jones_supa writes "Valve has recently released Portal 2 on Steam for Linux and opened a GitHub entry to gather all the bugs from the community. When one of the Valve developers closed a bug related to Portal 2 recommending that the users disable a security feature, the Linux community reacted. A crash is caused by the game's interaction with SELinux, the Linux kernel subsystem that deals with access control security policies. Portal 2 uses the third-party Miles Sound System MP3 decoder which, in turn, uses execheap, a feature that is normally disabled by SELinux. Like its name suggests, execheap allows a program to map a part of the memory so that it is both writable and executable. This could be a problem if someone chose to use that particular memory section for buffer overflow attacks; that would eventually permit the hacker to gain access to the system by running code. In the end, Valve developer David W. took responsibility of the problem: 'I apologize for the mis-communication: Some underlying infrastructure our games rely on is incompatible with SELinux. We are hoping to correct this. Of course closing this bug isn't appropriate and I am re-opening it.' This is more of an upstream problem for Valve. It's not something that they can fix directly, and most likely they will have to talk with the Miles developers and try to repair the problem from that direction."

An anonymous reader writes "The Fedora Project is now going to enforce a "Don't Ask, Don't Tell" policy for contributors. What the project's engineering committee is asking their members to conceal is a contributor's nationality, country of origin, or area of residence. There's growing concern about software development contributions coming from export restricted countries by the US (Cuba, Iran, North Korea, Sudan, and Syria) with Red Hat being based out of North Carolina, but should these governmental restrictions apply to an open-source software project?"

Carcass666 writes "It is usually good to use existing libraries, rather than reinventing the wheel, especially with open source. Unfortunately, sometimes we have to work with closed source implementations. Recently, we were diagnosing a .NET assembly and, after getting nowhere with the vendor, ran it through a decompiler. The code was a morass of SQL concatenation, sloppy type conversions, and various things that are generally thought of as insecure.

My question is: What are Slashdot readers' preferred tools for analyzing .NET and Java compiled libraries (not source code) for potential security vulnerabilities? Ideally, I would like to know if a library is a security liability before I code against it. For example, Microsoft used to have something called FxCop, but it hasn't been updated for current versions of the .NET framework."

itwbennett writes "Oregon is holding back $25.6 million in payments from Oracle (out of some $69.5 million Oracle claims it is owed) over work the vendor did on the state's troubled health care exchange website. The site was supposed to go live on Oct. 1 but its launch has been marred by a slew of bugs and it is not yet fully functional. This week, Cover Oregon said it had reached an agreement with Oracle laying out 'an orderly transition of technology development services, and protects current and future Cover Oregon enrollees,' according to a statement. Oregon officials reached the deal with Oracle after the company reportedly threatened to pull all of its workers off the project and essentially walk away."

An anonymous reader writes "Months after Intel ported the Chromium open-source web browser to Wayland, Chromium is now running on Ubuntu's Mir. The Mir display server port ended up being based on Wayland's Chromium code for interfacing with Google's Ozone abstraction framework. The Ubuntu developer responsible for this work makes claims that they will be trying to better collaborate with Wayland developers over this code." Grab the code hot off the press.

An anonymous reader writes "The Principal Graphics Programmer for BioShock Infinite has put up a post about how the game's lighting was developed. We don't usually get this kind of look into the creation of AAA game releases, but the studio shut down recently, so ex-employees are more willing to explain. The game uses a hybrid lighting system: direct lighting is dynamic, indirect uses lightmaps, shadows are a mix. 'Dynamic lighting was handled primarily with a deferred lighting/light-pre pass renderer. This met our goals of high contrast/high saturation — direct lighting baked into lightmaps tends to be flat, mostly because the specular approximations available were fairly limited.' It's interesting how much detail goes into something you don't really think about when you're playing through the game. 'We came up with a system that supported baked shadows but put a fixed upper bound on the storage required for baked shadows. The key observation was that if two lights do not overlap in 3D space, they will never overlap in texture space. We made a graph of lights and their overlaps. Lights were the vertices in the graph and the edges were present if two lights' falloff shapes overlapped in 3D space. We could then use this graph to do a vertex coloring to assign one of four shadow channels (R,G,B,A) to each light. Overlapping lights would be placed in different channels, but lights which did not overlap could reuse the same channel. This allowed us to pack a theoretically infinite number of lights in a single baked shadow texture as long as the graph was 4-colorable.'"

An anonymous reader writes "This article at O'Reilly Programming suggests that PHP, a language known as much for its weaknesses as its strengths, has made steady progress over the past few years in fixing its problems. From the article: 'A few years ago, PHP had several large frameworks (e.g. CakePHP, CodeIgniter, and so on). Each framework was an island and provided its own implementation of features commonly found in other frameworks. Unfortunately, these insular implementations were likely not compatible with each other and forced developers to lock themselves in with a specific framework for a given project. Today the story is different. The new PHP community uses package management and component libraries to mix and match the best available tools. ... There are also exciting things happening with PHP under the hood, too. The PHP Zend Engine recently introduced memory usage optimizations. The memory usage in PHP 5.5 is far less than earlier versions.'"

An anonymous reader writes "Synthia Tan writes that when you investigate the actual data, controlling for non-gender factors (like number of hours worked) the gender pay gap seems to disappear. 'A longitudinal study of female engineers in the 1980s showed a wage penalty of essentially zero.' In some cases women make more than men: women who work between 30 and 39 hours a week make 111% of what their male counterparts make." The researchers were studying more recent data, too; what are things like on this front where you work?

First time accepted submitter campingman777 writes "I am being asked by students to develop an associates of applied science in modern web development at my community college. I proposed the curriculum to some other web forums and they were absolutely against it. Their argument was that students would not learn enough higher math, algorithms, and data structures to be viable employees when their industry changes every five years. As part of our mission is to turn out employees immediately ready for the work force, is teaching knowledge-based careers as a vocation appropriate?"

theodp writes "The devil will be in the details, but if you were stoked about last November's announcement of the Wolfram programming language, you'll be pleased to know that a just-released dry-but-insanely-great demo delivered by Stephen Wolfram does not disappoint. Even if you're not in love with the syntax or are a FOSS devotee, you'll find it hard not to be impressed by Wolfram's 4-line solution to a traveling salesman tour of the capitals of Western Europe, 6-line camera-capture-to-image-manipulation demo, or 2-line web crawling and data visualization example. And that's just for starters. So, start your Raspberry Pi engines, kids!"

hypnosec writes "Github has introduced Atom, its new 'web native' code editor which has been in development for more than six years. Atom is available as a part of an invite-only beta program. GitHub describes Atom as an attempt to create an editor 'that will be welcoming to an elementary school student on their first day learning to code, but also a tool they won't outgrow as they develop into seasoned hackers.'" You can request an invite on atom.io. The source to supporting libraries has already been released, but it looks like Atom itself might not be released (although it is a "specialized variant of Chromium designed to be a text editor rather than a web browser."). The editor is extensible in Javascript instead of "special-purpose scripting languages" like Emacs and VIM (is Javascript really any less messy than Emacs-Lisp though?). A preliminary user guide and customization guide are available to all.

An anonymous reader writes "Following one of the best descriptions ever of a hacker I've ever seen, Pete Herzog, creator of the 'security testing' (professional hacking) manual OSSTMM outlines compelling reasons why the traits of the hacker should be taught in school to make better students and better people. It starts out with 'Whatever you may have heard about hackers, the truth is they do something really, really well: discover.' and it covers open education, teaching kids to think for themselves, and promoting hacking as a tool for progress." A good read, despite confusing hacker and hacker a bit. I remember getting to set up Debian on a scrap machine in high school, only to have county IT kill the project because of the horrible danger experimentation could have proven to the network...

Nerval's Lobster writes "Flappy Bird might be kaput, but its hilariously awkward hero is serving another useful purpose in its afterlife: teaching people how to code. Flappy Bird, a free mobile game for Android and iOS that asks the player to guide the titular avian through an obstacle course of vertical pipes, became a sensation earlier this year, seizing the top spots on the Apple and Google Play app stores. Its creator, Dong Nguyen, said the game earned him an average of $50,000 a day through in-app advertising — but that didn't stop him from yanking the game offline in early February. Now Code.org has resurrected Flappy Bird, Phoenix-style, from the smoking wreckage, with a free tutorial that allows anyone with a bit of time to code his or her very own version of the game. There's no actual code to learn, thanks to a visual interface that allows budding developers to drag 'blocks' of commands into place. 'Flappy Bird recently met its untimely death. We might've been tempted to cry all day and give up on spreading computer science (not really, but R.I.P Flappy Bird),' read a note on Code.org's blog. 'Instead, we built a new drag-and-drop tutorial that lets you build your own Flappy game — whether it's Flappy Bird, or Flappy Easter Bunny, Flappy Santa, Flappy Shark with Lasers, Flappy Fairy or Flappy Underwater Unicorn.' Childish? Maybe. But it could help draw people into coding for fun or profit."

theodp writes "The Mercury News' Mike Cassidy reports that women are missing out on lucrative careers in computer science. 'The dearth of women in computing,' writes Cassidy, 'has the potential to slow the U.S. economy, which needs more students in the pipeline to feed its need for more programmers. It harms women by excluding them from some of the best jobs in the country. And it damages U.S. companies, which studies show would benefit from more diverse teams.' The promise of better financial results, says Anita Borg Institute Director Denise Gammal, is making diversity a business imperative. It's 'the sort of imperative that cries out for a movement,' argues Cassidy, 'maybe this time one led not by Rosie the Riveter, but by Peggy the Programmer.' So, where will Peggy the Programmer come from? Well, Google is offering $100 to girls attending U.S. public high schools who complete a Codecademy JavaScript course. 'Currently only 12% of computer science graduates are women,' explains Codecademy, 'and great tech companies like Google want to see more smart girls like you enter this awesome profession!' Google joins tech giant-backed Code.org in incentivizing teachers to bring the next generation of girls to the CS table.

But Silicon Valley claims the talent crisis is now (although there are 19 billion reasons to question SV's hiring acumen). So, what about the women who are here now, asks Dr. AnnMaria De Mars. 'If you are overlooking the women who are here now,' De Mars writes, 'what does that tell the girls you are supposedly bringing up to be the next generation of women in tech that you can overlook 15 years from now? Why do we hear about 16-year-old interns far more than women like me? If it is true, as the New York Times says, that in 2001-2 28% of computer science degrees went to women compared to the 10% or so now — where are those women from 12 years ago? It seems to me that when people are looking at minorities or women to develop in their fields, they are much more interested in the hypothetical idea of that cute 11-year-old girl being a computer scientist someday than of that thirty-something competing with them for market share or jobs. If there are venture capitalists or conference organizers or others out there that are sincerely trying to promote women who code, not girls, I've never met any. That doesn't mean they don't exist, but it means that whoever they are seeking out, it isn't people like me.'"

An anonymous reader writes "I am currently working for a software company that rakes in a lot of money and has an EBIT that puts other companies to shame. The company is great: good benefits, lots of vacation time, very good salary. However the problem is that their architecture is already established, change is often slow moving, and most of the decisions are made by architects as oppose to developers. I find my job somewhat mundane and I am losing interest. I recently was offered another job, with a small company that doesn't have the capital/revenue stream to provide all the perks that my current employer has. Needless to say, this small company wants someone to take their system into the modern age, which means re-design/new architecture, implementation, maintenance, team lead, etc.... thus, more experience to add to my resume. These are things that I won't be able to do easily in my current job. My concern is that it appears this company has really high expectations, and since I had to take a small pay cut to get this position it leaves a but of uneasiness in my stomach for future promotions/advancements. However I believe in their product, their vision/goals, the people and the future of the company. I feel excited but also scared as its a bit of a gamble. Has anyone else experienced the same thing?"

itwbennett writes "Writing about his career decisions, programming language choices, and regrets, Rob Conery says that as a .NET developer he became more reliant on an IDE than he would have with PHP. Blogger, and .NET developer, Matthew Mombrea picks up the thread, coming to the defense of IDEs (Visual Studio in particular). Mombrea argues that 'being a good developer isn't about memorizing the language specific calls, it's about knowing the available ways to solve a problem and solving it using the best technique or tools as you can.' Does using an IDE make you lazy with the language? Would you be better off programming with Notepad?"

Saint Aardvark writes "If you're a Unix or Linux sysadmin, you know sudo: it's that command that lets you run single commands as root from your own account, rather than logging in as root. And if you're like me, here's what you know about configuring sudo:

1.) Run sudoedit and uncomment the line that says "%wheel ALL=(ALL) ALL".
2.) Make sure you're in the wheel group.
3.) Profit!

If you're a sysadmin, you need to stop people from shooting themselves in the foot. There should be some way of restricting use, right? Just gotta check out the man page.... And that's where I stopped, every time. I've yet to truly understand Extended Backus-Naur Form, and my eyes would glaze over. And so I'd go back to putting some small number of people in the 'wheel' group, and letting them run sudo, and cleaning up the occasional mess afterward. Fortunately, Michael W. Lucas has written Sudo Mastery: User Access Control for Real People." Keep reading for the rest of Saint Aardvark's review.

New submitter angel115 points out this article on the widespread fraud committed in India against many thousands of those seeking visas to work in the U.S. Many Indian techies rely on the services of visa brokers (or people who claim to be), and end up burned by the transaction. From the article: "Some are lucky enough to get a visa — only to find that the promised job in the US doesn’t materialize. Then the visa holders are forced to return to India after spending thousands of dollars just surviving. ... No official figures are available for the number of frauds in India, but an unclassified document released by Wikileaks showed that in 2009, US consular officials cited H-1B scams as one of the two most common fraud categories in India." Another interesting detail: As part of a U.S. government investigation, "Officers investigated 150 companies in the city and discovered that 77 percent 'turned out to be fraudulent or highly suspect.' ... Officials uncovered a scheme where Hyderabadis were claiming to work for made-up companies in Pune so the Mumbai consulate would be less suspicious about their applications. 'The Hyderabadis claimed that they had opened shell companies in Bangalore because "everyone knows Hyderabad has fraud and Bangalore is reputable,” according to the internal communiqué [later published by Wikileaks]."

Hugh Pickens DOT Com writes "Chris Parnin has an interesting read about an international team of scientists lead by Dr. Janet Siegmund using brain imaging with fMRI to understand the programmer's mind and to compare and contrast different cognitive tasks used in programming by analyzing differences in brain locations that are activated by different tasks. One recent debate illuminated by their studies is recent legislation that considers offering foreign-language credits for students learning programming languages. There have been many strong reactions across the software-developer community. Some developers consider the effort laudable but misguided and proclaim programming is not at all like human language and is much closer to mathematics. Siegmund observed 17 participants inside an fMRI scanner while they were comprehending short source-code snippets and found a clear, distinct activation pattern of five brain regions, which are related to language processing, working memory, and attention. The programmers in the study recruited parts of the brain typically associated with language processing and verbal oriented processing (ventral lateral prefrontal cortex). At least for the simple code snippets presented, programmers could use existing language regions of the brain to understand code without requiring more complex mental models to be constructed and manipulated." (Read on for more.)

An anonymous reader writes "On Friday, Chrome 33 was shipped out the everyone on the stable channel. Among other things, it removes the developer flag to disable the "Instant Extended API", which powers an updated New Tab page. The new New Tab page receieved a large amount of backlash from users, particularly due to strange behavior when Google wasn't set as the default search engine. It also moves the apps section to a separate page and puts the button to reopen recently closed tabs in the Chrome menu. With the option to disable this change removed, there has been tremendous backlash on Google Chrome's official forum. The official suggestion from Google as well as OMG! Chrome is to try some New Tab page changing extensions, such as Replace New Tab, Modern New Tab Page, or iChrome."