Security

Silverlight Exploits Up, Java Exploits Down, Says Cisco 55

angry tapir writes: Attempts to exploit Silverlight soared massively in late 2014 according to research from Cisco. However, the use of Silverlight in absolute terms is still low compared to the use of Java and Flash as an attack vector, according to Cisco's 2015 Annual Security Report. The report's assessment of the 2014 threat landscape also notes that researchers observed Flash-based malware that interacted with JavaScript. The Flash/JS malware was split between two files to make it easier to evade anti-malware protection. (The full report is available online, but registration is required.)
Programming

Is D an Underrated Programming Language? 386

Nerval's Lobster writes: While some programming languages achieved early success only to fall by the wayside (e.g., Delphi), one language that has quietly gained popularity is D, which now ranks 35 in the most recent Tiobe Index. Inspired by C++, D is a general-purpose systems and applications language that's similar to C and C++ in its syntax; it supports procedural, object-oriented, metaprogramming, concurrent and functional programming. D's syntax is simpler and more readable than C++, mainly because D creator Walter Bright developed several C and C++ compilers and is familiar with the subtleties of both languages. D's advocates argue that the language is well thought-out, avoiding many of the complexities encountered with modern C++ programming. So shouldn't it be more popular? The languages with the biggest gains this time around include JavaScript, PL/SQL, Perl, VB, and COBOL. (Yes, COBOL.) The biggest drops belonged to the six most popular languages: Objective-C, C, Java, C++, PHP, and C#.
Programming

Justified: Visual Basic Over Python For an Intro To Programming 648

theodp writes ICT/Computing teacher Ben Gristwood justifies his choice of Visual Basic as a programming language (as a gateway to other languages), sharing an email he sent to a parent who suggested VB was not as 'useful' as Python. "I understand the popularity at the moment of the Python," Gristwood wrote, "however this language is also based on the C language. When it comes to more complex constructs Python cannot do them and I would be forced to rely on C (which is incredibly complex for a junior developer) VB acts as the transition between the two and introduces the concepts without the difficult conventions required. Students in Python are not required to do things such as declare variables, which is something that is required for GCSE and A-Level exams." Since AP Computer Science debuted in 1984, it has transitioned from Pascal to C++ to Java. For the new AP Computer Science Principles course, which will debut in 2016, the College Board is leaving the choice of programming language(s) up to the teachers. So, if it was your call, what would be your choice for the Best Programming Language for High School?
Books

Book Review: FreeBSD Mastery: Storage Essentials 75

Saint Aardvark writes If, like me, you administer FreeBSD systems, you know that (like Linux) there is an embarrassment of riches when it comes to filesystems. GEOM, UFS, soft updates, encryption, disklabels — there is a *lot* going on here. And if, like me, you're coming from the Linux world your experience won't be directly applicable, and you'll be scaling Mount Learning Curve. Even if you *are* familiar with the BSDs, there is a lot to take in. Where do you start? You start here, with Michael W. Lucas' latest book, FreeBSD Mastery: Storage Essentials. You've heard his name before; he's written Sudo Mastery (which I reviewed previously), along with books on PGP/GnuPGP, Cisco Routers and OpenBSD. This book clocks in at 204 pages of goodness, and it's an excellent introduction to managing storage on FreeBSD. From filesystem choice to partition layout to disk encryption, with sidelong glances at ZFS along the way, he does his usual excellent job of laying out the details you need to know without every veering into dry or boring. Keep reading for the rest of Saint Aardvark's review.
Programming

Interviews: Alexander Stepanov and Daniel E. Rose Answer Your Questions 42

samzenpus (5) writes "Alexander Stepanov is an award winning programmer who designed the C++ Standard Template Library. Daniel E. Rose is a programmer, research scientist, and is the Chief Scientist for Search at A9.com. In addition to working together, the duo have recently written a new book titled, From Mathematics to Generic Programming. Earlier this month you had a chance to ask the pair about their book, their work, or programming in general. Below you'll find the answers to those questions."
Chrome

With Community Help, Chrome Could Support Side Tabs Extension 117

jones_supa writes The lack of a vertical tab strip (or "Tree Style Tab" as the Firefox extension is called) has been under a lot of discussion under Chrome/Chromium bug tracker. Some years ago, vertical tabs existed as an experimental feature enabled with a "secret" command line parameter, but that feature was eventually removed from the browser. Since then, Google has been rather quiet about whether such feature is still on the roadmap. Now, a Google engineer casts some light on the issue. He says that a tree-style interface for tabs would be overly complex as a native implementation, but Google would back the idea of improving the extensions interface to support a sidebar-like surface to render the tab UI on, if someone from the open source community would step forward to do the work to drive the feature to completion.
Stats

Lies, Damn Lies, and Tech Diversity Statistics 335

theodp writes Some of the world's leading Data Scientists are on the payrolls of Microsoft, Google, Facebook, Yahoo, and Apple. So, it'd be interesting to get their take on the infographics the tech giants have passed off as diversity data disclosures. Microsoft, for example, reported its workforce is 29% female, which isn't great, but if one takes the trouble to run the numbers on a linked EEO-1 filing snippet (PDF), some things look even worse. For example, only 23.35% of its reported white U.S. employee workforce is female (Microsoft, like Google, footnotes that "Gender data are global, ethnicity data are US only"). And while Google and Facebook blame their companies' lack of diversity on the demographics of U.S. computer science grads, CS grad and nationality breakouts were not provided as part of their diversity disclosures. Also, the EEOC notes that EEO-1 numbers reflect "any individual on the payroll of an employer who is an employee for purposes of the employers withholding of Social Security taxes," further muddying the disclosures of companies relying on imported talent, like H-1B visa dependent Facebook. So, were the diversity disclosure mea culpas less about providing meaningful data for analysis, and more about deflecting criticism and convincing lawmakers there's a need for education and immigration legislation (aka Microsoft's National Talent Strategy) that's in tech's interest?
Programming

Linus On Diversity and Niceness In Open Source 361

An anonymous reader writes "Linus Torvalds has sent a lengthy statement to Ars Technica responding to statements he made in a conference in New Zealand. One of his classic comments in NZ was: "I'm not a nice person, and I don't care about you. I care about the technology and the kernel — that's what's important to me." On diversity, he said that "the most important part of open source is that people are allowed to do what they are good at" and "all that stuff is just details and not really important." Now he writes: "What I wanted to say — and clearly must have done very badly — is that one of the great things about open source is exactly the fact that different people are so different", and that "I don't know where you happen to be based, but this 'you have to be nice' seems to be very popular in the US," calling the concept of being nice an "ideology"."
Programming

The Legacy of CPU Features Since 1980s 180

jones_supa writes: David Albert asked the following question:

"My mental model of CPUs is stuck in the 1980s: basically boxes that do arithmetic, logic, bit twiddling and shifting, and loading and storing things in memory. I'm vaguely aware of various newer developments like vector instructions (SIMD) and the idea that newer CPUs have support for virtualization (though I have no idea what that means in practice). What cool developments have I been missing? "

An article by Dan Luu answers this question and provides a good overview of various cool tricks modern CPUs can perform. The slightly older presentation Compiler++ by Jim Radigan also gives some insight on how C++ translates to modern instruction sets.
Programming

Exploring Some Lesser-Known Scripting Languages 60

Nerval's Lobster writes: Scripting languages are used in everything from games and Web pages to operating-system shells and general applications, as well as standalone scripts. While many of these scripting languages are common and open to modification, there are some interesting, open-source ones that are worth a look, even if they don't have the substantial audience of some of the popular ones. Wren, Candle, Fancy, Pikt, and PPL all show what a single developer can do if they set out with enough motivation to create open-source scripting languages. The results often prove surprisingly powerful.
Databases

Ask Slashdot: Linux Database GUI Application Development? 264

New submitter msubieta writes I have been developing some applications to use in small businesses using Windows and SQL Server. I would like to move on and start doing the same thing in Linux. I have looked at several Frameworks/Databases/Development environments and I really don't know what is the best/simplest/fastest to learn approach. I use VS and C# mostly, although I could easily go back to C++. I found Qt and GTK+ are the most common frameworks, but they seem to lack controls that deal with datasets and stuff (sorry, spoiled by the .net form controls), but I also know that I could use Mono in order to make the jump. I would have no problem on moving to MySQL, as I have done quite a lot of work on that side, and I would like to stick with the traditional client server application, as I find it easier to maintain, and a whole lot more robust when it comes to user interaction (web apps for POS applications don't seem to be the right way to go in my view). Any suggestions/comments/recommendations?
Programming

Meet Flink, the Apache Software Foundation's Newest Top-Level Project 34

Open source data-processing language Flink, after just nine months' incubation with the Apache Software Foundation, has been elevated to top-level status, joining other ASF projects like OpenOffice and CloudStack. An anonymous reader writes The data-processing engine, which offers APIs in Java and Scala as well as specialized APIs for graph processing, is presented as an alternative to Hadoop's MapReduce component with its own runtime. Yet the system still provides access to Hadoop's distributed file system and YARN resource manager. The open-source community around Flink has steadily grown since the project's inception at the Technical University of Berlin in 2009. Now at version 0.7.0, Flink lists more than 70 contributors and sponsors, including representatives from Hortonworks, Spotify and Data Artisans (a German startup devoted primarily to the development of Flink). (For more about ASF incubation, and what the Foundation's stewardship means, see our interview from last summer with ASF executive VP Rich Bowen.)
PHP

PHP vs. Node.js: the Battle For Developer Mind Share 245

snydeq writes: Simplicity vs. closures, speed of coding vs. raw speed — InfoWorld's Peter Wayner takes a look at how PHP and Node.js stack up against each other. "It's a classic Hollywood plot: the battle between two old friends who went separate ways. Often the friction begins when one pal sparks an interest in what had always been the other pal's unspoken domain. In the programming language version of this movie, it's the introduction of Node.js that turns the buddy flick into a grudge match: PHP and JavaScript, two partners who once ruled the Internet together but now duke it out for the mind share of developers."
AI

AI Experts Sign Open Letter Pledging To Protect Mankind From Machines 258

hypnosec writes: Artificial intelligence experts from across the globe are signing an open letter urging that AI research should not only be done to make it more capable, but should also proceed in a direction that makes it more robust and beneficial while protecting mankind from machines. The Future of Life Institute, a volunteer-only research organization, has released an open letter imploring that AI does not grow out of control. It's an attempt to alert everyone to the dangers of a machine that could outsmart humans. The letter's concluding remarks (PDF) read: "Success in the quest for artificial intelligence has the potential to bring unprecedented benefits to humanity, and it is therefore worthwhile to research how to maximize these benefits while avoiding potential pitfalls."
KDE

KDE Frameworks 5.3 and Plasma 2.1 – First Impressions 84

jones_supa writes Ken Vermette has done a write-up on his experience with the new KDE desktop encompassing Frameworks 5.3 and Plasma 2.1. For starters, some patience is still needed for apps to be ported to KF5, and most of them will be KF4-based for now. Many of the widgets you may have used don't exist yet either, but the good news is that the Plasma goodies which do make an appearance are universally improved. The new search widget is shockingly fast and the notifications tray has been reworked. Visual outlook of desktop has been simplified and things don't feel so tightly packed together anymore. The system settings application has been completely regrouped more by goal than underlying mechanics. Unfortunately the desktop stability leaves a lot to desire: there was several crashes and Plasma had at one point managed to forget colour and wallpaper settings. However the developers seem to be knowing what they are doing, and there's a real feeling that this software will reach rock-solid stability very quickly given the state of it as it stands.
Classic Games (Games)

NetHack Development Team Polls Community For Advice On Unicode 165

An anonymous reader writes After years of relative silence, the development team behind the classic roguelike game NetHack has posteda question: going forward, what internal representation should the NetHack core use for Unicode characters? UTF8? UTF32? Something else? (See also: NH4 blog, reddit. Also, yes, I have verified that the question authentically comes from the NetHack dev team.)
Open Source

Crowdfunded Linux Voice Magazine Releases Second Issue CC-BY-SA 19

M-Saunders writes: As covered previously on Slashdot, Linux Voice crowdfunded its way to success in late 2013, showing how a small team can make things happen with a different business model (giving profits and content back to the community). Now, a few months after the magazine made issue 1 freely available, they've released issue 2 under the Creative Commons for everyone to share and modify. If you've ever fancied making your own Raspberry Pi-powered arcade machine, there's a full guide in the second issue.
Programming

Rust Programming Language Reaches 1.0 Alpha 161

c0d3g33k writes: Rust, a new a systems programming language with a focus on safety, performance and concurrency, has released the 1.0 alpha version of the language. This means that the language and core libraries are feature-complete for the 1.0 release. In practical terms, this means that the rate of change experienced by early adopters will slow down dramatically and major breaking changes should be very rare (during the alpha cycle some major changes may still occur if considered necessary). The language will stabilize further when the beta stage is reached (planned for six weeks from now).
Hardware Hacking

Ask Slashdot: Options For Cheap Home Automation? 189

New submitter goose-incarnated writes I'm looking at cheap and simple home automation. Unfortunately I'm not too clued up on what my options are. There are such a wide array of choices, none of which seem (to me) to be either cheap or simple. I'd like to: Turn switches on/off (lights, wall sockets, general relays, etc); Read the status of on/off switches; Read analog samples (for example, temperature sensors); 'Program' switches based on analog samples/existing switches (for example, program a relay to come on at 30C and go off at 25C, thereby controlling the temperature); Similarly, program switches to go on/off at certain times; Record the samples of analog or digital inputs for a given time . I'd like to do the above using smartphone+bluetooth (for when I'm in the vicinity of the room), or smartdevice+WiFi (for when I'm in the house, somewhere), or even in a pinch, using HTTP to access a server at home from 600km away (which is what I'm willing to do). I'm definitely not willing to stream all my requests/data/responses through a third-party so third party cloud subscription solutions, even if free, are out of the question. Finally (because I know the Slashdot crowd likes a challenge :-)), I'd like something that is easily reprogrammable without having to compile code, then reflash a device, etc. What languages for embedded devices exist for home automation programming, if any. A quick google search reveals nothing specially made for end-users to reprogram their devices, but, like I said above, I'm clueless about options.
Electronic Frontier Foundation

EFF: Apple's Dev Agreement Means No EFF Mobile App For iOS 220

schwit1 writes The EFF launched a new app that will make it easier for people to take action on digital rights issues using their phone. The app allows folks to connect to their action center quickly and easily, using a variety of mobile devices. Sadly, though, they had to leave out Apple devices and the folks who use them. Why? Because they could not agree to the terms in Apple's Developer Agreement and Apple's DRM requirements.

Slashdot Top Deals