Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror
Yahoo!

Yahoo Stops New Development On YUI 79

Posted by samzenpus
from the end-of-the-line dept.
First time accepted submitter dnebin writes Yahoo announced that they will cease new development on their javascript framework YUI, bowing to industry trends towards Node.js, Angular, and others. The announcement reads in part: "The consequence of this evolution in web technologies is that large JavaScript libraries, such as YUI, have been receiving less attention from the community. Many developers today look at large JavaScript libraries as walled gardens they don't want to be locked into. As a result, the number of YUI issues and pull requests we've received in the past couple of years has slowly reduced to a trickle. Most core YUI modules do not have active maintainers, relying instead on a slow stream of occasional patches from external contributors. Few reviewers still have the time to ensure that the patches submitted are reviewed quickly and thoroughly."
Android

MIPS Tempts Hackers With Raspbery Pi-like Dev Board 88

Posted by timothy
from the do-what-thou-will dept.
DeviceGuru (1136715) writes "In a bid to harness the energy and enthusiasm swirling around today's open, hackable single board computers, Imagination Technologies, licensor of the MIPS ISA, has unveiled the Creator C120 development board, the ISA's counter to ARM's popular Raspberry Pi and BeagleBone Black SBCs. The MIPS dev board is based on a 1.2GHz dual-core MIPS32 system-on-chip and has 1GB RAM and 8GB flash, and there's also an SD card slot for expansion. Ports include video, audio, Ethernet, both WiFi and Bluetooth 4.0, and a bunch more. OS images are already available for Debian 7, Gentoo, Yocto, and Arch Linux, and Android v4.4 is expected to be available soon. Perhaps the most interesting feature of the board is that there's no pricing listed yet, because the company is starting out by giving the boards away free to developers who submit the most interesting projects."
Bitcoin

Hal Finney, PGP and Bitcoin Pioneer, Dies At 58 40

Posted by timothy
from the that's-a-legacy dept.
New submitter brokenin2 writes Hal Finney, the number two programmer for PGP and the first person to receive a Bitcoin transaction, has passed away. From the article on Coindesk: "Shortly after collaborating with Nakamoto on early bitcoin code in 2009, Finney announced he was suffering from ALS. Increasing paralysis, which eventually became near-total, forced him to retire from work in early 2011."
Chrome

Google Introduces HTML 5.1 Tag To Chrome 94

Posted by timothy
from the tagging-wars-ensue dept.
darthcamaro (735685) writes "Forget about HTML5, that's already passe — Google is already moving on to HTML5.1 support for the upcoming Chrome 38 release. Currently only a beta, one of the biggest things that web developers will notice is the use of the new "picture" tag which is a container for multiple image sizes/formats. Bottom line is it's a new way to think about the "IMG" tag that has existed since the first HTML spec."
Security

IEEE Guides Software Architects Toward Secure Design 51

Posted by Soulskill
from the an-ounce-of-prevention dept.
msm1267 writes: The IEEE's Center for Secure Design debuted its first report this week, a guidance for software architects called "Avoiding the Top 10 Software Security Design Flaws." Developing guidance for architects rather than developers was a conscious effort the group made in order to steer the conversation around software security away from exclusively talking about finding bugs toward design-level failures that lead to exploitable security vulnerabilities. The document spells out the 10 common design flaws in a straightforward manner, each with a lengthy explainer of inherent weaknesses in each area and how software designers and architects should take these potential pitfalls into consideration.
Open Source

State of the GitHub: Chris Kelly Does the Numbers 34

Posted by timothy
from the git-along-little-hub dept.
I talked with Chris Kelly of GitHub at last week's LinuxCon about GitHub. He's got interesting things to say about the demographics and language choices on what has become in short order (just six years) one of the largest repositories of code in the world, and one with an increasingly sophisticated front-end, and several million users. Not all of the code on GitHub is open source, but the majority is -- handy, when that means an account is free as in beer, too. (And if you're reading on the beta or otherwise can't view the video below, here's the alternative video link.)
PHP

PHP 5.6.0 Released 118

Posted by timothy
from the still-hard-to-pronounce dept.
An anonymous reader writes The PHP team has announced the release of PHP 5.6.0. New features include constant scalar expressions, exponentiation using the ** operator, function and constant importing with the use keyword, support for file uploads larger than 2 GB, and phpdbg as an interactive integrated debugger SAPI. The team also notes important changes affecting compatibility. For example: "Array keys won't be overwritten when defining an array as a property of a class via an array literal," json_decode() is now more strict at parsing JSON syntax, and GMP resources are now objects. Here is the migration guide, the full change log, and the downloads page.
Red Hat Software

How Red Hat Can Recapture Developer Interest 232

Posted by Soulskill
from the cookies-will-do-the-trick dept.
snydeq writes: Developers are embracing a range of open source technologies, writes Matt Asay, virtually none of which are supported or sold by Red Hat, the purported open source leader. "Ask a CIO her choice to run mission-critical workloads, and her answer is a near immediate 'Red Hat.' Ask her developers what they prefer, however, and it's Ubuntu. Outside the operating system, according to AngelList data compiled by Leo Polovets, these developers go with MySQL, MongoDB, or PostgreSQL for their database; Chef or Puppet for configuration; and ElasticSearch or Solr for search. None of this technology is developed by Red Hat. Yet all of this technology is what the next generation of developers is using to build modern applications. Given that developers are the new kingmakers, Red Hat needs to get out in front of the developer freight train if it wants to remain relevant for the next 20 years, much less the next two."
Programming

The Grumpy Programmer has Advice for Young Computer Workers (Video) 120

Posted by Roblimo
from the hey-kids-get-off-my-code dept.
Bob Pendleton calls his blog "The Grumpy Programmer" because he's both grumpy and a programmer. He's also over 60 years old and has been programming since he was in his teens. This pair of videos is a break from our recent spate of conference panels and corporate people. It's an old programmer sharing his career experiences with younger programmers so they (you?) can avoid making his mistakes and possibly avoid becoming as grumpy as he is -- which is kind of a joke, since Bob is not nearly as grumpy as he is light-hearted. (Transcript covers both videos. Alternate Video Link One; Alternate Video Link Two)
GNU is Not Unix

MediaGoblin 0.7.0 "Time Traveler's Delight" Released 73

Posted by timothy
from the like-rupert-murdoch dept.
paroneayea (642895) writes "The GNU MediaGoblin folks have put out another release of their free software media hosting platform, dubbed 0.7.0: Time Traveler's Delight. The new release moves closer to federation by including a new upload API based on the Pump API, a new theme labeled "Sandy 70s Speedboat", metadata features, bulk upload, a more responsive design, and many other fixes and improvements. This is the first release since the recent crowdfunding campaign run with the FSF which was used to bring on a full time developer to focus on federation, among other things."
Java

If Java Wasn't Cool 10 Years Ago, What About Now? 511

Posted by timothy
from the pretty-good-drink-especially-with-honey-and-cream dept.
10 years ago today on this site, readers answered the question "Why is Java considered un-cool?" 10 years later, Java might not be hip, but it's certainly stuck around. (For slightly more than 10 years, it's been the basis of the Advanced Placement test for computer science, too, which means that lots of American students are exposed to Java as their first formally taught language.) And for most of that time, it's been (almost entirely) Free, open source software, despite some grumbling from Oracle. How do you see Java in 2014? Are the pessimists right?
Oracle

Oregon Sues Oracle For "Abysmal" Healthcare Website 212

Posted by timothy
from the finest-consultants-in-the-land dept.
SpzToid (869795) writes The state of Oregon sued Oracle America Inc. and six of its top executives Friday, accusing the software giant of fraud for failing to deliver a working website for the Affordable Care Act program. The 126-page lawsuit claims Oracle has committed fraud, lies, and "a pattern of activity that has cost the State and Cover Oregon hundreds of millions of dollars". "Not only were Oracle's claims lies, Oracle's work was abysmal", the lawsuit said. Oregon paid Oracle about $240.3 million for a system that never worked, the suit said. "Today's lawsuit clearly explains how egregiously Oracle has disserved Oregonians and our state agencies", said Oregon Atty. Gen. Ellen Rosenblum in a written statement. "Over the course of our investigation, it became abundantly clear that Oracle repeatedly lied and defrauded the state. Through this legal action, we intend to make our state whole and make sure taxpayers aren't left holding the bag."

Oregon's suit alleges that Oracle, the largest tech contractor working on the website, falsely convinced officials to buy "hundreds of millions of dollars of Oracle products and services that failed to perform as promised." It is seeking $200 million in damages. Oracle issued a statement saying the suit "is a desperate attempt to deflect blame from Cover Oregon and the governor for their failures to manage a complex IT project. The complaint is a fictional account of the Oregon Healthcare Project."
Encryption

NSA Agents Leak Tor Bugs To Developers 116

Posted by Soulskill
from the right-hand-thinks-the-left-hand-is-a-jerk dept.
An anonymous reader writes: We've known for a while that NSA specifically targets Tor, because they want to disrupt one of the last remaining communication methods they aren't able to tap or demand access to. However, not everybody at the NSA is on board with this strategy. Tor developer Andrew Lewman says even as flaws in Tor are rooted out by the NSA and British counterpart GCHQ, other agents from the two organizations leak those flaws directly to the developers, so they can be fixed quickly. He said, "You have to think about the type of people who would be able to do this and have the expertise and time to read Tor source code from scratch for hours, for weeks, for months, and find and elucidate these super-subtle bugs or other things that they probably don't get to see in most commercial software." Lewman estimates the Tor Project receives these reports on a monthly basis. He also spoke about how a growing amount of users will affect Tor. He suggests a massive company like Google or Facebook will eventually have to take up the task of making Tor scale up to millions of users.
The Almighty Buck

How Game Developers Turn Kickstarter Failure Into Success 30

Posted by Soulskill
from the pay-me-to-overpromise dept.
Nerval's Lobster writes When you ask random strangers on the Internet to give you money, there are no guarantees. That's true in almost any scenario, including when video game developers use Kickstarter to crowdfund the creation of a game. While 3,900 or so games have been funded on Kickstarter, more than 7,200 game projects failed to hit their goal. Within those two numbers are some people who fall into both categories: developers who failed to get funding on their first try, but re-launched campaigns and hit their goals. Jon Brodkin spoke with a handful of those indie game developers who succeeded on their second try; many of them used the momentum (and fans) from the first attempt to get a head start on funding the second, and one even adjusted his entire plan based on community feedback. But succeeding the second time also depended on quite a bit of luck.
Programming

Ask Slashdot: What Do You Wish You'd Known Starting Out As a Programmer? 548

Posted by Soulskill
from the how-to-program dept.
snydeq writes: Most of us gave little thought to the "career" aspect of programming when starting out, but here we are, battle-hardened by hard-learned lessons, slouching our way through decades at the console, wishing perhaps that we had recognized the long road ahead when we started. What advice might we give to our younger self, or to younger selves coming to programming just now? Andrew C. Oliver offers several insights he gave little thought to when first coding: "Back then, I simply loved to code and could have cared less about my 'career' or about playing well with others. I could have saved myself a ton of trouble if I'd just followed a few simple practices." What are yours?
Programming

C++14 Is Set In Stone 193

Posted by timothy
from the but-it's-a-soft-stone dept.
jones_supa (887896) writes "Apart from minor editorial tweaks, the ISO C++14 standard can be considered completed. Implementations are already shipping by major suppliers. C++14 is mostly an incremental update over C++11 with some new features like function return type deduction, variable templates, binary literals, generic lambdas, and so on. The official C++14 specification release will arrive later in the year, but for now Wikipedia serves as a good overview of the feature set."
Programming

Software Combines Thousands of Online Images Into One That Represents Them All 66

Posted by samzenpus
from the best-representation dept.
Zothecula writes If you're trying to find out what the common features of tabby cats are, a Google image search will likely yield more results than you'd ever have the time or inclination to look over. New software created at the University of California, Berkeley, however, is designed to make such quests considerably easier. Known as AverageExplorer, it searches out thousands of images of a given subject, then amalgamates them into one composite "average" image.
Businesses

Companies That Don't Understand Engineers Don't Respect Engineers 371

Posted by Soulskill
from the if-you-aren't-part-of-the-solution,-you're-part-of-the-preciptate dept.
An anonymous reader writes Following up on a recent experiment into the status of software engineers versus managers, Jon Evans writes that the easiest way to find out which companies don't respect their engineers is to learn which companies simply don't understand them. "Engineers are treated as less-than-equal because we are often viewed as idiot savants. We may speak the magic language of machines, the thinking goes, but we aren't business people, so we aren't qualified to make the most important decisions. ... Whereas in fact any engineer worth her salt will tell you that she makes business decisions daily–albeit on the micro not macro level–because she has to in order to get the job done. Exactly how long should this database field be? And of what datatype? How and where should it be validated? How do we handle all of the edge cases? These are in fact business decisions, and we make them, because we're at the proverbial coal face, and it would take forever to run every single one of them by the product people and sometimes they wouldn't even understand the technical factors involved. ... It might have made some sense to treat them as separate-but-slightly-inferior when technology was not at the heart of almost every business, but not any more."
Education

Reading, Writing, 'Rithmetic, and Blockly 18

Posted by Soulskill
from the stack-overflow-to-be-inundated-by-homework-questions dept.
theodp writes As teachers excitedly tweet about completing their summer CS Professional Development at Google and Microsoft, and kids get ready to go back to school, Code.org is inviting educators to check out their K-5 Computer Science Curriculum (beta), which is slated to launch in September (more course details). The content, Code.org notes, is a blend of online activities ("engineers from Google, Microsoft, Facebook, and Twitter helped create this tutorial," footnotes explain) and 'unplugged' activities, lessons in which students can learn computing concepts with or without a computer. It's unclear if he's reviewed the material himself, but Chicago Mayor Rahm Emanuel is grateful for the CS effort ("Thank you for teaching our students these critical skills").
Programming

Switching Game Engines Halfway Through Development 127

Posted by Soulskill
from the don't-change-horse-renderers-in-the-middle-of-a-stream dept.
An anonymous reader writes: Third-party game engines are wonderful creations, allowing developers to skip a lengthy and complicated part of the development process and spend more time on content creation. But each engine has its own strengths and weaknesses, and they may not be apparent at the beginning of a project. If you realize halfway through that your game doesn't work well on the engine you picked, what do you do? Jeff LaMarche describes how he and his team made the difficult decision to throw out all their work with Unity and start over with Unreal. He describes some technical limitations, like Unity's 32-bit nature, and some economic ones, like needing to pay $500 per person for effective version control. He notes that Unreal Engine 4 has its problems, too, but the biggest reason to switch was this: "Our team just wasn't finding it easy to collaborate. We weren't gelling as a cohesive team and we often felt like the tools were working against us."
Programming

Ask Slashdot: What Recliner For a Software Developer? 154

Posted by Soulskill
from the twelve-foot-diameter-bean-bag dept.
Taxilian writes We've talked about office chairs before, but I'm one of those coders who tends to relax by doing more coding. Particularly when I'm short on time for a project, I like to move my work to where I am still around my wife and children so that I can still interact with them and be with my family, but still hit my deadlines. I have used various recliners and found that programming in them (at least in evenings) can be quite comfortable, but haven't felt like I really found the 'ideal chair' for relaxing and working on my Macbook.

I have found references to failed chairs (like La-Z-Boy Explorer, the so-called "E-cliner") that were intended for tech and failed, but are there any existing and useful options? I'd really like something that provides some sort of lap desk (to keep the heat from the laptop away from me) and reasonable power arrangements while still being comfortable and not looking ridiculous in a normal family room.
Programming

Interviews: Ask Bjarne Stroustrup About Programming and C++ 427

Posted by samzenpus
from the go-ahead-and-ask dept.
In addition to being the creator of C++, Bjarne Stroustrup is a Managing Director in the technology division of Morgan Stanley, a Visiting Professor in Computer Science at Columbia University, and a Distinguished Research Professor in Computer Science at Texas A&M University. Bjarne has written a number of books and was elected a member of the National Academy of Engineering. He will be doing a live Google + Q & A within the C++ community on August 20th, 2014 at 12:30pm EST, but has agreed to answer your questions first. As usual, ask as many as you'd like, but please, one per post.
Open Source

Ask Slashdot: Corporate Open Source Policy? 57

Posted by Unknown Lamer
from the in-the-open dept.
Phiro69 (3782875) writes Does anyone have any best practices/experience they would like to share on how their corporate entity put Open Source Software out on the Internet? Historically at my engineering firm, we've followed a model where we internally build a 1.0 release of something we want to open source, the product owner and legal perform a deep review of the release, and we push it out to a platform like Github where it typically sits and rusts.

Our engineering interns have started down a new path: Using Github from the beginning (I set the repo private), and, after a bare minimum is completed, flipping the repo public and continuing development in the open using Github. How do PO and Legal reviews fit in? How can we ensure we're not exposing ourselves or diluting our IP if we're doing semi-constant development, publicly, sans a heavily gated review process? What does everyone else do? Or does corporate America avoid this entire opportunity/entanglement/briar patch?
Real Time Strategy (Games)

Auralux Release For Browsers Shows Emscripten Is Reaching Indie Devs 44

Posted by Soulskill
from the hope-your-servers-are-ready dept.
New submitter MorgyTheMole writes Porting C++/OpenGL based games using Emscripten and WebGL has been an approach pushed by Mozilla for some time now. Games using the technology are compatible with most modern browsers and require no separate install. We've seen Epic Games demonstrate UnrealEngine 4 in browser as well as Unity show off a variety of games. Now as the technology matures, indie devs are looking to get into the mix, including this near one-to-one port of E McNeill's Auralux, a simplified RTS game, from Android and iOS. (Disclosure: I am a programmer who worked on this title.)
AI

New Watson-Style AI Called Viv Seeks To Be the First 'Global Brain' 161

Posted by Soulskill
from the siri-why-does-my-cat-throw-up-so-much? dept.
paysonwelch sends this report from Wired on the next generation of consumer AI: Google Now has a huge knowledge graph—you can ask questions like "Where was Abraham Lincoln born?" And it can name the city. You can also say, "What is the population?" of a city and it’ll bring up a chart and answer. But you cannot say, "What is the population of the city where Abraham Lincoln was born?" The system may have the data for both these components, but it has no ability to put them together, either to answer a query or to make a smart suggestion. Like Siri, it can’t do anything that coders haven’t explicitly programmed it to do. Viv breaks through those constraints by generating its own code on the fly, no programmers required. Take a complicated command like "Give me a flight to Dallas with a seat that Shaq could fit in." Viv will parse the sentence and then it will perform its best trick: automatically generating a quick, efficient program to link third-party sources of information together—say, Kayak, SeatGuru, and the NBA media guide—so it can identify available flights with lots of legroom.
Programming

The Technologies Changing What It Means To Be a Programmer 294

Posted by samzenpus
from the keeping-up-with-the-times dept.
snydeq writes Modern programming bears little resemblance to the days of assembly code and toggles. Worse, or perhaps better, it markedly differs from what it meant to be a programmer just five years ago. While the technologies and tools underlying this transformation can make development work more powerful and efficient, they also make developers increasingly responsible for facets of computing beyond their traditional domain, thereby concentrating a wider range of roles and responsibilities into leaner, more overworked staff.
Programming

New NSA-Funded Code Rolls All Programming Languages Into One 306

Posted by timothy
from the so-your-program-can-confuse-itself dept.
An anonymous reader writes "What's your favorite programming language? Is it CSS? Is it JavaScript? Is it PHP, HTML5, or something else? Why choose? A new programming language developed by researchers at Carnegie Mellon University is all of those and more — one of the world's first "polyglot" programming languages. Sound cool? It is, except its development is partially funded by the National Security Agency, so let's look at it with a skeptical eye. It's called Wyvern — named after a mythical dragon-like thing that only has two legs instead of four — and it's supposed to help programmers design apps and websites without having to rely on a whole bunch of different stylesheets and different amalgamations spread across different files.
Bug

Wiring Programmers To Prevent Buggy Code 116

Posted by timothy
from the stop-thinking-about-my-clairvoyance dept.
mikejuk (1801200) writes "Microsoft Researcher Andrew Begel, together with academic and industry colleagues have been trying to detect when developers are struggling as they work, in order to prevent bugs before they are introduced into code. A paper presented at the 36th International Conference on Software Engineering, reports on a study conducted with 15 professional programmers to see how well an eye-tracker, an electrodermal activity (EDA) sensor, and an electroencephalography (EEG) sensor could be used to predict whether developers would find a task difficult. Difficult tasks are potential bug generators and finding a task difficult is the programming equivalent of going to sleep at the wheel. Going beyond this initial investigation researchers now need to decide how to support developers who are finding their work difficult. What isn't known yet is how developers will react if their actions are approaching bug-potential levels and an intervention is deemed necessary. Presumably the nature of the intervention also has to be worked out. So next time you sit down at your coding station consider that in the future they may be wanting to wire you up just to make sure you aren't a source of bugs. And what could possibly be the intervention?"
Censorship

Russia Cracks Down On Public Wi-Fi; Oracle Blocks Java Downloads In Russia 254

Posted by timothy
from the interesting-times dept.
Linking to a story at Reuters, reader WilliamGeorge writes "Russia is further constraining access to the internet and freedom of speech, with new laws regarding public use of WiFi. Nikolai Nikiforov, the Russian Communications Minister, tweeted that "Identification of users (via bank cards, cell phone numbers, etc.) with access to public Wifi is a worldwide practice." This comes on top of their actions recently to block websites of political opponents to Russian president Vladimir Putin, require registration of prominent bloggers, and more. The law was put into effect with little notice and without the input of Russian internet providers. Sergei Plugotarenko, head of the Russian Electronic Communications Association, said "It was unexpected, signed in such a short time and without consulting us." He added, "We will hope that this restrictive tendency stops at some point because soon won't there be anything left to ban." In addition to the ID requirement to use WiFi, the new law also requires companies to declare who is using their web networks and calls for Russian websites to store their data on servers located in Russia starting in 2016." That's not the only crackdown in progress, though: former Slashdot code-wrestler Vlad Kulchitski notes that Russian users are being blocked from downloading Java with an error message that reads, in essence, "You are in a country on which there is embargo; you cannot download JAVA." Readers at Hacker News note the same, though comments there indicate that the block may rely on a " specific and narrow IP-block," rather than being widespread. If you're reading this from Russia, what do you find?
Java

Oracle Hasn't Killed Java -- But There's Still Time 371

Posted by Unknown Lamer
from the common-lisp-rising dept.
snydeq (1272828) writes Java core has stagnated, Java EE is dead, and Spring is over, but the JVM marches on. C'mon Oracle, where are the big ideas? asks Andrew C. Oliver. 'I don't think Oracle knows how to create markets. It knows how to destroy them and create a product out of them, but it somehow failed to do that with Java. I think Java will have a long, long tail, but the days are numbered for it being anything more than a runtime and a language with a huge install base. I don't see Oracle stepping up to the plate to offer the kind of leadership that is needed. It just isn't who Oracle is. Instead, Oracle will sue some more people, do some more shortsighted and self-defeating things, then quietly fade into runtime maintainer before IBM, Red Hat, et al. pick up the slack independently. That's started to happen anyhow.'
Android

Google Fit Preview SDK Arrives For Android Developers 13

Posted by timothy
from the want-to-sense-your-heart-beating dept.
An anonymous reader writes "Google today released a preview SDK of Google Fit available to developers. The tool provides APIs for apps and device manufacturers to store and access activity data from fitness apps and sensors on Android and other devices (like wearables, heart rate monitors or connected scales). Google warns that the preview release contains the Google Fit APIs for Android, but does not contain the REST API or the Android Wear APIs, which will be included in the official release. Furthermore, while it will let you develop and test fitness apps, they cannot be published to Google Play until official release."
Graphics

Valve Discloses Source 2 Engine In Recent DOTA 2 Update 97

Posted by timothy
from the where's-the-ignition-switch dept.
MojoKid (1002251) writes News and rumors about Valve's upcoming Source 2 engine have been buzzing for months, but a recent update to DOTA 2 contains the most persuasive evidence yet that a major engine is in the works. After the last patch, the game now contains a number of programmed default paths, directories, and file names that didn't previously exist. Source-related DLLs and executables (engine.dll, vconsole.dll) have been updated to "engine2.dll" and vconsole2.dll." The tileset editor has a default Source path. There's also now an option to save files as "Source 1.0 Map Files" where no previous option existed. Here's the funny thing — while most people think of a game screenshot as the best evidence you can buy, low-level file directories, default trees, and changed application behavior is actually more persuasive. Source 1.0 was never updated to support DX11 or OpenGL 4.x, and while the engine can still be used for impressive titles, its DX9 limitations and ancient modding tools are showing their age. It's time to bring the game engine into the modern world, and hopefully these DOTA 2 updates mean that Valve is moving closer to that goal.
Oracle

Oracle Database Redaction Trivial To Bypass, Says David Litchfield 62

Posted by timothy
from the let-me-ask-that-another-way dept.
msm1267 (2804139) writes "Researcher David Litchfield is back at it again, dissecting Oracle software looking for critical bugs. At the Black Hat 2014 conference, Litchfield delivered research on a new data redaction service the company added in Oracle 12c. The service is designed to allow administrators to mask sensitive data, such as credit card numbers or health information, during certain operations. But when Litchfield took a close look he found a slew of trivially exploitable vulnerabilities that bypass the data redaction service and trick the system into returning data that should be masked."
Education

Ask Slashdot: "Real" Computer Scientists vs. Modern Curriculum? 637

Posted by timothy
from the onions-in-those-days-were-called-zumboes dept.
An anonymous reader writes At work yesterday, I overheard a programmer explaining his perception of the quality of the most recent CS grads. In his opinion, CS students who primarily learn Java are inferior because they don't have to deal with memory management as they would if they used C. As a current CS student who's pursing a degree after 10 years of experience in the IT field, I have two questions for my fellow Slashdoters: "Is this a common concern with new CS grads?" and, if so, "What can I do to supplement my Java-oriented studies?"
Facebook

Facebook Seeks Devs To Make Linux Network Stack As Good As FreeBSD's 195

Posted by timothy
from the high-praise-all-around dept.
An anonymous reader writes Facebook posted a career application which, in their own words is 'seeking a Linux Kernel Software Engineer to join our Kernel team, with a primary focus on the networking subsystem. Our goal over the next few years is for the Linux kernel network stack to rival or exceed that of FreeBSD.' Two interesting bullet points listing "responsibilities": Improve IPv6 support in the kernel, and eliminate perf and stability issues. FB is one of the worlds largest IPv6 deployments; Investigate and participate in emerging protocols (MPTCP, QUIC, etc) discussions,implementation, experimentation, tooling, etc.
IT

Ask Slashdot: Good Technology Conferences To Attend? 131

Posted by Unknown Lamer
from the all-of-them dept.
SSG Booraem (2553474) writes I've recently been hired to a IT supervisor position at a local college. My boss wants me to find some technology conferences that I'd like to attend and submit them to her. Since I've worked in IT for 18 years but usually done scut work, I don't have any ideas. I'd appreciate suggestions with personal experiences.
Open Source

Ask Slashdot: What To Do About the Sorry State of FOSS Documentation? 430

Posted by samzenpus
from the keeping-up-with-the-times dept.
First time accepted submitter TWX writes I've been out of computers as a serious home-hobby for many years and in returning I'm aghast at the state of documentation for Open Source projects. The software itself has changed significantly in the last decade, but the documentation has failed to keep pace; most of what I'm finding applies to versions long since passed or were the exact same documents from when I dropped-out of hobbyist computing years ago. Take Lightdm on Ubuntu 14.04 for example- its entire configuration file structure has been revamped, but none of the documentation for more specialized or advanced uses of Lightdm in previous versions of Ubuntu has been updated for this latest release. It's actually harder now to configure some features than it was a decade ago. TLDP is close to a decade out-of-date, fragmentation between distributions has grown to the point that answers from one distro won't readily apply to another, and web forums for even specific projects are full of questions without answers, or those that head off into completely unrelated discussion, or with snarky, "it's in the documentation, stupid!" responses. Where do you go for your FOSS documentation and self-help?
Mozilla

Mozilla Dumps Info of 76,000 Developers To Public Web Server 80

Posted by samzenpus
from the for-everyone's-eyes dept.
wiredmikey writes Mozilla warned on Friday that it had mistakenly exposed information on almost 80,000 members of its Mozilla Developer Network (MDN) as a result of a botched data sanitization process. The discovery was made around June 22 by one of Mozilla's Web developers, Stormy Peters, Director of Developer Relations at Mozilla, said in a security advisory posted to the Mozilla Security Blog on Friday. "Starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server," Peters wrote. According to Peters, the encrypted passwords were salted hashes and they by themselves cannot currently be used to authenticate with the MDN. However, Peters warned that MDN users may be at risk if they reused their original MDN passwords on other non-Mozilla websites or authentication systems.
Education

How Many Members of Congress Does It Take To Pass a $400MM CS Bill? 180

Posted by Soulskill
from the trick-question-congress-can't-pass-anything dept.
theodp writes: Over at Code.org, they're celebrating because more than 100 members of Congress are now co-sponsoring the Computer Science Education Act (HR 2536), making the bill designed to"strengthen elementary and secondary computer science education" the most broadly cosponsored education bill in the House. By adding fewer than 50 words to the Elementary and Secondary Education Act of 1965, HR 2536 would elevate Computer Science to a "core academic subject" (current core academic subjects are English, reading or language arts, mathematics, science, foreign languages, civics and government, economics, arts, history, and geography), a status that opens the doors not only to a number of funding opportunities, but also to a number of government regulations. So, now that we know it takes 112 U.S. Representatives to make a CS education bill, the next question is, "How many taxpayer dollars will it take to pay for the consequences?" While Code.org says "the bill is cost-neutral and doesn't introduce new programs or mandates," the organization in April pegged the cost of putting CS in every school at $300-$400 million. In Congressional testimony last January, Code.org proposed that "comprehensive immigration reform efforts that tie H-1B visa fees to a new STEM education fund" could be used "to support the teaching and learning of more computer science in K-12 schools," echoing Microsoft's National Talent Strategy.
Programming

Comparison: Linux Text Editors 402

Posted by Soulskill
from the put-your-swords-down dept.
jrepin writes: Mayank Sharma of Linux Voices tests and compares five text editors for Linux, none of which are named Emacs or Vim. The contenders are Gedit, Kate, Sublime Text, UltraEdit, and jEdit. Why use a fancy text editor? Sharma says, "They can highlight syntax and auto-indent code just as effortlessly as they can spellcheck documents. You can use them to record macros and manage code snippets just as easily as you can copy/paste plain text. Some simple text editors even exceed their design goals thanks to plugins that infuse them with capabilities to rival text-centric apps from other genres. They can take on the duties of a source code editor and even an Integrated Development Environment."
Programming

Getting Back To Coding 240

Posted by Soulskill
from the trading-in-the-full-band-for-a-solo-acoustic-album dept.
New submitter rrconan writes I always feel like I'm getting old because of the constant need to learn a new tools to do the same job. At the end of projects, I get the impression that nothing changes — there are no real benefits to the new tools, and the only result is a lot of time wasted learning them instead of doing the work. We discussed this last week with Andrew Binstock's "Just Let Me Code" article, and now he's written a follow-up about reducing tool complexity and focusing on writing code. He says, "Tool vendors have several misperceptions that stand in the way. The first is a long-standing issue, which is 'featuritis': the tendency to create the perception of greater value in upgrades by adding rarely needed features. ... The second misperception is that many tool vendors view the user experience they offer as already pretty darn good. Compared with tools we had 10 years ago or more, UIs have indeed improved significantly. But they have not improved as fast as complexity has increased. And in that gap lies the problem.' Now I understand that what I thought of as "getting old" was really "getting smart."
Programming

Peter Hoddie Talks About His Internet of Things Construction Kit (Video) 53

Posted by Roblimo
from the everything-you-own-must-now-connect-to-the-internet dept.
You remember Peter Hoddie, right? He was one of the original QuickTime developers at Apple. He left in 2002 to help found a startup called Kinoma, which started life developing multimedia players and browsers for mobile devices. Kinoma was acquired in 2011 by Marvell Semiconductor, whose management kept it as a separate entity.

The latest creation from Peter and his crew is the 'Kinoma Create,' AKA the 'JavaScript-Powered Internet of Things Construction Kit.' With it, they say, you can 'quickly and easily create personal projects, consumer electronics, and Internet of Things prototypes.' EE Times mentioned it in March, and they're not the only ones to notice this product. Quite a few developers and companies are jumping on the 'Internet of Things' bandwagon, so there may be a decent -- and growing -- market for something like this. (Alternate Video Link)
Businesses

Ask Slashdot: When Is It Better To Modify the ERP vs. Interfacing It? 209

Posted by timothy
from the which-point-in-the-chain dept.
New submitter yeshuawatso writes I work for one of the largest HVAC manufacturers in the world. We've currently spent millions of dollars investing in an ERP system from Oracle (via a third-party implementor and distributor) that handles most of our global operations, but it's been a great ordeal getting the thing to work for us across SBUs and even departments without having to constantly go back to the third-party, whom have their hands out asking for more money. What we've also discovered is that the ERP system is being used for inputting and retrieving data but not for managing the data. Managing the data is being handled by systems of spreadsheets and access databases wrought with macros to turn them into functional applications. I'm asking you wise and experienced readers on your take if it's a better idea to continue to hire our third-party to convert these applications into the ERP system or hire internal developers to convert these applications to more scalable and practical applications that interface with the ERP (via API of choice)? We have a ton of spare capacity in data centers that formerly housed mainframes and local servers that now mostly run local Exchange and domain servers. We've consolidated these data centers into our co-location in Atlanta but the old data centers are still running, just empty. We definitely have the space to run commodity servers for an OpenStack, Eucalyptus, or some other private/hybrid cloud solution, but would this be counter productive to the goal of standardizing processes. Our CIO wants to dump everything into the ERP (creating a single point of failure to me) but our accountants are having a tough time chewing the additional costs of re-doing every departmental application. What are your experiences with such implementations?
PHP

PHP Finally Getting a Formal Specification 180

Posted by timothy
from the let-the-ossification-ceremony-commence dept.
itwbennett (1594911) writes "Despite becoming one of the most widely used programming languages on the Web, PHP didn't have a formal specification — until now. Facebook engineer and PHP core contributor Sara Golemon announced the initiative at OSCON earlier this month, and an initial draft of the specification was posted Wednesday on GitHub."
Programming

Vint Cerf on Why Programmers Don't Join the ACM 213

Posted by timothy
from the other-than-that-how-was-the-parade? dept.
jfruh writes "The Association for Computing Machinery is a storied professional group for computer programmers, but its membership hasn't grown in recent years to keep pace with the industry. Vint Cerf, who recently concluded his term as ACM president, asked developers what was keeping them from signing up. Their answers: paywalled content, lack of information relevant to non-academics, and code that wasn't freely available."
Cellphones

Is the App Store Broken? 258

Posted by Soulskill
from the honeymoon-is-over dept.
A recent post by Instapaper's Marco Arment suggests that design flaws in Apple's App Store are harming the app ecosystem, and users are suffering because of it. "The dominance and prominence of 'top lists' stratifies the top 0.02% so far above everyone else that the entire ecosystem is encouraged to design for a theoretical top-list placement that, by definition, won’t happen to 99.98% of them." Arment notes that many good app developers are finding continued development to be unsustainable, while scammy apps are encouraged to flood the market.

"As the economics get tighter, it becomes much harder to support the lavish treatment that developers have given apps in the past, such as full-time staffs, offices, pixel-perfect custom designs of every screen, frequent free updates, and completely different iPhone and iPad interfaces. Many will give up and leave for stable, better-paying jobs. (Many already have.)" Brent Simmons points out the indie developers have largely given up the dream of being able to support themselves through iOS development. Yoni Heisler argues that their plight is simply a consequence of ever-increasing competition within the industry, though he acknowledges that more app curation would be a good thing. What strategies could Apple (and the operators of other mobile application stories) do to keep app quality high?
Hardware Hacking

Raspberry Pi-Compatible Development Board Released 47

Posted by Soulskill
from the chips-and-dips dept.
kodiaktau writes: Hardkernel has released a new Raspberry Pi-compatible development board based on the Samsung Exynos SoC. The board is smaller than a typical Pi, keeping basic HDMI, USB and CSI interfaces. It also has a 26-pin expansion board with more GPIO available, though it lacks an Ethernet jack. Initial prices as estimated around $30. The article makes the interesting point that this and other devices are marketed as "Raspberry Pi-compatible." The Raspberry Pi Foundation may run into name retention issues (similar to the ones Arduino had) as related hardware piggybacks on its success.
Open Source

seL4 Verified Microkernel Now Open Source 82

Posted by Unknown Lamer
from the formal-verification-for-the-rest-of-us dept.
Back in 2009, OKLabs/NICTA announced the first formally verified microkernel, seL4 (a member of the L4 family). Alas, it was proprietary software. Today, that's no longer the case: seL4 has been released under the GPLv2 (only, no "or later versions clause" unfortunately). An anonymous reader writes OSnews is reporting that the formally verified sel4 microkernel is now open source: "General Dynamics C4 Systems and NICTA are pleased to announce the open sourcing of seL4, the world's first operating-system kernel with an end-to-end proof of implementation correctness and security enforcement. It is still the world's most highly assured OS." Source is over at Github. It supports ARM and x86 (including the popular Beaglebone ARM board). If you have an x86 with the VT-x and Extended Page Table extensions you can even run Linux atop seL4 (and the seL4 website is served by Linux on seL4).
Programming

Programming Languages You'll Need Next Year (and Beyond) 315

Posted by Soulskill
from the sorry-folks-still-no-haskell dept.
Nerval's Lobster writes: Over at Dice, there's a breakdown of the programming languages that could prove most popular over the next year or two, including Apple's Swift, JavaScript, CSS3, and PHP. But perhaps the most interesting entry on the list is Erlang, an older language invented in 1986 by engineers at Ericsson. It was originally intended to be used specifically for telecommunications needs, but has since evolved into a general-purpose language, and found a home in cloud-based, high-performance computing when concurrency is needed. "There aren't a lot of Erlang jobs out there," writes developer Jeff Cogswell. "However, if you do master it (and I mean master it, not just learn a bit about it), then you'll probably land a really good job. That's the trade-off: You'll have to devote a lot of energy into it. But if you do, the payoffs could be high." And while the rest of the featured languages are no-brainers with regard to popularity, it's an open question how long it might take Swift to become popular, given how hard Apple will push it as the language for developing on iOS.

The only problem with being a man of leisure is that you can never stop and take a rest.

Working...