60141149
story
Nemo the Magnificent writes:
" Everybody knows software development is a young man's game, right? Here's a guy who hires and manages programmers, and he says it's not about age at all — it's about skills, period. 'It's each individual's responsibility to stay fresh in the field and maintain a modern-day skillset that gives any 28-year-old a run for his or her money. ... Although the ability to learn those skills is usually unlimited, the available time to learn often is not. "Little" things like family dinners, Little League, and home improvement projects often get in the way. As a result, we do find that we face a shortage of older, more seasoned developers. And it's not because we don't want older candidates. It's often because the older candidates haven't successfully modernized their developer skills.' A company that actively works to offer all employees the chance to learn and to engage with modern technologies is a company that good people are going to work for, and to stay at."
60129983
story
davecb (6526) writes
"At Guido von Rossum's urging, Mike Bland has a look at detecting and fixing the "goto fail" bug at ACM Queue. He finds the same underlying problem in both in the Apple and Heartbleed bugs, and explains how to not suffer it again."
An excerpt:
"WHY DIDN'T A TEST CATCH IT?
Several articles have attempted to explain why the Apple SSL vulnerability made it past whatever tests, tools, and processes Apple may have had in place, but these explanations are not sound, especially given the above demonstration to the contrary in working code. The ultimate responsibility for the failure to detect this vulnerability prior to release lies not with any individual programmer but with the culture in which the code was produced. Let's review a sample of the most prominent explanations and specify why they fall short.
Adam Langley's oft-quoted blog post13 discusses the exact technical ramifications of the bug but pulls back on asserting that automated testing would have caught it: "A test case could have caught this, but it's difficult because it's so deep into the handshake. One needs to write a completely separate TLS stack, with lots of options for sending invalid handshakes.""
60103057
story
angry tapir (1463043) writes
"Embracing the widely used JSON data-exchange format, the new version of the PostgreSQL open-source database takes aim at the growing NoSQL market of nonrelational data stores, notably the popular MongoDB. The first beta version of PostgreSQL 9.4, released Thursday, includes a number of new features that address the rapidly growing market for Web applications, many of which require fast storage and retrieval of large amounts of user data."
