Programming

New Research Explodes Myths About Ada Lovelace (ox.ac.uk) 107

Two mathematics historians investigated the Lovelace-Byron family archives (which are available online) to confirm the early mathematical prowess of Ada Lovelace for two scholarly journals. Slashdot reader bugs2squash shares a post from the Oxford Mathematical Institute: The work challenges widespread claims that Lovelace's mathematical abilities were more "poetical" than practical, or indeed that her knowledge was so limited that Babbage himself was likely to have been the author of the paper that bears her name. The authors pinpoint Lovelace's keen eye for detail, fascination with big questions, and flair for deep insights, which enabled her to challenge some deep assumptions in her teacher's work. They suggest that her ambition, in time, to do significant mathematical research was entirely credible, though sadly curtailed by her ill-health and early death.
Ada Lovelace died in London at age 36.
Java

Modularity Finally Approved For Java 9 (infoworld.com) 94

An anonymous reader quotes InfoWorld:With a new round of voting completed this week, the Java Community Process Executive Committee passed by a 24-0 vote the Java Platform Module System public review ballot, the subject of Java Specification Request 376. In May, the same group, citing concerns over the plan being disruptive and lacking consensus, voted the measure down, 13 to 10... Red Hat, which voted no on the previous ballot but abstained from the latest one, said there were still several items in the current proposal that it wanted further work on. "However, we do not want to delay the Java 9 release," Red Hat said. Getting "real world" feedback on the modularity system will be key to determine where further changes need to occur, Red Hat said. The Eclipse Foundation, Hazelcast, and Twitter, all of which voted no previously and yes this time around, cited sufficient progress with modularity.
Java 9 is still slated for release on September 21st.
Ruby

Is Ruby's Decline In Popularity Permanent? (computerworld.com.au) 253

An anonymous reader quotes Computerworld: Ruby has had a reputation as a user-friendly language for building web applications. But its slippage in this month's RedMonk Programming Language Rankings has raised questions about where exactly the language stands among developers these days. The twice-yearly RedMonk index ranked Ruby at eighth, the lowest position ever for the language. "Swift and now Kotlin are the obvious choices for native mobile development. Go, Rust, and others are clearer modern choices for infrastructure," said RedMonk analyst Stephen O'Grady. "The web, meanwhile, where Ruby really made its mark with Rails, is now an aggressively competitive and crowded field." Although O'Grady noted that Ruby remains "tremendously popular," participants on sites such as Hacker News and Quora have increasingly questioned whether Ruby is dying. In the Redmonk rankings, Ruby peaked at fourth place in 2013, reinforcing the perception it is in decline, if a slow one.
Open Source

GitHub Urges Companies To Participate In 'Open Source Fridays' (opensourcefriday.com) 71

An anonymous reader quotes VentureBeat: GitHub wants to help more people become open source contributors with a new initiative called Open Source Friday. As the name implies, the program encourages companies to set aside time at the end of the week for their employees to work on open source projects. It's designed to bolster the ranks of open source contributors at a time when many businesses rely on freely available projects for mission-critical applications. Open Source Friday isn't just about getting businesses to offer their employees' time as a form of charity, it's also a way to improve key business infrastructure, according to Mike McQuaid, a senior software engineer at GitHub...

McQuaid hopes that carving out employees' time on Fridays could help provide additional structure and incentive to participate in the ecosystem... Users don't need to be engineers in order to take part, either. While code contribution is important to the success of a project, creating and maintaining documentation is also key.

OpenSourceFriday.com includes tips for interested contributors, as well as a page suggesting to employers that they could see benefits like developers learning to code faster, better, and more transparently.
Programming

Raspberry Pi Wins UK's Top Engineering Award (bbc.com) 54

An anonymous reader shares a BBC report: The team behind the device was awarded the Royal Academy of Engineering's MacRobert Prize at a ceremony in London last night. The tiny computer launched in 2012. Its designers hoped to introduce children to coding and had modest ambitions. They beat two other finalists, cyber-security company Darktrace and radiotherapy pioneers Vision RT, to win the prize. Previous winners of the innovation award, which has been run since 1969, include the creators of the CT (computerised tomography) scanner; the designers of the Severn Bridge; and the team at Microsoft in Cambridge that developed the Kinect motion sensor.
Education

How Silicon Valley Pushed Coding Into American Classrooms 132

theodp writes: Noting that Apple CEO Tim Cook's advice for President Trump at last week's White House gathering of the Tech Titans was that "coding should be a requirement in every public school," the New York Times examines How Silicon Valley Pushed Coding Into American Classrooms (Warning: source may be paywalled). "The Apple chief's education mandate was just the latest tech company push for coding courses in schools," writes Natasha Singer. "But even without Mr. Trump's support, Silicon Valley is already advancing that agenda -- thanks largely to the marketing prowess of Code.org, an industry-backed nonprofit group." Singer continues: "In a few short years, Code.org has raised more than $60 million from Microsoft, Facebook, Google and Salesforce, along with individual tech executives and foundations. It has helped to persuade two dozen states to change their education policies and laws, Mr. Hadi Partovi, co-founder of Code.org, said, while creating free introductory coding lessons, called Hour of Code, which more than 100 million students worldwide have tried. Along the way, Code.org has emerged as a new prototype for Silicon Valley education reform: a social-media-savvy entity that pushes for education policy changes, develops curriculums, offers online coding lessons and trains teachers -- touching nearly every facet of the education supply chain. The rise of Code.org coincides with a larger tech-industry push to remake American primary and secondary schools with computers and learning apps, a market estimated to reach $21 billion by 2020." Singer also mentions Apple's work to spread computer science in schools. The company launched a free app last year called Swift Playgrounds to teach basic coding in Swift, as well as a yearlong curriculum for high schools and community colleges to teach app design in Swift.
Businesses

The High-Tech Jobs That Created India's Gilded Generation Are Disappearing (washingtonpost.com) 165

An anonymous reader shares a report: Information technology services account for 9.5 percent of the India's gross domestic product, according to the India Brand Equity Foundation (IBEF), but now, after decades of boom, the future of the industry seems precarious. Since May, workers' groups have reported unusually numerous layoffs. The Forum for IT Employees (FITE) estimates that 60,000 workers have lost their jobs in the past few months (syndicated source). "Employees are being rated as poor performers so companies can get rid of them," said FITE's Chennai coordinator, Vinod A.J. IT companies and some government officials say the numbers have been exaggerated, but industry experts say the country's digital wunderkinds have much to fear. "For the first time, companies are touching middle management," said Kris Lakshmikanth, chief of a recruitment firm called Head Hunters India. Bias against Indians abroad is also compounding workers' fears of layoffs and downsizing at home. President Trump has stoked anxiety among Indian techies, who make up the majority of applicants for the H-1B visa program for highly skilled foreign workers. Trump has talked about sharply restricting H-1Bs, and this year the number of applications dropped a staggering 16 percent as companies prepared for Trump's immigration cutbacks. Instead, Indian outsourcing companies such as Infosys started recruiting Americans, bowing to Trump's calls for "America First." On Monday, India's Prime Minister Modi will meet Trump to talk about trade, visas and climate issues.
Education

Why So Many Top Hackers Come From Russia (krebsonsecurity.com) 263

Long-time Slashdot reader tsu doh nimh writes: Brian Krebs has an interesting piece this week on one reason that so many talented hackers (malicious and benign) seem to come from Russia and the former Soviet States: It's the education, stupid. Krebs's report doesn't look at the socioeconomic reasons, but instead compares how the U.S. and Russia educate students from K-12 in subjects which lend themselves to a mastery in coding and computers -- most notably computer science. The story shows that the Russians have for the past 30 years been teaching kids about computer science and then testing them on it starting in elementary school and through high school. The piece also looks at how kids in the U.S. vs. Russia are tested on what they are supposed to have learned.
Fossbytes also reports that Russia claimed the top spot in this year's Computer Programming Olympics -- their fourth win in six years -- adding that "the top 9 positions out of 14 were occupied by Russian or Chinese schools." The only two U.S. schools in the top 20 were the University of Central Florida (#13) and MIT (#20).
Cloud

Should Your Company Switch To Microservices? (cio.com) 118

Walmart Canada claims that it was microservices that allowed them to replace hardware with virtual servers, reducing costs by somewhere between 20 and 50 percent. Now Slashdot reader snydeq shares an article by a senior systems automation engineer arguing that a microservices approach "offers increased modularity, making applications easier to develop, test, deploy, and, more importantly, change and maintain."

The article touts things like cost savings and flexibility for multiple device types, suggesting microservices offer increased resilience and improved scalabiity (not to mention easier debugging and a faster time to market with an incremental development model). But it also warns that organizations need the resources to deploy the new microservices quicky (and the necessary server) -- along with the ability to test and monitor them for database errors, network latency, caching issues and ongoing availability. "You must embrace devops culture," argues the article, adding that "designing for failure is essential... In a traditional setting, developers are focused on features and functionalities, and the operations team is on the hook for production challenges. In devops, everyone is responsible for service provisioning -- and failure."

The original submission ends with a question for Slashdot reader. "What cautions do you have to offer for folks considering tapping microservices for their next application?"
Open Source

'Stack Clash' Linux Flaw Enables Root Access. Patch Now (threatpost.com) 126

msm1267 writes: Linux, BSD, Solaris and other open source systems are vulnerable to a local privilege escalation vulnerability known as Stack Clash that allows an attacker to execute code at root. Major Linux and open source distributors made patches available Monday, and systems running Linux, OpenBSD, NetBSD, FreeBSD or Solaris on i386 or amd64 hardware should be updated soon.

The risk presented by this flaw, CVE-2017-1000364, becomes elevated especially if attackers are already present on a vulnerable system. They would now be able to chain this vulnerability with other critical issues, including the recently addressed Sudo vulnerability, and then run arbitrary code with the highest privileges, said researchers at Qualys who discovered the vulnerability.

Operating Systems

32TB of Windows 10 Internal Builds, Core Source Code Leak Online (theregister.co.uk) 201

According to an exclusive report via The Register, "a massive trove of Microsoft's internal Windows operating system builds and chunks of its core source code have leaked online." From the report: The data -- some 32TB of installation images and software blueprints that compress down to 8TB -- were uploaded to betaarchive.com, the latest load of files provided just earlier this week. It is believed the data has been exfiltrated from Microsoft's in-house systems since around March. The leaked code is Microsoft's Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond's PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code. Anyone who has this information can scour it for security vulnerabilities, which could be exploited to hack Windows systems worldwide. The code runs at the heart of the operating system, at some of its most trusted levels. In addition to this, hundreds of top-secret builds of Windows 10 and Windows Server 2016, none of which have been released to the public, have been leaked along with copies of officially released versions.
Software

NSA Opens GitHub Account, Lists 32 Projects Developed By the Agency (thehackernews.com) 64

An anonymous reader quotes a report from The Hacker News: The National Security Agency (NSA) -- the United States intelligence agency which is known for its secrecy and working in the dark -- has finally joined GitHub and launched an official GitHub page. GitHub is an online service designed for sharing code amongst programmers and open source community, and so far, the NSA is sharing 32 different projects as part of the NSA Technology Transfer Program (TTP), while some of these are "coming soon." "The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace," the agency wrote on the program's page. "OSS invites the cooperative development of technology, encouraging broad use and adoption. The public benefits by adopting, enhancing, adapting, or commercializing the software. The government benefits from the open source community's enhancements to the technology." Many of the projects the agency listed are years old that have been available on the Internet for some time. For example, SELinux (Security-Enhanced Linux) has been part of the Linux kernel for years.
Intel

Intel Quietly Discontinues Galileo, Joule, and Edison Development Boards (intel.com) 95

Intel is discontinuing its Galileo, Joule, and Edison lineups of development boards. The chip-maker quietly made the announcement last week. From company's announcement: Intel Corporation will discontinue manufacturing and selling all skus of the Intel Galileo development board. Shipment of all Intel Galileo product skus ordered before the last order date will continue to be available from Intel until December 16, 2017. [...] Intel will discontinue manufacturing and selling all skus of the Intel Joule Compute Modules and Developer Kits (known as Intel 500 Series compute modules in People's Republic of China). Shipment of all Intel Joule products skus ordered before the last order date will continue to be available from Intel until December 16, 2017. Last time orders (LTO) for any Intel Joule products must be placed with Intel by September 16, 2017. [...] Intel will discontinue manufacturing and selling all skus of the Intel Edison compute modules and developer kits. Shipment of all Intel Edison product skus ordered before the last order date will continue to be available from Intel until December 16, 2017. Last time orders (LTO) for any Intel Edison products must be placed with Intel by September 16, 2017. All orders placed with Intel for Intel Edison products are non-cancelable and non-returnable after September 16, 2017. The company hasn't shared any explanation for why it is discontinuing the aforementioned development boards. Intel launched the Galileo, an Arduino-compatible mini computer in 2013, the Edison in 2014, and the Joule last year. The company touted the Joule as its "most powerful dev kit." You can find the announcement posts here.
Programming

Community Ports 'Visual Studio Code' To Chromebooks, Raspberry Pi (infoworld.com) 79

An anonymous reader quotes InfoWorld: A community build project led by developer Jay Rodgers is making Visual Studio Code, Microsoft's lightweight source code editor, available for Chromebooks, Raspberry Pi boards, and other devices based on 32-bit or 64-bit ARM processors. Supporting Linux and Chrome OS as well as the DEB (Debian) and RPM package formats, the automated builds of Visual Studio Code are intended for less-common platforms that might not otherwise receive them. Obvious beneficiaries will be IoT developers focused on ARM devices -- and the Raspberry Pi in particular -- who will find it helpful to have the editor directly on the device they're programming against... Rodgers said the lure of Visual Studio Code for him was its user-friendly interface, making it approachable for new users.
Security

What Happens When Software Companies Are Liable For Security Vulnerabilities? (techbeacon.com) 221

mikeatTB shares an article from TechRepublic: Software engineers have largely failed at security. Even with the move toward more agile development and DevOps, vulnerabilities continue to take off... Things have been this way for decades, but the status quo might soon be rocked as software takes an increasingly starring role in an expanding range of products whose failure could result in bodily harm and even death. Anything less than such a threat might not be able to budge software engineers into taking greater security precautions. While agile and DevOps are belatedly taking on the problems of creating secure software, the original Agile Manifesto did not acknowledge the threat of vulnerabilities as a problem, but focused on "working software [as] the primary measure of progress..."

"People are doing exactly what they are being incentivized to do," says Joshua Corman, director of the Cyber Statecraft Initiative for the Atlantic Council and a founder of the Rugged Manifesto, a riff on the original Agile Manifesto with a skew toward security. "There is no software liability and there is no standard of care or 'building code' for software, so as a result, there are security holes in your [products] that are allowing attackers to compromise you over and over." Instead, almost every software program comes with a disclaimer to dodge liability for issues caused by the software. End-User License Agreements (EULAs) have been the primary way that software makers have escaped liability for vulnerabilities for the past three decades. Experts see that changing, however.

The article suggests incentives for security should be built into the development process -- with one security professional warning that in the future, "legal precedent will likely result in companies absorbing the risk of open source code."

Slashdot Top Deals