Nerval's Lobster writes "From the annals of Really Important Science comes word that a research assistant who picked up his B.S. just seven months ago has invented a coffee mug designed to keep java at just the right piping-hot temperature for hours. Logan Maxwell, who got his undergraduate degree in chemical engineering from North Carolina State University in May, created the "Temperfect" mug as part of his senior design project for the College of Engineering. Most insulated mugs have two walls separated by a soft vacuum that insulates the temperature of a liquid inside from the temperature of the air outside. Maxwell's design has a third layer of insulation in a third wall wrapped around the inner basin of the mug. Inside is a chemical insulator that is solid at room temperature but melts into a liquid at 140 degrees Fahrenheit. The insulator – which Maxwell won't identify but swears is non-toxic – turns to liquid as it absorbs the extra heat of coffee poured into the mug at temperatures higher than 140 F, cooling it to a drinkable temperature quickly. As the heat of the coffee escapes, the insulating material releases heat through the inner wall of the mug to keep it hot as long as possible; a graph mapping the performance of a prototype shows it could keep a cup of coffee at between 128 F and 145 F for as long as 90 minutes. "Phase-change" coffee-mug insulation was patented during the 1960s, but has never been marketed because they are difficult and expensive to manufacture compared to simpler forms of insulation. While working on the Temperfect design, Maxwell met Belgian-born industrial designer Dean Verhoeven, president of consulting form Ancona Research, Inc., who had been working on a similar design and had already worked out how to manufacture a three-walled insulated mug cost effectively. The two co-founded a company called Joevo to manufacture the mugs." According to the Joevo Kickstarter page, you can get one starting at $40. For that much, I'd like a clever lid like this Contigo has.

An anonymous reader writes "Mozilla today officially launched Firefox 26 for Windows, Mac, Linux, and Android. Additions include Click-to-Play turned on by default for all Java plugins, more seamless updates on Windows, and a new Home design for Android. Firefox 26 has been released over on Firefox.com and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. Release notes are here: desktop and mobile."

sl4shd0rk writes "In 2012, Oracle took Google to court over Java. In the balance hung the legalities of writing code to mimic the functionality of copyrighted software. The trial was set to determine how all future software would be written (and by whom). Oracle's entire case boiled down to an inadvertent 9 lines of code; an argument over a simple and basic comparison of a range of numbers. The presiding judge (who had some background in writing software) didn't buy it stating he had 'written blocks of code like rangeCheck a hundred times before.' A victory for more than just Google. This week, however, Microsoft, EMC, Oracle and Netapp have filed for appeal and seek to reverse the ruling. It's not looking good as the new bevy of judges Indicating they may side with Oracle on the issue."

CowboyRobot writes "David Chisnall of the University of Cambridge describes how interfacing between languages is increasingly important. You can no longer expect a nontrivial application to be written in a single language. High-level languages typically call code written in lower-level languages as part of their standard libraries (for example, GUI rendering), but adding calls can be difficult. In particular, interfaces between two languages that are not C are often difficult to construct. Even relatively simple examples, such as bridging between C++ and Java, are not typically handled automatically and require a C interface. The problem of interfacing between languages is going to become increasingly important to compiler writers over the coming years."

jones_supa writes "When GCC 4.9 is released in 2014 it will be coming in hot on new features with a large assortment of improvements and new functionality for the open-source compiler. Phoronix provides a recap of some of the really great features of this next major compiler release from the Free Software Foundation. For a quick list: OpenMP 4.0, Intel Cilk Plus multi-threading support, Intel Bay Trail and Silvermont support, NDS32 port, Undefined Behavior Sanitizer, Address Sanitizer, ADA and Fortran updates, improved C11 / C++11 / C++14, better x86 intrinsics, refined diagnostics output. Bubbling under are still: Bulldozer 4 / Excavator support, OpenACC, JIT compiler, disabling Java by default."

First time accepted submitter Gavin King writes with news that the Ceylon language hit 1.0 "Ceylon 1.0 is a modern, modular, statically typed programming language for the Java and JavaScript virtual machines. The language features, an emphasis upon readability and a strong bias toward omission or elimination of potentially-harmful constructs; an extremely powerful type system combining subtype and parametric polymorphism with declaration-site variance, including first-class union and intersection types, and using principal types for local type inference and flow-dependent typing; a unique treatment of function and tuple types, enabling powerful abstractions; first-class constructs for defining modules and dependencies between modules; a very flexible syntax including comprehensions and support for expressing tree-like structures; and fully-reified generic types, on both the JVM and JavaScript virtual machines, and a unique typesafe metamodel. More information may be found in the feature list and quick introduction." If you think Ceylon is cool, you might find Ur/Web interesting too.

An anonymous reader writes "Oracle acquired GlassFish when it acquired Sun Microsystems, and now — like OpenSolaris and OpenOffice — the company has announced it will no longer support a commercial version of the product. Mike Milinkovich, executive director of the Eclipse Foundation. said in an interview the decision wasn't exactly a surprise: "The only company that was putting any real investment in GlassFish was Oracle," Milinkovich said. "Nobody else was really stepping up to the plate to help. If you never contributed anything to it, you can't complain when something like this happens." An update to the open source version is still planned for 2014." GlassFish is an open source application server.

cold fjord writes "Indonesia is threatening to cease cooperation with Australia on human smuggling as a result of further Snowden leaks published by the Guardian and other papers over the weekend. The leaks involve reported use of Australian embassies across Asia for signals intelligence as well as reports of intelligence operations by Australia and the U.S. in 2007 at the U.N. climate change conference in Bali. (In 2002 a terrorist attack at the Sari club in Bali killed 240 people, including 88 Australians.) As a result of the revelations, various groups are reportedly taking revenge, including claimed or alleged involvement of the Java Cyber Army, members of Anonymous in Indonesia, and possibly other hacker groups. They are attacking hundreds of Australian websites. Among the reported victims are Queensland hospital, a children's cancer association an anti-slavery charity, and many more."

JG0LD writes "The Firefox web browser will, henceforth, require users to manually activate Java objects on sites that they visit, Mozilla has confirmed. This even affects up-to-date versions of Java, which you can see on the block list. The change is aimed at improving security and moving away from a dependence on proprietary plug-ins, but critics say it will cause untold headaches for developers, admins and less-technical end-users. "

sfcrazy writes "It has been discovered that Google downgraded the SSL encryption of Android after version 2.3.4 and defaulted to RC4 and MD5 ciphers. It may appear that NSA is at play here as both are broken and can be easily compromised. But after digging the code Georg Lukas concluded that the blame goes to Oracle. 'The cipher order on the vast majority of Android devices was defined by Sun in 2002 and taken over into the Android project in 2010 as an attempt to improve compatibility.'" The Java spec from 2002 specified RC4 and MD5 as the first two ciphers for TLS; Android, however, used DHE-RSA-AES256-SHA by default. The default cipher list for Java 7 was updated, but Android is stuck using JDK 6 and a default cipher list over a decade old.

Hugh Pickens DOT Com writes "Andrew Binstock writes at Dr. Dobb's that a recurring prejudice in the forums where the cool kids hang out is against Java, often described as verbose and fading in popularity but Binstock sees little supporting evidence of Java being in some kind of long-term decline. While it is true that Java certainly can be verbose, several scripting languages have sprung up which are purpose-designed to spare developers from long syntactical passages to communicate a simple action, including NetRexx, Groovy, and Scala. As far as Java's popularity goes, normally, when technologies start their ultimate decline, tradeshows are the first to reflect the disintegrating community. But the recent JavaOne show was clearly larger and better attended than it has been in either of the last two years and vendors on the exhibiting floor were unanimous in saying that traffic, leads, and inquiries were up significantly over last year. Technically, the language continues to advance says Binstock. Java 8, expected in March, will add closures (that is, lambda expressions) that will reduce code, diminish the need for anonymous inner classes, and facilitate functional-like coding. Greater modularity which will be complete in Java 9 (due in 2016) will help efficient management of artifacts, as will several enhancements that simplify syntax in that release. 'When you add in the Android ecosystem, whose native development language is Java, it becomes very difficult to see how a language so widely used in so many areas — server, Web, desktop, mobile devices — is in some kind of decline,' concludes Binstock. 'What I'm seeing is a language that is under constant refinement and development, with a large and very active community, which enjoys a platform that is widely used for new languages. None of this looks to me like a language in decline.'"

An anonymous reader writes "The South African Education Department has effectively banned the use of FOSS software in state-run schools by forcing all candidates writing the Computer Applications Technology examination to use Microsoft's Office 2010 or 2013 as the only supported options. In the same circular, the state has mandated that all schools use Delphi, instead of Java, as the programming language for the country's Information Technology practical paper. South Africa, notorious for its poor performance in Maths and Science and for having vastly over-crowded and underfunded schools, are now locked into costly Microsoft licensing because of this decision."

New submitter ddyer writes "Java 1.7.0_40 [Note: released earlier this month] introduces a new 'red text' warning when running unsigned Java applets. 'Running unsigned applications like this will be blocked in a future release...' Or, for self-signed applets,'Running applications by UNKNOWN publishers will be blocked in a future release...' I think I see the point — this will give the powers that be the capability to shut off any malware java applet that is discovered by revoking its certificate. The unfortunate cost of this is that any casual use of Java is going to be killed. It currently costs a minimum of $100/year and a lot of hoop-jumping to maintain a trusted certificate.'"

kylus writes "The Register is reporting that Oracle's new Java 7 update 40 release comes complete with a new 'Deployment Rule Set' capability which allows administrators to define which particular applets and Java Web Start applications ('Rich Internet Applications') are permitted to run on a given machine. Not a complete solution for the recent trend of Java hacks that have cropped up, but good news for enterprises that have to run this in their environment." Update: 09/19 20:08 GMT by U L : There's an introduction to deploying rule sets on the Java platform group weblog too.

An anonymous reader writes "Oracle has released the first developer preview of Java 8 for the full range of platforms (Windows, Max OS X, Linux, Solaris). Java 8 is a major update to both language and platform with Lambda expressions, method references, default methods, a new Date and Time API, Compact Profiles, the Nashorn JavaScript Engine, and the removal of the Permanent Generation from the HotSpot virtual machine. 'This milestone is intended for broad testing by developers,' Java Platform Chief Architect Mark Reinhold wrote on his blog. 'We've run all tests on all Oracle-supported platforms and haven't found any glaring issues. We've also fixed many of the bugs discovered since we reached the Feature Complete milestone back in June.' Let the bug hunt commence!" This is the second part of the JDK "Plan B" where JDK 7 was pushed out without cool new features like lambda expressions to prevent stalling language development for too long.

theodp writes "Friday saw the launch of Rupert Murdoch's AP Computer Science MOOC. Taught by an AP CS high school teacher, the Java-centric course has students use the DrJava lightweight development environment for the exercises. 'If this MOOC works,' said Amplify CEO Joel Klein, 'we can think of ways to expand and support it.' Only the first week's videos are posted; course content is scheduled to be presented through March, with five weeks thereafter set aside for AP Exam prep. Might as well check it out, you may have helped pay for it — a MOOC-related Amplify job listing notes that 'This position may be funded, in whole or in part, through American Recovery & Reinvestment Act funds.'"

Last week you had a chance to ask Guido van Rossum, Python's BDFL (Benevolent Dictator For Life), about all things Python and his move to Dropbox. Guido wasted no time answering your questions and you'll find his responses below.

rjmarvin writes "The theft of 55 Bitcoins, or about $5,720, through Android wallet apps last week was made possible because of flaws in Android's Java and OpenSSL crypto PRNG, Google revealed in a blog post. In the wake of a Bitcoin security advisory and a Symantec vulnerability report, the Android Developers Blog admitted the reason the thieves were able to pilfer their wallet apps. The flaws are already, or in the process of being repaired."

First time accepted submitter elysiuan writes "The founder of Freedom Hosting has been arrested in Ireland and is awaiting extradition to USA. In a crackdown the FBI claims to be about hunting down pedophiles, half of the onion sites in the TOR network have been compromised, including the e-mail counterpart of TOR deep web, TORmail. The FBI has also embedded a 0-day Javascript attack against Firefox 17 on Freedom Hosting's server. It appears to install a tracking cookie and a payload that phones home to the FBI when the victim resumes non-TOR browsing. Interesting implications for The Silk Road and the value of Bitcoin stemming from this. The attack relies on two extremely unsafe practices when using TOR: Enabled Javascript, and using the same browser for TOR and non-TOR browsing. Any users accessing a Freedom Hosting hosted site since 8/2 with javascript enabled are potentially compromised."

chicksdaddy writes "Two researchers at the Black Hat Briefings security conference Thursday said Smart TVs from electronics giant Samsung are rife with vulnerabilities in the underlying operating system and Java-based applications. Those vulnerabilities could be used to steal sensitive information on the device owner, or even spy on the television's surroundings using an integrated webcam. Speaking in Las Vegas, Aaron Grattafiori and Josh Yavor, both security engineers at the firm ISEC Partners, described Smart TVs as Linux boxes outfitted with a Webkit-based browser. They demonstrated how vulnerabilities in SmartHub, the Java-based application that is responsible for many of the Smart TV's interactive features, could be exploited by a local or remote attacker to surreptitiously activate and control an embedded webcam on the SmartTV, launch drive-by download attacks and steal local user credentials and those of connected devices, browser history, cache and cookies as well as credentials for the local wireless network. Samsung has issued patches for many of the affected devices and promises more changes in its next version of the Smart TV. This isn't the first time Smart TVs have been shown to be vulnerable. In December, researchers at the firm ReVuln also disclosed a vulnerability in the Smart TV's firmware that could be used to launch remote attacks."