Tuesday, June 25, 2013

Oracle Brings Data Center Fabric To Sparc Systems

Oracle has prolonged its data center fabric to its Sparc-based Unix platforms, promising to let enterprises tie more servers and applications into the high-speed infrastructure which give users faster access to critical apps.

Data center fabrics are designed to make infrastructures more scalable, dynamic and flexible by tying together the various resources in the data center, which is increasingly important, given the rapid growth of such technologies as cloud computing and virtualization, as well as such trends as mobile computing and bring your own device (BYOD) and the rising demand for faster application performance.
 
Oracle Virtual Networking support to its Sparc T5, T4 and M5 servers and for the Oracle Solaris 11 OS on both Sparc and x86 hardware. It saves IT departments from having to install multiple network interface cards and host bus adapters in its physical servers, while tying together the resources in the data center at speeds up to 80Gbps (bits per second).The fabric supports a range of operating systems, including Oracle Solaris, Oracle Linux and Microsoft's Windows, and virtualization platforms, such as Oracle VM, VMware and Microsoft's Hyper-V.


Five New Features Coming In Opensuse Linux 12.3

The new & important feature in this version is 'Secure Boot'.


Here is details of all changes :-
  1. 'Secure Boot' support
"The good news is that OpenSuse 12.3 RC2 can boot perfectly with Secure Boot enabled in our UEFI firmware," he added.
  1. The E17 desktop
Anyone who has ever checked out Bodhi Linux has already seen the beautiful E17, or "Englightenment," desktop, and that's now offered in OpenSuse 12.3 as well. Also now included are the Sawfish and Awesome window managers.
  1. New database options
Another new addition in OpenSuse 12.3 is open source database software PostgreSQL 9.2, which comes with Native JavaScript Object Notation (JSON) support. Meanwhile, MariaDB has replaced MySQL as the operating system's default database package.
  1. In the cloud
For cloud users, meanwhile, OpenSuse 12.3 is the first OpenSuse version to offer a complete OpenStack "Folsom" release.
  1. A raft of updates
OpenSuse 12.3 includes numerous key updates, including Linux kernel 3.7.9, Gnome Shell 3.6.3, Firefox 19, Thunderbird 17.0.3, Wine 1.5.23, PulseAudio 3.0, and DigiKam 3.0.

Tuesday, June 18, 2013

Javascript Hooks Back Into Top 10 Programming Languages

Regardless of the buzz, JavaScript manages only a 10th place showing in index, while C holds top place




JavaScript, while possibly the language with the most buzz these days, however continues to score comparatively low in the index of popular programming languages. But the popular Web development language crawled back into the top 10 in the index. 

Ranked 10th, JavaScript turns up in just 1.64 % of Internet searches used to compile. It is still a bit of a miracle why this universal language is not yet part of the top 5. JavaScript is the glue of client-side Web page programming now a days. But JavaScript is presently booming its application domain. Node.js has made JavaScript a server-side programming language and the amount of JavaScript-based games (mostly browser-based) is increasing.
I can't find any credible reason for the relatively low score of JavaScript. JavaScript is never or barely ever used as a standalone language. It is always the supporter language of a system that is programmed in something else. For example - server-side Java or PHP and client-side a bit of JavaScript. 

Still, JavaScript bears threats such as being regarded as a language in which it is simple to make mistakes. This is why Google has highly-developed Dart, presently hierarchic 80th in terms of popularity and a possible JavaScript successor. In the meantime, other languages, such as CoffeeScript and TypeScript, were designed to create JavaScript code instead of writing it manually. 

Competitor PyPL Popularity of Programming Language Index, which examines how frequently tutorials are searched in Google, JavaScript Position sixth, with an 8.2 % share. Ahead of JavaScript in the PyPL index were Java (26.9 %), PHP (14.3 %), C# (10.4 %), Python (10.2 %) and C++ (9.4 %). The C language leaded first place turning up in 17.809 % of searches, followed by Java (16.656 %), Objective-C (10.356 %), C++ (8.819 %), PHP (5.987 %), C# (5.783 %), Visual Basic (4.348 %), Python (4.183 %), and Perl (2.273 %).




Friday, June 14, 2013

Oracle Reveals Plans For Java Security Improvements

Oracle plans to make changes to strengthen the security of Java, including fixing its certificate revocation checking feature, preventing unsigned applets from being executed by default and adding centralized management options with whitelisting capabilities for enterprise environments. These changes, along with other security-related efforts, are intended to "decrease the exploitability and severity of potential Java vulnerabilities in the desktop environment and provide additional security protections for Java operating in the server environment.

 
The development team has expanded the use of automated security testing tools, facilitating regular coverage over large sections of Java platform code. The team worked with Oracle's primary provider of source code analysis services to make these tools more effective in the Java environment and also developed so-called "fuzzing" analysis tools to weed out certain types of vulnerabilities. 

The apparent lack of proper source code security reviews and quality assurance testing for Java 7 was one of the criticisms brought by security researchers in light of the large number of critical vulnerabilities that were found in the platform.The changes were meant to discourage the execution of unsigned or self-signed applets. "In the near future, by default, Java will no longer allow the execution of self-signed or unsigned code."
Such default behavior makes sense from a security standpoint considering that most Java exploits are delivered as unsigned Java applets. However, there have been cases of digitally signed Java exploits being used in the past and security researchers expect their number to increase. 

Because of this it's important for the Java client to be able to check in real time the validity of digital certificates that were used to sign applets. At the moment Java supports certificate revocation checking through both certificate revocation lists (CRLs) and the Online Certificate Status Protocol (OCSP), but this feature is disabled by default.
Oracle is making improvements to standardized revocation services to enable them by default in a future release. Unlike most home users, many organizations can't afford to disable the Java browser plug-in because they need it to access Web-based business-critical applications created in Java.

Local Security Policy features will soon be added to Java and system administrators will gain additional control over security policy settings during Java installation and deployment of Java. Even though the recent Java security issues have generally only impacted Java running inside browsers, the public coverage of them has also caused concern among organizations that use Java on servers.As a result, the company has already started to separate Java client from server distributions with the release of the Server JRE (Java Runtime Environment) for Java 7 Update 21 that doesn't contain the browser plug-in.

12 Apis Every Programmer Should Know About !

Have a look on the following -



  1. GeoNames :- GeoNames turns strings of characters into latitudes and longitudes. The database includes both geographic names and political entities.
  1. FlightStats :- FlightStats tracks the thousands of planes moving through the air, watching for the delays and reroutings that can scuttle plans. The API can answer whether a flight is on time, canceled, or being sent to a different airport.
  1. FollowTheMoney :- Follow the money has been used several times in investigative journalism and political debate. One example is Follow the Money, a series of CBS reports. You Search by state, year, candidate, party, office, and many other fields. Content is available under a Creative Commons license and is not to be used for commercial purposes.
  1. USA.gov :- The world is full of fakes, and the social media world does not reflect the very best. This is why the U.S. government created a definitive list of official social media accounts.
  1. StockTwits :- StockTwits is a collection of words written about the stocks. The API offers a wide range of open and premier queries on the stocks, forex, and bonds.
  1. Yahoo Content Analysis :- The API requires use of Yahoo Query Language and is limited to 5,000 queries a day for noncommercial purposes.
  1. Moodstocks :- Moodstocks offers a full-featured library for iOS and Android developers, as well as tools for uploading images to the server that performs all computational matching.
  1. MusixMatch :- MusixMatch offers an API with basic searching, as well as a PHP library, an Android plug-in, Perl, Ruby, and more.
  1. OpenStreetMap :- OpenStreetMap offer an API for editing the map data and another one for displaying the data in a Web page. Not only are you encouraged to use their map data, you're welcome to add to their collection.
  1. Panoramio :- Panoramio offers an API for searching geo-linked photos along with a widget for displaying them.
  1. 3D Geo Stats :- 3D Geo Stats is like the classic map API, but the data is drawn on top of a 3D globe in a Flex component.
  1. New York Public Library :- Sure you could travel to New York and enjoy a Broadway show on the side, but it's cheaper and faster to just browse the stacks of the New York Public Library through its API.

Thursday, June 13, 2013

jQuery 2.0 drops support for old versions of Internet Explorer.

Here are some highlights of the changes that jQuery 2.0 brings:


  1. No more support for IE 6/7/8 : Remember that this can also affect IE9 and even IE10 if they are used in their “Compatibility View” modes that emulate older versions. To prevent these newer IE versions from slipping back into prehistoric modes, you have always use an X-UA-Compatible tag or HTTP header. If you can use the HTTP header it is slightly better for performance because it avoids a potential browser parser restart.
  1. Reduced size: The final 2.0.0 file is 12 percent smaller than the 1.9.1 file. You can now exclude combinations of 12 different modules to create a custom version that is even smaller. 
  1. Custom builds for even smaller files: This feature has been greatly refined and extended since its debut in jQuery 1.8. A new minimal selector engine, basically a thin wrapper around the browser’s querySelectorAll API, lets you shrink the build to less than 10KB when minified and gzipped. 
  1. jQuery 1.9 API equivalence: jQuery 2.0 is API-compatible with 1.9, which means that all of the changes documented in the jQuery 1.9 Upgrade Guide have been applied to jQuery 2.0 as well. If you haven’t yet upgraded to jQuery 1.9, you may want to try that first. Be sure to use the jQuery Migrate plugin.
How to Use It
jQuery 2.0 is intended for the modern web; we’ve got jQuery 1.x to handle older browsers and fully expect to support it for several more years. If you want, you can serve 2.0 to newer browsers and 1.9 to older ones using our conditional comment trick, but that is not required. The simplest way to support older browsers is to use jQuery 1.x on your site, since it works for all browsers.
With the release of jQuery 2.0, there are a few environments where the jQuery will no longer support use of the 1.x line because 2.x is a far better choice. These are typically non-web-site scenarios where support for older IE isn’t relevant. They include:
  • Google Chrome add-ons
  • Mozilla XUL apps and Firefox extensions
  • Firefox OS apps
  • Chrome OS apps
  • Windows 8 Store (“Modern/Metro UI”) apps
  • BlackBerry 10 WebWorks apps
  • PhoneGap/Cordova apps
  • Apple UIWebView class
  • Microsoft WebBrowser control
  • node.js (combined with jsdom or similar)



Dropbox Acquires Recently-Launched Email App Mailbox !

Is it a good service or not?


Dropbox announced that it has acquired email app Mailbox . Like many of you, when we discovered Mailbox we fell in love-it was simple, delightful, and beautifully engineered," 
 
One reason Dropbox may have been interested in Mailbox is because people often use Dropbox instead of attaching large files to emails. Gmail recently rolled out a feature that lets users attach files to emails seamlessly using Google Drive, which arguably reduces the usefulness of Dropbox since you have to visit another site to access your files. 

While there are no signs that Dropbox will announce its own email service, receiving Dropbox attachments inside messages from Mailbox users could be both smart and easy marketing.
Or maybe Dropbox is just eager to bring new, design-focused, cloud-centric companies into the fold. The developer says that 60 million emails are going in and out per day, and the company’s service capacity has grown 2,000x.


Wednesday, June 12, 2013

How HTML5 apps as a programming platform, not a Web page ?

Treat HTML5 apps as a programming platform, not a Web page

HTML5 is the latest version of Hypertext Markup Language. It’s very easy to learn even for a beginner. The interest about HTML5 is increasing day by day and the number of web professionals adopting this technology is also increasing rapidly. HTML5 also reduces the use of scripting languages and it’s more SEO friendly. HTML5 use in Web applications to run on a variety of devices, including tablets, mobile phones, and laptops with touchscreens.



  1. Most Developers Now Prefer HTML5 For Cross-Platform Development :- Now a days most of developers prefer to work with HTML5 instead of native apps for their cross-platform development. Only 15% of developers said they would prefer to use a native-only approach. Mostly developers said they were interested in developing for Windows 8 (66%) and ChromeOS (47%), in Blackberry 10 (13%) and Tizen (8%).
  1. HTML5 application caught up to native, or not :- When we build an HTML5 app, we can't build it like you build a Web page. If you treat it like a Web page, you're going to have slow performance. You have to treat it like a programming platform. That's where our framework comes in, which is you treat the browser as a rendering platform but create all your user interface and all your app logic in JavaScript. That allows you to dynamically add and subtract screen elements on the fly and get much, much better performance. HTML5 is better for native performance for Android and iOS.
  1. Programming HTML5 Applications :- Building Powerful Cross-Platform Environments in JavaScript : HTML5 is not just a replacement for plugins. It also makes the Web a first-class development environment by giving JavaScript programmers a solid foundation for building industrial-strength applications. This practical guide takes you beyond simple site creation and shows you how to build self-contained HTML5 applications that can run on mobile devices and compete with desktop apps.
  1. HTML5 for mobile developers :- HTML5 specification coming to fruition, browser-based mobile apps are rapidly catching up with the natives. It's really the iPad as the tablet device; on phones, it's BlackBerry phones, a little bit of Windows Phone, and iOS and Android. That's the trend for everything.HTML5 has some key specifications from which mobile Web apps can benefit. Here are few note worthy ones :-
  • Canvas drawing (2D Drawing API)
  • Touch events
  • Geolocation API (GPS / Cells or WiFi)
  • Application cache
  • Local Storage
  • Multimedia

Now Days Software engineers spend lots of time not building software. How many of you agree?

Software engineers spend more time on administration and other tasks than they do on actual application design and coding.




















In the survey, design and coding take up more hours than any other single process in a software development project: an average of 19.1 hours per week. Brainstorming and collaboration take up 6.7 hours. Administrative tasks, such as dealing with email and meetings, take up 5.8 hours. Software engineers spend 3.7 hours waiting for tests to complete, 3.5 hours waiting for builds to complete, and 2.7 hours on environment management -- or 9.9 hours in total for these housekeeping functions. Collectively, all the non-design and non-coding tasks take up 22.4 hours per week out of the 41.5 hours worked in total.
The survey also polled others involved in the software development processes, including test engineers, technical architects, project managers/test leads, and product managers.

Friday, June 7, 2013

5 Dangerous Web Application Flaws Coveted By Attackers !

Ninety-nine percent of applications have one or more vulnerabilities. Many of the high-profile data breaches over the past several months were the result of a common Web application vulnerability. While it may be impossible to eliminate all flaws in Web applications, software security experts say eliminating the most commonly targeted errors could help magnify the risk of many automated attacks. These are the following points :-

 
1. Cross site scripting bother continues

Cross site scripting vulnerabilities appear 61 percent & it is the most commonly detected vulnerabilities in Web applications. It enables an attacker to send malicious scripts by shifting the script from an otherwise trusted URL.They can be detected with a Web application security scanner or blocked using a Web application firewall.

2. Information leakage errors a serious threat

Information leakage accounted for only 17 percent of Web applications, but the danger posed by the vulnerability makes finding and eliminating them extremely critical. Web applications can leak information in a kind of ways. Poorly implemented encryption also can yield information to an attacker.


3. Session management most common error

 
Session management vulnerabilities were detected in 80 percent of applications, more than any other application vulnerability class. Attackers can take advantage of poorly implemented session management, enabling them to interject themselves as valid website users. 

4. SQL injection rising

 
SQL injection accounted for 16 percent of all Web applications. While all other classes of vulnerabilities saw declines in but SQL injection has risen. SQL injection is a favorite vulnerability of attackers because automated scripts can be used to get a website to send a malicious SQL command to the underlying database in an effort to expose its content. 
 
Cross Site Request Forgery (CSRF) accounted for 22 percent of all Web applications tested. The class of vulnerabilities that make up CSRF allows attackers to send per-authenticated but unauthorized commands using credentials that the application trusts. Attackers can use a CSRF attack to ride the session of an individual on a particular website by using the victim’s browser credentials. In addition to the browser, an attacker can use a malicious script in a Microsoft Office document or Flash file that exploits CSRF. 

Critical denial-of-service flaw in BIND software puts DNS servers at risk.

The BIND software maintainers support server administrators to disable regular expression support or install patches as soon as possible.

 

BIND is by far the most widely used DNS (Domain Name System) server software on the Internet. It is the de facto standard DNS software for many UNIX-like systems, including Linux, Solaris, various BSD variants and Mac OS X. A flaw in the widely used BIND DNS software can be exploited by remote attackers to crash DNS servers and affect the operation of other programs running on the same machines.
The vulnerability can be exploited by sending specifically crafted requests to vulnerable installations of BIND that would cause the DNS server process -- the name daemon, known as "named" -- to consume excessive memory resources. This can result in the DNS server process crashing and the operation of other programs being severely affected. BIND 10 is not affected by this vulnerability.


Thursday, June 6, 2013

Oracle unveils faster servers with T5 microprocessors.

Oracle has refreshed its SPARC family with the world’s fastest processor and launched the world’s fastest single server for Database, Java and multi-tier applications.


Oracle also announced two new Oracle Optimized Solutions that exploit the performance, reliability and value of SPARC T5 servers, Oracle storage, Oracle Database and Oracle Middle ware. These new solutions help maximize application performance and availability while lowering acquisition cost and operating expenses.
Servers built with Oracle's new T5 microprocessors have beaten several performance records and run business databases and applications much faster than previous versions.

When Oracle bought Sun, a lot of people thought the SPARC microprocessor was a real laggard and would never catch up. We've done better than catch up.

Why developers are turning to API services ?


It Companies and respective developers alike are heavily leveraging API-based access to data and services, especially for mobile and cloud apps. And they're getting an increasing scope of technologies to choose from for managing all those API processes.
Companies acquired Layer 7 Technologies, MuleSoft, Temboo, and WSO2 are tackling the API management need. Some secure API access, some provide an API exchange, and some provide cloud-based conduits to APIs :-
  • Layer 7's API management suite offers back-end data and application integration, mobile capabilities, cloud orchestration, and developer management.
  • MuleSoft's Any Point platform connects applications, APIs, and data sources across on-premise and cloud systems.
  • Temboo offers a library of common-access APIs, with links to systems such as Facebook.
  • WSO2's API Manager enables publishing of APIs, managing a developer community, and routing API traffic.  
In some ways, API management is a follow-up to service-oriented architecture (SOA), an approach to modular, orchestrated software delivery that was the "it" enterprise technology in the mid-2000s but later fell out of favor as too academic and abstract for businesses paying the software architecture bills. Nonetheless, SOA's principles remain as valid as ever and have continued to be used -- especially in cloud offerings -- even as few vendors and developers dare speak the term.
API management vendor Layer 7 also views API management as the SOA successor, with SOA now geared to behind-the-firewall operations and API management to exposing data over the Internet to mobile applications and cloud services. SOA strategies mostly target internal users while open Web APIs target mostly external partners. API management requires developer portals, key management, and metering and billing facilities that SOA management never provided.
Because of the proliferation of API-enabled data access from corporate applications via mobile devices, lighter-weight REST-based APIs are gaining prominence over more-complex SOAP APIs. API management vendors such as WSO2 and Layer 7 have thus added REST support in their tools.

Monday, June 3, 2013

Old Java can learn new tricks from C, Android

Experts say the language should crib app isolation, locality, and automated parallelism from more modern sources.
 
Java and its linchpin JVM (Java Virtual Machine) still have much room to get better even after debuting 18 years ago, say experts who would like improvements in such areas as locality, application isolation, and parallel operations.

The JVM, which has provided a mechanism to run Java applications on multiple hardware platforms, could be fitted with capabilities similar to the C language's struct feature, providing benefits in locality by improving linkage between memory and processors. "[Struct] gives advantages in the area of footprint," and provides a lightweight object with fields and no methods.

Java and mobile applications in particular, meanwhile, could benefit from Google Android's "failsafe" capabilities enabling application isolation Automated parallel operations for the Java language and runtime are desirable. Lambda capabilities in Java Standard Edition 8 bring this closer to happening via an API, but it would like to see parallelism go a step further. "Ideally, what you'd like to be able to have is a language and a run time that you don't have to express it explicitly. It just figures this out automatically."