Feed aggregator

After 19 Years, the ISS Receives Its Very Last NASA Science Rack

Slashdot.org - Sun, 05/24/2020 - 17:48
"One of the longer chapters of the International Space Station has come to a close," writes Engadget. "NASA has sent the last of its 11 ExPRESS (Expedite the Processing of Experiments to the Space Station) science racks to the orbiting facility, 19 years after sending the first two." They don't look like much, but they provide the power, storage, climate control and communications for up to 10 small payloads — they're key to many of the experiments that run aboard the ISS and will help the station live up to its potential research capabilities. This last rack was carried aboard a Japanese cargo ship and should be installed and functioning by fall 2020. While the EXPRESS racks should be useful for a while yet, this effectively marks the end of an era for NASA's ISS work... Originally developed by engineers at Boeing and the Marshall Space Flight Center in Alabama, "The first two completed racks were delivered to the space station on STS-100 in 2001 and have been in continuous operation ever since," notes a NASA press release, "as have all the subsequent added racks." And since then NASA has logged more than 85 total years of combined rack operational hours. "The sheer volume of science that's been conducted using the racks up til now is just overwhelming," says Shaun Glasgow, project manager for the EXPRESS Racks at Marshall. "And as we prepare to return human explorers to the Moon and journey on to Mars, it's even more exciting to consider all the scientific investigations still to come."

Read more of this story at Slashdot.

UK May Drop Huawei From Planned 5G Networks

Slashdot.org - Sun, 05/24/2020 - 16:34
An anonymous reader quotes the Guardian: The National Cyber Security Agency in the UK is expected to conclude that U.S. sanctions against Huawei will make it impossible to use the Chinese company's technology as planned for 5G networks. The emergency review, announced on Sunday, is designed to pave the way for Downing Street to push for the total elimination of Huawei equipment in British phone networks by 2023 and quell a Conservative backbench revolt. That move will amount to a hasty reversal of the policy announced by ministers in January to limit Huawei to 35% of the British 5G network supply. It also risks irritating China and adding hundreds of millions of costs to BT and other phone companies... In early May, the U.S. said it would impose fresh sanctions against Huawei as part of a long-running campaign against the company, whose technology, the White House claims, could be exploited by China to conduct surveillance against the west. The U.S. sanctions, due to be introduced in September, would prevent Huawei from using U.S. semiconductors and software to build 5G equipment and force it to source alternatives, most likely from China. Whitehall sources said the threatened U.S. restrictions meant that any review would almost certainly say that Huawei posed a security risk. A particular concern was that Huawei would become reliant on unfamiliar and untested components, which could be exploited... Leaks on Friday suggested that Downing Street was preparing the ground for a dramatic climbdown.

Read more of this story at Slashdot.

Altran's 'Code Defect AI' and the Rise of AI-Assisted Coding Tools

Slashdot.org - Sun, 05/24/2020 - 15:34
"Altran has released a new tool that uses artificial intelligence to help software engineers spot bugs during the coding process instead of at the end," reports TechRepublic. "Available on GitHub, Code Defect AI uses machine learning to analyze existing code, spot potential problems in new code, and suggest tests to diagnose and fix the errors." Walid Negm, group chief innovation officer at Altran, said that this new tool will help developers release quality code quickly. "The software release cycle needs algorithms that can help make strategic judgments, especially as code gets more complex," he said in a press release.... "Microsoft and Altran have been working together to improve the software development cycle, and Code Defect AI, powered by Microsoft Azure, is an innovative tool that can help software developers through the use of machine learning," said David Carmona, general manager of AI marketing at Microsoft, in a press release... In a new report about artificial intelligence and software development, Deloitte predicts that more and more companies will use AI-assisted coding tools. From January 2018 to September 2019, software vendors launched dozens of AI-powered software development tools, and startups working in this space raised $704 million over a similar timeframe.... "The benefits of AI-assisted coding are numerous," according to Deloitte analysts David Schatsky and Sourabh Bumb, the authors of AI is Helping to Make Better Software. " However, the principal benefit for companies is efficiency. Many of the new AI-powered tools work in a similar way to spell- and grammar-checkers, enabling coders to reduce the number of keystrokes they need to type by around 50%. They can also spot bugs while code is being written, while they can also automate as many as half of the tests needed to confirm the quality of software." This capability is even more important as companies continue to rely on open-source code. The Register got more details about Altran's Code Defect AI: The company told us that the AI does not look much at the source code itself, but rather at the commit metadata, "the number of files in the check-in, code complexity, density of the check-in, bug history of the file, history of the developer, experience of the developer in the particular module/file etc." Training of the model is done only on the project being examined...

Read more of this story at Slashdot.

Distribution Release: Redcore Linux 2004

DistroWatch.com - Sun, 05/24/2020 - 15:19
Redcore Linux, a Gentoo-based distribution featuring the KDE Plasma desktop environment and pre-built binary packages, has published a new version. The latest release is Redcore Linux 2004 "Neptune" which features new kernel versions, rebuilt packages with an updated tool chain, and swaps out SysV init for OpenRC's init....
Categories: Linux

20% of GitLab Employees Handed Over Login Credentials in Phishing Test

Slashdot.org - Sun, 05/24/2020 - 14:34
SiliconANGLE reports: [C]ode repository management firm GitLab Inc. decided to phish their own employees to see what would happen. The result was not good: One in five employees fell for the fake emails... The GitLab team behind the exercise purchased the domain name gitlab.company, then used G Suite to facilitate the delivery of the phishing email. ["Congratulations. Your IT Department has identified you as a candidate for Apple's System Refresh Program..."] The domain name and G Suite services were set up to look legitimate, complete with SSL certificates to make the emails look less suspicious to automated phishing site detection and human inspection. Fifty GitLab employees were targeted with an email that asked them to click on a link to accept an upgrade. The link took them to the fake gitlab.company website where they were asked to enter their login details. On the positive side, only 17 of the 50 targeted employees clicked on the provided link. However, 10 of those 17 then attempted to log in on the fake site. Six of the 50 employees reported the email to GitLab's security operations team, the article notes. "Those who logged in on the fake site were then redirected to the phishing test section of the GitLab Handbook."

Read more of this story at Slashdot.

'FOSS Responders' Want to Help Open-Source Groups Survive

Slashdot.org - Sun, 05/24/2020 - 13:34
"Thanks to the coronavirus, technology events have been canceled left and right," writes ZDNet. "This, in turn, is damaging the finances of companies and groups that depend on these events." Some open-source groups, such as The Linux Foundation, can deal with it. Others aren't so fortunate. Some, such as Drupal Foundation, the Open Source Initiative (OSI), Open Source Matters (Joomla), and Ajv JSON Schema validator, are in real trouble. FOSS Responders is trying to help these and other groups and individuals... Nuritzi Sanchez, a FOSS Responder co-founder and GitLab senior open-source program manager, said: We "started out around mid-March as a response to COVID-19 event cancellations. It's a group of open source leaders from companies like Indeed, Facebook, Google, Red Hat, GitHub, GitLab, etc." They've set up a process to help both open-source individuals and organizations facing financial trouble. So far, Sanchez said, "organizations are the ones that have been reaching out most so far." They're also consolidating information on how to plan and execute virtual events and provide a place where people can look for and offer help. FOSS Responders has already had some success in raising donations. Alyssa Wright, Open Collective's director of social engineering, reports that it's raised funds from Indeed, Open Source Collective, Linux Fund, GitHub, Google, Sentry, Ethereum Foundation, and the Sloan Foundation. As a result "FOSS Responders is contributing over $100K to open-source organizations that are experiencing financial strain because of the COVID-19 pandemic." "The main focus of philanthropic efforts will be elsewhere, as they should be," noted LWN.net back in March, "but it is nice to see our community finding ways to help itself out internally."

Read more of this story at Slashdot.

What Happens When Software Development Environments Move to the Cloud?

Slashdot.org - Sun, 05/24/2020 - 12:34
An anonymous reader quotes IEEE Spectrum: If you're a newly hired software engineer, setting up your development environment can be tedious. If you're lucky, your company will have a documented, step-by-step process to follow. But this still doesn't guarantee you'll be up and running in no time. When you're tasked with updating your environment, you'll go through the same time-consuming process. With different platforms, tools, versions, and dependencies to grapple with, you'll likely encounter bumps along the way. Austin-based startup Coder aims to ease this process by bringing development environments to the cloud. "We grew up in a time where [Microsoft] Word documents changed to Google Docs. We were curious why this wasn't happening for software engineers," says John A. Entwistle, who founded Coder along with Ammar Bandukwala and Kyle Carberry in 2017. "We thought that if you could move the development environment to the cloud, there would be all sorts of cool workflow benefits." With Coder, software engineers access a preconfigured development environment on a browser using any device, instead of launching an integrated development environment installed on their computers... To ensure security, all source code and related development activities are hosted on a company's infrastructure — Coder doesn't host any data. Organizations can deploy Coder on their private servers or on cloud computing platforms such as Amazon Web Services or Google Cloud Platform. This option could be advantageous for banks, defense organizations, and other companies handling sensitive data. One of Coder's customers is the U.S. Air Force, the article points out -- and thats not the only government agency that's interested in their success. When Coder closed $30 million in Series B funding last month (bringing total funding to $43 million), one of their backers was a venture capital firm with ties to America's Central Intelligence Agency.

Read more of this story at Slashdot.

Jack Dorsey Tells Andrew Yang: 'AI is Coming For Programming Jobs'

Slashdot.org - Sun, 05/24/2020 - 11:34
An anonymous reader quotes CNBC: The rise of artificial intelligence will make even software engineers less sought after. That's because artificial intelligence will soon write its own software, according to Jack Dorsey, the tech billionaire boss of Twitter and Square. And that's going to put some beginning-level software engineers in a tough spot. "We talk a lot about the self-driving trucks in and whatnot" when discussing how automation will replace jobs held by humans, Dorsey told former Democratic presidential hopeful Andrew Yang on an episode of the "Yang Speaks" podcast published Thursday. But A.I. "is even coming for programming" jobs, Dorsey said. "A lot of the goals of machine learning and deep learning is to write the software itself over time so a lot of entry-level programming jobs will just not be as relevant anymore," Dorsey told Yang. Dorsey also told Yang that he belives a Universal Basic Income could give workers "peace of mind" that they'll be able to "eat and feed their children while they are learning how to transition into this new world."

Read more of this story at Slashdot.

Wikipedia Plans New Rule To Combat 'Toxic Behavior'

Slashdot.org - Sun, 05/24/2020 - 10:34
Wikipedia is taking steps to fight what it's calling "toxic behavior" which will be finalized by the end of this year, reports the BBC (in an article shared by Charlotte Web): "We must work together to create a safe, inclusive culture, where everyone feels welcome, that their contributions are valued, and that their perspective matters," said Katherine Maher, the chief executive officer of the Wikimedia Foundation [which runs Wikipedia]... The foundation's binding code of conduct for members will include banning or limiting access if volunteers violate the terms. There will be a review process for the decisions if volunteers feel more context is needed. Wikipedia has become one of the internet's most trusted sources for information, but complaints about gender imbalances and harassment have plagued the platform for close to a decade. A study from the University of Washington on the gender gap in Wikipedia editors found many female and LGBTQ editors feared for their safety. Several female editors told the researchers their work had been contested by male editors or that they received negative feedback from a male editor. A New York Times article from 2019 also highlighted the concerns some transgender editors have about volunteering for the site. One editor told the paper they received death threats... [E]ditors can interact with one another and can change the content on a page after it has been written. This has led to a form of harassment where, after one volunteer adds to a page, another volunteer will remove or change that work moments later, forcing the first editor to redo their work and leading to editing battles.

Read more of this story at Slashdot.

Chromium Project Finds 70% of Its Serious Security Bugs Are Memory Safety Problems

Slashdot.org - Sun, 05/24/2020 - 09:34
"Around 70% of our serious security bugs are memory safety problems," the Chromium project announced this week. "Our next major project is to prevent such bugs at source." ZDNet reports: The percentage was compiled after Google engineers analyzed 912 security bugs fixed in the Chrome stable branch since 2015, bugs that had a "high" or "critical" severity rating. The number is identical to stats shared by Microsoft. Speaking at a security conference in February 2019, Microsoft engineers said that for the past 12 years, around 70% of all security updates for Microsoft products addressed memory safety vulnerabilities. Both companies are basically dealing with the same problem, namely that C and C++, the two predominant programming languages in their codebases, are "unsafe" languages.... Google says that since March 2019, 125 of the 130 Chrome vulnerabilities with a "critical" severity rating were memory corruption-related issues, showing that despite advances in fixing other bug classes, memory management is still a problem... Half of the 70% are use-after-free vulnerabilities, a type of security issue that arises from incorrect management of memory pointers (addresses), leaving doors open for attackers to attack Chrome's inner components... While software companies have tried before to fix C and C++'s memory management problems, Mozilla has been the one who made a breakthrough by sponsoring, promoting and heavily adopting the Rust programming language in Firefox... Microsoft is also heavily investing in exploring C and C++ alternatives⦠But this week, Google also announced similar plans as well... Going forward, Google says it plans to look into developing custom C++ libraries to use with Chrome's codebase, libraries that have better protections against memory-related bugs. The browser maker is also exploring the MiraclePtr project, which aims to turn "exploitable use-after-free bugs into non-security crashes with acceptable performance, memory, binary size and minimal stability impact." And last, but not least, Google also said it plans to explore using "safe" languages, where possible. Candidates include Rust, Swift, JavaScript, Kotlin, and Java.

Read more of this story at Slashdot.

Syndicate content