"There is a kind of programming trap I occasionally fall into that is so damn irritating that it needs a name," writes Eric S. Raymond, in a new blog post: The task is easy to specify and apparently easy to write tests for. The code can be instrumented so that you can see exactly what is going on during every run. You think you have a complete grasp on the theory. It's the kind of thing you think you're normally good at, and ought to be able to polish off in 20 LOC and 45 minutes.

And yet, success eludes you for an insanely long time. Edge cases spring up out of nowhere to mug you. Every fix you try drags you further off into the weeds. You stare at dumps from the instrumentation until you're dizzy and numb, and no enlightenment occurs. Even as you are bashing your head against a wall of incomprehension, consciousness grows that when you find the solution, it will be damningly simple and you will feel utterly moronic, like you should have gotten there days ago.

Welcome to programmer hell. This is your shtoopid problem.... If you ever find yourself staring at your instrumentation results and thinking "It...can't...possibly...be...doing...that", welcome to shtoopidland. Here's your mallet, have fun pounding your own head. (Cue cartoon sound effects.)
Raymond's latest experience in shtoopidland came while working on a Python-translating tool, and left him analyzing why there's some programming conundrums that repel solutions. "You're not defeated by what you don't know so much as by what you think you do know," he concludes. So how do you escape?

"[I]nstrument everything. I mean EVERYTHING, especially the places where you think you are sure what is going on. Your assumptions are your enemy; printf-equivalents are your friend. If you track every state change in the your code down to a sufficient level of detail, you will eventually have that forehead-slapping moment of why didn't-I-see-this-sooner that is the terminal characteristic of a shtoopid problem."

Share your own stories in the comments. Are there any programmers on Slashdot who've experienced their own shtoopid problems?

Long-time Slashdot reader mni12 writes: Anybody interested to try out this "retro game" Amazon Alexa skill I created? Just say "Alexa, enable moon lander".

DESCRIPTION:
Your mission is to land the Apollo 11 Lunar Module to the surface of the Moon.Alexa will help you by reading out your altitude and velocity. Houston Mission Control is also monitoring your descend using telemetry. The telemetry data is shown on your Alexa companion app or website.

HOW TO PLAY:
You control the descent by throttling the rocket engine burn."Burn 100" will give maximum 100% thrust and "Burn 0" will give you no thrust.You can use any value between 0 and 100 to control the descent velocity.

The game starts at 1000 meters with descent velocity of -50 meters/second.The maximum landing velocity is 5 meters/second and you have 75 seconds to complete the mission.If you make a successful landing, you will be added on the Leader board with your score and ranking.
In a discussion on Reddit, the Python developer behind the game also remembers watching Neil Armstrong and Buzz Aldrin's actual 1969 moon landing on TV. "I added some 1969 sound clips from Apollo 11 mission to make the game experience sound more real...."

The original submission also offers some more hints about winning the game, while Wikipedia has a whole page devoted to the "Lunar Lander videogame genre," noting that the first version was created in 1969 on a PDP-8.

After breaking into the top three most popular programming languages for the first time this month, behind C and Java, Python has also won the hearts of hackers and web nasties, according to attack statistics published this week by web security biz Imperva. From a report: The company says more than a third of daily attacks against sites the company protects come from a malicious or legitimate tool coded in Python. Imperva says that around 77 percent of all the sites the company protects, have been attacked by at least one Python-based tool. Furthermore, when the company looked at the list of tools that hackers used for their attacks, more than a quarter were coded in Python, by far the attackers' favorite tool. "Hackers, like developers, enjoy Python's advantages which makes it a popular hacking tool," the Imperva team says.

Python creator Guido van Rossum retired in July, but he's been pulled back in to resolve a debate about politically incorrect language. The Register reports: Like other open source communities, Python's minders have been asked whether they really want to continue using the terms "master" and "slave" to describe technical operations and relationships, given that the words remind some people of America's peculiar institution, a historical legacy that fires political passions to this day. Last week Victor Stinner, a Python developer who works for Red Hat, published four pull requests seeking to change "master" and "slave" in Python documentation and code to terms like "parent," "worker," or something similarly anodyne. "For diversity reasons, it would be nice to try to avoid 'master' and 'slave' terminology which can be associated to slavery," he explained in his bug report, noting that there have been complaints but they've been filed privately -- presumably to avoid being dragged into a fractious flame war. And when Python 3.8 is released, there will be fewer instances of these terms.

InfoWorld described the move as a "breakthrough": As expected, Python has climbed into the Top 3 of the Tiobe index of language popularity, achieving that milestone for the first time ever in the September 2018 edition of the index. With a rating of 7.653 percent, Python placed third behind first-place Java, which had a rating of 17.436 percent, and second-place C, rated at 15.447. Python displaced C++, which finished third last month and took fourth place this month, with a rating of 7.394 percent...

Python also has been scoring high in two other language rankings:

- The PyPL Popularity of Programming Language index, where it ranked No. 1 this month, as it has done before, and has had the most growth in the past five years.

- The RedMonk Programming Language Rankings, where Python again placed third.
Tiobe notes that Python's arrival in the top 3 "really took a long time," since it first entered their chart at the beginning of the 1990s. But today, "It is already the first choice at universities (for all kinds of subjects for which programming is demanded) and is now also conquering the industrial world." In February Tiobe also added a new programming language to their index: SQL. (Since "SQL appears to be Turing complete.")

"Other interesting moves this month are: Rust jumps from #36 to #31, Groovy from #44 to #34 and Julia from #50 to #39."

Julia, the MIT-created programming language for developers "who want it all", hit its milestone 1.0 release this month -- with MIT highlighting its rapid adoption in the six short years since its launch. From a report: Released in 2012, Julia is designed to combine the speed of C with the usability of Python, the dynamism of Ruby, the mathematical prowess of MatLab, and the statistical chops of R. "The release of Julia 1.0 signals that Julia is now ready to change the technical world by combining the high-level productivity and ease of use of Python and R with the lightning-fast speed of C++," says MIT professor Alan Edelman. The breadth of Julia's capabilities and ability to spread workloads across hundreds of thousands of processing cores have led to its use for everything from machine learning to large-scale supercomputer simulation. MIT says Julia is the only high-level dynamic programming language in the "petaflop club," having been used to simulate 188 million stars, galaxies, and other astronomical objects on Cori, the world's 10th-most powerful supercomputer. The simulation ran in just 14.6 minutes, using 650,000 Intel Knights Landing Xeon Phi cores to handle 1.5 petaflops (quadrillion floating-point operations per second).

Programmers may love hot newer languages like Kotlin and Rust, but according to a Cloud Foundry Foundation (CFF) recent survey of global enterprise developers and IT decision makers, Java and Javascript are the top enterprise languages. ZDNet: That said, the CFF also found [PDF] that, "More and more, businesses are employing a polyglot and a multi-platform strategy to meet their exact needs." The CFF discovered 77 percent of enterprises are using or evaluating Platforms-as-a-Service (PaaS); 72 percent are using or considering containers; and 46 percent are using or thinking about serverless computing. Simultaneously, more than a third (39 percent) are using all three technologies together. For companies this "flexibility of cloud-native practices enables [companies to move] away from a monolithic approach and towards a world of computing that is flexible, portable and interoperable." That means, while Java and JavaScript are only growing ever more popular, the larger the company, the more languages are used. After the Java twins, C++, C#, Python, and PHP are the most popular languages.

An anonymous reader quotes InsideHPC: Today Julia Computing announced the Julia 1.0 programming language release, "the most important Julia milestone since Julia was introduced in February 2012." As the first complete, reliable, stable and forward-compatible Julia release, version 1.0 is the fastest, simplest and most productive open-source programming language for scientific, numeric and mathematical computing. "With today's Julia 1.0 release, Julia now provides the language stability that commercial customers require together with the unique combination of lightning speed and high productivity that gives Julia its competitive advantage compared with Python, R, C++ and Java."
The Register reports: Created by Jeff Bezanson, Stefan Karpinski, Viral Shah, and Alan Edelman, the language was designed to excel at data science, machine learning, and scientific computing.... Six years ago, Julia's creators framed their goals thus:

"We want a language that's open source, with a liberal license. We want the speed of C with the dynamism of Ruby. We want a language that's homoiconic, with true macros like Lisp, but with obvious, familiar mathematical notation like Matlab. We want something as usable for general programming as Python, as easy for statistics as R, as natural for string processing as Perl, as powerful for linear algebra as Matlab, as good at gluing programs together as the shell. Something that is dirt simple to learn, yet keeps the most serious hackers happy. We want it interactive and we want it compiled...."

In a julialang.org post announcing the milestone, the minders of the language claim to have achieved some of their goals.

A new article in CIO magazine argues that when it comes to computer science, "few of us really need much of any of it." Slashdot reader itwbennett offers this summary: At the heart of the matter is the fact that most businesses don't really need programmers to be deep thinkers. For them, it's "just as worthwhile to hire someone from a physics lab who just used Python to massage some data streams from an instrument. They can learn the shallow details just as readily as the CS genius," according to the article.
CIO's anonymous author promises an incomplete list of "why we may be better off ignoring CS majors." Some of the highlights:

• Theory distracts and confuses. "Many computer scientists are mathematicians at heart and the theorem-obsessed mindset permeates the discipline."

• Academic languages are rarely used. "...the academy breeds snobbery and a love for arcane solutions."

• Many CS professors are mathematicians, not programmers. "One of the dirty secrets about most computer science departments is that most of the professors can't program computers. Their real job is giving lectures and wrangling grants...."

• Many required subjects are rarely used. "...it's too bad few of us use many data structures any more."

• Institutions breed arrogance. "...the very nature of academic degrees are designed to give graduates the ability to argue one's superiority with authority. "

• Many modern skills are ignored. "If you want to understand Node.js, React, game design or cloud computation, you'll find very little of it in the average curriculum... It's very common for computer science departments to produce deep thinkers who understand some of the fundamental challenges without any shallow knowledge of the details that dominate the average employee's day."

"It's not that CS degrees are bad," the article concludes. "It's just that they're not going to speak to the problems that most of us need to solve."

New submitter rfengineer shares a report: Welcome to IEEE Spectrum's fifth annual interactive ranking of the top programming languages. Because no one can peer over the shoulders of every coder out there, anyone attempting to measure the popularity of computer languages must rely on proxy measures of relative popularity. In our case, this means combining metrics from multiple sources to rank 47 languages. But recognizing that different programmers have different needs and domains of interest, we've chosen not to blend all those metrics up into One Ranking to Rule Them All. [...] Python has tightened its grip on the No. 1 spot. Last year it came out on top by just barely beating out C, with Python's score of 100 to C's 99.7. But this year, there's a wider gap between first and second place, with C++ coming in at 98.4 for the No. 2 slot (last year, Java had come third with a score of 99.4, while this year its fallen to 4th place with a score of 97.5). C has fallen to third place, with a score of 98.2.

Since Venmo's transactions are "public" by default and broadcast on Venmo's API, a Python programmer decided to publicize a few of them, reports the Mercury News: The creator of the bot named "Who's buying drugs on Venmo" under the Twitter handle @venmodrugs says he wanted users to consider their privacy settings before using Venmo. The bot finds Venmo transactions that include words such as heroin, marijuana, cocaine, meth, speed or emojis that denote drugs and tweets the transaction with the names of the sender and receiver and the sender's photo, if there is one... "I wanted to demonstrate how much data Venmo was making publicly available with their open API and their public by default settings and encourage people to consider their privacy settings," Joel Guerra, the creator of the bot, told Motherboard, a technology news outlet run by Vice.
He shut the bot after 24 hours, according to a Medium essay titled "Why I blasted your 'drug' deals on Twitter": I chose drugs, sex and alcohol keywords as the trigger for the bot because because they were funny and shocking. I removed the last names of users because I didn't want to actually contribute to the problem of lack of privacy... I braced myself for backlash but the response was overwhelmingly positive. People understood my point and I had sparked a lot of discussion about online privacy and the need for users to do a better job of understanding the terms of software they were using -- and a lot of discussion about how companies need to do a better job of informing customers how their data was being used...

After about 24 hours of tweeting everyone's drug laden Venmo transactions I shut down the bot (Python script!!) and deleted all the tweets. I had successfully made my point and gotten more attention than I had imagined possible. Thousands of people were reading tweets and articles about the bot and discussing data privacy. I saw no further value in tweeting out anyone's personal transactions anymore. However, all I ever did was format the data and automate a Twitter account -- the data is still readily available.
His closure of the bot drew some interesting reactions on Twitter.

"booooooooo. I was so entertained by this."

"I remember I had a dealer take my phone and set venmo to private lol."

"we're looking to add a Python developer to our team and I think you'd be a good fit."

The Economist argues that Guido Van Rossum resembled the reluctant Messiah in Monty Python's Life of Brian. An anonymous reader quotes their report: "I certainly didn't set out to create a language that was intended for mass consumption," he explains. But in the past 12 months Google users in America have searched for Python more often than for Kim Kardashian, a reality-TV star. The rate of queries has trebled since 2010, while inquiries after other programming languages have been flat or declining. The language's popularity has grown not merely among professional developers -- nearly 40% of whom use it, with a further 25% wishing to do so, according to Stack Overflow, a programming forum -- but also with ordinary folk. Codecademy, a website that has taught 45 million novices how to use various languages, says that by far the biggest increase in demand is from those wishing to learn Python. It is thus bringing coding to the fingertips of those once baffled by the subject. Pythonistas, as aficionados are known, have helped by adding more than 145,000 packages to the Cheese Shop, covering everything from astronomy to game development....

Python was already the most popular introductory language at American universities in 2014, but the teaching of it is generally limited to those studying science, technology, engineering and mathematics. A more radical proposal is to catch 'em young by offering computer science to all, and in primary schools. Hadi Partovi, the boss of Code.org, a charity, notes that 40% of American schools now offer such lessons, up from 10% in 2013. Around two-thirds of 10- to 12-year-olds have an account on Code.org's website. Perhaps unnerved by a future filled with automated jobs, 90% of American parents want their children to study computer science.
"The CIA has employed Python for hacking, Pixar for producing films, Google for crawling web pages and Spotify for recommending songs," notes the Economist.

Though Van Rossum was Python's Benevolent Dictator For Life, "I'm uncomfortable with that fame," he tells the magazine. "Sometimes I feel like everything I say or do is seen as a very powerful force."

After almost 30 years of overseeing the development of the world's most popular language, Python, its founder and "Benevolent Dictator For Life" (BDFL), Guido van Rossum, has decided to remove himself entirely from the decision process. From a report: Van Rossum isn't leaving Python entirely. He said, "I'll still be there for a while as an ordinary core dev, and I'll still be available to mentor people -- possibly more available." It's clear from van Rossum's note he's sick and tired of running the organization. He wrote, "I don't ever want to have to fight so hard for a PEP (Python Enhancement Proposals) [PEP 572 Assignment Expressions] and find that so many people despise my decisions." In addition, van Rossum hints he's not been well. "I'm not getting younger... (I'll spare you the list of medical issues.)" So, "I'm basically giving myself a permanent vacation from being BDFL, and you all will be on your own." From the email: I am not going to appoint a successor. So what are you all going to do? Create a democracy? Anarchy? A dictatorship? A federation? I'm not worried about the day to day decisions in the issue tracker or on GitHub. Very rarely I get asked for an opinion, and usually it's not actually important. So this can just be dealt with as it has always been. At Slashdot, we had the privilege of interviewing Guido van Rossum, a Computer History Museum honoree, in 2013.

Geoff Boeing, a postdoc in the Urban Analytics Lab at the University California, Berkeley, has published a blog post that offers a fascinating look at the street orientation of major cities in the USA and around the world. What is interesting in his findings is how cities from different historical periods form different patterns, and also just how uniformly grid-structured most American cities are. From his post: In 1960, Kevin Lynch published The Image of the City, his treatise on the legibility of urban patterns. How coherent is a city's spatial organization? How do these patterns help or hinder urban navigation? I recently wrote about visualizing street orientations with Python and OSMnx. That is, how is a city's street network oriented in terms of the streets' compass bearings? How well does it adhere to a straightforward north-south-east-west layout? I wanted to revisit this by comparing 25 major US cities' orientations.

Each of the cities is represented by a polar histogram (aka rose diagram) depicting how its streets orient. Each bar's direction represents the compass bearings of the streets (in that histogram bin) and its length represents the relative frequency of streets with those bearings. [...] Most cities' polar histograms similarly tend to cluster in at least a rough, approximate way. But then there are Boston and Charlotte. Unlike most American cities that have one or two primary street grids organizing city circulation, their streets are more evenly distributed in every direction. Boeing published a follow-up to the post to include to compare world cities.

Open source guru Eric Raymond warned about the possibility of security bugs in critical code which can now date back more than two decades -- in a talk titled "Rescuing Ancient Code" at last week's SouthEast Linux Fest in North Carolina. In a new interview with ITPro Today, Raymond offered this advice on the increasingly important art of "code archaeology". "Apply code validators as much as you can," he said. "Static analysis, dynamic analysis, if you're working in Python use Pylons, because every bug you find with those tools is a bug that you're not going to have to bleed through your own eyeballs to find... It's a good thing when you have a legacy code base to occasionally unleash somebody on it with a decent sense of architecture and say, 'Here's some money and some time; refactor it until it's clean.' Looks like a waste of money until you run into major systemic problems later because the code base got too crufty. You want to head that off...."

"Documentation is important," he added, "applying all the validators you can is important, paying attention to architecture, paying attention to what's clean is important, because dirty code attracts defects. Code that's difficult to read, difficult to understand, that's where the bugs are going to come out of apparent nowhere and mug you."

For a final word of advice, Raymond suggested that it might be time to consider moving away from some legacy programming languages as well. "I've been a C programmer for 35 years and have written C++, though I don't like it very much," he said. "One of the things I think is happening right now is the dominance of that pair of languages is coming to an end. It's time to start looking beyond those languages for systems programming. The reason is we've reached a project scale, we've reached a typical volume of code, at which the defect rates from the kind of manual memory management that you have to do in those languages are simply unacceptable anymore... think it's time for working programmers and project managers to start thinking about, how about if we not do this in C and not incur those crazy downstream error rates."
Raymond says he prefers Go for his alternative to C, complaining that Rust has a high entry barrier, partly because "the Rust people have not gotten their act together about a standard library."

An anonymous reader quotes SD Times Java remains the most popular primary programming language, but JavaScript is the most used programming language overall. That is according to a recently released report from JetBrains on the State of the Developer Ecosystem in 2018. The report surveyed more than 6,000 developers from 17 countries to reveal the trends driving the world of coding this year... According to the report, Java, JavaScript and Python are the top three programming languages this year, and Go is the most promising language. Twenty percent of developers use multiple versions of Go at the same time, and 26 percent set up their GOPATH per project. The top Go frameworks include Gin, Beego, Echo and Buffalo.

While 38 percent of developers have no plans to adopt any new languages this year, the top languages respondents have started to learn in the last year include Python, JavaScript, Java, Go, TypeScript and Kotlin... Eighty-two percent of respondents use IDEs while 69 percent use editors. Of those using IDEs and editors, only 12 percent cited that they don't customize their IDE/editors. In addition, 77 percent use the dark theme for their editor or IDE... Some fun facts about developers include 77 percent listen to music while they are coding; the top music to listen to includes electronic, pop and rock; 53 percent sleep seven to eight hours a night; 85 percent code on the weekends; and 57 percent prefer coffee over tea.

An anonymous reader writes: A new feature proposal for the Python programming language wants to add "transparency" to the runtime and let security and auditing tools view when Python may be running potentially dangerous operations. In its current form, Python does not allow security tools to see what operations the runtime is performing. Unless one of those operations generates particular errors that may raise a sign of alarm, security and auditing tools are blind that an attacker may be using Python to carry out malicious operations on a system.

But in Python Enhancement Proposal 551 (PEP-551), Steve Dower, a core Python developer, has proposed the addition of two new APIs that will let security tools detect when Python is executing potentially dangerous operations. The first, the Audit Hook API, will raise warning messages about certain type of Python operations; while the second, the Verified Open Hook API, is a mechanism to let the Python runtime know what files it is permitted to execute or tamper with.

Initial plans were to have PEP-551 ship with Python 3.7, scheduled for release in mid-June 2018, but the proposal did not make the final cut, according to a list of new features added for next month's release. This doesn't mean PEP-551 won't ship with a future version of Python. This is the second major scripting engine to open its runtime to security tools, after PowerShell.

OpenSourceAllTheWay writes: The Economist's 1843 magazine details one middle-aged writer's (Andrew Smith) quest to learn to code for the first time, after becoming interested in the "alien" logic mechanisms that power completely new phenomena like crypto-currency and effectively make the modern world function in the 21st Century. The writer discovers that there are over 1,700 actively used computer programming languages to choose from, and that every programmer that he asks "Where should someone like me start with coding?" contradicts the next in his or her recommendation. One seasoned programmer tells him that programmers discussing what language is best is the equivalent of watching "religious wars." The writer is stunned by how many of these languages were created by unpaid individuals who often built them for "glory and the hell of it." He is also amazed by how many people help each other with coding problems on the internet every day, and the computer programmer culture that non-technical people are oblivious of.

Eventually the writer finds a chart of the most popular programming languages online, and discovers that these are Python, Javascript, and C++. The syntax of each of these languages looks indecipherable to him. The writer, with some help from online tutorials, then learns how to write a basic Python program that looks for keywords in a Twitter feed. The article is interesting in that it shows what the "alien world of coding" looks like to people who are not already computer nerds and in fact know very little about how computer software works. There are many interesting observations on coding/computing culture in the article, seen through the lens of someone who is not a computer nerd and who has not spent the last two decades hanging out on Slashdot or Stackoverflow.

Keeper, a password manager maker that recently and controversially sued a reporter, has fixed a bug that a security researcher claimed could have allowed access to a user's private data. From a report: The bug -- which the company confirmed and has since fixed -- filed anonymously to a public security disclosure list, detailed how anyone controlling Keeper's API server could gain access to the decryption key to a user's vault of passwords and other sensitive information. The researcher found the issue in the company's Python-powered script called Keeper Commander, which allows users to rotate passwords, eliminating the need for hardcoded passwords in software and systems.

According to the write-up, the researcher said it's possible that someone in control of Keeper's API -- such as employees at the company -- could unlock an account, because the API server stores the information used to produce an intermediary decryption key. "What seems to appear in the code of Keeper Commander from November 2015 to today is blind trust of the API server," said the researcher.

An anonymous reader writes: The BBC has a video celebrating the 40th birthday of spam email. Here's a transcript of the video: "It is 40 years since the first spam email was sent. Marketer Gary Thuerk composed an email selling his company's newest computers and sent it to 400 users on ARPANET, which was the network that become the basis for the internet. Why is it called spam? It has been suggested that it was called spam after a song in a Monty Python sketch. Where patrons of a cafe were repeatedly offered something they didn't want. The concept of spam is nothing new. Unsolicited telegrams were sent over 100 years ago and we've come to accept junk mail as part of everyday life. Now [nearly 60%] of all email is spam. Like most rubbish, it can be found everywhere on earth."