Bug

Researchers Demo Exploits Bypassing UEFI Secure Boot 100

itwbennett writes "Researchers demonstrated at Black Hat this week two attacks that bypassed Secure Boot in order to install a UEFI bootkit — boot rootkit — on affected computers. The first exploit works because certain vendors do not properly protect their firmware, allowing an attacker to modify the code responsible for enforcing Secure Boot, said researcher Yuriy Bulygin, who works at McAfee. The second exploit demonstrated by the researchers can run in user mode, which means that an attacker would only need to gain code execution rights on the system by exploiting a vulnerability in a regular application like Java, Adobe Flash, Microsoft Office or others. In both cases, the exploits are possible not because of vulnerabilities in Secure Boot itself, but because of UEFI implementation errors made by platform vendors." Of course, a hardware security system that is too complex to verify seems like a fatal flaw.
Java

Using Java In Low Latency Environments 371

twofishy writes "Something I've noticed amongst financial service companies in London is a growing use of Java in preference to C/C++ for exchange systems, High Frequency Trading and over low-latency work. InfoQ has a good written panel discussion with Peter Lawrey, Martin Thompson, Todd L. Montgomery and Andy Piper. From the article: 'Often the faster an algorithm can be put into the market, the more advantage it has. Many algorithms have a shelf life and quicker time to market is key in taking advantage of that. With the community around Java and the options available, it can definitely be a competitive advantage, as opposed to C or C++ where the options may not be as broad for the use case. Sometimes, though, pure low latency can rule out other concerns. I think currently, the difference in performance between Java and C++ is so close that it's not a black and white decision based solely on speed. Improvements in GC techniques, JIT optimizations, and managed runtimes have made traditional Java weaknesses with respect to performance into some very compelling strengths that are not easy to ignore.'"
Java

Love and Hate For Java 8 434

snydeq writes "Java 8 brings exciting developments, but as with any new technology, you can count on the good, the bad, and the headaches, writes Andrew C. Oliver. 'Java 8 is trying to "innovate," according to the Microsoft meaning of the word. This means stealing a lot of things that have typically been handled by other frameworks and languages, then incorporating them into the language or runtime (aka standardization). Ahead of the next release, the Java community is talking about Project Lambda, streams, functional interfaces, and all sorts of other goodies. So let's dive into what's great — and what we can hate.'"
Programming

Ask Slashdot: Scientific Research Positions For Programmers? 237

An anonymous reader writes "I recently (within the past couple years) graduated from college with a bachelor's degree in Computer Science and currently work as a programmer for a large software consulting firm. However, I've become gradually disillusioned with the financial-obsession of the business world and would like to work for the overall betterment of humanity instead. With that in mind, I'm looking to shift my career more toward the scientific research side of things. My interest in computer science always stemmed more from a desire to use it toward a fascinating end — such as modeling or analyzing scientific data — than from a love of business or programming itself. My background is mostly Java, with some experience in C++ and a little C. I have worked extensively with software analyzing big data for clients. My sole research experience comes from developing data analysis software for a geologic research project for a group of grad students; I was a volunteer but have co-authorship on their paper, which is pending publication. Is it realistic to be looking for a position as a programmer at a research institution with my current skills and experiences? Do such jobs even exist for non-graduate students? I'm willing to go to grad school (probably for geology) if necessary. Grad school aside, what specific technologies should I learn in order to gain an edge? Although if I went back to school I'd focus on geology, I'm otherwise open to working as a programmer for any researchers in the natural sciences who will take me."
Media

HBO Asks Google To Take Down "Infringing" VLC Media Player 364

another random user writes with an excerpt from TorrentFreak: "It's no secret that copyright holders are trying to take down as much pirated content as they can, but their targeting of open source software is something new. In an attempt to remove pirated copies of Game of Thrones from the Internet, HBO sent a DMCA takedown to Google, listing a copy of the popular media player VLC as a copyright infringement. An honest mistake, perhaps, but a worrying one. ... Usually these notices ask Google to get rid of links to pirate sites, but for some reason the cable network also wants Google to remove a link to the highly popular open source video player VLC. ... The same DMCA notice also lists various other links that don't appear to link to HBO content, including a lot of porn related material, Ben Harper's album Give Till It's Gone, Naruto, free Java applets and Prince of Persia 5."
Cellphones

Former Sun Mobile JIT Engineers Take On Mobile JavaScript/HTML Performance 106

First time accepted submitter digiti writes "In response to Drew Crawford's article about JavaScript performance, Shai Almog wrote a piece providing a different interpretation for the performance costs (summary: it's the DOM not the script). He then gives several examples of where mobile Java performs really well on memory constrained devices. Where do you stand in the debate?"
Java

Interviews: Ask James Gosling About Java and Ocean Exploring Robots 87

James Gosling is probably best known for creating the Java programming language while working at Sun Microsystems. Currently, he is the chief software architect at Liquid Robotics. Among other projects, Liquid Robotics makes the Wave Glider, an autonomous, environmentally powered marine robot. James has agreed to take a little time from the oceangoing robots and answer any questions you have. As usual, ask as many as you'd like, but please, one question per post.
Programming

Ask Slashdot: Node.js vs. JEE/C/C++/.NET In the Enterprise? 304

theshowmecanuck writes "I'm working at a small- to medium-sized company that creates software for mobile devices, but came from a 'large enterprise' world before. I see node.js being used increasingly in smaller companies (including ours) or in web/mobile related software. Meanwhile we see languages like Java/JEE, C/C++, and .NET continue to be used for medium-to-large enterprise corporate software. Compared to the status quo in the enterprise (JEE/C/C++/.NET ... and yes, maybe even COBOL) maybe Slashdotters can chime in on how they see Node.js in this role. I'm thinking of things like complexity of business logic (dependencies, workflows, linear processes, etc), transaction support (for processes in general and database support), messaging services, etc. Also, what is the state of Node.js in terms of paradigms like application containers, where much of the 'plumbing' is already set up for you (one of the main benefits of JEE application containers)? But there is also the question of maintainability, deployment, and ongoing operations. What say you, Slashdot?"
Programming

Who Will Teach U.S. Kids To Code? Rupert Murdoch 138

theodp writes "For all of their handwaving at Code.org about U.S. kids not being taught Computer Science, tech execs from Microsoft, Google, and Facebook seem more focused lately on Plan B of their 'two-pronged' National Talent Strategy. So, who's going to teach your children CompSci? Enter friend-of-the-Gates-Foundation Rupert Murdoch. Murdoch's Amplify Education is launching an AP Computer Science MOOC this fall (Java will be covered), taught by an experienced AP CS high school teacher (video). An added option, called MOOC Local, will provide additional resources to schools with students in the CS MOOC. MOOC Local will eventually cost $200 per student, but is free for the first year."
Education

How Facial Analysis Software Could Help Struggling Students 90

moon_unit2 writes "Tech Review has a story on research showing that facial recognition software can accurately spot signs that programming students are struggling. NC State researchers tracked students learning java and used an open source facial-expression recognition engine to identify emotions such as frustration or confusion. The technique could be especially useful for Massive Open Online Courses — where many thousands of students are working remotely — but it could also help teachers identify students who need help in an ordinary classroom, experts say. That is, as long as those students don't object to being watched constantly by a camera."
Java

Java 6 EOL'd By Oracle 115

Tmack writes "Not completely unexpected, Java6 has reached EOL. This tidbit shows up in Oracle's Java6 FAQ page, recommending everyone update to Java7: 'Oracle no longer posts updates of Java SE 6 to its public download sites. All Java 6 releases up to and including 6u45 have been moved to the Java Archive on the Oracle Technology Network, where they will remain available but not receive further updates. Oracle recommends that users migrate to Java 7 in order to continue receiving public updates and security enhancements.' Apple just pushed its update 16 which is Java6u51, likely to be one of their last Java6 updates."
Programming

Java API and Microsoft's .NET API: a Comparison 319

Nerval's Lobster writes "Previously, developer Jeff Cogswell focused on the respective performances of C# and Java. Now he's looking at yet another aspect of the languages: the runtime libraries—what exactly the libraries are, how they are called, and what features the languages provide for calling into them. Examining the official Java API (now owned by Oracle) and the official .NET API owned by Microsoft, he finds both pretty complete and pretty much a 'tie' with regard to ease-of-use and functionality, especially since Java version 7 release 6 allows for automatic resource management. Read on and see if you agree."
Security

Spikes Detected In Autorun Malware 140

msm1267 writes "Researchers recently have seen a major increase in the volume of autorun malware in some countries, thanks to a couple of new worms infecting those older machines. The two new worms, Worm.JS.AutoRun and Worm.Java.AutoRun, both take advantage of the autorun functionality to spread, and the JavaScript worm has other methods of propagation, as well. Researchers at Kaspersky Lab say that the volume of autorun worms has remained relatively constant over the last few months, but there was a major spike in those numbers in April and May, thanks to the distribution of the two new pieces of malware."
Java

Oracle Reinstates Free Time Zone Updates For Java 7 61

twofishy writes "The internet has been buzzing this week with the news that Oracle has ceased to provide free time zone updates outside of the standard JDK release cycle. However, at the end of yesterday the firm appeared to have a change of heart. 'We never intended for a support contract to be required to keep JDK 7 up to date. TZUpdater was made unavailable on March 8 as part of the End of Public Updates for JDK 6, and as soon as we learned that this affected JDK 7 users we initiated the process of making it available for JDK 7 again.'"
Oracle

Oracle Discontinues Free Java Time Zone Updates 405

New submitter Noel Trout writes "For a long time in the Java world, there has been a free tool called the 'tzupdater' or Time Zone Updater released as a free download first by Sun and then Oracle. This tool can be used to apply a patch to the Java runtime so that time zone information is correct. This is necessary since some time zones in the world are not static and change more frequently than one might think; in general time zone updates can be released maybe 4-6 times a year. The source information backing the Java timezone API comes from the open source Olson timezone database that is also used by many operating systems. For certain types of applications, you can understand that these updates are mission critical. For example, my company operates in the private aviation sector so we need to be able to display the correct local time at airports around the world. So, the interesting part is that Oracle has now decided to only release these updates if you have a Java SE support contract. Being Oracle, such licenses are far from cheap. In my opinion, this is a pretty serious change in stance for Oracle and amounts to killing free Java for certain types of applications, at least if you care about accuracy. We are talking about the core API class java.util.TimeZone. This begs the question, can you call an API free if you have to pay for it to return accurate information? What is the point of such an API? Should the community not expect that core Java classes are fully functional and accurate? I believe it is also a pretty bad move for Java adoption for these types of applications. If my company as a startup 10 years ago would have been presented with such a license fee, we almost certainly could not have chosen Java as our platform as we could not afford it."
The Courts

Opposition Mounts To Oracle's Attempt To Copyright Java APIs 187

An anonymous reader writes with a bit from Groklaw: "The remarkable outpouring of support for Google in the Oracle v. Google appeal continues, with a group of well-known innovators, start-ups, and those who fund them — innovators like Ray Ozzie, Tim O'Reilly, Mitch Kapor, Dan Bricklin, and Esther Dyson — standing with [Thursday's] group of leading computer scientists in telling the court that Oracle's attempt to copyright its Java APIs would be damaging to innovation." As usual, Groklaw gives a cogent, readable introduction to the issue.
Education

Ask Slashdot: How Can I Make a Computer Science Club Interesting? 265

plutoclacks writes "I will run a computer science club at my high school next semester with two other friends. The club was newly introduced this school year, and initially saw a massive success (40+ members showed up at the first meeting). Unfortunately, participation has decreased a lot since then, down to four active members. I feel that the main reason for this decline was the inability to maintain the students' interest at the beginning of the year, as well as general disorganization, which we hope to change next semester. The leaders of the club all have fairly strong Java backgrounds, in addition to enthusiasm about computer science and programming. We have a computer lab with ~30 computers, which, though old, are still functional and available for use. What are some ways we can make the club have an impacting interest to newcomers?"
Software

Java Developer Says He Built, Launched Basic Open Source Office Suite In 30 Days 266

alphadogg writes "A freelance Java developer claims it took him only 30 days to build and launch a basic open source office suite that runs on multiple OSes. Called Joeffice, it works on Windows, Mac OS X and Linux as well as in browsers, according to the developer, Anthony Goubard. It includes a very basic word processor, spreadsheet program, presentation program and database software, Goubard said. The office suite was built with NetBeans and uses many popular open source Java libraries. That allowed him to built the program in 30 days, he said, a process that he documented daily on YouTube (video). The suite was released as an alpha version, which means that not everything works yet. Goubard's Amsterdam company, Japplis, launched the suite, which is available under an Apache 2.0 license. This license allows companies to change and redistribute the code internally without having to share the new code publicly, he said."
Open Source

Why the 'Star Trek Computer' Will Be Open Source and Apache Licensed 129

psykocrime writes "The crazy kids at Fogbeam Labs have a new blog post positing that there is a trend towards advanced projects in NLP, Information Retrieval, Big Data and the Semantic Web moving to the Apache Software Foundation. Considering that Apache UIMA is a key component of IBM Watson, is it wrong to believe that the organization behind Hadoop, OpenNLP, Jena, Stanbol, Mahout and Lucene will ultimately be the home of a real 'Star Trek Computer'? Quoting: 'When we talk about how the Star Trek computer had “access to all the data in the known Universe”, what we really mean is that it had access to something like the Semantic Web and the Linked Data cloud. Jena provides a programmatic environment for RDF, RDFS and OWL, SPARQL and includes a rule-based inference engine. ... In addition to supporting the natural language interface with the system, OpenNLP is a powerful library for extracting meaning (semantics) from unstructured data - specifically textual data in an unstructured (or semi structured) format. An example of unstructured data would be the blog post, an article in the New York Times, or a Wikipedia article. OpenNLP combined with Jena and other technologies, allows “The computer” to “read” the Web, extracting meaningful data and saving valid assertions for later use.'" Speaking of the Star Trek computer, I'm continually disappointed that neither Siri nor Google Now can talk to me in Majel Barrett's voice.
Programming

Dart Is Not the Language You Think It Is 312

An anonymous reader writes "Seth Ladd has an excellent write-up of Dart: 'When Dart was originally launched, many developers mistook it for some sort of Java clone. In truth, Dart is inspired by a range of languages such as Smalltalk, Strongtalk, Erlang, C#, and JavaScript. Get past the semicolons and curly braces, and you'll see a terse language without ceremony. ... Dart understands that sometimes you just don’t feel like appeasing a ceremonial type checker. Dart’s inclusion of an optional type system means you can use type annotations when you want, or use dynamic when that’s easier. For example, you can explore a new idea without having to first think about type hierarchies. Just experiment and use var for your types. Once the idea is tested and you’re comfortable with the design, you can add type annotations."

Slashdot Top Deals