Forgot your password?

Catch up on stories from the past week (and beyond) at the Slashdot story archive


Ubuntu Linux 14.04 LTS Trusty Tahr Released 173

Posted by timothy
from the what-in-tahr-nation dept.
An anonymous reader writes with this announcement: "Ubuntu Linux version 14.04 LTS (code named "Trusty Tahr") has been released and available for download. This updated version includes the Linux kernel v3.13.0-24.46, Python 3.4, Xen 4.4, Libreoffice 4.2.3, MySQL 5.6/MariaDB 5.5, Apache 2.4, PHP 5.5, improvements to AppArmor allow more fine-grained control over application, and more. The latest release of Ubuntu Server is heavily focused on supporting cloud and scale-out computing platforms such as OpenStack, Docker, and more. As part of the wider Ubuntu 14.04 release efforts the Ubuntu Touch team is proud to make the latest and greatest touch experience available to our enthusiast users and developers. You can install Ubuntu on Nexus 4 Phone (mako), Nexus 7 (2013) Tablet (flo), and Nexus 10 Tablet (manta) by following these instructions. On a hardware front, ARM multiplatform support has been added, enabling you to build a single ARM kernel image that can boot across multiple hardware platforms. Additionally, the ARM64 and Power architectures are now fully supported. See detailed release notes for more information. A quick upgrade to a newer version of Ubuntu is possible over the network."

How 'DevOps' Is Killing the Developer 225

Posted by Soulskill
from the in-the-server-room-with-the-lamp-stack dept.
An anonymous reader writes "Python guru Jeff Knupp writes about his frustration with the so-called 'DevOps' movement, an effort to blend development jobs with operations positions. It's an artifact of startup culture, and while it might make sense when you only have a few employees and a focus on simply getting it running rather than getting it running right, Knupp feels it has no place in bigger, more established companies. He says, 'Somewhere along the way, however, we tricked ourselves into thinking that because, at any one time, a start-up developer had to take on different roles he or she should actually be all those things at once. If such people even existed, "full-stack" developers still wouldn't be used as they should. Rather than temporarily taking on a single role for a short period of time, then transitioning into the next role, they are meant to be performing all the roles, all the time. And here's what really sucks: most good developers can almost pull this off.' Knupp adds, 'The effect of all of this is to destroy the role of "developer" and replace it with a sort of "technology utility-player". Every developer I know got into programming because they actually enjoyed doing it (at one point). You do a disservice to everyone involved when you force your brightest people to take on additional roles.'"
Input Devices

Princeton Students Develop Open Source Voice Control Platform For Any Device 34

Posted by Unknown Lamer
from the yell-at-your-computer-more-effectively dept.
rjmarvin (3001897) writes "Two Princeton computer science students have created an open source platform for developing voice-controlled applications that are always on. Created by Shubhro Saha and Charlie Marsh, Jasper runs on the Raspberry Pi under Raspbian, using a collection of open source libraries to make up a development platform for building voice-controlled applications. Marsh and Saha demonstrate Jasper's capability to perform Internet searches, update social media, and control music players such as Spotify. You need a few easily obtainable bits of hardware (a USB microphone, wifi dongle or ethernet, and speakers). The whole thing is powered by CMU Sphinx (which /. covered the open sourcing of back in 2000). Jasper provides Python modules (under the MIT license) for recognizing phrases and taking action, or speaking when events occur. There doesn't seem to be anything tying it to the Raspberry Pi either, so you could likely run it on an HTPC for always-on voice control of your media center.

NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible 277

Posted by timothy
from the impossible-is-difficult dept.
An anonymous reader writes "Researchers at New York University have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store (technical details PDF). This means that a password cannot be validated without recovering a threshold of shares, thus an attacker must crack groups of passwords together. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. To put the security difference into perspective, three random 6 character passwords that are stored using standard salted secure hashes can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist. With this new technique, HoneyWords, and hardware solutions all available, does an organization have any excuse if their password database is disclosed and user passwords are cracked?."
Open Source

New Apache Allura Project For Project Development Hosting 43

Posted by Soulskill
from the new-and-shiny dept.
New submitter brondsem writes: "Today the Apache Software Foundation announced the Allura project for hosting software development projects. Think GitHub or SourceForge on your own servers — Allura has git, svn, hg, wiki, tickets, forums, news, etc. It's written in python and has a modular and extensible platform so you can write your own tools and extensions. It's already used by SourceForge, DARPA, German Aerospace Center, and Open Source Projects Europe. Allura is open source; available under the Apache License v2.0. When you don't want all your project resources in the cloud on somebody else's walled garden, you can run Allura on your own servers and have full control and full data access." (SourceForge shares a corporate overlord with Slashdot).
Open Source

Latest Humble Bundle Supports Open Source GameDev Tools 29

Posted by timothy
from the good-to-see dept.
lars_doucet (2853771) writes "The latest Humble Weekly Bundle is titled 'Celebrating Open Source,' and features eight indie games, with charity going to the open source tools used to develop them. The open-source programming language Haxe is strongly represented: three of the charities include the Haxe Foundation, itself OpenFL (recently featured on Slashdot), and FlashDevelop, the most popular open-source Haxe/ActionScript IDE. The fourth is Ren'Py, the Python-based visual novel engine used in award-winning games like Long Live the Queen and Analogue: A Hate Story.

The games themselves are Magical Diary, NEO Scavenger, Offspring Fling!, Planet Stronghold, and for those who pay $6 or more, Anodyne, Defender's Quest, Evoland, and Incredipede, as well as 6 soundtracks. 7 of the 8 games are cross-platform across Mac/Win/Linux, and all are DRM-free."

Python 3.4 Released 196

Posted by Soulskill
from the onward-and-upward dept.
New submitter gadfium writes: "Python 3.4 has been released. It adds new library features, bug fixes, and security improvements. It includes: at standardized implementation of enumeration types, a statistics module, improvements to object finalization, a more secure and interchangeable hash algorithm for strings and binary data, asynchronous I/O support, and an installer for the pip package manager."

Ask Slashdot: Can an Old Programmer Learn New Tricks? 306

Posted by Unknown Lamer
from the new-and-exciting-skills dept.
An anonymous reader writes "I have been programming in some fashion, for the last 18 years. I got my first job programming 15 years ago and have advanced my career programming, leading programmers and bringing my technical skill sets into operations and other areas of the business where problems can be solved with logical solutions. I learned to program on the Internet in the 90s.. scouring information where ever I could and reading the code others wrote. I learned to program in a very simple fashion, write a script and work your way to the desired outcome in a straight forward logical way. If I needed to save or reuse code, I created include files with functions. I could program my way through any problem, with limited bugs, but I never learned to use a framework or write modular, DRY code. Flash forward to today, there are hundreds of frameworks and thousands of online tutorials, but I just can't seem to take the tutorials and grasp the concepts and utilize them in a practical manner. Am I just too old and too set in my ways to learn something new? Does anyone have any recommendations for tutorials or books that could help a 'hacker' like me? Also, I originally learned to program in Perl, but moved onto C and eventually PHP and Python."

Ask Slashdot: Online, Free Equivalent To a CompSci BS? 197

Posted by timothy
from the yes-but-how dept.
An anonymous reader writes "I am a middle school math teacher and I also run a programming club. I recent completed my M.Ed in math education and was inspired to try to do the new GT online MS in Computer Science in a couple of years. I have some background in programming: two intro to comp sci courses, Java, C++, Python, the main scripting languages, and a bunch of math background. I also read through this great article on getting these pre-requisites completed through Coursera but unfortunately you need to wait for courses to enroll. I would like to just learn these on my own time, no credit necessary. Suggestions?"
Open Source

Spark Advances From Apache Incubator To Top-Level Project 24

Posted by timothy
from the distribution-solution dept.
rjmarvin writes "The Apache Software Foundation announced that Spark, the open-source cluster-computing framework for Big Data analysis has graduated from the Apache Incubator to a top-level project. A project management committee will guide the project's day-to-day operations, and Databricks cofounder Matei Zaharia will be appointed VP of Apache Spark. Spark runs programs 100x faster than Apache Hadoop MapReduce in memory, and it provides APIs that enable developers to rapidly develop applications in Java, Python or Scala, according to the ASF."

Python Scripting and Analyzing Your Way To Love 188

Posted by Unknown Lamer
from the you-might-be-overanalyzing-things-if dept.
fiannaFailMan writes "Wired reports one mathematician's mission to find love online by data mining from OK Cupid and applying mathematical modeling to optimize his profile(s). His methods included using 'Python scripts to riffle through hundreds of OkCupid survey questions. He then sorted female daters into seven clusters, like "Diverse" and "Mindful," each with distinct characteristics.' But the real work began when he started going on dates."

Glyphy: High Quality Glyph Rendering Using OpenGL ES2 Shaders 59

Posted by Unknown Lamer
from the doing-it-the-right-way dept.
Recently presented at was Glyphy, a text renderer implemented using OpenGL ES2 shaders. Current OpenGL applications rasterize text on the CPU using Freetype or a similar library, uploading glyphs to the GPU as textures. This inherently limits quality and flexibility (e.g. rotation, perspective transforms, etc. cause the font hinting to become incorrect and you cannot perform subpixel antialiasing). Glyphy, on the other hand, uploads typeface vectors to the GPU and renders text in real time, performing perspective correct antialiasing. The presentation can be watched or downloaded on Vimeo. The slide sources are in Python, and I generated a PDF of the slides (warning: 15M due to embedded images). Source code is at Google Code (including a demo application), under the Apache License.

Regex Golf, xkcd, and Peter Norvig 172

Posted by samzenpus
from the problem-to-solve dept.
mikejuk writes "A recent xkcd strip has started some deep academic thinking. When AI expert Peter Norvig gets involved you know the algorithms are going to fly. Code Golf is a reasonably well known sport of trying to write an algorithm in the shortest possible code. Regex Golf is similar, but in general the aim is to create a regular expression that accepts the strings in one list and rejects the strings in a second list. This started Peter Norvig, the well-known computer scientist and director of research at Google, thinking about the problem. Is it possible to write a program that would create a regular expression to solve the xkcd problem? The result is an NP hard problem that needs AI-like techniques to get an approximate answer. To find out more, read the complete description, including Python code, on Peter Norvig's blog. It ends with this challenge: 'I hope you found this interesting, and perhaps you can find ways to improve my algorithm, or more interesting lists to apply it to. I found it was fun to play with, and I hope this page gives you an idea of how to address problems like this.'"

Why Do Projects Continue To Support Old Python Releases? 432

Posted by Unknown Lamer
from the developers-vs-developers dept.
On Planet Python, Gregory Szorc asks why many projects continue to support Python releases prior to 2.7, when they are all EOLed (2.4 in 2008, 2.5 in 2011, and 2.6 last October), and Python 2.7 provides a clear upgrade path to Python 3. Quoting: "I think maintainers of Python projects should seriously consider dropping support for Python 2.6 and below. Are there really that many people on systems that don't have Python 2.7 easily available? Why are we Python developers inflicting so much pain on ourselves to support antiquated Python releases? As a data point, I successfully transitioned Firefox's build system from requiring Python 2.5+ to 2.7.3+ and it was relatively pain free." Shortly after posting, other developers responded with their reasons for using older Python releases. First, Rob Galanakis of CCP (EVE Online) explains the difficulties involved in upgrading a mature commercial project embedding Python. Nathan Froyd adds "I think this list of reasons to upgrade misses the larger point in providing software for other people: You do not get to tell your users what to do. ... Maybe those users don’t have sufficient control over their working environments to install a new version of Python. ... Maybe those users rely on certain APIs only available in older versions of Python and don’t wish to take an indeterminate amount of time to rewrite (retest, recertify, etc. etc.) their software. ... Maybe those users are just rationally lazy and don’t want to deal with downloading, configuring, and installing a new version of Python, plus dealing with inevitable fallout, when the old version has worked Just Fine for everything else."

KDE Releases KDevelop 4.6 93

Posted by timothy
from the always-with-the-k dept.
New submitter KDE Community writes that the KDE project has released KDevelop 4.6.0 as the latest version of the free and open source integrated development environment. "KDevelop 4.6.0 improves debugging support with GDB. The GDB integration improvements include some operations now going into effect immediately rather than needing to re-run the program, improved debugging from external terminals, and a CPU registers toolview. KDevelopers' CPU registers toolview also allows for showing and editing all user-mode registers and general purpose flags for x86/x86_64/ARMv7 platforms. Other KDevelop 4.6.0 changes include greater language support within the PHP plug-in, Python language support improvements, more C++11 language support, improved project management, and a clean-up to the IDE's user-interface."

Microsoft Adds Node.js Support To Visual Studio 197

Posted by timothy
from the could-be-the-biggest-open-source-company dept.
shutdown -p now writes "Coming from the team that had previously brought you Python Tools for Visual Studio, Microsoft has announced Node.js Tools for Visual Studio, with the release of the first public alpha. NTVS is the official extension for Visual Studio that adds support for Node.js, including editing with Intellisense, debugging, profiling, and the ability to deploy Node.js websites to Windows Azure. An overview video showcases the features, and Scott Hanselman has a detailed walkthrough. The project is open source under Apache License 2.0. While the extension is published by Microsoft, it is a collaborative effort involving Microsoft, Red Gate (which previously had a private beta version of similar product called Visual Node), and individual contributors from the Node.js community."
United Kingdom

And Now For Something Completely Different: Monty Python Reunion Planned 168

Posted by timothy
from the well-then-it's-not-completely-different dept.
cold fjord writes with this report from The Telegraph: "The original members of Monty Python will reunite more than 30 years after the comedy troupe last worked together. John Cleese, Terry Gilliam, Terry Jones, Eric Idle and Michael Palin will officially announce their reformation at a London press conference on Thursday. The five surviving members have reportedly been in months of secret talks about getting the Flying Circus back on the road. The reunion comes after several failed attempts to reform by the group. However, according to The Sun, the surviving members realised 'it was now or never,' and had decided to embark upon 'a fully-fledged reunion.'" Related stories include this commentary, one take on the best of Python and this negative reaction, too.

Skydiving Accident Leaves Security Guru Cedric 'Sid' Blancher Dead At 37 332

Posted by timothy
from the regards-to-his-friends-and-family dept.
An anonymous reader points out The Register's report that Wi-Fi security expert Cédric 'Sid' Blancher has died as the result of a skydiving accident. "Among other things, the 37-year-old Blancher was a sought-after speaker on WiFi security, and in 2005 published a Python-based WiFi traffic injection tool called Wifitap. In 2006, while working for the EADS Corporate Research centre, he also put together a paper on how to exploit Skype to act as a botnet." Some of Blancher's skydiving videos are posted to Vimeo; clearly, it's something he was passionate about.

How Your Compiler Can Compromise Application Security 470

Posted by Soulskill
from the my-compiler-levels-me-out dept.
jfruh writes "Most day-to-day programmers have only a general idea of how compilers transform human-readable code into the machine language that actually powers computers. In an attempt to streamline applications, many compilers actually remove code that it perceives to be undefined or unstable — and, as a research group at MIT has found, in doing so can make applications less secure. The good news is the researchers have developed a model and a static checker for identifying unstable code. Their checker is called STACK, and it currently works for checking C/C++ code. The idea is that it will warn programmers about unstable code in their applications, so they can fix it, rather than have the compiler simply leave it out. They also hope it will encourage compiler writers to rethink how they can optimize code in more secure ways. STACK was run against a number of systems written in C/C++ and it found 160 new bugs in the systems tested, including the Linux kernel (32 bugs found), Mozilla (3), Postgres (9) and Python (5). They also found that, of the 8,575 packages in the Debian Wheezy archive that contained C/C++ code, STACK detected at least one instance of unstable code in 3,471 of them, which, as the researchers write (PDF), 'suggests that unstable code is a widespread problem.'"
The Almighty Buck

How To Lose $172,222 a Second For 45 Minutes 327

Posted by Soulskill
from the step-one-accrue-at-least-$172,222 dept.
An anonymous reader writes "Investment firm Knight Capital made headlines in 2012 for losing over $400 million on the New York Stock Exchange because of problems with their algorithmic trading software. Now, the owner of a Python programming blog noticed the release of a detailed SEC report into exactly what went wrong (PDF). It shows how a botched update rollout combined with useless or nonexistent process guidelines cost the company over $172,000 a second for over 45 minutes. From the report: 'When Knight used the Power Peg code previously, as child orders were executed, a cumulative quantity function counted the number of shares of the parent order that had been executed. This feature instructed the code to stop routing child orders after the parent order had been filled completely. In 2003, Knight ceased using the Power Peg functionality. In 2005, Knight moved the tracking of cumulative shares function in the Power Peg code to an earlier point in the SMARS code sequence. Knight did not retest the Power Peg code after moving the cumulative quantity function to determine whether Power Peg would still function correctly if called. ... During the deployment of the new code, however, one of Knight's technicians did not copy the new code to one of the eight SMARS computer servers. Knight did not have a second technician review this deployment and no one at Knight realized that the Power Peg code had not been removed from the eighth server, nor the new RLP code added. Knight had no written procedures that required such a review.'"

% APL is a natural extension of assembler language programming; ...and is best for educational purposes. -- A. Perlis