Slashdot

An anonymous reader writes to tell us that finding malicious code might have just become a little harder. Last week at the ACM Conference on Computer and Communications Security, security researchers Joshua Mason, Sam Small, Fabian Monrose, and Greg MacManus presented a method they developed to generate English shell code [PDF]. Using content from Wikipedia and other public works to train their engine, they convert arbitrary x86 shell code into sentences that read like spam, but are natively executable. "In this paper we revisit the assumption that shell code need be fundamentally different in structure than non-executable data. Specifically, we elucidate how one can use natural language generation techniques to produce shell code that is superficially similar to English prose. We argue that this new development poses significant challenges for in-line payload-based inspection (and emulation) as a defensive measure, and also highlights the need for designing more efficient techniques for preventing shell code injection attacks altogether."

igrigorik writes "In the short span of just a couple of years, the Ruby VM space has evolved to more than just a handful of choices: MRI, JRuby, IronRuby, MacRuby, Rubinius, MagLev, REE and BlueRuby. Four of these VMs will hit 1.0 status in the upcoming year and will open up entirely new possibilities for the language — Mac apps via MacRuby, Ruby in the browser via Silverlight, object persistence via Smalltalk VM, and so forth. This article takes a detailed look at the past year, the progress of each project, and where the community is heading. It's an exciting time to be a Rubyist."

aaaaaaargh! writes "I'm using a laptop with Ubuntu 8.04 for work, a netbook with Ubuntu 9.10 when I'm outside, Mac OS X 10.5 for hobby projects, and Windows XP for gaming. For backups, I'm currently using Jungle Disk and Apple's Time Machine, and I use a local svn repository for my work data. Now I need to frequently exchange and synchronize OpenOffice and Latex files and source code in various cross-platform programming languages between one machine and another. Options range from putting everything online (but Jungle Disk disks seem to be too slow for anything else than backup), storing my data on external media like USB sticks or SD cards, or working with copies by synchronizing folders over the network. I don't want to give my data away to some server outside without strong encryption (controlled by me, including the source code) and external media like USB sticks are a bit too fragile according to my taste. The solution should be reliable, relatively failsafe, as simple as possible, and allow me to continue to use Jungle Disk for backup. So what would you recommend?"

Hugh Pickens writes "The advantages of RISC are well known — simplifying the CPU core by reducing the complexity of the instruction set allows faster speeds, more registers, and pipelining to provide the appearance of single-cycle execution. Al Williams writes in Dr Dobbs about taking RISC to its logical conclusion by designing a functional computer called One-Der with only a single simple instruction — a 32-bit Transfer Triggered Architecture (TTA) CPU that operates at roughly 10 MIPS. 'When I tell this story in person, people are usually squirming with the inevitable question: What's the one instruction?' writes Williams. 'It turns out there's several ways to construct a single instruction CPU, but the method I had stumbled on does everything via a move instruction (hence the name, "Transfer Triggered Architecture").' The CPU is implemented on a Field Programmable Gate Array (FPGA) device and the prototype works on a 'Spartan 3 Starter Board' with an XS3C1000 device available from Digilent that has the equivalent of about 1,000,000 logic gates, costing between $100 and $200. 'Applications that can benefit from custom instruction in hardware — things like digital signal processing, for example — are ideal for One-Der since you can implement parts of your algorithm in hardware and then easily integrate those parts with the CPU.'"

itwbennett writes "Pity the poor engineer who had to find this one. One of the more interesting of the handful of bugs that have appeared since the launch of Verizon's Droid smartphone has to do with the on-board camera's auto-focus. Apparently it just didn't work. And then suddenly it did. Naturally, this off-again, on-again made the theories fly. But the real reason for the bug was revealed in a comment on an Engadget post by someone claiming to be Google engineer Dan Morrill: 'There's a rounding-error bug in the camera driver's autofocus routine (which uses a timestamp) that causes autofocus to behave poorly on a 24.5-day cycle,' said Morrill. 'That is, it'll work for 24.5 days, then have poor performance for 24.5 days, then work again. The 17th is the start of a new 'works correctly' cycle, so the devices will be fine for a while. A permanent fix is in the works.'"

This week the Codeplex Foundation announced its first project, the ASP.NET Ajax Library Project, as part of its first sponsored gallery, the ASP.NET Gallery. The CodePlex Foundation is now two months old, and Foundation President Sam Ramji has agreed to answer questions about the Foundation, its first project, and overall progress to date. Usual Slashdot interview rules apply.

davecb writes "The ACM has been kind enough to print Paul Stachour's and my 'jack' article about Software Maintenance. Paul first pointed out back in 1984 that we and our managers were being foolish — when we were still running Unix V7 — and if anything it's been getting worse. Turns out maintenance has been a 'solved problem in computer science' since at least then, and we're just beginning to rediscover it."

An anonymous reader writes "Back in July, Microsoft announced it was making .NET available under its Community Promise, which in theory allowed free software developers to use the technology without fear of patent lawsuits. Not surprisingly, many free software geeks were unconvinced by the promise (after all, what's a promise compared to an actual open licence?), but now Microsoft has taken things to the next level by releasing the .NET Micro Framework under the Apache 2.0 licence. Yes, you read that correctly: a sizeable chunk of .NET is about to go open source."

itwbennett writes "What do your comments say about your code? Do grammatical errors in comments point to even bigger errors in code? That's what Esther Schindler contends in a recent blog post. 'Programming, whether you're doing it as an open source enthusiast or because you're workin' for The Man, is an exercise in attention to detail,' says Schindler. 'Someone who writes software must be a nit-picker, or the code won't work ... Long-winded 'explanations' of the code in the application's comments (that is, the ones that read like excuses) indicate that the developer probably didn't understand what he was doing.'"

IraLaefsky writes "The appropriately titled Becoming Agile: In An Imperfect World by Greg Smith and Ahmed Sidky offers a realistic path to the family of Agile practices which have become prevalent in software development in the last few years. This family of approaches to software development has been widely adopted in the past decade to replace the traditional Waterfall Model of software development, described in a 1970 article by Winston W. Royce 'Managing the Development of Large Software Systems.' The Waterfall Model stressed rigid functional and design specification of the program(s) to be constructed in advance of any code development. While the this methodology and other early formal tools for Software Engineering were infinitely preferable to the chaos and ad-hoc programming-without-design practices of early systems, these first tools ignored the fallibility of initial interviews used to construct initial design and often resulted in massive time and cost overruns." Read below for the rest of IraLaefsky's review.

jammag writes "Some developers have gone to four-year universities, where they've also studied subjects like history and sociology, while other coders go to vocational schools and focus purely on writing great software. So why, asks a longtime developer, is there a stigma attached to not having a four-year degree, when 'blue collar' coders might be better trained? Why does the software industry keep emphasizing this difference — and generally giving better pay to four-year grads? Isn't being a developer about real skill level, not the piece of paper on the wall?"

itwbennett writes "A flurry of announcements from YouTube, Boxee, Dell and Clicker on Thursday brought good news for anyone considering canceling their cable service in favor of internet TV. First, YouTube announced that within the next few days it will start offering full 1080P HD streams; better than your cable company can offer. Next, Boxee announced a 'Boxee Box' that promises to make it easier to get the content off your computer and onto your TV. Or you could hook up Dell's Inspiron Zino HD instead. 'This is an 8" x 8" PC running Windows 7 (with an option for Ubuntu) that you certainly could use as a desktop machine, but the form factor just screams 'Hook me up to your TV!' via its HDMI port,' says Peter Smith. And, last but not least in this roundup of announcements is the launch of Clicker, a programming guide for internet TV that aims to help you find what you want, when you want it."

Martin Ecker writes "The “OpenGL Shading Language” (also called the Orange Book because of its orange cover) is back in its third edition, with updated discussions of the OpenGL shading language (up to version 1.40, introduced with OpenGL 3.1). Like the previous edition, the third edition of the book is one of the best introductions to GLSL — the OpenGL Shading Language — that not only teaches the ins and outs of GLSL itself but also explains in-depth how to develop shaders in GLSL for lighting, shadows, animation, and other topics relevant to real-time computer graphics." Keep reading for the rest of Martin's review.

bgweber writes "The 2010 conference on Artificial Intelligence and Interactive Digital Entertainment (AIIDE 2010) will be hosting a StarCraft AI competition as part of the conference program. This competition enables academic researchers to evaluate their AI systems in a robust, commercial RTS environment. The competition will be held in the weeks leading up to the conference. The final matches will be held live at the conference with commentary. Exhibition matches will also be held between skilled human players and the top-performing bots."

Norsefire writes "Since releasing the 'Go' programming language on Tuesday, Google has been under fire for using the same name as another programming language that was first publicly documented in 2003. 'Go!' was created by Francis McCabe and Keith Clark. McCabe published a book about the language in 2007, and he is not happy. He told InformationWeek in an email: 'I do not have a trademark on my language. It was intended as a somewhat non-commercial language in the tradition of logic programming languages. It is in the tradition of languages like Prolog. In particular, my motivation was bringing some of the discipline of software engineering to logic programming.'"

Many readers are sending in the news about Go, the new programming language Google has released as open source under a BSD license. The official Go site characterizes the language as simple, fast, safe, concurrent, and fun. A video illustrates just how fast compilation is: the entire language, 120K lines, compiles in under 10 sec. on a laptop. Ars Technica's writeup lays the stress on how C-like Go is in its roots, though it has plenty of modern ideas mixed in: "For example, there is a shorthand syntax for variable assignment that supports simple type inference. It also has anonymous function syntax that lets you use real closures. There are some Python-like features too, including array slices and a map type with constructor syntax that looks like Python's dictionary concept. ... One of the distinguishing characteristics of Go is its unusual type system. It eschews some typical object-oriented programming concepts such as inheritance. You can define struct types and then create methods for operating on them. You can also define interfaces, much like you can in Java. In Go, however, you don't manually specify which interface a class implements. ... Parallelism is emphasized in Go's design. The language introduces the concept of 'goroutines' which are executed concurrently. ... The language provides a 'channel' mechanism that can be used to safely pass data in and out of goroutines."

holy_calamity writes "A team at Carnegie Mellon University has begun a project seeking to design a kit to cheaply convert secondhand cars into cheap, electric ones suitable for commuting, if little else. They hope to rely heavily on smart management software to extract as much efficiency as possible from regenerative braking, and knowledge of terrain from GPS tracking. But they are hampered by a lack of public data on how commuters actually drive. Their solution is to appeal to GPS users to upload .gpx log files of their commute to the team's site. The data is plugged into a simulator that reveals how much cheaper an electric car could do your journey, and an anonymized public dataset will be created. A programming contest will award a production electric car to the coder who designs the best management algorithm using it."

Ponca City, We love you writes "Dr. Dobbs reports that Alex Waibel, professor of computer science and language technologies at Carnegie Mellon University, has developed an iPhone application that turns the iPhone into a translator that converts English speech into Spanish, or vice versa. Users simply speak a sentence or two at a time into the iPhone and the iPhone will respond with an audible translation. 'Jibbigo's software runs on the iPhone itself, so it doesn't need to be connected to the Web to access a distant server,' says Waibel. Waibel is a leader in speech-to-speech translation and multimodal speech interfaces, creating the first real-time, speech-to-speech translator for English, German and Japanese. 'Automated speech translation is an expensive proposition that has been supported primarily by large government grants,' says Waibel. 'But our sponsors are impatient to see this technology become more widely available and we, as researchers, are eager to find new revenues that will help us extend this technology to more of the 6,000 languages now spoken worldwide.'"

protosage writes to tell us that Microsoft Interoperability is working towards opening up Outlook's .pst format under their Open Specification Promise. This should "allow anyone to implement the .pst file format on any platform and in any tool, without concerns about patents, and without the need to contact Microsoft in any way." "In order to facilitate interoperability and enable customers and vendors to access the data in .pst files on a variety of platforms, we will be releasing documentation for the .pst file format. This will allow developers to read, create, and interoperate with the data in .pst files in server and client scenarios using the programming language and platform of their choice. The technical documentation will detail how the data is stored, along with guidance for accessing that data from other software applications. It also will highlight the structure of the .pst file, provide details like how to navigate the folder hierarchy, and explain how to access the individual data objects and properties."

jammag writes "Well, c'mon, yes — let's admit it. As a veteran coder discusses as he looks at his career, software development is brimming with the offbeat, the quirky and the downright odd. As he remembers, there was the 'Software Lyrics' guy and the 'Inappropriate Phone Call' programmer, among others. Are unique types drawn to the profession, or are we 'transformed over time by our darkened working environments and exposure to computer screen radiation?'"