Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Programming

Wired Hails Rust as 'the Viral Secure Programming Language That's Taking Over Tech' (wired.com) 126

A new article from Wired calls Rust "the 'viral' secure programming language that's taking over tech."

"Rust makes it impossible to introduce some of the most common security vulnerabilities. And its adoption can't come soon enough...." [A] growing movement to write software in a language called Rust is gaining momentum because the code is goof-proof in an important way. By design, developers can't accidentally create the most common types of exploitable security vulnerabilities when they're coding in Rust, a distinction that could make a huge difference in the daily patch parade and ultimately the world's baseline cybersecurity....

[B]ecause Rust produces more secure code [than C] and, crucially, doesn't worsen performance to do it, the language has been steadily gaining adherents and now is at a turning point. Microsoft, Google, and Amazon Web Services have all been utilizing Rust since 2019, and the three companies formed the nonprofit Rust Foundation with Mozilla and Huawei in 2020 to sustain and grow the language. And after a couple of years of intensive work, the Linux kernel took its first steps last month to implement Rust support. "It's going viral as a language," says Dave Kleidermacher, vice president of engineering for Android security and privacy. "We've been investing in Rust on Android and across Google, and so many engineers are like, 'How do I start doing this? This is great'...."

By writing new software in Rust instead, even amateur programmers can be confident that they haven't introduced any memory-safety bugs into their code.... These types of vulnerabilities aren't just esoteric software bugs. Research and auditing have repeatedly found that they make up the majority of all software vulnerabilities. So while you can still make mistakes and create security flaws while programming in Rust, the opportunity to eliminate memory-safety vulnerabilities is significant....

"Yes, it's a lot of work, it will be a lot of work, but the tech industry has how many trillions of dollars, plus how many talented programmers? We have the resources," says Josh Aas, executive director of the Internet Security Research Group, which runs the memory-safety initiative Prossimo as well as the free certificate authority Let's Encrypt. "Problems that are merely a lot of work are great."

Here's how Dan Lorenc, CEO of the software supply-chain security company Chainguard, explains it to Wired. "Over the decades that people have been writing code in memory-unsafe languages, we've tried to improve and build better tooling and teach people how to not make these mistakes, but there are just limits to how much telling people to try harder can actually work.

"So you need a new technology that just makes that entire class of vulnerabilities impossible, and that's what Rust is finally bringing to the table."

Submission + - Autonomous Cars? How About Autonomous Bikes?

R3d M3rcury writes: So we've all heard about the brave new world of autonomous cars which will be at our beck-and-call. But how about an autonomous bike?

The i-Bike (not to be confused with the iBike computer) is the winner of KPIT Sparkle 2016, the All India Science and Engineering Student Contest. It started off as a bicycle suitable for use by people with disabilities. If you could use a smartphone, you could ride a bike. But the developers realized that this could be part of a bike-sharing system. You could rent a bike at the train station, ride to work, and then have the bike automatically return to the train station for the next person.

Of course, the obvious question is: Will the bike stop at stop signs?

Submission + - Biometric Tech Uses Sound To Distinguish Ear Cavity Shape

Orome1 writes: NEC is developing a new biometric personal identification technology that uses the resonation of sound determined by the shape of human ear cavities to distinguish individuals. The new technology instantaneously measures (within approximately one second) acoustic characteristics determined by the shape of the ear, which is unique for each person, using an earphone with a built-in microphone to collect earphone-generated sounds as they resonate within ear cavities.

Submission + - Book review: Architecting the Cloud

benrothke writes: Architecting the Cloud: Design Decisions for Cloud Computing Service Models (SaaS, PaaS, and IaaS

Author: Michael Kavis

Pages: 224

Publisher: Wiley

Rating: 9/10

Reviewer: Ben Rothke

ISBN: 978-1118617618

Summary: Extremely honest and enlightening book on how to effectively use the cloud





Most books about cloud computing are either extremely high-level quasi-marketing tomes about the myriad benefits of the cloud without any understanding of how to practically implement the technology under discussion. The other type of cloud books are highly technical references guides, that provide technical details, but for a limited audience.



In Architecting the Cloud: Design Decisions for Cloud Computing Service Models, author Michael Kavis has written perhaps the most honest book about the cloud. Make no doubt about it; Kavis is a huge fan of the cloud. But more importantly, he knows what the limits of the cloud are, and how cloud computing is not a panacea. That type of candor makes this book an invaluable guide to anyone looking to understand how to effective deploy cloud technologies.



The book is an excellent balance of the almost boundless potential of cloud computing, mixed with a high amount of caution that the potential of the cloud can only be manifest with effective requirements and formal security architecture.



The full title of the book is: Architecting the Cloud: Design Decisions for Cloud Computing Service Models: SaaS, PaaS, and IaaS. One of the mistakes of using the cloud is that far too many decision makers rush in, without understanding the significant differences (and they are significant) between the 3 main cloud service models.



The book crams a lot in under 200 pages in the following 16 chapters:

1 Why Cloud, Why Now?

2 Cloud Service Models

3 Cloud Computing Worst Practices

4 It Starts with Architecture

5 Choosing the Right Cloud Service Model

6 The Key to the Cloud: RESTful Services

7 Auditing in the Cloud

8 Data Considerations in the Cloud

9 Security Design in the Cloud

10 Creating a Centralized Logging Strategy

11 SLA Management

12 Monitoring Strategies

13 Disaster Recovery Planning

14 Leveraging a DevOps Culture to Deliver Software Faster and More Reliably

15 Assessing the Organizational Impact of the Cloud Model

16 Final Thoughts



In chapter 1, he provides a number of enthusiastic cloud success stories to set the stage. He shows how a firm was able to build a solution entirely on the public cloud with a limited budget. He also showcases Netflix, whose infrastructure is built on Amazon Web Services (AWS).



Chapter 3 is titled cloud computing worst practicesand the book would be worth purchasing for this chapter alone. The author has a number of cloud horror stories and shows the reader how they can avoid failure when moving to the cloud. While many cloud success stories showcase applications developed specifically for the cloud, the chapter details the significant challenges of migrating existing and legacy applications to the cloud. Such migrations are not easy endeavors, which he makes very clear.



In the chapter, Kavis details one of the biggest misguided perceptions of cloud computing, in that it will greatly reduce the cost of doing business. That is true for some cloud initiatives, but definitely not all, as some cloud marketing people may have you believe.



Perhaps the most important message of the chapter is that not every problem is one that needs to be solved by cloud computing. He cites a few examples where not going with a cloud solution was actually cheaper in the long run.



The book does a very good job of delineating the differences between the various types of cloud architectures and service models. He notes that one reason for leveraging IaaS over PaaS, is that when a PaaS provider has an outage, the customer can only wait for the provider to fix the issue and get the services back online. With IaaS, the customer can architect for failure and build redundant services across multiple physical or virtual data centers.



For many CIO's, the security fears of the cloud means that they will immediately write-off any consideration of cloud computing. In chapter 9, the author notes that almost any security regulation or standard can be met in the cloud. As none of the regulations and standard dictate where the data must specifically reside.



The book notes that for security to work in the cloud, firm's needs to apply 3 key strategies for managing security in cloud-based applications, namely centralization, standardization and automation.



In chapter 10, the book deals with creating a centralized logging strategy. Given that logging is a critical component of any cloud-based application; logging is one of the areas that many firms don't adequate address in their move to the cloud. The book provides a number of approaches to use to create an effective logging strategy.



The only issue I have with the book is that while the author is a big fan of Representational state transfer (REST), many firms have struggled to obtain the benefits he describes. RESTful is an abstraction of the architecture of the web; namely an architectural style consisting of a coordinated set of architectural constraints applied to components, connectors and data elements, within a distributed hypermedia system. REST ignores the details of component implementation and protocol syntax in order to focus on the roles of components, the constraints upon their interaction with other components, and their interpretation of significant data elements.



I think the author places too much reliance on RESTful web services and doesn't detail the challenges in making it work properly.RESTful is not always the right choice even though it is all the rage in some cloud design circle.



While the book is part of the Wiley CIO Series, cloud architects, software and security engineers, technical managers and anyone with an interest in the cloud will find this an extremely valuable resource.



Ironically, for those that are looking for ammunition why the cloud is a terrible idea, they will find plenty of evidence for it in the book. But the reasons are predominantly that those that have failed in the cloud, didn't know why they were there in the first place, or were clueless on how to use the cloud.



For those that want to do the cloud right, the book provides a vendor neutral approach and gives the reader an extremely strong foundation on which to build their cloud architecture.



The book lists the key challenges that you will face in the migration to the cloud, and details how most of those challenges can be overcome. The author is sincere when he notes areas where the cloud won't work.



For those that want an effective roadmap to get to the cloud, and one that provides essential information on the topic, Architecting the Cloud: Design Decisions for Cloud Computing Service Modelsis a book that will certainly meet their needs.





Reviewed by Ben Rothke

Submission + - Fedora to get a new partition manager (themukt.com)

sfcrazy writes: Developer Vratislav Podzimek announced the next-gen partition manager for Fedora, blivet-gui. It is eventually going to replace GParted, the most popular GUI based partition manager found in all major distros. The new tool is named blivet-gui as it is based on the blivet python library (originally Anaconda’s storage management and configuration tool). The need of a new partition manager is roots from the fact that none of the existing GUI partitioning tools supports all the modern storage technologies. Fedora’s Anaconda base supports all and is hence chosen as the back-end for this new intuitive tool. The application is only a few months old but is already looking nice and useful. Features like RAID and BTRFS support are being worked on. Vojtech Trefny is the other developer working with Vratislav on blivet-gui.

Submission + - Ancient worms may have saved Earth (sciencemag.org)

sciencehabit writes: You can credit your existence to tiny wormlike creatures that lived 500 million years ago, a new study suggests. By tunneling through the sea floor, scientists say, these creatures kept oxygen concentrations at just the right level to allow animals and other complex life to evolve. The finding may help answer an enduring mystery of Earth’s past.

The idea is that as they dug and wiggled, these early multicellular creatures—some were likely worms as long as 40 cm—exposed new layers of seafloor sediment to the ocean’s water. Each new batch of sediment that settles onto the sea floor contains bacteria; as those bacteria were exposed to the oxygen in the water, they began storing a chemical called phosphate in their cells. So as the creatures churned up more sediment layers, more phosphate built up in ocean sediments and less was found in seawater. Because algae and other photosynthetic ocean life require phosphate to grow, removing phosphate from seawater reduced their growth. Less photosynthesis, in turn, meant less oxygen released into the ocean. In this way, the system formed a negative feedback loop that automatically slowed the rise in oxygen levels as the levels increased.

Submission + - Edward Snowden is not alone! (cnn.com) 2

bobbied writes: Apparently Edward Snowden is not alone. CNN is reporting http://www.cnn.com/2014/08/05/... that recent leaked documents published by "the Intercept" (a website that has been publishing Snowden's leaked documents) could not have been leaked by Snowden because they didn't exist prior to his fleeing the USA and he couldn't possibly have accessed them. Authorities are said to be looking for a new leaker.
Image

Volkswagen Creates Sewage-Powered Beetle 83

Hugh Pickens writes "The Telegraph reports that Volkswagen is giving new meaning to the term 'Dung Beetle' with a prototype able to cover 10,000 miles annually on the waste from 70 households. The Bio-Bug was launched by Wessex Water, which is generating methane from human waste at a sewage treatment works near Bristol. 'Our site has been producing biogas for many years, which we use to generate electricity to power the site and export to the National Grid,' says one company official. 'We decided to power a vehicle on the gas, offering a sustainable alternative to using fossil fuels which we so heavily rely on in the UK.' The Anaerobic Digestion and Biogas Association says the launch of the Bio-Bug proves that biomethane from sewage sludge can be used as fuel. 'This is a very exciting and forward-thinking project demonstrating the myriad benefits of anaerobic digestion (releasing energy from waste). Biomethane cars could be just as important as electric cars.'"
Space

A Hyper-Velocity Impact In the Asteroid Belt? 114

astroengine writes "Astronomers have spotted something rather odd in the asteroid belt. It looks like a comet, but it's got a circular orbit, similar to an asteroid. Whether it's an asteroid or a comet, it has a long, comet-like tail, suggesting something is being vented into space. Some experts think it could be a very rare comet/asteroid hybrid being heated by the sun, but there's an even more exciting possibility: It could be the first ever observation of two asteroids colliding in the asteroid belt."
Image

Music By Natural Selection 164

maccallr writes "The DarwinTunes experiment needs you! Using an evolutionary algorithm and the ears of you the general public, we've been evolving a four bar loop that started out as pretty dismal primordial auditory soup and now after >27k ratings and 200 generations is sounding pretty good. Given that the only ingredients are sine waves, we're impressed. We got some coverage in the New Scientist CultureLab blog but now things have gone quiet and we'd really appreciate some Slashdotter idle time. We recently upped the maximum 'genome size' and we think that the music is already benefiting from the change."
Security

US Responsible For the Majority of Cyber Attacks 205

Amber G5 writes "SecureWorks published the locations of the computers from which the greatest number of cyber attacks were attempted against its clients in 2008. The United States topped the list with 20.6 million attempted attacks originating from computers within the country, and China ran second with 7.7 million attempted attacks emanating from computers within its borders. This was followed by Brazil with over 166,987 attempted attacks, South Korea with 162,289, Poland with 153,205, Japan with 142,346, Russia with 130,572, Taiwan with 124,997, Germany with 110,493, and Canada with 107,483."

Slashdot Top Deals

You will never amount to much. -- Munich Schoolmaster, to Albert Einstein, age 10

Working...