DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Businesses

SAS Mocked For Recommending 60% Proprietary Software, 40% Open Source (infoworld.com) 160

This week SAS wrote that open source technology "has its own, often unexpected costs," recommending organizations maintain a balance of 60% proprietary software to 40% open software. An anonymous reader quotes InfoWorld: How they arrived at this bizarre conclusion is hard to fathom, except that SAS sells more than $1 billion worth of proprietary software every year and presumably would like to continue, despite a clear trend toward open-source-powered analytics... In a Burtch Works survey of over 1,100 quant pros, 61.3% prefer open source R or Python to SAS, and only 38.6% opting for SAS, with that percentage growing for open source options every year.

Worse for SAS, a variety of open source data infrastructure and analytics tools threaten to encroach on its bastions in data management, business intelligence, and analytics... Nearly all innovation in data infrastructure is happening in open source, not proprietary software. That's a tide SAS can try to fight with white papers, but it would do better to join by embracing open source in its product suite.

"In the paper, SAS correctly argues that open source versus proprietary software is not an either/or decision..." writes InfoWorld, but they note that the report also "put the percentage of open source adopters at a mere 25%, which is pathetically wrong." The article suggests a hope that the report "is the product of a rogue field marketing team, and not the company's official position." Adobe's vice president of mobile commented on Twitter, "I just wonder who in their marketing dept thought this was a good idea."
Stats

Stack Overflow Reveals Results From 'Largest Developer Survey Ever Conducted' (stackoverflow.com) 139

More than 64,000 developers from 213 countries participated in this year's annual survey by Stack Overflow -- the largest number ever -- giving a glimpse into the collective psyche of programmers around the world. An anonymous reader quotes their announcement: A majority of developers -- 56.5% -- said they were underpaid. Developers who work in government and non-profits feel the most underpaid, while those who work in finance feel the most overpaid... While only 13.1% of developers are actively looking for a job, 75.2% of developers are interested in hearing about new job opportunities...

When asked what they valued most when considering a new job, 53.3% of respondents said remote options were a top priority. 65% of developers reported working remotely at least one day a month, and 11.1% say they're full-time remote or almost all the time. Also, the highest job satisfaction ratings came from developers who work remotely full-time.

62.5% of the respondents reported using JavaScript, while 51.2% reported SQL, with 39.7% using Java and 34.1% using C# -- but for the #5 slot, "the use of Python [32.0%] overtook PHP [28.1%] for the first time in five years." Yet as far as which languages developers wanted to continue using, "For the second year in a row, Rust was the most loved programming language... Swift, last year's second most popular language, ranked as fourth. For the second year in a row, Visual Basic (for 2017, Visual Basic 6, specifically) ranked as the most dreaded language; 88.3% of developers currently using Visual Basic said they did not want to continue using it."
Stats

RedMonk Identifies 2017's Most Popular Languages: JavaScript, Java, And Python (redmonk.com) 125

Twice a year the tech analysts at RedMonk attempt to gauge adoption trends for programing languages based on data from both GitHub and Stack Overflow. Here's their top 10 list for 2017: JavaScript, Java, Python, and PHP, followed by a two-way tie between C# and C++, a two-way tie between Ruby and CSS, and then C at #9, and Objective-C at #10. But their GitHub data now counts the number of pull requests rather than the number of repositories. An anonymous reader quotes their report: Swift was a major beneficiary of the new GitHub process, jumping eight spots from 24 to 16 on our GitHub rankings. While the language appears to be entering something of a trough of disillusionment from a market perception standpoint, with major hype giving way to skepticism in many quarters, its statistical performance according to the observable metrics we track remains strong. Swift has reached a Top 15 ranking faster than any other language we have tracked since we've been performing these rankings. Its strong performance from a GitHub perspective suggests that the wider, multi-platform approach taken by the language is paying benefits...

Of all of the top tier languages, none jumped more than TypeScript on our GitHub rankings, as the JavaScript superset moved up 17 points.... PowerShell moved from 36 within the GitHub rankings to 19 to match TypeScript's 17 point jump, and that was enough to nudge it into the Top 20 overall from its prior ranking of 25... One of the biggest overall gainers of any of the measured languages, Rust leaped from 47 on our board to 26 â" one spot behind Visual Basic.

Swift and Scala and Shell all just missed out on the top 10, clustering in a three-way tie at the #11 spot.
Education

Ask Slashdot: How To Teach Generic Engineers Coding, Networking, and Computing? 197

davegravy writes: I work at a small but quickly growing acoustic consulting engineering firm, consisting of a mix of mechanical, electrical, civil, and other engineering backgrounds. When I joined almost 10 years ago I was in good company with peers who were very computer literate -- able to develop their own complex excel macros, be their own IT tech support, diagnose issues communicating with or operating instrumentation, and generally dive into any technology-related problem to help themselves. In 2017, these skills and tendencies are more essential than they were 10 years ago; our instruments run on modern OS's and are network/internet-capable, the heavy data processing and analysis we need to do is python-based (SciPy, NumPy) and runs on AWS EC2 instances, and some projects require engineers to interface various data-acquisition hardware and software together in unique ways. The younger generation, while bright in their respective engineering disciplines, seems to rely on senior staff to a concerning degree when it comes to tech challenges, and we're stuck in a situation where we've provided procedures to get results but inevitably the procedures don't cover the vast array of scenarios faced day-to-day. Being a small company we don't have dedicated IT specialists. I believe I gathered my skills and knowledge through insatiable curiosity of all things technology as a child, self-teaching things like Pascal, building and experimenting with my own home LAN, and assembling computers from discrete components. Technology was a fringe thing back then, which I think drew me in. I doubt I'd be nearly as curious about it growing up today given its ubiquity, so I sort of understand why interest might be less common in today's youth.

How do we instill a desire to learn the fundamentals of networking, computing, and coding, so that the younger generation can be self-sufficient and confident working with the modern technology and tools they need to perform -- and be innovative in -- their jobs? I believe that the most effective learning occurs when there's a clearly useful purpose or application, so I'm hesitant to build a training program that consists solely of throwing some online courses at staff. That said, online courses may be a good place to get some background that can be built upon, however most that I've come across are intended for people pursuing careers in computer science, web development, software engineering, etc. Are there any good resources that approach these topics from a more general purpose angle?
Microsoft

Microsoft Releases Visual Studio 2017 (visualstudio.com) 195

Reader Anon E. Muss writes: Microsoft on Tuesday released Visual Studio 2017. The latest version of the venerable Integrated Development Environment supports a variety of languages (C/C++, C#, VB.net, F#, Javascript/Typescript, Python, etc.) and targets classic "Win32" desktop, Universal Windows Platform (UWP, also known as "Metro"), .NET, ASP, node.js, etc.). A "Community Edition" is available at no cost for individual developers and those working on open source software. "Professional" and "Enterprise" editions are available for corporate developers, at prices sure to shock whoever has to sign the check.
Google

Researcher Breaks ReCAPTCHA Using Google's Speech Recognition API (bleepingcomputer.com) 22

An anonymous reader writes: "A researcher has discovered what he calls a "logic vulnerability" that allowed him to create a Python script that is fully capable of bypassing Google's reCAPTCHA fields using another Google service, the Speech Recognition API," reports BleepingComputer. The attack is incredibly simple and works by downloading a version of the reCAPTCHA audio challenge, feeding it into Google's Speech Recognition API, getting the text-version of the audio challenge, and feeding it back into the reCAPTCHA field. Proof-of-concept code is available on GitHub, and the researcher says Google has failed to patch the issue, albeit it's unclear if he ever notified the company. The attack also only works against reCAPTCHA v2, not other versions like v1, or the upcoming Invisible reCAPTCHA (v3). Because the source code for the exploit is available online, security experts expect to see it ported to JavaScript and used to create browser extensions that bypass reCAPTCHA fields, especially when using the Tor Browser.
Businesses

Programmers Are Confessing Their Coding Sins To Protest a Broken Job Interview Process (theoutline.com) 1001

A number of programmers have taken it Twitter to bring it to everyone's, but particularly recruiter's, attention about the grueling interview process in their field that relies heavily on technical questions. David Heinemeier Hansson, a well-known programmer and the creator of the popular Ruby on Rails coding framework, started it when he tweeted, "Hello, my name is David. I would fail to write bubble sort on a whiteboard. I look code up on the internet all the time. I don't do riddles." Another coder added, "Hello, my name is Tim. I'm a lead at Google with over 30 years coding experience and I need to look up how to get length of a python string." Another coder chimed in, "Hello my name is Mike, I'm a GDE and lead at NY Times, I don't know what np complete means. Should I?" A feature story on The Outline adds: This interview style, widely used by major tech companies including Google and Amazon, typically pits candidates against a whiteboard without access to reference material -- a scenario working programmers say is demoralizing and an unrealistic test of actual ability. People spend weeks preparing for this process, afraid that the interviewer will quiz them on the one obscure algorithm they haven't studied. "A cottage industry has emerged that reminds us uncomfortably of SAT prep," Karla Monterroso, VP of programs for Code2040, an organization for black and Latino techies, wrote in a critique of the whiteboard interview. [...] This means companies tend to favor recent computer science grads from top-tier schools who have had time to cram; in other words, it doesn't help diversify the field with women, older people, and people of color.
Security

Apache Subversion Fails SHA-1 Collision Test, Exploit Moves Into The Wild (arstechnica.com) 167

WebKit's bug-tracker now includes a comment from Friday noting "the bots all are red" on their git-svn mirror site, reporting an error message about a checksum mismatch for shattered-2.pdf. "In some cases, due to the corruption, further commits are blocked," reports the official "Shattered" web site. Slashdot reader Artem Tashkinov explains its significance: A WebKit developer who tried to upload "bad" PDF files generated from the first successful SHA-1 attack broke WebKit's SVN repository because Subversion uses SHA-1 hash to differentiate commits. The reason to upload the files was to create a test for checking cache poisoning in WebKit.

Another news story is that based on the theoretical incomplete description of the SHA-1 collision attack published by Google just two days ago, people have managed to recreate the attack in practice and now you can download a Python script which can create a new PDF file with the same SHA-1 hashsum using your input PDF. The attack is also implemented as a website which can prepare two PDF files with different JPEG images which will result in the same hash sum.

Security

Java and Python FTP Attacks Can Punch Holes Through Firewalls (csoonline.com) 18

"The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks," reports CSO Online. itwbennett writes: Last weekend security researcher Alexander Klink disclosed an interesting attack where exploiting an XML External Entity vulnerability in a Java application can be used to send emails. At the same time, he showed that this type of vulnerability can be used to trick the Java runtime to initiate FTP connections to remote servers. After seeing Klink's exploit, Timothy Morgan, a researcher with Blindspot Security, decided to disclose a similar attack that works against both Java's and Python's FTP implementations. "But his attack is more serious because it can be used to punch holes through firewalls," writes Lucian Constantin in CSO Online.
"The Java and Python developers have been notified of this problem, but until they fix their FTP client implementations, the researcher advises firewall vendors to disable classic mode FTP translation by default..." reports CSO Online. "It turns out that the built-in implementation of the FTP client in Java doesn't filter out special carriage return and line feed characters from URLs and actually interprets them. By inserting such characters in the user or password portions of an FTP URL, the Java FTP client can be tricked to execute rogue commands..."
Robotics

New Kit Turns A Raspberry Pi Into A Robot Arm (raspberrypi.org) 36

An anonymous reader writes: A new kit turns your Raspberry Pi into a robotic arm. It's controlled by an on-board joystick, or even a web browser, and "because it's connected to the Pi you can program it through any of the various programming languages that already run on the Pi," according to its creators. "There's also free software available which lets you program it through a web interface using drag and drop programming environments like Scratch and Blockly or with Python and Javascript for the more experienced."

They explain in a video on Kickstarter that "Our mission is to get children excited about technology through building and programming their own robots," and they've already raised three times their original $12,411 fundraising goal. The Raspberry Pi blog describes it as "a great kit for anyone wanting to step into the world of digital making."

Long-time Slashdot reader bjpirt adds that "It's completely open source and hackable."
AI

Google Releases TensorFlow 1.0 With New Machine Learning Tools (venturebeat.com) 20

An anonymous reader shares a VentureBeat report: At Google's inaugural TensorFlow Dev Summit in Mountain View, California, today, Google announced the release of version 1.0 of its TensorFlow open source framework for deep learning, a trendy type of artificial intelligence. Google says the release is now production-ready by way of its application programing interface (API). But there are also new tools that will be part of the framework, which includes artificial neural networks that can be trained on data and can then make inferences about new data. Now there are more traditional machine learning tools, including K-means and support vector machines (SVMs), TensorFlow's engineering director, Rajat Monga, said at the conference. And there's an integration with the Python-based Keras library, which was originally meant to ease the use of the Theano deep learning framework. And there are now "canned estimators," or models, Monga said, including simple neural networks to start using quickly.
Java

Ask Slashdot: How To Get Started With Programming? [2017 Edition] 312

Reader joshtops writes: I know this is a question that must have been asked -- and answered -- on Slashdot several times, but I am hoping to listen from the community again (fresh perspective, if you will). I'm in my 20s, and have a day job that doesn't require any programming skills. But I want to learn it nonetheless. I have done some research but people have varied opinions. Essentially my question is: What is perhaps the best way to learn programming for my use case? I am looking for best possible resources -- perhaps tutorials on the internet, the right books and the order in which I should read/watch them. Some people have advised me to start with C language, but I was wondering if I could kickstart things with other languages such as perhaps Apple's Swift as well?
Programming

Developer Argues For 'Forgotten Code Constructs' Like GOTO and Eval (techbeacon.com) 600

mikeatTB quotes TechBeacon: Some things in the programming world are so easy to misuse that most people prefer to never use them at all. These are the programming equivalent of a flamethrower... [But] creative use of features such as goto, multiple inheritance, eval, and recursion may be just the right solution for experienced developers when used in the right situation. Is it time to resurrect these four forgotten code constructs?
The article notes that the Linux kernel uses goto statements, and links to Linus Torvalds' defense of them. ("Any if-statement is a goto. As are all structured loops...") And it points out that eval statements are supported by JavaScript, Python, PHP, and Ruby. But when the article describes recursion as "more forgotten than forbidden," it begs the inevitable question. Are you using these "forgotten code constructs" -- and should you be?
Security

Hacker Dumps iOS Cracking Tools Allegedly Stolen From Cellebrite (vice.com) 86

Last year, when Apple refused to unlock the security on an iPhone 5c belonging to the San Bernardino shooter, the FBI turned to an Israeli mobile forensics firm called Cellebrite to find another way into the encrypted iPhone. Now Motherboard reports that a hacker has released files allegedly from Cellebrite that demonstrate how cracking tools couldn't be kept private. From a report: Now the hacker responsible has publicly released a cache of files allegedly stolen from Cellebrite relating to Android and BlackBerry devices, and older iPhones, some of which may have been copied from publicly available phone cracking tools." The ripped, decrypted and fully functioning Python script set to utilize the exploits is also included within," the hacker wrote in a README file accompanying the data dump. The hacker posted links to the data on Pastebin. It's not clear when any of this code was used in the UFED. Many of the directory names start with "ufed" followed by a different type of phone, such as BlackBerry or Samsung. In their README, the hacker notes much of the iOS-related code is very similar to that used in the jailbreaking scene -- a community of iPhone hackers that typically breaks into iOS devices and release its code publicly for free.
AI

Who's Responsible For Accidents Caused By Open Source Self-Driving Car Software? (ieee.org) 114

Here's the problem. "You could download Comma.ai's new open-source Python code from Github, grab the necessary hardware, and follow the company's instructions to add semi-autonomous capabilities to specific Acura and Honda model cars (with more vehicles to follow)," writes IEEE Spectrum. But then who's legally responsible if there's an accident? Long-time Slashdot reader Registered Coward v2 writes: While many legal experts agree OSS is "buyer beware" and that Comma.ai and its CEO Georg Hotz would not be liable, it's a gray area in the law. The software is release under the MIT OSS license and the Read Me contains the disclaimer "This is alpha-quality software for research purposes only... You are responsible for complying with local laws and regulatons." The U.S. Supreme Court, in a series of court cases in the 1990s, ruled open source code as free speech protected under the First Amendment of the U.S. Constitution.

The question is does that release the author(s) from liability. The EU has no EU wide rules on liability in such cases. One open question is even if the person who used the software could not sue, a third party injured by it might be able to since they are not a party to the license agreement.

An EFF attorney told HotHardware "Prosecutors and plaintiffs often urge courts to disregard traditional First Amendment protections in the case of software." But not everyone agrees. "Most legal experts that spoke with IEEE Spectrum -- and Hotz himself -- believe that if you use the company's code and something goes wrong, then it isn't liable for damages. You are."
Programming

New Release Of Nim Borrows From Python, Rust, Go, and Lisp (fossbytes.com) 199

An anonymous reader writes: "Nim compiles and runs fast, delivers tiny executables on several platforms, and borrows great ideas from numerous other languages," according to InfoWorld. After six years, they write, Nim is finally "making a case as a mix of the best of many worlds: The compilation speed and cross-platform targeting of Go, the safe-by-default behaviors of Rust, the readability and ease of development of Python, and even the metaprogramming facilities of the Lisp family..."

Fossbytes adds that Nim's syntax "might remind you of Python as it uses indented code blocks and similar syntax at some occasions. Just like Rust and Go, it uses strong types and first class functions... Talking about the benchmarks, it's comparable to C. Nim compiler produces C code by default. With the help of different compiler back-ends, one can also get JavaScript, C++, or Objective-C.

There's an improved output system in the newest release, and both its compiler and library are MIT licensed. Share your thoughts and opinions in the comments. Is anybody excited about writing code in Nim?
Supercomputing

D-Wave Open Sources Its Quantum Computing Tool (gcn.com) 45

Long-time Slashdot reader haruchai writes: Canadian company D-Wave has released their qbsolv tool on GitHub to help bolster interest and familiarity with quantum computing. "qbsolv is a metaheuristic or partitioning solver that solves a potentially large QUBO problem by splitting it into pieces that are solved either on a D-Wave system or via a classical tabu solver," they write on GitHub.

This joins the QMASM macro assembler for D-Wave systems, a tool written in Python by Scott Pakin of Los Alamos National Labs. D-Wave president Bo Ewald says "D-Wave is driving the hardware forward but we need more smart people thinking about applications, and another set thinking about software tools."

Education

Ask Slashdot: What's The Best Job For This Recent CS Grad? 261

One year away from graduating with a CS degree, an anonymous reader wants some insights from the Slashdot community: [My] curriculum is rather broad, ranging from systems programming on a Raspberry Pi to HTML, CSS, JavaScript, C, Java, JPA, Python, Go, Node.js, software design patterns, basic network stuff (mostly Cisco) and various database technologies... I'm working already part-time as a system administrator for two small companies, but don't want to stay there forever because it's basically a dead-end position. Enjoying the job, though... With these skills under my belt, what career path should I pursue?
There's different positions as well as different fields, and the submission explains simply that "I'm looking for satisfying and rewarding work," adding that "pay is not that important." So leave your suggestions in the comments. What's the best job for this recent CS grad?
Google

Google Boosts Python By Turning It Into Go (infoworld.com) 129

An anonymous reader quotes InfoWorld: Grumpy, an experimental project from Google, transpiles Python code into Go, allowing Python programs to be compiled and run as static binaries using the Go toolchain... In a blog post announcing the open source release, Google stated the project stemmed from its efforts to speed up the Python-powered front end for YouTube. But Google hit an obstacle that's familiar to folks who've deployed Python in production: It's hard to get CPython -- the default Python interpreter written in C -- to scale efficiently. "We think Grumpy has the potential to scale more gracefully than CPython for many real world workloads," writes Google...

Because it doesn't support C extensions, Grumpy doesn't have CPython's Global Interpreter Lock, which is commonly cited as a roadblock to running Python concurrent workloads smoothly. Grumpy also uses Go's garbage collection mechanisms to manage memory under the hood, instead of CPython's. Grumpy creates close interoperation between Python and Go by allowing Go packages to be imported and used with the same syntax as Go modules.

Slashdot Top Deals