snydeq writes "Simon Phipps sheds light on a fight for control over Vert.x, an open source project for scalable Web development that 'seems immunized to corporate control.' 'Vert.x is an asynchronous, event-driven open source framework running on the JVM. It supports the most popular Web programming languages, including Java, JavaScript, Groovy, Ruby, and Python. It's getting lots of attention, though not necessarily for the right reasons. A developer by the name of Tim Fox, who worked at VMware until recently, led the Vert.x project — before VMware's lawyers forced him to hand over the Vert.x domain, blog, and Google Group. Ironically, the publicity around this action has helped introduce a great technology with an important future to the world. The dustup also illustrates how corporate politics works in the age of open source: As corporate giants grasp for control, community foresight ensures the open development of innovative technology carries on.'"

vikingpower writes "As a previous Slashdot story already reported, Ruby on Rails was recently reported to suffer from a major SQL injection flaw. This has prompted the Dutch government to take the one and only national site for citizens' digital identification offline (link in Dutch, Google translation to English). Here is the English-language placeholder page for the now-offline site. This means that 16 million Dutch citizens cannot authenticate themselves anymore with government instances, and that those same government instances can not communicate anything to those same citizens anymore." Fixes were released, so it looks like it's on their sysadmin team now.

Trailrunner7 writes with the news as posted at Threatpost (based on this advisory) that "All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an attacker to inject code into Web applications. The vulnerability is a serious one given the widespread use of the popular framework for developing Web apps, and the maintainers of Ruby on Rails have released new versions that fix the flaw, versions 3.2.10, 3.1.9 and 3.0.18. The advisory recommends that users running affected versions, which is essentially anyone using Ruby on Rails, upgrade immediately to one of the fixed versions, 3.2.10, 3.1.9 or 3.0.18. The vulnerability lies specifically in the Ruby on Rails framework, and its presence doesn't mean that all of the apps developed on vulnerable versions are susceptible to the bug."

theodp writes "Silly rabbit, parallel processing is not just for Big Data! Building on techniques outlined by Andy Baio back in 2008, Wired writer and 20% Doctrine evangelist Ryan Tate has released Ruby-based software called Typingpool to make audio transcriptions easier and cheaper. 'Typingpool chops your audio into small bits and routes them to the labor marketplace Mechanical Turk,' Tate explains to his reporter pals, 'where workers transcribe the bits in parallel. This produces transcripts much faster than any lone transcriber for as little one-eighth what you pay a transcription service. Better still, workers keep 91 percent of the money you spend.' Remember to Use the Force for Good, Tate adds."

An anonymous reader writes "The Register is reporting on how debate over diversity has managed to get a Ruby conference in the UK cancelled, as the speakers were 100% white male. The person running the conference, Chuck Hardy, said he 'was not prepared to put [himself] in the position of legal liability and cost ramifications if a sponsor were to pull out under social media strain.' He added, 'The ramifications of comments such as race and gender can have financial and legal consequences for the conference organizer. Raise these issues but allow the conference organizers the chance to highlight and act on these industry level issues. Accusation and slander is not a solution.' Should conferences embrace diversity from the start, or should they go forward even if the speakers are all of the same denomination? How far do we have to go to ensure we are diverse?"

jfruh writes "What's the longest tech interview you've had to sit through — two hours? Eight? Ruby on Rails devs who want to work for Hashrocket need to travel to Florida and do pair-programming on real projects for a week before they can be hired. The upside is that you'll be put up in a beachfront condo for the week with your significant other; the downside is that you'll be doing real work for a week for little or no pay and no guarantee of a job slot."

PhunkySchtuff writes "OK, so we're all hearing the news that they've found the Higgs boson. What are some of the more practical implications that are likely to come out of this discovery? I realize it's hard to predict this stuff — who would have thought that shining a bright light on a rod of ruby crystal would have lead to digital music on CDs and being able to measure the distance to the moon to an accuracy of centimeters? If the Higgs boson is the particle that gives other particles mass, would our being able to manipulate the Higgs lead to being able to do things with mass such as we can do with electromagnetism? Will we be able to shield or block the Higgs from interacting with other particles, leading to a reduction in mass (and therefore weight?) Are there other things that this discovery will lead to in the short to medium term?"

snydeq writes "Charles Nutter, Rich Hickey, and Gavin King each discovered that 'simplicity' doesn't mean the same thing as they developed Ruby, Clojure, and Ceylon, respectively. 'Languages that are created with similar goals in mind may yield highly disparate final results, depending on how their communities understand those goals,' writes Andrew Oliver. 'At first, it surprised me that each language's creator directly or indirectly identified simplicity as his goal, as well as how differently the three creators and their languages' communities define what simplicity is. For Ruby, it is about a language that feels natural and gets out of your way to do what you want. For Clojure, it is about keeping the language itself simple. For Ceylon, it is a compromise between enabling the language to help, in King's words, "communicating algorithms to humans" and providing proper tooling support: the same general goal, three very different results.'"

Aciel writes "Ruby has long been popular in the web/business community, while Python dominates the scientific community. One new project seeks to bring balance to the force: SciRuby. We've already introduced a linear algebra library called NMatrix (currently alpha status). There's at least one fellowship available for students interested in working on the project this summer."

An anonymous reader writes "An article at Dr. Dobb's looks into the consequences of a dangerous idea from Oracle during their legal battle with Google: 'that Google had violated Oracle's Java copyrights by reimplementing Java APIs in Android.' The issue is very much unsettled in the courts, but the judge in this case instructed the jury to assume the APIs were copyrightable. 'In a nutshell, if the jury sides with Oracle that the copyrights in the headers of every file of the Java source base apply specifically to the syntax of the APIs, then Oracle can extract payment and penalties from Google for having implemented those APIs without Oracle's blessing (or, in more specific terms, without a license). Should this come to pass, numerous products will suddenly find themselves on an uncertain legal standing in which the previously benign but now newly empowered copyright holders might assert punitive copyright claims. Chief among these would be any re-implementation of an existing language. So, Jython, IronPython, and PyPy for Python; JRuby, IronRuby, and Rubinius for Ruby; Mono for C# and VB; possibly C++ for C, GCC for C and C++ and Objective-C; and so forth. And of course, all the various browsers that use JavaScript might owe royalties to the acquirers of Netscape's intellectual property.'"

Drethon writes "On this day in 2008, a submission was posted that C/C++ was losing ground so I decided to check out its current state. It seems that C has returned to the top while Java has dropped by the same amount, VB and PHP have dropped drastically, C++ is holding fast but now in third place and Objective-C and C# have climbed quite a bit. 2008 data thanks to SatanicPuppy: 1. Java (20.5%); 2. C (.14.7%); 3. VB (11.6%); 4. PHP (10.3%); 5. C++ (9.9%); 6. Perl (5.9%); 7. Python (4.5%); 8. C# (.3.8%); 9. Ruby(2.9%); 10. Delphi (2.7%). The other 10 in the top 20 are: JavaScript, D, PL/SQL, SAS, Pascal, Lisp/Scheme, FoxPro/xBase, COBOL, Ada, and ColdFusion."

eldavojohn writes "A very lengthy and somewhat meandering essay from Crista Videira Lopes has sparked off some discussion of where new programming languages come from. She's writing from the viewpoint of academia, under the premise that new languages don't come from academia. And they've been steadily progressing outside of large companies (with the exception of Java and .NET) into the bedrooms and hobbies of people she identifies as 'designers' or 'lone programmers' instead of groups of 'researchers.' Examples include PHP by Rasmus Lerdorf, JavaScript by Brenden Eich, Python by Guido van Rossum and — of course — Ruby by Yukihiro Matsumoto. The author notes that, as we escape our computational and memory bounds that once plagued programming languages in the past and marred them with ultra efficient syntax in the name of hardware, our new languages are coming from designers with seemingly little worry about the budget CPU being able to handle a large project in the new language. The piece is littered with interesting assertions like 'one striking commonality in all modern programming languages, especially the popular ones, is how little innovation there is in them!' and 'We require scientific evidence for the claimed value of experimental drugs. Should we require scientific evidence for the value of experimental software?' Is she right? Is the answer to studying modern programming languages to quantify their design as she attempts in this post? Given the response of Slashdot to Google's Dart it would appear that something is indeed missing in coercing developers that a modern language has valid offerings worthy of their time."

MrSeb writes "Over the weekend, developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him (or anyone else with basic hacker know-how) to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. GitHub uses the Ruby on Rails application framework, and Rails has been weak to what's known as a mass-assignment vulnerability for years. Basically, Homakov exploited this vulnerability to add his public key to the Rails project on GitHub, which then meant that GitHub identified him as an administrator of the project. From here, he could effectively do anything, including deleting the entire project from the web; instead, he posted a fairly comical commit. GitHub summarily suspended Homakov, fixed the hole, and, after 'reviewing his activity,' he has been reinstated. Homakov could've gained administrative access to the master branch of any project on GitHub and deleted the history, committed junk, or closed or opened tracker tickets."

A few countries, like Estonia, have gone for internet-based voting in national elections in a big way, and many others (like Ireland and Canada) have experimented with it. For Americans, with a presidential election approaching later this year, it's a timely issue: already, some states have come to allow at least certain forms of voting by internet. Proponents say online elections have compelling upsides, chief among them ease of participation. People who might not otherwise vote — in particular military personnel stationed abroad, but many others besides — are more and more reached by internet access. Online voting offers a way to keep the electoral process open to them. With online voting, too, there's no worry about conventional absentee ballots being lost or delayed in the postal system, either before reaching the voter or on the way back to be counted. The downsides, though, are daunting. According to RSA panelists David Jefferson and J. Alex Halderman, in fact, they're overwhelming. Speaking Thursday afternoon, the two laid out their case against e-voting.

(Read more for more, and look for a video interview with Halderman soon).

mr crypto writes with this quote from El Reg: "In 2010 the Washington DC election board announced it had set up an e-voting system for absentee ballots and was planning to use it in an election. However, to test the system, it invited the security community and members of the public to try and hack it three weeks before the election. 'It was too good an opportunity to pass up,' explained Professor Alex Halderman from the University of Michigan. 'How often do you get the chance to hack a government network without the possibility of going to jail?' With the help of two graduate students, Halderman started to examine the software. Despite it being a relatively clean Ruby on Rails build, they spotted a shell injection vulnerability within a few hours. They figured out a way of writing output to the images directory (PDF) on the compromised server, and of encrypting traffic so that the front-end intrusion detection system couldn't spot them. The team also managed to guess the login details for the terminal server used by the voting system. ... The team altered all the ballots on the system to vote for none of the nominated candidates. They then wrote in names of fictional IT systems as candidates, including Skynet and (Halderman's personal favorite) Bender for head of the DC school board."

mikejuk writes "Every January, it is traditional to compare the state of programming language usage as indicated by the TIOBE index. So what's up and what's down this year? The top language is still Java, but it's slowly falling in the percentages. Objective-C experienced the most growth, followed by C# and C. JavaScript climbed back into the top 10, displacing Ruby. Python and PHP experienced the biggest drops. If you like outside runners, then cheer for Lua and R, which have just entered the top 20. However, I have to wonder why Logo is in the top 20 as well. I know programming education is becoming important, but Logo?"

A new submitter writes "I'm about to embark on developing active content (database driven, and web services) for the first time for my website and I have grown to love PHP. Knowing that there are other web development platforms available, and noticing some disdain for PHP in some circles, I'm curious to know which platforms slashdotters prefer along with the reasons why. Before I get started into heavy development I would like to get some opinions and more facts. Why shouldn't I use PHP?"

wiredmikey writes "In a rare move, Microsoft is breaking its normal procedures and will issue an emergency out-of-band security update on Thursday to address a hash collision attack vulnerability that came into the spotlight yesterday, and affects various Web platforms industry-wide. The vulnerability is not specific to Microsoft technologies and has been discovered to impact PHP 5, Java, .NET, and Google's v8, while PHP 4, Ruby, and Python are somewhat vulnerable. Microsoft plans to release the bulletin on December 29, 2011, at 10:00 AM Pacific Time, and said it would addresses security vulnerabilities in all supported releases of Microsoft Windows. 'The impact of this vulnerability is similar to other Denial of Service attacks that have been released in the past, such as the Slowloris DoS or the HTTP POST DoS,' said security expert Chris Eng. 'Unlike traditional DoS attacks, they could be conducted with very small amounts of bandwidth. This hash table multi-collision bug shares that property.'"

First time accepted submitter BenLinders writes "The Economics of Software Quality provides solutions to quantify software quality, helping you to manage software development and maintenance. It contains software quality data that you can use to build a business case to improve the quality of your software, and decide upon processes and techniques that can help to implement the needed improvements in your organization." Read below for the rest of Ben's review.

New submitter ittybad writes "I work with a small web-based company, and, for some new web applications, we are looking to possibly change frameworks if it will be a benefit to our developers and our customers. We have experience with PHP's Symfony 1.4, and are not happy with what we are experiencing with Symfony 2.0. We have some Ruby guys who would love us to implement a Ruby on Rails solution, and our backend is Python powered — so maybe Django is the way to go. So, I ask you, Slashdotters, what web framework do you find to be the best and why? Why would you avoid others?"