"Altran has released a new tool that uses artificial intelligence to help software engineers spot bugs during the coding process instead of at the end," reports TechRepublic. "Available on GitHub, Code Defect AI uses machine learning to analyze existing code, spot potential problems in new code, and suggest tests to diagnose and fix the errors." Walid Negm, group chief innovation officer at Altran, said that this new tool will help developers release quality code quickly. "The software release cycle needs algorithms that can help make strategic judgments, especially as code gets more complex," he said in a press release.... "Microsoft and Altran have been working together to improve the software development cycle, and Code Defect AI, powered by Microsoft Azure, is an innovative tool that can help software developers through the use of machine learning," said David Carmona, general manager of AI marketing at Microsoft, in a press release... In a new report about artificial intelligence and software development, Deloitte predicts that more and more companies will use AI-assisted coding tools. From January 2018 to September 2019, software vendors launched dozens of AI-powered software development tools, and startups working in this space raised $704 million over a similar timeframe.... "The benefits of AI-assisted coding are numerous," according to Deloitte analysts David Schatsky and Sourabh Bumb, the authors of AI is Helping to Make Better Software. " However, the principal benefit for companies is efficiency. Many of the new AI-powered tools work in a similar way to spell- and grammar-checkers, enabling coders to reduce the number of keystrokes they need to type by around 50%. They can also spot bugs while code is being written, while they can also automate as many as half of the tests needed to confirm the quality of software." This capability is even more important as companies continue to rely on open-source code. The Register got more details about Altran's Code Defect AI: The company told us that the AI does not look much at the source code itself, but rather at the commit metadata, "the number of files in the check-in, code complexity, density of the check-in, bug history of the file, history of the developer, experience of the developer in the particular module/file etc." Training of the model is done only on the project being examined...

Read more of this story at Slashdot.

SiliconANGLE reports: [C]ode repository management firm GitLab Inc. decided to phish their own employees to see what would happen. The result was not good: One in five employees fell for the fake emails... The GitLab team behind the exercise purchased the domain name gitlab.company, then used G Suite to facilitate the delivery of the phishing email. ["Congratulations. Your IT Department has identified you as a candidate for Apple's System Refresh Program..."] The domain name and G Suite services were set up to look legitimate, complete with SSL certificates to make the emails look less suspicious to automated phishing site detection and human inspection. Fifty GitLab employees were targeted with an email that asked them to click on a link to accept an upgrade. The link took them to the fake gitlab.company website where they were asked to enter their login details. On the positive side, only 17 of the 50 targeted employees clicked on the provided link. However, 10 of those 17 then attempted to log in on the fake site. Six of the 50 employees reported the email to GitLab's security operations team, the article notes. "Those who logged in on the fake site were then redirected to the phishing test section of the GitLab Handbook."

Read more of this story at Slashdot.

"Thanks to the coronavirus, technology events have been canceled left and right," writes ZDNet. "This, in turn, is damaging the finances of companies and groups that depend on these events." Some open-source groups, such as The Linux Foundation, can deal with it. Others aren't so fortunate. Some, such as Drupal Foundation, the Open Source Initiative (OSI), Open Source Matters (Joomla), and Ajv JSON Schema validator, are in real trouble. FOSS Responders is trying to help these and other groups and individuals... Nuritzi Sanchez, a FOSS Responder co-founder and GitLab senior open-source program manager, said: We "started out around mid-March as a response to COVID-19 event cancellations. It's a group of open source leaders from companies like Indeed, Facebook, Google, Red Hat, GitHub, GitLab, etc." They've set up a process to help both open-source individuals and organizations facing financial trouble. So far, Sanchez said, "organizations are the ones that have been reaching out most so far." They're also consolidating information on how to plan and execute virtual events and provide a place where people can look for and offer help. FOSS Responders has already had some success in raising donations. Alyssa Wright, Open Collective's director of social engineering, reports that it's raised funds from Indeed, Open Source Collective, Linux Fund, GitHub, Google, Sentry, Ethereum Foundation, and the Sloan Foundation. As a result "FOSS Responders is contributing over $100K to open-source organizations that are experiencing financial strain because of the COVID-19 pandemic." "The main focus of philanthropic efforts will be elsewhere, as they should be," noted LWN.net back in March, "but it is nice to see our community finding ways to help itself out internally."

Read more of this story at Slashdot.

Taking it easy today, not much writing or programming. The weather has turned gorgeous, real upstate NY summer weather. After a long winter and an even longer almost-spring, including snow on May 9, and a pandemic, it's pretty ecstatic weather, luxurious, great-to-be-alive type weather. It's the contrasts that make the eastern part of the US so much more livable than the west, say I, a native son of the east who spent many years in the west.

I'm always looking for a good binge, and I found one. The second season of Homecoming is out, on Amazon. I started it the other night instead of watching the news. I had forgotten most of the plot of the first season, I remember liking it, but it didn't leave much of an impression. The second season is nicely done, has a Mr Robotish feel, there's a constant stream of twists and surprises, it's fun and so far intellectually gratifying, and it reviews the plot of season 1 as it goes. We have an inkling of how it will end because the first episode is about how it ends, or so we are led to believe. I don't know otherwise because I still have a few episodes to go. But nothing in this show is a straight line, and as I said it's well done. I especially like the end of each episode. They end with a twist, but they stay wtih the scene as the credits roll. I had not seen this technique before.

An anonymous reader quotes IEEE Spectrum: If you're a newly hired software engineer, setting up your development environment can be tedious. If you're lucky, your company will have a documented, step-by-step process to follow. But this still doesn't guarantee you'll be up and running in no time. When you're tasked with updating your environment, you'll go through the same time-consuming process. With different platforms, tools, versions, and dependencies to grapple with, you'll likely encounter bumps along the way. Austin-based startup Coder aims to ease this process by bringing development environments to the cloud. "We grew up in a time where [Microsoft] Word documents changed to Google Docs. We were curious why this wasn't happening for software engineers," says John A. Entwistle, who founded Coder along with Ammar Bandukwala and Kyle Carberry in 2017. "We thought that if you could move the development environment to the cloud, there would be all sorts of cool workflow benefits." With Coder, software engineers access a preconfigured development environment on a browser using any device, instead of launching an integrated development environment installed on their computers... To ensure security, all source code and related development activities are hosted on a company's infrastructure — Coder doesn't host any data. Organizations can deploy Coder on their private servers or on cloud computing platforms such as Amazon Web Services or Google Cloud Platform. This option could be advantageous for banks, defense organizations, and other companies handling sensitive data. One of Coder's customers is the U.S. Air Force, the article points out -- and thats not the only government agency that's interested in their success. When Coder closed $30 million in Series B funding last month (bringing total funding to $43 million), one of their backers was a venture capital firm with ties to America's Central Intelligence Agency.

Read more of this story at Slashdot.

An anonymous reader quotes CNBC: The rise of artificial intelligence will make even software engineers less sought after. That's because artificial intelligence will soon write its own software, according to Jack Dorsey, the tech billionaire boss of Twitter and Square. And that's going to put some beginning-level software engineers in a tough spot. "We talk a lot about the self-driving trucks in and whatnot" when discussing how automation will replace jobs held by humans, Dorsey told former Democratic presidential hopeful Andrew Yang on an episode of the "Yang Speaks" podcast published Thursday. But A.I. "is even coming for programming" jobs, Dorsey said. "A lot of the goals of machine learning and deep learning is to write the software itself over time so a lot of entry-level programming jobs will just not be as relevant anymore," Dorsey told Yang. Dorsey also told Yang that he belives a Universal Basic Income could give workers "peace of mind" that they'll be able to "eat and feed their children while they are learning how to transition into this new world."

Read more of this story at Slashdot.

Wikipedia is taking steps to fight what it's calling "toxic behavior" which will be finalized by the end of this year, reports the BBC (in an article shared by Charlotte Web): "We must work together to create a safe, inclusive culture, where everyone feels welcome, that their contributions are valued, and that their perspective matters," said Katherine Maher, the chief executive officer of the Wikimedia Foundation [which runs Wikipedia]... The foundation's binding code of conduct for members will include banning or limiting access if volunteers violate the terms. There will be a review process for the decisions if volunteers feel more context is needed. Wikipedia has become one of the internet's most trusted sources for information, but complaints about gender imbalances and harassment have plagued the platform for close to a decade. A study from the University of Washington on the gender gap in Wikipedia editors found many female and LGBTQ editors feared for their safety. Several female editors told the researchers their work had been contested by male editors or that they received negative feedback from a male editor. A New York Times article from 2019 also highlighted the concerns some transgender editors have about volunteering for the site. One editor told the paper they received death threats... [E]ditors can interact with one another and can change the content on a page after it has been written. This has led to a form of harassment where, after one volunteer adds to a page, another volunteer will remove or change that work moments later, forcing the first editor to redo their work and leading to editing battles.

Read more of this story at Slashdot.

"Around 70% of our serious security bugs are memory safety problems," the Chromium project announced this week. "Our next major project is to prevent such bugs at source." ZDNet reports: The percentage was compiled after Google engineers analyzed 912 security bugs fixed in the Chrome stable branch since 2015, bugs that had a "high" or "critical" severity rating. The number is identical to stats shared by Microsoft. Speaking at a security conference in February 2019, Microsoft engineers said that for the past 12 years, around 70% of all security updates for Microsoft products addressed memory safety vulnerabilities. Both companies are basically dealing with the same problem, namely that C and C++, the two predominant programming languages in their codebases, are "unsafe" languages.... Google says that since March 2019, 125 of the 130 Chrome vulnerabilities with a "critical" severity rating were memory corruption-related issues, showing that despite advances in fixing other bug classes, memory management is still a problem... Half of the 70% are use-after-free vulnerabilities, a type of security issue that arises from incorrect management of memory pointers (addresses), leaving doors open for attackers to attack Chrome's inner components... While software companies have tried before to fix C and C++'s memory management problems, Mozilla has been the one who made a breakthrough by sponsoring, promoting and heavily adopting the Rust programming language in Firefox... Microsoft is also heavily investing in exploring C and C++ alternatives⦠But this week, Google also announced similar plans as well... Going forward, Google says it plans to look into developing custom C++ libraries to use with Chrome's codebase, libraries that have better protections against memory-related bugs. The browser maker is also exploring the MiraclePtr project, which aims to turn "exploitable use-after-free bugs into non-security crashes with acceptable performance, memory, binary size and minimal stability impact." And last, but not least, Google also said it plans to explore using "safe" languages, where possible. Candidates include Rust, Swift, JavaScript, Kotlin, and Java.

Read more of this story at Slashdot.

An anonymous reader quotes TechCrunch: A renowned iPhone hacking team has released a new "jailbreak" tool that unlocks every iPhone, even the most recent models running the latest iOS 13.5. [9to5Mac points out it also works on iPads.] For as long as Apple has kept up its "walled garden" approach to iPhones by only allowing apps and customizations that it approves, hackers have tried to break free from what they call the "jail," hence the name "jailbreak...." The jailbreak, released by the unc0ver team, supports all iPhones that run iOS 11 and above, including up to iOS 13.5, which Apple released this week. Details of the vulnerability that the hackers used to build the jailbreak aren't known, but it's not expected to last forever... Security experts typically advise iPhone users against jailbreaking, because breaking out of the "walled garden" vastly increases the surface area for new vulnerabilities to exist and to be found.

Read more of this story at Slashdot.

His colourful history included escaping from a zoo and a rumour he once belonged to Adolf Hitler.

Russia "is now challenging the United States' long-standing supremacy in space and working to exploit the U.S. military's dependence on space systems for communications, navigation, intelligence, and targeting." That's the argument made in The Bulletin by a former U.S. Air Force intelligence officer who writes about technology and military strategy, Cold War history, and European security affairs (in an article shared by Lasrick). Moscow is developing counter-space weapons as a part of its overall information warfare strategy. For example, Russia just tested an anti-satellite missile system designed to destroy satellites in low earth orbit. Moreover, military leaders in Russia view U.S. satellites as the key enablers of America's ability to execute rapid, agile, and global military operations; they are intent on echoing this success and modernizing their own military satellites to more effectively support Russian forces. Since the end of the Cold War, the number of countries with space programs has markedly increased. Many of them are actively developing space weapons. China, for example, has an operational ground-launched anti-satellite system, according to the U.S. intelligence community. India successfully tested its own space weapon in 2019. France announced that it will launch a series of armed satellites. Even Iran is believed to be able to develop a rudimentary anti-satellite weapon in the near term... Space systems are essential for warfighting on Earth and the large growth in the number of countries fielding space weapons means the likelihood that outer space will be transformed into a battlefield has increased... Russia is the only country, however, that is reportedly approaching U.S. satellites in an aggressive manner... Moscow's destabilizing behavior could prompt the United States to take a more aggressive posture in space in the future... Russia has been taking advantage of the lack of international consensus on what constitutes acceptable behavior in space... It seems clear that Russia is likely testing how the United States and its allies might react to aggressive space behaviors and is gaining important insights into American national security space capabilities... In 2019, former Secretary of the Air Force Heather Wilson said that at some point, the United States needs the ability to "hit back." Russia's destabilizing actions in space could, therefore, fuel a dangerous arms race in space.

Read more of this story at Slashdot.

Doug Hurley and Bob Behnken ready themselves and their kit for Wednesday's flight to the space station.

These are the key phases in the first crew mission to go to orbit from the US in nine years.

The State of Software Security (SOSS): Open Source Edition "analyzed the component open source libraries across the Veracode platform database of 85,000 applications which includes 351,000 unique external libraries," reports TechRepublic. "Chris Eng, chief research officer at Veracode, said open source software has a surprising variety of flaws." "An application's attack surface is not limited to its own code and the code of explicitly included libraries, because those libraries have their own dependencies," he said. The study found that 70% of applications have a security flaw in an open source library on an initial scan. Other findings from the report: The most commonly included libraries are present in over 75% of applications for each language. 47% of those flawed libraries in applications are transitive. More than 61% of flawed libraries in JavaScript contain vulnerabilities without corresponding common vulnerabilities and exposures (CVEs). Fixing most library-introduced flaws can be done with a minor version upgrade. Using any given PHP library has a greater than 50% chance of bringing a security flaw along with it.

Read more of this story at Slashdot.