Forgot your password?
typodupeerror
Bug

Bug Bounties Don't Help If Bugs Never Run Out 232

Posted by Soulskill
from the trying-to-bail-the-ocean dept.
Bennett Haselton writes: "I was an early advocate of companies offering cash prizes to researchers who found security holes in their products, so that the vulnerabilities can be fixed before the bad guys exploited them. I still believe that prize programs can make a product safer under certain conditions. But I had naively overlooked that under an alternate set of assumptions, you might find that not only do cash prizes not make the product any safer, but that nothing makes the product any safer — you might as well not bother fixing certain security holes at all, whether they were found through a prize program or not." Read on for the rest of Bennett's thoughts.
Python

Open-Source Python Code Shows Lowest Defect Density 187

Posted by Soulskill
from the errors-should-never-pass-silently dept.
cold fjord sends news that a study by Coverity has found open-source Python code to contain a lower defect density than any other language. "The 2012 Scan Report found an average defect density of .69 for open source software projects that leverage the Coverity Scan service, as compared to the accepted industry standard defect density for good quality software of 1.0. Python's defect density of .005 significantly surpasses this standard, and introduces a new level of quality for open source software. To date, the Coverity Scan service has analyzed nearly 400,000 lines of Python code and identified 996 new defects — 860 of which have been fixed by the Python community."

Comment: Re:you've got to be kidding me (Score 1) 71

Vim? Joining 10 tables is a ballache in terms of typing, but it's not actually /hard/ - any more than writing a function with 10 statements is hard. You just need to step away from the ORM long enough to realise that actually relational databases are perfectly logical and easy (well, as easy as any other programming) despite what various frameworks have screamed at you for years.
Android

Splashtop's Cliff Miller Talks About Their New Linux App (Video) 96

Posted by Roblimo
from the around-the-corner-or-around-the-world-is-all-the-same-to-me dept.
Yes, you can now have full remote access to your home computer or a server at work that's running Ubuntu Linux. Really any Linux distro, although only Ubuntu is formally supported by Splashtop. What? You say you already control your home and work Linux computers from your Android tablet with VNC? That there's a whole bunch of Android VNC apps out there already? And plenty for iOS, too? You're right. But Cliff says Splashtop is better than the others. It can play video at a full 30 frames per second, and has low enough latency (depending on your connection) that you can play video games remotely in between taking care of that list of server issues your boss emailed to you. Or perhaps, in between work tasks, you take a dip in the ocean, because you're working from the beach, not from a stuffy office. It seems that work and living locations get a little more remote from each other every year, and Splashtop is helping to make that happen. This video interview is, itself, an example of how our world has gotten flatter; Cliff was in China and I was in Florida. The connection wasn't perfect, but the fact that we could have this conversation at all is a wonder. Please note, too, that while Cliff Miller is now Chief Marketing Officer for Splashtop, he was also the founder and first CEO of TurboLinux, so he is not new to Linux. And Splashtop is the company that supplied the "instant on" Linux OS a lot of computer manufacturers bundled with their Windows computers for a few years. Now, of course, they're focusing on the remote desktop, and seem to be making a go of it despite heavy competition in that market niche.

You can tell how far we have to go, when FORTRAN is the language of supercomputers. -- Steven Feiner

Working...