Slashdot Mirror

An anonymous reader writes with a link to VentureBeat's article on the information that GitHub released this week about the top-ten languages used by GitHub's users, and how they've changed over the site's history. GitHub's chart shows the change in rank for programming languages since GitHub launched in 2008 all the way to what the site's 10 million users are using for coding today. To be clear, this graph doesn't show the definitive top 10 programming languages. Because GitHub has become so popular (even causing Google Code to shut down), however, it still paints a fairly accurate picture of programming trends over recent years. Trend lines aside, here are the top 10 programming languages on GitHub today: 1. JavaScript 2. Java 3. Ruby 4. PHP 5. Python 6. CSS 7. C++ 8. C# 9. C 10. HTML

An anonymous reader writes: The Core Infrastructure Initiative (CII), a project managed by The Linux Foundation, is developing a new free Badge Program, seeking input from the open source community on the criteria to be used to determine security, quality and stability of open source software. The first draft of the criteria is available on GitHub and is spearheaded by David A. Wheeler, an open source and security research expert who works for the Institute for Defense Analyses and is also coordinating the CII's Census Project, and Dan Kohn, a senior adviser on the CII.

jones_supa writes: As pointed out by a Redditor, it seems that suspending the machine is not officially supported by SteamOS anymore. A SteamOS user opened a bug report due to his controllers being unresponsive after a suspend cycle. To this, a Valve engineer bluntly reported that "suspend is no longer supported". He further explained the issue by saying that given the state of hardware and software support throughout the graphics stack on Linux, the team didn't think that they could make the feature work reliably.

Think of C.H.I.P as a tablet computer that runs Linux instead of Android, "without the tablet bits," says interviewee Dave, who gave a talk -- which was mostly live demos -- at OSCON 2015. 50,000 C.H.I.P.s have already sold for $9 through their successful Kickstarter campaign, and Next Thing Co. plans to stick with the $9 price for the foreseeable future -- plus add-on boards (that they call "shields") they hope to sell you, but that won't flatten any but the skinniest wallets; given the projected price scale, you'll have trouble spending as much as $50 for a fully-accessorized C.H.I.P. unit.

"But," you may ask, "is C.H.I.P. Open Source?" You bet! No hedging here, just flat-out Open Source, from the bottom to the top, with all software (and hardware specs) freely available via GitHub. And lastly, the "I'll Be Your $9 Computer Today' statement in the headline above is allegorical, not factual. We've seen projected shipping dates for C.H.I.P ranging from "by the end of 2015" to a simple "2016." Either way, we're waiting with bated breath.

mask.of.sanity writes: Tarek Loubani, an emergency physician working in the Gaza strip, has 3D-printed a 30-cent stethoscope that beats the world's best $200 equivalent as part of a project to bottom-out the cost of medical devices. Loubani together with a team of medical and technology specialists designed the stethoscope and tested it against global standard benchmarks, finding it out performed the gold-standard Littmann Cardiology 3. They now intend to make a range of ultra-low cost medical devices for the developing world.

It cost about US$10,000 to develop, and has been released as an open source model for anyone to use. Loubani says the project is following the footsteps of the free software movement and aims to replace expensive proprietary solutions. He hopes that within 25 years the devices will be common-place in the Third World, and be the "Apache of the medical world."

Engadget reports that Harvard student Aran Khanna, who was about to begin an internship at Facebook, had that internship yanked after he created (and took down, but evidently too slowly for the company's taste) a browser plug-in that exposed a security flaw in Facebook, by allowing users to discover the location of other users when they use the Messenger app. Surely Khanna won't be jobless or internship-less for long. (Don't expect the app to work now; it's still in the Chrome store as a historical artifact, though, and at GitHub.)

An anonymous reader writes: GitHub today launched a unified desktop version for Mac and Windows — you can download it from desktop.github.com. GitHub Desktop will automatically replace the previous Mac and Windows apps and can be used alongside GitHub Enterprise. Venturebeat reports: "...GitHub was tired of the differences between its two apps and decided it was time to align them. The hope is that if Mac and Windows users have the same workflow, it will be easier for them to work together (and for individual users to switch between the two platforms)."

An anonymous reader writes: Video codec licensing has never been great, and it's gotten even more complicated and expensive in recent years. While H.264 had a single license pool and an upper bound on yearly licensing costs, successor H.265 has two pools (so far) and no limit. Cisco has decided that this precludes the use of H.265 in open source or other free-as-in-beer software, so they've struck out on their own to create a new, royalty-free codec called Thor. They've already open-sourced the code and invited contributions.

Cisco says, "The effort is being staffed by some of the world's most foremost codec experts, including the legendary Gisle Bjøntegaard and Arild Fuldseth, both of whom have been heavy contributors to prior video codecs. We also hired patent lawyers and consultants familiar with this technology area. We created a new codec development process which would allow us to work through the long list of patents in this space, and continually evolve our codec to work around or avoid those patents."

An anonymous reader writes: One of the more interesting aspects of Microsoft's Windows 10 push is their desire to see it running on hobbyist hardware platforms. Today they released Windows 10 IoT Core for the Raspberry Pi 2 and the MinnowBoard Max. They say, "Windows 10 IoT Core is a new edition for Windows targeted towards small, embedded devices that may or may not have screens. For devices with screens, Windows 10 IoT Core does not have a Windows shell experience; instead you can write a Universal Windows app that is the interface and "personality" for your device." Microsoft has posted a list of release notes for this version, calling out improved support for Python and Node.js, significantly improved GPIO performance, and more electronics support for breakout boards. Under a heading cheekily named 'Developers, Developer, Developers,' they lay out their plan for language support and provide a code sample.

New submitter pRobotika writes: Designing the behavior of robot swarms is difficult; the larger the group, the more tricky it is to predict its dynamics and the causes of errors. Buzz is a new open-source programming language specifically for robot swarms. It's designed for ease of use and is inspired by well-known programming languages such as JavaScript, Python and Lua. Buzz also includes a number of constructs specifically designed for swarm-level development. The “swarm” construct allows a developer to split the robots into multiple groups and assign a specific task to each. Swarms can be created, disbanded, and modified dynamically. The “neighbors” construct captures an important concept in swarm systems: locality. In nature, individuals interact directly and only with nearby swarm-mates. Interactions include communication, obstacle avoidance or leader following. The neighbors construct provides functions to mimic these mechanisms.

An anonymous reader writes: Previously known as Project Islandwood, Microsoft today released an early version of Windows Bridge for iOS, a set of tools that will allow developers to port iOS apps to Windows. The announcement reads in part: "We're releasing the iOS bridge as an open-source project under the MIT license. Given the ambition of the project, making it easy for iOS developers to build and run apps on Windows, it is important to note that today's release is clearly a work-in-progress — some of the features demonstrated at Build are not yet ready or still in an early state. Regardless, we'd love for the interested and curious to look at the bridge, and compare what we're building with your app's requirements. And, for the really ambitious, we invite you to help us by contributing to the project, as community contributors — with source code, tests, bug reports, or comments. We welcome any and all participation in building this bridge." The source code is available now on Github.

lars_doucet writes: Released in 2012, Microsoft's TypeScript is perhaps the best-known "compile to JS" language, but it wasn't the first. One of the earliest was Haxe, whose JS target first appeared in 2006. In his illuminating article, TypeScript vs Haxe, Andy Li gives an excellent rundown of the two languages' various merits, but the bottom line is: "Existing JS developers will favor TypeScript as they are more similar in many ways. They can utilize their existing skills immediately. Non-JS developers with backgrounds like Java/C# or even from the functional programming world will appreciate Haxe more since it fixes a lot of weirdness of JS." The full article includes an excellent rundown of the type systems, syntax, scope handling, compilers, and overall language design philosophy.

lars_doucet writes: Released in 2012, Microsoft's TypeScript is perhaps the best-known "compile to JS" language, but it wasn't the first. One of the earliest was Haxe, whose JS target first appeared in 2006. In his illuminating article, TypeScript vs Haxe, Andy Li gives an excellent rundown of the two languages' various merits, but the bottom line is: "Existing JS developers will favor TypeScript as they are more similar in many ways. They can utilize their existing skills immediately. Non-JS developers with backgrounds like Java/C# or even from the functional programming world will appreciate Haxe more since it fixes a lot of weirdness of JS." The full article includes an excellent rundown of the type systems, syntax, scope handling, compilers, and overall language design philosophy.

tobiasly writes: A serious bug in the just-released .NET 4.6 runtime causes the JIT compiler to generate incorrectly-optimized code which results in methods getting called with different parameters than what were passed in. Nick Craver of Stack Exchange has an excellent write-up of the technical details and temporary workarounds; Microsoft has acknowledged the problem and submitted an as-yet unreleased patch.

This problem is compounded by Microsoft's policy of replacing the existing .NET runtime, as opposed to the side-by-side runtimes which were possible until .NET 2.0. This means that even if your project targets .NET 4.5, it will get the 4.6 runtime if it was installed on that machine. Since it's not possible to install the just-released Visual Studio 2015 without .NET 4.6, this means developers must make the difficult choice between using the latest tools or risking crippling bugs such as this one.

tobiasly writes: A serious bug in the just-released .NET 4.6 runtime causes the JIT compiler to generate incorrectly-optimized code which results in methods getting called with different parameters than what were passed in. Nick Craver of Stack Exchange has an excellent write-up of the technical details and temporary workarounds; Microsoft has acknowledged the problem and submitted an as-yet unreleased patch.

This problem is compounded by Microsoft's policy of replacing the existing .NET runtime, as opposed to the side-by-side runtimes which were possible until .NET 2.0. This means that even if your project targets .NET 4.5, it will get the 4.6 runtime if it was installed on that machine. Since it's not possible to install the just-released Visual Studio 2015 without .NET 4.6, this means developers must make the difficult choice between using the latest tools or risking crippling bugs such as this one.

New submitter jumpjoe writes: Drones are becoming a staple of everyday news. Drone swarms are the natural extension of the drone concept for applications such as search and rescue, mapping, and agricultural and industrial monitoring. A new programming language, compiler, and virtual machine were recently introduced to specify the behaviour of an entire swarm with a single program. This programming language, called Buzz, allows for self-organizing behaviour to accomplish complex tasks with simple program. Details on the language and examples are available here. Full disclosure: I am one of the authors of the paper.

rjmarvin writes: A GitHub project is using the 23andMe API for genetic decoding to act as a way to bar users from entering websites based on their genetic data — race and ancestry. "Stumbling around GitHub, I came across this bit of code: Genetic Access Control. Now, budding young racist coders can check out your 23andMe page before they allow you into their website! Seriously, this code uses the 23andMe API to pull genetic info, then runs access control on the user based on the results. Just why you decide not to let someone into your site is up to you, but it can be based on any aspect of the 23andMe API. This is literally the code to automate racism."

jones_supa writes: Now that Renderman has been available for free for non-commercial use for a while, there has been many requests for integration with Blender. An initiative spearheaded by Pixar now presents the first Blender to Renderman plugin. With the release of PRMan 20, a small group of developers headed by Brian Savery of Pixar have been working on support for using Renderman and Blender together. The plugin is still in early alpha but has had many great developments in the last few weeks. The source code is available in GitHub.

msm1267 writes: Hardware hacker Samy Kamkar has picked up where anonymity device ProxyHam left off. After a DEF CON talk on ProxyHam was mysteriously called off, Kamkar went to work on developing ProxyGambit, a similar device that allows a user to access the Internet without revealing their physical location.

A description on Kamkar's site says ProxyGambit fractures traffic from the Internet through long distance radio links or reverse-tunneled GSM bridges that connect and exit the Internet through wireless networks far from the user's physical location. ProxyHam did not put as much distance between the user and device as ProxyGambit, and routed its signal over Wi-Fi and radio connections. Kamkar said his approach makes it several times more difficult to determine where the original traffic is coming from.

Earthquake Retrofit writes: The NSA's systems integrity management platform — SIMP — was released to the code repository GitHub over the weekend. NSA said it released the tool to avoid duplication after US government departments and other groups tried to replicate the product in order to meet compliance requirements set by US Defence and intelligence bodies. "By releasing SIMP, the agency seeks to reduce duplication of effort and promote greater collaboration within the community: the wheel would not have to be reinvented for every organisation," the NSA said in a release.

descubes writes: ELIoT (Extensible Language for the Internet of Things) is a new programming language designed to facilitate distributed programming. A code sample with less than 20 lines of code looks like a single program, but really runs on three different computers to collect temperature measurements and report when they differ. ELIoT transforms a simple sensor API into a rich, remotely-programmable API, giving your application the opportunity to optimize energy usage and minimize network traffic.

Using fewer resources than Bash, and capable of serving hundreds of clients easily on a Raspberry Pi, ELIoT transparently sends program fragments around, but also the data they need to function, e.g. variable values or function definitions. This is possible because, like in Lisp, programs are data. ELIoT has no keywords, and program constructs such as loops or if-then-else are defined in the library rather than in the language. This makes the language very flexible and extensible, so that you can adapt it to the needs of your application.

The project is still very young (published last week), and is looking for talented developers interested in distributed programming, programming languages or language design.

Nerval's Lobster writes: WebAssembly is the next stage in the evolution of client-side scripting. In theory, it will improve on JavaScript's speed. That's not to say that JavaScript is a slowpoke: Incremental speed improvements have included the rollout of asm.js (an optimized subset) in 2013. But WebAssembly—while not a replacement for JavaScript—is intended as a "cure" for a variety of issues where JavaScript isn't always a perfect fit, including video editing, encryption, peer-to-peer, and more. (Here's a full list of the Web applications that WebAssembly could maybe improve.) If WebAssembly is not there to replace JavaScript but to complement it, the key to the integration rests with the DOM and Garbage Collected Objects such as JavaScript strings, functions (as callable closures), Typed Arrays and Typed objects. The bigger question is, will WebAssembly actually become something big, or is it ultimately doomed to suffer the fate of other hyped JavaScript-related platforms such as Dart (a Google-only venture), which attracted buzz ahead of a Minimum Viable Product release, only to quickly fade away afterward?

Gobot, it says here, "is a framework for robotics, physical computing, and the Internet of Things, written in the Go programming language." And in today's video, interviewee Adrian Zankich (AKA "Serious Programming Guy at The Hybrid Group") says that an unadorned robot ball -- in this case the Sphero -- is about the least threatening robot you can possibly use to teach entry-level robot programming. Start with Go language? Cylon.js? Use whichever you prefer, Adrian says. Mix and match. It's all fun, and they're both great ways to get into programming for robotics and Internet of Things applications. Open source? You bet. Here's the Hybrid Group's gobot GitHub repository for your perusing pleasure. This (and more) is all in the video, which Tim Lord shot at the recent Solid Conference, where there was a rather high background noise level (but thankfully not high enough to make Adrian hard to understand). And besides the video, there's even more material in the transcript.

An anonymous reader writes: A notice at bitcoin.org warns users of the cryptocurrency that many miners are currently generating invalid blocks. The cause seems to be out-of-date software, and software that assumed blocks were valid instead of checking them. They explain further "For several months, an increasing amount of mining hash rate has been signaling its intent to begin enforcing BIP66 strict DER signatures. As part of the BIP66 rules, once 950 of the last 1,000 blocks were version 3 (v3) blocks, all upgraded miners would reject version 2 (v2) blocks. Early morning UTC on 4 July 2015, the 950/1000 (95%) threshold was reached. Shortly thereafter, a small miner (part of the non-upgraded 5%) mined an invalid block--as was an expected occurrence. Unfortunately, it turned out that roughly half the network hash rate was mining without fully validating blocks (called SPV mining), and built new blocks on top of that invalid block. Note that the roughly 50% of the network that was SPV mining had explicitly indicated that they would enforce the BIP66 rules. By not doing so, several large miners have lost over $50,000 dollars worth of mining income so far."

New submitter mjvzb writes: Ever wish compiling was more fun? Well, I recently implemented Tetris as a C++ template metaprogram (code at Github). The game is played by recompiling its source, taking player input by compiler flag. The runtime program is only needed to print the game screen to the console and save the game state across compiler runs.

Implementing Tetris in templates is not as horrific as you may imagine, and I've put together a post covering the details. Once you get over the syntax, C++ metaprogramming is just like functional programming.

kfogel writes: Microsoft Research has open sourced WorldWide Telescope, releasing it under the MIT license and donating the code to the .NET Foundation. The code is up on GitHub at github.com/WorldWideTelescope, and there are demos and more details at WorldWideTelescope.org. Go forth and explore!

bmearns writes: Amazon has announced a new library called "s2n," an open source implementation of SSL/TLS, the cryptographic security protocols behind HTTPS, SSH, SFTP, secure SMTP, and many others. Weighing in at about 6k lines of code, it's just a little more than 1% the size of OpenSSL, which is really good news in terms of security auditing and testing. OpenSSL isn't going away, and Amazon has made clear that they will continue to support it. Notably, s2n does not provide all the additional cryptographic functions that OpenSSL provides in libcrypto, it only provides the SSL/TLS functions. Further more, it implements a relatively small subset of SSL/TLS features compared to OpenSSL.

George Maschke writes: Patrick G. Eddington writes in a Christian Science Monitor op-ed about indications that the government may be snooping on users of Surespot, a free and open source encrypted messaging app for Android and iOS. Such users include, but are hardly limited to, Islamic State militants. He writes in the piece: "Has encrypted chat service Surespot been compromised by the US government? Surespot user and former Army intelligence officer George Maschke recently published a provocative theory suggesting the answer is yes. Mr. Maschke’s key pieces of evidence are intriguing. In May 2014, he e-mailed 2Fours LLC, which is Surespot’s parent company, asking whether the company had ever received a National Security Letter (NSL), a court order to provide information, or other government request to cooperate in an investigation. He was assured in writing that 2Fours had received no such requests. That changed in November 2014, when Surespot’s founder, Adam Patacchiola, told Maschke via e-mail that 'we have received an e-mail asking us how to submit a subpoena to us which we haven’t received yet.'"

An anonymous reader writes: Deque Systems, a company which focuses on web accessibility, has just released aXe (The Accessibility Engine). aXe is an open-source JavaScript library consisting of accessibility testing rules which can be integrated into any testing framework that supports JavaScript execution. The intent behind aXe is to allow developers testing their products for accessibility compliance to easily integrate a common set of rules into their workflow. The goal is to standardize both automated accessibility testing and test results, and to make incorporating accessibility testing and compliance into web-based products easier for developers. The source code is available on GitHub.

knightsirius writes: Indian broadband and cellular operator Airtel was discovered to be injecting third-party JavaScript files into web pages delivered over their wireless networks. A developer was viewing the source of his own blog and noticed the additional script when viewed on a Airtel connection. He traced the file back to Flash Networks, an Israel-based company, which specializes in "network monetization" and posted the source on GitHub. Since then, he has received a cease-and-desist from Flash Networks and the code on GitHub has been removed following a DMCA takedown notice.

Readers may remember Airtel from its previous dubious record with network neutrality.

paroneayea writes: GNU MediaGoblin has released version 0.8.0 dubbed "A Gallery of Fine Creatures". This release includes a number of improvements including an upgrade to GStreamer 1.0, improved video thumbnailing, and preliminary Python 3 support. Additionally, an improved Social API support making use of the Pump API means that existing pump.io clients like Pumpa and Dianara are now compatible with MediaGoblin. This coincides with work underway by MediaGoblin developers working with the W3C Social Working Group to build a general federation standard, of which a draft submission to the group is already in progress.

TopSpin writes: Rust 1.0 has arrived, and release parties in Paris, LA and San Francisco are taking place today. From the Rust Programming Language blog: "The current Rust language is the result of a lot of iteration and experimentation. The process has worked out well for us: Rust today is both simpler and more powerful than we originally thought would be possible. But all that experimentation also made it difficult to maintain projects written in Rust, since the language and standard library were constantly changing. The 1.0 release marks the end of that churn. This release is the official beginning of our commitment to stability, and as such it offers a firm foundation for building applications and libraries. From this point forward, breaking changes are largely out of scope (some minor caveats apply, such as compiler bugs)." You can read about specific changes in the changelog.

New submitter rombust writes: Will ClanLib turn around the tides and finally challenge SDL? The latest 4.0 release already offers what Unity and the Unreal Engine charges 30% for, but now after 16 years of development, using only hobbyist developers, it will take on the giant of open source game SDKs! Dedication that's rarely found in the Open Source community without commercial backing.

itwbennett writes: A team of developers has created a rootkit for Linux systems that uses the processing power and memory of graphics cards instead of CPUs in order to remain hidden. The rootkit, called Jellyfish, is a proof of concept designed to demonstrate that completely running malware on GPUs is a viable option. Such threats could be more sinister than traditional malware programs, according to the Jellyfish developers, in part because there are no tools to analyze GPU malware, they said.

jones_supa writes: Twitter has killed off an interesting trend of playing DOS games in tweets. Last week, users discovered they could use the new "Twitter Cards" embedding feature to bundle full DOS games within tweets. Running DOSBox inside the web browser is possible thanks to an Emscripten port of DOSBox called Em-DOSBox. The games were pulled from Internet Archive's collection of 2,600 classic titles, many of which still lack proper republishing agreements with the copyright holder. So, is embedding games within Twitter Cards, against the social network's terms of service? Either way, Twitter has now blocked such activity, likely after seeing the various news reports and a stream of Street Fighter II, Wolfenstein 3D and Zool cheering up people's timelines.

Orome1 writes with a snippet from a report at net-security.org; a hacker going by Hephaestos has shared with the world a Python script that, when put on an USB thumb drive, turns the device in an effective kill switch for the computer to which it's plugged in. USBkill, as the programmer dubbed it, "waits for a change on your USB ports, then immediately kills your computer." The device would be useful "in case the police comes busting in, or steals your laptop from you when you are at a public library," Hephaestos explained.

According to Wikipedia, 'Project Ara is the codename for an initiative that aims to develop an open hardware platform for creating highly modular smartphones.' Google is the sponsor, and the project seems to be moving faster than some people expect it to. There's a Project Ara website, of course, a GitHub repository, a Facebook page, even an Ara subreddit. During his conversation with Timothy Lord, Ara firmware project lead (and spokesman) Marti Bolivar said it won't be long before prototype Ara modular phones start user testing. Meanwhile, if you want to see what Marti and his coworkers have been up to lately, besides this interview, you can read a transcription of his talk (including slides) from the January Project Ara Developers Conference in Singapore.

mrflash818 writes: A new report from analytics service SourceDNA found that roughly 1,500 iOS apps (with about 2 million total installs) contain a vulnerability that cripples HTTPS and makes man-in-the-middle attacks against those apps easy to pull off. "The weakness is the result of a bug in an older version of the AFNetworking, an open-source code library that allows developers to drop networking capabilities into their apps. Although AFNetworking maintainers fixed the flaw three weeks ago with the release of version 2.5.2, at least 1,500 iOS apps remain vulnerable because they still use version 2.5.1. That version became available in January and introduced the HTTPS-crippling flaw."

An anonymous reader writes "After nearly two years of waiting for Mojang to fix a security vulnerability that can be used to crash Minecraft servers, programmer Ammar Askar has released a proof of concept exploit for the flaw in the hopes that this will force them to do something about it. "Mojang is no longer a small indie company making a little indie game, their software is used by thousands of servers, hundreds of thousands people play on servers running their software at any given time. They have a responsibility to fix and properly work out problems like this," he noted." Here is Askar's own post on the exploit, and his frustration with the response he's gotten to disclosing it to the developers.

An anonymous reader writes Are the days of Microsoft's proprietary compiler over? Microsoft has announced they've started work on a new .NET compiler using LLVM and targets their CoreCLR — any C# program written for the .NET core class libraries can now run on any OS where CoreCLR and LLVM are supported. Right now the compiler only supports JIT compilation but AOT is being worked on along with other features. The new Microsoft LLVM compiler is called LLILC and is MIT-licensed.

An anonymous reader writes Are the days of Microsoft's proprietary compiler over? Microsoft has announced they've started work on a new .NET compiler using LLVM and targets their CoreCLR — any C# program written for the .NET core class libraries can now run on any OS where CoreCLR and LLVM are supported. Right now the compiler only supports JIT compilation but AOT is being worked on along with other features. The new Microsoft LLVM compiler is called LLILC and is MIT-licensed.

New submitter mathiasfriman writes: SverigeLinux (SwedenLinux in Swedish) is a project financed by the Swedish Internet Fund that is developing a Linux deployment system for the public sector. It is based on DebianLAN and has just released its first public early alpha version. This 7 minute video shows how you can deploy up to 100 workstations with minimal Linux knowledge in under an hour, complete with DHCP, DNS and user data in LDAP, logins using Kerberos and centralized storage. The project has a home on GitHub and is looking for testers and developers. Don't worry, no Björgen Kjörgen; it's all in English.

Nerval's Lobster writes In 2004, Steve Coast set up OpenStreetMap (OSM) in the U.K. It subsequently spread worldwide, powered by a combination of donations and volunteers willing to do ground surveys with tools such as handheld GPS units, notebooks, and digital cameras. JavaScript libraries and plugins for WordPress, Django and other content-management systems allow users to display their own maps. But how do you actually develop for the platform? Osmcode.org is a good place to start, home to the Osmium library (libosmium). Fetch and build Libosmium; on Linux/Unix systems there are a fair number of dependencies that you'll need as well; these are listed within the links. If you prefer JavaScript or Python, there are bindings for those. As an alternative for Java developers, there's Osmosis, which is a command-line application for processing OSM data.

An anonymous reader writes BioWare, part of EA Games, have announced Orbit, their first open-source project. Orbit is a Java based framework for building distributed online services including a virtual actors system (based on Microsoft's Orleans project) and a lightweight inversion of control container. The announcement says, in part, Beginning today, we will be making Orbit open source on GitHub under a BSD license. We have been leveraging open source technology internally for quite some time, and we think the time is now right for us to give back and engage with the community in a more meaningful way. The last-generation of Orbit powered some of the key technology behind the Dragon Age Keep and Dragon Age: Inquisition. Our plans for the next-generation framework are even more ambitious.

An anonymous reader writes: Programmer Michael Fogleman recently built his own emulator for the original Nintendo Entertainment System. He's now put up a post sharing many technical insights he learned along the way. For example: "The NES used the MOS 6502 (at 1.79 MHz) as its CPU. The 6502 is an 8-bit microprocessor that was designed in 1975. ... The 6502 had no multiply or divide instructions. And, of course, no floating point. There was a BCD (Binary Coded Decimal) mode but this was disabled in the NES version of the chip—possibly due to patent concerns. The 6502 had a 256-byte stack with no overflow detection. The 6502 had 151 opcodes (of a possible 256). The remaining 105 values are illegal / undocumented opcodes. Many of them crash the processor. But some of them perform possibly useful results by coincidence. As such, many of these have been given names based on what they do." It's an interesting look at how software and hardware interacted back then, and what it takes to emulate that in modern times. Fogleman released the source code on GitHub.

An anonymous reader writes: During the past two days, popular code hosting site GitHub has been under a DDoS attack, which has led to intermittent service interruptions. As blogger Anthr@X reports from traceroute lists, the attack originated from MITM-modified JavaScript files for the Chinese company Baidu's user tracking code, changing the unencrypted content as it passed through the great firewall of China to request the URLs github.com/greatfire/ and github.com/cn-nytimes/. The Chinese government's dislike of widespread VPN usage may have caused it to arrange the attack, where only people accessing Baidu's services from outside the firewall would contribute to the DDoS. This wouldn't have been the first time China arranged this kind of "protest."

An anonymous reader writes: During the past two days, popular code hosting site GitHub has been under a DDoS attack, which has led to intermittent service interruptions. As blogger Anthr@X reports from traceroute lists, the attack originated from MITM-modified JavaScript files for the Chinese company Baidu's user tracking code, changing the unencrypted content as it passed through the great firewall of China to request the URLs github.com/greatfire/ and github.com/cn-nytimes/. The Chinese government's dislike of widespread VPN usage may have caused it to arrange the attack, where only people accessing Baidu's services from outside the firewall would contribute to the DDoS. This wouldn't have been the first time China arranged this kind of "protest."

An anonymous reader writes: During the past two days, popular code hosting site GitHub has been under a DDoS attack, which has led to intermittent service interruptions. As blogger Anthr@X reports from traceroute lists, the attack originated from MITM-modified JavaScript files for the Chinese company Baidu's user tracking code, changing the unencrypted content as it passed through the great firewall of China to request the URLs github.com/greatfire/ and github.com/cn-nytimes/. The Chinese government's dislike of widespread VPN usage may have caused it to arrange the attack, where only people accessing Baidu's services from outside the firewall would contribute to the DDoS. This wouldn't have been the first time China arranged this kind of "protest."

itwbennett writes: Facebook has released an open source application called Augmented Traffic Control that can simulate the connectivity of a cell phone accessing an app over a 2G, Edge, 3G, or LTE network. It can also simulate weak and erratic WiFi connections. The simulations can give engineers an estimate of how long it would take a user to download a file, for instance, given varying network connections. It can help engineers re-create problems that crop up only on very slow networks.

Michael Ross writes In recent years, JavaScript has enjoyed a dramatic renaissance as it has been transformed from a browser scripting tool primarily used for special effects and form validation on web pages, to a substantial client-side programming language. Similarly, on the server side, after years as the target of criticism, the PHP computer programming language is seeing a revival, partly due to the addition of new capabilities, such as namespaces, traits, generators, closures, and components, among other improvements. PHP enthusiasts and detractors alike can learn more about these changes from the book Modern PHP: New Features and Good Practices, authored by Josh Lockhart. Keep reading for the rest of Michael's review. Modern PHP: New Features and Good Practices author Josh Lockhart pages 268 publisher O'Reilly Media rating 8/10 reviewer Michael Ross ISBN 978-1491905012 summary Solid advice on some state-of-the-art PHP tools and techniques. Programmers familiar with the language and its community may recognize the author's name, because he is the creator of PHP The Right Way, a website which he describes as "an easy-to-read, quick reference for PHP popular coding standards, links to authoritative tutorials around the Web and what the contributors consider to be best practices at the present time," in 21 different languages.

Yet rest assured that the book under review is not merely a dead-tree version of the website. Instead, the book covers the more recent advancements within the language, while the website covers best practices and standards. This should be borne in mind, otherwise the reader may be baffled by the absence from the book of certain topics on the website essential to the language, such as SPL, PEAR, and PHPDoc. Moreover, of the topics shared between the book and the website, the information is generally organized quite differently, with more example code in the book.

This title was published on 1 March 2015, under the ISBN 978-1491905012, by O'Reilly Media, who kindly provided me with a review copy. Its material is presented in 268 pages, organized into 13 chapters (The New PHP; Features; Standards; Components; Good Practices; Posting; Provisioning; Tuning; Deployment; Testing; Profiling; HHVM and Hack; Community), which are grouped into three parts (Language Features; Good Practices; Deployment, Testing, and Tuning) — as well as two appendices (Installing PHP; Local Development Environments) and an index. The publisher's page does not offer much of interest. However, all of the example code is available from the book's GitHub repository. There are differences between the GitHub code and what is printed in the book, e.g., a baffling require 'vendor/autoload.php'; in the first example code file. The author claims that the reader does not need to know PHP, but at least "a basic understanding of [] fundamental programming concepts" (page xiv). However, anyone without at least intermediate skills and experience with PHP could conceivably struggle with these more advanced subjects.

The first chapter is only a brief overview of the history of PHP, its current state, and some possible future changes to the language's engine. The real content starts in the second chapter, in which the author gives the reader a fast-paced introduction to his seven favorite major new features in PHP: namespaces, class interfaces, traits, generators, closures, Zend OPcache, and the built-in HTTP server. In some regards, the coverage is a bit too fast-paced, as some topics and questions likely in the reader's mind are not addressed — for instance, namespace case-sensitivity and techniques for ensuring that a chosen namespace is globally unique (page 9). For each topic, its purpose and advantages are explained, and sometimes illustrated with code examples, although none are extensive.

The second part of the book opens with a chapter on some of the new standards in the PHP ecosystem that are intended to move the common development process from a reliance upon one isolated framework, with an idiosyncratic coding style, to distributed components that can interoperate through the use of interfaces, industry-wide coding standards, and the use of autoloaders for finding and loading classes, interfaces, and traits at runtime. Components are covered in more detail in the subsequent chapter, as is Composer, for installing components and managing dependencies. The fifth chapter is a lengthy but information-packed exposition of numerous best practices regarding input data sanitization, password handling, dates and times, and safe database queries, among other topics. Some of the advice can be found in other PHP books and online, but all of this is neatly explained, updated with the newer PHP versions, and worthwhile as a refresher.

Deployment, testing, and tuning are the broad subject areas of the third and final part of the book. The author discusses the options for hosting your PHP applications, as well as provisioning any self-managed web server and tuning a server for optimal performance. All of the instructions assume you are using Linux and nginx, and thus would be of less value to those using Windows or Apache, for instance. The material on application deployment is relatively brief, and focuses on use of the Capistrano tool. Testing is often neglected in real-world projects, but certainly not in this book, as the author explains unit and functional testing, illustrated through the use of PHPUnit. This is followed by information on how to use a development or production profiler to analyze the performance of your application, with detailed coverage of Xdebug and XHProf, among other tools. The next two chapters dive into topics related to the (possible) future of PHP — specifically, Facebook's HHVM PHP interpreter and their Hack derivative language. The final chapter briefly discusses the PHP community. The two appendices explain how to install PHP on Linux or OS X for commandline use, and how to set up a local development environment. The author mentions a free edition of Zend Server, but the vendor page mentions no such pricing.

Despite its technical subject matter, this book is not a difficult read. The author's writing style is usually light and friendly, especially in the preface. In a few places, the phrasing is a bit too terse, which might prove momentarily confusing to some readers, e.g., "Function and constant aliases work the same as [those of] classes" (page 11). The text has some errata (aside from the two, as of this writing, already reported): "curl" (pages 15, 220, and 222; should read "cURL"), "a an argument" (page 33), "Prepared statement [to] fetch" (pages 99 and 100), "with [the] php://filter strategy" (page 110), "2 Gb" (page 129; should read "2 GB"), "the the" (page 154), "path to a the code" (page 176), and "Wordpress" (page 190; should read "WordPress").

One weakness with the book is that for several of the topics — including some critical ones — there is not enough detailed information provided that would allow one to begin immediately applying that technique or resource to one's own coding, but instead just enough information to whet one's appetite to learn more (presumably from another book or a website). Secondly, some of the narrative — particularly near the end of the book, when discussing various tools — would be of less value to anyone not developing analytics environment. Beware that some of the tools require numerous dependencies. For instance, do you have Composer, Git, MongoDB, and its PHP extension installed? If not, then you won't be using XHGUI. Also, some of the installation and configuration steps are quite lengthy, with no details provided for troubleshooting issues that might arise. Lastly, despite the promise that any reader with only basic programming knowledge will be able to fully understand the book, such a reader would likely find much of its contents mystifying without further preparation from other sources.

Nonetheless, the book has much to offer, despite its slender size. Numerous resources are recommended — most if not all apparently vetted by the author, who clearly has considerable experience in this arena. Some valuable techniques are presented, such as those instances in the text where the author shows how to use iteration on large data sets to minimize memory usage. In addition, the example code demonstrates that the author has made the effort to produce quality code that can serve as a model to others. Modern PHP does a fine job overall of explaining and advocating the newer capabilities of PHP that would attract developers to choose the language for building state-of-the-art websites and web applications.

Michael Ross is a freelance web developer and writer.

You can purchase Modern PHP: New Features and Good Practices from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.