Weekly developer news – October 13th 2017

So, welcome to the 3rd edition of developer news!

Again, as with last week, I could have included many more items, but have tried to limit it to the top 5. As I said before, if interest does continue, I am considering some other formats for daily news and commentary in addition to this weekly post.

So, here we go again:

1 : Microsoft stops development on Windows 10 Mobile

In a series of Tweets Microsoft’s Joe Belfiore confirmed that Windows Mobile 10 is now effectively in maintenance mode, with only security and bug fixes being performed. No feature development or hardware development is going to take place.

For more information, including details of the Tweets, checkout one of many write-ups here.

2: CSV Injection Demonstrated

I wanted to highlight a really great article by George Mauer, highlighting some potential security issues with CSV field import and export.

I don’t know about you, but a pretty decent number of systems that I have worked on, and do continue to work on have some form of ‘spreadsheet export/import’ feature, and as developers, we like to keep things simple and go with a CSV import.

After all every spreadsheet program, offline and online accepts CSV, and they are safe aren’t they?

Well, this article demonstrates they aren’t always immune to injection attacks, and we should think of security when dealing with CSV data.

Checkout the article here.

3 : Oculus Go

At their Oculus Connect 4 conference, Oculus have announced their upcoming Oculus Go device. (yes I’m aware I used the word Oculus 3 times in that sentence!)

It’s a device they describe as defining a new category of VR devices, that of 100% standalone devices.

As it sounds, this device does not need to be tethered to a PC, or paired with a mobile phone to operate. It is 100% standalone.

From a developer perspective, this could open up a number of interesting applications, and could potentially drive VR adoption, making it a more worthwhile platform to invest it.

For me, VR is something I’m keeping a casual eye on. AR is something I think has more potential, but am still in the monitoring stages before investing in any particular platform.

For more details, checkout their announcement here.

4 : Bancor / Ethereum flaw in detail

Hackernoon has a great writeup of a flaw gaining a lot of press coverage in Bancor, a high profile smart contract running on the Ethereum platform.

As Blockchains and smart contracts seem to gather increasing interest (or hype), as a developer, it’s interesting to see a demonstration of how careful we must be when deploying code as a distributed smart contract.

It has serious implications.

This article demonstrates that in merely 150 lines of Python, it’s possible to exploit a flaw in the smart contract to monitor trades on the platform, and guarantee that you can sell tokens at a high price than you are purchasing them.

There’s a lot of good technical detail in the article, and even if you aren’t actively planning on developing blockchain applications, it’s well worth a read, and if you are, it’s a cautionary tale on being extremely careful with how you develop and deploy smart contracts.

Checkout the article here.

5 : Friday the 13th coding horror

The final item for this week, is a developer generously sharing some code that they created early on in their development life. This is a codebase, the developer self describes as “An incomprehensible hellscape of spaghetti code.”

This repo is getting a lot of discussion on reddit and hacker news, and it’s really great to see discussion of what doesn’t work in a codebase, in addition to how we should be doing things.

I believe that especially with the way technology advances so quickly, there are many many ‘right’ solutions to a problem, and developers are often far too quick to declare their way / favourite stack as the only way to do things.

I think that actually, we can learn an awful lot by looking at what doesn’t work, an understanding why, so it’s great to see discussions like this going on.

Are you brave enough to share your coding mistakes?

So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Leave a Reply