DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Databases

Microsoft Will Support Python In SQL Server 2017 (infoworld.com) 88

There was a surprise in the latest Community Technology Preview release of SQL Server 2017. An anonymous reader quotes InfoWorld: Python can now be used within SQL Server to perform analytics, run machine learning models, or handle most any kind of data-powered work. This integration isn't limited to enterprise editions of SQL Server 2017, either -- it'll also be available in the free-to-use Express edition... Microsoft has also made it possible to embed Python code directly in SQL Server databases by including the code as a T-SQL stored procedure. This allows Python code to be deployed in production along with the data it'll be processing. These behaviors, and the RevoScalePy package, are essentially Python versions of features Microsoft built for SQL Server back when it integrated the R language into the database...

An existing Python installation isn't required. During the setup process, SQL Server 2017 can pull down and install its own edition of CPython 3.5, the stock Python interpreter available from the Python.org website. Users can install their own Python packages as well or use Cython to generate C code from Python modules for additional speed.

Except it's not yet available for Linux users, according to the article. "Microsoft has previously announced SQL Server would be available for Linux, but right now, only the Windows version of SQL Server 2017 supports Python."
Google

Google's Featured Snippets Are Damaging To Small Businesses that Depend On Search Traffic (theoutline.com) 144

The Outline tells the story of CelebrityNetWorth.com, a website launched in 2008 that tells you how much a celebrity is worth. The site was an instant success, but things have turned sore in the last two years. The creator of the website Brian Warner blames Google for it. From the article: For most of its history, Google was like a librarian. You asked a question, and it guided you to the section of the web where you might find the answer. But over the past five years, Google has been experimenting with being an oracle. Type in a question, and you might see a box at the top of the search results page with the answer in large bold type. [...] In 2014, Warner received an email from Google asking if he would be interested in giving the company access to his data in order to scrape it for Knowledge Graph, for free. He said no, as he feared the traffic would plummet. [...] In February 2016, Google started displaying a Featured Snippet for each of the 25,000 celebrities in the CelebrityNetWorth database, Warner said. He knew this because he added a few fake listings for friends who were not celebrities to see if they would pop up as featured answers, and they did. "Our traffic immediately crumbled," Warner said. He acknowledged the risks in building a site that depends so heavily on Google for search traffic, and whose research can easily be reduced to a single number. But he still thinks what Google did is unfair.
United States

Steve Ballmer's New Project: Find Out How the Government Spends Your Money (theverge.com) 249

Former Microsoft CEO Steve Ballmer isn't satisfied with owning the Los Angeles Clippers and teaching at Stanford and USC. On Tuesday, the billionaire announced USAFacts, his new startup that aims to improve political discourse by making government financial data easier to access. A small "army" of economists, professors and other professionals will be looking into and publishing data structured similarly to the 10-K filings companies issue each year -- expenses, revenues and key metrics pulled from dozens of government data sources and compiled into a single massive collection of tables. From a report on The Verge: The nonpartisan site traces $5.4 trillion in government spending under four categories derived from language in the US Constitution. Defense spending, for example, is categorized under the header "provide for the common defense," while education spending is under "secure the blessing of liberty to ourselves and our prosperity." Spending allocation and revenue sources are each mapped out in blue and pink graphics, with detailed breakdowns along federal, state and local lines. Users can also search for specific datasets, such as airport revenue or crime rates, and the site includes a report of "risk factors" that could inhibit economic growth. The New York Times has the story on how this startup came to be.
Programming

Ask Slashdot: How Would You Stop The Deployment Of Unapproved Code Changes? 308

Over a million lines of code -- in existence for over 10 years -- gets updates in six-week "sprints" using source control and bug-tracking systems. But now an anonymous reader writes: In theory users report bugs, the developers "fix" the bugs, the users test and accept the fix, and finally the "fix" gets released to production as part of a larger change-set. In practice, the bug is reported, the developers implement "a fix", no one else tests it (except for the developer(s) ), and the "fix" gets released with the larger code change set, to production.

We (the developers) don't want to release "fixes" that users haven't accepted, but the code changes often include changes at all levels of the stack (database, DOAs, Business Rules, Webservices and multiple front-ends). Multiple code changes could be occurring in the same areas of code by different developers at the same time, making merges of branches very complex and error prone. Many fingers are in the same pie. Our team size, structure and locations prevent having a single gatekeeper for code check-ins... What tools and procedures do you use to prevent un-approved fixes from being deployed to production as part of the larger code change sets?

Fixes are included in a test build for users to test and accept -- but what if they never do? Leave your best answers in the comments. How woud you stop un-approved code changes from being deployed?
Transportation

Cadillac's Hands-Free Driving Option Also Nags Inattentive Drivers (theverge.com) 68

Using LIDAR sensors, Cadillac mapped 160,000 miles of U.S. highways "within five centimeters of accuracy" to give its hands-free-on-the-highway cars the ability to better anticipate the roads ahead -- and to know when a human driver should take over. An anonymous reader writes: "The car can see farther than the sensors on the car with the map..." says the chief engineer for Cadillac's new "Super Cruise" hands-free driving option for highways, "so if we have a sharp curve, we can anticipate that." The system also gives Cadillac's vehicles a safety check not available to Tesla, which can't stop drivers from using Tesla's semi-autonomous Autopilot even when they're not on a highway. "We know where the car is because of the LIDAR map and the other data in the car," says a product communications manager at Cadillac. "Therefore we have the ability to geofence it."

In addition, The Verge reports that if drivers look away for more than 30 seconds, "the car will know thanks to an infrared camera attached to the top of the steering column. Eyes closed? The car will know and start a sequence of alerts to get the driver's focus back on the road. It can even see through UV-blocking sunglasses." While the camera doesn't record or store data, it will flash a strip of red LED lights embedded in the top of the steering wheel "if the driver is caught not paying attention."

Cadillac plans to create and transmit an updated map every year, and will also regularly update its map by "constantly" checking the database from the Transportation Department, and deploying own trucks to draw new maps of construction areas.
Security

Unpatched Magento Zero Day Leaves 200,000 Merchants Vulnerable (threatpost.com) 29

An anonymous reader quotes ThreatPost: A popular version of the open source Magento ecommerce platform is vulnerable to a zero-day remote code execution vulnerability, putting as many as 200,000 online retailers at risk... According Bosko Stankovic, information security engineer at DefenseCode, despite repeated efforts to notify Magento, which began in November 2016, the vulnerability remains unpatched despite four version updates since the disclosure. Affected versions of the Magento Community Edition software include v. 2.1.6 and below. DefenseCode did not examine Magento Enterprise, the commercial version of the platform, but warns both share the same underlying vulnerable code... The remote code execution (RCE) vulnerability is tied to the default feature in Magento Community Edition that allows administrators to add Vimeo video content to product descriptions.
DefenseCode says the exploit can be mitigated by enforcing Magento's "Add Secret Keys To URLS" feature, warning in a paper that the hole otherwise "could lead to remote code execution and thus the complete system compromise including the database containing sensitive customer information such as stored credit card numbers and other payment information." Magento has confirmed the exploit, says they're investigating it, and promises they'll address it in their next patch release.
Network

Former Sysadmin Accused of Planting 'Time Bomb' In Company's Database (bleepingcomputer.com) 143

An anonymous reader writes: Allegro MicroSystems LLC is suing a former IT employee for sabotaging its database using a "time bomb" that deleted crucial financial data in the first week of the new fiscal year. According to court documents, after resigning from his job, a former sysadmin kept one of two laptops. On January 31, Patel entered the grounds of the Allegro headquarters in Worcester, Massachusetts, just enough to be in range of the factory's Wi-Fi network. Allegro says that Patel used the second business-use laptop to connect to the company's network using the credentials of another employee. While connected to the factory's network on January 31, Allegro claims Patel, who was one of the two people in charge of Oracle programming, uploaded a "time bomb" to the company's Oracle finance module. The code was designed to execute a few months later, on April 1, 2016, the first week of the new fiscal year, and was meant to "copy certain headers or pointers to data into a separate database table and then to purge those headers from the finance module, thereby rendering the data in the module worthless." The company says that "defendant Patel knew that his sabotage of the finance module on the first week of the new fiscal year had the maximum potential to cause Allegro to suffer damages because it would prevent Allegro from completing the prior year's fiscal year-end accounting reconciliation and financial reports."
Media

West Point Researchers Demonstrate Passive Netflix Traffic Analysis Attack (threatpost.com) 64

hypercard writes: Researchers from West Point recently presented research on a real-time passive analysis of Netflix traffic. The paper, entitled "Identifying HTTPS-Protected Netflix Videos in Real-Time" is based on research conducted by Andrew Reed, Michael Kranch and Benjamin Klimkowski. The team's technique demonstrates frighteningly accurate results based solely on information captured from TCP/IP headers. Even with the recent upgrade to HTTPS, their technique was effective at identifying the correct video with greater than 99.99 percent accuracy against their database of over 42,000 videos. "When tested against 200 random 20-minute video streams, our system identified 99.5 percent of the videos with the majority of the identifications occurring less than two and a half minutes into the video stream," the paper reads. However, there are important points to note. First, the attack described only applies to streams still using Silverlight. Additionally, an attacker would likely need significant resources and access to intercept, fingerprint and process the traffic in real time. Netflix has reacted positively to the team's research and acknowledged the issue as a known drawback to processing video streams with HTTPS.
Microsoft

Microsoft Kills Off Security Bulletins (computerworld.com) 89

Microsoft has officially retired the security bulletins this week, which were issued to detail "each month's slate of vulnerabilities and accompanying patches for customers -- especially administrators responsible for companies' IT operations," writes Gregg Keizer via Computerworld. "The move to a bulletin-less Patch Tuesday brought an end to months of Microsoft talk about killing the bulletins that included an aborted attempt to toss them." From the report: Microsoft announced the demise of bulletins in November, saying then that the last would be posted with January's Patch Tuesday, and that the new process would debut Feb. 14. A searchable database of support documents would replace the bulletins. Accessed through the "Security Updates Guide" (SUG) portal, the database's content can be sorted and filtered by the affected software, the patch's release date, its CVE (Common Vulnerabilities and Exposures) identifier, and the numerical label of the KB, or "knowledge base" support document. SUG's forerunners were the web-based bulletins that have been part of Microsoft's patch disclosure policies since at least 1998. Microsoft did such a good job turning out those bulletins that they were considered the aspirational benchmark for all software vendors.In February Microsoft canceled that month's Patch Tuesday just hours before the security updates were to reach customers, making the bulletins' planned demise moot. Microsoft kept the bulletins the following month as well, saying it wanted to give users more time to prepare for the change to SUG. Finally, when Microsoft yesterday shipped cumulative security updates for Windows, Internet Explorer, Office and other products, it omitted the usual bulletins.
Google

How Google Book Search Got Lost (backchannel.com) 46

Google Books was the company's first moonshot. But 15 years later, the project is stuck in low-Earth orbit, argues an article on Backchannel. From the article: When Google Books started almost 15 years ago, it also seemed impossibly ambitious: An upstart tech company that had just tamed and organized the vast informational jungle of the web would now extend the reach of its search box into the offline world. By scanning millions of printed books from the libraries with which it partnered, it would import the entire body of pre-internet writing into its database. [...] Two things happened to Google Books on the way from moonshot vision to mundane reality. Soon after launch, it quickly fell from the idealistic ether into a legal bog, as authors fought Google's right to index copyrighted works and publishers maneuvered to protect their industry from being Napsterized. A decade-long legal battle followed -- one that finally ended last year, when the US Supreme Court turned down an appeal by the Authors Guild and definitively lifted the legal cloud that had so long hovered over Google's book-related ambitions. But in that time, another change had come over Google Books, one that's not all that unusual for institutions and people who get caught up in decade-long legal battles: It lost its drive and ambition. Google stopped updating Books blog in 2012, and folded it into the main Google Search blog. The author reports that Google still has people working on Book Search, and they are adding new books, but the pace is rather slower.
Advertising

A Huge Trove of Patient Data Leaks, Thanks To Telemarketers' Bad Security (zdnet.com) 44

"A trove of records containing personal and health information on close to a million people was exposed after a former developer working at a telemarketing company uploaded a backup of its database to the internet," writes ZDNet. An anonymous reader quotes their report: The data contained personal and health-related information, such as names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, health insurance information, and other data relating to the types of health problems the individuals have regarding the products they need, though many of the records were truncated or incomplete. An examination showed that the database was used to market products to thousands of customers by telemarketers at HealthNow -- no longer a registered business as of 2015. Several records we've seen included customized notes written by staff who were tasked with calling customers, such as when they are home and any other relevant information on the subject.
The database apparently lingered online for years in an AWS instance until it was discovered two weeks ago in search results from Shodan by a Twitter user calling himself Flash Gordon. Databreaches.net, which investigated the breach with ZDNet, believes this as a teachable moment. "Before you give your personal or health insurance information to telemarketers or firms that call to offer you supplies for diabetes or back pain or other conditions, think twice."
Education

Tearing Down Science's Citation Paywall, One Link at a Time (wired.com) 50

Citations play an incredibly important role in academia. To scientists, citations are currency. Citations establish credibility, and determine the impact of a given paper, researcher, and institution. However, the system of how citations work is crippled with a problem. Over the last few decades, only researchers with subscriptions to two proprietary databases, Web of Science and Scopus, have been able to track citation records and measure the influence of a given article or scientific idea. This isn't just a problem for scientists trying to get their resumes noticed; a citation trail tells the general public how it knows what it knows, each link a breadcrumb back to a foundational idea about how the world works, reads an article on Wired. The article adds: On Thursday, a coalition of open data advocates, universities, and 29 journal publishers announced the Initiative for Open Citations with a commitment to make citation data easily available to anyone at no cost (alternative source). "This is the first time we have something at this scale open to the public with no copyright restrictions," says Dario Taraborelli, head of research at the Wikimedia Foundation, a founding member of the initiative. "Our long-term vision is to create a clearinghouse of data that can be used by anyone, not just scientists, and not just institutions that can afford licenses." Here's how it works: When a researcher publishes a paper, the journal registers it with Crossref, a nonprofit you can think of as a database linking millions of articles. The journal also bundles those links with unique identifying metadata like author, title, page number of print edition, and who funded the research. All of the major publishers started doing this when Crossref launched in 2000. But most of them held the reference data -- the information detailing who cited whom and where -- under strict copyright restrictions. Accessing it meant paying tens of thousands of dollars in subscription fees to the companies that own Web of Science or Scopus. Historically, just 1 percent of publications using Crossref made references freely available. Six months after the Initiative for Open Citations started convincing publishers to open up their licensing agreements, that figure is approaching 40 percent, with around 14 million citation links already indexed and ready for anyone to use. The group hopes to maintain a similar trajectory through the year.
Space

Public Crowd-sourcing Finds New Exoplanets (abc.net.au) 15

brindafella writes: A participant in a TV program "Stargazing Live" on Australia's ABC TV channel has found four planets closely orbiting a star, using an online database. Astrophysicist Dr Chris Lintott, the principal investigator of Zooniverse, reported on Thursday's show that four "Super Earth" planets had been identified in the data. They orbit closer to their star than Mercury does to our Sun. The person responsible for the find, Andrew Grey, is a mechanic by day and amateur astronomer in his spare time, and lives in the city of Darwin, Northern Territory. The data is sourced from NASA's Kepler Space Telescope. "Stargazing Live" host Professor Brian Cox said he could not be more excited about the discovery. "In the seven years I've been making Stargazing Live this is the most significant scientific discovery we've ever made. The results are astonishing."
Facebook

WhatsApp To Foray Into Digital Payments With India's Controversial Aadhaar (mashable.com) 16

Facebook-owned instant messaging app WhatsApp is mulling a foray into digital payment services in India (Editor's note: the link is paywalled; alternate source), its first such offering globally, and has advertised to hire a digital transactions lead in the country. From a report on The Ken: WhatsApp, the Facebook-owned messaging app, is working quietly to launch person-to-person payments on its platform within the next six months, said four sources with knowledge of the matter. The initiative is seen as strategic for Facebook and currently being driven out of the company's headquarters in Menlo Park, California. Its career page lists, among other roles, an opening for a digital transaction lead with knowledge of UPI, Aadhaar and BHIM, to be based out of Menlo Park. Aadhaar is a controversial database that has biometric information of more than 1.2 billion people in India. WhatsApp, used by over a billion people, has more than 200 million active users in India.
Oracle

Oracle Hires Global Specialists To Explore Feasibility of Buying Accenture 63

Paul Kunert writes in an exclusive report via The Register: Oracle has hired global specialists to explore the feasibility of buying multi-billion dollar consultancy Accenture, sources have told us. The database giant has engaged a team of consultants to conduct due diligence to "explore the synergies that could be created if they [Oracle] bought Accenture lock stock and barrel," one source claimed. On top of the financial considerations, the consultants are evaluating the pros and cons including the potential impact on Oracle's wider channel. "While these things have a habit of fizzling out there are some fairly serious players around the table," a contact added. Another claimed the process was at an early stage. "If buying Accenture was a 100 meter race, Oracle is at the 10 to 15 meter stage now." [T]his buy would be an immensely bold, complicated and pricey move: NYSE-listed Accenture has a market cap of $77.5 billion, and shareholders will expect a premium offer. A deal would dwarf Oracle's $10 billion buy of PeopleSoft, its $7.4 billion deal for Sun Microsystems, and more recently, the $9.3 billion splashed on Netsuite. In buying Accenture, Oracle would be taking a leaf out of the mid-noughties handbook - when HP fatefully bought EDS and IBM acquired PWC to carve out a brighter future.
NASA

NASA Launches Massive Digital Library For Space Video, Photos and Audio (space.com) 48

earlytime quotes a report from Space.com: NASA on Tuesday (March 28) unveiled a new online library that assembles the agency's amazing space photos, videos and audio files into a single searchable library. The NASA Image and Video Library, as the agency calls it, can be found at http://images.nasa.gov/ and consolidates space imagery from 60 different collections into one location. The new database allows users to embed NASA imagery in websites, includes image metadata like date, description and keywords, and offers multiple resolution sizes, NASA officials said. According to the NASA statement, other features include: Automatic scaling to suite the interface for mobile phones and tablets; EXIF/camera data that includes exposure, lens used and other information (when available from the original image); Easy public access to high resolution files; Downloadable caption files for all videos. The new NASA archive is not meant to be a complete archive of all of the space agency imagery. But it does aim to showcase what the space agency has to offer.
Businesses

DJI Proposes New Electronic 'License Plate' For Drones (digitaltrends.com) 107

linuxwrangler writes: Chinese drone maker DJI proposed that drones be required to transmit a unique identifier to assist law enforcement to identify operators where necessary. Anyone with an appropriate receiver could receive the ID number, but the database linking the ID with the registered owner would only be available to government agencies. DJI likens this to a license plate on a car and offers it as a solution to a congressional mandate that the FAA develop methods to remotely identify drone operators. "The best solution is usually the simplest," DJI wrote in a white paper on the topic, which can be downloaded at this link. "The focus of the primary method for remote identification should be on a way for anyone concerned about a drone flight in close proximity to report an identifier number to the authorities, who would then have the tools to investigate the complaint without infringing on operator privacy. [...] No other technology is subject to mandatory industry-wide tracking and recording of its use, and we strongly urge against making UAS the first such technology. The case for such an Orwellian model has not been made. A networked system provides more information than needed, to people who don't require it, and exposes confidential business information in the process."
Databases

Facial Recognition Database Used By FBI Is Out of Control, House Committee Hears (theguardian.com) 90

The House oversight committee claims the FBI's facial recognition database is out of control, noting that "no federal law controls this technology" and "no court decision limits it." At last week's House oversight committee hearing, politicians and privacy campaigners presented several "damning facts" about the databases. "About 80% of photos in the FBI's network are non-criminal entries, including pictures from driver's licenses and passports," reports The Guardian. "The algorithms used to identify matches are inaccurate about 15% of the time, and are most likely to misidentify black people than white people." From the report: "Facial recognition technology is a powerful tool law enforcement can use to protect people, their property, our borders, and our nation," said the committee chair, Jason Chaffetz, adding that in the private sector it can be used to protect financial transactions and prevent fraud or identity theft. "But it can also be used by bad actors to harass or stalk individuals. It can be used in a way that chills free speech and free association by targeting people attending certain political meetings, protests, churches, or other types of places in the public." Furthermore, the rise of real-time face recognition technology that allows surveillance and body cameras to scan the faces of people walking down the street was, according to Chaffetz, "most concerning." "For those reasons and others, we must conduct proper oversight of this emerging technology," he said.
Cloud

Apache Hadoop Has Failed Us, Tech Experts Say (datanami.com) 150

It was the first widely-adopted open source distributed computing platform. But some geeks running it are telling Datanami that Hadoop "is great if you're a data scientist who knows how to code in MapReduce or Pig...but as you go higher up the stack, the abstraction layers have mostly failed to deliver on the promise of enabling business analysts to get at the data." Slashdot reader atcclears shares their report: "I can't find a happy Hadoop customer. It's sort of as simple as that," says Bob Muglia, CEO of Snowflake Computing, which develops and runs a cloud-based relational data warehouse offering. "It's very clear to me, technologically, that it's not the technology base the world will be built on going forward"... [T]hanks to better mousetraps like S3 (for storage) and Spark (for processing), Hadoop will be relegated to niche and legacy statuses going forward, Muglia says. "The number of customers who have actually successfully tamed Hadoop is probably less than 20 and it might be less than 10..."

One of the companies that supposedly tamed Hadoop is Facebook...but according to Bobby Johnson, who helped run Facebook's Hadoop cluster before co-founding behavioral analytics company Interana, the fact that Hadoop is still around is a "historical glitch. That may be a little strong," Johnson says. "But there's a bunch of things that people have been trying to do with it for a long time that it's just not well suited for." Hadoop's strengths lie in serving as a cheap storage repository and for processing ETL batch workloads, Johnson says. But it's ill-suited for running interactive, user-facing applications... "After years of banging our heads against it at Facebook, it was never great at it," he says. "It's really hard to dig into and actually get real answers from... You really have to understand how this thing works to get what you want."

Johnson recommends Apache Kafka instead for big data applications, arguing "there's a pipe of data and anything that wants to do something useful with it can tap into that thing. That feels like a better unifying principal..." And the creator of Kafka -- who ran Hadoop clusters at LinkedIn -- calls Hadoop "just a very complicated stack to build on."
Crime

Your Hotel Room Photos Could Help Catch Sex Traffickers (cnn.com) 151

100,000 people people have already downloaded an app that helps fight human trafficking. dryriver summarizes a report from CNN: Police find an ad for paid sex online. It's an illegally trafficked underage girl posing provocatively in a hotel room. But police don't know where this hotel room is -- what city, what neighborhood, what hotel or hotel room. This is where the TraffickCam phone app comes in. When you're staying at a hotel, you take pictures of your room... The app logs the GPS data (location of the hotel) and also analyzes what's in the picture -- the furniture, bed sheets, carpet and other visual features. This makes the hotel room identifiable. Now when police come across a sex trafficking picture online, there is a database of images that may reveal which hotel room the picture was taken in.
"Technology drives everything we do nowadays, and this is just one more tool that law enforcement can use to make our job a little safer and a little bit easier," says Sergeant Adam Kavanaugh, supervisor of the St. Louis County Multi-Jurisdictional Human Trafficking Task Force. "Right now we're just beta testing the St. Louis area, and we're getting positive hits," he says (meaning ads that match hotel-room photos in the database). But the app's creators hope to make it available to all U.S. law enforcement within the next few months, and eventually globally, so their app is already collecting photographs from hotel rooms around the world to be stored for future use.

Slashdot Top Deals