DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Bug

LastPass Bugs Allow Malicious Websites To Steal Passwords (bleepingcomputer.com) 81

Earlier this month, a Slashdot reader asked fellow Slashdotters what they recommended regarding the use of password managers. In their post, they voiced their uncertainty with password managers as they have been hacked in the past, citing an incident in early 2016 where LastPass was hacked due to a bug that allowed users to extract passwords stored in the autofill feature. Flash forward to present time and we now have news that three separate bugs "would have allowed a third-party to extract passwords from users visiting a malicious website." An anonymous Slashdot reader writes via BleepingComputer: LastPass patched three bugs that affected the Chrome and Firefox browser extensions, which if exploited, would have allowed a third-party to extract passwords from users visiting a malicious website. All bugs were reported by Google security researcher Tavis Ormandy, and all allowed the theft of user credentials, one bug affecting the LastPass Chrome extension, while two impacted the LastPass Firefox extension [1, 2]. The exploitation vector was malicious JavaScript code that could be very well hidden in any online website, owned by the attacker or via a compromised legitimate site.
Programming

Performance Bugs, 'the Dark Matter of Programming Bugs', Are Out There Lurking and Unseen (forwardscattering.org) 243

Several Slashdot readers have shared an article by programmer Nicholas Chapman, who talks about a class of bugs that he calls "performance bugs". From the article: A performance bug is when the code computes the correct result, but runs slower than it should due to a programming mistake. The nefarious thing about performance bugs is that the user may never know they are there -- the program appears to work correctly, carrying out the correct operations, showing the right thing on the screen or printing the right text. It just does it a bit more slowly than it should have. It takes an experienced programmer, with a reasonably accurate mental model of the problem and the correct solution, to know how fast the operation should have been performed, and hence if the program is running slower than it should be. I started documenting a few of the performance bugs I came across a few months ago, for example (on some platforms) the insert method of std::map is roughly 7 times slower than it should be, std::map::count() is about twice as slow as it should be, std::map::find() is 15% slower than it should be, aligned malloc is a lot slower than it should be in VS2015.
Google

Android O First Developer Preview Featuring Notification Channels, Background Limits Now Available (googleblog.com) 63

A year after Google released the Android N Developer Preview, the company has made available the developer preview of the next major version of Android, "Android O." You will not want to put it on your primary Android smartphone as the preview is likely to have rough edges. Google says as much. "it's early days, there are more features coming, and there's still plenty of stabilization and performance work ahead of us. But it's booting :)."

The company is using the developer preview to give beta testers a sneak peek into some new features, such as "notification channels," which will offer users the ability to group notifications. There is also Picture in Picture, which will enable you to have a video appear in a small window on top of homescreen or any application. Google is also adding "multi-display support" and improved "keyboard navigation." Your guess is as good as mine as to what these features will actually do. There's also better "background limits" which will supposedly help save battery, and wider Wi-Fi support to include things like Neighborhood Aware Networking (NAN).

No word on what "O" in Android O stands for.
Businesses

GitHub Now Lets Its Workers Keep the IP When They Use Company Resources For Personal Projects (qz.com) 74

If it's on company time, it's the company's dime. That's the usual rule in the tech industry -- that if employees use company resources to work on projects unrelated to their jobs, their employer can claim ownership of any intellectual property (IP) they create. But GitHub is throwing that out the window. From a report on Quartz: Today the code-sharing platform announced a new policy, the Balanced Employee IP Agreement (BEIPA). This allows its employees to use company equipment to work on personal projects in their free time, which can occur during work hours, without fear of being sued for the IP. As long as the work isn't related to GitHub's own "existing or prospective" products and services, the employee owns it. Like all things related to tech IP, employee agreements are a contentious issue. In some US states, it's not uncommon for contracts to give companies full ownership of all work employees produce during their tenure, and sometimes even before and after their tenure, regardless of when or how they produce it. These restrictions have led to several horror stories, like the case of Alcatel vs. Evan Brown.
Books

O'Reilly Site Lists 165 Things Every Programmer Should Know (oreilly.com) 231

97 Things Every Programmer Should Know was published seven years ago by O'Reilly Media, and was described as "pearls of wisdom for programmers collected from leading practitioners." Today an anonymous reader writes: All 97 are available online for free (and licensed under a Creative Commons Attribution 3), including an essay by "Uncle Bob" on taking personal responsibility and "Unix Tools Are Your Friend" by Athens-based professor Diomidis Spinellis, who writes that the Unix tool chest can be more useful than an IDE.

But the book's official site is also still accepting new submissions, and now points to 68 additional "edited contributions" (plus another seven "contributions in progress"), including "Be Stupid and Lazy" by Swiss-based Java programmer Mario Fusco, and "Decouple That UI" by tech trainer George Brooke.

"There is no overarching narrative," writes the site's editor Kevlin Henney (who also wrote the original book). "The collection is intended simply to contain multiple and varied perspectives on what it is that contributors to the project feel programmers should know...anything from code-focused advice to culture, from algorithm usage to agile thinking, from implementation know-how to professionalism, from style to substance..."
Stats

America's Most Affordable Cities For Tech Workers: Seattle, Austin, and Pittsburgh (prnewswire.com) 125

"Seattle tech workers who own their homes can expect to have about $2,000 more in disposable income each month than tech workers in the Bay Area," according to a new study from LinkedIn and Zillow. An anonymous reader writes: "For technology workers who rent, Seattle, Austin and Pittsburgh, Pennsylvania came out on top among the housing markets analyzed, with the Bay Area at #4..." the two companies reported. "Salaries for other industries don't hold up as well in the San Francisco area, though. Even highly-paid finance workers keep only about 32 percent of their incomes after paying for housing and taxes. In Charlotte or Chicago, they can pocket a median of 61 percent."

The Bay Area's high housing prices are apparently offset by the high salaries paid there to tech workers, according to the study. Even so, both home owners and renters pay roughly half the median income for housing on the west coast, "while a rental in the middle of the country costs more like 25 percent of the median income."

The report also identified the best cities for health workers -- Phoenix, Indianapolis, and Boston -- as well as for finance workers, who do best in Charlotte, Chicago and Dallas. The top 15 cities for tech workers also included those same cities except Chicago and Phoenix, while also including known tech hotspots like Denver, Atlanta, and Washington, D.C. But surprisingly the top 15 best cities for tech workers also included Detroit, Nashville, St. Paul (Minnesota) and Tampa, Florida.
Stats

RedMonk Identifies 2017's Most Popular Languages: JavaScript, Java, And Python (redmonk.com) 125

Twice a year the tech analysts at RedMonk attempt to gauge adoption trends for programing languages based on data from both GitHub and Stack Overflow. Here's their top 10 list for 2017: JavaScript, Java, Python, and PHP, followed by a two-way tie between C# and C++, a two-way tie between Ruby and CSS, and then C at #9, and Objective-C at #10. But their GitHub data now counts the number of pull requests rather than the number of repositories. An anonymous reader quotes their report: Swift was a major beneficiary of the new GitHub process, jumping eight spots from 24 to 16 on our GitHub rankings. While the language appears to be entering something of a trough of disillusionment from a market perception standpoint, with major hype giving way to skepticism in many quarters, its statistical performance according to the observable metrics we track remains strong. Swift has reached a Top 15 ranking faster than any other language we have tracked since we've been performing these rankings. Its strong performance from a GitHub perspective suggests that the wider, multi-platform approach taken by the language is paying benefits...

Of all of the top tier languages, none jumped more than TypeScript on our GitHub rankings, as the JavaScript superset moved up 17 points.... PowerShell moved from 36 within the GitHub rankings to 19 to match TypeScript's 17 point jump, and that was enough to nudge it into the Top 20 overall from its prior ranking of 25... One of the biggest overall gainers of any of the measured languages, Rust leaped from 47 on our board to 26 â" one spot behind Visual Basic.

Swift and Scala and Shell all just missed out on the top 10, clustering in a three-way tie at the #11 spot.
Businesses

Ask Slashdot: What Is Your Horrible IT Boss Story? 299

snydeq writes: Good-bye, programming peers; hello, power to abuse at your whim, writes Bob Lewis in a send-up of an all-too-familiar situation: The engineering colleague who transforms into a greasy political manipulator upon promotion into management. "It's legendary: A CIO promotes his best developer into a management role, losing an excellent programmer and gaining a bad manager. The art of management isn't so much about assembling a dream team, helping others be successful, or solving technical problems. It's about aligning everything you do in service of the business -- the business of yourself.'" What tales do you have of colleagues who broke bad all the way to the top?
Programming

Math Teacher Solves Adobe Semaphore Puzzle (mercurynews.com) 52

linuxwrangler writes: For over 4 years, lights atop Adobe's office building in San Jose have flashed out a secret message. This week, the puzzle was solved by Tennessee math teacher Jimmy Waters. As part of the winnings, Adobe is donating software and 3D printers to Waters' school in his name. "The semaphore had been transmitting the audio broadcast of Neil Armstrong's historic moon landing in 1969," reports The Mercury News. "That's right, not the text but the actual audio." The report provides some backstory: "Waters discovered the project, San Jose Semaphore, last summer while he was looking up something about Thomas Pynchon's 1966 novel, 'The Crying of Lot 49.' The text of that work was the code originally programmed by New York-based artist Ben Rubin in 2006. Seeing there was a new message, Waters began trying to decipher it while watching and writing down the sequences online from Tennessee. He discovered a pattern that led him to believe it could represent a space -- or a silence -- in an audio file, and when he graphed the results it looked like an audio wave. He dismissed that as being too difficult but came back to it and eventually ran his results into a program that would convert his numbers to audio. The first results came back sounding like chipmunks squeaking. So he tweaked things and found himself listening to the historic broadcast, which ends with Armstrong's famous line, 'That's one small step for man, one giant leap for mankind.'" You can listen to the semaphore message here.
Education

Ask Slashdot: How To Teach Generic Engineers Coding, Networking, and Computing? 196

davegravy writes: I work at a small but quickly growing acoustic consulting engineering firm, consisting of a mix of mechanical, electrical, civil, and other engineering backgrounds. When I joined almost 10 years ago I was in good company with peers who were very computer literate -- able to develop their own complex excel macros, be their own IT tech support, diagnose issues communicating with or operating instrumentation, and generally dive into any technology-related problem to help themselves. In 2017, these skills and tendencies are more essential than they were 10 years ago; our instruments run on modern OS's and are network/internet-capable, the heavy data processing and analysis we need to do is python-based (SciPy, NumPy) and runs on AWS EC2 instances, and some projects require engineers to interface various data-acquisition hardware and software together in unique ways. The younger generation, while bright in their respective engineering disciplines, seems to rely on senior staff to a concerning degree when it comes to tech challenges, and we're stuck in a situation where we've provided procedures to get results but inevitably the procedures don't cover the vast array of scenarios faced day-to-day. Being a small company we don't have dedicated IT specialists. I believe I gathered my skills and knowledge through insatiable curiosity of all things technology as a child, self-teaching things like Pascal, building and experimenting with my own home LAN, and assembling computers from discrete components. Technology was a fringe thing back then, which I think drew me in. I doubt I'd be nearly as curious about it growing up today given its ubiquity, so I sort of understand why interest might be less common in today's youth.

How do we instill a desire to learn the fundamentals of networking, computing, and coding, so that the younger generation can be self-sufficient and confident working with the modern technology and tools they need to perform -- and be innovative in -- their jobs? I believe that the most effective learning occurs when there's a clearly useful purpose or application, so I'm hesitant to build a training program that consists solely of throwing some online courses at staff. That said, online courses may be a good place to get some background that can be built upon, however most that I've come across are intended for people pursuing careers in computer science, web development, software engineering, etc. Are there any good resources that approach these topics from a more general purpose angle?
Businesses

GitLab Acquires Software Chat Startup Gitter, Will Open-Source the Code (venturebeat.com) 28

According to VentureBeat, "GitLab, a startup that provides open source and premium source code repository software that people use to collaborate on software, is announcing today that it has acquired Gitter, a startup that provides chat rooms that are attached to repositories of code so that collaborators can exchange messages." From the report: GitLab won't bundle it in its community edition or its enterprise edition yet, but it will open-source the Gitter code for others to build on, GitLab cofounder and CEO Sid Sijbrandij told VentureBeat in an interview. What's happening now, though, is that as part of GitLab, Gitter is launching a new feature called Topics, where people will be able to ask and answer questions -- sort of like Stack Overflow. "Although Gitter is best in class with indexing things, it's still sometimes hard to find things," Sijbrandij said. "In this Q&A product, it's a lot easier to structure the Q&A. You're not dealing so much with a chronological timeline where people have different conversations that cross each other. There's a location for every piece of knowledge, and it can grow over time." That technology is already available in beta in Gitter rooms on GitHub, and it will become available on GitLab's Gitter pages over time, Sijbrandij said.
Businesses

Commentary On How To Make Novice Programmers More Professional (slashdot.org) 188

Over the weekend, my colleague David ran a story that sought people's suggestion on how to make (force, encourage, advice) a novice programmer to be more professional. Several people have shared their insightful comment on the topic. One such comment, which has received an unusual support on not just Slashdot but elsewhere, is from William Woody, owner of Glenview Software (and who has previously worked as CTO at Cartifact, architect at AT&T Interactive). He writes: The problem is that our industry, unlike every other single industry except acting and modeling (and note neither are known for "intelligence") worship at the altar of youth. I don't know the number of people I've encountered who tell me that by being older, my experience is worthless since all the stuff I've learned has become obsolete. This, despite the fact that the dominant operating systems used in most systems is based on an operating system that is nearly 50 years old, the "new" features being added to many "modern" languages are really concepts from languages that are between 50 and 60 years old or older, and most of the concepts we bandy about as cutting edge were developed from 20 to 50 years ago. It also doesn't help that the youth whose accomplishments we worship usually get concepts wrong. I don't know the number of times I've seen someone claim code was refactored along some new-fangled "improvement" over an "outdated" design pattern who wrote objects that bear no resemblance to the pattern they claim to be following. And when I indicate that the "massive view controller" problem often represents a misunderstanding as to what constitutes a model and what constitutes a view, I'm told that I have no idea what I'm talking about -- despite having more experience than the critic has been alive, and despite graduating from Caltech -- meaning I'm probably not a complete idiot.) Our industry is rife with arrogance, and often the arrogance of the young and inexperienced. Our industry seems to value "cowboys" despite doing everything it can (with the management technique "flavor of the month") to stop "cowboys." Our industry is agist, sexist, one where the blind leads the blind, and seminal works attempting to understand the problem of development go ignored. You can read the full comment here or here.
Education

Ask Slashdot: How Do You Make Novice Programmers More Professional? 347

Slashdot reader peetm describes himself as a software engineer, programmer, lecturer, and old man. But how can he teach the next generation how to code more professionally? I have to put together a three-hour (maximum) workshop for novice programmers -- people with mostly no formal training and who are probably flying by the seat of their pants (and quite possibly dangerous in doing so). I want to encourage them to think more as a professional developer would. Ideally, I want to give them some sort of practicals to do to articulate and demonstrate this, rather than just "present" stuff on best practices... If you were putting this together, what would you say and include?
This raises the question of not only what you'd teach -- whether it's variable naming, modular programming, test-driven development, or the importance of commenting -- but also how you'd teach it. So leave your best answers in the comments. How do you make novice programmers more professional?
Firefox

Will WebAssembly Replace JavaScript? (medium.com) 235

On Tuesday Firefox 52 became the first browser to support WebAssembly, a new standard "to enable near-native performance for web applications" without a plug-in by pre-compiling code into low-level, machine-ready instructions. Mozilla engineer Lin Clark sees this as an inflection point where the speed of browser-based applications increases dramatically. An anonymous reader quotes David Bryant, the head of platform engineering at Mozilla. This new standard will enable amazing video games and high-performance web apps for things like computer-aided design, video and image editing, and scientific visualization... Over time, many existing productivity apps (e.g. email, social networks, word processing) and JavaScript frameworks will likely use WebAssembly to significantly reduce load times while simultaneously improving performance while running... developers can integrate WebAssembly libraries for CPU-intensive calculations (e.g. compression, face detection, physics) into existing web apps that use JavaScript for less intensive work... In some ways, WebAssembly changes what it means to be a web developer, as well as the fundamental abilities of the web.
Mozilla celebrated with a demo video of the high-resolution graphics of Zen Garden, and while right now WebAssembly supports compilation from C and C++ (plus some preliminary support for Rust), "We expect that, as WebAssembly continues to evolve, you'll also be able to use it with programming languages often used for mobile apps, like Java, Swift, and C#."
Microsoft

Microsoft Continues Porting Visual C++ To Linux (microsoft.com) 159

Long-time Slashdot reader Billly Gates shared some news from Microsoft's Visual C++ blog: Visual Studio 2017 now lets developers write C++ code for Linux desktops, servers, and other devices without an extension, targeting specific architectures, including ARM: Visual Studio will automatically copy and remotely build your sources and can launch your application with the debugger... Today Visual Studio only supports building remotely on the Linux target machine. It is not limited to specific Linux distros, but we do have dependencies on the presence of some tools. Specifically, we need openssh-server, g++, gdb and gdbserver.

Slashdot Top Deals