For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×
Security

Amazon's New SSL/TLS Implementation In 6,000 Lines of Code 59 59

bmearns writes: Amazon has announced a new library called "s2n," an open source implementation of SSL/TLS, the cryptographic security protocols behind HTTPS, SSH, SFTP, secure SMTP, and many others. Weighing in at about 6k lines of code, it's just a little more than 1% the size of OpenSSL, which is really good news in terms of security auditing and testing. OpenSSL isn't going away, and Amazon has made clear that they will continue to support it. Notably, s2n does not provide all the additional cryptographic functions that OpenSSL provides in libcrypto, it only provides the SSL/TLS functions. Further more, it implements a relatively small subset of SSL/TLS features compared to OpenSSL.
Safari

Is Safari the New Internet Explorer? 245 245

An anonymous reader writes: Software developer Nolan Lawson says Apple's Safari has taken the place of Microsoft's Internet Explorer as the major browser that lags behind all the others. This comes shortly after the Edge Conference, where major players in web technologies got together to discuss the state of the industry and what's ahead. Lawson says Mozilla, Google, Opera, and Microsoft were all in attendance and willing to talk — but not Apple.

"It's hard to get insight into why Apple is behaving this way. They never send anyone to web conferences, their Surfin' Safari blog is a shadow of its former self, and nobody knows what the next version of Safari will contain until that year's WWDC. In a sense, Apple is like Santa Claus, descending yearly to give us some much-anticipated presents, with no forewarning about which of our wishes he'll grant this year. And frankly, the presents have been getting smaller and smaller lately."

He argues, "At this point, we in the web community need to come to terms with the fact that Safari has become the new IE. Microsoft is repentant these days, Google is pushing the web as far as it can go, and Mozilla is still being Mozilla. Apple is really the one singer in that barbershop quartet hitting all the sour notes, and it's time we start talking about it openly instead of tiptoeing around it like we're going to hurt somebody's feelings."
Graphics

Nvidia Details 'Gameworks VR', Aims To Boost Virtual Reality Render Performance 24 24

An anonymous reader writes: In a guest article published to Road to VR, Nvidia graphics programmer Nathan Reed details Nvidia's 'Gameworks VR' initiative which the company says is designed to boost virtual reality render performance, including support for 'VR SLI' which will render one eye view per GPU for low latency stereoscopy. While many Gameworks VR features will be supported as far back as GeForce 6xx cards, the company's latest 'Maxwell' (9xx and Titan X) GPUs offer 'Multi-projection' which Reed says, 'enables us to very efficiently rasterize geometry into multiple viewports within a single render target at once... This better approximates the shading rate of the warped image that will eventually be displayed—in other words, it avoids rendering a ton of extra pixels that weren't going to make it to the display anyway, and gives you a substantial performance boost for no perceptible reduction in image quality.'
Education

How Computer Science Education Got Practical (Again) 144 144

jfruh writes: In the 1980s and 1990s, thousands of young people who had grown up tinkering with PCs hit college and dove into curricula designed around the vague notion that they might want to "do something with computers." Today, computer science education is a lot more practical — though in many ways that's just going back to the discipline's roots. As Christopher Mims put it in the Wall Street Journal, "we've entered an age in which demanding that every programmer has a degree is like asking every bricklayer to have a background in architectural engineering."
Businesses

The Programmer's Path To Management 113 113

snydeq writes: The transition from command line to line-of-command requires a new mind-set — and a thick skin, writes InfoWorld's Paul Heltzel in a tips-based article aimed at programmers interested in breaking into management. "Talented engineers may see managing a team as the next step to growing their careers. So if you're moving in this direction, what tools do you need to make the transition? We'll look at some possible approaches, common pitfalls — and offer solutions."
Open Source

Ask Slashdot: Choosing the Right Open Source License 152 152

NicknamesAreStupid writes: I need to choose an open source license. I am developing an open source iOS application that use a significant number of other open source projects which, in turn, use a number of different open source licenses such as MPL/GPL, MIT, and BSD. I am also using sample code from Apple's developer site, which has their own terms of use. The code dependencies are such that my code would not be of much use without theirs. If this project is used, then it would be nice to pick a license that best fits in with this mashup. I am interested in maintaining the freedom of my code but do not want to create a catch-22 or make life hard for people who need to use this project for personal use or profit. My inclination is to use MIT's, as I have done so before. I asked an IP lawyer about this matter, and she replied (pro bono), "it probably doesn't matter." Of course, that advice was worth every penny. Moving away from legal issues and looking at this from a social perspective, which license would appeal most and offend least? I thought about no license but was warned (pro bono), "If you do not, then someone else may." Any suggestions?
Programming

To Learn (Or Not Learn) JQuery 125 125

Nerval's Lobster writes: jQuery isn't without its controversies, and some developers distrust its use in larger projects because (some say) it ultimately leads to breakage-prone code that's harder to maintain. But given its prevalence, jQuery is probably essential to know, but what are the most important elements to learn in order to become adept-enough at it? Chaining commands, understanding when the document is finished loading (and how to write code that safely accesses elements only after said loading), and learning CSS selectors are all key. The harder part is picking up jQuery's quirks and tricks, of which there are many... but is it worth studying to the point where you know every possible eccentricity?
Google

SCOTUS Denies Google's Request To Appeal Oracle API Case 173 173

New submitter Neil_Brown writes: The Supreme Court of the United States has today denied Google's request to appeal against the Court of Appeals for the Federal Circuit's ruling (PDF) that the structure, sequence and organization of 37 of Oracle's APIs (application program interfaces) was capable of copyright protection. The case is not over, as Google can now seek to argue that, despite the APIs being restricted by copyright, its handling amounts to "fair use". Professor Pamela Samuelson has previously commented (PDF) on the implications if SCOTUS declined to hear the appeal. The Verge reports: "A district court ruled in Google's favor back in 2012, calling the API "a utilitarian and functional set of symbols" that couldn't be tied up by copyrights. Last May, a federal appeals court overturned that ruling by calling the Java API copyrightable. However, the court said that Google could still have lawfully used the APIs under fair use, sending the case back to a lower court to argue the issue. That's where Google will have to go next, now that the Supreme Court has declined to hear the issue over copyright itself.
Bug

MIT System Fixes Software Bugs Without Access To Source Code 75 75

jan_jes writes: MIT researchers have presented a new system at the Association for Computing Machinery's Programming Language Design and Implementation conference that repairs software bugs by automatically importing functionality from other, more secure applications. According to MIT, "The system, dubbed CodePhage, doesn't require access to the source code of the applications. Instead, it analyzes the applications' execution and characterizes the types of security checks they perform. As a consequence, it can import checks from applications written in programming languages other than the one in which the program it's repairing was written."
Education

AP CS Test Takers and Pass Rates Up, Half of Kids Don't Get Sparse Arrays At All 126 126

theodp writes: Each June, the College Board tweets out teasers of the fuller breakouts of its Advanced Placement (AP) test results, which aren't made available until the fall. So, here's a roundup of this year's AP Computer Science tweetstorm: 1. "Wow — massive gains in AP Computer Science participation (25% growth) AND scores this year; big increase in % of students earning 4s & 5s!" 2. "2015 AP Computer Science scores: 5: 24.4%; 4: 24.6%; 3: 15.3%; 2: 7.1%; 1: 28.6%." [3 or above is passing] 3."Count them: a whopping 66 AP Computer Science students out of 50,000 worldwide earned all 80 pts possible on this year's exam." 4. "Remember that AP exam standards are equated from year to year, so when scores go up, it's a direct indication of increased student mastery." 5. "Many AP Computer Science students did very well on Q1 (2D array processing–diverse array); >20% earned all 9/9 pts" [2015 AP CS A Free-Response Questions] 6. "The major gap in this year's AP Computer Sci classrooms seems to be array list processing; Q3 (sparse array): 47% of students got 0/9 pts."
Encryption

NIST Updates Random Number Generation Guidelines 64 64

An anonymous reader writes: Encryption weighs heavily on the public consciousness these days, as we've learned that government agencies are keeping an eye on us and a lot of our security tools aren't as foolproof as we've thought. In response to this, the National Institute of Standards and Technology has issued a formal update to its document on how to properly generate a random number — crucial in many types of encryption. The update (as expected) removes a recommendation for the Dual_EC_DRBG algorithm. It also adds extra options for CTR_DRBG and points out examples for implementing SP 800-90A generators. The full document (PDF) is available online.
Programming

Mob Programming: When Is 5 Heads Really Better Than 1 (or 2)? 125 125

itwbennett writes: Proponents of Mob programming, an offshoot of Pair programming in which the whole team works together on the same computer, say that it increases both quality and productivity, but also acknowledge that the productivity gains might not be readily apparent. "If you measure by features or other classic development productivity metrics, Mobbing looks like it's achieving only 75 to 85 percent of individual or Pair output for, say, a team of six or seven working for a week," says Paul Massey, whose company Bluefruit Software is a heavy user of the Mob approach. So, where does the productivity come from? Matthew Dodkins, a software architect at Bluefruit says the biggest gains are in code merges. "In a day spent using traditional collaboration, you would have to first spend time agreeing on tasks, common goals, deciding who's doing what... and then going away to do that, write code, and come back and merge it, resolve problems," says Dodkins. By bringing everyone into the same room, "we try to merge frequently, and try to do almost continuous integration." Matt Schartman, whose company Appfolio also uses Mobbing and wrote about his experience, gave Mobbing high marks for producing a quality product, but didn't find that it improved productivity in any measurable way.
Security

My United Airlines Website Hack Gets Snubbed 186 186

Bennett Haselton writes: United Airlines announced that they will offer up to 1 million air miles to users who can find security holes in their website. I demonstrated a way to brute-force a user's 4-digit PIN number and submitted it to them for review, emailing their Bugs Bounty contact address on three occasions, but I never heard back from them. Read on for the rest. If you've had a different experience with the program, please chime in below.
Graphics

Reverse-Engineering a Frame of "Supreme Commander" 40 40

An anonymous reader writes: When Supreme Commander was released 8 years ago, it redefined the RTS genre, with its real-time strategic zoom and its epic battles involving several thousands of units at once, while bringing a whole generation of PCs to their knees. Today an article revisits the process of rendering a frame of the game by reverse-engineering the API calls made to the GPU. All the techniques and algorithms are explained in detail, many of them still used in current video games.
Programming

Amazon Opens Up Echo's Alexa To Developers 26 26

mikejuk writes: Amazon announced Echo, a wireless speaker with a built-in, voice-controlled, personal assistant called Alexa last year. Now it appears Alexa will no longer be tied exclusively to Echo. Amazon has announced that the Alexa Voice Service (AVS), the cloud-based service behind Echo, is being made available for free to third party hardware makers who want to integrate Alexa into their devices. To propel developers and hardware manufacturers interest in voice technology and their adoption of Alexa, Amazon has also announced a $100 Million Alexa Fund, open to anyone, startups to established brands, with an innovative idea for using voice technology.