Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - farzanaSadia

Pages: [1] 2 3 ... 7
Travel / Visit / Tour / Budget trips: 20 of the cheapest places to travel
« on: November 16, 2017, 07:41:36 PM »

That ever-growing travel wish list might be putting some pressure on your pocket – but there are plenty of destinations where you’ll get more bang for your buck. From Greece to Guatemala, here are 20 places you can visit without breaking the bank.
1. Thailand

There’s a reason why Thailand remains so popular with backpackers – it’s got idyllic islands, a rich culture, beach-huts aplenty, tantalising cuisine and adventures galore, and all available at often staggeringly low prices. Despite the well-trodden routes through the country, it’s not hard to get away from the crowds – check out Nakhon Si Thammarat for some of the very best food the country has to offer, or hire a motorbike to make the 600km trip along the Mae Hong Son Loop through the forested northern mountains.

Read our tips for backpacking Thailand and travelling solo in Thailand before you go.
2. South Africa

One of the great things about travelling in South Africa is that it’s possible to have a safari experience here – complete with the Big Five – without encountering a budget-breaking bill. Head to Hluhluwe-Imfolozi to see white rhino and to avoid the crowds of Kruger, to the Drakensberg for superlative hiking, and don’t forget to factor in at least a few days in amazing Cape Town.

Start planning your trip with our list of the best road trips across the country.
South Africa
3. Vietnam

Despite a remarkable rate of change over the decades since the end of the American War, Vietnam remains amazing value for Western visitors. The country’s greatest attraction is its sublime countryside, from the limestone karsts of the north to the waterways and paddy fields of the Mekong Delta, with blissful beaches and frenetic cities crammed in between.

Then there’s the cuisine – pull up a stool at a pho stall and for only a couple of dollars you’ll eating some of the best food on offer, shoulder to shoulder with the locals.

Check out our 9 tips for backpacking Vietnam and discover how to get off  the tourist trail before you go.
4. Uruguay

If you’ve already visited Brazil and Argentina, or are just looking for a better value destination, head instead to neighbouring Uruguay. You’ll be relieved to hear you can still find excellent steak here; plus, there plenty of lovely beaches to choose from – head to Cabo Polonio for quieter sands and abundant wildlife – and the gorgeous old capital of Montevideo.

Want to learn more? You’ll find all the information you need to plan a budget trip in our Snapshot Guide to Uruguay.
5. Cuba

Book through Rough Guides’ trusted travel partners

    securityTravel insurance
    directions_carCar rental

Since relations between Cuba and the US started rapidly warming up, there’s never been a better time to visit this Caribbean island. Go now before it changes beyond recognition – and before the prices start to go up and up even more. Hit the salsa clubs of Havana, get caught up in the heady July carnival of Santiago, or dip your toes in the warm Caribbean at Varadero Beach – whatever you do, you’ll find it hard not to leave utterly intoxicated.

Get started with these 12 tips for backpacking Cuba.
6. Prague, Czech Republic

Despite being firmly on the tourist – not to mention bachelor party – trail these days, Prague remains one of Europe’s cheapest capital cities to visit. For just a few Czech Crowns you can enjoy a hearty meal, washed down with decent local beer, of course. The city itself is a beauty, crammed full of history and perfect for leisurely explorations by foot.

Want to explore more of Europe on the cheap? Check out The Rough Guide to Europe on a Budget.
Prague, Czech Republic
7. Greece

Don’t be put off Greece by the country’s ongoing economic crisis – if anything, the financial situation is all the more reason to travel here and to support the local people. The situation does mean that prices are still cheaper than they once were, and that means that you might be able to squeeze an extra island or two into your itinerary. Pay by credit card in advance, but take enough cash with you for your travels, and you’re pretty much guaranteed an amazing trip.

Read these 11 tips by Nick Edwards, co-author of The Rough Guide to Greece, before you go.
8. Guatemala

It’s hard not to fall under the spell of Guatemala and its compelling mix of natural beauty, Maya traditions and colonial legacies. Rock-bottom prices make this one of the best places to study Spanish; once your linguistic skills are up to scratch, jump onto one of the country’s famous camionetas or “chicken buses” to explore, soak up the sights of graceful Antigua, or be wowed by the monumental Maya temples of Tikal.

It’s easy to extend your trip to see more of Central America, too. Check out The Rough Guide to Central America on a Budget for advice, and also discover why you shouldn’t rush through Guatemala City.
9. Bulgaria
Related features
Go solo: the 20 best places to travel alone
Go solo: the 20 best places to travel alone
10 things everyone learns travelling solo
10 things everyone learns travelling solo
On a budget: 15 cheap places to visit in Europe
On a budget: 15 cheap places to visit in Europe

Often unfairly overlooked, Bulgaria has a lot to offer budget travellers – not least some of the most deserted beaches in Europe, at bargain prices. In addition to its appealing coastline, there’s also lots of lovely old towns, including Varna on the coast and ancient Plovdiv, and a number of dramatic mountain ranges that are perfect for exploration on foot or by bike.
10. India

India remains one of the ultimate destinations for budget travellers – there are few countries where you can still travel so extensively and eat so well for so little. If you’re after a beach break, eschew Goa for the gorgeous beaches of the temple town of Gokarna; for amazing food, it’s hard to beat the puris and kebabs of Mumbai’s street stalls; or head to the Golden City of Jaisalmer from where you can explore the seemingly endless sands of the Thar Desert.

Need more inspiration? Discover the most romantic places in India, check out our favourite places off the tourist trail and find out what it was like to write the first ever Rough Guide to the country.
11. Portugal

Portugal remains one of the best bargains in Western Europe, and is especially worth considering if you want to avoid the more crowded resorts and cities of Spain. Skip the Algarve for the ruggedly beautiful Alentejo (with its cheap, fresh seafood) and vibrant, uber cool Lisbon; and don’t forget to put enough euros aside for a pastéis de belém (custard tart) or two.

If you’re not sure where to start, read our top tips for travelling in Portugal and discover the best of Lisbon’s food scene.
12. Bolivia

One of the cheapest countries in South America, Bolivia is also one of it’s most misunderstood. Travelling here may be a little uncomfortable at times, but it’s more than worth it for the wealth of amazing sights on offer. Top of the list is undoubtedly the astounding Salar de Uyuni salt flats, a two or three day tour of which will usually set you back less than £100/$150.

Get The Rough Guide to South America on a Budget to start planning your trip, and be sure to include at least one of these beautiful journeys across the country.
13. Mexico
Related guides
Rough Guides Snapshot South Africa: The Eastern Cape
The Rough Guide to Cape Town, The Winelands & The Garden Route
The Rough Guide to South Africa, Lesotho & Swaziland
View all guideschevron_right

Your budget will definitely stretch to tacos and tequila aplenty in Mexico – which is great news as there’s a lot of ground to cover in this vibrant country. Whether you want to string your hammock up along dazzling white sands, sample some of the country’s best street food in Oaxaca or cool off in a crystal-clear cenote (sinkhole), the country will leave you eager to come back for more.

To kick-start your wanderlust, these are 12 of our favourite places to visit – and here’s why Tijuana should be on your radar.
14. New Orleans, USA

You can’t escape from music in New Orleans – and with buskers on what often seems like every corner, and music in every courtyard and bar, it’s not hard to experience the city’s musical heritage without spending much more than the price of a beer. The city is best experienced slowly, and on foot, and it’s hard to beat people-watching over a cup of coffee and a plate of sugar-dusted beignets at the Café du Monde.

Find out where to sample the city’s best cocktails with our guide.
New Orleans, USA
15. Laos

Even in a region of budget-friendly destinations, Laos stands out. It’s hard not to be captivated by the slow pace of the country; head just north of elegant Luang Prabang to riverside Nong Khiaw, where for small change you can bag a waterside bungalow and watch the boats travel up and down the karst-surrounded river over a cold bottle of Beer Lao.

Get the full lowdown on this enchanting and unspoiled corner of Southeast Asia with The Rough Guide to Laos.
16. The Gambia

Africa’s smallest country is already known for its beautiful beaches, but it’s well worth venturing beyond them to experience its other delights. Top of the list has to be the Chimp Rehabilitation Centre in the River Gambia National Park, where you can watch the primates in their natural habitat, while the birdlife at Baobolong Wetland Reserve is arguably the best place for ornithology on the continent and is at its most atmospheric at sunset.
The Gambia
17. Shanghai, China

Book through Rough Guides’ trusted travel partners

    securityTravel insurance
    directions_carCar rental

The biggest appeal for budget – if not all travellers – to Shanghai is undoubtedly the abundance of amazing street food on offer, from xiao long bao soup dumplings to scallion pancakes and sticky rice parcels (zongzi). It’s still possible to find an accommodation bargain at the lower end of the scale, and much of the city’s appeal lies in exploring its busy streets on foot and experiencing for yourself the juxtaposition between old and new China.

You’ll find recommendations for where to find the city’s best street eats and budget sleeps in The Rough Guide to Shanghai.
Shanghai, China
18. Istanbul, Turkey

With one foot in Europe and the other in Asia, Istanbul is undeniably alluring. Though seeing all the major sights – the Aya Sofya, Blue Mosque and Topkapi Palace to name but a few – can quickly eat into your lira, the city can still be great for tighter budgets. Arguably the best ways to really soak up the city are from a Bosphorus ferry, wandering the streets of the Grand Bazaar, or on a streetside terrace with a freshly-cooked kebab.
Istanbul, Turkey
19. London, England

First things first – London is not cheap. There’s no denying that even staying in hostels, using public transport and eating in cafés is going to massively eat into your budget. But – and it’s a big but – there are few places in the world that can rival the capital city for its plethora of free sights, where you can see the Rosetta Stone and the Lindow Man, works by Monet and Dalí, not to mention dinosaur and blue whale skeletons, for absolutely nothing.

Get off on the right foot by choosing a great area to stay and discover eight things you didn’t know you could do in the Big Smoke.
London, England
20. Egypt

Considering the abundance of mind-blowing ancient sights, you’d expect travel in Egypt to cost a lot more than it does. Sure, if you tick off all the major attractions – including the Pyramids, the Valley of the Kings and Abu Simbel – then costs are going to creep up, but tempered with cheap (and excellent) food and decent budget accommodation, it’s not hard to feel like you’re almost able to live like a Pharaoh.

Note, that due to safety concerns some governments currently advise against travel to certain parts of the country; check the latest advice before you go.

Startup basically stands for the entrepreneurial initiative of taking technology centric ideas to market. These are ideas of products, whether goods or services, to be better alternative to existing products. This is about brining better substitution to market to cause disruption to incumbent industry. Despite the underlying strength of ideas and technology base, it’s a tough journey. And such reality has been the case of high mortality rate in the startup landscape. As high as 90 percent startups suffer death within first three years; or becoming “zombies”—remain afloat with seeming lifelessness. In India, 1,000 startups died in 2016 alone, half of whom were incubated during 2013 and 2014. And adequate epitaph yet to be written on failed startups to understand the cause for finding remedies.  Although we arrange colorful events and promote competition among creative minds to undertake startup initiative, but why don’t we focus on doing postmortem on high mortality?  Due to high mortality, it’s quite important to dissect the journey of failed startups to detect and share patterns to reduce the mortality rate.

    After originating in research based university ecosystems of the USA, startup craze has diffused even in developing countries like India and Bangladesh. Starting from political leaders to academics, startup is being projected as the new vehicle of wealth creation—pursuing disruptive innovation.  Globally, over US$ 125 Bn private equity was invested in the startup world in 2015. This number does not take into account of (i) all the money that employees have “invested” through all the salaries and wages that have not been paid to them, (ii) the billions of dollars of investments made by founders, their friends and family as well as their angel investors, and (iii) also the billions of dollars that has been “invested” by suppliers who did not recover their money from the company that went belly up. If statistics were available, the total amount would be quite large—virtually wasted to pursue ideas. But success of startups is the key to bring better alternative to existing products—for offering better quality products at lower cost to serve our purpose better.

It’s quite ironic that despite such high-mortality rate and loss of so much capital, people often prefer quiet burial. Startup journey could be considered as the process of succeeding in disruptive innovation. It’s about bringing substitute products around new technology core to cause disruption to the exiting industry. For example, the idea could of smartphone based handheld ultrasound machine to cause disruption to existing desktop counterparts. Irrespective of the strength of the idea and underlying new technology, the initial product likely shows up as a primitive alternative to target incumbent products. Such primitive products create a very little wiliness to pay. Suitable customers should be targeted for this primitive product. Additional ideas should be added to complement the first great idea to rapidly improve the quality and reduce the cost of the early primitive offering. Such rapid progress is essential to create new market, and also to cause the disruption to incumbent product’s exiting industry. Both scale and scope advantage (preferable around software), and also the benefit of network externality (by leveraging the ubiquitous connectivity) should be exploited to empower the great idea to succeed. Such disruptive innovation journey is a long one, and moreover, initial great ideas need to be complemented by thousands of additional ideas.

 By Rokon Zaman

There has been a concept, called: Constructive destruction, known as Schumpeter's gale. Smart companies destroy their existing products to create space for their more innovative ones. Does it work in the job market? To respond to robotics, should we protect or kill jobs has been a burning question to many of us. By killing jobs, if we cannot find any new job, it might be stupidity. But, if we can create better jobs by killing existing one, answer could be different.

China is turning Robotics and Automation, broadly coined as Fourth Industrial Revolution, into blessing. ‪China is desperately taking the advantage from low cost ‪robots to kill 100 million manufacturing ‪jobs as fast as it can do to slow down the migration of factories to African and South Asian countries. ‪China’s robotic strategy to kill manufacturing jobs to slow down out migration of factories is fuelling the growth of domestic robotics R&D and production. Such capability is crucial for China to create new high paying jobs to innovate robots for elderly care--to handle the liability of one child policy.

As opposed to ‪China's aggressive move to kill manufacturing jobs with ‪Robots, India's frugal ‪innovation and conservative approach to Robotics and automation to protect jobs raises question. Will it contribute to widening the competitiveness gap between ‪India and China?
Introduction of ‪robots into manufacturing not only kill ‪jobs, but also lower the rate of growth of industrial wages. By focusing on labor-intensive jobs, are developing countries deliberately staying on the slow track to suffer from income erosion?

To take the advantage of low cost sensors, actuators and software, should every country of the world, irrespective of development stage, focus on developing domestic ‪Robotic R&D and production capability? Will such strategy contribute to both job and income growth, even in least developed countries? In absence of such strategy, will all developing countries, even supplier of least costly labor, end up in loosing existing manufacturing jobs—suffering from premature deindustrialization? 

Software Engineering / Evolving Roles of Software Requirements Engineering
« on: November 14, 2017, 02:58:42 PM »
 Role of software requirements engineering has been evolving through stages. At the beginning of the computer industry, in 1950s, the challenge of selecting software requirements was to simplify the computational tasks, making them executable my machines. At that time, software users were mostly writing programs for themselves. At later stage, the job of in-house software developers was created. Those in-house programmers used to work in close association with major users to acquire, analyze and select requirements, which were technologically feasible to translate into software application. Technology knowledge and the ability to translate users’ requirements into software were most pressing challenge. The challenge at this phase was primarily in the area of assessing technology feasibility in capturing, analyzing and selecting requirements.

With the growth of computational need and expansion of user base of computers, major software customers started contracting out the assignment of getting custom made software delivered. In such contractual engagements, in addition to technology feasibility, the given financial and time budgets were very relevant in deciding about requirements to be translated to software applications. With the growth of software assets, compatibility and capitalization of already developed software assets started to play important role in capturing, analyzing and screening software requirements.

The third phase of software development could be termed as market driven innovation age. Instead of being in-house employees and contractors for target software customers, the focus started to shift to develop software applications targeting many customers. Upon development and launching of the application, customers voluntarily decide about the purchase of such applications. Moreover, the price of such software applications is far lower than the development cost, as the development cost is divided over many customers and the cost of replication of software is virtually zero. Such model of software development became attractive in both the supply and demand sides. In one hand, customers were getting the software at a fraction of cost of original development. On the other hand, it was opening the opportunity in the supply side to make growing profit by offering the same application to a large number of customers. But such model of software development, could be termed as market led innovation, created additional challenges for software requirements engineering.

To innovate software applications, in capturing, screening and selecting software requirements, the first question centered around the likely willingness to pay by target customer groups, and the number of customers likely to be buying the feature at certain price. Software requirements selection pays serous attention to increasing the number of likely customers, as total R&D cost is divided by the number of total customers to determine the per unit (customer) cost. The second challenge is around the likely response of the competition upon the release of the product in the market. In deciding about requirements, the challenges of dealing with the force of imitation, innovation and substitution are taken into consideration. The uncertainty of market response takes the 3rd position. Instead of releasing full blown requirements around certain major features, often time the strategy of seeding, selective release, is given consideration to test the response of the market. With the growth of Internet penetration, the 4th important area to focus is to pay attention to those software requirements which have the potential of creating network externality effect. The network externality effect is being found to be of growing importance to succeed with software innovation, as the perceived value of the product keeps growing with the growth of customer base. The 5th area of the focus is about the management of technology and innovation, and dynamics of public policy. Risk capital financing to support research and development, managing intellectual assets, and managing the development team over a long uncertain period is the 6th area in deciding about software requirements, apparently most challenging area. Apart from technology competence of translating requirements into software features, a number of factors including these six should be taken into consideration in deciding about optimum software requirements, turning software requirements capturing to engineering.
Posted 1st March by Rokon Zaman

Microsoft has announced a new partnership with Amazon to create a open-source deep learning library called Gluon. The idea behind Gluon is to make artificial intelligence more accessible and valuable.

According to Microsoft, the library simplifies the process of making deep learning models and will enable developers to run multiple deep learning libraries. This announcement follows their introduction of the Open Neural Network Exchange (ONNX) format, which is another AI ecosystem.

Gluon supports symbolic and imperative programming, which is something not supported by many other toolkits, Microsoft explained. It also will support hybridization of code, allowing compute graphs to be cached and reused in future iterations. It offers a layers library that reuses pre-built building blocks to define model architecture. Gluon natively supports loops and ragged tensors, allowing for high execution efficiency for RNN and LSTM models, as well as supporting sparse data and operations. It also provides the ability to do advanced scheduling on multiple GPUs.

“This is another step in fostering an open AI ecosystem to accelerate innovation and democratization of AI-making it more accessible and valuable to all,” Microsoft wrote in a blog post. “With Gluon, developers will be able to deliver new and exciting AI innovations faster by using a higher-level programming model and the tools and platforms they are most comfortable with.”

The library will be available for Apache MXNet or Microsoft Cognitive Toolkit. It is already available on GitHub for Apache MXNet, with Microsoft Cognitive Toolkit support on the way.

Could the recent Equifax data breach been prevented if the credit agency had the right programming tools in place? That’s the question researchers from North Carolina State University set out to answer in their recent study: Can Automated Pull Requests Encourage Software Developers to Upgrade Out-of-Date Dependencies?

According to the researchers, a majority of software relies on external libraries to perform functions. Often times, those libraries are modified to address flaws. In order for programmers to ensure the safety of their code, they have to constantly check the status of their software libraries and update their code to account for any changes.

“This is called ‘upgrading an out-of-date dependency.’ However, for various reasons, many programmers procrastinate, putting off the needed upgrades,” said Chris Parnin, an assistant professor of computer science at North Carolina State University

Parnin explained, this type of procrastination is exactly what happened with the Equifax data breach. “An external library they relied on had made public that it contained a security flaw. And while the external library was patched, Equifax never got around to updating its internal code. So months after the problem was identified, Equifax was still vulnerable and got hacked.”

In the study, the researchers looked at thousands of open source programs on GitHub to assess if tools could get more programmers to update their out-of-date dependencies. In one group, the researchers looked at 2,578 projects that used automated pull requests to notify project owners about necessary upgrades. In another group, the researchers looked at 1,273 projects that did not take advantage of automated pull requests or tools in place for out-of-date dependencies. The results showed 60% or programmers with automated pull requests associated with their programs were more likely to upgrade their projects than those who didn’t use any incentives.

“We also found that the majority of automated pull request projects were using the most up-to-date versions of dependent software, whereas the unincentivized projects were all over the map,” Parnin asid. “The take-home message here is that we have automated tools that can help programmers keep up with upgrades. These tools can’t replace good programmers, but they can make a significant difference. However, it’s still up to programmers to put these tools in place and make use of them.”

Ruby has had a reputation as a user-friendly language for building web applications. But its slippage in this month’s RedMonk Programming Language Rankings has raised questions about where exactly the language stands among developers these days.

The twice-yearly RedMonk index ranked Ruby at eighth, the lowest position ever for the language. “Swift and now Kotlin are the obvious choices for native mobile development. Go, Rust, and others are clearer modern choices for infrastructure,” said RedMonk analyst Stephen O’Grady. “The web, meanwhile, where Ruby really made its mark with Rails, is now an aggressively competitive and crowded field.”

Although O’Grady noted that Ruby remains “tremendously popular,” participants on sites such as Hacker News and Quora have increasingly questioned whether Ruby is dying. In the Redmonk rankings, Ruby peaked at fourth place in 2013, reinforcing the perception is in decline, if a slow one.

The rankings were:


RedMonk’s rankings are based on a formula that examines pull requests on GitHub as well as language discussions on Stack Overflow. The RedMonk rankings’ methodolog differs from those used in the monthly Tiobe and PyPL language popularity rankings, which use formulas based on internet searches.

Software Developers Forum / How Google’s Go language could be improved
« on: October 11, 2017, 08:15:20 PM »
To improve development tools for Google’s open source Go language, Go might be getting its own language server, akin to Microsoft and Red Hat’s Language Server Protocol.

The notion came up in a Go language contributors’ discussion group, so it’s not a done deal.

The group’s consensus recommendations are:

    Adopt a language server IDEs and other tools. It would index and display information about code and packages. “Microsoft’s Language Server Protocol was suggested as a good starting point because of its wide support in editors and IDEs,” said one participant. That protocol was designed to integrate multiple language across code editors and IDEs.
    Establish a standard “counter” API that would report statistics.
    Rewrite some of Go’s assembly code.
    To bridge the gap between assembly and Go, consider rewriting the crypto code in Go. For performance purposes, crypto code in the language was mostly written in assembly. But the code is hard to debug, maintain, and read. “A rewrite in Go would make maintenance easier. Adding processor intrinsics and better support for 128-bit math would improve Go’s crypto performance,” one participant said.
    Expand the math/bits package planned for the upcoming Go 1.9 release to accommodate the rewrite. The math/bits package offers optimized bit manipulation. (Go 1.9 is due this month.)
    Refactor garbage collection and related tools in the compiler and runtime, to reduce overhead in core tools and IDEs.
    Perhaps embed the compiler into the IDEs for quick syntax-checking.
    Compile code in memory, benefiting environments that lack a filesystem. Developers also could run tests continually.

Other issues raised in the discussion group included dependency management and interface issues. Contributors noted that making critical fixes to packages in the standard library requires waiting six months for a new version of Go to ship, or for a point release for security issues. “Better dependency management may facilitate the migration of some packages out of the standard library and into their own projects with their own release schedules,” wrote one participant.

Another area of discussion was the difficulty of using the standard library interfaces. “It would be nice if io.Reader accepted a context so that blocking read operations could be canceled,” said one participant.

Errors in Go also led to discussions. “Many Go users are initially confused by, or don’t understand, the fact that ‘error’ is an interface, and it can be difficult to attach more information to errors without masking sentinel errors such as io.EOF,” wrote one participant.

Software Developers Forum / Survey says Python is tops with developers
« on: October 11, 2017, 08:14:32 PM »
Python, which was already surging in popularity among developers, has received another endorsement, getting the nod as the most popular tool in IT service provider Packt’s just-released developer survey.

The language is used by nearly 20 percent of respondents, giving it the top spot. The report echoes Python’s high rankings in language popularity indexes from Tiobe, PyPL, and RedMonk, which all have the language finishing in their recent top five rankings.

In addition, Packt found that Python has been boosting salaries of persons in administrative rolls and those working in infrastructure. “In a world where automation and speed are becoming essential to modern tech professionals and their organizations, Python sits very comfortably—and certainly makes you incredibly valuable.”

The language has grown recently because of accessibility, a fully featured standard library, a rich ecosystem of libraries and frameworks, and an engaged community, Packt said.

Packt’s 2017 Developer Skills and Salary Report was based on responses from 4,731 developers and technology professionals worldwide, who were polled in April and May. The top 10 ranking tools according to the report were as follows:

    Python programming language
    The Git software version control system
    Microsoft’s Visual Studio IDE
    Eclipse IDE
    Java programming language
    The Notepad++ code editor
    R statistical language.
    Docker container system
    Microsoft Excel

Other popular technologies cited by participants included JavaScript, the Android Studio IDE, Apple’s Xcode IDE, Google Chrome, and PHP. When it comes to tools people plan on learning in the next three months, the top tools cited included Docker, Python, the Angular framework, Visual Studio, and Jenkins, the automation server.

Packt also polled on which tools skills were paying the best. The top three—Splunk, Kafka, and Hadoop—were data-related, with Splunk specialists earning a median salary of $100,000. The inclusion of the container orchestration tool Kubernetes and configuration management tool Chef revealed that management of software deployments is also a high-value area.

Asked which trends they expect to have the biggest impact on businesses and consumers in the next 12 months, respondents cited cloud computing; big data, artificial intelligence, and machine learning; automation; and containerization.

Java Forum / What’s new in Java EE 8
« on: October 11, 2017, 08:13:01 PM »
Although Oracle has been mostly quiet lately about the progress of its enterprise Java overhaul, that is likely to change soon with the impending arrival of Java Platform, Enterprise Edition 8, better known as Java EE 8.

The upgrade retools enterprise Java for cloud and microservices environments. A vote on the Java Community Process specification for Java EE 8 is under way and is due to be completed on August 21. Java EE 8, the official specification states, is about simplification while extending the range of the platform to accommodate emerging technologies in the cloud and web. The specification also emphasizes HTML5 and HTTP/2 support.

Java EE 8 will support a multitude of Java technology specifications, including:

    JSON-B (JavaScript Object Notation Binding), providing a binding layer for converting Java objects to and from JSON messages.
    Updates to JSON-P (JSON Processing API), improving the object model.
    JAX-RS (Java API for RESTful Web Services) 2.1 reactive client API.
    JAX-RS support for server-sent events, offering a one-way channel from a server to a client.
    HTTP/2 support in Servlet. Java Servlet provides a programming class to extend server capabilities.
    Java EE Security API, accommodating cloud and PaaS paradigms.
    Bean Validation 2.0, leveraging Java 8 language constructs for use in validation. Bean Validation enables expression of constraints on object models using annotations.
    JavaServer Faces 2.3, for building server-side user interfaces.
    CDI (Contexts and Dependency Injection) 2.0, emphasizing asynchronous events.

Java EE upgrades to come faster

Java EE 8 will be followed next year by Java EE 9, as part of a two-phase effort to retool the platform for modern-day cloud and microservices deployments. Java EE 8 is centered on accommodations to configure services and on health-checking to manage services. The follow-up EE 9 release is slated to promote deployment of smaller units of services and a reactive programming model for building large-scale, event-based systems.

Built on top of Java SE (Standard Edition), Java EE offers an API and runtime environment for building and running large-scale, multitiered network applications, with security and reliability serving as key goals of the platform. The last major release, Java EE 7, became available in June 2013 and focused on HTML5 and mobility.

As part of its Java EE 8 development process, Oracle has been working on GlassFish 5, the open source application server that has served as a reference implementation for the Java EE platform. The intent is to have two GlassFish 5 promotion builds weekly to catch integration issues sooner.

Java SE is also set for an upgrade, with version 9 due on September 21 after multiple delays.
Java EE rebellion results in MicroProfile support

Last year, prominent members of the enterprise Java community rose up to protest what was perceived as stalled progress on Java EE. Oracle then rolled out its plan to revitalize the platform, noting the company had desired to retreat from earlier Java EE plans It deemed inadequate for modern computing paradigms.

One of the rebel efforts led to the development of MicroProfile, providing a baseline platform definition for microservices. The Eclipse Foundation has since taken over MicroProfile, which will still be promoted as a mechanism to accelerate adoption of Java EE 8. The current 1.1 version of MicroProfile provides a stack that includes CDI, JSON, JAX-RS, and a configuration API.

Java Forum / What’s new in JUnit 5 for Java testing
« on: October 11, 2017, 08:12:08 PM »
The JUnit testing framework for Java has just moved to version 5. Unlike previous releases, JUnit 5 features modules from several subprojects, including:

    Platform, for launching testing frameworks on the JVM and defining the TestEngine API via a command line.
    Jupiter, for programming and extension models for writing tests and extensions and then (via plugins) building them within JUnit, Gradle, or Maven.
    Vintage, for running JUnit 3 and 4 tests on the JUnit 5 platform.

In Jupiter, a developer can use annotations as meta-annotations, in which you define an annotation that automatically inherits the semantics of meta-annotations—a new programming model in JUnit. Also, Jupiter lets test constructors and methods to have parameters, allowing for more flexibility and enabling dependency injection for constructors and methods.

JUnit 5 requires Java 8 or higher version at runtime. But developers still can test code previous versions of the Java Development Kit. JUnit 5 artifacts do not ship with compiled module descriptors for JDK 9, but there are accommodations for JDK 9. Tests can be run on the java class path; in this regard, there are no changes between Java 8 and 9, according to documentation. Also, running JUnit Jupiter tests on the module path is implemented by pro, a Java 9-compatible build tool.

Java Forum / What's new in Kotlin 1.2? Code reuse, for starters
« on: October 11, 2017, 08:11:33 PM »
Version 1.2 of the statically typed Kotlin language, will offer an experimental feature enabling reuse of code across platforms, as well as compatibility with the Java 9 module system. The beta of Kotlin 1.2 is now available for download.

Kotlin’s experimental multiplatform projects capability lets developers reuse code between supported target platforms: JVM and JavaScript initially, and later native. Code to be shared between platforms is placed in a common module; platform-dependent parts are put in platform-specific modules. During compilation, code is produced for both the common and platform-specific parts.

Developers can express dependencies of common code on platform-specific parts via expected and actual declarations. This declaration specifies an API, while an actual declaration is either platform-specific to the API or a type alias that refers to an existing implementation of the API in an external library. The standard library, meanwhile, features the kotlin.math package for performing mathematical operations in cross-platform code.

The kotlin.math package also now offers better precision for math polyfills for JavaScript.

Kotlin 1.2’s standard library is compatible with newly introduced Java 9 module system, which forbids split packages (multiple .jar files declaring classes in the same package). In Kotlin 1.2, the kotlin-stdlib-jdk7 and kotlin-stdlib-jdk8 artifacts replace the old kotlin-stdlib-jre7 and kotlin-stdlib-jre8.

Also to support Java 9, Kotlin 1.2 also removes the deprecated declarations in the kotlin.reflect package from the kotlin-reflect library. Developers need to switch to using the declarations in the kotlin.reflect.full package, which debuted in Kotlin 1.1.

Type inference improvements in Kotlin 1.2 include enabling the compiler to use information from type casts in type inference. If a developer calls a generic method that returns a type parameter, such as T, and casts the return value to a specific type, such as Foo, the compiler now understands that T for this call needs to be bound to the type Foo. This is especially important for Android developers, for the Kotlin compiler to correctly analyze findViewById calls in Android API Level 26. Also, the compiler now has an option to treat all warnings as errors.

Kotlin 1.2 also has these enhancements:

    It now supports array literals in annotations, simplifying coding.
    It uses a more consistent syntax.
    The new reflection API lets developers check whether a lateinit variable has been initialized.
    The lateinit modifier now can be used on top-level properties and local variables.

Kotlin had its origins as a language for the JVM but has since been expanded to compile to JavaScript as well. The language received a boost this spring when Google endorsed it as a mechanism for building Android mobile applications, alongside Java itself.

Anti Virus / Google Talk used to distribute Fake AV
« on: October 11, 2017, 08:08:29 PM »
When speaking in public and delivering presentations, I am often asked “Why would they want my Google/Yahoo!/MSN/Facebook credentials? It’s only a throw-away email address.”

These services have transformed from simple webmail and messaging experiences into fully integrated platforms for video, voice, instant messaging, photo sharing, and of course social networking. As Google learned from the launch of Google Buzz, not everyone wants everything tied together in one place with Mark Zuckerberg-like openness.

Bot GTalk messageMaria Varmazis, a colleague from our Boston office, got to experience what happens when a friend’s account is compromised. When she logged onto Gmail, she got a pop-up message from someone she regularly chats with: “Hey are you on Facebook ??? If u are then check this out “. Wisely, Maria didn’t click on the link and instead passed it on to me to investigate.

The link led me to a web page that had some dancing stick people and a link that read, “Click on the picture to download my party pictures gallery. . . (Click Open or Run when prompted.)”.

Of course I wanted to view this party picture gallery. . . Past experience tells me the best pictures are taken after 11pm at parties. When I clicked the image, Internet Explorer presented a download prompt for a file called my_image_gallery.scr.
Screenshot of file download

SAV Alert FakeAV-BTWhen I tried to run the file, Sophos Anti-Virus notified me that it detected a virus, Mal/FakeAV-BT, and that it quarantined the file.

You”ll notice the size of the file was only 25K. This file, like many other fake AV programs, is simply a downloader that later retrieves its payload of malware. This allows the controllers of the botnet to decide which malware to place at the destination web page, and gives you another chance to prevent the attack by using web filtering.

Screenshot of Sophos Anti-Virus detections Had SophosLabs not already published an identity for this FakeAV, our integrated HIPS (Host Intrusion Prevention System) technology would have prevented infection as well.

HIPS detected the file’s behavior as HIPS/ProcInj-003, indicative of malware trying to inject itself into the Internet Explorer browser.

Another thing I noticed was that all of the files were in areas that did not require administrative privilege. This is a technique in greater use since Microsoft’s addition of User Access Control to Vista and later versions of Windows. This was one of the main reasons I got the results I did when testing Windows 7 against the latest 10 threats.

Screenshot of Sophos quarantine

This attack once again shows us the importance of defense in depth. An administrator for an organizational network has several chances to prevent this infection:

    Education. Teach end users how to spot something out of the ordinary, to avoid clicking links in IMs, and what techniques are used in social engineering.
    Anti-virus. As Virus Bulletin regularly demonstrates, the majority of up-to-date anti-virus products protect against most in-the-wild threats.
    Proactive protection. Using heuristic, behavioral and other techniques provides protection against malicious code that may not yet be detected by your anti-virus definitions.
    Web filtering. Both the site offering malware for me to download, and the one that was luring me into clicking the picture were blocked by the Sophos Web Appliance as malicious. Our web appliance also scans all your downloads for malware, and lets you disable downloading of dangerous filetypes.

Unfortunately, quite often our friends may not really be our friends. Use this as a reminder to stay vigilant and warn others about this type of attack.

Anti Virus / Malicious Web Ad Infecting Android Phones
« on: October 11, 2017, 08:07:00 PM »
Savvy Internet users know not to click on strange links, but malvertising — malicious code hidden within otherwise innocuous advertisements — presents a more pernicious problem.

A new malvertising campaign isn’t content to just redirect your web browser to unsafe sites. If you're using an Android phone, it downloads and installs an Android app that can compromise your entire phone, with no known panacea. The trap is easy to avoid, but once it’s sprung, it’s sprung for good.

screen lock device admin

This information comes from the Zscaler ThreatLabZ team, a San Jose, California-based security firm. Zscaler discovered the issue by scouring the Godlike Productions forums, a hotbed of UFO and conspiracy theory activity. For once, the tinfoil-hatted commenters had it right; someone really WAS out to get them, and that someone was a cybercriminal.
What You Need to Do

The good news is that avoiding the problem is extremely simple, and you may not even be susceptible to it in the first place. In order for apps from sources other than the Google Play store to be installed, users must go into Security-->Settings and allow apps from "Unknown Sources." That function is a security risk, and is disabled by default.

Still, if you use third-party app stores (like the Amazon Appstore), you've already enabled Unknown Sources. To disable the feature, check your phone’s settings. Enabling and disabling third-party app installation will be under the Security menu, although that menu's location may vary depending on your phone.

MORE: Best Android Antivirus Software and Apps

Advertisements on the forum automatically installed an Android APK known as "kskas.apk" to users' phones. The program calls itself "Ks Clean" and promises to clean out Android device. Once installed, though, it claims that the phone is vulnerable to a security loophole and requires an update to safeguard the device.

The update, of course, is in reality another app, and a much more malicious one. This one requires administrative privileges to install, which means that the "update" app can control your phone at the deepest level.

Once installed, the update app takes no interest in either cleaning your system or plugging security gaps. Instead, it plasters your home screen with obnoxious advertisements. While it doesn’t seem to be anything more malicious than that at the moment, it does communicate to its masters using a fairly complex command-and-control server, and could distribute actual malware if its creator so desired.

Uninstalling the app is impossible, since "update" controls the device at an administrative level. Any attempt to get rid of it forces the phone into a lock screen, and at the time of writing, there's no way around it. Your only recourse is to perform a factory reset on the phone. Depending on how much data you have saved on your device, this could range from inconvenient to disastrous.

If you have to keep installing third-party apps, you can still avoid this particular menace by just denying Ks Cleaner or its update permissions when they try to install. A good Android antivirus program should also catch the app and quarantine it before it has a chance to do any damage.

As for Godlike Productions, Zscaler was unable to find the particular ads that triggered the malicious APK, so they could be gone by now. The truth, as the site’s adherents might say, is out there.

Java Forum / The most popular IDEs? Visual Studio and Eclipse
« on: October 11, 2017, 08:03:12 PM »
Microsoft’s Visual Studio leads the way in desktop IDE (integrated development environment) popularity, with Eclipse close behind, according to PYPL’s August index of IDE popularity. Android Studio was a distant third.

Visual Studio takes a 22.4 percent share in this month’s index. Eclipse follows with a 20.38 percent share. Much further back was Android Studio, with a 9.87 percent share. “It’s surprising how a couple of IDEs have about half the popularity,” PYPL’s Pierre Carbonelle said.

The index is based on an analysis of how often IDEs are searched on in Google, similar to PYPL’s monthly language popularity index. The more searches for an IDE, the more popular it is presumed to be. The 10 most popular IDEs for August:

    Visual Studio, 22.4 percent
    Eclipse, 20.38
    Android Studio, 9.87
    Vim, 8.02
    NetBeans, 4.75
    JetBrains IntelliJ, 4.69
    Apple Xcode, 4.35
    Komodo, 4.33
    Sublime Text, 3.94
    Xamarin, 3.46

In 11th place was Microsoft’s open source, cross-platform development environment, Visual Studio Code, with a 2.86 percent share. Visual Studio Code reached a 1.0 release only 16 months ago.

PYPL also looked at the popularity of online development environments, using the same ranking criteria as the desktop variety. The top two lead the field by a huge margin. Cloud9 took the top spot with a 35.77 percent share, closely followed by JSFiddle with 31.42 percent. The top 10:

    Cloud9, 35.77 percent
    JSFiddle, 31.42
    Koding, 9.05
    Ideone, 5.93
    Codio, 5.92
    Codeanywhere, 4.99
    Pythonanywhere, 2.53
    Codenvy, 1.67
    Codiad, .58
    Python Fiddle, .43

Pages: [1] 2 3 ... 7