Tech hath no fury like a multi-billion dollar social media giant scorned.

In the latest turn of the developing scandal around how Facebook’s  user data wound up in the hands of Cambridge Analytica — for use in the in development in psychographic profiles that may or may not have played a part in the election victory of Donald Trump — the company has taken the unusual step of suspending the account of the whistleblower who helped expose the issues.

Suspended by @facebook. For blowing the whistle. On something they have known privately for 2 years.

In a fantastic profile in The Guardian, Wylie revealed himself to be the architect of the technology that Cambridge Analytica used to develop targeted advertising strategies that arguably helped sway the U.S. presidential election.

A self-described gay, Canadian vegan, Wylie eventually became — as he told The Guardian — the developer of “Steve Bannon’s psychological warfare mindfuck tool.”

The goal, as The Guardian reported, was to combine social media’s reach with big data analytical tools to create psychographic profiles that could then be manipulated in what Bannon and Cambridge Analytica  investor Robert Mercer allegedly referred to as a military-style psychological operations campaign — targeting U.S. voters.

In a series of Tweets late Saturday, Wylie’s former employer, Cambridge Analytica, took issue with Wylie’s characterization of events (and much of the reporting around the stories from The Times and The Guardian). 

Meanwhile, Cadwalldr noted on Twitter earlier today she’d received a phone call from the aggrieved whistleblower.

Plaintive phone call from Chris: he’s also banned from WhatsApp.
And – outraged voice! – Instagram.
“But how am I going to curate my online identity?” he says.
The Millennials’ first great whistleblower? And @facebook hitting him where it hurts 

Not cool, Facebook. Not cool at all.

Source: TechCrunch

10 books every web developer should read to increase their software IQ

When wannabe developers ask what books they should read, I usually respond “First off, just read.” A large part of the software development process is reading other people’s’ code. That said, the best thing you can do to improve as a developer is to read anything that will sharpen your speed and comprehension skills.  The more effective you become at reading, the more efficient you will become in your day-to-day work building software.  The following however, are books that if you have not yet read them, will have the most significant impact on your software IQ.

Moonwalking with Einstein by Joshua Foer and Mike Chamberlain – Google is great, but for all the convenience it offers, it really has deteriorated true learning. Why memorize what you can look up, right? And, if you don’t have a solid understanding of how to improve your memory, you really have no other option. Most developers are not taught memorization techniques and never even make an attempt to get better. As a result, mobile devices have become a crutch, and it shows. Today’s developers struggle to produce more than a few lines of code without referencing Google and then StackOverflow. Looking up language nuances or a specification when you are coding is a time sink. Guessing the signature of a function a few times and then looking it up is an even bigger time sink. But there is another way. This book teaches specific tactics to get the most out of focus, chunking, and repetition so that when you have to recall shortcut keystrokes, status codes, or the arguments to a function, you can do so easily. The author reveals tips about how humans with the best trained memories compete in memorization competitions and how he learned techniques over a very short period of time.

You Don’t Know JS by Kyle Simpson – This is a series of books that collectively should be treated as the bible for JavaScript. Every JS developer should read it and maintain a copy in the closest night stand drawer. The author has even provided the full copy of each book online if you would like to read it for free on GitHub. It’s a tough read, and slow going for most. The volumes are each little booklets that usually require a couple of passes to absorb it all, but each of the 7 volumes will deepen your knowledge of some of the trickier parts of JavaScript.

Clean Code by Robert C. Martin – The author of this book is referred to with reverence in the software community as “Uncle Bob” and is well known for his numerous conference talks about writing well organized and maintainable code. After reading this book developers will likely spend more time thinking about why we write code in a particular way and what that our styles and habits say about the seriousness of our approach to the craft. Uncle Bob’s principles will allow you to identify code smells (the difference between good code and bad), and better yet, a process you can use to clean up and refactor your code to make it more readable and maintainable.

Software Craftsmanship: The New Imperative by Pete McBreen – The principles in this book align well with Clean Code. It differs in that it talks more about the art, than the science of software. Reading it will help developers figure out how to deliver value to customers via software. It addresses collaboration with stakeholders, project management, and more of the soft skills that are needed to really be a master at the craft. There is even a chapter on managing software craftsmen that will help developers better understand the relationship between those that code and those that lead.

7 Languages in 7 Weeks: A Pragmatic Guide to Learning Programming Languages by Bruce Tate – The ability to learn fast and pick up new languages gives developers a real edge in today’s market. This book will help developers become decent at reading the code of these new languages, and understand the role they play, even if you’re not planning to become a polyglot (one who has mastered many languages). The point to learning a bit of 7 languages in 7 weeks is to gain a generalist’s knowledge. This allows a developer to better compare and contrast languages, and should strengthen the mastery of those used more regularly. If you’re curious about the 7 languages that are covered in the book, it examines Clojure, Haskell, Io, Prolog, Scala, Erlang, and Ruby. Using this 7 week approach you will learn, or be reminded of, programing paradigms that have evolved over time. Many have strengths that make the languages best suited to solve particular types of challenges. Others demonstrate the fad-like nature of how engineers work for a few decades, and then collectively decide the old way is boring, and the new way is “the only way” to code well. JavaScript programming, for example, can be done in a functional, object oriented, or procedural style. This book will inspire you to take a look at languages that are more focused on one or two of those methods and take a deeper dive into how each language implements common design patterns.

7 Databases in 7 Weeks: A Guide to Modern Databases and the NoSQL Movement by Eric Redmond and Jim Wilson – By gaining exposure to 7 different databases, developers can broaden their ability to pick the right database solution for each new problem they encounter, versus feeling stuck with using the one or two solutions that are most familiar to them. This book will give developers the confidence to conquer building applications using any database. Even those databases that first appear to be unique will suddenly seem very similar to those used quite commonly by today’s developer community.

JavaScript the Good Parts by Douglas Crockford – JavaScript is moving really fast these days. So fast, that some people skip learning the basics and focus on mastering frameworks and libraries before they have a deep understanding of “vanilla” or pure JavaScript. In this book you will go back to basics and learn many of JavaScript’s nuances and what pitfalls to avoid. Since there are so many libraries and frameworks, software developers need to be able to evaluate libraries and frameworks quickly. This book serves as a guide for best practices. Even if you decide not to follow them, understanding Douglas’ decision making process and rational will help you get better at evaluating other people’s code. It will help you refine your ability to not just say what you don’t like, but articulate why. Understanding why some areas of JavaScript should be avoided will also help you craft better software, and think more about design patterns that will stand the test of time.

Think and Grow Rich by Napoleon Hill – Success in software development parallels success in life. The principles that you can learn and see practical application of in this book will make you more productive and mentally successful. Personal and professional achievement requires a productive thought process and success oriented mentality. This book was published almost a century ago, but its stories are just as applicable to the life of a success-minded individual today.

How to Win Friends and Influence People by Dale Carnegie – From an outsider’s perspective writing code is thought to be one of the most important skills of a software engineer. However, being able to listen and communicate effectively is far more important. Simply having a great idea or design for how to build something is wonderful, but being able to effectively communicate that idea, get buy-in and the “green light” to build is another. This book will provide anyone – even developers – with the tools to negotiate and be empathetic to stakeholders. Use this book to get better at setting and managing expectations. After reading and practicing the techniques you will be well-equipped to understand others and motivate them to embrace your solutions, so you can spend more time building things you love.

HTML & CSS: Design and Build Web Sites by Jon Duckett – This is the book you will set on your office coffee table, and every time you pick it up you will learn something new. It is not a book you will read cover to cover, but it is one that you will return to frequently and digest it in small chunks. It is beautifully illustrated and the examples of code make HTML come alive. As much as we like to think we know the fundamentals, this book is packed with implementations of HTML and CSS specifications that developers can come back to over-and-over and still learn each time. Use it like a dictionary to look something up (when Google is not handy), or when you just want to refine your knowledge of designing websites.  On your coffee table it will make you look like the hipster coder we all aspire to be.

Postman announces new API development platform for the enterprise

Postman has announced the release of Postman Enterprise, a new solution designed to expand on the features of its API development solution Postman Pro. Postman Enterprise was created to provide enterprise users with new and improved security and enterprise-only features.

“Enterprises want the option for their developers to use Postman, but within a safe, secure and enterprise-controlled environment,” said Abhinav Asthana, CEO and co-founder of Postman. “These organizations now have the option to make all of their API development faster, easier and better with Postman Enterprise.”

The new release features Single Sign-On (SSO), allowing organizations to more easily and securely manage team members’ access to API development work within a Postman instance. Postman Enterprise already supports multiple SSO providers such as Okta, OneLogin, Duo, Ping Identity, AD FS, and GSuite. Going forward, the company plans to add new providers based on customer need. Postman will also be providing SAML 2.0-compliant identity provider support.

Postman Enterprise will also provide audit logs, allowing customers to track activities within teams, especially when they are collaborating on code, the company explained. With this feature, users will be able to review every change and see who made the change and when.

In addition, the solution will offer extended support and billing such s additional self-server options designed for larger organizations with more structured policies on procurement, provisioning, and customer success.

Equifax reported the cost days after its former CEO testified before the Senate saying he doesn’t know who attacked them.


Equifax reported costs of $87.5 million due to its “cybersecurity incident.” Despite massive fallout from one of the largest data breaches in history, Equifax still reported a 4% increase in revenue for the third quarter of 2017, compared to Q3 2016.

The company did report profit losses of 27%, however, which may be due to the money it has had to dedicate to what it described as production costs, professional fees, and consumer support.

Dedicating $87.5 million to addressing the costs of such a massive breach may not have produced any tangible security results for Equifax, or at the very least helped it figure out who attacked them.

Mr. Smith goes to Washington

Former Equifax CEO Richard Smith testified before the Senate on Wednesday, revealing that the company still had no idea who was behind the attack. He did, however, note that they knew precisely why the attack happened: An unpatched Apache vulnerability.

The breach in question was reported and assigned a CVE number in March 2017. It was even given a rating of 10—the most critical score on the scale. Despite that, the Apache server at Equifax running the vulnerable software remained unpatched as of May, leading to the theft of over 145 million customer profiles.

This isn’t a unique incident—throw a dart at a list of major security incidents in the past few years and you’re likely to hit one that was caused by unpatched vulnerabilities. From WannaCry to all the vulnerabilities leaked by the Shadowbrokers (all of which have been patched by Microsoft), hackers are largely targeting systems with known, exploitable vulnerabilities.

Don’t get stuck with the bill

The average data breach is nowhere as costly as Equifax’s, but at $3.62 million it could still be enough to cripple a new or growing business. Not everyone can bounce back as easily as a behemoth like Equifax—even big companies like Yahoo have been crippled by the attacks they’ve faced.


There’s a key lesson for business leaders to take away from the Equifax breach and the muddled, unclear responses the Senate got out of Smith and former Yahoo CEO Marissa Mayer: Don’t get caught with your cybersecurity pants down.

Had Equifax simply taken the time to patch a vulnerability, Mayer would have been alone at that Senate hearing.

It didn’t, though, and that should be a wakeup call to everyone.

The top three takeaways for readers:

  1. Equifax’s third quarter earnings revealed that the company lost $87.5 million dealing with its recent data breach, which may have led to a profit loss of 27% over Q3 2016.
  2. Despite huge recovery spending, former Equifax CEO Richard Smith said the company still had no idea where the attack came from. They do know what happened, though: It failed to apply an Apache patch that could have stopped it.
  3. The average data breach costs far less than Equifax’s, but the average breach still has a similar theme: Unpatched vulnerabilities. Keep your systems up to date to avoid a similar fate.

The International Organization for Standardization (ISO) C++ committee has voted on changes to the draft version of C++20 during its fall meeting in Albuquerque, New Mexico over the weekend.

According to committee chair Herb Sutter, ISO looked at range-based for statements with initializer; bit-casting object representations; and operator ⇔ for C++20.

The committee has allowed initialization for the range-based for loop, followed the C++ Core Guidelines scoping recommendations, added the new header , adopted Sutter’s proposal for the ⇔, approved extensions to the standard library, and did a lot of cleanup to make the language simpler to use.

Also discussed was the Modules technical specification (TS) ballot comments. TS refers to a document that is separate from the main standard where the committee can gain experience with new features, according to Sutter.

“A primary goal of the meeting was to address the comments received from national bodies in the Modules TS’s comment ballot that ran this summer,” Sutter wrote in a post. “We managed to address them all in one meeting, as well as deal with most of the specification wording issues discovered in the process of responding to the national comments.”

The committee will continue to work towards approving the Modules TS for publication as well as clean up some the language used.

“It will be great to get the TS published, and continue getting experience with implementations now in progress, at various stages, in all of Visual C++, Clang, and gcc as we let the ink dry and hammer out some remaining design issues, before starting to consider adopting modules into the C++ draft standard itself,” Sutter wrote.

Facebook open sources new build features for Android developers

Facebook is building on its open-source performance build tool, Buck, to speed up development and minimize the time it takes to test code changes in Android apps.

Buck is designed to speed up builds, add reproducibility to builds, provide correct incremental builds, and help developers understand dependencies. The company first open sourced the solution in 2013.

“We’ve continued to steadily improve Buck’s performance, together with a growing community of other organizations that have adopted Buck and contributed back. But these improvements have largely been incremental in nature and based on long-standing assumptions about the way software development works,” Jonathan Keljo, software engineer at Facebook, wrote in a post. “We took a step back and questioned some of these core assumptions, which led us deep into the nuances of the Java language and the internals of the Java compiler.”

According to Keljo, the team has completely redesigned the way Buck compiles Java code in order to provide new performance improvements for Android engineers.

The solution is also introducing rule pipelining, which Keljo says is designed to shorten bottlenecks, and increases parallelism to reduce build times by 10 percent.

“Buck is usually able to build multiple rules in parallel. However, bottlenecks do occur. If a commonly used rule takes awhile to build, its dependents have to wait. Even small rules can cause bottlenecks on systems with a high enough number of cores,” Keljo wrote.

Rule pipelining now enables dependent rules to compile while the compiler is still finishing up dependencies. This feature is now available in open source, but is not turned on by default.

The company is also announcing source-only stub generation to flatten the dependency graph and reduce build times by 30 percent.

“Flatter graphs produce faster builds, both because of increased parallelism and because the paths that need to be checked for changes are shorter,” Keljo wrote.

More information is available here.

Stack Overflow: Angular and Swift are dramatically rising in popularity

Stack Overflow is taking a look at the most dramatic rises and falls in developer technologies. According to its data, Apple’s programming language for iOS development, Swift, and Google’s web framework Angular are getting a lot of attention from developers today.

“Life as a developer (or data scientist, in my case) involves being comfortable with changing technologies,” Julia Silge, data scientist at Stack Overflow, wrote in a post. “I don’t use the same programming languages that I did at the beginning of my career and I fully expect to be using different technologies several years from now. Both of these technologies grew incredibly fast to have a big impact because they were natural next steps for existing developer communities.”

The data is based off of Stack Overflow “questions by” tag.

The data also shows Google’s mobile IDE Android Studio, Apple’s iPad and Google’s machine learning library TensorFlow with remarkable growth over the past couple of years.

Technologies that have had a decrease in interest within the developer community include JavaScript framework Backbone.js, game engine Cocos2d, Microsoft’s Silverlight, and Flash framework Flex.

Stack Overflow also looked at technologies with the highest sustained growth since 2010. The report found Angular.js, TypeScript, Xamarin, Meteor, Pandas, Elasticsearch, Unity 3D, machine learning, AWS and dataframe have grown at a high level over the past couple of years.

“Several of these technologies are connected to the growth of data science and machine learning, including Pandas and the dataframe tag,” wrote Silge. “Others occupy unique positions in the software industry, such as the ubiquitous search engine Elasticsearch and the game engine Unity. These technologies are diverse, but they all have grown at strong and steady rates over the past 5 to 7 years.”

Hackers are getting an earlier start when it comes to bug hunting careers, according to a new report. Bugcrowd has released its second annual report, Inside the Mind of a Hacker 2.0, which details the demographics and motivations of the bug hunting community.

The report found that bug bounty programs are up more than 77 percent from 2016, and that this increase provides opportunities for professions to actually earn a living from bug hunting. In fact, 27 percent of bug hunters aim to do this full-time.

According to the report, 71 percent of bug hunters are 18-29 years old, compared to 11 percent last year. This indicates that there is more of an interest in bug hunting with young professionals. Eighty two percent have completed some form of higher education and 16 percent have a master’s degree or higher.

The report also notes that more than half of the hunters have full time jobs and 19 percent a full-time bug hunter, an increase of 26 percent from last year. In addition, it shows that 62 percent of bug hunters invest what they earn back into tools and training that will help them be more efficient bug hunters. Other findings include 26 percent are driven by professional development and 44 percent ranked the challenge as their top motivator, wanting to put themselves ahead of their peers.

“The pace of innovation has exponentially grown the attack surfaces beyond the availability of capable cybersecurity professionals which has left organizations open to destructive cyberattacks,” said Ashish Gupta, CEO of Bugcrowd. “The best defense is a good offense. The Crowd fights fire with fire. Committed to helping global organizations identify vulnerabilities, this diverse community of talented security researchers identifies vulnerabilities before adversaries can, expanding security coverage for organizations and ultimately ensuring the safety of the Internet.”

This report was based on trends of more than 65,000 researchers in the Bugcrowd community. The company says it describes five different types of security researchers: knowledge seekers, hobbyists, full-timers, virtuosos and protectors.

Node.js 9 released as version 8 enters long-term support

The Node.js Foundation announced the release of version 9 of the Node.js JavaScript runtime today, while Node.js 8 is going into long-term support.

The community-driven, open-source library has seen use in enterprise applications, robotics, API toolkits, serverless apps, mobile websites and others, according to the foundation, and long-term support means companies should begin migrating to version 8.

The foundation says version 8 was one the biggest releases from the platform’s community, bringing 20% faster performance in web apps than the previous version 6.

“A top priority for enterprises is to ensure applications are performant. New features like HTTP/2 and the latest V8 JavaScript Engine deliver the performance global organizations require to run their business at scale,” said Mark Hinkle, executive director of the Node.js Foundation. “Node.js builds are growing faster than ever thanks to the long-term support strategy, and the large and active community that includes 13 working groups, 21 members of the Technical Steering Committee, and more than 1,600 contributors to Node.js united under the Node.js Foundation.”

Updates in Node.js 8 bring V8 JavaScript Engine 6.1 and HTTP/2 support on board, along with updates to the Node.js API allowing for better stability and future-proofing for backwards compatibility, which the Node.js Foundation says moves it towards VM neutrality and opening Node.js to more environments, like IoT and mobile.

Other Node.js 8 features include a stable module API, async / await support for writing more linear code, and the V8 JavaScript Engine 6.1.

While Node.js 9 is available, the foundation says that it’s geared more towards testing and experimenting with bleeding-edge features and recommends Node.js 8 for ongoing development.

Angular 5.0 now available

The Angular development team today announced a major release to the mobile and desktop framework. Angular 5.0 focuses on making Angular “smaller, faster, and easier to use.”

The new release includes the new build optimizer that will run by default when production builds are created with the CLI. The tool is designed to make bundles smaller. “The build optimizer has two main jobs. First, we are able to mark parts of your application as pure,this improves the tree shaking provided by the existing tools, removing additional parts of your application that aren’t needed,” the team wrote in a post. “The second thing the build optimizer does is to remove Angular decorators from your application’s runtime code. Decorators are used by the compiler, and aren’t needed at runtime and can be removed. Each of these jobs decrease the size of your JavaScript bundles, and increase the boot speed of your application for your users.”

Angular 5.0 also enables users to share application state between server side and client side versions of the app with the Angular Universal State Transfer API and DOM support.

Angular Universal enables developers to perform server side rendering on their Angular apps.

The version’s ServerTransferStateModule and the corresponding BrowserTransferStateModule enable users to generate information about their rendering with platform-server and transfer it to the client side without having to regenerate the information. This is useful when users perform application fetches data over HTTP.

In addition, the release features compiler improvements to support incremental compilation, speed up rebuilds and ship smaller bundles. Some compiler improvements include TypeScript transforms, ability to preserve whitespace from components and applications, and improved decorator support.

Other features include new router lifecycle events, RxJS 5.5, updateOn Blur / Submit capabilities in Angular Forms, CLI v1.5, zone speed improvements, and a new  HttpClient.

Information on how to update to version 5.0 is available here.