Slashdot reader peetm describes himself as a software engineer, programmer, lecturer, and old man. But how can he teach the next generation how to code more professionally? I have to put together a three-hour (maximum) workshop for novice programmers -- people with mostly no formal training and who are probably flying by the seat of their pants (and quite possibly dangerous in doing so). I want to encourage them to think more as a professional developer would. Ideally, I want to give them some sort of practicals to do to articulate and demonstrate this, rather than just "present" stuff on best practices... If you were putting this together, what would you say and include?
This raises the question of not only what you'd teach -- whether it's variable naming, modular programming, test-driven development, or the importance of commenting -- but also how you'd teach it. So leave your best answers in the comments. How do you make novice programmers more professional?

On Tuesday Firefox 52 became the first browser to support WebAssembly, a new standard "to enable near-native performance for web applications" without a plug-in by pre-compiling code into low-level, machine-ready instructions. Mozilla engineer Lin Clark sees this as an inflection point where the speed of browser-based applications increases dramatically. An anonymous reader quotes David Bryant, the head of platform engineering at Mozilla. This new standard will enable amazing video games and high-performance web apps for things like computer-aided design, video and image editing, and scientific visualization... Over time, many existing productivity apps (e.g. email, social networks, word processing) and JavaScript frameworks will likely use WebAssembly to significantly reduce load times while simultaneously improving performance while running... developers can integrate WebAssembly libraries for CPU-intensive calculations (e.g. compression, face detection, physics) into existing web apps that use JavaScript for less intensive work... In some ways, WebAssembly changes what it means to be a web developer, as well as the fundamental abilities of the web.
Mozilla celebrated with a demo video of the high-resolution graphics of Zen Garden, and while right now WebAssembly supports compilation from C and C++ (plus some preliminary support for Rust), "We expect that, as WebAssembly continues to evolve, you'll also be able to use it with programming languages often used for mobile apps, like Java, Swift, and C#."

Long-time Slashdot reader Billly Gates shared some news from Microsoft's Visual C++ blog: Visual Studio 2017 now lets developers write C++ code for Linux desktops, servers, and other devices without an extension, targeting specific architectures, including ARM: Visual Studio will automatically copy and remotely build your sources and can launch your application with the debugger... Today Visual Studio only supports building remotely on the Linux target machine. It is not limited to specific Linux distros, but we do have dependencies on the presence of some tools. Specifically, we need openssh-server, g++, gdb and gdbserver.

Google is making it possible for developers to bring their services into Gmail using new integrations called Add-ons. From a report on PCWorld: It's built so that developers can write one set of code in Google's Apps Script language and have their integration run in Gmail on the web, as well as inside Google's Android and iOS apps for the service. For example, a QuickBooks add-on would let users easily send invoices to people who they're emailing. Google already offers Add-ons for its Docs word processing and Sheets spreadsheet software. This sort of system could be useful for users because it helps them get work done without leaving Gmail. It also helps draw users into Google's official email app, rather than use one of the many other clients that can access the service, including Microsoft Outlook.

Orome1 quotes a report from Help Net Security: A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday. The vulnerability (CVE-2017-5638) affects the Jakarta file upload Multipart parser in Apache Struts 2. It allows attackers to include code in the "Content-Type" header of an HTTP request, so that it is executed by the web server. Almost concurrently with the release of the security update that plugs the hole, a Metasploit module for targeting it has been made available. Unfortunately, the vulnerability can be easily exploited as it requires no authentication, and two very reliable exploits have already been published online. Also, vulnerable servers are easy to discover through simple web scanning. "Struts 2 is a Java framework that is commonly used by Java-based web applications," reports SANS ISC in their blog. "It is also known as 'Jakarta Struts' and 'Apache Struts.' The Apache project currently maintains Struts." Cisco Talos also has a blog detailing the attack.

dryriver writes: The Harvard Business Review has an interesting article about how Blockchain technology may bring down the cost of business transactions and enable new ways of doing things: "Consider the problem that small manufacturers have dealing with giants like Wal-Mart. To keep transaction costs and the costs of carrying each product line down, large companies generally only buy from companies that can service a substantial percentage of their customers. But if the cost of carrying a new product was tiny, a much larger number of small manufacturers might be included in the value network. Amazon carries this approach a long way, with enormous numbers of small vendors selling through the same platform, but the idea carried to its limit is eBay and Craigslist, which bring business right down to the individual level. While it's hard to imagine a Wal-Mart with the diversity of products offered by Amazon or even eBay, that is the kind of future we are moving into." "Decentralization" is the idea that a database works like a network "that's shared with everybody in the world, where anyone and anything can connect to it," writes Vinay Gupta for Harvard Business Review. "Decentralization offers the promise of nearly friction-free cooperation between members of complex networks that can add value to each other by enabling collaboration without central authorities and middle men." The proposition ultimately makes things "more efficient in unexpected ways." For example, "a 1% transaction fee may not seem like much, but down a 15-step supply chain, it adds up. [...] The decentralization that blockchain provides would change that, which could have huge possible impacts for economies in the developing world," writes Gupta.

An anonymous reader shares a TechCrunch report: Google is doubling the maximum number of CPU cores developers can use with a single virtual machine on its Compute Engine service from 32 to 64. These high-power machines are now available in beta across all of Google's standard configurations and as custom machine types, which allow you to select exactly how many cores and memory you want. If you opt to use 64 cores in Google's range of high-memory machine types, you'll also get access to 416GB of RAM. That's also twice as much memory as Compute Engine previously offered for a single machine and enough for running most memory-intensive applications, including high-end in-memory databases. Running your apps on this high-memory machine will set you back $3.7888 per hour (though you do get all of Google's usual sustained-use discounts if you run it for longer, too).

Google has found a new way to allow software to parse video. On Wednesday, the company announced "Video Intelligence API", which is able to identify objects in a video. From a report: By playing a short commercial, the API was able to identify the dachshund in the video, when it appeared in the video, and then understand that the whole thing was a commercial. In another demo, we saw a simple search for "beach" and was able to find videos which had scenes from beaches in them, complete with timestamps. That's similar to how Google Photos lets you search for "sunset" and pull up your best late-day snapshots. Before now, computers couldn't really understand the content of a video directly without manual tagging. "We are beginning to shine light on the dark matter of the digital universe," Fei-Fei Li, chief scientist of artificial intelligence and machine learning at Google Cloud, said. At least in Google's demo, it was genuinely impressive. And Google is making the API available to developers, just as it has with its other machine learning APIs.

Apple has long permitted "hot code push", a feature that allows developers to continuously deploy changes to their mobile apps and have those changes reflect in their apps instantly. This allowed developers to make quick changes to their apps without having to resubmit the new iteration and get approval from the Apple Store review team. But that's changing now. In response to a developer's query, Apple confirmed that it no longer permits "hot code push." The company told the developer: Your app, extension, and/or linked framework appears to contain code designed explicitly with the capability to change your app's behavior or functionality after App Review approval, which is not in compliance with section 3.3.2 of the Apple Developer Program License Agreement and App Store Review Guideline 2.5.2. This code, combined with a remote resource, can facilitate significant changes to your app's behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes.

In a forum entitled "Cyberfox and its future direction," the lead developer of Cyberfox proclaimed the death of their web browser. The lead developer, Toady, writes: "Over the years the Cyberfox project has grown immensely and its thanks to all the amazing support of our users and has been an amazing couple of years this however has demanded far more of my time causing me to drop allot of projects and passions id like to pursue, the time factor this project has demanded has also take a toll lifestyle wise as have the changes made by Mozilla requiring more and more time to maintain so its come to a point where i recently had to assess the direction of this project and the direction i wish to head for the future. This has being no easy choice and the last few months allot of thinking about the direction of this project has taken place." He continues, "This project has been amazing no one could ask for a better project or community sadly as much as i love this project my heart is no longer fully in it, dreams of pursuing game development were pushed aside and lifestyle steadily declined ultimately slowly coming to this point where changes and choices have to be made ones that will affect this project and the future of what i have spent all these years building." Ghacks Technology News reports: The death of Cyberfox, or more precisely, the announcement of end of life for the web browser may come as a shock to users who run it. It should not be too much of a surprise though for users who keep an eye on the browser world and especially Mozilla and Firefox. Mozilla announced major changes to Firefox, some of which landed already, some are in process, and others are announced for 2017. [Some of the critical changes:] Multi-process Firefox is almost done, plugins are out except for Flash and Firefox ESR, Windows XP and Vista users are switched to Firefox ESR so that the operating systems are supported for eight additional releases, and WebExtensions will replace all other add-on systems of the browser. That's a lot of change, especially for projects that are maintained by a small but dedicated group of developers such as Cyberfox. The author of Cyberfox made the decision to switch the browser's release channel to Firefox 52.0 ESR. This means that Cyberfox will be supported with security updates for the next eight release cycles, but new features that Mozilla introduces in Firefox Stable won't find their way into the browser anymore. UPDATE 3/07/17: We have updated the headline to clarify that Cyberfox, specifically, is the browser that will be coming to an end. We have also added an excerpt from the developer's post. Toady clarified at the end of his post: "The largest factor was lifestyle a nicer way of saying health issues without making it to personalized."

Reader Anon E. Muss writes: Microsoft on Tuesday released Visual Studio 2017. The latest version of the venerable Integrated Development Environment supports a variety of languages (C/C++, C#, VB.net, F#, Javascript/Typescript, Python, etc.) and targets classic "Win32" desktop, Universal Windows Platform (UWP, also known as "Metro"), .NET, ASP, node.js, etc.). A "Community Edition" is available at no cost for individual developers and those working on open source software. "Professional" and "Enterprise" editions are available for corporate developers, at prices sure to shock whoever has to sign the check.

The CIO at a Boston teaching hospital and two MIT researchers write in the Harvard Business Review that blockchain "has the potential to enable secure lifetime medical record sharing across providers," calling it "a different construct, providing a universal set of tools for cryptographic assurance of data integrity, standardized auditing, and formalized 'contracts' for data access." An anonymous reader quotes their report: A vexing problem facing health care systems throughout the world is how to share more medical data with more stakeholders for more purposes, all while ensuring data integrity and protecting patient privacy... Today humans manually attempt to reconcile medical data among clinics, hospitals, labs, pharmacies, and insurance companies. It does not work well because there is no single list of all the places data can be found or the order in which it was entered...

Imagine that every electronic health record (EHR) sent updates about medications, problems, and allergy lists to an open-source, community-wide trusted ledger, so additions and subtractions to the medical record were well understood and auditable across organizations. Instead of just displaying data from a single database, the EHR could display data from every database referenced in the ledger. The end result would be perfectly reconciled community-wide information about you, with guaranteed integrity from the point of data generation to the point of use, without manual human intervention.

Slashdot reader schwit1 quotes the Associated Press: Dozens of police departments around the U.S. are amassing their own DNA databases to track criminals, a move critics say is a way around regulations governing state and national databases that restrict who can provide genetic samples and how long that information is held. The local agencies create the rules for their databases, in some cases allowing samples to be taken from children or from people never arrested for a crime. Police chiefs say having their own collections helps them solve cases faster because they can avoid the backlogs that plague state and federal repositories...

Frederick Harran, the public safety director in Bensalem Township, Pennsylvania...said he knows of about 60 departments using local databases... "The local databases have very, very little regulations and very few limits, and the law just hasn't caught up to them," said Jason Kreig, a law professor at the University of Arizona who has studied the issue.
One ACLU attorney cites a case where local police officers in California took DNA samples from children without even obtaining a court order first.

JavaScript developer (and JSON proponent) Douglas Crockford recently described "a theoretical post-JavaScript World," according to InfoWorld. Crockford "believes the web development staple needs a successor that can fix multiple programming nuances." An anonymous reader summarizes their report: Despite its status as the world's most popular language, Crockford told an audience at the Oracle Code conference, "It would be sad if JavaScript turns out to be the last language." He complained that JavaScript has two different ways of declaring variables -- let and var -- as well as two different "bottom variables" with no value -- both null and undefined. "There's an argument among language designers, should we have bottom values at all? But there's nobody who thinks you should have two of them."

According to InfoWorld, Crockford "also presented a scenario with JavaScript being turned into a purely functional programming language by getting rid of 'impurities' like date, the delete operation, math.random and object.assign. Afterward, he stressed replacing JavaScript rather than adding functional capabilities to it... The next language also should be better able to deal with multiple cores. Most languages have followed the sequential model of Fortran, executing one operation after another, he said. 'That's not how the world works anymore. We now have lots of cores available to us, which all want to be running at the same time.'"
In other news, Crockford also proposed ending the "spaces vs. tabs" debate by simply eliminating tabs altogether.

After 43 years working in one of Japan's leading banks, 81-year-old Masako Wakamiya has launched an iPhone app called "Hinadan" that shows users how to stage traditional dolls for the Hinamatsuri festival. From a report on CNN Money: She says she felt compelled to do something after noticing a shortage of fun apps aimed at people her age. "We easily lose games when playing against young people, since our finger movements can't match their speed," Wakamiya told CNN. The retired banker asked a bunch of people to create games for seniors, but no one was interested. So she took matters into her own hands and achieved something many people half her age haven't done. "I wanted to create a fun app to get elderly people interested in smartphones," she said. "It took about half a year to develop." Wakamiya started using computers at age 60 when she was caring for her elderly mother and finding it difficult to get out and socialize with friends.

New submitter mendred quotes a report from Mashable: Celestine Omin, a software engineer at Andela -- a tech startup that connects developers in Africa with U.S employers -- had a particularly unwelcoming reception when he deplaned at John F. Kennedy Airport and was given a test to prove he was actually a software engineer. A LinkedIn post detailing Omin's challenging experience explained that upon landing in New York after spending 24 miserable hours on a Qatar Airways flight, he was given some trouble about the short-term visa he obtained for his trip. According to the post, an unprepared and exhausted Omin waited in the airport for approximately 20 minutes before being questioned by a Customs and Border Protection officer about his occupation. After several questions were asked, he was reportedly brought to a small room and told to sit down, where he was left for another hour before another customs officer entered and resumed grilling him. Omin was instructed to answer the following questions: "Write a function to check if a Binary Search Tree is balanced," and "What is an abstract class, and why do you need it."

A number of programmers have taken it to Twitter to bring it to everyone's, but particularly recruiter's, attention about the grueling interview process in their field that relies heavily on technical questions. David Heinemeier Hansson, a well-known programmer and the creator of the popular Ruby on Rails coding framework, started it when he tweeted, "Hello, my name is David. I would fail to write bubble sort on a whiteboard. I look code up on the internet all the time. I don't do riddles." Another coder added, "Hello, my name is Tim. I'm a lead at Google with over 30 years coding experience and I need to look up how to get length of a python string." Another coder chimed in, "Hello my name is Mike, I'm a GDE and lead at NY Times, I don't know what np complete means. Should I?" A feature story on The Outline adds: This interview style, widely used by major tech companies including Google and Amazon, typically pits candidates against a whiteboard without access to reference material -- a scenario working programmers say is demoralizing and an unrealistic test of actual ability. People spend weeks preparing for this process, afraid that the interviewer will quiz them on the one obscure algorithm they haven't studied. "A cottage industry has emerged that reminds us uncomfortably of SAT prep," Karla Monterroso, VP of programs for Code2040, an organization for black and Latino techies, wrote in a critique of the whiteboard interview. [...] This means companies tend to favor recent computer science grads from top-tier schools who have had time to cram; in other words, it doesn't help diversify the field with women, older people, and people of color.

According to BleepingComputer, "A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a website's database." The plugin's name is NextGEN Gallery, which has its own set of plugins due to how successful it is. From the report: According to web security firm Sucuri, who discovered the NextGEN Gallery security issues, the first attack scenario can happen if a WordPress site owner activates the NextGEN Basic TagCloud Gallery option on his site. This feature allows site owners to display image galleries that users can navigate via tags. Clicking one of these tags alters the site's URL as the user navigates through photos. Sucuri says that an attack can modify link parameters and insert SQL queries that will be executed by the plugin when the attacker loads the malformed URL. This happens due to improper input sanitization in the URL parameters, a common problem with many WordPress and non-WordPress web applications. The second exploitation scenario can happen if website owners open their site for blog post submissions. Because attackers can create accounts on the site and submit a blog post/article for review, they can also insert malformed NextGEN Gallery shortcodes. Sucuri says the plugin's authors fixed this flaw in NextGEN Gallery 2.1.79.

"According to security researcher Troy Hunt, a series of web-connected, app-enabled toys called CloudPets have been hacked," reports Android Police. "The manufacturer's central database was reportedly compromised over several months after stunningly poor security, despite the attempts of many researchers and journalists to inform the manufacturer of the potential danger. Several ransom notes were left, demanding Bitcoin payments for the implied deletion of stolen data." From the report: CloudPets allow parents to record a message for their children on their phones, which then arrives on the Bluetooth connected stuffed toy and is played back. Kids can squeeze the stuffed animal's paw to record a message of their own, which is sent back to the phone app. The Android app has been downloaded over 100,000 times, though user reviews are poor, citing a difficult interface, frequent bugs, and annoying advertising. Hunt and the researchers he collaborated with found that the central database for CloudPets' voice messages and user info was stored on a public-facing MongoDB server, with only basic hashes protecting user addresses and passwords. The same database apparently connected to the stored voice messages that could be retrieved by the apps and toys. Easy access and poor password requirements may have resulted in unauthorized access to a large number of accounts. The database was finally removed from the publicly accessible server in January, but not before demands for ransom were left.

An anonymous reader quotes InfoQ: GitHub has recently launched its Open Source Guides, a collection of resources addressing the most common scenarios and best practices for both contributors and maintainers of open source projects. The guides themselves are open source and GitHub is actively inviting developers to participate and share their stories... "Open source is complicated, especially for newcomers. Experienced contributors have learned many lessons about the best way to use, contribute to, and produce open source software. Everyone shouldn't have to learn those lessons the hard way."

Making a successful first contribution is not the exclusive focus of the guides, though, which also strives to make it easier to find users for a project, starting a new project, and building healthy open source communities. Other topics the guides dwell on are best practices, getting financial support, metrics, and legal matters.
GitHub's Head of Open Source says the guides create "the equivalent of a water cooler for the community."