Trailrunner7 writes "It's no secret that Java has moved to the top of the target list for many attackers. It has all the ingredients they love: ubiquity, cross-platform support and, best of all, lots of vulnerabilities. Malware targeting Java flaws has become a major problem, and new statistics show that this epidemic is following much the same pattern as malware exploiting Microsoft vulnerabilities has for years. Research from Microsoft shows that there has been a huge spike in malware targeting Java vulnerabilities since the third quarter of 2011, and much of the activity has centered on patched vulnerabilities in Java. Part of the reason for this phenomenon may be that attackers like vulnerabilities that are in multiple versions of Java, rather than just one specific version."
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Check out the new SourceForge HTML5 Internet speed test! ×
theodp writes "In a widely-read WSJ Op-Ed, English major Kirk McDonald, president of online ad optimization service PubMatic, informed college grads that he considers them unemployable unless they can claim familiarity with at least two programming languages. 'Teach yourself just enough of the grammar and the logic of computer languages to be able to see the big picture,' McDonald advises. 'Get acquainted with APIs. Dabble in a bit of Python. For most employers, that would be more than enough.' Over at Typical Programmer, Greg Jorgensen is not impressed. 'I have some complaints about this "everyone must code" movement,' Jorgensen writes, 'and Mr. McDonald's article gives me a starting point because he touched on so many of them.'"
MojoKid writes "Is the world really ready to shift from native apps to HTML5 Web apps? Probably not, at least not in North America yet, but developing nations may see it differently. That's the hope with Firefox OS, a web-based operating system that's (in theory) a lot more open. Of course, one needs only look at Microsoft's battle to get Windows Phone into a place of competition to realize that gaining market share is no easy task, which is why Mozilla will soon be handing out Firefox OS developer phones in order to bolster that. The company's goal is to get app builders to build for Firefox OS, so Mozilla is sending out free Preview handsets for folks to tinker with."
skaffen42 writes "The recent Ask Slashdot about becoming a programmer later in life got me thinking about a related question. How do you deal with programmers who have not stayed current with new technologies? In the hiring process, this is easy; you simply don't hire them. However, at most companies where I've worked, there are usually a few programmers who have been employed long enough that the skill-set they were originally hired for has become irrelevant. At the same time, they have not bothered to stay current with newer technologies. They usually have enough business knowledge that they provide some value to the company, but from a technical perspective they are a slowly-increasing liability. As an example: I work with a developer who is 10 years my senior, but still doesn't understand how to write concurrent code and cannot be trusted to use a revision control system without causing a mess that somebody else will have to clean up. On top of that, he is really resistant to the idea of code reviews; I suspect he dislikes people he considers junior to him making suggestions about how to improve his code. So, how do my fellow Slashdotters handle situations like this? How do you help somebody like this to improve their skill-sets? And, most importantly, how do you do so without stepping on anybody's feelings?"
An anonymous reader writes "Jenny Lamere, a graduating high school senior from Nashua NH, was the youngest of 80 participants (and one of only four women) in the Hill Holiday TVnext hackathon held in Boston this past April, a programming contest sponsored by TV API providers. Her submission of 'Twivo,' an app that allows TV viewers to block spoiler tweets while watching a show and recover them later, won the contest's 'Sync to Broadcast' category (one of five), and was also named the event's 'Best in Show' (overall winner). At least one tech company has expressed interest in her app (a short demo and interview with the judges starts at 3:30 in the embedded YouTube clip). Lamere plans to enter the Rochester Institute of Technology in the fall, and will pursue a career in software development."
New submitter mha writes "In a response that truly seems to be from a core Microsoft developer, we are told about why Windows kernel development continues to fall further and further behind that of the Linux kernel. He says, 'The cause of the problem is social. There's almost none of the improvement for its own sake, for the sake of glory, that you see in the Linux world. ... There's no formal or informal program of systemic performance improvement. We started caring about security because pre-SP3 Windows XP was an existential threat to the business. Our low performance is not an existential threat to the business. See, component owners are generally openly hostile to outside patches: if you're a dev, accepting an outside patch makes your lead angry (due to the need to maintain this patch and to justify in in shiproom the unplanned design change), makes test angry (because test is on the hook for making sure the change doesn't break anything, and you just made work for them), and PM is angry (due to the schedule implications of code churn). There's just no incentive to accept changes from outside your own team. You can always find a reason to say "no," and you have very little incentive to say "yes."'"
An anonymous reader sends this news from the Associated Press: "A worldwide gang of criminals stole a total of $45 million in a matter of hours by hacking their way into a database of prepaid debit cards and then draining cash machines around the globe, federal prosecutors said Thursday. ... Here’s how it worked: Hackers got into bank databases, eliminated withdrawal limits on prepaid-debit cards and created access codes. Others loaded that data onto any plastic card with a magnetic stripe — an old hotel key card or an expired credit card worked fine as long as it carried the account data and correct access codes."
Noiser writes "The Israeli pop singer Aya Korem published her new song "Computer Engineer" as a website that shows translation to the Perl programming language along with the lyrics. Perl is quite a good match, given that the Perl community has a long tradition of publishing "Perl poetry", and this song proves that this tradition is very much alive. No Flash is required to view the website, so if you are an HTML5 geek, have no worries."
An anonymous reader writes "The folks at Conformal have announced btcd, an alternative full-node implementation to bitcoind, written in Go! They have released the first of their core packages, btcwire, available for download at GitHub. As a bitcoin user myself, I love the idea of a full alternative. It will only make bitcoin stronger and more independent. This will be great for the Go community, too!"
An anonymous reader writes "We're seeing a new revolution in artificial intelligence known as deep learning: algorithms modeled after the brain have made amazing strides and have been consistently winning both industrial and academic data competitions with minimal effort. 'Basically, it involves building neural networks — networks that mimic the behavior of the human brain. Much like the brain, these multi-layered computer networks can gather information and react to it. They can build up an understanding of what objects look or sound like. In an effort to recreate human vision, for example, you might build a basic layer of artificial neurons that can detect simple things like the edges of a particular shape. The next layer could then piece together these edges to identify the larger shape, and then the shapes could be strung together to understand an object. The key here is that the software does all this on its own — a big advantage over older AI models, which required engineers to massage the visual or auditory data so that it could be digested by the machine-learning algorithm.' Are we ready to blur the line between hardware and wetware?"
mlingojones writes "The CSS Zen Garden — an attempt to showcase the power of CSS, from ye olden days when most sites used tables for layout, when CSS2 was bleeding edge, when IE5 was the most popular web browser — turns 10 today. In celebration, the maintainer Dave Shea is reopening the project for submissions, with a focus on CSS3 and responsive design."
Nerval's Lobster writes "Tech firms are engaging in several non-traditional hiring methods, from programming contests to finding the right people via algorithm. One of the more popular methods: set up a coding challenge or programming contest to bring out interested parties, with the top prize being a trip to the sponsoring company's headquarters to interview for a job. Look at what Facebook is doing in this area, sponsoring several Kaggle.com programming contests to find the best programmers; it also makes use of the site InterviewStreet to screen potential applicants. In theory, any company can build and run a contest online. But is it really the best way to go about hiring a programmer (or any other tech-minded employee, for that matter)?"
An anonymous reader writes "A new report details the analysis of more than 450 million lines of software through the Coverity Scan service, which began as the largest public-private sector research project focused on open source software integrity, and was initiated between Coverity and the U.S. Department of Homeland Security in 2006. Code quality for open source software continues to mirror that of proprietary software — and both continue to surpass the industry standard for software quality. Defect density (defects per 1,000 lines of software code) is a commonly used measurement for software quality. The analysis found an average defect density of .69 for open source software projects, and an average defect density of .68 for proprietary code."
itwbennett writes "They'll still be all-night coding sessions, but starting with this week's 'Project Mayhem' event, there are a few notable changes. First, they're longer — starting at 11 a.m. Thursday and continuing until 2 p.m. Friday. And coding through the night is optional. 'It's like, "let's take this day off to do this, and then if I need to get more done, we can hang out and finish at night,"' said Facebook engineering manager Pedram Keyani, who organizes the hackathons."
sfcrazy writes "In this exclusive interview MySQL founder Michael Widenius talks about the reasons of decline of MySQL, what Oracle is doing wrong and how MariaDB is fast replacing it. There are quite some interesting information in this interview. The take out of this interview is '...there is no reason at all to use MySQL 5.5 instead of MariaDB 5.5. The same will be true for the next generation.'" Of course, he has an economic interest in getting people to use MariaDB. Hard to argue that Oracle isn't evil though.
An anonymous reader writes "I just learned that the company I work for annually budgets ~$17,000 for non-labor engineering expenses, but budgets ~$250,000 for non-labor marketing and sales expenses. Am I just being cynical when I say that my company spends almost 15 times as much trying to convince the outside world that we make a good product, than it spends on actually making a good product? What's the marketing-to-engineering ratio at your company?"
An anonymous reader writes "I'm working on a new product with one of the more senior guys at our company. To be blunt: his work is sloppy. It works and gets the job done, but it's far from elegant and there are numerous little (some might say trivial) mistakes everywhere. Diagrams that should be spread over five or six pages are crammed onto one, naming is totally inconsistent, arrows point the wrong way (without affecting functionality) and so forth. Much of this is because he is so busy and just wants to get everything out the door. What is the best way to handle this? I spent a lot of time refactoring some of it, but as soon as he makes any changes it needs doing again, and I have my own work to be getting on with. I submit bug reports and feature requests, but they are ignored. I don't want to create bad feelings, as I have to work with him. Am I obsessing over small stuff, or is this kind of internal quality worth worrying about?"
An anonymous reader writes "Simon St. Laurent writes in praise of CSS selectors: 'After years of complaints about Cascading Style Sheets, many stemming from their deliberately declarative nature, it's time to recognize their power. For developers coming from imperative programming styles, it might seem hard to lose the ability to specify more complex logical flow. That loss, though, is discipline leading toward the ability to create vastly more flexible systems, a first step toward the pattern matching model common to functional programming.'"
Nerval's Lobster writes "BlackBerry 10 is completely different from previous BlackBerry operating systems — with good reason. Its core assets come from a company named QNX, which Research In Motion acquired in 2010. Blackberry 10 features include 'live tiles' that dynamically refresh with new information, as well as a revamped keyboard and security upgrades. But what really makes or breaks a phone is the quality (and quantity) of its third-party apps. Jeff Cogswell pokes through the BlackBerry 10 programming API in a quest to see what app developers can do with the platform, and how it compares on that front to Apple iOS and Google Android. His conclusion? Although some of the underlying components are showing their age, BlackBerry has 'spent a lot of time building up a foundation for a good development community.' He also goes over BlackBerry 10's viability for porting apps and building games. But will developers actually work with a platform with such low market-share?"