New submitter Archie Cobbs writes "Last May I encountered a relatively obscure performance bug present in both MySQL 5.5.x and MariaDB 5.5.x (not surprising since they share the same codebase). This turned out to be a great opportunity to see whether Oracle or the MariaDB project is more responsive to bug reports. On May 31 Oracle got their bug report; within 24 hours they had confirmed the bug — pretty impressive. But since then, it's been radio silence for 3 months and counting. On July 25, MariaDB got their own copy. Within a week, a MariaDB developer had analyzed the bug and committed a patch. The resulting fix will be included in the next release, MariaDB 5.5.33."
Sign up for the Slashdot Daily Newsletter! DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Help SAVE NET NEUTRALITY! ×
An anonymous reader writes "Fed up with piracy and the availability of cracked versions of his software, Cobalt Strike developer Raphael Mudge wrote a blog post telling people how to crack his software. Some gifts are poisoned, and Raphael goes into deep detail about how to backdoor his software and use it to distribute malware. Will this increase piracy of his software, or will it discourage would-be pirates from downloading cracked versions?"
rysiek writes "Remember MailPile, the privacy-focused, community-funded FOSS webmail project with built-in GPG support? The good news is, the funding campaign is a success, with $135k raised (the goal was $100k). The bad news is: PayPal froze MailPile's account, along with $45k that was on it, and will not un-freeze it until MailPile team provides 'an itemized budget and your development goal dates for your project.' One of the team members also noted: 'Communications with PayPal have implied that they would use any excuse available to them to delay delivering as much of our cash as possible for as long as possible.' PayPal doesn't have a great track record as far as fund freezing is concerned — maybe it's high time to stop using PayPal?"
whoever57 writes "On Saturday, Oracle Team USA and Team New Zealand will begin racing for the America's Cup in the amazing AC72 boats. However, the Oracle team starts with a significant handicap. It was recently discovered that members of Oracle Team USA made illegal changes to the boats used in the America's Cup Series (which is sailed in the smaller AC45 boats). After a hearing on Friday, the International Jury has decided on the penalty: Team Oracle will have to pay a fine and sail without some team members. More significantly, they lose two points before starting the America's Cup races against Team New Zealand. A tiny amount of weight had been added to the kingpost, in violation of the measurement rules for the class. This was reported to the measurement committee some weeks ago after its discovery by boatbuilders working for America's Cup Regatta Management (ACRM), not members of Oracle Team USA."
Programmer Steve Losh has written a lengthy explanation of what separates good documentation from bad, and how to go about planning and writing documentation that will actually help people. His overarching point is that documentation should be used to teach, not to dump excessive amounts of unstructured information onto a user. Losh takes many of the common documentation tropes — "read the source," "look at the tests," "read the docstrings" — and makes analogies with learning everyday skills to show how silly they can be. "This is your driving teacher, Ms. Smith. ... If you have any questions about a part of the car while you’re driving, you can ask her and she’ll tell you all about that piece. Here are the keys, good luck!" He has a similar opinion of API strings: "API documentation is like the user’s manual of a car. When something goes wrong and you need to replace a tire it’s a godsend. But if you’re learning to drive it’s not going to help you because people don’t learn by reading alphabetized lists of disconnected information." Losh's advice for wikis is simple and straightforward: "They are bad and terrible. Do not use them."
cold fjord sends news that a study by Coverity has found open-source Python code to contain a lower defect density than any other language. "The 2012 Scan Report found an average defect density of .69 for open source software projects that leverage the Coverity Scan service, as compared to the accepted industry standard defect density for good quality software of 1.0. Python's defect density of .005 significantly surpasses this standard, and introduces a new level of quality for open source software. To date, the Coverity Scan service has analyzed nearly 400,000 lines of Python code and identified 996 new defects — 860 of which have been fixed by the Python community."
theodp writes "Friday saw the launch of Rupert Murdoch's AP Computer Science MOOC. Taught by an AP CS high school teacher, the Java-centric course has students use the DrJava lightweight development environment for the exercises. 'If this MOOC works,' said Amplify CEO Joel Klein, 'we can think of ways to expand and support it.' Only the first week's videos are posted; course content is scheduled to be presented through March, with five weeks thereafter set aside for AP Exam prep. Might as well check it out, you may have helped pay for it — a MOOC-related Amplify job listing notes that 'This position may be funded, in whole or in part, through American Recovery & Reinvestment Act funds.'"
New submitter MeatoBurrito writes "The latest iteration of Mechwarrior was crowdfunded (without Kickstarter) as a free-to-play first-person mech simulator. However, despite promises to the founders, the game has been shifted to a third-person arcade shooter and now the community is rioting. This followed a series of other unpopular decisions; the developers decided to sell an item for real money that had a significant impact on gameplay, crossing the line separating cosmetic/convenience items and 'pay-to-win.' Then they added a confusing game mechanic to limit its use, which had the unfortunate side effect of making some strategies completely useless. From the article: 'PGI’s community practices showcase a fundamental misunderstanding of both freemium development and community management. The developer has never had to deal with such a large player base before, and it has never had to deal with the strains of continuous development before. Rather, PGI seems to be handling Mechwarrior Online in much the same way they might a AAA game: by keeping quiet and only discussing its work in vague terms. ... Mechwarrior Online’s road to launch is a cautionary consumer tale, fraught with anger and betrayal. It shows how a company can take a fan base dedicated to an old IP and completely alienate it through lack of communication, unpopular features, and oathbreaking. It shows how players need to be cautious of supporting a project based solely on the IP backing it.'"
rjmarvin writes "Cities are taking coding to the streets through projects like Code for America and CityNext, working with governments on multiple levels to better serve constituents with mobile and cloud technologies. The 'Peace Corps for geeks' is using technology to make everyday life in cities run more smoothly, providing a way to 'connect technologists and designers with their government to solve important problems and reimagine how government could work.'"
theodp writes "Writing in The Atlantic, Phil Nichols makes a convincing case for why educational technologies should be more like graphing calculators and less like iPads. Just messing around with TI-BASIC on a TI-83 Plus, Nichols recalls, 'helped me cultivate many of the overt and discrete habits of mind necessary for autonomous, self-directed learning.' So, with all those fancy iPads at their schools, today's kids must really be programming up a storm, right? Wrong. Nichols, who's currently pursuing a PhD in education, laments, 'The iPad is among the recent panaceas being peddled to schools, but like those that came before, its ostensibly subversive shell houses a fairly conventional approach to learning. Where Texas Instruments graphing calculators include a programming framework accessible even to amateurs, writing code for an iPad is restricted to those who purchase an Apple developer account, create programs that align with Apple standards, and submit their finished products for Apple's approval prior to distribution.'"
New submitter hmilz writes "I've been using procmail for years to filter my incoming mail, and over time a long list of spam patterns was created. The good thing about the patterns is, there are practically no false positives, and practically no false negatives, i.e. I see each new spam exactly once, and lose no legit mail. This works by using an external spam-patterns file, containing one pattern per line, and running an 'egrep -F' against it. As simple as this is, with a long pattern list this becomes rather slow and CPU consuming. An average mail currently needs about 15 seconds to be grepped. In other words, this has become quite clumsy over time, and I would like to replace it by a more (CPU, hence energy) efficient method. I was thinking about a small indexed database or something. What would you recommend and use if you were me? Is sqlite something to look at?"
rjmarvin writes "Two developers were able to successfully reverse-engineer Dropbox to intercept SSL traffic, bypass two-factor authentication and create open-source clients. They presented their paper, 'Looking inside the (Drop) box' (PDF) at USENIX 2013, explaining step-by-step how they were able to succeed where others failed in reverse-engineering a heavily obfuscated application written in Python. They also claimed the generic techniques they used could be applied to reverse-engineer other Frozen python applications: OpenStack, NASA, and a host of Google apps, just to name a few..."
CWmike writes "Windows app developers are taking Microsoft to task for the company's decision to withhold Windows 8.1 until mid-October. Traditionally, Microsoft offers an RTM to developers several weeks before the code reaches the general public. On Tuesday, however, Microsoft confirmed that although Windows 8.1 has reached RTM, subscribers to MSDN will not get the final code until the public does on Oct. 17, saying it was not finished. Antoine Leblond, a Microsoft spokesman, said in a blog post, 'In the past, the release to manufacturing milestone traditionally meant that the software was ready for broader customer use. However, it's clear that times have changed.' Developers raged against the decision in comments on another Microsoft blog post, one that told programmers to write and test their apps against Windows 8.1 Preview, the public sneak peak that debuted two months ago. One commenter, 'brianjsw,' said, 'In the real world, developers must have access to the RTM bits before [general availability]. The fact that Microsoft no longer seems to understand this truly frightens me.'"
New submitter wkaan writes "Last financial year, we had an underspend at work, and it was suggested and agreed that we should give some cash away — $20k to be exact — to open source projects. Four projects were selected. A management catch was that it could not appear to be a donation and it had to be for something we had notionally received in the current financial year. At that time it was early June, our financial year finishes at the end of June. The four projects were emailed using the most relevant looking contact address on their website. Often this was 'Finance' or 'Donations' contact. What do you know, none of the projects that were contacted could work out a way to accept our money. We were unable to give a cent of the twenty grand away, not even a cent. All somebody needed to do was invoice us for something (perhaps 'support' or whatever) and they'd have received $5000. Of the projects contacted, two never replied to our mail — perhaps they thought it a scam? The other two contacted couldn't work out what to invoice and just went away. Is open source too rich to need the money? Have you got a funny donation story? Better still, do you have a way this can be streamlined when we have our next underspend? The goal was not to have a funny (sad) story, but to support the projects that support our business." For those of you with open source projects for which would you would like to take donations but sometimes cannot, what complications get in the way?
Lemeowski writes "Game studios go to great lengths to protect their IP. But board game designer Daniel Solis doesn't subscribe to that philosophy. He has spent the past ten years blogging his game design process, posting all of his concepts and prototypes on his blog. Daniel shares four things he's learned after designing games in public, saying paranoia about your ideas being stolen "is just an excuse not to do the work." His article provides a solid gut check for game designers and other creatives who may let pride give them weird expectations."
Last week you had a chance to ask Guido van Rossum, Python's BDFL (Benevolent Dictator For Life), about all things Python and his move to Dropbox. Guido wasted no time answering your questions and you'll find his responses below.
jfruh writes "One of the biggest challenges Microsoft has faced with its Windows Phone platform is that it's far behind in the apps race against iOS and Android. One way to close the gap is to lower the barrier to entry for new app devs, and Microsoft has done so with Windows Phone App Studio, a hosted service that lets you build applications without actually writing any code. The description of how App Studio works may leave you wondering how useful or exciting the apps created will be, but a surge of developer interest during the current beta program has surprised even Microsoft with its scope."
Guido van Rossum is best known as the creator of Python, and he remains the BDFL (Benevolent Dictator For Life) in the community. The recipient of many awards for his work, and author of numerous books, he left Google in December and started working for Dropbox early this year. A lot has happened in the 12 years since we talked to Guido and he's agreed to answer your questions. As usual, ask as many as you'd like, but please, one question per post.
mikejuk writes "Is it possible that we have been wasting our time typing programs. Could voice recognition, with a little help from an invented spoken language, be the solution we didn't know we needed? About two years ago Tavis Rudd, developed a bad case of RSI caused by typing lots of code using Emacs. It was so severe that he couldn't code. As he puts it: 'Desperate, I tried voice recognition'. The Dragon Naturally Speaking system used by Rudd supported standard language quite well, but it wasn't adapted to program editing commands. The solution was to use a Python speech extension, DragonFly, to program custom commands. OK, so far so good, but ... the commands weren't quite what you might have expected. Instead of English words for commands he used short vocalizations — you have to hear it to believe it. Now programming sounds like a conversation with R2D2. The advantage is that it is faster and the recognition is easier — it also sounds very cool and very techie. it is claimed that the system is faster than typing. So much so that it is still in use after the RSI cleared up."
msheekhah writes "I have a friend who, when he gets out of college, has been promised a job at well known electronics company with a salary around $70k. However, he wants to instead go work for Blizzard or some other game company as a game programmer. I've read enough on here and on other tech websites to know that he should take the job he's been offered. Can you share with me your experiences so I can give him real life examples to convince him to take this job? If your experience is contrary to mine, I'd appreciate that input as well."