Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.
Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and learn more about it. Thanks for reading, and for making the site better!
An anonymous reader writes with a report at Ars Technica about how a small bug can lead to a security problem. In this case, the problem is that quotation marks — or the lack of them — can be significant. From the Ars article: "The scenario... requires a 'standard' user with access rights to create a directory to a fileserver and an administrator executing a vulnerable script," Frank Lycops and Raf Cox, security researchers with The Security Factory, said in an e-mail interview. "This allows the attacker to gain the privileges of the user running the script, thus becoming an administrator." While the attack falls short of the severity of the Shellshock family of Linux shell vulnerabilities, the two researchers stressed that it's a good example of how untrusted input can be used to execute commands on a system. The researchers identified at least one popular script with the vulnerability. When the script attempts to set the starting directory for system administration work, it inadvertently runs the command appended to the malicious directory's name as well. ... The solution is to use proper coding practices—in this case, the judicious use of quotation marks. Quotation marks are used in the shell environment to make sure that the data inside the quotes is not interpreted by the program as a command.
94 comments | about two weeks ago
57 comments | about two weeks ago
rastos1 writes: In a recent blog, software developer Bruce Dawson pointed out some issues with the way the FSIN instruction is described in the "Intel® 64 and IA-32 Architectures Software Developer's Manual," noting that the result of FSIN can be very inaccurate in some cases, if compared to the exact mathematical value of the sine function.
Dawson says, "I was shocked when I discovered this. Both the fsin instruction and Intel's documentation are hugely inaccurate, and the inaccurate documentation has led to poor decisions being made. ... Intel has known for years that these instructions are not as accurate as promised. They are now making updates to their documentation. Updating the instruction is not a realistic option."
Intel processors have had a problem with math in the past, too.
238 comments | about two weeks ago
An anonymous reader writes: On 10 October 1994, Opera CTO Hakon Lie posted a proposal for Cascading HTML style sheets. Now, two decades on, CSS has become one of the modern web's most important building blocks. The Opera dev blog just posted an interview with Lie about how CSS came to be, and what he thinks of it now. He says that if these standards were not made, "the web would have become a giant fax machine where pictures of text would be passed along." He also talks about competing proposals around the same time period, and mentions his biggest mistake: not producing a test suite along with the CSS1 spec. He thinks this would have gotten the early browsers to support it more quickly and more accurately. Lie also thinks CSS has a strong future: "New ideas will come along, but they will extend CSS rather than replace it. I believe that the CSS code we write today will be readable by computers 500 years from now."
180 comments | about two weeks ago
michaelcole writes: Its name is BitHammer. It searches out and bans BitTorrent users on your local sub-net.
I'm a digital nomad. That means I travel and work, often using shared Wi-Fi. Over the last year, I've been plagued by rogue BitTorrent users who've crept onto these public hostpots either with a stolen/cracked password, or who lie right to my face (and the Wi-Fi owners) about it.
These users clog up the residential routers' connection tables, and make it impossible to use tools like SSH, or sometimes even web browsing. Stuck for a day, bullied from the Wi-Fi, I wrote BitHammer as a research project. It worked rather well. It's my first Python program. I hope you find it useful.
429 comments | about two weeks ago
Nerval's Lobster writes As developers embrace new programming languages, older languages can go one of two ways: stay in use, despite fading popularity, or die out completely. So which programming languages are slated for history's dustbin of dead tech? Perl is an excellent candidate, especially considering how work on Perl6, framed as a complete revamp of the language, began work in 2000 and is still inching along in development. Ruby, Visual Basic.NET, and Object Pascal also top this list, despite their onetime popularity. Whether the result of development snafus or the industry simply veering in a direction that makes a particular language increasingly obsolete, time comes for all platforms at one point or another. Which programming languages do you think will do the way of the dinosaurs in coming years? With COBOL still around, it's hard to take too seriously the claim that Perl or Ruby is about to die. A prediction market for this kind of thing might yield a far different list.
546 comments | about two weeks ago
whoever57 writes Google has asked the Supreme Court to review the issue of whether APIs can be copyrighted. Google beat Oracle in the trial court, where a judge with a software background ruled that APIs could not be copyrighted. but the Appeals court sided with Oracle, ruling that APIs can be copyrighted. Now Google is asking the Supreme Court to overturn that decision. (Also of interest.)
146 comments | about two weeks ago
d33tah notes the announcement of Google Code-In 2014 and Google Summer of Code 2015. A call to all students: if you have ever thought it would be cool to write code and see it make a difference in the world, then please keep reading. We are excited to announce the next editions of two programs designed to introduce students to open source software development, Google Summer of Code for university students and Google Code-in for 13-17 year old students.
15 comments | about two weeks ago
An anonymous reader writes The Linux 3.17 kernel was officially released today. Linux 3.17 presents a number of new features that include working open-source AMD Hawaii GPU support, an Xbox One controller driver, free-fall support for Toshiba laptops, numerous ARM updates, and other changes.
114 comments | about two weeks ago
FrnkMit writes: Challenging a previous Code.org story on tech diversity, a Forbes.com writer interviewed 716 women who left the technology field. Her conclusion: corporate culture, and the larger social structure, is the primary cause for these women leaving the industry and never looking back. Specific issues include a lack of maternity policies in small companies, low pay which barely covers day care, "jokes" from male coworkers, and always feeling like the "odd duck." In reality, there are probably many intertwined causes: peer pressure at the high-school and college level, female-unfriendly geek culture, low pay, a lack of accommodations for pregnant/nursing mothers, the myth of "having it all," stereotype threat, and repeated assertions that women aren't biologically suited to writing software and therefore there's no problem at all.
342 comments | about two weeks ago
First time accepted submitter ndykman (659315) writes The Independent reports that a MS developer has suggested a real reason behind the Windows 10 name: old code. More specifically, code that looks for "Windows 9" to determine the Windows version. Fine for Windows 95 or Windows 98, but not so great for a new operating system. The article includes a link that shows that yes, this would be a problem.
349 comments | about two weeks ago
theodp writes: "The biggest reason for a lack of diversity in tech," says Code.org's Hadi Partovi in a featured Re/code story, "isn't discrimination in hiring or retention. It's the education pipeline." (Code.org just disclosed "we have no African Americans or Hispanics on our team of 30.") Supporting his argument, Partovi added: "In 2013, not one female student took the AP computer science exam in Mississippi." (Left unsaid is that only one male student took the exam in Mississippi). Microsoft earlier vilified the CS education pipeline in its U.S. Talent Strategy as it sought "targeted, short-term, high-skilled immigration reforms" from lawmakers. And Facebook COO and "Lean In" author Sheryl Sandberg recently suggested the pipeline is to blame for Facebook's lack of diversity. "Girls are at 18% of computer science college majors," Sandberg told USA Today in August. "We can't go much above 18% in our coders [Facebook has 7,185 total employees] if there's only 18% coming into the workplace."
227 comments | about two weeks ago
An anonymous reader writes: An effort underway called BOSS-MOOL, the Minimalistic Object Oriented Linux, is designing the Linux kernel with OOP and C++ driver support. Linus Torvalds' opinions on C++ have long been known while developers at the DOS Lab IIT Madras and CDAC Chennai feel redesigning the kernel with object oriented abstractions and C++ driver support will increase maintainability while reducing complexity of the kernel. It doesn't appear though the group will try to mainline these changes.
365 comments | about three weeks ago
darthcamaro writes Amazon, Rackspace and IBM have all patched their public clouds over the last several days due to a vulnerability in the Xen hypervisor. According to a new report, the Xen project was first advised of the issue two weeks ago, but instead of the knee jerk type reactions we've seen with Heartbleed and now Shellshock, the Xen project privately fixed the bug and waited until all the major Xen deployments were patched before any details were released. Isn't this the way that all open-source projects should fix security issues? And if it's not, what is?
81 comments | about three weeks ago
Andy Updegrove writes: The Linux Foundation this morning announced the latest addition to its family of major hosted open source initiatives: the Open Platform for NFV Project (OPNFV). Its mission is to develop and maintain a carrier-grade, integrated, open source reference platform for the telecom industry. Importantly, the thirty-eight founding members include not only cloud and service infrastructure vendors, but telecom service providers, developers and end users as well. The announcement of OPNFV highlights three of the most significant trends in IT: virtualization (the NFV part of the name refers to network function virtualization), moving software and services to the cloud, and collaboratively developing complex open source platforms in order to accelerate deployment of new business models while enabling interoperability across a wide range of products and services. The project is also significant for reflecting a growing recognition that open source projects need to incorporate open standards planning into their work programs from the beginning, rather than as an afterthought.
40 comments | about three weeks ago
Czech37 writes Facebook may be among the world's most well-known tech companies, but it's not renowned for being at the forefront of open source. In reality, they have over 200 open source projects on GitHub and they've recently partnered with Google, Dropbox, and Twitter (among others) to create the TODO group, an organization committed to furthering the open source cause. In an interview with Opensource.com, Facebook's James Pearce talks about the progress the company has made in rebooting their open source approach and what's on the horizon for the social media network.
29 comments | about three weeks ago
Nerval's Lobster writes Apple touts the Swift programming language as easy to use, thanks in large part to features such as Interface Builder, a visual designer provided in Xcode that allows a developer to visually design storyboards. In theory, this simplifies the process of designing both screens and the connections between screens, as it needs no code and offers an easy-to-read visual map of an app's navigation. But is Swift really so easy (or at least as easy as anything else in a developer's workflow)? This new walkthrough of Interface Builder (via Dice) shows that it's indeed simple to build an app with these custom tools... so long as the app itself is simple. Development novices who were hoping that Apple had created a way to build complex apps with a limited amount of actual coding might have to spend a bit more time learning the basics before embarking on the big project of their dreams.
69 comments | about three weeks ago
An anonymous reader writes Writing on Opensource.com, Matt Micene shares his thoughts on getting started with an open source project. "I came back from OSCON this year with a new fire to contribute to an open source project. I've been involved in open source for years, but lately I've been more of an enthusiast-evangelist than a hands-on-contributor to an open source community. So, I started some thinking about what to do next. When I was involved in projects before, it was due to a clear progression from user to forum guru to contributor. It's a great path to take but what do you do if you just want to jump into something?" Matt goes on to lay out several steps to help new contributors get started.
57 comments | about three weeks ago
First time accepted submitter Mike Sheen writes I'm the lead developer for an Australian ERP software outfit. For the last 10 years or so we've been using Bugzilla as our issue tracking system. I made this publicly available to the degree than anyone could search and view bugs. Our software is designed to be extensible and as such we have a number of 3rd party developers making customization and integrating with our core product.
We've been pumping out builds and publishing them as "Development Stream (Experimental / Unstable" and "Release Stream (Stable)", and this is visible on our support site to all. We had been also providing a link next to each build with the text showing the number of bugs fixed and the number of enhancements introduced, and the URL would take them to the Bugzilla list of issues for that milestone which were of type bug or enhancement.
This had been appreciated by our support and developer community, as they can readily see what issues are addressed and what new features have been introduced. Prior to us exposing our Bugzilla database publicly we produced a sanitized list of changes — which was time consuming to produce and I decided was unnecessary given we could just expose the "truth" with simple links to the Bugzilla search related to that milestone.
The sales and marketing team didn't like this. Their argument is that competitors use this against us to paint us as producers of buggy software. I argue that transparency is good, and beneficial — and whilst our competitors don't publish such information — but if we were to follow our competitors practices we simply follow them in the race to the bottom in terms of software quality and opaqueness.
In my opinion, transparency of software issues provides:
Identification of which release or build a certain issue is fixed.
Recognition that we are actively developing the software.
Incentive to improve quality controls as our "dirty laundry" is on display.
Information critical to 3rd party developers.
A projection of integrity and honesty.
I've yielded to the sales and marketing demands such that we no longer display the links next to each build for fixes and enhancements, and now publish "Development Stream (Experimental / Unstable" as simply "Development Stream") but I know what is coming next — a request to no longer make our Bugzilla database publicly accessible. I still have the Bugzilla database publicly exposed, but there is now only no longer the "click this link to see what we did in this build".
A compromise may be to make the Bugzilla database only visible to vetted resellers and developers — but I'm resistant to making a closed "exclusive" culture. I value transparency and recognize the benefits. The sales team are insistent that exposing such detail is a bad thing for sales.
I know by posting in a community like Slashdot that I'm going to get a lot of support for my views, but I'm also interested in what people think about the viewpoint that such transparency could be bad thing.
159 comments | about three weeks ago
theodp writes: Microsoft is aiming to offer free programming courses to over a million young Latin Americans through its Yo Puedo Programar and Eu Posso Programar initiatives ("I Can Program"). People between the ages of 12 and 25 will be able to sign up for the free online courses "One Hour Coding" and "Learning to Program," which will be offered in conjunction with Colombia's Coding Week (Oct. 6-10). The online courses will also be available in Argentina, Brazil, Chile, Ecuador, Mexico, Peru and Puerto Rico. "One Hour Coding" (aka Hour of Code in the U.S.) is a short introductory course in which participants will learn how the technology works and how to create applications, and it offers "a playful immersion in the computer sciences," Microsoft said in a statement. In the virtual, 12-session "Learning to Program" course, students will discover that "technical complexity in application development tools is a myth and that everyone can do it," the statement added. Taking a page from the ALS Ice Bucket Challenge its execs embraced, Microsoft is encouraging students to complete the Hour of Code and challenge four other friends to do the same (Google Translate).
96 comments | about three weeks ago