jrepin writes "Google is offering rewards as high as $3,133.70 for software updates that improve the security of OpenSSL, OpenSSH, BIND, and several other open-source packages that are critical to the stability of the Internet. The program announced Wednesday expands on Google's current bug-bounty program, which pays from $500 to $3,133.70 to people who privately report bugs found in the company's software and Web properties." Google isn't the only company that sees the value in rewarding those who find security problems: Microsoft just paid British hacker James Forshaw $100,000 for finding a serious security flaw in Windows 8.1.
Hugh Pickens DOT Com writes "Andrew Binstock writes at Dr. Dobb's that a recurring prejudice in the forums where the cool kids hang out is against Java, often described as verbose and fading in popularity but Binstock sees little supporting evidence of Java being in some kind of long-term decline. While it is true that Java certainly can be verbose, several scripting languages have sprung up which are purpose-designed to spare developers from long syntactical passages to communicate a simple action, including NetRexx, Groovy, and Scala. As far as Java's popularity goes, normally, when technologies start their ultimate decline, tradeshows are the first to reflect the disintegrating community. But the recent JavaOne show was clearly larger and better attended than it has been in either of the last two years and vendors on the exhibiting floor were unanimous in saying that traffic, leads, and inquiries were up significantly over last year. Technically, the language continues to advance says Binstock. Java 8, expected in March, will add closures (that is, lambda expressions) that will reduce code, diminish the need for anonymous inner classes, and facilitate functional-like coding. Greater modularity which will be complete in Java 9 (due in 2016) will help efficient management of artifacts, as will several enhancements that simplify syntax in that release. 'When you add in the Android ecosystem, whose native development language is Java, it becomes very difficult to see how a language so widely used in so many areas — server, Web, desktop, mobile devices — is in some kind of decline,' concludes Binstock. 'What I'm seeing is a language that is under constant refinement and development, with a large and very active community, which enjoys a platform that is widely used for new languages. None of this looks to me like a language in decline.'"
jones_supa writes "A new major version of the classic GNU Make software has been released. First of all, Make 4.0 has integration support for GNU Guile Scheme. Guile is the extension system of the GNU project that is a Scheme programming language implementation and now in the Make world will be the embedded extension language. 4.0 also features a new 'output-sync' option, 'trace-enables' for tracing of targets, a 'none' flag for the 'debug' argument, and the 'job server' and .ONESHELL features are now supported under Windows. There are also new assignment operators, a new function for writing to files, and other enhancements. It's been reported that Make 4.0 also has more than 80 bug-fixes. More details can be found from their release announcement on the mailing list."
An anonymous reader writes "vBulletin is a popular proprietary CMS that was recently reported to be vulnerable to an unspecified attack vector. Although vBulletin has not disclosed the root cause of the vulnerability or its impact, we determined the attacker's methods. The identified vulnerability allows an attacker to abuse the vBulletin configuration mechanism in order to create a secondary administrative account. Once the attacker creates the account, they will have full control over the exploited vBulletin application, and subsequently the supported site."
mattydread23 writes "Most gamification efforts fail. But when DirecTV wanted to encourage its IT staff to be more open about sharing failures, it created a massive internal game called F12. Less than a year later, it's got 97% participation and nearly everybody in the IT group actually likes competing. So what did DirecTV do right? The most important thing was to devote a full-time staffer to the game, and to keep updating it constantly."
McGruber writes "AllThingsD has the news that Hewlett-Packard has enacted a policy requiring most employees to work from the office and not from home. According to an undated question-and-answer document distributed to HP employees, the new policy is aimed at instigating a cultural shift that 'will help create a more connected workforce and drive greater collaboration and innovation.' The memo also said, 'During this critical turnaround period, HP needs all hands on deck. We recognize that in the past, we may have asked certain employees to work from home for various reasons. We now need to build a stronger culture of engagement and collaboration and the more employees we get into the office the better company we will be.' One major complication is that numerous HP offices don't have sufficient space to accommodate all of their employees. According to sources familiar with the company's operations, as many as 80,000 employees, and possibly more, were working from home in part because the company didn't have desks for them all within its own buildings."
An anonymous reader writes "Soured by his attempt to acquire a quote from healthcare.gov, James Turner compiled a short list of things developers can learn from the experience: 'The first highly visible component of the Affordable Health Care Act launched this week, in the form of the healthcare.gov site. Theoretically, it allows citizens, who live in any of the states that have chosen not to implement their own portal, to get quotes and sign up for coverage. I say theoretically because I've been trying to get a quote out of it since it launched on Tuesday, and I'm still trying. Every time I think I've gotten past the last glitch, a new one shows up further down the line. While it's easy to write it off as yet another example of how the government (under any administration) seems to be incapable of delivering large software projects, there are some specific lessons that developers can take away. 1) Load testing is your friend.'"
MojoKid writes "Although Intel is Chipzilla, the company can't help but extend its reach just a bit into the exciting and growing world of DIY makers and hobbyists. Intel announced its Galileo development board, a microcontroller that's compatible with Arduino software and uses the new Quark X1000 processor (400MHz, 32-bit, Pentium-class, single- core and thread) that Intel announced at the IDF 2013 keynote. The board makes use of Intel's architecture to make it easy to develop for Windows, Mac, and Linux, but it's also completely open hardware (PDF). Galileo is 10cm x 7cm (although ports protrude a bit beyond that), and there are four screw holes for secure mounting. Ports include 10/100 Ethernet, USB client/host ports, RS-232 UART and 3.5mm jack, mini PCIe slot (with USB 2.0 host support); other features include 8MB Legacy SPI Flash for firmware storage, 512KB embedded SRAM, 256MB DRAM, 11KB EEPROM programmed via the EEPROM library, and support for an additional 32GB of storage using a microSD card."
CowboyRobot sends this excerpt from Dr. Dobb's: "Ten years of surveys show an influx of younger developers, more women, and personality profiles at odds with traditional stereotypes. Software development is an art and a science that is not attainable for just anyone. It takes a special type of person to write code. Developers are detail-oriented, very literal, and intelligent. Logic is paramount, and they share a passion for their craft that rises above the desire to make more money. They are also typically married, middle-aged, have children, and most likely a mortgage. In one of a series of surveys that we've performed every six months since 2001 (interviewing each time more than 1400 developers worldwide), we find the typical developer is a married, middle-aged male, who has two to three children. Males have dominated the profession for as long we've been tracking this; and during that time, they have accounted for anywhere from 84% to 94% of the workforce. The number of male developers is currently close to the low, at 86%, which might indicate more females are taking up programming."
the agent man writes "Wired Magazine is exploring how early kids should learn to code. One of the challenges is to find the proper time in schools to teach programming. Are teachers at elementary and middle school levels really able to teach this subject? The article suggests that even very young kids can learn to program and lists a couple of early experiments as well as more established ideas including the Scalable Game Design curriculum. However, the article also suggests that programming may have to come at the cost of Foreign language learning and music."
New submitter ddyer writes "Java 1.7.0_40 [Note: released earlier this month] introduces a new 'red text' warning when running unsigned Java applets. 'Running unsigned applications like this will be blocked in a future release...' Or, for self-signed applets,'Running applications by UNKNOWN publishers will be blocked in a future release...' I think I see the point — this will give the powers that be the capability to shut off any malware java applet that is discovered by revoking its certificate. The unfortunate cost of this is that any casual use of Java is going to be killed. It currently costs a minimum of $100/year and a lot of hoop-jumping to maintain a trusted certificate.'"
coondoggie writes "In his keynote address at a security conference today, Apple co-founder Steve Wozniak admitted he has enjoyed many adventures in hacking often for the sake of pranks on friends and family, especially back in his college days and the early years of working on computers and the Internet. 'I like to play jokes,' said the Wozniak jovially as he addressed his audience of thousands of security professionals attending the ASIS Conference in Chicago. The famed inventor at Apple admitted he also had some fun with light-hearted forays into hacking computer and telecommunications networks several decades ago back in his college years and while learning about electronics and computers."
itwbennett writes "A couple of years ago, developer Sammy Larbi undertook a project to identify which languages had the most instances of the string 'WTF' in their GitHub code repositories. At the time, Objective C topped the list. ITworld's Phil Johnson has updated Larbi's research using GitHub data from the last 21 months, but instead of screen-scraping GitHub search results as Larbi had done, he queried the GitHub Archive for stand-alone instances of 'WTF' in the comments attached to GitHub commits to weed out cases where the string 'WTF' was legitimately used in the code. The three most baffling languages for 2012/13: C++, Lua, and Scala. Objective C comes in at #16."
An anonymous reader writes "LLVM's libc++ standard library (an alternative to GNU libstdc++) now has full support for C++1y, which is expected to become C++14 next year. Code merged this week implements the full C++1y standard library, with support for new language features in the Clang compiler frontend nearly complete." GCC has some support for the soon-to-be standard too. The C++ standards committee is expected to produce a more or less final draft in just a few weeks. The LLVM and GCC C++14 status pages both have links to the proposals for the new features.
jrepin writes "The KDE libraries are being methodically reworked into a set of cross platform modules that will be readily available to all Qt developers. The KDE Frameworks, designed as drop-in Qt Addons, will enrich Qt as a development environment with functions that simplify, accelerate and reduce the cost of Qt development. For example, KArchive (one of the first Frameworks available) offers support for many popular compression codecs in a self-contained and easy-to-use file archiving library. Just feed it files; there's no need to reinvent an archiving function." This is a pretty major thing: "The introduction of Qt's Open Governance model in late 2011 offered the opportunity for KDE developers to get more closely involved with Qt, KDE's most important upstream resource. ... These contributions to Qt form the basis for further modularization of the KDE libraries. The libraries are moving from being a singular 'platform' to a set of 'Frameworks'. ... Instead it is a comprehensive set of technologies that becomes available to the whole Qt ecosystem." The new KDE Frameworks will be layered as three tiers of components, with each tier consisting of three semi-independent groups of libraries (the article explains the category/tier dependencies; it's a bit hairy for a quick summary). A dashboard shows the status of each component.
ananyo writes "An offshoot of Mozilla is aiming to discover whether a review process could improve the quality of researcher-built software that is used in myriad fields today, ranging from ecology and biology to social science. In an experiment being run by the Mozilla Science Lab, software engineers have reviewed selected pieces of code from published papers in computational biology. The reviewers looked at snippets of code up to 200 lines long that were included in the papers and written in widely used programming languages, such as R, Python and Perl. The Mozilla engineers have discussed their findings with the papers’ authors, who can now choose what, if anything, to do with the markups — including whether to permit disclosure of the results. But some researchers say that having software reviewers looking over their shoulder might backfire. 'One worry I have is that, with reviews like this, scientists will be even more discouraged from publishing their code,' says biostatistician Roger Peng at the Johns Hopkins Bloomberg School of Public Health in Baltimore, Maryland. 'We need to get more code out there, not improve how it looks.'"
theodp writes "Nate West has a nice essay on the importance of whimsy in learning to program. "It wasn't until I was writing Ruby that I found learning to program to be fun," recalls West. "What's funny is it really doesn't take much effort to be more enjoyable than the C++ examples from earlier...just getting to write gets.chomp and puts over cout > made all the difference. Ruby examples kept me engaged just long enough that I could find Why's Poignant Guide to Ruby." So, does the future of introductory computer programming books and MOOCs lie in professional, business-like presentations, or does a less-polished production with some genuine goofy enthusiasm help the programming medicine go down?"
Hugh Pickens DOT Com writes "ZDNet reports that Oracle's Larry Elison kicked off Oracle OpenWorld 2013 promising a 100x speed-up querying OTLP database or data warehouse batches by means of a 'dual format' for both row and column in-memory formats for the same data and table. Using Oracle's 'dual-format in-memory database' option, every transaction is recorded in row format simultaneously with writing the same data into a columnar database. 'This is pure in-memory columnar technology,' said Ellison, explaining that means no logging and very little overhead on data changes while the CPU core scans local in-memory columns. Ellison followed up with the introduction of Oracle's new M6-32 'Big Memory Machine,' touted to be the fastest in-memory machine in the world, hosting 32 terabytes of DRAM memory and up to 384 processor cores with 8-threads per core."
angry tapir writes "A team of developers has launched a new crowdfunding platform — Drupalfund.us — that's designed to help accelerate development work on the open-source Drupal CMS, as well as potentially fund new training material and other projects of interest to community members. I had a long-ish chat to one of the co-founders about the goals of the platform and how crowdfunding can be used to push forward open source development."