Apple's Software 'Problem' and 'Fixing' It ( 99

According to media reports, Apple is planning to postpone some new features for iOS and macOS this year to focus on improving reliability, stability and performance of the existing versions. Steven Sinofsky, a former President of the Windows Division, shared his insights into the significance of this development: Several important points are conflated in the broad discussion about Apple and software: Quality, pace of change, features "versus" quality, and innovation. Scanning the landscape, it is important to recognize that in total the work Apple has been doing across hardware, software, services, and even AI/ML, in total -- is breathtaking and unprecedented in scope, scale, and quality. Few companies have done so much for so long with such a high level of consistency. This all goes back to the bet on the NeXT code base and move to Intel for Mac OS plus the iPod, which began the journey to where we are today.

[...] What is lost in all of this recent discussion is the nuance between features, schedule, and quality. It is like having a discussion with a financial advisor over income, risk, and growth. You don't just show up and say you want all three and get a "sure." On the other hand, this is precisely what Apple did so reliably over 20 years. But behind the scenes there is a constant discussion over balancing these three legs of the tripod. You have to have all of them but you "can't" but you have to. This is why they get paid big $.

[...] A massive project like an OS (+h/w +cloud) is like a large investment portfolio and some things will work (in market) and others won't, some things are designed to return right away, some are safe bets, some are long term investments. And some mistakes... Customers don't care about any of that and that's ok. They just look for what they care about. Each evaluates through their own lens. Apple's brilliance is in focusing mostly on two audiences -- Send-users and developers -- tending to de-emphasize the whole "techie" crowd, even IT. When you look at a feature like FaceID and trace it backwards all the way to keychain -- see how much long term thought can go into a feature and how much good work can go unnoticed (or even "fail") for years before surfacing as a big advantage. That's a long term POV AND focus. This approach is rather unique compared to other tech companies that tend to develop new things almost independent of everything else. So new things show up and look bolted on the side of what already exists. (Sure Apple can do that to, but not usually). All the while while things are being built the team is just a dev team and trying to come up with a reliable schedule and fix bug. This is just software development.


Skype Can't Fix a Nasty Security Bug Without a Massive Code Rewrite ( 151

ZDNet reports of a security flaw in Skype's updater process that "can allow an attacker to gain system-level privileges to a vulnerable computer." If the bug is exploited, it "can escalate a local unprivileged user to the full 'system' level rights -- granting them access to every corner of the operating system." What's worse is that Microsoft, which owns Skype, won't fix the flaw because it would require the updater to go through "a large code revision." Instead, Microsoft is putting all its resources on building an altogether new client. From the report: Security researcher Stefan Kanthak found that the Skype update installer could be exploited with a DLL hijacking technique, which allows an attacker to trick an application into drawing malicious code instead of the correct library. An attacker can download a malicious DLL into a user-accessible temporary folder and rename it to an existing DLL that can be modified by an unprivileged user, like UXTheme.dll. The bug works because the malicious DLL is found first when the app searches for the DLL it needs. Once installed, Skype uses its own built-in updater to keep the software up to date. When that updater runs, it uses another executable file to run the update, which is vulnerable to the hijacking. The attack reads on the clunky side, but Kanthak told ZDNet in an email that the attack could be easily weaponized. He explained, providing two command line examples, how a script or malware could remotely transfer a malicious DLL into that temporary folder.

The Quest To Find the Longest-Serving Programmer ( 115

In 2014, the National Museum of Computing published a blog post in which it tried to find the person who has been programming the longest. At the time, it declared Bill Williams, a 70-year old to be one of the world's most durable programmers, who claimed to have started coding for a living in 1969 and was still doing so at the time of publication. The post has been updated several times over the years, and over the weekend, the TNMC updated it once again. The newest contender is Terry Froggatt of Hampshire, who writes: I can beat claim of your 71-year-old by a couple of years, (although I can't compete with the likes of David Hartley). I wrote my first program for the Elliott 903 in September 1966. Now at the age of 73 I am still writing programs for the Elliott 903! I've just written a 903 program to calculate the Fibonacci numbers. And I've written quite a lot of programs in the years in between, some for the 903 but also a good many in Ada.

Should GitHub Allow Username Reuse? ( 84

Jesse Donat argues via Donut Studios why GitHub should never allow usernames to be valid again once they are deleted. He provides an example of a user who deleted his GitHub account and personal domain with a popular tool used for embedding data files into Go binaries. "While this is within his rights to do, this broke a dependency many people had within their projects," Donat writes. "To fix this, some users of the project recreated the account and the repository based on a fork of the project." Donat goes on to write: Allowing username reuse completely breaks any trust that what I pull is what it claims to be. What if this user had been malicious? It may have taken a while before someone actually noticed this wasn't the original user and the code was doing something more than it claimed to.

While Go's "go get" functionality is no doubt naive and just pulls the head of a repository, this is not exclusively Go's problem as this affects any package manager that runs on tags. Simply tag malicious changes beyond the current release and it would be deployed to many users likely with little actual review.


Researchers Create Simulation Of a Simple Worm's Neural Network ( 75

ClockEndGooner writes: Researchers at the Technische Universitat Wein have created a simulation of a simple worm's neural network, and have been able to replicate its natural behavior to completely mimic the worm's natural reflexive behavior. According to the article, using a simple neural network of 300 neurons, the simulation of "the worm can find its way, eat bacteria and react to certain external stimuli. It can, for example, react to a touch on its body. A reflexive response is triggered and the worm squirms away. This behavior is determined by the worm's nerve cells and the strength of the connections between them. When this simple reflex network is recreated on a computer, the simulated worm reacts in exactly the same way to a virtual stimulation -- not because anybody programmed it to do so, but because this kind of behavior is hard-wired in its neural network." Using the same neural network without adding any additional nerve cells, Mathias Lechner, Radu Grosu, and Ramin Hasani were able to have the nematode simulation learn to balance a pole "just by tuning the strength of the synaptic connections. This basic idea (tuning the connections between nerve cells) is also the characteristic feature of any natural learning process."

Police In China Are Scanning Travelers With Facial Recognition Glasses ( 87

Baron_Yam shares a report from Engadget: Police in China are now sporting glasses equipped with facial recognition devices and they're using them to scan train riders and plane passengers for individuals who may be trying to avoid law enforcement or are using fake IDs. So far, police have caught seven people connected to major criminal cases and 26 who were using false IDs while traveling, according to People's Daily. The Wall Street Journal reports that Beijing-based LLVision Technology Co. developed the devices. The company produces wearable video cameras as well and while it sells those to anyone, it's vetting buyers for its facial recognition devices. And, for now, it isn't selling them to consumers. LLVision says that in tests, the system was able to pick out individuals from a database of 10,000 people and it could do so in 100 milliseconds. However, CEO Wu Fei told the Wall Street Journal that in the real world, accuracy would probably drop due to "environmental noise." Additionally, aside from being portable, another difference between these devices and typical facial recognition systems is that the database used for comparing images is contained in a hand-held device rather than the cloud."

Apple is Sending Some Developers Ad Spend and Install Details For Other People's Apps ( 14

An issue at Apple appears to be resulting in app developers getting emails of ad spend and install summaries for apps belonging to other developers. From a report: The issue -- which appears specific right now to developers using Search Ads Basic, pay-per-install ads that appear as promoted apps when people search on the App Store -- was raised on Twitter by a number of those affected, including prominent developer Steve Troughton-Smith, who posted a screenshot of an email that summarized January's ad spend and install data another developer's two apps. Several others replied noting the same issue, listing more developers and random apps.

Rust Creator Graydon Hoare Says Current Software Development Practices Terrify Him ( 353

An anonymous reader writes: On Monday Graydon Hoare, the original creator of the Rust programming language, posted some memories on Twitter. "25 years ago I got a job at a computer bookstore. We were allowed to borrow and read the books; so I read through all the language books, especially those with animals on the covers. 10 years ago I had a little language of my own printing hello world." And Monday he was posting a picture of O'Reilly Media's first edition of their new 622-page book Programming Rust: Fast, Safe Systems Development. Then he elaborated to his followers about what happened in between.

"I made a prototype, then my employer threw millions of dollars at it and hired dozens of researchers and programmers (and tireless interns, hi!) and a giant community of thousands of volunteers showed up and _then_ the book arrived. (After Jim and Jason wrote it and like a dozen people reviewed it and a dozen others edited it and an army of managers coordinated it and PLEASE DESIST IN THINKING THINGS ARE MADE BY SINGLE PEOPLE IT IS A VERY UNHEALTHY MYTH)." He writes that the nostaglic series of tweets was inspired because "I was just like a little tickled at the circle-of-life feeling of it all, reminiscing about sitting in a bookstore wondering if I'd ever get to work on cool stuff like this."

One Twitter user then asked him if Rust was about dragging C++ hackers halfway to ML, to which Hoare replied "Not dragging, more like throwing C/C++ folks (including myself) a life raft wrt. safety... Basically I've an anxious, pessimist personality; most systems I try to build are a reflection of how terrifying software-as-it-is-made feels to me. I'm seeking peace and security amid a nightmare of chaos. I want to help programmers sleep well, worry less."


GDC Rescinds Award For Atari Founder Nolan Bushnell After Criticisms of Sexually Inappropriate Behavior ( 498

The organizers of the Game Developers Choice Awards announced today that they have rescinded the Pioneer Award for Atari founder Nolan Bushnell, and announced the award will not be given this year entirely. "The decision follows a day of outcry after GDC organizers announced that Bushnell, 74, had been tapped for the GDCA's lifetime achievement honor," reports Polygon. "News accounts and histories over the past several years have documented a history of workplace misconduct and sexist behavior toward women by Bushnell, during Atari's early days." From the report: In a statement this morning, GDC said its awards committee "made the decision not to give out a Pioneer Award for this year's event, following additional feedback from the community. They believe their picks should reflect the values of today's game industry and will dedicate this year's award to honor the pioneering and unheard voices of the past." The Pioneer Award is for "individuals who developed a breakthrough technology, game concept, or gameplay design at a crucial juncture in video game history," according to its official site. Nine have been conferred since 2008, none of them women. Bushnell founded Atari in 1972 and installed the first coin-operated video game, Pong, shortly thereafter. He presided over the company's rise to dominate the early generation of home console gaming before selling it off and founding what is today the Chuck E. Cheese line of restaurants. Bushnell issued a statement on Twitter: "I applaud the GDC for ensuring that their institution reflects what is right, specifically with regards to how people should be treated in the workplace. And if that means an award is the price I have to pay personally so the whole industry may be more aware and sensitive to these issues, I applaud that, too. If my personal actions or the actions of anyone who ever worked with me offended or caused pain to anyone at our companies, then I apologize without reservation."
Desktops (Apple)

Apple Still Aims To Allow iPad Apps To Run on Macs This Year ( 63

Apple's push for performance and security improvements over new features will also apply to this year's Mac software, Axios reported on Wednesday, but one key feature remains on the roadmap for 2018: The ability for Macs to run iPad apps. From the report: On the Mac side, this is taking the form of a new project around security as well as improvements in performance when waking and unlocking the system. While users would certainly welcome changes that make their systems run better and more securely, customers tend to be more motivated to make purchases based on new features rather than promised improvements around security or performance, which can be tough to judge. The signature new feature for the Mac -- the ability to run iPad apps -- is a significant undertaking that adds a high degree of complexity to this year's OS release.

Employers Want JavaScript, But Developers Want Python, Survey Finds ( 222

An anonymous reader quotes InfoWorld: When it comes to which programming languages are in demand by employers, JavaScript, Java, Python, C++, and C -- in that order -- came out on top in a recent developer survey. Developers, however, want to learn languages like Python, Go, and Kotlin. A survey of developers by technical recruiter HackerRank, conducted in October, found no gap between languages employers want and what developers actually know, with JavaScript barely edging out Java...

HackerRank also found gaps in JavaScript frameworks between what employers want and what developers know. The React JavaScript UI library had the biggest delta between employers and developers, with about 37 percent of employers wanting React skills but only about 19 percent of developers having them... [But] problem-solving skills are the most-sought by employers, more than language proficiency, debugging, and system design.

The survey involved 39,441 developers, and concluded that "Python ruled among all age groups," according to Application Development Trends, "except for those 55 years or older, who narrowly prefer C."

ICE Is About To Start Tracking License Plates Across the US 167

Presto Vivace shares a report from The Verge: The Immigration and Customs Enforcement (ICE) agency has officially gained agency-wide access to a nationwide license plate recognition database, according to a contract finalized earlier this month. The system gives the agency access to billions of license plate records and new powers of real-time location tracking, raising significant concerns from civil libertarians. The source of the data is not named in the contract, but an ICE representative said the data came from Vigilant Solutions, the leading network for license plate recognition data. While it collects few photos itself, Vigilant Solutions has amassed a database of more than 2 billion license plate photos by ingesting data from partners like vehicle repossession agencies and other private groups. ICE agents would be able to query that database in two ways. A historical search would turn up every place a given license plate has been spotted in the last five years, a detailed record of the target's movements. That data could be used to find a given subject's residence or even identify associates if a given car is regularly spotted in a specific parking lot. Presto Vivace adds, "This will not end well."

Tim Cook: Coding Languages Were 'Too Geeky' For Students Until We Invented Swift ( 335

theodp writes: Speaking to a class of Grade 7 students taking coding lessons at the Apple Store in Eaton Centre, the Toronto Star reports that Apple CEO Tim Cook told the kids that most students would shun programming because coding languages were 'too geeky' until Apple introduced Swift. "Swift came out of the fundamental recognition that coding languages were too geeky. Most students would look at them and say, 'that's not for me,'" Cook said as the preteens participated in an Apple-designed 'Everyone Can Code' workshop. "That's not our view. Our view is that coding is a horizontal skill like your native languages or mathematics, so we wanted to design a programming language that is as easy to learn as our products are to use."

Donald Knuth Turns 80, Seeks Problem-Solvers For TAOCP ( 71

An anonymous reader writes: When 24-year-old Donald Knuth began writing The Art of Computer Programming, he had no idea that he'd still be working on it 56 years later. This month he also celebrated his 80th birthday in Sweden with the world premier of Knuth's Fantasia Apocalyptica, a multimedia work for pipe organ and video based on the bible's Book of Revelations, which Knuth describes as "50 years in the making."

But Knuth also points to the recent publication of "one of the most important sections of The Art of Computer Programming" in preliminary paperback form: Volume 4, Fascicle 6: Satisfiability. ("Given a Boolean function, can its variables be set to at least one pattern of 0s and 1 that will make the function true?")

Here's an excerpt from its back cover: Revolutionary methods for solving such problems emerged at the beginning of the twenty-first century, and they've led to game-changing applications in industry. These so-called "SAT solvers" can now routinely find solutions to practical problems that involve millions of variables and were thought until very recently to be hopelessly difficult.
"in several noteworthy cases, nobody has yet pointed out any errors..." Knuth writes on his site, adding "I fear that the most probable hypothesis is that nobody has been sufficiently motivated to check these things out carefully as yet." He's uncomfortable printing a hardcover edition that hasn't been fully vetted, and "I would like to enter here a plea for some readers to tell me explicitly, 'Dear Don, I have read exercise N and its answer very carefully, and I believe that it is 100% correct,'" where N is one of the exercises listed on his web site.

Elsewhere he writes that two "pre-fascicles" -- 5a and 5B -- are also available for alpha-testing. "I've put them online primarily so that experts in the field can check the contents before I inflict them on a wider audience. But if you want to help debug them, please go right ahead."

Has the Decades-Old Floating Point Error Problem Been Solved? ( 174

overheardinpdx quotes HPCwire: Wednesday a company called Bounded Floating Point announced a "breakthrough patent in processor design, which allows representation of real numbers accurate to the last digit for the first time in computer history. This bounded floating point system is a game changer for the computing industry, particularly for computationally intensive functions such as weather prediction, GPS, and autonomous vehicles," said the inventor, Alan Jorgensen, PhD. "By using this system, it is possible to guarantee that the display of floating point values is accurate to plus or minus one in the last digit..."

The innovative bounded floating point system computes two limits (or bounds) that contain the represented real number. These bounds are carried through successive calculations. When the calculated result is no longer sufficiently accurate the result is so marked, as are all further calculations made using that value. It is fail-safe and performs in real time.

Jorgensen is described as a cyber bounty hunter and part time instructor at the University of Nevada, Las Vegas teaching computer science to non-computer science students. In November he received US Patent number 9,817,662 -- "Apparatus for calculating and retaining a bound on error during floating point operations and methods thereof." But in a followup, HPCwire reports: After this article was published, a number of readers raised concerns about the originality of Jorgensen's techniques, noting the existence of prior art going back years. Specifically, there is precedent in John Gustafson's work on unums and interval arithmetic both at Sun and in his 2015 book, The End of Error, which was published 19 months before Jorgensen's patent application was filed. We regret the omission of this information from the original article.

Apple Shuts Swift Mailing List, Migrates to Online Forum ( 25

An anonymous reader writes: Apple's Swift project "has completed the process of migrating to the Swift Forums as the primary method for discussion and communication!" announced a blog post on Friday. "The former mailing lists have been shut down and archived, and all mailing list content has been imported into the new forum system."

While they're still maintaining a few Swift-related mailing lists, they're moving discussions into online forums divided into four main categories: Evolution, Development, Using Swift, and Site Feedback. Forum accounts can be set up using either email registration or GitHub accounts.

It was one year ago that Swift creator Chris Lattner answered questions from Slashdot readers.

'Text Bomb' Is Latest Apple Bug ( 60

An anonymous reader quotes a report from the BBC: A new "text bomb" affecting Apple's iPhone and Mac computers has been discovered. Abraham Masri, a software developer, tweeted about the flaw which typically causes an iPhone to crash and in some cases restart. Simply sending a message containing a link which pointed to Mr Masri's code on programming site GitHub would be enough to activate the bug -- even if the recipient did not click the link itself. Mr Masri said he "always reports bugs" before releasing them. Apple has not yet commented on the issue. On a Mac, the bug reportedly makes the Safari browser crash, and causes other slowdowns. Security expert Graham Cluley wrote on his blog that the bug does not present anything to be particularly worried about -- it's merely very annoying. After the link did the rounds on social media, Mr Masri removed the code from GitHub, therefore disabling the "attack" unless someone was to replicate the code elsewhere.

Which JavaScript Framework is the Most Popular? ( 161

An anonymous reader quotes InfoWorld's report on which JavaScript frameworks are the most widely-used: In a study of 28-day download cycles for front-end JavaScript frameworks, NPM, which oversees the popular JavaScript package registry, found that React has been on a steady upward trajectory; it now accounts for about 0.05 percent of the registry's 13 billion downloads per month as of the fourth quarter of 2017. Web developers as well as desktop and mobile developers are adopting the library and it has spawned an ecosystem of related packages. Preact, a lightweight alternative to React, also has seen growth and could become a force in the future.

On the down side, Backbone, which accounted for almost 0.1 percent of all downloads in 2013, now comprises only about 0.005 percent of downloads (about 750,000 per month). Backbone has declined steeply but is kept afloat by the long shelf life of projects using it, NPM reasoned. The jQuery JavaScript library also remains popular but has experienced decreasing interest. Angular, the Google-developed JavaScript framework, was the second-most-popular framework behind React, when combining the original Angular 1.x with the rewritten Angular 2.x. Version 1.x was at about 0.0125 percent of downloads last month while version 2.x was at about 0.02 percent. Still, Angular as a whole is showing just modest growth.

They also report that the four JavaScript frameworks with the fastest growth rates for 2017 were Preact, Vue, React, and Ember.

But for back end services written in JavaScript, npm reports that Express "is the overwhelmingly dominant solution... The next four biggest frameworks are so small relative to Express that it's hard to even see them."
Open Source

Stack Overflow Stats Reveal 'the Brutal Lifecycle of JavaScript Frameworks' ( 165

A developer on the Internal Tools team at Stack Overflow reveals some new statistics from their 'Trends' tool: JavaScript UI frameworks and libraries work in cycles. Every six months or so, a new one pops up, claiming that it has revolutionized UI development. Thousands of developers adopt it into their new projects, blog posts are written, Stack Overflow questions are asked and answered, and then a newer (and even more revolutionary) framework pops up to usurp the throne...

There appears to be a quick ascent, as the framework gains popularity and then a slightly less quick but steady decline as developers adopt newer technologies. These lifecycles only last a couple of years. Starting around 2011, there seems to be major adoption of a couple of competing frameworks: Backbone, Knockout, and Ember. Questions about these tags appear to grow until around 2013 and have been in steady decline since, at about the same time as AngularJS started growing. The latest startup is the Vue.js framework, which has shown quick adoption, as it is one of the fastest growing tags on Stack Overflow. Only time can tell how long this growth will last.

"Let's be honest," the post concludes. "The size of a developer community certainly counts; it contributes to a thriving open source environment, and makes it easier to find help on Stack Overflow."

Erroneous 'Spam' Flag Affected 102 npm Packages ( 84

There was some trouble last weekend at the world's largest package repository. An anonymous reader quotes the official npm blog: On Saturday, January 6, 2018, we incorrectly removed the user floatdrop and blocked the discovery and download of all 102 of their packages on the public npm Registry. Some of those packages were highly depended on, such as require-from-string, and removal disrupted many users' installations... Within 60 seconds, it became clear that floatdrop was not a spammer -- and that their packages were in heavy use in the npm ecosystem. The staffer notified colleagues and we re-activated the user and began restoring the packages to circulation immediately. Most of the packages were restored quickly, because the restoration was a matter of unsetting the deleted tombstones in our database, while also restoring package data tarballs and package metadata documents. However, during the time between discovery and restoration, other npm users published a number of new packages that used the names of deleted packages. We locked this down once we discovered it, but cleaning up the overpublished packages and inspecting their contents took additional time...

In cases where the npm staff accepts a user's request to delete a package, we publish a replacement package by the same name -- a security placeholder. This both alerts those who had depended on it that the original package is no longer available and prevents others from publishing new code using that package name. At the time of Saturday's incident, however, we did not have a policy to publish placeholders for packages that were deleted if they were spam. This made it possible for other users to publish new versions of eleven of the removed packages. After a thorough examination of the replacement packages' contents, we have confirmed that none was malicious or harmful. Ten were exact replacements of the code that had just been removed, while the eleventh contained strings of text from the Bible -- and its publisher immediately contacted npm to advise us of its publication.

They're now implementing a 24-hour cooldown on republication of any deleted package names -- and are also updating their review process. "As a general rule, the npm Registry is and ought to be immutable, just like other package registries such as RubyGems and However, there are legitimate cases for removing a package once it has been published. In a typical week, most of the npm support team's work is devoted to handling user requests for package deletion, which is more common than you might expect. Many people publish test packages then ask to have them deprecated or deleted. There also is a steady flow of requests to remove packages that contain contain private code that users have published inadvertently or inappropriately."
Electronic Frontier Foundation

Violating a Website's Terms of Service Is Not a Crime, Federal Court Rules ( 82

An anonymous reader quotes a report from the Electronic Frontier Foundation: Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes -- in this case, California and Nevada -- to enforce their computer use preferences. This decision shores up the good precedent from 2012 and makes clear -- if it wasn't clear already -- that violating a corporate computer use policy is not a crime.

SourceForge Debuts New UI and GitHub Sync Tool ( 121

SourceForge on Tuesday introduced an overhaul of its website to give it a new look and add new features. Among the most notable additions, the popular repository, which hosts over 430,000 projects and 3.7 million registered developers, said it was creating a GitHub Importer tool which would enable developers to import their GitHub project to SourceForge and also sync their GitHub project file releases on SourceForce so they "can take advantage of the strengths of both platforms." In a blog post, the team wrote:We believe the open source community is always better served when there are multiple options for open source projects to live, and these options are not mutually exclusive. More improvements and new features are on track to be released throughout the year, the team wrote.

'The Web is Not Google, and Should Not be Just Google': Developers Express Concerns About AMP ( 99

A group of prominent developers published an open-letter on Tuesday, outlining their deep concerns about Accelerated Mobile Pages, a project by Google that aims to improve user experience of the Web. Google services already dominate the Web, and the scale at which AMP is growing, it could further reinforce Google's dominance of the Web, developers wrote. The letter acknowledges that web pages could be slow at times, but the solutions out there to address them -- AMP, Facebook's Instant Articles, Apple News -- are creating problems of their own, developers say. From the letter: Search engines are in a powerful position to wield influence to solve this problem. However, Google has chosen to create a premium position at the top of their search results (for articles) and a "lightning" icon (for all types of content), which are only accessible to publishers that use a Google-controlled technology, served by Google from their infrastructure, on a Google URL, and placed within a Google controlled user experience. The AMP format is not in itself, a problem, but two aspects of its implementation reinforce the position of Google as a de facto standard platform for content, as Google seeks to drive uptake of AMP with content creators: Content that "opts in" to AMP and the associated hosting within Google's domain is granted preferential search promotion, including (for news articles) a position above all other results. When a user navigates from Google to a piece of content Google has recommended, they are, unwittingly, remaining within Google's ecosystem.

If Google's objective with AMP is indeed to improve user experience on the Web, then we suggest some simple changes that would do that while still allowing the Web to remain dynamic, competitive and consumer-oriented: Instead of granting premium placement in search results only to AMP, provide the same perks to all pages that meet an objective, neutral performance criterion such as Speed Index. Publishers can then use any technical solution of their choice. Do not display third-party content within a Google page unless it is clear to the user that they are looking at a Google product. It is perfectly acceptable for Google to launch a "news reader," but it is not acceptable to display a page that carries only third party branding on what is actually a Google URL, nor to require that third party to use Google's hosting in order to appear in search results. We don't want to stop Google's development of AMP, and these changes do not require that.


C Programming Language 'Has Completed a Comeback' ( 243

InfoWorld reports that "the once-declining C language" has "completed a comeback" -- citing its rise to second place in the Tiobe Index of language popularity, the biggest rise of any language in 2017. An anonymous reader quotes their report: Although the language only grew 1.69 percentage points in its rating year over year in the January index, that was enough beat out runners-up Python (1.21 percent gain) and Erlang (0.98 percent gain). Just five months ago, C was at its lowest-ever rating, at 6.477 percent; this month, its rating is 11.07 percent, once again putting it in second place behind Java (14.215 percent) -- although Java dropped 3.05 percent compared to January 2017. C's revival is possibly being fueled by its popularity in manufacturing and industry, including the automotive market, Tiobe believes...

But promising languages such as Julia, Hack, Rust, and Kotlin were not able to reach the top 20 or even the top 30, Tiobe pointed out. "Becoming part of the top 10 or even the top 20 requires a large ecosystem of communities and evangelists including conferences," said Paul Jansen, Tiobe managing director and compiler of the index. "This is not something that can be developed in one year's time."

For 2017 Tiobe also reports that after Java and C, the most popular programming languages were C++, Python, C#, JavaScript, Visual Basic .Net, R, PHP, and Perl.

The rival Pypl Popularity of Programming Language index calculates that the most popular languages are Java, Python, PHP, JavaScript, C#, C++, C, R, Objective-C, and Swift.

Google Loses Up to 250 Bikes a Week ( 208

What's happening to Google's 1,100 Gbikes? The Mercury News reports: Last summer, it emerged that some of the company's bikes -- intended to help Googlers move quickly and in environmentally friendly fashion around the company's sprawling campus and surrounding areas -- were sleeping with the fishes in Stevens Creek. And now, a new report has revealed that 100 to 250 Google bikes go missing every week, on average. "The disappearances often aren't the work of ordinary thieves, however. Many residents of Mountain View, a city of 80,000 that has effectively become Google's company town, see the employee perk as a community service," the Wall Street Journal reported.

And for the company, here's one Google bike use case that's got to burn a little: 68-year-old Sharon Veach told the newspaper that she sometimes uses one of the bicycles as part of her commute: to the offices of Google's arch foe, Oracle... Mountain View Mayor Ken Rosenberg even admitted to helping himself to a Google bike to go to a movie after a meeting at the company's campus, according to the WSJ.

One Silicon Valley resident reportedly told a neighbor that "I've got a whole garage full of them," while Veach describes the bikes as "a reward for having to deal with the buses" that carry Google employees. Google has already hired 30 contractors to prowl the city in five vans looking for lost or stolen bikes -- only a third of which have GPS trackers -- and they eventually recover about two-thirds of the missing bikes.

They've discovered them as far away as Mexico, Alaska, and the Burning Man festival in Nevada.

Rust 1.23.0 Released, Community Urged To Blog Ideas For 2018 Roadmap ( 76

An anonymous reader quotes the official Rust blog: The Rust team is happy to announce a new version of Rust, 1.23.0... New year, new Rust! For our first improvement today, we now avoid some unnecessary copies in certain situations. We've seen memory usage of using rustc to drop 5-10% with this change; it may be different with your programs... The documentation team has been on a long journey to move rustdoc to use CommonMark. Previously, rustdoc never guaranteed which markdown rendering engine it used, but we're finally committing to CommonMark. As part of this release, we render the documentation with our previous renderer, Hoedown, but also render it with a CommonMark compliant renderer, and warn if there are any differences.
A few new APIs were also stabilized in this release -- see the complete release notes here -- and you no longer need to import the trait AsciiExt to provide ASCII-related functionality on u8, char, [u8], and str.

The Rust blog made another announcement earlier this week. "As open source software becomes more and more ubiquitous and popular, the Rust team is interested in exploring new and innovative ways to solicit community feedback and participation." So while defining Rust's roadmap for 2018, "we'd like to try something new in addition to the RFC process: a call for community blog posts for ideas of what the goals should be."

'The State of JavaScript Frameworks, 2017' ( 114

An anonymous reader shares some new statistics from Laurie Voss, co-founder and COO of npm (the package manager/software registry for JavaScript): The sum of all the package downloads in the npm Registry shows that the npm ecosystem continues to experience explosive, continuous growth... Right now, we estimate about 75% of all JavaScript developers use npm, and that number is rising quickly to reach 100%. We believe there are about 10 million npm users right now.
The first post in a three-part series graphs the popularity and growth rate for seven JavaScript frameworks.
  • Preact is tiny but the fastest-growing.
  • Vue is also very fast growing and neck and neck with Ember, Angular and Backbone
  • Ember has grown more popular in the last 12 months.
  • Angular and Backbone have both declined in popularity.
  • jQuery remains hugely popular but decreasingly so.
  • React is both huge and very fast-growing for its size.


New Year's Resolutions For Linux Admins: Automate More, Learn New Languages ( 139

An anonymous reader writes: A long-time Unix sys-admin is suggesting 18 different New Year's resolutions for Linux systems adminstrators. And #1 is to automate more of your boring stuff. "There are several good reasons to turn tedious tasks into scripts. The first is to make them less annoying. The second is to make them less error-prone. And the last is to make them easier to turn over to new team members who haven't been around long enough to be bored. Add a small dose of meaningful comments to your scripts and you have a better chance of passing on some of your wisdom about how things should be done."

Along with that, they suggest learning a new scripting language. "It's easy to keep using the same tools you've been using for decades (I should know), but you might have more fun and more relevance in the long run if you teach yourself a new scripting language. If you've got bash and Perl down pat, consider adding Python or Ruby or some other new language to your mix of skills."

Other suggestions include trying a new distro -- many of which can now be run in "live mode" on a USB drive -- and investigating the security procedures of cloud services (described in the article as "trusting an outside organization with our data").

"And don't forget... There are now only 20 years until 2038 -- The Unix/Linux clockpocalypse."


Which Programming Languages Are Most Prone to Bugs? ( 247

An anonymous reader writes: The i-Programmer site revisits one of its top stories of 2017, about researchers who used data from GitHub for a large-scale empirical investigation into static typing versus dynamic typing. The team investigated 20 programming languages, using GitHub code repositories for the top 50 projects written in each language, examing 18 years of code involving 29,000 different developers, 1.57 million commits, and 564,625 bug fixes.

The results? "The languages with the strongest positive coefficients - meaning associated with a greater number of defect fixes are C++, C, and Objective-C, also PHP and Python. On the other hand, Clojure, Haskell, Ruby and Scala all have significant negative coefficients implying that these languages are less likely than average to result in defect fixing commits."

Or, in the researcher's words, "Language design does have a significant, but modest effect on software quality. Most notably, it does appear that disallowing type confusion is modestly better than allowing it, and among functional languages static typing is also somewhat better than dynamic typing."


Tech Bros Bought Sex Trafficking Victims Using Amazon and Microsoft Work Emails ( 321

An anonymous reader writes: Newsweek's National Politics Correspondent reports on "a horny nest of prostitution 'hobbyists' at tech giants Microsoft, Amazon and other firms in Seattle," citing "hundreds" of emails "fired off by employees at major tech companies hoping to hook up with trafficked Asian women" between 2014 and 2016, "67 sent from Microsoft, 63 sent from Amazon email accounts and dozens more sent from some of Seattle's premier tech companies and others based elsewhere but with offices in Seattle, including T-Mobile and Oracle, as well as many local, smaller tech firms." Many of the emails came from a sting operation against online prostitution review boards, and were obtained through a public records request to the King County Prosecutor's Office.

"They were on their work accounts because Seattle pimps routinely asked first-time sex-buyers to prove they were not cops by sending an employee email or badge," reports Newsweek, criticizing "the widespread and often nonchalant attitude toward buying sex from trafficked women, a process made shockingly more efficient by internet technology... A study commissioned by the Department of Justice found that Seattle has the fastest-growing sex industry in the United States, more than doubling in size between 2005 and 2012. That boom correlates neatly with the boom of the tech sector there... Some of these men spent $30,000 to $50,000 a year, according to authorities." A lawyer for some of the men argues that Seattle's tech giants aren't conducting any training to increase employees' compassion for trafficked women in brothels. The director of research for a national anti-trafficking group cites the time Uber analyzed ride-sharing data and reported a correlation between high-crime neighborhoods and frequent Uber trips -- including people paying for prostitutes. "They made a map using their ride-share data, like it was a funny thing they could do with their data. It was done so flippantly."


2017: The Year in Programming Languages ( 117

InfoWorld writes that 2017 "presented a mixed bag of improvements to both long-established and newer programming languages." An anonymous reader quotes their report: Developers followed a soap opera over Java, with major disagreements over a modularization plan for standard Java and, in a surprising twist, Oracle washing its hands of the Java EE enterprise variant. Microsoft's TypeScript, meanwhile, has increased in popularity by making life easier for developers looking for an alternative to JavaScript. Microsoft also launched Q#, a language for quantum computing...

In web development, developers received a lot of help building with JavaScript itself or with JavaScript alternatives. Among the tools released in 2017 were: Google's Angular 5 JavaScript framework, released in November, featuring a build optimizer and supports progressive web apps and use of Material Design components... And React, the JavaScript UI library from Facebook, went to Version 16 in September, featuring a rewriting of the React core to boost responsiveness for complex applications...

TypeScript was not the only JavaScript alternative making waves this year. For web developers who would rather use Google's Go (Golang) language instead of JavaScript, the beta Joy compiler introduced in December promises to allow cross-compilation. Another language that offers compilation to JavaScript -- although it began on the JVM -- is Kotlin, which has experienced rising fortunes this year. It was boosted considerably by Google endorsing it in May for building Android applications, which has been chiefly the domain of Java...

2017 also saw the release of the long-awaited C++ 17.

Another 2017 memory: Eric Raymond admitting that he hates C++, and predicting that Go (but not Rust) will eventually replace C -- if not a new language like Cx.

Blockchain Brings Business Boom To IBM, Oracle, and Microsoft ( 94

An anonymous reader quotes Fortune's new report on blockchain: Demand for the technology, best known for supporting bitcoin, is growing so much that it will be one of the largest users of capacity next year at about 60 data centers that IBM rents out to other companies around the globe. IBM was one of the first big companies to see blockchain's promise, contributing code to an open-source effort and encouraging startups to try the technology on its cloud for free. That a 106-year-old company like IBM is going all in on blockchain shows just how far the digital ledger has come since its early days underpinning bitcoin drug deals on the dark web. The market for blockchain-related products and services will reach $7.7 billion in 2022, up from $242 million last year, according to researcher Markets & Markets.

That's creating new opportunities for some of the old warships of the technology world, companies like IBM and Microsoft Corp. that are making the transition to cloud services. And products that had gone out of vogue, such as databases sold by Oracle Corp., are becoming sexy again... In October, Oracle announced the formation of Oracle Blockchain Cloud Service, which helps customers extend existing applications like enterprise-resource management systems. A month earlier, rival SAP SE said clients in industries like manufacturing and supply chain were testing its cloud service. And on Nov. 20, Microsoft expanded its partnership with consortium R3 to make it easier for financial institutions to deploy blockchains in its Azure cloud. Big Blue, meanwhile, has been one of key companies behind the Hyperledger consortium, a nonprofit open-source project that aims to create efficient standards for commercial use of blockchain technology.

A Juniper Research survey found six in 10 larger corporations are considering blockchain, according to the article, which adds that blockchain "is increasingly being tested or used by companies such as Wal-Mart Stores Inc. and Visa Inc. to streamline supply chain, speed up payments and store records."

And because of blockchain's popularity, the CEO of WinterGreen Research predicts that 55% of large companies with over 1,000 employees will use the cloud rather than their own data centers within five years -- up from 17% today.

300,000 Users Exposed In Data Leak ( 43

Dangerous_Minds shares a report from ThreatPost: said it closed portions of its community-driven genealogy site RootsWeb as it investigated a leaky server that exposed 300,000 passwords, email addresses and usernames to the public internet. In a statement issued over the weekend, Chief Information Security Officer of Tony Blackham said a file containing the user data was publicly exposed on a RootsWeb server. On Wednesday, told Threatpost it believed the data was exposed on November 2015. The data resided on RootsWeb's infrastructure, and is not linked to's site and services. said RootsWeb has "millions" of members who use the site to share family trees, post user-contributed databases and host thousands of messaging boards. The company said RootsWeb doesn't host sensitive information such as credit card data or social security numbers. It added, there are no indications data exposed to the public internet has been accessed by a malicious third party. The company declined to specify how and why the data was stored insecurely on the server. "Approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers," Blackham wrote.
It's funny.  Laugh.

Trump's Website Is Coded With a Broken Server Error Message That Blames Obama ( 168

An anonymous reader quotes a report from TechCrunch: If you're a fan of Easter eggs hidden in source code, this is a pretty good one. Apparently, as Washington Post data reporter Christopher Ingraham observed on Twitter, some Trump administration and GOP websites have a portion of code with a joke that throws shade at Obama's golf habits, the irony nowhere to be found. We checked the source code and sure enough the line "Oops! Something went wrong. Unlike Obama, we are working to fix the problem and not on the golf course" appears on sites, like the one hosting this surely statistically sound, Obama-obsessed "Inaugural Year Approval Poll," but not on pages. As Ingraham pointed out, it's also present on some official GOP sites, including the homepage. In both instances, the Obama dig is paired with a 404 error message that states "What do Hillary Clinton and this link have in common? They're both dead broke." To top it off, the code itself is apparently itself broken, swapping a single equal sign where there should be two. An honest mistake? Or perhaps the world was never meant to be gifted with these very good jokes at all?

A Glitch Stole Christmas: S.C. Lottery Says Error Caused Winning Tickets ( 113

An anonymous reader shares a report: The South Carolina lottery game is called Holiday Cash Add-A-Play, and the rules are pretty simple: Get three Christmas tree symbols in any vertical, horizontal or diagonal line, and you win a prize. Monday was Christmas, and some folks in the Palmetto State were feeling jolly. "I don't play the lottery that much," Nicole Coggins of Liberty, S.C., told local NBC affiliate WYFF. "Every once in a while, I'll buy a Powerball ticket, but something told me to buy a lottery ticket." She paid an extra dollar to add a play. The ticket was a winner, and she was excited.

The station says that as word got out about the sudden proliferation of winning tickets, a frenzy ensued. One store manager told WYFF that "it was crazy" as people hurried to buy the tickets. But the Christmas miracle was too good to be true. The South Carolina Education Lottery says a programming error in its computer system vendor is to blame for so many winning tickets. "From 5:51 p.m. to 7:53 p.m., the same play symbol was repeated in all nine available play areas on tickets which would result in a top prize of $500," the lottery said in a statement Wednesday. "No more than five identical play symbols should appear for a single play. As soon as the issue was identified, the Add-A-Play game was suspended immediately to conduct a thorough investigation."


Russia Lost a $45 Million Satellite Because 'They Didn't Get the Coordinates Right' ( 101

Last month, Russia lost contact with a 6,062-pound, $45 million satellite. Turns out, that happened because the Meteor-M weather satellite was programmed with the wrong coordinates. Gizmodo reports: On Wednesday, Russian Deputy Prime Minister Dmitry Rogozin told the Rossiya 24 state TV channel that a human error was responsible for the screw-up, according to Reuters. While the Meteor-M launched last month from the Vostochny cosmodrome in the Far East, it was reportedly programmed with take-off coordinates for the Baikonur cosmodrome, which is located in southern Kazakhstan. "The rocket was really programmed as if it was taking off from Baikonur," Rogozin said. "They didn't get the coordinates right." And the rocket had some precious cargo on board: "18 smaller satellites belonging to scientific, research and commercial companies from Russia, Norway, Sweden, the U.S., Japan, Canada and Germany," Reuters reported.

FBI Software For Analyzing Fingerprints Contains Russian-Made Code, Whistleblowers Say ( 174

schwit1 shares an exclusive report via BuzzFeed: The fingerprint-analysis software used by the FBI and more than 18,000 other U.S. law enforcement agencies contains code created by a Russian firm with close ties to the Kremlin, according to documents and two whistleblowers. The allegations raise concerns that Russian hackers could gain backdoor access to sensitive biometric information on millions of Americans, or even compromise wider national security and law enforcement computer systems. The Russian code was inserted into the fingerprint-analysis software by a French company, said the two whistleblowers, who are former employees of that company. The firm -- then a subsidiary of the massive Paris-based conglomerate Safran -- deliberately concealed from the FBI the fact that it had purchased the Russian code in a secret deal, they said. The Russian company whose code ended up in the FBI's fingerprint-analysis software has Kremlin connections that should raise similar national security concerns, said the whistleblowers, both French nationals who worked in Russia. The Russian company, Papillon AO, boasts in its own publications about its close cooperation with various Russian ministries as well as the Federal Security Service -- the intelligence agency known as the FSB that is a successor of the Soviet-era KGB and has been implicated in other hacks of U.S. targets.

Cybersecurity experts said the danger of using the Russian-made code couldn't be assessed without examining the code itself. But "the fact that there were connections to the FSB would make me nervous to use this software," said Tim Evans, who worked as director of operational policy for the National Security Agency's elite cyberintelligence unit known as Tailored Access Operations and now helps run the cybersecurity firm Adlumin. The FBI's overhaul of its fingerprint-recognition technology, unveiled in 2011, was part of a larger initiative known as Next Generation Identification to expand the bureau's use of biometrics, including face- and iris-recognition technology. The TSA also relies on the FBI fingerprint database.

Data Storage

Nintendo Delaying 64GB Game Cards For Switch Until 2019, Says Report ( 54

According to The Wall Street Journal, Nintendo is pushing back the introduction of larger 64GB game cards for the Switch. Nintendo had planned to make them available during the second half of 2018, but has reportedly told developers that they would have to wait. The reason is reportedly due to technical issues. Kotaku reports: As Kotaku previously reported, Nintendo's Switch games keep their size slim, with downloads for Super Mario Odyssey, Arms and Splatoon 2 ranging from 2-6GB. However, third party developers have been releasing bigger, data-heavy games, outpacing the Switch's 24GB of usable onboard memory. The Journal notes that Nintendo has already sold over 10 million Switch consoles, meaning developers could continue to flock to the platform, regardless.

What Amazon's Alexa Economy Pays the People Building Its Skills ( 101

From a report on CNET: On a lark, Joel Wilson started developing skills for Alexa, Amazon's voice assistant, this past January. After a few weeks of coding, he launched two skills -- Amazon's term for voice-controlled apps -- called Question of the Day and Three Questions. Both quiz people on science, literature and pop culture trivia. In May, he got an email from Amazon telling him to expect a check in the mail as part of a new program that pays cash to makers of popular skills. That first month, Amazon sent him $2,000. It got better from there. He's received checks for $9,000 over each of the past three months, he said. Wilson unexpectedly joined a new Alexa economy, a small but fast-growing network of independent developers, marketing companies and Alexa tools makers. Two years ago, there wasn't nearly as much to do on Alexa and the market for making Alexa skills was worth a mere $500,000. Now, with more than 25,000 skills available, the market is expected to hit $50 million in 2018, according to analytics firm VoiceLabs.

How Harvard Teaches CS Students How To Code ( 138

Harvard computer science professor David J. Malan "is pretty amazing!" says long-time education-watcher theodp. And he's sharing a link to the online version of Malan's famous CS50 class, "if you can't pony up the estimated $63,025-a-year sticker price to take 'the quintessential Harvard (and Yale!) course' on campus."

KQED's education site "MindShift" reports: Malan's class attracts students who have never taken computer science before, as well as kids who have been coding a long time. His goal with this diverse group of learners is to create a community that's equal and collaborative. One way he does this is by asking students to self-identify by comfort level. Those groups become different section levels, and they sometimes get different homework, but harder assignments are not worth more credit. Malan said recently that the "less comfortable" group has dominated his 700-person course. "At the end of the day all students are treated with the same expectations," said Malan, speaking at the Building Learning Communities conference in Boston.

Students are graded based on each individual's growth; Malan and his team of teaching assistants don't use absolute measures when assigning grades. Instead, they look at scope, how hard the student tried, correctness, how right the work was, style, how aesthetic the code is, and design, which is the most subjective. When it's time to assign grades, Malan and his teaching fellows have lots of in-depth conversations about how each student has improved relative to where he or she started...

The course includes a tool that rewrites error messages to make them easier to understand, plus a code-checking tool which they're planning to open source. There's also a cloud-based IDE which "allows students to access their code from multiple locations," though students can also submit their code through GitHub. (The original submission complains that Harvard's students are "coddled.") But Malan says the class works partly because there's an intentionally social aspect to it -- including numerous teaching assistants holding office hours in public spaces and "the human structure within the course." Guest lecturers have even included Mark Zuckerberg and Steve Ballmer.

But all these technical details don't really capture the wild flavor of the course and all of its multimedia bells and whistles. Malan's fast-paced lectures often close with relevant clips from movies -- for example, a lecture on cryptography which ended with video from a movie you'd see "if you turn on your TV on December 24th."

Rust Blog Touts 'What We Achieved' in 2017 ( 153

An anonymous reader quotes the official Rust blog: Rust's development in 2017 fit into a single overarching theme: increasing productivity, especially for newcomers to Rust. From tooling to libraries to documentation to the core language, we wanted to make it easier to get things done with Rust. That desire led to a roadmap for the year, setting out 8 high-level objectives that would guide the work of the team. How'd we do? Really, really well.
Aaron Turon, part of the core developer team for Rust, wrote the blog post, and specifically touts this year's progress on lowering the learning curve with books and curriculum, as well as actual improvements in the language and a faster edit-compile-debug cycle. He also notes new support for Rust in IntelliJ and Atom (as well as preview versions for Visual Studio and Visual Studio Code) in 2017 -- and most importantly, mentoring. I'd like to specifically call out the leaders and mentors who have helped orchestrate our 2017 work. Leadership of this kind -- where you are working to enable others -- is hard work and not recognized enough. So let's hand it to these folks...! Technical leaders are an essential ingredient for our success, and I hope in 2018 we can continue to grow our leadership pool, and get even more done -- together.

Ask Slashdot: How Can Programmers Explain Their Work To Non-Programmers? 340

Slashdot reader Grady Martin writes: I disrespect people who describe their work in highfalutin terms... However, describing my own work as "programming solutions to problems" is little more than codifying what just about anyone can perceive through intuition. Case in point: Home for the holidays, I was asked about recent accomplishments and attempted to explain the process of producing compact visualizations of branched undo/redo histories.

Responses ranged from, "Well, duh," to, "I can already do that in Word"...

It's the "duh" that I want to address, because of course an elegant solution seem obvious after the fact: Such is the nature of elegance itself. Does anyone have advice on making elegance sound impressive?

An anonymous Slashdot reader left this suggestion for explaining your work to non-programmers. "Don't. I get sick when I hear the bullshit artists spew crap out of their mouth when they have no idea wtf they're talking about. Especially managers..."

But how about the rest of you? How can programmers explain their work to non-programmers?

'State of JavaScript' Survey Results: Good News for React and TypeScript ( 89

"The JavaScript world is richer and messier than ever," reports this year's annual "State of JavaScript" survey, which collected data from over 28,000 developers on everything from favorite frameworks to flavors of JavaScript. SD Times reports: "A few years back, a JavaScript survey would've been a simple matter. Question 1: are you using jQuery? Question 2: any comments? Boom, done!," the developers wrote. "But as we all know, things have changed. The JavaScript ecosystem is richer than ever, and even the most experienced developer can start to hesitate when considering the multitude of options available at every stage"...

On the front end, React remains the dominant framework. However, the survey found interest in Vue is steadily increasing, while Angular is losing steam. Developers are at a 3.8 [on a scale up to 5] when it comes to their overall happiness with front-end tools. On the back end, Express is by far the most popular contender with Koa, Meteor and Hapi slowly making their way behind Express. For testing, Jest and Enzyme stand out with high satisfaction ratings.

In 2016 only 9,000 developers responded for the survey, which had ultimately announced that "Depending on who you ask, right now JavaScript is either turning into a modern, reliable language, or a bloated, overly complex dependency hell. Or maybe both?"

InfoWorld notes that this year more than 28% of the survey's respondent's said they'd used TypeScript, Microsoft's typed superset of JavaScript, and that they'd use it again. And while React was the most popular framework, the second most-popular framework was "none," with 9,493 JavaScript developers saying they didn't use one.

Chrome 64 Beta Adds Sitewide Audio Muting, Pop-Up Blocker, Windows 10 HDR Video ( 43

Chrome 64 is now in beta and it has several new features over version 63. In addition to a stronger pop-up blocker and support for HDR video playback when Windows 10 is in HDR mode, Chrome 64 features sitewide audio muting to block sound when navigating to other pages within a site. 9to5Google reports: An improved pop-up blocker in Chrome 64 prevents sites with abusive experiences -- like disguising links as play buttons and site controls, or transparent overlays -- from opening new tabs or windows. Meanwhile, as announced in November, other security measures in Chrome will prevent malicious auto-redirects. Beginning in version 64, the browser will counter surprise redirects from third-party content embedded into pages. The browser now blocks third-party iframes unless a user has directly interacted with it. When a redirect attempt occurs, users will remain on their current page with an infobar popping up to detail the block. This version also adds a new sitewide audio muting setting. It will be accessible from the permissions dropdown by tapping the info icon or green lock in the URL bar. This version also brings support for HDR video playback when Windows 10 is in HDR mode. It requires the Windows 10 Fall Creator Update, HDR-compatible graphics card, and display. Meanwhile, on Windows, Google is currently prototyping support for an operating system's native notification center. Other features include a new "Split view" feature available on Chrome OS. Developers will also be able to take advantage of the Resize Observer API to build responsive sites with "finger control to observe changes to sizes of elements on a page."

Microsoft Considers Adding Python As an Official Scripting Language in Excel ( 181

An anonymous reader writes: Microsoft is considering adding Python as one of the official Excel scripting languages, according to a topic on Excel's feedback hub opened last month. Since it was opened, the topic has become the most voted feature request, double the votes of the second-ranked proposition. "Let us do scripting with Python! Yay! Not only as an alternative to VBA, but also as an alternative to field functions (=SUM(A1:A2))," the feature request reads, as opened by one of Microsoft's users.

The OS maker responded yesterday by putting up a survey to gather more information and how users would like to use Python inside Excel. If approved, Excel users would be able to use Python scripts to interact with Excel documents, their data, and some of Excel's core functions, similar to how Excel currently supports VBA scripts. Python is one of the most versatile programming languages available today. It is also insanely popular with developers. It ranks second on the PYPL programming languages ranking, third in the RedMonk Programming Language Rankings, and fourth in the TIOBE index.

Open Source

Avast Launches Open-Source Decompiler For Machine Code ( 113

Greg Synek reports via TechSpot: To help with the reverse engineering of malware, Avast has released an open-source version of its machine-code decompiler, RetDec, that has been under development for over seven years. RetDec supports a variety of architectures aside from those used on traditional desktops including ARM, PIC32, PowerPC and MIPS. As Internet of Things devices proliferate throughout our homes and inside private businesses, being able to effectively analyze the code running on all of these new devices becomes a necessity to ensure security. In addition to the open-source version found on GitHub, RetDec is also being provided as a web service.

Simply upload a supported executable or machine code and get a reasonably rebuilt version of the source code. It is not possible to retrieve the exact original code of any executable compiled to machine code but obtaining a working or almost working copy of equivalent code can greatly expedite the reverse engineering of software. For any curious developers out there, a REST API is also provided to allow third-party applications to use the decompilation service. A plugin for IDA disassembler is also available for those experienced with decompiling software.


Searchable Database of 1.4 Billion Stolen Credentials Found On Dark Web ( 72

YVRGeek shares a report from IT World Canada: A security vendor has discovered a huge list of easily searchable stolen credentials in cleartext on the dark web, which it fears could lead to a new wave of cyber attacks. Julio Casal, co-founder of identity threat intelligence provider 4iQ, which has offices in California and Spain, said in a Dec. 8 blog his firm found the database of 1.4 billion username and password pairs while scanning the dark web for stolen, leaked or lost data. He said the company has verified at least a group of credentials are legitimate. What is alarming is the file is what he calls "an aggregated, interactive database that allows for fast (one second response) searches and new breach imports." For example, searching for "admin," "administrator" and "root" returned 226,631 passwords of admin users in a few seconds. As a result, the database can help attackers automate account hijacking or account takeover. The dump file was 41GB in size and was found on December 5th in an underground community forum. The total amount of credentials is 1,400,553,869.

Microsoft Releases Free Preview of Its Quantum Development Kit ( 31

Microsoft is releasing a free preview version of its Quantum Development Kit. "The kit includes the Q# programming language and compiler and a local quantum computing simulator, and is fully integrated with Visual Studio," reports ZDNet. "There's also an Azure-based simulator that allows developers to simulate more than 40 logical qubits of computing power, plus documentation libraries, and sample programs, officials said in their December 11 announcement." From the report: Quantum computers are designed to process in parallel, thus enabling new types of applications across a variety of workloads. They are designed to harness the physics of subatomic particles to provide a different way to store data and solve problems compared to conventional computers, as my ZDNet colleague Tony Baer explains. The result is that quantum computers could solve certain high-performance-computing problems more efficiently. Microsoft officials have said applications that developers create for use with the quantum simulator ultimately will work on a quantum computer, which Microsoft is in the process of developing. Microsoft's goal is to build out a full quantum computing system, including both the quantum computing hardware and the related full software stack.

In-Store WiFi Provider Used Starbucks Website To Generate Monero Coins ( 30

hjf writes: On December 2nd, Twitter user Noah Dinkin tweeted a screenshot that showed that Starbucks' in-store "free WiFi" is using their captive portal to briefly mine the Monero cryptocurrency during the 10-second delay splash screen. Starbucks has not yet responded to the tweet, and neither has their wifi provider, Fibertel Argentina. While Dinkin mentioned that the culprit behind the scheme could be Starbucks' in-store wifi provider, it's possible that a cybercriminal could have hacked their website to place CoinHive code secretly. HackRead notes that "just a few days ago researchers identified more than 5,000 sites that were hijacked to insert CoinHive code, yet Starbucks' direct involvement is still unclear." CoinHive is a company that produces a JavaScript miner for the Monero Blockchain that you can embed in your website. Any coins mined by the browser are sent to the owner of the website.

Did Programming Language Flaws Create Insecure Apps? ( 100

Several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks, according to research presented at the Black Hat Europe 2017 security conference. An anonymous reader writes: The author of this research is IOActive Senior Security Consultant Fernando Arnaboldi, who says he used an automated software testing technique named fuzzing to identify vulnerabilities in the interpreters of five of today's most popular programming languages: JavaScript, Perl, PHP, Python, and Ruby.

Fuzzing involves providing invalid, unexpected, or random data as input to a software application. The researcher created his own fuzzing framework named XDiFF that broke down programming languages per each of its core functions and fuzzed each one for abnormalities. His work exposed severe flaws in all five languages, such as a hidden flaw in PHP constant names that can be abused to perform remote code execution, and undocumented Python methods that can be used for OS code execution. Arnaboldi argues that attackers can exploit these flaws even in the most secure applications built on top of these programming languages.

Slashdot Top Deals