DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Google

Google Launches Official Gmail Add-On Program (pcworld.com) 32

Google is making it possible for developers to bring their services into Gmail using new integrations called Add-ons. From a report on PCWorld: It's built so that developers can write one set of code in Google's Apps Script language and have their integration run in Gmail on the web, as well as inside Google's Android and iOS apps for the service. For example, a QuickBooks add-on would let users easily send invoices to people who they're emailing. Google already offers Add-ons for its Docs word processing and Sheets spreadsheet software. This sort of system could be useful for users because it helps them get work done without leaving Gmail. It also helps draw users into Google's official email app, rather than use one of the many other clients that can access the service, including Microsoft Outlook.
Security

Apache Servers Under Attack Through Easily Exploitable Struts 2 Flaw (helpnetsecurity.com) 63

Orome1 quotes a report from Help Net Security: A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday. The vulnerability (CVE-2017-5638) affects the Jakarta file upload Multipart parser in Apache Struts 2. It allows attackers to include code in the "Content-Type" header of an HTTP request, so that it is executed by the web server. Almost concurrently with the release of the security update that plugs the hole, a Metasploit module for targeting it has been made available. Unfortunately, the vulnerability can be easily exploited as it requires no authentication, and two very reliable exploits have already been published online. Also, vulnerable servers are easy to discover through simple web scanning. "Struts 2 is a Java framework that is commonly used by Java-based web applications," reports SANS ISC in their blog. "It is also known as 'Jakarta Struts' and 'Apache Struts.' The Apache project currently maintains Struts." Cisco Talos also has a blog detailing the attack.
Bitcoin

The Promise of Blockchain Is a World Without Middlemen (hbr.org) 73

dryriver writes: The Harvard Business Review has an interesting article about how Blockchain technology may bring down the cost of business transactions and enable new ways of doing things: "Consider the problem that small manufacturers have dealing with giants like Wal-Mart. To keep transaction costs and the costs of carrying each product line down, large companies generally only buy from companies that can service a substantial percentage of their customers. But if the cost of carrying a new product was tiny, a much larger number of small manufacturers might be included in the value network. Amazon carries this approach a long way, with enormous numbers of small vendors selling through the same platform, but the idea carried to its limit is eBay and Craigslist, which bring business right down to the individual level. While it's hard to imagine a Wal-Mart with the diversity of products offered by Amazon or even eBay, that is the kind of future we are moving into." "Decentralization" is the idea that a database works like a network "that's shared with everybody in the world, where anyone and anything can connect to it," writes Vinay Gupta for Harvard Business Review. "Decentralization offers the promise of nearly friction-free cooperation between members of complex networks that can add value to each other by enabling collaboration without central authorities and middle men." The proposition ultimately makes things "more efficient in unexpected ways." For example, "a 1% transaction fee may not seem like much, but down a 15-step supply chain, it adds up. [...] The decentralization that blockchain provides would change that, which could have huge possible impacts for economies in the developing world," writes Gupta.
Businesses

Google's Compute Engine Now Offers Machines With Up To 64 CPU Cores, 416GB of RAM (techcrunch.com) 74

An anonymous reader shares a TechCrunch report: Google is doubling the maximum number of CPU cores developers can use with a single virtual machine on its Compute Engine service from 32 to 64. These high-power machines are now available in beta across all of Google's standard configurations and as custom machine types, which allow you to select exactly how many cores and memory you want. If you opt to use 64 cores in Google's range of high-memory machine types, you'll also get access to 416GB of RAM. That's also twice as much memory as Compute Engine previously offered for a single machine and enough for running most memory-intensive applications, including high-end in-memory databases. Running your apps on this high-memory machine will set you back $3.7888 per hour (though you do get all of Google's usual sustained-use discounts if you run it for longer, too).
Google

Google Can Now Recognize Objects in Videos Using Machine Learning (theverge.com) 47

Google has found a new way to allow software to parse video. On Wednesday, the company announced "Video Intelligence API", which is able to identify objects in a video. From a report: By playing a short commercial, the API was able to identify the dachshund in the video, when it appeared in the video, and then understand that the whole thing was a commercial. In another demo, we saw a simple search for "beach" and was able to find videos which had scenes from beaches in them, complete with timestamps. That's similar to how Google Photos lets you search for "sunset" and pull up your best late-day snapshots. Before now, computers couldn't really understand the content of a video directly without manual tagging. "We are beginning to shine light on the dark matter of the digital universe," Fei-Fei Li, chief scientist of artificial intelligence and machine learning at Google Cloud, said. At least in Google's demo, it was genuinely impressive. And Google is making the API available to developers, just as it has with its other machine learning APIs.
Apple

Apple Begins Rejecting Apps With 'Hot Code Push' Feature (apple.com) 149

Apple has long permitted "hot code push", a feature that allows developers to continuously deploy changes to their mobile apps and have those changes reflect in their apps instantly. This allowed developers to make quick changes to their apps without having to resubmit the new iteration and get approval from the Apple Store review team. But that's changing now. In response to a developer's query, Apple confirmed that it no longer permits "hot code push." The company told the developer: Your app, extension, and/or linked framework appears to contain code designed explicitly with the capability to change your app's behavior or functionality after App Review approval, which is not in compliance with section 3.3.2 of the Apple Developer Program License Agreement and App Store Review Guideline 2.5.2. This code, combined with a remote resource, can facilitate significant changes to your app's behavior compared to when it was initially reviewed for the App Store. While you may not be using this functionality currently, it has the potential to load private frameworks, private methods, and enable future feature changes.
Firefox

Developer Proclaims Death of Cyberfox Web Browser (ghacks.net) 52

In a forum entitled "Cyberfox and its future direction," the lead developer of Cyberfox proclaimed the death of their web browser. The lead developer, Toady, writes: "Over the years the Cyberfox project has grown immensely and its thanks to all the amazing support of our users and has been an amazing couple of years this however has demanded far more of my time causing me to drop allot of projects and passions id like to pursue, the time factor this project has demanded has also take a toll lifestyle wise as have the changes made by Mozilla requiring more and more time to maintain so its come to a point where i recently had to assess the direction of this project and the direction i wish to head for the future. This has being no easy choice and the last few months allot of thinking about the direction of this project has taken place." He continues, "This project has been amazing no one could ask for a better project or community sadly as much as i love this project my heart is no longer fully in it, dreams of pursuing game development were pushed aside and lifestyle steadily declined ultimately slowly coming to this point where changes and choices have to be made ones that will affect this project and the future of what i have spent all these years building." Ghacks Technology News reports: The death of Cyberfox, or more precisely, the announcement of end of life for the web browser may come as a shock to users who run it. It should not be too much of a surprise though for users who keep an eye on the browser world and especially Mozilla and Firefox. Mozilla announced major changes to Firefox, some of which landed already, some are in process, and others are announced for 2017. [Some of the critical changes:] Multi-process Firefox is almost done, plugins are out except for Flash and Firefox ESR, Windows XP and Vista users are switched to Firefox ESR so that the operating systems are supported for eight additional releases, and WebExtensions will replace all other add-on systems of the browser. That's a lot of change, especially for projects that are maintained by a small but dedicated group of developers such as Cyberfox. The author of Cyberfox made the decision to switch the browser's release channel to Firefox 52.0 ESR. This means that Cyberfox will be supported with security updates for the next eight release cycles, but new features that Mozilla introduces in Firefox Stable won't find their way into the browser anymore. UPDATE 3/07/17: We have updated the headline to clarify that Cyberfox, specifically, is the browser that will be coming to an end. We have also added an excerpt from the developer's post. Toady clarified at the end of his post: "The largest factor was lifestyle a nicer way of saying health issues without making it to personalized."
Microsoft

Microsoft Releases Visual Studio 2017 (visualstudio.com) 195

Reader Anon E. Muss writes: Microsoft on Tuesday released Visual Studio 2017. The latest version of the venerable Integrated Development Environment supports a variety of languages (C/C++, C#, VB.net, F#, Javascript/Typescript, Python, etc.) and targets classic "Win32" desktop, Universal Windows Platform (UWP, also known as "Metro"), .NET, ASP, node.js, etc.). A "Community Edition" is available at no cost for individual developers and those working on open source software. "Professional" and "Enterprise" editions are available for corporate developers, at prices sure to shock whoever has to sign the check.
Medicine

Researchers Suggest Using Blockchain For Electronic Health Records (hbr.org) 70

The CIO at a Boston teaching hospital and two MIT researchers write in the Harvard Business Review that blockchain "has the potential to enable secure lifetime medical record sharing across providers," calling it "a different construct, providing a universal set of tools for cryptographic assurance of data integrity, standardized auditing, and formalized 'contracts' for data access." An anonymous reader quotes their report: A vexing problem facing health care systems throughout the world is how to share more medical data with more stakeholders for more purposes, all while ensuring data integrity and protecting patient privacy... Today humans manually attempt to reconcile medical data among clinics, hospitals, labs, pharmacies, and insurance companies. It does not work well because there is no single list of all the places data can be found or the order in which it was entered...

Imagine that every electronic health record (EHR) sent updates about medications, problems, and allergy lists to an open-source, community-wide trusted ledger, so additions and subtractions to the medical record were well understood and auditable across organizations. Instead of just displaying data from a single database, the EHR could display data from every database referenced in the ledger. The end result would be perfectly reconciled community-wide information about you, with guaranteed integrity from the point of data generation to the point of use, without manual human intervention.

Crime

Local Police Departments Are Building Their Own DNA Databases (ap.org) 50

Slashdot reader schwit1 quotes the Associated Press: Dozens of police departments around the U.S. are amassing their own DNA databases to track criminals, a move critics say is a way around regulations governing state and national databases that restrict who can provide genetic samples and how long that information is held. The local agencies create the rules for their databases, in some cases allowing samples to be taken from children or from people never arrested for a crime. Police chiefs say having their own collections helps them solve cases faster because they can avoid the backlogs that plague state and federal repositories...

Frederick Harran, the public safety director in Bensalem Township, Pennsylvania...said he knows of about 60 departments using local databases... "The local databases have very, very little regulations and very few limits, and the law just hasn't caught up to them," said Jason Kreig, a law professor at the University of Arizona who has studied the issue.

One ACLU attorney cites a case where local police officers in California took DNA samples from children without even obtaining a court order first.
Programming

Douglas Crockford Envisions A Post-JavaScript World (infoworld.com) 300

JavaScript developer (and JSON proponent) Douglas Crockford recently described "a theoretical post-JavaScript World," according to InfoWorld. Crockford "believes the web development staple needs a successor that can fix multiple programming nuances." An anonymous reader summarizes their report: Despite its status as the world's most popular language, Crockford told an audience at the Oracle Code conference, "It would be sad if JavaScript turns out to be the last language." He complained that JavaScript has two different ways of declaring variables -- let and var -- as well as two different "bottom variables" with no value -- both null and undefined. "There's an argument among language designers, should we have bottom values at all? But there's nobody who thinks you should have two of them."

According to InfoWorld, Crockford "also presented a scenario with JavaScript being turned into a purely functional programming language by getting rid of 'impurities' like date, the delete operation, math.random and object.assign. Afterward, he stressed replacing JavaScript rather than adding functional capabilities to it... The next language also should be better able to deal with multiple cores. Most languages have followed the sequential model of Fortran, executing one operation after another, he said. 'That's not how the world works anymore. We now have lots of cores available to us, which all want to be running at the same time.'"

In other news, Crockford also proposed ending the "spaces vs. tabs" debate by simply eliminating tabs altogether.
Iphone

An 81-Year-Old Woman Just Created Her Own iPhone App (cnn.com) 60

After 43 years working in one of Japan's leading banks, 81-year-old Masako Wakamiya has launched an iPhone app called "Hinadan" that shows users how to stage traditional dolls for the Hinamatsuri festival. From a report on CNN Money: She says she felt compelled to do something after noticing a shortage of fun apps aimed at people her age. "We easily lose games when playing against young people, since our finger movements can't match their speed," Wakamiya told CNN. The retired banker asked a bunch of people to create games for seniors, but no one was interested. So she took matters into her own hands and achieved something many people half her age haven't done. "I wanted to create a fun app to get elderly people interested in smartphones," she said. "It took about half a year to develop." Wakamiya started using computers at age 60 when she was caring for her elderly mother and finding it difficult to get out and socialize with friends.
Software

Software Engineer Detained At JFK, Given Test To Prove He's An Engineer (mashable.com) 553

New submitter mendred quotes a report from Mashable: Celestine Omin, a software engineer at Andela -- a tech startup that connects developers in Africa with U.S employers -- had a particularly unwelcoming reception when he deplaned at John F. Kennedy Airport and was given a test to prove he was actually a software engineer. A LinkedIn post detailing Omin's challenging experience explained that upon landing in New York after spending 24 miserable hours on a Qatar Airways flight, he was given some trouble about the short-term visa he obtained for his trip. According to the post, an unprepared and exhausted Omin waited in the airport for approximately 20 minutes before being questioned by a Customs and Border Protection officer about his occupation. After several questions were asked, he was reportedly brought to a small room and told to sit down, where he was left for another hour before another customs officer entered and resumed grilling him. Omin was instructed to answer the following questions: "Write a function to check if a Binary Search Tree is balanced," and "What is an abstract class, and why do you need it."
Businesses

Programmers Are Confessing Their Coding Sins To Protest a Broken Job Interview Process (theoutline.com) 1001

A number of programmers have taken it Twitter to bring it to everyone's, but particularly recruiter's, attention about the grueling interview process in their field that relies heavily on technical questions. David Heinemeier Hansson, a well-known programmer and the creator of the popular Ruby on Rails coding framework, started it when he tweeted, "Hello, my name is David. I would fail to write bubble sort on a whiteboard. I look code up on the internet all the time. I don't do riddles." Another coder added, "Hello, my name is Tim. I'm a lead at Google with over 30 years coding experience and I need to look up how to get length of a python string." Another coder chimed in, "Hello my name is Mike, I'm a GDE and lead at NY Times, I don't know what np complete means. Should I?" A feature story on The Outline adds: This interview style, widely used by major tech companies including Google and Amazon, typically pits candidates against a whiteboard without access to reference material -- a scenario working programmers say is demoralizing and an unrealistic test of actual ability. People spend weeks preparing for this process, afraid that the interviewer will quiz them on the one obscure algorithm they haven't studied. "A cottage industry has emerged that reminds us uncomfortably of SAT prep," Karla Monterroso, VP of programs for Code2040, an organization for black and Latino techies, wrote in a critique of the whiteboard interview. [...] This means companies tend to favor recent computer science grads from top-tier schools who have had time to cram; in other words, it doesn't help diversify the field with women, older people, and people of color.
Security

Severe SQL Injection Flaw Discovered In WordPress Plugin With Over 1 Million Installs (bleepingcomputer.com) 61

According to BleepingComputer, "A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a website's database." The plugin's name is NextGEN Gallery, which has its own set of plugins due to how successful it is. From the report: According to web security firm Sucuri, who discovered the NextGEN Gallery security issues, the first attack scenario can happen if a WordPress site owner activates the NextGEN Basic TagCloud Gallery option on his site. This feature allows site owners to display image galleries that users can navigate via tags. Clicking one of these tags alters the site's URL as the user navigates through photos. Sucuri says that an attack can modify link parameters and insert SQL queries that will be executed by the plugin when the attacker loads the malformed URL. This happens due to improper input sanitization in the URL parameters, a common problem with many WordPress and non-WordPress web applications. The second exploitation scenario can happen if website owners open their site for blog post submissions. Because attackers can create accounts on the site and submit a blog post/article for review, they can also insert malformed NextGEN Gallery shortcodes. Sucuri says the plugin's authors fixed this flaw in NextGEN Gallery 2.1.79.

Slashdot Top Deals