Slashdot Mirror

An anonymous reader writes: Yahoo has released the source code for a plugin that will enable end-to-end encryption for their email service. They're soliciting feedback from the security community to make sure it's built properly. They plan to roll it out to users by the end of the year.

Yahoo also demonstrated a new authentication system that doesn't use permanent passwords. Instead, they allow you to associate your Yahoo account with your phone, and text you a code on demand any time you need to log in. It's basically just the second step of traditional two-step authentication by itself. But Yahoo says they think it's "the first step to eliminating passwords."

New submitter Alessandro Zarrilli writes: Linux has been able do multipath routing for a long time: it means being able to have routes with multiple gateways and to use them in a (weighted) round-robin fashion. But Linux is missing a tool to actively monitor the state of internet uplinks and change the routing accordingly. Without it, from a LAN perspective, it's like having a RAID-0: just one uplink goes down and all of your LAN-to-WAN traffic goes down too. Documentation and examples on the subject are lacking; existing solutions are few and deeply integrated in firewall/routing specific distributions. To address these issues, a new standalone tool was just released: Fault Tolerant Router. It also includes a complete (iptables + ip policy routing) configuration generator.

An anonymous reader writes Whistleblowers and those individuals that are simply out to make a buck out of any confidential and valuable information, can now offer it for sale on Darkleaks, a decentralized, anonymous black market on the Internet. The Darkleaks project is built on top of the Bitcoin blockchain, and can be used by downloading this software package (source code is open).

An anonymous reader writes: Joe Doliner has done a statistical analysis of mistakes in rated chess games. He used a chess engine called Crafty, which is capable of not only finding mistakes, but quantifying how bad they are. After crunching all the matches on chessgames.com in 2014, which amounted to almost 5 million moves, Crafry found only 67,175 blunders that were equivalent to a 2-pawn deficit or worse. With a pair of graphs, Doliner shows how mistakes decrease as player rating increases, as you'd expect. According to the trendline, gaining 600 rating points roughly halves the number of mistakes a player makes. He made the data and tools available in a public repository for others to dig into.

An anonymous reader writes: Nim is a young, statically typed programming language that has been getting more attention recently. See these articles for an introduction: What is special about Nim?, What makes Nim practical? and How I Start: Nim. The language offers a syntax inspired by Python and Pascal, great performance and C interfacing, and powerful metaprogramming capabilities. The author of "Unix in Rust" just abandoned Rust in favor of Nim and some early-adopter companies are starting to use it as well.

jones_supa writes: Following the trend of rolling-release Linux distributions, Linux Mint brings you some news and information about Linux Mint Debian Edition 2, aka. "Betsy." As you might know, the Linux Mint team maintains two distributions: Linux Mint and LMDE. LMDE was a rolling distro for a while and eventually turned into a semi-rolling one. This was good at the time but it also presented challenges: the biggest issue in LMDE was the fact that it required a lot more maintenance than Linux Mint but that it had far less users. This hurt the frequency of updates it received but also the quality of the distribution. Now, LMDE 2 is going back to be continuously upgraded and to occasionally just receive media refresh ISO images. You can check the Roadmap to see the remaining issues. As the quality of Betsy is getting higher and higher, the project is getting closer to QA stage to iron out the bugs and perform proper testing.

An anonymous reader writes: As part of Microsoft's continuing project to open source the .NET framework, the company has announced that CoreCLR, the execution engine for .NET Core, is now available on GitHub. CoreCLR handles things like garbage collection, compilation to machine code, and IL byte code loading. The .NET team said, "We have released the complete and up-to-date CoreCLR implementation, which includes RyuJIT, the .NET GC, native interop and many other .NET runtime components. ... We will be adding Linux and Mac implementations of platform-specific components over the next few months. We already have some Linux-specific code in .NET Core, but we're really just getting started on our ports. We wanted to open up the code first, so that we could all enjoy the cross-platform journey from the outset."

An anonymous reader writes: The U.S. Army Research Laboratory in Maryland has released on GitHub a version of a Python-based internal forensics tool which the army itself has been using for five years. Dshell is a Linux-based framework designed to help investigators identify and examine compromised IT environments. One of the intentions of the open-sourcing of the project is to involve community developers in the creation of new modules for the framework. The official release indicates that the version of Dshell released to Github is not necessarily the same one that the Army uses, or at least that the module package might be pared down from the Army-issued software.

jones_supa writes There has been quite a debate around the Linux version of The Witcher 2: Assassins of Kings and the fact that it wasn't really a port. A special kind of wrapper was used to make the Windows version of the game run on Linux systems, similar to Wine. The performance on Linux systems took a hit and users felt betrayed because they thought that they would get a native port. However, after the game stopped launching properly at some point, the reason was actually found to be a Linux regression. Linus quickly took care of the issue on an unofficial Witcher 2 issue tracker on GitHub: "It looks like LDT_empty is buggy on 64-bit kernels. I suspect that the behavior was inconsistent before the tightening change and that it's now broken as a result. I'll write a patch. Serves me right for not digging all the way down the mess of macros." This one goes to the bin "don't break userspace". Linus also reminds of QA: "And maybe this is an excuse for somebody in the x86 maintainer team to try a few games on steam. They *are* likely good tests of odd behavior.."

samzenpus (5) writes "Alexander Stepanov is an award winning programmer who designed the C++ Standard Template Library. Daniel E. Rose is a programmer, research scientist, and is the Chief Scientist for Search at A9.com. In addition to working together, the duo have recently written a new book titled, From Mathematics to Generic Programming. Earlier this month you had a chance to ask the pair about their book, their work, or programming in general. Below you'll find the answers to those questions." Early Soviet Computing?
by eldavojohn

Alexander Stepanov, I have never had a chance to ask someone as qualified as you about this topic. I grew up on the opposite side of the Iron Curtain and have constantly wondered if (surely there must have been) alternative computing solutions developed in the USSR prior to Elbrus and SPARC. So my question is whether or not you know of any hardware or instruction set alternatives that died on the vine or were never mass fabricated in Soviet times? I don't expect to you to reveal some super advanced or future predicting instruction set but it has always disturbed me that these things aren't documented somewhere -- as you likely know failures can provide more fruit than successes. Failing that, could you offer us any tails of early computing that only seem to run in Russian circles?

If you can suggest references (preferably in English) I would be most appreciative. I know of only one book and it seems to be a singular point of view.

Alex: I'm not sure I have any unique knowledge, but can only describe my own experience. The first computer I used was a mainframe called M-20 (or one of its derivatives). My first programming exam was pass/fail, but I had to take it several times before I passed. I had no idea how to write code -- I didn't attend lectures or participate in labs, and thought I could just study the book and take the test. But programming isn't like that; the only way to learn is to do it.

Then in my first job, I participated in the design of a minicomputer called TA-100 used to control hydroelectric power stations. I was one of thekey designers of the realtime operating system, a contributor to the instruction set, and the lead designer of the programming tools (debugger, assembler, linker, etc.) -- all written in assembly language. The fact that I started at a very low level -- gates and instructions -- continues to be useful to my work even today. About that time, the Soviet Union started copying American designs, but I was very fortunate to be able to design something original from scratch. The head designer of the TA-100, Aleksandr Gurevich, was a great mentor to me. Two of my senior colleagues, Ilya Neistadt and Natalya Davydovskaya, also spent a lot of time trying to teach me all the things I didn't know.

Despite my personal experience (many details of which I've forgotten), I'm not actually an expert on the history of Soviet computing. But there is a good website containing many articles in English about early Soviet computers. One radically different approach was the "Setun" ternary computer. Unfortunately, there is no detailed treatment of Soviet-era computing at the level of detail and insight found in the second ("Computer Zoo") volume of Computer Architecture by Blaauw and Brooks, which provides an exhaustive treatment of Western designs. In general, computer history is an important field and requires great dedication. My friend Paul McJones does a fabulous job on history of programming languages and other software artifacts. See, for example, his history of FORTRAN site. (He also created sites for Lisp and ALGOL.) Sadly, there is no comparable effort on Soviet computing.



Successor to C++
by Anonymous Coward

I remember you wrote that STL has nothing to do with C++, it was a framework for generic programming and that C++ was chosen for its first implementation because it was less deficient for that purpose compared with other commercial programming languages. That implies you'd like to develop a programming language from scratch. Is that so? If so, how is it going?

Alex: In my first experiments in building a component architecture, I tried to design a language from scratch, called Tecton, with Deepak Kapur and Dave Musser. Tecton was my second system (i.e. it suffered from The Mythical-Man Month's "Second System Effect"). It was an extremely high level language indeed, and had concepts, but was unusable for anything practical. Then I implemented a version of the library in Scheme (together with Aaron Kerschenbaum and Dave Musser), and then another version in Ada (with Dave Musser). I was hired by Bell Labs to join their C++ library team in 1987, which was my first exposure to C++. My C and C++ mentor was Andy Koenig, who helped me understand the overall logic of the language. Unfortunately at that time, C++ was not ready for STL.

I returned to the library work in 1993 at HP Labs, together with Meng Lee. C++ had just gotten templates, and we were able to create a large generic library. At Andy Koenig's suggestion, we submitted a version of it for inclusion in the C++ language standard. This became STL.

After STL was accepted into the standard in 1994, I started thinking about designing a minimal programming language that will allow even more intimate access to hardware than C/C++ and also provide support for concepts and generic programming. I was hoping that somebody would fund such an activity. I interviewed with several companies, proposing such a design, but there was no interest. A senior VP at Microsoft told me: "We are not interested in innovating in the direction you suggest." They were "innovating" in the direction of C#, trying to displace Java. The situation now is not any better. There might be some interest eventually, but it will happen after my retirement: I am no longer in the game.



STL
by serviscope_minor

I'm a huge fan of the STL, and I think the design has stood the test of time amazingly well. That said, you now hae a bunch of hindsight. What would you do differently knowing what you know now. Also if you were doing it today and using today's languages, how do you think it would differ?

Alex: STL is the result of many compromises. There was a tension between my research goals for generic programming and getting something approved by the different constituents of the standards committee with diverse technical, business, and personal agendas. Such compromises are inevitable in real life.

Having said that, here are some of the things I would have preferred were different:

As we discuss in From Mathematics to Generic Programming, my original name for iterators was "coordinates" (or more specifically, "linear coordinates"). The standards committee people told me that there was already a name for this concept, "iterator," so I should use that term. They were wrong -- they were confusing my coordinates with heavyweight stateful iterators found in languages such as CLU and Alphard. This unfortunate terminology still often leads to misunderstanding about the concept of iterator in generic programming. Furthermore, as far back as 1987 I knew that linear coordinates (i.e. iterators) were only one kind of coordinate structures, data types that allow one to navigate through data structures. There are coordinate structures that deal with multidimensional arrays, trees, graphs, etc. (See, for example, chapters 7 and 8 of Elements of Programming.)

Also, there are many different types of containers and STL provided only a rudimentary classification. Moreover, containers with ownership semantics constitute only one way of dealing with data structures. There are others. A properly designed library would be based on a far larger set of data structures than what I could include into STL. There are also simple mistakes in algorithmic interfaces. Partition should place non-satisfying elements before satisfying elements. Copy_n should return a pair. I should have included algorithms dealing with integer concepts. I should have resisted the pressure to include allocators.

It would make perfect sense to redesign STL from scratch when they put concepts into C++. I would recommend that a person who decides to do it, should carefully study both Elements of Programming and From Mathematics to Generic Programming. Both of these books expand on these issues.



Re:STL
by Pseudonym

Related question: C++ was originally conceived as "C + Simula", but something that is interesting about the STL is how non-object-oriented it is, in particular using no inheritance. If we were designing a new "better C" today, one that you'd be happy to implement a STL-like system in, knowing what we know now, would we bother with Simula-style objects at all?

Alex: I am still convinced that Simula/C++/Java style inheritance is unsound. I do believe, however, that there is sometimes a need for run-time dispatch. But run time dispatch should be done as a run-time concept dispatch. Imagine, say, writing code in terms of a pointer to forward iterator. One should be able to obtain affiliated types at run time. Eventually languages will unify object-orientation and generic programming, but nobody seems to work on it now.

Dan: Bjarne Stroustrup describes C++ as a multi-paradigm language. The features that support object-oriented programming and the features that support generic programming are, for the most part, independent. That doesn't mean that both sets of features are not useful. Could Alex have designed STL for a language that doesn't have object-oriented features? Sure. But as a programmer, I'm happy that both sets of features are available. Just because object-oriented features are not needed to implement STL doesn't mean they provide no value in the language.

Alex: C++ has evolved over many years, and many of its features (inheritance, templates, exceptions, namespaces, etc.) were incorporated based on other work. As a result, they don't always work well together, and even when they do, it's in a baroque way. Now that we as a community have many years of experience with these features, we could design a minimal language from scratch that incorporates these features in a more concise and elegant way.



Hardware evolution
by jonkalb

The STL is about three decades old. In that time, we've seen both OS and hardware evolution. What is the impact of these changes on how the STL should be used? How would the STL be different if it where implemented targeting modern environments?

Alex: STL is "only" two decades old, but yes, there have been important changes during that period that would lead to some different decisions. STL was actually designed on a Leading Edge PC with no cache and 640K memory. (Our group at HP Labs didn't have enough money in the budget for an HP PC. When HP CEO Lew Platt came to visit me, HP Labs' director rushed in beforehand to hide the Leading Edge PC.)

One of the biggest changes since then has been the growth of caches. Cache misses are very costly, so locality of reference is much more important now. Node-based data structures, which have low locality of reference, make much less sense. If I were designing STL today, I would have a different set of containers. For example, an in-memory B*-tree is a far better choice than a red-black tree for implementing an associative container.

Another change is the increase in pipeline depth and support for unaligned reads. Today it is cheaper to read extra data rather than to have a branch.

Most processors today also support SIMD instructions. Libraries should take advantage of them whenever they can.

Modern applications such as search engines and databases also use lots of collections of very small data items that can be stored compactly without an extra level of indirection by using variable-sized encodings. It is essential that the libraries provide support for these variable-size entities. Dan and I, together with colleagues at A9, worked on this. Sadly enough, we were not able to finish our work, although you can see some relevant code snippets using variable-sized types and a new data structure called "tape" here.



Search seemingly getting worse over time
by TWX

This is more for Daniel Rose, but to what do you attribute the seeming decline in the quality of search results? I used Digital's Alta Vista search engine when it was fairly new and it seemed revolutionary and seemed to provide me with exactly what I wanted. Over time that declined and Alta Vista as it was ceased to be, and Google initially also seemed to provide me with exactly what I wanted. Now it seems like I have to put a whole lot of thought into faking Google into performing a somewhat-boolean-style search for me, and normal boolean expressions themselves no longer seem to work.

Is this the result of attempting to dumb-down the interface for tailored results, or something else or more insidious? Obviously the amount of content on the Internet is growing, but the computing power to process through all of it is growing too, so I would expect it wouldn't be getting this much worse, this quickly.

Dan: This is a huge question, which could be the subject of a whole book by itself. But the short answer is that there are several factors that have made the search experience be (or at least seem) worse. Here are a few:

1. Size of the problem. In the early days of AltaVista, there were around 100,000 web sites. Today there are around a billion. Assuming the number of web pages has grown proportionally to the number of sites, that's a factor of 10^4. Search ranking algorithms have actually been improved a lot -- they might even be 10x better than they were in 1995. But they haven't improved by 10^4x.

2. Complexity of the problem. Originally, web search engines dealt with static HTML pages. Now they are expected to work with many different types of documents in different formats, with users having a much wider variety of search goals. At A9, which provides the search engine for Amazon.com, we optimized the system specifically for product search. Web search engines have to work for all kinds of search.

3. Adversarial relationship between sites and engines. In the early days of web search engines, most web sites were purely informational, and many were run by nonprofit organizations like universities. Even when for-profit companies put up web sites, most were offered as an informational service to their customers -- it was a cost to the company, not a source of revenue. Obviously, all that has changed. Now it's in the interest of most web site providers to drive traffic to their sites. To do that they want to rank higher in search results -- often even for queries where their content is not relevant. So there is basically an arms race between search companies, which want to accurately rank results by relevance, and so-called search engine optimizers, who want their clients' pages to rank higher regardless of relevance. This leads to all kinds of spam.

4. Business model. The invention of search advertising by Overture, and its adoption by Google and others, meant that it was more profitable to show an ad than an organic search result. I know of specific instances where search engine companies chose not to deploy relevance improvements, because that would reduce revenue (more people would click on the results, and fewer on the ads). Even if a company tries to have a separation between their relevance and advertising teams, it is very hard to serve two masters.

Regarding the use of boolean expressions, there is evidence both from cognitive psychology and from information retrieval research that most people don't understand boolean logic, and that this misunderstanding leads to worse results. So I claim that Google's decision to stop interpreting certain words and symbols as boolean operators is good user-centered design, not "dumbing down" -- but I wish they still provided an advanced search option for those who want it.

If you're interested in learning more about search user issues in particular, here's a lecture I gave at UC Berkeley about 10 years ago on that topic.



Re:Search seemingly getting worse over time
by MouseTheLuckyDog

I was wondering something similar. Often times recent news tends to overshadow search results.

Let me give a practical example. Grand Jury. proceedings have undergone serious reform since the 70s. In some states a target can demand to appear before the Grand Jury. In some states a No Bill precludes the State from representing the case. In others there must be clear new evidence before a case can be represented. I know one state has a three strikes rules for GJ proceedings ( sorry don't remember which).

The day before the Michael Brown shooting, a search on Grand Jury Missouri would have found several articles on the specific laws to Grand Jury proceedings in Missouri. The day the DA announced he would present the case to a Grand Jury, the same search gets hundreds of articles on news story about Michael Brown and Grand Jury proceedings, but it becomes impossible to find those same scholarly articles about the peculiarity of Missouri Grand Jury proceedings. Not even the relevant statutes from the state website. What can be done to mitigate this effect?

Dan: This is a good illustration of what a complex problem search is. There are two issues here: First, should search results change in response to news events? I think so; in your example, it's almost certainly what the majority of users are looking for.

Second, how can the search engine make sure that *other* relevant results are also findable? One way is to make sure that the results address a diversity of user intents. When I was at AltaVista and Yahoo, we did some research on how to identify different user intents and how to make sure the results were not dominated by just one. The query "grand jury Missouri" has at least two obvious intents: "give me information about the grand jury system in Missouri" and "tell me what is going on with the particular grand jury investigating Michael Brown's death."

There are techniques that can do this diversification, and some search engines use some of them. But perhaps a better approach is to recognize that information-seeking is a process, not a magic oracle. Search engines should be designed to facilitate a kind of dialogue with the user. At AltaVista, we had a feature called "Prisma" that would show 12 related queries right below the search box -- not just queries that shared substrings with what the user has typed (like autocomplete), but queries that were about the range of different topics discussed in the actual pages. So for the query "grand jury Missouri," one suggestion might be "Michael Brown news" and another might be "grand jury statute Missouri".

My advice to intelligent search users is to to imagine what terminology would be used in a hypothetical good result on your intended topic, and use those words. If you want to find information about the legal basis of the grand jury system in Missouri, don't just type "grand jury Missouri," type "grand jury statute Missouri." When I do that query today on Google, I get a 2009 publication from the state of Missouri explaining the grand jury process, and the text of the actual statute, both on the first page of results.



What's your time like?
by mlheur

How much of your time do you dedicate to computing vs doing other things; what are your other hobbies or is the work you do also your play time?

Alex: Over the course of my life I have gradually narrowed my focus to spending time on the few items that, to me, are the essential examples of their category. These are things that stood the test of time; I re-read the books I already have read; I listen to music I have listened many times before; etc, etc. Yes, there is a chance that I will miss a new Mozart or Euclid, but it is a chance I am willing to take. Also, like the Pythagoreans of old, I view these as part of a unity: music reflects mathematics, literature is connected with history, etc. My work and my play and my life are inseparable. This unity is also reflected in From Mathematics to Generic Programming, which blends math, programming, history, and sometimes philosophy and art. Here are some of my favorites:

Literature: Greek and Roman classics: Homer, Plato, Ovid, Seneca; Bible; "modern" novels from Swift and Sterne to Dickens and Anthony Trollope. Math and science classics: Euclid, Euler, Gauss, Poincare. I still use printed books, not e-books.

Music: Bach, Mozart, Beethoven, Schubert, Wagner, and Mahler. I tend to listen to many different interpretations of the same piece. I do not use MP3s or streaming music, but CDs and, recently, SACDs.

Movies and TV: Chaplin, Marx Brothers, Kurosawa, Satyajit Ray, Kenneth Clark's Civilization, Peter Brook's Mahabharata, Brideshead Revisited, Royal Shakespeare Company production of Nicholas Nickelby, Maigret with Bruno Cremer. I am a blu-ray enthusiast. I do not use Netflix or Amazon Instant Video.

I love dogs, especially Welsh corgis; I spend 1-2 hours a day walking my dog Maxwell. I no longer eat meat or milk. I have been very happily married for 45 years; my wife Helen is my closest friend. We are practicing Roman Catholics, go to church on Sundays and holidays of obligation and try to keep the commandments. Our political views are in line with Pope Francis: we believe in having an economically just society.

Dan: Ironically, during much of my career as a researcher and engineering manager, I had fairly little time for programming. But now that I am not currently working full time, one of the things I've been doing for fun is programming -- learning iOS development and writing a musical iPhone app. I also enjoy playing very basic guitar and piano, reading, and lately, writing fiction. I try to alternate between reading nonfiction and fiction. The last books I read are The Swerve: How the World Became Modern by Stephen Greenblatt (about how the rediscovery of an ancient Roman poem helped spur the Renaissance) and Dave Eggers' novel The Circle (a cautionary tale about social networking and privacy, which should be required reading for everyone who works at Facebook, Google, and Apple).



Re:ack-nak
by blue trane

When will programming evolve to use subject-predicate syntax, rather than function-argument? Function-argument goes back (at least) to Frege, and his prejudices against subject-predicate syntax (which dominates natural languages). But isn't changePassword(a,b) more ambiguous than "change the password from a to b"? Don't we get an "information gain" effect from using a syntax we are familiar with outside of programming? When you first come to a function-argument command such as (in Oz, which is used in the Paradigms of Computer Programming MOOC) {Push S X}, there is maximum entropy as to whether S is pushed, or pushed onto. "Push X onto S" has no entropy; you know immediately, from the syntax alone, what is pushed onto what.

Dan: I think you need to decouple your argument about entropy with your argument about subject-predicate syntax. IIRC, stack-based languages like Forth and Postscript (and old HP scientific calculators) had completely unambiguous syntax. You either push something on the stack or perform an operation on the required number of arguments at the top of the stack. But these are not subject-predicate syntax languages. So there is more than one way to have what you call no-entropy syntax. Another way to avoid ambiguity is to require that argument names be part of the function name, as Smalltalk and Objective-C do. Then instead of your function call being changePassword(a, b), it's [foo changePasswordFrom:a to:b] (where foo is the object getting the message).

Separate from the entropy issue, is there a cognitive benefit from having programming languages use syntax familiar from natural languages? Perhaps, but which natural language's syntax will you use? Many languages (e.g. Japanese) use a subject-object-verb syntax, while English uses subject-verb-object. Romance languages use SOV some of the time (e.g. with pronouns) and SVO the rest of the time. Talk about ambiguous argument order!

Furthermore, natural languages have evolved to convey all kinds of nuances and deliberate ambiguities that make it hard to specify anything precisely. As a small example, the English meaning of "and" and "or" is quite different from their Boolean interpretation. (If the waiter says that breakfast comes with juice or coffee, getting both is not an option.)

The business application language COBOL (the most popular language of the 1970s) was supposed to have "English-like" syntax, with expressions like "add 1 to x." I'm skeptical that this syntax made programming any easier, but it did lead to this old joke: "Did you hear about the new version of COBOL? It's called ADD 1 TO COBOL."

My opinion is that we will always have different languages with different styles of syntax, to meet the needs of different communities of programmers.



Why is Generic Programming often second class?
by Anonymous Coward

We see many programming languages with at least some support for Generics, but usually as a second class citizen, and often added as an afterthought in later releases, and subordinate to some other programming paradigm. Java is primarily OO, with generics added later. C# is also primarily OO, though with generic support. It took C++ several iterations to get generics, and C++ is "multi paradigm". Go doesn't have generics, and doesn't seem like it will not a while.

It seems to me like generic programming is sufficiently powerful as a paradigm to not need other paradigms like OO in the same language. In fact, in many ways, OO, which ties together data and algorithms, seems antithetical to generic programming. So, do you see a possibility of a programming language whose primary paradigm is generic programming? Why do language designers not get generics into the first releases of their languages, even now, when the issues would seem to be well known? What would such a language look like?

Alex: To design a language for generic programming, one needs to learn to program generically. One has to write lots of code before things become clear. In the Appendix B of Elements of Programming, Sean Parent and Bjarne Stroustrup outlined a minimal language needed for programming. The appendix is about 8 pages long. To make it real, it probably needs to grow by a factor of 3. So, something like 25 pages should be sufficient. I am too old to do it, but I wish that someone would try.

A more difficult problem is not to design the language: C++, after all, contains most of the things needed. The problem is to teach programmers to think abstractly. And that is a very difficult task. I do not know a single university where one could even learn the preliminaries: understanding the machine, and understanding abstract mathematics. Our new book, From Mathematics to Generic Programming, is an attempt to sketch what is needed. Hopefully some school will try to teach both assembly level programming and abstract algebra.

An even harder problem is to convince the software industry to build software out of carefully designed components. What I see, however, is the movement in the opposite direction. Hand-crafted, one-off, undisciplined code is impossible to replicate. Adobe did a fabulous job specifying Postscript; that allowed Peter Deutsch to single-handedly produce Ghostscript. Now Adobe is not going to specify Photoshop's behavior. Let the Gimp guys try to replicate it. While Linus Torvalds was able to replicate Unix from the carefully written System V interface definitions, no one could replicate Windows: being nonstandard creates barriers to entry. There are grave economic reasons making any progress unlikely while undisciplined programmers generate huge amount of capital. It's analogous to the programmer whose terrible spaghetti code gives him job security, since no one else can understand it.

Dan: The idea that object-oriented programming and generic programming are competing paradigms is, in my opinion, mistaken. They are really orthogonal approaches. As we discuss in our book, generic programming is really an attitude. This attitude is useful whether you are using an object-oriented approach or not.

I would love to have a real-world, efficient, popular language that supports generic programming -- including concepts, in particular -- as first-class features. But I see no reason why this language shouldn't also support OOP.

An anonymous reader sends a report of a bug in Steam's Linux client that will accidentally wipe all of a user's files if they move their Steam folder. According to the bug report: I launched steam. It did not launch, it offered to let me browse, and still could not find it when I pointed to the new location. Steam crashed. I restarted it. It re-installed itself and everything looked great. Until I looked and saw that steam had apparently deleted everything owned by my user recursively from the root directory. Including my 3tb external drive I back everything up to that was mounted under /media. Another user reported a similar problem — losing his home directory — and problems with the script were found: at some point, the Steam script sets $STEAMROOT as the directory containing all Steam's data, then runs rm -rf "$STEAMROOT/"* later on. If Steam has been moved, $STEAMROOT returns as empty, resulting in rm -rf "/"* which causes the unexpected deletion.

An anonymous reader sends a report of a bug in Steam's Linux client that will accidentally wipe all of a user's files if they move their Steam folder. According to the bug report: I launched steam. It did not launch, it offered to let me browse, and still could not find it when I pointed to the new location. Steam crashed. I restarted it. It re-installed itself and everything looked great. Until I looked and saw that steam had apparently deleted everything owned by my user recursively from the root directory. Including my 3tb external drive I back everything up to that was mounted under /media. Another user reported a similar problem — losing his home directory — and problems with the script were found: at some point, the Steam script sets $STEAMROOT as the directory containing all Steam's data, then runs rm -rf "$STEAMROOT/"* later on. If Steam has been moved, $STEAMROOT returns as empty, resulting in rm -rf "/"* which causes the unexpected deletion.

msm1267 writes: Hardware hacker and security researcher Samy Kamkar has released a slick new device that masquerades as a typical USB wall charger but in fact houses a keylogger capable of recording keystrokes from nearby wireless keyboards. The device is known as KeySweeper, and Kamkar has released the source code and instructions for building one of your own. The components are inexpensive and easily available, and include an Arduino microcontroller, the charger itself, and a handful of other bits. When it's plugged into a wall socket, the KeySweeper will connect to a nearby Microsoft wireless keyboard and passively sniff, decrypt and record all of the keystrokes and send them back to the operator over the Web.

jovius writes: Krypto Fin ry, the association behind Fimkrypto cryptocurrency (FIMK), has started to provide each registered Finnish citizen a payment of 1000 FIMK per month in December. 1000 FIMK equals few dimes at the moment, and a bit over 100 people have registered so far. (The registration is free.)

FIMK is based on NXT 2nd generation crypto system; the add-ons and development making it into 2.5G. The roadmap includes payment cards and other technology to enable easier exchange between fiat currencies — FIMK, Bitcoins and others. Krypto Fin ry received 533 BTC in initial donations last Summer. FIMK can be traded for example on DGEX, and it's also a valid payment method in few stores in Finland.

An anonymous reader writes A currently unpatched bug in ASUS wireless routers has been discovered whereby users inside a network can gain full administrative control, according to recent research conducted by security firm Accuvant. Although the flaw does not allow access to external hackers, anyone within the network can take administrative control and reroute users to malicious websites, as well as holding the ability to install malicious software. The vulnerability stems from a poorly coded service, infosvr, which is used by ASUS to facilitate router configuration by automatically monitoring the local area network (LAN) and identifying other connected routers. Infosvr runs with root privileges and contains an unauthenticated command execution vulnerability, in turn permitting anyone connected to the LAN to gain control by sending a user datagram protocol (UDP) package to the router. In relevant part: The block starts off by excluding a couple of OpCode values, which presumably do not require authentication by design. Then, it calls the memcpy and suspiciously checks the return value against zero. This is highly indicative that the author intended to use memcmp instead. That said, even if this check was implemented properly, knowing the device’s MAC address is hardly sufficient authentication,” said Drake. Here are the technical details at GitHub.

rossgneumann writes Porn production companies are currently engaged in a scorched earth copyright infringement campaign against torrenting sites with URLs containing specific keywords and Github is getting caught in the crossfire. Several Digital Millenium Copyright Act (DMCA) complaints filed to Google by companies representing various porn companies in the last month alone have resulted in dozens of legitimate Github URLs being removed from the search engine's results, TorrentFreak first reported."

Bruce Perens writes Chris Testa KB2BMH taught a class on gate-array programming the SmartFusion chip, a Linux system and programmable gate-array on a single chip, using MyHDL, the Python Hardware Design Language to implement a software-defined radio transceiver. Watch all 4 sessions: 1, 2, 3, 4. And get the slides and code. Chris's Whitebox hardware design implementing an FCC-legal 50-1000 MHz software-defined transceiver in Open Hardware and Open Source, will be available in a few months. Here's an Overview of Whitebox and HT of the Future. Slashdot readers funded this video and videos of the entire TAPR conference. Thanks!"

Bruce Perens writes Chris Testa KB2BMH taught a class on gate-array programming the SmartFusion chip, a Linux system and programmable gate-array on a single chip, using MyHDL, the Python Hardware Design Language to implement a software-defined radio transceiver. Watch all 4 sessions: 1, 2, 3, 4. And get the slides and code. Chris's Whitebox hardware design implementing an FCC-legal 50-1000 MHz software-defined transceiver in Open Hardware and Open Source, will be available in a few months. Here's an Overview of Whitebox and HT of the Future. Slashdot readers funded this video and videos of the entire TAPR conference. Thanks!"

Nerval's Lobster writes There is no shortage of programming languages, from the well-known ones (Java and C++) to the outright esoteric (intended just for research or even humor). While the vast majority of people learn to program the most-popular ones, the lesser-known programming languages can also secure you a good gig in a specific industry. Which languages? Client-server programming with Opa, Salesforce's APEX language, Mathematica and MATLAB, ASN.1, and even MIT's App Inventor 2 all belong on that list, according to developer Jeff Cogswell. On the other hand, none of these languages really have broad adoption; ASN.1 and SMI, for example, are primarily used in telecommunications and network management. So is it really worth taking the time to learn a new, little-used language for anything other than the thrills?

An anonymous reader writes Earlier last year WhatsApp announced partnership with Open WhisperSystems to integrate the ratcheting forward secrecy protocol found in their app called TextSecure, into WhatsApp. The protocol is supposed to provide end-to-end encryption between WhatsApp clients. So far it has been implemented only in WhatsApp on Android, with the rest of platforms yet to come. The implementation however has already made it into unofficial WhatsApp libraries which allow developers to use WhatsApp service in their applications, starting with a python-library called yowsup, and the rest will follow. It's worth mentioning that none of those libraries are supported nor approved by WhatsApp, so one has to wonder if WhatsApp is going to take some legal action (again) against them.

An anonymous reader writes Github has announced a security vulnerability and has encouraged users to update their Git clients as soon as possible. The blog post reads in part: "A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected. The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem....Updated versions of GitHub for Windows and GitHub for Mac are available for immediate download, and both contain the security fix on the Desktop application itself and on the bundled version of the Git command-line client."

An anonymous reader writes Github has announced a security vulnerability and has encouraged users to update their Git clients as soon as possible. The blog post reads in part: "A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected. The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem....Updated versions of GitHub for Windows and GitHub for Mac are available for immediate download, and both contain the security fix on the Desktop application itself and on the bundled version of the Git command-line client."

An anonymous reader writes Github has announced a security vulnerability and has encouraged users to update their Git clients as soon as possible. The blog post reads in part: "A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected. The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem....Updated versions of GitHub for Windows and GitHub for Mac are available for immediate download, and both contain the security fix on the Desktop application itself and on the bundled version of the Git command-line client."

New submitter jonhorvath writes: Several of the top contributors to Node.js, a popular open source run-time environment, have decided to fork the project, creating io.js as an alternative. The developers were unhappy with how cloud computing company Joyent was directing work on Node.js. Mikeal Rogers said, "We don't want to have just one person who's appointed by a company making decisions. We want contributors to have more control, to seek consensus." Here's the new repository, and a README file to go with it. A developer at Uber tweeted that they've already migrated to io.js on their production systems. It'll be interesting to see how many other sites follow.

New submitter jonhorvath writes: Several of the top contributors to Node.js, a popular open source run-time environment, have decided to fork the project, creating io.js as an alternative. The developers were unhappy with how cloud computing company Joyent was directing work on Node.js. Mikeal Rogers said, "We don't want to have just one person who's appointed by a company making decisions. We want contributors to have more control, to seek consensus." Here's the new repository, and a README file to go with it. A developer at Uber tweeted that they've already migrated to io.js on their production systems. It'll be interesting to see how many other sites follow.

New submitter burgerbecky writes The port that was as hellish as the game world itself, DOOM for the 3DO's source code has been released on github. The original programmer outlined the corners cut and why.

New submitter burgerbecky writes The port that was as hellish as the game world itself, DOOM for the 3DO's source code has been released on github. The original programmer outlined the corners cut and why.

New submitter Gordon_Shure_DOT_com writes Human rights charity Amnesty International has released Detekt, a tool that finds and removes known government spyware programs. Describing the free software as the first of its kind, Amnesty commissioned the tool from prominent German computer security researcher and open source advocate Claudio Guarnieri, aka 'nex'. While acknowledging that the only sure way to prevent government surveillance of huge dragnets of individuals is legislation, Marek Marczynski of Amnesty nevertheless called the tool (downloadable here) a useful countermeasure versus spooks. According to the app's instructions, it operates similarly to popular malware or virus removal suites, though systems must be disconnected from the Internet prior to it scanning.

Peter Eckersley writes: Today EFF, Mozilla, Cisco, and Akamai announced a forthcoming project called Let's Encrypt. Let's Encrypt will be a certificate authority that issues free certificates to any website, using automated protocols (demo video here). Launching in summer 2015, we believe this will be the missing piece that deprecates the woefully insecure HTTP protocol in favor of HTTPS.

omar.sahal writes Go celebrates five years of its existence with this blog post recapping a little history, future and some philosophy. "Five years ago we launched the Go project. It seems like only yesterday that we were preparing the initial public release: our website was a lovely shade of yellow, we were calling Go a 'systems language,' and you had to terminate statements with a semicolon and write Makefiles to build your code. We had no idea how Go would be received. Would people share our vision and goals? Would people find Go useful?" The Go programming language has grown to find its own niche in the cloud computing word, having been used to code Docker and the Kubernetes projects. The developers also announced details of further projects to be released, such as a new low-latency garbage collector and support for running Go on mobile devices.

An anonymous reader writes: Microsoft today announced plans to open source .NET, the company's software framework that primarily runs on Windows, and release it on GitHub. Furthermore, Microsoft also unveiled plans to take .NET cross-platform by targeting both Mac OS X and Linux. In the next release, Microsoft plans to open source the entire .NET server stack, from ASP.NET 5 down to the Common Language Runtime and Base Class Libraries. The company will let developers build .NET cloud applications on multiple platforms; it is promising future support of the .NET Core server runtime and framework for Mac and Linux. Microsoft is also making Visual Studio free for small teams.

MasterPatricko writes The latest version of the openSUSE distribution, 13.2, has been officially released. Key features include integrated support for filesystem snapshots, enabled by a switch to btrfs as the default file system, a new network manager (Wicked), as well as the usual version updates. This release includes seven supported desktop environments (KDE 4.14, GNOME 3.14, Xfce, LXDE, Enlightenment 19, Mate and Awesome) and even preview packages of Plasma 5.1, all presented with a unified openSUSE theme. Download LiveUSB and DVD images now from software.opensuse.org/132.

An anonymous reader writes: Google today introduced a new tool for testing network traffic security called Nogotofail. The company has released it as an open source project available on GitHub, meaning anyone can use it, contribute new features, provide support for more platforms, and do anything else with the end goal of helping to improve the security of the Internet. The tool's main purpose is to test whether the devices or applications you are using are safe against known TLS/SSL vulnerabilities and misconfigurations. Nogotofail works on Android, iOS, Linux, Windows, Chrome OS, OSX, and "in fact any device you use to connect to the Internet."

descubes (35093) writes "Tao3D is a new open-source programming language designed for real-time 3D animations. With it, you can quickly create interactive, data-rich presentations, small applications, proofs of concept, user interface prototypes, and more. The interactivity of the language, combined with its simplicity and graphical aspects, make it ideal to teach programming.

Tao3D also demonstrates a lot of innovation in programming language design. It makes it very easy to create new control structures. Defining if-then-else is literally a couple of lines of code. The syntax to pass pass blocks of code to functions is completely transparent. And it is fully reactive, meaning that it automatically reacts as necessary to external events such as mouse movements or the passage of time.

The source code was just made available under the GNU General Public License v3 on SourceForge [as linked above], GitHub and Gitorious."

aojensen writes: ExtremeTech reports that the most recent build of Windows 10 Technical Preview shows that Windows is finally getting a package manager. The package manager is built for the PowerShell command line based on OneGet. OneGet is a command line utility for PowerShell very similar to classic Linux utilities such as apt-get and yum, which enable administrators and power users comfortable with the command line to install software packages without the need for a graphical installer. ExtremeTech emphasizes that "you can open up PowerShell and use OneGet to install thousands of applications with commands such as Find-Package VLC and Install-Package Firefox." It's a missing feature Linux advocates have long used to argue against Windows in terms of automation and scale. The package manage is open to any software repository and is based on the Chocolatey format for defining package repositories."

An anonymous reader writes: An RFID-based access control system called IClass is used across the globe to provide physical access controls. This system relies on cryptography to secure communications between a tag and a reader. Since 2010, several academic papers have been released which expose the cryptographic insecurity of the IClass system. Based on these papers, Martin Holst Swende implemented the IClass ciphers in a software library, which he released under the GNU General Public License.

The library is useful to experiment with and determine the security level of an access control system (that you own or have explicit consent to study). However, last Friday, Swende received an email from INSIDE Secure, which notified him of (potential) intellectual property infringement, warning him off distributing the library under threat of "infringement action." Interestingly, it seems this is not the first time HID Global has exerted legal pressure to suppress information.

kierny writes Drawing on networking protocols designed to support NASA's interplanetary missions, two information security researchers have created a networking system that's designed to transmit information securely and reliably in even the worst conditions. Dubbed Endrun, and debuted at Black Hat Europe, its creators hope the delay-tolerant and disruption-tolerant system — which runs on Raspberry Pi — could be deployed everywhere from Ebola hot zones in Liberia, to war zones in Syria, to demonstrations in Ferguson.

fyngyrz (762201) writes It would seem that no matter how you configure Yosemite, Apple is listening. Keeping in mind that this is only what's been discovered so far, and given what's known to be going on, it's not unthinkable that more is as well. Should users just sit back and accept this as the new normal? It will be interesting to see if these discoveries result in an outcry, or not. Is it worse than the data collection recently reported in a test version of Windows?

michaelcole writes: Its name is BitHammer. It searches out and bans BitTorrent users on your local sub-net.

I'm a digital nomad. That means I travel and work, often using shared Wi-Fi. Over the last year, I've been plagued by rogue BitTorrent users who've crept onto these public hostpots either with a stolen/cracked password, or who lie right to my face (and the Wi-Fi owners) about it.

These users clog up the residential routers' connection tables, and make it impossible to use tools like SSH, or sometimes even web browsing. Stuck for a day, bullied from the Wi-Fi, I wrote BitHammer as a research project. It worked rather well. It's my first Python program. I hope you find it useful.

An anonymous reader writes Now the NSA isn't the only one who can hack your USB firmware: "In a talk at the Derbycon hacker conference in Louisville, Kentucky last week, researchers Adam Caudill and Brandon Wilson showed that they've reverse engineered the same USB firmware as Nohl's SR Labs, reproducing some of Nohl's BadUSB tricks. And unlike Nohl, the hacker pair has also published the code for those attacks on Github, raising the stakes for USB makers to either fix the problem or leave hundreds of millions of users vulnerable." Personally, I always thought it was insane that USB drives don't come with physical write-protect switches to keep them from being infected by malware. (More on BadUSB here.)

upontheturtlesback writes: The Arducorder Mini, an Arduino-compatible pocket-sized handheld sensing tool and the next in line of open source science tricorder-like devices designed by Dr. Peter Jansen, is nearing completion. Where the previous models have included about a dozen sensors spanning atmospheric, electromagnetic, and spatial readings, an exciting video of the new prototype shows this model includes sensors for spectroscopy, low-resolution thermal imaging, and radiation sensing. The development is open with the project build logs and most recent source schematics, board layouts, and firmware available on github. This project is an entry in the Hack a Day Prize for a trip to space.

Czech37 writes Facebook may be among the world's most well-known tech companies, but it's not renowned for being at the forefront of open source. In reality, they have over 200 open source projects on GitHub and they've recently partnered with Google, Dropbox, and Twitter (among others) to create the TODO group, an organization committed to furthering the open source cause. In an interview with Opensource.com, Facebook's James Pearce talks about the progress the company has made in rebooting their open source approach and what's on the horizon for the social media network.

An anonymous reader writes: After a recent article about breaking the CAPTCHA on the latest incarnation of Silk Road (the darknet-enabled drug market place), Darryl Lau decided to investigate exactly what narcotics people were buying and selling online. He found roughly 13,000 separate listings. Some sellers identify the country they're in, and the top six are the U.S., Australia, England, Germany, and the Netherlands, and Canada. The site also has a bunch of product reviews. If you assume that each review comes from a sale, and multiply that by the listed prices, reviewed items alone represent $20 million worth of business. Lau also has some interesting charts, graphs, and assorted stats. MDMA is the most listed and reviewed drug, and sellers are offering it in quantities of up to a kilogram at a time. The average price for the top 1000 items is $236. Prescription drugs represent a huge portion of the total listings, though no individual prescription drugs have high volume on their own.

New submitter RaDag writes: PostgreSQL outperformed MongoDB, the leading document database and NoSQL-only solution provider, on larger workloads than initial performance benchmarks. Performance benchmarks conducted by EnterpriseDB, which released the framework for public scrutiny on GitHub, showed PostgreSQL outperformed MongoDB in selecting, loading and inserting complex document data in key workloads involving 50 million records. This gives developers the freedom to combine structured and unstructured data in a single database with ACID compliance and relational capabilities.

New submitter atagunov writes "Video clips have been released as crowdfunding starts for the world first open source cinematic videocam. "I am a filmmaker myself ... I would like to have powerful tools that I know to have full control over and that I can tune and tweak," says Sebastian Pichelhofer of Apertus. He is working on the Axiom Beta, the 2nd generation Apertus videocam, fully open sourced under GPL and OHL. It's not cheap compared to consumer-grade cameras, but being not-cheap hasn't stopped people from snapping up Joel Rubenstein's Digital Bolex.

An anonymous reader writes A developer who goes by the handle Vladikoff has tweaked Google's App Runtime for Chrome (ARC) to allow any Android app to run on any major desktop operating system, not just the handful announced last week which were also limited to Chrome OS. His tweaked version of ARC is re-packaged as ARChon. The install isn't very straightforward, and you have to be in developer mode on Chrome. But there's a support forum on reddit. The extension will work on any OS running the desktop version of Chrome 37 and up as long as the user also installs chromeos-apk, which converts raw Android app packages (APKs) to a Chrome extension. Ars Technica reports that apps run this way are buggy, fast, and crash often but expresses optimism for when Google officially "opens the floodgates on the Play Store, putting 1.3 million Android apps onto nearly every platform."

An anonymous reader writes A developer who goes by the handle Vladikoff has tweaked Google's App Runtime for Chrome (ARC) to allow any Android app to run on any major desktop operating system, not just the handful announced last week which were also limited to Chrome OS. His tweaked version of ARC is re-packaged as ARChon. The install isn't very straightforward, and you have to be in developer mode on Chrome. But there's a support forum on reddit. The extension will work on any OS running the desktop version of Chrome 37 and up as long as the user also installs chromeos-apk, which converts raw Android app packages (APKs) to a Chrome extension. Ars Technica reports that apps run this way are buggy, fast, and crash often but expresses optimism for when Google officially "opens the floodgates on the Play Store, putting 1.3 million Android apps onto nearly every platform."

New submitter ildon writes: Recently, the rights holder of former game publisher Softdisk's game library put the rights to some of their old titles up for sale, including Commander Keen: Keen Dreams, one of the few games in the series not to be published by Apogee. A group of fans created an Indiegogo campaign to purchase those rights. We are just now seeing the fruits of that effort with the full source code of the game being published to GitHub. About a year ago, Tom Hall found the sources to episodes 4-6, but it's not clear what, if any, progress has been made on getting Bethesda to allow that code to be released.

sfcrazy (1542989) writes, based on a report from Ted T'so, that Kernel developer Dmitry Monakhov was detained for 15 days for disobeying a police officer. The debacle came about when Monakhov decided to protest the recent invasion into Ukraine by Russian armed forces. Monakhov is using Twitter to keep people informed about his experience with the Russian judicial system; a human translator can probably do a better job than Google in this case.

I talked with Chris Kelly of GitHub at last week's LinuxCon about GitHub. He's got interesting things to say about the demographics and language choices on what has become in short order (just six years) one of the largest repositories of code in the world, and one with an increasingly sophisticated front-end, and several million users. Not all of the code on GitHub is open source, but the majority is -- handy, when that means an account is free as in beer, too. (And if you're reading on the beta or otherwise can't view the video below, here's the alternative video link.)