Subscribe: Slashdot: DevelopersSearch Slashdot
http://developers.slashdot.org/developers.rss
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
anonymous reader  code  company  content  facebook  new  perl  read story  read  slashdot  story slashdot  story  time 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Slashdot: DevelopersSearch Slashdot

Slashdot: DevelopersSearch Slashdot



News for nerds, stuff that mattersSearch Slashdot stories



Published: 2016-12-07T20:03:34+00:00

 



Canada's Prime Minister Justin Trudeau Makes Game For Third Annual Hour of Code

2016-12-07T10:00:00+00:00

Eloking writes: Canadian Prime Minister Justin Trudeau's Twitter account lit up today with a message all too familiar to many indie devs: Mr. Trudeau has made a video game, and he'd like everyone to play it. It was a cute bit of promotion for Hour of Code, the computer science education event masterminded every year by the Code.org nonprofit. While the Hour of Code websites hosts one-hour tutorials (in 45 languages) for coding all sorts of simple applications, game developers may appreciate that the lion's share appears to be game projects, like the one Trudeau modified into a sort of hockey-themed Breakout variant.

Read more of this story at Slashdot.

(image)



New Stegano Exploit Kit Hides Malvertising Code In Banner Pixels

2016-12-07T01:25:00+00:00

An anonymous reader quotes a report from BleepingComputer: For the past two months, a new exploit kit has been serving malicious code hidden in the pixels of banner ads via a malvertising campaign that has been active on several high profile websites. Discovered by security researchers from ESET, this new exploit kit is named Stegano, from the word steganography, which is a technique of hiding content inside other files. In this particular scenario, malvertising campaign operators hid malicious code inside PNG images used for banner ads. The crooks took a PNG image and altered the transparency value of several pixels. They then packed the modified image as an ad, for which they bought ad displays on several high-profile websites. Since a large number of advertising networks allow advertisers to deliver JavaScript code with their ads, the crooks also included JS code that would parse the image, extract the pixel transparency values, and using a mathematical formula, convert those values into a character. Since images have millions of pixels, crooks had all the space they needed to pack malicious code inside a PNG photo. When extracted, this malicious code would redirect the user to an intermediary ULR, called gate, where the host server would filter users. This server would only accept connections from Internet Explorer users. The reason is that the gate would exploit the CVE-2016-0162 vulnerability that allowed the crooks to determine if the connection came from a real user or a reverse analysis system employed by security researchers. Additionally, this IE exploit also allowed the gate server to detect the presence of antivirus software. In this case, the server would drop the connection just to avoid exposing its infrastructure and trigger a warning that would alert both the user and the security firm. If the gate server deemed the target valuable, then it would redirect the user to the final stage, which was the exploit kit itself, hosted on another URL. The Stegano exploit kit would use three Adobe Flash vulnerabilities (CVE-2015-8651, CVE-2016-1019 or CVE-2016-4117) to attack the user's PC, and forcibly download and launch into execution various strains of malware.

Read more of this story at Slashdot.

(image)



YouTube, Facebook, Twitter and Microsoft Will Create 'Hash' Database To Remove Extremist Content

2016-12-06T13:00:00+00:00

bongey writes: Youtube, Facebook, Twitter and Microsoft are teaming up to create a common database to flag extremist videos and pictures. The database is set to go live in 2017. The system will not automatically remove content. Reuters reports: "The companies will share 'hashes' -- unique digital fingerprints they automatically assign to videos or photos -- of extremist content they have removed from their websites to enable their peers to identify the same content on their platforms. 'We hope this collaboration will lead to greater efficiency as we continue to enforce our policies to help curb the pressing global issue of terrorist content online,' the companies said in a statement on Tuesday. Each company will decide what image and video hashes to add to the database and matching content will not be automatically removed, they said. The database will be up and running in early 2017 and more companies could be brought into the partnership."

Read more of this story at Slashdot.

(image)



California State Senator Introduces Bill That Would Mandate Reporting of 'Superbug' Infections, Deaths

2016-12-06T03:30:00+00:00

An anonymous reader quotes a report from Reuters: A California state senator introduced a bill on Monday that would mandate reporting of antibiotic-resistant infections and deaths and require doctors to record the infections on death certificates when they are a cause of death. The legislation also aims to establish the nation's most comprehensive statewide surveillance system to track infections and deaths from drug-resistant pathogens. Data from death certificates would be used to help compile an annual state report on superbug infections and related deaths. In September, a Reuters investigation revealed that tens of thousands of superbug deaths nationwide go uncounted every year. The infections are often omitted from death certificates, and even when they are recorded, they aren't counted because of the lack of a unified national surveillance system. Because there is no federal surveillance system, monitoring of superbug infections and deaths falls to the states. A Reuters survey of all 50 state health departments and the District of Columbia found that reporting requirements vary widely. Hill's bill would require hospitals and clinical labs to submit an annual summary of antibiotic-resistant infections to the California Department of Health beginning July 1, 2018; amend a law governing death certificates by requiring that doctors specify on death certificates when a superbug was the leading or a contributing cause of death; and require the state Health Department to publish an annual report on resistant infections and deaths, including data culled from death certificates.

Read more of this story at Slashdot.

(image)



Ask Slashdot: Have You Read 'The Art of Computer Programming'?

2016-12-05T02:09:00+00:00

In 1962, 24-year-old Donald Knuth began writing The Art of Computer Programming, publishing three volumes by 1973, with volume 4 arriving in 2005. (Volume 4A appeared in 2011, with new paperback fascicles planned for every two years, and fascicle 6, "Satisfiability," arriving last December). "You should definitely send me a resume if you can read the whole thing," Bill Gates once said, in a column where he described working through the book. "If somebody is so brash that they think they know everything, Knuth will help them understand that the world is deep and complicated." But now long-time Slashdot reader Qbertino has a question: I've had The Art of Computer Programming on my book-buying list for just about two decades now and I'm still torn...about actually getting it. I sometimes believe I would mutate into some programming demi-god if I actually worked through this beast, but maybe I'm just fooling myself... Have any of you worked through or with TAOCP or are you perhaps working through it? And is it worthwhile? I mean not just for bragging rights. And how long can it reasonably take? A few years? Share your answers and experiences in the comments. Have you read The Art of Computer Programming?

Read more of this story at Slashdot.

(image)



Drupal Event Apologizes For Giving Out Copies Of Playboy

2016-12-03T19:39:00+00:00

An anonymous reader writes: The organization team for a regional Drupal event apologized Thursday for distributing copies of Playboy to attendees. The magazines were distributed in welcome bags, according to a statement from the organizers of DrupalCamp Munich, and "were provided by Burda, a major German publisher, who also provided other technical magazines as part of their sponsorship. These magazines were approved for inclusion by the camp organizers. "At the time, we thought it would be a good idea, as playboy.de was one of the first major Drupal 8 websites ever released. Upon reflection, this wasn't the best idea, and the magazines have been removed... It was a decision made in poor taste, and we regret it. The inclusion of the magazine had attracted criticism on Twitter from both male and female developers, with one writing sarcastically, "Dunno about you, but I only read playboy.de for the Drupal code."

Read more of this story at Slashdot.

(image)



Perl Advent Calendar Enters Its 17th Year

2016-12-03T15:34:00+00:00

An anonymous reader writes: Thursday brought this year's first new posts on the Perl Advent Calendar, a geeky tradition first started back in 2000. Friday's post described Santa's need for fast, efficient code, and the day that a Christmas miracle occurred during Santa's annual code review (involving the is_hashref subroutine from Perl's reference utility library). And for the last five years, the calendar has also had its own Twitter feed. But in another corner of the North Pole, you can also unwrap the Perl 6 Advent Calendar, which this year celebrates the one-year anniversary of the official launch of Perl 6. Friday's post was by brian d foy, a writer on the classic Perl textbooks Learning Perl and Intermediate Perl (who's now also crowdfunding his next O'Reilly book, Learning Perl 6). foy's post talked about Perl 6's object hashes, while the calendar kicked off its new season Thursday with a discussion about creating Docker images using webhooks triggered by GitHub commits as an example of Perl 6's "whipupitude".

Read more of this story at Slashdot.

(image)



Of 8 Tech Companies, Only Twitter Says It Would Refuse To Help Build Muslim Registry For Trump

2016-12-03T13:00:00+00:00

On the campaign trail last year, President-elect Donald Trump said he would consider requiring Muslim-Americans to register with a government database. While he has back-stepped on a number of campaign promises after being elected president, Trump and his transition team have recently resurfaced the idea to create a national Muslim registry. In response, The Intercept contacted nine of the "most prominent" technology companies in the United States "to ask if they would sell their services to help create a national Muslim registry." Twitter was the only company that responded with "No." The Intercept reports: Even on a purely hypothetical basis, such a project would provide American technology companies an easy line to draw in the sand -- pushing back against any effort to track individuals purely (or essentially) on the basis of their religious beliefs doesn't take much in the way of courage or conviction, even by the thin standards of corporate America. We'd also be remiss in assuming no company would ever tie itself to such a nakedly evil undertaking: IBM famously helped Nazi Germany computerize the Holocaust. (IBM has downplayed its logistical role in the Holocaust, claiming in a 2001 statement that "most [relevant] documents were destroyed or lost during the war.") With all this in mind, we contacted nine different American firms in the business of technology, broadly defined, with the following question: "Would [name of company], if solicited by the Trump administration, sell any goods, services, information, or consulting of any kind to help facilitate the creation of a national Muslim registry, a project which has been floated tentatively by the president-elect's transition team?" After two weeks of calls and emails, only three companies provided an answer, and only one said it would not participate in such a project. A complete tally is below. Facebook: No answer. Twitter: "No," and a link to this blog post, which states as company policy a prohibition against the use, by outside developers, of "Twitter data for surveillance purposes. Period." Microsoft: "We're not going to talk about hypotheticals at this point," and a link to a company blog post that states that "we're committed to promoting not just diversity among all the men and women who work here, but [...] inclusive culture" and that "it will remain important for those in government and the tech sector to continue to work together to strike a balance that protects privacy and public safety in what remains a dangerous time." Google: No answer. Apple: No answer. IBM: No answer. Booz Allen Hamilton: Declined to comment. SRA International: No answer. Read more of this story at Slashdot.[...]



Cyanogen Inc and CyanogenMod Creator Steve Kondik Part Ways

2016-12-01T21:55:00+00:00

bulled writes: In the middle of a press release discussing the move of employees from Seattle to California, Cyanogen Inc notes that it has parted ways with Steve Kondik. It is unclear what this means for the future of CyanogenMod. NDTV reports: "Kondik took to the official CyanogenMod developer Google+ community recently where he voiced what he thought were the reasons behind Cyanogen's plight and blamed Kirt McMaster, Cyanogen's Co-Founder. 'I've been pretty quiet about the stuff that's been going on but I'm at least ready to tell the short version and hopefully get some input on what to do next because CM is very much affected,' wrote Kondik in a private Google+ community first reported by Android Police. According to Kondik's version, Cyanogen's turmoil is way far from being over. He claimed that Cyanogen had seen success thanks to the efforts by the community and the company. Though, this also changed how the company worked. Explaining how it all started to come down, Kondik wrote, 'Unfortunately once we started to see success, my co-founder apparently became unhappy with running the business and not owning the vision. This is when the 'bullet to the head' and other misguided media nonsense started, and the bad business deals were signed. Being second in command, all I could do was try and stop it, do damage control, and hope every day that something new didn't happen. The worst of it happened internally and it became a generally shitty place to work because of all the conflict. I think the backlash from those initial missteps convinced him that what we had needed to be destroyed. By the time I was able to stop it, I was outgunned and outnumbered by a team on the same mission.' Kondik also seemingly confirmed a report from July which claimed Cyanogen may pivot to apps. He further wrote, 'Eventually I tried to salvage it with a pivot that would have brought us closer to something that would have worked, but the new guys had other plans. With plenty of cash in the bank, the new guys tore the place down and will go and do whatever they are going to do. It's probably for the best and I wish them luck, but what I was trying to do, is over.'"

Read more of this story at Slashdot.

(image)



Google's New Public NTP Servers Provide Smeared Time

2016-12-01T14:47:00+00:00

Google says it has built support for the leap second into the time servers that regulate all Google services. An anonymous reader shares a blogpost by Google:No commonly used operating system is able to handle a minute with 61 seconds, and trying to special-case the leap second has caused many problems in the past. Instead of adding a single extra second to the end of the day, we'll run the clocks 0.0014% slower across the ten hours before and ten hours after the leap second, and "smear" the extra second across these twenty hours. For timekeeping purposes, December 31 will seem like any other day. All Google services, including all APIs, will be synchronized on smeared time, as described above. You'll also get smeared time for virtual machines on Compute Engine if you follow our recommended settings. You can use non-Google NTP servers if you don't want your instances to use the leap smear, but don't mix smearing and non-smearing time servers.

Read more of this story at Slashdot.

(image)



SourceForge Introduces HTTPS Support For Project Websites

2016-11-30T17:45:00+00:00

SourceForge announced on Wednesday that it is introducing HTTPS for all project websites on its platform. Once a project has been moved to HTTPS, old domain will automatically redirect to their new counterparts, resulting in no loss of traffic or inconvenience. From a blog post on the site: With a single click, projects can opt-in to switch their web hosting from http://name.sourceforge.net to https://name.sourceforge.io. Project admins can find this option in the Admin page, under "HTTPS", naturally.There's also a guide to assist developers with the transition. SourceForge launched HTTPS support for SourceForge.net back in February, but this rolls out HTTPS support to individual project websites hosted on SourceForge. There's also a Site News section on the website now where you can read about all SourceForge changes and improvements over the past year since SourceForge was acquired by BIZX, such as eliminating the DevShare program and scanning all projects for malware.

Read more of this story at Slashdot.

(image)



Facebook Cuts Off Competitor Prisma's API Access

2016-11-30T16:03:00+00:00

Photo-filter app Prisma, the popular program which makes pictures and video look like painterly art, had its access to Facebook's Live Video API revoked this month. From a report on NYMag:According to Prisma, Facebook justified choking off Prisma's access by stating, "Your app streams video from a mobile device camera, which can already be done through the Facebook app. The Live Video API is meant to let people publish live video content from other sources such as professional cameras, multi-camera setups, games or screencasts." This is the implied aim of Facebook's video API, the technical entry point for producers to pump video into Facebook's network: The API is meant for broadcasting setups that are not phone-based. The problem is that none of this is explained in Facebook's documentation for developers. In fact, it states the opposite. Here is the very first question from the company's Live API FAQ: "The Live API is a data feed and the "glue" needed to create higher-quality live videos on Facebook. It allows you to send live content directly to Facebook from any camera."

Read more of this story at Slashdot.

(image)



Muni System Hacker Hit Others By Scanning For Year-Old Java Vulnerability

2016-11-30T02:05:00+00:00

An anonymous reader quotes a report from Ars Technica: The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to the agency's network by way of a known vulnerability in an Oracle WebLogic server. That vulnerability is similar to the one used to hack a Maryland hospital network's systems in April and infect multiple hospitals with crypto-ransomware. And evidence suggests that SFMTA wasn't specifically targeted by the attackers; the agency just came up as a target of opportunity through a vulnerability scan. In an e-mail to Ars, SFMTA spokesperson Paul Rose said that on November 25, "we became aware of a potential security issue with our computer systems, including e-mail." The ransomware "encrypted some systems mainly affecting computer workstations," he said, "as well as access to various systems. However, the SFMTA network was not breached from the outside, nor did hackers gain entry through our firewalls. Muni operations and safety were not affected. Our customer payment systems were not hacked. Also, despite media reports, no data was accessed from any of our servers." That description of the ransomware attack is not consistent with some of the evidence of previous ransomware attacks by those behind the SFMTA incident -- which Rose said primarily affected about 900 desktop computers throughout the agency. Based on communications uncovered from the ransomware operator behind the Muni attack published by security reporter Brian Krebs, an SFMTA Web-facing server was likely compromised by what is referred to as a "deserialization" attack after it was identified by a vulnerability scan. A security researcher told Krebs that he had been able to gain access to the mailbox used in the malware attack on the Russian e-mail and search provider Yandex by guessing its owner's security question, and he provided details from the mailbox and another linked mailbox on Yandex. Based on details found in e-mails for the accounts, the attacker ran a server loaded with open source vulnerability scanning tools to identify and compromise servers to use in spreading the ransomware, known as HDDCryptor and Mamba, within multiple organizations' networks. Read more of this story at Slashdot.[...]



AT&T Unveils DirecTV Now Streaming TV Service With Over 100 Channels

2016-11-28T22:40:00+00:00

ATT has officially unveiled its DirecTV Now internet TV streaming service, which launches Wednesday, November 30th, in the U.S. on iPhone, Android, Amazon Fire TV, Chromecast, and PC/Mac, starting at $35 per month. The Verge reports: Like its over-the-top rivals, DirecTV Now will let customers stream live programming on smartphones, tablets, and PCs -- no cable box necessary -- and requires no long-term contracts or commitments. For a limited time, ATT will offer the "Go Big" channel tier with 100 channels for $35 per month. If you sign up in time, the offer will remain valid each month until you cancel. But that $35 rate is not the long-term pricing for 100+ channels. DirecTV Now offers step-up subscriptions that include other channels and content for a higher monthly cost. ATT has signed programming agreements with nearly all major networks with the exception of CBS and Showtime; negotiations with those companies remain ongoing. DirecTV Now allows customers to watch up to two streams simultaneously. HBO and Cinemax can be added to any of these packages for just $5 extra (each) per month. DirecTV Now is "zero rated" for the company's wireless customers, so regardless of how much time they spend streaming, that activity will have no impact on data usage for their monthly bill. Importantly, while these are the subscription rates as of today, the company is being straightforward about the possibility of increases in the future. ATT also plans to air original shows including a Taylor Swift series.

Read more of this story at Slashdot.

(image)



Microsoft Exec Urges Linux Developers To Try Windows 10

2016-11-28T18:40:00+00:00

An anonymous reader shares a Softpedia article: Microsoft has finally acknowledged the potential that the open-source world in general, and Linux in particular, boasts, so the company is exploring its options to expand in this area with every occasion. Most recently, an episode posted on Channel 9 and entitled "Improvements to Bash on Windows and the Windows Console" with senior program manager Rich Turner calls for Linux developers to give up on their platforms for Windows 10. "Fire up a Windows 10 Insiders' build instance and run your code, run your tools, host your website on Apache, access your MySQL database from your Java code," he explained. Turner went on to point out that the Windows subsystem for Linux is there to provide developers with all the necessary tools to code just like they'd do it on Linux, all without losing the advantages of Windows 10. "Whatever it is that you normally do on Linux to build an application: whether it's in Go, in Erlang, in C, whatever you use, please, give it a try on Bash WSL, and importantly file bugs on us. It really makes our life a lot easier and helps us build a product that we can all use and be far more productive with, he continued. Editor's note: The original title from Softpedia was edited because it was misleading. A Microsoft employee doesn't represent the entire company (at least in this instant he wasn't speaking for the company), and at no point has he asked "all Linux developers" to "give up" on Linux.

Read more of this story at Slashdot.

(image)