Slashdot Mirror

"When visiting a series of eight primary school class rooms recently, CS professor Judy Robertson talked to children aged 5-12 about how computers work and discussed pictures they drew of what they thought is inside a computer," writes Slashdot reader theodp:
"In my view," Robertson writes, "computational thinking has abstracted us too far away from the heart of computation — the machine. The world would be a tedious place if we had to do all out computational thinking ourselves; that's why we invented computers in the first place. Yet, the new school curricula across the world have lost focus on hardware and how code executes on it."

She notes, "What the pictures, and subsequent classroom discussions told me is that the children know names of components within a computer, and possibly some isolated facts about them. None of the pictures showed accurately how the components work together to perform computation, although the children were ready and willing to reason about this with their classmates. Although some of the children had programmed in the visual programming language, none of them knew how the commands they wrote in Scratch would be executed in the hardware inside a computer. One boy, who had been learning about variables in Scratch the previous day wanted to know whether if he looked in his computer he would really see apps with boxes full of variables in them."

Time to get the Walk-Through Computer (1990 video) out of mothballs?
"Many of the children knew the names of the components within a computer: a chip, memory, a disc, and they were often insistent that there should be a fan in there. They knew that there would be wires inside, and that it would need a battery to make it work...."

But one student confessed that while they knew that a computer was full of both devices and code, "I am not sure what it looked like so I just scribbled."

"In 2012, most CS teacher professional development was paid for by the National Science Foundation or Google." And in the years that followed, 80,000 primary and secondary school teachers received opportunities to learn how to teach computer science without paying any fees -- thanks to tech-bankrolled Code.org.

But is anyone taking the classes? Slashdot reader theodp quotes a Communications of the ACM post by University of Michigan professor Mark Guzdial: In 2013, Code.org began, and they changed the face of CS education in the United States . It started out as just a video (linked here, seen over 14 million times), and grew into an organization that created and provided curriculum, offered teacher professional development, and worked with states and districts around public policy initiatives. A recent report from Code.org showed that 44 states have enacted public policies to promote computing education in the five years from 2013 to 2018, and much of that happened through Code.org's influence....

Now, Code.org has announced that they are starting to scale back their funding, which begins a multi-year transition to shift the burden of paying for teacher professional development to the local regions.... The only question is whether it's too soon. Will local regions step up and demonstrate that they value computer science by paying for it...? I'd guess that many states have between 40% and 70% of their high schools now offering computer science. However, even though many schools offer computer science, there are still few students taking computer science.
Indiana reported that only 0.4% of Indiana high school students had enrolled in their most popular course. Meanwhile in one region in Texas, 54 of 159 high schools offer computer science, yet only 2.3% of their students have ever taken a computer science class. But of course, there's another issue.

"If Code.org (or NSF or Google) are paying for all the development of CS teachers, then the districts don't get to say, 'In our community we care about this and we care less about that.' The U.S. education system is organized around the local regions calling the shots, setting the priorities, and deciding what they want teachers to teach."

A new paper written by Google's user experience researchers delves into the reasons that we can't put down our phones, and starts to explore what companies can do about it. It also calls on the technology industry to reexamine the way it ties engagement to success -- noting that capturing people's attention is not necessarily the best way to measure whether they're satisfied with a product. From a report: For its study, Google focused on a small group of smartphone users and kept tabs on how they used their smartphone throughout a normal day. It also dug into 112 interviews from previous research to evaluate how people felt about their phone use. Researchers Julie Aranda and Safia Baig of Google presented the paper at mobile conference Tuesday in Barcelona. Google used the results of this study to help design its "Digital Wellbeing" tools, which are a part of the company's newest Android operating system and designed to help people curb their smartphone use. The paper provides an overall picture of the reasons people feel they have to be in constant contact with their phones -- though it stops short of evaluating the best ways to combat that.

It does, however, take aim at the basic way that Internet companies -- including Google -- have elevated engagement as the best metric to measure success, creating an economy where attention becomes the most important currency. "We feel that the technology industry's focus on engagement metrics is core to this attention crisis that users are facing," the paper says. "... It's important to consider alternative metrics to indicate success, relating to user satisfaction and quality of time spent."

An anonymous reader quotes a report from TechCrunch: Research scientists at Queen's University's Human Media Lab have built a prototype touchscreen device that's neither smartphone nor tablet but kind of both -- and more besides. The device, which they've christened the MagicScroll, is inspired by ancient (papyrus/paper/parchment) scrolls so it takes a rolled-up, cylindrical form factor -- enabled by a flexible 7.5inch touchscreen housed in the casing. This novel form factor, which they made using 3D printing, means the device can be used like an erstwhile Rolodex (remember those?!) for flipping through on-screen contacts quickly by turning a physical rotary wheel built into the edge of the device. (They've actually added one on each end.) Then, when more information or a deeper dive is required, the user is able to pop the screen out of the casing to expand the visible display real estate. The flexible screen on the prototype has a resolution of 2K. So more mid-tier mobile phone of yore than crisp iPhone Retina display at this nascent stage. The scientists also reckon the scroll form factor offers a pleasing ergonomically option for making actual phone calls too, given that a rolled up scroll can sit snugly against the face. The team posted a video showing the prototype in action. They will be presenting the project at the MobileHCI conference on Human-Computer Interaction in Barcelona next month.

Addressing the bad behaviors on the Internet, that range from social network bullying and misinformation to email spam, distributed denial of service attacks, direct cyberattacks against infrastructure, malware propagation, identity theft, and a host of other ills require a wide range of technical and legal considerations, says Vint Cerf, even as he steers clear that he supports encryption. But is there a way to bring more accountability and traceability on our actions on the internet without compromising our privacy? He has a proposition: What is of interest to me is a concept to which I was introduced at the Ditchley workshop, specifically, differential traceability. The ability to trace bad actors to bring them to justice seems to me an important goal in a civilized society. The tension with privacy protection leads to the idea that only under appropriate conditions can privacy be violated. By way of example, consider license plates on cars. They are usually arbitrary identifiers and special authority is needed to match them with the car owners (unless, of course, they are vanity plates like mine: "Cerfsup"). This is an example of differential traceability; the police department has the authority to demand ownership information from the Department of Motor Vehicles that issues the license plates. Ordinary citizens do not have this authority.

In the Internet environment there are a variety of identifiers associated with users (including corporate users). Domain names, IP addresses, email addresses, and public cryptography keys are examples among many others. Some of these identifiers are dynamic and thus ambiguous. For example, IP addresses are not always permanent and may change (for example, temporary IP addresses assigned at Wi-Fi hotspots) or may be ambiguous in the case of Network Address Translation. Information about the time of assignment and the party to whom an IP address was assigned may be needed to identify an individual user. There has been considerable debate and even a recent court case regarding requirements to register users in domain name WHOIS databases in the context of the adoption of GDPR. If we are to accomplish the simultaneous objectives of protecting privacy while apprehending those engaged in harmful or criminal behavior on the Internet, we must find some balance between conflicting but desirable outcomes.

chicksdaddy shares a report from The Security Ledger: Billions of sensors that are already deployed lack protections against attacks that manipulate the physical properties of devices to cause sensors and embedded devices to malfunction, researchers working in the U.S. and China have warned. In an article in Communications of the ACM, researchers Kevin Fu of the University of Michigan and Wenyuan Xu of Zhejiang University warn that analog signals such as sound or electromagnetic waves can be used as part of "transduction attacks" to spoof data by exploiting the physics of sensors. Researchers say a "return to classic engineering approaches" is needed to cope with physics-based attacks on sensors and other embedded devices, including a focus on system-wide (versus component-specific) testing and the use of new manufacturing techniques to thwart certain types of transduction attacks.

"This is about uncovering the physics of cyber security and how some of the physical properties of systems have been abstracted to the point that we don't have a good way to describe the security of the system," Dr Fu told The Security Ledger in a conversation last week. That is particularly true of sensor driven systems, like those that will populate the Internet of Things. Cyberattacks typically target vulnerabilities in software such as buffer overflows or cross-site scripting. But transduction attacks target the physics of the hardware that underlies that software, including the circuit boards that discrete components are deployed on, or the materials that make up the components themselves. Although the attacks target vulnerabilities in the hardware, the consequences often arise as software systems, such as the improper functioning or denial of service to a sensor or actuator, the researchers said. Hardware and software have what might be considered a "social contract" that analog information captured by sensors will be rendered faithfully as it is transformed into binary data that software can interpret and act on it. But materials used to create sensors can be influenced by other phenomenon -- such as sound waves. Through the targeted use of such signals, the behavior of the sensor can be interfered with and even manipulated. "The problem starts with the mechanics or physics of the material and bubbles up into the operating system," Fu told The Security Ledger.

An anonymous reader writes: The i-Programmer site revisits one of its top stories of 2017, about researchers who used data from GitHub for a large-scale empirical investigation into static typing versus dynamic typing. The team investigated 20 programming languages, using GitHub code repositories for the top 50 projects written in each language, examing 18 years of code involving 29,000 different developers, 1.57 million commits, and 564,625 bug fixes.

The results? "The languages with the strongest positive coefficients - meaning associated with a greater number of defect fixes are C++, C, and Objective-C, also PHP and Python. On the other hand, Clojure, Haskell, Ruby and Scala all have significant negative coefficients implying that these languages are less likely than average to result in defect fixing commits."

Or, in the researcher's words, "Language design does have a significant, but modest effect on software quality. Most notably, it does appear that disallowing type confusion is modestly better than allowing it, and among functional languages static typing is also somewhat better than dynamic typing."

An anonymous reader shares a report: Community college is not flashy and does not make promises about your future employability. You will also likely not learn current way-cool web development technologies like React and GraphQL. In terms of projects, you're more likely to build software for organizing a professor's DVD or textbook collection than you are responsive web apps. I would tell you that all of this is OK because in community college computer science classes you're learning fundamentals, broad concepts like data structures, algorithmic complexity, and object-oriented programming. You won't learn any of those things as deeply as you would in a full-on university computer science program, but you'll get pretty far. And community college is cheap, though that varies depending on where you are. Here in Portland, OR, the local community college network charges $104 per credit. Which means it's possible to get a solid few semesters of computer science coursework down for a couple of grand. Which is actually amazing. In a new piece published in the Communications of the ACM, Silicon Valley researchers Louise Ann Lyon and Jill Denner make the argument that community colleges have the potential to play a key role in increasing equity and inclusion in computer science education. If you haven't heard, software engineering has a diversity problem. Access to education is a huge contributor to that, and Denner and Lyon see community college as something of a solution in plain sight.

theodp writes: Most TV computer scientists are still white men," USA Today reports. "Google wants to change that. Google is calling on Hollywood to give equal screen time to women and minorities after a new study the internet giant funded found that most computer scientists on television shows and in the movies are played by white men. The problem with the hackneyed stereotype of the socially inept, hoodie-clad white male coder? It does not inspire underrepresented groups to pursue careers in computer science, says Daraiha Greene, Google CS in Media program manager, multicultural strategy." According to a Google-funded study conducted by Prof. Stacy L. Smith and the Media, Diversity, & Social Change Initiative at the USC Annenberg School for Communication and Journalism, Google's Computer Science in Media team conducted "CS interventions" with "like-minded people" to create "Google influenced storytelling." The executive summary for a USC study entitled Cracking the Code: The Prevalence and Nature of Computer Science Depictions in Media notes that "Google influenced" TV programs include HBO's Silicon Valley and AMC's Halt and Catch Fire. The USC researchers also note that "non-tech focused programs may offer prime opportunities to showcase CS in unique and counter-stereotypical ways. As the Google Team moves forward in its work with series such as Empire, Girl Meets World, Gortimer Gibbons Life on Normal Street, or The Amazing Adventures of Gumball, it appears the Team is seizing these opportunities to integrate CS into storytelling without a primary tech focus." The study adds, "In the case of certain series, we provided on-going advisement. The Fosters, Miles from Tomorrowland, Halt and Catch Fire, Ready, Jet, Go, The Powerpuff Girls and Odd Squad are examples of this. In addition to our continuing interactions, we engaged in extensive PR and marketing support including social media outreach, events and press."

Google's TV interventions have even spilled over into public education -- one of Google-sponsored Code.org's signature Hour of Code tutorials last December was Gumball's Coding Adventure, inspired by the Google-advised Cartoon Network series, The Amazing Adventures of Gumball. "We need more students around the world pursuing an education in CS, particularly girls and minorities, who have historically been underrepresented in the field," explains a Google CS First presentation for educators on the search giant's Hour of Code partnership with Cartoon Network. "Based on our research, one of the reasons girls and underrepresented minorities are not pursuing computer science is because of the negative perception of computer scientists and the relevance of the field beyond coding." According to a 2015 USC report, President Obama was kept abreast of efforts to challenge media's stereotypical portrayals of women; White House Visitor Records show that USC's Smith, the Google-funded study's lead author, and Google CS Education in Media Program Manager Julie Ann Crommett (now at Disney) were among those present when the White House Council on Women and Girls met earlier that year with representatives of the nation's leading toy makers, media giants, retailers, educators, scientists, the U.S. Dept. of Education, and philanthropists.

A new study by Cardiff University has determined that Twitter can be used to identify dangerous situations up to an hour faster than police reports. From a report: Researchers at Cardiff analyzed 1.6 million tweets relevant to the 2011 London riots. In the town of Enfield, police received reports of disorder an hour and 23 minutes after computer systems could have picked up the same information from Twitter, according to the study. "In this research, we show that online social media are becoming the go-to place to report observations of everyday occurrences -- including social disorder and terrestrial criminal activity," said co-author of the study Pete Burnap.

An anonymous reader shares their thoughts on language popuarity: In the PYPL index, which is based on Google searches and is supposed to be forward looking, the trend is unmistakable. Python is rising fast and Java and others are declining. Combine this with the fact that Python is now the most widely taught language in the universities. In fields such as data science and machine learning, Python is already dominating. "Python where you can, C++ where you must" enterprises are following suit too, especially in data science but for everything else from web development to general purpose computing...

People who complain that you can't build large scale systems without a compiler likely over-rely on the latter and are slaves to IDEs. If you write good unit tests and enforce Test Driven Development, the compiler becomes un-necessary and gets in the way. You are forced to provide too much information to it (also known as boilerplate) and can't quickly refactor code, which is necessary for quick iterations.
The original submission ends with a question: "Is Python going to dominate in the future?" Slashdot readers should have some interesting opinions on this. So leave your own thoughts in the comments. Will Python become the dominant programming language?

This question was inspired by news that Stanford's computer science professor Eric Roberts will try JavaScript instead of Java in a new version of the college's introductory computer programming course. The Stanford Daily reports: When Roberts came to Stanford in 1990, CS106A was still taught in Pascal, a programming language he described as not "clean." The department adopted the C language in 1992. When Java came out in 1995, the computer science faculty was excited to transition to the new language. Roberts wrote the textbooks, worked with other faculty members to restructure the course and assignments and introduced Java at Stanford in 2002... "Java had stabilized," Roberts said. "It was clear that many universities were going in that direction. It's 2017 now, and Java is showing its age." According to Roberts, Java was intended early on as "the language of the Internet". But now, more than a decade after the transition to Java, Javascript has taken its place as a web language.
In 2014 Python and Java were the two most commonly-taught languages at America's top universities, according to an analysis published by the Communications of the ACM. And Java still remains the most-commonly taught language in a university setting, according to a poll by the Special Interest Group on Computer Science Education. In a spreadsheet compiling the results, "Python appears 60 times, C++ 54 times, Java 84 times, and JavaScript 28 times," writes a computing professor at the Georgia Institute of Technology, adding "if Java is dying (or "showing its age"...) it's going out as the reigning champ."

I'm guessing Slashdot's readers have their own opinions about this, so share your educational experiences in the comments. What was your first programming language?

Bleeping Computer warns that "The way users move fingers across a phone's touchscreen alters the WiFi signals transmitted by a mobile phone, causing interruptions that an attacker can intercept, analyze, and reverse engineer to accurately guess what the user has typed...when the attacker controls a rogue WiFi access point." The new WindTalker attack leverages the "channel state information" in WiFi signals. An anonymous reader quotes their article: Because the user's finger moves across the smartphone when he types text, his hand alters CSI properties for the phone's outgoing WiFi signals, which the attacker can collect and log on the rogue access point... By performing basic signal analysis and signal processing, an attacker can separate desired portions of the CSI signal and guess with an average accuracy of 68.3% the characters a user has typed... but it can be improved the more the user types and the more data the attacker collects.
The new attack is described in a research paper titled "When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals."

walterbyrd quotes a report from New Scientist: Experiments with "virtual food" use electronics to emulate the taste and feel of the real thing, even when there's nothing in your mouth. This tech could add new sensory inputs to virtual reality or augment real-world dining experiences, especially for people with restricted diets or health issues that affect their ability to eat. Several projects have succeeded in tricking us into tasting things that aren't there. Nimesha Ranasinghe at the National University of Singapore has already experimented with a "digital lollipop" to emulate different tastes, and a spoon embedded with electrodes that amplify the salty, sour, or bitter flavor of the real food eaten off it. However, his experiments with electrical stimulation had less success simulating sweetness compared to the other tastes. But digitizing this taste could be particularly useful in, for example, helping people cut back on sugary food or drinks. So Ranasinghe and his colleague Ellen Yi-Luen Do started experimenting with thermal stimulation instead. Their new project, presented at the 2016 ACM User Interface Software and Technology Symposium (UIST) in Tokyo, uses changes in temperature to mimic the sensation of sweetness on the tongue. The user places the tip of their tongue on a square of thermoelectric elements that are rapidly heated or cooled, hijacking thermally sensitive neurons that normally contribute to the sensory code for taste. In an initial trial, it worked for about half of participants. Some also reported a sensation of spiciness when the device was warmer (around 35 degrees Celsius) and a minty taste when it was cooler (18 degrees Celsius). Ranasinghe and Do envisage such a system embedded in a glass or mug to make low-sugar drinks taste sweeter.

New submitter gwolf writes: The great educator, creator of the Logo programming language, and the enabler for computer education in the 1980s has passed away. Listing his contributions is impossible in an article summary, but the ACM has published a short in-memoriam note for him. Papert is, without exaggeration, one of the people I owe my career and life choices to.

Researchers have now demonstrated that even with modern laptop, desktop, and server computers, an inexpensive attack can harvest 4,096-bit encryption keys using a parabolic microphone within 33 feet -- or even from 12 inches away, using a cellphone microphone. An anonymous reader quotes this article from The Register: In both cases it took an hour of listening to get the 4,096-bit RSA key... As a computer's processor churns through the encryption calculations, the machine emits a high-frequency "coil whine" from the changing electrical current flowing through its components... The team recommends encryption software writers build in "blinding" routines that insert dummy calculations into cryptographic operations. After discussions with the team, GNU Privacy Guard now does this.

An anonymous reader writes: Lego Robots outfitted with a "finger" made from molded Play-Doh were able to bypass seven different gesture-based security systems at least 70% of the time, according to a new study funded by DARPA. Gestural ID systems "tend to take a rosy view of the security world in which hackers attempt to breach such defenses via crude impersonation," reports Vice, which notes that the systems now turn out to be far less reliable against automated attacks using a careful "forgery" of a user's gestures.

DARPA titled their report "Robotic Robbery on the Touch Screen," writing that it "demonstrates the threat that robots pose to touch-based authentication, and provides compelling evidence as to why the zero-effort attack should cease to be used as the benchmark for touch-based authentication systems."

theodp writes: On Friday, a paper entitled Creative Computation in High School will be presented at SIGCSE '16. "In this paper," explain the paper's authors, "we describe the success of bringing Creative Computation via Processing into two very different high schools...providing a catalyst for significant increases in total enrollment as well as female participation in high school computer science." One of the two schools that participated in the National Science Foundation-supported project — see NSF awards 1323305 & 1323463 for Creative Computation in the Context of Art and Visual Media — was Sidwell Friends School, which a 2013 SMU news release on the three-year, $500K NSF grant noted was best known as the school attended by President Obama's daughters. Interestingly, in a late-2014 interview, the President lamented that his daughters hadn't taken to coding the way he'd like, adding that "part of what's happening is that we are not helping schools and teachers teach it in an interesting way." Hey, nothing that a $4B 'Computer Science For All' K-12 Program can't fix, right?

theodp writes: On Friday, a paper entitled Creative Computation in High School will be presented at SIGCSE '16. "In this paper," explain the paper's authors, "we describe the success of bringing Creative Computation via Processing into two very different high schools...providing a catalyst for significant increases in total enrollment as well as female participation in high school computer science." One of the two schools that participated in the National Science Foundation-supported project — see NSF awards 1323305 & 1323463 for Creative Computation in the Context of Art and Visual Media — was Sidwell Friends School, which a 2013 SMU news release on the three-year, $500K NSF grant noted was best known as the school attended by President Obama's daughters. Interestingly, in a late-2014 interview, the President lamented that his daughters hadn't taken to coding the way he'd like, adding that "part of what's happening is that we are not helping schools and teachers teach it in an interesting way." Hey, nothing that a $4B 'Computer Science For All' K-12 Program can't fix, right?

theodp writes: On Sunday, The Simpsons declared computer coding class the nation's latest educational fad (script). Proving Principal Skinner's point, K12CS.org on Thursday announced a New Framework to Define K-12 Computer Science Education, the collaboration of participants from a number of states (MD, CA, IN, IA, AR, UT, ID, NE, GA, WA), large school districts (NYC, Chicago, San Francisco), technology companies (Microsoft, Google, Apple), organizations (Code.org, ACM, CSTA, ISTE, MassCAN, CSNYC), and individuals (higher ed faculty, researchers, K-12 teachers, and administrators). "A steering committee initially comprised of the Computer Science Teachers Association, the Association for Computing Machinery, and [tech bankrolled and led] Code.org will oversee this project," explained a CSTA blog post. "Funding for the project will be provided by Code.org and the ACM. The framework will identify key K-12 computer science concepts and practices we expect students exiting grades 2, 5, 8, and 12 to know."

In a FAQ, K12CS.org envisions a Programming and Algorithms standard for 1st Graders that calls for the 5-year-olds to "Work collaboratively in clear roles (e.g., pair programming) to construct a problem solution of a sequence of block-based programming commands." A day before the announcement, Politico reported that K-12 CS education is expected to get a State of the Union mention this year, and that the White House and U.S. Dept. of Education have been trolling for CS success stories in conjunction with the announcement of a broad set of new commitments to CS Education in early 2016.

For the entire careers of most practicing computer scientists, a fundamental observation has consistently held true: CPUs are significantly more performant and more expensive than I/O devices. The fact that CPUs can process data at extremely high rates, while simultaneously servicing multiple I/O devices, has had a sweeping impact on the design of both hardware and software for systems of all sizes, for pretty much as long as we've been building them. This assumption, however, is in the process of being completely invalidated.

theodp writes: The WSJ's Yoree Koh reports that computer science has been recognized as important an academic subject as math and English in the new Every Student Succeeds Act, putting it on equal footing with other subjects when state and local policymakers decide how to dole out federal funds. The law is likely to be a boon for tech companies, Koh adds, which constantly face a shortage of engineers to hire, and have backed Code.org to lobby for computer science teaching in schools. "This legislation will increase access to STEM and computer science learning nationwide and will advance some of the goals outlined in Microsoft's National Talent Strategy," said Microsoft in a blog post. "ESSA makes a number of significant improvements to expand access to computer science education by diverse populations in urban, suburban, and rural areas," explained the ACM. As far as CS and STEM goes, the bill calls for "increasing access for students through grade 12 who are members of groups underrepresented in such subject fields, such as female students, minority students, English learners, children with disabilities, and economically disadvantaged students."

An anonymous reader writes: Carnegie Mellon University's CERT security vulnerabilities database has issued an alert regarding the current status of LTE (Long-Term Evolution) mobile networks, which are plagued by four vulnerabilities that allow attackers to spoof phone numbers, overbill clients, create DoS (Denial of Service) states on the phone and network, and even obtain free data transfers without being charged. The vulnerabilities were discovered by 8 scientists which documented them in their research.

theodp writes: New York Times Public Editor Margaret Sullivan questions whether her paper's portrayal of Amazon's brutal workplace was on target, citing a long, passionate response in disagreement from Nick Ciubotariu, a head of infrastructure development at Amazon. Interestingly, Ciubotariu — whose take on Amazon's work-life balance ("I've never worked a single weekend when I didn't want to") was used as Exhibit A by CEO Jeff Bezos to refute the NYT's report — wrote last December of regretting his role as an enabler of his team's "Death March" at a former employer (perhaps Microsoft, judging by Ciubotariu's LinkedIn profile and his essay's HiPo and Vegas references). "I asked if there were any questions," wrote Ciubotariu of a team meeting. "Nadia, one of my Engineers, had one: 'Nick, when will this finally end?' As I looked around the room, I saw 9 completely broken human beings. We had been working over 100 hours a week for the past 2 months. Two of my Engineers had tears on their faces. I did my best to keep from completely breaking down myself. With my voice choking, I looked at everyone, and said: 'This ends right now'." Ciubotariu added, "I hope they can forgive me for being an enabler of their death march, however unwilling, and that I ultimately didn't do enough to stop it. As a 'reward' for all this, I calibrated #1 overall in my organization, and received yet another HiPo nomination and induction, at the cost of a shattered family life, my health, and a broken team. I don't think I ever felt worse in my entire career. If I could give it all back, I would, in an instant, no questions asked. Physically and mentally, I took about a year to heal."

theodp writes: K–12 computer science and information technology teachers head to Grapevine, TX this week for the 2015 CSTA Conference. A glance at the draft agenda shows a remarkable number of presenters employed by or tied to two-year-old Code.org, the tech-bankrolled nonprofit that coincidentally sprung up together with Mark Zuckerberg's FWD.us PAC just months after Microsoft called for the creation of a national K-12 CS and tech immigration crisis to advance its agenda. Code.org's shaping of the nation's CS K-12 education began with the release of its tech-billionaire and celebrity-studded, slickly-produced What Most Schools Don't Teach video, which went viral on YouTube after being promoted by politicians, Facebook, Google, and a Microsoft-sponsored theatrical release, sparking a groundswell of interest in expanding K-12 CS education, succeeding where a similarly-themed-and-messaged but decidedly-amateurish National Science Foundation video of real-but-little-known computer scientists failed just months earlier (YouTube Doubler comparison). (More, below.) "The time is ripe to seize that opportunity," declared the ACM's and Code.org's Cameron Wilson, describing how Code.org was forming a coalition with Microsoft, Google, NSF, NCWIT, ACM, CSTA, and others with the goal of changing policy to support CS education. Computer science educators literally applauded Code.org's efforts, which have led to funding of a number of new K-12 CS projects, and may soon make No Child Left Behind Act funding available for K-12 CS education. Despite promises of transparency, details of the relationship of the National Science Foundation, now-NSF partner Code.org, the White House, ACM, NCWIT, College Board, and Code.org's corporate and billionaire backers — including Microsoft, Google, and Facebook — have never really been explained.

theodp writes: K–12 computer science and information technology teachers head to Grapevine, TX this week for the 2015 CSTA Conference. A glance at the draft agenda shows a remarkable number of presenters employed by or tied to two-year-old Code.org, the tech-bankrolled nonprofit that coincidentally sprung up together with Mark Zuckerberg's FWD.us PAC just months after Microsoft called for the creation of a national K-12 CS and tech immigration crisis to advance its agenda. Code.org's shaping of the nation's CS K-12 education began with the release of its tech-billionaire and celebrity-studded, slickly-produced What Most Schools Don't Teach video, which went viral on YouTube after being promoted by politicians, Facebook, Google, and a Microsoft-sponsored theatrical release, sparking a groundswell of interest in expanding K-12 CS education, succeeding where a similarly-themed-and-messaged but decidedly-amateurish National Science Foundation video of real-but-little-known computer scientists failed just months earlier (YouTube Doubler comparison). (More, below.) "The time is ripe to seize that opportunity," declared the ACM's and Code.org's Cameron Wilson, describing how Code.org was forming a coalition with Microsoft, Google, NSF, NCWIT, ACM, CSTA, and others with the goal of changing policy to support CS education. Computer science educators literally applauded Code.org's efforts, which have led to funding of a number of new K-12 CS projects, and may soon make No Child Left Behind Act funding available for K-12 CS education. Despite promises of transparency, details of the relationship of the National Science Foundation, now-NSF partner Code.org, the White House, ACM, NCWIT, College Board, and Code.org's corporate and billionaire backers — including Microsoft, Google, and Facebook — have never really been explained.

An anonymous reader writes: An article in Communications of the ACM takes a look at how Edward Snowden's revelations about government surveillance have changed privacy behaviors across the world. The results are fairly disappointing. While the news that intelligence agencies were trawling data from everyday citizens sparked an interest in privacy, it was small, and faded quickly. Even through media coverage has continued for a long time after the initial reports, public interest dropped back to earlier levels long ago. The initial interest spike was notably less than for other major news events. Privacy-enhancing behaviors experienced a small surge, but that too failed to impart any long-term momentum. The author notes that the spike in interest "following the removal of privacy-enhancing functions in Facebook, Android, and Gmail" was stronger than the reaction to the government's privacy-eroding actions.

theodp (442580) writes "If at first you don't succeed, lobby, lobby again. That's a lesson to be learned from Microsoft and Google, who in 2010 launched advocacy coalition Computing in the Core, which aimed "to strengthen K-12 computer science education and ensure that computer science is one of the core academic subjects that prepares students for jobs in our digital society." In 2013, Computing in the Core "merged" with Code.org, a new nonprofit led by the next door neighbor of Microsoft's General Counsel and funded by wealthy tech execs and their companies. When Code.org 'taught President Obama to code' in a widely-publicized White House event last December, visitor records indicate that Google, Microsoft, and Code.org execs had a sitdown immediately afterwards with the head of the NSF, and a Microsoft lobbyist in attendance returned to the White House the next day with Microsoft CEO Satya Nadella and General Counsel Brad Smith (who also sits on Code.org's Board) in tow. Looks like all of that hard work may finally pay off. Education Week reports that computer science has been quietly added to the list of disciplines defined as 'core academic subjects' in the Senate draft of the rewritten No Child Left Behind Act, a status that opens the doors to a number of funding opportunities. After expressing concern that his teenage daughters hadn't taken to coding the way he'd like, President Obama added, "I think they got started a little bit late. Part of what you want to do is introduce this with the ABCs and the colors." So, don't be too surprised if your little ones are soon focusing on the four R's — reading, 'riting, 'rithmetic, and Rapunzel — in school!"

An anonymous reader writes: Michael Stonebraker, an MIT researcher who has revolutionized the field of database management systems and founded multiple successful database companies, has won the Association for Computing Machinery's $1 million A.M. Turing Award, often referred to as "the Nobel Prize of computing." In his previous work at the University of California at Berkeley, Stonebraker developed two of his most influential systems, Ingres and Postgres (PDF), which provide the foundational ideas — and, in many cases, specific source code — that spawned several contemporary database products, including IBM's Informix and EMC's Greenplum. Ingres was one of the first relational databases, which provide a more organized way to store multiple kinds of entities – and which now serve as the industry standard for business storage. Postgres, meanwhile, integrated Ingres' ideas with object-oriented programming, enabling users to natively map objects and their attributes into databases. This new notion of "object-relational" databases could be used to represent and manipulate complex data, like computer-aided design, geospatial data, and time series.

theodp (442580) writes "Nice computer industry you got there. Hate to see something bad happen to it." That's the gist of a letter sent by Microsoft, Amazon, Facebook, Google, Code.org, and other tech giants earlier this week asking the WA State Legislature to approve $40M in capital spending to help fund a new $110M University of Washington computer science building ($70M will be raised privately). "As representatives of companies and businesses that rely on a ready supply of high quality computer science graduates," wrote the letter's 23 signatories, "we believe it is critical for the State to invest in this sector in a way that ensures its vibrancy and growth. Our vision is for Washington to continue to lead the way in technology and computer science, but we must keep pace with the vast demand." The UW Dept. of Computer Science & Engineering profusely thanked tech leaders for pressing for a new building, which UW explained "will accommodate a doubling of our enrollment." Coincidentally, the corporate full-press came not long after the ACM Education Council Diversity Taskforce laid out plans "to get companies to press universities to use more resources to create more seats in CS classes" to address what it called "the desperate gap between the rising demand for CS education and the too-few seats available.

An anonymous reader writes HTTP/2 is back in the spotlight again. After drawing significant ire over a proposal for officially sanctioned snooping, the IETF is drawing criticism for plowing ahead with its plans for HTTP/2 on an unrealistically short schedule and with an insufficiently clear charter. A few days ago the IETF announced Last Call for comments on the HTTP/2 protocol.

Poul-Henning Kamp writes, "Some will expect a major update to the world's most popular protocol to be a technical masterpiece and textbook example for future students of protocol design. Some will expect that a protocol designed during the Snowden revelations will improve their privacy. Others will more cynically suspect the opposite. There may be a general assumption of 'faster.' Many will probably also assume it is 'greener.' And some of us are jaded enough to see the "2.0" and mutter 'Uh-oh, Second Systems Syndrome.' The cheat sheet answers are: no, no, probably not, maybe, no and yes."

"Given this rather mediocre grade-sheet, you may be wondering why HTTP/2.0 is even being considered as a standard in the first place. The Answer is Politics. Google came up with the SPDY protocol, and since they have their own browser, they could play around as they choose to, optimizing the protocol for their particular needs. SPDY was a very good prototype which showed clearly that there was potential for improvement in a new version of the HTTP protocol. Kudos to Google for that. But SPDY also started to smell a lot like a 'walled garden'."

"The IETF, obviously fearing irrelevance, hastily 'discovered' that the HTTP/1.1 protocol needed an update, and tasked a working group with preparing it on an unrealistically short schedule. This ruled out any basis for the new HTTP/2.0 other than the SPDY protocol. With only the most hideous of SPDY's warts removed, and all other attempts at improvement rejected as 'not in scope,' 'too late,' or 'no consensus,' the IETF can now claim relevance and victory by conceding practically every principle ever held dear in return for the privilege of rubber-stamping Google's initiative."

An anonymous reader writes: Thomas Haigh, writing for Communications of the ACM, has an in-depth column about Donald Knuth and the history of computer science. It's centered on a video of Knuth giving a lecture at Stanford earlier this year, in which he sadly recounts how we're doing a poor job of capturing the development of computer science, which obscures vital experience in discovering new concepts and overcoming new obstacles. Haigh disagrees with Knuth, and explains why: "Distinguished computer scientists are prone to blur their own discipline, and in particular few dozen elite programs, with the much broader field of computing. The tools and ideas produced by computer scientists underpin all areas of IT and make possible the work carried out by network technicians, business analysts, help desk workers, and Excel programmers. That does not make those workers computer scientists. ... Computing is much bigger than computer science, and so the history of computing is much bigger than the history of computer science. Yet Knuth treated Campbell-Kelly's book on the business history of the software industry (accurately subtitled 'a history of the software industry') and all the rest of the history of computing as part of 'the history of computer science.'"

Nerval's Lobster writes: What programming language will earn you the biggest salary over the long run? According to Quartz, which relied partially on data compiled by employment-analytics firm Burning Glass and a Brookings Institution economist, Ruby on Rails, Objective-C, and Python are all programming skills that will earn you more than $100,000 per year. But salary doesn't necessarily correlate with popularity. Earlier this year, for example, tech-industry analyst firm RedMonk produced its latest ranking of the most-used languages, and Java/JavaScript topped the list, followed by PHP, Python, C#, and C++/Ruby. Meanwhile, Python was the one programming language to appear on Dice's recent list of the fastest-growing tech skills, which is assembled from mentions in Dice job postings. Python is a staple language in college-level computer-science courses, and has repeatedly topped the lists of popular programming languages as compiled by TIOBE Software and others. Should someone learn a language just because it could come with a six-figure salary, or are there better reasons to learn a particular language and not others?

theodp writes Writing in Vanity Fair, U.S. Secretary of Education Arne Duncan marvels that his kids can learn to code online at their own pace thanks to "free" lessons from Khan Academy, which Duncan credits for "changing the way my kids learn" (Duncan calls out his kids' grade school for not offering coding). The 50-year-old Duncan, who complained last December that he "didn't have the opportunity to learn computer skills" while growing up attending the Univ. of Chicago Lab Schools and Yale, may be surprised to learn that the University of Illinois was teaching kids how to program online in the '70s with its PLATO system, and it didn't look all that different from what Khan Academy came up with for his kids 40 years later (Roger Ebert remarked in his 2011 TED Talk that seeing Khan Academy gave him a flashback to the PLATO system he reported on in the '60s). So, does it matter if the nation's education chief — who presides over a budget that includes $69 billion in discretionary spending — is clueless about The Hidden History of Ed-Tech? Some think so. "We can't move forward," Hack Education's Audrey Watters writes, "til we reconcile where we've been before." So, if Duncan doesn't want to shell out $200 to read a 40-year-old academic paper on the subject (that's a different problem!) to bring himself up to speed, he presumably can check out the free offerings at Ed.gov. A 1975 paper on Interactive Systems for Education, for instance, notes that 650 students were learning programming on PLATO during the Spring '75 semester, not bad considering that Khan Academy is boasting that it "helped over 2000 girls learn to code" in 2014 (after luring their teachers with funding from a $1,000,000 Google Award). Even young techies might be impressed by the extent of PLATO's circa-1975 online CS offerings, from lessons on data structures and numerical analysis to compilers, including BASIC, PL/I, SNOBOL, APL, and even good-old COBOL.

CowboyRobot writes: David Chisnall of the University of Cambridge argues that despite the current trend of categorizing processors and accelerators as "general purpose," there really is no such thing and believing in such a device is harmful.

"The problem of dark silicon (the portion of a chip that must be left unpowered) means that it is going to be increasingly viable to have lots of different cores on the same die, as long as most of them are not constantly powered. Efficient designs in such a world will require admitting that there is no one-size-fits-all processor design and that there is a large spectrum, with different trade-offs at different points."

CowboyRobot writes Alex Liu is a senior UI engineer at Netflix and part of the core team leading the migration of Netflix.com to Node.js. He has an article at ACM's Queue in which he describes how JavaScript is used at Netflix. "With increasingly more application logic being shifted to the browser, developers have begun to push the boundaries of what JavaScript was originally intended for. Entire desktop applications are now being rebuilt entirely in JavaScript—the Google Docs office suite is one example. Such large applications require creative solutions to manage the complexity of loading the required JavaScript files and their dependencies. The problem can be compounded when introducing multivariate A/B testing, a concept that is at the core of the Netflix DNA. Multivariate testing introduces a number of problems that JavaScript cannot handle using native constructs, one of which is the focus of this article: managing conditional dependencies."

CowboyRobot writes: HTTPS has evolved into the de facto standard for secure Web browsing. Through the certificate-based authentication protocol, Web services and Internet users first authenticate one another ("shake hands") using a TLS/SSL certificate, encrypt Web communications end-to-end, and show a padlock in the browser to signal that a communication is secure. In recent years, HTTPS has become an essential technology to protect social, political, and economic activities online. At the same time, widely reported security incidents (such as DigiNotar's breach, Apple's #gotofail, and OpenSSL's Heartbleed) have exposed systemic security vulnerabilities of HTTPS to a global audience. The Edward Snowden revelations (notably around operation BULLRUN, MUSCULAR, and the lesser-known FLYING PIG program to query certificate metadata on a dragnet scale) have driven the point home that HTTPS is both a major target of government hacking and eavesdropping, as well as an effective measure against dragnet content surveillance when Internet traffic traverses global networks. HTTPS, in short, is an absolutely critical but fundamentally flawed cybersecurity technology.

CowboyRobot writes: We live in an imperfect world where routing-security incidents can still slip past deployed security defenses, and no single routing-security solution can prevent every attacks. Research suggests, however, that the combination of RPKI (Resource Public Key Infrastructure) with prefix filtering could significantly improve routing security; both solutions are based on whitelisting techniques and can reduce the number of autonomous systems that are impacted by prefix hijacks, route leaks, and path-shortening attacks. "People have been aware of BGP’s security issues for almost two decades and have proposed a number of solutions, most of which apply simple and well-understood cryptography or whitelisting techniques. Yet, many of these solutions remain undeployed (or incompletely deployed) in the global Internet, and the vulnerabilities persist. Why is it taking so long to secure BGP?"

theodp (442580) writes "Over at the Communications of the ACM, a new article — Computing's Narrow Focus May Hinder Women's Participation — suggests that Bill Gates and Steve Jobs should shoulder some of the blame for the dearth of women at Google, Facebook, Apple, Twitter and other tech companies. From the article: "Valerie Barr, chair of ACM's Council on Women in Computing (ACM-W), believes the retreat [of women from CS programs] was caused partly by the growth of personal computers. 'The students who graduated in 1984 were the last group to start college before there was personal computing. So if you were interested in bioinformatics, or computational economics, or quantitative anthropology, you really needed to be part of the computer science world. After personal computers, that wasn't true any more.'" So, does TIME's 1982 Machine of the Year deserve the bad rap? By the way, the ACM's Annual Report discusses its participation in an alliance which has helped convince Congress that there ought to be a federal law making CS a "core subject" for girls and boys: "Under the guidance of the Education Policy Committee, ACM continued its efforts to reshape the U.S. education system to see real computer science exist and count as a core graduation credit in U.S. high schools. Working with the CSTA, the National Center for Women and Information Technology, NSF, Microsoft, and Google, ACM helped launch a new public/private partnership under the leadership of Code.org to strengthen high school level computing courses, improve teacher training, engage states in bringing computer science into their core curriculum guidelines, and encourage more explicit federal recognition of computer science as a key discipline in STEM discussions.""

theodp (442580) writes "Over at the Communications of the ACM, a new article — Computing's Narrow Focus May Hinder Women's Participation — suggests that Bill Gates and Steve Jobs should shoulder some of the blame for the dearth of women at Google, Facebook, Apple, Twitter and other tech companies. From the article: "Valerie Barr, chair of ACM's Council on Women in Computing (ACM-W), believes the retreat [of women from CS programs] was caused partly by the growth of personal computers. 'The students who graduated in 1984 were the last group to start college before there was personal computing. So if you were interested in bioinformatics, or computational economics, or quantitative anthropology, you really needed to be part of the computer science world. After personal computers, that wasn't true any more.'" So, does TIME's 1982 Machine of the Year deserve the bad rap? By the way, the ACM's Annual Report discusses its participation in an alliance which has helped convince Congress that there ought to be a federal law making CS a "core subject" for girls and boys: "Under the guidance of the Education Policy Committee, ACM continued its efforts to reshape the U.S. education system to see real computer science exist and count as a core graduation credit in U.S. high schools. Working with the CSTA, the National Center for Women and Information Technology, NSF, Microsoft, and Google, ACM helped launch a new public/private partnership under the leadership of Code.org to strengthen high school level computing courses, improve teacher training, engage states in bringing computer science into their core curriculum guidelines, and encourage more explicit federal recognition of computer science as a key discipline in STEM discussions.""

itwbennett writes: Python has surpassed Java as the top language used to introduce U.S. students to programming and computer science, according to a recent survey posted by the Association for Computing Machinery (ACM). Eight of the top 10 computer science departments now use Python to teach coding, as well as 27 of the top 39 schools, indicating that it is the most popular language for teaching introductory computer science courses, according to Philip Guo, a computer science researcher who compiled the survey for ACM."

theodp writes:Google recently announced Global Impact Awards for Computer Science, part of the company's $50 million investment to get girls to code. But Google's influence over K-12 CS education doesn't stop there. The Sun-Times reports that Chicago Public School (CPS) teachers are participating in a summer professional development program hosted by Google as part of the district's efforts to "saturate" schools with CS within 3 years: "The launch of CS4All [Computer Science for All], in partnership with Code.org and supported by Google, starts this fall in 60 CPS schools to try to bridge the digital divide and prepare students." And in two weeks, the Computer Science Teachers Association [CSTA] and Google will be presenting the National Computer Science Principles Education Summit. "Attendees at this event have been selected through a rigorous application process that will result in more than 70 educators and administrators working together to strategize about getting this new Advanced Placement course implemented in schools across the country," explains CSTA. The ACM, NSF, Google, CSTA, Microsoft, and NCWIT worked together in the past "to provide a wide range of information and guidance that would inform and shape CS education efforts," according to the University of Chicago, which notes it's now conducting a follow-up NSF-funded study — Barriers and Supports to Implementing Computer Science — that's advised by CPS, CSTA, and Code.org.

An anonymous reader writes A team of researchers at the UC Santa Barbara and RWTH Aachen presented new findings on the relationship of spam actors [abstract; full paper here] at the ACM Symposium on Information, Computer and Communications Security. This presents the first end-to-end analysis of the spam delivery ecosystem including: harvesters crawl the web and compile email lists, botmasters infect and operate botnets, and spammers rent botnets and buy email lists to run spam campaigns. Their results suggest that spammers develop a type of "customer loyalty"; spammers likely purchase preferred resources from actors that have "proven" themselves in the past. Previous work examined the market economy of the email address market in preparatory work: 1 million email addresses were offered on the examined forum for anywhere ranging between 20 and 40 Euros.

An anonymous reader writes A team of researchers at the UC Santa Barbara and RWTH Aachen presented new findings on the relationship of spam actors [abstract; full paper here] at the ACM Symposium on Information, Computer and Communications Security. This presents the first end-to-end analysis of the spam delivery ecosystem including: harvesters crawl the web and compile email lists, botmasters infect and operate botnets, and spammers rent botnets and buy email lists to run spam campaigns. Their results suggest that spammers develop a type of "customer loyalty"; spammers likely purchase preferred resources from actors that have "proven" themselves in the past. Previous work examined the market economy of the email address market in preparatory work: 1 million email addresses were offered on the examined forum for anywhere ranging between 20 and 40 Euros.

theodp (442580) writes AP Computer Science is taught in just 10% of our high schools," lamented The White House last December as President Obama kicked off CSEdWeek. "China teaches all of its students one year of computer science." And the U.S. Dept. of Education has made the AP CS exam its Poster Child for inequity in education (citing a viral-but-misinterpreted study). But ignored in all the hand-wringing over low AP CS enrollment is one huge barrier to the goal of AP-CS-for-all: College Board materials indicate that the average 11th grader's combined PSAT/NMSQT score of 96 in reading and math gives him/her only a 20%-30% probability of getting a score of '3' on the AP CS exam (a score '4' or '5' may be required for college credit). The College Board suggests schools tap a pool of students with a "60-100% likelihood of scoring 3 or higher", so it's probably no surprise that CS teachers are advised to turn to the College Board's AP Potential tool to identify students who are likely to succeed (sample Student Detail for an "average" kid) and send their parents recruitment letters — Georgia Tech even offers some gender-specific examples — to help fill class rosters.

CowboyRobot writes: 'In ACM's Queue, Thomas Wadlow argues that "Whom you trust, what you trust them with, and how much you trust them are at the center of the Internet today." He gives a checklist of what to look for when evaluating any system for trustworthiness, chock full of fascinating historical examples. These include NASA opting for a simpler, but more reliable chip; the Terry Childs case; and even an 18th century "semaphore telegraph" that was a very early example of steganographic cryptography. From the article: "Detecting an anomaly is one thing, but following up on what you've detected is at least as important. In the early days of the Internet, Cliff Stoll, then a graduate student at Lawrence Berkeley Laboratories in California, noticed a 75-cent accounting error on some computer systems he was managing. Many would have ignored it, but it bothered him enough to track it down. That investigation led, step by step, to the discovery of an attacker named Markus Hess, who was arrested, tried, and convicted of espionage and selling information to the Soviet KGB."'

davecb (6526) writes "At Guido von Rossum's urging, Mike Bland has a look at detecting and fixing the "goto fail" bug at ACM Queue. He finds the same underlying problem in both in the Apple and Heartbleed bugs, and explains how to not suffer it again." An excerpt: "WHY DIDN'T A TEST CATCH IT? Several articles have attempted to explain why the Apple SSL vulnerability made it past whatever tests, tools, and processes Apple may have had in place, but these explanations are not sound, especially given the above demonstration to the contrary in working code. The ultimate responsibility for the failure to detect this vulnerability prior to release lies not with any individual programmer but with the culture in which the code was produced. Let's review a sample of the most prominent explanations and specify why they fall short. Adam Langley's oft-quoted blog post13 discusses the exact technical ramifications of the bug but pulls back on asserting that automated testing would have caught it: "A test case could have caught this, but it's difficult because it's so deep into the handshake. One needs to write a completely separate TLS stack, with lots of options for sending invalid handshakes.""

davecb (6526) writes "At Guido von Rossum's urging, Mike Bland has a look at detecting and fixing the "goto fail" bug at ACM Queue. He finds the same underlying problem in both in the Apple and Heartbleed bugs, and explains how to not suffer it again." An excerpt: "WHY DIDN'T A TEST CATCH IT? Several articles have attempted to explain why the Apple SSL vulnerability made it past whatever tests, tools, and processes Apple may have had in place, but these explanations are not sound, especially given the above demonstration to the contrary in working code. The ultimate responsibility for the failure to detect this vulnerability prior to release lies not with any individual programmer but with the culture in which the code was produced. Let's review a sample of the most prominent explanations and specify why they fall short. Adam Langley's oft-quoted blog post13 discusses the exact technical ramifications of the bug but pulls back on asserting that automated testing would have caught it: "A test case could have caught this, but it's difficult because it's so deep into the handshake. One needs to write a completely separate TLS stack, with lots of options for sending invalid handshakes.""

First time accepted submitter ChelleChelle2 (2908449) writes "Edward Snowden's release of classified material exposing the existence of numerous global surveillance programs (obtained while working as an NSA contractor at Booz Allen Hamilton) has been referred to as 'the most damaging breach of secrets in U.S. history.' Regardless of whether one choses to champion or condemn Snowden's actions, it is apparent that the NSA needs to dramatically rework its security measures. In this article Bob Toxen, renown author of several books and articles on Linux Security, discusses the security practices that could have stopped Snowden. Equally interesting, he weighs in on the constitutionality and morality of the NSA's spying on all Americans."

CowboyRobot (671517) writes "Erik Meijer, known for his contributions to Haskell, C#, Visual Basic, Hack, and LINQ, has an article at the ACM in which he argues that 'Mostly functional' programming does not work. 'The idea of "mostly functional programming" is unfeasible. It is impossible to make imperative programming languages safer by only partially removing implicit side effects. Leaving one kind of effect is often enough to simulate the very effect you just tried to remove. On the other hand, allowing effects to be "forgotten" in a pure language also causes mayhem in its own way. Unfortunately, there is no golden middle, and we are faced with a classic dichotomy: the curse of the excluded middle, which presents the choice of either (a) trying to tame effects using purity annotations, yet fully embracing the fact that your code is still fundamentally effectful; or (b) fully embracing purity by making all effects explicit in the type system and being pragmatic by introducing nonfunctions such as unsafePerformIO. The examples shown here are meant to convince language designers and developers to jump through the mirror and start looking more seriously at fundamentalist functional programming.'"