Programming

'The State of JavaScript Frameworks, 2017' (npmjs.com) 114

An anonymous reader shares some new statistics from Laurie Voss, co-founder and COO of npm (the package manager/software registry for JavaScript): The sum of all the package downloads in the npm Registry shows that the npm ecosystem continues to experience explosive, continuous growth... Right now, we estimate about 75% of all JavaScript developers use npm, and that number is rising quickly to reach 100%. We believe there are about 10 million npm users right now.
The first post in a three-part series graphs the popularity and growth rate for seven JavaScript frameworks.
  • Preact is tiny but the fastest-growing.
  • Vue is also very fast growing and neck and neck with Ember, Angular and Backbone
  • Ember has grown more popular in the last 12 months.
  • Angular and Backbone have both declined in popularity.
  • jQuery remains hugely popular but decreasingly so.
  • React is both huge and very fast-growing for its size.

Programming

New Year's Resolutions For Linux Admins: Automate More, Learn New Languages (networkworld.com) 139

An anonymous reader writes: A long-time Unix sys-admin is suggesting 18 different New Year's resolutions for Linux systems adminstrators. And #1 is to automate more of your boring stuff. "There are several good reasons to turn tedious tasks into scripts. The first is to make them less annoying. The second is to make them less error-prone. And the last is to make them easier to turn over to new team members who haven't been around long enough to be bored. Add a small dose of meaningful comments to your scripts and you have a better chance of passing on some of your wisdom about how things should be done."

Along with that, they suggest learning a new scripting language. "It's easy to keep using the same tools you've been using for decades (I should know), but you might have more fun and more relevance in the long run if you teach yourself a new scripting language. If you've got bash and Perl down pat, consider adding Python or Ruby or some other new language to your mix of skills."

Other suggestions include trying a new distro -- many of which can now be run in "live mode" on a USB drive -- and investigating the security procedures of cloud services (described in the article as "trusting an outside organization with our data").

"And don't forget... There are now only 20 years until 2038 -- The Unix/Linux clockpocalypse."

Programming

Which Programming Languages Are Most Prone to Bugs? (i-programmer.info) 247

An anonymous reader writes: The i-Programmer site revisits one of its top stories of 2017, about researchers who used data from GitHub for a large-scale empirical investigation into static typing versus dynamic typing. The team investigated 20 programming languages, using GitHub code repositories for the top 50 projects written in each language, examing 18 years of code involving 29,000 different developers, 1.57 million commits, and 564,625 bug fixes.

The results? "The languages with the strongest positive coefficients - meaning associated with a greater number of defect fixes are C++, C, and Objective-C, also PHP and Python. On the other hand, Clojure, Haskell, Ruby and Scala all have significant negative coefficients implying that these languages are less likely than average to result in defect fixing commits."

Or, in the researcher's words, "Language design does have a significant, but modest effect on software quality. Most notably, it does appear that disallowing type confusion is modestly better than allowing it, and among functional languages static typing is also somewhat better than dynamic typing."

Crime

Tech Bros Bought Sex Trafficking Victims Using Amazon and Microsoft Work Emails (newsweek.com) 321

An anonymous reader writes: Newsweek's National Politics Correspondent reports on "a horny nest of prostitution 'hobbyists' at tech giants Microsoft, Amazon and other firms in Seattle," citing "hundreds" of emails "fired off by employees at major tech companies hoping to hook up with trafficked Asian women" between 2014 and 2016, "67 sent from Microsoft, 63 sent from Amazon email accounts and dozens more sent from some of Seattle's premier tech companies and others based elsewhere but with offices in Seattle, including T-Mobile and Oracle, as well as many local, smaller tech firms." Many of the emails came from a sting operation against online prostitution review boards, and were obtained through a public records request to the King County Prosecutor's Office.

"They were on their work accounts because Seattle pimps routinely asked first-time sex-buyers to prove they were not cops by sending an employee email or badge," reports Newsweek, criticizing "the widespread and often nonchalant attitude toward buying sex from trafficked women, a process made shockingly more efficient by internet technology... A study commissioned by the Department of Justice found that Seattle has the fastest-growing sex industry in the United States, more than doubling in size between 2005 and 2012. That boom correlates neatly with the boom of the tech sector there... Some of these men spent $30,000 to $50,000 a year, according to authorities." A lawyer for some of the men argues that Seattle's tech giants aren't conducting any training to increase employees' compassion for trafficked women in brothels. The director of research for a national anti-trafficking group cites the time Uber analyzed ride-sharing data and reported a correlation between high-crime neighborhoods and frequent Uber trips -- including people paying for prostitutes. "They made a map using their ride-share data, like it was a funny thing they could do with their data. It was done so flippantly."

Programming

2017: The Year in Programming Languages (infoworld.com) 117

InfoWorld writes that 2017 "presented a mixed bag of improvements to both long-established and newer programming languages." An anonymous reader quotes their report: Developers followed a soap opera over Java, with major disagreements over a modularization plan for standard Java and, in a surprising twist, Oracle washing its hands of the Java EE enterprise variant. Microsoft's TypeScript, meanwhile, has increased in popularity by making life easier for developers looking for an alternative to JavaScript. Microsoft also launched Q#, a language for quantum computing...

In web development, developers received a lot of help building with JavaScript itself or with JavaScript alternatives. Among the tools released in 2017 were: Google's Angular 5 JavaScript framework, released in November, featuring a build optimizer and supports progressive web apps and use of Material Design components... And React, the JavaScript UI library from Facebook, went to Version 16 in September, featuring a rewriting of the React core to boost responsiveness for complex applications...

TypeScript was not the only JavaScript alternative making waves this year. For web developers who would rather use Google's Go (Golang) language instead of JavaScript, the beta Joy compiler introduced in December promises to allow cross-compilation. Another language that offers compilation to JavaScript -- although it began on the JVM -- is Kotlin, which has experienced rising fortunes this year. It was boosted considerably by Google endorsing it in May for building Android applications, which has been chiefly the domain of Java...

2017 also saw the release of the long-awaited C++ 17.

Another 2017 memory: Eric Raymond admitting that he hates C++, and predicting that Go (but not Rust) will eventually replace C -- if not a new language like Cx.
IBM

Blockchain Brings Business Boom To IBM, Oracle, and Microsoft (fortune.com) 94

An anonymous reader quotes Fortune's new report on blockchain: Demand for the technology, best known for supporting bitcoin, is growing so much that it will be one of the largest users of capacity next year at about 60 data centers that IBM rents out to other companies around the globe. IBM was one of the first big companies to see blockchain's promise, contributing code to an open-source effort and encouraging startups to try the technology on its cloud for free. That a 106-year-old company like IBM is going all in on blockchain shows just how far the digital ledger has come since its early days underpinning bitcoin drug deals on the dark web. The market for blockchain-related products and services will reach $7.7 billion in 2022, up from $242 million last year, according to researcher Markets & Markets.

That's creating new opportunities for some of the old warships of the technology world, companies like IBM and Microsoft Corp. that are making the transition to cloud services. And products that had gone out of vogue, such as databases sold by Oracle Corp., are becoming sexy again... In October, Oracle announced the formation of Oracle Blockchain Cloud Service, which helps customers extend existing applications like enterprise-resource management systems. A month earlier, rival SAP SE said clients in industries like manufacturing and supply chain were testing its cloud service. And on Nov. 20, Microsoft expanded its partnership with consortium R3 to make it easier for financial institutions to deploy blockchains in its Azure cloud. Big Blue, meanwhile, has been one of key companies behind the Hyperledger consortium, a nonprofit open-source project that aims to create efficient standards for commercial use of blockchain technology.

A Juniper Research survey found six in 10 larger corporations are considering blockchain, according to the article, which adds that blockchain "is increasingly being tested or used by companies such as Wal-Mart Stores Inc. and Visa Inc. to streamline supply chain, speed up payments and store records."

And because of blockchain's popularity, the CEO of WinterGreen Research predicts that 55% of large companies with over 1,000 employees will use the cloud rather than their own data centers within five years -- up from 17% today.
Security

300,000 Users Exposed In Ancestry.com Data Leak (threatpost.com) 43

Dangerous_Minds shares a report from ThreatPost: Ancestry.com said it closed portions of its community-driven genealogy site RootsWeb as it investigated a leaky server that exposed 300,000 passwords, email addresses and usernames to the public internet. In a statement issued over the weekend, Chief Information Security Officer of Ancestry.com Tony Blackham said a file containing the user data was publicly exposed on a RootsWeb server. On Wednesday, Ancestry.com told Threatpost it believed the data was exposed on November 2015. The data resided on RootsWeb's infrastructure, and is not linked to Ancestry.com's site and services. Ancestry.com said RootsWeb has "millions" of members who use the site to share family trees, post user-contributed databases and host thousands of messaging boards. The company said RootsWeb doesn't host sensitive information such as credit card data or social security numbers. It added, there are no indications data exposed to the public internet has been accessed by a malicious third party. The company declined to specify how and why the data was stored insecurely on the server. "Approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers," Blackham wrote.
It's funny.  Laugh.

Trump's Website Is Coded With a Broken Server Error Message That Blames Obama (techcrunch.com) 168

An anonymous reader quotes a report from TechCrunch: If you're a fan of Easter eggs hidden in source code, this is a pretty good one. Apparently, as Washington Post data reporter Christopher Ingraham observed on Twitter, some Trump administration and GOP websites have a portion of code with a joke that throws shade at Obama's golf habits, the irony nowhere to be found. We checked the source code and sure enough the line "Oops! Something went wrong. Unlike Obama, we are working to fix the problem and not on the golf course" appears on action.donaldjtrump.com sites, like the one hosting this surely statistically sound, Obama-obsessed "Inaugural Year Approval Poll," but not on donaldjtrump.com pages. As Ingraham pointed out, it's also present on some official GOP sites, including the GOP.com homepage. In both instances, the Obama dig is paired with a 404 error message that states "What do Hillary Clinton and this link have in common? They're both dead broke." To top it off, the code itself is apparently itself broken, swapping a single equal sign where there should be two. An honest mistake? Or perhaps the world was never meant to be gifted with these very good jokes at all?
Bug

A Glitch Stole Christmas: S.C. Lottery Says Error Caused Winning Tickets (npr.org) 113

An anonymous reader shares a report: The South Carolina lottery game is called Holiday Cash Add-A-Play, and the rules are pretty simple: Get three Christmas tree symbols in any vertical, horizontal or diagonal line, and you win a prize. Monday was Christmas, and some folks in the Palmetto State were feeling jolly. "I don't play the lottery that much," Nicole Coggins of Liberty, S.C., told local NBC affiliate WYFF. "Every once in a while, I'll buy a Powerball ticket, but something told me to buy a lottery ticket." She paid an extra dollar to add a play. The ticket was a winner, and she was excited.

The station says that as word got out about the sudden proliferation of winning tickets, a frenzy ensued. One store manager told WYFF that "it was crazy" as people hurried to buy the tickets. But the Christmas miracle was too good to be true. The South Carolina Education Lottery says a programming error in its computer system vendor is to blame for so many winning tickets. "From 5:51 p.m. to 7:53 p.m., the same play symbol was repeated in all nine available play areas on tickets which would result in a top prize of $500," the lottery said in a statement Wednesday. "No more than five identical play symbols should appear for a single play. As soon as the issue was identified, the Add-A-Play game was suspended immediately to conduct a thorough investigation."

Programming

Russia Lost a $45 Million Satellite Because 'They Didn't Get the Coordinates Right' (gizmodo.com) 101

Last month, Russia lost contact with a 6,062-pound, $45 million satellite. Turns out, that happened because the Meteor-M weather satellite was programmed with the wrong coordinates. Gizmodo reports: On Wednesday, Russian Deputy Prime Minister Dmitry Rogozin told the Rossiya 24 state TV channel that a human error was responsible for the screw-up, according to Reuters. While the Meteor-M launched last month from the Vostochny cosmodrome in the Far East, it was reportedly programmed with take-off coordinates for the Baikonur cosmodrome, which is located in southern Kazakhstan. "The rocket was really programmed as if it was taking off from Baikonur," Rogozin said. "They didn't get the coordinates right." And the rocket had some precious cargo on board: "18 smaller satellites belonging to scientific, research and commercial companies from Russia, Norway, Sweden, the U.S., Japan, Canada and Germany," Reuters reported.
Software

FBI Software For Analyzing Fingerprints Contains Russian-Made Code, Whistleblowers Say (buzzfeed.com) 174

schwit1 shares an exclusive report via BuzzFeed: The fingerprint-analysis software used by the FBI and more than 18,000 other U.S. law enforcement agencies contains code created by a Russian firm with close ties to the Kremlin, according to documents and two whistleblowers. The allegations raise concerns that Russian hackers could gain backdoor access to sensitive biometric information on millions of Americans, or even compromise wider national security and law enforcement computer systems. The Russian code was inserted into the fingerprint-analysis software by a French company, said the two whistleblowers, who are former employees of that company. The firm -- then a subsidiary of the massive Paris-based conglomerate Safran -- deliberately concealed from the FBI the fact that it had purchased the Russian code in a secret deal, they said. The Russian company whose code ended up in the FBI's fingerprint-analysis software has Kremlin connections that should raise similar national security concerns, said the whistleblowers, both French nationals who worked in Russia. The Russian company, Papillon AO, boasts in its own publications about its close cooperation with various Russian ministries as well as the Federal Security Service -- the intelligence agency known as the FSB that is a successor of the Soviet-era KGB and has been implicated in other hacks of U.S. targets.

Cybersecurity experts said the danger of using the Russian-made code couldn't be assessed without examining the code itself. But "the fact that there were connections to the FSB would make me nervous to use this software," said Tim Evans, who worked as director of operational policy for the National Security Agency's elite cyberintelligence unit known as Tailored Access Operations and now helps run the cybersecurity firm Adlumin. The FBI's overhaul of its fingerprint-recognition technology, unveiled in 2011, was part of a larger initiative known as Next Generation Identification to expand the bureau's use of biometrics, including face- and iris-recognition technology. The TSA also relies on the FBI fingerprint database.

Data Storage

Nintendo Delaying 64GB Game Cards For Switch Until 2019, Says Report (kotaku.com) 54

According to The Wall Street Journal, Nintendo is pushing back the introduction of larger 64GB game cards for the Switch. Nintendo had planned to make them available during the second half of 2018, but has reportedly told developers that they would have to wait. The reason is reportedly due to technical issues. Kotaku reports: As Kotaku previously reported, Nintendo's Switch games keep their size slim, with downloads for Super Mario Odyssey, Arms and Splatoon 2 ranging from 2-6GB. However, third party developers have been releasing bigger, data-heavy games, outpacing the Switch's 24GB of usable onboard memory. The Journal notes that Nintendo has already sold over 10 million Switch consoles, meaning developers could continue to flock to the platform, regardless.
Businesses

What Amazon's Alexa Economy Pays the People Building Its Skills (cnet.com) 101

From a report on CNET: On a lark, Joel Wilson started developing skills for Alexa, Amazon's voice assistant, this past January. After a few weeks of coding, he launched two skills -- Amazon's term for voice-controlled apps -- called Question of the Day and Three Questions. Both quiz people on science, literature and pop culture trivia. In May, he got an email from Amazon telling him to expect a check in the mail as part of a new program that pays cash to makers of popular skills. That first month, Amazon sent him $2,000. It got better from there. He's received checks for $9,000 over each of the past three months, he said. Wilson unexpectedly joined a new Alexa economy, a small but fast-growing network of independent developers, marketing companies and Alexa tools makers. Two years ago, there wasn't nearly as much to do on Alexa and the market for making Alexa skills was worth a mere $500,000. Now, with more than 25,000 skills available, the market is expected to hit $50 million in 2018, according to analytics firm VoiceLabs.
Education

How Harvard Teaches CS Students How To Code (kqed.org) 138

Harvard computer science professor David J. Malan "is pretty amazing!" says long-time education-watcher theodp. And he's sharing a link to the online version of Malan's famous CS50 class, "if you can't pony up the estimated $63,025-a-year sticker price to take 'the quintessential Harvard (and Yale!) course' on campus."

KQED's education site "MindShift" reports: Malan's class attracts students who have never taken computer science before, as well as kids who have been coding a long time. His goal with this diverse group of learners is to create a community that's equal and collaborative. One way he does this is by asking students to self-identify by comfort level. Those groups become different section levels, and they sometimes get different homework, but harder assignments are not worth more credit. Malan said recently that the "less comfortable" group has dominated his 700-person course. "At the end of the day all students are treated with the same expectations," said Malan, speaking at the Building Learning Communities conference in Boston.

Students are graded based on each individual's growth; Malan and his team of teaching assistants don't use absolute measures when assigning grades. Instead, they look at scope, how hard the student tried, correctness, how right the work was, style, how aesthetic the code is, and design, which is the most subjective. When it's time to assign grades, Malan and his teaching fellows have lots of in-depth conversations about how each student has improved relative to where he or she started...

The course includes a tool that rewrites error messages to make them easier to understand, plus a code-checking tool which they're planning to open source. There's also a cloud-based IDE which "allows students to access their code from multiple locations," though students can also submit their code through GitHub. (The original submission complains that Harvard's students are "coddled.") But Malan says the class works partly because there's an intentionally social aspect to it -- including numerous teaching assistants holding office hours in public spaces and "the human structure within the course." Guest lecturers have even included Mark Zuckerberg and Steve Ballmer.

But all these technical details don't really capture the wild flavor of the course and all of its multimedia bells and whistles. Malan's fast-paced lectures often close with relevant clips from movies -- for example, a lecture on cryptography which ended with video from a movie you'd see "if you turn on your TV on December 24th."
Mozilla

Rust Blog Touts 'What We Achieved' in 2017 (rust-lang.org) 153

An anonymous reader quotes the official Rust blog: Rust's development in 2017 fit into a single overarching theme: increasing productivity, especially for newcomers to Rust. From tooling to libraries to documentation to the core language, we wanted to make it easier to get things done with Rust. That desire led to a roadmap for the year, setting out 8 high-level objectives that would guide the work of the team. How'd we do? Really, really well.
Aaron Turon, part of the core developer team for Rust, wrote the blog post, and specifically touts this year's progress on lowering the learning curve with books and curriculum, as well as actual improvements in the language and a faster edit-compile-debug cycle. He also notes new support for Rust in IntelliJ and Atom (as well as preview versions for Visual Studio and Visual Studio Code) in 2017 -- and most importantly, mentoring. I'd like to specifically call out the leaders and mentors who have helped orchestrate our 2017 work. Leadership of this kind -- where you are working to enable others -- is hard work and not recognized enough. So let's hand it to these folks...! Technical leaders are an essential ingredient for our success, and I hope in 2018 we can continue to grow our leadership pool, and get even more done -- together.
Programming

Ask Slashdot: How Can Programmers Explain Their Work To Non-Programmers? 340

Slashdot reader Grady Martin writes: I disrespect people who describe their work in highfalutin terms... However, describing my own work as "programming solutions to problems" is little more than codifying what just about anyone can perceive through intuition. Case in point: Home for the holidays, I was asked about recent accomplishments and attempted to explain the process of producing compact visualizations of branched undo/redo histories.

Responses ranged from, "Well, duh," to, "I can already do that in Word"...

It's the "duh" that I want to address, because of course an elegant solution seem obvious after the fact: Such is the nature of elegance itself. Does anyone have advice on making elegance sound impressive?

An anonymous Slashdot reader left this suggestion for explaining your work to non-programmers. "Don't. I get sick when I hear the bullshit artists spew crap out of their mouth when they have no idea wtf they're talking about. Especially managers..."

But how about the rest of you? How can programmers explain their work to non-programmers?
Stats

'State of JavaScript' Survey Results: Good News for React and TypeScript (sdtimes.com) 89

"The JavaScript world is richer and messier than ever," reports this year's annual "State of JavaScript" survey, which collected data from over 28,000 developers on everything from favorite frameworks to flavors of JavaScript. SD Times reports: "A few years back, a JavaScript survey would've been a simple matter. Question 1: are you using jQuery? Question 2: any comments? Boom, done!," the developers wrote. "But as we all know, things have changed. The JavaScript ecosystem is richer than ever, and even the most experienced developer can start to hesitate when considering the multitude of options available at every stage"...

On the front end, React remains the dominant framework. However, the survey found interest in Vue is steadily increasing, while Angular is losing steam. Developers are at a 3.8 [on a scale up to 5] when it comes to their overall happiness with front-end tools. On the back end, Express is by far the most popular contender with Koa, Meteor and Hapi slowly making their way behind Express. For testing, Jest and Enzyme stand out with high satisfaction ratings.

In 2016 only 9,000 developers responded for the survey, which had ultimately announced that "Depending on who you ask, right now JavaScript is either turning into a modern, reliable language, or a bloated, overly complex dependency hell. Or maybe both?"

InfoWorld notes that this year more than 28% of the survey's respondent's said they'd used TypeScript, Microsoft's typed superset of JavaScript, and that they'd use it again. And while React was the most popular framework, the second most-popular framework was "none," with 9,493 JavaScript developers saying they didn't use one.
Chrome

Chrome 64 Beta Adds Sitewide Audio Muting, Pop-Up Blocker, Windows 10 HDR Video (9to5google.com) 43

Chrome 64 is now in beta and it has several new features over version 63. In addition to a stronger pop-up blocker and support for HDR video playback when Windows 10 is in HDR mode, Chrome 64 features sitewide audio muting to block sound when navigating to other pages within a site. 9to5Google reports: An improved pop-up blocker in Chrome 64 prevents sites with abusive experiences -- like disguising links as play buttons and site controls, or transparent overlays -- from opening new tabs or windows. Meanwhile, as announced in November, other security measures in Chrome will prevent malicious auto-redirects. Beginning in version 64, the browser will counter surprise redirects from third-party content embedded into pages. The browser now blocks third-party iframes unless a user has directly interacted with it. When a redirect attempt occurs, users will remain on their current page with an infobar popping up to detail the block. This version also adds a new sitewide audio muting setting. It will be accessible from the permissions dropdown by tapping the info icon or green lock in the URL bar. This version also brings support for HDR video playback when Windows 10 is in HDR mode. It requires the Windows 10 Fall Creator Update, HDR-compatible graphics card, and display. Meanwhile, on Windows, Google is currently prototyping support for an operating system's native notification center. Other features include a new "Split view" feature available on Chrome OS. Developers will also be able to take advantage of the Resize Observer API to build responsive sites with "finger control to observe changes to sizes of elements on a page."
Microsoft

Microsoft Considers Adding Python As an Official Scripting Language in Excel (bleepingcomputer.com) 181

An anonymous reader writes: Microsoft is considering adding Python as one of the official Excel scripting languages, according to a topic on Excel's feedback hub opened last month. Since it was opened, the topic has become the most voted feature request, double the votes of the second-ranked proposition. "Let us do scripting with Python! Yay! Not only as an alternative to VBA, but also as an alternative to field functions (=SUM(A1:A2))," the feature request reads, as opened by one of Microsoft's users.

The OS maker responded yesterday by putting up a survey to gather more information and how users would like to use Python inside Excel. If approved, Excel users would be able to use Python scripts to interact with Excel documents, their data, and some of Excel's core functions, similar to how Excel currently supports VBA scripts. Python is one of the most versatile programming languages available today. It is also insanely popular with developers. It ranks second on the PYPL programming languages ranking, third in the RedMonk Programming Language Rankings, and fourth in the TIOBE index.

Open Source

Avast Launches Open-Source Decompiler For Machine Code (techspot.com) 113

Greg Synek reports via TechSpot: To help with the reverse engineering of malware, Avast has released an open-source version of its machine-code decompiler, RetDec, that has been under development for over seven years. RetDec supports a variety of architectures aside from those used on traditional desktops including ARM, PIC32, PowerPC and MIPS. As Internet of Things devices proliferate throughout our homes and inside private businesses, being able to effectively analyze the code running on all of these new devices becomes a necessity to ensure security. In addition to the open-source version found on GitHub, RetDec is also being provided as a web service.

Simply upload a supported executable or machine code and get a reasonably rebuilt version of the source code. It is not possible to retrieve the exact original code of any executable compiled to machine code but obtaining a working or almost working copy of equivalent code can greatly expedite the reverse engineering of software. For any curious developers out there, a REST API is also provided to allow third-party applications to use the decompilation service. A plugin for IDA disassembler is also available for those experienced with decompiling software.

Slashdot Top Deals