touted as the answer to everything, a study of 43 solutions advanced in the international development sector has found exactly no evidence of success. From a report: Three practitioners including erstwhile blockchain enthusiast John Burg, a Fellow at the US Agency for International Development (USAID), looked at instances of the distributed crypto ledger being used in a wide range of situations by NGOs, contractors and agencies. But they drew a complete blank. "We found a proliferation of press releases, white papers, and persuasively written articles," Burg et al wrote. "However, we found no documentation or evidence of the results blockchain was purported to have achieved in these claims. We also did not find lessons learned or practical insights, as are available for other technologies in development."

Blockchain vendors were keen to puff the merits of the technology, but when the three asked for proof of success in the field, it all went very quiet. "We fared no better when we reached out directly to several blockchain firms, via email, phone, and in person. Not one was willing to share data on program results, MERL [monitoring, evaluation, research and learning] processes, or adaptive management for potential scale-up. Despite all the hype about how blockchain will bring unheralded transparency to processes and operations in low-trust environments, the industry is itself opaque." Burg was an enthusiastic advocate for blockchain until recently -- as he explained in this Medium post.

"[O]n Nov. 26 it was publicly revealed that a widely deployed open-source Node.js programming language module known as event-stream had been injected with malicious code that looked to steal cryptocurrency wallets," reports eWeek, adding "The event-stream library has over two million downloads."

An anonymous reader quotes Ars Technica: The backdoor came to light [November 20th] with this report from Github user Ayrton Sparling. Officials with the NPM, the open source project manager that hosted event-stream, didn't issue an advisory until six days later.... "This compromise was not targeting module developers in general or really even developers," an NPM official told Ars in an email. "It targeted a select few developers at a company, Copay, that had a very specific development environment set up. Even then, the payload itself didn't run on those developers' computers; rather, it would be packaged into a consumer-facing app when the developers built a release. The goal was to steal Bitcoin from this application's end users...."

According to the Github discussion that exposed the backdoor, the longtime event-stream developer no longer had time to provide updates. So several months ago, he accepted the help of an unknown developer. The new developer took care to keep the backdoor from being discovered. Besides being gradually implemented in stages, it also narrowly targeted only the Copay wallet app. The malicious code was also hard to spot because the flatmap-stream module was encrypted. The attack is the latest to exploit weaknesses in a widely used supply chain to target downstream end users... The supply-chain attacks show one of the weaknesses of open source code. Because of its openness and the lack of funds of many of its hobbyist developers and users, open source code can be subject to malicious modifications that often escape notice.
"The time has come," concludes Ars Technica, "for maintainers and users of open source software to devise new measures to better police the millions of packages being used all around us." Sophos' security blog also asks why so many developers "immediately and blindly trusted the new maintainer," and shared a concerned comment from developer named Chris Northwood.

"Nothing's stopping this happening again, and it's terrifying."

Brian Merchant, writing for Medium : In 2017, PricewaterhouseCoopers, the professional services firm that advises 440 of the Fortune 500 companies, published a blueprint for using science fiction to explore business innovation. The same year, the Harvard Business Review argued that "business leaders need to read more science fiction" in order to stay ahead of the curve. "We're already seeing science fiction become reality today," said Google's then-CEO Eric Schmidt in 2012. "Think back to Star Trek, or my favorite, the Hitchhiker's Guide to the Galaxy -- much of what those writers imagined is now possible," he said, ticking off auto-translation, voice recognition, and electronic books. Jeff Bezos' product design team built the Kindle to spec from Neal Stephenson's book The Diamond Age. (Stephenson himself is the chief future at the multibillion-dollar-valued Magic Leap.) Josh Wolfe, a managing partner at Lux Capital, is pouring millions of dollars into companies building what he explicitly describes as "the sci-fi future." "I'm looking for things that feel like they were once written about in science fiction," he told Fortune. "The gap between 'sci-fi,' -- that which was once imagined -- and 'sci-fact,' that which becomes manifest and real, is shrinking."

A number of companies, along with a loose constellation of designers, marketers, and consultants, have formed to expedite the messy creative visualization process that used to take decades. For a fee, they'll prototype a possible future for a client, replete with characters who live in it, at as deep a level as a company can afford. They aim to do what science fiction has always done -- build rich speculative worlds, describe that world's bounty and perils, and, finally, envision how that future might fall to pieces. Alternatively referred to as sci-fi prototyping, futurecasting, or worldbuilding, the goal of these companies is generally the same: help clients create forward-looking fiction to generate ideas and IP for progress or profit. Each of the biggest practitioners believe they have their own formulas for helping clients negotiate the future. And corporations like Ford, Nike, Intel, and Hershey's, it turns out, are willing to pay hefty sums for their own in-house Minority Reports.

Brian Merchant, writing for Medium : In 2017, PricewaterhouseCoopers, the professional services firm that advises 440 of the Fortune 500 companies, published a blueprint for using science fiction to explore business innovation. The same year, the Harvard Business Review argued that "business leaders need to read more science fiction" in order to stay ahead of the curve. "We're already seeing science fiction become reality today," said Google's then-CEO Eric Schmidt in 2012. "Think back to Star Trek, or my favorite, the Hitchhiker's Guide to the Galaxy -- much of what those writers imagined is now possible," he said, ticking off auto-translation, voice recognition, and electronic books. Jeff Bezos' product design team built the Kindle to spec from Neal Stephenson's book The Diamond Age. (Stephenson himself is the chief future at the multibillion-dollar-valued Magic Leap.) Josh Wolfe, a managing partner at Lux Capital, is pouring millions of dollars into companies building what he explicitly describes as "the sci-fi future." "I'm looking for things that feel like they were once written about in science fiction," he told Fortune. "The gap between 'sci-fi,' -- that which was once imagined -- and 'sci-fact,' that which becomes manifest and real, is shrinking."

A number of companies, along with a loose constellation of designers, marketers, and consultants, have formed to expedite the messy creative visualization process that used to take decades. For a fee, they'll prototype a possible future for a client, replete with characters who live in it, at as deep a level as a company can afford. They aim to do what science fiction has always done -- build rich speculative worlds, describe that world's bounty and perils, and, finally, envision how that future might fall to pieces. Alternatively referred to as sci-fi prototyping, futurecasting, or worldbuilding, the goal of these companies is generally the same: help clients create forward-looking fiction to generate ideas and IP for progress or profit. Each of the biggest practitioners believe they have their own formulas for helping clients negotiate the future. And corporations like Ford, Nike, Intel, and Hershey's, it turns out, are willing to pay hefty sums for their own in-house Minority Reports.

Advertisements in the real world are becoming more technologically sophisticated, integrating facial recognition, location data, artificial intelligence, and other powerful tools that are more commonly associated with your mobile phone. Welcome to the new age of digital marketing. From a report: During this year's Fashion Week in New York, a digital billboard ad for New Balance used A.I. technology to detect and highlight pedestrians wearing "exceptional" outfits. A billboard advertisement for the Chevy Malibu recently targeted drivers on Interstate 88 in Chicago by identifying the brand of vehicle they were driving, then serving ads touting its own features in comparison. And Bidooh, a Manchester-based startup that admits it was inspired by Minority Report, is using facial recognition to serve ads through its billboards in the U.K. and other parts of Europe as well as South Korea. According to its website, Bidooh allows advertisers to target people based on criteria like age, gender, ethnicity, hair color, clothing color, height, body shape, perceived emotion, and the presence of glasses, sunglasses, beards, or mustaches.

We've been on the path here since at least a decade ago when the New York Times reported that some digital billboards were equipped with small cameras that could analyze a pedestrian's facial features to serve targeted ads based on gender and approximate age. Things have progressed as you'd expect: In 2016, another Times report described how Clear Channel Outdoor Americas had partnered with companies including AT&T to track people via their mobile phones. The ads could determine the gender and average age of people passing different billboards and determine whether they visited a store after seeing an ad.

A group of Google employees have put their name to a public letter calling on the company to abandon its plans for a Chinese search product that censors results. From a report: Project Dragonfly, as the initiative is known, would enable state surveillance at a time when the Chinese government is expanding controls over the population, according to the letter signed by at least 10 workers, predominately software engineers and researchers. The document also called on management to commit to transparency, be accountable and provide clear communication.

Ever since plans for Dragonfly emerged in August, Google parent Alphabet has been riven by internal dissent at the prospect of a search engine bending to Beijing's censorship. It was that sort of government control that prompted co-founders Larry Page and Sergey Brin to effectively pull out of China in 2010 when it decided to stop removing controversial links from web queries. "We refuse to build technologies that aid the powerful in oppressing the vulnerable, wherever they may be," the Google workers wrote in the letter. "Dragonfly in China would establish a dangerous precedent, one that would make it harder for Google to deny other countries similar concessions."

Elon Musk reckons there's a 70 percent chance he'll go to Mars, even as he knows there's a good chance he won't survive there. "I'm talking about moving there," the SpaceX and Tesla CEO said in a wide-ranging, but brief interview with Axios on HBO. "We've recently made a number of breakthroughs that I'm just really fired up about."

In the interview, he also spoke about Neuralink, the company he launched last year to build brain-enhancing implants. "The long-term aspiration of Neuralink would be to achieve a symbiosis with artificial intelligence," he said. "If we have billions of people with a high-bandwidth link to an AI extension of themselves, it would actually make everyone hyper-smart."

Musk also revealed that Tesla had been "single-digit weeks" away from death with the company "bleeding" cash as it ramped up Model 3 production. He said he was worried about imploding and that the stress of working seven days a week and sleeping at the Tesla factory was very painful."It hurts my brain and my heart," said Musk, who recently publicly urged people to explore electric cars, even if they come from companies Tesla competes with.

Ryan Holmes, writing on Medium: Back in March of last year, Conde Nast Traveler did something a little unusual in the social media universe. They played hard to get. Instead of courting new followers with clickbait and promo codes, the company required that interested people apply to get into their closed Facebook Group, focused on female travelers. To be considered for membership, applicants had to explain why the Group was important to them, and show an understanding of the community guidelines. Today, the Women Who Travel Facebook Group counts more than 50,000 members. And it boasts a level of activity many brands could only dream of -- three-quarters of users are active on a daily basis. The initiative has been so successful, in fact, that Conde Nast has since extended Facebook Groups across eight of its brands, including The New Yorker, Vanity Fair, Allure, BRIDES, Golf Digest, SELF and Teen Vogue.

The Facebook Group is nothing new. Spaces for like-minded people to congregate and discuss specific subjects -- from hobbies to pets and celebrities -- date in one form or another to the platform's earliest days. These Groups have long been segmented into three classes: open (or general admission), closed (requiring admin approval for new members) and secret (invisible to outside search and accessible only with a direct link). But for a combination of technical and cultural reasons, Groups are suddenly having their moment. (Apart from Facebook, LinkedIn revamped its own Groups offering this fall for its 500-plus million users, adding the ability to share pics and videos, as well as receive comment notifications.) In the past year alone, Facebook Group membership is up 40 percent, with 1.4 billion people -- more than half of Facebook's massive user base -- now using Groups every month. Of those, 200 million people belong to so-called "meaningful Groups," considered a vital part of users' daily lives.

theodp writes: Developers! Developers! Developers! To make good on the proposal that snagged it a share of the Amazon HQ2 prize, the State of Virginia is also apparently on the hook for doubling the annual number of graduates with computer science or closely related degrees, with a goal to add 25,000 to 35,000 graduates (Amazon's HQ2 RFP demanded info on "education programs related to computer science"). To do that, the state will establish a performance-based investment fund for higher education institutions to expand their bachelor's degree programs, and spend up to $375 million on George Mason University's Arlington campus and a new Virginia Tech campus in Alexandria. The state will also spend $50 million on STEM + CS education in public schools and expanding internships for higher education students.

Amazon is certainly focused on boosting the ranks of software engineer types. Earlier this month, Amazon launched Amazon Future Engineer, a program that aims to teach more than 10 million students a year how to code, part of a $50 million Amazon commitment to computer science education that was announced last year at a kickoff event for the Ivanka Trump-led White House K-12 CS Initiative. And on Wednesday, Amazon-bankrolled Code.org -- Amazon is a $10+ million Diamond Supporter of the nonprofit; CS/EE grad Jeff Bezos is a $1+ million Gold Supporter -- announced it has teamed with Amazon Future Engineer to build and launchHour of Code: Dance Party, a signature tutorial for this December's big Hour of Code (powered by AWS in 2017), which has become something of a corporate infomercial (Microsoft recently boasted "learners around the world have completed nearly 100 million Minecraft Hour of Code sessions"). Students participating in the Dance Party tutorial, Code.org explained, can choose from 30 hits like Katy Perry's "Firework" and code interactive dance moves and special effects as they learn basic CS concepts. "The artists whose music is used in this tutorial are not sponsoring or endorsing Amazon as part of licensing use of their music to Code.org," stresses a footnote in Code.org's post. So, don't try to make any connections between Katy Perry's Twitter endorsement of the Code.org/Amazon tutorial later that day and those same-day follow-up Amazon and Katy Perry tweets touting their new exclusive Amazon Music streaming deal, kids!

Google Photos, introduced in 2015, has become one of the most emotionally resonant pieces of technology today. It is also shaping our narratives along the way, writes The New York Times' Farhad Manjoo. From a story: Google's computers can recognize faces, even as they age over time. Photos also seems to understand the tone and emotional valence of human interaction, things like smiles, giggles, frowns, tantrums, dances of joy and even snippets of dialogue like "happy birthday!" or "good job!" The resulting montage, synced to a swelling Hollywood score, mixed obvious highlights -- birthdays, school plays -- with dozens of ordinary moments of childhood bliss.

[...] This is what I mean about a sucker punch: Who expects software to make them cry? Images on Instagram and Snapchat may move you regularly, but Google Photos is not social media; it is personal media, a service begun three years ago primarily as a database to house our growing collections of private snaps -- and a service run mostly by machines, not by other humans posting and Liking stuff. And yet Google Photos has become one of the most emotionally resonant pieces of technology I regularly use. It is remarkable not just for how useful it is -- for how it has erased any headache in storing and searching through the tsunami of images we all produce. More than that, Photos is remarkable for what it portends about how we may one day understand ourselves through photography.

You may be thinking: But sand is everywhere, there are whole deserts filled with the stuff. The sand in a desert, though, is useless as a construction material. The grains are out in the open and blow around for thousands of years. From a report: This rounds them off until they become useless as building blocks. Imagine trying to make a building with golf balls. In order to build, sand with angular edges must be used. The preferential type is the kind found in a river bed, sea, or beach. The fact that desert sand is useless makes for some unexpected situations. Despite being surrounded by endless miles of sand, the tallest building in the world, the Burj Khalifa in Dubai, was built with sand imported from Australia. Dubai also imports sand for its beaches from Australia. Apparently desert sand doesn't do well in a beach atmosphere either. Sand also regenerates slowly. It takes thousands upon thousands of years for rock and sediment to break down into the usable grains we all rely on.

The world has seen a construction boom in recent years. The base that boom is built on, quite literally, is concrete. The United Nations estimates that the world consumes more than 40 billion tons of building aggregate -- sand, gravel, and crushed stone -- each year. Some estimates predict consumption will top 50 billion tons by next year, with China alone gobbling up much of the world's concrete supply as it undergoes a massive urbanization. According to data from the U.S. Geological Survey, between 2011 and 2013 China used more concrete than the U.S. used throughout the entire 20th century. Other parts of Asia, such as India, are rapidly expanding as well. The urbanization driving this construction boom, and increasing reliance on concrete, shows no signs of slowing. By 2030 the U.N. expects 60 percent of the world's population to live in urban areas.

[...] One of the prime issues with sand is that it's heavy. Heavy items incur large transportation costs, especially over a long distance. The scarcity and high prices attract the attention of criminals. Why go to a legal mining area when sand can be extracted for next to nothing elsewhere? "Sand mafias" are groups of criminals that illegally dredge sand from areas where extraction is prohibited. Since they're not following laws, all environmental protocols are ignored. Often rivers are illegally mined, destroying the habitat for fish and fishermen. Sometimes land from private villages is even taken over by these mafias. If they're confronted, violence often results. And according to a 2015 Wired story on sand mafias in India, police are typically of little help: "The conventional wisdom says that many local authorities accept bribes from the sand miners to stay out of their business -- and not infrequently, are involved in the business themselves."

"In 2012, most CS teacher professional development was paid for by the National Science Foundation or Google." And in the years that followed, 80,000 primary and secondary school teachers received opportunities to learn how to teach computer science without paying any fees -- thanks to tech-bankrolled Code.org.

But is anyone taking the classes? Slashdot reader theodp quotes a Communications of the ACM post by University of Michigan professor Mark Guzdial: In 2013, Code.org began, and they changed the face of CS education in the United States . It started out as just a video (linked here, seen over 14 million times), and grew into an organization that created and provided curriculum, offered teacher professional development, and worked with states and districts around public policy initiatives. A recent report from Code.org showed that 44 states have enacted public policies to promote computing education in the five years from 2013 to 2018, and much of that happened through Code.org's influence....

Now, Code.org has announced that they are starting to scale back their funding, which begins a multi-year transition to shift the burden of paying for teacher professional development to the local regions.... The only question is whether it's too soon. Will local regions step up and demonstrate that they value computer science by paying for it...? I'd guess that many states have between 40% and 70% of their high schools now offering computer science. However, even though many schools offer computer science, there are still few students taking computer science.
Indiana reported that only 0.4% of Indiana high school students had enrolled in their most popular course. Meanwhile in one region in Texas, 54 of 159 high schools offer computer science, yet only 2.3% of their students have ever taken a computer science class. But of course, there's another issue.

"If Code.org (or NSF or Google) are paying for all the development of CS teachers, then the districts don't get to say, 'In our community we care about this and we care less about that.' The U.S. education system is organized around the local regions calling the shots, setting the priorities, and deciding what they want teachers to teach."

"In 2012, most CS teacher professional development was paid for by the National Science Foundation or Google." And in the years that followed, 80,000 primary and secondary school teachers received opportunities to learn how to teach computer science without paying any fees -- thanks to tech-bankrolled Code.org.

But is anyone taking the classes? Slashdot reader theodp quotes a Communications of the ACM post by University of Michigan professor Mark Guzdial: In 2013, Code.org began, and they changed the face of CS education in the United States . It started out as just a video (linked here, seen over 14 million times), and grew into an organization that created and provided curriculum, offered teacher professional development, and worked with states and districts around public policy initiatives. A recent report from Code.org showed that 44 states have enacted public policies to promote computing education in the five years from 2013 to 2018, and much of that happened through Code.org's influence....

Now, Code.org has announced that they are starting to scale back their funding, which begins a multi-year transition to shift the burden of paying for teacher professional development to the local regions.... The only question is whether it's too soon. Will local regions step up and demonstrate that they value computer science by paying for it...? I'd guess that many states have between 40% and 70% of their high schools now offering computer science. However, even though many schools offer computer science, there are still few students taking computer science.
Indiana reported that only 0.4% of Indiana high school students had enrolled in their most popular course. Meanwhile in one region in Texas, 54 of 159 high schools offer computer science, yet only 2.3% of their students have ever taken a computer science class. But of course, there's another issue.

"If Code.org (or NSF or Google) are paying for all the development of CS teachers, then the districts don't get to say, 'In our community we care about this and we care less about that.' The U.S. education system is organized around the local regions calling the shots, setting the priorities, and deciding what they want teachers to teach."

An anonymous reader quotes Martin Monperrus, a professor of software at Stockholm's KTH Royal Institute of Technology: Repairnator is a bot. It constantly monitors software bugs discovered during continuous integration of open-source software and tries to fix them automatically. If it succeeds to synthesize a valid patch, Repairnator proposes the patch to the human developers, disguised under a fake human identity. To date, Repairnator has been able to produce 5 patches that were accepted by the human developers and permanently merged in the code base...

It analyzes bugs and produces patches, in the same way as human developers involved in software maintenance activities. This idea of a program repair bot is disruptive, because today humans are responsible for fixing bugs. In others words, we are talking about a bot meant to (partially) replace human developers for tedious tasks.... [F]or a patch to be human-competitive 1) the bot has to synthesize the patch faster than the human developer 2) the patch has to be judged good-enough by the human developer and permanently merged in the code base.... We believe that Repairnator prefigures a certain future of software development, where bots and humans will smoothly collaborate and even cooperate on software artifacts.
Their fake identity was a software engineer named Luc Esape, with a profile picture that "looks like a junior developer, eager to make open-source contributions... humans tend to have a priori biases against machines, and are more tolerant to errors if the contribution comes from a human peer. In the context of program repair, this means that developers may put the bar higher on the quality of the patch, if they know that the patch comes from a bot."

The researchers proudly published the approving comments on their merged patches -- although a conundrum arose when repairnator submitted a patch for Eclipse Ditto, only to be told that "We can only accept pull-requests which come from users who signed the Eclipse Foundation Contributor License Agreement."

"We were puzzled because a bot cannot physically or morally sign a license agreement and is probably not entitled to do so. Who owns the intellectual property and responsibility of a bot contribution: the robot operator, the bot implementer or the repair algorithm designer?"

An anonymous reader quotes a report from Gizmodo: When you go into the privacy settings on your browser, there's a little option there to turn on the "Do Not Track" function, which will send an invisible request on your behalf to all the websites you visit telling them not to track you. A reasonable person might think that enabling it will stop a porn site from keeping track of what she watches, or keep Facebook from collecting the addresses of all the places she visits on the internet, or prevent third-party trackers she's never heard of from following her from site to site. According to a recent survey by Forrester Research, a quarter of American adults use "Do Not Track" to protect their privacy. (Our own stats at Gizmodo Media Group show that 9% of visitors have it turned on.) We've got bad news for those millions of privacy-minded people, though: "Do Not Track" is like spray-on sunscreen, a product that makes you feel safe while doing little to actually protect you.

Yahoo and Twitter initially said they would respect it, only to later abandon it. The most popular sites on the internet, from Google and Facebook to Pornhub and xHamster, never honored it in the first place. Facebook says that while it doesn't respect DNT, it does "provide multiple ways for people to control how we use their data for advertising." (That is of course only true so far as it goes, as there's some data about themselves users can't access.) From the department of irony, Google's Chrome browser offers users the ability to turn off tracking, but Google itself doesn't honor the request, a fact Google added to its support page some time in the last year. [...] "It is, in many respects, a failed experiment," said Jonathan Mayer, an assistant computer science professor at Princeton University. "There's a question of whether it's time to declare failure, move on, and withdraw the feature from web browsers." That's a big deal coming from Mayer: He spent four years of his life helping to bring Do Not Track into existence in the first place. Only a handful of sites actually respect the request -- the most prominent of which are Pinterest and Medium (Pinterest won't use offsite data to target ads to a visitor who's elected not to be tracked, while Medium won't send their data to third parties.)

An anonymous reader quotes a report from The Hill: An Amazon employee is seeking to put new pressure on the company to stop selling its facial recognition technology to law enforcement. An anonymous worker, whose employment at Amazon was verified by Medium, published an op-ed on that platform on Tuesday criticizing the company's facial recognition work and urging the company to respond to an open letter delivered by a group of employees. The employee wrote that the government has used surveillance tools in a way that disproportionately hurts "communities of color, immigrants, and people exercising their First Amendment rights."

"Ignoring these urgent concerns while deploying powerful technologies to government and law enforcement agencies is dangerous and irresponsible," the person wrote. "That's why we were disappointed when Teresa Carlson, vice president of the worldwide public sector of Amazon Web Services, recently said that Amazon 'unwaveringly supports' law enforcement, defense, and intelligence customers, even if we don't 'know everything they're actually utilizing the tool for.'" The op-ed comes one day after Amazon CEO Jeff Bezos defended technology companies working with the federal government on matters of defense during Wired's ongoing summit in San Francisco. "If big tech companies are going to turn their back on the U.S. Department of Defense, this country is going to be in trouble," Bezos said on Monday.

On Tuesday, Microsoft expressed its intent to bid on the Joint Enterprise Defense Infrastructure (JEDI) contract -- a contract that represents a $10 billion project to build cloud services for the Department of Defense. The contract is massive in scope and shrouded in secrecy, which makes it nearly impossible to know what technologies Microsoft would be building for the Department of Defense. At an industry day for JEDI, DoD Chief Management Officer John H. Gibson II explained the program's impact, saying, "We need to be very clear. This program is truly about increasing the lethality of our department." This has ruffled a few feathers inside the Redmond-based software giant. In an open letter published Saturday, an unspecified number of Microsoft employees stated their disapproval. They wrote: Many Microsoft employees don't believe that what we build should be used for waging war. When we decided to work at Microsoft, we were doing so in the hopes of "empowering every person on the planet to achieve more," not with the intent of ending lives and enhancing lethality. For those who say that another company will simply pick up JEDI where Microsoft leaves it, we would ask workers at that company to do the same. A race to the bottom is not an ethical position. Like those who took action at Google, Salesforce, and Amazon, we ask all employees of tech companies to ask how your work will be used, where it will be applied, and act according to your principles.

We need to put JEDI in perspective. This is a secretive $10 billion project with the ambition of building "a more lethal" military force overseen by the Trump Administration. The Google workers who protested these collaborations and forced the company to take action saw this. We do too. So we ask, what are Microsoft's A.I. Principles, especially regarding the violent application of powerful A.I. technology? How will workers, who build and maintain these services in the first place, know whether our work is being used to aid profiling, surveillance, or killing? Earlier this year Microsoft published "The Future Computed," examining the applications and potential dangers of A.I. It argues that strong ethical principles are necessary for the development of A.I. that will benefit people, and defines six core principles: "fair, reliable and safe, private and secure, inclusive, transparent, and accountable."

With JEDI, Microsoft executives are on track to betray these principles in exchange for short-term profits. If Microsoft is to be accountable for the products and services it makes, we need clear ethical guidelines and meaningful accountability governing how we determine which uses of our technology are acceptable, and which are off the table. Microsoft has already acknowledged the dangers of the tech it builds, even calling on the federal government to regulate A.I. technologies. But there is no law preventing the company from exercising its own internal scrutiny and standing by its own ethical compass. Further reading: Google Drops Out of Pentagon's $10 Billion Cloud Competition.

Douglas Rushkoff, long-time open source advocate (and currently a professor of Digital Economics at the City University of New York, Queens College), is calling Universal Basic Incomes "no gift to the masses, but a tool for our further enslavement." Uber's business plan, like that of so many other digital unicorns, is based on extracting all the value from the markets it enters. This ultimately means squeezing employees, customers, and suppliers alike in the name of continued growth. When people eventually become too poor to continue working as drivers or paying for rides, UBI supplies the required cash infusion for the business to keep operating. When it's looked at the way a software developer would, it's clear that UBI is really little more than a patch to a program that's fundamentally flawed. The real purpose of digital capitalism is to extract value from the economy and deliver it to those at the top. If consumers find a way to retain some of that value for themselves, the thinking goes, you're doing something wrong or "leaving money on the table."

Walmart perfected the softer version of this model in the 20th century. Move into a town, undercut the local merchants by selling items below cost, and put everyone else out of business. Then, as sole retailer and sole employer, set the prices and wages you want. So what if your workers have to go on welfare and food stamps. Now, digital companies are accomplishing the same thing, only faster and more completely.... Soon, consumers simply can't consume enough to keep the revenues flowing in. Even the prospect of stockpiling everyone's data, like Facebook or Google do, begins to lose its allure if none of the people behind the data have any money to spend. To the rescue comes UBI.

The policy was once thought of as a way of taking extreme poverty off the table. In this new incarnation, however, it merely serves as a way to keep the wealthiest people (and their loyal vassals, the software developers) entrenched at the very top of the economic operating system. Because of course, the cash doled out to citizens by the government will inevitably flow to them.... Under the guise of compassion, UBI really just turns us from stakeholders or even citizens to mere consumers. Once the ability to create or exchange value is stripped from us, all we can do with every consumptive act is deliver more power to people who can finally, without any exaggeration, be called our corporate overlords... if Silicon Valley's UBI fans really wanted to repair the economic operating system, they should be looking not to universal basic income but universal basic assets, first proposed by Institute for the Future's Marina Gorbis... As appealing as it may sound, UBI is nothing more than a way for corporations to increase their power over us, all under the pretense of putting us on the payroll. It's the candy that a creep offers a kid to get into the car or the raise a sleazy employer gives a staff member who they've sexually harassed. It's hush money.
Rushkoff's conclusion? "Whether its proponents are cynical or simply naive, UBI is not the patch we need."

An anonymous reader quotes a report from Quartz: Alphabet's driverless-car company Waymo announced a new milestone today (Oct. 10): its vehicles have driven a collective 10 million miles on U.S. roads. With cars in six states, Waymo has really been racking up the miles since April 2017, when it launched a program giving rides to passengers around the Phoenix, Arizona area. At that point, Waymo cars had driven not quite 3 million miles since the company's earliest days as a research project within Google in 2009. But in the last 18 months, the company more than tripled its road mileage.

Competing with other companies with autonomous-vehicle programs like Uber, Tesla, Apple, and GM's Cruise, Waymo is leading the pack in terms of road miles driven. [...] The company's next 10 million miles, CEO John Krafcik said in today's announcement, will focus on "striking the balance" between its safety-first algorithms and driving assertively in everyday maneuvers, like merging, and navigating bad weather. But it's worth keeping things in perspective: U.S. drivers rack up some 3 trillion miles each year, so Waymo still has some ground to cover.

Mads Torgersen, the lead designer of C# at Microsoft, remembers "Project Roslyn," which built an open-source, cross-platform compiler for C# and Visual Basic.NET "in the deepest darkness of last decade's corporate Microsoft: We would build a language engine! A unified, public API to C# code: We would redefine the meaning of "compiler". Of course, once you are building an API for the broad C# community, it is kind of a slam-dunk that it should be a .NET API, implemented in C#. So, the old dream of "bootstrapping" C# in C# was fulfilled almost as an accidental side benefit. Roslyn was thus born out of an openness mindset: sharing the inner workings of the C# language for the world to programmatically consume.

This in and of itself was a bit of a bold proposition in what was still a pervasively closed culture at Microsoft: We would share this intellectual property for free? We would empower tool builders that weren't us to better compete with us? The arguments that won the day for us here were about strengthening the ecosystem and becoming the best tooled language on the planet. They were about long-term growth of C# and .NET, versus short term monetization and protection of assets for Microsoft. So even without having mentioned open source, signing up for the cost and risk of the Roslyn project was a big and bold step for Microsoft....

F# released already in 2010 with an open source license and its own foundation -- the F# Software Foundation. The vibrant community that grew up around it soon became the envy of us all. Our team pushed strongly to have an open source production license for Roslyn, and finally a company-wide infrastructure emerged to make it real. By 2012, Microsoft had created Microsoft Open Tech; an organization specifically focused on open source projects. Roslyn moved under Microsoft Open Tech and officially became open source... C# language design and compiler implementation are now completely open processes, with lots of non-Microsoft participation, including whole language features being built by external contributors.
Torgersen's article says C# now enjoys "the scaling of effort via contribution of features and bug fixes, but also the insight and course correction we get through the instant, daily feedback loop that open source provides.

"It's been a long and wild journey, and one that to me is symbolic of the massive changes that Microsoft has undergone over the last decade."

An anonymous Slashdot reader summarizes an article by a senior security researcher at Forecepoint Security Labs: Among cyber criminals, there has been a trend in recent years for using more so called 'fileless' attacks. The driver for this is to avoid detection by anti-virus. PowerShell is often used in these attacks. Part of the strategy behind fileless attacks is related to the concept of 'living off the land', meaning that to blend in and avoid detection, attackers strive for only using the tools that are natively available on the target system, and preferably avoiding dropping executable files on the file system.

Recently, C# has received some attention in the security community, since it has some features that may make it more appealing to criminals than PowerShell. [Both C# and Powershell use the .NET runtime.] A Forcepoint researcher has summarized the evolvement of attack techniques in recent years, particularly looking at a recent security issue related to C# in a .NET utility in terms of fileless attacks.
From the article: A recent example of C# being used for offensive purposes is the PowerShell/C# 'combo attack' noted by Xavier Mertens earlier this month in which a malware sample used PowerShell to compile C# code on the fly. Also, a collection of adversary tools implemented in C# was released. Further, an improved way was published for injecting shellcode (.NET assembly) into memory via a C# application.... Given recent trends it seems likely that we'll start to see an increased number of attacks that utilize C# -- or combinations of C# and PowerShell such as that featured in Xavier Mertens' SANS blog -- in the coming months.

Black Pixel, which acquired popular Mac RSS reader app NetNewsWire in 2011, announced this week that the brand name is returning to the founder Brent Simmons. From the announcement: Since acquiring NetNewsWire from Newsgator in 2011, we've invested a great deal in the continued development and support of the product suite including the addition of a free sync service. Unfortunately, the ongoing cost of support and feature development for these products require more dedicated resources than we are able to provide. With that in mind, today we are removing all versions of the app from sale. We'll continue to run the sync service for another 60 days, then take it offline at the end of October. Brent Simmons, who founded the app, shared what he plans to do with the brand name: [...] I want to thank them [Black Pixel] for a second thing: their incredible generosity in bringing it back to me. When I asked them about it, they told me they'd already been discussing it. There was never a need to convince them: they thought it was the right thing to do before I even said a word.

[...] You probably know that I've been working on a free and open source reader named Evergreen. Evergreen 1.0 will be renamed NetNewsWire 5.0 -- in other words, I've been working on NetNewsWire 5.0 all this time without knowing it! It will remain free and open source, and it will remain my side project. (By day I'm a Marketing Human at The Omni Group, and I love my job.) Black Pixel will stop selling their versions of the app, and will turn off the syncing system and end customer support -- all of which is detailed in their announcement. (Important note: I will not get any customer data from them, nor will I be doing support for Black Pixel's NetNewsWire.)

I want one thing: to make the very best versions of NetNewsWire ever made. And, along the way, I'd love to have your help. Nothing to Download Yet I don't actually have an app bearing the name NetNewsWire ready to download yet. I will have test versions ready soon, though. It's still going to be a while before the final version of 5.0 ships. The Mac community has been thrilled about the announcement. Daniel Jalkut, founder of blogging tool MarsEdit, said, "I appreciate Black Pixel's decision to return NetNewsWire to Brent Simmons. It was the right move strategically, but also very humanistic." Federico Viticci, a prolific blogger on Apple ecosystem, said, "Congrats Brent Simmons on bringing NetNewsWire home. The Mac can use a modern RSS reader that can stand the test of time." John Gruber, a columnist on Apple ecosystem, said, "Black Pixel did a great job taking over NetNewsWire, but times change, and companies change. Handing the NetNewsWire name back to Brent was a classy move, but completely unsurprising to me, knowing George and the other folks at Black Pixel."

"The economics of Open Source software are fundamentally broken," argues Matt Klein, a senior software engineer at Lyft (who created Envoy). Here's a heavily-condensed version of his essay on Medium: If we take consulting, services, and support off the table as an option for high-growth revenue generation (the only thing VCs care about), we are left with open core [with some subset of features behind a paywall], software as a service, or some blurring of the two... Everyone wants infrastructure software to be free and continuously developed by highly skilled professional developers (who in turn expect to make substantial salaries), but no one wants to pay for it. The economics of this situation are unsustainable and broken...

[W]e now come to what I have recently called "loose" open core and SaaS. In the future, I believe the most successful OSS projects will be primarily monetized via this method. What is it? The idea behind "loose" open core and SaaS is that a popular OSS project can be developed as a completely community driven project (this avoids the conflicts of interest inherent in "pure" open core), while value added proprietary services and software can be sold in an ecosystem that forms around the OSS...

Unfortunately, there is an inflection point at which in some sense an OSS project becomes too popular for its own good, and outgrows its ability to generate enough revenue via either "pure" open core or services and support... [B]uilding a vibrant community and then enabling an ecosystem of "loose" open core and SaaS businesses on top appears to me to be the only viable path forward for modern VC-backed OSS startups.
Klein also suggests OSS foundations start providing fellowships to key maintainers, who currently "operate under an almost feudal system of patronage, hopping from company to company, trying to earn a living, keep the community vibrant, and all the while stay impartial..."

"[A]s an industry, we are going to have to come to terms with the economic reality: nothing is free, including OSS. If we want vibrant OSS projects maintained by engineers that are well compensated and not conflicted, we are going to have to decide that this is something worth paying for. In my opinion, fellowships provided by OSS foundations and funded by companies generating revenue off of the OSS is a great way to start down this path."

A new company called Audius, lead by entrepreneur and DJ Ranidu Lankage, has raised $5.5 million to build a blockchain-based alternative to Spotify or SoundCloud. "Users will pay for Audius tokens or earn them by listening to ads," reports TechCrunch. "Their wallet will then pay out a fraction of a cent per song to stream from decentralized storage across the network, with artists receiving roughly 85 percent -- compared to roughly 70 percent on the leading streaming apps. The rest goes to compensating whomever is hosting that song, as well as developers of listening software clients, one of which will be built by Audius." From the report: Audius plans to launch its open-sourced product in beta later this year. But it's already found some powerful investors that see SoundCloud as vulnerable to the cryptocurrency revolution. Audius has raised a $5.5 million Series A led by General Catalyst and Lightspeed, with participation from Kleiner Perkins, Pantera Capital, 122West and Ascolta Ventures. They're betting that Audius' token will grow in value, making the stockpile it keeps worth a fortune. It could then sell chunks of its tokens to earn revenue instead of charging artists directly. The big question will be whether Audius can use the token economy to crack the chicken-and-egg problem of getting its first creators and listeners on a platform that might be less functionally robust than its traditional competitors. There are a lot of moving parts to decentralize, but there are also plenty of disgruntled musicians out there waiting for something better.

Virtual reality is a modern-day beacon of escapism -- a way to fully immerse yourself in other worlds -- and it's seeing unprecedented applications. The market, no surprise, is exploding, with some industry groups estimating a $60 billion global market by 2022. As business booms, however, people who are using the tech are reporting a growing number of physical side effects -- like VR arm, but worse: eye strain, dizziness, headaches, nausea, and even dissociative experiences. From a report: VR companies recommend that people take frequent breaks and moderate their VR time when they're first starting out. "As you become accustomed to the virtual reality experience, you can begin increasing the amount of time you use Daydream View," reads one line of the health and safety information included with Google's VR platform. But what happens when it's your job to build these escapist technologies? The potential health risks for everyday consumers are compounded for those who make VR products for a living.

When VR bigwig Jeremy Bailenson founded Stanford University's Virtual Human Interaction Lab, in 2003, two items were even more important than the VR equipment he was using: "We had to keep a bucket in the lab and a mop nearby," Bailenson says. Today, he institutes a strict 20-minute limit on headset time for people in his lab. These health effects produce unique challenges for VR developers. "We have to understand not just the good but also the downsides of this technology. There a lot of questions we need to answer," Bailenson says. "The whole point of VR is it takes you out of your space, but you can't be doing that for many hours a day."

[...] Suddenly rotating around a virtual environment using handled controllers or quickly looking left and right in the VR space without any concomitant physical movement in the real world tend to physically affect Jonathan Yomayuza, VR technical director at the Emblematic Group, a creative firm based in Southern California. [...] The feeling Yomayuza describes is common among people who work with or use VR.

dmoberhaus writes: Pacific Spaceflight is a small group of volunteers that has spent the last decade developing an open source, DIY spacesuit in their members' living rooms. This fall its creator will fly to over 60,000 feet in a hot air balloon, known as the Armstrong Limit, the point at which exposed body fluids will boil away if not protected in a pressured vessel. [A post on Medium provides a] deep dive into the story of Pacific Spaceflight and how to build your own spacesuit. Here is an excerpt from the report: There are two main types of spacesuits: Intravehicular activity (IVA) suits worn inside spacecraft, and those worn outside for extravehicular activities (EVA). IVA spacesuits are mostly there as a backup in case of an emergency, like the sudden loss of pressure in a spacecraft. This makes them inherently simpler since they don't have to account for things like radiation exposure and the gloves can just be rubber gloves similar to those you might use to wash your dishes. [...] Smith's first suits were made by modifying old scuba diving suits to fit his needs. Yet as he became more familiar with pressure suit design and his own requirements, he started to assemble everything from scratch. These days, he and the other Pacific Spaceflight volunteers cut their own fabric and pretty much make everything on their own or repurpose common household items as necessary (Smith said one of the few things the group can't make on its own is the suit's zippers). Smith will release the designs of the spacesuit as an open source blueprint once the suit is perfected and properly tested. The final version will reportedly cost less than $1,000 of materials to build.

An anonymous reader quotes a report from TechCrunch: Uber is putting its autonomous vehicles back on Pittsburgh's city streets, four months after a fatal accident involving one of its self-driving cars prompted the ride-hailing company to halt testing on public roads. But for now, Uber's modified self-driving Volvo XC90 vehicles will only be driven manually by humans and under a new set of safety standards that includes real-time monitoring of its test drivers and efforts to beef up simulation. The sensors, including light detection and ranging radar known as LiDAR, will be operational on these self-driving vehicles. They won't be operated in autonomous mode, however. Uber will use these manually operated self-driving vehicles to update its HD maps of Pittsburgh. This manual-first rollout is a step toward Uber's ultimate goal to relaunch its autonomous vehicle testing program in Pittsburgh, according to Eric Meyhofer, head of Uber Advanced Technologies Group, who published a post Tuesday on Medium. Uber said that all its self-driving vehicles, whether they're driven manually or eventually in autonomous mode, will have two Uber employees inside. "These 'mission specialists' -- a new name Uber has given to its test drivers -- will have specific jobs," reports TechCrunch. "The person behind the wheel will be responsible for maintaining the vehicle safety, while the second 'mission specialist' will ride shotgun and document events." Every vehicle will also have a driver monitoring system that will track driver behavior in real time.