'GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks,' says the GreenSQL.net website, which also says, 'GreenSQL works as a proxy and has built-in support for MySQL and PostgreSQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc).' The company also maintains a commercial version as a separate entity. GreenSQL CTO/CoFounder David Maman gives more details about both the company and open source GreenSQL in this video interview.

00_NOP writes "Everybody (or almost everybody) in England agrees that computing teaching to kids in high school is broken. In response the government promised a radical overhaul and a new curriculum. But then last week it was discovered the government had scrapped the bit of the education department that would develop any such curriculum. Not to be deterred, John Naughton, the Cambridge University academic who wrote the Short History of the Future, has now published his own 'radical' manifesto on how computing should be taught."

First time accepted submitter writes "Following years under controversial leadership which, among other things, led to a fork (which was in turn adopted by some of the major distributions) the glibc development process has been reinvented to follow a slightly more informal, community-based model. Here's hoping glibc benefits from a welcome dose of pragmatism."

An anonymous reader writes "Next week at the sixth Linux Foundation Collaboration Summit, two Qualcomm Atheros engineers will be making a stand for killing all proprietary drivers for good — across all operating systems. The Qualcomm slides go over their early plans. Do they stand a chance?"

waderoush writes "If you visit Menlo Park, CA-based Willow Garage, you'll meet a $400,000 humanoid robot called PR2 that has stereo vision, a pair of dextrous arms, and enough smarts to roam the building indepedently and even plug itself into the wall when it needs to recharge. But in a sense, PR2 is just a demo. The real action at Willow Garage is around ROS, the Robot Operating System, a free meta-operating system that's already being used by hundreds of roboticists around the world and may soon be handed over to an independent foundation analogous to the Apache Software Foundation. Brian Gerkey, Willow Garage's head of open source development, says 'What we need is a LAMP stack for robotics,' and hopes that ROS will jumpstart innovation in robotics in the same way Linux and other free software components provided the foundation for the Internet boom. Today's roboticists 'have to come at the problem with a very deep expertise in all aspects of robotics, from state estimation to planning to perception, which automatically limits the number of people capable of building new things,' Gerkey says. 'But by providing a basic toolset analogous to the LAMP stack, we can get to a point where all you need to know is how to write code and what you want your robot to do.'"

New submitter smwny writes "Google's system programming language, Go, has just reached the 1.0 milestone. From the announcement: 'Go 1 is the first release of Go that is available in supported binary distributions. They are available for Linux, FreeBSD, Mac OS X and, we are thrilled to announce, Windows. ... Go 1 introduces changes to the language (such as new types for Unicode characters and errors) and the standard library (such as the new time package and renamings in the strconv package). Also, the package hierarchy has been rearranged to group related items together, such as moving the networking facilities, for instance the rpc package, into subdirectories of net. A complete list of changes is documented in the Go 1 release notes. That document is an essential reference for programmers migrating code from earlier versions of Go. ... A similar process of revision and stabilization has been applied to the App Engine libraries, providing a base for developers to build programs for App Engine that will run for years.'"

Hugh Pickens writes "The NY Times reports that the market for night classes and online instruction in programming and Web construction is booming, as those jumping on board say they are preparing for a future in which the Internet is the foundation for entertainment, education and nearly everything else. Knowing how the digital pieces fit together will be crucial to ensuring that they are not left in the dark ages. 'Inasmuch as you need to know how to read English, you need to have some understanding of the code that builds the Web,' says Sarah Henry, 39, an investment manager who took several classes, including some in HTML, the basic language of the Web, and WordPress, a blogging service. 'I'm not going to sit here and say that I can crank out a site today, but I can look at basic code and understand it. I understand how these languages function within the Internet.' The blooming interest in programming is part of a national trend of more people moving toward technical fields. 'To be successful in the modern world, regardless of your occupation, requires a fluency in computers,' says Peter Harsha. 'It is more than knowing how to use Word or Excel but how to use a computer to solve problems.' However seasoned programmers say learning how to adjust the layout of a Web page is one thing, but picking up the skills required to develop a sophisticated online service or mobile application is an entirely different challenge that cannot be acquired by casual use for a few hours at night and on the weekends."

mikejuk writes "Microsoft has announced that they are being even more open with their new approach to ASP.NET MVC. It is making ASP.NET MVC, Web API, and Razor open source under an Apache 2 license. The code is hosted on CodePlex using the new Git support ... You can compile and test out the latest version, but if you do have anything to contribute you have to submit it for Microsoft's approval." To get code upstream Microsoft has to approve (pretty typical), but the git branch is supposedly tracking the latest internal release candidate branch (a bit better than Google does with Android, even). Things seem to have changed quite a bit since the days of Shared Source (tm).

Reader Fluffeh snips from and links to Ars Technica with the latest chapter in the ongoing Google vs. Oracle fight involving patents, Java, and Android, writing that executives at both companies were "'ordered to hold one last round of settlement talks no later than April 9th, with the trial over Google's alleged use of Java technology in Android set to begin April 16,' though '[t]he last-ditch effort to avoid a trial seems unlikely to succeed. ... Oracle initially accused Google of violating seven patents, but has since dropped most of them. This is due to the U.S. Patent and Trademark Office ruling the patents described technology that was not patentable. Two patents assigned to the Oracle-owned Sun Microsystems remain: #6,061,520 which covers "an improvement over conventional systems for initializing static arrays by reducing the amount of code executed by the virtual machine to statically initialize an array," and #RE38,104 which covers a type of compiler and interpreter."

Have you upgraded your hardware to play something beefier than 140-byte Tetris? New submitter alokmenghrajani writes with "a detailed view of how we size-optimized a game of Tron to just 226 bytes." It's also optimized for Chrome, and very fast.

New submitter lulalala writes "Writing documents using markup languages isn't always easy. Take Wikipedia, for example: one often needs time to relocate the current focus when they switch between previewing and editing mode. Now with Gliimpse, one can watch the markup code gradually turn into the rendered result. The demonstration on Youtube simply looks amazing, and shows that the software supports many markup languages, including LaTex Mathematics."

itwbennett writes "The recent Slashdot discussion on the open source community's attitude on profits neglected an important point: 'no profits' doesn't mean 'no money.' There are plenty of open source not-for-profit organizations that take in millions of dollars in order to pursue their public-minded missions, and some pay their employees handsomely. Brian Proffitt combed through the latest publicly available financial information on 18 top FLOSS organizations to bring you the cold, hard numbers."

hypnosec writes with the arguably welcome news that "[The U.S.] Congress is gathering further information on iOS developers and how they deal with and implement privacy policies. The Next Web got hold of a letter from Congress which had been sent out to Tapbots, along with some 32 other iOS developers, including both Twitter and Facebook, and the devs of Path, SoundCloud, Foodspotting and Turntable.fm. The apps were picked because they come under the social networking umbrella in the 'essentials' area of the App Store. The letter begins: 'We are writing to you because we want to better understand the information collection and use policies and practices of apps for Apple's mobile devices with a social element.' What follows is a series of eight questions designed to gather more details regarding the popularity of the app in question, and the privacy policy to which it holds (and how it's made known to users)."

MikeatWired writes "Jon Udell writes that when it was recently discovered that some iPhone apps were uploading users' contacts to the cloud, one proposed remedy was to modify iOS to require explicit user approval. But in one typical scenario that's not a choice a user should have to make. A social service that uses contacts to find which of a new user's friends are already members doesn't need cleartext email addresses. If I upload hashes of my contacts, and you upload hashes of yours, the service can match hashes without knowing the email addresses from which they're derived. In the post Hashing for privacy in social apps, Matt Gemmell shows how it can be done." (Read more, below.)

eldavojohn writes "With the release of GCC 4.7.0, the venerable and stalwart constant that is the GNU Compiler Collection turns twenty five. More ISO standards and architectures supported with this release and surely more memories to come from the compiler that seems to have always been."

snydeq writes "A hard-to-detect piece of malware that doesn't create any files on the affected systems was dropped onto the computers of visitors to popular news sites in Russia in a drive-by download attack, according to Kaspersky Lab. 'What's interesting about this particular attack is the type of malware that was installed in cases of successful exploitation: one that only lives in the computer's memory. ... It's ideal to stop the infection in its early stages, because once this type of "fileless" malware gets loaded into memory and attaches itself to a trusted process, it's much harder to detect by antivirus programs.'"

wiredmikey writes "Earlier this month, researchers from Kaspersky Lab reached out to the security and programming community in an effort to help solve a mystery related to 'Duqu,' the Trojan often referred to as 'Son of Stuxnet,' which surfaced in October 2010. The mystery rested in a section of code written an unknown programming language and used in the Duqu Framework, a portion of the Payload DLL used by the Trojan to interact with Command & Control (C&C) servers after the malware infected system. Less than two weeks later, Kaspersky Lab experts now say with a high degree of certainty that the Duqu framework was written using a custom object-oriented extension to C, generally called 'OO C' and compiled with Microsoft Visual Studio Compiler 2008 (MSVC 2008) with special options for optimizing code size and inline expansion."

jm223 writes "I'm currently a student at a major university, where I do IT work for a fairly large student group. Most of my job involves programming, and so far everyone has been happy with my work. Since we're students, though, no one really has the experience to offer major advice or critiques, and I'm curious about how my coding measures up — and, of course, how I can make it better. CS professors can offer feedback about class projects, but my schoolwork often bears little resemblance to my other work. So, when you're programming without an experienced manager above you, how do you go about improving?"

mikejuk writes "Atari is offering up to $100,000 in a contest for a new version of Pong, the classic game that launched video games 40 years ago, for the iPhone/iPad/iPod Touch. The judges for the contest include Nolan Bushnell, founder of Atari, who came up with the original idea for Pong. So, what does a 21st century Pong look like? How does it play? And what role does touch have in this, the simplest of games?"

snydeq writes "Python creator Guido van Rossum discusses the prospects and criticisms of Python, noting that critics of Python performance should supplement with C/C++ rather than re-engineering Python apps into a faster language. 'At some point, you end up with one little piece of your system, as a whole, where you end up spending all your time. If you write that just as a sort of simple-minded Python loop, at some point you will see that that is the bottleneck in your system. It is usually much more effective to take that one piece and replace that one function or module with a little bit of code you wrote in C or C++ rather than rewriting your entire system in a faster language, because for most of what you're doing, the speed of the language is irrelevant.'"