dcblogs writes "An analysis of 745 applications for violations of good architectural and coding practices found that Java applications had the most problems and Cobol-built systems, the least. Some 365 million lines of code were analyzed by Cast Software to assess 'technical debt,' or the cost to fix the violations. Java was calculated at $5.42 per line of code, while Cobol did best at $1.26. Cobol code had the least number of violations because programmers 'have been beating on it for 30 years,' said Cast. As far as Java goes, 'there are many people going into Java now that really don't have strong computer science backgrounds,' said its chief scientist, Bill Curtis."

New submitter dd1968 writes "Today IBM announced the release of a new set of Open Source development tools based on their EGL programming language. The announcement describes the tools as being built from the ground up on an 'open, extensible compiler and generator framework.' The one-language approach places an abstraction layer between the developer and target languages, frameworks, and runtime platforms."

First time accepted submitter clava writes "We have a desktop Java testing application that is going to be administering tests to students on lab computers running Ubuntu 10.x. These computers are used by the students for other purposes and we're not allowed to create special users or change the OS configuration. When the testing app is launched, we need to restrict users from exiting the app so they can't do things like search the internet for answers or use other applications. Is there a good way to put an Ubuntu machine in kiosk mode or something via our application and have exiting kiosk mode be password protected? Any ideas are appreciated."

Orome1 writes with a summary of a large survey of web applications by Veracode. From the article: "Considered 'low hanging fruit' because of their prevalence in software applications, XSS and SQL Injection are two of the most frequently exploited vulnerabilities, often providing a gateway to customer data and intellectual property. When applying the new analysis criteria, Veracode reports eight out of 10 applications fail to meet acceptable levels of security, marking a significant decline from past reports. Specifically for web applications, the report showed a high concentration of XSS and SQL Injection vulnerabilities, with XSS present in 68 percent of all web applications and SQL Injection present in 32 percent of all web applications."

New submitter Geist3 writes "Forbes has an article by Venkatesh Rao asserting that the safest investment for both corporations and individuals is in software developers. Throwing money at talented coders now — even on random projects — will build relationships that are likely to pay off big in the future. 'In what follows, I am deliberately going to talk about the developers like they are products in a meat market. For practical purposes, they are, since the vast majority of them haven't found a way to use their own scarcity to their advantage.'"

First time accepted submitter bushx writes "A little over a month ago, I assumed the position of programmer and sole IT personnel at a thriving e-commerce company. All the documentation I have is of my own creation, as I've spent most of my time reverse-engineering the systems in place just so I can understand how everything works together. Since I've started, I've done everything from network and phone upgrades to database maintenance with Perl, and thus far it's been immensely rewarding. But as I dig deeper, I notice the alarming number of band-aids applied by my predecessor, and it seems like the entire company's infrastructure is just a few problems away from a total meltdown. The big question now is, how do I, as a single person, effectively audit the network, servers, databases, backups, and formulate a long-term plan that can be implemented by one person? Is it possible? Where do I begin?"

itwbennett writes "In a blog post titled 'Why I Will Never Feel Threatened by Cheap Overseas Programming', John Larson tells the story of a startup that shipped its initial programming to India, paying $14 per hour, with predictably disastrous results. Larson concludes: 'I have yet to see a project done overseas at that sort of hourly rate that has actually gone well.' But in this not-uncommon tale of outsourcing woe, is the problem really with the programming or with unrealistic expectations?" The comments on Larson's blog post (originally titled "Why I Will Never Feel Threatened by Programmers in India") seem to me more valuable than the post itself.

New submitter ittybad writes "I work with a small web-based company, and, for some new web applications, we are looking to possibly change frameworks if it will be a benefit to our developers and our customers. We have experience with PHP's Symfony 1.4, and are not happy with what we are experiencing with Symfony 2.0. We have some Ruby guys who would love us to implement a Ruby on Rails solution, and our backend is Python powered — so maybe Django is the way to go. So, I ask you, Slashdotters, what web framework do you find to be the best and why? Why would you avoid others?"

theodp writes "Harvard Law School Prof Jonathan Zittrain explains in The Personal Computer is Dead why you should be afraid — very afraid — of the snowballing replicability of the App Store Model. 'If we allow ourselves to be lulled into satisfaction with walled gardens,' warns Zittrain, 'we'll miss out on innovations to which the gardeners object, and we'll set ourselves up for censorship of code and content that was previously impossible. We need some angry nerds.' Searchblog's John Battelle, who's also solidly in the tear-down-this-walled-garden camp, adds: 'I'm not a nerd, quite, but I'm sure angry.'"

An anonymous reader writes "Facebook plans to nearly double in size in the next year. The social network announced plans on Friday to dramatically expand its NYC operations, adding a wealth of new engineers to enhance features and write fresh code for the website that links more than 800 million users worldwide. 'We'll be adding thousands of employees in the next year,' Facebook COO Cheryl Sandberg announced from the company's New York City offices on Friday. Facebook currently has about 3,000 employees in California, Sandberg said, but just 100 in its Big Apple facility — mainly marketing staff. The company plans to expand that Madison Avenue office by opening its first East Coast engineering office."

snydeq writes "InfoWorld's Andrew Glover provides an in-depth comparison of Engine Yard and Heroku, two cloud-based, platform-as-a-service offerings for Ruby development. 'To put it simply, Heroku will appeal more to developers and Engine Yard will appeal to operations folks. Consequently, when evaluating the two platforms, one's choice usually comes down to what's more important: Heroku's rapid deployment via a hands-off infrastructure, or Engine Yard's total control over all aspects of application deployment, provisioning, and monitoring.'"

theodp writes "Steve Jobs took the secret to his grave, but Stanislav Datskovskiy offers some interesting and illustrated speculation on why HyperCard had to die. 'Jobs was almost certainly familiar with HyperCard and its capabilities,' writes Datskovskiy. 'And he killed it anyway. Wouldn't you love to know why? Here's a clue: Apple never again brought to market anything resembling HyperCard. Despite frequent calls to do so. Despite a more-or-less guaranteed and lively market. And I will cautiously predict that it never will again. The reason for this is that HyperCard is an echo of a different world. One where the distinction between the "use" and "programming" of a computer has been weakened and awaits near-total erasure. A world where the personal computer is a mind-amplifier, and not merely an expensive video telephone. A world in which Apple's walled garden aesthetic has no place.' Slashdotters have bemoaned the loss of HyperCard over the past decade, but Datskovskiy ends his post on a keep-hope-alive note, saying: 'Contemplate the fact that what has been built once could probably be built again.' Where have you gone, Bill Atkinson, a nation of potential programmers turns its lonely eyes to you."

itwbennett writes "A BBC article outlines a push to make software programming a basic course of study for British schoolchildren in hopes that Britain could become a major programming center for video games and special effects. Can earlier exposure to better technology courses reverse the declining enrollment in university computer science courses and make coding cool?"

An anonymous reader writes "I'm essentially a self-taught computer geek who started learning BASIC at age 12, but decided NOT to do the traditional computer-nerd thing (comp sci or physics, computer degree, etc.). I've essentially kept up with computers as a hobby, teaching myself web-design, Linux/LAMP, Javascript, and now Drupal. I've worked for a short time at a web dev shop but mostly have just done freelance projects and here-and-there stuff for websites or projects, many of which have gone under or are no longer accessible. I'm creative, have Photoshop/GIMP skills, I'm personable and self-motivated...and I'd like to get a 'real' job now but I don't really look like much on paper — how can I (specifically with Drupal) make myself look good on a CV and/or establish solid credentials that will make people more willing to take a chance and hire me? Will Drupalcon 2012 help me make inroads? Are there other ways to 'prove' myself to be a capable web admin/developer?"

New submitter sirjohn writes with the good news that "A small group of ICS and Nokia engineers have started working on a minimal bootstrap to bring fully functional Qt 5" to the Raspberry Pi, writing "Do you want to create the next big thing on embedded devices and have $35 to invest? You can now have a complete development environment with accelerated graphics for basically nothing. I think it's a big deal ..." Plus, Nokia is funding 400 of the boards and looking for ideas (and developers) to use them. The competition is stiff; there are already quite a few impressive ideas listed.

New submitter b0101101001010000 writes with some news for developers who'd like to work with the newest version of Android: "We've just released preview ICS builds of Freescale's iMX53, ST Ericsson's Snowball, Samsung's Origen and TI's Panda boards (AOSP supports Panda out of the box; this just contains a kernel that based on Linus' HEAD). This should give Android platform developers on these platforms a good base to work from."

mikejuk writes "Stanford University is offering the online world more of its undergraduate level CS courses. These free courses consist of You Tube videos with computer-marked quizzes and programming assignments. The ball had been started rolling by Sebastian Thrun and Peter Norvig's free online version of their Stanford AI class, for which they hoped to reach an audience in the order of a hundred thousand, a target which they seem to have achieved. As well as the previously announced Machine learning course you can now sign up to any of: Computer Science 101, Software as a Service, Human-Computer Interaction, Natural Language Processing, Game Theory, Probabilistic Graphical Models, Cryptography and Design and Analysis of Algorithms. Almost a complete computer science course and they are adding more. Introductory videos and details are available from each courses website."

LinuxScribe writes with this bit from IT World: "In an effort to foil crackers' attempts to cover their tracks by altering text-based syslogs, and improve the syslog process as a whole, developers Lennart Poettering and Kay Sievers are proposing a new tool called The Journal. Using key/value pairs in a binary format, The Journal is already stirring up a lot of objections." Log entries are "cryptographically hashed along with the hash of the previous entry in the file" resulting in a verifiable chain of entries. This is being done as an extension to systemd (git branch). The design doesn't just make logging more secure, but introduces a number of overdue improvements to the logging process. It's even compatible with the standard syslog interface allowing it to either coexist with or replace the usual syslog daemon with minimal disruption.

rsk writes "Since the Ubuntu One desktop synchronization service was launched by Canonical it has always been powered by CouchDB, a popular document-oriented NoSQL data store with a powerful master-master replication architecture that runs in many different environments (servers, mobile devices, etc.). John Lenton, senior engineering manager at Canonical, announced that Canonical would be moving away from CouchDB due to a few unresolvable issues Canonical ran into in production with CouchDB and the scale/requirements of the Ubuntu One service. Instead, says Lenton, Canonical will be moving to a custom data storage abstraction layer (U1DB) that is platform agnostic as well as datastore agnostic; utilizing the native datastore on the host device (e.g. SQLite, MySQL, API layers, 'everything'). U1DB will be complete at some point after the 12.04 release."

dartttt writes "Not many people know that Kernel releases have their codenames. Most of the Linux 2.6 and 3.x kernels include a name in the Makefile of their source trees, which can be found in the git repository. They are not publicized as such but some of them are really hilarious."