Oracle

Oracle Announces Java SE 9 and Java EE 8 (oracle.com) 62

rastos1 writes: Oracle has announced the general availability of Java SE 9 (JDK 9), Java Platform Enterprise Edition 8 (Java EE 8) and the Java EE 8 Software Development Kit (SDK). JDK 9 is a production-ready implementation of the Java SE 9 Platform Specification, which was recently approved together with Java EE 8 in the Java Community Process (JCP). Java SE 9 provides more than 150 new features, including a new module system and improvements that bring more scalability, improved security, better performance management and easier development to the world's most popular programming platform.
The Almighty Buck

Why You Shouldn't Imitate Bill Gates If You Want To Be Rich (bbc.com) 278

dryriver writes: BBC Capital has an article that debunks the idea of "simply doing what highly successful people have done to get rich," because many of those "outliers" got rich under special circumstances that are not possible to replicate. An excerpt: "Even if you could imitate everything Gates did, you would not be able to replicate his initial good fortune. For example, Gates's upper-class background and private education enabled him to gain extra programming experience when less than 0.01% of his generation then had access to computers. His mother's social connection with IBM's chairman enabled him to gain a contract from the then-leading PC company that was crucial for establishing his software empire. This is important because most customers who used IBM computers were forced to learn how to use Microsoft's software that came along with it. This created an inertia in Microsoft's favor. The next software these customers chose was more likely to be Microsoft's, not because their software was necessarily the best, but because most people were too busy to learn how to use anything else. Microsoft's success and marketshare may differ from the rest by several orders of magnitude but the difference was really enabled by Gate's early fortune, reinforced by a strong success-breeds-success dynamic."
Python

Python's Official Repository Included 10 'Malicious' Typo-Squatting Modules (bleepingcomputer.com) 69

An anonymous reader quotes BleepingComputer: The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI -- Python Package Index -- the official third-party software repository for the Python programming language. NBU experts say attackers used a technique known as typosquatting to upload Python libraries with names similar to legitimate packages -- e.g.: "urlib" instead of "urllib." The PyPI repository does not perform any types of security checks or audits when developers upload new libraries to its index, so attackers had no difficulty in uploading the modules online.

Developers who mistyped the package name loaded the malicious libraries in their software's setup scripts. "These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script, setup.py, is modified to include a malicious (but relatively benign) code," NBU explained. Experts say the malicious code only collected information on infected hosts, such as name and version of the fake package, the username of the user who installed the package, and the user's computer hostname. Collected data, which looked like "Y:urllib-1.21.1 admin testmachine", was uploaded to a Chinese IP address. NBU officials contacted PyPI administrators last week who removed the packages before officials published a security advisory on Saturday."

The advisory lays some of the blame on Python's 'pip' tool, which executes arbitrary code during installations without requiring a cryptographic signature.

Ars Technica also reports that another team of researchers "was able to seed PyPI with more than 20 libraries that are part of the Python standard library," and that group now reports they've already received more than 7,400 pingbacks.
Open Source

Equifax Blames Open-Source Software For Its Record-Breaking Security Breach (zdnet.com) 275

The blame for the record-breaking cybersecurity breach that affects at least 143 million people falls on the open-source server framework, Apache Struts, according to an unsubstantiated report by equity research firm Baird. The firm's source, per one report, is believed to be Equifax. ZDNet reports: Apache Struts is a popular open-source software programming Model-View-Controller (MVC) framework for Java. It is not, as some headlines have had it, a vendor software program. It's also not proven that Struts was the source of the hole the hackers drove through. In fact, several headlines -- some of which have since been retracted -- all source a single quote by a non-technical analyst from an Equifax source. Not only is that troubling journalistically, it's problematic from a technical point of view. In case you haven't noticed, Equifax appears to be utterly and completely clueless about their own technology. Equifax's own data breach detector isn't just useless: it's untrustworthy. Adding insult to injury, the credit agency's advice and support site looks, at first glance, to be a bogus, phishing-type site: "equifaxsecurity2017.com." That domain name screams fake. And what does it ask for if you go there? The last six figures of your social security number and last name. In other words, exactly the kind of information a hacker might ask for. Equifax's technical expertise, it has been shown, is less than acceptable. Could the root cause of the hack be a Struts security hole? Two days before the Equifax breach was reported, ZDNet reported a new and significant Struts security problem. While many jumped on this as the security hole, Equifax admitted hackers had broken in between mid-May through July, long before the most recent Struts flaw was revealed. "It's possible that the hackers found the hole on their own, but zero-day exploits aren't that common," reports ZDNet. "It's far more likely that -- if the problem was indeed with Struts -- it was with a separate but equally serious security problem in Struts, first patched in March." The question then becomes: is it the fault of Struts developers or Equifax's developers, system admins, and their management? "The people who ran the code with a known 'total compromise of system integrity' should get the blame," reports ZDNet.
Iphone

Leaks Reveal New Features In Apple's Next iPhone 224

Though Apple officially unveils their newest iPhone on Tuesday, information is already leaking on the internet.
  • Mashable: "Physically, it's expected to be about the same size as an iPhone 7, but with an edge-to-edge OLED display that's bigger than what is currently on the iPhone 7 Plus. It won't have a home button or Touch ID, and will likely use some kind of facial recognition tech to unlock."
  • MacRumors cites a report from KGI Securities analyst Ming-Chi Kuo suggesting facial recognition may just be one feature of a complex front camera with 3D sensing hardware, including a proximity sensor, ambient light sensor, and a structured light transmitter (using a surface-emitting laser) and receiver.
  • Fortune: "Apple's iPhone line is expected to catch up with Android phones in the area of wireless charging this year... just lay the phone down on a compatible charger mat or base or dock, and watch the battery fill up."
  • 9to5Mac: "We've found a brand new feature called 'Animoji', which uses the 3D face sensors to create custom 3D animated emoji based on the expressions you make into the camera. Users will be able to make Animoji of unicorns, robots, pigs, pile of poo and many more."
Programming

Is Python Really the Fastest-Growing Programming Language? (stackoverflow.blog) 254

An anonymous reader quotes Stack Overflow Blog: In this post, we'll explore the extraordinary growth of the Python programming language in the last five years, as seen by Stack Overflow traffic within high-income countries. The term "fastest-growing" can be hard to define precisely, but we make the case that Python has a solid claim to being the fastest-growing major programming language... June 2017 was the first month that Python was the most visited [programming language] tag on Stack Overflow within high-income nations. This included being the most visited tag within the US and the UK, and in the top 2 in almost all other high income nations (next to either Java or JavaScript). This is especially impressive because in 2012, it was less visited than any of the other 5 languages, and has grown by 2.5-fold in that time. Part of this is because of the seasonal nature of traffic to Java. Since it's heavily taught in undergraduate courses, Java traffic tends to rise during the fall and spring and drop during the summer.

Does Python show a similar growth in the rest of the world, in countries like India, Brazil, Russia and China? Indeed it does. Outside of high-income countries Python is still the fastest growing major programming language; it simply started at a lower level and the growth began two years later (in 2014 rather than 2012). In fact, the year-over-year growth rate of Python in non-high-income countries is slightly higher than it is in high-income countries... We're not looking to contribute to any "language war." The number of users of a language doesn't imply anything about its quality, and certainly can't tell you which language is more appropriate for a particular situation. With that perspective in mind, however, we believe it's worth understanding what languages make up the developer ecosystem, and how that ecosystem might be changing. This post demonstrated that Python has shown a surprising growth in the last five years, especially within high-income countries.

The post was written by Stack Overflow data scientist David Robinson, who notes that "I used to program primarily in Python, though I have since switched entirely to R."
Bug

Bug In Windows Kernel Could Prevent Security Software From Identifying Malware (bleepingcomputer.com) 75

An anonymous reader writes: "Malware developers can abuse a programming error in the Windows kernel to prevent security software from identifying if, and when, malicious modules have been loaded at runtime," reports Bleeping Computer. "The bug affects PsSetLoadImageNotifyRoutine, one of the low-level mechanisms some security solutions use to identify when code has been loaded into the kernel or user space. The problem is that an attacker can exploit this bug in a way that PsSetLoadImageNotifyRoutine returns an invalid module name, allowing an attacker to disguise malware as a legitimate operation. The issue came to light earlier this year when enSilo researchers were analyzing the Windows kernel code. Omri Misgav, Security Researcher at enSilo and the one who discovered the issue, says the bug affects all Windows versions released since Windows 2000. Misgav's tests showed that the programming error has survived up to the most recent Windows 10 releases." In an interview, the researcher said Microsoft did not consider this a security issue. Bug technical details are available here.
Operating Systems

Is Apple Copying Palm's WebOS? (salon.com) 188

An anonymous reader quotes a report from Salon: Released in 2009 by Palm -- the same company that popularized the PDA in the 1990s -- WebOS pioneered a number of innovations, including multiple synchronized calendars, unified social media and contact management, curved displays, wireless charging, integrated text and Web messaging, and unintrusive notifications [that have all been copied by the mobile operating systems that defeated it on the marketplace]. The operating system, built on top of a Linux kernel, was also legendary for how easily it could be upgraded by users with programming skills. WebOS was also special in that it used native internet technologies like JavaScript for local applications. That was a huge part of why it was able to do so much integration with Web services, something its competitors at the time simply couldn't match.

Apple's upcoming iOS 11 once again demonstrates how far ahead of its time WebOS really was. The yet-to-be-released Apple mobile system has essentially copied the WebOS model for switching apps by having the user swipe upward from the bottom to reveal several "cards" that represent background applications. While Apple's decision to remove its massively overworked Home button is an improvement, it is still an inferior way of switching apps, compared to what you could do on WebOS eight years ago.

Firefox

TechRepublic: Mozilla 'Is Desperately Needed to Save the Web' (techrepublic.com) 317

"I can't remember the last time I cared about Mozilla," writes Matt Asay at TechRepublic. "I also can't remember a time when we needed it more." An anonymous reader quotes TechRepublic: Mozilla's Firefox is almost a rounding error in desktop market share, and nonexistent in mobile browser market share. It offers a few other services, like Pocket, but largely gets ignored... This is a mistake. Our world is increasingly mediated by the internet, and that internet has just a few gatekeepers, collecting tolls as we browse. As Python guru Matt Harrison put it, "Vendors control the default browser which 99.9% of people use." Those vendors are happy to sell us access to information. Nothing about it is free. You are most definitely the product.

On mobile, where the majority of the world's content is now consumed, Google and Facebook own eight of the top 10 apps, with apps devouring 87% of our time spent on smartphones and tablets, according to new comScore data. For that remaining 13% of time spent on the mobile web, Google and Apple offer the two dominant browsers... the majority of our time online is now mediated by just a few megacorporations, and for the most part their top incentive is to borrow our privacy just long enough to target an ad at us. Then there's Mozilla, an organization whose mantra is "Internet for people, not profit." That feels like a necessary voice to add to today's internet oligopoly, but it's not one we're hearing... We clearly need an organization standing up for web freedom, as expecting Google to do that is like asking the fox to guard the henhouse. Google does many great things, but its clear incentive is to sell ads. We are Google's product, as the saying goes.

The article applauds the Mozilla-sponsored Rust programming language as promising, "but not to save the web from the all-consuming embrace of Facebook and Google, especially as they wall off the experience in apps... "If I sound like I don't know what to propose Mozilla should do, it's because I don't. I simply feel strongly that the role Mozilla played in the early browser wars needs to be resurrected to save the web today."
Education

Do Code Bootcamps Work? (inc.com) 139

"Computer programming is highly specialized work; it can't be effectively taught in an intensive program," writes Inc. magazine's contributing editor: Last month, two of the country's largest and most well-regarded coding bootcamps closed. While there are still over 90 such camps in the U.S. and Canada, these for-profit intensive software engineering schools aren't successfully preparing their students for programming jobs. According to a recent Bloomberg article, the Silicon Valley recruiter Mark Dinan characterized the bootcamps as "a freaking joke," while representatives of Google and Autodesk said respectively that "most graduates from these programs are not quite prepared" and "coding schools haven't been much of a focus for [us]."

In one sense, the failure of coding bootcamps reflects the near-universal failure of for-profit universities, colleges, and charter schools to provide a usable education. In another sense, though, coding bootcamps represent a profound misunderstanding of what computer programming is all about... Coding at the professional level is highly specialized and requires years of practice to master... the idea of a bootcamp for coding is just as practical as the idea of a bootcamp for surgery.

Businesses

Coders In Wealthy and Developing Countries Lean on Different Programming Languages (vice.com) 92

Stack Overflow data scientist David Robinson published an interesting observation: There exists a small but meaningful divide between the programming technologies used in wealthy countries and those used in developing countries. From a report: To be sure, programmers everywhere tend to build things with the same tools, which makes sense because software is a global industry. The first is in data science, which tends to employ the programming languages Python and R. "Python is visited about twice as often in high-income countries as in the rest of the world, and R about three times as much," Robinson writes. "We might also notice that among the smaller tags, many of the greatest shifts are in scientific Python and R packages such as pandas, numpy, matplotlib and ggplot2. This suggests that part of the income gap in these two languages may be due to their role in science and academic research. It makes sense these would be more common in wealthier industrialized nations, where scientific research makes up a larger portion of the economy and programmers are more likely to have advanced degrees." C and C++ use is similarly skewed toward wealthy countries. This is likely for a similar reason. These are languages that are pushed in American universities. They also tend to be used in highly specialized/advanced programming fields like embedded software and firmware development where you're more likely to find engineers with advanced degrees.
AI

Could AI Transform Continuous Delivery Development? (thenextweb.com) 78

An anonymous reader quotes The Next Web: According to one study, high-performing IT units with faster software releases are twice as likely to achieve their goals in customer satisfaction, profitability, market share and productivity. Acknowledgement of this has fueled a headlong rush toward what software developers call "continuous delivery"... It's a process most technology departments aspire to but only a fraction have achieved. According to a recent survey by Evans Data, 65 percent of organizations are using continuous delivery on at least some projects, but only 28 percent are using it for all their software. Among non-SaaS companies, that proportion is just 18 percent...

So what comes next? The future of application development depends on using artificial intelligence within the continuous delivery model... We're at the precipice of a new world of AI-aided development that will kick software deployment speeds -- and therefore a company's ability to compete -- into high gear. "AI can improve the way we build current software," writes Diego Lo Giudice of Forrester Research in a recent report. "It will change the way we think about applications -- not programming step by step, but letting the system learn to do what it needs to do -- a new paradigm shift." The possibilities are limited only by our creativity and the investment organizations are willing to make.

The article was written by the head of R&D at Rainforest QA, which is already using AI to manage their crowdsourced quality assurance testing. But he ultimately predicts bigger roles for AI in continuous delivery development -- even choosing which modifications to use in A/B testing, and more systematic stress-testing.
Television

Apple Is Planning a 4K Upgrade For Its TV Box (bloomberg.com) 63

Apple is planning to unveil an upgraded Apple TV set-top box that can stream 4K video and highlight live television content such as news and sports. Bloomberg reports: The updated box, to be revealed alongside new iPhone and Apple Watch models at an event in September, will run a faster processor capable of streaming the higher-resolution 4K content, said the people, who asked not to be identified because the plans aren't yet public. The 4K designation is a quality standard that showcases content at twice the resolution of 1080P high-definition video, meaning the clarity is often better for the viewer. Apple is also testing an updated version of its TV app, which first launched in 2016, that can aggregate programming from apps that already offer live streaming. Apple is seeking to revive its video ambitions with the new product. In order to view 4K video, users will need to attach the updated Apple TV to a screen capable of showing the higher-resolution footage. In order to play 4K and HDR content, Apple will need deals with content makers that can provide video in those formats. The Cupertino, California-based technology giant has begun discussions with movie studios about supplying 4K versions of movies via iTunes, according to people familiar with the talks. The company has also discussed its 4K video ambitions with content companies that already have apps on Apple TV, another person said. Popular video apps on the Apple TV that support 4K on other platforms include Vevo and Netflix.
The Internet

Cord-Cutting Still Doesn't Beat the Cable Bundle (wired.com) 421

I'd like to cut the cord, writes Brian Barrett for Wired, then, the very instant I allow myself to picture what life looks like after that figurative snip, my reverie comes crashing down. From an article: Cutting the cord is absolutely right for some people. Lots of people, maybe. But it's not that cheap, and it's not that easy, and there's not much hope of improvement on either front any time soon. Not to turn this into a math experiment, but let's consider cost. Assuming you're looking for a cord replacement, not abandoning live television altogether, you're going to need a service that bundles together a handful of channels and blips them to your house over the internet. The cheapest way you can accomplish this is to pay Sling TV $20 per month, for which you get 29 channels. That sounds not so bad, and certainly less than your cable bill. But! Sling Orange limits you to a single stream. If you're in a household with others, you'll probably want Sling Blue, which offers multiple streams and 43 channels for $25 per month. But! Sling Orange and Sling Blue have different channel lineups (ESPN is on Orange, not Blue, while Orange lacks FX, Bravo and any locals). For full coverage, you can subscribe to both for $40. But! Have kids? You'll want the Kids Extra package for another $5 per month. Love ESPNU? Grab that $5 per month sports package. HBO? $15 per month, please. Presto, you're up to $65 per month. But! Don't forget the extra $5 for a cloud-based DVR. Plus the high-speed internet service that you need to keep your stream from buffering, which, by the way, it'll do anyway. That's not to pick on Sling TV, specifically. But paying $70 to quit cable feels like smoking a pack of Parliaments to quit Marlboro Lights. You run into similar situations across the board, whether it's a higher base rate, or a limited premium selection, or the absence of local programming altogether. It turns out, oddly enough, that things cost money, whether you access those things through traditional cable packages or through a modem provided to you by a traditional cable operator.
Education

Ask Slashdot: How Can You Teach Programming To Schoolchildren? 353

Slashdot reader SPopulisQR writes: A new school year is approaching and I wanted to ask what are appropriate programming languages for children of various ages. Specifically, 1) what coding languages should be considered, and 2) are there are any self-guided coding websites that can be used by children to learn coding using guidance and help online? Let's say the ages are 8 and 12.
I know there's lots of opinions about CS education (and about whether or not laptops increase test scores). So leave your own best thoughts in the comments. How can you teach programming to schoolchildren?
Java

Red Hat Gives Ceylon To The Eclipse Foundation (eclipse.org) 97

An anonymous reader writes: Some media outlets called Ceylon an attempted "Java killer" when Gavin King first unveiled his secret two-year development project in 2011. In 2013 Red Hat finally released version 1.0 of the modern, modular statically-typed programming language for the Java and JavaScript virtual machines. After another four years, "Ceylon has a small but very active and enthusiastic community of developers and users, and indeed is the fruit of the hard work of a large number of contributors over the years," says a project proposal page at Eclipse.org seeking "to further grow our community... a key strategy to achieve that would be to move Ceylon from Red Hat to a vendor-neutral foundation."

That project has now been approved, and the "Eclipse Ceylon" project has been created. It includes the Ceylon distribution and its SDK, plus the Java2Ceylon converter and the Ceylon Herd project's server (and related services) for Ceylon module sharing. There's also three IDEs (and their code-formatting and functionality-sharing modules).

Back in 2011 InfoWorld predicted that instead of becoming a Java killer, "it is more likely Ceylon will join a growing list of new languages resting atop the JVM, while the Java language and platform will continue on as staples of enterprise computing."
Television

Netflix Plans To Spend $7 Billion On Content In 2018 (streamingobserver.com) 97

According to the Streaming Observer, Netflix plans to increase its budget by $1 billion dollars over the next year and spend over $7 billion on content in 2018. Previously, the company paid $6 billion in 2017 and $5 billion in 2016. From the report: While the internet freaks out about Disney ending its streaming agreement with Netflix, the company continues to forge ahead signing high-profile talent and throwing an enormous budget at its original programming. Just days after the Disney turmoil, Netflix's visionary Chief Content Officer Ted Sarandos stated that the streaming leader plans to increase its budget by $1 billion dollars over the next year. As of now, Netflix currently has $15.7 billion in outstanding obligations in deals for new series and films over the next few years. With such an astronomically-large budget, media analysts are already beginning to wonder if Netflix is "rescuing" or "ruining" Hollywood by creating such a singular creator-producer-distributor model. Sarandos counters those claims, however, stating that Netflix is merely on the forefront of what's already a growing trend throughout the media industries: "I would say that the relationship between studios and networks has always been that of a frenemy. Everyone is doing some version of it already. They just have to make a decision for their companies, their brands and their shareholders on how to best optimize the content. We started making original content five years ago, betting this would happen."
Businesses

Apple Is Bringing a Billion Dollar Checkbook To Hollywood and Wants To Buy 10 TV Shows (recode.net) 79

Apple is officially open for business in Hollywood. From a report: The company is telling content makers it wants to spend $1 billion on its own stuff over the next year. That's music to studios' ears, and a tune they have been expecting for some time -- especially after Apple hired two top Sony TV executives in June. We still don't know what Apple wants to do with that content: The Wall Street Journal says Apple wants to make up to 10 "Game of Thrones" -- or "House of Cards"-scale shows, but that's not enough to launch a full-scale subscription service.
Google

Google Hires Former Star Apple Engineer Chris Lattner For Its AI Team (bloomberg.com) 49

An anonymous reader shares a report: Chris Lattner, a legend in the world of Apple software, has joined another rival of the iPhone maker: Alphabet's Google, where he will work on artificial intelligence. Lattner announced the news on Twitter on Monday, saying he will start next week. His arrival at Mountain View, California-based Google comes after a brief stint as head of the automated driving program at Tesla, which he left in June. Lattner made a name for himself during a decade-plus career at Apple, where he created the popular programming language Swift. Lattner said he is joining Google Brain, the search giant's research unit. There he will work on a different software language: TensorFlow, Google's system designed to simplify the programming steps for AI, according to a person with knowledge of the matter.
Programming

New 'Asciidots' Programming Language Uses Ascii Art (And Python) (github.com) 28

An anonymous reader quotes Motherboard: If the esoteric programming language Asciidots looks like a mess, it is at least a very different-looking and even aesthetically pleasing mess. Simply, its mechanics and syntax are based on Ascii art... Asciidots is a unique sort of programming language known as a dataflow language. In this sort of language, we can imagine units of data (like our variable x) following a data go-kart track that's interrupted in different places with pit stops that change the value of the data go-kart that's following the track around. One pit stop might add 1 to the variable, while another might chop it in half. At some points, the track might even split, with the data go-kart picking one fork depending on its current value. If, say, it's greater than 2 it might go left; otherwise, it goes right...

In Asciidots, the aforementioned go-kart track is represented by lines (|,-,/,\)... Most of the other non-line symbols are mathematical operators, but there are also symbols that direct the program to request input from the user, set values, print values, and change the direction of the unit of data... Under the hood, Asciidots is a Python program. An Asciidots program is just fed into that underlying program and digested into normal Python code, which is then executed.

The article includes some examples, and argues that esoteric esolangs like Asciidots force programmers to consider fresh perspectives. And in addition, "it looks really cool."

Slashdot Top Deals