DeviceGuru (1136715) writes "In a bid to harness the energy and enthusiasm swirling around today's open, hackable single board computers, Imagination Technologies, licensor of the MIPS ISA, has unveiled the Creator C120 development board, the ISA's counter to ARM's popular Raspberry Pi and BeagleBone Black SBCs. The MIPS dev board is based on a 1.2GHz dual-core MIPS32 system-on-chip and has 1GB RAM and 8GB flash, and there's also an SD card slot for expansion. Ports include video, audio, Ethernet, both WiFi and Bluetooth 4.0, and a bunch more. OS images are already available for Debian 7, Gentoo, Yocto, and Arch Linux, and Android v4.4 is expected to be available soon. Perhaps the most interesting feature of the board is that there's no pricing listed yet, because the company is starting out by giving the boards away free to developers who submit the most interesting projects."
New submitter brokenin2 writes Hal Finney, the number two programmer for PGP and the first person to receive a Bitcoin transaction, has passed away. From the article on Coindesk: "Shortly after collaborating with Nakamoto on early bitcoin code in 2009, Finney announced he was suffering from ALS. Increasing paralysis, which eventually became near-total, forced him to retire from work in early 2011."
darthcamaro (735685) writes "Forget about HTML5, that's already passe — Google is already moving on to HTML5.1 support for the upcoming Chrome 38 release. Currently only a beta, one of the biggest things that web developers will notice is the use of the new "picture" tag which is a container for multiple image sizes/formats. Bottom line is it's a new way to think about the "IMG" tag that has existed since the first HTML spec."
msm1267 writes: The IEEE's Center for Secure Design debuted its first report this week, a guidance for software architects called "Avoiding the Top 10 Software Security Design Flaws." Developing guidance for architects rather than developers was a conscious effort the group made in order to steer the conversation around software security away from exclusively talking about finding bugs toward design-level failures that lead to exploitable security vulnerabilities. The document spells out the 10 common design flaws in a straightforward manner, each with a lengthy explainer of inherent weaknesses in each area and how software designers and architects should take these potential pitfalls into consideration.
I talked with Chris Kelly of GitHub at last week's LinuxCon about GitHub. He's got interesting things to say about the demographics and language choices on what has become in short order (just six years) one of the largest repositories of code in the world, and one with an increasingly sophisticated front-end, and several million users. Not all of the code on GitHub is open source, but the majority is -- handy, when that means an account is free as in beer, too. (And if you're reading on the beta or otherwise can't view the video below, here's the alternative video link.)
snydeq writes: Developers are embracing a range of open source technologies, writes Matt Asay, virtually none of which are supported or sold by Red Hat, the purported open source leader. "Ask a CIO her choice to run mission-critical workloads, and her answer is a near immediate 'Red Hat.' Ask her developers what they prefer, however, and it's Ubuntu. Outside the operating system, according to AngelList data compiled by Leo Polovets, these developers go with MySQL, MongoDB, or PostgreSQL for their database; Chef or Puppet for configuration; and ElasticSearch or Solr for search. None of this technology is developed by Red Hat. Yet all of this technology is what the next generation of developers is using to build modern applications. Given that developers are the new kingmakers, Red Hat needs to get out in front of the developer freight train if it wants to remain relevant for the next 20 years, much less the next two."
Bob Pendleton calls his blog "The Grumpy Programmer" because he's both grumpy and a programmer. He's also over 60 years old and has been programming since he was in his teens. This pair of videos is a break from our recent spate of conference panels and corporate people. It's an old programmer sharing his career experiences with younger programmers so they (you?) can avoid making his mistakes and possibly avoid becoming as grumpy as he is -- which is kind of a joke, since Bob is not nearly as grumpy as he is light-hearted. (Transcript covers both videos. Alternate Video Link One; Alternate Video Link Two)
10 years ago today on this site, readers answered the question "Why is Java considered un-cool?" 10 years later, Java might not be hip, but it's certainly stuck around. (For slightly more than 10 years, it's been the basis of the Advanced Placement test for computer science, too, which means that lots of American students are exposed to Java as their first formally taught language.) And for most of that time, it's been (almost entirely) Free, open source software, despite some grumbling from Oracle. How do you see Java in 2014? Are the pessimists right?
Nerval's Lobster writes When you ask random strangers on the Internet to give you money, there are no guarantees. That's true in almost any scenario, including when video game developers use Kickstarter to crowdfund the creation of a game. While 3,900 or so games have been funded on Kickstarter, more than 7,200 game projects failed to hit their goal. Within those two numbers are some people who fall into both categories: developers who failed to get funding on their first try, but re-launched campaigns and hit their goals. Jon Brodkin spoke with a handful of those indie game developers who succeeded on their second try; many of them used the momentum (and fans) from the first attempt to get a head start on funding the second, and one even adjusted his entire plan based on community feedback. But succeeding the second time also depended on quite a bit of luck.
snydeq writes: Most of us gave little thought to the "career" aspect of programming when starting out, but here we are, battle-hardened by hard-learned lessons, slouching our way through decades at the console, wishing perhaps that we had recognized the long road ahead when we started. What advice might we give to our younger self, or to younger selves coming to programming just now? Andrew C. Oliver offers several insights he gave little thought to when first coding: "Back then, I simply loved to code and could have cared less about my 'career' or about playing well with others. I could have saved myself a ton of trouble if I'd just followed a few simple practices." What are yours?
Last week you had a chance to ask Bjarne Stroustrup about programming and C++. Below you'll find his answers to those questions. If you didn't get a chance to ask him a question, or want to clarify something he said, don't forget he's doing a live Google + Q & A today at 12:30pm Eastern.
Zothecula writes If you're trying to find out what the common features of tabby cats are, a Google image search will likely yield more results than you'd ever have the time or inclination to look over. New software created at the University of California, Berkeley, however, is designed to make such quests considerably easier. Known as AverageExplorer, it searches out thousands of images of a given subject, then amalgamates them into one composite "average" image.
An anonymous reader writes Following up on a recent experiment into the status of software engineers versus managers, Jon Evans writes that the easiest way to find out which companies don't respect their engineers is to learn which companies simply don't understand them. "Engineers are treated as less-than-equal because we are often viewed as idiot savants. We may speak the magic language of machines, the thinking goes, but we aren't business people, so we aren't qualified to make the most important decisions. ... Whereas in fact any engineer worth her salt will tell you that she makes business decisions daily–albeit on the micro not macro level–because she has to in order to get the job done. Exactly how long should this database field be? And of what datatype? How and where should it be validated? How do we handle all of the edge cases? These are in fact business decisions, and we make them, because we're at the proverbial coal face, and it would take forever to run every single one of them by the product people and sometimes they wouldn't even understand the technical factors involved. ... It might have made some sense to treat them as separate-but-slightly-inferior when technology was not at the heart of almost every business, but not any more."
An anonymous reader writes: Third-party game engines are wonderful creations, allowing developers to skip a lengthy and complicated part of the development process and spend more time on content creation. But each engine has its own strengths and weaknesses, and they may not be apparent at the beginning of a project. If you realize halfway through that your game doesn't work well on the engine you picked, what do you do? Jeff LaMarche describes how he and his team made the difficult decision to throw out all their work with Unity and start over with Unreal. He describes some technical limitations, like Unity's 32-bit nature, and some economic ones, like needing to pay $500 per person for effective version control. He notes that Unreal Engine 4 has its problems, too, but the biggest reason to switch was this: "Our team just wasn't finding it easy to collaborate. We weren't gelling as a cohesive team and we often felt like the tools were working against us."
Taxilian writes We've talked about office chairs before, but I'm one of those coders who tends to relax by doing more coding. Particularly when I'm short on time for a project, I like to move my work to where I am still around my wife and children so that I can still interact with them and be with my family, but still hit my deadlines. I have used various recliners and found that programming in them (at least in evenings) can be quite comfortable, but haven't felt like I really found the 'ideal chair' for relaxing and working on my Macbook.
I have found references to failed chairs (like La-Z-Boy Explorer, the so-called "E-cliner") that were intended for tech and failed, but are there any existing and useful options? I'd really like something that provides some sort of lap desk (to keep the heat from the laptop away from me) and reasonable power arrangements while still being comfortable and not looking ridiculous in a normal family room.
In addition to being the creator of C++, Bjarne Stroustrup is a Managing Director in the technology division of Morgan Stanley, a Visiting Professor in Computer Science at Columbia University, and a Distinguished Research Professor in Computer Science at Texas A&M University. Bjarne has written a number of books and was elected a member of the National Academy of Engineering. He will be doing a live Google + Q & A within the C++ community on August 20th, 2014 at 12:30pm EST, but has agreed to answer your questions first. As usual, ask as many as you'd like, but please, one per post.
Phiro69 (3782875) writes Does anyone have any best practices/experience they would like to share on how their corporate entity put Open Source Software out on the Internet? Historically at my engineering firm, we've followed a model where we internally build a 1.0 release of something we want to open source, the product owner and legal perform a deep review of the release, and we push it out to a platform like Github where it typically sits and rusts.
Our engineering interns have started down a new path: Using Github from the beginning (I set the repo private), and, after a bare minimum is completed, flipping the repo public and continuing development in the open using Github. How do PO and Legal reviews fit in? How can we ensure we're not exposing ourselves or diluting our IP if we're doing semi-constant development, publicly, sans a heavily gated review process? What does everyone else do? Or does corporate America avoid this entire opportunity/entanglement/briar patch?
paysonwelch sends this report from Wired on the next generation of consumer AI:
Google Now has a huge knowledge graph—you can ask questions like "Where was Abraham Lincoln born?" And it can name the city. You can also say, "What is the population?" of a city and it’ll bring up a chart and answer. But you cannot say, "What is the population of the city where Abraham Lincoln was born?" The system may have the data for both these components, but it has no ability to put them together, either to answer a query or to make a smart suggestion. Like Siri, it can’t do anything that coders haven’t explicitly programmed it to do. Viv breaks through those constraints by generating its own code on the fly, no programmers required. Take a complicated command like "Give me a flight to Dallas with a seat that Shaq could fit in." Viv will parse the sentence and then it will perform its best trick: automatically generating a quick, efficient program to link third-party sources of information together—say, Kayak, SeatGuru, and the NBA media guide—so it can identify available flights with lots of legroom.
snydeq writes Modern programming bears little resemblance to the days of assembly code and toggles. Worse, or perhaps better, it markedly differs from what it meant to be a programmer just five years ago. While the technologies and tools underlying this transformation can make development work more powerful and efficient, they also make developers increasingly responsible for facets of computing beyond their traditional domain, thereby concentrating a wider range of roles and responsibilities into leaner, more overworked staff.
mikejuk (1801200) writes "Microsoft Researcher Andrew Begel, together with academic and industry colleagues have been trying to detect when developers are struggling as they work, in order to prevent bugs before they are introduced into code. A paper presented at the 36th International Conference on Software Engineering, reports on a study conducted with 15 professional programmers to see how well an eye-tracker, an electrodermal activity (EDA) sensor, and an electroencephalography (EEG) sensor could be used to predict whether developers would find a task difficult. Difficult tasks are potential bug generators and finding a task difficult is the programming equivalent of going to sleep at the wheel. Going beyond this initial investigation researchers now need to decide how to support developers who are finding their work difficult. What isn't known yet is how developers will react if their actions are approaching bug-potential levels and an intervention is deemed necessary. Presumably the nature of the intervention also has to be worked out. So next time you sit down at your coding station consider that in the future they may be wanting to wire you up just to make sure you aren't a source of bugs. And what could possibly be the intervention?"
Linking to a story at Reuters, reader WilliamGeorge writes "Russia is further constraining access to the internet and freedom of speech, with new laws regarding public use of WiFi. Nikolai Nikiforov, the Russian Communications Minister, tweeted that "Identification of users (via bank cards, cell phone numbers, etc.) with access to public Wifi is a worldwide practice." This comes on top of their actions recently to block websites of political opponents to Russian president Vladimir Putin, require registration of prominent bloggers, and more. The law was put into effect with little notice and without the input of Russian internet providers. Sergei Plugotarenko, head of the Russian Electronic Communications Association, said "It was unexpected, signed in such a short time and without consulting us." He added, "We will hope that this restrictive tendency stops at some point because soon won't there be anything left to ban." In addition to the ID requirement to use WiFi, the new law also requires companies to declare who is using their web networks and calls for Russian websites to store their data on servers located in Russia starting in 2016."
That's not the only crackdown in progress, though: former Slashdot code-wrestler Vlad Kulchitski notes that Russian users are being blocked from downloading Java with an error message that reads, in essence, "You are in a country on which there is embargo; you cannot download JAVA." Readers at Hacker News note the same, though comments there indicate that the block may rely on a " specific and narrow IP-block," rather than being widespread. If you're reading this from Russia, what do you find?
snydeq (1272828) writes Java core has stagnated, Java EE is dead, and Spring is over, but the JVM marches on. C'mon Oracle, where are the big ideas? asks Andrew C. Oliver. 'I don't think Oracle knows how to create markets. It knows how to destroy them and create a product out of them, but it somehow failed to do that with Java. I think Java will have a long, long tail, but the days are numbered for it being anything more than a runtime and a language with a huge install base. I don't see Oracle stepping up to the plate to offer the kind of leadership that is needed. It just isn't who Oracle is. Instead, Oracle will sue some more people, do some more shortsighted and self-defeating things, then quietly fade into runtime maintainer before IBM, Red Hat, et al. pick up the slack independently. That's started to happen anyhow.'
An anonymous reader writes "Google today released a preview SDK of Google Fit available to developers. The tool provides APIs for apps and device manufacturers to store and access activity data from fitness apps and sensors on Android and other devices (like wearables, heart rate monitors or connected scales). Google warns that the preview release contains the Google Fit APIs for Android, but does not contain the REST API or the Android Wear APIs, which will be included in the official release. Furthermore, while it will let you develop and test fitness apps, they cannot be published to Google Play until official release."
MojoKid (1002251) writes News and rumors about Valve's upcoming Source 2 engine have been buzzing for months, but a recent update to DOTA 2 contains the most persuasive evidence yet that a major engine is in the works. After the last patch, the game now contains a number of programmed default paths, directories, and file names that didn't previously exist. Source-related DLLs and executables (engine.dll, vconsole.dll) have been updated to "engine2.dll" and vconsole2.dll." The tileset editor has a default Source path. There's also now an option to save files as "Source 1.0 Map Files" where no previous option existed. Here's the funny thing — while most people think of a game screenshot as the best evidence you can buy, low-level file directories, default trees, and changed application behavior is actually more persuasive. Source 1.0 was never updated to support DX11 or OpenGL 4.x, and while the engine can still be used for impressive titles, its DX9 limitations and ancient modding tools are showing their age. It's time to bring the game engine into the modern world, and hopefully these DOTA 2 updates mean that Valve is moving closer to that goal.
msm1267 (2804139) writes "Researcher David Litchfield is back at it again, dissecting Oracle software looking for critical bugs. At the Black Hat 2014 conference, Litchfield delivered research on a new data redaction service the company added in Oracle 12c. The service is designed to allow administrators to mask sensitive data, such as credit card numbers or health information, during certain operations. But when Litchfield took a close look he found a slew of trivially exploitable vulnerabilities that bypass the data redaction service and trick the system into returning data that should be masked."
An anonymous reader writes At work yesterday, I overheard a programmer explaining his perception of the quality of the most recent CS grads. In his opinion, CS students who primarily learn Java are inferior because they don't have to deal with memory management as they would if they used C. As a current CS student who's pursing a degree after 10 years of experience in the IT field, I have two questions for my fellow Slashdoters: "Is this a common concern with new CS grads?" and, if so, "What can I do to supplement my Java-oriented studies?"
An anonymous reader writes Facebook posted a career application which, in their own words is 'seeking a Linux Kernel Software Engineer to join our Kernel team, with a primary focus on the networking subsystem. Our goal over the next few years is for the Linux kernel network stack to rival or exceed that of FreeBSD.' Two interesting bullet points listing "responsibilities": Improve IPv6 support in the kernel, and eliminate perf and stability issues. FB is one of the worlds largest IPv6 deployments; Investigate and participate in emerging protocols (MPTCP, QUIC, etc) discussions,implementation, experimentation, tooling, etc.
SSG Booraem (2553474) writes I've recently been hired to a IT supervisor position at a local college. My boss wants me to find some technology conferences that I'd like to attend and submit them to her. Since I've worked in IT for 18 years but usually done scut work, I don't have any ideas. I'd appreciate suggestions with personal experiences.
First time accepted submitter TWX writes I've been out of computers as a serious home-hobby for many years and in returning I'm aghast at the state of documentation for Open Source projects. The software itself has changed significantly in the last decade, but the documentation has failed to keep pace; most of what I'm finding applies to versions long since passed or were the exact same documents from when I dropped-out of hobbyist computing years ago. Take Lightdm on Ubuntu 14.04 for example- its entire configuration file structure has been revamped, but none of the documentation for more specialized or advanced uses of Lightdm in previous versions of Ubuntu has been updated for this latest release. It's actually harder now to configure some features than it was a decade ago. TLDP is close to a decade out-of-date, fragmentation between distributions has grown to the point that answers from one distro won't readily apply to another, and web forums for even specific projects are full of questions without answers, or those that head off into completely unrelated discussion, or with snarky, "it's in the documentation, stupid!" responses. Where do you go for your FOSS documentation and self-help?
wiredmikey writes Mozilla warned on Friday that it had mistakenly exposed information on almost 80,000 members of its Mozilla Developer Network (MDN) as a result of a botched data sanitization process. The discovery was made around June 22 by one of Mozilla's Web developers, Stormy Peters, Director of Developer Relations at Mozilla, said in a security advisory posted to the Mozilla Security Blog on Friday. "Starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server," Peters wrote. According to Peters, the encrypted passwords were salted hashes and they by themselves cannot currently be used to authenticate with the MDN. However, Peters warned that MDN users may be at risk if they reused their original MDN passwords on other non-Mozilla websites or authentication systems.
jrepin writes: Mayank Sharma of Linux Voices tests and compares five text editors for Linux, none of which are named Emacs or Vim. The contenders are Gedit, Kate, Sublime Text, UltraEdit, and jEdit. Why use a fancy text editor? Sharma says, "They can highlight syntax and auto-indent code just as effortlessly as they can spellcheck documents. You can use them to record macros and manage code snippets just as easily as you can copy/paste plain text. Some simple text editors even exceed their design goals thanks to plugins that infuse them with capabilities to rival text-centric apps from other genres. They can take on the duties of a source code editor and even an Integrated Development Environment."
New submitter rrconan writes I always feel like I'm getting old because of the constant need to learn a new tools to do the same job. At the end of projects, I get the impression that nothing changes — there are no real benefits to the new tools, and the only result is a lot of time wasted learning them instead of doing the work. We discussed this last week with Andrew Binstock's "Just Let Me Code" article, and now he's written a follow-up about reducing tool complexity and focusing on writing code. He says, "Tool vendors have several misperceptions that stand in the way. The first is a long-standing issue, which is 'featuritis': the tendency to create the perception of greater value in upgrades by adding rarely needed features. ... The second misperception is that many tool vendors view the user experience they offer as already pretty darn good. Compared with tools we had 10 years ago or more, UIs have indeed improved significantly. But they have not improved as fast as complexity has increased. And in that gap lies the problem.' Now I understand that what I thought of as "getting old" was really "getting smart."
You remember Peter Hoddie, right? He was one of the original QuickTime developers at Apple. He left in 2002 to help found a startup called Kinoma, which started life developing multimedia players and browsers for mobile devices. Kinoma was acquired in 2011 by Marvell Semiconductor, whose management kept it as a separate entity.
New submitter yeshuawatso writes I work for one of the largest HVAC manufacturers in the world. We've currently spent millions of dollars investing in an ERP system from Oracle (via a third-party implementor and distributor) that handles most of our global operations, but it's been a great ordeal getting the thing to work for us across SBUs and even departments without having to constantly go back to the third-party, whom have their hands out asking for more money. What we've also discovered is that the ERP system is being used for inputting and retrieving data but not for managing the data. Managing the data is being handled by systems of spreadsheets and access databases wrought with macros to turn them into functional applications. I'm asking you wise and experienced readers on your take if it's a better idea to continue to hire our third-party to convert these applications into the ERP system or hire internal developers to convert these applications to more scalable and practical applications that interface with the ERP (via API of choice)? We have a ton of spare capacity in data centers that formerly housed mainframes and local servers that now mostly run local Exchange and domain servers. We've consolidated these data centers into our co-location in Atlanta but the old data centers are still running, just empty. We definitely have the space to run commodity servers for an OpenStack, Eucalyptus, or some other private/hybrid cloud solution, but would this be counter productive to the goal of standardizing processes. Our CIO wants to dump everything into the ERP (creating a single point of failure to me) but our accountants are having a tough time chewing the additional costs of re-doing every departmental application. What are your experiences with such implementations?
A recent post by Instapaper's Marco Arment suggests that design flaws in Apple's App Store are harming the app ecosystem, and users are suffering because of it. "The dominance and prominence of 'top lists' stratifies the top 0.02% so far above everyone else that the entire ecosystem is encouraged to design for a theoretical top-list placement that, by definition, won’t happen to 99.98% of them." Arment notes that many good app developers are finding continued development to be unsustainable, while scammy apps are encouraged to flood the market.
"As the economics get tighter, it becomes much harder to support the lavish treatment that developers have given apps in the past, such as full-time staffs, offices, pixel-perfect custom designs of every screen, frequent free updates, and completely different iPhone and iPad interfaces. Many will give up and leave for stable, better-paying jobs. (Many already have.)"
Brent Simmons points out the indie developers have largely given up the dream of being able to support themselves through iOS development. Yoni Heisler argues that their plight is simply a consequence of ever-increasing competition within the industry, though he acknowledges that more app curation would be a good thing. What strategies could Apple (and the operators of other mobile application stories) do to keep app quality high?
cold fjord (826450) writes with an excerpt from ZDNet At OSCon, The Department of Homeland Security (DHS) ... quietly announced that they're now offering a service for checking out your open-source code for security holes and bugs: the Software Assurance Marketplace (SWAMP). ... Patrick Beyer, SWAMP's Project Manager at Morgridge Institute for Research, the project's prime contractor, explained, "With open source's popularity, more and more government branches are using open-source code. Some are grabbing code from here, there, and everywhere." Understandably, "there's more and more concern about the safety and quality of this code. We're the one place you can go to check into the code" ... funded by a $23.4 million grant from the Department of Homeland Security Science & Technology Directorate (DHS S&T), SWAMP is designed by researchers from the Morgridge Institute, the University of Illinois-Champaign/Urbana, Indiana University, and the University of Wisconsin-Madison. Each brings broad experience in software assurance, security, open source software development, national distributed facilities and identity management to the project. ... SWAMP opened its services to the community in February of 2014 offering five open-source static analysis tools that analyze source code for possible security defects without having to execute the program. ... In addition, SWAMP hosts almost 400 open source software packages to enable tool developers to add enhancements in both the precision and scope of their tools. On top of that the SWAMP provides developers with software packages from the National Institute for Standards and Technology's (NIST) Juliet Test Suite. I got a chance to talk with Beyer at OSCON, and he emphasized that anyone's code is eligible — and that there's no cost to participants, while the center is covered by a grant.