itwbennett writes: In September, more than 4,000 applications were found to have been modified with a counterfeit version of Xcode, dubbed XcodeGhost. On Tuesday, FireEye said in a blog post that it has detected 210 enterprises that are still using infected apps, showing that the XcodeGhost malware 'is a persistent security risk.' In addition, whomever created XcodeGhost has also developed a new version that can target iOS 9, called XcodeGhost S, FireEye wrote.

An anonymous reader writes: Software engineer Adrian Courrèges posted on his blog a breakdown of the rendering of a frame in Grand Theft Auto: V. Each rendering pass is explained in detail, with all the techniques and the tricks Rockstar used to make the game run on 8-year-old consoles. It's a fascinating trip through the making of a frame and reminds us of how far GPU computing power has come. Here's a brief snippet from the beginning: "As a first step, the game renders a cubemap of the environment. This cubemap is generated in realtime at each frame, its purpose is to help render realistic reflections later. This part is forward-rendered. How is such cubemap rendered? For those not familiar with the technique, this is just like you would do in the real world when taking a panoramic picture: put the camera on a tripod, imagine you’re standing right in the middle of a big cube and shoot at the 6 faces of the cube, one by one, rotating by 90 degrees each time. This is exactly how the game does: each face is rendered into a 128x128 HDR texture."

An anonymous reader writes: Apple's new set top box is on sale now, and has launched with several high profile games in the new tvOS App Store, including Guitar Hero Live and PS4 hit Transistor. However, as one writer points out, the Apple TV is still not an adequate console replacement, and it's not because of the graphics. Instead, several software issues and restrictions issued by Apple itself prevent developers from creating blockbuster exclusives for the platform, including the requirement that all games be playable using the bundled remote, lack of support for four players, and the 200MB initial app download limit. If these remain in place, can the Apple TV become a viable games platform, where the Ouya and PlayStation TV have failed before?

LichtSpektren writes: Andrew Tanenbaum, author of MINIX, writes: 'MINIX has been around now for about 30 years so it is (finally) time for the MINIXers to have a conference to get together, just as Linuxers and BSDers have been doing for a long time. The idea is to exchange ideas and experiences among MINIX 3 developers and users as well as discussing possible paths forward now that the ERC funding is over. Future developments will now be done like in any other volunteer-based open-source project. Increasing community involvement is a key issue here. Attend or give a presentation.' The con will be held on 1 February 2016 at the Vrije Universiteit in Amsterdam, the Netherlands.

An anonymous reader writes: The story will probably be familiar. My non-profit organization had a particular need (we want to communicate with government officials by offering anecdotes and stories of how we help their constituents), and while I created a solution, the time constraints and lack of experience, training and natural ability show. I'd like to do more with the code, both in terms of letting others have it for their needs and also because I'm sure talented coders could more quickly and efficiently solve some of the existing problems with my code. But how do I make that happen? What do I do with it?

I have every intention of continuing to work on it. I enjoyed the learning opportunity, and I've already identified a number of things I want to improve upon, but I recognize that even as crude as my code is, if it solved my issue it might help others too.

Do I just put it on Github or SourceForge and hope that someone else will have that magic formula of my use case and skill level (because someone more talented would probably make their own code easily enough, while someone less talented may not realize how doable the solution can be)? Do I try to find an existing project and see if I can shoe-horn my efforts in somewhere? Do I keep it to myself until some unspecified point in time that I realize it's right for sharing? Read on for further background information on this question.

jones_supa writes: "Christ people. This is just sh*t," begins Linus Torvalds in his message on the Linux Kernel Mailing List. Torvalds is grumpy because some new code added to the IPv6 subsystem has created conflicts. "The conflict I get is due to stupid new gcc header file crap," he writes. "But what makes me upset is that the crap is for completely bogus reasons." The new improved code uses fancy stuff that wants magical built-in compiler support and has silly wrapper functions for when it doesn't exist. Linus provides an alternative that contains a single and understandable conditional, which looks cleaner and generates better code.

theodp writes: At first glance, the proposal for A Code of Conduct for the Go Community (attributed to Google's Andrew Gerrand) seems reasonable enough. How can you argue with the goal of treating everyone with respect and kindness? But the Devil is in the detail, and the proposed Code notes there soon could be consequences for calling someone an "idiot" or saying something is "so simple even my grandma could understand it" (the latter "marginalises women and the elderly by implying that something need be simple for an old woman to understand it"). And the punishment meted out by the Go Code of Conduct Working Group to those who find themselves on the receiving end of an anonymous complaint could be anything from nothing to "a request for a private or public apology, a private reprimand from the working group to the individual(s) involved, a public reprimand, an imposed vacation (for instance, asking someone to 'take a week off' from a mailing list or IRC), or a permanent or temporary ban from some or all Go spaces (mailing lists, IRC, etc.)." And no, this doesn't appear to be a goof. So, might individuals and companies think twice about embracing a programming language whose community's Code of Conduct threatens to ruin reputations and ban people from technical support resources for life? Too late to get this added to the list of questions for Alan Donovan and Brian Kernighan?

ewhac writes: On 22 October, in a very terse commit message, Busybox removed its support for the controversial 'systemd' system management framework. The commit was made by Denys Vlasenko, and passed unremarked on the Busybox mailing lists. Judging from the diffs, system log integration is the most obvious consequence of the change.

yathosho writes with some good news for GitHub developers: GitHub's new Atom editor sees a first big update in version 1.1. Character measurement has been improved, fonts with ligatures and variable width fonts are now supported. The biggest new feature is probably live Markdown preview, matching the current theme. There's also a 1.2.0 beta available, for those who want to have a look into Atom's future.

chicksdaddy writes: Bug bounty programs are all the rage these days, with companies from Asana to Zendesk (http://bugsheet.com/directory) offering cash rewards for finding holes in their web sites. But is spending your weekends fuzzing someone else's application code really worth it? And is anyone really getting rich off bug bounties? The short answer is 'yes.' As this article at The Christian Science Monitor notes, top bounty researchers on sites like HackerOne and BugCrowd are indeed seeing big paydays — often in return for just hours of work perusing buggy websites. Among the eye-popping figures: researcher Mark Litchfield's $63,000 take over Labor Day weekend, which included the discovery of multiple remotely exploitable holes in a major web property, paying $15,000 each through HackerOne. Also profiled is researcher Frans Rosen and Sean "Meals" Melia, the number four ranked researcher on BugCrowd. Both claim to have netted six figure incomes in the last year on bug bounties alone. "It's like finding a gold nugget," Litchfield is quoted as saying. "Sometimes it's like finding my own gold mine."

An anonymous reader writes: The year 2015 heralded a number of notable Internet milestones — the humble .com domain name reached 30 years of age, while both eBay and Amazon reached the grand old age of 20. That the Internet Movie Database, a gargantuan film and TV show encyclopedia better known as IMDb, began 25 years ago as a pre-Web hobby project and is now one of the top 50 most visited websites on the Internet is a notable achievement. "IMDb is the only pure Internet company that can celebrate its 25th anniversary," said Col Needham, founder and CEO of IMDb, in an interview with VentureBeat.

AmiMoJo writes: According to data from Secunia, Apple's software for Windows is now the biggest threat to PC security, surpassing previous long term champion Java. Among U.S. users, some 61 percent of computers detected running QuickTime did not have the latest version. With iTunes, 47 percent of the installations were outdated versions. There were 18 vulnerabilities in Apple QuickTime 7 at the time of the study. Oracle has now fallen/risen to 2nd place, followed by Adobe. All three vendors bundle automatic updater utilities with their software, but users seem to be declining new versions. Update fatigue, perhaps?

Nerval's Lobster writes: The technology industry's unemployment rate crept up to 3.0 percent in the third quarter of 2015, according to the U.S. Bureau of Labor Statistics (BLS). Although that represents an increase from the second quarter, when tech unemployment stood at 2.0 percent, it's nonetheless lower than the 5.2 percent unemployment rate for the U.S. labor market as a whole. Despite that relatively low rate, however, many technology segments saw an accompanying rise in joblessness. (Dice link) Web developers, for example, saw their collective unemployment rate hit 5.10 percent, up from 3.70 percent in the same quarter last year. Computer systems analysts, programmers, network and systems administrators, software developers, and computer & information systems managers likewise experienced a slight rise in unemployment on a year-over-year basis.

theodp writes: In What is Computer Science?, the kickoff video for Facebook's new TechPrep diversity initiative, FB product manager Adriel Frederick explains how he was hooked-on-coding after seeing the magic of a BASIC PRINT statement. His simple BASIC example is a nice contrast to the more complicated JavaScript and Ruby examples that were chosen to illustrate Mark Zuckerberg's what-is-coding video for schoolkids. In How to Teach Your Baby to Read, the authors explain, "It is safe to say that in particular very young children can read, provided that, in the beginning, you make the print very big." So, is introducing coding to schoolkids with modern programming languages instead of something like BASIC (2006) or even (gasp!) spreadsheets (2002) the coding equivalent of "making the print too small" for a child to see and understand?

An anonymous reader writes with news of a malware campaign using hijacked MySQL servers to launch DDoS attacks. Symantec reports: "Attackers are compromising MySQL servers with the Chikdos malware to force them to conduct DDoS attacks against other targets. According to Symantec telemetry, the majority of the compromised servers are in India, followed by China, Brazil and the Netherlands, and are being used to launch attacks against an US hosting provider and a Chinese IP address."

Alan Donovan is a member of Google’s Go team in New York and holds computer science degrees from Cambridge and MIT. Since 2005, he has worked at Google on infrastructure projects and was the co-designer of its proprietary build system, Blaze. Brian Kernighan is a professor in the Computer Science Department at Princeton University. He was a member of technical staff in the Computing Science Research Center at Bell Labs, where he worked on languages and tools for Unix. He is the co-author of several books, including The C Programming Language, and The Practice of Programming. Recently, the pair have co-authored a soon to be released book titled The Go Programming Language. Alan and Brian have agreed to give us some of their time to answer any questions you may have about the upcoming book, Go, and programming in general. Ask as many questions as you'd like, but please keep them to one per post.

An anonymous reader writes: Oracle's Larry Ellison gave a presentation yesterday at OpenWorld in which he detailed how the M7 chip's new Silicon Secured Memory system works. "On the M7, pointers and their memory blocks are stamped with a 4-bit 'color,' and accesses are verified to make sure the color in the highest bits of the pointer matches the color of the memory allocation. This works with virtual memory allocated from the heap rather from the stack, it appears. Solaris tries to avoid giving adjacent blocks the same color." El Reg notes that a 4-bit security stamp doesn't really offer that many distinct options. "Four bits of color means there are 24, or 16, possible colors a memory block can have. A hijacked pointer has a one-in-16 chance of having a matching color when it accesses any block of memory, allowing it to circumvent the SSM defense mechanism. ... It is even possible [a hacker] can alter the color bits in a pointer to match the color of a block she wishes to access, and thus avoid any crashes and detection. In short, SSM is a mitigation rather than bulletproof protection." Still, Ellison claims this would have shut down vulnerabilities like Heartbleed and Venom.

New submitter AmericaCounterweight writes: Polygon is reporting that the MAME development team has unearthed and emulated one of the most obscure pieces of Sonic heritage: a popcorn machine. MAME developer David Haywood reports that contributors "purchased the PCB for another novelty Sonic item, this time a SegaSonic Popcorn Shop, a popcorn dispenser machine with a video display. It runs on the Sega C2 board (Genesis type hardware)." This follows news from earlier this year that the MAME team would be switching to a true Open Source license for the project and concentrating on more than just arcade games. MAME project coordinator Miodrag Milanovic also recently appeared at the BalCCon2k15 event to speak about MAME, the current direction of the project, and software preservation.

An anonymous reader writes: Automotive software issues such as the Jeep hack and Volkswagen cheating on emissions tests have made headlines this year, which means the public is thinking about software in cars like never before. Some experts have argued that mandating that such software be open source is a solution to the problem. In an article on Opensource.com, Ben Cotton writes that although there are definite benefits to public scrutiny of the software, code visibility alone is no guarantee. It's an important thing to bear in mind, because "Open, therefore secure" is an easy straw man to knock down.

New submitter DebugN writes: When ARM introduced 64-bit support to its architecture, it aimed for Linux application compatibility with prior 32-bit software on its architecture. But for Linux programmers, there remain some significant differences that can affect code behavior. If you are a Linux programmer working with — or will soon be working with — 64-bit, you might want to know what those differences are, and this useful EDN article says it all.