jones_supa writes "In a new blog post, the Ubuntu main man Mark Shuttleworth calls for an end to proprietary firmwares such as ACPI. His reasoning is that running any firmware code on your phone, tablet, PC, TV, wifi router, washing machine, server, or the server running the cloud your SAAS app is running on, is a threat vector against you, and NSA's best friend. 'Arguing for ACPI on your next-generation device is arguing for a trojan horse of monumental proportions to be installed in your living room and in your data center. I've been to Troy, there is not much left.' As better solutions, Shuttleworth suggests delivering your innovative code directly to the upstream kernel, or using declarative firmware that describes hardware linkages and dependencies but doesn't include executable code."

First time accepted submitter PvtVoid writes in with the story of Julie Ann Horvath alleging a culture of sexism at GitHub. "The exit of engineer Julie Ann Horvath from programming network GitHub has sparked yet another conversation concerning women in technology and startups. Her claims that she faced a sexist internal culture at GitHub came as a surprise to some, given her former defense of the startup and her internal work at the company to promote women in technology."

itwbennett writes "Everybody lies to themselves now and again in both their personal lives ('my bathroom scale probably needs to be recalibrated') and professional lives ('this code doesn't need commenting'). ITworld has compiled some of the common lies programmers tell themselves. Here are a few examples: 'This bug won't take long to fix.' 'No one could possibly fail to understand my simple user interface.' 'Code is self documenting.' 'My homebrew framework will be nimble, lightweight, debugged, and easy to use.' 'I know this is dirty code, I will rewrite it later.' 'It's just one line... it won't break anything.' '"It works on my machine.' 'I don't need version control.' 'It's written in ____, so it'll be easy to ____.' What would you add to this list?"

itwbennett writes "Researchers at the Free University of Bozen-Bolzano in Italy have found that happier programmers (or, more specifically, computer science students at the university) were significantly more likely to score higher on a problem solving assessment. The researchers first measured the emotional states of study participants using a measure devised by psychologists called the Scale of Positive and Negative Experience Affect Balance (SPANE-B) score. They then tested participants' creativity (ability to write creative photo captions) and problem-solving ability (playing the Tower of London game). The results: happiness didn't affect creativity, but did improve problem-solving ability."

rjmarvin writes "We've all seen the code displayed in hacking scenes from movies and TV, but now a new industry is growing around custom-building realistic software and dummy code. Twisted Media, a Chicago-based design team, started doing fake computer graphics back in 2007 for the TNT show Leverage, and is now working on three prime-time shows on top of films like Gravity and the upcoming Divergent. They design and create realistic interfaces and codebases for futuristic software. British computer scientist John Graham-Cumming has drawn attention to entertainment background code by explaining what the displayed code actually does on his blog, but now that the public is more aware, studios are paying for fake code that's actually convincing."

itwbennett writes "The MOOC (massive open online course) failure rate is notoriously high — only 1% of people who take the beginning computer science programming class, CS50, that Harvard offers over the EdX online platform complete it. A new effort in St. Louis called LaunchCode is changing that — and solving the city's programmer shortage. For the past several weeks, about 300 hardy souls have been gathering in a downtown St. Louis library to listen to the CS50 lectures and work together on the various programming problem sets. But the support offered by the all-volunteer run LaunchCode doesn't end with meet space. They're also doing an end-around on the traditional coder hiring process by pairing the students who complete the course with experienced programmers in one of more than a 100 tech companies who are looking for talent."

sfcrazy writes "Google's Chromium team is working on an alternative of Gtk+ for the browser, called Aura. Elliot Glaysher, a Google developer explains, 'We aim to launch the Aura graphics stack on Linux in M35. Aura is a cross-platform graphics system, and the Aura frontend will replace the current GTK+ frontend.' The Free Software community is debating: is Google trying to do Canonical? Couldn't Google just switch to Qt, which is becoming an industry standard?"

alphadogg writes "A sneak peek at the annual Computing Research Association's (CRA) report on computer science enrollments at colleges shows that strong demand for technically-savvy workers is luring students in a big way. The full 2013 Taulbee Report will be published in May, but the CRA revealed a few tidbits this week in its Computer Research News publication. Among the findings: Among 123 departments responding last year and the year before, there was a 22% increase in enrollment for computer science bachelor's degree programs at U.S. schools. Degrees awarded increased 0.9% and new enrollments rose 13.7%"

First time accepted submitter Geste writes "Diane McWhorter pleads in this NYT Op-Ed piece that it's time to stop glorifying hackers. Among other things she rails against providers' tendencies to 'blame the victim' with advice on improved password discipline. Interesting, but what lesson are we to learn from someone who emails lists of passwords to herself?"

kc123 writes "Earlier this week, The Linux Foundation announced that it would be working with edX, a non-profit online learning site governed by Harvard and MIT, to make its "Introduction to Linux" course free and open to all. The Linux Foundation has long offered a wide variety of training courses through its website, but those can generally cost upwards of $2,000. This introductory class, which usually costs $2,400, will be the first from the Linux Foundation to run as a Massive Open Online Course (MOOC)."

First time accepted submitter liquiddark writes "I was listening to a younger coworker talk to someone the other day about legacy technologies, and he mentioned .NET as a specific example. It got me thinking — what technologies are passing from the upstart and/or mainstream phases into the world of legacy technology? What tech are you working with now that you hope to retire in the next few years? What will you replace it with?"

McGruber writes "Austin ranks number one in the nation when it comes to offering the largest tech salaries that have been adjusted for cost of living expenses, such as housing, groceries, utilities and other necessities. This is according to a study by TriNet, a company I had never heard off, that provides (buzzword alert!) cloud-based human resources services. The seven major tech hubs, ranked by cost of living adjusted average salaries: 1. Austin: $105,000; 2. Atlanta: $103,000; 3. Denver-Boulder: $98,000; 4. Boston: $79,000; 5. Silicon Valley: $78,000; 6. Los Angeles: $70,000; 7. New York: $56,000." It's true that Austin has cheaper real estate than Silicon Valley, or London, but what this kind of analysis can't capture well is the worth for an individual of living in a particular place. Some jobs are easier to do from Texas (or Timbuktu) than others, and opinions vary wildly about the importance of climate, culture, alternative job options, and other factors. New York living is expensive, Yes, but it comes with a free bonus if New York is where you want to be. Some people even like Los Angeles. Is there a place you'd rather be but forgo because of the cost of living, or a place you'd consider simply because it would amplify your salary?

jones_supa writes "Valve has recently released Portal 2 on Steam for Linux and opened a GitHub entry to gather all the bugs from the community. When one of the Valve developers closed a bug related to Portal 2 recommending that the users disable a security feature, the Linux community reacted. A crash is caused by the game's interaction with SELinux, the Linux kernel subsystem that deals with access control security policies. Portal 2 uses the third-party Miles Sound System MP3 decoder which, in turn, uses execheap, a feature that is normally disabled by SELinux. Like its name suggests, execheap allows a program to map a part of the memory so that it is both writable and executable. This could be a problem if someone chose to use that particular memory section for buffer overflow attacks; that would eventually permit the hacker to gain access to the system by running code. In the end, Valve developer David W. took responsibility of the problem: 'I apologize for the mis-communication: Some underlying infrastructure our games rely on is incompatible with SELinux. We are hoping to correct this. Of course closing this bug isn't appropriate and I am re-opening it.' This is more of an upstream problem for Valve. It's not something that they can fix directly, and most likely they will have to talk with the Miles developers and try to repair the problem from that direction."

An anonymous reader writes "The Fedora Project is now going to enforce a "Don't Ask, Don't Tell" policy for contributors. What the project's engineering committee is asking their members to conceal is a contributor's nationality, country of origin, or area of residence. There's growing concern about software development contributions coming from export restricted countries by the US (Cuba, Iran, North Korea, Sudan, and Syria) with Red Hat being based out of North Carolina, but should these governmental restrictions apply to an open-source software project?"

Carcass666 writes "It is usually good to use existing libraries, rather than reinventing the wheel, especially with open source. Unfortunately, sometimes we have to work with closed source implementations. Recently, we were diagnosing a .NET assembly and, after getting nowhere with the vendor, ran it through a decompiler. The code was a morass of SQL concatenation, sloppy type conversions, and various things that are generally thought of as insecure.

My question is: What are Slashdot readers' preferred tools for analyzing .NET and Java compiled libraries (not source code) for potential security vulnerabilities? Ideally, I would like to know if a library is a security liability before I code against it. For example, Microsoft used to have something called FxCop, but it hasn't been updated for current versions of the .NET framework."

itwbennett writes "Oregon is holding back $25.6 million in payments from Oracle (out of some $69.5 million Oracle claims it is owed) over work the vendor did on the state's troubled health care exchange website. The site was supposed to go live on Oct. 1 but its launch has been marred by a slew of bugs and it is not yet fully functional. This week, Cover Oregon said it had reached an agreement with Oracle laying out 'an orderly transition of technology development services, and protects current and future Cover Oregon enrollees,' according to a statement. Oregon officials reached the deal with Oracle after the company reportedly threatened to pull all of its workers off the project and essentially walk away."

An anonymous reader writes "Months after Intel ported the Chromium open-source web browser to Wayland, Chromium is now running on Ubuntu's Mir. The Mir display server port ended up being based on Wayland's Chromium code for interfacing with Google's Ozone abstraction framework. The Ubuntu developer responsible for this work makes claims that they will be trying to better collaborate with Wayland developers over this code." Grab the code hot off the press.

An anonymous reader writes "The Principal Graphics Programmer for BioShock Infinite has put up a post about how the game's lighting was developed. We don't usually get this kind of look into the creation of AAA game releases, but the studio shut down recently, so ex-employees are more willing to explain. The game uses a hybrid lighting system: direct lighting is dynamic, indirect uses lightmaps, shadows are a mix. 'Dynamic lighting was handled primarily with a deferred lighting/light-pre pass renderer. This met our goals of high contrast/high saturation — direct lighting baked into lightmaps tends to be flat, mostly because the specular approximations available were fairly limited.' It's interesting how much detail goes into something you don't really think about when you're playing through the game. 'We came up with a system that supported baked shadows but put a fixed upper bound on the storage required for baked shadows. The key observation was that if two lights do not overlap in 3D space, they will never overlap in texture space. We made a graph of lights and their overlaps. Lights were the vertices in the graph and the edges were present if two lights' falloff shapes overlapped in 3D space. We could then use this graph to do a vertex coloring to assign one of four shadow channels (R,G,B,A) to each light. Overlapping lights would be placed in different channels, but lights which did not overlap could reuse the same channel. This allowed us to pack a theoretically infinite number of lights in a single baked shadow texture as long as the graph was 4-colorable.'"

An anonymous reader writes "This article at O'Reilly Programming suggests that PHP, a language known as much for its weaknesses as its strengths, has made steady progress over the past few years in fixing its problems. From the article: 'A few years ago, PHP had several large frameworks (e.g. CakePHP, CodeIgniter, and so on). Each framework was an island and provided its own implementation of features commonly found in other frameworks. Unfortunately, these insular implementations were likely not compatible with each other and forced developers to lock themselves in with a specific framework for a given project. Today the story is different. The new PHP community uses package management and component libraries to mix and match the best available tools. ... There are also exciting things happening with PHP under the hood, too. The PHP Zend Engine recently introduced memory usage optimizations. The memory usage in PHP 5.5 is far less than earlier versions.'"

An anonymous reader writes "Synthia Tan writes that when you investigate the actual data, controlling for non-gender factors (like number of hours worked) the gender pay gap seems to disappear. 'A longitudinal study of female engineers in the 1980s showed a wage penalty of essentially zero.' In some cases women make more than men: women who work between 30 and 39 hours a week make 111% of what their male counterparts make." The researchers were studying more recent data, too; what are things like on this front where you work?