New submitter gwolf writes: The great educator, creator of the Logo programming language, and the enabler for computer education in the 1980s has passed away. Listing his contributions is impossible in an article summary, but the ACM has published a short in-memoriam note for him. Papert is, without exaggeration, one of the people I owe my career and life choices to.

Microsoft is now selling its augmented reality headset dubbed HoloLens to anyone in the United States or Canada for $3,000 a pop. Computerworld reports: Until now, HoloLens was available only to developers and companies through Microsoft sales reps, but starting Tuesday, anyone in the U.S. or Canada can buy up to five headsets online through the Microsoft Store. There was no word about availability in other countries. The HoloLens now on sale is the same developer edition that has been offered to Microsoft partners, and buyers are asked to acknowledge before completing purchase that they understand it's not a finished product intended for consumers. Microsoft also asks buyers to agree not to resell the product and acknowledge that no refunds are available. The move should expand the community of developers working to build apps and other content for the headset before a consumer version is officially available.

An anonymous reader quotes Network World: U.K.-based technology analyst firm RedMonk just released the latest version of its biannual rankings of programming languages, and once again JavaScript tops the list, followed by Java and PHP. Those are same three languages that topped RedMonk's list in January. In fact, the entire top 10 remains the same as it was it was six months ago...
Python ranked #4 on RedMonk's list, while the survey found a three-way tie for fifth place between Ruby, C#, and C++, with C coming in at #9 (ranking just below CSS). Network World argues that while change comes slowly, "if you go back deeper into RedMonk's rankings, you can see slow, ongoing ascents from languages such as Go, Swift and even TypeScript."

Interestingly, an earlier ranking by the IEEE declared C to be the top programming language of 2016, followed by Java, Python, C++, and R. But RedMonk's methodology involves studying the prevalence of each language on both Stack Overflow and GitHub, a correlation which "we believe to be predictive of future use, hence their value."

Peiter "Mudge" Zatko and his wife, Sarah, a former NSA mathematician, have started a nonprofit in the basement of their home "for testing and scoring the security of software... He says vendors are going to hate it." Slashdot reader mspohr shares an article from The Intercept: "Things like address space layout randomization [ASLR] and having a nonexecutable stack and heap and stuff like that, those are all determined by how you compiled [the source code]," says Sarah. "Those are the technologies that are really the equivalent of airbags or anti-lock brakes [in cars]..." The lab's initial research has found that Microsoft's Office suite for OS X, for example, is missing fundamental security settings because the company is using a decade-old development environment to build it, despite using a modern and secure one to build its own operating system, Mudge says. Industrial control system software, used in critical infrastructure environments like power plants and water treatment facilities, is also primarily compiled on "ancient compilers" that either don't have modern protective measures or don't have them turned on by default...

The process they use to evaluate software allows them to easily compare and contrast similar programs. Looking at three browsers, for example -- Chrome, Safari, and Firefox -- Chrome came out on top, with Firefox on the bottom. Google's Chrome developers not only used a modern build environment and enabled all the default security settings they could, Mudge says, they went "above and beyond in making things even more robust." Firefox, by contrast, "had turned off [ASLR], one of the fundamental safety features in their compilation."
The nonprofit was funded with $600,000 in funding from DARPA, the Ford Foundation, and Consumers Union, and also looks at the number of external libraries called, the number of branches in a program and the presence of high-complexity algorithms.

If any of you use mailing list archive Gmane, you would want to start looking at its alternative. Gmane developer Lars Ingebrigtsen announced Thursday that he is thinking about ending the decade-old email-to-news gateway. But first, for those unaware about Gmane, here's is what it does: It allows users to access electronic mailing lists as if they were Usenet newsgroups, and also through a variety of web interfaces. Gmane is an archive; it never expires messages (unless explicitly requested by users). Gmane also supports importing list postings made prior to a list's inclusion on the service.Ingebrigtsen said Gmane machines are under numerous DDoS attacks -- coupled with some other issues -- that have made him wonder whether it is worth the time and effort to keep Gmane ticking. He writes: I'm thinking about ending Gmane, at least as a web site. Perhaps continue running the SMTP-to-NNTP bridge? Perhaps not? I don't want to make 20-30K mailing lists start having bouncing addresses, but I could just funnel all incoming mail to /dev/null, I guess... The nice thing about a mailing list archive (with NNTP and HTTP interfaces) is that it enables software maintainers to say (whenever somebody suggests using Spiffy Collaboration Tool of the Month instead of yucky mailing lists) is "well, just read the stuff on Gmane, then". I feel like I'm letting down a generation here.As Gmane's future remains uncertain, Ingebrigtsen recommends people to have a look at Mail Archive.

Oracle announced Thursday that it has agreed to buy NetSuite for $9.3 billion, in a move to bolster its cloud-computing offerings as it races to catch up to rivals. Both companies provide applications for running a business called enterprise-resource-planning software. Bloomberg reports: Oracle, which sells software to big corporations, has been trying to shift more sales to cloud-based products increasingly demanded by its customers. New cloud services made up about 8 percent of the company's total sales during its fiscal fourth-quarter. Buying NetSuite -- whose products include customer relationship management software -- will help Oracle compete against the likes of Salesforce.com Inc. and Microsoft Corp. "Oracle and NetSuite cloud applications are complementary, and will coexist in the marketplace forever," said Oracle co-Chief Executive Officer Mark Hurd in a statement Thursday. "We intend to invest heavily in both products -- engineering and distribution."

IEEE Spectrum, a highly regarded magazine edited by the Institute of Electrical and Electronics Engineers, has released its annual programming languages list, sharing with the world how several languages fared against each other. To assess the languages the publication says it worked with a data journalist and looked into 10 online sources -- including social chatter, open-source code production, and job postings. The publication has rated C as the top programming language this year, followed by Java, Python, C++, and R. From their article:After two years in second place, C has finally edged out Java for the top spot. Staying in the top five, Python has swapped places with C++ to take the No. 3 position, and C# has fallen out of the top five to be replaced with R. R is following its momentum from previous years, as part of a positive trend in general for modern big-data languages that Diakopoulos analyses in more detail here. Google and Apple are also making their presence felt, with Google's Go just beating out Apple's Swift for inclusion in the Top Ten. Still, Swift's rise is impressive, as it's jumped five positions to 11th place since last year, when it first entered the rankings. Several other languages also debuted last year, a marked difference from this year, with no new languages entering the rankings.The publication has explained in detail the different metrics it uses to evaluate a language.

An anonymous reader writes from a report via Softpedia: "The European Commission is proposing the creation of a database that will hold information on users of virtual currencies," reports Softpedia. "The database will record data on the user's real world identity, along with all associated wallet addresses." The database will be made available to financial investigation agencies in order to track down users behind suspicious operations. The creation of this database is part of a regulatory push that the EU got rolling after the Paris November 2015 terror attacks, and which it officially put forward in February 2016, and later approved at the start of July 2016. Legally, this is an attempt to reform the Anti-Money Laundering Directive (AMLD). The current draft is available here. The current AMLD draft reads: "The report shall be accompanied, if necessary, by appropriate proposals, including, where appropriate, with respect to virtual currencies, empowerments to set-up and maintain a central database registering users' identities and wallet addresses accessible to FIUs, as well as self-declaration forms for the use of virtual currency users."

Reader joshtops writes: Facebook needs you to fill its News Feed, Oculus Rift, and Gear VR with 360 content. So today it put all the hardware and software designs of its Surround 360 camera on Github after announcing the plan in April. Thanks to cheeky instruction manual inspired by Ikea's manuals, you can learn how to buy the parts, assemble the camera, load the image-stitching software, and start shooting 360 content. Essentially 17 cameras on a UFO-looking stick, the 360 Surround camera can be built for about $30,000 in parts. The 4-megapixel lenses can shoot 4K, 6K, or 8K 360 video, and fisheye lenses on the top and bottom remove the blindspots. Facebook forced a random engineer to try to build the 360 Surround from the open source instructions, and found it took about four hours.FastCompany has more details.

An anonymous reader writes from The Register: Vine, the six-second-video-loop app acquired by Twitter in 2012, had its source code made publicly available by a bounty-hunter for everyone to see. The Register reports: "According to this post by @avicoder (Vjex at GitHub), Vine's source code was for a while available on what was supposed to be a private Docker registry. While docker.vineapp.com, hosted at Amazon, wasn't meant to be available, @avicoder found he was able to download images with a simple pull request. After that it's all too easy: the docker pull https://docker.vineapp.com:443/library/vinewww request loaded the code, and he could then open the Docker image and run it. 'I was able to see the entire source code of Vine, its API keys and third party keys and secrets. Even running the image without any parameter, [it] was letting me host a replica of Vine locally.' The code included 'API keys, third party keys and secrets,' he writes. Twitter's bounty program paid out -- $10,080 -- and the problem was fixed in March (within five minutes of him demonstrating the issue)."

Videos are now online from this week's Curry On conference, which incuded talks by programming pioneers Larry Wall and Matthias Felleisen, as well as speakers from Google, Twitter, Facebook, Microsoft, and Oracle. Dave Herman from Mozilla Research also talked about building an open source research lab, while Larry Wall's keynote was titled "It's the End of the World as We Know It, and I Feel Fine."

Billing itself as a non-profit conference about programming languages and emerging computer-industry challenges, this year's installment included talks about Java, Rust, Scala, Perl, Racket, Clojure, Rascal, Go and Oden. Held in a different European city each year, the annual conference hopes to provoke an open conversation between academia and the larger technology industry.

itwbennett writes: "Seventeen high-risk vulnerabilities out of the 276 flaws fixed by Oracle Tuesday affect products from third-party software vendors," writes Lucian Constantin on CSOonline. The vulnerabilities, which were found by researchers from Cisco's Talos team, are in the Oracle Outside In Technology (OIT), a collection of SDKs that are used in third-party products, including Microsoft Exchange, Novell Groupwise, IBM WebSphere Portal, Google Search Appliance, Avira AntiVir for Exchange, Raytheon SureView, Guidance Encase and Veritas Enterprise Vault.

"It's not clear how many of those products are also affected by the newly patched seventeen flaws, because some of them might not use all of the vulnerable SDKs or might include other limiting factors," writes Constantin. But the Cisco researchers confirmed that Microsoft Exchange servers (version 2013 and earlier) are affected if they have WebReady Document Viewing enabled. In a blog post the researchers describe how an attacker could exploit these vulnerabilities.
TL;DR version: "Attackers can exploit the flaws to execute rogue code on systems by sending specifically crafted content to applications using the vulnerable OIT SDKs."

"For more than 20 years I've been putting semicolons at the end of programming statements in SAS, C/C++, and Java/Javascript," writes Rick Wicklin, a researcher in computational statistics at SAS. "But lately I've been working in a computer language that does not require semicolons. Nevertheless... I catch myself typing unnecessary semicolons out of habit," he writes, while at other times "I include optional statements in my programs for clarity, readability, or to practice defensive programming." While Wicklin's post is geared towards SAS programming, Slashdot reader theodp writes that the question is a language-agnostic one: ...when to include technically-unnecessary code -- e.g., variable declarations, superfluous punctuation, block constructs for single statements, values for optional parameters that are the defaults, debugging/validation statements, non-critical error handling, explicitly destroying objects that would otherwise be deleted on exit, labeled NEXT statements, full qualification of objects/methods, unneeded code from templates...
He's wondering if other Slashdot readers have trouble tolerating their co-workers' unnecessary codes choices (which he demonstrates with a video clip from Silicon Valley). So leave your answers in the comments. When do you do include 'unnecessary' code in your programs -- and why?

An anonymous reader writes: Android Police is reporting that the Android software company Cyanogen Inc. will be laying off 20 percent of its workforce, and will transition from OS development to applications. The Android Police report says "roughly 30 out of the 136 people Cyanogen Inc. employs" are being cut, and that the layoffs "most heavily impact the open source arm" of the company. Android Police goes on to say that CyanogenMod development by Cyanogen Inc "may be eliminated entirely." Ars Technica notes the differences between each "Cyanogen" branding. Specifically, CyanogenMod is a "free, open source, OS heavily based on Android and compatible with hundreds of devices," while Cyanogen Inc. is "a for-profit company that aims to sell Cyanogen OS to OEMs." It appears that many of the core CyanogenMod developers will no longer be paid to work on CyanogenMod, though the community is still free to develop the software." Android Police details the firing process in their report: "Layoffs reportedly came after a long executive retreat for the company's leaders and were conducted with no advanced notice. Employees who were not let go were told not to show up to work today. Those who did show up were the unlucky ones: they had generic human resources meetings rather ominously added to their calendars last night. So, everyone who arrived at Cyanogen Inc. in Seattle this morning did so to lose their job (aside from those conducting the layoffs)." Early last year, Microsoft invested in a roughly $70 million round of equity financing for the then-startup Cyanogen Inc. Not too long before that, Google tried to acquire Cyanogen Inc., but the company turned down Google's offer to seek funding from investors and major tech companies at a valuation of around $1 billion. Cyanogen Inc. CEO Kirt McMaster once said the company was "attempting to take Android away from Google" and that it was "putting a bullet through Google's head."

UPDATE 7/25/16: Cyanogen CEO and cofounder Kirt McMaster took to Twitter to dispel some of the rumors, tweeting: "Cyanogen NOT pivoting to apps. We are an OS company and our mission of creating an OPEN ANDROID stands. FALSE reporting was outstanding."

An anonymous reader writes from a report via The Next Web: The Safari browser included in Apple's iOS 10 and macOS Sierra software is testing WebP, technology from Google that allows developers to create smaller, richer images that make the web faster. Basically, it's a way for webpages to load more quickly. The Next Web reports: "WebP was built into Chrome back at build 32 (2013!), so it's not unproven. It's also used by Facebook due to its image compression underpinnings, and is in use across many Google properties, including YouTube." Microsoft is one of the only major players to not use WebP, according to CNET. It's not included in Internet Explorer and the company has "no plans" to integrate it into Edge. Even though iOS 10 and macOS Sierra are in beta, it's promising that we will see WebP make its debut in Safari latest this year. "It's hard to imagine Apple turning away tried and true technology that's found in a more popular browser -- one that's favored by many over Safari due to its speed, where WebP plays a huge part," reports The Next Web. "Safari is currently the second most popular browser to Chrome." What's also interesting is how WebP isn't mentioned at all in the logs for Apple's Safari Technology Preview.

New submitter yzf750 quotes a report from ESPN: A federal judge sentenced the former scouting director of the St. Louis Cardinals [Christopher Correa] to nearly four years in prison Monday for hacking the Houston Astros' player personnel database and email system in an unusual case of high-tech cheating involving two Major League Baseball clubs. "The data breach was reported in June 2014 when Astros general manager Jeff Luhnow told reporters the team had been the victim of hackers who accessed servers and proceeded to publish online months of internal trade talks," reports ESPN. "Luhnow had previously worked for the Cardinals. The FBI said Correa was able to gain access using a password similar to that used by a Cardinals employee who 'had to turn over his Cardinals-owned laptop to Correa along with the laptop's password' when he was leaving for a job with the Astros in 2011. Prosecutors have said Correa in 2013 improperly downloaded a file of the Astros' scouting list of every eligible player for that year's draft. They say he also improperly viewed notes of trade discussions as well as a page that listed information such as potential bonus details, statistics and notes on recent performances and injuries by team prospects. Authorities say that after the Astros took security precautions involving [a database called Ground Control] following a Houston Chronicle story about the database, Correa was able to still get into it. Authorities say he hacked the email system and was able to view 118 pages of confidential information, including notes of trade discussions, player evaluations and a 2014 team draft board that had not yet been completed. Federal prosecutors say the hacking cost the Astros about $1.7 million, taking into account how Correa used the Astros' data to draft players. Christopher Correa had pleaded guilty in January to five counts of unauthorized access of a protected computer from 2013 to at least 2014, the same year he was promoted to director of baseball development in St. Louis. He was fired last summer and now faces 46 months behind bars and a court order to pay $279,038 in restitution. He had faced up to five years in prison on each count."

An anonymous reader writes: A group of hackers known as OurMine have attacked Pokemon Go's login servers, making it all but impossible for players to get online. The group says they hacked the game in an effort for the game to be more stable. They want to show the developers behind Pokemon Go that the app can and should be made more secure. Prior to the hack, the servers have been shaky as interest in the game has spiked. But over the weekend, users faced the most extreme connectivity issues yet. "No one will be able to play this game till Pokemon Go contact us on our website to teach them how to protect it!" the group wrote on its website. A different hacking group, which claimed to be part of OurMine, said that the latest attack had been launched after the huge outage caused by a group called Poodlecorp, on Saturday. "The group makes money from charging for vulnerability assessment, where hackers attempt to break into corporate networks to check how safe they are," reports The Independent. A representative said via Twitter that the group wasn't requesting money from those behind Pokemon Go, and that OurMine "just don't want other hackers [to] attack their servers." It should come as no surprise to see that the servers have been having trouble keeping up with demand as Pokemon Go has become the biggest mobile game in U.S. history after launching just about two weeks ago.

I thought it'd be fun to ask Slashdot readers one of the same questions we asked Larry Wall: What's your computer set-up look like? Slashdot reader LichtSpektren had asked: Can you give us a glimpse into what your main work computer looks like? What's the hardware and OS, your preferred editor and browser, and any crucial software you want to give a shout-out to?
Larry Wall is running Linux Mint (Cinnamon edition), and he surfs the web with Firefox (and Chrome on his phone) -- "but I'm not a browser wonk. Maybe I'll have more opinions on that after our JS backend is done for Perl 6..." And for a text editor, he's currently ensconced in the vi/vim camp, though "I've used lots of them, so I have no strong religious feelings."

So leave your answers in the comments. What's your OS, hardware, preferred editor, browser, "and any crucial software you want to give a shout-out to?" What does your computer set-up look like?

You asked, he answered!

Perl creator Larry Wall has responded to questions submitted by Slashdot readers. Read on for his answers...

RaDag writes: The U.S. government has published a DoD-validated implementation guide, known as a STIG, for EDB Postgres Advanced Server from EnterpriseDB (EDB). This is a first. No other open source database, or open source-based database, has been through the US government's security review process and gotten a STIG published. Having this guide will help agencies seeking an open source-based alternative to costly traditional vendors like Oracle [and] will speed and ease deployment of EDB Postgres, which has database compatibility for Oracle.
They're now working with the U.S. Army, Navy, Marine Corps, and Air Force, according to a company statement. It also says that the Department of Defense and other U.S. government agencies "seek open source alternatives to traditional proprietary software," and see their database solution as "an opportunity to quickly reduce costs and shift away from expensive proprietary vendors, particularly as public policy initiatives around the world mandate adoption of more open source."