eldavojohn writes "The latest versions of Microsoft Windows have some good security options available — now if only they could get their most popular third-party applications to use them. A report from Secunia takes a look at two such options — DEP and ASLR — and Brian Krebs breaks down who is using them and who is not. A security specialist noted, 'If both DEP and ASLR are correctly deployed, the ease of exploit development decreases significantly. While most Microsoft applications take full advantage of DEP and ASLR, third-party applications have yet to fully adapt to the requirements of the two mechanisms (PDF). If we also consider the increasing number of vulnerabilities discovered in third-party applications, an attacker's choice for targeting a popular third-party application rather than a Microsoft product becomes very understandable.' Among those with neither DEP or ASLR: Apple Quicktime, Foxit Reader, Google Picasa, Java, OpenOffice.org, RealPlayer, and AOL's Winamp. While Flash player can't implement DEP, it does have ASLR. Google Chrome is the only popular third-party application listed with stars across the board." It's worth noting that several apps highlighted in the Secunia research paper have added support for those security options in recent patches, or are in the process of doing so. Examples include Firefox, VLC, and Foxit Reader.

DragonHawk writes "Mozilla Firefox 3.6.4 went to general release today. The big new feature in this release is out-of-process plugins (OOPP). This means things like Flash, Java, QuickTime, etc., all run in separate processes, so when Flash decides to crash, it won't take your browser out with it. If Flash starts consuming all the CPU it can find, you can kill it without nuking your browser session. I've been using this feature since it was in the 'nightly build' stage, and it was still more stable than 3.6.3, just because Flash was isolated." And reader Trailrunner7 supplies another compelling reason to download 3.6.4: "Security researcher Michal Zalewski has identified a problem with the way Firefox handles links that are opened in a new browser window or tab, enabling attackers to inject arbitrary code into the new window or tab while still keeping a deceptive URL in the browser's address bar. The vulnerability, which Mozilla has fixed in version 3.6.4, has the effect of tricking users into thinking that they're visiting a legitimate site while instead sending arbitrary attacker-controlled code to their browsers."

An anonymous reader writes "The recently published Top 500 list of the world's fastest supercomputers is based on the Linpack benchmark developed decades ago by Jack Dongarra. This same test has been ported to Android mobile phones, which means that we can compare the performance of our phones against that of the supercomputers of the past. For example, a tweaked Motorola Droid can hit 52 Mflop/s, which is more than 15 times faster than the CPUs used in the 1979 Cray-1." But even today's most powerful cellphones don't come with an integrated bench.

bonch writes "Objective-C has entered the top 10 of the Tiobe Programming Community Index. Last year, it was at #39. The huge jump is attributed to its use in iPhone and iPad development. C, of which Objective-C is a strict superset, has reclaimed the #1 spot from Java, which slides to #2. Tiobe also explains how it determines its rankings."

eldavojohn writes "Programming Clojure by Stuart Halloway was very near to the perfect book for me. It covers many things common to many Lisp languages while highlighting in moderate detail the things that make Clojure unique and worthy of some attention. The book spends a large amount of time dealing with the intricacies of interfacing fluidly with Java (down to a package rewrite inside a large project). This fits me perfectly as a Java programmer, and I now feel ready to experiment with peppering functional language capabilities into an object oriented language. The book also strives to show how to simplify multithreading through functional programming, which is good because I find multithreading in Java a serious headache that few are good at. Programming Clojure, released in May 2009, is currently the only book out there devoted to Clojure, and the introduction is written by the language's creator, Rich Hickey, who says, 'What is so thrilling about Stuart's book is the extent to which he "gets" Clojure.' The book earns its place on the Pragmatic Bookshelf by guiding the user through rewriting a part of Ant into a new build tool called Lancet — adding to the project what you just learned about Clojure at the end of each chapter." Keep reading for the rest of eldavojohn's review.

VitaminB52 writes "A-level computer science students will no longer be taught C, C#, or PHP from next year following a decision to withdraw the languages by the largest UK exam board. Schools teaching the Assessment and Qualifications Alliance's (AQA) COMP1 syllabus have been asked to use one of its other approved languages — Java, Pascal/Delphi, Python 2.6, Python 3.1, Visual Basic 6, and VB.Net 2008. Pascal/Delphi is 'highly recommended' by the exam board because it is stable and was designed to teach programming and problem-solving."

tbitiss writes "A new open source project dubbed Guacamole allows users to access a desktop remotely through a web browser, potentially streamlining the requirements for client support and administration. Guacamole is an HTML5 and JavaScript (Ajax) VNC viewer that makes use of a VNC-to-XML proxy server written in Java. According to its developers, Guacamole is almost as responsive as native VNC and should work in any browser supporting the HTML5 canvas tag. Supporting 10 Linux desktops in 10 browser tabs? I like the sound of that."

bgweber writes "Last year, the IEEE conference on Computational Intelligence and Games hosted a competition to determine who could write the best AI for playing Mario levels (YouTube video). This year, the conference has expanded the competition to include a track on level generation as well, where the goal is to generate new levels online procedurally. Submitting an entry is as easy as implementing a Java interface that performs procedural content generation. The implications of this competition are techniques for greatly increasing the replayability of games, since each gameplay session could present new levels to the player."

rmoskal recommends his blog post up at Most Media on finding the right level of abstraction, Grails, and SOFEA. "[Three years ago] I was very excited about Apache Wicket as the way to develop line of business applications with a domain model, CRUD [create-read-update-delete] screens for maintaining the model, and in the most interesting cases, doing something else useful besides. I still like Wicket. It has, as its website says, a small conceptual surface area.' It reminds me of Python in that 'You try something it usually just works.' In many respects, though, Wicket seems to be at the wrong level of abstraction for the for the sorts of line-of-business applications described above. If your team is spending any time at all writing code to produce listing, filtering, and sorting behavior, not to mention creating CRUD screens and the back-end logic for these operations, they are probably working at the wrong level of abstraction. ... Recently I did a small project using Grails and was quite pleased. Grails uses groovy, a dynamic language compatible with Java, and is based on the proven technologies that I know and love well: Spring, Hibernate, SiteMesh, Maven, etc. ... I get all the power of the Java ecosystem without the fustiness and lack of expressivity of the core language (no more getters and setters, ever!)."

Trailrunner7 writes "In a sudden about-face, Sun has rushed out a Java update to fix a drive-by download vulnerability that exposed Windows users to in-the-wild malware attacks. The patch comes less than a week after Sun told a Google researcher it did not consider the issue serious enough to warrant an out-of-cycle patch and less than a day after researchers spotted live exploits on a booby-trapped Web site. The flaw, which was also discovered independently by Ruben Santamarta, occurs because the Java-Plugin Browser is running 'javaws.exe' without validating command-line parameters. Despite the absence of documentation, a researcher was about to figure out that Sun removed the code to run javaws.exe from the Java plugin. The about-face by Sun is another sign that some big vendors still struggle to understand the importance of working closely with white hat researchers to understand the implications of certain vulnerabilities. In this case, Google's Tavis Ormandy was forced to use the full-disclosure weapon to force the vendor into a proper response."

Thrashing Rage writes "James Gosling has confirmed he is leaving Sun/Oracle: 'Yes, indeed, the rumors are true: I resigned from Oracle a week ago (April 2nd). I apologize to everyone in St. Petersburg who came to TechDays on Thursday expecting to hear from me. I really hated not being there. As to why I left, it's difficult to answer: just about anything I could say that would be accurate and honest would do more harm than good. The hardest part is no longer being with all the great people I've had the privilege to work with over the years. I don't know what I'm going to do next, other than take some time off before I start job hunting.'"

Trailrunner7 writes "There is a serious vulnerability in Java that makes all current browsers vulnerable to simple Web-based attacks that could lead to a complete compromise of the affected system. Two separate researchers released information on the vulnerability on Friday, saying that it has been present in Java for years. The problem lies in the Java Web Start framework, a technology that Sun Microsystems developed to enable the simplified deployment of Java applications. In essence, the JavaWS technology fails to validate parameters passed to it from the command line, and attackers can control those parameters using specific HTML tags on a Web page, researcher Ruben Santamarta said in an advisory posted Friday morning."

Low Ranked Craig writes "Apple had an event today to show off the next major update to the iPhone OS. iPhone OS 4.0 should arrive this summer (presumably with a new iPhone) for iPhone and iPod Touch, and in the fall for the iPad. According to Apple the update has more than 1,500 new APIs and 100 new features including the sorely missed multitasking. Other highlights include unified inbox, improved security, support for multiple Exchange accounts, application folders, iBooks, and iAd, an advertising framework for developers to put ads in their applications. The official word from Steve on Flash and Java remains a simple 'No.'" Updated 20100408 22:09 GMT by timothy: Read on for more information, including some bad news if you want to program for the iPhone in C# or Flash CS5.

derrida writes "After more than 4 years C is back at position number 1 in the TIOBE index. The scores for C have been pretty constant through the years, varying between the 15% and 20% market share for almost 10 years. So the main reason for C's number 1 position is not C's uprise, but the decline of its competitor Java. Java has a long-term downward trend. It is losing ground to other languages running on the JVM. An example of such a language is JavaFX, which is now approaching the top 20."

snydeq writes "Fatal Exception's Neil McAllister questions Oracle's ability to revive interest in Java in the wake of Oracle VP Jeet Kaul's announcement at EclipseCon that he would 'like to see people with piercings doing Java programming.' 'If Kaul is hoping Java will once again attract youthful, cutting-edge developers, as it did when it debuted in 1995, [Kaul] may be in for a long wait,' McAllister writes. 'Java has evolved from a groundbreaking, revolutionary language platform to something closer to a modern-day version of Cobol.' And, as McAllister sees it, 'Nothing screams "get off my lawn" like a language controlled by Oracle, the world's largest enterprise software vendor. The chances that Java can attract the mohawks-and-tattoos set today seem slimmer than ever.'"

Dr Herbert West writes "A trio of Google engineers have ported id Software's gib-filled first-person shooter Quake II to browsers — you know, for kicks — as a way to show just what HTML5-compatible web browsers are capable of. According to the developers, 'We started with the existing Jake2 Java port of the Quake II engine, then used the Google Web Toolkit (along with WebGL, WebSockets, and a lot of refactoring) to cross-compile it into JavaScript.' More details are available on one developer's blog, and installation instructions have been posted as well."

andylim writes "According to Barry O'Neil, ex-President of Namco Bandai Network Europe, Google needs to understand that a constantly evolving 'beta' product doesn't cut it. It has to learn from the mistakes of the Java business in order to save Android. 'If Google is to present a threat to the Apple App Store ecosystem, it needs to address discovery and purchasing as a matter of urgency, or abandon control and hand over the entire management of the Android Market to carriers, OEMs and trusted publishers.'"

itwbennett writes "Researchers at Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, have found a new type of malware that 'masks itself as an updater for Adobe Systems' products and other software such as Java,' wrote BKIS analyst Nguyen Cong Cuong in a post on the company's blog. BKIS showed screenshots of a variant of the malware that imitates Adobe Reader version 9 and overwrites the AdobeUpdater.exe, which regularly checks in with Adobe to see if a new version of the software is available."

An anonymous reader writes "The Australian Informatics Olympiad programming test is being run in a couple of months. I'm an experienced programmer and I'm thinking of volunteering to tutor interested kids at my children's school to get them ready. There will be children of all levels in the group, from those that can't write 'hello world' in any language, to somewhat experienced programmers. For those starting from scratch, I'm wondering what language to teach them to code in. Accepted languages are C, C++, Pascal, Java, PHP, Python and Visual Basic. I'm leaning towards Python, because it is a powerful language with a simple syntax. However, the test has a run-time CPU seconds limit, so using an interpreted language like Python could put the students at a disadvantage compared to using C. Is it better to teach them something in 2 months that they're likely to be able to code in but possibly run foul of the CPU time limit, or struggle to teach them to code in a more complicated syntax like C/C++ which would however give them the best chance of having a fast solution?"

AnotherUsername writes "The Federal Communications Commission is asking the nation's broadband and smartphone users to use its broadband testing tools to help the feds and consumers know what speeds are actually available, not just promised by the nation's telecoms. At http://www.broadband.gov/, users enter their address and test their broadband download speed, upload speed, latency, and jitter using one of two tests (users can choose to test with the other after one test is complete). The FCC is requiring the street address, as it 'may use this data to analyze broadband quality and availability on a geographic basis' (they promise not to release location data except in the aggregate). The agency is also asking those who live in a broadband 'dead zone' to fill out a report online, call, fax, email, or even send a letter. The announcement comes just six days before the FCC presents the first ever national broadband plan to Congress. Java is necessary to run the test." Lauren Weinstein points out some of the limitations in the FCC's testing methodology.