Donald Fischer, who served as a product manager for Red Hat Enterprise Linux during its creation and early years of growth, writes: Red Hat saw, earlier than most, that the ascendance of open source made the need to pay for code go away, but the need for support and maintenance grew larger than ever. Thus Red Hat was never in the business of selling software, rather it was in the business of addressing the practical challenges that have always come along for the ride with software. [...] As an open source developer, you created that software. You can keep your package secure, legally documented, and maintained; who could possibly do it better? So why does Red Hat make the fat profits, and not you? Unfortunately, doing business with large companies requires a lot of bureaucratic toil. That's doubly true for organizations that require security, legal, and operational standards for every product they bring in the door. Working with these organizations requires a sales and marketing team, a customer support organization, a finance back-office, and lots of other "business stuff" in addition to technology. Red Hat has had that stuff, but you haven't.

And just like you don't have time to sell to large companies, they don't have time to buy from you alongside a thousand other open source creators, one at a time. Sure, big companies know how to install and use your software. (And good news! They already do.) But they can't afford to put each of 1100 npm packages through a procurement process that costs $20k per iteration. Red Hat solved this problem for one corner of open source by collecting 2,000+ open source projects together, adding assurances on top, and selling it as one subscription product. That worked for them, to the tune of billions. But did you get paid for your contributions?

Jeffrey M. Perkel, writing for Nature: Perched atop the Cerro Pachon ridge in the Chilean Andes is a building site that will eventually become the Large Synoptic Survey Telescope (LSST). When it comes online in 2022, the telescope will generate terabytes of data each night as it surveys the southern skies automatically. And to crunch those data, astronomers will use a familiar and increasingly popular tool: the Jupyter notebook. Jupyter is a free, open-source, interactive web tool known as a computational notebook, which researchers can use to combine software code, computational output, explanatory text and multimedia resources in a single document. Computational notebooks have been around for decades, but Jupyter in particular has exploded in popularity over the past couple of years. This rapid uptake has been aided by an enthusiastic community of user-developers and a redesigned architecture that allows the notebook to speak dozens of programming languages -- a fact reflected in its name, which was inspired, according to co-founder Fernando Perez, by the programming languages Julia (Ju), Python (Py) and R.

[...] For data scientists, Jupyter has emerged as a de facto standard, says Lorena Barba, a mechanical and aeronautical engineer at George Washington University in Washington DC. Mario Juric, an astronomer at the University of Washington in Seattle who coordinates the LSST's data-management team, says: "I've never seen any migration this fast. It's just amazing." Computational notebooks are essentially laboratory notebooks for scientific computing. Instead of pasting, say, DNA gels alongside lab protocols, researchers embed code, data and text to document their computational methods. The result, says Jupyter co-creator Brian Granger at California Polytechnic State University in San Luis Obispo, is a "computational narrative" -- a document that allows researchers to supplement their code and data with analysis, hypotheses and conjecture. For data scientists, that format can drive exploration.

Github engineers are trying to repair the data storage system underpinning the code hosting website, which has been presenting users with a "What!?" error for much of the Sunday. From a report: Depending on where you are, you may have been working on some Sunday evening programming, or getting up to speed with work on a Monday morning, using resources on GitHub.com -- and possibly failing miserably as a result of the outage. From about 4pm US West Coast time on Sunday, the website has been stuttering and spluttering. Specifically, the site is still up and serving pages -- it's just intermittently serving out-of-date files, and ignoring submitted Gists, bug reports, and posts. Sometimes, it appears to be serving a read-only cache or older backup of itself, although some fresh code pushes are coming through onto the site. From the status page, it appears a data storage system died, forcing the platform's engineers to move the dot-com's files over to another box. In the meantime, some older versions of files and repos are being served to visitors and users. "We're continuing to work on migrating a data storage system in order to restore access to GitHub.com," the team said just after 5pm PT, adding in the past few minutes: "We are continuing to repair a data storage system for GitHub.com. You may see inconsistent results during this process."

Slashdot reader generic shares a report from ZDNet: For at least three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers, ZDNet has learned. The vulnerability impacts the jQuery File Upload plugin authored by prodigious German developer Sebastian Tschan, most commonly known as Blueimp. The plugin is the second most starred jQuery project on GitHub, after the jQuery framework itself. It is immensely popular, has been forked over 7,800 times, and has been integrated into hundreds, if not thousands, of other projects, such as CMSs, CRMs, Intranet solutions, WordPress plugins, Drupal add-ons, Joomla components, and so on.

Earlier this year, Larry Cashdollar, a security researcher for Akamai's SIRT (Security Intelligence Response Team), has discovered a vulnerability in the plugin's source code that handles file uploads to PHP servers. Cashdollar says that attackers can abuse this vulnerability to upload malicious files on servers, such as backdoors and web shells. The Akamai researcher says the vulnerability has been exploited in the wild. "I've seen stuff as far back as 2016," the researcher told ZDNet in an interview. The vulnerability was one of the worst kept secrets of the hacker scene and appears to have been actively exploited, even before 2016. Cashdollar found several YouTube videos containing tutorials on how one could exploit the jQuery File Upload plugin vulnerability to take over servers. One of three YouTube videos Cashdollar shared with ZDNet is dated August 2015. Thankfully, the CVE-2018-9206 identifier was pushed earlier this month to address this issue. "All jQuery File Upload versions before 9.22.1 are vulnerable," reports ZDNet. "Since the vulnerability affected the code for handling file uploads for PHP apps, other server-side implementations should be considered safe."

Mads Torgersen, the lead designer of C# at Microsoft, remembers "Project Roslyn," which built an open-source, cross-platform compiler for C# and Visual Basic.NET "in the deepest darkness of last decade's corporate Microsoft: We would build a language engine! A unified, public API to C# code: We would redefine the meaning of "compiler". Of course, once you are building an API for the broad C# community, it is kind of a slam-dunk that it should be a .NET API, implemented in C#. So, the old dream of "bootstrapping" C# in C# was fulfilled almost as an accidental side benefit. Roslyn was thus born out of an openness mindset: sharing the inner workings of the C# language for the world to programmatically consume.

This in and of itself was a bit of a bold proposition in what was still a pervasively closed culture at Microsoft: We would share this intellectual property for free? We would empower tool builders that weren't us to better compete with us? The arguments that won the day for us here were about strengthening the ecosystem and becoming the best tooled language on the planet. They were about long-term growth of C# and .NET, versus short term monetization and protection of assets for Microsoft. So even without having mentioned open source, signing up for the cost and risk of the Roslyn project was a big and bold step for Microsoft....

F# released already in 2010 with an open source license and its own foundation -- the F# Software Foundation. The vibrant community that grew up around it soon became the envy of us all. Our team pushed strongly to have an open source production license for Roslyn, and finally a company-wide infrastructure emerged to make it real. By 2012, Microsoft had created Microsoft Open Tech; an organization specifically focused on open source projects. Roslyn moved under Microsoft Open Tech and officially became open source... C# language design and compiler implementation are now completely open processes, with lots of non-Microsoft participation, including whole language features being built by external contributors.
Torgersen's article says C# now enjoys "the scaling of effort via contribution of features and bug fixes, but also the insight and course correction we get through the instant, daily feedback loop that open source provides.

"It's been a long and wild journey, and one that to me is symbolic of the massive changes that Microsoft has undergone over the last decade."

An anonymous reader quotes iTWire: Linux developers who contribute code to the kernel cannot rescind those contributions, according to the software programmer who devised the GNU General Public Licence version 2.0, the licence under which the kernel is released. Richard Stallman, the head of the Free Software Foundation and founder of the GNU Project, told iTWire in response to queries that contributors to a GPLv2-covered program could not ask for their code to be removed. "That's because they are bound by the GPLv2 themselves. I checked this with a lawyer," said Stallman, who started the free software movement in 1984.

There have been claims made by many people, including journalists, that if any kernel developers are penalised under the new code of conduct for the kernel project -- which was put in place when Linux creator Linus Torvalds decided to take a break to fix his behavioural issues -- then they would ask for their code to be removed from the kernel... Stallman asked: "But what if they could? What would they achieve by doing so? They would cause harm to the whole free software community. The anonymous person who suggests that Linux contributors do this is urging them to [use a] set of nuclear weapons in pique over an internal matter of the development team for Linux. What a shame that would be."
Slashdot reader dmoberhaus shared an article from Motherboard with more perspetives from Eric S. Raymond and LWN.net founder Jonathan Corbet, which also traces the origins of the suggestion. "[A]n anonymous user going by the handle 'unconditionedwitness' called for developers who end up getting banned through the Code of Conduct in the future to rescind their contributions to the Linux kernel 'in a bloc' to produce the greatest effect.

"It is worth noting that the email address for unconditionedwitness pointed to redchan.it, a now defunct message board on 8chan that mostly hosted misogynistic memes, many of which were associated with gamergate."

Facebook shared the following security announcement Friday: On the afternoon of Tuesday, September 25, our engineering team discovered a security issue affecting almost 50 million accounts. We're taking this incredibly seriously and wanted to let everyone know what's happened and the immediate action we've taken to protect people's security. Our investigation is still in its early stages. But it's clear that attackers exploited a vulnerability in Facebook's code that impacted "View As", a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people's accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don't need to re-enter their password every time they use the app. Here is the action we have already taken.

First, we've fixed the vulnerability and informed law enforcement. Second, we have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We're also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a "View As" look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened. Third, we're temporarily turning off the "View As" feature while we conduct a thorough security review. The company added it has yet to determine whether these impacted accounts were misused or any information was accessed. Senator Mark Warner has issued a stern reprimand to Facebook over the security incident revelation today. "This is another sobering indicator that Congress needs to step up and take action to protect the privacy and security of social media users. As I've said before -- the era of the Wild West in social media is over," he wrote.

An anonymous reader quotes a report from the BBC: Computer historians have staged a re-enactment of World War Two code-cracking at Bletchley Park. A replica code-breaking computer called a Bombe was used to decipher a message scrambled by an Enigma machine. Held at the National Museum of Computing (TNMOC), the event honored Polish help with wartime code-cracking. Enigma machines were used extensively by the German army and navy during World War Two. This prompted a massive effort by the Allies to crack the complex method they employed to scramble messages. That effort was co-ordinated via Bletchley Park and resulted in the creation of the Bombe, said Paul Kellar who helps to keep a replica machine running at the museum. Renowned mathematician Alan Turing was instrumental in the creation of the original Bombe.

For its re-enactment, TNMOC recruited a team of 12 and used a replica Bombe that, until recently, had been on display at the Bletchley Park museum next door. The electro-mechanical Bombe was designed to discover which settings the German Enigma operators used to scramble their messages. As with World War Two messages, the TNMOC team began with a hint or educated guess about the content of the message, known as a "crib," which was used to set up the Bombe. The machine then cranked through the millions of possible combinations until it came to a "good stop," said Mr Kellar. This indicated that the Bombe had found key portions of the settings used to turn readable German into gobbledygook. After that, said Mr Kellar, it was just a matter of time before the 12-strong team cracked the message.

The Tor Browser has rolled out a new interface with the release of v8. From a report: The Tor Browser has always been based on the Firefox codebase, but it lagged behind a few releases. Mozilla rolled out a major overhaul of the Firefox codebase in November 2017, with the release of Firefox 57, the first release in the Firefox Quantum series. Firefox Quantum came with a new page rendering engine, a new add-ons API, and a new user interface called the Photon UI. Because these were major, code-breaking changes, it took the smaller Tor team some time to integrate all of them into the Tor Browser codebase and make sure everything worked as intended. The new Tor Browser 8, released yesterday, is now in sync with the most recent version of Firefox, the Quantum release, and also supports all of its features. This means the Tor Browser now uses the same modern Photon UI that current Firefox versions use, it supports the same speed-optimized page rendering engine and has also dropped support for the old XUL-based add-ons system for the new WebExtensions API system used by Chrome, Opera, Vivaldi, Brave, and the rest of the Chromium browsers.

Long time reader theodp writes: According to a Microsoft-commissioned survey, 50% of parents in the U.S. with children aged 18 and under believed coding and computer programming to be the most beneficial subject to their child's future employability ("compared to foreign language skills at 28%"). From the Microsoft Education blog post: "When asked about the technology industry's involvement, 75 percent of parents said they believe big tech companies should be involved in helping schools build kids' digital skills. Many companies, including Microsoft and organizations like Code.org, are working to do just that. Programs like TEALS, which is supported by Microsoft Philanthropies, pairs trained Computer Science professionals from across the technology industry with classroom teachers to team-teach the subject." In 2016, Microsoft partnered with Rhode Island Gov. Gina Raimondo to help bring computer science education to every public K-12 school across the state, an initiative that Raimondo is now touting in her 2018 bid for re-election (political ad).

At the recently concluded State of the Map conference in Milan, teams from Microsoft, Apple and Facebook presented their projects, describing how they are working with communities. From a report: The Microsoft Open Maps team has recently released open data on building footprints in the US. Microsoft was among the first to release satellite imagery for use by OpenStreetMap and the images are now integrated into the default editor. It also has a community of mappers directly contributing to OpenStreetMap in Australia. Apple has an internal volunteer programme that has around 5,000 staff contributing to Missing Maps, they've released building data for France and Denmark, and are engaged with data improvement projects around the world. Facebook is exploring how artificial intelligence-assisted tracing can help to improve the quality of OpenStreetMap data in Thailand.

DigitalGlobe has made its satellite imagery available under a licence that will allow it to be used by the OpenStreetMap community to improve their mapping efforts. Telenav launched OpenStreetCam to help collect openly-licensed street imagery and has now released open data and code to explore how machine learning can enable the images to be used to improve OpenStreetMap with stop signs and turn directions.

Google appears to have quietly purged its own user-generated review content from its search results. From a report: This is significant, critics of Google say, because it obscures the fact that Google's search engine judges the company's own reviews poorly. Google's search engine ranks content by relevance and quality, and Google's review content previously showed up deep into the search results, far from the first page of links that takes most of the clicks. A Google spokesperson disagreed that the review content was "de-indexed," simply noting that because Google reviews don't currently live on a web page, they are not displayed as web results.

Given that reviews once showed up in regular Google search results and now do not, it follows that the reviews were moved from a web page to the Maps platform, whose code prevents search engines from crawling it. What was once searchable is now not searchable, something Google did not explain. As a result, Google reviews do not have to rank highly in search engines. Instead, the Google snippet -- the map and reviews box above the standard search result -- allows the company to capture clicks that would otherwise flow off the platform to whatever website had the best result in the algorithm made by the search team down the hall at Mountain View deemed as the best.

More than two dozen hackers and security experts who attended security events last week say security personnel at the Mandalay Bay, Luxor, Caesars Palace, Flamingo, Aria, Cromwell, Tuscany, Linq, or Mirage hotels had entered their rooms. Security news site The Parallax reports: Except for Tuscany, which is independent, all of these hotels are owned by either Caesars Entertainment or MGM Resorts International. And of the three hotel companies, only Caesars returned a request for comment. Richard Broome, executive vice president of communications and government relations for Caesars Entertainment, whose Caesars Palace is co-hosting DefCon this year with the Flamingo, said that following the deadliest mass shooting in U.S. history last year, "periodic" hotel room checks are now standard operating procedure in Las Vegas. On October 1, 2017, from his room at the Mandalay Bay, Stephen Paddock used semiautomatic weapons he'd outfitted with bump stocks to kill 58 people and wound at least 527 others attending a gated country music concert on the Strip below. [...] Two apparent Caesars security officers wearing hotel name tags displaying only the first names "Cynthia" and "Keith," respectively, as well as sheriff's style badges that looked like they came out of a Halloween costume kit, visited my room while I was writing this story. Cynthia told me that they are instructed to refer to the front desk guests who decline to allow their room to be searched.

After Cynthia and Keith declined to disclose their last names to me, I asked what they intended to do in the room. They told me that they would enter it, type a code into the room's phone line to signal that it's been checked, and then do a visual spot check. When I asked what they would be looking for, Cynthia replied, "WMDs -- that sort of thing." Other conference attendees reported similar but less pleasant interactions. Katie Moussouris, CEO of Luta Security, wrote on Twitter that two hotel security personnel were "banging" on her room door and "shouted" at her. She also said the hotel's security team supervisor "dismissed" her concerns over how the hotel was treating single, female travelers. Google security engineer Maddie Stone tweeted that a man wearing a light-blue shirt and a walkie-talkie entered her Caesars Palace room with a key, but without knocking, while she was getting dressed. "He left when I started screaming," she wrote, adding that a hotel manager, upon her request, said Caesars would look into whether the man was actually an employee. Stone tweeted that she left DefCon early because of the incident.

Google has removed the open-source Ahoy! extension from the Chrome store with little explanation. The tool facilitated access to more than 1,700 blocked sites in Portugal by routing traffic through its own proxies. TorrentFreak reports: After servicing 100,000 users last December, Ahoy! grew to almost 185,000 users this year. However, progress and indeed the project itself is now under threat after arbitrary action by Google. "Google decided to remove us from Chrome's Web Store without any justification," team member Henrique Mouta informs TF. "We always make sure our code is high quality, secure and 100% free (as in beer and as in freedom). All the source code is open source. And we're pretty sure we never broke any of the Google's marketplace rules."

Henrique says he's tried to reach out to Google but finding someone to help has proven impossible. Even re-submitting Ahoy! to Google from scratch hasn't helped the situation. "I tried and resubmitted the plugin but it was refused after a few hours and without any justification," Henrique says. "Google never reached us or notified us about the removal from Chrome Web Store. We never got a single email justifying what happened, why have we been removed from the store, or/and what are we breaching and how can we fix it." TorrentFreak reached out to Google asking why this anti-censorship tool has been removed from its Chrome store. Despite multiple requests, the search giant failed to respond to us or the Ahoy! team. Thankfully, the Ahoy! extension is still available on Firefox.

Students from Fast.ai, a small organization that runs free machine-learning courses online, just created an AI algorithm that outperforms code from Google's researchers, per an important benchmark. From a report: Fast.ai's success is important because it sometimes seems as if only those with huge resources can do advanced AI research. Fast.ai consists of part-time students keen to try their hand at machine learning -- and perhaps transition into a career in data science. It rents access to computers in Amazon's cloud. But Fast.ai's team built an algorithm that beats Google's code, as measured using a benchmark called DAWNBench, from researchers at Stanford. This benchmark uses a common image classification task to track the speed of a deep-learning algorithm per dollar of compute power. Google's researchers topped the previous rankings, in a category for training on several machines, using a custom-built collection its own chips designed specifically for machine learning. The Fast.ai team was able to produce something even faster, on roughly equivalent hardware.

New submitter weedjams shares a report: Scientists at the University of Alberta have demonstrated a new data storage technique that stores zeroes and ones by the presence (or absence) of individual hydrogen atoms. The resulting storage density is an unparalleled 1.2 petabits per square inch -- 1,000 times greater than current hard disk and solid state drives, and 100 times greater than Blu-rays. The researchers, led by PhD student Roshan Achal and physics professor Robert Wolkow, built on a technique previously developed by Walkow that used the tip of a scanning tunneling microscope (STM) to remove or replace individual hydrogen atoms resting on a silicon substrate.

The inconceivably small dimensions (a hydrogen atom is only half a nanometer in diameter) allow for an astounding data storage density of 1.1 petabits (138 terabytes) per square inch. By comparison, a Blu-ray disk can "only" store about 12 terabits of data in the same area (one hundredth the data density), while both traditional magnetic hard drives and solid-state drives store somewhere in the region of 1.5 terabits per square inch (a thousandth of the density). This development, says Achal, could allow you to store the entire iTunes library of 45 million songs on the surface of a US quarter-dollar coin.

Achal and his team demoed the technology by creating a 192-bit cell, which they used to store a simple rendition of the Super Mario Bros video game theme song. To show the rewrite capabilities, the scientists also created an 8-bit memory cell which they used to store the letters of the alphabet one by one, represented via their respective ASCII code. Further reading: ScienceDaily, and Nature.

BrianFagioli shares a report from BetaNews: Microsoft seems eager to get programmers on the quantum bandwagon, as today, it launched the open-source Quantum Katas on GitHub. What exactly is it? It is essentially a project deigned to teach Q# programming for free. "For those who want to explore quantum computing and learn the Q# programming language at their own pace, we have created the Quantum Katas -- an open-source project containing a series of programming exercises that provide immediate feedback as you progress," says The Microsoft Quantum Team. "Coding katas are great tools for learning a programming language. They rely on several simple learning principles: active learning, incremental complexity growth, and feedback."

The team further says, "The Microsoft Quantum Katas are a series of self-paced tutorials aimed at teaching elements of quantum computing and Q# programming at the same time. Each kata offers a sequence of tasks on a certain quantum computing topic, progressing from simple to challenging. Each task requires you to fill in some code; the first task might require just one line, and the last one might require a sizable fragment of code. A testing framework validates your solutions, providing real-time feedback." You can view the project on GitHub here.

An anonymous reader shares a report: Malware has been discovered in at least three Arch Linux packages available on AUR (Arch User Repository), the official Arch Linux repository of user-submitted packages. The malicious code has been removed thanks to the quick intervention of the AUR team. The incident happened because AUR allows anyone to take over "orphaned" repositories that have been abandoned by their original authors. On Saturday, a user going by the pseudonym of "xeactor" took over one such orphaned package named "acroread" that allows Arch Linux users to view PDF files. According to a Git commit to the packag's source code, xeactor added malicious code that would download a file named "~x" from ptpb [dot] pw, a lightweight site mimicking Pastebin that allows users to share small pieces of texts.

Microsoft is planning to introduce a dark mode to its Outlook.com web mail service. "While the software giant introduced a temporary dark mode for Halloween last year, Microsoft has been working on a new dark mode for Outlook.com for the past few months," reports The Verge. "Microsoft has started teasing that the new dark mode will be available soon." From the report: "One reason for the delay is our insistence that we deliver the best Dark Mode of any leading email client (you'll understand when you see it, I guarantee)," explains an Outlook.com team member in a feedback post. "The sneak preview you saw last year at Halloween was a prototype that required a lot more work to be ready for prime time." Microsoft says it has redesigned the colors and code "multiple times," and it's in the final stretch of introducing the new theme in Outlook.com.

An anonymous reader quotes a report from Ars Technica: A team led by Martin Fussenegger of ETH Zurich in Basel has shown that caffeine can be used as a trigger for synthetic genetic circuitry, which can then in turn do useful things for us -- even correct or treat medical conditions. For a buzz-worthy proof of concept, the team engineered a system to treat type 2 diabetes in mice with sips of coffee, specifically Nespresso Volluto coffee. Essentially, when the animals drink the coffee (or any other caffeinated beverage), a synthetic genetic system in cells implanted in their abdomens switches on. This leads to the production of a hormone that increases insulin production and lowers blood sugar levels -- thus successfully treating their diabetes after a simple morning brew.

The system, published Tuesday in Nature Communications, is just the start, Fussenegger and his colleagues suggest enthusiastically. "We think caffeine is a promising candidate in the quest for the most suitable inducer of gene expression," they write. They note that synthetic biologists like themselves have long been in pursuit of such inducers that can jolt artificial genetics. But earlier options had problems. These included antibiotics that can spur drug-resistance in bacteria and food additives that can have side effects. Caffeine, on the other hand, is non-toxic, cheap to produce, and only present in specific beverages, such as coffee and tea, they write. It's also wildly popular, with more than two billion cups of coffee poured each day worldwide.