×
Open Source

$1 Bid Wins Government Open Source Software Purchasing Experiment (gsa.gov) 124

Posted by Soulskill from the your-tax-dollars-at-surprisingly-hard-work dept.
An anonymous reader writes: A couple weeks ago we discussed a project from a software team within the U.S. General Services Administration. Its goal was to set up a portal to let developers bid on the creation of open source code needed by the government. From the beginning, they said it was an experiment, and now the results are in from their first project. The project was quickly bid all the way down to $1, and on Wednesday, the winner delivered a functional solution that met their criteria. They say, "When we received the $1 bid, we immediately tried to figure out whether it was intentional, whether it was from a properly registered company, and whether we could award $1. We contacted the bidder and we confirmed that the bid was valid, that the registration on SAM.gov was current, and that the bid would be the winning bid. It was a plot twist that no one here at 18F expected. This unexpected development will no doubt force us to rethink some of our assumptions about the reverse-auction model." Despite their surprise, the team feels this is proof that the system can succeed. They're now working to refine the process.
Security

Ransomware Found Targeting Linux Servers, MySQL, Git, Other Development Files (drweb.com) 93

Posted by Soulskill from the poaching-penguins dept.
An anonymous reader writes: A new piece of ransomware has been discovered that targets Linux servers, looking to encrypt only files that are related to Web hosting, Web servers, MySQL, Subversion, Git, and other technologies used in Web development and HTTP servers. Weirdly, despite targeting business environments, the ransomware only asks for 1 Bitcoin, a fairly low amount compared to other ransomware.
Security

How a Mobile App Firm Found the XcodeGhost In the Machine (computerworld.com) 69

Posted by timothy from the gut-feeling-on-top-of-a-hunch dept.
SpacemanukBEJY.53u writes: A Denver-based mobile app development company, Possible Mobile, had a tough time figuring out why Apple recently rejected its app from the App Store. After a lot of head scratching, it eventually found the XcodeGhost malware hidden in an unlikely place — a third-party framework that it had wrapped into its own app. Their experience shows that the efforts of malware writers can have far-ranging effects on the mobile app component supply chain.
Programming

The 'Trick' To Algorithmic Coding Interview Questions (dice.com) 208

Posted by Soulskill from the obfuscate-and-pretend-it-works dept.
Nerval's Lobster writes: Ah, the famous "Google-style" algorithmic coding interview. If you've never had one of these interviews before, the idea is to see if you can write code that's not only correct, but efficient, too. You can expect to spend lots of time diagramming data structures and talking about big O notation. Popular hits include "reverse a linked list in place," "balance a binary search tree," and "find the missing number in an array." Like it or not, a "Google-style" coding interview may stand between you and your next job, so it's in your interest to figure out how to deal with it. Parker Phinney, founder of Interview Cake, uses a Dice column to break down a variety of example problems and then solve them. But it's not just about mastering the most common kinds of problems by rote memorization; it's also about recognizing the patterns that underlie those problems.
Programming

Should Programmers Be Called Engineers? (theatlantic.com) 568

Posted by Soulskill from the how-about-champions-of-logic dept.
New submitter nervouscat writes: Game designer Ian Bogost argues that programmers shouldn't use the term "engineer" to describe themselves. He says the tech industry has "cheapened" the title, and that it's more aspirational than anything else. Quoting: "Traditional engineers are regulated, certified, and subject to apprenticeship and continuing education. Engineering claims an explicit responsibility to public safety and reliability, even if it doesn’t always deliver. ... Today’s computer systems pose individual and communal dangers that we’d never accept in more concrete structures like bridges, skyscrapers, power plants, and missile-defense systems. Apple’s iOS 9 update reportedly “bricked” certain phones, making them unusable. Services like Google Docs go down for mysterious reasons, leaving those whose work depends on them in a lurch. ... When it comes to skyscrapers and bridges and power plants and elevators and the like, engineering has been, and will continue to be, managed partly by professional standards, and partly by regulation around the expertise and duties of engineers. But fifty years’ worth of attempts to turn software development into a legitimate engineering practice have failed."
Programming

The $6,000 Computer Desk That Lets You Lie Down While You Work 116

Posted by timothy from the my-couch-does-that-already dept.
HughPickens.com writes: We've all read about standing desks and treadmill desks but now Rachel Gillet reports at Business Insider about the Altwork Station, a workstation that allows users to sit, stand, and recline while they work on their computers. Designed to accomodate two computer screens, the manufacturer says their new product is the ultimate combination for workplace productivity. "Most experts agree that humans should change positions and move throughout the day. We believe movement throughout the day is important," says the company who targets "high intensity" computer users, which it defines as people who spend at least four hours a day in front of a computer and are required to focus on complex tasks for extended periods of time. If the $5,900 ($3,900, if you pre-order) reclining workstation is not for you, there are other options you may want to consider including the scooter desk, bicycle desk, and hamster wheel desk.
Bug

Celebrating 30th Anniversary of the First C++ Compiler: Let's Find Bugs In It 153

Posted by timothy from the back-in-time dept.
New submitter Andrey_Karpov writes: Cfront is a C++ compiler which came into existence in 1983 and was developed by Bjarne Stroustrup ("30 YEARS OF C++"). At that time it was known as "C with Classes". Cfront had a complete parser, symbol tables, and built a tree for each class, function, etc. Cfront was based on CPre. Cfront defined the language until circa 1990. Many of the obscure corner cases in C++ are related to the Cfront implementation limitations. The reason is that Cfront performed translation from C++ to C. In short, Cfront is a sacred artifact for a C++ programmer. So I just couldn't help checking such a project [for bugs].
Youtube

Google-Supported CodeGirl Documentary Makes "Exclusive YouTube Premiere" 289

Posted by samzenpus from the free-for-a-limited-time dept.
theodp writes: As part of our Made with Code and media perception initiatives," wrote YouTube CEO Susan Wojcicki over at the Official Google Blog, "I'm excited that we're supporting award-winning documentary filmmaker Lesley Chilcott — of An Inconvenient Truth and Waiting for Superman [and Code.org] fame — on her next film, CodeGirl. Until November 5 Lesley's film will be available for free on YouTube, before its theatrical debut in the next few weeks." Microsoft is pretty jazzed about the movie too, as is Al Gore. Decidedly less excited about CodeGirl is film critic Inkoo Kang, who writes, "CodeGirl, a chronicle of this year's Technovation contest, is just as well-intentioned as its subject. It coasts for as long as it can on the feel-good fuel of watching smart, earnest girls talk about creating an app, but with virtually no tension, context, narrative or characterization driving the story, the documentary grows to feel like a parent describing their daughter's involvement in an international competition. The girls' achievements are impressive, but you definitely don't want to hear about them for nearly two hours.
IOS

FireEye: Many Companies Still Running XcodeGhost-Infected Apple Apps (csoonline.com) 23

Posted by samzenpus from the bad-apple dept.
itwbennett writes: In September, more than 4,000 applications were found to have been modified with a counterfeit version of Xcode, dubbed XcodeGhost. On Tuesday, FireEye said in a blog post that it has detected 210 enterprises that are still using infected apps, showing that the XcodeGhost malware 'is a persistent security risk.' In addition, whomever created XcodeGhost has also developed a new version that can target iOS 9, called XcodeGhost S, FireEye wrote.
Graphics

Reverse-Engineering GTA V (adriancourreges.com) 37

Posted by Soulskill from the how-the-sausage-is-made dept.
An anonymous reader writes: Software engineer Adrian Courrèges posted on his blog a breakdown of the rendering of a frame in Grand Theft Auto: V. Each rendering pass is explained in detail, with all the techniques and the tricks Rockstar used to make the game run on 8-year-old consoles. It's a fascinating trip through the making of a frame and reminds us of how far GPU computing power has come. Here's a brief snippet from the beginning: "As a first step, the game renders a cubemap of the environment. This cubemap is generated in realtime at each frame, its purpose is to help render realistic reflections later. This part is forward-rendered. How is such cubemap rendered? For those not familiar with the technique, this is just like you would do in the real world when taking a panoramic picture: put the camera on a tripod, imagine you’re standing right in the middle of a big cube and shoot at the 6 faces of the cube, one by one, rotating by 90 degrees each time. This is exactly how the game does: each face is rendered into a 128x128 HDR texture."
Apple

How Apple Is Preventing the Apple TV From Becoming a Console Rival (redbull.com) 129

Posted by Soulskill from the candy-crush-on-a-60"-television dept.
An anonymous reader writes: Apple's new set top box is on sale now, and has launched with several high profile games in the new tvOS App Store, including Guitar Hero Live and PS4 hit Transistor. However, as one writer points out, the Apple TV is still not an adequate console replacement, and it's not because of the graphics. Instead, several software issues and restrictions issued by Apple itself prevent developers from creating blockbuster exclusives for the platform, including the requirement that all games be playable using the bundled remote, lack of support for four players, and the 200MB initial app download limit. If these remain in place, can the Apple TV become a viable games platform, where the Ouya and PlayStation TV have failed before?
Unix

Andrew Tanenbaum Announces MINIXcon (minix3.org) 104

Posted by timothy from the will-it-be-big-and-fancy dept.
LichtSpektren writes: Andrew Tanenbaum, author of MINIX, writes: 'MINIX has been around now for about 30 years so it is (finally) time for the MINIXers to have a conference to get together, just as Linuxers and BSDers have been doing for a long time. The idea is to exchange ideas and experiences among MINIX 3 developers and users as well as discussing possible paths forward now that the ERC funding is over. Future developments will now be done like in any other volunteer-based open-source project. Increasing community involvement is a key issue here. Attend or give a presentation.' The con will be held on 1 February 2016 at the Vrije Universiteit in Amsterdam, the Netherlands.
Programming

Ask Slashdot: How Can My Code Help? 47

Posted by Soulskill from the doing-the-dishes-every-once-in-a-while-wouldn't-hurt dept.
An anonymous reader writes: The story will probably be familiar. My non-profit organization had a particular need (we want to communicate with government officials by offering anecdotes and stories of how we help their constituents), and while I created a solution, the time constraints and lack of experience, training and natural ability show. I'd like to do more with the code, both in terms of letting others have it for their needs and also because I'm sure talented coders could more quickly and efficiently solve some of the existing problems with my code. But how do I make that happen? What do I do with it?

I have every intention of continuing to work on it. I enjoyed the learning opportunity, and I've already identified a number of things I want to improve upon, but I recognize that even as crude as my code is, if it solved my issue it might help others too.

Do I just put it on Github or SourceForge and hope that someone else will have that magic formula of my use case and skill level (because someone more talented would probably make their own code easily enough, while someone less talented may not realize how doable the solution can be)? Do I try to find an existing project and see if I can shoe-horn my efforts in somewhere? Do I keep it to myself until some unspecified point in time that I realize it's right for sharing? Read on for further background information on this question.
Programming

Linus Rants About C Programming Semantics (iu.edu) 576

Posted by Soulskill from the old-man-and-the-C dept.
jones_supa writes: "Christ people. This is just sh*t," begins Linus Torvalds in his message on the Linux Kernel Mailing List. Torvalds is grumpy because some new code added to the IPv6 subsystem has created conflicts. "The conflict I get is due to stupid new gcc header file crap," he writes. "But what makes me upset is that the crap is for completely bogus reasons." The new improved code uses fancy stuff that wants magical built-in compiler support and has silly wrapper functions for when it doesn't exist. Linus provides an alternative that contains a single and understandable conditional, which looks cleaner and generates better code.
Google

Could Go Community's Threat of Public Shaming, Lifetime Bans Make Go a No-Go? 358

Posted by timothy from the trigger-warnings-everywhere dept.
theodp writes: At first glance, the proposal for A Code of Conduct for the Go Community (attributed to Google's Andrew Gerrand) seems reasonable enough. How can you argue with the goal of treating everyone with respect and kindness? But the Devil is in the detail, and the proposed Code notes there soon could be consequences for calling someone an "idiot" or saying something is "so simple even my grandma could understand it" (the latter "marginalises women and the elderly by implying that something need be simple for an old woman to understand it"). And the punishment meted out by the Go Code of Conduct Working Group to those who find themselves on the receiving end of an anonymous complaint could be anything from nothing to "a request for a private or public apology, a private reprimand from the working group to the individual(s) involved, a public reprimand, an imposed vacation (for instance, asking someone to 'take a week off' from a mailing list or IRC), or a permanent or temporary ban from some or all Go spaces (mailing lists, IRC, etc.)." And no, this doesn't appear to be a goof. So, might individuals and companies think twice about embracing a programming language whose community's Code of Conduct threatens to ruin reputations and ban people from technical support resources for life? Too late to get this added to the list of questions for Alan Donovan and Brian Kernighan?
Open Source

Busybox Deletes Systemd Support 572

Posted by timothy from the changed-our-minds dept.
ewhac writes: On 22 October, in a very terse commit message, Busybox removed its support for the controversial 'systemd' system management framework. The commit was made by Denys Vlasenko, and passed unremarked on the Busybox mailing lists. Judging from the diffs, system log integration is the most obvious consequence of the change.
Programming

Atom 1.1 Is Out, With Lots of Graphic Improvements (blog.atom.io) 103

Posted by timothy from the leave-some-ligature-marks dept.
yathosho writes with some good news for GitHub developers: GitHub's new Atom editor sees a first big update in version 1.1. Character measurement has been improved, fonts with ligatures and variable width fonts are now supported. The biggest new feature is probably live Markdown preview, matching the current theme. There's also a 1.2.0 beta available, for those who want to have a look into Atom's future.
Security

Bug Bounties Are Bonanza, For a Few Persistent Hackers (csmonitor.com) 27

Posted by timothy from the ducks-in-a-row dept.
chicksdaddy writes: Bug bounty programs are all the rage these days, with companies from Asana to Zendesk (http://bugsheet.com/directory) offering cash rewards for finding holes in their web sites. But is spending your weekends fuzzing someone else's application code really worth it? And is anyone really getting rich off bug bounties? The short answer is 'yes.' As this article at The Christian Science Monitor notes, top bounty researchers on sites like HackerOne and BugCrowd are indeed seeing big paydays — often in return for just hours of work perusing buggy websites. Among the eye-popping figures: researcher Mark Litchfield's $63,000 take over Labor Day weekend, which included the discovery of multiple remotely exploitable holes in a major web property, paying $15,000 each through HackerOne. Also profiled is researcher Frans Rosen and Sean "Meals" Melia, the number four ranked researcher on BugCrowd. Both claim to have netted six figure incomes in the last year on bug bounties alone. "It's like finding a gold nugget," Litchfield is quoted as saying. "Sometimes it's like finding my own gold mine."
Databases

IMDb Hits 25 59

Posted by timothy from the 5-stars-down-the-line dept.
An anonymous reader writes: The year 2015 heralded a number of notable Internet milestones — the humble .com domain name reached 30 years of age, while both eBay and Amazon reached the grand old age of 20. That the Internet Movie Database, a gargantuan film and TV show encyclopedia better known as IMDb, began 25 years ago as a pre-Web hobby project and is now one of the top 50 most visited websites on the Internet is a notable achievement. "IMDb is the only pure Internet company that can celebrate its 25th anniversary," said Col Needham, founder and CEO of IMDb, in an interview with VentureBeat.
Microsoft

Apple Usurps Oracle As the Biggest Threat To PC Security 320

Posted by samzenpus from the update-your-software dept.
AmiMoJo writes: According to data from Secunia, Apple's software for Windows is now the biggest threat to PC security, surpassing previous long term champion Java. Among U.S. users, some 61 percent of computers detected running QuickTime did not have the latest version. With iTunes, 47 percent of the installations were outdated versions. There were 18 vulnerabilities in Apple QuickTime 7 at the time of the study. Oracle has now fallen/risen to 2nd place, followed by Adobe. All three vendors bundle automatic updater utilities with their software, but users seem to be declining new versions. Update fatigue, perhaps?

Slashdot Top Deals