Programming

Comparing the C++ Standard and Boost 333

Posted by Soulskill from the shaping-an-industry dept.
Nerval's Lobster writes "The one and only Jeff Cogswell is back with an article exploring an issue important to anyone who works with C++. It's been two years since the ISO C++ committee approved the final draft of the newest C++ standard; now that time has passed, he writes, 'we can go back and look at some issues that have affected the language (indeed, ever since the first international standard in 1998) and compare its final result and product to a popular C++ library called Boost.' A lot of development groups have adopted the use of Boost, and still others are considering whether to embrace it: that makes a discussion (and comparison) of its features worthwhile. 'The Standards Committee took some eight years to fight over what should be in the standard, and the compiler vendors had to wait for all that to get ironed out before they could publish an implementation of the Standard Library,' he writes. 'But meanwhile the actual C++ community was moving forward on its own, building better things such as Boost.'"
Image

Book Review: Hadoop Beginner's Guide Screenshot-sm 57

Posted by samzenpus from the read-all-about-it dept.
First time accepted submitter sagecreek writes "Hadoop is an open-source, Java-based framework for large-scale data processing. Typically, it runs on big clusters of computers working together to crunch large chunks of data. You also can run Hadoop in "single-cluster mode" on a Linux machine, Windows PC or Mac, to learn the technology or do testing and debugging. The Hadoop framework, however, is not quickly mastered. Apache's Hadoop wiki cautions: "If you do not know about classpaths, how to compile and debug Java code, step back from Hadoop and learn a bit more about Java before proceeding." But if you are reasonably comfortable with Java, the well-written Hadoop Beginner's Guide by Garry Turkington can help you start mastering this rising star in the Big Data constellation." Read below for the rest of Si's review.
Security

Chrome, Firefox, IE 10, Java, Win 8 All Hacked At Pwn2Own 183

Posted by timothy from the soooory-eh dept.
mask.of.sanity writes "Annual Canadian hack fest Pwn2Own is famous for leaving a trail of bloodied software bits and today it did not disappoint. Security researchers tore holes through all major web browsers, breaking Windows 8 and Java, too (though the latter feat is not remarkable). Thankfully for the rest of us, the cashed-up winners will disclose the holes quietly to Microsoft, Mozilla, Google and Oracle, and the proof of concept attack code will remain in the hands of organisers only."
Java

Oracle Rushes Emergency Java Update To Patch McRAT Vulnerabilities 165

Posted by Unknown Lamer from the brought-to-you-by-c-sharp dept.
msm1267 writes "Oracle has once again released an emergency Java update to patch zero-day vulnerabilities in the browser plug-in, the fifth time it has updated the platform this year. Today's update patches CVE-2013-1493 and CVE-2013-0809, the former was discovered last week being exploited in the wild for Java 6 update 41 through Java 7 update 15. The vulnerability allows for arbitrary memory execution in the Java virtual machine process; attackers exploiting the flaw were able to download the McRAT remote access Trojan."
Java

New Java 0-Day Vulnerability Being Exploited In the Wild 193

Posted by Soulskill from the once-more-unto-the-security-breach dept.
An anonymous reader writes "Here we go again. A new Java 0-day vulnerability is being exploited in the wild. If you use Java, you can either uninstall/disable the plugin to protect your computer or set your security settings to 'High' and attempt to avoid executing malicious applets. This latest flaw was first discovered by security firm FireEye, which says it has already been used 'to attack multiple customers.' The company has found that the flaw can be exploited successfully in browsers that have Java v1.6 Update 41 or Java v1.7 Update 15 installed, the latest versions of Oracle's plugin."
Software

Microsoft, BSA and Others Push For Appeal On Oracle v. Google Ruling 191

Posted by timothy from the poor-innocent-business-model dept.
sl4shd0rk writes "In 2012, Oracle took Google to court over the use of Java in Android. Judge William Alsup brought the ruling that the structure of APIs could not be copyrighted at all. Emerging from the proceedings, it was learned that Alsup himself had some programming background and wasn't bedazzled by Oracle's thin arguments on the range-checking function. The ruling came, programmers rejoiced and Oracle vowed Appeal. It seems that time is coming now, nearly a year later, as Microsoft, BSA, EMC, Netapp, et al. get behind Oracle to overturn Alsup's ruling citing 'destabilization' of the 'entire software industry.'"
Software

Why My Team Went With DynamoDB Over MongoDB 106

Posted by timothy from the mostly-for-the-web-scale-of-it dept.
Nerval's Lobster writes "Software developer Jeff Cogswell, who matched up Java and C# and peeked under the hood of Facebook's Graph Search, is back with a new tale: why his team decided to go with Amazon's DynamoDB over MongoDB when it came to building a highly customized content system, even though his team specialized in MongoDB. While DynamoDB did offer certain advantages, it also came with some significant headaches, including issues with embedded data structures and Amazon's sometimes-confusing billing structure. He offers a walkthrough of his team's tips and tricks, with some helpful advice on avoiding pitfalls for anyone interested in considering DynamoDB. 'Although I'm not thrilled about the additional work we had to do (at times it felt like going back two decades in technology by writing indexes ourselves),' he writes, 'we did end up with some nice reusable code to help us with the serialization and indexes and such, which will make future projects easier.'"
Java

Apple Hit By Hackers Who Targeted Facebook 148

Posted by Soulskill from the getting-hacked-is-now-the-trendy-thing-to-do dept.
snydeq writes "Apple was recently attacked by hackers who infected the Macintosh computers of some employees, the company said on Tuesday in an unprecedented disclosure that described the widest known cyber attacks against Apple-made computers to date, Reuters reports. 'The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp's Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday. ... A person briefed on the investigation into the attacks said that hundreds of companies, including defense contractors, had been infected with the same malicious software, or malware. The attacks mark the highest-profile cyber attacks to date on businesses running Mac computers.'"
Programming

Why Hasn't 3D Taken Off For the Web? 320

Posted by samzenpus from the adding-some-depth dept.
First time accepted submitter clockwise_music writes "With HTML5 we're closer to the point where a browser can do almost everything that a native app can do. The final frontier is 3D, but WebGL isn't even part of the HTML5 standard, Microsoft refuses to support it, Apple wants to push their native apps and it's not supported in the Android mobile browser. Flash used to be an option but Adobe have dropped mobile support. To reach most people you'd have to learn Javascript, WebGL and Three.js/Scene.js for Chrome/Firefox, then you'd have to learn Actionscript + Flash for the Microsofties, then learn Objective-C for the apple fanboys, then learn Java to write a native app for Android. When will 3D finally become available for all? Do you think it's inevitable or will it never see the light of day?"
Facebook

Facebook Employees' Laptops Compromised; User Data Believed Safe 75

Posted by timothy from the safely-exploited-by-facebook dept.
Trailrunner7 writes "Laptops belonging to several Facebook employees were compromised recently and infected with malware that the company said was installed through the use of a Java zero-day exploit that bypassed the software's sandbox. Facebook claims that no user data was affected by the attack and says that it has been working with law enforcement to investigate the attack, which also affected other unnamed companies. Facebook officials did not identify the specific kind of malware that the attackers installed on the compromised laptops, but said that the employee's machines were infected when they visited a mobile developer Web site that was hosting the Java exploit. When the employees visited the site, the exploit attacked a zero-day vulnerability in Java that was able to bypass the software's sandbox and enable the attackers to install malware. The company said it reported the vulnerability to Oracle, which then patched the Java bug on Feb. 1."
Java

Oracle Open Sourcing JavaFX, Including iOS and Android Ports 105

Posted by Unknown Lamer from the don't-tell-larry dept.
hypnosec writes "Oracle is going to open source JavaFX ports for Android and iOS soon as a part of its efforts to open source the framework. JavaFX, destined to replace Swing GUI library as the default method to develop graphical user interfaces, is a framework used to develop cross-platform rich Internet applications. The ports for iOS and Android are based on an 'unreleased version of JavaSE Embedded for iOS/Android.' Oracle's Richard Bair revealed that the 'first bits and pieces' for JavaFX for iOS should probably be out sometime next week. The rest of the release will be scheduled along with the release of Prism (the next-generation toolkit). Oracle is going to keep javafx-font proprietary, but Bair has said developers are already working toward an open source native replacement of the component through the OpenJFX list."
Internet Explorer

IE Patch To Fix 57 Vulnerabilities 91

Posted by timothy from the there's-a-sauce-for-that dept.
Billly Gates writes "Microsoft is advising users to stick with other browsers until Tuesday, when 57 patches for Internet Explorer 6, 7, 8, 9, and even 10 are scheduled. There is no word if this patch is to protect IE from the 50+ Java exploits that were patched last week or the new Adobe Flash vulnerabilities. Microsoft has more information here. In semi-related news, IE 10 is almost done for Windows 7 and has a IE10 blocker available for corporations. No word on whether IE 10 will be included as part of the 57 updates."
Firefox

Ask Slashdot: Do Most Programmers Understand the English Language? 330

Posted by Soulskill from the only-if-they've-called-the-right-libraries dept.
Shadoefax writes "I have been developing Firefox add-ons for several years and all so far submitted to AMO have been translated (localized) into several different languages. My latest add-on is geared more to the web developer as opposed to the average web browsing user. (It is a utility for examining JavaScript Objects and their methods and properties.) By my reckoning, I believe JavaScript, HTML, CSS and the DOM are all pretty much designed to be easily understood by English language readers. My question is this: Can I assume that most programmers understand the English language well enough that I may forego localizing the UI? While this will save time, effort and bloat, it may also restrict the usage of (what I hope) is a useful tool for developers."
Java

Apple Angers Mac Users With Silent Shutdown of Java 7 451

Posted by samzenpus from the a-thief-in-the-night dept.
An anonymous reader writes in with news of the continuing saga of Java patches and exploits. "If you're a Mac user who suddenly can't access websites or run applications that rely on Java, you're not alone. For the second time in a month, Apple has silently blocked the latest version of Java 7 from running on OS X 10.6 Snow Leopard or higher via its XProtect anti-malware tool. Apple hasn't issued any official statements advising users of the change or its reasons, but it's a safe bet that the company has deemed Oracle's most recent update to Java insecure. That's why the company stealthily disabled Java on Macs back on Jan. 10, the same day a Java vulnerability was being exploited in the wild."
Communications

Twitter #Hacked 111

Posted by timothy from the coz-it's-a-hashtag-see dept.
theodp writes "Earlier this week, hackers gained access to Twitter's internal systems and stole information, compromising 250,000 Twitter accounts before the breach was stopped. Reporting the incident on the company's official blog, Twitter's manager of network security did not specify the method by which hackers penetrated its system, but mentioned vulnerabilities related to Java in Safari and Firefox, and echoed Homeland Security's advisory that users disable Java in their browsers. Sure, blame everything on Larry Ellison. Looks like bad things do happen in threes — Twitter's report comes on the heels of disclosures of hacking attacks on the WSJ and NY Times."
Java

Oracle Responds To Java Security Critics With Massive 50 Flaw Patch Update 270

Posted by timothy from the no-more-jeans-all-patches dept.
darthcamaro writes "Oracle has been slammed a lot in recent months about its lackluster handling of Java security. Now Oracle is responding as strongly as it can with one of the largest Java security updates in history. 50 flaws in total with the vast majority carrying the highest-possible CVSS score of 10."
Firefox

Mozilla To Enable Click-To-Play For All Firefox Plugins By Default 181

Posted by timothy from the choose-your-own-adventure dept.
An anonymous reader writes "Mozilla on Tuesday announced a massive change to the way it loads third-party plugins in Firefox. The company plans to enable Click to Play for all versions of all plugins, except the latest release of Flash. This essentially means Firefox will soon only load third-party plugins when users click to interact with the plugin. Currently, Firefox automatically loads any plugin requested by a website, unless Mozilla has blocked it for security reasons (such as for old versions of Java, Silverlight, and Flash)."
Hardware Hacking

Ask Slashdot: Best Electronics Prototyping Platform? 228

Posted by Unknown Lamer from the arduino-attack-bot dept.
crankyspice writes "Having recently picked up the Erector set I've wanted since I was a kid, I quickly found myself wanting to plunge deeper into makerspace by adding more sophisticated electronics to moving devices (rovers, maybe eventually flying bots). My first instinct was Arduino (maybe because of brand recognition?), but that got me thinking — what's the 'best' platform out there (most flexible)? Arduino with its myriad options (Nano, Mega, Uno, Mini)? PICAXE? BASIC Stamp? Raspberry Pi? (The latter seems like it would easily be the most flexible, but at greater cost in terms of weight and complexity.) I'm a hobbyist programmer, having learned C and C++ in college and recently re-learning Java (took and passed the Oracle Certified Professional exam, FWIW)..."
Google

Thousands of Publicly Accessible Printers Searchable On Google 192

Posted by Soulskill from the message-in-a-bottle-on-the-digital-ocean dept.
Jeremiah Cornelius writes "Blogger Adam Howard at Port3000 has a post about Google's exposure of thousands of publicly accessible printers. 'A quick, well crafted Google search returns "About 86,800 results" for publicly accessible HP printers.' He continues, 'There's something interesting about being able to print to a random location around the world, with no idea of the consequence.' He also warns about these printers as a possible beachhead for deeper network intrusion and exploitation. With many of the HP printers in question containing a web listener and a highly vulnerable and unpatched JVM, I agree that this is not an exotic idea. In the meanwhile? I have an important memo for all Starbucks employees."
Java

Latest Java Update Broken; Two New Sandbox Bypass Flaws Found 223

Posted by Soulskill from the it-just-goes-on-and-on-my-friends dept.
msm1267 writes "Oracle's long security nightmare with Java just gets worse. A post to Full Disclosure this morning from a security researcher indicated that two new sandbox bypass vulnerabilities have been discovered and reported to Oracle, along with working exploit code. Oracle released Java 7u11 last Sunday and said it fixed a pair of vulnerabilities being exploited by all the major exploit kits. Turns out one of those two bugs wasn't completely patched. Today's bugs are apparently not related to the previous security issues."

Slashdot Top Deals