Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Google Is Testing Its Own Internet Speed Test In Search Results ( 43

An anonymous reader writes: Everyone appears to have a speed test of their own nowadays. Netflix launched more than a month ago; SourceForge released their new HTML5 speed test soon after. Google appears to want a piece of the action as they are trying out a way for people to check their internet speed by simply typing "check internet speed" into search. The tests are performed by Google's Measurement Lab tools, and were first spotted by Pete Meyers, who posted a screenshot of the feature and discovered a Google Support webpage detailing how it works. The feature has not been widely released yet, but it's possible we'll see it made more widely available soon.

Password App Developer Overlooks Security Hole to Preserve Ads ( 96

An anonymous reader quotes this report from Engadget: Think it's bad when companies take their time fixing security vulnerabilities? Imagine what happens when they avoid fixing those holes in the name of a little cash. KeePass 2 developer Dominik Reichl has declined to patch a flaw in the password manager's update check as the 'indirect costs' of the upgrade (which would encrypt web traffic) are too high -- namely, it'd lose ad revenue...

To his credit, Reichl notes that he'd like to move to encryption as soon as he believes it's possible. You can also verify that you're getting a signed download, if you're worried. However, it's still contradictory to develop a security-centric app and decide that security should take a back seat.

An update on the site says the software's version information file is now digitally signed, adding that KeePass "neither downloads nor installs any new version automatically. Users have to do this manually... users should check whether the file is digitally signed... HTTPS cannot prevent a compromise of the download server; checking the digital signature does."
Open Source

SourceForge Tightens Security With Malware Scans ( 84

Christine Hall at FOSS Force reports: It appears as if the new owners at SourceForge are serious about fixing the mistakes made by the sites previous owners. FOSS Force has just learned that as of today, the software repository used by many free and open source projects is scanning all hosted projects for malware. Projects that don't make the grade will be noticeably flagged with a red warning badge located beside the project's download button. According to a notice posted on the SourceForge website this afternoon, the scans look for "adware, viruses, and any unwanted applications that may be intentionally or inadvertently included in the software package." Account holders with projects flagged as containing malware will be notified by SourceForge. In today's announcement, SourceForge said that a thousand or so of the sites most popular projects [representing 84% of all SourceForge traffic] have so far been scanned, with scans continuing to eventually include "every last project, even dating back years." As the site hosts somewhere around 500,000 projects, this first scanning is expected to take several weeks. The company also says that beginning immediately, all new projects will be scanned during the uploading process. This latest move is in keeping with promises made to the community when the new owners, SourceForge Media, took control of SourceForge and Slashdot on January 28, 2016.

Meet UbuntuBSD, UNIX For Human Beings 219

prisoninmate writes: What's ubuntuBSD? Well, it's not that hard to figure out yourself, but just in case you're not sure, we can tell you that ubuntuBSD promises to bring the power of the FreeBSD kernel to Ubuntu Linux. The best part of using the FreeBSD kernel is that you'll end up using the famous Z File System, or ZFS. Xfce is also included along with the popular Firefox, LibreOffice, and Ubuntu Software Center apps. ubuntuBSD is inspired by the Debian GNU/kFreeBSD project, it is hosted on SourceForge, and has been created by Jon Boden.
Operating Systems

ReactOS 0.4 Brings Open Source Windows Closer To Reality ( 141

jeditobe was one of several readers to point out the newest major release of Windows NT-inspired ReactOS, which has just hit version 0.4, brings open source Windows compatibility a little bit closer. The new release includes out-of-the-box support for ext2, ext3, and ext4, as well as (remember, it is NT based) read-only support for NTFS. What else? Support was generally improved for third-party device drivers, making it substantially easier to install and use real hardware, as opposed to just virtual machines like VirtualBox. The internal WINE library was updated to improve support for Win32 programs. Support for Python 2.7 was added, making it possible to use python scripts in ReactOS. A substantial number of visual changes were added, with a vastly improved shell and file explorer, newer icons throughout ReactOS, improved support for fonts, and customizable visual themes. Even with these improvements, ReactOS 0.4 is still generally considered alpha-level software, though Alexander Rechitskiy, the innovation manager for ReactOS, notes that 0.4.1 may be almost beta-level software.
Open Source

SourceForge Eliminates DevShare Program ( 454

SourceForge has officially eliminated its DevShare program. The DevShare program delivered installer bundles as part of the download for participating projects. We want to restore our reputation as a trusted home for open source software, and this was a clear first step towards that. We are more interested in doing the right thing than making extra short-term profit. This is just the first step in a number of improvements we will outline in the coming weeks. SourceForge and Slashdot were acquired in late January by BIZX.

Ask Slashdot: How Can We Improve Slashdot? 1839

Hi all. Most of you are already aware that Slashdot was sold by DHI Group last week, and I very much enjoyed answering questions and reading feedback in the comments of that announcement story. There's no doubt that the Slashdot community is one of the most thoughtful, intelligent, and prolific communities on the web.

I wanted to use this opportunity to get a discussion going on how we can improve Slashdot moving forward. I am not talking about a full re-design that will detract from the original spirit of Slashdot, but rather: user experience, bug fixes, and feature improvements that are requested from actual /. users. We appreciated many of your suggestions in the story announcing the sale, and I have taken note of those suggestions. This story will serve as a more master list for feature requests and improvement suggestions.

We welcome any and all suggestions. Some ideas mentioned in the sale story were, in no particular order: Unicode support, direct messaging, increased cap on comment scores, put more weight on firehose voting to determine which stories make the front page, reduced time required between comments, and many more. We'd love a chance to discuss these suggestions and feature improvements and pros and cons here before we bring them back to our team for implementation.

Big Satellite Systems, Simulated On Your Desktop ( 44

An anonymous reader writes: Big systems of hundreds of satellites are under development to provide wireless Internet globally, with Richard Branson's OneWeb and Thales' LeoSat aiming at consumers and business markets respectively. It's like reliving the late 1990s, when Bill Gates' Teledesic and Motorola's Celestri were trying to do the same thing before merging their efforts and then giving up. And now you can simulate OneWeb and LeoSat for yourself, and compare them to older systems, in the new release of the vintage SaVi satellite simulation package, which was created in the 1990s during the first time around. Bear in mind Karl Marx's dictum of history: the first time is tragedy, and the second time is farce. Do these new systems stand a chance?

Slashdot and SourceForge Sold, Now Under New Management ( 1310

kodiaktau writes with a link to today's announcement that DHI Group, Inc. (which you might know better as Dice, the company that bought Slashdot and sister site SourceForge in 2012) today announced that it completed the sale of its Slashdot and SourceForge businesses (together referred to as 'Slashdot Media') to BIZX, LLC in a transaction that closed on January 27, 2016. Financial terms were not disclosed. DHI first announced its plan to sell Slashdot Media in July 2015 as part of its strategy to focus on its core brands, as Slashdot Media no longer fits within the Company's core strategic initiatives. KeyBanc Capital Markets Inc. served as the Company's exclusive financial advisor for the transaction. (FOSS Force has a short article with some more info BIZX and the sale.)

Ask Slashdot: Automated Verification For Uploaded Files? 74

VernonNemitz writes: There are a lot of ways for hackers to abuse a web site, but it seems to me that one of them is receiving less attention than it deserves. This is the simple uploading of a malware file, that has an innocent file-name extension. I'm looking for a simple file-type verification program that the site could automatically run, on each uploaded file, to test it to see if it is actually the type of file that its file-name extension claims it is. That way, if it ever gets double-clicked, we can be assured it won't hijack the system or worse. At the moment I'm only interested in testing .png files, but I'm sure plenty of web site operators would want to be able to test other file types. A quick Googling indicates the existence of a validator project under the OWASP umbrella, but is it the best choice, and what other choices are there?

What Your Photos Know About You ( 109

itwbennett writes: Sandra Henry-Stocker became curious about how much more complex the jpg format had become since she first did a deep dive into it more than twenty years ago, so she dug into how much information is stored and where. "This information is quite extensive — depending on the digital camera you're using," says Henry-Stocker, "containing detailed information about the photo such as the make and model of the digital camera that was used, whether a flash was used, the focal length, light value, and the shutter speed that was used when it was taken. And, if your phone/camera has geotagging turned on, it will also include the altitude, longitude and latitude of the place where the photo was taken." Henry-Stocker used exiftool to extract and label the data so you can see what is collected, and how you can protect your privacy as well as your intellectual property.

Ask Slashdot: How Can My Code Help? 47

An anonymous reader writes: The story will probably be familiar. My non-profit organization had a particular need (we want to communicate with government officials by offering anecdotes and stories of how we help their constituents), and while I created a solution, the time constraints and lack of experience, training and natural ability show. I'd like to do more with the code, both in terms of letting others have it for their needs and also because I'm sure talented coders could more quickly and efficiently solve some of the existing problems with my code. But how do I make that happen? What do I do with it?

I have every intention of continuing to work on it. I enjoyed the learning opportunity, and I've already identified a number of things I want to improve upon, but I recognize that even as crude as my code is, if it solved my issue it might help others too.

Do I just put it on Github or SourceForge and hope that someone else will have that magic formula of my use case and skill level (because someone more talented would probably make their own code easily enough, while someone less talented may not realize how doable the solution can be)? Do I try to find an existing project and see if I can shoe-horn my efforts in somewhere? Do I keep it to myself until some unspecified point in time that I realize it's right for sharing?
Read on for further background information on this question.

Ask Slashdot: Tips For Getting Into Model Railroading? 149

An anonymous reader writes: A relative of mine has been hinting that he'd like me to take over his model railroad collection in the event of his death (or even before that, to make this a bit less morbid-sounding). I'm intrigued by the idea, because I've been interested in model railroads for years, but too commitment shy and too transient to actually start a collection. That's changed enough that I'd like to start planning a train system, and am looking for advice from people who have been at it for a while. A couple of parameters: 1) I'm only interested for now in HO-scale stuff, so I am not all that interested in the relative merits of the other kinds, cool as they might be. 2) Related, I am somewhat less interested in the rolling stock than I am in the construction and control of the track and surrounding landscape. Interested in learning from experienced model railroad enthusiasts what lessons you've learned over the years that would be useful for a newbie, especially if you've made some cool automation for your system, or have built extensive support structures. This includes negative lessons, too, if you've overloaded circuits or floorboards. I'd *like* to integrate some interesting sensors and control systems, and I see some interesting open source software for this. So: What advice would you give to a late-start railroader? For reference: this set-up may end up living in an unfinished suburban basement.

In Windows 10, Ad-Free Solitaire Will Cost You $10 -- Every Year 296

Wired UK reports that the pre-installed Solitaire on Windows 10 capitalizes on the long-cultivated addiction that some users have to the game with an interesting bargain: rather than being an ordinary included application like it used to be, what may be the world's most pervasive on-screen office time-sink of a game now comes with ads, unless a user wants to pay (by the month, or by the year) to remove those ads. Notes the linked piece: "To be entirely fair, this is the same as on the Windows 8 version, which wasn't installed by default but could be downloaded from the Windows Store."

At $1.49/month or $10/year, this might be enough to drive some people who otherwise would not to check out some of the free, open-source games out there; PySolitaire is one of many in this incomplete list.

DHI Group Inc. Announces Plans to Sell Slashdot Media 552

An anonymous reader writes: DHI Group Inc. (formerly known as Dice Holdings Inc.) announced plans to sell Slashdot Media ( & in their Q2 financial report. This is being reported by multiple sources. Editor's note: Yep, looks like we're being sold again. We'll keep you folks updated, but for now I don't have any more information than is contained in the press release. Business as usual until we find a buyer (and hopefully after). The company prepared a statement for our blog as well — feel free to discuss the news here, there, or in both places.
Data Storage

A Note On Thursday's Downtime 75

If you were browsing the site on Thursday, you may have noticed that we went static for a big chunk of the day. A few of you asked what the deal was, so here's quick follow-up. The short version is that a storage fault led to significant filesystem corruption, and we had to restore a massive amount of data from backups. There's a post at the SourceForge blog going into a bit more detail, and describing the steps our Siteops team took (and is still taking) to restore service. (Slashdot and SourceForge share a corporate overlord, as well as a fair bit of infrastructure.)

SourceForge Suspends Independent Project Mirroring 124

vivaoporto writes: In a reversal motivated by community concerns (like the high profile outcry over the distribution of an ads-enabled installer for GIMP and the accusation by Fyodor of the hijacking of the nmap SourceForge project), SourceForge has discontinued third-party bundling of mirrored content.

Along with that, as of June 18th, SourceForge started "removing SourceForge-maintained mirrored projects" and engaging their "newly-formed Community Panel to discuss site features and program policies including a redesigned mirror program." Of the 295 mirrored projects, they removed all that were "not co-maintained with one or more of the original developers, except where the upstream site has been discontinued." For those wanting to reach SourceForge for some constructive feedback, they point to the recently-established Community Voice forum.
Note: SourceForge and Slashdot share a corporate overlord.

SourceForge Responds To nmap Maintainer's Claims 172

An anonymous reader writes: A few days ago, the maintainer of nmap (an open source network mapping tool) complained that SourceForge had taken over the nmap project page. SourceForge has now responded with a technical analysis of the nmap project history. They said, "We've confirmed conclusively that no changes were made to the project or data, and that all past download delivery by nmap on SourceForge was through our web hosting service where content is project-administered."

They detail the history of services used by the nmap project, and use screenshots from the Internet Archive to show how long the project was empty. SourceForge said, "The last update date in 2013 relates to the migration of the nmap project (along with all other projects on the site) from SourceForge's sfx code base to the new Apache Allura-based code base. This migration was an automated operation conducted for all projects, and this platform change did not augment data in the Project Web service or File Release System. We therefore conclude that no content has been removed from the nmap project page." They also confirmed that nmap downloads were never bundled with ads: "Infosec professionals do not generally wish to install secondary offers."
Note: SourceForge and Slashdot share a corporate overlord.

nmap Maintainer Warns He Doesn't Control nmap SourceForge Mirror 145

vivaoporto writes: Gordon Lyon (better known as Fyodor, author of nmap and maintainer of the internet security resource sites,,, and warns on the nmap development mailing list that he does not control the SourceForge nmap project.

According to him the old Nmap project page (located at, screenshot) was changed to a blank page and its contents were moved to a new page (, screenshot) which is controlled by sf-editor1 and sf-editor3, in a pattern mirroring the much discussed takeover of the GIMP-Win page discussed last week on Ars Technica, IT World and eventually this week on Slashdot.

On Monday, Sourceforge promised to stop "presenting third party offers for unmaintained SourceForge projects," and to their credit Fyodor states, "So far they seem to be providing just the official Nmap files," but reiterates "that you should only download Nmap from our official SSL Nmap site:"
To browse the projects and mirrors currently controlled by SourceForge, you can look at these account pages: sf-editor1, sf-editor2, and sf-editor3.

SourceForge and GIMP [Updated] 384

New submitter tresf writes: In response to a Google+ post from the Gimp project claiming that "[Sourceforge] is now distributing an ads-enabled installer of GIMP," Sourceforge had this response: "In cases where a project is no longer actively being maintained, SourceForge has in some cases established a mirror of releases that are hosted elsewhere. This was done for GIMP-Win.

Submitter's note: Gimp is actively being maintained and the definition of "mirror" is quite misleading here as a modified binary is no longer a verbatim copy. Download statistics for Gimp on Windows show SourceForge as offering over 1,000 downloads per day of the Gimp software.

In an official response to this incident, the official Gimp project team reminds users to use official download methods. Slashdotters may remember the last time news like this surfaced (2013) when the Gimp team decided to move downloads from SourceForge to their own FTP service. "Therefore, we remind you again that GIMP only provides builds for Windows via its official Downloads page." Note: SourceForge and Slashdot share a corporate parent.
Editor's note: I just got back from a busy weekend to see that a bunch of people are freaking out that we're "burying" this story, so here it is. Go hog wild. Sorry it took so long. (And for future reference, user submissions are easily found in the firehose, listed in the order they appear, newest first.)

Update: 06/01 22:37 GMT by T : The SourceForge blog has a welcome update; SourceForge, it says, has effective today "stopped presenting third party offers for unmaintained SourceForge projects. ... At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."

Slashdot Top Deals