Google

Inside Oracle's Cloak-and-dagger Political War With Google (recode.net) 83

schwit1 shares a Recode report: The story that appeared in Quartz this November seemed shocking enough on its own: Google had quietly tracked the location of its Android users, even those who had turned off such monitoring on their smartphones. But missing from the news site's report was another eyebrow-raising detail: Some of its evidence, while accurate, appears to have been furnished by one of Google's fiercest foes: Oracle. For the past year, the software and cloud computing giant has mounted a cloak-and-dagger, take-no-prisoners lobbying campaign against Google, perhaps hoping to cause the company intense political and financial pain at a time when the two tech giants are also warring in federal court over allegations of stolen computer code. Since 2010, Oracle has accused Google of copying Java and using key portions of it in the making of Android. Google, for its part, has fought those claims vigorously. More recently, though, their standoff has intensified. And as a sign of the worsening rift between them, this summer Oracle tried to sell reporters on a story about the privacy pitfalls of Android, two sources confirmed to Recode.
Firefox

How Converting A C++ Game to JavaScript Gave Us WebAssembly (ieee.org) 139

Slashdot reader Beeftopia shares "a detailed history of WebAssembly...from one of the developers." IEEE Spectrum reports that "Like a lot of stories about tech innovation, this one started with video games." [Mozilla's Alon Zakai] wanted to take a game he had helped write in C++ and convert it to JavaScript code that would run well on the Web. This was in 2010, and back then, converting C++ to JavaScript was unthinkable... so he started working to adapt an open-source tool that could translate C++ code into JavaScript automatically. He called his project Emscripten... we were able to formalize the permitted JavaScript patterns, to make the contract between Emscripten and the browser completely clear. We named the resulting subset of JavaScript asm.js... I would optimize the JavaScript engine in Firefox to run the resulting code even faster...

This brings us to the present... Emscripten can take code written in C++ and convert it directly into WebAssembly. And there will be ways in time to run other languages as well, including Rust, Lua, Python, Java, and C#. With WebAssembly, multimillion-line code bases can now load in a few seconds and then run at 80 percent of the speed of native programs. And both load time and execution speed are expected to improve as the browser engines that run the code are made better.

They'd started with a C++ game because "If we could make games run well on the Web, other computationally intensive applications would soon follow."

The article -- by Mozilla software engineer Luke Wagner -- remembers that the name Emscripten was a "a mash-up of 'script' from JavaScript and 'embiggen' from the TV show The Simpsons."
Programming

Why ESR Hates C++, Respects Java, and Thinks Go (But Not Rust) Will Replace C (ibiblio.org) 608

Open source guru Eric S. Raymond followed up his post on alternatives to C by explaining why he won't touch C++ any more, calling the story "a launch point for a disquisition on the economics of computer-language design, why some truly unfortunate choices got made and baked into our infrastructure, and how we're probably going to fix them." My problem with [C++] is that it piles complexity on complexity upon chrome upon gingerbread in an attempt to address problems that cannot actually be solved because the foundational abstractions are leaky. It's all very well to say "well, don't do that" about things like bare pointers, and for small-scale single-developer projects (like my eqn upgrade) it is realistic to expect the discipline can be enforced. Not so on projects with larger scale or multiple devs at varying skill levels (the case I normally deal with)... C is flawed, but it does have one immensely valuable property that C++ didn't keep -- if you can mentally model the hardware it's running on, you can easily see all the way down. If C++ had actually eliminated C's flaws (that is, been type-safe and memory-safe) giving away that transparency might be a trade worth making. As it is, nope.
He calls Java a better attempt at fixing C's leaky abstractions, but believes it "left a huge hole in the options for systems programming that wouldn't be properly addressed for another 15 years, until Rust and Go." He delves into a history of programming languages, touching on Lisp, Python, and programmer-centric languages (versus machine-centric languages), identifying one of the biggest differentiators as "the presence or absence of automatic memory management." Falling machine-resource costs led to the rise of scripting languages and Node.js, but Raymond still sees Rust and Go as a response to the increasing scale of projects.
Eventually we will have garbage collection techniques with low enough latency overhead to be usable in kernels and low-level firmware, and those will ship in language implementations. Those are the languages that will truly end C's long reign. There are broad hints in the working papers from the Go development group that they're headed in this direction... Sorry, Rustaceans -- you've got a plausible future in kernels and deep firmware, but too many strikes against you to beat Go over most of C's range. No garbage collection, plus Rust is a harder transition from C because of the borrow checker, plus the standardized part of the API is still seriously incomplete (where's my select(2), again?).

The only consolation you get, if it is one, is that the C++ fans are screwed worse than you are. At least Rust has a real prospect of dramatically lowering downstream defect rates relative to C anywhere it's not crowded out by Go; C++ doesn't have that.

Software

Google Is Working On Fuchsia OS Support For Apple's Swift Programming Language (androidpolice.com) 54

An anonymous reader shares a report from Android Police: Google's in-development operating system, named "Fuchsia," first appeared over a year ago. It's quite different from Android and Chrome OS, as it runs on top of the real-time "Magenta" kernel instead of Linux. According to recent code commits, Google is working on Fuchsia OS support for the Swift programming language. If you're not familiar with it, Swift is a programming language developed by Apple, which can be used to create iOS/macOS/tvOS/watchOS applications (it can also compile to Linux). Apple calls it "Objective-C without the C," and on the company's own platforms, it can be mixed with existing C/Objective-C/C++ code (similar to how apps on Android can use both Kotlin and Java in the same codebase). We already know that Fuchsia will support apps written in Dart, a C-like language developed by Google, but it looks like Swift could also be supported. On Swift's GitHub repository, a pull request was created by a Google employee that adds Fuchsia OS support to the compiler. At the time of writing, there are discussions about splitting it into several smaller pull requests to make reviewing the code changes easier.
Cellphones

New Samsung Video Demos Linux on Galaxy Smartphones (liliputing.com) 100

Slashdot reader boudie2 tipped us off to some Linux news. Liliputing reports: Samsung's DeX dock lets you connect one of the company's recent phones to an external display, mouse, and keyboard to use your phone like a desktop PC... assuming you're comfortable with a desktop PC that runs Android. But soon you may also be able to use your Android phone as a Linux PC [and] the company has released a brief video that provides more details. One of those details? At least one of the Linux environments in question seems to be Ubuntu 16.04... While that's the only option shown, the fact that it does seem to be an option suggests you may be able to run different Linux environments as well.

Once Ubuntu is loaded, the video shows a user opening Eclipse, an integrated development environment that's used to create Java (and Android apps). In other words, you can develop apps for Android phones with ARM-based processors on an Android phone with an ARM-based processor.

Samsung promised in October that its Linux on Galaxy app will ultimately let users "run their preferred Linux distribution on their smartphones utilizing the same Linux kernel that powers the Android OS."
Programming

Programming Language Go Turns 8 (golang.org) 67

On this day, eight years ago, a group of programmers at Google released Go, a brand-new open-source programming language that they hoped would solve some of the problems they faced with Java, C++ and other programming languages. In the past eight years, Go has gotten a tremendous traction, with Go helping drive several services running inside Google. The company, on its part, has added a handful of features to Go, including a revamped garbage collector in 2015, and support for various ARM processors. From a blog post: Go has been embraced by developers all over the world with approximately one million users worldwide. In the freshly published 2017 Octoverse by GitHub, Go has become the #9 most popular language, surpassing C. Go is the fastest growing language on GitHub in 2017 in the top 10 with 52% growth over the previous year. In growth, Go swapped places with Javascript, which fell to the second spot with 44%. In Stack Overflow's 2017 developer survey, Go was the only language that was both on the top 5 most loved and top 5 most wanted languages. People who use Go, love it, and the people who aren't using Go, want to be. [...] Since Go was first open sourced we have had 10 releases of the language, libraries and tooling with more than 1680 contributors making over 50,000 commits to the project's 34 repositories; More than double the number of contributors and nearly double the number of commits from only two years ago. This year we announced that we have begun planning Go 2, our first major revision of the language and tooling.
Programming

Ask Slashdot: Where Do Old Programmers Go? 481

New submitter oort99 writes: Barreling towards my late 40s, I've enjoyed 25+ years of coding for a living, working in telecoms, government, and education. In recent years, it's been typical enterprise Java stuff. Looking around, I'm pretty much always the oldest in the room. So where are the other old guys? I can't imagine they've all moved up the chain into management. There just aren't enough of those positions to absorb the masses of aging coders. Clearly there *are* older workers in software, but they are a minority. What sectors have the others gone into? Retired early? Low-wage service sector? Genuinely interested to hear your story about having left the field, willfully or otherwise.
AI

When an AI Tries Writing Slashdot Headlines (tumblr.com) 165

For Slashdot's 20th anniversary, "What could be geekier than celebrating with the help of an open-source neural network?" Neural network hobbyist Janelle Shane has already used machine learning to generate names for paint colors, guinea pigs, heavy metal bands, and even craft beers, she explains on her blog. "Slashdot sent me a list of all the headlines they've ever run, over 162,000 in all, and asked me to train a neural network to try to generate more." Could she distill 20 years of news -- all of humanity's greatest technological advancements -- down to a few quintessential words?

She trained it separately on the first decade of Slashdot headlines -- 1997 through 2007 -- as well as the second decade from 2008 to the present, and then re-ran the entire experiment using the whole collection of every headline from the last 20 years. Among the remarkable machine-generated headlines?
  • Microsoft To Develop Programming Law
  • More Pong Users for Kernel Project
  • New Company Revises Super-Things For Problems
  • Steve Jobs To Be Good

But that was just the beginning...


Programming

Profile of William H. Alsup, a Judge Who Codes and Decides Tech's Biggest Cases (theverge.com) 49

Sarah Jeong at The Verge has an interesting profile of William H. Alsup, the judge in Oracle v. Google case, who to many's surprise was able to comment on the technical issues that Oracle and Google were fighting about. Alsup admits that he learned the Java programming language only so that he could better understand the substance of the case. Here's an excerpt from the interview: On May 18th, 2012, attorneys for Oracle and Google were battling over nine lines of code in a hearing before Judge William H. Alsup of the northern district of California. The first jury trial in Oracle v. Google, the fight over whether Google had hijacked code from Oracle for its Android system, was wrapping up. The argument centered on a function called rangeCheck. Of all the lines of code that Oracle had tested -- 15 million in total -- these were the only ones that were "literally" copied. Every keystroke, a perfect duplicate. It was in Oracle's interest to play up the significance of rangeCheck as much as possible, and David Boies, Oracle's lawyer, began to argue that Google had copied rangeCheck so that it could take Android to market more quickly. Judge Alsup was not buying it. "I couldn't have told you the first thing about Java before this trial," said the judge. "But, I have done and still do a lot of programming myself in other languages. I have written blocks of code like rangeCheck a hundred times or more. I could do it. You could do it. It is so simple." It was an offhand comment that would snowball out of control, much to Alsup's chagrin. It was first repeated among lawyers and legal wonks, then by tech publications. With every repetition, Alsup's skill grew, until eventually he became "the judge who learned Java" -- Alsup the programmer, the black-robed nerd hero, the 10x judge, the "master of the court and of Java."
Java

Java Coders Are Getting Bad Security Advice From Stack Overflow (helpnetsecurity.com) 236

Slashdot reader Orome1 quotes Help Net Security: A group of Virginia Tech researchers has analyzed hundreds of posts on Stack Overflow, a popular developer forum/Q&A site, and found that many of the developers who offer answers do not appear to understand the security implications of coding options, showing a lack of cybersecurity training. Another thing they discovered is that, sometimes, the most upvoted posts/answers contain insecure suggestions that introduce security vulnerabilities in software, while correct fixes are less popular and visible simply because they have been offered by users with a lower reputation score...

The researchers concentrated on posts relevant to Java security, from both software engineering and security perspectives, and on posts addressing questions tied to Spring Security, a third-party Java framework that provides authentication, authorization and other security features for enterprise applications... Developers are frustrated when they have to spend too much time figuring out the correct usage of APIs, and often end up choosing completely insecure-but-easy fixes such as using obsolete cryptographic hash functions, disabling cross-site request forgery protection, trusting all certificates in HTTPS verification, or using obsolete communication protocols. "These poor coding practices, if used in production code, will seriously compromise the security of software products," the researchers pointed out.

The researchers blame "the rapidly increasing need for enterprise security applications, the lack of security training in the software development workforce, and poorly designed security libraries." Among their suggested solutions: new developer tools which can recognize security errors and suggest patches.
IBM

IBM Open Sources 'WebSphere Liberty' For Java Microservices and Cloud-Native Apps (techrepublic.com) 17

An anonymous reader quotes TechRepublic: On Wednesday, IBM revealed the Open Liberty project, open sourcing its WebSphere Liberty code on GitHub to support Java microservices and cloud-native apps. The company created Liberty five years ago to help developers more quickly and easily create applications using agile and DevOps principles, according to an IBM developerWorks blog post from Ian Robinson, WebSphere Foundation chief architect at IBM... Developers can also choose to move to the commercial versions of WebSphere Liberty at any time, he noted, which include technical support and more specialized features... "We hope Open Liberty will help more developers turn their ideas into full-fledged, enterprise ready apps," Robinson wrote. "We also hope it will broaden the WebSphere family to include more ideas and innovations to benefit the broader Java community of developers at organizations big and small."
IBM argues that Open Liberty, along with the OpenJ9 VM they open sourced last week, "provides the full Java stack from IBM with a fully open licensing model."

Interestingly, Slashdot ran a story asking "IBM WebSphere SE To Be Opened?" -- back in 2000.
Oracle

Oracle Announces Java SE 9 and Java EE 8 (oracle.com) 64

rastos1 writes: Oracle has announced the general availability of Java SE 9 (JDK 9), Java Platform Enterprise Edition 8 (Java EE 8) and the Java EE 8 Software Development Kit (SDK). JDK 9 is a production-ready implementation of the Java SE 9 Platform Specification, which was recently approved together with Java EE 8 in the Java Community Process (JCP). Java SE 9 provides more than 150 new features, including a new module system and improvements that bring more scalability, improved security, better performance management and easier development to the world's most popular programming platform.
Education

Computer Science Degrees Aren't Returning On Investment For Coders, Research Finds (theregister.co.uk) 395

According to a new survey, coders with a bachelor's degree in computer science only earn 3,000 British Pounds (BP) more a year than those who don't have one. The survey of 4,700 developers in the UK was conducted by Stack Overflow, a community site frequented by developers for answers to technical questions. The Register reports the findings: This is despite the average degree now costing 9,000 BP a year in tuition fees alone. Average student debt is now more than 50,000 BP, according the Institute of Fiscal Studies. The research found that the median salary of those who did not have higher education was 35,000 BP per year, while those who gained a bachelor's degree earned 38,000 BP and postgraduates took home 42,000 BP. It found that 48 per cent of developers with less than four years of professional experience currently hold a Computer Science-related undergraduate degree, while 49 per cent had completed an online course instead. The research also found that JavaScript developers were most in demand, with almost 27 per cent of jobs advertised on Stack Overflow now requiring this skill, followed by Java (22 per cent), Python (16 per cent), C# (15 per cent) and ReactJS (9 per cent).
Java

IBM Open Sources Their Own JVM/JDK As Eclipse OpenJ9 (eclipse.org) 179

IBM has open sourced a "high performance, scalable virtual machine" with "a great pedigree... [it's] at the core of many IBM enterprise software products." Slashdot reader dxb1230 writes: IBM has open sourced their JDK/JVM implementation named J9 as OpenJ9. The community now has an alternative implementation of Java which has been well tested on enterprise workloads and hardware. This unlike, OpenJDK, has all the bells and whistles like jit.
Java

Java EE Is Moving To the Eclipse Foundation (adtmag.com) 70

Oracle has chosen the Eclipse Foundation to be the new home of the Java Platform Enterprise Edition (Java EE), the company announced this week. Oracle made the decision in collaboration with IBM and Red Hat, the two other largest contributors to the platform. From a report: "The Eclipse Foundation has strong experience and involvement with Java EE and related technologies," wrote Oracle software evangelist David Delabassee in a blog post. This will help us transition Java EE rapidly, create community-friendly processes for evolving the platform, and leverage complementary projects such as MicroProfile. We look forward to this collaboration." Mike Milinkovich, executive director of the Eclipse Foundation, is optimistic about this move, which he said is exactly what the enterprise Java needs and what the community has been hoping for.
Open Source

Equifax Blames Open-Source Software For Its Record-Breaking Security Breach (zdnet.com) 283

The blame for the record-breaking cybersecurity breach that affects at least 143 million people falls on the open-source server framework, Apache Struts, according to an unsubstantiated report by equity research firm Baird. The firm's source, per one report, is believed to be Equifax. ZDNet reports: Apache Struts is a popular open-source software programming Model-View-Controller (MVC) framework for Java. It is not, as some headlines have had it, a vendor software program. It's also not proven that Struts was the source of the hole the hackers drove through. In fact, several headlines -- some of which have since been retracted -- all source a single quote by a non-technical analyst from an Equifax source. Not only is that troubling journalistically, it's problematic from a technical point of view. In case you haven't noticed, Equifax appears to be utterly and completely clueless about their own technology. Equifax's own data breach detector isn't just useless: it's untrustworthy. Adding insult to injury, the credit agency's advice and support site looks, at first glance, to be a bogus, phishing-type site: "equifaxsecurity2017.com." That domain name screams fake. And what does it ask for if you go there? The last six figures of your social security number and last name. In other words, exactly the kind of information a hacker might ask for. Equifax's technical expertise, it has been shown, is less than acceptable. Could the root cause of the hack be a Struts security hole? Two days before the Equifax breach was reported, ZDNet reported a new and significant Struts security problem. While many jumped on this as the security hole, Equifax admitted hackers had broken in between mid-May through July, long before the most recent Struts flaw was revealed. "It's possible that the hackers found the hole on their own, but zero-day exploits aren't that common," reports ZDNet. "It's far more likely that -- if the problem was indeed with Struts -- it was with a separate but equally serious security problem in Struts, first patched in March." The question then becomes: is it the fault of Struts developers or Equifax's developers, system admins, and their management? "The people who ran the code with a known 'total compromise of system integrity' should get the blame," reports ZDNet.
AT&T

T-Mobile Named Fastest US Mobile Carrier by New Wirefly Report (phonedog.com) 34

T-Mobile offered the fastest internet speed to subscribers between Q1 and Q2 of 2017 (which ended in June), according to the Wirefly Speed Test, which combed through thousands of test results made using its service. T-Mobile scored highest in overall speed while Verizon ended up with a close second spot, Wirefly, which doesn't require Java or Flash for its tests, added. AT&T and Sprint rounded out the ranking at third and fourth, respectively, the report added, which was done in collaboration with SourceForge. T-Mobile also topped the chart for offering the fastest mobile download speed. An anonymous user writes: T-Mobile offered 22.18 Mbps download speed, while Verizon Wireless ended up with another close second with 21.45 Mbps download. AT&T came in with an average download speed of 17.00 Mbps, and Sprint was trailing all with 15.76 Mbps. Verizon finished with the fastest average upload speed at 16.06 Mbps. You can read the full report here.
Programming

Is Python Really the Fastest-Growing Programming Language? (stackoverflow.blog) 254

An anonymous reader quotes Stack Overflow Blog: In this post, we'll explore the extraordinary growth of the Python programming language in the last five years, as seen by Stack Overflow traffic within high-income countries. The term "fastest-growing" can be hard to define precisely, but we make the case that Python has a solid claim to being the fastest-growing major programming language... June 2017 was the first month that Python was the most visited [programming language] tag on Stack Overflow within high-income nations. This included being the most visited tag within the US and the UK, and in the top 2 in almost all other high income nations (next to either Java or JavaScript). This is especially impressive because in 2012, it was less visited than any of the other 5 languages, and has grown by 2.5-fold in that time. Part of this is because of the seasonal nature of traffic to Java. Since it's heavily taught in undergraduate courses, Java traffic tends to rise during the fall and spring and drop during the summer.

Does Python show a similar growth in the rest of the world, in countries like India, Brazil, Russia and China? Indeed it does. Outside of high-income countries Python is still the fastest growing major programming language; it simply started at a lower level and the growth began two years later (in 2014 rather than 2012). In fact, the year-over-year growth rate of Python in non-high-income countries is slightly higher than it is in high-income countries... We're not looking to contribute to any "language war." The number of users of a language doesn't imply anything about its quality, and certainly can't tell you which language is more appropriate for a particular situation. With that perspective in mind, however, we believe it's worth understanding what languages make up the developer ecosystem, and how that ecosystem might be changing. This post demonstrated that Python has shown a surprising growth in the last five years, especially within high-income countries.

The post was written by Stack Overflow data scientist David Robinson, who notes that "I used to program primarily in Python, though I have since switched entirely to R."
Bug

A Critical Apache Struts Security Flaw Makes It 'Easy' To Hack Fortune 100 Firms (zdnet.com) 42

An anonymous reader quotes a report from ZDNet: A critical security vulnerability in open-source server software enables hackers to easily take control of an affected server -- putting sensitive corporate data at risk. The vulnerability allows an attacker to remotely run code on servers that run applications using the REST plugin, built with Apache Struts, according to security researchers who discovered the vulnerability. All versions of Struts since 2008 are affected, said the researchers. Apache Struts is used across the Fortune 100 to provide web applications in Java, and it powers front- and back-end applications. Man Yue Mo, a security researcher at LGTM, who led the effort that led to the bug's discovery, said that Struts is used in many publicly accessible web applications, such as airline booking and internet banking systems. Mo said that all a hacker needs "is a web browser." "I can't stress enough how incredibly easy this is to exploit," said Bas van Schaik, product manager at Semmle, a company whose analytical software was used to discover the vulnerability. The report notes that "a source code fix was released some weeks prior, and Apache released a full patch on Tuesday to fix the vulnerability." It's now a waiting game for companies to patch their systems.
Java

Why Oracle Should Cede Control of Java SE (infoworld.com) 110

An anonymous reader quotes InfoWorld: Now that Oracle wants to turn over leadership of enterprise Java's (Java EE's) development to a still-unnamed open source foundation, might the same thing happen with the standard edition of Java (Java SE) that Oracle also controls? Such a move could produce substantial benefits... Oracle said it has no plans to make such a move. But the potential fruits of a such a move are undeniable.

For one, a loosening of Oracle's control could entice other contributors to Java to participate more... [W]ith the current Oracle-dominated setup, other companies and individuals could be reluctant to contribute a lot if they see it as benefiting a major software industry provider -- and possible rival -- like Oracle... Indeed, the 22-year-old language and platform could be given a whole new lease on life, if the open source community rises to the occasion and boosts participation...

Despite the potential to grow Java SE by ceding control, Oracle seems content to hold on to its place as the steward of JDK development. But that could change given the tempestuous relationship Oracle has with parts of the Java community. Oracle has been at loggerheads with the community over both Java SE and Java EE... Oracle may at some point decide it is easier to just cede control rather than having to keep soothing the ruffled feathers that keep occurring among its Java partners.

Slashdot Top Deals