Forgot your password?
typodupeerror

Follow Slashdot stories on Twitter

Music

Groove Basin: Quest For the Ultimate Music Player 58

Posted by Soulskill
from the it's-dangerous-to-go-alone,-take-this-ipod dept.
An anonymous reader writes "Andrew Kelley was a big fan of the Amarok open source music player. But a few years ago, its shortcomings were becoming more annoying and the software's development path no longer matched with the new features he wanted. So he did what any enterprising hacker would do: he started work on a replacement. Three and a half years later, his project, Groove Basin, has evolved into a solid music player, and it's still under active development. Kelley has now posted a write-up of his development process, talking about what problems he encountered, how he solved them, and how he ended up contributing code to libav."
Programming

The Ethical Dilemmas Today's Programmers Face 164

Posted by samzenpus
from the do-the-right-thing dept.
snydeq (1272828) writes "As software takes over more of our lives, the ethical ramifications of decisions made by programmers only become greater. Unfortunately, the tech world has always been long on power and short on thinking about the long-reaching effects of this power. More troubling: While ethics courses have become a staple of physical-world engineering degrees, they remain a begrudging anomaly in computer science pedagogy. Now that our code is in refrigerators, thermostats, smoke alarms, and more, the wrong moves, a lack of foresight, or downright dubious decision-making can haunt humanity everywhere it goes. Peter Wayner offers a look at just a few of the ethical quandaries confronting developers every day. 'Consider this less of a guidebook for making your decisions and more of a starting point for the kind of ethical contemplation we should be doing as a daily part of our jobs.'"
Google

Apple, Google Vying For Mobile Game Exclusivity 50

Posted by samzenpus
from the mine-all-mine dept.
An anonymous reader writes "Here's an interesting look at the battle for mobile video game money between Google and Apple. 'Last August, for the launch of "Plants Vs. Zombies 2," a highly anticipated sequel to a popular zombie-survival strategy game, publisher Electronic Arts Inc. struck a deal with Apple, which promoted the game prominently in its App Store, according to people familiar with the matter. In exchange, one of these people said, EA agreed to give Apple about a two-month window of exclusivity for the title, which wasn't released on Google's Android software until October.'"
Software

Ask Slashdot: Professional Journaling/Notes Software? 166

Posted by timothy
from the unexamined-life-not-worth-living dept.
netdicted writes "At the very outset of my career the importance of keeping a daily journal of activities and notes was clearly evident. Over the years I've always had a college ruled composition notebook nearby to jot down important ideas, instructions, tasks, etc. Putting away the rock and chisel was not optional when the volumes grew beyond my mental capacity to successfully index the contents. Over the years I've tried countless apps to keep a digital journal and failed miserably.

In my mind the ideal app or solution is a single file or cloud app where I can organize personal notes on projects, configurations, insights, ideas, etc., as well as noting major activities or occurrences of the day. My original journals saved me on a number of occasions. Unfortunately my tenacity for keeping one has suffered from a fruitless search for a suitable solution. Currently I'm experimenting with Evernote and Tiddlywiki. They approach the problem from two different angles. What do you use?"
Encryption

OpenSSL Cleanup: Hundreds of Commits In a Week 372

Posted by timothy
from the the-good-kind-of-competition dept.
New submitter CrAlt (3208) writes with this news snipped from BSD news stalwart undeadly.org: "After the news of heartbleed broke early last week, the OpenBSD team dove in and started axing it up into shape. Leading this effort are Ted Unangst (tedu@) and Miod Vallat (miod@), who are head-to-head on a pure commit count basis with both having around 50 commits in this part of the tree in the week since Ted's first commit in this area. They are followed closely by Joel Sing (jsing@) who is systematically going through every nook and cranny and applying some basic KNF. Next in line are Theo de Raadt (deraadt@) and Bob Beck (beck@) who've been both doing a lot of cleanup, ripping out weird layers of abstraction for standard system or library calls. ... All combined, there've been over 250 commits cleaning up OpenSSL. In one week.'" You can check out the stats, in progress.
Security

Heartbleed Used To Bypass 2-Factor Authentication, Hijack User Sessions 59

Posted by timothy
from the bleeding-from-the-ears dept.
wiredmikey (1824622) writes "Security nightmares sparked by the Heartbleed OpenSSL vulnerability continue. According to Mandiant, now a unit of FireEye, an attacker was able to leverage the Heartbleed vulnerability against the VPN appliance of a customer and hijack multiple active user sessions. The attack bypassed both the organization's multifactor authentication and the VPN client software used to validate that systems connecting to the VPN were owned by the organization and running specific security software.

"Specifically, the attacker repeatedly sent malformed heartbeat requests to the HTTPS web server running on the VPN device, which was compiled with a vulnerable version of OpenSSL, to obtain active session tokens for currently authenticated users," Mandiant's Christopher Glyer explained. "With an active session token, the attacker successfully hijacked multiple active user sessions and convinced the VPN concentrator that he/she was legitimately authenticated."

After connecting to the VPN, the attacker attempted to move laterally and escalate his/her privileges within the victim organization, Mandiant said."
Displays

For $20, Build a VR Headset For Your Smartphone 49

Posted by timothy
from the watch-movies-on-the-plane dept.
An anonymous reader writes "Not everyone can drop a few hundred dollars on a VR headset, but that doesn't mean they can't experience VR! For those with the time and a bit of handiwork skill, this DIY guide from guest writer Ohaple will show you how to make a smartphone-based VR headset for as little as $20. Along the way, you'll learn the hardware and software basics of a VR headset." This project screams for a ready-made commercial version; does anyone know of existing purpose-built headgear? As one of the comments on the linked tutorial says, Poppy seems close, but lacks an LED for tracking.
AI

DARPA Developing the Ultimate Auto-Pilot Software 75

Posted by timothy
from the have-they-not-seen-airplanes-1-or-2? dept.
coondoggie (973519) writes "Call it the ultimate auto-pilot — an automated system that can help take care of all phases of aircraft flight-even perhaps helping pilots overcome system failures in-flight. The Defense Advanced Research Projects Agency (DARPA) will in May detail a new program called Aircrew Labor In-Cockpit Automation System (ALIAS) that would build upon what the agency called the considerable advances that have been made in aircraft automation systems over the past 50 years, as well as the advances made in remotely piloted aircraft automation, to help reduce pilot workload, augment mission performance and improve aircraft safety."
Media

MediaGoblin and FSF Successfully Raise Funds For Federation, Privacy Features 22

Posted by Soulskill
from the if-you-build-it-they-will-come dept.
paroneayea writes: "GNU MediaGoblin and the Free Software Foundation have jointly run a campaign for privacy and federation on the web. The campaign is in its last day but has already passed the first two funding milestones, and is hoping to raise more with the possibility of bringing in multiple dedicated resources to the project. The project has also released a full financial transparency report so donors can know how they can expect their money to be used!"
Bug

Bug Bounties Don't Help If Bugs Never Run Out 235

Posted by Soulskill
from the trying-to-bail-the-ocean dept.
Bennett Haselton writes: "I was an early advocate of companies offering cash prizes to researchers who found security holes in their products, so that the vulnerabilities can be fixed before the bad guys exploited them. I still believe that prize programs can make a product safer under certain conditions. But I had naively overlooked that under an alternate set of assumptions, you might find that not only do cash prizes not make the product any safer, but that nothing makes the product any safer — you might as well not bother fixing certain security holes at all, whether they were found through a prize program or not." Read on for the rest of Bennett's thoughts.
The Courts

Oracle Deflects Blame For Troubled Oregon Health Care Site 161

Posted by samzenpus
from the who's-to-blame dept.
itwbennett (1594911) writes "Oracle is gearing up for a fight with officials in Oregon over its role developing an expensive health insurance exchange website that still isn't fully operational. In a letter obtained by the Oregonian newspaper this week, Oracle co-president Safra Catz said that Oregon officials have provided the public with a 'false narrative' concerning who is to blame for Cover Oregon's woes. In the letter, Catz pointed out that Oregon's decision to act as their own systems integrator on the project, using Oracle consultants on a time-and-materials basis, was 'criticized frequently by many'. And as far as Oracle is concerned, 'Cover Oregon lacked the skills, knowledge or ability to be successful as the systems integrator on an undertaking of this scope and complexity,' she added."
Linux Business

Linux Voice is a New Magazine for Linux Users — On Paper (Video) 69

Posted by Roblimo
from the there's-nothing-quite-like-the-smell-of-ink-on-paper dept.
This is an interview with Graham Morrison, who is one of four people behind the shiny-new Linux Voice magazine, which is printed on (gasp) paper. Yes, paper, even though it's 2014 and a lot of people believe the idea of publishing a physical newspaper or magazine is dead. But, Graham says, when you have a tight community (like Linux users and developers) you have an opportunity to make a successful magazine for that community. This is a crowdfunded venture, through Indiegogo, where they hoped to raise £90,000 -- but ended up with £127,603, which is approximately $214,288 as of this video's publishing date. So they have a little capital to work with. Also note: these are not publishing neophytes. All four of the main people behind Linux Voice used to work on the well-regarded Linux Format magazine. Graham says they're getting subscribers and newsstand sales at a healthy rate, so they're happily optimistic about their magazine's future. (Here's an alternate video link)
Ubuntu

Ubuntu Linux 14.04 LTS Trusty Tahr Released 177

Posted by timothy
from the what-in-tahr-nation dept.
An anonymous reader writes with this announcement: "Ubuntu Linux version 14.04 LTS (code named "Trusty Tahr") has been released and available for download. This updated version includes the Linux kernel v3.13.0-24.46, Python 3.4, Xen 4.4, Libreoffice 4.2.3, MySQL 5.6/MariaDB 5.5, Apache 2.4, PHP 5.5, improvements to AppArmor allow more fine-grained control over application, and more. The latest release of Ubuntu Server is heavily focused on supporting cloud and scale-out computing platforms such as OpenStack, Docker, and more. As part of the wider Ubuntu 14.04 release efforts the Ubuntu Touch team is proud to make the latest and greatest touch experience available to our enthusiast users and developers. You can install Ubuntu on Nexus 4 Phone (mako), Nexus 7 (2013) Tablet (flo), and Nexus 10 Tablet (manta) by following these instructions. On a hardware front, ARM multiplatform support has been added, enabling you to build a single ARM kernel image that can boot across multiple hardware platforms. Additionally, the ARM64 and Power architectures are now fully supported. See detailed release notes for more information. A quick upgrade to a newer version of Ubuntu is possible over the network."
Open Source

Apache OpenOffice Reaches 100 Million Downloads. Now What? 285

Posted by timothy
from the hundreds-of-millions-served dept.
We're thankfully long past the days when an emailed Word document was useless without a copy of Microsoft Word, and that's in large part thanks to the success of the OpenOffice family of word processors. "Family," because the OpenOffice name has been attached to several branches of a codebase that's gone through some serious evolution over the years, starting from its roots in closed-source StarOffice, acquired and open-sourced by Sun to become OpenOffice.org. The same software has led (via some hamfisted moves by Oracle after its acquisition of Sun) to the also-excellent LibreOffice. OpenOffice.org's direct descendant is Apache OpenOffice, and an anonymous reader writes with this excellent news from that project: "The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 170 Open Source projects and initiatives, announced today that Apache OpenOffice has been downloaded 100 million times. Over 100 million downloads, over 750 extensions, over 2,800 templates. But what does the community at Apache need to do to get the next 100 million?" If you want to play along, you can get the latest version of OpenOffice from SourceForge (Slashdot's corporate cousin). I wonder how many government offices -- the U.S. Federal government has long been Microsoft's biggest customer -- couldn't get along just fine with an open source word processor, even considering all the proprietary-format documents they're stuck with for now.
Programming

Code Quality: Open Source vs. Proprietary 132

Posted by Soulskill
from the put-your-money-where-your-code-is dept.
just_another_sean sends this followup to yesterday's discussion about the quality of open source code compared to proprietary code. Every year, Coverity scans large quantities of code and evaluates it for defects. They've just released their latest report, and the findings were good news for open source. From the article: "The report details the analysis of 750 million lines of open source software code through the Coverity Scan service and commercial usage of the Coverity Development Testing Platform, the largest sample size that the report has studied to date. A few key points: Open source code quality surpasses proprietary code quality in C/C++ projects. Linux continues to be a benchmark for open source quality. C/C++ developers fixed more high-impact defects. Analysis found that developers contributing to open source Java projects are not fixing as many high-impact defects as developers contributing to open source C/C++ projects."
Businesses

Survey: 56 Percent of US Developers Expect To Become Millionaires 464

Posted by Soulskill
from the you-totally-could-have-invented-flappy-birds dept.
msmoriarty writes: "According to a recent survey of 1,000 U.S.-based software developers, 56 percent expect to become millionaires in their lifetime. 66 percent also said they expect to get raises in the next year, despite the current state of the economy. Note that some of the other findings of the study (scroll to bulleted list) seem overly positive: 84 percent said they believe they are paid what they're worth, 95 percent report they feel they are 'one of the most valued employees at their organization,' and 80 percent said that 'outsourcing has been a positive factor in the quality of work at their organization.'"
Open Source

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion? 582

Posted by Soulskill
from the or-at-least-marginally-less-unsafe dept.
jammag writes: "Heartbleed has dealt a blow to the image of free and open source software. In the self-mythology of FOSS, bugs like Heartbleed aren't supposed to happen when the source code is freely available and being worked with daily. As Eric Raymond famously said, 'given enough eyeballs, all bugs are shallow.' Many users of proprietary software, tired of FOSS's continual claims of superior security, welcome the idea that Heartbleed has punctured FOSS's pretensions. But is that what has happened?"
Encryption

Snowden Used the Linux Distro Designed For Internet Anonymity 170

Posted by Soulskill
from the NSA-can't-make-heads-or-something-of-it dept.
Hugh Pickens DOT Com writes: "When Edward Snowden first emailed Glenn Greenwald, he insisted on using email encryption software called PGP for all communications. Now Klint Finley reports that Snowden also used The Amnesic Incognito Live System (Tails) to keep his communications out of the NSA's prying eyes. Tails is a kind of computer-in-a-box using a version of the Linux operating system optimized for anonymity that you install on a DVD or USB drive, boot your computer from and you're pretty close to anonymous on the internet. 'Snowden, Greenwald and their collaborator, documentary film maker Laura Poitras, used it because, by design, Tails doesn't store any data locally,' writes Finley. 'This makes it virtually immune to malicious software, and prevents someone from performing effective forensics on the computer after the fact. That protects both the journalists, and often more importantly, their sources.'

The developers of Tails are, appropriately, anonymous. They're protecting their identities, in part, to help protect the code from government interference. 'The NSA has been pressuring free software projects and developers in various ways,' the group says. But since we don't know who wrote Tails, how do we know it isn't some government plot designed to snare activists or criminals? A couple of ways, actually. One of the Snowden leaks show the NSA complaining about Tails in a Power Point Slide; if it's bad for the NSA, it's safe to say it's good for privacy. And all of the Tails code is open source, so it can be inspected by anyone worried about foul play. 'With Tails,' say the distro developers, 'we provide a tongue and a pen protected by state-of-the-art cryptography to guarantee basic human rights and allow journalists worldwide to work and communicate freely and without fear of reprisal.'"
Security

OpenBSD Team Cleaning Up OpenSSL 300

Posted by timothy
from the devil-you-say dept.
First time accepted submitter Iarwain Ben-adar (2393286) writes "The OpenBSD has started a cleanup of their in-tree OpenSSL library. Improvements include removing "exploit mitigation countermeasures", fixing bugs, removal of questionable entropy additions, and many more. If you support the effort of these guys who are responsible for the venerable OpenSSH library, consider a donation to the OpenBSD Foundation. Maybe someday we'll see a 'portable' version of this new OpenSSL fork. Or not."
Encryption

First Phase of TrueCrypt Audit Turns Up No Backdoors 171

Posted by Unknown Lamer
from the only-slightly-insecure dept.
msm1267 (2804139) writes "A initial audit of the popular open source encryption software TrueCrypt turned up fewer than a dozen vulnerabilities, none of which so far point toward a backdoor surreptitiously inserted into the codebase. A report on the first phase of the audit was released today (PDF) by iSEC Partners, which was contracted by the Open Crypto Audit Project (OCAP), a grassroots effort that not only conducted a successful fundraising effort to initiate the audit, but raised important questions about the integrity of the software.

The first phase of the audit focused on the TrueCrypt bootloader and Windows kernel driver; architecture and code reviews were performed, as well as penetration tests including fuzzing interfaces, said Kenneth White, senior security engineer at Social & Scientific Systems. The second phase of the audit will look at whether the various encryption cipher suites, random number generators and critical key algorithms have been implemented correctly."

Help me, I'm a prisoner in a Fortune cookie file!

Working...