"Static vs dynamic typing is always one of those topics that attracts passionately held positions," writes the Morning Paper -- reporting on an "encouraging" study that attempted to empirically evaluate the efficacy of statically-typed systems on mature, real-world code bases. The study was conducted by Christian Bird at Microsoft's "Research in Software Engineering" group with two researchers from University College London. Long-time Slashdot reader phantomfive writes: This study looked at bugs found in open source Javascript code. Looking through the commit history, they enumerated the bugs that would have been caught if a more strongly typed language (like Typescript) had been used. They found that a strongly typed language would have reduced bugs by 15%.

Does this make you want to avoid Python?

According to a new survey, coders with a bachelor's degree in computer science only earn 3,000 British Pounds (BP) more a year than those who don't have one. The survey of 4,700 developers in the UK was conducted by Stack Overflow, a community site frequented by developers for answers to technical questions. The Register reports the findings: This is despite the average degree now costing 9,000 BP a year in tuition fees alone. Average student debt is now more than 50,000 BP, according the Institute of Fiscal Studies. The research found that the median salary of those who did not have higher education was 35,000 BP per year, while those who gained a bachelor's degree earned 38,000 BP and postgraduates took home 42,000 BP. It found that 48 per cent of developers with less than four years of professional experience currently hold a Computer Science-related undergraduate degree, while 49 per cent had completed an online course instead. The research also found that JavaScript developers were most in demand, with almost 27 per cent of jobs advertised on Stack Overflow now requiring this skill, followed by Java (22 per cent), Python (16 per cent), C# (15 per cent) and ReactJS (9 per cent).

An anonymous reader quotes BleepingComputer: The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI -- Python Package Index -- the official third-party software repository for the Python programming language. NBU experts say attackers used a technique known as typosquatting to upload Python libraries with names similar to legitimate packages -- e.g.: "urlib" instead of "urllib." The PyPI repository does not perform any types of security checks or audits when developers upload new libraries to its index, so attackers had no difficulty in uploading the modules online.

Developers who mistyped the package name loaded the malicious libraries in their software's setup scripts. "These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script, setup.py, is modified to include a malicious (but relatively benign) code," NBU explained. Experts say the malicious code only collected information on infected hosts, such as name and version of the fake package, the username of the user who installed the package, and the user's computer hostname. Collected data, which looked like "Y:urllib-1.21.1 admin testmachine", was uploaded to a Chinese IP address. NBU officials contacted PyPI administrators last week who removed the packages before officials published a security advisory on Saturday."
The advisory lays some of the blame on Python's 'pip' tool, which executes arbitrary code during installations without requiring a cryptographic signature.

Ars Technica also reports that another team of researchers "was able to seed PyPI with more than 20 libraries that are part of the Python standard library," and that group now reports they've already received more than 7,400 pingbacks.

An anonymous reader quotes Stack Overflow Blog: In this post, we'll explore the extraordinary growth of the Python programming language in the last five years, as seen by Stack Overflow traffic within high-income countries. The term "fastest-growing" can be hard to define precisely, but we make the case that Python has a solid claim to being the fastest-growing major programming language... June 2017 was the first month that Python was the most visited [programming language] tag on Stack Overflow within high-income nations. This included being the most visited tag within the US and the UK, and in the top 2 in almost all other high income nations (next to either Java or JavaScript). This is especially impressive because in 2012, it was less visited than any of the other 5 languages, and has grown by 2.5-fold in that time. Part of this is because of the seasonal nature of traffic to Java. Since it's heavily taught in undergraduate courses, Java traffic tends to rise during the fall and spring and drop during the summer.

Does Python show a similar growth in the rest of the world, in countries like India, Brazil, Russia and China? Indeed it does. Outside of high-income countries Python is still the fastest growing major programming language; it simply started at a lower level and the growth began two years later (in 2014 rather than 2012). In fact, the year-over-year growth rate of Python in non-high-income countries is slightly higher than it is in high-income countries... We're not looking to contribute to any "language war." The number of users of a language doesn't imply anything about its quality, and certainly can't tell you which language is more appropriate for a particular situation. With that perspective in mind, however, we believe it's worth understanding what languages make up the developer ecosystem, and how that ecosystem might be changing. This post demonstrated that Python has shown a surprising growth in the last five years, especially within high-income countries.
The post was written by Stack Overflow data scientist David Robinson, who notes that "I used to program primarily in Python, though I have since switched entirely to R."

"I can't remember the last time I cared about Mozilla," writes Matt Asay at TechRepublic. "I also can't remember a time when we needed it more." An anonymous reader quotes TechRepublic: Mozilla's Firefox is almost a rounding error in desktop market share, and nonexistent in mobile browser market share. It offers a few other services, like Pocket, but largely gets ignored... This is a mistake. Our world is increasingly mediated by the internet, and that internet has just a few gatekeepers, collecting tolls as we browse. As Python guru Matt Harrison put it, "Vendors control the default browser which 99.9% of people use." Those vendors are happy to sell us access to information. Nothing about it is free. You are most definitely the product.

On mobile, where the majority of the world's content is now consumed, Google and Facebook own eight of the top 10 apps, with apps devouring 87% of our time spent on smartphones and tablets, according to new comScore data. For that remaining 13% of time spent on the mobile web, Google and Apple offer the two dominant browsers... the majority of our time online is now mediated by just a few megacorporations, and for the most part their top incentive is to borrow our privacy just long enough to target an ad at us. Then there's Mozilla, an organization whose mantra is "Internet for people, not profit." That feels like a necessary voice to add to today's internet oligopoly, but it's not one we're hearing... We clearly need an organization standing up for web freedom, as expecting Google to do that is like asking the fox to guard the henhouse. Google does many great things, but its clear incentive is to sell ads. We are Google's product, as the saying goes.
The article applauds the Mozilla-sponsored Rust programming language as promising, "but not to save the web from the all-consuming embrace of Facebook and Google, especially as they wall off the experience in apps... "If I sound like I don't know what to propose Mozilla should do, it's because I don't. I simply feel strongly that the role Mozilla played in the early browser wars needs to be resurrected to save the web today."

An anonymous reader quotes an announcement from Reddit's founding engineer: When we open sourced Reddit back in 2008, Reddit Inc was a ragtag organization and the future of the company was very uncertain. We wanted to make sure the community could keep the site alive should the company go under and making the code available was the logical thing to do. Nine years later and Reddit is a very different company and as anyone who has been paying attention will have noticed, we've been doing a bad job of keeping our open-source product repos up to date. This is for a variety of reasons, some intentional and some not so much:

Open-source makes it hard for us to develop some features "in the clear" (like our recent video launch) without leaking our plans too far in advance. As Reddit is now a larger player on the web, it is hard for us to be strategic in our planning when everyone can see what code we are committing. Because of the above, our internal development, production and "feature" branches have been moving further and further from the "canonical" state of the open source repository... We are actively moving away from the "monolithic" version of reddit that works using only the original repository... Because of these reasons, we are making the following changes to our open-source practice. We're going to archive reddit/reddit and reddit/reddit-mobile. These will still be accessible in their current state, but will no longer receive updates.
The announcement has been condensed slightly, but Reddit's founding engineer insists that "We believe in open source, and want to make sure that our contributions are both useful and meaningful. We will continue to open source tools that are of use to engineers everywhere." In addition, "Much of the core of Reddit is based on open source technologies (Postgres, python, memcached, Cassanda to name a few!) and we will continue to contribute to projects we use and modify..."

"Those who have been paying attention will realize that this isn't really a change to how we're doing anything but rather making explicit what's already been going on."

Stack Overflow data scientist David Robinson published an interesting observation: There exists a small but meaningful divide between the programming technologies used in wealthy countries and those used in developing countries. From a report: To be sure, programmers everywhere tend to build things with the same tools, which makes sense because software is a global industry. The first is in data science, which tends to employ the programming languages Python and R. "Python is visited about twice as often in high-income countries as in the rest of the world, and R about three times as much," Robinson writes. "We might also notice that among the smaller tags, many of the greatest shifts are in scientific Python and R packages such as pandas, numpy, matplotlib and ggplot2. This suggests that part of the income gap in these two languages may be due to their role in science and academic research. It makes sense these would be more common in wealthier industrialized nations, where scientific research makes up a larger portion of the economy and programmers are more likely to have advanced degrees." C and C++ use is similarly skewed toward wealthy countries. This is likely for a similar reason. These are languages that are pushed in American universities. They also tend to be used in highly specialized/advanced programming fields like embedded software and firmware development where you're more likely to find engineers with advanced degrees.

An anonymous reader quotes Motherboard: If the esoteric programming language Asciidots looks like a mess, it is at least a very different-looking and even aesthetically pleasing mess. Simply, its mechanics and syntax are based on Ascii art... Asciidots is a unique sort of programming language known as a dataflow language. In this sort of language, we can imagine units of data (like our variable x) following a data go-kart track that's interrupted in different places with pit stops that change the value of the data go-kart that's following the track around. One pit stop might add 1 to the variable, while another might chop it in half. At some points, the track might even split, with the data go-kart picking one fork depending on its current value. If, say, it's greater than 2 it might go left; otherwise, it goes right...

In Asciidots, the aforementioned go-kart track is represented by lines (|,-,/,\)... Most of the other non-line symbols are mathematical operators, but there are also symbols that direct the program to request input from the user, set values, print values, and change the direction of the unit of data... Under the hood, Asciidots is a Python program. An Asciidots program is just fed into that underlying program and digested into normal Python code, which is then executed.
The article includes some examples, and argues that esoteric esolangs like Asciidots force programmers to consider fresh perspectives. And in addition, "it looks really cool."

AmiMoJo brings news about gedit, the default text editor for GNOME: In a post to the gedit mailing list, Sébastien Wilmet states that gedit is no longer maintained and asks "any developer interested to take over the maintenance of gedit?" Just in case you were considering it, he warns "BTW while the gedit core is written in C (with a bit of Objective-C for Mac OS X support), some plugins are written in Vala or Python. If you take over gedit maintenance, you'll need to deal with four programming languages (without counting the build system). The Python code is not compiled, so when doing refactorings in gedit core, good luck to port all the plugins (the Python code is also less "greppable" than C). At least with Vala there is a compiler, even if I would not recommend Vala."
Sébastien's comments were surrounded by a <rant-on-languages> tag, but they're still crying out for some serious discussion. Any Slashdot readers want to share their own insights on Python, some fond thoughts on gedit, or suggestions for maintaining a great piece of open source software?

An anonymous reader shares a news post: Following the recent WannaCry and Petya ransomware attacks, Microsoft recommended all Windows 10 users to remove the unused but vulnerable SMBv1 file sharing protocol from their PCs. This is because both variants of the ransomware actually used the same SMBv1 exploit to replicate through network systems, even though it seems that Petya mostly affected Windows PCs in Ukraine. Anyway, if you haven't turned off the protocol on the PC already, you really should: Not only because new WannaCry/Petya variants could once again use the same vulnerability again to encrypt your files, but because another 20-year-old flaw has just been unveiled during the recent DEF CON hacker conference. The SMB security flaw called "SMBLoris" was discovered by security researchers at RiskSense, who explained that it can lead to DoS attacks affecting every version of the SMB protocol and all versions of Windows since Windows 2000. More importantly, a Raspberry Pi and just 20 lines of Python code are enough to put a Windows server to its knees.

An anonymous reader writes: Palo Alto-based HackerRank, which offers online programmng challenges, "dug into our data of about 450,000 unique U.S. developers to uncover which states are home to the best software engineers, and which pockets of the country have the highest rate of developer growth." Examining the 24 months from 2015 through the end of 2016, they calculated the average score for each state in eight programming-related domains. (Algorithms, data structures, functional programming, math, Java, Ruby, C++, and Python.) But it seems like low-population states would have fewer people taking the tests, meaning a disproportionate number of motivated and knowledgeable test takers could drastically skew the results. Sure enough, Wyoming -- with a population of just 584,153 -- has the smallest population of any U.S. state, but the site's second-highest average score, and the top score in three subject domains -- Ruby, data structures, and algorithms. And the District of Columbia -- population 681,170 -- has the highest average score for functional programming.

California, New York and Virginia still had the highest number of developers using the site, while Alaska, Wyoming and South Dakota not surprisingly had the least number of developers. But maybe the real take-away is that programmers are now becoming more distributed. HackerRank's announcement notes that the site "found growing developer communities and skilled developers all across the country. Previously, the highest concentrations of developers did not stray far from the tech hubs in California. Hawaii, Colorado, Virginia, and Nevada demonstrated the fastest growth in terms of developer activity on the HackerRank platform..." In addition, "we've had a noticeable uptick in customers across industries, from healthcare to retail and finance, with strong demand for identifying technical skills quickly."
Their conclucion? "Today, as the demand for developers goes beyond technology and as there is more opportunity to work remotely, there's a more distributed workforce of skilled developers across the nation, from the Rust Belt to the East Coast... Software developers aren't just attached to VCs, startups or Silicon Valley anymore."

An anonymous reader quotes Phoronix: Finalizing Fedora's switch from Python 2 to Python 3 by default is still going to take several more Fedora release cycles and should be done by the 2020 date when Python 2 will be killed off upstream. While much of Fedora's Python code is now compatible with Py3, the /usr/bin/python still points to Python 2, various python-* packages still mean Python 2... The end game is to eventually get rid of Python 2 from Fedora but that is even further out.
Fedora is now gathering feedback on a Wiki page explaining the switch.

An anonymous reader quotes InfoWorld: Proponents of Rust, the language engineered by Mozilla to give developers both speed and memory safety, are stumping for the language as a long-term replacement for C and C++. But replacing software written in these languages can be a difficult, long-term project. One place where Rust could supplant C in the short term is in the traditionally C libraries used in other languages... [A] new spate of projects are making it easier to develop Rust libraries with convenient bindings to Python -- and to deploy Python packages that have Rust binaries.
The article specifically highlights these four new projects:

• Rust-CPython - a set of bindings in Rust for the CPython runtime
• PyO3 - a basic way to write Rust software with bindings to Python in both directions.
• Snaek - lets developers create Rust libraries that are loaded dynamically into Python as needed, but don't rely on being linked statically against Python's runtime.
• Cookiecutter PyPackage Rust Cross-Platform Publish - simplifies the process of bundling Rust binaries with a Python library.

An anonymous reader quotes IEEE Spectrum's annual report on the top programming languages: As with all attempts to rank the usage of different languages, we have to rely on various proxies for popularity. In our case, this means having data journalist Nick Diakopoulos mine and combine 12 metrics from 10 carefully chosen online sources to rank 48 languages. But where we really differ from other rankings is that our interactive allows you choose how those metrics are weighted when they are combined, letting you personalize the rankings to your needs. We have a few preset weightings -- a default setting that's designed with the typical Spectrum reader in mind, as well as settings that emphasize emerging languages, what employers are looking for, and what's hot in open source...

Python has continued its upward trajectory from last year and jumped two places to the No. 1 slot, though the top four -- Python, C, Java, and C++ -- all remain very close in popularity. Indeed, in Diakopoulos's analysis of what the underlying metrics have to say about the languages currently in demand by recruiting companies, C comes out ahead of Python by a good margin... Ruby has fallen all the way down to 12th position, but in doing so it has given Apple's Swift the chance to join Google's Go in the Top Ten... Outside the Top Ten, Apple's Objective-C mirrors the ascent of Swift, dropping down to 26th place. However, for the second year in a row, no new languages have entered the rankings. We seem to have entered a period of consolidation in coding as programmers digest the tools created to cater to the explosion of cloud, mobile, and big data applications.
"Speaking of stabilized programming tools and languages," the article concludes, "it's worth noting Fortran's continued presence right in the middle of the rankings (sitting still in 28th place), along with Lisp in 35th place and Cobol hanging in at 40th."

Jason Baker, a Red Hat data analyst, doesn't believe developers who use spaces make more money than those who use tabs. An anonymous reader quotes Baker's blog post: After reading the study one data scientist, Evelina Gabasova, performed some additional analysis and came to a slightly different conclusion, which feels a little more precise: "Environments where people use Git and contribute to open source are more associated both with higher salaries and spaces, rather than with tabs." In other words, if you're at a company where you're using version control and committing open source code upstream, you're statistically a little more likely to be a space-user and a higher wage-earner.
Even across all experience levels, contributing to open source still correlates to higher salaries, Gabasova concludes. "My theory is that when diverse people are working on open source projects together without enforced coding style, the possible formatting mess is nudging people towards using spaces simply because the code is consistent for everyone.

"This is just one of the possible theories, I didn't look to see if possibly language communities that use predominantly spaces (like Python or Ruby) are more active in open source."

An anonymous reader quotes Computerworld: Ruby has had a reputation as a user-friendly language for building web applications. But its slippage in this month's RedMonk Programming Language Rankings has raised questions about where exactly the language stands among developers these days. The twice-yearly RedMonk index ranked Ruby at eighth, the lowest position ever for the language. "Swift and now Kotlin are the obvious choices for native mobile development. Go, Rust, and others are clearer modern choices for infrastructure," said RedMonk analyst Stephen O'Grady. "The web, meanwhile, where Ruby really made its mark with Rails, is now an aggressively competitive and crowded field." Although O'Grady noted that Ruby remains "tremendously popular," participants on sites such as Hacker News and Quora have increasingly questioned whether Ruby is dying. In the Redmonk rankings, Ruby peaked at fourth place in 2013, reinforcing the perception it is in decline, if a slow one.

An anonymous reader shares their thoughts on language popuarity: In the PYPL index, which is based on Google searches and is supposed to be forward looking, the trend is unmistakable. Python is rising fast and Java and others are declining. Combine this with the fact that Python is now the most widely taught language in the universities. In fields such as data science and machine learning, Python is already dominating. "Python where you can, C++ where you must" enterprises are following suit too, especially in data science but for everything else from web development to general purpose computing...

People who complain that you can't build large scale systems without a compiler likely over-rely on the latter and are slaves to IDEs. If you write good unit tests and enforce Test Driven Development, the compiler becomes un-necessary and gets in the way. You are forced to provide too much information to it (also known as boilerplate) and can't quickly refactor code, which is necessary for quick iterations.
The original submission ends with a question: "Is Python going to dominate in the future?" Slashdot readers should have some interesting opinions on this. So leave your own thoughts in the comments. Will Python become the dominant programming language?

Slashdot reader dryriver writes: There appear to be two main ways to write code today. One is with text-based languages ranging from BASIC to Python to C++. The other is to use a flow-based or dataflow programming-based visual programming language where you connect boxes or nodes with lines. What I have never (personally) come across is a way to program by drawing classical vertical (top to bottom) flow charts. Is there a programming environment that lets you do this...?

There are software tools that can turn, say, C code into a visual flow chart representation of said C code. Is there any way to do the opposite -- draw a flowchart, and have that flowchart turn into working C code?
Leave your best answers in the comments.

An anonymous reader quotes DistroWatch: Natanael Copa has announced the release of Alpine Linux 3.6.0. Alpine Linux is an independent, minimal operating system that is well suited to running servers, routers and firewalls. Version 3.6.0 introduces support for 64-bit POWER machines, 64-bit IBM z Systems computers and features many up to date packages, including PHP 7.1, LLVM 4.0 and version 6.3 of the GNU Compiler.
"Noteworthy new packages" include Rust 1.17.0 and Cargo 0.18.0, as well as Julia 0.5.2, as we ll as "significant updates" like Go 1.8, Python 3.6, and Ruby 2.4. And in addition, "MD5 and SHA-1 hashes have been removed from APKBUILDs, being obsoleted by SHA-512."

In an effort to fill the demand for trained data scientists, Airbnb will be running its own university-style program, complete with a custom course-numbering system. Since traditional online programs like Coursera and Udacity weren't getting the job done because they weren't tailored to Airbnb's internal data and tools, the company "decided to design a bunch of courses of its own around three levels of instruction for different employee needs," reports TechCrunch. From the report: 100-level classes on data-informed decision making have been designed to be applicable to all teams, including human resources and business development. Middle-tier classes on SQL and Superset have enabled some non-technical employees to take on roles as project managers, and more intensive courses on Python and machine learning have helped engineers brush up on necessary skills for projects. Since launching the program in Q3 2016, Airbnb has seen the weekly active users of its internal data science tools rise from 30 to 45 percent. A total of 500 Airbnb employees have taken at least one class -- and Airbnb has yet to expand the program to all 22 of its offices.