DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Government

Apple Paid $0 In Taxes To New Zealand, Despite Sales of $4.2 Billion (nzherald.co.nz) 448

Apple paid no income tax to New Zealand's Inland Revenue Department for the last 10 years, according to an article shared by sit1963nz, prompting calls for the company to "do the right thing" even from some American-based Apple users. From the New Zealand Herald: Bryan Chaffin of The Mac Observer, an Apple community blog site founded in 1998...wrote that Apple was the largest taxpayer in the United States, but 'pays next to nothing in most parts of the world... [L]ocal taxes matter. Roads matter. Schools matter. Housing authorities matter. Health care matters. Regulation enforcement matters. All of the things that support civil society matter. Apple's profits are made possible by that civil society, and the company should contribute its fair share.'"
Apple's accounts "show apparent income tax payments of $37 million," according to an earlier article, "but a close reading shows this sum was actually sent abroad to the Australian Tax Office, an arrangement that has been in place since at least 2007. Had Apple reported the same healthy profit margin in New Zealand as it did for its operations globally it would have paid $356 million in taxes over the period."

"It is absolutely extraordinary that they are able to get away with paying zero tax in this country," said Green Party co-leader James Shaw. "I really like Apple products -- they're incredibly innovative -- but it looks like their tax department is even more innovative than their product designers."
Books

O'Reilly Site Lists 165 Things Every Programmer Should Know (oreilly.com) 234

97 Things Every Programmer Should Know was published seven years ago by O'Reilly Media, and was described as "pearls of wisdom for programmers collected from leading practitioners." Today an anonymous reader writes: All 97 are available online for free (and licensed under a Creative Commons Attribution 3), including an essay by "Uncle Bob" on taking personal responsibility and "Unix Tools Are Your Friend" by Athens-based professor Diomidis Spinellis, who writes that the Unix tool chest can be more useful than an IDE.

But the book's official site is also still accepting new submissions, and now points to 68 additional "edited contributions" (plus another seven "contributions in progress"), including "Be Stupid and Lazy" by Swiss-based Java programmer Mario Fusco, and "Decouple That UI" by tech trainer George Brooke.

"There is no overarching narrative," writes the site's editor Kevlin Henney (who also wrote the original book). "The collection is intended simply to contain multiple and varied perspectives on what it is that contributors to the project feel programmers should know...anything from code-focused advice to culture, from algorithm usage to agile thinking, from implementation know-how to professionalism, from style to substance..."
Patents

Maryland Legislator Wants To Keep State University Patents Away From Trolls (eff.org) 52

The EFF's "Reclaim Invention" campaign provided the template for a patent troll-fighting bill recently introduced in the Maryland legislature to guide public universities. An anonymous reader writes: The bill would "void any agreement by the university to license or transfer a patent to a patent assertion entity (or patent troll)," according to the EFF, requiring universities to manage their patent portfolios in the public interest. James Love, the director of the nonprofit Knowledge Ecology International, argues this would prevent assigning patents to "organizations who are just suing people for infringement," which is especially important for publicly-funded colleges. "You don't want public sector patents to be used in a way that's a weapon against the public." Yarden Katz, a fellow at Harvard's Berkman Klein Center for Internet amd Society, says the Maryland legislation would "set an example for other states by adopting a framework for academic research that puts public interests front and center."
The EFF has created a web page where you can encourage your own legislators to pass similar bills, and to urge universities to pledge "not to knowingly license or sell the rights of inventions, research, or innovation...to patent assertion entities, or patent trolls."
Stats

America's Most Affordable Cities For Tech Workers: Seattle, Austin, and Pittsburgh (prnewswire.com) 127

"Seattle tech workers who own their homes can expect to have about $2,000 more in disposable income each month than tech workers in the Bay Area," according to a new study from LinkedIn and Zillow. An anonymous reader writes: "For technology workers who rent, Seattle, Austin and Pittsburgh, Pennsylvania came out on top among the housing markets analyzed, with the Bay Area at #4..." the two companies reported. "Salaries for other industries don't hold up as well in the San Francisco area, though. Even highly-paid finance workers keep only about 32 percent of their incomes after paying for housing and taxes. In Charlotte or Chicago, they can pocket a median of 61 percent."

The Bay Area's high housing prices are apparently offset by the high salaries paid there to tech workers, according to the study. Even so, both home owners and renters pay roughly half the median income for housing on the west coast, "while a rental in the middle of the country costs more like 25 percent of the median income."

The report also identified the best cities for health workers -- Phoenix, Indianapolis, and Boston -- as well as for finance workers, who do best in Charlotte, Chicago and Dallas. The top 15 cities for tech workers also included those same cities except Chicago and Phoenix, while also including known tech hotspots like Denver, Atlanta, and Washington, D.C. But surprisingly the top 15 best cities for tech workers also included Detroit, Nashville, St. Paul (Minnesota) and Tampa, Florida.
Microsoft

WikiLeaks Won't Tell Tech Companies How To Patch CIA Zero-Days Until Demands Are Met (fortune.com) 228

"WikiLeaks has made initial contact with us via secure@microsoft.com," a Microsoft spokesperson told Motherboard -- but then things apparently stalled. An anonymous reader quotes Fortune: Wikileaks this week contacted major tech companies including Apple and Google, and required them to assent to a set of conditions before receiving leaked information about security "zero days" and other surveillance methods in the possession of the Central Intelligence Agency... Wikileaks' demands remain largely unknown, but may include a 90-day deadline for fixing any disclosed security vulnerabilities. According to Motherboard's sources, at least some of the involved companies are still in the process of evaluating the legal ramifications of the conditions.
Julian Assange announced Friday that Mozilla had already received information after agreeing to their "industry standard responsible disclosure plan," then added that "most of these lagging companies have conflicts of interest due to their classified work for U.S. government agencies... such associations limit industry staff with U.S. security clearances from fixing security holes based on leaked information from the CIA." Assange suggested users "may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts. Should these companies continue to drag their feet we will create a league table comparing company responsiveness and government entanglements so users can decided for themselves."
Government

NY Bill Would Require Removal of Inaccurate, Irrelevant Or Excessive Statements (washingtonpost.com) 155

schwit1 writes: In a bill aimed at securing a "right to be forgotten," introduced by Assemblyman David I. Weprin and (as Senate Bill 4561 by state Sen. Tony Avella), New York politicians would require people to remove "inaccurate," "irrelevant," "inadequate" or "excessive" statements about others... Failure to comply would make the search engines or speakers liable for, at least, statutory damages of $250/day plus attorney fees.
The Washington Post reports the bill's provisions would be as follows: Within 30 days of a "request from an individual, all search engines [and online speakers] shall remove...content about such individual, and links or indexes to any of the same, that is 'inaccurate', 'irrelevant', 'inadequate' or 'excessive,' and without replacing such removed...content with any disclaimer [or] takedown notice.... [I]naccurate', 'irrelevant', 'inadequate', or 'excessive' shall mean content, which after a significant lapse in time from its first publication, is no longer material to current public debate or discourse, especially when considered in light of the financial, reputational and/or demonstrable other harm that the information...is causing to the requester's professional, financial, reputational or other interest, with the exception of content related to convicted felonies, legal matters relating to violence, or a matter that is of significant current public interest, and as to which the requester's role with regard to the matter is central and substantial."
Crime

Your Hotel Room Photos Could Help Catch Sex Traffickers (cnn.com) 151

100,000 people people have already downloaded an app that helps fight human trafficking. dryriver summarizes a report from CNN: Police find an ad for paid sex online. It's an illegally trafficked underage girl posing provocatively in a hotel room. But police don't know where this hotel room is -- what city, what neighborhood, what hotel or hotel room. This is where the TraffickCam phone app comes in. When you're staying at a hotel, you take pictures of your room... The app logs the GPS data (location of the hotel) and also analyzes what's in the picture -- the furniture, bed sheets, carpet and other visual features. This makes the hotel room identifiable. Now when police come across a sex trafficking picture online, there is a database of images that may reveal which hotel room the picture was taken in.
"Technology drives everything we do nowadays, and this is just one more tool that law enforcement can use to make our job a little safer and a little bit easier," says Sergeant Adam Kavanaugh, supervisor of the St. Louis County Multi-Jurisdictional Human Trafficking Task Force. "Right now we're just beta testing the St. Louis area, and we're getting positive hits," he says (meaning ads that match hotel-room photos in the database). But the app's creators hope to make it available to all U.S. law enforcement within the next few months, and eventually globally, so their app is already collecting photographs from hotel rooms around the world to be stored for future use.
AI

The First Practical Use For Quantum Computers: Chemistry (technologyreview.com) 42

"The first quantum computer to start paying its way with useful work in the real world looks likely to do so by helping chemists," writes MIT Technology Review, "trying to do things like improve batteries or electronics." An anonymous reader quotes their report: So far, simulating molecules and reactions is the use case for early, small quantum computers sketched out in most detail by researchers developing the new kind of algorithms needed for such machines... "From the point of view of what is theoretically proven, chemistry is ahead," says Scott Crowder, chief technology officer for the IBM division that today sells hardware including supercomputers and hopes to add cloud-hosted quantum computers to its product line-up in the next few years...

Researchers have long used simulations of molecules and chemical reactions to aid research into things like new materials, drugs, or industrial catalysts. The tactic can reduce time spent on physical experiments and scientific dead ends, and it accounts for a significant proportion of the workload of the world's supercomputers. Yet the payoffs are limited because even the most powerful supercomputers cannot perfectly re-create all the complex quantum behaviors of atoms and electrons in even relatively small molecules, says Alan Aspuru-Guzik, a chemistry professor at Harvard. He's looking forward to the day simulations on quantum computers can accelerate his research group's efforts to find new light-emitting molecules for displays, for example, and batteries suitable for grid-scale energy storage.

Microsoft is already focusing on chemistry and materials science in its quantum algorithm effort, saying a hybrid system combining conventional computers with a small quantum computer "has great promise for studying molecules." Meanwhile, the article argues that breaking encryption, "although a genuine threat, is one of the most distant applications of the technology, because the algorithms involved would require an extremely large quantum processor."
Science

1.6 Billion-Year-Old Plant Fossil Found In India (phys.org) 38

Complex multicellular life began 400 million years earlier than we thought, according to a Phys.org article shared by Slashdot reader William Robinson: Scientists found two kinds of fossils resembling red algae in uniquely well-preserved sedimentary rocks at Chitrakoot in central India. One type is thread-like, the other one consists of fleshy colonies. The scientists were able to see distinct inner cell structures and so-called cell fountains, the bundles of packed and splaying filaments that form the body of the fleshy forms and are characteristic of red algae... The oldest known red algae before the present discovery are 1.2 billion years old. The Indian fossils, 400 million years older and by far the oldest plant-like fossils ever found, suggest that the early branches of the tree of life need to be recalibrated.
Crime

Company's Former IT Admin Accused of Accessing Backdoor Account 700+ Times (bleepingcomputer.com) 63

An anonymous reader writes: "An Oregon sportswear company is suing its former IT administrator, alleging he left backdoor accounts on their network and used them more than 700 times to search for information for the benefit of its new employer," reports BleepingComputer. Court papers reveal the IT admin left to be the CTO at one of the sportswear company's IT suppliers after working for 14 years at his previous employer. For more than two years, he's [allegedly] been using an account he created before he left to access his former colleagues' emails and gather information about the IT services they might need in the future. The IT admin was fired from his CTO job after his new employer found out what he was doing.
One backdoor, which enabled both VPN and VDI connections to the company's network, granted access to a "jmanming" account for a non-existent employee named Jeff Manning...
The Military

The US Army Finally Gets The World's Largest Laser Weapon System (bizjournals.com) 130

It's been successfully tested on trucks, as well as UAVs and small rockets, according to a video from Lockheed Martin, which is now shipping the first 60kW-class "beam combined" fiber laser for use by the U.S. Army. An anonymous reader quotes the Puget Sound Business Journal: Lockheed successfully developed and tested the 58 kW laser beam earlier this year, setting a world record for this type of laser. The company is now preparing to ship the laser system to the U.S. Army Space and Missile Defense Command/Army Forces Strategic Command in Huntsville, Alabama [according to Robert Afzal, senior fellow for Lockheed's Laser and Sensor Systems in Bothell]. "We have shown that a powerful directed energy laser is now sufficiently light-weight, low volume and reliable enough to be deployed on tactical vehicles for defensive applications on land, at sea and in the air..." Laser weapons, which complement traditional kinetic weapons in the battlefield, will one day protect against threats such as "swarms of drones" or a flurry of rockets and mortars, Lockheed said.
Encryption

Ask Slashdot: How Would You Implement Site-Wide File Encryption? 151

Recently-leaked CIA documents prove that encryption works, according to the Associated Press. But how should sys-admins implement site-wide file encryption? Very-long-time Slashdot reader Pig Hogger writes: If you decide to implement server-level encryption across all your servers, how do you manage the necessary keys/passwords/passphrases to insure that you have both maximum uptime (you can access your data if you need to reboot your servers), yet that the keys cannot be compromised... What are established practices to address this issue?
Keep in mind that you can't change your password once the server's been seized, bringing up the issue of how many people know that password. Or is there a better solution? Share you suggestions and experiences in the comments. How would you implement site-wide file encryption?
Security

Edge, VMWare, Safari, And Ubuntu Linux Hacked at Pwn2Own 2017 (trendmicro.com) 83

The 10th annual Pwn2Own hacking competition ended Friday in Vancouver. Some of the highlights:
  • Ars Technica reports one team "compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in... by exploiting a heap overflow bug in Edge, a type confusion flaw in the Windows kernel and an uninitialized buffer vulnerability in VMware."
  • Digital Trends reports "Samuel Grob and Niklas Baumstark used a number of logic bugs to exploit the Safari browser and eventually take root control of the MacOS on a MacBook Pro, [and] impressed onlookers even more by adding a custom message to the Touch Bar which read: "pwned by niklasb and saelo."
  • Ubuntu 16.10 Linux was also successfully attacked by exploiting a flaw in the Linux 4.8 kernel, "triggered by a researcher who only had basic user access but was able to elevate privileges with the vulnerability to become the root administrative account user..." reports eWeek. "Chaitin Security Research Lab didn't stop after successfully exploiting Ubuntu. It was also able to successfully demonstrate a chain of six bugs in Apple Safari, gaining root access on macOS."
  • Another attacker "leveraged two separate use-after-free bugs in Microsoft Edge and then escalated to SYSTEM using a buffer overflow in the Windows kernel."

None of the attendees registered to attempt an attack on the Apache Web Server on Ubuntu 16.10 Linux, according to eWeek, but the contest's blog reports that "We saw a record 51 bugs come through the program. We paid contestants $833,000 USD in addition to the dozen laptops we handed out to winners. And, we awarded a total of 196 Master of Pwn points."


Stats

RedMonk Identifies 2017's Most Popular Languages: JavaScript, Java, And Python (redmonk.com) 125

Twice a year the tech analysts at RedMonk attempt to gauge adoption trends for programing languages based on data from both GitHub and Stack Overflow. Here's their top 10 list for 2017: JavaScript, Java, Python, and PHP, followed by a two-way tie between C# and C++, a two-way tie between Ruby and CSS, and then C at #9, and Objective-C at #10. But their GitHub data now counts the number of pull requests rather than the number of repositories. An anonymous reader quotes their report: Swift was a major beneficiary of the new GitHub process, jumping eight spots from 24 to 16 on our GitHub rankings. While the language appears to be entering something of a trough of disillusionment from a market perception standpoint, with major hype giving way to skepticism in many quarters, its statistical performance according to the observable metrics we track remains strong. Swift has reached a Top 15 ranking faster than any other language we have tracked since we've been performing these rankings. Its strong performance from a GitHub perspective suggests that the wider, multi-platform approach taken by the language is paying benefits...

Of all of the top tier languages, none jumped more than TypeScript on our GitHub rankings, as the JavaScript superset moved up 17 points.... PowerShell moved from 36 within the GitHub rankings to 19 to match TypeScript's 17 point jump, and that was enough to nudge it into the Top 20 overall from its prior ranking of 25... One of the biggest overall gainers of any of the measured languages, Rust leaped from 47 on our board to 26 â" one spot behind Visual Basic.

Swift and Scala and Shell all just missed out on the top 10, clustering in a three-way tie at the #11 spot.

Slashdot Top Deals