Slashdot Mirror

Via Phoronix comes news that Debian has been ported to the OpenRISC architecture by Christian Svensson. Quoting his mailing list post: "Some people know that I've been working on porting Glibc and doing some toolchain work. My evil master plan was to make a Debian port, and today I'm a happy hacker indeed! ... If anyone want to try this on real hardware (would be very cool to see how this runs IRL), ping me on IRC [#openrisc on freenode] and I'll set you up with instructions how to use debootstrap - just point to a repo with the debs and you're all set, the wonders of binary distributions." For those who don't know, OpenRISC is the completely open source RISC processor intended as the crown jewel of the Opencores project. A working port of glibc and a GNU/Linux distribution is a huge step toward making use of OpenRISC practical. There's a screencast of the system in action, and source on Github (at posting time, it was a month out of date from the looks of it). Christian Svensson's Github account also has repos for the rest of the toolchain.

Via Phoronix comes news that Debian has been ported to the OpenRISC architecture by Christian Svensson. Quoting his mailing list post: "Some people know that I've been working on porting Glibc and doing some toolchain work. My evil master plan was to make a Debian port, and today I'm a happy hacker indeed! ... If anyone want to try this on real hardware (would be very cool to see how this runs IRL), ping me on IRC [#openrisc on freenode] and I'll set you up with instructions how to use debootstrap - just point to a repo with the debs and you're all set, the wonders of binary distributions." For those who don't know, OpenRISC is the completely open source RISC processor intended as the crown jewel of the Opencores project. A working port of glibc and a GNU/Linux distribution is a huge step toward making use of OpenRISC practical. There's a screencast of the system in action, and source on Github (at posting time, it was a month out of date from the looks of it). Christian Svensson's Github account also has repos for the rest of the toolchain.

hypnosec writes "Github has introduced Atom, its new 'web native' code editor which has been in development for more than six years. Atom is available as a part of an invite-only beta program. GitHub describes Atom as an attempt to create an editor 'that will be welcoming to an elementary school student on their first day learning to code, but also a tool they won't outgrow as they develop into seasoned hackers.'" You can request an invite on atom.io. The source to supporting libraries has already been released, but it looks like Atom itself might not be released (although it is a "specialized variant of Chromium designed to be a text editor rather than a web browser."). The editor is extensible in Javascript instead of "special-purpose scripting languages" like Emacs and VIM (is Javascript really any less messy than Emacs-Lisp though?). A preliminary user guide and customization guide are available to all.

There is this guy, Eric Holscher, who has been doing FOSS development for quite a while. He's been on GitHub since 2008, and got involved in Gittip not long after it started in 2012. Not long after that, Eric started thinking about how open source software developers have all kinds of conferences and have many communities they can join and learn from each other, while those who write documentation, especially for FOSS, typically work all alone in a vacuum.

So why not have a conference for documentation writers (and developers who want to hook up with writers who can help them make high-quality docs)? Don't limit it to FOSS, but make sure that's the emphasis. Call the conference 'Write the Docs' and have the first conference in Portland, Oregon, in 2013. Which is exactly what Eric did. A year later, a second 'Write the Docs' conference is scheduled in Budapest (Hungary) at the end of March, and the next Portland conference is set for May 5.

SirLurksAlot writes "News is beginning to circulate on Twitter and various sites that Jim Weirich, the creator of Rake, has passed away at the age of 58. He was an active developer (his last commit in the last 24 hours) and has made many contributions to the Ruby community over the years, as well as being a prolific speaker and teacher. He had a great sense of humor and was beloved by many. He will be greatly missed."

Nw submitter CMULL writes "Stop typing Git over and over again. Ruby on Rails development and consulting firm thoughtbot created an interactive shell dedicated to Git commands, gitsh. One of the primary developers says there is a need for this shell because many early Unix utilities don't take sub-commands like Git."

goruka writes with news that a new game engine has been made available to Free Software developers under the permissive MIT license "Godot is a fully featured, open source, MIT licensed, game engine. It focuses on having great tools, and a visual oriented workflow that can deploy to PC, Mobile and Web platforms with no hassle. The editor, language and APIs are feature rich, yet simple to learn. Godot was born as an in-house engine, and was used to publish several work-for-hire commercial titles. With more than half a million lines of code, Godot is one of the most complex Open Source game engines at the moment, and one of the largest commitments to open source software in recent years. It allows developers to make games under Linux (and other unix variants), Windows and OSX." The source is available via Github, and, according to Phoronix, it's about as featureful as the Unity engine.

An anonymous reader writes "GitHub today launched the GitHub Bug Bounty program 'to better engage with security researchers.' In short, the company will pay between $100 and $5,000 for each security vulnerability discovered and responsibly disclosed by hackers. The program currently covers the GitHub API, GitHub Gist, and GitHub.com. GitHub says its other Web properties and applications are not part of the program, but it says vulnerabilities found 'may receive a cash reward at our discretion.'"

An anonymous reader writes "Google has launched Chrome apps for Android and iOS. The company is offering an early developer preview of a toolchain based on Apache Cordova, an open-source mobile development framework for building native mobile apps using HTML, CSS, and JavaScript. Developers can use the tool to wrap their Chrome app with a native application shell that enables them to distribute it via Google Play and Apple's App Store."

1sockchuck writes "Microsoft has joined the Open Compute Project and will be contributing specs and designs for the cloud servers that power Bing, Windows Azure and Office 365. "We came to the conclusion that sharing these hardware innovations will help us accelerate the growth of cloud computing," said Kushagra Vaid, Microsoft's General Manager of Cloud Server Engineering. The company is also releasing its Chassis Manager software that manages its servers, fans and power, which which is now available on GitHub. "We would like to help build an open source software community within OCP as well," said Microsoft's Bill Laing. Microsoft's cloud server hardware is built around a 12U chassis that can house up to 24 server and storage blades, offering a different approach from the current Open Compute server and storage designs."

An anonymous reader writes "A Pennsylvania school district is going Linux and building an open source high school with the help of student technology apprentices. As part of a 1:1 laptop learning program, 1725 high school students at Penn Manor School District are receiving new laptops running Ubuntu and open source software exclusively. Central to the program is a student help desk where student programmers created a Linux multicast imaging system titled Fast Linux Deployment Toolkit. The district posted pictures of the imaging process in action. Working alongside school IT staff, students also developed help desk software and other programs in support of the 1:1 student laptop program. The student tech apprentices also provide peer support for fellow students."

An anonymous reader writes "Last year Google rolled out a new feature for the desktop version of Chrome that enabled support for voice recognition directly into the browser. In September, a developer named Tal Ater found a bug that would allow a malicious site to record through your microphone even after you'd told it to stop. Quoting: 'When you grant an HTTPS site permission to use your mic, Chrome will remember your choice, and allow the site to start listening in the future, without asking for permission again. This is perfectly fine, as long as Chrome gives you clear indication that you are being listened to, and that the site can't start listening to you in background windows that are hidden to you. When you click the button to start or stop the speech recognition on the site, what you won't notice is that the site may have also opened another hidden popunder window. This window can wait until the main site is closed, and then start listening in without asking for permission. This can be done in a window that you never saw, never interacted with, and probably didn't even know was there.' Ater reported this to Google in September, and they had a fix ready a few days later. But they haven't rolled it out yet — they can't decide whether or not it's the proper way to block this behavior. Thus: the exploit remains. Ater has published the source code for the exploit to encourage Google to fix it."

First time accepted submitter neiras writes "Mozilla is building a map of publicly-observable cell tower and WiFi access points to compete with proprietary geolocation services like Google's. Coverage is a bit thin so far but is improving rapidly. Anyone with an Android phone can help by downloading the MozStumbler app and letting it run while walking or driving around. The application is also available on the F-Droid market." "Thin" is relative; it's quite a few data points since we first mentioned the pilot program a few months ago.

An anonymous reader writes "Google's recent acquisition of Nest, the maker of smart thermostats and smoke detectors, has sparked concerns of future plans for the devices, and how Google's omnipresent thirst for information will affect them. Thus, a team of engineers at Spark sat down and roughed out a prototype for an open source version of Nest. It looks surprisingly good for such a short development cycle, and they've posted their code on Github. The article has a number of short videos illustrating the technology they used, and how they used it. Quoting: 'All in, we spent about $70 on components to put this together (including $39 for the Spark Core); the wood and acrylic were free. We started working at 10am and finished at 3am, with 3.5 engineers involved (one went to bed early), and the only work we did in advance was order the electronic components. We're not saying that you can build a $3.2 billion company in a day. But we are saying that you can build a $3.2 billion company, and it's easier now than it's ever been before.'"

Recently presented at Linuxconf.au was Glyphy, a text renderer implemented using OpenGL ES2 shaders. Current OpenGL applications rasterize text on the CPU using Freetype or a similar library, uploading glyphs to the GPU as textures. This inherently limits quality and flexibility (e.g. rotation, perspective transforms, etc. cause the font hinting to become incorrect and you cannot perform subpixel antialiasing). Glyphy, on the other hand, uploads typeface vectors to the GPU and renders text in real time, performing perspective correct antialiasing. The presentation can be watched or downloaded on Vimeo. The slide sources are in Python, and I generated a PDF of the slides (warning: 15M due to embedded images). Source code is at Google Code (including a demo application), under the Apache License.

An anonymous reader writes with news of an interesting demo for clmtrackr (a Javascript library for tracking of facial features) that hides your face using 3D masks overlayed on the video from your webcam using WebGL. The effect is kind of neat, and a bit creepy. The demo works in Chromium here, but not in Firefox (Debian unstable). There are a couple other demos; the facial deformation demo is reminiscent of the intro screen to Mario 64.

theodp writes "After being punished by Google for manipulative SEO tactics, a contrite Rap Genius says it's back in Google's good graces. 'It takes a few days for things to return to normal, but we're officially back!' reads a post by the Rap Genius founders. 'First of all, we owe a big thanks to Google for being fair and transparent and allowing us back onto their results pages. We overstepped, and we deserved to get smacked.' Rap Genius credits some clever trackback scraping programming for its quick redemption, but a skeptic might suggest it probably didn't hurt that Rap Genius' biggest investor, Andreessen Horowitz, is tight with Google."

Today marks the release of Ruby version 2.1.0. A brief list of changes since 2.0.0 has been posted, and file downloads are available. Here are some of the changes:

• Now the default values of keyword arguments can be omitted. Those 'required keyword arguments" need giving explicitly at the call time.
• Added suffixes for integer and float literals: 'r', 'i', and 'ri'.
• def-expr now returns the symbol of its name instead of nil.
• rb_profile_frames() added. Provides low-cost access to the current ruby stack for callstack profiling.
• introduced the generational GC a.k.a RGenGC (PDF).

OwnCloud version six was released last week, and part of the release was a pretty major new feature: real-time collaborative editing of ODF documents (the format used by Libreoffice, Calligra, etc.). Although Etherpad has supported collaborating on simple text document for a while now, this is the first Free Software equivalent to Google Docs. From the article: "WebODF is a javascript library that lets you display ODF files in your browser. Think of it as PDF.js, but for ODF. You just throw a webodf.js script on your server, and do a couple of javascript calls to render an ODF file. It works completely client-side, no serverside ODF processing required. ... The collaborative server, included with OwnCloud Documents, lets users join a 'session', which is basically a document with a history of edit operations. Operations are small units of edits (think 'commits'). In a collaborative session, we use Operational Transformation techniques to make sure that operations fired by various clients will eventually result in a consistent state everywhere. When a new client joins an existing session, all earlier operations are played-back for it to reach the current state. Note that this editing is not turn-based; this is true inline collaborative editing where users can join a document and start editing straight away." As always, source is available.

FooAtWFU writes "Some clowns and jokers over at 4chan thought it would be a funny idea to put together a web page for a programming language named 'C Plus Equality' as a parody of feminism, dismissing OOP as 'objectifying' and inheritance as "a tool of the patriarchy". But this parody was apparently too hot to host at Github, which took down the original Github repository after receiving criticism on Twitter, prompting a backlash and inquiry into the role of free speech and censorship on Github's platform. The project has since found a new home on BitBucket, at least for the time being." Comments on an article describing the research which sparked the parody call the parody's language "fake," and compare it to the 1996 Sokal affair. (It also reminds me a bit of Jesux.)

sfcrazy writes "People are now more concerned regarding their privacy after discovering about efforts made by governments to spy on their communications. The most practical solution to keep messages, emails and calls secure is to use a cryptographic encryption mechanism. However, just like the name of the method, the installation process is complex for most users. To solve this, CyanogenMod will come equipped with built in encryption system for text messages." Whisper System has integrated their TextSecure protocol into the SMS/MMS provider, so even third party sms apps benefit. Better yet, it's Free Software, licensed under the GPLv3+. Support will debut in Cyanogenmod 11, but you can grab a 10.2 nightly build to try it out now.

sfcrazy writes "People are now more concerned regarding their privacy after discovering about efforts made by governments to spy on their communications. The most practical solution to keep messages, emails and calls secure is to use a cryptographic encryption mechanism. However, just like the name of the method, the installation process is complex for most users. To solve this, CyanogenMod will come equipped with built in encryption system for text messages." Whisper System has integrated their TextSecure protocol into the SMS/MMS provider, so even third party sms apps benefit. Better yet, it's Free Software, licensed under the GPLv3+. Support will debut in Cyanogenmod 11, but you can grab a 10.2 nightly build to try it out now.

itwbennett writes "According to data from the Bureau of Labor Statistics, in 2012 about 22% of computer programmers, software and web developers in the United States were female. That number comes from the Current Population Survey, which is based on interviews with 60,000 households. But Tracy Chou, an engineer at Pinterest, thinks the number is actually much lower than that. And last month she created a GitHub project to collect data on how many females are employed full-time writing or architecting software. Even at this early point, the data is striking: Based on data reported for 107 companies, 438 of 3,594 engineers (12%) are female. Here's how some well-known companies stack up."

itwbennett writes "The FCC's new Android app will allow users to measure the speed of their mobile broadband connection, while providing aggregate data to the agency for measuring nationwide mobile broadband network performance. Released as open-source software on Thursday, the free FCC Speed Test App will test network performance for parameters such as upload and download speed, latency and packet loss. An iPhone version of the app is in the works."

New submitter warmflatsprite writes "It seems that there have been a rash of JavaScript virtual machines running Linux lately (or maybe I just travel in really weird circles). However until now none of them had network support, so they weren't too terribly useful. Sebastian Macke's jor1k project uses asm.js to produce a very fast emulation of the OpenCores OpenRISC processor (or1k) along with a HTML5 canvas framebuffer for graphics support. Recently Ben Burns contributed an emulated OpenCores ethmac ethernet adapter to the project. This sends ethernet frames to a gateway server via websocket where they are switched and/or piped into TAP virtual ethernet adapter. With this you can build whatever kind of network appliance you'd like for the myriad of fast, sandboxed VMs running in your users' browsers. For the live demo all VMs connect to a single private LAN (subnet 10.5.0.0/16). The websocket gateway also NATs traffic from that LAN out to the open Internet."

Riskable writes "Ever seen a remote desktop tool that's fast/efficient enough to play back video? Gate One will soon have that capability via the forthcoming X11 support (as demonstrated in the video). I am posting this to Slashdot looking for suggestions and feedback as to how I should move forward with it before I solidify the architecture, API, and even the business end of it (making money). I'll be watching the thread and replying to comments (as I have time). Also, if you're interested you can sign up to be notified when it's available." We've posted a few stories about Gate One previously.

An anonymous reader writes "After nine years of development, The Dark Mod is now a standalone game. Thief fans can now enjoy over 60 fan made missions which capture the essence of the Thief 1 / 2 games. Originally created as a reaction to Thief 3; with the upcoming release of Thief 4, many are comparing what was done here (a faithful extension of the old gameplay) to what Eidos has shown thus far. Can a little Doom 3 mod compete against a blockbuster AAA title? Should we even compare them?" All code in the The Dark Mod is GPLv3+, and the art assets are all CC BY-NC-SA 3.0 Unported which means it, unfortunately, cannot be distributed by even Debian. Still, an impressive feat!

barlevg writes "A college student at Rensselaer Polytechnic Institute spent nine months meticulously remaking Super Mario Bros. based on the latest web standards. His project is open source and the code freely available through Github. The site recently gained widespread media attention, which unfortunately brought it to the attention of Nintendo, which has requested that the site be taken down. In a column on the Washington Post website, tech blogger Timothy Lee makes the case for how this is a prime example of copyrights hindering innovation and why copyright lengths should be shortened. Among his arguments: copyrights hinder innovation by game designers seeking to build upon such games, and shortening copyright would breathe new life into games who have long since passed into obsolescence."

An anonymous reader writes "The jor1k is an interesting open-source toy emulator project to emulate a 32-bit OpenRISC OR1000 processor, 63MB of RAM, ocfb frame-buffer, and ATA-hard drive ... all in JavaScript. Though JavaScript based, there are asm.js optimizations and the performance seems to be quite decent in modern web browsers. The jor1k OpenRISC emulator can do a lot, even handle running the Linux kernel, GCC compiler, ScummVM Monkey Island, and the Wayland/Weston compositor, all from within the web browser."

sfcrazy writes "Chromium developers have started porting Chromium to X11 alternatives such as Wayland. Tiago Vignatti sent a message to the freedesktop mailing list, 'Today we are launching publicly Ozone-Wayland, which is the implementation of Chromium's Ozone for supporting Wayland graphics system. Different projects based on Chromium/Blink like the Chrome browser, ChromeOS, among others can be enabled now using Wayland.'"

An anonymous reader writes "A few months after releasing support for viewing models in .STL format, GitHub just added support for viewing changes to .STL formatted 3D models directly in the browser. 'How does this work? We take both versions of the model, and using binary space partitioning, we compute the added, removed, and unchanged parts. This is done using csgtool, a C library paired with a Ruby gem via FFI. These pieces are cached and displayed by the 3D viewer we already have, though we color them differently and play with their transparency to help illustrate the changes.'"

judgecorp writes "Google has released 'Coder,' described as a simple way to make web stuff on Raspberry Pi. The idea is to make the Pi into a simple web server and web development environment on which kids can learn HTML, CSS and JavaScript. They provide an image for the Raspberry Pi, and they've open-sourced Coder as well. 'We thought about all the stuff we could do to make Coder a more complete package, but we have a hunch that the sooner this gets into the open source and maker communities, the more we’ll learn about how it might be used. Hopefully, a few more folks will pitch in and help us make this even more accessible and helpful for new coders.'"

paroneayea writes "MediaGoblin 0.5.0 Goblin Force is released with a slew of new features: authentication plugins including OpenID and Mozilla Persona support, a new notification system, a new "reprocessing framework", and more! The project is also making progress towards its long-awaited federation goals via the Pump API, as used in pump.io. Rockin'!" (If the name doesn't ring a bell, Wikipedia helps: MediaGoblin is "a free, decentralized Web platform (server software) for hosting and sharing digital media.")

New submitter Zyrill writes "The German company Stuttgarter Struktur AG has released a free and open source implementation of the H.265 codec, also termed 'High Efficiency Video Coding (HEVC)' which is now available on Github. At the same video quality, H.265 promises roughly half the bitrate as compared to H.264. Also, resolutions up to 8K UHD (7680 × 4320 px) are supported. The software is licensed under LGPL. Quoting from the homepage where the software is also available for download: '[This software] is written from scratch in plain C for simplicity and efficiency. Its simple API makes it easy to integrate it into other software. Currently, libde265 only decodes intra frames, inter-frame decoding is under construction. Encoding is planned to be added afterwards.'"

An anonymous reader writes "Professors at the Ohio State University are embracing MOOCs, with a Massive Open Online Calculus Course — it is completely open source; everything is on github. There is are free videos, free online assessment system, and a free textbook!"

First time accepted submitter jovius writes "The Matriculation Examination Board of Finland has just opened an international hacking contest to find flaws and exploits in Digabi Live — the Live Debian based operating system to be used in the all-digital final exams by the year 2016. The contest ends on 1st of September, and the winners are about to scoop hefty hardware prizes, also available as cash."

reifman writes "Nothing sucks more than finding an 'Error establishing database connection' on your blog hours after the fact, but it's not easy to find inexpensive, simple monitoring solutions which support smartphone notifications. I wrote MonitorApp, a free, open source software applet which sends notifications to your iPhone (or Android) if anything goes wrong with your web site or services. This tutorial describes how to install and configure MonitorApp for your own purposes. The only cost is a $4.99 mobile application called Pushover — which links MonitorApp to your phone. Pushover also links with Nagios, a more complex open source option — but ironically, Nagios' website was down when I looked for it last month."

Nerval's Lobster writes "Forget about hacking an app or database: for a small cadre of hackers in San Francisco, it's all about writing code that can score them a great table at a hot restaurant. According to the BBC, these developers and programmers have designed bots that scan restaurant Websites for open tables and reserve them. Diogo Mónica, a security engineer with e-commerce firm Square, is one of those programmers. A self-described foodie, he decided to get around his inability to score a table at the ultra-popular State Bird Provisions by writing a script that sent out an email every time the restaurant's reservation page changed. 'Once a reservation got canceled I would get an email and could quickly get it for myself,' he wrote in a blog posting. But soon he noticed something peculiar: 'As soon as reservations became available on the website (at 4am), all the good times were immediately taken and were gone by 4:01am.' He suspected it was automated 'reservation bots at work,' built by other programmers with a hankering for fine cuisine. 'After a while even cancellations started being taken immediately from under me,' he wrote. 'It started being common receiving an email alerting of a change, seeing an available time, and it being gone by the time the website loaded.' His solution was to build his own reservation bot, using Ruby, and post the code in the wild."

hypnosec writes "Adapteva has started shipping its $99 Parallella parallel processing single-board supercomputer to initial Kickstarter backers. Parallella is powered by Adapteva's 16-core and 64-core Epiphany multicore processors that are meant for parallel computing unlike other commercial off-the-shelf (COTS) devices like Raspberry Pi that don't support parallel computing natively. The first model to be shipped has the following specifications: a Zynq-7020 dual-core ARM A9 CPU complemented with Epiphany Multicore Accelerator (16 or 64 cores), 1GB RAM, MicroSD Card, two USB 2.0 ports, optional four expansion connectors, Ethernet, and an HDMI port." They are also releasing documentation, examples, and an SDK (brief overview, it's Free Software too). And the device runs GNU/Linux for the non-parallel parts (Ubuntu is the suggested distribution).

WebMink writes "After strong criticism last year, Github has finally accepted the view that public repositories with no open source license are a bad thing. Self-described as the 'world's largest open source community,' a significant number of GitHub projects come with no rights whatsoever for you to use their code in an open source project. But from now on, creators of new repositories will have to pick from a small selection of OSI-approved licenses or explicitly opt for 'no license'. In Github's words, 'please note that opting out of open source licenses doesn't mean you're opting out of copyright law.'" A quick scan of their new choose a license site reveals at least a few flaws: they present simplicity, caring about patents, and sharing improvements with others as mutually exclusive points when they clearly are not (e.g. the Apache license and the GPLv3 both help with patent concerns, but only Apache is mentioned; and the MIT/X license is listed as the simple license when BSD-style is more prevalent). They also imply it is entirely optional to actually note your copyright in your files, when it is really bad practice not to unless you really want to make it impossible for people to understand the copyright history when e.g. merging your code into another project. Their list of licenses does provide a nice overview of the features of each, but regrettably encourages the use of the GPLv2 (without the "or later version" clause), listing the GPLv3 and all versions of the LGPL in league with seldom used licenses like the Perl Artistic license.

New submitter paavo512 writes "Server-side source code used for electronic voting was made fully public by Estonian officials on July 11 (in Estonian). The aim is to encourage more specialists to get involved in the technical analysis of the software. It is hoped that public overview will help to ensure the security of the system. E-voting has been successfully used five times in Estonia since 2007. It facilitates national ID cards which are obligatory for all citizens. In the next municipal elections later this year it is planned to test an experimental feature where the voter can check via a physically separate channel (smart phone) if his or her vote has been registered correctly. The publicized source code is available at GitHub."

chicksdaddy writes with news of a Proof-of-Concept exploit for the recent Android APK signature vulnerability. From the article: "Pau Oliva Fora, a security researcher for the firm Via Forensics, published a small, proof of concept module on GitHub that exploits the flaw in the way Android verifies the authenticity of signed mobile applications. The flaw was first disclosed last week by Jeff Forristal, the Chief Technology Officer at Bluebox Security, ahead of a presentation at the Black Hat Briefings in August. ... The simple program leverages APKTool, an open source tool for reverse engineering Android applications — decompiling and then recompiling their contents. His script allows a user to select and then decompile a legitimate Android application and then recompile it, creating an altered, 'malicious' APK that will have the same, cryptographic signature as the original file. In an e-mail statement, Google said that a patch for Forristal's vulnerability was provided to Google's OEM and carrier partners in March, and that some (Samsung) have already shipping a patched version of Android to customers. However, that response hasn't been universal — a reflection of Android's fragmented install base."

alphadogg writes "The founder of an eavesdropping-resistant instant messaging application called Cryptocat has apologized over a now-fixed bug that made some types of messages more vulnerable to snooping. Cryptocat, which runs inside a web browser, is an open-source application intended to provide users with a high degree of security by using encryption to scramble messages. But Cryptocat warns that users should still be very cautious with communications and not to trust their life with the application. The vulnerability affected group chats and not private conversations. The encryption keys used to encode those conversations were too short, which in theory made it easier for an attacker to decrypt and read conversations." The bug report/merge request, and an analysis of the bug (although, in light of the Cryptocat's gracious response, overly acerbic and dismissive of the project).

An anonymous reader writes "South African Quentin Harley has picked up the $20,000 Gada Uplift prize for making the open source RepRap 3D printer design easier to build, cheaper to construct, and — most importantly — capable of printing more of its own parts. Lots of background on Harley and his RepRap Morgan are available on his website." A further goal of the RepRap Morgan project is to replace the Prusa Mendel as the default RepRap model. And they are on track to hit less than $100 in parts, excluding the printing bed. You can grab the hardware design and the controller firmware over at Github.

An anonymous reader writes "South African Quentin Harley has picked up the $20,000 Gada Uplift prize for making the open source RepRap 3D printer design easier to build, cheaper to construct, and — most importantly — capable of printing more of its own parts. Lots of background on Harley and his RepRap Morgan are available on his website." A further goal of the RepRap Morgan project is to replace the Prusa Mendel as the default RepRap model. And they are on track to hit less than $100 in parts, excluding the printing bed. You can grab the hardware design and the controller firmware over at Github.

hypnosec writes "Harlan – a declarative programming language that simplifies development of applications running on GPU has been released by a researcher at Indiana University. Erik Holk released his work publicly after working on it for two years. Harlan's syntax is based on Scheme – a dialect of LISP programming language. The language aims to help developers make productive and efficient use of GPUs by enabling them to carry out their actual work while it takes care of the routine GPU programming tasks. The language has been designed to support GPU programming and it works much closer to the hardware." Also worth a mention is Haskell's GPipe interface to programmable GPUs.

New submitter JonLech writes "Ever since Apple launched AirTunes in 2004 (later renamed AirPlay) they have remained unchallenged in the Wi-Fi music streaming market. With various manufacturers releasing AirPlay-only Wi-Fi speakers, Android and other non-Apple device users have been left out in the cold. Today that changes with the release of MagicPlay, an open standard for music streaming (think 'HTTP for music') with a BSD-licensed open source reference implementation that any app developer or hardware manufacturer can integrate into their products. For the Linux fans out there, I've written up some instructions on how to turn your Raspberry Pi into a MagicPlay device."

Aardappel writes "Lobster is a new programming language targeting game programming specifically, building on top of OpenGL, SDL 2 and FreeType. The language looks superficially similar to Python, but is its own blend of fun features. It's open source (ZLIB license) and available on GitHub."

Aardappel writes "TreeSheets has been available as freeware for Windows / Linux / OS X since 2008, but is now also Open Source (ZLIB license). TreeSheets is a cross between a spreadsheet (you can create grids) and an outliner (you can create grids inside grids) allowing you to create almost any structure to organize your data in."

eldavojohn writes "Core HTML5 Canvas is a book that focuses on illuminating HTML5 game development for beginning and intermediate developers. While HTML and JavaScript have long been a decent platform for displaying text and images, Geary provides a great programming learning experience that facilitates the canvas element in HTML5. In addition, smatterings of physics engines, performance analysis and mobile platform development give the reader nods to deeper topics in game development." Read below for the rest of eldavojohn's review. Core HTML5 Canvas author David Geary pages 723 publisher Prentice Hal rating 9/10 reviewer eldavojohn ISBN 9780132761611 summary An introduction to game development in HTML5's canvas that brings the developer all the way up to graphics, animation and basic game development. This book is written with a small introduction to HTML and JavaScript. While Geary does a decent job of describing some of those foundational skill sets, I fear that a completely novice developer might have a hard time getting to the level required for this text. With that in mind, I would recommend this book for people who already have at least a little bit of HTML and JavaScript development in their background. This book may also be useful to veteran developers of an unrelated language who can spot software patterns easily and aren't afraid to pick up JavaScript along the way. You can read all of Chapter One of the book here if you want to get a feeling for the writing. Geary also has sample chapters available on his site for the book, corehtml5canvas.com and maintains the code examples on Github. If you already write games, this book is likely too remedial for you (especially the explanations of sprites and collision detection) and the most useful parts would be Geary's explanation of how to produce traditional game elements with the modern HTML5 standards.

I have very few negative things to say about this text – many of which may be attributed to personal preferences. This book is code heavy. It starts off with a sweet spot ratio for me. I found I spent about twenty to thirty percent of my time scanning over HTML and JavaScript snippets inserted occasionally into passages. However, by the last chapters, I found myself poring over lengthier and lengthier listings that made me feel like I was spending sixty to seventy percent of my time analyzing the JavaScript code. To be fair, the author does do a good job of simply referencing back to concepts learned in other chapters but I wouldn't mind a re-explanation of those topics or a more in depth analysis of how those concepts interoperate. I also feel that it is risky to put so much code into print as that greatly impacts the shelf life of an unchanging book. The book itself warns on page 51 that toBlob() was a new specification added to HTML5 between writing the book and the book being published. I feel like this would warrant much more English explaining what you're accomplishing and why so that the book does not age as much from being tightly coupled to a snapshot of the specifications.

The code listings in this book are wonderfully colored to indicate quickly to the eye what part of the JavaScript language each piece is. I'm not sure how many copies suffer from this but my book happened to have a problem on some of the pages whereby the comprising colors did not line up. Here is a good example and a bad example just a few pages apart.

This was infrequent but quite distracting as the code became more and more predominant. Lastly, Geary briefly introduces the reader to amazing performance tools (jsPerf in Chapter 1 and again Browserscope in Chapter 4) early on and demonstrates how to effectively exercise it on small pieces of JavaScript. In the particular example he shows how subtle differences in handling image data can affect the performance inside different browsers (even different versions of the same browser as I'm sure the JavaScript engines are repeatedly tweaked). Since games are always resource intensive, I wondered why the author didn't take these examples to the next level and show the reader how to write unit tests (not really covered in the book). That way each of these functions could be extracted to a common interface where it would be selectively chosen based on browser identification. While this might be unnecessary for images, it would be a nod toward addressing the long pole in the tent when you look to squeeze cycles out of your code. Oddly, as more concepts are established and combined, these performance exercises disappear. I understand this book was an introduction to these side quests with a focus on game development but this was one logical step I wish had been taken further (especially in Chapter 9: The Ungame).

About a year ago, I started a hobby project to develop a framework for playing cards in the browser on all platforms. The canvas element would be the obvious tool of choice for accomplishing this goal. Unfortunately I began development using a very HTML4 attitude with (what I now recognize) was laughable resource management. This book really helped me further along in getting that hobby project to a more useable state.

The first chapter of the book introduces the reader to the basics of HTML5 and the canvas element. The author covers things like using clientX and clientY for mouse events instead of x and y. A simple clock is built and shows how to correctly use the basic drawing parts of the HTML5 specification. For readers unfamiliar with graphics applications, a lot of ground is covered on how you programmatically start by constructing an invisible path that will not be visually rendered until stroke() or fill() is called. The chapter also covers the basic event/listener paradigm employed by almost anything accepting user input. Geary explains how to properly save and restore the surface instead of trying to graphically undo what was just done.

An important theme through this book is how to use HTML elements alongside a canvas. This was one of the first follies of my "everything goes in canvas" attitude. If you want a control box in your application, don't reinvent the partially transparent box with paths and fills followed by mouse event handling over your canvas (actually covered in Chapter 10) – simply use an HTML div and CSS to position it over your canvas. Geary shows how to do this and would have saved me a lot of time. Geary discusses and shows how to manage off-screen canvases (invisible canvases) in the browser which comes in mighty handy when boosting performance in HTML5. The final parts of Chapter One focus on remedial math and how to correctly handle units of measure when working in the browser.

Chapter Two shows the reader how to build a rudimentary paint application with basic capabilities. It does a great job of showing how to expand on the basic functions provided by HTML5 and covers a little bit of the logic behind the behavior. Geary goes so far as to show the reader how to extend some of the core components of HTML5 like CanvasRenderingContext2D with an additional function. He also cautions that this can lead to pitfalls in JavaScript. This chapter does an excellent job of exploiting and enumerating core drawing functionality to achieve the next level in using these lines and objects for a desired user effect. Prior to reading this chapter, I hadn't viewed clip() in the correct light and Geary demonstrates the beginnings of its importance in building graphics. In Chapter Three, text gets the same extensive treatment that the basic drawing elements did in Chapter Two. In reading this chapter, it became apparent hat HTML5 has a lot of tips and tricks (perhaps that comes with the territory of what it's trying to achieve) like you have to replace the entire canvas to erase text. Being a novice, I'm not sure if the author covered all of such things but I was certainly appreciative for those included.

Chapter Four was an eye opener on images, video and their manipulation in canvas. The first revelation was that drawImage() can also render another canvas or even a video frame into the current canvas. The API name was not indicative to me but after reading this chapter, it became apparent that if I sat down and created a layout of my game's surface, I could render groups of images into one off-screen canvas and then continually insert that canvas into view with drawImage(). This saved me from considerable rerendering calls. The author also included some drag and drop sugar in this chapter. The book helped me understand that sometimes there are both legacy calls to old ways of doing things and also multiple new ways to accomplish the same goal. When you're trying to develop something as heavy as a game, there are a lot of pitfalls.

Chapter Five concentrates on animations in HTML5 and first and foremost identifies a problem I had struggled with in writing a game: don't use setInterval() or setTimeout() for animations. These are imprecise and instead the book guides the reader with instructions on letting the browser select the frame rate. Being a novice, the underlying concepts of requestAnimationFrame() had eluded me prior to reading this book. Geary's treatment of discussing each browser's nuances with this method may someday be dated text but helped me understand why the API call is so vital. It also helps you build workarounds for each browser if you need them. Blitting was also a new concept to me as was the tactic of double buffering (which the browser already does to canvas). This chapter is heavy on the hidden caveats to animation in the browser and builds on these to implement parallax and a stopwatch. The end of this chapter has a number of particularly useful "best practices" that I now see as crucial in HTML5 game development.

Chapter Six details sprites and sprite sheets. Here the author gives us a brief introduction to design patterns (notably Strategy, Command and Flyweight) but it's curious that this isn't persisted throughout the text. This chapter covers painters in good detail and again how to implement motion and timed animation via sprites with requestNextAnimationFrame(). This chapter does a great job of showing how to quickly animate a spritesheet.

Chapter Seven gives the user a brief introduction to implementing simple physics in a game engine like gravity and friction. It's actually just enough to move forward with the upcoming games but the most useful section of this chapter to me was how to warp time. While this motion looks intuitive, it was refreshing to see the math behind ease-in or ease-out effects. These simple touches look beautiful in canvas applications and critical, of course, in modeling realistic motion.

Naturally the next thing needed for a game is collision detection and Chapter Eight scratches the surface just enough to build our simple games. A lot of fundamental concepts are discussed like collision detection before or after the collision happens. Geary does a nice job of biting off just enough to chew from the strategies of ray casting, the separating axis theorem (SAT) and minimum translation vector algorithms for detecting collisions. Being a novice to collision detection, SAT was a new concept to me and I enjoyed Geary's illustrations of the lines perpendicular to the normal vectors on polygons. This chapter did a great job of visualizing what the code was achieving. The last thing this chapter tackles is how to react or bounce off during a collision. It provided enough for the games but it seemed like an afterthought to collision detection. Isn't there a possibility of spin on the object that could influence a bounce? These sort of questions didn't appear in the text.

And Chapter Nine gets to the main focus of this book: writing the actual game with all our prior accumulated knowledge. Geary calls this light game engine "the ungame" and adds things like multitrack sound, keyboard event handling and how to implement a heads-up display to our repertoire. This chapter is very code heavy and it confuses me why Geary prints comments inlined in the code when he has a full book format to publish his words in. The ungame was called as such because it put together a lot of elements of the game but it was still sort of missing the basic play elements. Geary then starts in on implementing a pinball game. It may sound overly complicated for a learning text but as each piece of the puzzle is broken down, the author manages to describe and explain it fairly concisely. While this section could use more description, it is basically just bringing together and applying our prior concepts like emulating physics and implementing realistic motion. The pinball board is merely polygons and our code there to detect collisions with the circle that is the ball. It was surprisingly how quickly a pinball game came together.

Chapter Ten takes a look at making custom controls (as mentioned earlier about trying to use HTML when possible). From progress bars to image panners, this chapter was interesting and I really enjoyed the way the author showed how to componentize and reuse these controls and their parts. There's really not a lot to say about this chapter, as you may imagine a lot of already covered components are implemented in achieving these controls and effects.

Geary recognizes HTML5's alluring potential of being a common platform for developing applications and games across desktops and mobile devices. In the final chapter of the book, he covers briefly the ins and outs of developing for mobile — hopefully without having to force your users to a completely different experience. I did not realize that native looking apps could be achieved on mobile devices with HTML5 but even with that trick up its sleeve, it's hard to imagine it becoming the de facto standard for all applications. Geary appears to be hopeful and does a good job of getting the developer thinking about the viewport and how the components of their canvas are going to be viewed from each device. Most importantly, it's discussed how to handle different kinds of input or even display a touch keyboard above your game for alphabetic input.

This was a delightful book that will help readers understand the finer points of developing games in HTML5's canvas element. While it doesn't get you to the point of developing three dimensional blockbuster games inside the browser, it does bite off a very manageable chunk for most readers. And, if you're a developer looking to get into HTML5 game design, I heavily recommend this text as an introduction.

You can purchase Core HTML5 Canvas from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.