Slashdot Deals: Get The Fastest VPN For Your Internet Security Lifetime Subscription Of PureVPN at 88% off. ×

Ask Slashdot: Automated Verification For Uploaded Files? 74

VernonNemitz writes: There are a lot of ways for hackers to abuse a web site, but it seems to me that one of them is receiving less attention than it deserves. This is the simple uploading of a malware file, that has an innocent file-name extension. I'm looking for a simple file-type verification program that the site could automatically run, on each uploaded file, to test it to see if it is actually the type of file that its file-name extension claims it is. That way, if it ever gets double-clicked, we can be assured it won't hijack the system or worse. At the moment I'm only interested in testing .png files, but I'm sure plenty of web site operators would want to be able to test other file types. A quick Googling indicates the existence of a validator project under the OWASP umbrella, but is it the best choice, and what other choices are there?

What Your Photos Know About You ( 109

itwbennett writes: Sandra Henry-Stocker became curious about how much more complex the jpg format had become since she first did a deep dive into it more than twenty years ago, so she dug into how much information is stored and where. "This information is quite extensive — depending on the digital camera you're using," says Henry-Stocker, "containing detailed information about the photo such as the make and model of the digital camera that was used, whether a flash was used, the focal length, light value, and the shutter speed that was used when it was taken. And, if your phone/camera has geotagging turned on, it will also include the altitude, longitude and latitude of the place where the photo was taken." Henry-Stocker used exiftool to extract and label the data so you can see what is collected, and how you can protect your privacy as well as your intellectual property.

Ask Slashdot: How Can My Code Help? 47

An anonymous reader writes: The story will probably be familiar. My non-profit organization had a particular need (we want to communicate with government officials by offering anecdotes and stories of how we help their constituents), and while I created a solution, the time constraints and lack of experience, training and natural ability show. I'd like to do more with the code, both in terms of letting others have it for their needs and also because I'm sure talented coders could more quickly and efficiently solve some of the existing problems with my code. But how do I make that happen? What do I do with it?

I have every intention of continuing to work on it. I enjoyed the learning opportunity, and I've already identified a number of things I want to improve upon, but I recognize that even as crude as my code is, if it solved my issue it might help others too.

Do I just put it on Github or SourceForge and hope that someone else will have that magic formula of my use case and skill level (because someone more talented would probably make their own code easily enough, while someone less talented may not realize how doable the solution can be)? Do I try to find an existing project and see if I can shoe-horn my efforts in somewhere? Do I keep it to myself until some unspecified point in time that I realize it's right for sharing?
Read on for further background information on this question.

Ask Slashdot: Tips For Getting Into Model Railroading? 149

An anonymous reader writes: A relative of mine has been hinting that he'd like me to take over his model railroad collection in the event of his death (or even before that, to make this a bit less morbid-sounding). I'm intrigued by the idea, because I've been interested in model railroads for years, but too commitment shy and too transient to actually start a collection. That's changed enough that I'd like to start planning a train system, and am looking for advice from people who have been at it for a while. A couple of parameters: 1) I'm only interested for now in HO-scale stuff, so I am not all that interested in the relative merits of the other kinds, cool as they might be. 2) Related, I am somewhat less interested in the rolling stock than I am in the construction and control of the track and surrounding landscape. Interested in learning from experienced model railroad enthusiasts what lessons you've learned over the years that would be useful for a newbie, especially if you've made some cool automation for your system, or have built extensive support structures. This includes negative lessons, too, if you've overloaded circuits or floorboards. I'd *like* to integrate some interesting sensors and control systems, and I see some interesting open source software for this. So: What advice would you give to a late-start railroader? For reference: this set-up may end up living in an unfinished suburban basement.

In Windows 10, Ad-Free Solitaire Will Cost You $10 -- Every Year 296

Wired UK reports that the pre-installed Solitaire on Windows 10 capitalizes on the long-cultivated addiction that some users have to the game with an interesting bargain: rather than being an ordinary included application like it used to be, what may be the world's most pervasive on-screen office time-sink of a game now comes with ads, unless a user wants to pay (by the month, or by the year) to remove those ads. Notes the linked piece: "To be entirely fair, this is the same as on the Windows 8 version, which wasn't installed by default but could be downloaded from the Windows Store."

At $1.49/month or $10/year, this might be enough to drive some people who otherwise would not to check out some of the free, open-source games out there; PySolitaire is one of many in this incomplete list.

DHI Group Inc. Announces Plans to Sell Slashdot Media 552

An anonymous reader writes: DHI Group Inc. (formerly known as Dice Holdings Inc.) announced plans to sell Slashdot Media ( & in their Q2 financial report. This is being reported by multiple sources. Editor's note: Yep, looks like we're being sold again. We'll keep you folks updated, but for now I don't have any more information than is contained in the press release. Business as usual until we find a buyer (and hopefully after). The company prepared a statement for our blog as well — feel free to discuss the news here, there, or in both places.
Data Storage

A Note On Thursday's Downtime 75

If you were browsing the site on Thursday, you may have noticed that we went static for a big chunk of the day. A few of you asked what the deal was, so here's quick follow-up. The short version is that a storage fault led to significant filesystem corruption, and we had to restore a massive amount of data from backups. There's a post at the SourceForge blog going into a bit more detail, and describing the steps our Siteops team took (and is still taking) to restore service. (Slashdot and SourceForge share a corporate overlord, as well as a fair bit of infrastructure.)

SourceForge Suspends Independent Project Mirroring 124

vivaoporto writes: In a reversal motivated by community concerns (like the high profile outcry over the distribution of an ads-enabled installer for GIMP and the accusation by Fyodor of the hijacking of the nmap SourceForge project), SourceForge has discontinued third-party bundling of mirrored content.

Along with that, as of June 18th, SourceForge started "removing SourceForge-maintained mirrored projects" and engaging their "newly-formed Community Panel to discuss site features and program policies including a redesigned mirror program." Of the 295 mirrored projects, they removed all that were "not co-maintained with one or more of the original developers, except where the upstream site has been discontinued." For those wanting to reach SourceForge for some constructive feedback, they point to the recently-established Community Voice forum.
Note: SourceForge and Slashdot share a corporate overlord.

SourceForge Responds To nmap Maintainer's Claims 172

An anonymous reader writes: A few days ago, the maintainer of nmap (an open source network mapping tool) complained that SourceForge had taken over the nmap project page. SourceForge has now responded with a technical analysis of the nmap project history. They said, "We've confirmed conclusively that no changes were made to the project or data, and that all past download delivery by nmap on SourceForge was through our web hosting service where content is project-administered."

They detail the history of services used by the nmap project, and use screenshots from the Internet Archive to show how long the project was empty. SourceForge said, "The last update date in 2013 relates to the migration of the nmap project (along with all other projects on the site) from SourceForge's sfx code base to the new Apache Allura-based code base. This migration was an automated operation conducted for all projects, and this platform change did not augment data in the Project Web service or File Release System. We therefore conclude that no content has been removed from the nmap project page." They also confirmed that nmap downloads were never bundled with ads: "Infosec professionals do not generally wish to install secondary offers."
Note: SourceForge and Slashdot share a corporate overlord.

nmap Maintainer Warns He Doesn't Control nmap SourceForge Mirror 145

vivaoporto writes: Gordon Lyon (better known as Fyodor, author of nmap and maintainer of the internet security resource sites,,, and warns on the nmap development mailing list that he does not control the SourceForge nmap project.

According to him the old Nmap project page (located at, screenshot) was changed to a blank page and its contents were moved to a new page (, screenshot) which is controlled by sf-editor1 and sf-editor3, in a pattern mirroring the much discussed takeover of the GIMP-Win page discussed last week on Ars Technica, IT World and eventually this week on Slashdot.

On Monday, Sourceforge promised to stop "presenting third party offers for unmaintained SourceForge projects," and to their credit Fyodor states, "So far they seem to be providing just the official Nmap files," but reiterates "that you should only download Nmap from our official SSL Nmap site:"
To browse the projects and mirrors currently controlled by SourceForge, you can look at these account pages: sf-editor1, sf-editor2, and sf-editor3.

SourceForge and GIMP [Updated] 384

New submitter tresf writes: In response to a Google+ post from the Gimp project claiming that "[Sourceforge] is now distributing an ads-enabled installer of GIMP," Sourceforge had this response: "In cases where a project is no longer actively being maintained, SourceForge has in some cases established a mirror of releases that are hosted elsewhere. This was done for GIMP-Win.

Submitter's note: Gimp is actively being maintained and the definition of "mirror" is quite misleading here as a modified binary is no longer a verbatim copy. Download statistics for Gimp on Windows show SourceForge as offering over 1,000 downloads per day of the Gimp software.

In an official response to this incident, the official Gimp project team reminds users to use official download methods. Slashdotters may remember the last time news like this surfaced (2013) when the Gimp team decided to move downloads from SourceForge to their own FTP service. "Therefore, we remind you again that GIMP only provides builds for Windows via its official Downloads page." Note: SourceForge and Slashdot share a corporate parent.
Editor's note: I just got back from a busy weekend to see that a bunch of people are freaking out that we're "burying" this story, so here it is. Go hog wild. Sorry it took so long. (And for future reference, user submissions are easily found in the firehose, listed in the order they appear, newest first.)

Update: 06/01 22:37 GMT by T : The SourceForge blog has a welcome update; SourceForge, it says, has effective today "stopped presenting third party offers for unmaintained SourceForge projects. ... At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."

Building a Procedural Dungeon Generator In C# 83

Nerval's Lobster writes Procedural dungeon generation is a fun exercise for programmers. Despite the crude interface, such games continue to spark interest. A quarter century ago, David Bolton wrote a dungeon generator in procedural Pascal; now he's taken that old code and converted it to C#. It's amazing just how fast it runs on a five-year-old i7 950 PC with 16GB of RAM. If you want to follow along, you can find his code for the project on SourceForge. The first part of the program generates the rooms in a multilevel dungeon. Each level is based on a 150 x 150 grid and can have up to 40 rooms. Rather than just render boring old rectangular rooms, there are also circular rooms. "There are a couple of places where corridor placement could have been optimized better," Bolton wrote about his experiment. "However, the dungeon generation is still very fast, and could provide a good programming example for anyone exploring what C# can do." For C# beginners, this could represent a solid exercise.

India Blocks Code Sharing Websites On Anti-Terror Advisory 78

darkstar019 writes The Indian government has banned websites under the pretext that ISIS is using them for anti-Indian purposes. The list includes code sharing websites like Pastebin, Github and Sourceforge. As of now, these websites are still up. From the article: "Officials from the department of Information Technology and the department of telecom were not available for comment. 'These are all providing very dangerous kind of cut and paste services..You can take code, cut it, paste it, remove it, delete it,' said one government official who requested anonymity."

Book Review: Build Your Own Website: A Comic Guide to HTML, CSS, and WordPress 31

MassDosage writes "At the the risk of exposing my age I remember building my first website using a rudimentary Unix text editor (Joe) and carefully handcrafting the Hypertext Markup Language (HTML) while directly logged on to the web server it was being served from. Back then Cascading Style Sheets (CSS) weren't even a glint in the eyes of their creators. A lot has changed and there's now a world of fancy WYSIWYG web page editors to choose from as well as Content Management Systems that allow you to create websites without looking at the underlying code at all. While this is all very useful and allows less technical people to create websites I still feel that having at least some knowledge of how everything works under the hood is empowering — especially in situations where you want to go beyond the limits placed on you by a certain tool. This is where Build Your Own Website: A comic guide to HTML, CSS and Wordpress comes into the picture. Its aim is to enable people new to web development to learn the subject by teaching the fundamentals of HTML and CSS first and only then describing how to use a Content Management System (CMS) — in this case Wordpress. While Wordpress might not be everyone's kettle of fish it's a good choice as an example of a modern CMS that is easily accessible and very popular. The concepts presented are simple enough that it should be easy enough for a reader to apply them to a different CMS should they want to. Read below for The rest of MassDosage's review.

Tao3D: a New Open-Source Programming Language For Real-Time 3D Animations 158

descubes (35093) writes "Tao3D is a new open-source programming language designed for real-time 3D animations. With it, you can quickly create interactive, data-rich presentations, small applications, proofs of concept, user interface prototypes, and more. The interactivity of the language, combined with its simplicity and graphical aspects, make it ideal to teach programming.

Tao3D also demonstrates a lot of innovation in programming language design. It makes it very easy to create new control structures. Defining if-then-else is literally a couple of lines of code. The syntax to pass pass blocks of code to functions is completely transparent. And it is fully reactive, meaning that it automatically reacts as necessary to external events such as mouse movements or the passage of time.

The source code was just made available under the GNU General Public License v3 on SourceForge [as linked above], GitHub and Gitorious."
Open Source

Ask Slashdot: Aging and Orphan Open Source Projects? 155

osage writes: Several colleagues and I have worked on an open source project for over 20 years under a corporate aegis. Though nothing like Apache, we have a sizable user community and the software is considered one of the de facto standards for what it does. The problem is that we have never been able to attract new, younger programmers, and members of the original set have been forced to find jobs elsewhere or are close to retirement. The corporation has no interest in supporting the software. Thus, in the near future, the project will lose its web site host and be devoid of its developers and maintainers. Our initial attempts to find someone to adopt the software haven't worked. We are looking for suggestions as to what course to pursue. We can't be the only open source project in this position.

A Beginner's Guide To Programming With Swift 72

Nerval's Lobster (2598977) writes Earlier this year, Apple executives unveiled Swift, which is meant to eventually replace Objective-C as the programming language of choice for Macs and iOS devices. Now that iOS 8's out, a lot of developers who build apps for Apple's platforms will likely give Swift a more intensive look. While Apple boasts that Swift makes programming easy, it'll take some time to learn how the language works. A new walkthrough by developer David Bolton shows how to build a very simple app in Swift, complete with project files (hosted on SourceForge) so you can follow along. A key takeaway: while some Swift features do make programming easier, there's definitely a learning curve here.

Larry Rosen: A Case Study In Understanding (and Enforcing) the GPL 191

lrosen (attorney Lawrence Rosen) writes with a response to an article that appeared on late last month, detailing a court case that arose between Versata Software and Ameriprise Financial Services; part of the resulting dispute hinges on Versata's use of GPL'd software (parsing utility VTD-X, from Ximpleware), though without acknowledging the license. According to the article's author, attorney Aaron Williamson (former staff attorney for the Software Freedom Law Center), "Lawyers for commercial software vendors have feared a claim like this for essentially the entire 20-odd-year lifetime of the GPL: a vendor incorporates some GPL-licensed code into a product—maybe naively, maybe willfully—and could be compelled to freely license the entire product as a result. The documents filed by Amerprise in the case reflect this fearful atmosphere, adopting the classically fear-mongering characterization of the GPL as a 'viral' license that 'infects' its host and 'requires it to become open source, too.'" Rosen writes: I want to acknowledge Aaron's main points: This lawsuit challenges certain assumptions about GPLv2 licensing, and it also emphasizes the effects of patents on the FOSS (and commercial) software ecosystem. I also want to acknowledge that I have been consulted as an expert by the plaintiff in this litigation (Ximpleware vs. Versata, et al.) and so some of what I say below they may also say in court. Read on for the rest (and Williamson's article, too, for a better understanding of this reaction to it). An important take-away: it's not just the license that matters.
Open Source

Video Meet Apache Software Foundation VP Rich Bowen (Video) 14

Apache is behind a huge percentage of the world's websites, and the Apache Software Foundation is the umbrella organization that provides licensing and stucture for open source projects ranging from the Apache Web server to Apache OpenOffice to small utilities that aren't household names but are often important to a surprising number of people and companies. Most of us never get to meet the people behind groups like the Apache Software Foundation -- except today we tag along with Tim Lord at OSCON and chat with Apache Software Foundation Executive Vice President Rich Bowen -- who is also Red Hat's OpenStack Community Liason. (Alternate Video Link) Update: 07/30 22:23 GMT by T : Note that Bowen formerly served as Slashdot sister site SourceForge's Community Manager, too.
Open Source

Ask Slashdot: Where Do You Get (or Share) News About Open Source Projects? 85

An anonymous reader writes "Now that / doesn't accept any updates, I wonder how the Slashdot crowd gets news about new projects, and even new versions of existing projects. For project managers, where could you announce new versions of your project, so that it can reach not just those who already know the project. Freshmeat / Freecode had all the tools to explore and discover projects, see screenshots (a mandatory feature for any software project, even with only a console interface or no interface at all) and go to the homepage of the project. I subscribed years ago to the RSS feed and sometimes found interesting projects this way. You could replace these tools by subscribing to newsletters or feeds from the projects you follow, but that doesn't cover the discovery part." And do any of the major development / hosting platforms for Free / Open Source projects (GitHub, Launchpad, or Slashdot sister-site SourceForge) have tools you find especially useful for skimming projects of interest?