itwbennett quotes a report from CSO: A new tool from MIT exploits some of the idiosyncrasies in the Ruby on Rails programming framework to quickly uncover new ones, writes Katherine Noyes. In tests on 50 popular web applications written using Ruby on Rails, the system found 23 previously undiagnosed security flaws, and it took no more than 64 seconds to analyze any given program. Ruby on Rails is distinguished from other frameworks because it defines even its most basic operations in libraries. MIT's researchers took advantage of that fact by rewriting those libraries so that the operations defined in them describe their own behavior in a logical language.

An anonymous reader shares an article on Ars Technica: The teenager who grabbed headlines earlier this week for hacking a fake game listing on to Valve's Steam store says there are "definitely" more vulnerabilities to be found in the popular game distribution service. But he won't be the one to find them, thanks to what he sees as Valve "giv[ing] so little of a shit about people's [security] findings." Ruby Nealon, a 16-year-old university student from England, says that probing various corporate servers for vulnerabilities has been a hobby of his since the age of 11. His efforts came to the attention of Valve (and the wider world) after an HTML-based hack let him post a game called "Watch paint dry" on Steam without Valve's approval over the weekend."It looks like their website hasn't been updated for years," Nealon told Ars. "Compared to even other smaller Web startups, they're really lacking. This stuff was like the lowest of the lowest hanging fruit."

Steven J. Vaughan-Nichols reports for ZDNet: According to sources at Canonical, Ubuntu Linux's parent company, and Microsoft, you'll soon be able to run Ubuntu on Windows 10. This will be more than just running the Bash shell on Windows 10. After all, thanks to programs such as Cygwin or MSYS utilities, hardcore Unix users have long been able to run the popular Bash command line interface (CLI) on Windows. With this new addition, Ubuntu users will be able to run Ubuntu simultaneously with Windows. This will not be in a virtual machine, but as an integrated part of Windows 10. [...] Microsoft and Canonical will not, however, sources say, be integrating Linux per se into Windows. Instead, Ubuntu will primarily run on a foundation of native Windows libraries. Update: 03/30 16:16 GMT by M : At its developer conference Build 2016, Microsoft on Wednesday confirmed that it is bringing native support for Bash on Windows 10. Scott Hanselman writes: This isn't Bash or Ubuntu running in a VM. This is a real native Bash Linux binary running on Windows itself. It's fast and lightweight and it's the real binaries. This is a genuine Ubuntu image on top of Windows with all the Linux tools I use like awk, sed, grep, vi, etc. It's fast and it's lightweight. The binaries are downloaded by you - using apt-get - just as on Linux, because it is Linux. You can apt-get and download other tools like Ruby, Redis, emacs, and on and on. This is brilliant for developers that use a diverse set of tools like me.

destinyland writes: Last week GitHub released a new open source tool called Scientist, a Ruby-based library they've been using in-house for several years. "It's the most terrifying moment when you flip the switch," GitHub engineer Jesse Toth told one technology reporter, who notes that the tool is targeted at developers transitioning from a legacy system. "Scientist was born when GitHub engineers needed to rewrite the permissions code — one of the most critical systems in the GitHub application." The tool measures execution duration and other metrics for both test and production code during runtime, and Toth reports that they're now also developing new versions in Node.js, C#, and .Net..

Qbertino writes: I'm toying with the thought of moving my web development (PHP, HTML, CSS, JavaScript with perhaps a little Python and Ruby thrown in) into the cloud. The upsides I expect would be: 1) No syncing hassles across machines. 2) No installation of toolchains to get working or back to work — a browser and a connection is all that would be required. 3) Easy teamwork. 4) Easy deployment. 5) A move to Chrome OS for ultra-cheap laptop goodness would become realistic.

Is this doable/feasible? What are your experiences? Note, this would be for professional web development, not hobbyist stuff. Serious interactive JS, non-trivial PHP/LAMP development, etc. Has anyone have real world experience doing something like this? Maybe even experience with moving to a completely web-centric environment with Chrome OS? What have you learned? What would you recommend? How has it impacted your productivity and what do you miss from the native pipelines? What keeps you in the cloud, and enables you to stay there? Are you working "totally cloud" with a team and if so, how does it work out/feel? Does it make sense? As for concrete solutions, I'm eyeing Cloud9, CodeAnywhere, CodeEnvy but also semi-FOSS stuff like NeutronDrive. Anything you would recommend for real world productivity? Have you tried this and moved back? If so, what are your experiences and what would need to be improved to make it worthwhile? Thanks for any insights.

An anonymous reader writes: Ruby developers have announced the official release of Ruby 2.3.0. This release introduces a frozen string literal pragma, which is "a new magic comment and command line option to freeze all string literals in the source files." It also adds a safe navigation operator &. similar to what exists in C#, Groovy, and Swift. Ruby 2.3.0 also has many performance improvements. For more details, see the news file and the full changelog.

A few weeks ago you had a chance to ask author, entrepreneur, and software developer Jeff Atwood about founding Stack Overflow and the Stack Exchange Network, as well as his new endeavor, the Discourse open-source discussion platform. Below you will find his answers to your questions.

A few weeks ago you had the chance to ask Alan Donovan and Brian Kernighan about programming and their upcoming book, The Go Programming Language (available as an eBook Friday the 20th). Below you'll find their answers to your questions.

theodp writes: In What is Computer Science?, the kickoff video for Facebook's new TechPrep diversity initiative, FB product manager Adriel Frederick explains how he was hooked-on-coding after seeing the magic of a BASIC PRINT statement. His simple BASIC example is a nice contrast to the more complicated JavaScript and Ruby examples that were chosen to illustrate Mark Zuckerberg's what-is-coding video for schoolkids. In How to Teach Your Baby to Read, the authors explain, "It is safe to say that in particular very young children can read, provided that, in the beginning, you make the print very big." So, is introducing coding to schoolkids with modern programming languages instead of something like BASIC (2006) or even (gasp!) spreadsheets (2002) the coding equivalent of "making the print too small" for a child to see and understand?

Required Snark writes: The FBI and Department of Justice have withdrawn their prosecution (or more accurately persecution) Dr. Xi Xiaoxing, former head of the Physics Department at Temple University, according to the New York Times. He was accused of attempting to transfer technology about a "pocket heater" to China. It is used in superconducting research.

The case fell apart because the evidence that the FBI had was not about a pocket heater. "In a sworn affidavit, one engineer, Ward S. Ruby, said he was uniquely qualified to identify a pocket heater. 'I am very familiar with this device, as I was one of the co-inventors,' he said." Apparently nobody in the FBI or DOJ bothered to verify that the information referred to the device in question: "Dr. Xi's lawyer, Peter Zeidenberg, said that despite the complexity, it appeared that the government never consulted with experts before taking the case to a grand jury. As a result, prosecutors misconstrued the evidence, he said."

Dr Xi was forced to step down from his position as the head of the department during the investigation. He was unable to work on his ongoing experiments and was branded a spy. What are the odds that anyone at the FBI or DOJ will face any personal or professional repercussions? If recent history is any guide they will not even issue a statement. When the case was withdrawn the option to refile was retained, a blatant attempt to save face and deny responsibility.

An anonymous reader writes with a link to VentureBeat's article on the information that GitHub released this week about the top-ten languages used by GitHub's users, and how they've changed over the site's history. GitHub's chart shows the change in rank for programming languages since GitHub launched in 2008 all the way to what the site's 10 million users are using for coding today. To be clear, this graph doesn't show the definitive top 10 programming languages. Because GitHub has become so popular (even causing Google Code to shut down), however, it still paints a fairly accurate picture of programming trends over recent years. Trend lines aside, here are the top 10 programming languages on GitHub today: 1. JavaScript 2. Java 3. Ruby 4. PHP 5. Python 6. CSS 7. C++ 8. C# 9. C 10. HTML

An anonymous reader writes with this excerpt from VentureBeat: Mozilla today launched Firefox 38 for Windows, Mac, Linux, and Android. Notable additions to the browser include Digital Rights Management (DRM) tech for playing protected content in the HTML5 video tag on Windows, Ruby annotation support, and improved user interfaces on Android. Firefox 38 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. Note that there is a separate download for Firefox 38 without the DRM support. Our anonymous reader adds links to the release notes for desktop and Android.

Nerval's Lobster writes: Ask a group of developers to rattle off the world's most popular programming languages, and they'll likely name the usual suspects: JavaScript, Java, Python, Ruby, C++, PHP, and so on. Ask which programming languages pay the best, and they'll probably list the same ones, which makes sense. But what about the little-known languages and skill sets (Dice link) that don't leap immediately to mind but nonetheless support some vital IT infrastructure (and sometimes, as a result, pay absurdly well)? is it worth learning a relatively obscure language or skill set, on the hope that you can score one of a handful of well-paying jobs that require it? The answer is a qualified yes—so long as the language or skill set in question is clearly on the rise. Go, Swift, Rust, Julia and CoffeeScript have all enjoyed rising popularity, for example, which increases the odds that they'll remain relevant for at least the next few years. But a language without momentum behind it probably isn't worth your time, unless you want to learn it simply for the pleasure of learning something new.

theodp (442580) writes " Learning to code has become a mainstream fascination," writes Brian Liou in Why are YOU learning to code?, "but all the evangelization has been misleading. The problem in our Chris-Bosh-codes-so-should-you society is that people learn to code without first asking "for what purpose do you want to use code?" What in your day-to-day work could you actually automate using code? Let's face it, your odds of creating the next hot iPhone app aren't great, but the spreadsheets you look at everyday or the strategic business decisions you or your company makes? Coding can help you with those. Coding to better understand data would help everyone." Leada co-founder Liou's advice? "So to all non-technical professionals looking to get technical: If you want to become a software engineer, by all means learn Ruby or go through the JavaScript tutorials on Codecademy. But if you're simply a business professional looking to gain an edge on your peers, trust me, you are much better off learning R." So, did Mark Zuckerberg steer 100 million K-12 coder wannabes down the wrong path with the JavaScript and Ruby preaching?"

Rob Y. writes: The discussion on Slashdot about Microsoft's move to open source .NET core has centered on:

1. whether this means Microsoft is no longer the enemy of the open source movement
2. if not, then does it mean Microsoft has so lost in the web server arena that it's resorting to desperate moves.
3. or nah — it's standard Microsoft operating procedure. Embrace, extend, extinguish.

What I'd like to ask is whether anybody that's not currently a .NET fan actually wants to use it? Open source or not. What is the competition? Java? PHP? Ruby? Node.js? All of the above? Anything but Microsoft? Because as an OSS advocate, I see only one serious reason to even consider using it — standardization. Any of those competing platforms could be as good or better, but the problem is: how to get a job in this industry when there are so many massively complex platforms out there. I'm still coding in C, and at 62, will probably live out my working days doing that. But I can still remember when learning a new programming language was no big deal. Even C required learning a fairly large library to make it useful, but it's nothing compared to what's out there today. And worse, jobs (and technologies) don't last like they used to. Odds are, in a few years, you'll be starting over in yet another job where they use something else.

Employers love standardization. Choosing a standard means you can't be blamed for your choice. Choosing a standard means you can recruit young, cheap developers and actually get some output from them before they move on. Or you can outsource with some hope of success (because that's what outsourcing firms do — recruit young, cheap devs and rotate them around). To me, those are red flags — not pluses at all. But they're undeniable pluses to greedy employers. Of course, there's much more to being an effective developer than knowing the platform so you can be easily slotted in to a project. But try telling that to the private equity guys running too much of the show these days.

So, assuming Microsoft is sincere about this open source move,
1. Is .NET up to the job?
2. Is there an open source choice today that's popular enough to be considered the standard that employers would like?
3. If the answer to 1 is yes and 2 is no, make the argument for avoiding .NET.

Nerval's Lobster writes: What programming language will earn you the biggest salary over the long run? According to Quartz, which relied partially on data compiled by employment-analytics firm Burning Glass and a Brookings Institution economist, Ruby on Rails, Objective-C, and Python are all programming skills that will earn you more than $100,000 per year. But salary doesn't necessarily correlate with popularity. Earlier this year, for example, tech-industry analyst firm RedMonk produced its latest ranking of the most-used languages, and Java/JavaScript topped the list, followed by PHP, Python, C#, and C++/Ruby. Meanwhile, Python was the one programming language to appear on Dice's recent list of the fastest-growing tech skills, which is assembled from mentions in Dice job postings. Python is a staple language in college-level computer-science courses, and has repeatedly topped the lists of popular programming languages as compiled by TIOBE Software and others. Should someone learn a language just because it could come with a six-figure salary, or are there better reasons to learn a particular language and not others?

itwbennett writes: In a post last week, Quartz ranked the most valuable programming skills, based on job listing data from Burning Glass and the Brookings Institution. Ruby on Rails came out on top, with an average salary of $109,460. And that may have been true in the first quarter of 2013 when the data was collected, but "before you run out and buy Ruby on Rails for Dummies, you might want to consider some other data which indicate that Rails (and Ruby) usage is not trending upwards," writes Phil Johnson. He looked at recent trends in the usage of Ruby (as a proxy for Rails usage) across MS Gooroo, the TIOBE index, the PYPL index, Redmonk's language rankings, and GitHut and found that "demand by U.S. employers for engineers with Rails skills has been on the decline, at least for the last year."

Bennett Haselton writes: A editorial with 24,000 Facebook shares highlights the differences in public reaction to two nearly identical breastfeeding photos, one showing a black woman and one showing a white woman, each breastfeeding an infant. The editorial decries the outrage provoked by the black woman's photo compared to the mild reaction elicited by the white woman's photo, and attributes the difference to racism. I tried an experiment using Amazon's Mechanical Turk to test that theory. Read on to see the kind of results Bennett found.

Nerval's Lobster writes As developers embrace new programming languages, older languages can go one of two ways: stay in use, despite fading popularity, or die out completely. So which programming languages are slated for history's dustbin of dead tech? Perl is an excellent candidate, especially considering how work on Perl6, framed as a complete revamp of the language, began work in 2000 and is still inching along in development. Ruby, Visual Basic.NET, and Object Pascal also top this list, despite their onetime popularity. Whether the result of development snafus or the industry simply veering in a direction that makes a particular language increasingly obsolete, time comes for all platforms at one point or another. Which programming languages do you think will do the way of the dinosaurs in coming years? With COBOL still around, it's hard to take too seriously the claim that Perl or Ruby is about to die. A prediction market for this kind of thing might yield a far different list.

An anonymous reader writes: Rosetta Code is a popular resource for programming language enthusiasts to learn from each other, thanks to its vast collection of idiomatic solutions to clearly defined tasks in many different programming languages. The Rosetta Code wiki is now linking to a new study that compares programming language features based on the programs available in Rosetta Code. The study targets the languages C, C#, F#, Go, Haskell, Java, Python, and Ruby on features such as succinctness and performance. It reveals, among other things, that: "functional and scripting languages are more concise than procedural and object-oriented languages; C is hard to beat when it comes to raw speed on large inputs, but performance differences over inputs of moderate size are less pronounced; compiled strongly-typed languages, where more defects can be caught at compile time, are less prone to runtime failures than interpreted or weakly-typed languages."