Security

XML Library Flaw — Sun, Apache, GNOME Affected 140

bednarz writes with this excerpt from Network World: "Vulnerabilities discovered in XML libraries from Sun, the Apache Software Foundation, the Python Software Foundation and the GNOME Project could result in successful denial-of-service attacks on applications built with them, according to Codenomicon. The security vendor found flaws in XML parsers that made it fairly easy to cause a DoS attack, corruption of data, and delivery of a malicious payload using XML-based content. Codenomicon has shared its findings with industry and the open source groups, and a number of recommendations and patches for the XML-related vulnerabilities are expected to be made available Wednesday. In addition, a general security advisory is expected to be published by the Computer Emergency Response Team in Finland (CERT-FI)."
Programming

The Best First Language For a Young Programmer 634

snydeq writes "Fatal Exception's Neil McAllister questions whether Scheme, a dialect of Lisp taught as part of many first-year CS curricula and considered by some to be the 'latin of programming,' is really the best first language for a young programmer. As he sees it, the essentially write-only Scheme requires you to bore down into the source code just to figure out what a Scheme program is trying to do — excellent for teaching programming but 'lousy for a 15-year-old trying to figure out how to make a computer do stuff on his own.' And though the 'hacker ethic' may in fact be harming today's developers, McAllister still suggests we encourage the young to 'develop the innate curiosity and love of programming that lies at the heart of any really brilliant programmer' by simply encouraging them to fool around with whatever produces the most gratifying results. After all, as Jeff Atwood puts it, 'what we do is craftmanship, not engineering,' and inventing effective software solutions takes insight, inspiration, deduction, and often a sprinkling of luck. 'If that means coding in Visual Basic, so be it. Scheme can come later.'"
Networking

Best Tools For Network Inventory Management? 251

jra writes "Once every month or so, people ask here about backups, network management, and so on, but one topic I don't see come up too often is network inventory management — machines, serial numbers, license keys, user assignments, IP addresses, and the like. This level of tracking is starting to get out of hand in my facility as we approach 100 workstations and 40 servers, and I'm looking for something to automate it. I'm using RT (because I'm not a good enough Web coder to replace it, not because I especially like it) and Nagios 3. I've looked at Asset Tracker, but it seems too much like a toolkit for building things to do the job, and I don't want my ticket tracking users to have to be hackers (having to specify a URL for an asset is too hackish for my crew). I'd prefer something standalone, so I don't have to dump RT or Nagios, but if something sufficiently good looking comes by, I'd consider it. I'd like to be able to hack a bit here and there, if I must. Perl and Python, along with C, are the preferred implementation languages; least favorite is Java. Anyone care to share their firsthand experiences with this topic, and what tools they use (or built) to deal with it? "
Programming

Open Source Languages Rumble At OSCON 197

blackbearnh writes "Everybody knows what the best programming language is, it's whatever one you like the most. But is there a best language overall? Or even a best language for a given purpose? This question has been debated since the first time there were two languages to choose from. The argument is still going on, of course, but maybe a little light will be shed on the issue this week at OSCON. On Wednesday night at 7PM Pacific, representatives of the 5 major open source languages (perl, PHP, Python, Java and Ruby), as arbitrarily decided by O'Reilly, will meet to debate the merits of their various languages. If you're not going to be at OSCON, you can watch it live on a webcast and pose questions or comments to the participants. The representatives are: Python: Alex Martelli, Google; Ruby: Brian Ford, Engine Yard; PHP: Laura Thomson, Mozilla; Perl: Jim Brandt, Perl Foundation; Java: Rod Johnson, SpringSource."
Google

Google Releases Open Source NX Server 257

wisesifu writes with news of a new open source NX server, dubbed NeatX, that was released by Google and promptly lost in the shuffle of the Chrome OS announcement. "NX technology was developed by NoMachine to handle remote X Window connections and make a graphical desktop display usable over the Internet. By its own admission, Google has been looking at remote desktop technologies for 'quite a while' and decided to develop Neatx as existing NX server products are either proprietary or difficult to maintain. 'The good old X Window system can be used over the network, but it has issues with network latency and bandwidth. Neatx remedies some of these issues,' Google engineers wrote on the company's open source blog. NoMachine had released parts of the source code to its NX product under the GPL, but the NX server remained proprietary. [...] Neatx is written in Python, with a few wrapper scripts in Bash and one program written in C 'for performance reasons.'"
Image

Hello World! Screenshot-sm 199

stoolpigeon writes "Hitting middle age has been an interesting time. I catch myself thinking about how well kids have it today and sounding a lot like my father. One difference is while my dad was happy to teach me about sports or cars, we never spent any time knocking out code together. I think he did realize that home computers were important and I will always be grateful for the Commodore Vic-20 he brought home one day. It was a substantial purchase for our household. I spent many days copying lines of basic from magazines and saving the results to cassette tapes. In my home today we have a considerably better situation, computing wise. There are usually a couple laptops running as well as the desktop machine upstairs. My kids take for granted what I found to be amazing and new. Still, that's all pretty normal and I'd like to give them an opportunity to go deeper if they are so inclined, just like we give them opportunities to explore other skills and pursuits. With that in mind I brought a copy of Hello World! home a few weeks ago, and the response from my oldest has been surprisingly enthusiastic." Keep reading for the rest of JR's review.
Education

Which Language Approach For a Computer Science Degree? 537

wikid_one writes "I recently went back to college to finish my CS degree, however this time I moved to a new school. My previous school taught only C++, except for a few higher level electives (OpenGL). The school I am now attending teaches what seems like every language in the book. The first two semesters are Java, and then you move to Python, C, Bash, Oracle, and Assembly. While I feel that it would be nice to get a well-rounded introduction to the programming world, I also feel that I am going to come out of school not having the expertise required in a single language to land a good job. After reading the syllabi, all the higher level classes appear to teach concepts rather than work to develop advanced techniques in a specific language. Which method of teaching is going to better provide me with the experience I need, as well as the experience an employer wants to see in a college graduate?"
Image

CJKV Information Processing 2nd ed. Screenshot-sm 52

stoolpigeon writes "At the end of last year, I made a move from an IT shop focused on supporting the US side of our business to a department that provides support to our operations outside the US. This was the first time I've worked in an international context and found myself, on a regular basis, running into long-time assumptions that were no longer true. My first project was implementing a third-party, web-based HR system for medium-sized offices. I found myself constantly missing important issues because I had such a narrow approach to the problem space. Sure, I've built applications and databases that supported Unicode, but I've never actually implemented anything with them but the same types of systems I'd built in the past with ASCII. But a large portion of the world's population is in Asia, and ASCII is certainly not going to cut it there. Fortunately, a new edition of Ken Lunde's classic CJKV Information Processing has become available, and it has really opened my eyes." Keep reading for the rest of JR's review.
Input Devices

Better Tools For Disabled Geeks? 228

layabout writes "We've seen tremendous advances in user interfaces over the past few years. Unfortunately, those UIs and supporting infrastructure exclude the disabled. In the same timeframe there has been virtually no advance in accessibility capabilities. It's the same old sticky keys, unicorn stick, speech recognition, text-to-speech that kind-of, sort-of, works except when you need to work with with real applications. Depending on whose numbers you use, anywhere from 60,000 to 100,000 keyboard users are injured every year — some temporarily, some permanently. In time, almost 100% of keyboard users will have trouble typing and using many if not all mobile computing devices. My question to Slashdot: Given that some form of disability is almost inevitable, what's keeping you from volunteering and working with geeks who are already disabled? By spending time now building the interfaces and tools that will enable them to use computers more easily, you will also be ensuring your own ability to use them in the future." Follow the link for more background on this reader's query.
Programming

Should Undergraduates Be Taught Fortran? 794

Mike Croucher writes "Despite the fact that it is over 40 years old, Fortran is still taught at many Universities to students of Physics, Chemistry, Engineering and more as their first ever formal introduction to programming. According to this article that shouldn't be happening anymore, since there are much better alternatives, such as Python, that would serve a physical science undergraduate much better. There may come a time in some researchers' lives where they need Fortran, but this time isn't in 'programming for chemists 101.' What do people in the Slashdot community think?"
Programming

Comparing the Size, Speed, and Dependability of Programming Languages 491

In this blog post, the author plots the results of 19 different benchmark tests across 72 programming languages to create a quantitative comparison between them. The resulting visualizations give insight into how the languages perform across a variety of tasks, and also how some some languages perform in relation to others. "If you drew the benchmark results on an XY chart you could name the four corners. The fast but verbose languages would cluster at the top left. Let's call them system languages. The elegantly concise but sluggish languages would cluster at the bottom right. Let's call them script languages. On the top right you would find the obsolete languages. That is, languages which have since been outclassed by newer languages, unless they offer some quirky attraction that is not captured by the data here. And finally, in the bottom left corner you would find probably nothing, since this is the space of the ideal language, the one which is at the same time fast and short and a joy to use."
Silicon Graphics

SGI's Open Source Performance Co-Pilot 24

codesmythe writes "The Fates, through SGI nee Rackable, have granted a new beginning to Silicon Valley's once darling Silicon Graphics. Despite old mistakes and economic misfortunes, Silicon Graphics' engineering contributions are legendary: their systems (oh, the systems!), and software such as the well known OpenGL and the little known Performance Co-Pilot. PCP is an enterprise-class open source system monitoring, measurement, and visualization infrastructure — overlooked in last fall's monitoring tool discussion. Since its proprietary beginning in 1993, PCP has been re-released as open source and ported to all major operating systems. Readers of Slashdot's recent Beginning Python Visualization book review will be pleased to hear there are Python interfaces to PCP data sources. Here is an example of using Python and Blender to visualize PCP data (registration may be required). The PCP dev community is well and active, and includes several of the original team members."
KDE

KOffice 2.0.0 Now Open For Firefox-Like Extensions 165

jakeb writes "After a massive three-year development effort KOffice 2.0.0 has been released (packages for Kubuntu are available) aiming to be a lightweight, cross-platform office suite that supports third-party apps and extensions. With its new design (everything, including the core components, is a module) and bindings, you don't need to know C++ to hack on KOffice, as extensions can be written in Python or Java, among others. TechWorld has an interview with KOffice marketing coordinator Inge Wallin about the vision for an easy-to-use office suite that supports click-to-install extensions like Firefox. Will this be the key to KOffice rising above all other free office suites? The KOffice devs think so. An online repository of extensions, templates, and content for KOffice? I like the sound of that."
Image

Beginning Python Visualization Screenshot-sm 46

aceydacey writes "Sometimes a picture is worth a thousand words. Beginning Python Visualization: Creating Visual Transformation Scripts, published in February 2009 by Apress, shows how Python and its related tools can be used to easily and effectively turn raw data into visual representations that communicate effectively. The author is Shai Vaingast, a professional engineer and engineering manager who needed to train scientists and engineers to do this kind of programming work. He was looking for a tutorial and reference work, and unable to find a suitable text, wound up writing his first book. He writes in the easy and clear style of someone comfortable and engaged with the subject matter." Keep reading for the rest of aceydacey's review.
Image

Teen Tries To Rob Cafe With a Banana Screenshot-sm 26

niktemadur writes "In an uncanny case of life-imitates-Monty-Python, the BBC reports of a North Carolina teenager who entered an internet cafe with a banana concealed under his T-shirt, said it was a gun and demanded money. The owner of the shop and its customers overcame the hapless thief and called for help. When the police arrived, witnesses reported that the teenager had eaten the banana in the interim. In addition to attempted armed robbery, officers joked they may also charge the 17-year-old with destroying evidence and took pictures of the banana peel instead. No mention in the article, however, on how patrons might have defended themselves against a pointed stick."
Software

Miro Asks Users To "Adopt" Lines of Source 178

soDean writes "The FOSS video player / downloader Miro is asking its users to support development by 'adopting' a line of source code for $4 a month. Each adopted line of code comes personalized with a little avatar character that will grow older over the year. PCF, which makes Miro, says they think the project is the first of its kind and they believe it's a chance to 'to have a truly bottom up funding base.'"
Image

Philosophies and Programming Languages Screenshot-sm 239

evariste.galois writes "Wikipedia has a special section called, 'Language Philosophy,' in every article for a programming language. This section looks at the motivation and the basic principles of the language design. What if we investigate further than that? What deeper connections between philosophies and programming languages exist? By considering the most influential thinkers of all time (e.g. Plato, Descartes, Kant) we can figure out which programming language fits best with aspects of their philosophy (Did you know that Kant was the first Python programmer)? The list is not exhaustive, but this is a funny and educative start."
Media

Boxee Launches New API 69

A recent post on the boxee blog announces the release of a new, fully documented API that will allow developers to create and share new apps and plugins. "The new boxee API enables developers to build sophisticated applications (such as the Pandora and RadioTime apps) using a set of API calls in Python and writing the GUI using XML. ... Users can install new applications via the boxee App Box, the beginnings of our app store. Unlike other app stores, boxee does not want to be a gate keeper (or bottleneck) in deciding which applications are published so anyone can become a publisher." A complete description is available at their developers page. I'm sure this will help in their ongoing battle with Hulu.
Programming

Project Aims For 5x Increase In Python Performance 234

cocoanaut writes "A new project launched by Google's Python engineers could make the popular programming language five times faster. The project, which is called Unladen Swallow, seeks to replace the Python interpreter's virtual machine with a new just-in-time (JIT) compilation engine that is built on LLVM. The first milestone release, which was announced at PyCon, already offers a 15-25% performance increase over the standard CPython implementation. The source code is available from the Google Code web site."
Image

Holy Hand Grenade of Antioch Provokes Bomb Scare Screenshot-sm 186

Bomb disposal teams were called in and a nearby pub evacuated after water company engineers mistook a Monty Python film prop for a hand grenade. After nearly an hour of examination by bomb experts, they counted to three. No more. No less. Three was the number they counted, and the number they counted was three. Four they did not count, nor two, except to proceed to three. Five was right out. Once the number three had been reached, being the third number, they declared that the grenade was actually a copy of the "Holy Hand Grenade of Antioch" used in the film Monty Python And The Holy Grail. A police spokeswoman confirmed that the device was a toy and that it had been no danger to the public.

Slashdot Top Deals