By Deb Perelman
Security protocols have never been a core part of software development, but as this changes, those who have this specialized knowledge are paid a premium.
According to the U.S. Bureau of Labor Statistics' 10-year economic outlook, computer software engineers who work in the application professions sector are expected to be the fourth fastest-growing occupation between 2006 and 2016, increasing by 44.6 percent.
Yet making sure that software is built in a secure way has typically been a secondary concern within the field.
"Software developers have never considered security as really part of their domain. But this is changing," John Pescatore, a Gartner analyst, told eWEEK.
But this stands to change. According to Gartner research, 75 percent of attacks are now targeting applications. Furthermore, as more Web sites develop Web 2.0 technologies and consumers continue to demand mash-up services, developers who know how to incorporate security into the initial creation of applications are expected to carve out an important niche for themselves.
"The job is at the intersection of security and software development. In the last couple years these security issues have risen to the forefront of a concern about doing business online," Mike Weider director of security products at Rational, a division of IBM.
IBM is just one of the companies that view these software security developers as an important specialty that will make a big impact in making the software consumers and businesses use every day more secure.
"Organizations have to wake up to software security and when they look at how they're going to address it, the real problem is often a lack of skill within their development groups. They're looking to hire resources who can educate the rest of the organization while creating and designing security programs," said Weider.
Where software developers are going to learn more about building secure applications is still unclear. Currently, most software developers aren't picking up this information at the university level.
"It's clear that there is a huge problem with software security and the reason is that application developers have traditionally not been trained in security. If you look at most computer science programs today, you don't see a lot a lot of emphasis on security training," said Weider.
While universities increasingly have a security curriculum, they don’t have elements of this included in software engineering.
"You're not learning good security practices and coding at the same time, and that's definitely something we need to see changed," said Pescatore.
Businesses are increasingly requiring everyone in software development to undertake security training, with companies such as Cigital and Security Innovation coming in to retrain software developers on how people attack software and how to avoid some common pitfalls.
Once a software developer has this information under the belt, however, they become much more appealing hires. While most companies don't have a position titled Secure Software Developer, banks and financial services companies appear to be the earliest adopters of this role, followed by contract arrangements.
"One place where there is strong employment in this skill is in consulting firms, who are hiring developers and engineers to help them fix their security problems," said Weider.
The companies that are hiring for this position are willing to pay a premium for these developers.
"Those who have this kind of skill can now easily command a higher salary," said Weider
source:eweek.com
A few months ago we released an ASP.NET 3.5 Extensions Preview that contained a bunch of new features that will be shipping later this year (including ASP.NET AJAX Improvements, ASP.NET MVC, ASP.NET Silverlight Support, and ASP.NET Dynamic Data).
James Buchanan
C++ creator Bjarne Stroustrup discusses the evolving C++0x standard, the education of programmers, and the future of programming
JB: When did you first become interested in computing, what was your first computer and what was the first program you wrote?
BS: I learned programming in my second year of university. I was signed up to do "mathematics with computers science" from the start, but I don't really remember why. I suspect that I (erroneously) thought that computing was some sort of applied math.
My fist computer was the departmental GIER computer. It was almost exclusively programmed in Algol-60. My first semi-real program plotted lines (on paper!) between points on the edge of a superellipse to create pleasant graphical designs. That was in 1970.
JB: When you created C++, was the object oriented programming (OOP) paradigm (or programming style) obviously going to gain a lot of popularity in the future, or was it a research project to find out if OOP would catch on?
BS: Neither! My firm impression (at the time) was that all sensible people "knew" that OOP didn't work in the real world: It was too slow (by more than an order of magnitude), far too difficult for programmers to use, didn't apply to real-world problems, and couldn't interact with all the rest of the code needed in a system. Actually, I'm probably being too optimistic here: "sensible people" had never heard of OOP and didn't want to hear about it.
I designed and implemented C++ because I had some problems for which it was the right solution: I needed C-style access to hardware and Simula-style program organization. It turned out that many of my colleagues had similar needs. Actually, then it was not even obvious that C would succeed. At the time, C was gaining a following, but many people still considered serious systems programming in anything but assembler adventurous and there were several languages that—like C—provided a way of writing portable systems programs. One of those others might have become dominant instead of C.
JB: Before C++, did you "just have to create C++" because of the inadequacy of other languages, for example? In essence, why did you create C++?
BS: Yes, I created C++ in response to a real need: The languages at the time didn't support abstraction for hard systems programming tasks in the way I needed it. I was trying to separate the functions of the Unix kernel so that they could run on different processors of a multi-processor or a cluster.
JB: Personally, do you think OOP is the best programming paradigm for large scale software systems, as opposed to literate programming, functional programming, procedural programming, etc.? Why?
BS: No programming paradigm is best for everything. What you have is a problem and a solution to it; then, you try to map that solution into code for execution. You do that with resource constraints and concerns for maintainability. Sometimes, that mapping is best done with OOP, sometimes with generic programming, sometimes with functional programming, etc.
OOP is appropriate where you can organize some key concepts into a hierarchy and manipulate the resulting classes through common base classes. Please note that I equate OO with the traditional use of encapsulation, inheritance, and (run time) polymorphism. You can choose alternative definitions, but this one is well-founded in history.
I don't think that literate programming is a paradigm like the others you mention. It is more of a development method like test-driven development.
Gone in 2 minutes: Mac gets hacked first in contestCanSecWest's PWN 2 OWN contest was won in 2 minutes --after the rules were relaxed a bit -- as CharlieMiller hacked a MacBook Air
By Robert McMillan, IDG News ServiceMarch 27, 2008
It may be the quickest $10,000 Charlie Miller everearned.
He took the first of three laptop computers -- and a$10,000 cash prize -- Thursday after breaking into aMacBook Air at the CanSecWest security conference'sPWN 2 OWN hacking contest.
Show organizers offered a Sony Vaio, Fujitsu U810, andthe MacBook as prizes, saying that they could be wonby anybody at the show who could find a way to hackinto each of them and read the contents of a file onthe system using a previously the system using a previously undisclosed "0day"attack.
Nobody was able to hack into the systems on the firstday of the contest when contestants were only allowedto attack the computers over the network, but onThursday, the rules were relaxed so that attackerscould direct contest organizers using the computers todo things like visit Web sites or open e-mailmessages.
Miller, best known as one of the researchers who firsthacked Apple's iPhone last year, didn't take muchtime. Within 2 minutes, he directed the contest'sorganizers to visit a Web site that contained hisexploit code, which then allowed him to seize controlof the computer, as about 20 onlookers cheered him on.
He was the first contestant to attempt an attack onany of the systems.
Miller was quickly given a nondisclosure agreement tosign, and he's not allowed to discuss particulars ofhis bug until the contest's sponsor, TippingPoint, cannotify the vendor.
Contest rules state that Miller could only takeadvantage of software that was preinstalled on theMac, so the flaw he exploited must have beenaccessible by, or possibly inside, Apple's Safaribrowser.
Last year's contest winner, Dino Dai Zovi, exploited avulnerability in QuickTime to take home the prize.
Dai Zovi, who congratulated Miller after his hack,didn't participate in this year's contest, saying itwas time for someone else to win.
Paul Krill
March 20, 2008 (InfoWorld) What will integrated development environments (IDE) look like in four years? According to technologists at IBM and Microsoft Corp., IDEs will have to accommodate trends such as more screen "real estate" and more pixels on the desktop.
At an EclipseCon 2008 session in Santa Clara, Calif., on Wednesday, Tim Wagner, a member of Microsoft's Visual Studio platform team, and Kevin McGuire, an IBM Eclipse user-interface developer, brainstormed on what might be expected from IDEs in 2012. Their jointly conducted session followed an earlier presentation by Sam Ramji, Microsoft Corp.'s director of platform technology strategy, which showed a new interest in Eclipse by the commercial software giant.
IDEs, McGuire and Wagner said, should be more connected and make developers smarter. An IDE also should be more malleable, they asserted, adding that interaction could be different from the current mouse-and-keyboard paradigm.
"The IDE should be our favorite app," Wagner said.
Meanwhile, the standard desktop will have multiple CPUs, and developers will have more pixels in front of them because of the use of multiple monitors, he said.
Wagner noted that gamers have driven down the price and driven up the power of graphics-processing chips, but IDEs have not kept pace. "Why does our IDE still look like something that came out in the '80's?" he asked.
There are also sociological trends that IDEs need to embrace, including distributed and dynamic teams, open source and its transparency, increased scale and developer diversity, according to the Microsoft and Eclipse technologists.
Other ideas presented included customizing of IDEs and better use of scripting.
source: ComputerWorld
by Becky Nagel
18 March 2008
Microsoft today announced the availability of Windows Vista SP1 via Windows Update. The company has also posted the upgrade to its download site here.
"Today, you can now download Windows Vista SP1 via Windows Update," Microsoft Product Manager Nick White wrote on the company's Vista blog Tuesday morning. "For those of you eager to receive the benefits of Windows Vista SP1 -- you can now do so!"
The release was not unexpected; text on Amazon.com discovered this weekend implied the download would be available March 18, with the retail product being released March 19, although the mention of the download has since been removed from the shopping site.
Microsoft has released Vista SP1 for five languages: English, Spanish, German, French and Japanese. Updates for other languages are expected to start rolling out in April.
SP1 releases are typical milestones for Microsoft products as many IT shops wait until the first update before deploying. Vista's update comes a little more than a year after its initial release.
According to Microsoft, the SP1 update is designed to improve Vista's reliability and application compatibility, among other changes.
In his post, White also commented on the driver issue that initially delayed the early release of SP1 to IT professionals. "We've completed our analysis and are happy to report that many of these issues were fixed between the release candidate (RC) and the final version," he wrote. "We identified a small number of device drivers that may be problematic after an update from Windows Vista to Windows Vista SP1."
A list of drivers that may still cause problems with the upgrade is available here (scroll down). White also recommends reading Knowledge Base article 948187 before installing the upgrade.
For now, Vista SP1 is an optional download; it will become a forced upgrade starting in "mid-April" on any computers that have Windows Update set to automatic download.
By Darryl K. Taft
2008-03-14
Security should be top of mind before, during and after the development process.
Experts agree that although absolute application security is nearly impossible, there are key steps you should take to mitigate risk.
Step 1: Define the process
The first step is to define the process you're going to use to develop and measure the security of your software.
Software development has many phases, from requirements gathering through design, development, testing and deployment. You must consider how your existing processes must be augmented in every phase of development to include security, said Ben Chelf, chief technology officer at Coverity, a maker of static source code analysis tools.
"Defining the process includes thinking about coding standards for your developers to avoid potentially dangerous code constructs; thinking about how to design the system in a secure way so that there is no unintended access, even in the case where the code itself is bulletproof; and so on," Chelf said.
Security is not just something you can slap on at the end of the process after the system is put together, Chelf added. That is too late. With a good process in place that spans the entire software development life cycle, you can set up checkpoints to measure and verify that security is being addressed appropriately.
Step 2: Educate the players.
The second step in developing secure software is to educate the players in your software development organization.
Software security hasn't exactly been at the forefront of computer engineering, so chances are your developers, architects, product managers, QA (quality assurance) engineers and so on are not properly trained in what it means to design and implement secure software, Coverity's Chelf said.
"It's not just a matter of programming securely," Chelf said. "If you have a system that is perfectly implemented from a coding perspective but allows access because of poor password choices for the users, the system is still insecure. So it really does begin at the very earliest part of the software development life cycle."
Chelf said a variety of good resources, including books and online courses, are available for training developers on how systems can be compromised.
Step 3: Equip the team.
The third step to secure development is to equip team members with the tools and technologies that will help them build applications in a secure manner from the very beginning.
Chelf warned, however, that some of these tools can slow the process—something that irks business managers and developers alike.
"Make no mistake, adding security to your software development process can potentially slow down your release efforts," Chelf said. "And not only is time to market absolutely critical to your business, your developers also do not enjoy anything that is added to their process that slows them down."
Fortunately, tools are available that can help developers be more secure and more efficient, Chelf said. Static code analysis is a great way to counteract the otherwise-onerous process of manually reviewing an entire code base for security vulnerabilities—a task no one really wants to undertake, he said.
Tools and technologies are available to help organizations with verification, validation and security and to help enhance software integrity throughout the system.
"The benefits gained by discovering defects earlier in the software development process counterbalance the additional time you are asking your developers to spend in developing secure code," Chelf said. "I recommend picking tools that are designed for the developer.
Step 4: Test and test again.
The fourth step in developing for security is to employ security-testing techniques.
In the past, verification—ensuring a program did not fail—and validation—ensuring a program did what it was supposed to do—were the primary tasks a software development organization needed to address prior to release, Chelf said.
"[However,] the difference between verification/validation and security is that it is much more difficult to test for security," he said. "Testing to make sure the program runs correctly and does not fail is something observable. Testing to see if a certain failure could be exploited is much more difficult to observe."
Part of this stems from the fact that, when developing software with security in mind, you're developing against an adversary, Chelf said.
"This is a much different paradigm than simply trying to make your customers happy with features that work," he said. "And when working against an adversary, you must concern yourself with not only whether a system fails, but how exactly it fails, because that hacker will try every mode of failure he or she can to try to uncover the weakness in your system.
"The reality is that even if your application fails 99.9999 percent of the time in a secure way, some hacker out there likely will uncover that one-in-a-million failure mode to exploit your application," he said. "And that is very difficult to test for."
Step 5: Monitor the process.
Lastly, compliance with security policies should be monitored on an ongoing basis.
"Monitor compliance to security policies using an automated infrastructure," Parasoft's Kolawa said. "At a scheduled time each night, the automated infrastructure should retrieve the latest code modifications from source control and determine whether that code complies with the security policy. If a problem is found, the developer who introduced it should be notified within his or her IDE [integrated development environment] to promote fast remediation."
This step also includes security code reviews and maintaining security vigilance as applications move into production.
"No development project, no matter how well-designed or executed, will remain 100 percent secure 100 percent of the time if left to its own devices," said Andrew Zaikin, a security expert and project director at outsourcing specialist Exigen Services.
"Watch production, read production logs as they are being developed, and stay involved on a consistent and continual basis," Zaikin said.
Writing applications that interact with data sources, such as databases, XML documents, or Web Services such as Flickr or Amazon, is made easier in the .NET Framework 3.5 with the addition of a set of features collectively referred to as LINQ (Language-Integrated Query). In what follows, we start with a very brief overview of LINQ, followed by guidelines for designing APIs in relation to LINQ.
1. A Brief Overview of LINQ
Quite often, programming requires processing over sets of values. Some probably well known examples include: extracting the list of the most recently added books from a database of products; or finding the email address of a person in a directory service such as Active Directory; or transforming parts of an XML document to HTML to allow for web publishing; or something as frequent as looking up a value in a hash table.
LINQ allows for a uniform, language-integrated programming model with data, independent of the technology used to store that data.
2. Extension Methods, Func<>, Action<>, and Expression<>
Extension methods constitute a language feature that allows static methods to be invoked on instance variables. These methods must take at least one parameter, which represents the instance the method is to operate on. For example, in C#, this is done by using the this modifier on such a parameter, when defining the method:
public static bool IsPalindrome(this string s){
//implementation follows here
}
The class that defines such extension methods is referred to in this text as “sponsor” class, and it must be declared as static. To use extension methods, one must import the namespace defining their sponsor class.
Func<> objects represent a generic delegate. For example:
Func
Console.WriteLine(divide(2,3));
In this example, divide is a function that takes two integers and returns a double. The last parameter in the generic definition of a Func<> is always the return type. To represent void-returning functions, use Action<> instead.
Expression<> objects represent function definitions that can be compiled and subsequently invoked at runtime. Continuing with our example:
Expression
Func
write(divide2(2,3));
Notice how the syntax for constructing an Expression<> object is very similar to the one used to construct a Func<> object; in fact, the only difference is the static type declaration of the variable (Expression<> instead of Func<>).
source: MSDN
Microsoft has confirmed that Windows 7 is right on track for release in 2010. Concomitantly with the leaked details associated with Windows 7 Milestone 1 dropped by the Redmond company to select partners in January 2008, a potential timetable for the availability of the successor of Windows Vista was also made public. According to the leaked information on the next iteration of the Windows platform, having just reached M1, the final version of Windows 7 was to be wrapped up the end of 2009. Officially, the Redmond company has only been saying that
Windows 7 development would take an estimated three-year timeframe. However, Microsoft always failed to specify the moment when the three-year timeframe started. The debut of Windows 7 development was indeed connected with the release of Windows Vista, but this aspect only contributed to the confusion because the latest Windows client was launched to businesses in November 2006 and to the general public in January 2007. So in this context, the finalization of Windows 7 could just as easily be aimed for the end of 2009, as well as 2010.
Well, this is no longer the case. Microsoft explained that it would deliver Windows 7 three years after the consumers launch of Vista. "We are currently in the planning stages for Windows 7 and development is scoped to three years from Windows Vista Consumer GA. The specific release date will be determined once the company meets its quality bar for release," a Microsoft spokesperson revealed to Softpedia via email. Windows Vista Consumer GA means nothing more than the general availability of the operating system. In this regard, Microsoft has merely reconfirmed what it has in fact said since mid 2007, that Windows 7 is planned for 2010.
Recently, the Redmond company has delivered a build of Windows 7 for review to the U.S. antitrust regulators. This was made public via the "Joint status report on Microsoft's compliance with the final judgments."I contacted Microsoft and asked whether the new version of Windows 7 was still M1 or if the company has reached Milestone 2 (M2). The leaked timetable for Windows 7 had M1 set to expire in March, and M2 to be delivered in March/April. Outside of the confirmation quoted above, Microsoft did not comment on Windows 7 M1, M2 or the potential antitrust issues that would be generated by the connecting of Windows 7 with Windows Live Wave 3.
Microsoft's Jason Zander on Visual Studio and dynamic languages
Posted by Rhyz Labels: Developer NewsBy Scott M. Fulton, III, BetaNews
February 29, 2008, 10:10 AM
The mindsets of the dynamic language programmer and the classical, static language developer are practically different beasts. So can they share the same IDE? We spoke with the man in charge of what aims to be that one IDE, Visual Studio 2008.
Of the two dilemmas, one would probably prefer the type that Microsoft's newly appointed Visual Studio general manager Jason Zander faced this week, to the one facing the SQL Server team: holding a gala launch for a product that actually started shipping last November, as opposed to one that may end up shipping in July.
Zander is a veteran Microsoft developer, having been one of the few, original core developers of the Common Language Runtime that is now the heart of the .NET Framework. He spent eleven years championing that programming system up until last September, when he found himself promoted to a lead role with Visual Studio 2008 -- a product line he had actually been involved with before being moved to .NET over a decade ago.
Last Wednesday at the "Heroes Happen Here" gala launch party, Zander sat down with BetaNews firstly to celebrate the fact that Visual Studio was already well aloft, as launches were concerned, but then to discuss a multitude of topics in Zander's trademark explicit detail. One of them was dynamic languages -- specifically, the re-emergence of quick-and-dirty programming with pliable and embraceable dialects like IronRuby, IronPython, and the prolific D language -- and their newfound role as elements of Visual Studio programming.
But to begin, we touched on a development from Adobe that took place two days earlier: the release of its 1.0 edition of the AIR graphical Web development platform, Silverlight's principal nemesis.
source: betanews.com
Scripting languages and new application development frameworks are doing work Java once shouldered in its prime..
source:
By Paul Krill
February 21, 2008
Is Java slipping into second-tier status in the application development space? All the attention being given to its rivals these days might give off that impression.
Nearly 13 years old, the Java language and platform created at Sun Microsystems now shares the software development limelight with scripting languages such as PHP (Hypertext Preprocessor) and Ruby, as well as with Microsoft's .Net technologies.
Much touted for its ability to run on multiple platforms via the JVM (Java Virtual Machine), Java grabbed headlines for years before being seriously challenged by .Net and open source scripting variants. Today, these alternatives to Java have gained plenty of adherents. Open source CRM vendor SugarCRM, for example, chose to write its application in PHP instead of Java. "When we set out, we thought we were going to build a Java application on top of Oracle," said Clint Oram, SugarCRM co-founder. The company, however, saw PHP maturing and found it "just more accessible than Java, for the average person," Oram said.
Microsoft, meanwhile, has made its .Net platform a serious player in the enterprise space. A November 2007 report by Info-Tech Research Group stated the case for .Net becoming more popular than the Java platform in enterprises.
DotNetNuke Forge, a premier destination for open source collaboration on the DotNetNuke platform. Providing unparalled access to community developed and maintained platform extensions such as Modules, Skins, and Providers, the DotNetNuke Forge will further cultivate our rich developer ecosystem through its highly accessible project directory and robust project management tools. We are proud to partner with Microsoft's CodePlex to provide access to a world class infrastructure for managing open source projects. CodePlex offers advanced tools including a robust source code repository based on Microsoft Team Foundation Server, issue tracking, discussion forums, project team management, and free hosting services for project downloads. Please make sure you bookmark this collaborative new service today.
Cambrian
Mass-market interest prompts about-face from original plan to keep touch-screen, tabletop computer commercial.
By Paul McDougall
Feb. 5, 2008
Microsoft CEO Steve Ballmer said Monday that the company is looking to create a version of its Surface tabletop computer for consumers.
"We've had more pushback to get a consumer version of the Surface than you can shake a stick at," Ballmer said at a meeting with financial analysts. "We will follow our noses in terms of consumer interest and make a set of investments to try to take some steps toward making Surface a consumer product."
Microsoft last year introduced Surface -- a coffee table-sized computer with a horizontal, 30-inch touch screen -- as a platform that businesses could use to create interactive kiosks and entertainment devices for customers. "We talked about how we were going to bring it to market for commercial customers," Ballmer noted.
But Ballmer said a high level of consumer interest in Surface has prompted the company to invest in creating a mass-market version. He did not provide a timeframe. Surface is expected to be widely available for businesses in the spring.
Some companies in the hospitality industry already are testing the tabletop, which is powered by the Windows Vista operating system and is compatible with numerous Windows applications.
Harrah's Entertainment is contemplating using Surface at its Las Vegas casinos, including Caesars Palace, to create a "virtual concierge" through which guests can reserve concert tickets, view menus at restaurants, or book spa treatments.
Other companies that have show in interest in Surface include Starwood Hotels and Restaurants and T-Mobile USA, according to Microsoft.
While consumers could use Surface as an interactive home appliance, price could scare off many potential customers from buying the device. Microsoft has not disclosed pricing, but large touch-screen displays are typically expensive.
source: informationweek.com
Mary Jo Foley An unblinking eye on Microsoft Subscribe Alerts Bio Mobile
Posted by Rhyz Labels: Developers NewsA handful of Microsoft’s top developers are working to create a new programming language, code-named “D,” which will be at the heart of the Microsoft’s push toward more intuitive software modeling.
D is a key component of Microsoft’s Oslo software-oriented architecture (SOA) technology and strategy. Microsoft outlined in vague terms its plans and goals for Oslo in late fall 2007, hinting that the company had a new modeling language in the works, but offering no details on what it was or when the final version would be delivered.
D will be a declarative language aimed at non-developers, and will be based on eXtensible Application Markup Language (XAML), sources, who asked not to be named, said.
Sources close to Microsoft confirmed the existence of D, which they described as a forthcoming “textual modeling language.” In addition to D, sources said, Microsoft also is readying a comlementary editing tool, code-namd “Intellipad,” that will allow developers to create content for the Oslo repository under development by Microsoft. (Intellipad is the “Emacs.Net” text editor for which Microsoft has seeking developers over the past couple of months.)
source: blogs.zdnet.com
IBM's premier technical resource for software developers, providing a wide range of tools, code, and education on AIX and UNIX, IBM Systems, Information Management, Lotus, Rational, Tivoli, WebSphere, and Workplace, as well as on open standards technology such as Java™ technologies, Linux, SOA and Web services, XML, and more.
source: Codeproject.com IBM DeveloperWorks Zone
by: Gregg Keizer
January 31, 2008 (Computerworld) Microsoft Corp. has added new security-related APIs to upcoming service packs for Windows Vista and XP to expand the use of the anti-exploit technology dubbed Data Execution Prevention (DEP).
The new APIs will be included with Vista Service Pack 1, Windows XP Service Pack 3 and the brand-new Windows 2008 when those operating systems ship this quarter and next, said Michael Howard, a principal security program manager in Microsoft's security engineering and communications group.
According to Howard -- one of Microsoft's resident security gurus, who is probably best known for co-authoring Writing Secure Code -- the new APIs will allow more developers, particularly those still using older versions of ATL (Active Template Library), to call DEP in their apps.
DEP, which also goes by NX -- for No eXecute -- was introduced by Microsoft in Windows XP SP2 and expanded in Vista and Server 2008. It's designed to stop some kinds of exploits -- buffer overflow attacks, primarily -- by blocking code from executing in memory that's supposed to contain only data.
The new APIs can be used by developers working with the older ATL to enable DEP at runtime, or when the application actually launches. Previously, those programmers were forced to decide ahead of time whether their software would try to protect itself using DEP.
By John Dunbar
The great majority of consumers -- anyone whose television is hooked up to a cable or satellite service or owns a digital set -- will not be affected. Anyone who owns an older television that gets its signal via antenna, however, will need a converter box, which the government will help pay for.
Much of what consumers are learning about the looming shift to digital broadcasting is just plain wrong and could end up costing them money, according to a survey.
Some people think they need to buy new equipment when they don't, according to a Consumers Union survey, and others say they don't plan on taking any steps to deal with the change when they should.
"Confusion about the digital television transition will cost consumers a lot of money for equipment they may not want or need," Joel Kelsey, policy analyst for the Consumers Union, said Wednesday.
By Darryl K. Taft
2008-02-01
The VB development team is looking at revitalizing scripting in the core .Net languages.
REDMOND, Wash.—Microsoft is planning to bring the sexy, uh, the scripting back to Visual Basic.
In a talk entitled “Bringing Scripting (Back) to Visual Basic” at the Lang.Net conference here Jan. 31, Paul Vick, Microsoft’s principal architect for Visual Basic said now that his team has shipped Visual Basic 2008, “We found ourselves looking back a lot.”
What the team is looking back on are the days when Visual Basic was used as a scripting tool. Yet, Vick made sure to qualify his talk as an “aspirational” one.
“The main point is that the VB team is extremely interested in revitalizing scripting in the core .Net languages,” Vick said in an interview.
According to Vick, the first major hurdle is “re-architecting our compiler and editor technology so that it can be used in non-Visual Studio contexts.”
He said the VB team is starting by looking at big hosts like Office, “although we have no firm plans there at the moment,” Vick said. “But we'd like to democratize it further so that any application can easily add the power of VB to their application.”
source:eweek.com
Microsoft's Ballmer Discusses Yahoo, Google, Integration Challenges
Posted by Rhyz Labels: Industry NewsCEO Steve Ballmer said Microsoft and Yahoo would work together to create a single online advertising platform.
By J. Nicholas Hoover, InformationWeek -->
Feb. 1, 2008
Microsoft's $44.6 billion acquisition bid for Yahoo, one of the largest ever in the technology industry, would position Microsoft as a strong competitor to Google in the advertising and consumer online services market. But it also poses significant integration challenges for Microsoft and Yahoo.
"Any large integration process has risks associated with it," Microsoft CEO Steve Ballmer said Friday morning on a conference call with investors to discuss the bid. "I know we've all thought about it. We could have hired more engineers, but the market continues to grow and the leader continues to consolidate position. There's nothing like the chance to put together two large engineering organizations. A good integration actually should be quite an accelerant to progress."
Ballmer, Microsoft chief software architect Ray Ozzie, and other top executives said Microsoft and Yahoo would work together to create a single ad platform. It's unclear how the companies' portals and other services would be integrated, but Ozzie said a combined Microsoft-Yahoo would be able to create a "social platform" that could become a new entry point to the Web. "The combination of these two teams would enable us to jointly deliver a broad range of new experiences to customers that neither of us would have achieved on our own," he said.
The bid for Yahoo, at a 62% premium over the company's stock price at the end of the day Thursday, is one of the most open signs yet that Microsoft is desperate for ways to compete against Google in the world of online advertising, a market Microsoft estimates will double from $40 billion in 2007 to $80 billion by 2011. "Today this market is increasingly dominated by one player," Microsoft said in a press release. "Together, Microsoft and Yahoo can offer a competitive choice while better fulfilling the needs of customers and partners."
Kevin Johnson, president of Microsoft's platforms and services division, said on the conference call that Microsoft has already received unsolicited positive feedback on the bid from online advertisers and publishers. more
source:http://www.informationweek.com/
Campaign seeks migrations to current version of the scripting language
By Paul Krill
February 01, 2008
A Tuesday deadline has been set in which several leading open-source PHP (Hypertext Preprocessor) projects plan to stop supporting older versions of PHP in upcoming releases.
The Go PHP 5 campaign, sponsored by several PHP proponents, is intended to move the PHP developer community fully onto the PHP version 5 platform. Among the projects backing the effort are Symfony, Typo3, phpMyAdmin, Drupal, Propel, and Doctrine. These vendors are committing to use PHP 5.2 in releases developed after Tuesday.
Campaign advocates also have issued an invitation to other PHP projects to participate, and so far, about 150 software projects and about 200 Web hosters have committed.
Most PHP Web applications run in PHP 4 and 5. PHP 4 was released in 2000, while PHP 5 became available in 2004.
"We think PHP is absolutely the platform going forward," said Mark de Visser, chief marketing officer at PHP tools vendor Zend Technologies, which is supporting the Go PHP5 effort.
PHP 5 features object orientation, for enterprise application development, and Web services capabilities, de Visser said. But adoption has been slow because of issues like Web hosts that offer PHP 4 by default, Go PHP 5 said.
"No one's moving to PHP 5 because no one wants to be first," said Larry Garfield, a co-founder of the Go PHP 5 project.
Hosts will not upgrade until projects do, but projects will not upgrade until hosts do, thus presenting a chicken-and-egg situation, according to Go PHP 5's July 2007 statement. Go PHP 5 hopes to give Web hosts incentive to upgrade servers to newer versions of PHP.
Additionally, extensions to the PHP 4 platform are ceasing, according to Garfield. There will only be major security issues considered between now and August, and after that, PHP development stops, he said.
PHP 6, meanwhile, is not due for more than a year, de Visser said. It will focus on internationalization, he said.
Source :infoworld.com
