Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Programming

Donald Knuth Worried About the "Dumbing Down" of Computer Science History 126

Posted by Soulskill
from the from-the-guy-who-made-it dept.
An anonymous reader writes: Thomas Haigh, writing for Communications of the ACM, has an in-depth column about Donald Knuth and the history of computer science. It's centered on a video of Knuth giving a lecture at Stanford earlier this year, in which he sadly recounts how we're doing a poor job of capturing the development of computer science, which obscures vital experience in discovering new concepts and overcoming new obstacles. Haigh disagrees with Knuth, and explains why: "Distinguished computer scientists are prone to blur their own discipline, and in particular few dozen elite programs, with the much broader field of computing. The tools and ideas produced by computer scientists underpin all areas of IT and make possible the work carried out by network technicians, business analysts, help desk workers, and Excel programmers. That does not make those workers computer scientists. ... Computing is much bigger than computer science, and so the history of computing is much bigger than the history of computer science. Yet Knuth treated Campbell-Kelly's book on the business history of the software industry (accurately subtitled 'a history of the software industry') and all the rest of the history of computing as part of 'the history of computer science.'"
Open Source

Linux 3.19 Kernel To Start 2015 With Many New Features 63

Posted by timothy
from the presents-from-linus-and-friends dept.
An anonymous reader writes Linux 3.18 was recently released, thus making Linux 3.19 the version under development as the year comes to a close. Linux 3.19 as the first big kernel update of 2015 is bringing in the new year with many new features: among them are AMDKFD HSA kernel driver, Intel "Skylake" graphics support, Radeon and NVIDIA driver improvements, RAID5/6 improvements for Btrfs, LZ4 compression for SquashFS, better multi-touch support, new input drivers, x86 laptop improvements, etc.
Open Source

Subsurface 4.3 Released 38

Posted by samzenpus
from the check-it-out dept.
jones_supa writes "The Subsurface development team proudly announces release 4.3 of the open source divelog and dive planning program, available for all major desktop operating systems. This is the software originally founded by Linus Torvalds, and the development seems to be continuing in great pace. Subsurface now supports flexible filtering of the dive list based on criteria like tags, people or gear. Dive characteristics can now also be copied and pasted to other dives. The dive profile now offers an easy to understand tissue saturation graph that shows tissue saturation at any point during the dive. As another new feature in the dive profile, one can turn on an improved visualization of the gas combinations used during a dive. The dive computer and file format support have also gotten large improvements."
DRM

How Laws Restricting Tech Actually Expose Us To Greater Harm 113

Posted by Soulskill
from the defective-by-design dept.
An anonymous reader writes: Cory Doctorow has an article in Wired explaining why crafting laws to restrict software is going to hurt us in the long run. The reason? Because we're on an irreversible trajectory toward integrating technology with our cars and houses, bodies and brains. If we don't control the software, then at some point, we won't control parts of our homes and our selves. Doctorow writes, "Any law or regulation that undermines computers' utility or security also ripples through all the systems that have been colonized by the general-purpose computer. And therein lies the potential for untold trouble and mischief.

Code always has flaws, and those flaws are easy for bad guys to find. But if your computer has deliberately been designed with a blind spot, the bad guys will use it to evade detection by you and your antivirus software. That's why a 3-D printer with anti-gun-printing code isn't a 3-D printer that won't print guns—the bad guys will quickly find a way around that. It's a 3-D printer that is vulnerable to hacking by malware creeps who can use your printer's 'security' against you: from bricking your printer to screwing up your prints to introducing subtle structural flaws to simply hijacking the operating system and using it to stage attacks on your whole network."
Open Source

Docker Image Insecurity 73

Posted by Soulskill
from the totally-secure-for-undefined-values-of-secure dept.
An anonymous reader writes Developer Jonathan Rudenberg has discovered and pointed out a glaring security hole in Docker's system. He says, "Recently while downloading an 'official' container image with Docker I saw this line: ubuntu:14.04: The image you are pulling has been verified

I assumed this referenced Docker's heavily promoted image signing system and didn't investigate further at the time. Later, while researching the cryptographic digest system that Docker tries to secure images with, I had the opportunity to explore further. What I found was a total systemic failure of all logic related to image security.

Docker's report that a downloaded image is 'verified' is based solely on the presence of a signed manifest, and Docker never verifies the image checksum from the manifest. An attacker could provide any image alongside a signed manifest. This opens the door to a number of serious vulnerabilities."
Docker's lead security engineer has responded here.
OS X

Apple Pushes First Automated OS X Security Update 112

Posted by timothy
from the little-cat-feet dept.
PC Magazine reports (as does Ars Technica) that Apple this week has pushed its first automated security update, to address critical flaws relating to Network Time Protocol: The flaws were revealed last week by the Department of Homeland Security and the Carnegie Mellon University Software Engineering Institute—the latter of which identified a number of potentially affected vendors, including FreeBSD Project, NTP Project, OmniTI, and Watchguard Technologies, Inc. A number of versions of the NTP Project "allow attackers to overflow several buffers in a way that may allow malicious code to be executed," the Carnegie Mellon/DHS security bulletin said. ... The company's typical security patches come through Apple's regular software update system, and often require users to move through a series of steps before installing. This week's update, however, marks Cupertino's first implementation of its automated system, despite having introduced the function two years ago, Reuters said.
Networking

NetworkManager 1.0 Released After Ten Years Development 163

Posted by Soulskill
from the good-things-come-for-those-who-wait dept.
An anonymous reader writes: After ten years of development focused on improving and simplifying Linux networking, NetworkManager 1.0 was released. NetworkManager 1.0 brings many features including an increasingly modernized client library, improved command-line support, a lightweight internal DHCP client, better Bluetooth support, VPN enhancements, WWAN IPv6 support, and other features.
Google

Google Unveils New Self-Driving Car Prototype 90

Posted by samzenpus
from the drive-off-into-the-sunset dept.
colinneagle writes In May, Google released a teaser image showing a mock-up of the autonomous vehicle it planned to build. Today, the company followed up with an image showing the finished product. Google says the first edition of its self-made self-driving car will feature "temporary manual controls as needed while we continue to test and learn." When Google introduced its prototype back in May, the company claimed its self-driving cars "won't have a steering wheel, accelerator pad, or brake pedal because they don't need them." Apparently, it still has yet to reach that point. The development is an important step forward for Google's driverless car efforts, which have been deemed impractical by many of late. Last year, the Financial Times reported that Google had difficulty finding manufacturing partners that would build vehicles featuring the self-driving capabilities used in its Prius. In that light, maybe Google's willingness to build its own hardware just to get the technology on the road means that its self-driving car team knows something the rest of the industry doesn't."
Media

Seattle Police Held Hackathon To Redact Footage From Body Cameras 93

Posted by Soulskill
from the privacy-policey dept.
An anonymous reader writes: Hackathons are common these days, but you don't often hear about events hosted by law enforcement. That's what the Seattle Police Department did on Friday, with the solitary goal of finding a good way to redact the video streams taken by police body cameras and dash cameras. Seven different teams demonstrated solutions, but in the end, none thought automation could realistically handle the task in the near future. "The Washington State public records act requires that almost all video filmed by any government agency – including police – be disclosed upon request. The only real exception is for video which is part of an open case currently under investigation. However, various parts of the state code include other restrictions – the identity of minors cannot be disclosed. Requests from victims or witnesses who may be at risk if their identities are disclosed also must be honored. However in all such cases the video still must be released – it is just the faces or other potential identifying characteristics, which might include gender or even a person's gait – which need to be blurred and redacted." The city just started a pilot program for body-worn police cameras.
Microsoft

Ask Slashdot: Is an Open Source .NET Up To the Job? 419

Posted by Soulskill
from the good-steps-or-irrelevant-steps dept.
Rob Y. writes: The discussion on Slashdot about Microsoft's move to open source .NET core has centered on:

1. whether this means Microsoft is no longer the enemy of the open source movement
2. if not, then does it mean Microsoft has so lost in the web server arena that it's resorting to desperate moves.
3. or nah — it's standard Microsoft operating procedure. Embrace, extend, extinguish.

What I'd like to ask is whether anybody that's not currently a .NET fan actually wants to use it? Open source or not. What is the competition? Java? PHP? Ruby? Node.js? All of the above? Anything but Microsoft? Because as an OSS advocate, I see only one serious reason to even consider using it — standardization. Any of those competing platforms could be as good or better, but the problem is: how to get a job in this industry when there are so many massively complex platforms out there. I'm still coding in C, and at 62, will probably live out my working days doing that. But I can still remember when learning a new programming language was no big deal. Even C required learning a fairly large library to make it useful, but it's nothing compared to what's out there today. And worse, jobs (and technologies) don't last like they used to. Odds are, in a few years, you'll be starting over in yet another job where they use something else.

Employers love standardization. Choosing a standard means you can't be blamed for your choice. Choosing a standard means you can recruit young, cheap developers and actually get some output from them before they move on. Or you can outsource with some hope of success (because that's what outsourcing firms do — recruit young, cheap devs and rotate them around). To me, those are red flags — not pluses at all. But they're undeniable pluses to greedy employers. Of course, there's much more to being an effective developer than knowing the platform so you can be easily slotted in to a project. But try telling that to the private equity guys running too much of the show these days.

So, assuming Microsoft is sincere about this open source move,
1. Is .NET up to the job?
2. Is there an open source choice today that's popular enough to be considered the standard that employers would like?
3. If the answer to 1 is yes and 2 is no, make the argument for avoiding .NET.
Security

Critical Git Security Vulnerability Announced 148

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes Github has announced a security vulnerability and has encouraged users to update their Git clients as soon as possible. The blog post reads in part: "A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected. The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem....Updated versions of GitHub for Windows and GitHub for Mac are available for immediate download, and both contain the security fix on the Desktop application itself and on the bundled version of the Git command-line client."
Crime

Did Alcatraz Escapees Survive? Computer Program Says They Might Have 89

Posted by timothy
from the like-to-think-so dept.
In June of 1962, three prisoners escaped the penitentary on Alcatraz, in an elaborate plot that was dramatized in a Clint Eastwood movie. A question that has long puzzled the public is whether these men ever made it to shore; the many factors that made Alcatraz a secure prison include sharks, cold water, and contrary currents. Still, some artifacts from the attempt, and perhaps the appeal of stories about survival against high odds, have led many people to believe that the men actually landed safely and faded into society. coondoggie writes This week Dutch scientists from Delft University of Technology presented findings from a computer modeling program they were working on, unrelated to the mystery, that demonstrated the escapees could have survived the journey. "In hindsight, the best time to launch a boat from Alcatraz was [11:30 am], one and a half hours later than has generally been assumed. A rubber boat leaving Alcatraz at [11:30 am] would most likely have landed just north of the Golden Gate Bridge. The model also shows that debris in that scenario would be likely to wash up at Angel Island, exactly where one of the paddles and some personal belongings were found.
Books

Book Review: Build Your Own Website: A Comic Guide to HTML, CSS, and WordPress 31

Posted by samzenpus
from the read-all-about-it dept.
MassDosage writes "At the the risk of exposing my age I remember building my first website using a rudimentary Unix text editor (Joe) and carefully handcrafting the Hypertext Markup Language (HTML) while directly logged on to the web server it was being served from. Back then Cascading Style Sheets (CSS) weren't even a glint in the eyes of their creators. A lot has changed and there's now a world of fancy WYSIWYG web page editors to choose from as well as Content Management Systems that allow you to create websites without looking at the underlying code at all. While this is all very useful and allows less technical people to create websites I still feel that having at least some knowledge of how everything works under the hood is empowering — especially in situations where you want to go beyond the limits placed on you by a certain tool. This is where Build Your Own Website: A comic guide to HTML, CSS and Wordpress comes into the picture. Its aim is to enable people new to web development to learn the subject by teaching the fundamentals of HTML and CSS first and only then describing how to use a Content Management System (CMS) — in this case Wordpress. While Wordpress might not be everyone's kettle of fish it's a good choice as an example of a modern CMS that is easily accessible and very popular. The concepts presented are simple enough that it should be easy enough for a reader to apply them to a different CMS should they want to. Read below for The rest of MassDosage's review.
Open Source

What Will Microsoft's "Embrace" of Open Source Actually Achieve? 217

Posted by samzenpus
from the keeping-them-closer dept.
Nerval's Lobster writes Back in the day, Microsoft viewed open source and Linux as a threat and did its best to retaliate with FUD and patent threats. And then a funny thing happened: Whether in the name of pragmatism or simply marketing, Microsoft began a very public transition from a company of open-source haters (at least in top management) to one that's embraced some aspects of open-source computing. Last month, the company blogged that .NET Core will become open-source, adding to its previously open-sourced ASP.NET MVC, Web API, and Web Pages (Razor). There's no doubt that, at least in some respects, Microsoft wants to make a big show of being more open and supportive of interoperability. The company's even gotten involved with the .NET Foundation, an independent organization designed to assist developers with the growing collection of open-source technologies for .NET. But there's only so far Microsoft will go into the realm of open source—whereas once upon a time, the company tried to wreck the movement, now it faces the very real danger of its whole revenue model being undermined by free software. But what's Microsoft's end-goal with open source? What can the company possibly hope to accomplish, given a widespread perception that such a move on its part is the product of either fear, cynicism, or both?
Cloud

The Joys and Hype of Hadoop 55

Posted by samzenpus
from the ups-and-downs dept.
theodp writes "Investors have poured over $2 billion into businesses built on Hadoop," writes the WSJ's Elizabeth Dwoskin, "including Hortonworks Inc., which went public last week, its rivals Cloudera Inc. and MapR Technologies, and a growing list of tiny startups. Yet companies that have tried to use Hadoop have met with frustration." Dwoskin adds that Hadoop vendors are responding with improvements and additions, but for now, "It can take a lot of work to combine data stored in legacy repositories with the data that's stored in Hadoop. And while Hadoop can be much faster than traditional databases for some purposes, it often isn't fast enough to respond to queries immediately or to work on incoming information in real time. Satisfying requirements for data security and governance also poses a challenge."
Google

ODF Support In Google Drive 40

Posted by Soulskill
from the better-late-than-never dept.
An anonymous reader writes: Google's Chris DiBona told a London conference last week that ODF support was coming next year, but today the Google Drive team unexpectedly launched support for all three of the main variants — including long-absent Presentation files. You can now simply open ODT, ODS and ODP files in Drive with no fuss. It lacks support for comments and changes but at least it shows progress towards full support of the international document standard, something conspicuously missing for many years.
The Courts

Apple Wins iTunes DRM Case 191

Posted by Soulskill
from the drm-protected-history-is-written-by-the-victors dept.
An anonymous reader sends word that Apple's iTunes DRM case has already been decided. The 8-person jury took only a few hours to decide that the features introduced in iTunes 7.0 were good for consumers and did not violate antitrust laws. Following the decision, the plaintiff's head attorney Patrick Coughlin said an appeal is already planned. He also expressed frustrations over getting two of the security features — one that checks the iTunes database, and another that checks each song on the iPod itself — lumped together with the other user-facing features in the iTunes 7.0 update, like support for movies and games. "At least we got a chance to get it in front of the jury," he told reporters. ... All along, Apple's made the case that its music store, jukebox software, and hardware was simply an integrated system similar to video game consoles from Sony, Microsoft, and Nintendo. It built all those pieces to work together, and thus it would be unusual to expect any one piece from another company to work without issues, Apple's attorneys said. But more importantly, Apple offered, any the evolution of its DRM that ended up locking out competitors was absolutely necessary given deals it had with the major record companies to patch security holes.
The Almighty Buck

Amazon UK Glitch Sells Thousands of Products For a Penny 138

Posted by samzenpus
from the best-discount-ever dept.
An anonymous reader writes For about an hour on Friday a few lucky Amazon UK shoppers were able to take advantage of a price glitch which discounted thousands of marketplace products to the price of 1p. An Amazon spokesman said: "We are aware that a number of Marketplace sellers listed incorrect prices for a short period of time as a result of the third party software they use to price their items on Amazon.co.uk. We responded quickly and were able to cancel the vast majority of orders placed on these affected items immediately and no costs or fees will be incurred by sellers for these cancelled orders. We are now reviewing the small number of orders that were processed and will be reaching out to any affected sellers directly."
Open Source

The GPLv2 Goes To Court 173

Posted by samzenpus
from the laying-down-the-law dept.
Jason Baker writes Despite its importance, the GPLv2 has been the subject of very few court decisions, and virtually all of the most important terms of the GPLv2 have not been interpreted by courts. This lack of court decisions is about to change due to the five interrelated cases arising from a dispute between Versata Software, Inc. and Ameriprise Financial, Inc.. These cases are dealing with four important terms in the GPLv2: 1) What are the remedies for breach of the terms of the GPLv2? 2) What is a "distribution" under the GPLv2 that triggers the obligations under the GPLv2? 3) Does the GPLv2 include a patent license? 4) What type of integration between proprietary code and GPLv2 licensed code will result in creating a "derivative work" and subject such proprietary code to the terms of the GPLv2?
The Almighty Buck

Small Bank In Kansas Creates the Bank Account of the Future 156

Posted by samzenpus
from the tomorrow's-deposits dept.
HughPickens.com writes Nathaniel Popper writes at the NYT that the Citizens Bank of Weir, Kansas, or CBW, has been taken apart and rebuilt, from its fiber optic cables up, so it can offer services not available at even the nation's largest bank. In the United States the primary option that consumers have to transfer money is still the ACH payment. Requests for ACH transfers are collected by banks and submitted in batches, once a day, and the banks receiving the transfers also process the payments once a day, leading to long waits. ACH technology was created in the 1970s and has not changed significantly since. The clunky system, which takes at least a day to deliver money, has become so deeply embedded in the banking industry that it has been hard to replace. CBW went to work on the problem by using the debit card networks that power ATM cash dispensers. Ramamurthi's team engineered a system so that a business could collect a customer's debit card number and use it to make an instant payment directly into the customer's account — or into the account of a customer of almost any other bank in the country. The key to CBW's system is real-time, payment transaction risk-scoring — software that can judge the risk involved in any transaction in real time by looking at 20 to 40 factors, including a customers' transaction history and I.P., address where the transaction originated. It was this system that Elizabeth McQuerry, the former Fed official, praised as the "biggest idea" at a recent bank conference. "Today's banks offer the equivalent of 300-year-old paper ledgers converted to an electronic form — a digital skin on an antiquated transaction process," says Suresh Ramamurthi. "We'll now be one of the first banks in the world to offer customers a reliable, compliant, safe and secure way to instantly send and receive money internationally."

It isn't easy being the parent of a six-year-old. However, it's a pretty small price to pay for having somebody around the house who understands computers.

Working...