America's Former CTO Remembers Historic Coders (bard.edu) 88

Long-time Slashdot reader theodp writes: In her Bard College commencement speech, ex-Google VP and former U.S. CTO Megan Smith revealed to graduates that she gave President Obama a computing history lesson on the same day he learned to code in 2014. "I walked into the Oval Office to do coding with President Obama, and, interestingly, Prince William had just stepped out," Smith explained (YouTube). "They had just had a meeting. I said to President Obama, you know what you and I are about to do is related to Prince William, and he said, how's that. Well, the Prince's wife Kate, her mother and grandmother were codebreakers at Bletchley Park, where they cracked the Nazi Enigma codes...." [Presumably Smith meant to say Kate's great-aunt, not mother — Carole Middleton wasn't born until 1955.]

To be fair to the President, Smith once confessed to not knowing much about computing history herself, explaining in a 2012 Official Google Blog post that she and other visiting tech luminaries were embarrassingly clueless about who Ada Lovelace was in a 2011 visit to England. "Last year, a group of us were lucky enough to visit the U.K. Prime Minister's residence at 10 Downing Street, as part of the Silicon Valley Comes to the U.K. initiative," Smith wrote. "While there, we asked about some of the paintings on the wall. When we got to a large portrait of a regally dressed woman, our host said 'and of course, that's Lady Lovelace'... You can imagine our surprise when we learned she was considered by some to be the world's first computer programmer -- having published the first algorithm intended for use on Charles Babbage's Analytical Engine." One imagines Smith might also have been surprised to learn that many programmers older than Smith were already very aware of Lady Ada at that time thanks to the Department of Defense, who tried in vain to make Ada a household name for decades, but had little success popularizing the Ada programming language, which was named after Augusta Ada King, Countess of Lovelace.


Eric Raymond Shares 'Code Archaeology' Tips, Urges Bug-Hunts in Ancient Code (itprotoday.com) 103

Open source guru Eric Raymond warned about the possibility of security bugs in critical code which can now date back more than two decades -- in a talk titled "Rescuing Ancient Code" at last week's SouthEast Linux Fest in North Carolina. In a new interview with ITPro Today, Raymond offered this advice on the increasingly important art of "code archaeology". "Apply code validators as much as you can," he said. "Static analysis, dynamic analysis, if you're working in Python use Pylons, because every bug you find with those tools is a bug that you're not going to have to bleed through your own eyeballs to find... It's a good thing when you have a legacy code base to occasionally unleash somebody on it with a decent sense of architecture and say, 'Here's some money and some time; refactor it until it's clean.' Looks like a waste of money until you run into major systemic problems later because the code base got too crufty. You want to head that off...."

"Documentation is important," he added, "applying all the validators you can is important, paying attention to architecture, paying attention to what's clean is important, because dirty code attracts defects. Code that's difficult to read, difficult to understand, that's where the bugs are going to come out of apparent nowhere and mug you."

For a final word of advice, Raymond suggested that it might be time to consider moving away from some legacy programming languages as well. "I've been a C programmer for 35 years and have written C++, though I don't like it very much," he said. "One of the things I think is happening right now is the dominance of that pair of languages is coming to an end. It's time to start looking beyond those languages for systems programming. The reason is we've reached a project scale, we've reached a typical volume of code, at which the defect rates from the kind of manual memory management that you have to do in those languages are simply unacceptable anymore... think it's time for working programmers and project managers to start thinking about, how about if we not do this in C and not incur those crazy downstream error rates."

Raymond says he prefers Go for his alternative to C, complaining that Rust has a high entry barrier, partly because "the Rust people have not gotten their act together about a standard library."

Microsoft Program Manager Mistakenly Tweets Office 365 Will Be Rewritten in JavaScript (thurrott.com) 94

"A Microsoft employee claimed publicly that 'all of Office 365' was being 'completely rewritten' in JavaScript," writes Paul Thurrott, adding "And then all hell broke loose." First things first. It's not true. So if you were freaking out that Microsoft was somehow abandoning C# and C++ for its most mission-critical offerings, freak out no more. It's not happening. So what is happening? A Microsoft program manager named Sean Larkin perhaps got a little overly-exuberant on Monday... he tried to clarify things in follow-up tweets when his original missive exploded intro controversy. Which shouldn't have been a surprise. And yet, somehow, it was...

[H]e finally corrected himself on Reddit, blaming Twitter's character limitations for his many factual errors. "We are not abandoning C++, C#, or any of the other awesome languages, APIs, and toolings that we use across Microsoft," he clarifies. "Nothing [in Office 365] is converting to 'all/completely' JavaScript/TypeScript."

Thurrott, a long-time Windows blogger, concludes that "getting something this big this wrong is inexcusable."

Time Warner Deal Aftermath: AT&T Is About To Give Free TV To Its Wireless Customers (cnbc.com) 50

AT&T completed its $85 billion purchase of Time Warner yesterday and we're already starting to see some exclusive deals offered to its customers. CNBC reports that the company "will be launching a 'very, very skinny bundle' of television programming free to its mobile customers." From the report: "We will be launching, and you're going to hear more about this next week, a product called 'AT&T Watch TV,'" Chairman and CEO Randall Stephenson said on CNBC's "Squawk Box." "It will be the Turner content. It will not have sports. It'll be entertainment-centered." AT&T's unlimited wireless customers will get the service for free, Stephenson said, "or you can buy it for $15 a month on any platform." The service will be ad-supported, and AT&T will be ramping up an advertising platform, he said. He added that the company expects in coming weeks to make smaller acquisitions to enable those ad efforts. CNBC is also reporting that Time Warner is changing its name to WarnerMedia, and Turner Broadcasting CEO John Martin is departing the company.

Most Organizations Are Not Fully Embracing DevOps (betanews.com) 295

An anonymous reader shares a report: Although many businesses have begun moving to DevOps-style processes, eight out of 10 respondents to a new survey say they still have separate teams for managing infrastructure/operations and development. The study by managed cloud specialist 2nd Watch of more than 1,000 IT professionals indicates that a majority of companies have yet to fully commit to the DevOps process. 78 percent of respondents say that separate teams are still managing infrastructure/operations and application development. Some organizations surveyed are using infrastructure-as-code tools, automation or even CI/CD pipelines, but those techniques alone do not define DevOps.

Four Years On, Developers Ponder The Real Purpose of Apple's Swift Programming Language (monkeydom.de) 262

Programming languages such as Lua, Objective-C, Erlang, and Ruby (on Rails) offer distinct features, but they are also riddled with certain well-documented drawbacks. However, writes respected critic Dominik Wagner, their origination and continued existence serves a purpose. In 2014, Apple introduced Swift programming language. It has been four years, but Wagner and many developers who have shared the blog post over the weekend, wonder what exactly is Swift trying to solve as they capture the struggle at least a portion of developers who are writing in Swift face today. Writes Wagner: Swift just wanted to be better, more modern, the future -- the one language to rule them all. A first red flag for anyone who ever tried to do a 2.0 rewrite of anything.

On top of that it chose to be opinionated about features of Objective-C, that many long time developers consider virtues, not problems: Adding compile time static dispatch, and making dynamic dispatch and message passing a second class citizen and introspection a non-feature. Define the convenience and elegance of nil-message passing only as a source of problems. Classify the implicit optionality of objects purely as a source of bugs. [...] It keeps defering the big wins to the future while it only offered a very labour intensive upgrade path. Without a steady revenue stream, many apps that would have just compiled fine if done in Objective-C, either can't take advantage of new features of the devices easily, or had to be taken out of the App Store alltogether, because upgrading would be to costly. If you are working in the indie dev-scene, you probably know one of those stories as well. And while this is supposed to be over now, this damage has been done and is real.

On top of all of this, there is that great tension with the existing Apple framework ecosystem. While Apple did a great job on exposing Cocoa/Foundation as graspable into Swift as they could, there is still great tension in the way Swift wants to see the world, and the design paradigms that created the existing frameworks. That tension is not resolved yet, and since it is a design conflict, essentially can't be resolved. Just mitigated. From old foundational design patterns of Cocoa, like delegation, data sources, flat class hierarchies, over to the way the collection classes work, and how forgiving the API in general should be. If you work in that world you are constantly torn between doing things the Swift/standard-library way, or the Cocoa way and bridging in-between. To make matters worse there are a lot of concepts that don't even have a good equivalent. This, for me at least, generates an almost unbearable mental load.


Should Developers Abandon Agile? (ronjeffries.com) 435

An anonymous reader quotes InfoQ: Ron Jeffries, author, speaker, one of the creators of Extreme Programming (XP), and a signatory of the Agile Manifesto back in 2001, shared a post on his blog in which he advocates that developers should abandon "Agile". The post further elaborated that developers should stay away from the "Faux Agile" or "Dark Agile" forms, and instead get closer to the values and principles of the Manifesto. The terms "Faux Agile" and "Dark Agile" are used by the author to give emphasis to the variety of the so-called "Agile" approaches that have contributed, according to him, to make the life of the developers worse rather than better, which is the antithesis of one of the initial ideas of the Agile Manifesto...
Jeffries writes that "When 'Agile' ideas are applied poorly, they often lead to more interference with developers, less time to do the work, higher pressure, and demands to 'go faster'. This is bad for the developers, and, ultimately, bad for the enterprise as well, because doing 'Agile' poorly will result, more often than not, in far more defects and much slower progress than could be attained. Often, good developers leave such organizations, resulting in a less effective enterprise than prior to installing 'Agile'...

"it breaks my heart to see the ideas we wrote about in the Agile Manifesto used to make developers' lives worse, instead of better. It also saddens me that the enterprise isn't getting what it could out of the deal, but my main concern is for the people doing the work..." He argues developers should instead just focus on good general software development practices -- like regularly producing fully-tested software and consciously avoiding "crufty" complex designs.

But what do Slashdot's readers think? Should developers abandon Agile?

Survey: JavaScript is the Most-Used Language, But Java is the Most Popular (sdtimes.com) 136

An anonymous reader quotes SD Times Java remains the most popular primary programming language, but JavaScript is the most used programming language overall. That is according to a recently released report from JetBrains on the State of the Developer Ecosystem in 2018. The report surveyed more than 6,000 developers from 17 countries to reveal the trends driving the world of coding this year... According to the report, Java, JavaScript and Python are the top three programming languages this year, and Go is the most promising language. Twenty percent of developers use multiple versions of Go at the same time, and 26 percent set up their GOPATH per project. The top Go frameworks include Gin, Beego, Echo and Buffalo.

While 38 percent of developers have no plans to adopt any new languages this year, the top languages respondents have started to learn in the last year include Python, JavaScript, Java, Go, TypeScript and Kotlin... Eighty-two percent of respondents use IDEs while 69 percent use editors. Of those using IDEs and editors, only 12 percent cited that they don't customize their IDE/editors. In addition, 77 percent use the dark theme for their editor or IDE... Some fun facts about developers include 77 percent listen to music while they are coding; the top music to listen to includes electronic, pop and rock; 53 percent sleep seven to eight hours a night; 85 percent code on the weekends; and 57 percent prefer coffee over tea.


Company Takes Over Well-Known OSS Developer's Name Because the Domain Was Free 99

New submitter Fatalis writes: Substack is a venture capital funded startup for subscription-based newsletters, and it admittedly chose its name following the advice from a Paul Graham (co-founder of Y Combinator) article to prefer names not registered in the .com zone. The same name has also been the user handle for a prolific open-source developer who now finds themselves competing for recognition in the tech space with a capital backed company. The lesson seems to be for developers to protect their personal brand by registering a domain name with the .com extension due to it being perceived as the default.

Microsoft Addresses Pressure From Developer Community, Promises To Rename GVFS 158

DuroSoft writes: Earlier this week an article ran about how Microsoft's multi-year refusal to rename its terabyte-scale Git extension "GVFS" (Git Virtual File System) had drawn the ire and dismay of the GNOME GVfs project (Gnome Virtual File System) which predates the Microsoft project by years. Thanks to Slashdot coverage and community pressure, Microsoft has now officially promised to rename GVFS to something else, and is asking the community for suggestions for a new name. Is this an official sign that MIcrosoft is finally listening to developers (albeit with a Slashdot-level of negative attention), or are they simply trying to appease the crowd while they are still in the news due to their acquisition of GitHub?

Apple Deprecates OpenGL and OpenCL in macOS 10.14 Mojave 269

In macOS 10.14 Mojave, which Apple unveiled on Monday, the company is deprecating OpenGL and OpenCL technologies in its desktop operating system. In an announcement post to developers, the company wrote: Apps built using OpenGL and OpenCL will continue to run in macOS 10.14, but these legacy technologies are deprecated in macOS 10.14. Games and graphics-intensive apps that use OpenGL should now adopt Metal. Similarly, apps that use OpenCL for computational tasks should now adopt Metal and Metal Performance Shaders. PCGamer reports that several developers have expressed disappointment over the decision. AnandTech reports that the company is doing away with OpenGL and OpenCL in iOS and its other operating systems as well.

Microsoft Acquires GitHub For $7.5B (microsoft.com) 492

As rumored, Microsoft said Monday that it has acquired code repository website GitHub for a whopping sum of $7.5B in Microsoft stock. Microsoft Corporate Vice President Nat Friedman, founder of Xamarin and an open source veteran, will assume the role of GitHub CEO. GitHub's current CEO, Chris Wanstrath, will become a Microsoft technical fellow, reporting to Executive Vice President Scott Guthrie, to work on strategic software initiatives. From the blog post: "Microsoft is a developer-first company, and by joining forces with GitHub we strengthen our commitment to developer freedom, openness and innovation," said Satya Nadella, CEO, Microsoft. "We recognize the community responsibility we take on with this agreement and will do our best work to empower every developer to build, innovate and solve the world's most pressing challenges." Under the terms of the agreement, Microsoft will acquire GitHub for $7.5 billion in Microsoft stock. Subject to customary closing conditions and completion of regulatory review, the acquisition is expected to close by the end of the calendar year. GitHub will retain its developer-first ethos and will operate independently to provide an open platform for all developers in all industries. Developers will continue to be able to use the programming languages, tools and operating systems of their choice for their projects -- and will still be able to deploy their code to any operating system, any cloud and any device. The two companies, together, will "empower developers to achieve more at every stage of the development lifecycle, accelerate enterprise use of GitHub, and bring Microsoft's developer tools and services to new audiences," Microsoft said. A portion of the developer community has opposed the move, with some already leaving the platform for alternative services.

Update: In a conference call with reporters, Mr. Nadella said today the company is "all in with open source," and requested people to judge the company's commitment to the open source community with its actions in the recent past, today, and in the coming future. GitHub will remain open and independent, Mr. Nadella said.

Microsoft's Interest In Buying GitHub Draws Backlash From Developers 256

The supposed acquisition of popular code repository GitHub by Microsoft has drawn an unprecedented backlash from the developer community. Over the weekend, after Bloomberg reported that the two companies could make the announcement as soon as Monday, hundreds of developers took to forums and social media to express their disappointment, with many saying that they would be leaving the platform if the deal goes through.

So why so much outrage? In a conversation with Slashdot, software developer and student Sean said that he believes a deal of such capacity would be bad for the open source community. "They've shown time and time again that they can't be trusted," he said. Sean and many other believe that Microsoft would eventually start telemetry program on the code repository. "Aside from Microsoft not being trustworthy to the open source community, I'm sure they'll add tracking and possibly even ads to all the sites within GitHub. As well as possibly use it to push LinkedIn (which they own)," he said. Ryan Hoover, the founder of ProductHunt, wrote on Sunday, "Anecdotally, the developer community is very unapproving of this move. I'm curious how Microsoft manages this and how GitHub changes (or doesn't change)." Even as Microsoft has "embraced" the open source community in the recent years (under the leadership of Mr. Nadella), for many developers, it will take time -- if at all -- to forget the company's past closed-ecosystem approach. Just this weekend, a developer accused Microsoft of stealing his code.

A petition that seeks to "stop Microsoft from buying Github" had garnered support from more than 400 developers. Prominent developer Andre Staltz said, "If you're still optimistic about the Microsoft-GitHub acquisition, consider this: They didn't ask your opinion not even a single bit, even though it was primarily your commits, stars, and repositories which made GH become a valuable platform." More importantly, if the comments left on Slashdot, Reddit, and HackerNews, places that overwhelmingly count developers and other IT industry experts among their audience, are anything to go by, Microsoft better has a good plan on how it intends to operate GitHub after the buyout. Security reporter Catalin Cimpanu said, "LinkedIn has turned into a slow-loading junk after the Microsoft acquisition. I can only imagine what awaits GitHub." On his part, Mat Velloso, who is technical advisor to CTO at Microsoft, said, "I don't think people understand how many of us at Microsoft love GitHub to the bottom of our hearts. If anybody decided to mess with that community, there would be a riot to say the least."

Jacques Mattheij: Companies that are too big to fail and that lose money are a dangerous combination, people have warned about GitHub becoming as large as it did as problematic because it concentrates too much of the power to make or break the open source world in a single entity, moreso because there were valid questions about GitHubs financial viability. The model that GitHub has -- sell their services to closed source companies but provide the service for free for open source groups -- is only a good one if the closed source companies bring in enough funds to sustain the model. Some sort of solution should have been found -- preferably in collaboration with the community -- not an 'exit' to one of the biggest sharks in the tank. So, here is what is wrong with this deal and why anybody active in the open source community should be upset that Microsoft is going to be the steward of this large body of code. For starters, Microsoft has a very long history of abusing its position vis-a-vis open source and other companies. I'm sure you'll be able to tell I'm a cranky old guy by looking up the dates to some of these references, but 'new boss, same as the old boss' applies as far as I'm concerned. Yes, the new boss is a nicer guy but it's the same corporate entity. Update: It's official. Microsoft has acquired GitHub for a whopping sum of $7.5B.

Programmer Creates Bee Counter Using a Raspberry Pi 60

Programmer Mat Kelsey created a bee counter to see exactly how many bees are hanging out in his hives. "His system, which uses a Raspberry Pi and a machine learning algorithm that recognizes the number of individual bees entering a hive, is used to see bee trends over time and see just how the bees are faring," reports TechCrunch. From the report: The system looks at sets of pictures of the hive door taken every 10 seconds. It then extrapolates out the background, assesses the objects that have moved in the frame, and then counts the things that are likely to be bees. It's a fascinating problem to solve since the bees are constantly moving and because it can also ignore bees that are coming out of the hive. You can download the source on Github and check out his detailed blog post here. Given the need for bee protection as we enter an era of colony collapses, tools like this one are wildly important. Plus it's cool to see a Raspberry Pi do something so complex.

Microsoft Is Said to Have Agreed to Acquire Coding Site GitHub (bloomberg.com) 323

Bloomberg reports:
Microsoft Corp. has agreed to acquire GitHub Inc., the code repository company popular with many software developers, and could announce the deal as soon as Monday, according to people familiar with the matter. GitHub preferred selling the company to going public and chose Microsoft partially because it was impressed by Chief Executive Officer Satya Nadella, said one of the people, who asked not to be identified discussing private information. Terms of the agreement weren't known on Sunday. GitHub was last valued at $2 billion in 2015.

GitHub is an essential tool for coders. Many corporations, including Microsoft and Alphabet Inc.'s Google, use GitHub to store their corporate code and to collaborate. It's also a social network of sorts for developers. While GitHub's losses have been significant -- it lost $66 million over three quarters in 2016 -- it had revenue of $98 million in nine months of that year.

On Friday, it was reported that Microsoft was in talks with GitHub about an acquisition. Now it seems like it's actually happening.

Update: Our sister site, SourceForge, has weighed in. Here is a tool that will import your GitHub project to SourceForge.
Update #2: Already, we are seeing plenty of backlash over this news. One user has started a petition to stop Microsoft from buying GitHub.
Update #3: It's official. Microsoft has acquired GitHub for a whopping sum of $7.5B.
The Internet

Mary Meeker's 2018 Internet Trends Report (recode.net) 33

Mary Meeker has published her anticipated internet trends report of 2018. This year, the Kleiner Perkins Caufield & Byers partner released 284 slides in rapid succession, covering everything from smartphone behavior in the U.S. to tech company competition in China. Some takeaways: 1. 2017 was the first year in which smartphone unit shipments didn't grow at all. As more of the world become smartphone owners, growth has been harder and harder to come by. The same goes for internet user growth, which rose 7 percent in 2017, down from 12 percent the year before. With more than half the world online, there are fewer people left to connect.
2. People, however, are still increasing the amount of time they spend online. U.S. adults spent 5.9 hours per day on digital media in 2017, up from 5.6 hours the year before. Some 3.3 of those hours were spent on mobile, which is responsible for overall growth in digital media consumption.
3. Despite the high-profile releases of $1,000 iPhones and Samsung Galaxy Notes, the global average selling price of smartphones is continuing to decline.
4. Mobile payments are becoming easier to complete. China continues to lead the rest of the world in mobile payment adoption, with over 500 million active mobile payment users in 2017.
5. Voice-controlled products like Amazon Echo are taking off. The Echo's installed base in the U.S. grew from 20 million in the third quarter of 2017 to more than 30 million in the fourth quarter.
6. Tech companies are facing a "privacy paradox." They're caught between using data to provide better consumer experiences and violating consumer privacy.
The most popular courses on learning platform Coursera last year were (in descending order): Machine Learning (Stanford), Neural Networks & Deeper Learning (Deeplearning.ai), Learning How to Learn: Powerful Mental Tools to Help You Master Tough Subjects (UC San Diego), Introduction to Mathematical Thinking (Stanford), Bitcoin & Cryptocurrency Technologies (Princeton), Programming for Everybody (University of Michigan), Algorithms, Part I (Princeton), English for Career Development (University of Pennsylvania), Neural Networks / Machine Learning (University of Toronto), and Financial Markets (Yale).

Python May Let Security Tools See What Operations the Runtime Is Performing (bleepingcomputer.com) 75

An anonymous reader writes: A new feature proposal for the Python programming language wants to add "transparency" to the runtime and let security and auditing tools view when Python may be running potentially dangerous operations. In its current form, Python does not allow security tools to see what operations the runtime is performing. Unless one of those operations generates particular errors that may raise a sign of alarm, security and auditing tools are blind that an attacker may be using Python to carry out malicious operations on a system.

But in Python Enhancement Proposal 551 (PEP-551), Steve Dower, a core Python developer, has proposed the addition of two new APIs that will let security tools detect when Python is executing potentially dangerous operations. The first, the Audit Hook API, will raise warning messages about certain type of Python operations; while the second, the Verified Open Hook API, is a mechanism to let the Python runtime know what files it is permitted to execute or tamper with.

Initial plans were to have PEP-551 ship with Python 3.7, scheduled for release in mid-June 2018, but the proposal did not make the final cut, according to a list of new features added for next month's release. This doesn't mean PEP-551 won't ship with a future version of Python. This is the second major scripting engine to open its runtime to security tools, after PowerShell.


A Middle-Aged Writer's Quest To Start Learning To Code For the First Time (1843magazine.com) 183

OpenSourceAllTheWay writes: The Economist's 1843 magazine details one middle-aged writer's (Andrew Smith) quest to learn to code for the first time, after becoming interested in the "alien" logic mechanisms that power completely new phenomena like crypto-currency and effectively make the modern world function in the 21st Century. The writer discovers that there are over 1,700 actively used computer programming languages to choose from, and that every programmer that he asks "Where should someone like me start with coding?" contradicts the next in his or her recommendation. One seasoned programmer tells him that programmers discussing what language is best is the equivalent of watching "religious wars." The writer is stunned by how many of these languages were created by unpaid individuals who often built them for "glory and the hell of it." He is also amazed by how many people help each other with coding problems on the internet every day, and the computer programmer culture that non-technical people are oblivious of.

Eventually the writer finds a chart of the most popular programming languages online, and discovers that these are Python, Javascript, and C++. The syntax of each of these languages looks indecipherable to him. The writer, with some help from online tutorials, then learns how to write a basic Python program that looks for keywords in a Twitter feed. The article is interesting in that it shows what the "alien world of coding" looks like to people who are not already computer nerds and in fact know very little about how computer software works. There are many interesting observations on coding/computing culture in the article, seen through the lens of someone who is not a computer nerd and who has not spent the last two decades hanging out on Slashdot or Stackoverflow.


FBI Repeatedly Overstated Encryption Threat Figures To Congress, Public (techcrunch.com) 160

mi shares a report from The Washington Post (Warning: source may be paywalled; alternative source): The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000.

Over a period of seven months, FBI Director Christopher A. Wray cited the inflated figure as the most compelling evidence for the need to address what the FBI calls "Going Dark" -- the spread of encrypted software that can block investigators' access to digital data even with a court order. "The FBI's initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,'' the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.

Open Source

The Percentage of Open Source Code in Proprietary Apps is Rising (helpnetsecurity.com) 60

Zeljka Zorz, writing for Help Net Security: The number of open source components in the codebase of proprietary applications keeps rising and with it the risk of those apps being compromised by attackers leveraging vulnerabilities in them, a recent report has shown. Compiled after examining the findings from the anonymized data of over 1,100 commercial codebases audited in 2017 by the Black Duck On-Demand audit services group, the report revealed two interesting findings:

96 percent of the scanned applications contain open source components, with an average 257 components per application. The average percentage of open source in the codebases of the applications scanned grew from 36% last year to 57%, suggesting that a large number of applications now contain much more open source than proprietary code.

Slashdot Top Deals