Microsoft languages seem to be hitting the right note with coders across ops, data science, and app development. From a report: JavaScript remains the most popular programming language, but two offerings from Microsoft are steadily gaining, according to developer-focused analyst firm RedMonk's first quarter 2018 ranking. RedMonk's rankings are based on pull requests in GitHub, as well as an approximate count of how many times a language is tagged on developer knowledge-sharing site Stack Overflow. Based on these figures, RedMonk analyst Stephen O'Grady reckons JavaScript is the most popular language today as it was last year. In fact, nothing has changed in RedMonk's top 10 list with the exception of Apple's Swift rising to join its predecessor, Objective C, in 10th place. The top 10 programming languages in descending order are JavaScript, Java, Python, C#, C++, CSS, Ruby, and C, with Swift and Objective-C in tenth.

TIOBE's top programming language index for March consists of many of the same top 10 languages though in a different order, with Java in top spot, followed by C, C++, Python, C#, Visual Basic .NET, PHP, JavaScript, Ruby, and SQL. These and other popularity rankings are meant to help developers see which skills they should be developing. Outside the RedMonk top 10, O'Grady highlights a few notable changes, including an apparent flattening-out in the rapid ascent of Google's back-end system language, Go.

An anonymous reader quotes Debian.org: The Debian project is pleased to announce the fourth update of its stable distribution Debian 9 (codename "stretch"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems... Please note that the point release does not constitute a new version of Debian 9 but only updates some of the packages included. There is no need to throw away old "stretch" media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror.
Phoronix adds that Debian 9.4 "has a new upstream Linux kernel release, various dependency fixes for some packages, an infinite loop fix in Glade, several CVE security fixes, a larger stack size for NTP, a new upstream release of their NVIDIA proprietary driver package, Python 3 dependency fixes, and other security fixes."

On Wednesday the Computer History Museum, "the world's leading institution exploring the history of computing and its transformational impact on society," proudly announced the three Fellow Award honorees for 2018:

• Dov Frohman-Bentchkowsky -- "For the invention of the first commercial erasable programmable read-only memory (EPROM), which enabled rapid development of microprocessor-based systems."
• Dame Stephanie Shirley CH -- "For a lifetime of entrepreneurship promoting the growth of the UK software industry and the advancement of women in computing."
• Guido van Rossum -- "For the creation and evolution of the Python programming language, and for leadership of its community."

"We are delighted to induct these outstanding new Fellows with diverse contributions in hardware, in services, and in software," said Len Shustek, the Museum's board chairman. "They are true heroes of the Digital Age."

A fascinating story of how Indian women have persevered through various roadblocks, including cultural, to actively contribute to the open source community. An excerpt from the story: As Vaishali Thakker, a 23-year old open source programmer looked over the hall filled with around 200 people, she didn't know how to react to what she had just heard. Thakker was one of the five women on the stage at PyCon India 2017, a conference on the use of the Python programming language, in New Delhi. The topic of the discussion was "Women in open source." As the women started discussing the open source projects they had been working on, the challenges and so on, someone from the audience got up and drew the attention of the gathering to the wi-fi hotspots in the hall. They were named "Shut the fk up" and "Feminism sucks." "It was right on our faces," remembers Thakker. For their part, the organisers were upset and even warned the audience. But the event had no code of conduct for anyone to really penalise or expel the culprits.

"It's disheartening when you're talking about the problem, someone is actually giving a proof that it (gender bias) indeed is a problem. In a way, I found it funny, because how stupid can you be to give the proof that the problem actually exists," says Thakker. And how. It's just been three years in her coding career but she is familiar with the high wall that gender stereotyping puts up in the world of software scripting. More so in her chosen field of coding. Thakker is among a small -- but fast-growing -- set of women coders from India shaping the future of several open source platforms globally including the Linux kernel, the core software program behind the world's biggest eponymous open source software.

An anonymous reader quotes InfoWorld: When it comes to which programming languages are in demand by employers, JavaScript, Java, Python, C++, and C -- in that order -- came out on top in a recent developer survey. Developers, however, want to learn languages like Python, Go, and Kotlin. A survey of developers by technical recruiter HackerRank, conducted in October, found no gap between languages employers want and what developers actually know, with JavaScript barely edging out Java...

HackerRank also found gaps in JavaScript frameworks between what employers want and what developers know. The React JavaScript UI library had the biggest delta between employers and developers, with about 37 percent of employers wanting React skills but only about 19 percent of developers having them... [But] problem-solving skills are the most-sought by employers, more than language proficiency, debugging, and system design.
The survey involved 39,441 developers, and concluded that "Python ruled among all age groups," according to Application Development Trends, "except for those 55 years or older, who narrowly prefer C."

InfoWorld reports that "the once-declining C language" has "completed a comeback" -- citing its rise to second place in the Tiobe Index of language popularity, the biggest rise of any language in 2017. An anonymous reader quotes their report: Although the language only grew 1.69 percentage points in its rating year over year in the January index, that was enough beat out runners-up Python (1.21 percent gain) and Erlang (0.98 percent gain). Just five months ago, C was at its lowest-ever rating, at 6.477 percent; this month, its rating is 11.07 percent, once again putting it in second place behind Java (14.215 percent) -- although Java dropped 3.05 percent compared to January 2017. C's revival is possibly being fueled by its popularity in manufacturing and industry, including the automotive market, Tiobe believes...

But promising languages such as Julia, Hack, Rust, and Kotlin were not able to reach the top 20 or even the top 30, Tiobe pointed out. "Becoming part of the top 10 or even the top 20 requires a large ecosystem of communities and evangelists including conferences," said Paul Jansen, Tiobe managing director and compiler of the index. "This is not something that can be developed in one year's time."
For 2017 Tiobe also reports that after Java and C, the most popular programming languages were C++, Python, C#, JavaScript, Visual Basic .Net, R, PHP, and Perl.

The rival Pypl Popularity of Programming Language index calculates that the most popular languages are Java, Python, PHP, JavaScript, C#, C++, C, R, Objective-C, and Swift.

Raspberry Pi founder and CEO Eben Upton says the Raspberry Pi isn't susceptible to the "Spectre" or "Meltdown" vulnerabilities because of the particular ARM cores they use. "Spectre allows an attacker to bypass software checks to read data from arbitrary locations in the current address space; Meltdown allows an attacker to read data from arbitrary locations in the operating system kernel's address space (which should normally be inaccessible to user programs)," Upton writes. He goes on to provide a "primer on some concepts in modern processor design" and "illustrate these concepts using simple programs in Python syntax..."

In conclusion: "Modern processors go to great lengths to preserve the abstraction that they are in-order scalar machines that access memory directly, while in fact using a host of techniques including caching, instruction reordering, and speculation to deliver much higher performance than a simple processor could hope to achieve," writes Upton. "Meltdown and Spectre are examples of what happens when we reason about security in the context of that abstraction, and then encounter minor discrepancies between the abstraction and reality. The lack of speculation in the ARM1176, Cortex-A7, and Cortex-A53 cores used in Raspberry Pi render us immune to attacks of the sort."

An anonymous reader writes: A long-time Unix sys-admin is suggesting 18 different New Year's resolutions for Linux systems adminstrators. And #1 is to automate more of your boring stuff. "There are several good reasons to turn tedious tasks into scripts. The first is to make them less annoying. The second is to make them less error-prone. And the last is to make them easier to turn over to new team members who haven't been around long enough to be bored. Add a small dose of meaningful comments to your scripts and you have a better chance of passing on some of your wisdom about how things should be done."

Along with that, they suggest learning a new scripting language. "It's easy to keep using the same tools you've been using for decades (I should know), but you might have more fun and more relevance in the long run if you teach yourself a new scripting language. If you've got bash and Perl down pat, consider adding Python or Ruby or some other new language to your mix of skills."

Other suggestions include trying a new distro -- many of which can now be run in "live mode" on a USB drive -- and investigating the security procedures of cloud services (described in the article as "trusting an outside organization with our data").

"And don't forget... There are now only 20 years until 2038 -- The Unix/Linux clockpocalypse."

An anonymous reader writes: The i-Programmer site revisits one of its top stories of 2017, about researchers who used data from GitHub for a large-scale empirical investigation into static typing versus dynamic typing. The team investigated 20 programming languages, using GitHub code repositories for the top 50 projects written in each language, examing 18 years of code involving 29,000 different developers, 1.57 million commits, and 564,625 bug fixes.

The results? "The languages with the strongest positive coefficients - meaning associated with a greater number of defect fixes are C++, C, and Objective-C, also PHP and Python. On the other hand, Clojure, Haskell, Ruby and Scala all have significant negative coefficients implying that these languages are less likely than average to result in defect fixing commits."

Or, in the researcher's words, "Language design does have a significant, but modest effect on software quality. Most notably, it does appear that disallowing type confusion is modestly better than allowing it, and among functional languages static typing is also somewhat better than dynamic typing."

An anonymous reader writes: Microsoft is considering adding Python as one of the official Excel scripting languages, according to a topic on Excel's feedback hub opened last month. Since it was opened, the topic has become the most voted feature request, double the votes of the second-ranked proposition. "Let us do scripting with Python! Yay! Not only as an alternative to VBA, but also as an alternative to field functions (=SUM(A1:A2))," the feature request reads, as opened by one of Microsoft's users.

The OS maker responded yesterday by putting up a survey to gather more information and how users would like to use Python inside Excel. If approved, Excel users would be able to use Python scripts to interact with Excel documents, their data, and some of Excel's core functions, similar to how Excel currently supports VBA scripts. Python is one of the most versatile programming languages available today. It is also insanely popular with developers. It ranks second on the PYPL programming languages ranking, third in the RedMonk Programming Language Rankings, and fourth in the TIOBE index.

Several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks, according to research presented at the Black Hat Europe 2017 security conference. An anonymous reader writes: The author of this research is IOActive Senior Security Consultant Fernando Arnaboldi, who says he used an automated software testing technique named fuzzing to identify vulnerabilities in the interpreters of five of today's most popular programming languages: JavaScript, Perl, PHP, Python, and Ruby.

Fuzzing involves providing invalid, unexpected, or random data as input to a software application. The researcher created his own fuzzing framework named XDiFF that broke down programming languages per each of its core functions and fuzzed each one for abnormalities. His work exposed severe flaws in all five languages, such as a hidden flaw in PHP constant names that can be abused to perform remote code execution, and undocumented Python methods that can be used for OS code execution. Arnaboldi argues that attackers can exploit these flaws even in the most secure applications built on top of these programming languages.

Slashdot reader Beeftopia shares "a detailed history of WebAssembly...from one of the developers." IEEE Spectrum reports that "Like a lot of stories about tech innovation, this one started with video games." [Mozilla's Alon Zakai] wanted to take a game he had helped write in C++ and convert it to JavaScript code that would run well on the Web. This was in 2010, and back then, converting C++ to JavaScript was unthinkable... so he started working to adapt an open-source tool that could translate C++ code into JavaScript automatically. He called his project Emscripten... we were able to formalize the permitted JavaScript patterns, to make the contract between Emscripten and the browser completely clear. We named the resulting subset of JavaScript asm.js... I would optimize the JavaScript engine in Firefox to run the resulting code even faster...

This brings us to the present... Emscripten can take code written in C++ and convert it directly into WebAssembly. And there will be ways in time to run other languages as well, including Rust, Lua, Python, Java, and C#. With WebAssembly, multimillion-line code bases can now load in a few seconds and then run at 80 percent of the speed of native programs. And both load time and execution speed are expected to improve as the browser engines that run the code are made better.
They'd started with a C++ game because "If we could make games run well on the Web, other computationally intensive applications would soon follow."

The article -- by Mozilla software engineer Luke Wagner -- remembers that the name Emscripten was a "a mash-up of 'script' from JavaScript and 'embiggen' from the TV show The Simpsons."

Mozilla's VP of Technology Strategy, Sean White, writes: I'm excited to announce the initial release of Mozilla's open source speech recognition model that has an accuracy approaching what humans can perceive when listening to the same recordings... There are only a few commercial quality speech recognition services available, dominated by a small number of large companies. This reduces user choice and available features for startups, researchers or even larger companies that want to speech-enable their products and services. This is why we started DeepSpeech as an open source project.

Together with a community of likeminded developers, companies and researchers, we have applied sophisticated machine learning techniques and a variety of innovations to build a speech-to-text engine that has a word error rate of just 6.5% on LibriSpeech's test-clean dataset. vIn our initial release today, we have included pre-built packages for Python, NodeJS and a command-line binary that developers can use right away to experiment with speech recognition.
The announcement also touts the release of nearly 400,000 recordings -- downloadable by anyone -- as the first offering from Project Common Voice, "the world's second largest publicly available voice dataset." It launched in July "to make it easy for people to donate their voices to a publicly available database, and in doing so build a voice dataset that everyone can use to train new voice-enabled applications." And while they've started with English-language recordings, "we are working hard to ensure that Common Voice will support voice donations in multiple languages beginning in the first half of 2018."

"We at Mozilla believe technology should be open and accessible to all, and that includes voice... As the web expands beyond the 2D page, into the myriad ways where we connect to the Internet through new means like VR, AR, Speech, and languages, we'll continue our mission to ensure the Internet is a global public resource, open and accessible to all."

An anonymous reader writes: Friday saw this year's first new posts on the Perl Advent Calendar, a geeky tradition first started back in 2000. It describes Santa including Unicode's "Father Christmas" emoji by enabling UTF-8 encoding and then using the appropriate hexadecimal code.

But in another corner of the North Pole, you can also unwrap the Perl 6 Advent Calendar, which this year celebrates the two-year anniversary of the official launch of Perl 6. Its first post follows a Grinch who used the but and does operators in Perl 6, while wrapping methods and subroutines to add extra sneaky features, "and even mutated the language itself to do our bidding."

Perl/Python guru Joel Berger has also started an advent calendar for the Mojolicious web application framework (written in Perl), and there's apparently also an advent calendar coming for the Perl Dancer web application framework.

Open source guru Eric S. Raymond followed up his post on alternatives to C by explaining why he won't touch C++ any more, calling the story "a launch point for a disquisition on the economics of computer-language design, why some truly unfortunate choices got made and baked into our infrastructure, and how we're probably going to fix them." My problem with [C++] is that it piles complexity on complexity upon chrome upon gingerbread in an attempt to address problems that cannot actually be solved because the foundational abstractions are leaky. It's all very well to say "well, don't do that" about things like bare pointers, and for small-scale single-developer projects (like my eqn upgrade) it is realistic to expect the discipline can be enforced. Not so on projects with larger scale or multiple devs at varying skill levels (the case I normally deal with)... C is flawed, but it does have one immensely valuable property that C++ didn't keep -- if you can mentally model the hardware it's running on, you can easily see all the way down. If C++ had actually eliminated C's flaws (that is, been type-safe and memory-safe) giving away that transparency might be a trade worth making. As it is, nope.
He calls Java a better attempt at fixing C's leaky abstractions, but believes it "left a huge hole in the options for systems programming that wouldn't be properly addressed for another 15 years, until Rust and Go." He delves into a history of programming languages, touching on Lisp, Python, and programmer-centric languages (versus machine-centric languages), identifying one of the biggest differentiators as "the presence or absence of automatic memory management." Falling machine-resource costs led to the rise of scripting languages and Node.js, but Raymond still sees Rust and Go as a response to the increasing scale of projects.
Eventually we will have garbage collection techniques with low enough latency overhead to be usable in kernels and low-level firmware, and those will ship in language implementations. Those are the languages that will truly end C's long reign. There are broad hints in the working papers from the Go development group that they're headed in this direction... Sorry, Rustaceans -- you've got a plausible future in kernels and deep firmware, but too many strikes against you to beat Go over most of C's range. No garbage collection, plus Rust is a harder transition from C because of the borrow checker, plus the standardized part of the API is still seriously incomplete (where's my select(2), again?).

The only consolation you get, if it is one, is that the C++ fans are screwed worse than you are. At least Rust has a real prospect of dramatically lowering downstream defect rates relative to C anywhere it's not crowded out by Go; C++ doesn't have that.

An anonymous reader writes: The late Jim Weirich "was a seminal member of the western world's Ruby community," according to Ruby developer Justin Searls, who at the age of 30 took over Weirich's tools (which are used by huge sites like Hulu, Kickstarter, and Twitter). Soon Searls made a will and a succession plan for his own open-source projects. Wired calls succession "a growing concern in the open-source software community," noting developers have another option: transferring their copyrights to an open source group (for example, the Apache Foundation).

Most package-management systems have "at least an ad-hoc process for transferring control over a library," according to Wired, but they also note that "that usually depends on someone noticing that a project has been orphaned and then volunteering to adopt it." Evan Phoenix of the Ruby Gems project acknowledges that "We don't have an official policy mostly because it hasn't come up all that often. We do have an adviser council that is used to decide these types of things case by case." Searls suggests GitHub and package managers like Ruby Gems add a "dead man's switch" to their platform, which would allow programmers to automatically transfer ownership of a project or an account to someone else if the creator doesn't log in or make changes after a set period of time.
Wired also spoke to Michael Droettboom, who took over the Python library Matplotlib after John Hunter died in 2012. He points out that "Sometimes there are parts of the code that only one person understands," stressing the need for developers to also understand the code they're inheriting.

Bill Gates uses an Android phone now. "It may not be the most surprising revelation, given profits are sinking faster than a boat without a hull and big-name partners are jumping ship left and right, but the founder of Microsoft has presumably left Windows Mobile," reports Neonwin. Long-time Slashdot reader Billly Gates (no relation) writes: I would assume this is the final nail in the coffin for Windows Phone and the rumored Surface Phone which may never see the light of day. Over the past few months we have seen a change in Microsoft with them being friendly to Linux with stories of porting .NET core over to Linux, helping write a custom Linux kernel, as well as introducing the not-so-popular-on-slashdot WSL Ubuntu for WIndows 10.
Noting the Android emulators in Visual Studio, he's wondering if the company's ambitions go beyond developers, and if they're planning a Microsoft version of Android, "as the tools are in place with Ubuntu, Node.js, Python, Microsoft Code editor, and the Visual Studio 2017 Community Edition."

His original submission points out that 10 years ago these stories would have been unimaginable, but he also asks a second question: has Microsoft really changed? "Could we be seeing a new Microsoft now that the world is moving to mobile and they have no operating system in it?"

"Static vs dynamic typing is always one of those topics that attracts passionately held positions," writes the Morning Paper -- reporting on an "encouraging" study that attempted to empirically evaluate the efficacy of statically-typed systems on mature, real-world code bases. The study was conducted by Christian Bird at Microsoft's "Research in Software Engineering" group with two researchers from University College London. Long-time Slashdot reader phantomfive writes: This study looked at bugs found in open source Javascript code. Looking through the commit history, they enumerated the bugs that would have been caught if a more strongly typed language (like Typescript) had been used. They found that a strongly typed language would have reduced bugs by 15%.

Does this make you want to avoid Python?

According to a new survey, coders with a bachelor's degree in computer science only earn 3,000 British Pounds (BP) more a year than those who don't have one. The survey of 4,700 developers in the UK was conducted by Stack Overflow, a community site frequented by developers for answers to technical questions. The Register reports the findings: This is despite the average degree now costing 9,000 BP a year in tuition fees alone. Average student debt is now more than 50,000 BP, according the Institute of Fiscal Studies. The research found that the median salary of those who did not have higher education was 35,000 BP per year, while those who gained a bachelor's degree earned 38,000 BP and postgraduates took home 42,000 BP. It found that 48 per cent of developers with less than four years of professional experience currently hold a Computer Science-related undergraduate degree, while 49 per cent had completed an online course instead. The research also found that JavaScript developers were most in demand, with almost 27 per cent of jobs advertised on Stack Overflow now requiring this skill, followed by Java (22 per cent), Python (16 per cent), C# (15 per cent) and ReactJS (9 per cent).

An anonymous reader quotes BleepingComputer: The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI -- Python Package Index -- the official third-party software repository for the Python programming language. NBU experts say attackers used a technique known as typosquatting to upload Python libraries with names similar to legitimate packages -- e.g.: "urlib" instead of "urllib." The PyPI repository does not perform any types of security checks or audits when developers upload new libraries to its index, so attackers had no difficulty in uploading the modules online.

Developers who mistyped the package name loaded the malicious libraries in their software's setup scripts. "These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script, setup.py, is modified to include a malicious (but relatively benign) code," NBU explained. Experts say the malicious code only collected information on infected hosts, such as name and version of the fake package, the username of the user who installed the package, and the user's computer hostname. Collected data, which looked like "Y:urllib-1.21.1 admin testmachine", was uploaded to a Chinese IP address. NBU officials contacted PyPI administrators last week who removed the packages before officials published a security advisory on Saturday."
The advisory lays some of the blame on Python's 'pip' tool, which executes arbitrary code during installations without requiring a cryptographic signature.

Ars Technica also reports that another team of researchers "was able to seed PyPI with more than 20 libraries that are part of the Python standard library," and that group now reports they've already received more than 7,400 pingbacks.