×
Programming

Ask Slashdot: Reviewing 3rd Party Libraries? 88

Posted by Soulskill from the discovering-you-trusted-something-way-too-much dept.
Carcass666 writes "It is usually good to use existing libraries, rather than reinventing the wheel, especially with open source. Unfortunately, sometimes we have to work with closed source implementations. Recently, we were diagnosing a .NET assembly and, after getting nowhere with the vendor, ran it through a decompiler. The code was a morass of SQL concatenation, sloppy type conversions, and various things that are generally thought of as insecure.

My question is: What are Slashdot readers' preferred tools for analyzing .NET and Java compiled libraries (not source code) for potential security vulnerabilities? Ideally, I would like to know if a library is a security liability before I code against it. For example, Microsoft used to have something called FxCop, but it hasn't been updated for current versions of the .NET framework."
Open Source

Spark Advances From Apache Incubator To Top-Level Project 24

Posted by timothy from the distribution-solution dept.
rjmarvin writes "The Apache Software Foundation announced that Spark, the open-source cluster-computing framework for Big Data analysis has graduated from the Apache Incubator to a top-level project. A project management committee will guide the project's day-to-day operations, and Databricks cofounder Matei Zaharia will be appointed VP of Apache Spark. Spark runs programs 100x faster than Apache Hadoop MapReduce in memory, and it provides APIs that enable developers to rapidly develop applications in Java, Python or Scala, according to the ASF."
Google

Google's Project Tango Seeks To Map a 3D World 49

Posted by Soulskill from the your-bathroom-will-be-in-google-maps-soon dept.
Nerval's Lobster writes "Google's Advanced Technology and Projects Group is working on a new initiative, Project Tango, which could allow developers to quickly map objects and interiors in 3D. At the heart of Project Tango is a prototype smartphone with a 5-inch screen, packed with hardware and software optimized to take 3D measurements of the surrounding environment. The associated development APIs can feed tons of positioning and orientation data to Android applications written in Java, C/C++, and the Unity Game Engine. In addition to a 'standard' 4-megapixel camera, the device features a motion-tracking camera and an aperture for integrated depth sensing; integrated into the circuitry are two computer-vision processors. Google claims it only has 200 developer units in stock, and it's willing to give them to independent developers who can submit a detailed idea for a project involving 3D mapping of some sort. The deadline for unit distribution is March 14, 2014. In theory, developers could use ultra-portable 3D mapping to create better maps, visualizations, and games. ('What if you could search for a product and see where the exact shelf is located in a super-store?' Google's Website asks at one point.) The bigger question is what Google intends to do with the technology if it proves effective. Google Maps with super-detailed interiors, anyone?"
Programming

Can Reactive Programming Handle Complexity? 149

Posted by Soulskill from the 8,000-nested-if-statements dept.
Nerval's Lobster writes "A recent article on Reactive Programming, which suggested that five lines of Reactive could solve a problem that required 500 lines using Java or 200 lines using triggers, led many readers to question (passionately) whether Reactive enables you to address not just typical problems, but complex ones as well. In a follow-up column, Espresso Logic CTO Val Huber argues that, while it certainly can't solve all use cases, Reactive Programming is very capable of addressing many complex problems, and can address all other scenarios via a transparent integration with procedural languages. He shows how Reactive can handle complexity using two different scenarios: a classically complicated database application (a bill of materials price rollup) and procedural integration (to address external systems such as email and transactions not limited by a database update). Take a look at his work; do you agree?"
Australia

Australia's Bureau of Meteorology Dumps Water Data Project 112

Posted by samzenpus from the that-wasn't-the-plan dept.
littlekorea writes "Australia's weather bureau has racked up bills of $38 million for a water data system, based on Red Hat Linux, MySQL and Java, that was originally scheduled to cost somewhere between $2 million and $5 million. The Bureau's supplier, an ASX-listed IT services provider SMS Management and Technology, did a good job of embedding itself in the bureau, with all changes having to be made by the original consultant that built it."
Java

Eclipse Foundation Celebrates 10 Years 155

Posted by Unknown Lamer from the emacs-is-still-better dept.
msmoriarty writes with news that the Eclipse foundation is ten years old this week. Although Eclipse was released in 2001, development was controlled by IBM until the creation of the independent Eclipse Foundation in 2004. "According to Eclipse Foundation Director Mike Milinkovich, that's a major reason Eclipse was able to thrive: 'IBM....did an exemplary job of setting Eclipse free ... We became the first open source organization to show that real competitors could collaborate successfully within the community.' He also talks about misconceptions about Eclipse, its current open source success, and what he sees for the future."
Programming

The JavaScript Juggernaut Rolls On 505

Posted by Soulskill from the building-tools-to-build-more-tools dept.
JThaddeus writes "An article in TechWorld Australia summarizes the latest opinions on JavaScript from ThoughtWorks: 'There is no end in sight to the rise of JavaScript... "I think JavaScript has been seen as a serious language for the last two or three years; I think now increasingly we're seeing JavaScript as a platform," said Sam Newman, ThoughtWorks' Global Innovation Lead.' The article touches on new additions to JavaScript tools, techniques, and languages built on JavaScript. As the fuller report (PDF) says, 'The ecosystem around JavaScript as a serious application platform continues to evolve. Many interesting new tools for testing, building, and managing dependencies in both server- and client-side JavaScript applications have emerged recently.'"
Programming

Ask Slashdot: Configuring Development Environment On a Shared Workstation? 158

Posted by timothy from the show-me-your-diagram dept.
First time accepted submitter xyourfacekillerx writes "After a long hiatus of developing (ASP.NET), I decided to pick it up again. I need to learn .NET and SQL for my new job (GIS tech using ESRI software). Down the road they need a PHP website, tons of automation tasks, some serious data consolidation, they want mobile apps in theory. This is not my job description, but I'm sure I can do it. Long story short, I need to setup a development environment on my home desktop, so I can do all this in my spare time. Trouble is, I share the machine (Win 8.1, 2.7 dual core pentium something or other, with virtualization support.) I want to avoid affecting the other users profiles. I currently use my profile for music production (Reason) and photography (Photoshop, et al) so it's already resource intensive with RAM, CPU and VMM. I'll be needing to install all of your basic Microsoft developer suites, IIS, SQl Server, ANdroid SDK, Java SDK, device emulators, etc. etc. Plus AMP and finally GIS software. There will obviously be a lot of services running, long build times, and so on. To wit, I wouldn't be able to use my desktop for my other purposes like the music editing. So I need some advice. Would it help to set up all these tools under a different account on the same Win 8.1 install? Or should I virtualize my development environment (and how?), and run the virtual machine side by side? Or should I add a HDD or secondary partition and boot to that when I intend to develop? I am poor ATM, but is there a cheap very mini PC I can place next to my desktop and run all my development software off that, remote desktop into it? I've done a lot of googling the last week and haven't turned up anything, so I turn to Slashdot. Please help me get organized so I can start coding again."
Java

Oracle Seeking Community Feedback on Java 8 EE Plans 109

Posted by Unknown Lamer from the will-no-one-think-about-cyberdog dept.
An anonymous reader writes with this quick bite from Info Q: "Oracle is seeking feedback from the Java community about what it should work on for the next version of Java EE, the popular and widely used enterprise framework. As well as standardizing APIs for PaaS and SaaS the vendor is looking at removing some legacy baggage including EJB 2.x remote and local client view (EJBObject, EJBLocalObject, EJBHome, and EJBLocalHome interfaces) and CORBA."
Sun Microsystems

James Gosling Grades Oracle's Handling of Sun's Tech 223

Posted by Unknown Lamer from the a+-for-killing-solaris dept.
snydeq writes "With the four-year anniversary of Oracle's Sun Microsystems acquisition looming, InfoWorld reached out to Java founder James Gosling to rate how Oracle has done in shepherding Sun technology. Gosling gives Oracle eyebrow-raising grades, lauding Oracle's handling of Java, despite his past acrimony toward Oracle over Java (remember those T-shirts?), and giving Oracle a flat-out failing grade on what has become of Solaris OS."
Programming

How Reactive Programming Differs From Procedural Programming 186

Posted by samzenpus from the talk-amongst-yourselves dept.
Nerval's Lobster writes "A recent post on Reactive Programming triggered discussions about what is and isn't considered Reactive Logic. In fact, many have already discovered that Reactive Programming can help improve quality and transparency, reduce programming time and decrease maintenance. But for others, it raises questions like: How does Reactive differ from conventional event-oriented programming? Isn't Reactive just another form of triggers? What kind of an improvement in coding can you expect using Reactive and why? So to help clear things up, columnist and Espresso Logic CTO Val Huber offers a real-life example that he claims will show the power and long-term advantages Reactive offers. 'In this scenario, we'll compare what it takes to implement business logic using Reactive Programming versus two different conventional procedural Programming models: Java with Hibernate and MySQL triggers,' he writes. 'In conclusion, Reactive appears to be a very promising technology for reducing delivery times, while improving system quality. And no doubt this discussion may raise other questions on extensibility and performance for Reactive Programming.' Do you agree?"
Java

Oracle Promises Patches Next Week For 36 Exploits In Latest Java 154

Posted by timothy from the they-call-this-progress dept.
An anonymous reader writes "Oracle is posting patches for all its products next Tuesday, which include 36 exploits for Java alone and over 140 for all Oracle products currently supported, included over 80 that require no authentication to execute.These patches look to be critical for any administrator. Java 6 users who use equipment or programs that rely on older versions are SOL unless they sign up for a very expensive support contract, as these patches are for Java 7 only."
Advertising

Yahoo Advertising Serves Up Malware For Thousands 184

Posted by samzenpus from the have-some dept.
wjcofkc writes "Thousands of users have been affected by malicious advertisements served by ads.yahoo.com. The attack, which lasted several days, exploited vulnerabilities in Java and installed malware. The Netherlands based Fox-IT estimates that the infection rate was at about 27,000 infections per hour. In response to the breach in security, Yahoo issued the following statement, 'At Yahoo, we take the safety and privacy of our users seriously. We recently identified an ad designed to spread malware to some of our users. We immediately removed it and will continue to monitor and block any ads being used for this activity.' While the source of the attack remains unknown, Fox-IT says it appears to be 'financially motivated.' The Washington Post cites this incident as a reminder that Java has become an Internet security menace."
Technology

Engineering the Perfect Coffee Mug 145

Posted by timothy from the wish-it-was-a-perfect-unblemished-cylinder dept.
Nerval's Lobster writes "From the annals of Really Important Science comes word that a research assistant who picked up his B.S. just seven months ago has invented a coffee mug designed to keep java at just the right piping-hot temperature for hours. Logan Maxwell, who got his undergraduate degree in chemical engineering from North Carolina State University in May, created the "Temperfect" mug as part of his senior design project for the College of Engineering. Most insulated mugs have two walls separated by a soft vacuum that insulates the temperature of a liquid inside from the temperature of the air outside. Maxwell's design has a third layer of insulation in a third wall wrapped around the inner basin of the mug. Inside is a chemical insulator that is solid at room temperature but melts into a liquid at 140 degrees Fahrenheit. The insulator – which Maxwell won't identify but swears is non-toxic – turns to liquid as it absorbs the extra heat of coffee poured into the mug at temperatures higher than 140 F, cooling it to a drinkable temperature quickly. As the heat of the coffee escapes, the insulating material releases heat through the inner wall of the mug to keep it hot as long as possible; a graph mapping the performance of a prototype shows it could keep a cup of coffee at between 128 F and 145 F for as long as 90 minutes. "Phase-change" coffee-mug insulation was patented during the 1960s, but has never been marketed because they are difficult and expensive to manufacture compared to simpler forms of insulation. While working on the Temperfect design, Maxwell met Belgian-born industrial designer Dean Verhoeven, president of consulting form Ancona Research, Inc., who had been working on a similar design and had already worked out how to manufacture a three-walled insulated mug cost effectively. The two co-founded a company called Joevo to manufacture the mugs." According to the Joevo Kickstarter page, you can get one starting at $40. For that much, I'd like a clever lid like this Contigo has.
Firefox

Firefox 26 Arrives With Click-To-Play For Java Plugins 208

Posted by Soulskill from the demotion-of-java-continues dept.
An anonymous reader writes "Mozilla today officially launched Firefox 26 for Windows, Mac, Linux, and Android. Additions include Click-to-Play turned on by default for all Java plugins, more seamless updates on Windows, and a new Home design for Android. Firefox 26 has been released over on Firefox.com and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. Release notes are here: desktop and mobile."
Oracle

Tech Companies Set To Appeal 2012 Oracle Vs. Google Ruling 198

Posted by samzenpus from the what-do-you-think-now? dept.
sl4shd0rk writes "In 2012, Oracle took Google to court over Java. In the balance hung the legalities of writing code to mimic the functionality of copyrighted software. The trial was set to determine how all future software would be written (and by whom). Oracle's entire case boiled down to an inadvertent 9 lines of code; an argument over a simple and basic comparison of a range of numbers. The presiding judge (who had some background in writing software) didn't buy it stating he had 'written blocks of code like rangeCheck a hundred times before.' A victory for more than just Google. This week, however, Microsoft, EMC, Oracle and Netapp have filed for appeal and seek to reverse the ruling. It's not looking good as the new bevy of judges Indicating they may side with Oracle on the issue."
Programming

The Challenge of Cross-Language Interoperability 286

Posted by Soulskill from the porting-your-code-to-a-terrible-language dept.
CowboyRobot writes "David Chisnall of the University of Cambridge describes how interfacing between languages is increasingly important. You can no longer expect a nontrivial application to be written in a single language. High-level languages typically call code written in lower-level languages as part of their standard libraries (for example, GUI rendering), but adding calls can be difficult. In particular, interfaces between two languages that are not C are often difficult to construct. Even relatively simple examples, such as bridging between C++ and Java, are not typically handled automatically and require a C interface. The problem of interfacing between languages is going to become increasingly important to compiler writers over the coming years."
Programming

GCC 4.9 Coming With Big New Features 181

Posted by timothy from the holy-linkage-batman dept.
jones_supa writes "When GCC 4.9 is released in 2014 it will be coming in hot on new features with a large assortment of improvements and new functionality for the open-source compiler. Phoronix provides a recap of some of the really great features of this next major compiler release from the Free Software Foundation. For a quick list: OpenMP 4.0, Intel Cilk Plus multi-threading support, Intel Bay Trail and Silvermont support, NDS32 port, Undefined Behavior Sanitizer, Address Sanitizer, ADA and Fortran updates, improved C11 / C++11 / C++14, better x86 intrinsics, refined diagnostics output. Bubbling under are still: Bulldozer 4 / Excavator support, OpenACC, JIT compiler, disabling Java by default."
Programming

Red Hat Releases Ceylon Language 1.0.0 159

Posted by Unknown Lamer from the everyone-is-doing-it dept.
First time accepted submitter Gavin King writes with news that the Ceylon language hit 1.0 "Ceylon 1.0 is a modern, modular, statically typed programming language for the Java and JavaScript virtual machines. The language features, an emphasis upon readability and a strong bias toward omission or elimination of potentially-harmful constructs; an extremely powerful type system combining subtype and parametric polymorphism with declaration-site variance, including first-class union and intersection types, and using principal types for local type inference and flow-dependent typing; a unique treatment of function and tuple types, enabling powerful abstractions; first-class constructs for defining modules and dependencies between modules; a very flexible syntax including comprehensions and support for expressing tree-like structures; and fully-reified generic types, on both the JVM and JavaScript virtual machines, and a unique typesafe metamodel. More information may be found in the feature list and quick introduction." If you think Ceylon is cool, you might find Ur/Web interesting too.
Oracle

Oracle Kills Commercial Support For GlassFish: Was It Inevitable? 125

Posted by timothy from the allocation-of-resources dept.
An anonymous reader writes "Oracle acquired GlassFish when it acquired Sun Microsystems, and now — like OpenSolaris and OpenOffice — the company has announced it will no longer support a commercial version of the product. Mike Milinkovich, executive director of the Eclipse Foundation. said in an interview the decision wasn't exactly a surprise: "The only company that was putting any real investment in GlassFish was Oracle," Milinkovich said. "Nobody else was really stepping up to the plate to help. If you never contributed anything to it, you can't complain when something like this happens." An update to the open source version is still planned for 2014." GlassFish is an open source application server.

Slashdot Top Deals