earlzdotnet writes "I've been programming for a few years now, and I have a full time job. I'm one of those lucky souls that actually enjoy programming, so I commonly work on my own open source projects on weekends. However, I wouldn't mind working on a short-term projects (i.e. not more than ~2 months) every once in a while on weekends. I've looked at freelancing before, and I could probably make more money by working at McDonald's on weekends than that. I've also looked into making web sites for small businesses, but it requires a bit too much commitment and support for me, especially since I'm terrible at graphics design. I've tried my hand at writing reusable components to sell to other programmers, but that was pretty pointless (I made one $20 sale). I've seen teaching suggested, but I'm self-taught and probably not experienced enough to responsibly teach people. Are there any other options to make a bit of cash as a programmer? Is programming just one of those things that requires complete dedication, or what?"
Become a fan of Slashdot on Facebook
theodp writes "In an open letter on TechCrunch, Vivek Wadhwa calls on Congressman Luis Gutierrez to lift his 'hold on Silicon Valley' and stop tying immigration reform for highly-skilled STEM immigrants to the plight of undocumented immigrants. So, why should the STEM set get first dibs? 'The issues of high-skilled and undocumented immigrants are both equally important,' says Wadhwa, but 'the difference is that the skilled workers have mobility and are in great demand all over the world. They are getting frustrated and are leaving in droves.' Commenting on Gutierrez's voting record, Wadhwa adds, 'I would have voted for visas for 50,000 smart foreign students graduating with STEM degrees from U.S. universities over bringing in 55,000 randomly selected high-school graduates from abroad. The STEM graduates would have created jobs and boosted our economy. The lottery winners will come to the U.S. with high hopes, but will face certain unemployment and misery because of our weak economy.' So, should Gutierrez cede to Wadhwa's techies-before-Latinos proposal, or would this be an example of the paradox of virtuous meritocracy undermining equality of opportunity?"
An anonymous reader writes "Hurd, the GNU micro-kernel project that was founded by Richard Stallman in 1983, may finally be catching up with Linux on the desktop... Plans were shared by its developers to finally bring in some modern functionality by working on support for Serial ATA drives, USB support, and sound cards. There are also ambitions to provide x86-64 CPU architecture support. GNU Hurd developers will be doing an unofficial Debian GNU/Hurd 'Wheezy' release this year but they hope for the Debian 'Jessie' release their micro-kernel in Debian will make it as part of some official CDs."
New submitter jeditobe writes "Aleksey Bragin reported that starting in February he would be a lecturer at the Moscow State Technical University teaching the operating system course. He said that he intends to incorporate ReactOS into the lab work so that students would have the opportunity to work on an actual operating system. He also intends to translate and upload the slides he will use for class for others to see." (Bragin is the Project Coordinator for ReactOS.)
ewenc writes "Mercenary computer coders are helping scientists cope with the deluge of data pouring out of research labs. A contest to write software to analyze immune-system genes garnered more than 100 entries, including many that vastly outperformed existing programs. The US$6,000 contest was launched by researchers at Harvard Medical School and Harvard Business School, both in Boston, Massachusetts. TopCoder.com, a community of more than 400,000 coders who compete in programming competitions, hosted the contest. The results are described in a letter published this week in Nature Biotechnology."
First time accepted submitter LiteWait writes "My son is heading off to college next year and although he is bright kid with a great background in math and science, he has indicated that he'd like learn some introductory programming skills this summer. The courses at the local universities are pretty sparse and most of the CS101-type courses I've seen offered are too general to meet his needs. Even though he is a self-starter I think he would benefit from actual courses/code camps/etc rather than just slogging through online samples and tutorials. I'd like some advice on possible options for code camps, online courses, or developer training."
itwbennett writes "DARPA (the U.S. Defense Advanced Research Projects Agency) has awarded $3 million to software provider Continuum Analytics to help fund the development of Python's data processing and visualization capabilities for big data jobs. The money will go toward developing new techniques for data analysis and for visually portraying large, multi-dimensional data sets. The work aims to extend beyond the capabilities offered by the NumPy and SciPy Python libraries, which are widely used by programmers for mathematical and scientific calculations, respectively. The work is part of DARPA's XData research program, a four-year, $100 million effort to give the Defense Department and other U.S. government agencies tools to work with large amounts of sensor data and other forms of big data."
We've talked in the past about what kind of questions should be asked of potential developer hires, and how being honest in exit interviews probably isn't worth the potential damage to your career. We're also familiar with the tricky questions some interviewers like to throw at people to test their thinking skills, and the questionable merits of gauging somebody's skillset through a pointlessly obtuse math problem. But there are also shady employers who conduct interviews to try to mine your knowledge and experience to find free solutions to their current problems. An actual job may or may not be on the table, but if they can get what they need from you before hiring, then at the very least your bargaining position will have gotten worse. Have you dealt with situations like this in the past? Since you can't know for sure the interviewer's intentions, it's tough to provide an answer demonstrating your abilities without solving their problem. "Before asking about the fixes they’ve tried, start by acknowledging the depth of the problem and find out whether the manager has the resources to solve it. Then, just like a consultant, use their answers to highlight your experience and explain the approach you’d take." You could also try explaining how you've solved similar problems, which won't necessarily help them, but will demonstrate your value. Of course, one of the biggest challenges is determining when somebody is getting a little too specific with their interview questions. What red flags should people keep an eye out for?
12_West writes "I seek opinions from the Slashdot community about entry level job opportunities as programmers (or other I.T. Staff) for seniors who want to switch careers and continue to work full time. I do not want to retire, nor go part time, as long as I can get up and drive myself in to work. I'm currently 58 years old, working as an industrial electrician in a maintenance department setting for a building products manufacturer. I like the work, but it is becoming hard on my aging body, so, I would like to begin gradually retraining and hope to switch careers in about four years. A lower paying, less physical job would be just fine as there will be pension money coming in. I'm not currently a programmer, but have done some hobbyist level coding in Qbasic and MS-DOS batch files 'back in the days.' I also have some exposure to the Rockwell Automation RSLogix programming tools that are now going obsolete. So, I will be retraining whether I switch careers or not."
First time accepted submitter jsmyth writes "MySQL 5.6.10 has been released, marking the General Availability of version 5.6 for production." Here's more on the features of 5.6. Of possible interest to MySQL users, too, is this look at how MySQL spinoff MariaDB (from Monty, one of the three creators of MySQL) is making inroads into the MySQL market, including (as we've mentioned before) as default database system in some Linux distributions.
Esther Schindler writes "There was a time when programs were written in text editors. And when competition between C++ vendors was actually fierce. Step into the time travel machine as Andy Patrizio revisits the evolution and impact of the visual development metaphor. 'Visual development in its earliest stages was limited by what the PC could do. But for the IBM PC in the early 1980s, with its single-tasking operating system and 8- or 16-bit hardware, the previous software development process was text edit, compile, write down the errors, and debug with your eyes.' Where do you start? 'While TurboPascal launched the idea of an integrated development environment, [Jeff] Duntemann credits Microsoft's Visual Basic (VB), launched in 1991, with being the first real IDE.'... And yes, there's plenty more." A comment attached to the story lists two IDEs that preceded VB; can you name others?
An anonymous reader writes in with news of the continuing saga of Java patches and exploits. "If you're a Mac user who suddenly can't access websites or run applications that rely on Java, you're not alone. For the second time in a month, Apple has silently blocked the latest version of Java 7 from running on OS X 10.6 Snow Leopard or higher via its XProtect anti-malware tool. Apple hasn't issued any official statements advising users of the change or its reasons, but it's a safe bet that the company has deemed Oracle's most recent update to Java insecure. That's why the company stealthily disabled Java on Macs back on Jan. 10, the same day a Java vulnerability was being exploited in the wild."
JerkyBoy writes "RunRev maintains the proprietary LiveCode programming environment. Those familiar with HyperCard on the Mac would feel quite at home using the environment to produce simple applications, and possibly more, although the programming language it incorporates has a few significant shortcomings (e.g., true object orientation). But it is a very versatile environment, currently claiming support for Windows, Mac, Linux, iOS, Android, and server-side scripting. For us NOOBs who could never find the time to learn C++ and something like the wxWidgets or QT toolkits, it seems like a pretty good deal. Recently RunRev has done something interesting, however, and that is to create a Kickstarter campaign to move the environment to open source (~500K lines of code, ~700 files). The way that they describe it, it sounds like there will be a commercial version and an open-source version of the environment (hopefully not cripple-ware), and they are asking for money to do this. But I want to know: what are their chances of success with this model? How in the world can they make enough money to maintain their programmers and overhead while giving the environment away? In other words, if a company like RunRev announces that they are moving to an open-source model, should you become more interested or less interested in their product?"
darthcamaro writes "Oracle has been slammed a lot in recent months about its lackluster handling of Java security. Now Oracle is responding as strongly as it can with one of the largest Java security updates in history. 50 flaws in total with the vast majority carrying the highest-possible CVSS score of 10."
chicksdaddy writes "Veracode's blog has an interesting piece that looks at whether 'brogramming' — the testosterone- and booze-fueled coding culture depicted in movies like The Social Network — spells death for the 'engineering' part of 'software engineering.' From the post: 'The Social Network is a great movie. But, let's face it, the kind of "coding" you're doing when you're "wired in"... or drunk... isn't likely to be very careful or – need we say – secure. Whatever else it may have done, [brogramming's] focus on flashy, testosterone-fueled "competitive" coding divorces "writing software" – free form, creative, inspirational – from "software engineering," its older, more thoughtful and reliable cousin.' The article picks up on Leslie Lamport's recent piece in Wired: 'Why we should build software like we build houses' — also worth reading!"
Qedward writes "As the UK prepares to shake up the way computer science is taught in schools, Redmond is warning that the UK risks falling behind other countries in the race to develop and nurture computing talent, if 'we don't ensure that all children learn about computer science in primary schools.' With 100,000 unfilled IT jobs but only 30,500 computer science graduates in the UK last year, MS believes: 'By formally introducing children to computer science basics at primary school, we stand a far greater chance of increasing the numbers taking the subject through to degree level and ultimately the world of work.'"
An anonymous reader writes "In what seems to be a recurring theme with Facebook as the social networking giant adds features, competing apps that use Facebook integration risk being cut off due to the terms of service surrounding the API. For example, 'Voxer CEO Tom Katis told AllThingsD that the company got an email on Thursday saying that Facebook wanted to hold a phone call to discuss possible violations of a section of the company’s terms of service. The section in question centers around the use of Facebook’s social graph by competing social networks.' Similarly, 'Within hours of Twitter launching its Vine video-sharing application on Thursday, Facebook has cut off access to Vine’s "find people" feature, which used to let Vine users find their Facebook friends using the Vine application.' You have to ask yourself: is it really worth developing an app that integrates with, or worse runs completely on Facebook's platform?"
An anonymous reader writes "Mozilla on Tuesday announced a massive change to the way it loads third-party plugins in Firefox. The company plans to enable Click to Play for all versions of all plugins, except the latest release of Flash. This essentially means Firefox will soon only load third-party plugins when users click to interact with the plugin. Currently, Firefox automatically loads any plugin requested by a website, unless Mozilla has blocked it for security reasons (such as for old versions of Java, Silverlight, and Flash)."
First time accepted submitter taikedz writes "Citrix Xenapp with Receiver/Metaframe allows publishing individual applications installed on a Windows server to users on remote machines. These applications open in their own windows, along side others as if they were installed locally. I am looking to do the same at home, with free software, publishing applications from Mac, Linux, and Windows machines (and yes, I've verified the license agreements for the apps I am going to do this with!). Up until now, the only alternatives I have found are full-on remote desktop login, not seamlessly-integrated. Can you recommend any tools that can achieve the goal of remote individual application access across platforms for free or at low-cost?"
snydeq writes "Deep End's Paul Venezia waxes philosophical about Perl stagnancy in IT. 'A massive number of tools and projects still make the most out of the language. But it's hard to see Perl regaining its former glory without a dramatic turnaround in the near term. As more time goes by, Perl will likely continue to decline in popularity and cement its growing status as a somewhat arcane and archaic language, especially as compared to newer, more lithe options. Perhaps that's OK. Perl has been an instrumental part of the innovation and technological advancements of the last two decades, and it's served as a catalyst for a significant number of other languages that have contributed heavily to the programming world in general.'"
theodp writes "That his 28-year-old whip-smart, well-educated CS grad friend could be unaware of MacWrite and MacPaint took Dave Winer by surprise. 'They don't, for some reason,' notes Winer, 'study these [types of seminal] products in computer science. They fall between the cracks of "serious" study of algorithms and data structures, and user interface and user experience (which still is not much-studied, but at least is starting). This is more the history of software. Much like the history of film, or the history of rock and roll.' So, Dave asks, what early software was influential and worthy of a Software Hall of Fame?"
giminy writes "Clay Shirky has a thought-provoking piece on depression in the hacker community. While hackers tend to be great at internet collaboration on software projects, we often fall short when it comes to helping each other with personal problems. The evidence is only anecdotal, but there seems to be a higher than average incidence of mental health issues among hackers and internet freedom fighters. It would be great to see this addressed by our community through some outreach and awareness programs."
judgecorp writes "Linux kernel developer Alan Cox has left Intel and Linux development after slamming the Fedora 18 distribution. He made the announcement on Google+ and promised that he had not fallen out with Linus Torvalds, and would finish up all outstanding work." Also at Live Mint, which calls Cox's resignation notice a "welcome change from the sterility, plain dishonesty of CEO departure statements." Cox says in that statement that he's leaving "for a bit," and "I may be back at some point in the future - who knows."
CowboyRobot writes "The metaphors and conventions of mobile apps on phones and tablets are now driving the design of desktop software. For example, dialog boxes in typical desktop software used to be complex, requiring lots of interaction. But these are now typically much simpler with far fewer options in a single pane. Drop-down menus are evolving, too. The former style of multiple cascading menus is being replaced. Drop-downs today have a smaller range of options (due to mobile screens being so small and the need to have the entries big enough that a finger touch can select it), and they never use the cascading menu. In Web-based apps, the mobile metaphors are finding greater traction as well. One need only look at the new Google Mail (GMail) interface and see how it's changed over the last year to view the effects of this new direction: All icons are monochrome, the number of buttons is very limited, and there's a More button that keeps the additional options off the main screen."
theodp writes "There's a funny thing about the estimated $1.7 trillion that American companies say they have indefinitely invested overseas,' reports the WSJ's Kate Linebaugh (reg. or the old Google trick). 'A lot of it is actually sitting right here at home.' And if tech companies like Google and Microsoft want to keep more than three-quarters of the cash owned by their foreign subsidiaries at U.S. banks, held in U.S. dollars or parked in U.S. government and corporate securities, Linebaugh explains, this money is still overseas in the eyes of the IRS and isn't taxed as long as it doesn't flow back to the U.S. parent company. Helping corporations avoid the need to tap their foreign-held cash are low interest rates at home, which have allowed U.S. companies to borrow cheaply. Oracle, for instance, raised $5 billion last year, paying an interest rate roughly two-thirds of a percentage point above the low post-crash Treasury yield, about 2.5% at the time (by contrast, grad students and parents pay 6.8%-7.9% for Federal student loans). Were the funds it manages to keep in the hands of its foreign subsidiaries brought home and subjected to U.S. income tax, Oracle estimated it could owe Uncle Sam about $6.3 billion."
An anonymous reader writes "I am part of engineering team that maintains a very important component in our company. Our code quality and general engineering quality focus has been very weak: we have frequent buggy releases, our latencies are shooting up, our test coverage is nearly non-existent, and it is impossible for a newcomer in our team to get up to speed and be productive in less than a month due to unnecessary complexity. A group of 2-3 of us want to change that, and we know what needs to change technically — the better code review and release processes, better build tools, etc. But despite that, the quality of our code and design continues to suffer, and poor code continues to get released in the name of keeping the scheduled release date (product guys don't like to wait). We feel that if the right thing is done every time, we would can eliminate our issues and still release at the same pace. How do we effect the social change necessary to convince them of what is better and encourage them to take the effort to do it?"
CowboyRobot writes "In 25 years, an odd thing will happen to some of the no doubt very large number of computing devices in our world: an old, well-known and well-understood bug will cause their calculation of time to fail. The problem springs from the use of a 32-bit signed integer to store a time value, as a number of seconds since 00:00:00 UTC on Thursday, 1 January 1970, a practice begun in early UNIX systems with the standard C library data structure time_t. On January 19, 2038, at 03:14:08 UTC that integer will overflow. It's not difficult to come up with cases where the problem could be real today. Imagine a mortgage amortization program projecting payments out into the future for a 30-year mortgage. Or imagine those phony programs politicians use to project government expenditures, or demographic software, and so on. It's too early for panic, but those of us in the early parts of their careers will be the ones who have to deal with the problem."
An anonymous reader writes "Red Hat developers are planning to replace MySQL with MariaDB in Fedora 19. For the next Fedora update, the MariaDB fork would replace MySQL and the official MySQL package would be discontinued after some time. The reasoning for this move is the uncertainty about Oracle's support of MySQL as an open-source project and moves to make the database more closed." Update: 01/22 13:47 GMT by T : Note: "Nixing" may be a bit strong; this move has been proposed, but is not yet officially decided.
New submitter dasacc22 writes "Campbell is inviting developers to hack the kitchen with their recipe API. But wait — the API is private, so first you need to submit an idea. If they like the idea, you'll be given access to develop the app. If they like the app, they may give you some money. Otherwise, you can expect to have an app that connects to an API you no longer have access to. The author of this article covers his recent experiences after engaging with Campbell's Adam Kmiec to try and answer the following: '... my question to software developers out there who are thinking of devoting any real effort to a corporate hackathon like this is: "Why?"'"
msm1267 writes "Oracle's long security nightmare with Java just gets worse. A post to Full Disclosure this morning from a security researcher indicated that two new sandbox bypass vulnerabilities have been discovered and reported to Oracle, along with working exploit code. Oracle released Java 7u11 last Sunday and said it fixed a pair of vulnerabilities being exploited by all the major exploit kits. Turns out one of those two bugs wasn't completely patched. Today's bugs are apparently not related to the previous security issues."
Qedward writes with this except from Computerworld UK: "Germany should change a law to enable public administrations to make their software available as free and open source, a German parliamentary committee has advised. German public administrations currently are not allowed to give away goods, including software, said Jimmy Schulz, a member of Parliament and chairman of the Interoperability, Standards and Free Software Project Group. The current law prohibits governments from being part of the development process in the free software community, he said. 'This is a clear disadvantage because it cuts off all benefits obtained from free software, such as being cost-efficient and state-of-the-art,' he said. Besides a recommendation that the government should explore whether the law can be changed for software, the group also called for the use of open standards in order to make sure that everybody can have access to important information, Schulz said. 'We also called for public administrations in general to make sure that new software is created as platform independent as possible,' he added. While the project group is not in favour of giving priority to one type of software over another, it said in its recommendation to the Parliament earlier this week that free and open source software could be a viable alternative to proprietary software." I think a fair rule is that, barring extraordinary and demonstrated need, all tax dollars for software should go only for the development of software for which source is available gratis to all taxpayers, and that secret-source software makers are free to change to fit this requirement any time they'd like to have their software considered for a bid.
hypnosec writes "Online version control system GitHub, which is based on Git — the distributed version control system developed by Linus Torvalds — now has over three million registered users, it has been revealed. Announcing the achievement, the code sharing site used by the likes of jQuery, Perl, PHP, Ruby as well as Joomla said in a blog post that the 'three millionth person signed up for a GitHub account' on Monday night."
Nerval's Lobster writes "Software developer Jeff Cogswell writes: 'Let's compare Java and C#, two programming languages with large numbers of ardent fans and equally virulent detractors. I'm not interested in yet another test that grindingly calculates a million digits' worth of Pi. I want to know about real-world performance: How does each language measure up when asked to dish out millions of Web pages a day? How do they compare when having to grab data from a database to construct those pages dynamically? The results were quite interesting.' Having worked as a professional C# programmer for many years, Cogswell found some long-held assumptions challenged."
tsamsoniw writes "Mere days after Oracle rolled out a fix for the latest Java zero-day vulnerabilities, an admin for an Underweb hacker forum put code for a purportedly new Java exploit up for sale for $5,000. Though unconfirmed, it's certainly plausible that the latest Java patch didn't do the job, based on an analysis by the OpenJDK community. Maybe it's high time for Oracle to fix Java to better protect both its enterprise customers and the millions of home users it picked up when it acquired Sun."
New submitter kju writes "The security blog of Verizon has the story of an investigation into unauthorized VPN access from China which led to unexpected findings. Investigators found invoices from a Chinese contractor who had actually done the work of the employee, who spent the day watching cat videos and visiting eBay and Facebook. The man had Fedexed his RSA token to the contractor and paid only about 1/5th of his income for the contracting service. Because he provided clean code on time, he was noted in his performance reviews to be the best programmer in the building. According to the article, the man had similar scams running with other companies."
chicksdaddy writes "The University of Michigan will be among the first to offer graduate students the opportunity to study the security of advanced medical devices. The course, EECS 598-008 'Medical Device Security' will teach graduate students in UMich's Electrical Engineering and Computer Science program 'the engineering concepts and skills for creating more trustworthy software-based medical devices ranging from pacemakers to radiation planning software to mobile medical apps.' The new course comes amid rapid change in the market for sophisticated medical devices like insulin pumps, respirators and monitoring stations, which increasingly run on versions of the same operating systems that power desktops and servers. In 2011, the U.S. Food and Drug Administration reported that software failures were the root cause of a quarter of all medical device recalls (PDF)."
CWmike writes "It's starting to look like the BlackBerry store will be well stocked with apps when Research In Motion launches BlackBerry 10 (see YouTube preview) at the end of this month. The company held an event over the weekend where it offered app developers incentives to port their programs to the BlackBerry 10 platform and managed to attract 15,000 app submissions. 'Well there you have it. 37.5 hours in, we hit 15,000 apps for this portathon. Feel like I've run a marathon. Thanks to all the devs!' wrote Alec Saunders, vice president of developer relations at RIM, in a Twitter message. The 'port-a-thon' event was held in two parts: One aimed at Android developers and the other at apps written in other platforms, including Appcelerator, Maramalade, Sencha, jQuery, PhoneGap and Qt. RIM was offering $100 for each app ported and subsequently approved for sale in the BlackBerry 10 app store, up to certain limits. Developers could also win BlackBerry 10 development handsets and a trip to RIM's BlackBerry Jam Europe developer event." It's hard to believe that many current iOS or Android users are leaping toward Blackberry, though. If you're in one of those camps, is that so crazy?
jones_supa writes "Shawn McGrath, the creator of the PS3 psychedelic puzzle-racing game Dyad, takes another look at Doom 3 source code. Instead of the technical reviews of Fabien Sanglard, Shawn zooms in with emphasis purely on coding style. He gives his insights in lexical analysis, const and rigid parameters, amount of comments, spacing, templates and method names. There is also some thoughts about coming to C++ with C background and without it. Even John Carmack himself popped in to give a comment."
An anonymous reader writes "After the Department of Homeland Security's US-CERT warned users to disable Java to stop hackers from taking control of users' machines, Oracle issued an emergency patch on Sunday. However, HD Moore, chief security officer of Rapid7, said it could take two years for Oracle to fix all the security flaws in the version of Java used to surf the web; that timeframe doesn't count any additional Java exploits discovered in the future. 'The safest thing to do at this point is just assume that Java is always going to be vulnerable,' Moore said."
An anonymous reader writes "After announcing a fix was coming just yesterday, Oracle on Sunday released Java 7 Update 11 to address the recently disclosed security vulnerability. If you use Java, you can download the latest update now from the Java Control Panel or directly from Oracle's website here: Java SE 7u11. In the release notes for this update, Oracle notes this version "contains fixes for security vulnerabilities." A closer look at Oracle Security Alert for CVE-2013-0422 details that Update 11 fixes two vulnerabilities."
An anonymous reader writes "Game designer Tadhg Kelly writes at TechCrunch about a trend many gamers have noticed over the past decade: designers increasingly relying on statistics — and only statistics — to inform their design decisions. You know the type; the ones who'll change the background color if they think it'll eke out a few more players, or the ones who'll scrap interesting game mechanics in favor of making the game more easily understandable to a broader market. Naturally, this leads to homogenization and boring games. Kelly says, 'Obsessed with measuring everything and therefore defining all of their problems in numerical terms, social game makers have come to believe that those numbers are all there is, and this is why they cannot permit themselves to invent. Like TV people, they are effectively in search of that one number that will explain fun to them. There must, they reason, be some combination of LTV and ARPU and DAU and so on that captures fun, like hunting for the Higgs boson. It must be out there somewhere. ... Unlike every other major game revolution (arcade, console, PC, casual, MMO, etc.), social game developers have proved consistently unable to understand that fun is dynamic in this way. ... They are hunting for the fun boson, but it does not exist.'"
An anonymous reader writes "After news broke on Thursday that a new Java 0-day vulnerability had been discovered, and was already being included in multiple popular exploit kits, two new important tidbits have come in on Friday. Firstly, this whole fiasco could have been avoided if Oracle had properly patched a previous vulnerability. Furthermore, not only is the vulnerability being exploited in the wild, but it is being used to push ransomware." Meanwhile, writes reader Beeftopia, the U.S. Department of Homeland Security is getting in on the action, and "has warned users to disable or uninstall Java software on their computers, amid continuing fears and an escalation in warnings from security experts that hundreds of millions of business and consumer users are vulnerable to a serious flaw."
hypnosec writes "Following news that a Java 0-day has been rolled into exploit kits, without any patch to fix the vulnerability, Mozilla and Apple have blocked the latest versions of Java on Firefox and Mac OS X respectively. Mozilla has taken steps to protect its user base from the yet-unpatched vulnerability. Mozilla has added to its Firefox add-on block-list: Java 7 Update 10, Java 7 Update 9, Java 6 Update 38 and Java 6 Update 37. Similar steps have also been taken by Apple; it has updated its anti-malware system to only allow version 22.214.171.124 or higher, thereby automatically blocking the vulnerable version, 126.96.36.199." Here are some ways to disable Java, if you're not sure how.
nossim writes "When it comes to developers' productivity, numerous controversial studies stress the differences between individuals. As a freelance web developer, I've worked for a lot of companies, and I noticed how some companies foster good practices which improve individual productivity and some others are a nightmare in that regard. In your experience, what are the worst practices or problems that impede developers' productivity at an individual or organizational level?"