Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Programming

Programming Language Gurus Converge on 'Curry On' Conference (curry-on.org) 78

Videos are now online from this week's Curry On conference, which incuded talks by programming pioneers Larry Wall and Matthias Felleisen, as well as speakers from Google, Twitter, Facebook, Microsoft, and Oracle. Dave Herman from Mozilla Research also talked about building an open source research lab, while Larry Wall's keynote was titled "It's the End of the World as We Know It, and I Feel Fine."

Billing itself as a non-profit conference about programming languages and emerging computer-industry challenges, this year's installment included talks about Java, Rust, Scala, Perl, Racket, Clojure, Rascal, Go and Oden. Held in a different European city each year, the annual conference hopes to provoke an open conversation between academia and the larger technology industry.
Programming

Ask Slashdot: When Do You Include 'Unnecessary' Code? (sas.com) 234

"For more than 20 years I've been putting semicolons at the end of programming statements in SAS, C/C++, and Java/Javascript," writes Rick Wicklin, a researcher in computational statistics at SAS. "But lately I've been working in a computer language that does not require semicolons. Nevertheless... I catch myself typing unnecessary semicolons out of habit," he writes, while at other times "I include optional statements in my programs for clarity, readability, or to practice defensive programming." While Wicklin's post is geared towards SAS programming, Slashdot reader theodp writes that the question is a language-agnostic one: ...when to include technically-unnecessary code -- e.g., variable declarations, superfluous punctuation, block constructs for single statements, values for optional parameters that are the defaults, debugging/validation statements, non-critical error handling, explicitly destroying objects that would otherwise be deleted on exit, labeled NEXT statements, full qualification of objects/methods, unneeded code from templates...
He's wondering if other Slashdot readers have trouble tolerating their co-workers' unnecessary codes choices (which he demonstrates with a video clip from Silicon Valley). So leave your answers in the comments. When do you do include 'unnecessary' code in your programs -- and why?
Software

The Freeware Hall of Fame Enters Its 20th Year (freewarehof.org) 41

After our story about the ongoing development of FreeDOS, long-time Slashdot reader reybo shares another valuable resource that's been "All free, all the time since 1984": Younger FreeDOS users may not know of the Freeware Hall of Fame, a source of old DOS freeware some of which is on-line 24/7 at www.freewarehof.org . This file base of free programs was begun in 1984 to help small businesses enter the world of computers. It became an international file base distributed to BBSs around the world via floppy disc until Bobbie Sumrada in Memphis gave it a home on CHEERS, her premier BBS.

The entire history is on the FreeHOF web site. Also there are downloadable copies of PCBoard, one of the great BBS platforms of all time. Anyone can create a dial-up BBS with this to see what they were like, so long as they have a DOS partition for it. I think MS DOS is also there to download, version 5.n or 6.n. Something you won't find at this site is games. FHOF never distributed games.

"No Flash, no Java, no goddam rollovers..." reads one page, which notes that in the mid-'90s they were picked as one of the world's 25 best BBSs by Boardwatch magazine.
Android

Ask Slashdot: How Often Do You Switch Programming Languages? 331

An anonymous Slashdot reader writes: I always see a lot of different opinions about programming languages, but how much choice do you really get to have over which language to use? If you want to develop for Android, then you're probably using Java...and if you're developing for iOS, then you've probably been using Swift or Objective-C. Even when looking for a job, all your most recent job experience is usually tied up in whatever language your current employer insisted on using. (Unless people are routinely getting hired to work on projects in an entirely different language than the one that they're using now...)

Maybe the question I really want to ask is how often do you really get to choose your programming languages... Does it happen when you're swayed by the available development environment or intrigued by the community's stellar reputation, or that buzz of excitement that keeps building up around one particular language? Or are programming languages just something that you eventually just fall into by default?

Leave your answers in the comments. How often do you switch programming languages?
Oracle

Oracle Asks Judge To Throw Out Java/Google Verdict...Again (siliconvalley.com) 122

Just when you thought the six-year, $9 billion lawsuit was over, an anonymous reader quotes this report from the Bay Area Newsgroup: Oracle has asked a judge -- again -- to throw out the verdict that found Google rightfully helped itself to Oracle programming code to create the Android operating system... A judge already rejected a bid in May by Oracle to get the verdict thrown out. But the software and cloud company hasn't given up. On July 6, Oracle filed a motion in San Francisco U.S. District Court again asking the same judge, William Alsup, to toss the verdict.

The company cited case law suggesting use is not legal if the user "exclusively acquires conspicuous financial rewards'' from its use of the copyrighted material. Google, said Oracle, has earned more than $42 billion from Android. "Google's financial rewards are as 'conspicuous' as they come, and unprecedented in the case law," Oracle's filing said. Oracle wants the judge to adhere to the narrower and more traditional applications of fair use, "for example, when it is 'criticism, comment, news reporting, teaching ... scholarship, or research.'"

Java

TIOBE's Language-Popularity Index Sees A New Top 10 Language: Assembly (tiobe.com) 348

TIOBE's "Programming Community Index" measures the popularity of languages by the number of skilled engineers, courses, and third-party vendors. Their July report indicates that Assembly has become one of the 10 most popular languages: It might come as surprise that the lowest level programming language that exists has re-entered the TIOBE index top 10. Why would anyone write code at such a low level, being far less productive if compared to using any other programming language and being vulnerable to all kinds of programming mistakes? The only reasonable explanation for this is that the number of very small devices that are only able to run assembly code is increasing. Even your toothbrush or coffee machine are running assembly code nowadays. Another reason for adoption is performance. If performance is key, nobody can beat assembly code.
The report also noted that CFML (ColdFusion) jumped from #102 to #66, Maple from #94 to #74, and Tcl from #65 to #48. But Java still remains the #1 most-popular language, with C and C++ still holding the #2 and #3 positions. Over the last five years, C# and Python have risen into the #4 and #5 spots (made possible by PHP's drop to the #6 position) while JavaScript now holds the #7 position (up from #9 in 2011). Visual Basic .NET came in at #8, and Perl at #9.
Java

Oracle Says It Is 'Committed' To Java EE 8 -- Amid Claims It Quietly Axed Future Development (theregister.co.uk) 66

Media reports, citing anonymous Oracle engineers, noted earlier this week that development of Java EE (Enterprise Edition) projects at Oracle had been "practically ceased" since last fall. This led many to wonder about the future of Java. Well, it's all cosy, says Oracle. The software firm assures that it is "committed" to Java. The Register reports: The Redwood City titan said it will present fresh plans for the future of Java EE 8 at its JavaOne conference in San Francisco in September. Version eight is due to be released in the first half of 2017. However, over the past six months, it appeared Oracle had pretty much ceased development of the enterprise edition -- a crucial component in hundreds of thousands of business applications -- and instead quietly focused its engineers on other products and projects. Oracle spokesman Mike Moeller tonight sought to allay those fears, and said a plan for the future of Java EE is brewing. "Oracle is committed to Java and has a very well defined proposal for the next version of the Java EE specification -- Java EE 8 -- that will support developers as they seek to build new applications that are designed using micro-services on large-scale distributed computing and container-based environments on the Cloud," said Moeller.
Java

Oracle May Have Stopped Funding and Developing Java EE (arstechnica.com) 115

While anticipating new features in Java 9, developers also have other concerns, according to an anonymous Slashdot reader: ArsTechnica is reporting that Oracle has quietly pulled funding and development efforts away from Java EE, the server-side Java technology that is part of hundreds of thousands of Internet and business applications. Java EE even plays an integral role for many apps that aren't otherwise based on Java, and customers and partners have invested time and code. It wouldn't be the first time this has happened, but the implications are huge for Java as a platform.
"It's a dangerous game they're playing..." says one member of the Java Community Process Executive Committee. "It's amazing -- there's a company here that's making us miss Sun." Oracle's former Java evangelist even left the company in March and became a spokesman for the "Java EE Guardians," who have now created an online petition asking Oracle to "clarify" its intent and resume development or "transfer ownership of Java EE 8".
Earth

Google's Satellite Map Gets a 700-Trillion-Pixel Makeover (theatlantic.com) 70

An anonymous reader writes: On Monday, Google Maps has received a makeover with 700 trillion pixels of new data added to the service. The Atlantic reports: "The new map, which activates this week for all users of Google Maps and Google Earth, consists of orbital imagery that is newer, more detailed, and of higher contrast than the previous version. Most importantly, this new map contains fewer clouds than before -- only the second time Google has unveiled a "cloudless" map. Google had not updated its low- and medium- resolution satellite map in three years. The new version of the map includes data from Landsat 8, the newer version of the same satellite (Landsat 7, the U.S. government satellite which supplied the older map's imagery data), letting Google clear the ugly artifacts. Google's new update doesn't include imagery at the highest zoom levels, like the kind needed to closely inspect an individual house, pool, or baseball field. Those pictures do not come from Landsat at all, but from a mix of other public and private aerial and space-based cameras, including DigitalGlobe's high-resolution satellites. The image processing for this most recent map was completed entirely in Google Earth Engine, the company's geospatial-focused cloud infrastructure. In fact, the entire algorithm to create the cloudless map was written in Javascript in the Earth Engine development interface."
Programming

Java, PHP, NodeJS, and Ruby Tools Compromised By Severe Swagger Vulnerability (threatpost.com) 97

"Researchers have discovered a vulnerability within the Swagger specification which may place tools based on NodeJS, PHP, Ruby, and Java at risk of exploit," warns ZDNet's blog Zero Day, adding "the severe flaw allows attackers to remotely execute code." Slashdot reader msm1267 writes: A serious parameter injection vulnerability exists in the Swagger Code Generator that could allow an attacker to embed executable code in a Swagger JSON file. The flaw affects NodeJS, Ruby, PHP, Java and likely other programming languages. Researchers at Rapid7 who found the flaw disclosed details...as well as a Metasploit module and a proposed patch for the specification. The matter was privately disclosed in April, but Rapid7 said it never heard a response from Swagger's maintainers.

Swagger produces and consumes RESTful web services APIs; Swagger docs can be consumed to automatically generate client-server code. As of January 1, the Swagger specification was donated to the Open API Initiative and became the foundation for the OpenAPI Specification. The vulnerability lies in the Swagger Code Generator, and specifically in that parsers for Swagger documents (written in JSON) don't properly sanitize input. Therefore, an attacker can abuse a developer's trust in Swagger to include executable code that will run once it's in the development environment.

Safari

Safari 10 In macOS Sierra Deactivates Flash, Silverlight and Other Plug-Ins by Default (webkit.org) 114

Apple's web browser Safari 10, which will ship with macOS Sierra, will disable Flash, Java, Silverlight, QuickTime and other plug-ins by default. The move will help the company improve the overall web browsing experience by focusing on HTML5 content. From a post on WebKit blog, authored by Apple's Safari team: When a website directly embeds a visible plug-in object, Safari instead presents a placeholder element with a "Click to use" button. When that's clicked, Safari offers the user the options of activating the plug-in just one time or every time the user visits that website. Here too, the default option is to activate the plug-in only once.
Java

Judge Blasts Oracle's Attempt To Overturn Pro-Google Jury Verdict (arstechnica.com) 106

Joe Mullin, reporting for Ars Technica: Google successfully made its case to a jury last month that its use of Java APIs in Android was "fair use," and the verdict rejected Oracle's claim that the mobile system infringed its copyrights. After Google argued its case, though, Oracle filed a motion arguing that the judge should decide as a matter of law that fair use didn't cover it. In the wake of the jury's pro-Google verdict, Oracle's motion was its last hope of a trial victory. It didn't happen; US District Judge William Alsup shot down the motion on Wednesday. The same order also denied Google's motion making similar arguments, filed at the close of trial but before the jury's verdict. Alsup's stinging order [PDF], which rejects Oracle's argument [PDF] on every front, hardly comes as a surprise. But the document provides the first insights as to what Oracle might bring up in an appeal proceeding, which the company has said it will pursue. In the order, Alsup defends how he ran the trial. The evidence and instructions presented to the jury were a mix of mandates from the appeals court, which overruled Alsup on the key issue of API copyrightability, and modifications urged by both sides' lawyers.
Android

Op-ed: Oracle Attorney Says Google's Court Victory Might Kill the GPL (arstechnica.com) 357

Annette Hurst, an attorney at Orrick, Herrington & Sutcliffe who represented Oracle in the recent Oracle v. Google trial, has written an opinion piece for Ars Technica in which she urges developers and creators to not celebrate Google's win in the hard-fought copyright case as the decision -- if remains intact -- is poised to make them "suffer" everywhere and also the free software movement itself "now faces substantial jeopardy." As you're aware, in a verdict earlier this week, a federal court announced that Google's Android operating system didn't infringe on Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use." Hurst writes: No business trying to commercialize software with any element of open software can afford to ignore this verdict. Dual licensing models are very common and have long depended upon a delicate balance between free use and commercial use. Royalties from licensed commercial exploitation fuel continued development and innovation of an open and free option. The balance depends upon adherence to the license restrictions in the open and free option. This jury's verdict suggests that such restrictions are now meaningless, since disregarding them is simply a matter of claiming "fair use." It is hard to see how GPL can survive such a result. In fact, it is hard to see how ownership of a copy of any software protected by copyright can survive this result. Software businesses now must accelerate their move to the cloud where everything can be controlled as a service rather than software. Consumers can expect to find decreasing options to own anything for themselves, decreasing options to control their data, decreasing options to protect their privacy.
The Military

Department of Homeland Security Still Uses COBOL (softpedia.com) 217

The Department of Defense has promised to finally stop managing the U.S. nuclear arsenal with floppy disks "by the end of 2017". But an anonymous reader shares Softpedia's report about another startling revelation this week from the Government Accountability Office: Another agency that plans to upgrade is the US Department of Veterans Affairs, which uses COBOL, a programming language from the '50s to manage a system for employee time and attendance. Unfortunately for the VA, there were funds only to upgrade that COBOL system, because the agency still uses the antiquated programming language to run another system that tracks claims filed by veterans for benefits, eligibility, and dates of death. This latter system won't be updated this year. Another serious COBOL user is the Department of Homeland Security, who employs it to track hiring operations, alongside a 2008 IBM z10 mainframe and a Web component that uses a Windows 2012 server running Java.
Personnel files are serious business. A 2015 leak of the secret service's confidential personnel files for a Utah Congressman (who was leading a probe into high-profile security breaches and other missteps) led the Department of Homeland Security to discipline 41 secret service agents.
Google

Android Is 'Fair Use' As Google Beats Oracle In $9 Billion Lawsuit (arstechnica.com) 243

infernalC writes: Ars Technica is reporting that the verdict is in, and that the jury decided that Google's duplication of several Java interfaces is fair use. Ars Technica writes that Google's Android OS does not infringe upon Oracle-owned copyrights because its re-implementation of 37 Java APIs is protected by "fair use." The jury unanimously answered "yes" in response to whether or not Google's use of Java APIs was a "fair use" under copyright law. The trial is now over, since Google won. "Google's win somewhat softens the blow to software developers who previously thought programming language APIs were free to use," Ars Technica writes. "It's still the case that APIs can be protected by copyright under the law of at least one appeals court. However, the first high-profile attempt to control APIs with copyright law has now been stymied by a "fair use" defense." The amount Oracle may have asked for in damages could have been as much as $9 billion.
Oracle

Declaring Code Is Not Code, Says Larry Page (arstechnica.com) 405

Alphabet CEO Larry Page says his company never considered getting permission from Oracle for using the latter's Java APIs in Android. Page, who appeared in a federal court, said Java APIs are open and free, which warrants them or anyone to use it without explicit permission from Oracle. From an Ars Technica report (edited for clarity): "But you did copy the code and copy the structure, sequence, and organization of the APIs?" Oracle attorney Peter Bicks asked, raising his voice. "I don't agree with 'copy code,'" Page said. "For me, declaring code is not code," Page said. "Have you paid anything to Oracle for using that intellectual property?" Bicks asked. "When Sun established Java, they established it as an open source thing," Page said. "I believe the APIs we used were pretty open. No, we didn't pay for the free and open things." [...] "Was Google seeking a license for Java?" Google lawyer Robert Van Nest asked. "Yes, and a broader deal around other things, like branding and cooperation," Page said. "After discussions with Sun broke off, did you believe Google needed a license for APIs?" Van Nest asked. "No, I did not believe that," Page said. "It was established industry practice that the API and just the headers of those things could be taken and re-implemented. [It must be done] very carefully, not to use any existing implementation of those systems. That's been done many, many times. I think we acted responsibly and carefully around these intellectual property issues."
Security

Attackers Targeting Critical SAP Flaw Since 2013 (threatpost.com) 57

msm1267 quotes a report from Threatpost: Three dozen global enterprises have been breached by attackers who exploited a single, mitigated vulnerability in SAP business applications. The attacks were carried out between 2013 and are ongoing against large organizations owned by corporations in the United States, United Kingdom, Germany, China, India, Japan, and South Korea, spanning 15 critical industries, researchers at Onapsis said today. [The DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University also published an alert this morning, the first in its history for SAP applications.] The severity of these attacks is high and should put other organizations on notice that are running critical business processes and data through SAP Java apps. The issue lies in the Invoker Servlet, which is part of the standard J2EE specification and enables developers to test custom Java applications. When it is enabled, developers and users can call these servlets over the Internet directly without authentication or authorization controls. Attackers, however, can take advantage of this same functionality to exploit these business critical systems.
Java

No One Should Have To Use Proprietary Software To Communicate With Their Government (fsf.org) 154

Donald Robertson, writing for Free Software Foundation: Proprietary JavaScript is a threat to all users on the Web. When minified, the code can hide all sorts of nasty items, like spyware and other security risks. [...] On March 1st, 2016, the Copyright Office announced a call for comments on an update to their technology infrastructure. We submitted a comment urging them to institute a policy that requires all software they develop and distribute to be free software. Further, we also urged them to not require people to run proprietary software in order to communicate or submit comments to them. Unfortunately, once again, the Copyright Office requires the use of proprietary JavaScript in order to submit the comment and they are only accepting comments online unless a person lacks computer or Internet access. [...] The most absurd part of all this is that other government agencies, while still using Regulations.gov, are perfectly capable of offering alternatives to submission.
Security

US Toy Maker Maisto's Website Pushes Ransomware (pcworld.com) 26

An anonymous reader shares a PCWorld article: Attackers are aggressively pushing a new file-encrypting ransomware program called CryptXXX by compromising websites, the latest victim being U.S. toy maker Maisto. Fortunately, there's a tool that can help users decrypt CryptXXX affected files for free. Security researchers from Malwarebytes reported Thursday that maisto.com was infected with malicious JavaScript that loaded the Angler exploit kit. This is a Web-based attack tool that installs malware on users' computers by exploiting vulnerabilities in their browser plug-ins. It also steals bitcoins from local wallets, a double hit to victims, because it then asks for the equivalent of $500 in bitcoins in order to decrypt their files. [...] Researchers from antivirus firm Kaspersky Lab recently updated their ransomware decryption toolto add support for CryptXXX affected files. The attack code exploits vulnerabilities in older versions of applications such as Flash, Java, Internet Explorer, and Silverlight. At this point, it isn't clear exactly how many users are affected.

Slashdot Top Deals