The Military

Russia Posts Video Game Screenshot As 'Irrefutable Proof' of US Helping IS (bbc.com) 132

Plus1Entropy shares a report from BBC, adding: "But when I asked Putin, he said they didn't do it": Russia's Ministry of Defense has posted what it called "irrefutable proof" of the U.S. aiding so-called Islamic State -- but one of the images was actually taken from a video game. The ministry claimed the image showed an IS convoy leaving a Syrian town last week aided by U.S. forces. Instead, it came from the smartphone game AC-130 Gunship Simulator: Special Ops Squadron. The ministry said an employee had mistakenly attached the photo. The Conflict Intelligence Team fact-checking group said the other four provided were also errors, taken from a June 2016 video which showed the Iraqi Air Force attacking IS in Iraq. The video game image seems to be taken from a promotional video on the game's website and YouTube channel, closely cropped to omit the game controls and on-screen information. In the corner of the image, however, a few letters of the developer's disclaimer can still be seen: "Development footage. This is a work in progress. All content subject to change."
Programming

ESR Sees Three Viable Alternatives To C (ibiblio.org) 594

An anonymous reader writes: After 35 years of programming in C, Eric S. Raymond believes that we're finally seeing viable alternatives to the language. "We went thirty years -- most of my time in the field -- without any plausible C successor, nor any real vision of what a post-C technology platform for systems programming might look like. Now we have two such visions...and there is another."

"I have a friend working on a language he calls 'Cx' which is C with minimal changes for type safety; the goal of his project is explicitly to produce a code lifter that, with minimal human assistance, can pull up legacy C codebases. I won't name him so he doesn't get stuck in a situation where he might be overpromising, but the approach looks sound to me and I'm trying to get him more funding. So, now I can see three plausible paths out of C. Two years ago I couldn't see any. I repeat: this is huge... Go, or Rust, or Cx -- any way you slice it, C's hold is slipping."

Raymond's essay also includes a fascinating look back at the history of programming languages after 1982, when the major complied languages (FORTRAN, Pascal, and COBOL) "were either confined to legacy code, retreated to single-platform fortresses, or simply ran on inertia under increasing pressure from C around the edges of their domains.

"Then it stayed that way for nearly thirty years."
Facebook

This Time, Facebook Is Sharing Its Employees' Data (fastcompany.com) 45

tedlistens writes from a report via Fast Company: "Facebook routinely shares the sensitive income and employment data of its U.S.-based employees with the Work Number database, owned by Equifax Workforce Solutions," reports Fast Company. "Every week, Facebook provides an electronic data feed of its employees' hourly work and wage information to Equifax Workforce Solutions, formerly known as TALX, a St. Louis-based unit of Equifax, Inc. The Work Number database is managed separately from the Equifax credit bureau database that suffered a breach exposing the data of more than 143 million Americans, but it contains another cache of extensive personal information about Facebook's employees, including their date of birth, social security number, job title, salary, pay raises or decreases, tenure, number of hours worked per week, wages by pay period, healthcare insurance coverage, dental care insurance coverage, and unemployment claim records."

Surprisingly, Facebook is among friends. Every payroll period, Amazon, Microsoft, and Oracle provide an electronic feed of their employees' hourly work and wage information to Equifax. So do Wal-Mart, Twitter, AT&T, Harvard Law School, and the Commonwealth of Pennsylvania. Even Edward Snowden's former employer, the sometimes secretive N.S.A. contractor Booz Allen Hamilton, sends salary and other personal data about its employees to the Equifax Work Number database. It now contains over 296 million employment records for employees at all wage levels, from CEOs to interns. The database helps streamline various processes for employers and even federal government agencies, says Equifax. But databases like the Work Number also come with considerable risks. As consumer journalist Bob Sullivan puts it, Equifax, "with the aid of thousands of human resource departments around the country, has assembled what may be the most powerful and thorough private database of Americans' personal information ever created." On October 8, a month after Equifax announced its giant data breach, security expert Brian Krebs uncovered a gaping hole in the separate Work Number online consumer application portal, which allowed anyone to view a person's salary and employment history "using little more than someone's Social Security number and date of birth -- both data elements that were stolen in the recent breach at Equifax."

Programming

Programming Language Go Turns 8 (golang.org) 67

On this day, eight years ago, a group of programmers at Google released Go, a brand-new open-source programming language that they hoped would solve some of the problems they faced with Java, C++ and other programming languages. In the past eight years, Go has gotten a tremendous traction, with Go helping drive several services running inside Google. The company, on its part, has added a handful of features to Go, including a revamped garbage collector in 2015, and support for various ARM processors. From a blog post: Go has been embraced by developers all over the world with approximately one million users worldwide. In the freshly published 2017 Octoverse by GitHub, Go has become the #9 most popular language, surpassing C. Go is the fastest growing language on GitHub in 2017 in the top 10 with 52% growth over the previous year. In growth, Go swapped places with Javascript, which fell to the second spot with 44%. In Stack Overflow's 2017 developer survey, Go was the only language that was both on the top 5 most loved and top 5 most wanted languages. People who use Go, love it, and the people who aren't using Go, want to be. [...] Since Go was first open sourced we have had 10 releases of the language, libraries and tooling with more than 1680 contributors making over 50,000 commits to the project's 34 repositories; More than double the number of contributors and nearly double the number of commits from only two years ago. This year we announced that we have begun planning Go 2, our first major revision of the language and tooling.
Security

WikiLeaks Starts Releasing Source Code For Alleged CIA Spying Tools (vice.com) 102

An anonymous reader quotes a report from Motherboard: WikiLeaks published new alleged material from the CIA on Thursday, releasing source code from a tool called Hive, which allows its operators to control malware it installed on different devices. WikiLeaks previously released documentation pertaining to the tool, but this is the first time WikiLeaks has released extensive source code for any CIA spying tool. This release is the first in what WikiLeaks founder Julian Assange says is a new series, Vault 8, that will release the code from the CIA hacking tools revealed as part of Vault 7. "This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components," WikiLeaks said in its press release for Vault 8. "Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention." In its release, WikiLeaks said that materials published as part of Vault 8 will "not contain zero-days or similar security vulnerabilities which could be repurposed by others."
Google

Google Wants Google Doodles Taught In Public School, Warns Kids They Best Behave 146

theodp writes: Well, this year's Hour of Code is almost upon us, and if Google has its way, K-12 schoolchildren across the nation will be learning computer science by creating Google Doodles with Scratch (lesson plan). Curiously, the introductory video for the Create Your Own Google Logo Hour of Code activity from the Google Computer Science Education Department sternly warns kids, "While it is okay to use the Google logo for your personal Doodle, it is not okay [emphasis Google's] to use it anyplace else or outside this activity." In addition to respecting its intellectual property, Google instructs kids that they are to follow the Scratch Community Guidelines when they create Google logos: "Please stay positive, friendly, and supportive towards others in the Scratch Community. Help us keep Scratch a place where people of different backgrounds and interests feel welcome to hang out and create together."
Programming

Should Developers Do All Their Own QA? (itnews.com.au) 299

An anonymous reader quotes IT News: Fashion retailer The Iconic is no longer running quality assurance as a separate function within its software development process, having shifted QA responsibilities directly onto developers... "We decided: we've got all these [developers] who are [coding] every day, and they're testing their own work -- we don't need a second layer of advice on it," head of development Oliver Brennan told the New Relic FutureStack conference in Sydney last week. "It just makes people lazy..."

Such a move has the obvious potential to create problems should a developer drop the ball; to make sure the impact of any unforeseen issues is minimised for customers, The Iconic introduced feature toggles -- allowing developers to turn off troublesome functionality without having to deploy new code. Every new feature that goes into production must now sit behind one of these toggles, which dictates whether a user is served the new or old version of the feature in question. The error rates between the new and old versions are then monitored for any discrepancies... While Brennan is no fan of "people breaking things", he argues moving fast is more beneficial for customers.

"If our site is down now, people will generally come back later," Brennan adds, and the company has now moved all of its QA workers into engineering roles.
Programming

Perl is the Most Hated Programming Language, Developers Say (theregister.co.uk) 472

Thomas Claburn, writing for The Register: Developers really dislike Perl, and projects associated with Microsoft, at least among those who volunteer their views through Stack Overflow. The community coding site offers programmers a way to document their technical affinities on their developer story profile pages. Included therein is an input box for tech they'd prefer to avoid. For developers who have chosen to provide testaments of loathing, Perl tops the list of disliked programming languages, followed by Delphi and VBA. The yardstick here consists of the ratio of "likes" and "dislikes" listed in developer story profiles; to merit chart position, the topic or tag in question had to show up in at least 2,000 stories. Further down the down the list of unloved programming language comes PHP, Objective-C, CoffeeScript, and Ruby. In a blog post seen by The Register ahead of its publication today, Stack Overflow data scientist David Robinson said usually there's a relationship between how fast a particular tag is growing and how often it's disliked. "Almost everything disliked by more than 3 per cent of Stories mentioning it is shrinking in Stack Overflow traffic (except for the quite polarizing VBA, which is steady or slightly growing)," said Robinson. "And the least-disliked tags -- R, Rust, TypeScript and Kotlin -- are all among the fast-growing tags (TypeScript and Kotlin growing so quickly they had to be truncated in the plot)."
Security

While Equifax Victims Sue, Congress Limits Financial Class Actions (marketwatch.com) 190

An anonymous reader quotes a local NBC news report: Stories are starting to pour in about those impacted by last month's massive Equifax data breach, which compromised the private information of more than 140 million people. Katie Van Fleet of Seattle says she's spent months trying to regain her stolen identity, and says it has been stolen more than a dozen times. "I kept receiving letters from Kohl's, from Macy's, from Home Depot, from Old Navy saying 'thank you for your application,'" she said to CNN affiliate KCPQ. But she says she's never applied for credit from any of those places. Instead, Van Fleet and her attorney Catherine Fleming say they believe her personal data was stolen during the massive Equifax security breach... Fleming has filed a class-action lawsuit against Equifax, saying they were negligent in losing private information on more than 140 million Americans... "Countless people, I mean, I've really, truly lost count, and the stories that like Katie's, the stories I hear are heart-wrenching," Fleming said.
But are things about to get worse? Marketwatch reports: It will become harder for consumers to sue their banks or companies like Equifax... The Senate voted Tuesday night to overturn a rule the Consumer Financial Protection Bureau worked on for more than five years. The final version of the rule banned companies from putting "mandatory arbitration clauses" in their contracts, language that prohibits consumers from bringing class-action lawsuits against them. It applies to institutions that sell financial products, including bank accounts and credit cards. Consumer advocates say it's good news for companies like Wells Fargo or Equifax, which have both had class-action lawsuits filed against them, and bad news for their customers... Lisa Gilbert, the vice president of legislative affairs at Public Citizen, a nonprofit based in Washington, D.C., said the Senate vote shouldn't impact cases that are already ongoing. However, there will "certainly" be more forced arbitration clauses in contracts in the future, and fewer cases brought against companies, she said.
Programming

Why Do Web Developers Keep Making The Same Mistakes? (hpe.com) 335

An anonymous reader quotes HPE Insights: Software developers and testers must be sick of hearing security nuts rant, "Beware SQL injection! Monitor for cross-site scripting! Watch for hijacked session credentials!" I suspect the developers tune us out... The industry has generated newer tools, better testing suites, Agile methodologies, and other advances in writing and testing software. Despite all that, coders keep making the same dumb mistakes, peer reviews keep missing those mistakes, test tools fail to catch those mistakes, and hackers keep finding ways to exploit those mistakes. One way to see the repeat offenders is to look at the Open Web Application Security Project Top 10, a sometimes controversial ranking of the 10 primary vulnerabilities, published every three or four years by the Open Web Application Security Project... It boggles the mind that a majority of top 10 issues appear across the 2007, 2010, 2013, and draft 2017 OWASP lists...

It's sad that eight out of 10 of the issues from 2013 are still top security issues in 2017. In fact, if you consider that the draft 2017 list combined two of the 2013 items, it's actually nine out of 10. Ouch... What can you do? Train everyone better, for starters. Look at coding and test tools that can help detect or prevent security vulnerabilities, but don't consider them silver bullets. Do dynamic application security testing, including penetration testing and fuzz testing. Ensure admins do their part to protect applications. And finally, make sure you establish a culture of security-aware programming and deployment.

Firefox

After 12 Years, Mozilla Kills 'Firebug' Dev Tool (infoworld.com) 148

An anonymous reader quotes InfoWorld: The Firebug web development tool, an open source add-on to the Firefox browser, is being discontinued after 12 years, replaced by Firefox Developer Tools. Firebug will be dropped with next month's release of Firefox Quantum (version 57). The Firebug tool lets developers inspect, edit, and debug code in the Firefox browser as well as monitor CSS, HTML, and JavaScript in webpages. It still has more than a million people using it, said Jan Honza Odvarko, who has been the leader of the Firebug project. Many extensions were built for Firebug, which is itself is an extension to Firefox... The goal is to make debugging native to Firefox. "Sometimes, it's better to start from scratch, which is especially true for software development," Odvarko said.
Data Storage

US Voting Server At Heart of Russian Hack Probe Mysteriously Wiped (theregister.co.uk) 431

A computer at the center of a lawsuit digging into Russian interference in the U.S. presidential election has been wiped. "The server in question is based in Georgia -- a state that narrowly backed Donald Trump, giving him 16 electoral votes -- and stored the results of the state's vote-management system," reports The Register. "The deletion of its filesystem data makes analysis of whether the system was compromised impossible to ascertain." From the report: There is good reason to believe that the computer may have been tampered with: it is 15 years old, and could be harboring all sorts of exploitable software and hardware vulnerabilities. No hard copies of the votes are kept, making the electronic copy the only official record. While investigating the Kennesaw State University's Center for Election Systems, which oversees Georgia's voting system, last year, security researcher Logan Lamb found its system was misconfigured, exposing the state's entire voter registration records, multiple PDFs with instructions and passwords for election workers, and the software systems used to tally votes cast. Despite Lamb letting the election center knows of his findings, the security holes were left unpatched for seven months. He later went public after the U.S. security services announced there had been a determined effort by the Russian government to sway the presidential elections, including looking at compromising electronic voting machines.

In an effort to force the state to scrap the system, a number of Georgia voters bandied together and sued. They asked for an independent security review of the server, expecting to find flaws that would lend weight to their argument for investment in a more modern and secure system. But emails released this week following a Freedom of Information Act request reveal that technicians at the election center deleted the server's data on July 7 -- just days after the lawsuit was filed. The memos reveal multiple references to the data wipe, including a message sent just last week from an assistant state attorney general to the plaintiffs in the case. That same email also notes that backups of the server data were also deleted more than a month after the initial wipe -- just as the lawsuit moved to a federal court. It is unclear who ordered the destruction of the data, and why, but they have raised yet more suspicions of collusion between the Trump campaign team, the Republican Party, and the Russian government.

Programming

Ask Slashdot: Where Do Old Programmers Go? 481

New submitter oort99 writes: Barreling towards my late 40s, I've enjoyed 25+ years of coding for a living, working in telecoms, government, and education. In recent years, it's been typical enterprise Java stuff. Looking around, I'm pretty much always the oldest in the room. So where are the other old guys? I can't imagine they've all moved up the chain into management. There just aren't enough of those positions to absorb the masses of aging coders. Clearly there *are* older workers in software, but they are a minority. What sectors have the others gone into? Retired early? Low-wage service sector? Genuinely interested to hear your story about having left the field, willfully or otherwise.
Open Source

Oracle Engineer Talks of ZFS File System Possibly Still Being Upstreamed On Linux (phoronix.com) 131

New submitter fstack writes: Senior software architect Mark Maybee who has been working at Oracle/Sun since '98 says maybe we "could" still see ZFS be a first-class upstream Linux file-system. He spoke at the annual OpenZFS Developer Summit about how Oracle's focus has shifted to the cloud and how they have reduced investment in Solaris. He admits that Linux rules the cloud. Among the Oracle engineer's hopes is that ZFS needs to become a "first class citizen in Linux," and to do so Oracle should port their ZFS code to Oracle Linux and then upstream the file-system to the Linux kernel, which would involve relicensing the ZFS code.
Businesses

Oracle, Apple, Google, Amazon, Facebook Blow Even More Cash on Lobbying (theregister.co.uk) 73

An anonymous reader shares a report: American tech giants have ramped up the amount of cash they spend on lobbying US lawmakers to get their own way, yet again. As congressmen consider regulating organizations from Facebook to Google, and mull antitrust crackdowns against Amazon, said corporations have responded by flinging more dosh at the problem. The money is spent on, ahem, holding meetings between company execs and politicians so that businesses can push their agenda and swing decisions in their favor, which may not be in the interests of the people who elected said politicians. Facebook's $2.85m for the third quarter of the year -- disclosed this week as required by law -- is beaten only by the amount it spent in the first quarter: $3.21m. In its second quarter, it blew $2.38m. Overall, Facebook's lobbying bills for 2017 looks set to smash the $9.85m it spent in 2015 and the $8.7m in 2016. The social network is being investigated by both halves of Congress for its role in the Russian propaganda campaign during the US presidential election, and this month has been on a huge PR campaign in the capital. Likewise Amazon spent its highest ever amount on professional lobbyists -- both individuals and companies that book face time with lawmakers and their staff where they press the company's viewpoints. Amazon spent $3.41m in the third quarter, up from $3.21m for the second quarter -- which was also a record spend for the company. Apple has already blown past the $4.67m in spent in 2016 -- which was then its highest-ever spending. So far in 2017, the iPhone maker has spent $5.46m bending lawmakers' ears. Google spent less in the third quarter of the year to the wallet-busting Q2 spend of $5.93m, but it still spent $4.17m -- higher than its average spend of $4.0m per quarter over the past five years. But perhaps the most notable increase in spending has come from Oracle, which spent a whopping $3.82m on lobbying in the third quarter: double what it normally spends.
Programming

Profile of William H. Alsup, a Judge Who Codes and Decides Tech's Biggest Cases (theverge.com) 49

Sarah Jeong at The Verge has an interesting profile of William H. Alsup, the judge in Oracle v. Google case, who to many's surprise was able to comment on the technical issues that Oracle and Google were fighting about. Alsup admits that he learned the Java programming language only so that he could better understand the substance of the case. Here's an excerpt from the interview: On May 18th, 2012, attorneys for Oracle and Google were battling over nine lines of code in a hearing before Judge William H. Alsup of the northern district of California. The first jury trial in Oracle v. Google, the fight over whether Google had hijacked code from Oracle for its Android system, was wrapping up. The argument centered on a function called rangeCheck. Of all the lines of code that Oracle had tested -- 15 million in total -- these were the only ones that were "literally" copied. Every keystroke, a perfect duplicate. It was in Oracle's interest to play up the significance of rangeCheck as much as possible, and David Boies, Oracle's lawyer, began to argue that Google had copied rangeCheck so that it could take Android to market more quickly. Judge Alsup was not buying it. "I couldn't have told you the first thing about Java before this trial," said the judge. "But, I have done and still do a lot of programming myself in other languages. I have written blocks of code like rangeCheck a hundred times or more. I could do it. You could do it. It is so simple." It was an offhand comment that would snowball out of control, much to Alsup's chagrin. It was first repeated among lawyers and legal wonks, then by tech publications. With every repetition, Alsup's skill grew, until eventually he became "the judge who learned Java" -- Alsup the programmer, the black-robed nerd hero, the 10x judge, the "master of the court and of Java."
Businesses

Ask Slashdot: How Can You Apply For A Job When Your Code Samples Suck? 408

An anonymous Slashdot reader ran into a problem when looking for a new employer: Most ask for links to "recent work" but the reason I'm leaving my current job is because this company doesn't produce good code. After years of trying to force them to change, they have refused to change any of their poor practices, because the CTO is a narcissist and doesn't recognize that so much is wrong. I have written good code for this company. The problem is it is mostly back-end code where I was afforded some freedom, but the front-end is still a complete mess that doesn't reflect any coherent coding practice whatsoever...

I am giving up on fixing this company but finding it hard to exemplify my work when it is hidden behind some of the worst front-end code I have ever seen. Most job applications ask for links to live code, not for code samples (which I would more easily be able to supply). Some of the websites look okay on the surface, but are one right click -> inspect element away from giving away the mess; most of the projects require a username and password to login as well but account registration is not open. So how do I reference my recent work when all of my recent work is embarrassing on the front-end?

The original submission's title asked what to use for work samples "when the CTO has butchered all my work." Any suggestions? Leave your best thoughts in the comments. How can you apply for a job when your code samples suck?
AI

Does the Rise of AI Precede the End of Code? (itproportal.com) 205

An anonymous reader shares an article: It's difficult to know what's in store for the future of AI but let's tackle the most looming question first: are engineering jobs threatened? As anticlimactic as it may be, the answer is entirely dependent on what timeframe you are talking about. In the next decade? No, entirely unlikely. Eventually? Most definitely. The kicker is that engineers never truly know how the computer is able to accomplish these tasks. In many ways, the neural operations of the AI system are a black box. Programmers, therefore, become the AI coaches. They coach cars to self-drive, coach computers to recognise faces in photos, coach your smartphone to detect handwriting on a check in order to deposit electronically, and so on. In fact, the possibilities of AI and machine learning are limitless. The capabilities of AI through machine learning are wondrous, magnificent... and not going away. Attempts to apply artificial intelligence to programming tasks have resulted in further developments in knowledge and automated reasoning. Therefore, programmers must redefine their roles. Essentially, software development jobs will not become obsolete anytime soon but instead require more collaboration between humans and computers. For one, there will be an increased need for engineers to create, test and research AI systems. AI and machine learning will not be advanced enough to automate and dominate everything for a long time, so engineers will remain the technological handmaidens.
Education

Learn To Code, It's More Important Than English as a Second Language, Says Apple CEO (cnbc.com) 296

Apple CEO Tim Cook says it is more important to learn how to code than it is to learn English as a second language. From a report: The tech executive made the remarks to French outlet Konbini while in the country for a meeting with French President Emmanuel Macron, who has called for tech companies to pay higher taxes in Europe. "If I were a French student and I were 10 years old, I think it would be more important for me to learn coding than English. I'm not telling people not to learn English in some form -- but I think you understand what I am saying is that this is a language that you can [use to] express yourself to 7 billion people in the world," Cook tells Konbini. "I think that coding should be required in every public school in the world. [...] It's the language that everyone needs, and not just for the computer scientists. It's for all of us."
Businesses

The Case Against Biometric IDs (nakedcapitalism.com) 146

"The White House and Equifax Agree: Social Security Numbers Should Go," reads a headline at Bloomberg. Securities lawyer Jerri-Lynn Scofield tears down one proposed alternative: a universal biometric identity system (possibly using fingerprints and an iris scan) with further numeric verification. Presto Vivace shared the article: Using a biometric system when the basic problem of securing and safeguarding data have yet to be solved will only worsen, not address, the hacking problem. What we're being asked to do is to turn over our biometric information, and then trust those to whom we do so to safeguard that data. Given the current status of database security, corporate and governmental accountability, etc.: How do you think that is going to play out...?

[M]aybe we should rethink the whole impulse to centralize such data collection, for starters. And, after such a thought experiment, then further focus on obvious measures to safeguard such information -- such as installing regular software patches that could have prevented the Equifax hack -- should be the priority. And, how about bringing back a concept in rather short supply in C-suites -- that of accountability? Perhaps measures to increase that might be a better idea than gee whiz misdirected techno-wizardry... The Equifax hack has revealed the sad and sorry state of cybersecurity. But inviting the biometric ID fairy to drop by and replace the existing Social Security number is not the solution.

The article calls biometric identification systems "another source of data to be mined by corporations, and surveilled by those who want to do so. And it would ultimately not foil identity theft." It suggests currently biometric ids are a distraction from the push to change the credit bureau business model -- for example, requiring consumers to opt-in to the collection of their personal data.

Slashdot Top Deals