An anonymous reader writes "I run a small software consulting company who outsources most of its work to contractors. I market myself as being able to handle any technical project, but only really take the fun ones, then shop it around to developers who are interested. I write excellent product specs, provide bug tracking & source control and in general am a programming project manager with empathy for developers. I don't ask them to work weekends and I provide detailed, reproducible bug reports and I pay on time. The only 'rule' (if you can call it that) is: I do not pay for bugs. Developers can make more work for themselves by causing bugs, and with the specifications I write there is no excuse for not testing their code. Developers are always fine with it until we get toward the end of a project and the customer is complaining about bugs. Then all of a sudden I am asking my contractors to work for 'free' and they can make more money elsewhere. Ugh. Every project ends up being a battle, so, I think the solution is to finally hire someone full-time and pay for everything (bugs or not) and just keep them busy. But how can I make that transition? The guy I'd need to hire would have to know a lot of languages and be proficient in all of them. Plus, I can't afford to pay someone $100k/year right now. Ideas?"

ASDFnz writes "It has been just over two months since the bitcoin block chain was rocked by a near disastrous fork causing the bitcoin price to crash. The culprit of the crash was found to be a bug that prevented pre version 7.1 bitcoin clients accepting large blocks that could be generated by version 8 clients. A temporary fix was put into place by Bitcoin Project lead developer Gavin Andresen that forced version 8 clients to generate blocks that version 7.1 could understand. It is important to note though, the fix was a temporary one! In just under two days on the 15th of May the fix will expire and version 8 clients will once again be able to make large blocks that older clients will not be able to understand."

An anonymous reader writes "The author of this article goes over a format string vulnerability he found in The Elder Scrolls series starting with Morrowind and going all the way up to Skyrim. It's not something that will likely be exploited, but it's interesting that the vulnerability has lasted through a decade of games. 'Functions like printf() and its variants allow us to view and manipulate the program’s running stack frame by specifying certain format string characters. By passing %08x.%08x.%08x.%08x.%08x, we get 5 parameters from the stack and display them in an 8-digit padded hex format. The format string specifier ‘%s’ displays memory from an address that is supplied on the stack. Then there’s the %n format string specifier – the one that crashes applications because it writes addresses to the stack. Powerful stuff.'"

Mobile photo-sharing app SnapChat has one claim to fame, compared to other ways people might share photos from their cellphones: the photos, once viewed, disappear from view, after a pre-set length of time. However, it turns out they don't disappear as thoroughly as users might like. New submitter nefus writes with this excerpt from Forbes: "Richard Hickman of Decipher Forensics found that it's possible to pull Snapchat photos from Android phones simply by downloading data from the phone using forensics software and removing a '.NoMedia' file extension that was keeping the photos from being viewed on the device. He published his findings online and local TV station KSL has a video showing how it's done."

Nerval's Lobster writes "Online economies come with their own issues. Case in point is the Auction House for Diablo III, a massively multiplayer game in which players can pay for items in either in-game gold or real-world dollars. Thanks to a bug in the game's latest patch, players could generate massive amounts of virtual gold with little effort, which threatened to throw the in-game economy seriously out of whack. Diablo series publisher Blizzard took corrective steps, but the bug has already attracted a fair share of buzz on gaming and tech-news forums. 'We're still in the process of auditing Auction House and gold trade transactions,' read Blizzard's note on the Battle.net forums. 'We realize this is an inconvenience for many of our players, and we sincerely apologize for the interruption of the service. We hope to have everything back up as soon as possible.' Blizzard was unable to offer an ETA for when the Auction House would come back. 'We'll continue to provide updates in this thread as they become available.' Diablo's gold issue brings up (however tangentially) some broader issues with virtual currencies, namely the bugs and workarounds that can throw an entire micro-economy out of whack. But then again, 'real world' markets have their own software-related problems: witness Wall Street's periodic 'flash crashes' (caused, many believe, by the rise of ultra-high-speed computer trading)." It seems likely the gold duping was due to a simple integer overflow bug. A late change added to the patch allowed users to sell gold on the Real Money Auction House in stacks of 10 million rather than stacks of 1 million. On the RMAH, there exists both a cap ($250) and a floor ($0.25) for the value of auctions. With stacks of 1 million and a floor of $0.25, a seller could only enter 1 billion gold (1,000 stacks) while staying under the $250 cap. When the gold stack size increased, the value of gold dropped significantly. At $0.39 per 10 million, a user could enter values of up to 6.4 billion gold at a time. Unfortunately, the RMAH wasn't designed to handle gold numbers above 2^31, or 2,147,483,648 gold. Creating the auction wouldn't remove enough gold, but canceling it would return the full amount.

FuzzNugget writes "According to Wired, the two CFAA charges that were laid against the man who exploited a software bug on a video poker machine have been officially dismissed. Says Wired: '[U.S. District Judge Miranda] Du had asked prosecutors to defend their use of the federal anti-hacking law by Wednesday, in light of a recent 9th Circuit ruling that reigned in the scope of the CFAA. The dismissal leaves John Kane, 54, and Andre Nestor, 41, facing a single remaining charge of conspiracy to commit wire fraud.' Kane's lawyer agreed, stating, 'The case never should have been filed under the CFAA, it should have been just a straight wire fraud case. And I'm not sure its even a wire fraud. I guess we'll find out when we go to trial.'"

An anonymous reader writes "A new report details the analysis of more than 450 million lines of software through the Coverity Scan service, which began as the largest public-private sector research project focused on open source software integrity, and was initiated between Coverity and the U.S. Department of Homeland Security in 2006. Code quality for open source software continues to mirror that of proprietary software — and both continue to surpass the industry standard for software quality. Defect density (defects per 1,000 lines of software code) is a commonly used measurement for software quality. The analysis found an average defect density of .69 for open source software projects, and an average defect density of .68 for proprietary code."

Deathspawner writes "There's little that's more frustrating than being a legal customer and getting screwed over by the company you're supporting. If there's a perfect example of this, it's with Microsoft's OS and its millions of customers that have had to ring its tech support lines for activation help. Recently, a Techgage writer got bit by an issue with Windows 8 — caused by Microsoft itself — and wasn't even able to call to fix it. Microsoft has two problems to solve here: it needs online chat support (like most large companies in 2013) and it definitely needs an activation system that doesn't make things difficult for its legal customers on a too-regular basis."

An anonymous reader writes "I'm working on a new product with one of the more senior guys at our company. To be blunt: his work is sloppy. It works and gets the job done, but it's far from elegant and there are numerous little (some might say trivial) mistakes everywhere. Diagrams that should be spread over five or six pages are crammed onto one, naming is totally inconsistent, arrows point the wrong way (without affecting functionality) and so forth. Much of this is because he is so busy and just wants to get everything out the door. What is the best way to handle this? I spent a lot of time refactoring some of it, but as soon as he makes any changes it needs doing again, and I have my own work to be getting on with. I submit bug reports and feature requests, but they are ignored. I don't want to create bad feelings, as I have to work with him. Am I obsessing over small stuff, or is this kind of internal quality worth worrying about?"

sciencehabit writes "An insect's compound eye is an engineering marvel: high resolution, wide field of view, and incredible sensitivity to motion, all in a compact package. Now, a new digital camera provides the best-ever imitation of a bug's vision, using new optical materials and techniques. This technology could someday give patrolling surveillance drones the same exquisite vision as a dragonfly on the hunt."

JoeyRox writes "Over the course of playing $12 million worth of video poker, Las Vegas resident John Kane stumbled onto a firmware bug in IGT's 'Game King' machines that allowed him to cash out for 10x the amount of his winnings. John and his friends took advantage of the vulnerability to the tune of $429,945. John's friend was arrested by U.S. marshals and charged with violation of the Computer Fraud and Abuse Act, but a federal magistrate ruled that the law doesn't apply and recommended dismissal. The case is currently being argued in a U.S. District Court."

An anonymous reader writes "OpenStreetMap recently topped one million registered users. Now they are trying to make the barrier to entry for contributing to the project even lower. A new 'notes' feature, announced on the project's blog, allows anonymous users to submit bug reports which will alert mappers in the area to incorrect or incomplete map information. The feature also allows for commenting on notes, potentially enabling two-way communication between a mapper and a bug reporter if more information is needed."

Reader Patrick In Chicago is one of a few readers to write with this unpleasant news: "Computer-based testing provider Pearson Vue is now in day 5 of a global outage, preventing test-takers worldwide from sitting for exams. I was personally turned away from a Cisco exam on Wednesday morning because Pearson was unable to deliver. Countless people have posted to Pearson Vue's Facebook page detailing various states of panic. There are people who have certifications expiring. Others are unable to sit their medical board exams. Still others are unable to sit exams that they are required to pass in order to work — Pearson Vue's incompetence has actually prevented people from going out and making a paycheck." This reminds me of a friend of mine who had to wait half a year to re-take his bar exam, because of a software glitch on the part of ExamSoft's software.

alostpacket writes "The New York times reports that statistical scoring by the standardized testing company Pearson incorrectly disqualified over 4700 students from a chance to enter gifted / advanced programs in New York City schools. Only students who score in the 90th percentile or above are eligible for these programs. Those in the 97th or above are eligible for 5 of the best programs. 'According to Pearson, three mistakes were made. Students' ages, which are used to calculate their percentile ranking against students of similar age, were recorded in years and months, but should also have counted days to be precise. Incorrect scoring tables were used. And the formula used to combine the two test parts into one percentile ranking contained an error.' No mention of enlisting the help of the gifted children was made in the Times article, but it also contained a now-corrected error. This submission likely also contains an erro"

derekmead writes "Having completed intense review of the aircraft's flight systems and functionality, component reliability, two weeks ago Boeing completed testing on the last item on its list, the plane's battery housing. The FAA on Friday approved the new system. That means the 787, which Boeing has continued to build while new battery solutions were developed, will now be able to resume regular flights as soon as workers are able to carry out an overhaul of the planes that need the upgrade. 'FAA approval clears the way for us and the airlines to begin the process of returning the 787 to flight with continued confidence in the safety and reliability of this game-changing new airplane,' Jim McNerney, CEO of Boeing, said in a news release announcing the approval."

girlmad writes "Thousands of PCs have been crippled by a faulty update from security vendor Malwarebytes that marked legitimate system files as malware code. The update definition meant Malwarebytes' software treated essential Windows.dll and .exe files as malware, stopping them running and thus knocking IT systems and PCs offline, leaving lots of unhappy users and one firm with 80% of its servers offline."

Sez Zero writes "The Federal Aviation Administration said American Airlines requested a halt to hundreds of its U.S. flights on Tuesday as it works to resolve a reservation system problem. American Airlines explained on their Twitter feed they had a problem accessing their reservation system. Bad day to be on the AA ops team."

An anonymous reader writes "Six months after the release of Wayland 1.0, versions 1.1 of Wayland and Weston have been released. Wayland/Weston 1.1 brings new back-end support for the Raspberry Pi, Pixman renderer, Microsoft Remote Desktop Protocol (RDP), and FBDEV frame-buffer device. Wayland/Weston 1.1 also introduces a modules SDK, supports the EGL buffer-age extension, touch-screen calibration support, and numerous optimizations and bug-fixes."

angry tapir writes "'Everyone knows that debugging is twice as hard as writing a program in the first place,' Brian Kernighan once wrote (adding: 'So if you're as clever as you can be when you write it, how will you ever debug it?') However, Sean McDirmid, a researcher at Microsoft, has been working to remove some of the pain from debugging. McDirmid, based at Microsoft Research Asia, has been studying ways of implementing usable live programming environments: a solution that is less intrusive than classical debuggers. The idea is to essentially provide a programming environment in which editing of code and the execution of code occur simultaneously — and in the same interface as code editing — with tools to track the state of variables in a more or less live manner."

msm1267 writes "Microsoft announced last night that it has stopped pushing a security update originally released on Patch Tuesday because the fix is causing some PCs to blue-screen. Microsoft recommends users uninstall the patch, which is also causing compatibility issues with some endpoint security software. MS13-036 was part of this week's Patch Tuesday update. It addressed three vulnerabilities in the Windows Kernel-Mode Driver, which if exploited could allow an attacker to elevate their privileges on a compromised machine. Users began reporting issues earlier this week with some systems failing to recover from restarts, or applications failing to load, after the patch was installed."