An anonymous reader writes with a bit of news about the compromised download of phpMyAdmin discovered on an sf.net mirror yesterday: "A malicious version of the open source Web-based MySQL database administration tool phpMyAdmin has been discovered on one of the official mirror sites of SourceForge, the popular online code repository for free and open source software. The file — phpMyAdmin-22.214.171.124-all-languages.zip — was modified to include a backdoor that allowed attackers to remotely execute PHP code on the server running the malicious version of phpMyAdmin." The Sourceforge weblog has details. Someone compromised a mirror (since removed from rotation of course) around September 22nd. Luckily, only around 400 people grabbed the file before someone caught it.
Migrate from GitHub to SourceForge quickly and easily with this tool. Check out all of SourceForge’s recent improvements.×
New submitter billius writes "I was recently hired (along with another guy) as a web developer at a large university. Our job is to build tools to support the social science researchers on our team. When I got here the codebase was an unholy mess: the formatting was terrible, there were .bak files scattered everywhere and there was no version control system in place. We quickly went to work cleaning things up and implementing new features. My boss was so pleased with our work that she took us out to lunch. During lunch, she asked us if there were any additional tools we needed to do our job more efficiently. We both told her that version control was an invaluable tool for any kind of software development, but had a difficult time describing to her what exactly version control was. I attempted to explain that it created a log of all the changes made to the code and allowed us to make sure that multiple developers working on the same project would not step on each other's toes. I don't think we really got through to her and a few weeks passed with us hearing nothing. Today we were asked by another supervisor if we needed any additional tools and we went through the same spiel about version control. She suggested that we try to write up a brief description of what we wanted and how much it would cost, but I'm drawing a blank an how exactly to describe version control to a person who isn't very technical, let alone a developer. Does anyone out there have any tips on how to sell version control to management?"
jcatcw writes "Just as Oracle is ramping up for the September 30 start of JavaOne 2012 in San Francisco, researchers from the Polish firm Security Explorations disclosed yet another critical Java vulnerability that might 'spoil the taste of Larry Ellison's morning ... Java.' According to Security Explorations researcher Adam Gowdiak, who sent the email to the Full Disclosure Seclist, this Java exploit affects one billion users of Oracle Java SE software, Java 5, 6 and 7. It could be exploited by apps on Chrome, Firefox, Internet Explorer, Opera and Safari. Wow, thanks a lot Oracle."
Paul Carver writes "Should developers be responsible for installing the software they develop into production environments? What about System Test environments? I'm not a developer and I'm not all that familiar with Agile or DevOps, but it seems unhealthy to me to have software installs done by developers. I think that properly developed software should come complete with installation instructions that can be followed by someone other than the person who wrote the code. I'd like to hear opinions from developers. Do you prefer a workplace where you hand off packaged software to other teams to deploy or do you prefer to personally install your software into System Test and then personally install it into production once the System Testers have certified it? For context, I'm talking about enterprise grade, Internet facing web services sold to end users as well as large companies on either credit card billing or contractual basis with service level agreements and 24x7 Operations support. I'm not talking about little one (wo)man shops and free or Google style years long beta services."
WebMink writes "With an impending deadline for America's schools to satisfy new federal reporting requirements on academic achievement, a new alliance of state educators is creating a system of open source software to help schools gather and submit the data that the rules require. To get the whole thing started, the Gates Foundation and Carnegie are funding two $75,000 awards for the open source developers who create the in-school software. The winners could also become the linchpins of a new industry in academic software."
New submitter DangerOnTheRanger writes "Torque3D, the game engine behind games such as Blockland and Tribes 2, has gone open-source. The engine itself — in addition to four game templates — are all included in a Git repository hosted on GitHub. Documentation is available in a separate repository. Quite the exciting time in the world of game development!"
SquarePixel writes "Bloomberg has an interesting story about Microsoft's efforts to simultaneously woo younger workers and to get more apps into its Windows Store. Quoting: 'Microsoft, the world's largest software maker, designed Windows 8 for touch-screen technology included in the company's first tablet, Surface, and other devices coming this year. To gain share in tablets, a market expected by DisplaySearch to reach $66.4 billion in 2012, Microsoft needs enough apps to challenge the more than 200,000 available for iPad. Using student recruits is one way Microsoft can woo app developers who are used to building programs for mobile phones and tablets, where the company has little and no share, respectively. Luring programmers before graduation is particularly critical for recruitment in the U.S., which lags behind countries such as India and China in its ability to crank out qualified engineers.'"
mikejuk writes "The Raspberry Pi might be a cheap and reasonably powerful but it has a tough learning curve due to the Linux OS it uses. Adafruit, better known for their hardware, are working on a WebIDE which you can use to program the Pi without having to set things up. You write the code in a browser and run it on the Pi using a web server hosted by the Pi. It sounds crazy but if it can make the Pi more approachable then perhaps it could turn out to be an educational powerhouse."
New submitter tavi.g writes "Working for an ISP, along with my main job (networking) I get to create some useful code (Bash and Python) that's running on various internal machines. Among them: glue scripts, Cisco interaction / automatization tools, backup tools, alerting tools, IP-to-Serial OOB stuff, even a couple of web applications (LAMPython and CherryPy). Code has piled up — maybe over 20,000 lines — and I need a way to reliably work on it and deploy it. So far I used headers at the beginning of the scripts, but now I'm migrating the code over to Bazaar with TracBzr, because it seems best for my situation. My question for the Slashdot community is: in the case of single developer (for now), multiple machines, and a small-ish user base, what would be your suggestions for code versioning and deployment, considering that there are no real test environments and most code just goes into production ? This is relevant because lacking a test environment, I got used to immediate feedback from the scripts, since they were in production, and now a versioning system would mean going through proper deployment/rollback in order to get real feedback."
Nerval's Lobster writes "Salesforce CEO Marc Benioff is unapologetic about his love for Facebook. 'I think all software is going to look like Facebook,' he told media and analysts at the Dreamforce conference in San Francisco. 'Everyone is going to have to rewrite to have a feed-based platform.' If people can collaborate on tagging a photo, he added, they could easily do the same with a product or business problem. Even as Benioff touted his Facebook love, however, Salesforce is veering away from the Facebook model in one key way: whereas Facebook CEO Mark Zuckerberg felt his company focused too much on HTML5 for its mobile apps, choosing to focus instead on native-app development, Salesforce is embracing HTML5 for its Salesforce Touch app, which delivers Salesforce data such as Chatter feeds and contacts to a variety of mobile devices."
Hugh Pickens writes "Austin Carr notes that a number of user interface designers have become increasingly critical of Apple's approach to software user interface design. Much of their censure is directed against a trend called skeuomorphism, a term for when objects retain ornamental elements of the past that are no longer necessary to the current objects' functions, such as calendars with faux leather-stitching, bookshelves with wood veneers, fake glass and paper and brushed chrome. A former senior UI designer at Apple who worked closely with Steve Jobs said, 'It's like the designers are flexing their muscles to show you how good of a visual rendering they can do of a physical object. Who cares?' The issue is two-fold: first, that traditional visual metaphors no longer translate to modern users; and second, that excessive digital imitation of real-world objects creates confusion among users. 'I'm old enough, sure, but some of the guys in my office have never seen a Rolodex in real life,' says Designer Gadi Amit. 'Our culture has changed. We don't need translation of the digital medium in mechanical real-life terms. It's an old-fashioned paradigm.' One beneficiary could be Microsoft, where the design of Windows 8 distances itself from skeuomorphism by emphasizing a flat user interface that's minimalist to the core: no bevel, no 3-D flourishes, no glossiness and no drop shadow."
vu1986 writes with this bit from GigaOm: "Google has made public the details of its Spanner database technology, which allows a database to store data across multiple data centers, millions of machines and trillions of rows. But it's not just larger than the average database, Spanner also allows applications that use the database to dictate where specific data is stored so as to reduce latency when retrieving it. Making this whole concept work is what Google calls its True Time API, which combines an atomic clock and a GPS clock to timestamp data so it can then be synched across as many data centers and machines as needed." Original paper. The article focuses a lot of the Time API, but external consistency on a global scale seems to be the big deal here. From the paper: "Even though many projects happily use Bigtable, we have also consistently received complaints from users that Bigtable can be difficult to use for some kinds of applications: those that have complex, evolving schemas, or those that want strong consistency in the presence of wide-area replication. ... Many applications at Google have chosen to use Megastore (PDF) because of its semi-relational data model and support for synchronous replication, despite its relatively poor write throughput. As a consequence, Spanner has evolved from a Bigtable-like versioned key-value store into a temporal multi-version database. Data is stored in schematized semi-relational tables; data is versioned, and each version is automatically timestamped with its commit time; old versions of data are subject to configurable garbage-collection policies; and applications can read data at old timestamps. Spanner supports general-purpose transactions, and provides a SQL-based query language." Update: 09/20 17:57 GMT by T : Also in a story at Slash BI.
jammag writes "Who better for a developer to love than another developer? Yet as a veteran coder describes, it's not always a good idea for a programmer to fall for another programmer. He describes his experience observing — and getting partially pulled into — a romance within a development team. Part of the problem, perhaps, is that some developers spend so much time buried in code that, well, they quickly find themselves out of their league. Then again, why not love among the code?"
another random user writes "A Q&A on Ars Technica asks about an old adage that many programmers stick to: 'It takes a certain type of mind to learn programming, and not everyone can do it.' Users at Stack Exchange are wading in with their answers, but what do Slashdot users think?"