theodp writes "It seems like comments are on programmers' minds these days. The problem with comments, as Zachary Voase sees it, is that our editors display comments in such a way as to be ignored by the programmer. And over at Scripting News, Dave Winer shares some comments on comments, noting how outlining features allow programmers to see and hide comments as desired. 'The important thing is that with elision (expand/collapse),' explains Winer, 'comments don't take up visual space so there's no penalty for fully explaining the work. Without this ability there's an impossible tradeoff between comments and the clarity of comment-free code.' Winer also makes the case for providing links in his code to external 'worknotes.' So, what are your thoughts on useful commenting practices or features, either implemented or on your wishlist?"
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Check out the new SourceForge HTML5 Internet speed test! ×
hypnosec writes "Just yesterday Apple released updates to fix Java vulnerabilities, but it seems the patch doesn't actually target the recently discovered high-profile Java bug that has been the talk of the web during the last two weeks. The two updates – Java for OS X 2012-005 for OS X Lion and Java for Mac OS X 10.6 Update 10 for Mountain Lion, are meant to tackle the vulnerability described in CVE-2012-0547. But according to KerbsOnSecurity, it seems Cupertino hasn't addressed the recent mega-vulnerabilities in Java as described in CVE-2012-4681." Update: 09/07 12:00 GMT by S : As readers have pointed out, these updates address flaws in Java 6, which is the version Apple maintains. The recently-reported Java vulnerabilities primarily affect Java 7, the patching of which is handled solely by Oracle. Nothing to see here.
An anonymous reader writes "Learning to write code has become something of a trendy thing to do. New York City Mayor Michael Bloomberg has said he intends to learn code this year. Estonia has recently announced a scheme with the aim of getting every 6-year-old in the Baltic state to learn programming skills. The demand has spawned a number of start-ups offering coding lessons. General Assembly, which teaches off-line courses, has recently opened up in London and is recruiting ahead of a launch in Berlin. On-line education site Codecademy landed $10 million to expand from its home base in New York. Zach Simms, the 22-year-old co-founder, said in an earlier interview with The Wall Street Journal that not everyone has to learn to code, but everybody 'needs to learn the notions of algorithms, realizing what you can use code for.' But do they?"
eldavojohn writes "You may recall the news that Google would not be paying Oracle for Oracle's intellectual property claims against the search giant. Instead, Google requested $4.03 million for lawyer fees in the case. The judge denied some $2.9 million of those fees and instead settled on $1.13 million as an appropriate number for legal costs. Although this is relative peanuts to the two giants, Groklaw breaks the ruling down into more minute detail for anyone curious on what risks and repercussions are involved with patent trolling."
An anonymous reader writes "With the launch of the Raspberry Pi, computers are becoming affordable again for the younger generations. Now what we need is kids learning about computers in greater detail, including what the hardware is inside the box, and how to create rather than just use software. Estonia looks to be the pace-setter in this regard, and has just announced that it is introducing computer programming learning for all children attending school. By all, I mean from grades 1 through to 12, meaning children as young as 6 will be writing their own code and producing software. The program is called 'ProgeTiiger' and is being introduced by the Estonian Tiger Leap Foundation as a pilot scheme to some Estonian schools this year. Next year the program will expand, adding programming groups for older kids who want to carry on activities outside of the classroom. Eventually it looks as though ProgeTiiger will become just another standard part of the curriculum, just like math and language studies are."
Orome1 writes "A file containing a million and one record sets containing Apple Unique Device Identifiers (UDIDs) and some other general information about the devices has been made available online by Anonymous hackers following an alleged breach of an FBI computer. 'During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java,' the hackers claim." Update: 09/04 13:44 GMT by T : A piece at SlashCloud points out that if the leak is genuine, this raises some sticky questions about privacy and security; in particular: "[H]ow did the agency obtain said information, and to what purpose? Why did all that personal data reside on the laptop of one special agent?"
New submitter drsmack1 writes with news of some bummed out programmers losing access to an undocumented Google API. From the article: "The curious popularity of the Google Weather API appears to be coming to a close. The search giant never officially supported the feature, but developers have used the unofficial feed available from the iGoogle homepage. With iGoogle now set for deprecation in November, developers are reporting that the once simple weather API is no longer returning data." Seems like the sort of thing you could replace with a tiny bit of XSLT.
An anonymous reader writes "I have been telecommuting as a software architect for a major corporation since 2007. It has allowed me to live a quality rural lifestyle. Never content, am now considering living on the road for several years. Due to the proliferation of 4G and wireless hotspots, I see no reason I could not do this from a 5th-wheel trailer. Have any slashdotters truly cut the cord in this manner? Any advice or warnings?"
An anonymous reader writes "It's not so long since Apple silently dropped the restriction about iOS apps for programming — iPad owners can now code in Lua with Codea or with Python for iOS. Yesterday, a new app called Kodiak PHP brought another IDE to the iPad, this time for PHP coders. Pandodaily's Nathaniel Mott describes it as a full-blooded software development tool with comparison to other iOS apps. Cult of Mac reports that the demise of the Mac might be closer than we think, but are developers really ready to use the on-screen keyboard to do some serious work?"
olau writes "Hot on the heels on the opinion piece on how Mac OS X killed Linux on the desktop is a more levelheaded analysis by another GNOME old-timer Christian Schaller who doesn't think Mac OS X killed anything. In fact, in spite of the hype surrounding Mac OS X, it seems to barely have made a dent in the overall market, he argues. Instead he points to a much longer list of thorny issues that Linux historically has faced as a contender to Microsoft's double-monopoly on the OS and the Office suite."
PCM2 writes "The Register reports that Security Explorations' Adam Gowdiak says there is still an exploitable vulnerability in the Java SE 7 Update 7 that Oracle shipped as an emergency patch yesterday. 'As in the case of the earlier vulnerabilities, Gowdiak says, this flaw allows an attacker to bypass the Java security sandbox completely, making it possible to install malware or execute malicious code on affected systems.'"
MassDosage writes "After nearly 15 years or of writing code professionally it was refreshing to take a figurative step back and read a book aimed at people getting started with computer programming. As the title suggests, Think Like A Programmer tries to get to the core of the special way that good programmers think and how, when faced with large and complex problems, they successfully churn out software to solve these challenges in elegant and creative ways. The author has taught computer science for about as long as I've been programming and this shows in his writing. He has clearly seen a lot of different people progress from newbie programmers to craftsmen (and craftswomen) and has managed to distill a lot of what makes this possible in what is a clear, well-written and insightful book." Read below for the rest of Mass Dosage's review.
snydeq writes "You want the best and the brightest money can buy. Or do you? Andrew Oliver offers six hard truths about 'rock-star' developers, arguing in favor of mixed skill levels with a focus on getting the job done: 'A big, important project has launched — and abruptly crashed to the ground. The horrible spaghetti code is beyond debugging. There are no unit tests, and every change requires a meeting with, like, 40 people. Oh, if only we'd had a team of 10 "rock star" developers working on this project instead! It would have been done in half the time with twice the features and five-nines availability. On the other hand, maybe not. A team of senior developers will often produce a complex design and no code, thanks to the reasons listed below.'"
First time accepted submitter JavaBear writes "Oracle have just released the u7 release of their Java 7. From the article: 'In response to the findings of a recent vulnerability in Java 7 that was being exploited by malware developers, Oracle has released an official patch that takes care of the problem. In the past week, a new vulnerability was unveiled in Oracle's Java 7 runtime, which has been used by hackers in targeted attacks on Windows-based systems. Similar to the recent Flashback malware in OS X, this vulnerability allows criminals to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet."
dutchwhizzman writes "Polish security researcher Adam Gowdiak submitted bug reports months ago for the current Java 7 zero-day exploit that's wreaking havoc all over the Internet. It seems that Oracle can't — or won't? — take such reports seriously. Is it really time to ditch Oracle's Java and go for an open source VM?"
theodp writes "The Wall Street Journal reports that pair programming is all the rage at tech darlings Facebook and Square. Its advocates speak in glowing terms of the power of pair programming, saying paired coders can catch costly software errors and are less likely to waste time surfing the Web. 'The communication becomes so deep that you don't even use words anymore,' says Facebook programmer Kent Beck. 'You just grunt and point.' Such reverent tones prompted Atlassian to poke a little fun at the practice with Spooning, an instructional video in which a burly engineer sits on a colleague's lap, wraps his arms around his partner's waist and types along with him hand over hand."
tsu doh nimh writes "A new exploit for a zero-day vulnerability in Oracle's Java JRE version 7 and above is making the rounds. A Metasploit module is now available to attack the flaw, and word in the underground is that it will soon be incorporated into BlackHole, a widely used browser exploit pack. KrebsOnSecurity.com talked to the BlackHole developer, who said the Java exploit would be worth at least $100,000 if sold privately. Instead, this vulnerability appears to have been first spotted in targeted/espionage attacks that used the exploit to drop the remote control malware Poison Ivy, according to experts from Deep End Research. Because Oracle has put Java on a quarterly patch cycle, and the next cycle is not scheduled until October, experts have devised and are selectively releasing an unofficial patch for the flaw."
snydeq writes "Regardless of where you stand on Anonymous' tactics, politics, or whatever, I think the group has something to teach developers and development organizations,' writes Andrew Oliver. 'As leader of an open source project, I can revoke committer access for anyone who misbehaves, but membership in Anonymous is a free-for-all. Sure, doing something in Anonymous' name that even a minority of "members" dislike would probably be a tactical mistake, but Anonymous has no trademark protection under the law; the organization simply has an overall vision and flavor. Its members carry out acts based on that mission. And it has enjoyed a great deal of success — in part due to the lack of central control. Compare this to the level of control in many corporate development organizations. Some of that control is necessary, but often it's taken to gratuitous lengths. If you hire great developers, set general goals for the various parts of the project, and collect metrics, you probably don't need to exercise a lot of control to meet your requirements."
CowboyRobot writes "Although not as lucrative as video games or movies, Gartner projects the software application development industry will pass the US$9 Billion mark this year. They credit 'evolving software delivery models, new development methodologies, emerging mobile application development, and open source software.' Also in the report is a projection that 'mobile application development projects targeting smartphones and tablets will outnumber native PC projects by a ratio of 4:1 by 2015.'"
Nerval's Lobster writes "Facebook recently invited a handful of employers into its headquarters for a more in-depth look at how it handles its flood of data. Part of that involves the social network's upcoming 'Project Prism,' which will allow Facebook to maintain data in multiple data centers around the globe while allowing company engineers to maintain a holistic view of it, thanks to tools such as automatic replication. That added flexibility could help Facebook as it attempts to wrangle an ever-increasing amount of data. 'It allows us to physically separate this massive warehouse of data but still maintain a single logical view of all of it,' is how Wired quotes Jay Parikh, Facebook's vice president of engineering, as explaining the system to reports. 'We can move the warehouses around, depending on cost or performance or technology.' Facebook has another project, known as Corona, which makes its Apache Hadoop clusters less crash-prone while increasing the number of tasks that can be run on the infrastructure."