We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!
Nemo the Magnificent writes: " Everybody knows software development is a young man's game, right? Here's a guy who hires and manages programmers, and he says it's not about age at all — it's about skills, period. 'It's each individual's responsibility to stay fresh in the field and maintain a modern-day skillset that gives any 28-year-old a run for his or her money. ... Although the ability to learn those skills is usually unlimited, the available time to learn often is not. "Little" things like family dinners, Little League, and home improvement projects often get in the way. As a result, we do find that we face a shortage of older, more seasoned developers. And it's not because we don't want older candidates. It's often because the older candidates haven't successfully modernized their developer skills.' A company that actively works to offer all employees the chance to learn and to engage with modern technologies is a company that good people are going to work for, and to stay at."
davecb (6526) writes "At Guido von Rossum's urging, Mike Bland has a look at detecting and fixing the "goto fail" bug at ACM Queue. He finds the same underlying problem in both in the Apple and Heartbleed bugs, and explains how to not suffer it again." An excerpt: "WHY DIDN'T A TEST CATCH IT? Several articles have attempted to explain why the Apple SSL vulnerability made it past whatever tests, tools, and processes Apple may have had in place, but these explanations are not sound, especially given the above demonstration to the contrary in working code. The ultimate responsibility for the failure to detect this vulnerability prior to release lies not with any individual programmer but with the culture in which the code was produced. Let's review a sample of the most prominent explanations and specify why they fall short. Adam Langley's oft-quoted blog post13 discusses the exact technical ramifications of the bug but pulls back on asserting that automated testing would have caught it: "A test case could have caught this, but it's difficult because it's so deep into the handshake. One needs to write a completely separate TLS stack, with lots of options for sending invalid handshakes.""
angry tapir (1463043) writes "Embracing the widely used JSON data-exchange format, the new version of the PostgreSQL open-source database takes aim at the growing NoSQL market of nonrelational data stores, notably the popular MongoDB. The first beta version of PostgreSQL 9.4, released Thursday, includes a number of new features that address the rapidly growing market for Web applications, many of which require fast storage and retrieval of large amounts of user data."
reifman (786887) writes "San Francisco's gender imbalance is so bad that a startup recently proposed flying women in from New York City for dates. But, if you're a straight male thinking of moving to Seattle to work in technology, think again. Seattle's gender ratio is even more imbalanced and it's about to get much worse for men. Amazon is building out enough space to employ 5% of the city population and its workforce is 75 percent male. By the end of 2014, Seattle will have 130 single men for every 100 single women."
waderoush (1271548) writes "Don't laugh. As the cost of housing spirals out of control on the San Francisco peninsula, neighboring metro regions like Sacramento are beginning to look more attractive to startup founders who prefer a Northern California lifestyle but haven't worked in the Silicon Valley gold mines long enough to become 1-percenters. Today Xconomy presents Part 1 of a two-part look at innovation in the Sacramento-Davis corridor and efforts to make the region more welcoming to high-tech entrepreneurs. In Sacramento's favor, there's a talented workforce fueled by a top-20 university (UC Davis), space for expansion, proximity to the ski mountains at Tahoe, and a far lower cost of living — the average house in Sacramento is selling for $237,000, compared to $909,000 in San Francisco. The downsides include a shortage of local investment dollars and a lower density of startups, meaning there's less opportunity for serendipitous collaboration. But locals say recent efforts to boost the local high-tech economy are working. 'I really feel like we are in a renaissance area,' says Eric Ullrich, co-founder of Hacker Lab, a Midtown Sacramento co-working space."
New submitter danzvash (447536) writes "I'm doing some volunteering for a street kids charity in Senegal, West Africa, and they need a new database to store all their information for the kids, and to help the funding organizations like UNICEF. The charity staff have a few computers running Windows 7. Being a die-hard OSS geek I'm more inclined to knock up a MySQL backend with a Django (or similar) front-end and run the whole thing from a reliable VPS. But it needs to be understandable by the non-geeks in the charity — there is no IT expertise here. Is there anything that can allow me to design and edit databases, tables, and forms but doesn't require an MS license?"
itwbennett (1594911) writes "Despite the hot job market and competitive salaries, the share of Computer Science degrees as a percentage of BA degrees has remained essentially unchanged since 1981, according to data from the National Center for Educational Statistics' Digest of Educational Statistics. If history is any indication, it will take a cultural phenomenon to shift the percentage higher: Blogger Phil Johnson point out that there were 'two distinct peaks, one in 1985 (4.4% of U.S. college degrees) and one in 2002 (4.42%). These would represent big increases for the classes entering school in 1981 and 1998 respectively. The former year corresponds to the beginning of computers coming into the home and the release of things like MS-DOS 1.0, all of which may have increased interest in programming. The latter year was during the dot com bubble, which, no doubt, also boosted interest.'"
An anonymous reader writes "There's a blog post floating around right now listing articles every programmer should read. I'm curious what articles, books, etc., Slashdot readers would add to this list. Should The Art of Computer Programming, Design Patterns, or Structure and Interpretation of Computer Programs be on the list? What about The Mythical Man-Month, or similar works that are about concepts relating to programming? Is there any code that every programmer should take a look at? Obviously, the nature of this question precludes articles about the nitty-gritty of particular languages, but I'm sure a lot of people would be interested in those, too. So if you can think of a few articles that every C++ programmer (or Perl, or Haskell, or whatever) should know, post those too."
First time accepted submitter Wisecat (3651085) writes "So we all know that computer programming jobs are hot right now. Heck, even President Obama has been urging Americans to learn the skill. But all of us in tech know that not everyone can hack it, and what's more it takes a while to learn anything, and keep up your skills as technology changes. Add to that the fact that companies (and their hiring managers) are always looking for 'the best of the best of the best' talent, and one starts to wonder: just how good does one actually have to BE to get hired? Certainly, there must be plenty of jobs where a level 7/10 programmer would be plenty good enough, and even some that a level 5/10 would be enough. And perhaps we can agree that a level 2/10 would not likely get hired anywhere. So the question is: given that we have such huge demand for programmers, can a level 5, 6, or 7 ever get past the hiring manager? Or is he doomed to sit on the sidelines while the position goes unfilled, or goes to someone willing to lie about their skill level, or perhaps to an H1-B who will work cheaper (but not necessarily better)? I'm a hardware engineer with embedded software experience, and have considered jumping over to pure software (since there are so many jobs, so much demand) but at age 40, and needing to pick a language and get good at it, I wonder whether it would even be possible to get a job (with my previous work experience not being directly related). Thoughts?"
theodp (442580) writes "The NY Times reports that the national educational movement in computer coding instruction is growing at Internet speeds. 'There's never been a move this fast in education,' said Elliot Soloway, a professor of education and computer science at the Univ. of Michigan. But, cautions the NY Times' Matt Richtel, it is not clear that teaching basic computer science in grade school will beget future jobs or foster broader creativity and logical thinking, as some champions of the movement are projecting. And particularly for younger children, the activity is more like a video game — better than simulated gunplay, but not likely to impart actual programming skills. 'Some educators worry about the industry's heavy role,' adds Richtel. 'Major tech companies and their founders, including Bill Gates and Facebook's Mark Zuckerberg, have put up about $10 million for Code.org,' which recently announced its CS programs will be rolled out to more than 2 million students — nearly 5% of all U.S. K-12 students — at 30 school districts this fall. Among the 20,000 teachers who Code.org says have signed on is Alana Aaron, a fifth-grade math and science teacher who, with her principal's permission, swapped a two-month earth sciences lesson she was going to teach on land masses for the Code.org curriculum. 'Computer science is big right now — in our country, the world,' she said. 'If my kids aren't exposed to things like that, they could miss out on potential opportunities and careers.'"
New submitter InfoJunkie777 (1435969) writes "When you go to any place where 'cutting edge' scientific research is going on, strangely the computer language of choice is FORTRAN, the first computer language commonly used, invented in the 1950s. Meaning FORmula TRANslation, no language since has been able to match its speed. But three new contenders are explored here. Your thoughts?"
An anonymous reader writes "If you are too cheap to buy a $20 Arduino or too elitist to not have at least a 32-bit processor, Dr. Dobb's shows you how to take a $2 chip, put it on a breadboard with a TTL serial (or USB) cable, and be up and running with a 32-bit C/C++ system. Even if you have to buy the breadboard and the cable, it is comparable in price to an Arduino and much more capable. The Mbed libraries (optional) make it as easy to use a 'duino, too."
An anonymous reader writes "Remember the court battle between Google and Oracle? It's the one where Oracle claimed Android violated Oracle's patents and copyright related to Java. Oracle thought they deserved $6 billion in compensation, but ended up getting nothing. Well, it's still going, and the tide is turning somewhat in Oracle's favor. An appeals court decided that Oracle can claim copyright over some parts of Java. It's a complicated ruling (PDF) — parts of it went Google's way and parts of it went Oracle's way — but here's the most important line: '[T]he declaring code and the structure, sequence, and organization of the 37 Java API packages at issue are entitled to copyright protection.' A jury's earlier finding of infringement has been reinstated, and now it's up to Google to justify its actions under fair use."
jfruh writes: "As GitHub becomes an increasingly common repository of project code, the metadata for projects saved there can tell us a lot about the state of the industry. In particular, a look at the programming languages used over the past half-decade shows an increasingly fragmented landscape, in which the overall share of most major languages is on a slight decline, while less-used languages are seeing modest growth in usage."
An anonymous reader writes "Game studios now seem to be forming a habit out of opening up their debugger / development utilities. After Valve's notable VOGL debugger, Crytek has now decided to open source their Renderdoc debugger. Renderdoc had been available for free use since earlier in the year but now they have posted an MIT-licensed version of the code to GitHub. Renderdoc builds on both Windows and Linux but for now just targets the Direct3D 11 graphics API while OpenGL support is being expected later."
An anonymous reader writes "Patrick Lin of California Polytechnic State University explores one of the ethical problems autonomous car developers are going to have to solve: crash prioritization. He posits this scenario: suppose an autonomous car determines a crash is unavoidable, but has the option of swerving right into a small car with few safety features or swerving left into a heavier car that's more structurally sound. Do the people programming the car have it intentionally crash into the vehicle less likely to crumple? It might make more sense, and lead to fewer fatalities — but it sure wouldn't feel that way to the people in the car that got hit. He says, '[W]hile human drivers may be forgiven for making a poor split-second reaction – for instance, crashing into a Pinto that's prone to explode, instead of a more stable object – robot cars won't enjoy that freedom. Programmers have all the time in the world to get it right. It's the difference between premeditated murder and involuntary manslaughter.' We could somewhat randomize outcomes, but that would lead to generate just as much trouble. Lin adds, 'The larger challenge, though, isn't thinking through ethical dilemmas. It's also about setting accurate expectations with users and the general public who might find themselves surprised in bad ways by autonomous cars. Whatever answer to an ethical dilemma the car industry might lean towards will not be satisfying to everyone.'"
Nerval's Lobster writes: "Dice [note: our corporate overlord] collects a ton of data from job postings. Its latest findings? The number of jobs posted for NoSQL experts has risen 54 percent year-over-year, ahead of postings for professionals skilled in so-called 'Big Data' (up 46 percent), Apache Hadoop (43 percent), and Python (16 percent). Employers are also seeking those with expertise in Software-as-a-Service platforms, to the tune of 20 percent more job postings over the past twelve months; in a similar vein, postings for tech professionals with some cloud experience have leapt 27 percent in the same period. Nothing earth-shattering here, but it's perhaps interesting to note that, for all the hype surrounding some of these things, there's actually significant demand behind them."
An anonymous reader writes "I've been teaching myself to code recently. I've made good progress so far, and I've written a bunch of little scripts to make my life easier. Here's the problem: most project ideas I come up with now either seem pretty easy or pretty impossible. I'm having trouble thinking of a project that'll stretch my skills without overloading them. I've tried finding open source projects to read through, but I run into the same thing: either it's straight-forward, or it requires reading a half-dozen dependencies, each of which has dependencies of their own. Anyone have suggestions on some intermediate-skill projects to undertake? Or some project files in an online repo that go beyond the basics without getting overwhelming? My language of choice is Python, but other languages are welcome."
First time accepted submitter bdrasin (17319) writes "I've had a series of interviews with a late-term startup (approx. 300 employees) and I think there is a good chance they will make me an offer. The technology is great, my skills and interests are a good fit for the position, I think the company has a promising future, and I like they team. Frankly I'm damn excited about it, more so than for any job in my career. However, I'm worried about what could euphemistically be called 'cultural' issues. I'm a few years over 40, with a wife and kids, and all of the engineers at the company seem to be at least 10 years younger than I am. Being at the company's office gives me a distinct old guy at the club feeling. I don't think the overall number of hours the team works is more than I could handle, but the team does a lot of young-single-guy-at-a-startup group activities (rent-a-limo-and-go-clubbing night, weekends in Tahoe, Burning Man, in-office happy hour) that I wouldn't want or be able to participate in; I need to be home with my family for dinner most nights and weekends and so on. I'm wondering if anyone else has had the experience of working at a startup with, or as, an older programmer, and how it worked out?"
theodp (442580) writes "Billionaire-backed Code.org, enthusiastically tweets U.S. Dept. of Education Chief Arne Duncan, is 'providing tremendous leadership in bringing coding & computer science to our nation's schools.' Including bringing kids in Broward County Public Schools the best computer science teachers $15.00-an-hour can buy, according to a document on the school district's website. One wonders how the Broward teachers feel about Code.org apparently coughing up $38.33-an-hour for Chicago teachers who attend the required Code.org professional development, which ironically covers equity issues. Duncan's shout-out comes days after Code.org claimed in its Senate testimony that 'our students have voted with their actions [participating in an hour-long, Angry Birds-themed Blockly tutorial starring Mark Zuckerberg and Bill Gates]: that learning computer science is this generation's Sputnik moment, that it's part of the new American Dream, and that it should be available to every student, in every school, as part of the standard curriculum.'"
phyr writes: "ESA Summer of Code in Space (SOCIS) is a program run by the European Space Agency. It aims at offering student developers stipends to write code for various space-related open source software projects. Through SOCIS, accepted student applicants are paired with a mentor or mentors from the participating projects, thus gaining exposure to real-world software development scenarios. In turn, the participating projects are able to more easily identify and bring in new developers. Applicants must be attending a European or Canadian university and will receive 4000 Euros for supporting one of the accepted open source projects. Applicants have until May 15th to submit their proposals and resumes. I'm particularly interested to have exceptional proposals for the NEST project."
First time accepted submitter Valejo (689967) writes "According to a study released today by Course Report, programming bootcamps are expected to grow by 2.8x in 2014, meaning that bootcamps will graduate a student for every 8 CS undergraduates. The survey (PDF) also found that 57% of the schools teach in Ruby and that the average tuition is $9,900. The authors collected responses from 95% of US schools, including General Assembly, Dev Bootcamp, and Flatiron School."
theodp (442580) writes "Simon Allardice takes a stroll down coding memory lane, recalling that when he got started in programming in 1983, hand-writing one's programs with pencil on IBM coding sheets was still considered good enough for British government work (COBOL, Assembler forms). Allardice writes, 'And when you were finished handwriting a section of code — perhaps a full program, perhaps a subroutine — you'd gather these sheets together (carefully numbered in sequence, of course) and send them along to the folks in the data entry department. They'd type it in. And the next day you'd get a report to find out if it compiled or not. Let me say that again: the next day you could find out if your code compiled or not.' So, does anyone have 'fond' memories of computer programming in the punched card era? And for you young'uns, what do you suppose your C++ or Java development times would be like if you got one compile a day?" The other way you could program in 1983.
profBill (98315) writes "Way back in 2002, Slashdot ran a story asking what people thought about C++ and the STL. Well, it's 2014 and C++11 is well out there with C++14 on its way.
I teach a second programming course in C++ with a heavy emphasis on the STL (containers and generic algorithms). I just wondered what people think about the situation today. Personally, I think C++11 has cleaned up a lot of problems, making it easier to use, but given all those who work with C++ for a living, I wondered what they thought today compared to then. Are people using C++11? Does it matter at all? I'd love to share the responses with my students! They are always curious about what practitioners are doing these days."
An anonymous reader writes "Those of us who spend our days sitting in front of a screen trying to make computers do our bidding know how difficult programming can be. But from an outside perspective, there's not much to indicate difficulty. Most of us have heard somebody compare our job to digging ditches, or some other manual labor, meant to contrast easy (sitting around and typing) versus hard (muscle-wearying work). Now, Peter Welch has written an amusing essay to help combat that point of view, titled Programming Sucks. He compares bridge building to a big software project. Here's a small part of it:
'You start by meeting Mary, project leader for a bridge in a major metropolitan area. Mary introduces you to Fred, after you get through the fifteen security checks installed by Dave because Dave had his sweater stolen off his desk once and Never Again. Fred only works with wood, so you ask why he's involved because this bridge is supposed to allow rush-hour traffic full of cars full of mortal humans to cross a 200-foot drop over rapids. Don't worry, says Mary, Fred's going to handle the walkways. What walkways? Well Fred made a good case for walkways and they're going to add to the bridge's appeal. Of course, they'll have to be built without railings, because there's a strict no railings rule enforced by Phil, who's not an engineer. ... Would you drive across this bridge? No. If it somehow got built, everybody involved would be executed. Yet some version of this dynamic wrote every single program you have ever used, banking software, websites, and a ubiquitously used program that was supposed to protect information on the internet but didn't.' Welch goes on to gripe about all the ways in which programming is almost awesome, but ends up being annoying."
harrymcc (1641347) writes "On May 1, 1964 at 4 a.m. in a computer room at Dartmouth University, the first programs written in BASIC ran on the university's brand-new time-sharing system. With these two innovations, John Kemeny and Thomas Kurtz didn't just make it easier to learn how to program a computer: They offered Dartmouth students a form of interactive, personal computing years before the invention of the PC. Over at TIME.com, I chronicle BASIC's first 50 years with a feature with thoughts from Kurtz, Microsoft's Paul Allen and many others."
New submitter kyrsjo (2420192) writes "The Economist has an article on how information technology — the real stuff, not just button-pushing — is making its way back to schools across the world. As the article argues: 'Digital technology is now so ubiquitous that many think a rounded education requires a grounding in this subject just as much as in biology, chemistry or physics.' In today's society, teaching computer science in schools is absolutely necessary, and that means getting a real understanding of computers and how they work. That requires working with algorithms and programming, not just learning which buttons to push in the program that the school happened to use."
CowboyRobot (671517) writes "Erik Meijer, known for his contributions to Haskell, C#, Visual Basic, Hack, and LINQ, has an article at the ACM in which he argues that 'Mostly functional' programming does not work. 'The idea of "mostly functional programming" is unfeasible. It is impossible to make imperative programming languages safer by only partially removing implicit side effects. Leaving one kind of effect is often enough to simulate the very effect you just tried to remove. On the other hand, allowing effects to be "forgotten" in a pure language also causes mayhem in its own way. Unfortunately, there is no golden middle, and we are faced with a classic dichotomy: the curse of the excluded middle, which presents the choice of either (a) trying to tame effects using purity annotations, yet fully embracing the fact that your code is still fundamentally effectful; or (b) fully embracing purity by making all effects explicit in the type system and being pragmatic by introducing nonfunctions such as unsafePerformIO. The examples shown here are meant to convince language designers and developers to jump through the mirror and start looking more seriously at fundamentalist functional programming.'"
peetm (781139) writes "Having visited with me and my wife recently, the girlfriend of an ex-student of mine (now taking an M.Sc. in pure CS) asked me to suggest useful books for her boyfriend: '... He recently mentioned that he would love to have a home library, like the one you have, with variety of good, useful and must-have books from different authors. ... Mostly, I was thinking your advice would be priceless when it comes to computer science related books, but .. I would appreciate any sort of advice on books from you. ...' Whilst I could scan my own library for ideas, I doubt that I'm really that 'current' with what's good, or whether my favorites would be appropriate: I've not taught on the M.Sc. course for a while, and in some cases, and just given their price, I shouldn't really recommend such books that are just pet loves of mine — especially to someone who doesn't know whether they'd even be useful.
And, before you ask: YES, we do have a reading list, but given that he'll receive this as part of this course requirement anyway, I'd like to tease readers to suggest good reads around the periphery of the subject." I'll throw out Pierce's Types and Programming Languages (and probably Advanced Topics in Types and Programming Languages ), and Okasaki's Purely Functional Data Structures .
wiredmikey (1824622) writes "Technology giants including Microsoft, Google, Intel, and Cisco are banding together to support and fund open source projects that make up critical elements of global information infrastructure. The new Core Infrastructure Initiative brings technology companies together to identify and fund open source projects that are widely used in core computing and Internet functions, The Linux Foundation announced today. Formed primarily as the industry's response to the Heartbleed crisis, the OpenSSL library will be the initiative's first project. Other open source projects will follow. The funds will be administered by the Linux Foundation and a steering group comprised of the founding members, key open source developers, and other industry stakeholders. Anyone interested in joining the initiative, or donating to the fund can visit the Core Infrastructure Initiative site."
An anonymous reader writes "Andrew Kelley was a big fan of the Amarok open source music player. But a few years ago, its shortcomings were becoming more annoying and the software's development path no longer matched with the new features he wanted. So he did what any enterprising hacker would do: he started work on a replacement. Three and a half years later, his project, Groove Basin, has evolved into a solid music player, and it's still under active development. Kelley has now posted a write-up of his development process, talking about what problems he encountered, how he solved them, and how he ended up contributing code to libav."
Nerval's Lobster (2598977) writes "Last month, a report suggested that Austin has the highest salaries for tech workers (after factoring in the cost of living), followed by Atlanta, Denver, Boston, and Silicon Valley. Now, a new report (yes, from Dice, because it gathers this sort of data from tech workers) suggests that more tech people are earning six figures a year than ever. Some 32 percent of full-time tech pros took home more than $100,000 in 2013, according to the findings, up from 30 percent in 2012 and 26 percent in 2011. For contractors, the data is even better: In 2013, a staggering 54 percent of them earned more than $100,000 a year, up from 51 percent the previous year and 50 percent in 2011. How far that money goes depends on where you live, of course, but it does seem like a growing number of the world's tech workers are earning a significant amount of cash."
In N+1 magazine, David Auerbach explains what it was like in the "Chat Wars" of the late '90s, when he was the youngest person on the team developing Microsoft's brand-new messaging app, in the face of America Online's AIM, the 900-pound gorilla in the room. Auerbach explains how he used a network analyzer to fake out AOL's servers into letting Microsoft's client connect to AIM as well. "AOL could only block Messenger if they could figure out that the user was using Messenger and not AIM. As long as Messenger sent exactly the same protocol messages to the AOL servers, AOL wouldn’t be able to detect that Messenger was an impostor. So I took the AIM client and checked for differences in what it was sending, then changed our client to mimic it once again. They’d switch it up again; they knew their client, and they knew what it was coded to do and what obscure messages it would respond to in what ways. Every day it’d be something new. At one point they threw in a new protocol wrinkle but cleverly excepted users logging on from Microsoft headquarters, so that while all other Messenger users were getting an error message, we were sitting at Microsoft and not getting it. After an hour or two of scratching our heads, we figured it out." Eventually, though, AOL introduced x86 assembly code into the login protocol, and that not only stymied the MSM team, but led to some interesting warfare of its own. Auerbach's story sheds a lot of light on both good and bad aspects of corporate culture at the start of the 21st century, at Microsoft as well as other companies.
An anonymous reader writes "As some of you may know, the OpenBSD team has started cleaning up the OpenSSL code base. LibreSSL is primarily developed by the OpenBSD Project, and its first inclusion into an operating system will be in OpenBSD 5.6. In the wake of Heartbleed, the OpenBSD group is creating a simpler, cleaner version of the dominant OpenSSL. Theo de Raadt, founder and leader of OpenBSD and OpenSSH, tells ZDNet that the project has already removed 90,000 lines of C code and 150,000 lines of content. The project further promises multi-OS support once they have proper funding and the right portability team in place. Please consider donating to support LibreSSL via the OpenBSD foundation."
snydeq (1272828) writes "As software takes over more of our lives, the ethical ramifications of decisions made by programmers only become greater. Unfortunately, the tech world has always been long on power and short on thinking about the long-reaching effects of this power. More troubling: While ethics courses have become a staple of physical-world engineering degrees, they remain a begrudging anomaly in computer science pedagogy. Now that our code is in refrigerators, thermostats, smoke alarms, and more, the wrong moves, a lack of foresight, or downright dubious decision-making can haunt humanity everywhere it goes. Peter Wayner offers a look at just a few of the ethical quandaries confronting developers every day. 'Consider this less of a guidebook for making your decisions and more of a starting point for the kind of ethical contemplation we should be doing as a daily part of our jobs.'"
New submitter CrAlt (3208) writes with this news snipped from BSD news stalwart undeadly.org: "After the news of heartbleed broke early last week, the OpenBSD team dove in and started axing it up into shape. Leading this effort are Ted Unangst (tedu@) and Miod Vallat (miod@), who are head-to-head on a pure commit count basis with both having around 50 commits in this part of the tree in the week since Ted's first commit in this area. They are followed closely by Joel Sing (jsing@) who is systematically going through every nook and cranny and applying some basic KNF. Next in line are Theo de Raadt (deraadt@) and Bob Beck (beck@) who've been both doing a lot of cleanup, ripping out weird layers of abstraction for standard system or library calls. ... All combined, there've been over 250 commits cleaning up OpenSSL. In one week.'" You can check out the stats, in progress.
CowboyRobot sends in an article about how Samsung's constantly shifting plans for its smartwatches are making it hard for developers to commit to building apps. Quoting: "Samsung's first smartwatch, released in October last year, ran a modified version of Google's Android platform. The device had access to about 80 apps at launch, all of which were managed by a central smartphone app. Samsung offered developers an SDK for the Galaxy Gear so they could create more apps. Developers obliged. Then Samsung changed direction. Samsung announced a new series of smartwatches in February: the Gear 2, Gear 2 Neo, and Gear Fit. Unlike the first device, these three run Samsung’s Tizen platform. ... This week, Samsung made things even more interesting. Speaking to Reuters, Yoon Han-kil, senior vice president of Samsung’s product strategy team, said the company is working on a watch that will use Google’s Android Wear platform. In other words, Samsung will bring three different watches to market with three different operating systems in under a year."
itwbennett (1594911) writes "Oracle is gearing up for a fight with officials in Oregon over its role developing an expensive health insurance exchange website that still isn't fully operational. In a letter obtained by the Oregonian newspaper this week, Oracle co-president Safra Catz said that Oregon officials have provided the public with a 'false narrative' concerning who is to blame for Cover Oregon's woes. In the letter, Catz pointed out that Oregon's decision to act as their own systems integrator on the project, using Oracle consultants on a time-and-materials basis, was 'criticized frequently by many'. And as far as Oracle is concerned, 'Cover Oregon lacked the skills, knowledge or ability to be successful as the systems integrator on an undertaking of this scope and complexity,' she added."
just_another_sean sends this followup to yesterday's discussion about the quality of open source code compared to proprietary code. Every year, Coverity scans large quantities of code and evaluates it for defects. They've just released their latest report, and the findings were good news for open source. From the article: "The report details the analysis of 750 million lines of open source software code through the Coverity Scan service and commercial usage of the Coverity Development Testing Platform, the largest sample size that the report has studied to date. A few key points: Open source code quality surpasses proprietary code quality in C/C++ projects. Linux continues to be a benchmark for open source quality. C/C++ developers fixed more high-impact defects. Analysis found that developers contributing to open source Java projects are not fixing as many high-impact defects as developers contributing to open source C/C++ projects."
msmoriarty writes: "According to a recent survey of 1,000 U.S.-based software developers, 56 percent expect to become millionaires in their lifetime. 66 percent also said they expect to get raises in the next year, despite the current state of the economy. Note that some of the other findings of the study (scroll to bulleted list) seem overly positive: 84 percent said they believe they are paid what they're worth, 95 percent report they feel they are 'one of the most valued employees at their organization,' and 80 percent said that 'outsourcing has been a positive factor in the quality of work at their organization.'"
An anonymous reader writes "Python guru Jeff Knupp writes about his frustration with the so-called 'DevOps' movement, an effort to blend development jobs with operations positions. It's an artifact of startup culture, and while it might make sense when you only have a few employees and a focus on simply getting it running rather than getting it running right, Knupp feels it has no place in bigger, more established companies. He says, 'Somewhere along the way, however, we tricked ourselves into thinking that because, at any one time, a start-up developer had to take on different roles he or she should actually be all those things at once. If such people even existed, "full-stack" developers still wouldn't be used as they should. Rather than temporarily taking on a single role for a short period of time, then transitioning into the next role, they are meant to be performing all the roles, all the time. And here's what really sucks: most good developers can almost pull this off.' Knupp adds, 'The effect of all of this is to destroy the role of "developer" and replace it with a sort of "technology utility-player". Every developer I know got into programming because they actually enjoyed doing it (at one point). You do a disservice to everyone involved when you force your brightest people to take on additional roles.'"
An anonymous reader writes "Deciding which programming language to use is often based on considerations such as what the development team is most familiar with, what will generate code the fastest, or simply what will get the job done. How secure the language might be is simply an afterthought, which is usually too late. A new WhiteHat Security report approaches application security not from the standpoint of what risks exist on sites and applications once they have been pushed into production, but rather by examining how the languages themselves perform in the field. In doing so, we hope to elevate security considerations and deepen those conversations earlier in the decision process, which will ultimately lead to more secure websites and applications."
First time accepted submitter Iarwain Ben-adar (2393286) writes "The OpenBSD has started a cleanup of their in-tree OpenSSL library. Improvements include removing "exploit mitigation countermeasures", fixing bugs, removal of questionable entropy additions, and many more. If you support the effort of these guys who are responsible for the venerable OpenSSH library, consider a donation to the OpenBSD Foundation. Maybe someday we'll see a 'portable' version of this new OpenSSL fork. Or not."
SpacemanukBEJY.53u (3309653) writes "It took security researcher Willem Pinckaers all of 15 minutes to spot a flaw in code created by Akamai that the company thought shielded most of its users from one of the pernicious aspects of the Heartbleed flaw in OpenSSL. More than a decade ago, Akamai modified parts of OpenSSL it felt were weak related to key storage. Akamai CTO Andy Ellis wrote last week that the modification protected most customers from having their private SSL stolen despite the Heartbleed bug. But on Sunday Ellis wrote Akamai was wrong after Pinckaers found several flaws in the code. Akamai is now reissuing all SSL certificates and keys to its customers."
theodp (442580) writes "Gigaom reports that while speaking at the Bloomberg Energy Summit on Wednesday, former NYC Mayor Michael Bloomberg said he gives 'a lot of money to the Sierra Club' to help close dirty coal plants, but added that as a society we have to 'have some compassion to do it gently.' Subsidies to help displaced workers are one option, said Bloomberg, while retraining is another option. But, in a slight to the tech industry's sometimes out-of-touch nature with workers outside of Silicon Valley, he said retraining needs to be realistic, 'You're not going to teach a coal miner to code,' argued Bloomberg. 'Mark Zuckerberg says you teach them to code and everything will be great. I don't know how to break it to you... but no.'"
nk497 (1345219) writes "The Heartbleed bug in OpenSSL wasn't placed there deliberately, according to the coder responsible for the mistake — despite suspicions from many that security services may have been behind it. OpenSSL logs show that German developer Robin Seggelmann introduced the bug into OpenSSL when working on the open-source project two and a half years ago, according to an Australian newspaper. The change was logged on New Year's Eve 2011. 'I was working on improving OpenSSL and submitted numerous bug fixes and added new features,' Seggelmann told the Sydney Morning Herald. 'In one of the new features, unfortunately, I missed validating a variable containing a length.' His work was reviewed, but the reviewer also missed the error, and it was included in the released version of OpenSSL."
curtwoodward (2147628) writes "Entrepreneurs in Massachusetts say the state's legal enforcement of non-competition agreements hurts innovation — if you're going to get sued by Big Company X, you're probably not going to leave for a startup in the same industry. But those contracts have powerful supporters, including EMC, which is by far the state's largest tech company. Gov. Deval Patrick is finally picking a side in the debate by introducing his own bill to outlaw non-competes and adopt trade-secrets protections instead. Just one catch: he's a lame duck, and will be out of office in January."