Computers & Linux News

Ask Slashdot: How Would You Teach 'Best Practices' For Programmers?

SlashDot - 1 hour 58 min ago
An anonymous reader writes: I've been asked to put together a half-day workshop whose title is "Thinking Like a Programmer." The idea behind this is that within my institution (a university), we have a vast number of self-taught programmers who have never been taught "best practices" or anything about software engineering. This workshop's intention is to address this lack of formal training. The question is, what should be covered in this workshop? If you have an idea -- that also has an example of best practice -- please share! It's really two questions -- what "thinking like a programmer" topics should be covered, but also what examples should be used to illustrate best practices for the material. So leave your best thoughts in the comments. How would you teach best practices for programmers?

Share on Google+

Read more of this story at Slashdot.

How Are Sysadmins Handling Spectre/Meltdown Patches?

SlashDot - 5 hours 28 min ago
Esther Schindler (Slashdot reader #16,185) writes that the Spectre and Meltdown vulnerabilities have become "a serious distraction" for sysadmins trying to apply patches and keep up with new fixes, sharing an HPE article described as "what other sysadmins have done so far, as well as their current plans and long-term strategy, not to mention how to communicate progress to management." Everyone has applied patches. But that sounds ever so simple. Ron, an IT admin, summarizes the situation succinctly: "More like applied, applied another, removed, I think re-applied, I give up, and have no clue where I am anymore." That is, sysadmins are ready to apply patches -- when a patch exists. "I applied the patches for Meltdown but I am still waiting for Spectre patches from manufacturers," explains an IT pro named Nick... Vendors have released, pulled back, re-released, and re-pulled back patches, explains Chase, a network administrator. "Everyone is so concerned by this that they rushed code out without testing it enough, leading to what I've heard referred to as 'speculative reboots'..." The confusion -- and rumored performance hits -- are causing some sysadmins to adopt a "watch carefully" and "wait and see" approach... "The problem is that the patches don't come at no cost in terms of performance. In fact, some patches have warnings about the potential side effects," says Sandra, who recently retired from 30 years of sysadmin work. "Projections of how badly performance will be affected range from 'You won't notice it' to 'significantly impacted.'" Plus, IT staff have to look into whether the patches themselves could break something. They're looking for vulnerabilities and running tests to evaluate how patched systems might break down or be open to other problems. The article concludes that "everyone knows that Spectre and Meltdown patches are just Band-Aids," with some now looking at buying new servers. One university systems engineer says "I would be curious to see what the new performance figures for Intel vs. AMD (vs. ARM?) turn out to be."

Share on Google+

Read more of this story at Slashdot.

BlackBerry Mobile has lofty ambitions for comeback. No, really - CNET

CNET News - 5 hours 32 min ago
A high-level executive for BlackBerry Mobile says he wants to capture at least 3 percent of the premium phone market in the next few years. Analysts are naturally skeptical.

House Democrats' Counter-Memo Released, Alleging Major Factual Inaccuracies

SlashDot - 8 hours 28 min ago
Long-time Slashdot reader Rei writes: Three weeks ago, on a party-line vote, the U.S. House Intelligence Committee voted to release a memo from committee chair and Trump transition team member Devin Nunes. The "Nunes Memo" alleged missteps by the FBI in seeking a FISA warrant against Trump aide Carter Page; a corresponding Democratic rebuttal memo was first blocked from simultaneous release by the committee, and subsequently the White House. Tonight, it has finally been released. Among its many counterclaims: the Steele Dossier, only received in September, did not initiate surveilance of Page which began in July; the Steele dossier was only one, minor component of the FISA application, and only concerning Page's Moscow meetings; Steele's funding source and termination was disclosed in the application; and a number of other "distortions and misrepresentations that are contradicted by the underlying classified documents". Perhaps most seriously, it accuses Nunes of having never read the FISA application which his memo criticized. Vox argues the memo proves that no one was misled when the surveillance was authorized. "The FBI clearly states right there in the FISA application that they believe Steele was hired to find dirt on Trump... After the Schiff memo was released on Saturday, House Republicans released a document rebutting its core claims. Their response to this damning citation is -- and I am not making this up -- that the vital line in which the FBI discloses the information about Steele was 'buried in a footnote.'"

Share on Google+

Read more of this story at Slashdot.

Visa Claims Chip Cards Reduced Fraud By 70%

SlashDot - Sat, 2018-02-24 21:04
An anonymous reader quotes Ars Technica: Although only 59 percent of US storefronts have terminals that accept chip cards, fraud has dropped 70 percent from September 2015 to December 2017 for those retailers that have completed the chip upgrade, according to Visa. There are a few ways to interpret those numbers. First, it seems like two years has resulted in staggeringly little progress in encouraging storefronts to shift from magnetic stripe to chip-embedded cards, given that in early 2016, 37 percent of US storefronts were able to process chip cards. On the other hand, fraud dropping 70 percent for retailers who install chip cards seems great. Chip-embedded cards aren't un-hackable, but they do make it harder to steal card numbers en masse as we saw in the Target's 2013 breach.

Share on Google+

Read more of this story at Slashdot.

Apple iCloud security change in China raises privacy questions - CNET

CNET News - Sat, 2018-02-24 19:38
Apple is moving encryption keys for China-based users' data from the US to the Asian country. Some say that's bad for dissidents. Apple says the keys are safe.

New Tech Industry Lobbying Group Argues 'Right to Repair' Laws Endanger Consumers

SlashDot - Sat, 2018-02-24 19:04
chicksdaddy brings this report from Security Ledger: The Security Innovation Center, with backing of powerful tech industry groups, is arguing that letting consumers fix their own devices will empower hackers. The group released a survey last week warning of possible privacy and security risks should consumers have the right to repair their own devices. It counts powerful electronics and software industry organizations like CompTIA, CTIA, TechNet and the Consumer Technology Association as members... In an interview with The Security Ledger, Josh Zecher, the Executive Director of The Security Innovation Center, acknowledged that Security Innovation Center's main purpose is to push back on efforts to pass right to repair laws in the states. He said the group thinks such measures are dangerous, citing the "power of connected products and devices" and the fact that they are often connected to each other and to the Internet via wireless networks. Zecher said that allowing device owners or independent repair professionals to service smart home devices and connected appliances could expose consumer data to hackers or identity thieves... Asked whether Security Innovation Center was opposed to consumers having the right to repair devices they purchased and owned, Zecher said the group did oppose that right on the grounds of security, privacy and safety... "People say 'It's just my washing machine. Why can't I fix it on my own?' But we saw the Mirai botnet attack last year... Those kinds of products in the wrong hands can be used to do bad things."

Share on Google+

Read more of this story at Slashdot.

Is Cryptocurrency Threatening Earnings at Bank of America?

SlashDot - Sat, 2018-02-24 18:04
An anonymous reader quotes The Next Web: One of the world's largest financial institutions admitted in its annual report that cryptocurrency is a looming threat to its business model. According to a report filed with the SEC by Bank of America, "Clients may choose to conduct business with other market participants who engage in business or offer products in areas we deem speculative or risky, such as cryptocurrencies. Increased competition may negatively affect our earnings by creating pressure to lower prices or credit standards on our products and services requiring additional investment to improve the quality and delivery of our technology and/or reducing our market share, or affecting the willingness of clients to do business with us."

Share on Google+

Read more of this story at Slashdot.

The LG V30S ThinQ phone is the V30 with better memory and AI - CNET

CNET News - Sat, 2018-02-24 17:57
The smartphone is part of LG's new strategy of offering more frequent, minor upgrades to flagship devices.

LG V30S ThinQ brings AI smarts to a familiar face - CNET

CNET News - Sat, 2018-02-24 17:43
LG didn't unveil a new G-series phone to Mobile World Congress, but it did take last year's LG V30 and give it a bit more.

Did Samsung just accidentally release a Galaxy S9 launch video? - CNET

CNET News - Sat, 2018-02-24 17:11
Commentary: In what seems like a painful faux pas, the three-minute, business-oriented video is making its way across YouTube.

Dart 2: Google's Language Rebooted For Web and Mobile Developers

SlashDot - Sat, 2018-02-24 17:04
An anonymous reader quotes InfoWorld: Google's Dart language, once positioned a potential replacement for JavaScript in the browser, is being rebooted for client-side web and mobile development in Version 2 of the language. A beta version is now available. Dart 2 features a strengthened type system, a cleaned-up syntax, and a rebuilt developer tool chain. Dart has a succinct syntax and can run on a VM with a just-in-time compiler, with the compiler enabling stateful, hot reload during mobile development. Developers also gain from fast development cycles where code can be edited, compiled, and replaced in apps running on a device. Compiling code ahead of time provides fast startup, Google said. Dart can be compiled to native code for ARM and x86 platforms. Google has used the language to build applications for iOS, Android, and the web.

Share on Google+

Read more of this story at Slashdot.

Prophet Isaiah's 'signature' may have been found on clay seal - CNET

CNET News - Sat, 2018-02-24 16:24
But damage to the inscription removes the final letter that would have spelled out "prophet," so we may never know.

Google's 'Bro Culture' Led To Harassment, Argues New Lawsuit By Software Engineer

SlashDot - Sat, 2018-02-24 16:04
An anonymous reader quotes the Mercury News: As a young, female software engineer at male-dominated Google, Loretta Lee was slapped, groped and even had a co-worker pop up from beneath her desk one night and tell her she'd never know what he'd been doing under there, according to a lawsuit filed against the Mountain View tech giant... Lee's lawsuit -- filed in Santa Clara County Superior Court -- alleges the company failed to to protect her, saying, "Google's bro-culture contributed to (Lee's) suffering frequent sexual harassment and gender discrimination, for which Google failed to take corrective action." She was fired in February 2016 for poor performance, according to the suit... Lee started at the company in 2008 in Los Angeles and later switched to the firm's Mountain View campus, according to the suit, which asserts that she "was considered a talented and rising star" who received consistently "excellent" performance reviews. Lee claims that the "severe and pervasive" sexual harassment she experienced included daily abuse and egregious incidents. In addition to making lewd comments to her and ogling her "constantly," Lee's male co-workers spiked her drinks with whiskey and laughed about it; and shot Nerf balls and darts at her "almost every day," the suit alleges. One male colleague sent her a text message asking if she wanted a "horizontal hug," while another showed up at her apartment with a bottle of liquor, offering to help her fix a problem with one of her devices, refusing to leave when she asked him to, she alleges. At a holiday party, Lee "was slapped in the face by an intoxicated male co-worker for no apparent reason," according to the suit. Lee resisted reporting an employee who had grabbed her lanyard and grazed her breasts -- and was then written up for being uncooperative. But after filing a report, "HR found her claims 'unsubstantiated,' according to the suit. 'This emboldened her colleagues to continue their inappropriate behavior,' the suit says. "Her fear of being ostracized was realized, she claims, with co-workers refusing to approve her code in spite of her diligent work on it. Not getting her code approved led to her being 'labeled as a poor performer,' the suit says."

Share on Google+

Read more of this story at Slashdot.

'Black Panther 2': Kendrick Lamar wants to play a villain - CNET

CNET News - Sat, 2018-02-24 15:18
Rapper who curated and produced the blockbuster film's soundtrack says Erik Killmonger was "misunderstood."

Bitcoin Exchange Accidentally Allowed Customers To Buy Coins For $0

SlashDot - Sat, 2018-02-24 15:04
AmiMoJo writes: "A system glitch at cryptocurrency exchange site Zaif enabled users to obtain digital money for free, with one apparently "purchasing" Bitcoin valued at $20,000,000,000,000 and then attempting to cash in on it..." according to the Japanese newspaper Asahi Shimbun. "The glitch, which lasted for 18 minutes from 5:40 p.m. to 5:58 p.m. on Feb. 16, affected Zaif's price calculation system, enabling customers to buy cryptocurrencies for nothing." CoinDesk adds that "At least one customer attempted to resell their bitcoin, but the large amount of the cryptocurrency offered soon drew attention even outside the exchange. The firm later cancelled the transactions and corrected the users' balances. However, a source suggests that the correction is still being agreed with one of the seven users who attempted to transfer the free bitcoin away from the Zaif platform."

Share on Google+

Read more of this story at Slashdot.

Ghostbusters World AR game looks like a spirited Pokemon Go - CNET

CNET News - Sat, 2018-02-24 15:02
If you've had a dose of a freaky ghost, baby, you better play... this new ghost-capturing mobile game from Sony. Watch out, Slimer.

World’s best headphones converge in NYC jamboree - CNET

CNET News - Sat, 2018-02-24 14:47
The Audiophiliac samples a bevy of uber headphones and comes away with an even greater appreciation of the art of headphone design.

Dropbox IPO filing shows more than $1B in annual revenue - CNET

CNET News - Sat, 2018-02-24 14:22
The company, one of the first of the Silicon Valley unicorns, says it has 11 million paying subscribers out of 500 million total registered users.

GitHub Drops Support for Weak Cryptographies, Adds Emojis for Labels

SlashDot - Sat, 2018-02-24 14:04
An anonymous reader writes: GitHub has quietly made a few changes this month. Labels for issues and pull requests will now also support emojis and on-hover descriptions. And they're also deprecating the anonymous creation of "gist" code snippets on March 19th, since "as the only way to create anonymous content on GitHub, they also see a large volume of spam." Current anonymous gists will remain accessible. But the biggest change involves permanently removing support for three weak cryptographic standards, both on github.com and api.github.com. The three weak cryptography standards that are no longer supported are: TLSv1/TLSv1.1. "This applies to all HTTPS connections, including web, API, and Git connections to https://github.com and https://api.github.com." diffie-hellman-group1-sha1. "This applies to all SSH connections to github.com." diffie-hellman-group14-sha1. "This applies to all SSH connections to github.com."

Share on Google+

Read more of this story at Slashdot.

Pages