Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Submission + - Reliable Cron across the Planet (

ChelleChelle2 writes: In a recent article Google Site Reliability Engineer Stepan Davidovic and Kavita Guliani (technical writer) discuss Google’s implementation of a distributed Cron service. Davidovic shares many of the valuable lessons his team learned from the experience, discussing some of the various problems that distributed Crons face and outlining possible solutions.

Submission + - Problems with Simultaneity in Distributed Systems (

ChelleChelle2 writes: Despite the development of the Network Time Protocol to synchronize clocks between systems on the Internet, achieving simultaneity in distributed systems remains a major issue today. Part of the problem, according to Justin Sheehy, is that there is no “now” in computer systems—“the idea of ‘now’ as a simple value that has meaning across a distance will always be problematic.”

Submission + - The Dangers of Dynamic Systems (

ChelleChelle2 writes: Dynamic Content Management Systems such as Wordpress and Drupal are becoming ever more popular today. Despite their many attractions, however, DCMSes can pose significant security risks, especially in comparison to static systems. In this article Paul Vixie discusses why you should “go static or go home.”

Submission + - Securing the Network Time Protocol (

ChelleChelle2 writes: In the late 1970s, when David L. Mills first began working on the problem of synchronizing time on networked computers and developed NTP (Network Time Protocol), the net was a much friendlier place than it is today. While the NTP codebase has long had an enviable record as far as security problems go, today crackers have discovered how to use it as a weapon for abuse. It is thus more important than ever to secure the Network Time Protocol.

Submission + - META II: Revisiting Schorre's 1962 compiler-compiler

ChelleChelle2 writes: In this recent article from the acmqueue, Dave Long engages in a little “retro-computing,” implementing his own META II with the help of Dewey Val Schorre’s 1964 article on the topic. The benefits from this exercise are many. From the article “implementing your own META II will have not only the short-term benefit of providing an easily modifiable “workbench” with which to solve your own problems better, but also a longer-term benefit, in that to the extent you can arrange for functionality to be easily bootstrappable, you can help mitigate the “perpetual palimpsest” of information technology”

Submission + - A New Software Engineering (

ChelleChelle2 writes: Are we currently in the middle of a paradigm shift in software engineering? Ivar Jacobson certainly thinks so. In a recent article, Jacobson discusses the SEMAT (Software Engineering Method and Theory) initiative, an international effort dedicated to “refounding” software engineering. “As the name indicates, SEMAT is focusing both on supporting the craft (methods) and on building foundational understanding (theory). “

Submission + - Evolution of the Product Manager

ChelleChelle2 writes: Product management is an essential part of software development. Product managers are involved in virtually every step of product development, from before the first code is written, until after it goes out the door. Unfortunately, however, “product management education has not caught up to its prevalence in the industry. The field does not have a consistent product management education.” Today, there is a huge need to improve the quality of education and continuing education for product managers.

Submission + - The Responsive Enterprise: Embracing the Hacker Way

ChelleChelle2 writes: What do Facebook, Apple, Google and Microsoft all have in common? In addition to being enormously successful, all four are software-based companies. Additionally, many hot and upcoming companies such as Über and Tesla are software-based as well. So why are software-based companies taking over the world today? According to a recent article, “The answer is simply that powering companies by software allows them to be responsive and data-driven and, hence, able to react to changes quickly.” The article then elaborates on how to transform into are responsive enterprise by embracing the “hacker way.”

Submission + - Security Collapse in the HTTPS Market

ChelleChelle2 writes: Today, HTTPS is the de facto standard for secure Web browsing. However, within the past few years several highly visible security incidents—most notably OpenSSL’s Heartbleed—have made it clear that this crucial cybersecurity technology is fundamentally flawed. In both the US and abroad, policymakers and technologists are increasingly advocating various solutions to this problem. Recent analysis of the regulatory and technological solutions that have been suggested, however, unfortunately reveals that the “systematic vulnerabilities in this crucial technology are likely to persist for years to come.”

Submission + - How to Prevent Script Injection Vulnerabilities through Software Design (

ChelleChelle2 writes: “Script injection vulnerabilities are a bane of Web application development: deceptively simple in cause and remedy, they are nevertheless surprisingly difficult to prevent in large-scale Web development. “ Unfortunately, code inspection and testing are typically not enough to ensure the absence of XSS bugs in large web applications. Luckily, the engineers at Google have developed practical software design patterns that make the development of Web applications much more resistant to the inadvertent introduction of XSS vulnerabilities into application code.

Submission + - The Network is Reliable (?) (

ChelleChelle2 writes: Network reliability is an important issue in distributed computing. “the degree of reliability in deployment environments is critical in robust systems design and directly determines the kinds of operations that systems can reliably perform without waiting.” Unfortunately, however, the degree to which networks really are reliable in the real world is the subject of considerable and continued debate. Complicating matters in this discussion is a general lack of evidence. In this article, Peter Bailis (UC Berkeley) and Kyle Kingsburg (Jepsen Networks) take the first step toward a more open and honest discussion of real-world partition behavior by providing an informal survey of real-world communications failures.

Submission + - How Can the ACM Better Serve Professional Programmers?

ChelleChelle2 writes: The Association for Computing Machinery (ACM) was founded in 1947. Today, it is considered one of the most prestigious scientific and educational computing societies in the world. For decades ACM membership was considered to be a mark of a professional; however, this is no longer the case. Many programmers today consider the ACM a purely academic institution of little use or relevance for professionals. In this article, Vinton Cerf—one of the “fathers of the internet” and a past president of the ACM—asks how can ACM “adapt its activities and offerings to increase the participation of professionals?” Is there anything the ACM can do to better serve professional programmers? Join in the conversation

Submission + - Quality Software Costs Money--Heartbleed was Free (

ChelleChelle2 writes: If there’s anything that the Heartbleed fiasco has taught us, it’s that when it comes to free software you get what you pay for. Many free and open-source software (FOSS) projects are underfunded and thus badly staffed, creating the potential for bugs like Heartbleed to go undiscovered for years. So how can we generate funding for FOSS? In this article Poul-Henning Kamp provides a funding model based on his personal experience with FreeBSD and Varnish.

Submission + - Who Must You Trust? (

ChelleChelle2 writes: “Thomas Jefferson said, ‘Eternal vigilance is the price of liberty.’ It is the price of security as well.” So says network and computer consultant Thomas Wadlow in the most recent of a series of articles centered on the theme of “security” published by acmqueue. In this incredibly informative article Wadlow lays out a series of best practices for security, detailing how to determine whom you trust, what you trust them with, and how much you trust them.

Submission + - Apple's SSL Vulnerability (

ChelleChelle2 writes: In February Apple made headlines when it revealed a major SSL vulnerability that had rendered hundreds of millions of devices vulnerable since September 2012. In a cleverly worded article (“Finding More than One Worm in the Apple) Mike Bland (formerly a member of Google’s Test Mercenaries team) addresses five big questions about the SSL vulnerability—what was the bug? How did it happen? How could a test have caught it? Why didn’t a test catch it? How can we fix the root cause? Taking issue with recent explanations of why the bug made it past the tests and tools Apple had in place, Bland lays the blame on the failure of corporate culture to recognize the importance of unit testing. Seeing this as a “teachable moment,” Bland advocates for greater automated testing and code quality.

Stellar rays prove fibbing never pays. Embezzlement is another matter.