Former Slashdot contributor Nick Kolakowski is now a senior editor at Dice Insights, where he's just published a list of the top programming skills employers were looking for during the last 30 days.
If you're a software developer on the hunt for a new gig (or you're merely curious about what programming skills employers are looking for these days), one thing is clear: employers really, really, really want technologists who know how to build, maintain, and scale everything database- (and data-) related.

We've come to that conclusion after analyzing data about programming skills from Burning Glass, which collects and organizes millions of job postings from across the country.
The biggest takeaway? "When it comes to programming skills, employers are hungriest for SQL." Here's their ranking of the top most in-demand skills:

1. SQL
2. Java
3. "Software development"
4. "Software engineering"
5. Python
6. JavaScript
7. Linux
8. Oracle
9. C#
10. Git

The list actually includes the top 18 programming skills, but besides languages like C++ and .NET, it also includes more generalized skills like "Agile development," "debugging," and "Unix."

But Nick concludes that "As a developer, if you've mastered database and data-analytics skills, that makes you insanely valuable to a whole range of companies out there."

Which programming language saw the biggest jump on TIOBE's index of language popularity over the last year?

Unlike last year -- it's not Python. An anonymous reader quotes TIOBE.com: It is good old language C that wins the award this time with an yearly increase of 2.4%... The major drivers behind this trend are the Internet of Things (IoT) and the vast amount of small intelligent devices that are released nowadays...

Runners up are C# (+2.1%), Python (+1.4%) and Swift (+0.6%)...

Other interesting winners of 2019 are Swift (from #15 to #9) and Ruby (from #18 to #11). Swift is a permanent top 10 player now and Ruby seems [destined] to become one soon.

Some languages that were supposed to break through in 2019 didn't: Rust won only 3 positions (from #33 to #30), Kotlin lost 3 positions (from #31 to #35), Julia lost even 10 positions (from #37 to #47) and TypeScript won just one position (from #49 to #48).
And here's the new top 10 programming languages right now, according to TIOBE's January 2020 index.

• Java
• C
• Python
• C++
• C# (up two positions from January 2019)
• Visual Basic .NET (down one position from January 2019)
• JavaScript (down one position from January 2019)
• PHP
• Swift (up six positions from January 2019)
• SQL (down one position from January 2019)

"Users of an old version of the popular Python language face a reckoning at the end of the year," reports Wired, calling it a programmer's "own version of update hell." The developers who maintain Python, who work for a variety of organizations or simply volunteer their time, say they will stop supporting Python 2 on January 1, 2020 -- more than a decade after the introduction of Python 3 in December 2008. That means no more security fixes or other updates, at least for the official version of Python.

The Python team extended the initial deadline in 2015, after it became apparent that developers needed more time to make the switch.

It's hard to say how many organizations still haven't made the transition. A survey of developers last year by programming toolmaker JetBrains found that 75 percent of respondents use Python 3, up from 53 percent the year before. But data scientist Vicki Boykis points out in an article for StackOverflow that about 40 percent of software packages downloaded from the Python code management system PyPI in September were written in Python 2.7. For many companies, the transition remains incomplete. Even Dropbox, which employed Python creator Guido van Rossum until his retirement last month, still has some Python 2 code to update. Dropbox engineer Max Belanger says shifting the company's core desktop application from Python 2 to Python 3 took three years. "It wasn't a lot of absolute engineering work," Belanger says. "But it took a long time because stability is so important. We wanted to make sure our users didn't feel any effects of the transition."

The transition from Python 2 to 3 is challenging in part because of the number and complexity of other tools that programmers use. Programmers often rely on open source bundles of code known as "libraries" that handle common tasks, such as connecting to databases or verifying passwords. These libraries spare developers from having to rewrite these features from scratch. But if you want to update your code from Python 2 to Python 3, you need to make sure all the libraries you use also have made the switch. "It isn't all happening in isolation," Belanger says. "Everyone has to do it."

Today, the 360 most popular Python packages are all Python 3-compatible, according to the site Python 3 Readiness. But even one obscure library that hasn't updated can cause headaches.
Python's core team is now prioritizing smaller (but more frequent) updates to make it easier to migrate to newer versions, according to the article, noting that Guido Van Rossum "wrote last month that there might not ever be a Python 4. The team could just add features to Python 3 indefinitely that don't break backward compatibility."

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were caught stealing SSH and GPG keys from the projects of infected developers. From a report: The two libraries were created by the same developer and mimicked other more popular libraries -- using a technique called typosquatting to register similarly-looking names. The first is "python3-dateutil," which imitated the popular "dateutil" library. The second is "jeIlyfish" (the first L is an I), which mimicked the "jellyfish" library. The two malicious clones were discovered on Sunday, December 1, by German software developer Lukas Martini. Both libraries were removed on the same day after Martini notified dateutil developers and the PyPI security team. While the python3-dateutil was created and uploaded on PyPI two days before, on November 29, the jeIlyfish library had been available for nearly a year, since December 11, 2018.

Dropbox's Work in Progress blog shared a 2000-word "conversation with the creator of the world's most popular programming language," noting that many computer science schools are switching over from Java to Python, and arguing that "JavaScript still owns the web, and Java runs 2.5 billion Android phones, but for general purpose programming and education, Python has become the default standard."

They also write that the language's recently-retired creator Guido van Rossum "thinks Python may be closer to our visual understanding of the structures that we are representing in code than other languages." "While I was researching my book, CODERS," says author Clive Thompson, "I talked to a lot of developers who absolutely love Python. Nearly all said something like 'Python is beautiful.' They loved its readability -- they found that it was far easier to glance at Python code and see its intent. Shorn of curly brackets, indented in elegant visual shelves, anything written in Python really looks like modern poetry." They also find that Python is fun to write, which is more important than it may seem. As Thompson writes, "When you meet a coder, you're meeting someone whose core daily experience is of unending failure and grinding frustration."

Building the priority of the programmer's time into the language has had a curious effect on the community that's grown around it. There's a social philosophy that flows out of Python in terms of the programmer's responsibility to write programs for other people. There's an implicit suggestion, very much supported by Van Rossum in the ways he talks and writes about Python, to take a little more time in order to make your code more interpretable to someone else in the future. Expressing your respect for others and their time through the quality of your work is an ethos that Van Rossum has stealthily propagated in the world. "You primarily write your code to communicate with other coders, and, to a lesser extent, to impose your will on the computer," he says...

Part of the enduring appeal of Python is the optimism and humility of starting over. "If you've invested much more time into writing and debugging code, you're much less eager to throw it all away and start over." Co-founder and CEO, Drew Houston wrote the first prototype of Dropbox in Python on a five-hour bus ride from Boston to New York. "The early prototypes of Dropbox were thrown away, largely, many times," says Van Rossum....

What has he taken away from his thirty year journey with Python? "I have learned that you can't do it alone, which is not an easy lesson for me. I've learned that you don't always get the outcome that you went for, but maybe the outcome you get is just as good, or better."
Though two decades ago van Rossum had tried a short-lived project called Computer Programming 4 Everybody (or CP4E), he now says "I'm not so sure that it needs to happen anymore. I think computers have made it to that point, where they're just a useful thing that not everybody needs to know what goes on inside."

Long-time Slashdot reader theodp also flagged van Rossum's remarks that "there are certain introductions to programming that are fun for kids to do, but they're not fun for all kids, and I don't think I would want to make it a mandatory part of the curriculum."

b-dayyy quotes Linux Security: A new and particularly troublesome ransomware variant has been identified in the wild. Dubbed NextCry, this nasty strain of ransomware encrypts data on NextCloud Linux servers and has managed to evade the detection of public scanning platforms and antivirus engines. To make matters worse, there is currently no free decryption tool available for victims.

Ransomware hunter and creator of ID Ransomware Michael Gillespie notes that the NextCry ransomware, which is a Python script compiled in a Linux ELF binary using pyInstaller, oddly uses Base64 to encode file names as well as the content of files which have already been encrypted. Gillespie has also confirmed that NextCry encrypts data using the AES algorithm with a 256-bit key.

The ransom note that NextCry victims receive reads "READ_FOR_DECRYPT", and demands 0.025 BTC for a victim's files to be unlocked.

"What tech skills do U.S. employers want? Researchers at job search site Indeed took a deep dive into its database to answer that question," reports IEEE Spectrum: [A]t least for now, expertise in SQL came out on top of the list of most highly sought after skills, followed by Java. Python and Amazon Web Services (AWS) are coming on fast, and, should trends continue, may take over the lead in the next year or two...

Indeed's team considered U.S. English-language jobs posted on the site between September 2014 and September 2019; those postings encompassed 571 tech skills. Over that period, Docker, the enterprise container platform, sits at number 20 on the list today, but that is the result of a dramatic climb over that five-year period. Demand for proficiency in that platform-as-a-service grew more than 4000 percent, from a barely registering share of 0.1 percent of job post mentions in 2014 to 5.1 percent today. Azure jumped more than 1000 percent during that period, from 0.6 percent to 6.9 percent; and the general category of machine learning climbed 439 percent, closely followed by AWS at 418 percent.

Indeed's researchers note that the big jumps in demand for engineers skilled in Python stems from the boom in data scientist and engineer jobs, which disproportionately use Python.
"Python" has overtaken "Linux" in just the last two years, while in the same period "AWS" overtook C++, C, C# and .net.

dryriver writes: Everybody seems to think these days that kids desperately need to learn how to code when they turn six years old. But this ignores a glaring fact -- the biggest shortage in the future labor market is not people who can code competently in Python, Java or C++, it is people who can actually discover or invent completely new and better ways of doing things, whether this is in CS, Physics, Chemistry, Biology or other fields. If you look at the history of great inventors, the last truly gifted, driven and prolific non-corporate inventor is widely regarded to be Nikola Tesla, who had around 700 patents to his name by the time he died. After Tesla, most new products, techniques and inventions have come out of corporate, government or similar structures, not from a good old-fashioned, dedicated, driven, independent-minded, one-person inventor who feverishly dreams up new things and new possibilities and works for the betterment of humanity.

How do you teach inventing to kids? By teaching them the methods of Genrikh Altshuller, for example. Seriously, does teaching five to seven year olds 50-year-old CS/coding concepts and techniques do more for society than teaching kids to rebel against convention, think outside the box, turn convention upside down and beat their own path towards solving a thorny problem? Why does society want to create an army of code monkeys versus an army of kids who learn how to invent new things from a young age? Or don't we want little Nikola Teslas in the 21st Century, because that creates "uncertainty" and "risk to established ways of doing things?"

"The hit programming language Python has climbed over once-dominant Java to become the second most popular language on Microsoft-owned open-source code-sharing site GitHub," reports ZDNet: Python now outranks Java based on the number of repository contributors, and by that metric Python is now second only to JavaScript, which has been in top spot since 2014, according to GitHub's 'State of the Octoverse' report for 2019...

Another interesting aspect of GitHub's report is its ranking of fastest-growing languages. Google's Dart programming language and Flutter, for building UIs for iOS and Android apps, are getting major traction with developers on GitHub. Dart was the fastest-growing language between 2018 and 2019, with usage up a massive 532%. It was followed by the Mozilla-developed Rust, which grew a respectable 235%. Microsoft is experimenting with Rust in its Windows code base because it was designed to address memory-related security bugs -- the dominant flaw-type in Microsoft software over the past decade.

Last year Kotlin, the Google-endorsed programming language for Android app development, was the fastest-growing language on GitHub. It's not a top-10 language yet, but it still grew 182% over the year. Microsoft-backed TypeScript, its superset of JavaScript, is also growing fast, up 161% over the past year as more developers use it to grapple with large-scale JavaScript apps.

Other languages making up the top 10 fastest-growing category are HCL, PowerShell, Apex, Python, Assembly, and Go.

The share of cryptocurrency jobs per million has risen 1,457% over the past four years, according to a study by job site Indeed.com. VentureBeat reports: Indeed analyzed millions of job postings on Indeed.com to unpack how Bitcoin, cryptocurrency, and blockchain trends have affected the job market. Searches for Bitcoin, blockchain, and cryptocurrency roles are going down -- yet employer demand has skyrocketed. According to Indeed, in the four-year period between September 2015 and September 2019, the share of these jobs per million grew by 1,457%. In that same time period, the share of searches per million increased by 469%.

In the past year, the share of cryptocurrency job postings per million on Indeed.com has increased by 26%, while the share of searches per million for jobs has decreased by 53%. Bitcoin's volatility seems to correlate with job seeker interest, and the change in Bitcoin price this year might be why job searches have declined. Employers, however, are doubling down on the technology, which uses decentralized ledgers to produce secure and transparent transactions. The report says that if you want a better chance at getting a job in this field you should be a programmer familiar with basic cryptography, P2P networks, and a language like C++, Java, Python, or JavaScript (along with certain soft crypto skills). To stand out, you should learn new blockchain development languages, like Hyperledger, Bitcoin Script, Ethereum's Solidity, the Ripple protocol, or even languages currently in development -- like Rholang.

The top hirers are as follows: Deloitte, IBM, Accenture, Cisco, Collins Aerospace, Ernst & Young, Coinbase, Overstock, Ripple, Verizon, Circle, Kraken, ConsenSys, JP Morgan Chase, and Signature Bank.

"Guido van Rossum, the creator of the hugely popular Python programming language, is leaving cloud file storage firm Dropbox and heading into retirement," reports ZDNet: That ends his six and half years with the company, which hired in him in 2013 because so much of its functionality was built on Python. And, after last year stepping down from his leadership role over Python decision making, that means the Python creator is officially retiring....

According to Dropbox, in 2011, when van Rossum first met Dropbox CEO Drew Houston, the Dropbox server and desktop client were written "almost exclusively in Python". Today, Dropbox also relies on Go, TypeScript, and Rust, as well as the open source Mypy static type checker that Dropbox develops to manage Python code at scale. Mypy helps developers overcome the challenge of understanding dynamically typed Python code written by other developers in the past...

Dropbox said van Rossum has had a major impact on its engineering culture. "There was a small number of really smart, really young coders who produced a lot of very clever code that only they could understand," said van Rossum. "That is probably the right attitude to have when you're a really small startup." However, as Dropbox notes, when the company grew, new engineers could not understand the clever but 'short and cryptic' code written by and for earlier developers. Van Rossum called this "cowboy coding culture" and educated the company about the value of maintainable code. "When asked, I would give people my opinion that maintainable code is more important than clever code," he said.... Dropbox also credits van Rossum with sharpening the company's testing processes for its continuous integration program and helping engineers understand why tests were broken.
"Thank you, Guido" is the title of the post on Dropbox's blog announcing the news that van Rossum is now retiring. Sharing that article on Twitter Thursday, van Rossum added "It's bittersweet... I've learned a lot during my time as an engineer here -- e.g. type annotations came from this experience -- and I'll miss working here."

But by Friday he was heading off to the North Bay Python conference in Petaluma, California.

The steering council of Python said it is adopting a 12-month release cycle as it seeks to bring more consistency to schedule. In their mailing list they announced the change would mean developers would: 1. Know when to start testing the beta to provide feedback.
2. Know when the expect the RC so the community can prepare their projects for the final release.
3. Know when the final release will occur to coordinate their own releases (if necessary) when the final release of Python occurs.
4. Allow core developers to more easily plan their work to make sure work lands in the release they are targeting.
5. Make sure that core developers and the community have a shorter amount of time to wait for new features to be released. They added: It should also fit into the release schedule of Linux distributions like Fedora better than previously proposed so the distributions can test the RC when they start preparing for their own October releases. If this turns out to be a mistake after we try it out for Python 3.9 we can then discuss going back to longer betas and shorter RCs for the release after that. This will not change when feature development is cut off relative to PyCon US nor the core dev sprints happening just before the final release or the alpha of the next version.

The senior editor of Dice Insights writes: Which programming languages are most in-demand by employers? That's an excellent (and vital) question for developers out there, especially those who want to leverage their skills to land a particularly high-paying job. Fortunately, a new list gives us a pretty accurate rundown, and it's filled with the usual suspects: SQL, Java, JavaScript, Python, and so on.

The data comes from Burning Glass, which compiles and analyzes millions of job postings, so we can treat it as pretty comprehensive (although, as with any massive dataset, there's always the potential for errors)... The top-ranked presence of SQL shouldn't come as a shocker to anyone: although the language is older than many of the technologists who utilize it (it was created in 1974), it's still very much a key standardized language for relational databases (it's ranked eighth on the TIOBE Index, a popular but controversial ranking of the world's most popular programming languages). Businesses always need databases; and they're clearly hungry for technologists who can set up and manage them.

A recent study by IEEE Spectrum also noted that employers want developers skilled in Python, Java, C, C++, and JavaScript, so these languages' presence on the Burning Glass list should come as no surprise, either. All of these programming languages enjoy massive install bases across a variety of platforms, including mobile and the web; they're also taught widely in schools and bootcamps, ensuring that there's a steady pipeline of newly minted technologists who know them. In addition to building new stuff, businesses need to maintain legacy code written in these languages.

Over 100 published studies may have incorrect results thanks to a glitchy piece of Python code discovered by researchers at the University of Hawaii.

An anonymous reader quotes Motherboard: The glitch caused results of a common chemistry computation to vary depending on the operating system used, causing discrepancies among Mac, Windows, and Linux systems. The researchers published the revelation and a debugged version of the script, which amounts to roughly 1,000 lines of code, on Tuesday in the journal Organic Letters.

"This simple glitch in the original script calls into question the conclusions of a significant number of papers on a wide range of topics in a way that cannot be easily resolved from published information because the operating system is rarely mentioned," the new paper reads. "Authors who used these scripts should certainly double-check their results and any relevant conclusions using the modified scripts in the [supplementary information]."

Yuheng Luo, a graduate student at the University of Hawaii at Manoa, discovered the glitch this summer when he was verifying the results of research conducted by chemistry professor Philip Williams on cyanobacteria... Under supervision of University of Hawaii at Manoa assistant chemistry professor Rui Sun, Luo used a script written in Python that was published as part of a 2014 paper by Patrick Willoughby, Matthew Jansma, and Thomas Hoye in the journal Nature Protocols . The code computes chemical shift values for NMR, or nuclear magnetic resonance spectroscopy, a common technique used by chemists to determine the molecular make-up of a sample. Luo's results did not match up with the NMR values that Williams' group had previously calculated, and according to Sun, when his students ran the code on their computers, they realized that different operating systems were producing different results.

Sun then adjusted the code to fix the glitch, which had to do with how different operating systems sort files.
The researcher who wrote the flawed script told Motherboard that the new study was "a beautiful example of science working to advance the work we reported in 2014. They did a tremendous service to the community in figuring this out."

Sun described the original authors as "very gracious," saying they encouraged the publication of the findings.

Adam Geitgey: Exif metadata is not a native part of the Jpeg file format. It was an afterthought taken from the TIFF file format and tacked onto the Jpeg file format much later. This maintained backwards compatibility with old image viewers, but it meant that some programs never bothered to parse Exif data. Most Python libraries for working with image data like numpy, scipy, TensorFlow, Keras, etc, think of themselves as scientific tools for serious people who work with generic arrays of data. They don't concern themselves with consumer-level problems like automatic image rotation -- even though basically every image in the world captured with a modern camera needs it. This means that when you load an image with almost any Python library, you get the original, unrotated image data. And guess what happens when you try to feed a sideways or upside-down image into a face detection or object detection model? The detector fails because you gave it bad data. You might think this problem is limited to Python scripts written by beginners and students, but that's not the case! Even Google's flagship Vision API demo doesn't handle Exif orientation correctly. And while Google Vision still manages to detect some of the animals in the sideways image, it detects them with a non-specific "Animal" label. This is because it is a lot harder for a model to detect a sideways goose than an upright goose.

The Monty Python character known as the Gumby would often be found saying "My brain hurts". Now Reuters reports: In what is billed as an "extremely silly" event, hordes of Monty Python fans will gather in full Gumby attire in London on Saturday to celebrate the British comedy troupe's 50th anniversary. Kitted out in rubber boots, sleeveless sweaters, rolled-up trousers and with knotted handkerchiefs on their heads, they will attempt to set a Guinness World Record for the Largest Gathering of People Dressed as Gumbys. "It's all so excitingly pointless," said Python Terry Gilliam, who will host the event.
Meanwhile, the Guardian reports on recently-rediscovered documents from the BBC's archives about the show's launch in 1969: The BBC response, the archives make clear, was far less positive. At the weekly meeting where senior managers discussed the output, the head of factual had found Python "disgusting", arts had thought it "nihilistic and cruel", while religion objected to a Gilliam animation in which "Jesus... had swung his arm". The BBC One controller sensed the makers "continually going over the edge of what is acceptable".
The Guardian also tracked down 69-year-old Doug Holman who remembers John Cleese giving him tickets to watch a filming of the show when he was 19. ("Doug, boldly, writes back, saying he is part of a large group of friends who want to go. Cleese contacts the BBC to request a further 14 tickets...")

50 years later, Holman seems to remember the filming as being wonderfully chaotic. "There was a restaurant scene but I think the producer abandoned it when Cleese -- seemingly unhappy about having no lines -- disrupted each take by performing random Tourette-like impressions of a mouse being strangled by a psychotic cat. I remember it being total anarchy yet excruciatingly funny, in the literal sense. We all experienced genuine pain from extended bouts of uncontrollable laughter."

An anonymous reader quotes ZDNet: Microsoft has launched a new 44-part series called Python for Beginners on YouTube, consisting of three- to four-minute lessons from two self-described geeks at Microsoft who love programming and teaching.

The course isn't quite for total beginners as it assumes people have done a little programming in JavaScript or played around with the MIT-developed Scratch visual programming language aimed at kids. But it could help beginners kick-start ambitions to build machine-learning apps, web applications, or automate processes on a desktop.... It has published a page on GitHub containing additional resources, including slides and code samples to help students become better at Python.

In 107 days, Python 2 -- first released in 2000 -- will officially sunset, according to an announcement this week by "volunteers who make and take care of the Python programming language."

But according to TechRepublic, not everybody is ready: Given Python's popularity and ubiquity, the amount of business logic hinging on Python is quite vast, presenting an issue for organizations still clinging to Python 2. JPMorgan's Athena trading platform is one of those applications -- while access has only been available directly to clients since 2018, the Athena platform is used internally at JPMorgan for pricing, trading, risk management, and analytics, with tools for data science and machine learning. This extensive feature set utilizes over 150,000 Python modules, over 500 open source packages, and 35 million lines of Python code contributed by over 1,500 developers, according to data presented by Misha Tselman, executive director at J.P. Morgan Chase in a talk at PyData 2017.

Migrating 35 million lines of code from Python 2 to Python 3 is quite the undertaking -- and JPMorgan is going to miss the deadline, according to eFinancialCareers, stating that JPMorgan's roadmap puts "most strategic components" compatible with Python 3 by the end of Q1 2020 -- that is, three months after the end of security patches -- with "all legacy Python 2.7 components" planned for compatibility with Python 3 by Q4 2020.

Modern developer practices are needed to maintain a project of this scale -- fortunately, JPMorgan uses Continuous Delivery, with 10,000 to 15,000 production changes per week, according to Tselman.
The eFinancialCareers site argues that banks "have been dragging their feet," adding that JPMorgan is not the only bank that still hasn't migrated to Python 3.

The Python volunteers are pointing concerned individuals to the Python 2.7 Countdown Clock, and their announcement also links to a list of support and migration vendors, adding "If you can pay to hire someone to help you, post on the job board or hire a consultant. If you need free help from volunteers, look at this help page."

XKCD cartoonist Randall Munroe says he received "a huge number of submissions" in a contest to choose an additional city for his upcoming book tour. The challenge? "Write the best story using nothing but book covers... You'll get extra credit for including as many books and people as possible." And the winning entry involved 98 people in an earnest community project featuring Alaskans young and old, in a series of four YouTube videos that lasts nearly three minutes. ("Listen to me. This idea is brilliant. Stop staring at screens. If you love me, get a life...!")

Munroe applauded their efforts in a blog post announcing their winning entry. I'm a sucker for (a) public libraries, and (b) people who get so excited about glaciers that they lose their train of thought."
Several runners-up will receive a personalized drawing of their bookstore or library -- or a signed book. Runners up include the Content Bookstore in Northfield, Minnesota, who assembled over 60 people for a story in the form of a choose-your-own adventure flowchart. And Naitian Zhou of Ann Arbor, Michigan built an interactive tool that generates arbitrary grammatical sentences by running a database of book titles through Python language tools. ("Don't judge a book by its cover," jokes its web page. "Judge it by its linguistic productivity instead!")

The How To book tour starts on September 3rd in Cambridge, and Munroe says "I'll be appearing in conversation with some very cool people, including researchers, journalists, and cartoonists. We'll be discussing How To, science, comics, the destruction of the universe, and the ethics of hitting drones with tennis balls."

Python's End-of-Life date is 129 days away, warns the UK National Cyber Security Centre (NCSC). "There will be no more bug fixes, or security updates, from Python's core developers."

An anonymous reader quotes ZDNet: The UK's cyber-security agency warned developers Thursday to consider moving Python 2.x codebases to the newer 3.x branch due to the looming end-of-life of Python 2, scheduled for January 1, 2020... "If you continue to use unsupported modules, you are risking the security of your organisation and data, as vulnerabilities will sooner or later appear which nobody is fixing."

"If you maintain a library that other developers depend on, you may be preventing them from updating to 3," the agency added. "By holding other developers back, you are indirectly and likely unintentionally increasing the security risks of others... If migrating your code base to Python 3 is not possible, another option is to pay a commercial company to support Python 2 for you," the NCSC said.

The agency warns that companies who don't invest in migrating their Python 2.x code might end up in the same position as Equifax or the WannaCry victims. "At the NCSC we are always stressing the importance of patching. It's not always easy, but patching is one of the most fundamental things you can do to secure your technology," the agency said. "The WannaCry ransomware provides a classic example of what can happen if you run unsupported software," it said. "By making the decision to continue using Python 2 past its end of life, you are accepting all the risks that come with using unsupported software, while knowing that a secure version is available."