United States

NSA Infiltrated RSA Deeper Than Imagined 168

Rambo Tribble (1273454) writes "Reuters is reporting that the U.S. National Security Agency managed to have security firm RSA adopt not just one, but two security tools, further facilitating NSA eavesdropping on Internet communications. The newly discovered software is dubbed 'Extended Random', and is intended to facilitate the use of the already known 'Dual Elliptic Curve' encryption software's back door. Researchers from several U.S. universities discovered Extended Random and assert it could help crack Dual Elliptic Curve encrypted communications 'tens of thousands of times faster'."
Google

MIT Researchers Bring JavaScript To Google Glass 70

colinneagle (2544914) writes "Earlier this week, Brandyn White, a PhD candidate at the University of Maryland, and Scott Greenberg, a PhD candidate at MIT, led a workshop at the MIT Media Lab to showcase an open source project called WearScript, a JavaScript environment that runs on Google Glass. White demonstrated how Glass's UI extends beyond its touchpad, winks, and head movements by adding a homemade eye tracker to Glass as an input device. The camera and controller were dissected from a $25 PC video camera and attached to the Glass frame with a 3D-printed mount. A few modifications were made, such as replacing the obtrusively bright LEDs with infrared LEDs, and a cable was added with a little soldering. The whole process takes about 15 minutes for someone with component soldering skills. With this eye tracker and a few lines of WearScript, the researchers demonstrated a new interface by playing Super Mario on Google Glass with just eye movements."
Programming

Ask Slashdot: Moving From Tech Support To Development? 133

An anonymous reader writes "My eastern European tech-support job will be outsourced in 6 months to a nearby country. I do not wish to move, having relationship and roots here, and as such I stand at a crossroads. I could take my current hobby more seriously and focus on Java development. I have no degree, no professional experience in the field, and as such, I do not hold much market value for an employer. However, I find joy in the creative problem solving that programming provides. Seeing the cogs finally turn after hours invested gives me pleasures my mundane work could never do. The second option is Linux system administration with a specialization in VMware virtualisation. I have no certificates, but I have been around enterprise environments (with limited support of VMware) for 21 months now, so at the end of my contract with 27 months under my belt, I could convince a company to hire me based on willingness to learn and improve. All the literature is freely available, and I've been playing with VDIs in Debian already.

My situation is as follows: all living expenses except food, luxuries and entertainment is covered by the wage of my girlfriend. That would leave me in a situation where we would be financially alright, but not well off, if I were to earn significantly less than I do now. I am convinced that I would be able to make it in system administration, however, that is not my passion. I am at an age where children are not a concern, and risks seem to be, at first sight, easier to take. I would like to hear the opinion and experience of fellow readers who might have been in a similar situation."
Java

Java 8 Officially Released 302

darthcamaro writes "Oracle today officially released Java 8, nearly two years after Java 7, and after much delay. The new release includes a number of critical new features, including Lambda expressions and the new Nashorn JavaScript engine. Java 8, however, is still missing at least one critical piece that Java developers have been asking for, for years. 'It's a pity that some of the features like Jigsaw were dropped as modularity, runtime dependencies and interoperability are still a huge problem in Java,' James Donelan, vice president of engineering at MuleSoft said. 'In fact this is the one area where I still think Java has a long way to go.'"
Programming

Ask Slashdot: Can an Old Programmer Learn New Tricks? 306

An anonymous reader writes "I have been programming in some fashion, for the last 18 years. I got my first job programming 15 years ago and have advanced my career programming, leading programmers and bringing my technical skill sets into operations and other areas of the business where problems can be solved with logical solutions. I learned to program on the Internet in the 90s.. scouring information where ever I could and reading the code others wrote. I learned to program in a very simple fashion, write a script and work your way to the desired outcome in a straight forward logical way. If I needed to save or reuse code, I created include files with functions. I could program my way through any problem, with limited bugs, but I never learned to use a framework or write modular, DRY code. Flash forward to today, there are hundreds of frameworks and thousands of online tutorials, but I just can't seem to take the tutorials and grasp the concepts and utilize them in a practical manner. Am I just too old and too set in my ways to learn something new? Does anyone have any recommendations for tutorials or books that could help a 'hacker' like me? Also, I originally learned to program in Perl, but moved onto C and eventually PHP and Python."
Firefox

Firefox Was the Most Attacked & Exploited Browser At Pwn2own 2014 207

darthcamaro writes "Though IE, Chrome and Safari were all attacked and all were exploited, no single web browser was exploited at this year's Pwn2own hacking challenge as Mozilla Firefox. A fully patched version of Firefox was exploited four different times by attackers, each revealing new zero-day vulnerabilities in the open-source web browser. When asked why Mozilla was attacked so much this year, Sid Stamm, senior engineering manager of security and privacy said, 'Pwn2Own offers very large financial incentives to researchers to expose vulnerabilities, and that may have contributed in part to the researchers' decision to wait until now to share their work and help protect Firefox users.' The Pwn2own event paid researchers $50,000 for each Firefox vulnerability. Mozilla now pays researcher only $3,000 per vulnerability."
Education

Ask Slashdot: Online, Free Equivalent To a CompSci BS? 197

An anonymous reader writes "I am a middle school math teacher and I also run a programming club. I recent completed my M.Ed in math education and was inspired to try to do the new GT online MS in Computer Science in a couple of years. I have some background in programming: two intro to comp sci courses, Java, C++, Python, the main scripting languages, and a bunch of math background. I also read through this great article on getting these pre-requisites completed through Coursera but unfortunately you need to wait for courses to enroll. I would like to just learn these on my own time, no credit necessary. Suggestions?"
Programming

Ask Slashdot: Reviewing 3rd Party Libraries? 88

Carcass666 writes "It is usually good to use existing libraries, rather than reinventing the wheel, especially with open source. Unfortunately, sometimes we have to work with closed source implementations. Recently, we were diagnosing a .NET assembly and, after getting nowhere with the vendor, ran it through a decompiler. The code was a morass of SQL concatenation, sloppy type conversions, and various things that are generally thought of as insecure.

My question is: What are Slashdot readers' preferred tools for analyzing .NET and Java compiled libraries (not source code) for potential security vulnerabilities? Ideally, I would like to know if a library is a security liability before I code against it. For example, Microsoft used to have something called FxCop, but it hasn't been updated for current versions of the .NET framework."
Open Source

Spark Advances From Apache Incubator To Top-Level Project 24

rjmarvin writes "The Apache Software Foundation announced that Spark, the open-source cluster-computing framework for Big Data analysis has graduated from the Apache Incubator to a top-level project. A project management committee will guide the project's day-to-day operations, and Databricks cofounder Matei Zaharia will be appointed VP of Apache Spark. Spark runs programs 100x faster than Apache Hadoop MapReduce in memory, and it provides APIs that enable developers to rapidly develop applications in Java, Python or Scala, according to the ASF."
Google

Google's Project Tango Seeks To Map a 3D World 49

Nerval's Lobster writes "Google's Advanced Technology and Projects Group is working on a new initiative, Project Tango, which could allow developers to quickly map objects and interiors in 3D. At the heart of Project Tango is a prototype smartphone with a 5-inch screen, packed with hardware and software optimized to take 3D measurements of the surrounding environment. The associated development APIs can feed tons of positioning and orientation data to Android applications written in Java, C/C++, and the Unity Game Engine. In addition to a 'standard' 4-megapixel camera, the device features a motion-tracking camera and an aperture for integrated depth sensing; integrated into the circuitry are two computer-vision processors. Google claims it only has 200 developer units in stock, and it's willing to give them to independent developers who can submit a detailed idea for a project involving 3D mapping of some sort. The deadline for unit distribution is March 14, 2014. In theory, developers could use ultra-portable 3D mapping to create better maps, visualizations, and games. ('What if you could search for a product and see where the exact shelf is located in a super-store?' Google's Website asks at one point.) The bigger question is what Google intends to do with the technology if it proves effective. Google Maps with super-detailed interiors, anyone?"
Programming

Can Reactive Programming Handle Complexity? 149

Nerval's Lobster writes "A recent article on Reactive Programming, which suggested that five lines of Reactive could solve a problem that required 500 lines using Java or 200 lines using triggers, led many readers to question (passionately) whether Reactive enables you to address not just typical problems, but complex ones as well. In a follow-up column, Espresso Logic CTO Val Huber argues that, while it certainly can't solve all use cases, Reactive Programming is very capable of addressing many complex problems, and can address all other scenarios via a transparent integration with procedural languages. He shows how Reactive can handle complexity using two different scenarios: a classically complicated database application (a bill of materials price rollup) and procedural integration (to address external systems such as email and transactions not limited by a database update). Take a look at his work; do you agree?"
Australia

Australia's Bureau of Meteorology Dumps Water Data Project 112

littlekorea writes "Australia's weather bureau has racked up bills of $38 million for a water data system, based on Red Hat Linux, MySQL and Java, that was originally scheduled to cost somewhere between $2 million and $5 million. The Bureau's supplier, an ASX-listed IT services provider SMS Management and Technology, did a good job of embedding itself in the bureau, with all changes having to be made by the original consultant that built it."
Java

Eclipse Foundation Celebrates 10 Years 155

msmoriarty writes with news that the Eclipse foundation is ten years old this week. Although Eclipse was released in 2001, development was controlled by IBM until the creation of the independent Eclipse Foundation in 2004. "According to Eclipse Foundation Director Mike Milinkovich, that's a major reason Eclipse was able to thrive: 'IBM....did an exemplary job of setting Eclipse free ... We became the first open source organization to show that real competitors could collaborate successfully within the community.' He also talks about misconceptions about Eclipse, its current open source success, and what he sees for the future."
Programming

The JavaScript Juggernaut Rolls On 505

JThaddeus writes "An article in TechWorld Australia summarizes the latest opinions on JavaScript from ThoughtWorks: 'There is no end in sight to the rise of JavaScript... "I think JavaScript has been seen as a serious language for the last two or three years; I think now increasingly we're seeing JavaScript as a platform," said Sam Newman, ThoughtWorks' Global Innovation Lead.' The article touches on new additions to JavaScript tools, techniques, and languages built on JavaScript. As the fuller report (PDF) says, 'The ecosystem around JavaScript as a serious application platform continues to evolve. Many interesting new tools for testing, building, and managing dependencies in both server- and client-side JavaScript applications have emerged recently.'"
Programming

Ask Slashdot: Configuring Development Environment On a Shared Workstation? 158

First time accepted submitter xyourfacekillerx writes "After a long hiatus of developing (ASP.NET), I decided to pick it up again. I need to learn .NET and SQL for my new job (GIS tech using ESRI software). Down the road they need a PHP website, tons of automation tasks, some serious data consolidation, they want mobile apps in theory. This is not my job description, but I'm sure I can do it. Long story short, I need to setup a development environment on my home desktop, so I can do all this in my spare time. Trouble is, I share the machine (Win 8.1, 2.7 dual core pentium something or other, with virtualization support.) I want to avoid affecting the other users profiles. I currently use my profile for music production (Reason) and photography (Photoshop, et al) so it's already resource intensive with RAM, CPU and VMM. I'll be needing to install all of your basic Microsoft developer suites, IIS, SQl Server, ANdroid SDK, Java SDK, device emulators, etc. etc. Plus AMP and finally GIS software. There will obviously be a lot of services running, long build times, and so on. To wit, I wouldn't be able to use my desktop for my other purposes like the music editing. So I need some advice. Would it help to set up all these tools under a different account on the same Win 8.1 install? Or should I virtualize my development environment (and how?), and run the virtual machine side by side? Or should I add a HDD or secondary partition and boot to that when I intend to develop? I am poor ATM, but is there a cheap very mini PC I can place next to my desktop and run all my development software off that, remote desktop into it? I've done a lot of googling the last week and haven't turned up anything, so I turn to Slashdot. Please help me get organized so I can start coding again."
Java

Oracle Seeking Community Feedback on Java 8 EE Plans 109

An anonymous reader writes with this quick bite from Info Q: "Oracle is seeking feedback from the Java community about what it should work on for the next version of Java EE, the popular and widely used enterprise framework. As well as standardizing APIs for PaaS and SaaS the vendor is looking at removing some legacy baggage including EJB 2.x remote and local client view (EJBObject, EJBLocalObject, EJBHome, and EJBLocalHome interfaces) and CORBA."
Sun Microsystems

James Gosling Grades Oracle's Handling of Sun's Tech 223

snydeq writes "With the four-year anniversary of Oracle's Sun Microsystems acquisition looming, InfoWorld reached out to Java founder James Gosling to rate how Oracle has done in shepherding Sun technology. Gosling gives Oracle eyebrow-raising grades, lauding Oracle's handling of Java, despite his past acrimony toward Oracle over Java (remember those T-shirts?), and giving Oracle a flat-out failing grade on what has become of Solaris OS."
Programming

How Reactive Programming Differs From Procedural Programming 186

Nerval's Lobster writes "A recent post on Reactive Programming triggered discussions about what is and isn't considered Reactive Logic. In fact, many have already discovered that Reactive Programming can help improve quality and transparency, reduce programming time and decrease maintenance. But for others, it raises questions like: How does Reactive differ from conventional event-oriented programming? Isn't Reactive just another form of triggers? What kind of an improvement in coding can you expect using Reactive and why? So to help clear things up, columnist and Espresso Logic CTO Val Huber offers a real-life example that he claims will show the power and long-term advantages Reactive offers. 'In this scenario, we'll compare what it takes to implement business logic using Reactive Programming versus two different conventional procedural Programming models: Java with Hibernate and MySQL triggers,' he writes. 'In conclusion, Reactive appears to be a very promising technology for reducing delivery times, while improving system quality. And no doubt this discussion may raise other questions on extensibility and performance for Reactive Programming.' Do you agree?"
Java

Oracle Promises Patches Next Week For 36 Exploits In Latest Java 154

An anonymous reader writes "Oracle is posting patches for all its products next Tuesday, which include 36 exploits for Java alone and over 140 for all Oracle products currently supported, included over 80 that require no authentication to execute.These patches look to be critical for any administrator. Java 6 users who use equipment or programs that rely on older versions are SOL unless they sign up for a very expensive support contract, as these patches are for Java 7 only."
Advertising

Yahoo Advertising Serves Up Malware For Thousands 184

wjcofkc writes "Thousands of users have been affected by malicious advertisements served by ads.yahoo.com. The attack, which lasted several days, exploited vulnerabilities in Java and installed malware. The Netherlands based Fox-IT estimates that the infection rate was at about 27,000 infections per hour. In response to the breach in security, Yahoo issued the following statement, 'At Yahoo, we take the safety and privacy of our users seriously. We recently identified an ad designed to spread malware to some of our users. We immediately removed it and will continue to monitor and block any ads being used for this activity.' While the source of the attack remains unknown, Fox-IT says it appears to be 'financially motivated.' The Washington Post cites this incident as a reminder that Java has become an Internet security menace."

Slashdot Top Deals