An anonymous reader writes "I am part of engineering team that maintains a very important component in our company. Our code quality and general engineering quality focus has been very weak: we have frequent buggy releases, our latencies are shooting up, our test coverage is nearly non-existent, and it is impossible for a newcomer in our team to get up to speed and be productive in less than a month due to unnecessary complexity. A group of 2-3 of us want to change that, and we know what needs to change technically — the better code review and release processes, better build tools, etc. But despite that, the quality of our code and design continues to suffer, and poor code continues to get released in the name of keeping the scheduled release date (product guys don't like to wait). We feel that if the right thing is done every time, we would can eliminate our issues and still release at the same pace. How do we effect the social change necessary to convince them of what is better and encourage them to take the effort to do it?"

CowboyRobot writes "In 25 years, an odd thing will happen to some of the no doubt very large number of computing devices in our world: an old, well-known and well-understood bug will cause their calculation of time to fail. The problem springs from the use of a 32-bit signed integer to store a time value, as a number of seconds since 00:00:00 UTC on Thursday, 1 January 1970, a practice begun in early UNIX systems with the standard C library data structure time_t. On January 19, 2038, at 03:14:08 UTC that integer will overflow. It's not difficult to come up with cases where the problem could be real today. Imagine a mortgage amortization program projecting payments out into the future for a 30-year mortgage. Or imagine those phony programs politicians use to project government expenditures, or demographic software, and so on. It's too early for panic, but those of us in the early parts of their careers will be the ones who have to deal with the problem."

An anonymous reader writes "Red Hat developers are planning to replace MySQL with MariaDB in Fedora 19. For the next Fedora update, the MariaDB fork would replace MySQL and the official MySQL package would be discontinued after some time. The reasoning for this move is the uncertainty about Oracle's support of MySQL as an open-source project and moves to make the database more closed." Update: 01/22 13:47 GMT by T : Note: "Nixing" may be a bit strong; this move has been proposed, but is not yet officially decided.

mikejuk writes "JavaScript is the language of the client and it is becoming the language of the server. Now it seems set to be the language of Minecraft. ScriptCraft is a Minecraft mod that can be added to the game to allow the player to use JavaScript commands. Walter Higgins ported the Rhino JVM implementation of JavaScript in a few spare weeks over Xmas. Some additional JavaScript classes allow the construction of blocks making it possible to automate construction. It also provides a 'turtle like' drone class that makes it easier to move in 3D. It makes use of a fluent API to create a domain specific language for movement. As its creator says: 'Ultimately I think the ScriptCraft mod could be used to take building in Minecraft to a whole new level. With a full-blown language at the Player's disposal, it should be possible to create not just castles and forts but entire road networks and cities.' Most importantly of all, it not only pushes the boundary of Minecraft, it also provides a way to get kids who are already hooked on Minecraft to start learning JavaScript."

New submitter dasacc22 writes "Campbell is inviting developers to hack the kitchen with their recipe API. But wait — the API is private, so first you need to submit an idea. If they like the idea, you'll be given access to develop the app. If they like the app, they may give you some money. Otherwise, you can expect to have an app that connects to an API you no longer have access to. The author of this article covers his recent experiences after engaging with Campbell's Adam Kmiec to try and answer the following: '... my question to software developers out there who are thinking of devoting any real effort to a corporate hackathon like this is: "Why?"'"

msm1267 writes "Oracle's long security nightmare with Java just gets worse. A post to Full Disclosure this morning from a security researcher indicated that two new sandbox bypass vulnerabilities have been discovered and reported to Oracle, along with working exploit code. Oracle released Java 7u11 last Sunday and said it fixed a pair of vulnerabilities being exploited by all the major exploit kits. Turns out one of those two bugs wasn't completely patched. Today's bugs are apparently not related to the previous security issues."

Qedward writes with this except from Computerworld UK: "Germany should change a law to enable public administrations to make their software available as free and open source, a German parliamentary committee has advised. German public administrations currently are not allowed to give away goods, including software, said Jimmy Schulz, a member of Parliament and chairman of the Interoperability, Standards and Free Software Project Group. The current law prohibits governments from being part of the development process in the free software community, he said. 'This is a clear disadvantage because it cuts off all benefits obtained from free software, such as being cost-efficient and state-of-the-art,' he said. Besides a recommendation that the government should explore whether the law can be changed for software, the group also called for the use of open standards in order to make sure that everybody can have access to important information, Schulz said. 'We also called for public administrations in general to make sure that new software is created as platform independent as possible,' he added. While the project group is not in favour of giving priority to one type of software over another, it said in its recommendation to the Parliament earlier this week that free and open source software could be a viable alternative to proprietary software." I think a fair rule is that, barring extraordinary and demonstrated need, all tax dollars for software should go only for the development of software for which source is available gratis to all taxpayers, and that secret-source software makers are free to change to fit this requirement any time they'd like to have their software considered for a bid.

hypnosec writes "Online version control system GitHub, which is based on Git — the distributed version control system developed by Linus Torvalds — now has over three million registered users, it has been revealed. Announcing the achievement, the code sharing site used by the likes of jQuery, Perl, PHP, Ruby as well as Joomla said in a blog post that the 'three millionth person signed up for a GitHub account' on Monday night."

Nerval's Lobster writes "Software developer Jeff Cogswell writes: 'Let's compare Java and C#, two programming languages with large numbers of ardent fans and equally virulent detractors. I'm not interested in yet another test that grindingly calculates a million digits' worth of Pi. I want to know about real-world performance: How does each language measure up when asked to dish out millions of Web pages a day? How do they compare when having to grab data from a database to construct those pages dynamically? The results were quite interesting.' Having worked as a professional C# programmer for many years, Cogswell found some long-held assumptions challenged."

tsamsoniw writes "Mere days after Oracle rolled out a fix for the latest Java zero-day vulnerabilities, an admin for an Underweb hacker forum put code for a purportedly new Java exploit up for sale for $5,000. Though unconfirmed, it's certainly plausible that the latest Java patch didn't do the job, based on an analysis by the OpenJDK community. Maybe it's high time for Oracle to fix Java to better protect both its enterprise customers and the millions of home users it picked up when it acquired Sun."

New submitter kju writes "The security blog of Verizon has the story of an investigation into unauthorized VPN access from China which led to unexpected findings. Investigators found invoices from a Chinese contractor who had actually done the work of the employee, who spent the day watching cat videos and visiting eBay and Facebook. The man had Fedexed his RSA token to the contractor and paid only about 1/5th of his income for the contracting service. Because he provided clean code on time, he was noted in his performance reviews to be the best programmer in the building. According to the article, the man had similar scams running with other companies."

chicksdaddy writes "The University of Michigan will be among the first to offer graduate students the opportunity to study the security of advanced medical devices. The course, EECS 598-008 'Medical Device Security' will teach graduate students in UMich's Electrical Engineering and Computer Science program 'the engineering concepts and skills for creating more trustworthy software-based medical devices ranging from pacemakers to radiation planning software to mobile medical apps.' The new course comes amid rapid change in the market for sophisticated medical devices like insulin pumps, respirators and monitoring stations, which increasingly run on versions of the same operating systems that power desktops and servers. In 2011, the U.S. Food and Drug Administration reported that software failures were the root cause of a quarter of all medical device recalls (PDF)."

CWmike writes "It's starting to look like the BlackBerry store will be well stocked with apps when Research In Motion launches BlackBerry 10 (see YouTube preview) at the end of this month. The company held an event over the weekend where it offered app developers incentives to port their programs to the BlackBerry 10 platform and managed to attract 15,000 app submissions. 'Well there you have it. 37.5 hours in, we hit 15,000 apps for this portathon. Feel like I've run a marathon. Thanks to all the devs!' wrote Alec Saunders, vice president of developer relations at RIM, in a Twitter message. The 'port-a-thon' event was held in two parts: One aimed at Android developers and the other at apps written in other platforms, including Appcelerator, Maramalade, Sencha, jQuery, PhoneGap and Qt. RIM was offering $100 for each app ported and subsequently approved for sale in the BlackBerry 10 app store, up to certain limits. Developers could also win BlackBerry 10 development handsets and a trip to RIM's BlackBerry Jam Europe developer event." It's hard to believe that many current iOS or Android users are leaping toward Blackberry, though. If you're in one of those camps, is that so crazy?

jones_supa writes "Shawn McGrath, the creator of the PS3 psychedelic puzzle-racing game Dyad, takes another look at Doom 3 source code. Instead of the technical reviews of Fabien Sanglard, Shawn zooms in with emphasis purely on coding style. He gives his insights in lexical analysis, const and rigid parameters, amount of comments, spacing, templates and method names. There is also some thoughts about coming to C++ with C background and without it. Even John Carmack himself popped in to give a comment."

An anonymous reader writes "After the Department of Homeland Security's US-CERT warned users to disable Java to stop hackers from taking control of users' machines, Oracle issued an emergency patch on Sunday. However, HD Moore, chief security officer of Rapid7, said it could take two years for Oracle to fix all the security flaws in the version of Java used to surf the web; that timeframe doesn't count any additional Java exploits discovered in the future. 'The safest thing to do at this point is just assume that Java is always going to be vulnerable,' Moore said."

An anonymous reader writes "After announcing a fix was coming just yesterday, Oracle on Sunday released Java 7 Update 11 to address the recently disclosed security vulnerability. If you use Java, you can download the latest update now from the Java Control Panel or directly from Oracle's website here: Java SE 7u11. In the release notes for this update, Oracle notes this version "contains fixes for security vulnerabilities." A closer look at Oracle Security Alert for CVE-2013-0422 details that Update 11 fixes two vulnerabilities."

An anonymous reader writes "Game designer Tadhg Kelly writes at TechCrunch about a trend many gamers have noticed over the past decade: designers increasingly relying on statistics — and only statistics — to inform their design decisions. You know the type; the ones who'll change the background color if they think it'll eke out a few more players, or the ones who'll scrap interesting game mechanics in favor of making the game more easily understandable to a broader market. Naturally, this leads to homogenization and boring games. Kelly says, 'Obsessed with measuring everything and therefore defining all of their problems in numerical terms, social game makers have come to believe that those numbers are all there is, and this is why they cannot permit themselves to invent. Like TV people, they are effectively in search of that one number that will explain fun to them. There must, they reason, be some combination of LTV and ARPU and DAU and so on that captures fun, like hunting for the Higgs boson. It must be out there somewhere. ... Unlike every other major game revolution (arcade, console, PC, casual, MMO, etc.), social game developers have proved consistently unable to understand that fun is dynamic in this way. ... They are hunting for the fun boson, but it does not exist.'"

An anonymous reader writes "Derek Sivers, creator of online indie music store CD Baby, has a post about why he thinks basic programming is a useful skill for everybody. He quotes a line from a musician he took guitar lessons from as a kid: "You need to learn to sing. Because if you don't, you're always going to be at the mercy of some a****** singer." Sivers recommends translating that to other areas of life. He says, 'The most common thing I hear from aspiring entrepreneurs is, "I have this idea for an app or site. But I'm not technical, so I need to find someone who can make it for me." I point them to my advice about how to hire a programmer, but as most of the good ones are already booked solid, it's a pretty helpless position to be in. If you heard someone say, "I have this idea for a song. But I'm not musical, so I need to find someone who will write, perform, and record it for me." — you'd probably advise them to just take some time to sit down with a guitar or piano and learn enough to turn their ideas into reality. And so comes my advice: Yes, learn some programming basics. Just some HTML, CSS, and JavaScript should be enough to start. ... You don't need to become an expert, just know the basics, so you're not helpless.'"

snydeq writes "Simon Phipps sheds light on a fight for control over Vert.x, an open source project for scalable Web development that 'seems immunized to corporate control.' 'Vert.x is an asynchronous, event-driven open source framework running on the JVM. It supports the most popular Web programming languages, including Java, JavaScript, Groovy, Ruby, and Python. It's getting lots of attention, though not necessarily for the right reasons. A developer by the name of Tim Fox, who worked at VMware until recently, led the Vert.x project — before VMware's lawyers forced him to hand over the Vert.x domain, blog, and Google Group. Ironically, the publicity around this action has helped introduce a great technology with an important future to the world. The dustup also illustrates how corporate politics works in the age of open source: As corporate giants grasp for control, community foresight ensures the open development of innovative technology carries on.'"

An anonymous reader writes "After news broke on Thursday that a new Java 0-day vulnerability had been discovered, and was already being included in multiple popular exploit kits, two new important tidbits have come in on Friday. Firstly, this whole fiasco could have been avoided if Oracle had properly patched a previous vulnerability. Furthermore, not only is the vulnerability being exploited in the wild, but it is being used to push ransomware." Meanwhile, writes reader Beeftopia, the U.S. Department of Homeland Security is getting in on the action, and "has warned users to disable or uninstall Java software on their computers, amid continuing fears and an escalation in warnings from security experts that hundreds of millions of business and consumer users are vulnerable to a serious flaw."