Programming

'Why I Prefer Go Over Python or Java' (yourbasic.org) 230

Stefan Nilsson, a computer science professor at the KTH Royal Institute of Technology, recently explained "why I prefer Go to Java or Python," arguing that Go "makes it much easier for me to write good code." Go is a minimalist language, and that's (mostly) a blessing. The formal Go language specification is only 50 pages, has plenty of examples, and is fairly easy to read. A skilled programmer could probably learn Go from the specification alone. The core language consists of a few simple, orthogonal features that can be combined in a relatively small number of ways. This makes it easier to learn the language, and to read and write programs. When you add new features to a language, the complexity doesn't just add up, it often multiplies: language features can interact in many ways. This is a significant problem -- language complexity affects all developers (not just the ones writing the spec and implementing the compiler).

Here are some core Go features:

- The built-in frameworks for testing and profiling are small and easy to learn, but still fully functional. There are plenty of third-party add-ons, but chances are you won't need them.

- It's possible to debug and profile an optimized binary running in production through an HTTP server.

- Go has automatically generated documentation with testable examples. Once again, the interface is minimal, and there is very little to learn.

- Go is strongly and statically typed with no implicit conversions, but the syntactic overhead is still surprisingly small. This is achieved by simple type inference in assignments together with untyped numeric constants. This gives Go stronger type safety than Java (which has implicit conversions), but the code reads more like Python (which has untyped variables).

- Programs are constructed from packages that offer clear code separation and allow efficient management of dependencies. The package mechanism is perhaps the single most well-designed feature of the language, and certainly one of the most overlooked.

- Structurally typed interfaces provide runtime polymorphism through dynamic dispatch.

- Concurrency is an integral part of Go, supported by goroutines, channels and the select statement.

The professor points out that the Java® Language Specification is 750 pages, and blames much of its complexity on feature creep (for example, inner classes, generics, and enum). And he also applauds the strict compatibility guarantees of Go 1 for the core language and standard packages, as well as its open source, BSD-style license, and Go's code transparency.

"There is one standard code format, automatically generated by the fmt tool," he writes, arguing that "Your project is doomed if you can't read and understand your code."
Oracle

Oracle Exec Mocks Google Arguments About Java's APIs (thehill.com) 145

"Whether it is consumers' data or competitors' code, Google's view seems to be the same: What's mine is mine, and what's yours is mine," argues Oracle executive vice president Kenneth Glueck.

Google had urged America's Supreme Court to rule in their ongoing legal case about access to Java's APIs, a case which Google says hinges on "whether developers should be able to create new applications using standard ways of accessing common functions. Those functions are the building blocks of computer programming, letting developers easily assemble the range of applications and tools we all use every day. Making it harder to connect with those functions would lock developers into existing platforms, thus reducing competition and, ultimately, hurting consumers. Access to software interfaces like these is the key to interoperability, the foundation of great software development."

That editorial -- written by Google's senior vice president for global affairs, Kent Walker, notes that 175 startups, developers, academics and other tech companies (including Microsoft) are also asking the Supreme Court to hear this case. Google warns of a risk to innovation posed if companies like Oracle become "gatekeepers to interoperability," calling it "a defining battle of the digital era."

Oracle's executive responds that "There are many 'defining battles' of the digital era -- 5G, Artificial Intelligence, autonomous devices -- but Oracle v. Google is surely not among them." Only in Google's world does weaker intellectual property protection lead to more innovation. It is settled in law and in economics that the opposite is true. And at a time when the U.S. is circling the globe to enhance the protection of U.S. intellectual property -- including strong copyright protection -- Google takes the opposite view...

In a stunning what's-up-is-down and down-is-up statement, Walker attempts to wrap Google in the cloak of interoperability. Java defined the era of interoperability with its "write once, run everywhere" architecture. It was Google that copied Java, built Android around it, and altered it so it was only interoperable with itself (i.e., write once, run only on Google). Android killed Java interoperability, and now Google argues that killing interoperability is good for interoperability?

Those facts are not in dispute. The only issue in dispute is Google's assertion that its actions were all "fair." On this point, the federal circuit court clearly analyzed and methodically decided against Google's fair-use defense. This makes sense because, under no interpretation of fair use, may you copy a competitor's software code and turn around and compete against that competitor in the marketplace. Hard stop... There is no matter of law in question, nor is there a conflict among circuit courts. Google was caught killing interoperability and is now trying to concoct a new "we are too important" legal defense.

Reuters reports that this week the Supreme Court asked the White House "to offer its views on whether it should hear Google's bid to end Oracle's copyright infringement lawsuit."
Earth

Indonesia Plans To Move Its Capital Out Of Jakarta, A City That's Sinking (npr.org) 95

Indonesia has announced plans to build a new capital city as its current capital, Jakarta, struggles with pollution, traffic gridlock -- and the fact that the city is sinking. From a report: After a Cabinet meeting on Monday, planning minister Bambang Brodjonegoro said President Joko Widodo has decided to move the capital out of Indonesia's main island, Java. It's not clear exactly when this will happen, or where the new capital would be located. The idea has been out there for decades, though previous leaders have been unable to accomplish the ambitious plan. Earlier this month, Widodo secured another term in office, according to independent polling organizations. His challenger also declared victory, and official results have not yet been announced.

"The idea to move the capital city appeared long ago. ... But it has never been decided or discussed in a planned and mature manner," Widodo said before the meeting, according to The Associated Press. Jakarta faces massive challenges. As the BBC has reported, it's the fastest-sinking city in the world, with almost half of its area below sea level.

Java

Caffeine Gives Perovskite Solar Cells An Energy Boost, Study Says (ieee.org) 77

UCLA professor Yang Yang's lab chock-full of coffee drinkers spent several years searching for a stability-enhancing additive to turn famously unstable perovskite PV cells into a useful product. Then, on a lark, Yang's graduate student Rui Wang suggested they try adding caffeine to the mix. To the team's surprise, caffeine produced longer lasting and more powerful solar cells. IEEE Spectrum reports: The work, completed with collaborators at Hong Kong-based PV firm Solargiga Energy Holdings and two Chinese universities, appears today in energy research journal Joule. Caffeine's calming effect starts during the creation of perovskite crystals. "Without caffeine, the crystallization process will just take 2 seconds, but with caffeine it will take 1 to 2 minutes," says Yang. The more deliberate growth process yields a perovskite material with larger grains of defect-free crystal. They are more stable mechanically and better at moving the charges created from incoming photons.

Caffeine also stabilizes perovskite PV cells during operation because each caffeine molecule can bind to two lead atoms at the boundaries of the crystal grains. This dual molecular lock ties the grains together and, Yang believes, hinders the movement of ions that threaten to reshape the crystal into a weaker pattern. The lab's best caffeine-treated cell captures incoming light with an efficiency of 19.8 percent, up from 17 percent for untreated cells, and retains 86 percent of its output after operating for 1,300 grueling hours at 85C. That's remarkable endurance compared with that of the lab's untreated cells, whose output plummeted by 40 percent after just 175 hours. Still, Yang says they need materials that hold it together through at least one to two years of accelerated testing to provide confidence that they can pump out power for several decades on a rooftop.

Oracle

Red Hat Takes Over Maintenance of OpenJDK 8 and OpenJDK 11 From Oracle (infoworld.com) 55

"Red Hat is taking over maintenance responsibilities for OpenJDK 8 and OpenJDK 11 from Oracle," reports InfoWorld: Red Hat will now oversee bug fixes and security patches for the two older releases, which serve as the basis for two long-term support releases of Java. Red Hat's updates will feed into releases of Java from Oracle, Red Hat, and other providers... Previously, Red Hat led the OpenJDK 6 and OpenJDK 7 projects. Red Hat is not taking over OpenJDK 9 or OpenJDK 10, which were short-term releases with a six-month support window.
Python

Historic 'Summit' with the Creators of Python, Java, TypeScript, and Perl (packtpub.com) 84

"At the first annual charity event conducted by Puget Sound Programming Python on April 2, four legendary language creators came together to discuss the past and future of language design," reports PacktPub.

- Guido van Rossum, the creator of Python
- James Gosling, the founder, and lead designer behind the Java programming language
- Anders Hejlsberg, the original author of Turbo Pascal who has also worked on the development of C# and TypeScript
- Larry Wall, the creator of Perl

You can watch the video here -- the speaker introductions start about 50 minutes into the video-- or read PacktPub's summary of the event: Guido van Rossum said designing a programming language is very similar to the way JK Rowling writes her books, the Harry Potter series... He says JK Rowling is a genius in the way that some details that she mentioned in her first Harry Potter book ended up playing an important plot point in part six and seven... When designing a language we start with committing to certain details like the keywords we want to use, the style of coding we want to follow, etc. But, whatever we decide on we are stuck with them and in the future, we need to find new ways to use those details, just like Rowling...

When James Gosling was asked how Java came into existence and what were the design principles he abided by, he simply said, "it didn't come out of like a personal passion project or something. It was actually from trying to build a prototype.... It started out as kind of doing better C and then it got out of control that the rest of the project really ended up just providing the context." In the end, the only thing out of that project survived was Java...

Larry Wall wanted to create a language that was more like a natural language. Explaining through an example, he said, "Instead of putting people in a university campus and deciding where they go we're just gonna see where people want to walk and then put shortcuts in all those places." A basic principle behind creating Perl was to provide APIs to everything. It was aimed to be both a good text processing language linguistically but also a glue language....

Similar to the views of Guido van Rossum, Anders Hejlsberg adds that any decision that you make when designing a language you have to live with it. When designing a language you need to be very careful about reasoning over what "not" to introduce in the language.

There was also some discussion of types -- Gosling believes they help improve performance, while Hejlsberg said types are also useful when building coding tools. "It turns out that you can actually be more productive by adding types if you do it in a non-intrusive manner and if you work hard on doing good type inference and so forth." In fact, Hejlsberg told the audience that the TypeScript project was inspired by massive "write-only" JavaScript code bases, while a semantic understanding (including a type system) makes refactoring easier.

Guido van Rossum acknowledged that TypeScript "is actually incredibly useful and so we're adding a very similar idea to Python. We are adding it in a slightly different way because we have a different context.... I've learned a painful lesson, that for small programs dynamic typing is great. For large programs, you have to have a more disciplined approach. And it helps if the language actually gives you that discipline, rather than telling you, 'Well, you can do whatever you want.'"

In the video Larry Wall says the Perl 6 team had also noticed the limitations of loose typing, and added a robust type system to Perl 6 to "help with programming in the large."

This was the first annual benefit for CSforALL, a group promoting high-quality computer science classes at every grade level.
Programming

The Most Loved and Most Disliked Programming Languages Revealed in Stack Overflow Survey (stackoverflow.com) 268

angel'o'sphere shares a report: The annual Stack Overflow survey is one of the most comprehensive snapshots of how programmers work, with this year's poll being taken by almost 90,000 developers across the globe. This year's survey details which languages developers enjoy using, which are associated with the best paid jobs, which are most commonly used, as well as developers' preferred frameworks, databases, and integrated development environments.

Python's versatility continues to fuel its rise through Stack Overflow's rankings for the "most popular" languages, which lists the languages most widely used by developers. This year's survey finds Python to be the fastest-growing major programming language, with Python edging out Android and enterprise workhorse Java to become the fourth most commonly used language. [...] More importantly for developers, this popularity overlaps with demand for the language, with Julia Silge, data scientist at Stack Overflow, saying that jobs data gathered by Stack Overflow also shows Python to be one of the most in-demand languages sought by employers.

[...] Rust may not have as many users as Python or JavaScript but it has earned a lot of affection from those who use it. For the fourth year running, the language tops Stack Overflow's list of "most-loved" languages, which means the proportion of Rust developers who want to continue working with it is larger than that of any other language.[...] Go stands out as a language that is well paid, while also being sought after and where developers report high levels of job satisfaction.
Full report here.
Java

NPM Apologizes For the Way It Handled Recent Staff Layoffs (theregister.co.uk) 36

JavaScript library manager NPM on Wednesday apologized for its handling of a contentious round of recent layoffs. The Register reports: The company statement, which comes a week after product manager Rebecca Turner resigned in protest, is co-signed by chief executive officer Bryan Bogensberger, chief product officer Isaac Schlueter and chief data officer Laurie Voss. "Recently, we let go of five people in a company restructuring," the statement says. "The way that we undertook the process, unfortunately, made the terminations more painful than they needed to be, which we deeply regret, and we are sorry." By way of explanation, the statement attributes the changes at the company to shifting the firm's source of financial sustenance from venture funding to product revenue. That requires "new levels of commitment, delivery, and accountability," the implementation of which "has been uncomfortable at times."

In response to a question posed by The Register via Twitter, the company's former CTO CJ Silverio said, "The main thing I want to note is how NPM's statement is not an apology by [Isaac's] own standards. His blog post about apologies is very clear about the three things an apology must contain, and it seems to me that all three items were missing from that statement. It said nothing substantive. It went so far as to blame NPM's users for forcing them into the move."

Programming

Most Popular Programming Languages: C++ Knocks Python Out of Top Three in New Study (techrepublic.com) 161

C++ has knocked machine-learning favorite Python out of the top 3 in the TIOBE Index of popular programming languages. From a report: It marks a reversal of fortune for C++, which, after years of occupying third place in the index, was pushed down to fourth place by Python in September last year. First and second place in the list remain unchanged, with Java in pole position and C at number two. The TIOBE Index attempts to estimate the popularity of languages worldwide based on results from major search engines. The index is sometimes criticized for being a rather blunt measure, likely to be influenced by a range of factors beyond a language's popularity, but its rankings are broadly in line with others, with a similar mix of languages albeit arranged in a different order.

In an analysis alongside the latest figures, TIOBE attributes the comeback of C++ to a surge in its popularity, rather than a fall in the use of Python. "This is certainly not because Python is in decline: Python is scoring all time highs almost every month. It is just that C++ is also getting more and more popular," it writes. The report credits this growing interest in C++ to C++11, the version of the language released in 2011 that TIOBE said made C++ "much simpler, safer and more expressive."

AI

Futurist Predicts AI Will Take Jobs, Benefiting the Rich But Not Workers (venturebeat.com) 340

Citing "significant" new corporate investments in AI technology, futurist Gary Grossman argues that AI "may be the fastest paradigm shift in the history of technology -- and warns there's a counter-argument to the theory that AI will create as many jobs as its displaces. "The other view is that this time is different, that we are not just automating labor but also cognition and many fewer people will be needed by industry." KPMG claims more than half of business executives plan to implement some form of AI within the next 12 months... The disruption is already beginning, with fully 75% of the organizations KPMG surveyed expecting intelligent automation to significantly impact 10 to 50% of their employees in the next two years. A Citigroup executive told Bloomberg that better AI could reduce headcount at the bank by 30%. In the face of all this change, many companies publicly state that AI will eliminate some dull and repetitive jobs and make it possible for people to do higher-order work. However, as a prominent venture capitalist relayed to me recently on this topic: "most displaced call center workers don't become Java programmers." It is not only low-skilled jobs that are at risk. Gartner analysts recently reported that AI will eliminate 80% of project management tasks....

A New York Times article noted that while many company executives pay public lip service to "human-centered AI" and the need to provide a safety net for those who lose their jobs, they privately talk about racing to automate their workforces "to stay ahead of the competition, with little regard for the impact on workers." The article also cites a Deloitte survey from 2017 that found 53% of companies had already started to use machines to perform tasks previously done by humans. The figure is expected to climb to 72% by next year.... The net of this dynamic is that workers are not a major factor in the economic calculus of the business drive to adopt AI, despite so many public statements to the contrary.

So perhaps it's not a surprise when the Edelman 2019 AI survey shows a widely held view that AI will lead to short-term job losses with the potential for societal disruption and that AI will benefit the rich and hurt the poor.

He also shares a sobering quote from historian, philosopher, and bestselling author Yuval Noah Harari on why Silicon Valley supports Universal Basic Incomes.

"The message is: 'We don't need you. But we are nice, so we'll take care of you.'"
Java

Minecraft Creator Markus 'Notch' Persson Eradicated From Splash Text (arstechnica.com) 342

An anonymous reader quotes a report from Ars Technica: Microsoft has removed a trio of references to Markus "Notch" Persson, the creator of Minecraft, from the game's opening menu screen. Random messages known as "splash text" are printed in yellow on this screen, and they used to include "Made by Notch!", "The Work of Notch", and "110813!" (a reference to the day Persson got married), but now all three mentions are gone. Notch is still included in the game's credits, but the change means that Minecraft players will no longer be randomly referenced.

Persson first released the blocky building game in 2009. Five years later, after the game had become a global smash hit, he sold his company Mojang to Microsoft for $2.5 billion, giving Redmond ownership of Minecraft. The references to Notch have remained a feature until their removal in this latest patch. They're reported to have been removed both from the original Java edition played on PCs and the legacy console edition used on PlayStation 4. No official rationale has been offered for the change, but Persson has become something of a polarizing figure on Twitter...

Google

Oracle Tells Supreme Court Google Copyright Breach Knocked It Out Of Smartphone Market (crn.com) 290

Joseph Tsidulko, writing for CRN: Oracle asked the U.S. Supreme Court on Wednesday to not review an appellate court's decision finding Google violated Oracle's copyright of the Java platform when building the Android mobile operating system. In that opposition brief, Oracle's attorneys said Google's copyright violation shut Oracle, the Java platform owner, out of the emerging smartphone market, causing incalculable harm to its business. The complex case pitting two Silicon Valley giants against each other has raged on since 2010, and already saw many twists in turns before a circuit court last year reversed a jury decision in favor of Oracle. That prompted Google's appeal to the nation's highest court. Oracle notes Google had previously asked for a writ of certiorari -- the legal term for review by the high court -- in 2015 without success in an earlier phase of the case, and the company argues nothing has changed in the time since.

Oracle believes Google destroyed its hopes of competing as a smartphone platform developer with the Java platform, which enables development and execution of software written in Java, including through APIs that access a vast software library. The lawsuit alleged Google copied those APIs without a proper license. Java was developed at Sun Microsystems, which Oracle acquired in 2010. "Google's theory is that, having invested all those resources to create a program popular with platform developers and app programmers alike, Oracle should be required to let a competitor copy its code so that it can coopt the fan base to create its own best-selling sequel," Oracle's brief states.

Programming

Which Programming Language Has The Most Security Vulnerabilities? (techrepublic.com) 330

A new report from the open source security company WhiteSource asks the question, "Is one programming language more secure than the rest?"

An anonymous reader quotes TechRepublic: To answer this question, the report compiled information from WhiteSource's database, which aggregates information on open source vulnerabilities from sources including the National Vulnerability Database, security advisories, GitHub issue trackers, and popular open source projects issue trackers. Researchers focused in on open source security vulnerabilities in the seven most widely-used languages of the past 10 years to learn which are most secure, and which vulnerability types are most common in each...

The most common vulnerabilities across most of these languages are Cross-SiteScripting (XSS); Input Validation; Permissions, Privileges, and Access Control; and Information Leak / Disclosure, according to the report.

Across the seven most widely-used programming languages, here's how the vulnerabilities were distributed:
  • C (47%)
  • PHP (17%)
  • Java (11%)
  • JavaScript (10%)
  • Python (5%)
  • C++ (5%)
  • Ruby (4%)

But the results are full of disclaimers -- for example, that C tops the list because it's the oldest language with "the highest volume of written code" and "is also one of the languages behind major infrastructure like Open SSL and the Linux kernel."

The report also notes a "substantial rise" across all languages for known open source security vulnerabilities over the last two years, attributing this to more awareness about vulnerable components -- thanks to more research, automated security tools, and "the growing investment in bug bounty programs" -- as well as the increasing popularity of open source software. And it also reports a drop in the percentage of critical vulnerabilities for most languages -- except JavaScript and PHP.

The report then concludes that "the Winner Of Most Secure Programming Language is...no one and everyone...! It is not about the language itself that makes it any more or less secure, but how you use it. If you are mitigating your vulnerabilities throughout the software development lifecycle with the proper management approach, then you are far more likely to stay secure."

Coincidentally, WhiteSource sells software which monitors open source components throughout the software development lifecycle to provide alerts about security (and licensing) issues.


Security

PewCrypt Ransomware Locks Users' Files and Won't Offer a Decryption Key Until - and Unless - PewDiePie's YouTube Channel Beats T-Series To Hit 100M Subscribers (zdnet.com) 237

The battle between PewDiePie, currently the most subscribed channel on YouTube, and T-Series, an Indian music label, continues to have strange repercussions. In recent months, as T-Series closes in on the gap to beat PewDiePie for the crown of the most subscribers on YouTube, alleged supporters of PewDiePie, in an unusual show of love, have hacked Chromecasts and printers to persuade victims to subscribe to PewDiePie's channel. Now ZDNet reports about a second strain of ransomware that is linked to PewDiePie. From the report: A second one appeared in January, and this was actually a fully functional ransomware strain. Called PewCrypt, this ransomware was coded in Java, and it encrypted users' files in the "proper" way, with a method of recovering files at a later date. The catch --you couldn't buy a decryption key, but instead, victims had to wait until PewDiePie gained over 100 million followers before being allowed to decrypt any of the encrypted files. At the time of writing, PewDiePie had around 90 million fans, meaning any victim would be in for a long wait before they could regain access to any of their files. Making matters worse, if T-Series got to 100 million subscribers before PewDiePie, then PewCrypt would delete the user's encryption key for good, leaving users without a way to recover their data.

While the ransomware was put together as a joke, sadly, it did infect a few users, ZDNet has learned. Its author eventually realized the world of trouble he'd get into if any of those victims filed complaints with authorities, and released the ransomware's source code on GitHub, along with a command-line-based decryption tool.

Transportation

Pilot Who Hitched a Ride Saved Lion Air 737 Day Before Deadly Crash (bloomberg.com) 353

As the Lion Air crew fought to control their diving Boeing 737 Max 8, they got help from an unexpected source: an off-duty pilot who happened to be riding in the cockpit. Bloomberg reports: That extra pilot, who was seated in the cockpit jumpseat, correctly diagnosed the problem and told the crew how to disable a malfunctioning flight-control system and save the plane, according to two people familiar with Indonesia's investigation. The next day, under command of a different crew facing what investigators said was an identical malfunction, the jetliner crashed into the Java Sea killing all 189 aboard.

The previously undisclosed detail on the earlier Lion Air flight represents a new clue in the mystery of how some 737 Max pilots faced with the malfunction have been able to avert disaster while the others lost control of their planes and crashed. The presence of a third pilot in the cockpit wasn't contained in Indonesia's National Transportation Safety Committee's Nov. 28 report on the crash and hasn't previously been reported. The so-called dead-head pilot on the earlier flight from Bali to Jakarta told the crew to cut power to the motor driving the nose down, according to the people familiar, part of a checklist that all pilots are required to memorize.
Further reading: Flawed Analysis, Failed Oversight: How Boeing, FAA Certified the Suspect 737 MAX Flight Control System.
United States

FAA Says Boeing 737 MAX Planes Are Still Airworthy (cnbc.com) 209

An anonymous reader quotes a report from CNBC: The Boeing 737 MAX, the type of plane involved in a deadly crash in Ethiopia over the weekend, is still airworthy and the Federal Aviation Administration plans to issue a notice to the international aviation community later Monday, a person familiar with the matter said. "The FAA continuously assesses and oversees the safety performance of U.S. commercial aircraft," the FAA said in a statement. "If we identify an issue that affects safety, the FAA will take immediate and appropriate action."

Aviation officials in China and Indonesia ordered domestic airlines to ground their fleets of the popular Boeing single-aisle planes after the deadly crash of one operated by Ethiopian Airlines on Sunday. The 149 passengers and eight crew members on board were killed when the plane crashed shortly after takeoff. The incident was the second deadly crash of the new Boeing planes in less than five months. A Lion Air Boeing 737 MAX 8 plunged into the Java Sea shortly after taking off from Jakarta in October, killing all 189 people on board.

Java

'Java 9, It Did Break Some Things': Oracle Bod Admits To Developers Still Clinging To Version 8 (theregister.co.uk) 251

Java has a problem -- the language and platform is evolving faster than ever, but many developers are stuck on the five-year-old Java 8. From a report: So why have developers not upgraded? Simply, Java 9 introduced major changes, including internal restructuring, new modularity (known as "Project Jigsaw"), and the removal of little-used APIs. These changes broke code, and even developers who are happy to make the necessary revisions have dependency issues. "We have problems with libraries that do not yet support the latest versions," said one QCon attendee.

"I want to explain why it was necessary," said Oracle's Ron Pressler, part of the Java platform group developing the language and lead for Project Loom. "There are billions of lines of code in Java, and Java 9, it did break some things. The reason is that Java is 20-something years old. It will probably be big and popular in another 20 years. We have to think 20 years ahead. The way the JDK was structured prior to Java 9 was just unmaintainable. We could not keep Java competitive if we had not done that change. That was an absolute necessity."

Programming

Experts Find Serious Problems With Switzerland's Online Voting System (vice.com) 63

An anonymous reader quotes a report from Motherboard: Switzerland made headlines this month for the transparency of its internet voting system when it launched a public penetration test and bug bounty program to test the resiliency of the system to attack. But after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system's design and about the transparency around the public test. Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what's going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly.

"Most of the system is split across hundreds of different files, each configured at various levels," Sarah Jamie Lewis, a former security engineer for Amazon as well as a former computer scientist for England's GCHQ intelligence agency, told Motherboard. "I'm used to dealing with Java code that runs across different packages and different teams, and this code somewhat defeats even my understanding." She said the system uses cryptographic solutions that are fairly new to the field and that have to be implemented in very specific ways to make the system auditable, but the design the programmers chose thwarts this. "It is simply not the standard we would expect," she told Motherboard. [...] It isn't just outside attackers that are a concern; the system raises the possibility for an insider to intentionally misconfigure the system to make it easier to manipulate, while maintaining plausible deniability that the misconfiguration was unintentional.
"Someone could wire the thing in the wrong place and suddenly the system is compromised," said Lewis, who is currently executive director of the Open Privacy Research Society, a Canadian nonprofit that develops secure and privacy-enhancing software for marginalized communities. "And when you're talking about code that is supposed to be protecting a national election, that is not a statement someone should be able to make." "You expect secure code to be defensively written that would prevent the implementers of the code from wiring it up incorrectly," Lewis told Motherboard. But instead of building a system that doesn't allow for this, the programmers simply added a comment to their source code telling anyone who compiles and implements it to take care to configure it properly, she said.

The online voting system was developed by Swiss Post, the country's national postal service, and the Barcelona-based company Scytl. "Scytl claims the system uses end-to-end encryption that only the Swiss Electoral Board would be able to decrypt," reports Motherboard. "But there are reasons to be concerned about such claims."
Python

Python Developer Survey Shows Data Analysis More Popular Than Web Development (jetbrains.com) 42

Over 20,000 programmers from more than 150 different countries provided answers for the second annual Python Developers Survey (conducted by the Python Software Foundation and JeBrains).

An anonymous reader submitted this condensed version of their results: 84% of Python users in our survey use Python as their main language...up 5 percentage points from 79% in 2017. But half of all Python users in the survey also use JavaScript, and 47% more say they use HTML/CSS. Reported use of Bash/Shell has also grown from 36% in 2017 to 45% in 2018. [Later 93% of respondents said that their activities included Software testing/Writing automated tests.] Python users who report that they also use Go and SQL have both increased by 2 percentage points, while many other languages (including C/C++, Java, and C#) have decreased their share...

When asked "What do you use Python for?" data analysis has become more popular than Web development, growing from 50% in 2017 to 58% in 2018. Machine learning also grew by 7 percentage points. These types of development are experiencing faster growth than Web development, which has only increased by 2 percentage points when compared to the previous year...

Almost two-thirds of respondents selected Linux as their development environment OS. Most people are using free or open source databases such as PostgreSQL, MySQL, or SQLite... Twenty-something was the prevalent age range among our respondents, with almost a third being in their thirties. [31% more were between the ages of 30 and 39.]

Google

Google Play Store Now Open For Progressive Web Apps (medium.com) 49

Maximiliano Firtman: Chrome 72 for Android shipped the long-awaited Trusted Web Activity feature, which means we can now distribute PWAs in the Google Play Store! I played with the feature for a while, digging into the APIs and here you have a summary of what's going on, what to expect and how to use it today. Chrome 72 for Android is now shipping from the Play Store to all users and this version included Trusted Web Activity (TWA), that in a nutshell is a way to open Chrome in standalone mode (without any toolbar or Chrome UI) within the scope of our own native Android package. Let me start saying that the publishing process is not straightforward as it should be (such as "enter your URL" in the Play Console and it's done). It's also not a way to use the currently available WebAPK and publish it in the store. It's a Java API that communicates through services with Chrome and seem to be in the early stages, so there is a lot of manual work to do yet today.

Slashdot Top Deals