×
Education

Ask Slashdot: "Real" Computer Scientists vs. Modern Curriculum? 637

Posted by timothy from the onions-in-those-days-were-called-zumboes dept.
An anonymous reader writes At work yesterday, I overheard a programmer explaining his perception of the quality of the most recent CS grads. In his opinion, CS students who primarily learn Java are inferior because they don't have to deal with memory management as they would if they used C. As a current CS student who's pursing a degree after 10 years of experience in the IT field, I have two questions for my fellow Slashdoters: "Is this a common concern with new CS grads?" and, if so, "What can I do to supplement my Java-oriented studies?"
Android

Old Apache Code At Root of Android FakeID Mess 127

Posted by Soulskill from the write-once-run-anywhere dept.
chicksdaddy writes: A four-year-old vulnerability in an open source component that is a critical part of Android leaves hundreds of millions of mobile devices susceptible to silent malware infections. The vulnerability affects devices running Android versions 2.1 to 4.4 ("KitKat"), according to a statement released by Bluebox. The vulnerability was found in a package installer in affected versions of Android. The installer doesn't attempt to determine the authenticity of certificate chains that are used to vouch for new digital identity certificates. In short, Bluebox writes, "an identity can claim to be issued by another identity, and the Android cryptographic code will not verify the claim."

The security implications of this are vast. Malicious actors could create a malicious mobile application with a digital identity certificate that claims to be issued by Adobe Systems. Once installed, vulnerable versions of Android will treat the application as if it was actually signed by Adobe and give it access to local resources, like the special webview plugin privilege, that can be used to sidestep security controls and virtual 'sandbox' environments that keep malicious programs from accessing sensitive data and other applications running on the Android device. The flaw appears to have been introduced to Android through an open source component, Apache Harmony. Google turned to Harmony as an alternative means of supporting Java in the absence of a deal with Oracle to license Java directly.

Work on Harmony was discontinued in November, 2011. However, Google has continued using native Android libraries that are based on Harmony code. The vulnerability concerning certificate validation in the package installer module persisted even as the two codebases diverged.
Security

Internet Explorer Vulnerabilities Increase 100% 137

Posted by samzenpus from the protect-ya-neck dept.
An anonymous reader writes Bromium Labs analyzed public vulnerabilities and exploits from the first six months of 2014. The research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities. Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently.
Robotics

Autonomous Sea-Robot Survives Massive Typhoon 47

Posted by Unknown Lamer from the ride-the-wave dept.
jfruh (300774) writes Liquid Robotics and its Wave Glider line of autonomous seafaring robots became famous when Java inventor James Gosling left Google to join the company. Now one of its robots has passed an impressive real-world test, shrugging off a monster typhoon in the South China Sea that inflicted hundreds of millions of dollars of damage on the region.
Media

Open-Source Blu-Ray Library Now Supports BD-J Java 94

Posted by Soulskill from the hack-it-until-it-works dept.
An anonymous reader writes: Updates to the open-source libbluray, libaacs, and libbdplus libraries have improved the open-source Blu-ray disc support to now enable the Blu-ray Java interactivity layer (BD-J). The Blu-ray Java code is in turn executed by OpenJDK or the Oracle JDK and is working well enough to play a Blu-ray disc on the Raspberry Pi when paired with the VLC media player."
Python

Python Bumps Off Java As Top Learning Language 415

Posted by Soulskill from the from-college-import-education dept.
itwbennett writes: Python has surpassed Java as the top language used to introduce U.S. students to programming and computer science, according to a recent survey posted by the Association for Computing Machinery (ACM). Eight of the top 10 computer science departments now use Python to teach coding, as well as 27 of the top 39 schools, indicating that it is the most popular language for teaching introductory computer science courses, according to Philip Guo, a computer science researcher who compiled the survey for ACM."
Programming

Famo.us: Do We Really Need Another JavaScript Framework? 104

Posted by Soulskill from the let's-create-a-javascript-framework-to-find-out dept.
An anonymous reader writes Front-end developer Jaroen Janssen has a post about Famo.us, "a custom built JavaScript 3D rendering and physics engine meant as a replacement for the standard layout engine of the browser." The engine effectively replaces a big chunk of HTML5 in order to render more efficiently by using technology based on WebGL. Janssen questions whether the world really needs another JavaScript framework: "Is it a bad thing that Famo.us replaces major parts of HTML5? To be honest, I'm not sure. As a Front-end developer I have to admit it makes me slightly uneasy to have to use a custom API instead of 'standard' HTML5. On the other hand, like almost everyone that makes web apps for a living, I have been terribly frustrated by some of HTML5 limitations, like slowness and browser incompatibilities. Either way, it might be a good thing to try a fundamentally different approach so I'm keeping an open mind for now.

Famo.us chases another holy grail, namely the 'write once, run anywhere' dream. Instead of having to write different code for different platforms, like iOS and Android, developers can write one application that works and looks as good on all platforms, in theory anyway. This of course saves a huge amount of time and resources. Unfortunately, this idea is not without its problems and has never really worked very well with earlier attempts like Java-applets, Flash and Silverlight. In the end native applications have so far always been faster and slicker and I'm pretty skeptical Famo.us will be able to change this."
Bug

Why Software Builds Fail 279

Posted by Soulskill from the failure-to-bribe-the-hamster dept.
itwbennett writes: A group of researchers from Google, the Hong Kong University of Science and Technology and the University of Nebraska undertook a study of over 26 million builds by 18,000 Google engineers from November 2012 through July 2013 to better understand what causes software builds to fail and, by extension, to improve developer productivity. And, while Google isn't representative of every developer everywhere, there are a few findings that stand out: Build frequency and developer (in)experience don't affect failure rates, most build errors are dependency-related, and C++ generates more build errors than Java (but they're easier to fix).
Oracle

Court: Oracle Entitled To Copyright Protection Over Some Parts of Java 303

Posted by Soulskill from the cue-the-wailing-and-gnashing-of-teeth dept.
An anonymous reader writes "Remember the court battle between Google and Oracle? It's the one where Oracle claimed Android violated Oracle's patents and copyright related to Java. Oracle thought they deserved $6 billion in compensation, but ended up getting nothing. Well, it's still going, and the tide is turning somewhat in Oracle's favor. An appeals court decided that Oracle can claim copyright over some parts of Java. It's a complicated ruling (PDF) — parts of it went Google's way and parts of it went Oracle's way — but here's the most important line: '[T]he declaring code and the structure, sequence, and organization of the 37 Java API packages at issue are entitled to copyright protection.' A jury's earlier finding of infringement has been reinstated, and now it's up to Google to justify its actions under fair use."
Government

One-a-Day-Compiles: Good Enough For Government Work In 1983 230

Posted by Unknown Lamer from the could-have-had-a-lisp-machine dept.
theodp (442580) writes "Simon Allardice takes a stroll down coding memory lane, recalling that when he got started in programming in 1983, hand-writing one's programs with pencil on IBM coding sheets was still considered good enough for British government work (COBOL, Assembler forms). Allardice writes, 'And when you were finished handwriting a section of code — perhaps a full program, perhaps a subroutine — you'd gather these sheets together (carefully numbered in sequence, of course) and send them along to the folks in the data entry department. They'd type it in. And the next day you'd get a report to find out if it compiled or not. Let me say that again: the next day you could find out if your code compiled or not.' So, does anyone have 'fond' memories of computer programming in the punched card era? And for you young'uns, what do you suppose your C++ or Java development times would be like if you got one compile a day?" The other way you could program in 1983.
Programming

Code Quality: Open Source vs. Proprietary 139

Posted by Soulskill from the put-your-money-where-your-code-is dept.
just_another_sean sends this followup to yesterday's discussion about the quality of open source code compared to proprietary code. Every year, Coverity scans large quantities of code and evaluates it for defects. They've just released their latest report, and the findings were good news for open source. From the article: "The report details the analysis of 750 million lines of open source software code through the Coverity Scan service and commercial usage of the Coverity Development Testing Platform, the largest sample size that the report has studied to date. A few key points: Open source code quality surpasses proprietary code quality in C/C++ projects. Linux continues to be a benchmark for open source quality. C/C++ developers fixed more high-impact defects. Analysis found that developers contributing to open source Java projects are not fixing as many high-impact defects as developers contributing to open source C/C++ projects."
IBM

Fifty Years Ago IBM 'Bet the Company' On the 360 Series Mainframe 169

Posted by timothy from the y'-tell-the-kids-that-today dept.
Hugh Pickens DOT Com (2995471) writes "Those of us of a certain age remember well the breakthrough that the IBM 360 series mainframes represented when it was unveiled fifty years ago on 7 April 1964. Now Mark Ward reports at BBC that the first System 360 mainframe marked a break with all general purpose computers that came before because it was possible to upgrade the processors but still keep using the same code and peripherals from earlier models. "Before System 360 arrived, businesses bought a computer, wrote programs for it and then when it got too old or slow they threw it away and started again from scratch," says Barry Heptonstall. IBM bet the company when they developed the 360 series. At the time IBM had a huge array of conflicting and incompatible lines of computers, and this was the case with the computer industry in general at the time, it was largely a custom or small scale design and production industry, but IBM was such a large company and the problems of this was getting obvious: When upgrading from one of the smaller series of IBM computers to a larger one, the effort in doing that transition was so big so you might as well go for a competing product from the "BUNCH" (Burroughs, Univac, NCR, CDC and Honeywell). Fred Brooks managed the development of IBM's System/360 family of computers and the OS/360 software support package and based his software classic "The Mythical Man-Month" on his observation that "adding manpower to a late software project makes it later." The S/360 was also the first computer to use microcode to implement many of its machine instructions, as opposed to having all of its machine instructions hard-wired into its circuitry. Despite their age, mainframes are still in wide use today and are behind many of the big information systems that keep the modern world humming handling such things as airline reservations, cash machine withdrawals and credit card payments. "We don't see mainframes as legacy technology," says Charlie Ewen. "They are resilient, robust and are very cost-effective for some of the work we do.""
United States

NSA Infiltrated RSA Deeper Than Imagined 168

Posted by samzenpus from the bad-to-worse dept.
Rambo Tribble (1273454) writes "Reuters is reporting that the U.S. National Security Agency managed to have security firm RSA adopt not just one, but two security tools, further facilitating NSA eavesdropping on Internet communications. The newly discovered software is dubbed 'Extended Random', and is intended to facilitate the use of the already known 'Dual Elliptic Curve' encryption software's back door. Researchers from several U.S. universities discovered Extended Random and assert it could help crack Dual Elliptic Curve encrypted communications 'tens of thousands of times faster'."
Google

MIT Researchers Bring JavaScript To Google Glass 70

Posted by samzenpus from the nice-glasses dept.
colinneagle (2544914) writes "Earlier this week, Brandyn White, a PhD candidate at the University of Maryland, and Scott Greenberg, a PhD candidate at MIT, led a workshop at the MIT Media Lab to showcase an open source project called WearScript, a JavaScript environment that runs on Google Glass. White demonstrated how Glass's UI extends beyond its touchpad, winks, and head movements by adding a homemade eye tracker to Glass as an input device. The camera and controller were dissected from a $25 PC video camera and attached to the Glass frame with a 3D-printed mount. A few modifications were made, such as replacing the obtrusively bright LEDs with infrared LEDs, and a cable was added with a little soldering. The whole process takes about 15 minutes for someone with component soldering skills. With this eye tracker and a few lines of WearScript, the researchers demonstrated a new interface by playing Super Mario on Google Glass with just eye movements."
Programming

Ask Slashdot: Moving From Tech Support To Development? 133

Posted by timothy from the which-flavor-of-ice-cream? dept.
An anonymous reader writes "My eastern European tech-support job will be outsourced in 6 months to a nearby country. I do not wish to move, having relationship and roots here, and as such I stand at a crossroads. I could take my current hobby more seriously and focus on Java development. I have no degree, no professional experience in the field, and as such, I do not hold much market value for an employer. However, I find joy in the creative problem solving that programming provides. Seeing the cogs finally turn after hours invested gives me pleasures my mundane work could never do. The second option is Linux system administration with a specialization in VMware virtualisation. I have no certificates, but I have been around enterprise environments (with limited support of VMware) for 21 months now, so at the end of my contract with 27 months under my belt, I could convince a company to hire me based on willingness to learn and improve. All the literature is freely available, and I've been playing with VDIs in Debian already.

My situation is as follows: all living expenses except food, luxuries and entertainment is covered by the wage of my girlfriend. That would leave me in a situation where we would be financially alright, but not well off, if I were to earn significantly less than I do now. I am convinced that I would be able to make it in system administration, however, that is not my passion. I am at an age where children are not a concern, and risks seem to be, at first sight, easier to take. I would like to hear the opinion and experience of fellow readers who might have been in a similar situation."
Java

Java 8 Officially Released 302

Posted by Soulskill from the gluten-free,-no-trans-fats dept.
darthcamaro writes "Oracle today officially released Java 8, nearly two years after Java 7, and after much delay. The new release includes a number of critical new features, including Lambda expressions and the new Nashorn JavaScript engine. Java 8, however, is still missing at least one critical piece that Java developers have been asking for, for years. 'It's a pity that some of the features like Jigsaw were dropped as modularity, runtime dependencies and interoperability are still a huge problem in Java,' James Donelan, vice president of engineering at MuleSoft said. 'In fact this is the one area where I still think Java has a long way to go.'"
Programming

Ask Slashdot: Can an Old Programmer Learn New Tricks? 306

Posted by Unknown Lamer from the new-and-exciting-skills dept.
An anonymous reader writes "I have been programming in some fashion, for the last 18 years. I got my first job programming 15 years ago and have advanced my career programming, leading programmers and bringing my technical skill sets into operations and other areas of the business where problems can be solved with logical solutions. I learned to program on the Internet in the 90s.. scouring information where ever I could and reading the code others wrote. I learned to program in a very simple fashion, write a script and work your way to the desired outcome in a straight forward logical way. If I needed to save or reuse code, I created include files with functions. I could program my way through any problem, with limited bugs, but I never learned to use a framework or write modular, DRY code. Flash forward to today, there are hundreds of frameworks and thousands of online tutorials, but I just can't seem to take the tutorials and grasp the concepts and utilize them in a practical manner. Am I just too old and too set in my ways to learn something new? Does anyone have any recommendations for tutorials or books that could help a 'hacker' like me? Also, I originally learned to program in Perl, but moved onto C and eventually PHP and Python."
Firefox

Firefox Was the Most Attacked & Exploited Browser At Pwn2own 2014 207

Posted by Soulskill from the foxes-provide-the-best-sport dept.
darthcamaro writes "Though IE, Chrome and Safari were all attacked and all were exploited, no single web browser was exploited at this year's Pwn2own hacking challenge as Mozilla Firefox. A fully patched version of Firefox was exploited four different times by attackers, each revealing new zero-day vulnerabilities in the open-source web browser. When asked why Mozilla was attacked so much this year, Sid Stamm, senior engineering manager of security and privacy said, 'Pwn2Own offers very large financial incentives to researchers to expose vulnerabilities, and that may have contributed in part to the researchers' decision to wait until now to share their work and help protect Firefox users.' The Pwn2own event paid researchers $50,000 for each Firefox vulnerability. Mozilla now pays researcher only $3,000 per vulnerability."
Education

Ask Slashdot: Online, Free Equivalent To a CompSci BS? 197

Posted by timothy from the yes-but-how dept.
An anonymous reader writes "I am a middle school math teacher and I also run a programming club. I recent completed my M.Ed in math education and was inspired to try to do the new GT online MS in Computer Science in a couple of years. I have some background in programming: two intro to comp sci courses, Java, C++, Python, the main scripting languages, and a bunch of math background. I also read through this great article on getting these pre-requisites completed through Coursera but unfortunately you need to wait for courses to enroll. I would like to just learn these on my own time, no credit necessary. Suggestions?"

Slashdot Top Deals