dryriver writes: Somebody I know has been searching up and down the internet for an open source software that can apply GPU pixel shaders (HLSL/GLSL/Cg/SweetFX) to a video and save the result out to a video file. He came up with nothing, so I said "Why not petition the open source community to create such a tool?" His reply was "Where exactly does one go to ask for a new open source software?"

So that is my question: Where on the internet can one best go to request that a new open source software tool that does not exist yet be developed? Or do open source tools only come into existence when someone -- a coder -- starts to build a software, opens the source, and invites other coders to join the fray?
This is a good place to discuss the general logistics of new open source projects -- so leave your best answers in the comments. What's the best place to suggest new open source software?

Linux.com highlights some interesting statistics about npm, the package manager for Node.js.

• "At over 350,000 packages, the npm registry contains more than double the next most populated package registry (which is the Apache Maven repository). In fact, it is currently the largest package registry in the world."
• In the preceding four weeks, users installed 18 billion packages.
• This translates into 6 billion downloads, "because approximately 66 percent of the installs are now being served from the cache."
• ping.npmjs.com "shows that the registry's services offer a 99.999 uptime."
• Every week roughly 160 people publish their first package in the registry

But what about the incident last year where a developer suddenly pulled all their modules and broke thousands of dependent projects? npm's Ashley Williams "admitted that the left-pad debacle happened because of naive policies at npm. Since, the npm team have devised new policies, the main one being that you are only allowed to unpublish a package within 24 hours of publishing it." And their new dissociate and deprecate policy allows developers to mark packages as "unmaintained" without erasing them from the registry.

Social network App.net is shutting down once and for all in March. The company said on March 14 it will be deleting all user data. The announcement comes two years after the company ceased active development on the platform. From the official blog post: Ultimately, we failed to overcome the chicken-and-egg issue between application developers and user adoption of those applications. We envisioned a pool of differentiated, fast-growing third-party applications would sustain the numbers needed to make the business work. Our initial developer adoption exceeded expectations, but that initial excitement didn't ultimately translate into a big enough pool of customers for those developers. This was a foreseeable risk, but one we felt was worth taking.

Software developer Chris Lattner, who is the main author of LLVM as well as Apple's Swift programming language, is leaving Apple, he said today. From a post: When we made Swift open source and launched Swift.org we put a lot of effort into defining a strong community structure. This structure has enabled Apple and the amazingly vibrant Swift community to work together to evolve Swift into a powerful, mature language powering software used by hundreds of millions of people. I'm happy to announce that Ted Kremenek will be taking over for me as "Project Lead" for the Swift project, managing the administrative and leadership responsibility for Swift.org. This recognizes the incredible effort he has already been putting into the project, and reflects a decision I've made to leave Apple later this month to pursue an opportunity in another space. We're delighted to share that we are interviewing Lattner, who says he's a "long-time reader/fan of Slashdot." Please leave your question in the comments section. Lattner says he'll talk about "open source (llvm/clang/swift/etc) or personal topics," but has requested that we do not ask him about Apple, which is understandable.

Update: Lattner is joining Tesla.

One year away from graduating with a CS degree, an anonymous reader wants some insights from the Slashdot community: [My] curriculum is rather broad, ranging from systems programming on a Raspberry Pi to HTML, CSS, JavaScript, C, Java, JPA, Python, Go, Node.js, software design patterns, basic network stuff (mostly Cisco) and various database technologies... I'm working already part-time as a system administrator for two small companies, but don't want to stay there forever because it's basically a dead-end position. Enjoying the job, though... With these skills under my belt, what career path should I pursue?
There's different positions as well as different fields, and the submission explains simply that "I'm looking for satisfying and rewarding work," adding that "pay is not that important." So leave your suggestions in the comments. What's the best job for this recent CS grad?

An anonymous reader writes: Java overtook C as the most popular language in mid-2015 on the TIOBE Programming Community index. But now over the last 13 months, they show C's popularity consistently dropping more and more. C's score had hovered between 15% and 20% for over 15 years but as 2016 ended, the language's popularity is now down to 8.7%. "There is no clear way back to the top," reports the site, asking what happened to C? "It is not a language that you think of while writing programs for popular fields such as mobile apps or websites, it is not evolving that much and there is no big company promoting the language."

But the Insights blog at Dice.com counters that TIOBE "has hammered on C for quite some time. Earlier this year, it again emphasized how C is 'hardly suitable for the booming fields of web and mobile app development.' That being said, job postings on Dice (as well as rankings compiled by other organizations) suggest there's still widespread demand for C, which can be used in everything from operating systems to data-intensive applications, and serves many programmers well as an intermediate language."
i-programmer suggests this could just be an artifact of the way TIOBE calculates language popularity (by totaling search engine queries). Noting that Assembly language rose into TIOBE's top 10 this year, their editor wrote, "Perhaps it is something to do with the poor state of assembly language documentation that spurs on increasingly desperate searches for more information." Maybe C programmers are just referring to their K&R book instead of searching for solutions online?

An anonymous reader quotes InfoWorld: Grumpy, an experimental project from Google, transpiles Python code into Go, allowing Python programs to be compiled and run as static binaries using the Go toolchain... In a blog post announcing the open source release, Google stated the project stemmed from its efforts to speed up the Python-powered front end for YouTube. But Google hit an obstacle that's familiar to folks who've deployed Python in production: It's hard to get CPython -- the default Python interpreter written in C -- to scale efficiently. "We think Grumpy has the potential to scale more gracefully than CPython for many real world workloads," writes Google...

Because it doesn't support C extensions, Grumpy doesn't have CPython's Global Interpreter Lock, which is commonly cited as a roadblock to running Python concurrent workloads smoothly. Grumpy also uses Go's garbage collection mechanisms to manage memory under the hood, instead of CPython's. Grumpy creates close interoperation between Python and Go by allowing Go packages to be imported and used with the same syntax as Go modules.

An anonymous reader writes: What's the best unofficial way to deal with a gaslighting colleague? For those not familiar, I mean "bullies unscheduling things you've scheduled, misplacing files and other items that you are working on and co-workers micro-managing you and being particularly critical of what you do and keeping it under their surveillance. They are watching you too much, implying or blatantly saying that you are doing things wrong when, in fact, you are not...a competitive maneuver, a way of making you look bad so that they look good." I'd add poring over every source-code commit, and then criticizing it even if the criticism is contradictory to what he previously said.
The submission adds that "Raising things through the official channels is out of the question, as is confronting the colleague in question directly as he is considered something of a superstar engineer who has been in the company for decades and has much more influence than any ordinary engineer." So leave your best suggestions in the comments. How would you deal with a gaslighting colleague?

WikiLeaks said on Twitter earlier today that it wants to publish the private information of hundreds of thousands of verified Twitter users. The group said an online database would include such sensitive details as family relationships and finances. USA Today reports: "We are thinking of making an online database with all 'verified' twitter accounts [and] their family/job/financial/housing relationships," the WikiLeaks Task Force account tweeted Friday. The account then tweeted: "We are looking for clear discrete (father/shareholding/party membership) variables that can be put into our AI software. Other suggestions?" Wikileaks told journalist Kevin Collier on Twitter that the organization wants to "develop a metric to understand influence networks based on proximity graphs." Twitter bans the use of Twitter data for "surveillance purposes." In a statement, Twitter said: "Posting another person's private and confidential information is a violation of the Twitter rules." Twitter declined to say how many of its users have verified accounts but the Verified Twitter account which follows verified accounts currently follows 237,000. Verified accounts confirm the identity of the person tweeting by displaying a blue check mark. Twitter says it verifies an account when "it is determined to be an account of public interest." Twitter launched the feature in 2009 after celebrities complained about people impersonating them on the social media service.

From a report on Neowin: A few months ago, Microsoft announced that it was shuttering its TechRewards program in 2017. The project, that was originally started by Nokia under the name DVLUP rewards program, aimed to reward developers with badges, XP, gift cards and other prizes for developing or incorporating new features in their apps. When Microsoft acquired Nokia's devices and services division back in 2014, the program was rebranded to Microsoft TechRewards. Today, Microsoft has formally shut down the TechRewards program.

Senior Program Manager at Microsoft has responded to speculations that Command Prompt is going away. He writes: The Cmd shell remains an essential part of Windows, and is used daily by millions of businesses, developers, and IT Pro's around the world. In fact:
1. Much of the automated system that builds and tests Windows itself is a collection of many Cmd scripts that have been created over many years, without which we couldn't build Windows itself!
2. Cmd is one of the most frequently run executables on Windows with a similar number of daily launches as File Explorer, Edge and Internet Explorer!
3. Many of our customers and partners are totally dependent on Cmd, and all its quirks, for their companies" existence!
In short: Cmd is an absolutely vital feature of Windows and, until there's almost nobody running Cmd scripts or tools, Cmd will remain within Windows.

Apple said Thursday its App Store generated $20 billion for developers in 2016, a 40 percent increase from 2015, helped by the popularity of games such as Pokemon Go and Super Mario Run and increased revenue from subscriptions. From a report on CNBC: "2016 was an amazingly great year for the App Store," Philip Schiller, Apple's senior vice president of worldwide marketing, told CNBC. "We continue to advance what is available for developers to create. And our catalog of apps grew 20 percent to 2.2 million." Schiller said the biggest drivers for the App Store included games such as "Pokemon Go," which was the most downloaded app in 2016; "Super Mario," which was the most downloaded app on Christmas and New Year's days; and subscription-based apps, such as Netflix, Hulu and Time Warner's HBO Go. The tech giant said its biggest day of sales on the App Store was on Jan. 1, 2017, when customers spent a record $240 million. The top grossing markets included the U.S, U.K., Japan and China, which saw 90 percent year-over-year growth.

An employee at Forza Horizon 3 developer Playground Games accidentally green-lighted the wrong update file for PC players, who found themselves downloading a whopping 53GB download that turned out to be an unencrypted future build (.37.2) of the entire game intended for developers. Motherboard reports: Naturally, players who'd managed to download it yesterday had a field day leaking the information within, right down to massive posts on Imgur showing all the new cars and forum threads detailing the Porsches thought to come in an future unannounced pack. Since Forza Horizon 3 requires a constant online connection and works off of a constantly refreshing save file, anyone who played the new patch on PC found themselves slapped with an error saying their Forza profiles were no longer available. Playing it with the new build would thus effectively mean starting a new game from scratch, even if they'd dumped dozens of hours into Forza Horizon 3 since its release last September. But starting over is exactly what players shouldn't have done. The best thing they could do was shut down the game, walk away, and wait for a fix. "PC players who completed the download of .37.2 and then started a new game save will have a corrupted saved game," wrote Brian Ekberg, Forza's community manager, in a forum post. "Avoid creating a new saved game on .37.2, and only play on .35.2 to avoid this issue. As long as you have an existing save and have not created a new one on .37.2, your saved game will work correctly once the update is available."

An anonymous reader writes: "An attacker going by the name of Harak1r1 is hijacking unprotected MongoDB databases, stealing and replacing their content, and asking for a 0.2 Bitcoin ($200) ransom to return the data," reports Bleeping Computer. According to John Matherly, Shodan founder, over 1,800 MongoDB databases have had their content replaced with a table called WARNING that contains the ransom note. Spotted by security researcher Victor Gevers, these databases are MongoDB instances that feature no administrator password and are exposed to external connections from the internet. Database owners in China have been hit, while Bleeping Computer and MacKeeper have confirmed other infections, one which hit a prominent U.S. healthcare organization and blocked access to over 200,000 user records. These attacks are somewhat similar to attacks on Redis servers in 2016, when an unknown attacker had hijacked and installed the Fairware ransomware on hundreds of Linux servers running Redis DB. The two series of attacks don't appear to be related.

An anonymous reader writes: Chuck Finley checked out 2,361 books from a Florida library in just nine months, increasing their total circulation by 3.9%. But he doesn't exist. "The fictional character was concocted by two employees at the library, complete with a false address and driver's license number," according to the Orlando Sentinel. The department overseeing the library acknowledges their general rule is "if something isn't circulated in one to two years, it's typically weeded out of circulation." So the fake patron scheme was concocted by a library assistant working with the library's branch supervisor, who "said he wanted to avoid having to later repurchase books purged from the shelf." But according to the newspaper the branch supervisor "said the same thing is being done at other libraries, too."

Slashdot reader horrido shares an article that "has done more for Smalltalk advocacy than any other article in memory." It was the second-most popular article of the year on the Hewlett Packard Enterprise site TechBeacon (recently passing 20,000 views), with Richard Eng, the founder of the nonprofit Smalltalk Renaissance, arguing that the 44-year-old language is much more than a tool for teachers -- and not just because Amber Smalltalk transpiles to JavaScript for front-end web programming. It's a superlative prototyping language for startups. It's an industrial-strength enterprise language used by businesses both big and small all around the globe... Smalltalk's implementation of the object-oriented paradigm is so excellent that it has influenced an entire generation of OO languages, such as Objective-C, Python, Ruby, CLOS, PHP 5, Perl 6, Erlang, Groovy, Scala, Dart, Swift, and so on. By learning Smalltalk, you'll understand how all of those useful features in today's OO languages came to be.
The article also argues that Smalltalk pioneered just-in-time compilation and virtual machines, the model-view-controller design paradigm, and to a large extent, even test-driven development. But most importantly, Smalltalk's reliance on domain-specific languages makes it "the 'purest' OO, and one of the earliest... It is often said that programming in Smalltalk or Python is rather like Zen; your mind just flows effortlessly with the task. This is the beauty and value of language simplicity, and Smalltalk has this in spades... Smalltalk, by virtue of its object purity and consistency, will give you a profoundly better understanding of object-oriented programming and how to use it to its best effect."

An anonymous reader writes: Remember that story about how women "get pull requests accepted more (except when you know they're women)." The study actually showed that men also had their code accepted more often when their gender wasn't known, according to Tech In Asia -- and more importantly, the lower acceptance rates (for both men and women) applied mostly to code submitters from outside the GitHub community. "Among insiders, there's no evidence of discrimination against women. In fact, the reverse is true: women who are on the inside and whose genders are easy to discern get more of their code approved, and to a statistically significant degree."

Eight months after the story ran, the BBC finally re-wrote their original headline ("Women write better code, study suggests") and added the crucial detail that acceptance rates for women fell "if they were not regulars on the service and were identified by their gender."

An anonymous reader quotes a report from International Business Times: According to a report from ProPublica, the world's largest social network knows far more about its users than just what they do online. What Facebook can't glean from a user's activity, it's getting from third-party data brokers. ProPublica found the social network is purchasing additional information including personal income, where a person eats out and how many credit cards they keep. That data all comes separate from the unique identifiers that Facebook generates for its users based on interests and online behavior. A separate investigation by ProPublica in which the publication asked users to report categories of interest Facebook assigned to them generated more than 52,000 attributes. The data Facebook pays for from other brokers to round out user profiles isn't disclosed by the company beyond a note that it gets information "from a few different sources." Those sources, according to ProPublica, come from commercial data brokers who have access to information about people that isn't linked directly to online behavior. The social network doesn't disclose those sources because the information isn't collected by Facebook and is publicly available. Facebook does provide a page in its help center that details how to get removed from the lists held by third-party data brokers. However, the process isn't particularly easy. In the case of the Oracle-owned Datalogix, users who want off the list have to send a written request and a copy of a government-issued identification in the mail to Oracle's chief privacy officer. Another data collecting service, Acxiom, requires users provide the last four digits of their social security number to see the information the company has gathered about them.

An anonymous reader quotes a report from ZDNet: Nevada's state government website has leaked the personal data on over 11,700 applicants for dispensing medical marijuana in the state. Each application, eight pages in length, includes the person's full name, home address, citizenship, and even their weight and height, race, and eye and hair color. The applications also include the applicant's citizenship, their driving license number (where applicable), and social security number. Security researcher Justin Shafer found the bug in the state's website portal, allowing anyone with the right web address to access and enumerate the thousands of applications. Though the medical marijuana portal can be found with a crafted Google search query, we're not publishing the web address out of caution until the bug is fixed. A spokesperson for the Nevada Dept. Health and Human Services, which runs the medical marijuana application program, told ZDNet that the website has been pulled offline to limit the vulnerability. The spokesperson added that the leaked data was a "portion" of one of several databases.

An anonymous reader writes from a report via BleepingComputer: A security flaw discovered in a common PHP class allows knowledgeable attackers to execute code on a website that uses a vulnerable version of the script, which in turn can allow an attacker to take control over the underlying server. The vulnerable library is PHPMailer, a PHP script that allows developers to automate the task of sending emails using PHP code, also included with WordPress, Drupal, Joomla, and more. The vulnerability was fixed on Christmas with the release of PHPMailer version 5.2.18. Nevertheless, despite the presence of a patched version, it will take some time for the security update to propagate. Judging by past incidents, millions of sites will never be updated, leaving a large chunk of the Internet open to attacks. Even though the security researcher who discovered the flaw didn't publish any in-depth details about his findings, someone reverse-engineered the PHPMailer patch and published their own exploit code online, allowing others to automate attacks using this flaw, which is largely still unpatched due to the holiday season.