hypnosec writes "Following delays due to UEFI, the alpha version of Fedora 19 'Schrödinger's Cat' has been released. The alpha version brings with it all the features of Fedora 19, including the updated desktop options – GNOME 3.8, KDE Plasma 4.10 and MATE 1.6. Other new features include Developer's Assistant – a tool that would allow developers to code easily with ready templates, samples and more; OpenShift Origin – through which users will be able to deploy their own Platform-as-a-Service infrastructure; Ruby 2.0.0; Scratch; Syslinux – provides for simplified booting of Fedora; systemd Resource Control – which allows for modification of service settings without requiring a reboot; and Checkpoint & Restore. Downloads and release notes available at the Fedora Project site."
Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.
An anonymous reader writes "For many of us our hosting providers are a way to hone our skills as well as run a business. Which provider out there gives the best bang for the buck for a FOSS developer? Virtually everybody provides Perl, PHP, Ruby, MySQL / MariaDB etc. but where can one get easy and cheap access to a stuff like NodeJS and Big Data? Companies such as Pair Networks are great but not quite on the mark with any of their service offerings for somebody looking to test out real world scenarios with these technologies from a hosted stance. Obviously hosting from home is always an option but that has the penalty of administration, backup, DR planning, bigger security footprint etc. and for those of us whose time is balanced between making money and friends / family time that's not very appealing."
dstates writes "ProPublica, the award winning public interest journalism group and frequently cited Slashdot source, has published an interesting guide to app technology for journalism and a set of data and style guides. Journalism presents unique challenges with potentially enormous but highly variable site traffic, the need to serve a wide variety of information, and most importantly, the need to quickly develop and vet interesting content, and ProPublica serves lots of data sets in addition to the news. They are also doing some cool stuff like using AI to generate specific narratives from tens of thousands of database entries illustrating how school districts and states often don't distribute educational opportunities to rich and poor kids equally. The ProPublica team focuses on some basic practical issues for building a team, rapidly and flexibly deploying technology and insuring that what they serve is correct. A great news app developer needs three key skills: the ability to do journalism, design acumen and the ability to write code quickly — and the last is the easiest to teach. To build a team they look to their own staff rather than competing with Google for CS grads. Most news organizations use either Ruby on Rails or Python/Django, but more important than which specific technology you choose is to just pick a server-side programming language and stick to it. Cloud hosting provides news organizations with incredible flexibility (like increasing your capacity ten-fold for a few days around the election and then scaling back the day after), but they're not as fast as real servers, and cloud costs can scale quickly relative to real servers. Maybe a news app is not the most massive 'big data' application out there, but where else can you find the challenge of millions of users checking in several times a day for the latest news, and all you need to do is sort out which of your many and conflicting sources are providing you with straight information? Oh, and if you screw up, it will be very public."
An anonymous reader writes "Today version 2.0.0 of Ruby has been released. This is a stable release, and the Ruby team has done their best to make it compatible with 1.9, making it easier to migrate than it was to switch from 1.8 to 1.9. New core language features include: 'Keyword arguments, which give flexibility to API design; Module#prepend, which is a new way to extend a class; A literal %i, which creates an array of symbols easily; __dir__, which returns the dirname of the file currently being executed; and UTF-8 default encoding, which make many magic comments omissible.' There are also new built-in libraries for lazy stream and for an asynchronous exception handling API. The release includes a number of performance improvements and debug support for DTrace."
An anonymous reader writes "Jeff Atwood has a post on his Coding Horror weblog about his latest project, Discourse, 'a next-generation, 100% open source discussion platform built for the next decade of the Internet.' Along with Coding Horror, Jeff is most well-known for his work on Stack Exchange and its family of related sites. In the same way that he tried to improve Q&A sites, he hopes to make forum/discussion software better with a team of folks he's pulled together for the task. They're using the 'Wordpress model' of offering both open source software and commercial offerings. The software interface is an in-browser app via Ember.js, with a Ruby on Rails and Postgres backend. I wonder if it will ever have an NNTP gateway."
hypnosec writes "Online version control system GitHub, which is based on Git — the distributed version control system developed by Linus Torvalds — now has over three million registered users, it has been revealed. Announcing the achievement, the code sharing site used by the likes of jQuery, Perl, PHP, Ruby as well as Joomla said in a blog post that the 'three millionth person signed up for a GitHub account' on Monday night."
vikingpower writes "As a previous Slashdot story already reported, Ruby on Rails was recently reported to suffer from a major SQL injection flaw. This has prompted the Dutch government to take the one and only national site for citizens' digital identification offline (link in Dutch, Google translation to English). Here is the English-language placeholder page for the now-offline site. This means that 16 million Dutch citizens cannot authenticate themselves anymore with government instances, and that those same government instances can not communicate anything to those same citizens anymore." Fixes were released, so it looks like it's on their sysadmin team now.
Trailrunner7 writes with the news as posted at Threatpost (based on this advisory) that "All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an attacker to inject code into Web applications. The vulnerability is a serious one given the widespread use of the popular framework for developing Web apps, and the maintainers of Ruby on Rails have released new versions that fix the flaw, versions 3.2.10, 3.1.9 and 3.0.18. The advisory recommends that users running affected versions, which is essentially anyone using Ruby on Rails, upgrade immediately to one of the fixed versions, 3.2.10, 3.1.9 or 3.0.18. The vulnerability lies specifically in the Ruby on Rails framework, and its presence doesn't mean that all of the apps developed on vulnerable versions are susceptible to the bug."
theodp writes "Silly rabbit, parallel processing is not just for Big Data! Building on techniques outlined by Andy Baio back in 2008, Wired writer and 20% Doctrine evangelist Ryan Tate has released Ruby-based software called Typingpool to make audio transcriptions easier and cheaper. 'Typingpool chops your audio into small bits and routes them to the labor marketplace Mechanical Turk,' Tate explains to his reporter pals, 'where workers transcribe the bits in parallel. This produces transcripts much faster than any lone transcriber for as little one-eighth what you pay a transcription service. Better still, workers keep 91 percent of the money you spend.' Remember to Use the Force for Good, Tate adds."
An anonymous reader writes "The Register is reporting on how debate over diversity has managed to get a Ruby conference in the UK cancelled, as the speakers were 100% white male. The person running the conference, Chuck Hardy, said he 'was not prepared to put [himself] in the position of legal liability and cost ramifications if a sponsor were to pull out under social media strain.' He added, 'The ramifications of comments such as race and gender can have financial and legal consequences for the conference organizer. Raise these issues but allow the conference organizers the chance to highlight and act on these industry level issues. Accusation and slander is not a solution.' Should conferences embrace diversity from the start, or should they go forward even if the speakers are all of the same denomination? How far do we have to go to ensure we are diverse?"
jfruh writes "What's the longest tech interview you've had to sit through — two hours? Eight? Ruby on Rails devs who want to work for Hashrocket need to travel to Florida and do pair-programming on real projects for a week before they can be hired. The upside is that you'll be put up in a beachfront condo for the week with your significant other; the downside is that you'll be doing real work for a week for little or no pay and no guarantee of a job slot."
PhunkySchtuff writes "OK, so we're all hearing the news that they've found the Higgs boson. What are some of the more practical implications that are likely to come out of this discovery? I realize it's hard to predict this stuff — who would have thought that shining a bright light on a rod of ruby crystal would have lead to digital music on CDs and being able to measure the distance to the moon to an accuracy of centimeters? If the Higgs boson is the particle that gives other particles mass, would our being able to manipulate the Higgs lead to being able to do things with mass such as we can do with electromagnetism? Will we be able to shield or block the Higgs from interacting with other particles, leading to a reduction in mass (and therefore weight?) Are there other things that this discovery will lead to in the short to medium term?"
snydeq writes "Charles Nutter, Rich Hickey, and Gavin King each discovered that 'simplicity' doesn't mean the same thing as they developed Ruby, Clojure, and Ceylon, respectively. 'Languages that are created with similar goals in mind may yield highly disparate final results, depending on how their communities understand those goals,' writes Andrew Oliver. 'At first, it surprised me that each language's creator directly or indirectly identified simplicity as his goal, as well as how differently the three creators and their languages' communities define what simplicity is. For Ruby, it is about a language that feels natural and gets out of your way to do what you want. For Clojure, it is about keeping the language itself simple. For Ceylon, it is a compromise between enabling the language to help, in King's words, "communicating algorithms to humans" and providing proper tooling support: the same general goal, three very different results.'"
Aciel writes "Ruby has long been popular in the web/business community, while Python dominates the scientific community. One new project seeks to bring balance to the force: SciRuby. We've already introduced a linear algebra library called NMatrix (currently alpha status). There's at least one fellowship available for students interested in working on the project this summer."
MrSeb writes "Over the weekend, developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him (or anyone else with basic hacker know-how) to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. GitHub uses the Ruby on Rails application framework, and Rails has been weak to what's known as a mass-assignment vulnerability for years. Basically, Homakov exploited this vulnerability to add his public key to the Rails project on GitHub, which then meant that GitHub identified him as an administrator of the project. From here, he could effectively do anything, including deleting the entire project from the web; instead, he posted a fairly comical commit. GitHub summarily suspended Homakov, fixed the hole, and, after 'reviewing his activity,' he has been reinstated. Homakov could've gained administrative access to the master branch of any project on GitHub and deleted the history, committed junk, or closed or opened tracker tickets."
A few countries, like Estonia, have gone for internet-based voting in national elections in a big way, and many others (like Ireland and Canada) have experimented with it. For Americans, with a presidential election approaching later this year, it's a timely issue: already, some states have come to allow at least certain forms of voting by internet. Proponents say online elections have compelling upsides, chief among them ease of participation. People who might not otherwise vote — in particular military personnel stationed abroad, but many others besides — are more and more reached by internet access. Online voting offers a way to keep the electoral process open to them. With online voting, too, there's no worry about conventional absentee ballots being lost or delayed in the postal system, either before reaching the voter or on the way back to be counted. The downsides, though, are daunting. According to RSA panelists David Jefferson and J. Alex Halderman, in fact, they're overwhelming. Speaking Thursday afternoon, the two laid out their case against e-voting.
(Read more for more, and look for a video interview with Halderman soon).
(Read more for more, and look for a video interview with Halderman soon).