Become a fan of Slashdot on Facebook
chicksdaddy writes "Two researchers at the Black Hat Briefings security conference Thursday said Smart TVs from electronics giant Samsung are rife with vulnerabilities in the underlying operating system and Java-based applications. Those vulnerabilities could be used to steal sensitive information on the device owner, or even spy on the television's surroundings using an integrated webcam. Speaking in Las Vegas, Aaron Grattafiori and Josh Yavor, both security engineers at the firm ISEC Partners, described Smart TVs as Linux boxes outfitted with a Webkit-based browser. They demonstrated how vulnerabilities in SmartHub, the Java-based application that is responsible for many of the Smart TV's interactive features, could be exploited by a local or remote attacker to surreptitiously activate and control an embedded webcam on the SmartTV, launch drive-by download attacks and steal local user credentials and those of connected devices, browser history, cache and cookies as well as credentials for the local wireless network. Samsung has issued patches for many of the affected devices and promises more changes in its next version of the Smart TV. This isn't the first time Smart TVs have been shown to be vulnerable. In December, researchers at the firm ReVuln also disclosed a vulnerability in the Smart TV's firmware that could be used to launch remote attacks."
msmoriarty writes "Google's Don Dodge, GitHub's Tom Preston-Werner, New Relic's Lew Cirne and others recently got together in San Francisco on a panel called 'The Developer is King: The Power Behind the Throne.' According to coverage of the event, the panelists all agreed that programmers — both independent ones and those employed by companies — have more power, and thus opportunities, than ever. Even the marketing power of developers was acknowledged: 'The only way to convince a developer is by giving them a demo and showing them how it's better,' said Preston-Werner. 'The beauty is, you plant these seeds around the world, and those people will evangelize it for you. Because another thing that developers are great at is telling other developers what works for them.'"
twofishy writes "Something I've noticed amongst financial service companies in London is a growing use of Java in preference to C/C++ for exchange systems, High Frequency Trading and over low-latency work. InfoQ has a good written panel discussion with Peter Lawrey, Martin Thompson, Todd L. Montgomery and Andy Piper. From the article: 'Often the faster an algorithm can be put into the market, the more advantage it has. Many algorithms have a shelf life and quicker time to market is key in taking advantage of that. With the community around Java and the options available, it can definitely be a competitive advantage, as opposed to C or C++ where the options may not be as broad for the use case. Sometimes, though, pure low latency can rule out other concerns. I think currently, the difference in performance between Java and C++ is so close that it's not a black and white decision based solely on speed. Improvements in GC techniques, JIT optimizations, and managed runtimes have made traditional Java weaknesses with respect to performance into some very compelling strengths that are not easy to ignore.'"
Nerval's Lobster writes "Developer and editor Jeff Cogswell asks: When it comes to implementing a CouchDB installation, do you roll your own, or go with a service that provides a hosted version of the database? He takes a look at some of the technologies present in CouchDB that can greatly influence that decision. His conclusion? Like all things, it's a little complicated. 'If you're going to be self-hosting—unless you're working on a really small system—don't use the basic CouchDB for anything,' he writes. 'If you want scalability, either go with Couchbase or BigCouch, or wait until Cloudant's BigCouch merger into CouchDB is officially available.' But going with a host also creates its own things to watch for, including potential issues with replication and eventual consistency."
snydeq writes "Taming technology is sometimes more art than science, but the difference can sometimes be hard to discern, writes Deep End's Paul Venezia. 'You've probably come across colleagues who were extremely skilled at their jobs — system administrators who can bend a zsh shell to their every whim, or developers who can write lengthy functions that compile without a whimper the first time. You've probably also come across colleagues who were extremely talented — who could instantly visualize a new infrastructure addition and sketch it out to extreme detail on a whiteboard while they assembled it in their head, for example, or who could devise a new, elegant UI without breaking a sweat. The truly gifted among us exhibit both of those traits, but most fall into one category or another. There is a difference between skill and talent. Such is true in many vocations, of course, but IT can present a stark contrast between the two.'"Assuming Venezia is correct, which do you think is more important?
theodp writes "In the movie Groundhog Day, a weatherman finds himself living the same day over and over again. It's a tale to which software-designers-of-a-certain-age can relate. Like Philip Greenspun, who wrote in 1999, 'One of the most painful things in our culture is to watch other people repeat earlier mistakes. We're not fond of Bill Gates, but it still hurts to see Microsoft struggle with problems that IBM solved in the 1960s.' Or Dave Winer, who recently observed, 'We marvel that the runtime environment of the web browser can do things that we had working 25 years ago on the Mac.' And then there's Scott Locklin, who argues in a new essay that one of the problems with modern computer technology is that programmers don't learn from the great masters. 'There is such a thing as a Beethoven or Mozart of software design,' Locklin writes. 'Modern programmers seem more familiar with Lady Gaga. It's not just a matter of taste and an appreciation for genius. It's a matter of forgetting important things.' Hey, maybe it's hard to learn from computer history when people don't acknowledge the existence of someone old enough to have lived it, as panelists reportedly did at an event held by Mark Zuckerberg's FWD.us last Friday!"
Nerval's Lobster writes "If struggling online-games developer Zynga thought things were bad before, they could be turning a whole lot worse: Facebook is rolling out a pilot program for small- and medium-sized game developers. 'Through the program, we will work with select game developers and provide promotional support for their games in placements across our mobile apps,' reads a note on the Facebook Developers Website. Facebook is promising those developers access to the social network's '800 million monthly mobile users,' a variety of analytics tools for measuring their games' impact, and a 'unique targeting ability' for finding the right audiences — all for a cut of the games' revenue. 'We will be collaborating deeply with developers in our program by helping them cultivate high-quality, long-term players for their games,' the note added. Zynga benefited mightily from its relationship with Facebook, but other developers have subsequently realized they can utilize many of Zynga's tricks — and the social network's enormous audience — for their own ends. King is now Facebook's top app developer, largely on the strength of its Candy Crush Saga game. If Facebook encourages more small- and medium-sized developers to jump into the social gaming, it could fill the arena with even more competitors, which could prove bad news for the already-reeling Zynga. But for Facebook, the benefits are obvious: if any of those tiny-for-the-moment developers create a hit game, the revenues will come flooding in. That would supplement the social network's ad revenue, all while ensuring it doesn't need to overly depend on a single large developer with a set portfolio of games. Zynga has already been suffering from gaming-studio closings, games being shut down, and a declining user-base."
siliconbits writes "The debate about tagging has been going for nearly a decade. Slashdot has covered it a number of times. But it seems that nobody has yet to come up with a foolproof solution to tagging. Even luminaries like Engadget, The Verge, Gizmodo and Slashdot all have different tagging schemes. Commontag, a venture launched in 2009 to tackle tagging, has proved to be all but a failure despite the backing of heavyweights like Freebase, Yahoo and Zemanta. Even Google gave up and purchased Freebase in July 2010. Somehow I remain convinced that a unified, semantically-based solution, using a mix of folksonomy and taxonomy, is the Graal of tagging. I'd like to hear from fellow Slashdotters as to how they tackle the issue of creating and maintaining a tagging solution, regardless of the platform and the technologies being used in the backend." A good time to note: there may be no pretty way to get at them, but finding stories with a particular tag on Slashdot is simple, at least one at a time: Just fill in a tag you'd like to explore after "slashdot.org/tag/", as in "slashdot.org/tag/bizarro."
ectoman writes "Are firms responsible for GPL violations on code they receive from third parties? A German court thinks so. The Regional Court of Hamburg recently ruled that Fantec, a European media player maker, failed to distribute 'complete corresponding source code' for firmware found in some of its products. Fantec claims its third-party firmware supplier provided the company with appropriate source code, which Fantext made available online. But a hackathon organized by the Free Software Foundation Europe discovered that this source code was incomplete, and programmer Harald Welte filed suit. He won. Mark Radcliffe, an IP expert and senior partner at DLA Piper who specializes in open source licensing issues, has analyzed the case—and argued that it underscores the need for companies to implement internal GPL compliance processes. 'Fantec is a reminder that companies should adopt a formal FOSS use policy which should be integrated into the software development process,' he writes. 'These standards should include an understanding of the FOSS management processes of such third-party suppliers. The development of a network of trusted third-party suppliers is critical part of any FOSS compliance strategy.'"
achowe writes "The 22nd International Obfuscated C Code Contest opens 2013-Aug-01 03:14:15 UTC through to 2013-Oct-03 09:26:53 UTC. The rules have been updated, in particular Rule 2 (size rule) has changed. The draft rules and guidelines are available online. In addition there is now an IOCCC Size Rule Tool to aid with counting the secondary size rule. Questions and comments for the Judges can be emailed to firstname.lastname@example.org and must include 'IOCCC 2013' in the subject. Or contact them via Twitter @IOCCC." Anyone planning on entering?
First time accepted submitter chris.kohlhepp writes "The Emacs editor just got consolidated package management with "Feline Herd", offering 2000+ packages under one roof. No struggle with convoluted keyboard shortcuts — only easy GUI navigation via toolbar buttons! Every conceivable programming language is handled. Cuts the Emacs learning curve to a minimum for learners."
alphadogg writes "Oracle is continuing to crack down on companies it claims are providing support services for its products in an illegal fashion. Last week, Oracle sued IT services providers Terix and Maintech, alleging they have 'engaged in a deliberate scheme to misappropriate and distribute copyrighted, proprietary Oracle software code' in the course of providing support for customers using Oracle's Solaris OS. Oracle's allegations are similar to ones it has made in lawsuits against other Solaris service providers, such as ServiceKey, as well as Rimini Street, which provides third-party support for Oracle and SAP applications."
Nerval's Lobster writes "Forget about hacking an app or database: for a small cadre of hackers in San Francisco, it's all about writing code that can score them a great table at a hot restaurant. According to the BBC, these developers and programmers have designed bots that scan restaurant Websites for open tables and reserve them. Diogo Mónica, a security engineer with e-commerce firm Square, is one of those programmers. A self-described foodie, he decided to get around his inability to score a table at the ultra-popular State Bird Provisions by writing a script that sent out an email every time the restaurant's reservation page changed. 'Once a reservation got canceled I would get an email and could quickly get it for myself,' he wrote in a blog posting. But soon he noticed something peculiar: 'As soon as reservations became available on the website (at 4am), all the good times were immediately taken and were gone by 4:01am.' He suspected it was automated 'reservation bots at work,' built by other programmers with a hankering for fine cuisine. 'After a while even cancellations started being taken immediately from under me,' he wrote. 'It started being common receiving an email alerting of a change, seeing an available time, and it being gone by the time the website loaded.' His solution was to build his own reservation bot, using Ruby, and post the code in the wild."
An anonymous reader writes "Apple's had a small, very secretive office in Cambridge, MA for a few months now. And we finally know what they're doing: Building a team that works on speech technology for Siri. Sure, it's interesting for Apple to have a remote engineering team. And hiring from MIT is a no-brainer. But here's why this is a bigger deal: Apple has always relied on Nuance, a Boston-area company, for the speech-recognition technology behind Siri. By branching out with its own speech team — stocked with former Nuance scientists, no less — Apple could very well be signaling a move away from relying on Nuance for this core technology. And the speech wars are just heating up: Microsoft and Amazon both have speech engineering offices in the Boston area too."
snydeq writes "Java 8 brings exciting developments, but as with any new technology, you can count on the good, the bad, and the headaches, writes Andrew C. Oliver. 'Java 8 is trying to "innovate," according to the Microsoft meaning of the word. This means stealing a lot of things that have typically been handled by other frameworks and languages, then incorporating them into the language or runtime (aka standardization). Ahead of the next release, the Java community is talking about Project Lambda, streams, functional interfaces, and all sorts of other goodies. So let's dive into what's great — and what we can hate.'"
tlhIngan writes "Microsoft was the last platform manufacturer to require that all games go through publishers, a much hated policy. Indeed, their approval process was one of the harshest around. But now Microsoft will allow indie developers to self publish, and allow retail Xbox One units to serve as developer consoles. Previously, self-publishing developers were relegated to the 'Xbox Live Indie Arcade' section, as well as developer consoles often costing upwards of $10,000 with special requirements and NDAs. This puts Microsoft's Xbox One more in line with Apple's App Store, including Microsoft's new promise of a 14-day turnaround for approvals. Microsoft's retail debug console system is to work similarly to Apple's — that is, to run pre-release code, the individual consoles used have to be registered with Microsoft."
Ingy döt Net (yes, that's his name) likes to bridge gaps in the software world. People get religious about their favorite programming languages, he says, but in the end, no matter the language, the methodology or the underlying OS, all programming is about telling computers what to do -- from "add these numbers" to complex text manipulation. Ingy compares a new app or module in the world of Free and Open Source as a gift that the creator has given to others; if that gift can be simultaneously bestowed on users of Perl, Python, and Ruby at the same time, its worth is amplified. So he proposes (and provides a growing set of tools) to make programming language irrelevant, by the sly means of encouraging people to write software using whatever their favorite tools are, but with a leaning toward using only language features which are broadly available to *other* programming languages as well. He's adopted the term Acmeism to describe this approach; Acmeists who follow his lead strive to create software that is broadly re-useable and adaptable, rather than tied only to a single platform.
An anonymous reader writes "How can we ensure, together, that this will not be the last GUADEC? Last year, during GUADEC, there was that running joke amongst some participants that this was the last GUADEC. It was, of course, a joke. Everybody was expecting to see each other in Brno, in 2013. One year later, most of those who were joking are not coming to GUADEC. For them, the joke became a reality. People are increasingly leaving the desktop computer to use phones, tablets and services in the cloud. The switch is deeper and quicker than anything we imagined. Projects are also leaving GTK+ for QT. Unity abandoned GTK+, Linus Torvald's Subsurface is switching from GTK+ to Qt. If you spot a GNOME desktop in a conference, chances are that you are dealing with a Red Hat employee. That's it. According to Google Trends, interest in GNOME and GTK+ is soon to be extinct."
Travis Goodspeed has authored a blog post detailing his method of tracking low-earth-orbit satellites. Starting with an old Felcom 82B dish made for use on maritime vessels, he added motors to move it around and a webcam-based homemade calibration system. "For handling the radio input and controlling the motors, I have a BeagleBone wired into a USB hub. These are all mounted on the trunk of the assembly inside of the radome, sending data back to a server indoors. ... In order to operate the dish, I wanted both a flashy GUI and concise scripting, but scripting was the higher priority. Toward that end, I constructed the software as a series of daemons that communicate through a PostgreSQL database on a server inside the house. For example, I can run SELECT * FROM sats WHERE el>0 to select the names and positions of all currently tracked satellites that are above the horizon. To begin tracking the International Space Station if it is in view, I run UPDATE target SET name='ISS';. For predicting satellite locations, I wrote a quick daemon using PyEphem that fetches satellite catalog data from CelesTrak. These positions are held in a database, with duplicates filtered out and positions constantly updated. PyEphem is sophisticated enough to predict in any number of formats, so it's easy to track many of the brighter stars as well as planets and deep-space probes, such as Voyagers 1 and 2."