COBOL is a programming language invented by Hopper from 1959 to 1961, and while it is several decades old, it's still largely used by the financial sector, major corporations and part of the federal government. Mar Masson Maack from The Next Web interviews Daniel Doderlein, CEO of Auka, who explains why banks don't have to actively kill COBOL and how they can modernize and "minimize the new platforms' connections to the old systems so that COBOL can be switched out in a safe and cheap manner." From the report: According to [Doderlein], COBOL-based systems still function properly but they're faced with a more human problem: "This extremely critical part of the economic infrastructure of the planet is run on a very old piece of technology -- which in itself is fine -- if it weren't for the fact that the people servicing that technology are a dying race." And Doderlein literally means dying. Despite the fact that three trillion dollars run through COBOL systems every single day they are mostly maintained by retired programming veterans. There are almost no new COBOL programmers available so as retirees start passing away, then so does the maintenance for software written in the ancient programming language. Doderlein says that banks have three options when it comes to deciding how to deal with this emerging crisis. First off, they can simply ignore the problem and hope for the best. Software written in COBOL is still good for some functions, but ignoring the problem won't fix how impractical it is for making new consumer-centric products. Option number two is replacing everything, creating completely new core banking platforms written in more recent programming languages. The downside is that it can cost hundreds of millions and it's highly risky changing the entire system all at once. The third option, however, is the cheapest and probably easiest. Instead of trying to completely revamp the entire system, Doderlein suggests that banks take a closer look at the current consumer problems. Basically, Doderlein suggests making light-weight add-ons in more current programming languages that only rely on COBOL for the core feature of the old systems.

Much like IT guys, every programmer has a horror story about the extreme work environments that forced them to hack together things. But as ArsTechnica points out, not many of them can beat the keyboard-free coding environment that Masahiro Sakurai apparently used to create the first Kirby's Dream Land. From the story: The tidbit comes from a talk Sakurai gave ahead of a Japanese orchestral performance celebrating the 25th anniversary of the original Game Boy release of Kirby's Dream Land in 1992. Sakurai recalled how HAL Laboratory was using a Twin Famicom as a development kit at the time. Trying to program on the hardware, which combined a cartridge-based Famicom and the disk-based Famicom Disk System, was "like using a lunchbox to make lunch," Sakurai said. As if the limited power wasn't bad enough, Sakurai revealed that the Twin Famicom testbed they were using "didn't even have keyboard support, meaning values had to be input using a trackball and an on-screen keyboard."

An anonymous reader quotes a report from Ars Technica: It's been more than five years since the government accused Megaupload and its founder Kim Dotcom of criminal copyright infringement. While Dotcom himself was arrested in New Zealand, U.S. government agents executed search warrants and grabbed a group of more than 1,000 servers owned by Carpathia Hosting. That meant that a lot of users with gigabytes of perfectly legal content lost access to it. Two months after the Dotcom raid and arrest, the Electronic Frontier Foundation filed a motion in court asking to get back data belonging to one of those users, Kyle Goodwin, whom the EFF took on as a client. Years have passed. The U.S. criminal prosecution of Dotcom and other Megaupload executives is on hold while New Zealand continues with years of extradition hearings. Meanwhile, Carpathia's servers were powered down and are kept in storage by QTS Realty Trust, which acquired Carpathia in 2015. Now the EFF has taken the extraordinary step of asking an appeals court to step in and effectively force the hand of the district court judge. Yesterday, Goodwin's lawyers filed a petition for a writ of mandamus (PDF) with the U.S. Court of Appeals for the 4th Circuit, which oversees Virginia federal courts. "We've been asking the court for help since 2012," said EFF attorney Mitch Stolz in a statement about the petition. "It's deeply unfair for him to still be in limbo after all this time."

An anonymous reader writes: Functional programming seems to be all the rage these days. Efforts are being made to highlight its use in Java, JavaScript, C# and elsewhere. Lots of claims are being made about it's virtues that seem relatively easy to prove or disprove such as "Its use will reduce your debugging time." Or "It will clarify your code." My co-workers are resorting to arm-wrestling matches over this style choice. Half of my co-workers have drunk the Kool-Aid and are evangelizing its benefits. The other half are unconvinced of its virtues over Object Oriented Design patterns, etc.

What is your take on functional programming and related technologies (i.e. lambdas and streams)? Is it our salvation? Is it merely another useful design pattern? Or is it a technological dead-end?
Python creator Guido van Rossum has said most programmers aren't used to functional languages, and when he answered Slashdot reader questions in 2013 said the only functional language he knew much about was Haskell, and "any language less popular than Haskell surely has very little practical value." He even added "I also don't think that the current crop of functional languages is ready for mainstream."

Leave your own opinions in the comments. Do you like functional programming?

An anonymous reader quotes Help Net Security: Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub, and found 117 vulnerabilities that they believe have been introduced through the use of code from popular but insufficiently reviewed tutorials. The researchers identified popular tutorials by inputting search terms such as "mysql tutorial", "php search form", "javascript echo user input", etc. into Google Search. The first five results for each query were then manually reviewed and evaluated for SQLi and XSS vulnerabilities by following the Open Web Application Security Project's Guidelines. This resulted in the discovery of 9 tutorials containing vulnerable code (6 with SQLi, 3 with XSS).
The researchers then checked for the code in GitHub repositories, and concluded that "there is a substantial, if not causal, link between insecure tutorials and web application vulnerabilities." Their paper is titled "Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery."

This question was inspired by news that Stanford's computer science professor Eric Roberts will try JavaScript instead of Java in a new version of the college's introductory computer programming course. The Stanford Daily reports: When Roberts came to Stanford in 1990, CS106A was still taught in Pascal, a programming language he described as not "clean." The department adopted the C language in 1992. When Java came out in 1995, the computer science faculty was excited to transition to the new language. Roberts wrote the textbooks, worked with other faculty members to restructure the course and assignments and introduced Java at Stanford in 2002... "Java had stabilized," Roberts said. "It was clear that many universities were going in that direction. It's 2017 now, and Java is showing its age." According to Roberts, Java was intended early on as "the language of the Internet". But now, more than a decade after the transition to Java, Javascript has taken its place as a web language.
In 2014 Python and Java were the two most commonly-taught languages at America's top universities, according to an analysis published by the Communications of the ACM. And Java still remains the most-commonly taught language in a university setting, according to a poll by the Special Interest Group on Computer Science Education. In a spreadsheet compiling the results, "Python appears 60 times, C++ 54 times, Java 84 times, and JavaScript 28 times," writes a computing professor at the Georgia Institute of Technology, adding "if Java is dying (or "showing its age"...) it's going out as the reigning champ."

I'm guessing Slashdot's readers have their own opinions about this, so share your educational experiences in the comments. What was your first programming language?

Stack Overflow data scientist David Robinson recently calculated when people visit the popular programming question-and-answer site, but then also calculated whether those results differed by programming language. Quoting his results:

• "C# programmers start and stop their day earlier, and tend to use the language less in the evenings. This might be because C# is often used at finance and enterprise software companies, which often start earlier and have rigid schedules."
• "C programmers start the day a bit later, keep using the language in the evening, and stay up the longest. This suggests C may be particularly popular among hobbyist programmers who code during their free time (or perhaps among summer school students doing homework)."
• "Python and Javascript are somewhere in between: Python and Javascript developers start and end the day a little later than C# users, and are a little less likely than C programmers to work in the evening."

The site also released an interactive app which lets users see how the results for other languages compared to C#, JavaScript, Python, and C, though of those four, "C# would count as the 'most nine-to-five,' and C as the least."

And they've also calculated the technologies used most between 9 to 5 (which "include many Microsoft technologies, such as SQL Server, Excel, VBA, and Internet Explorer, as well as technologies like SVN and Oracle that are frequently used at enterprise software companies.") Meanwhile, the technologies most often used outside the 9-5 workday "include web frameworks like Firebase, Meteor, and Express, as well as graphics libraries like OpenGL and Unity. The functional language Haskell is the tag most visited outside of the workday; only half of its visits happen between 9 and 5."

There was a surprise in the latest Community Technology Preview release of SQL Server 2017. An anonymous reader quotes InfoWorld: Python can now be used within SQL Server to perform analytics, run machine learning models, or handle most any kind of data-powered work. This integration isn't limited to enterprise editions of SQL Server 2017, either -- it'll also be available in the free-to-use Express edition... Microsoft has also made it possible to embed Python code directly in SQL Server databases by including the code as a T-SQL stored procedure. This allows Python code to be deployed in production along with the data it'll be processing. These behaviors, and the RevoScalePy package, are essentially Python versions of features Microsoft built for SQL Server back when it integrated the R language into the database...

An existing Python installation isn't required. During the setup process, SQL Server 2017 can pull down and install its own edition of CPython 3.5, the stock Python interpreter available from the Python.org website. Users can install their own Python packages as well or use Cython to generate C code from Python modules for additional speed.
Except it's not yet available for Linux users, according to the article. "Microsoft has previously announced SQL Server would be available for Linux, but right now, only the Windows version of SQL Server 2017 supports Python."

An anonymous reader writes: In an interview today, the author of BrickerBot, a malware that bricks IoT and networking devices, claimed he destroyed over 2 million devices, but he never intended to do so in the first place. His intentions were to fight the rising number of IoT botnets that were used to launch DDoS attacks last year, such as Gafgyt and Mirai. He says he created BrickerBot with 84 routines that try to secure devices so they can't be taken over by Mirai and other malware. Nevertheless, he realized that some devices are so badly designed that he could never protect them. He says that for these, he created a "Plan B," which meant deleting the device's storage, effectively bricking the device. His identity was revealed after a reporter received an anonymous tip about a HackForum users claiming he was destroying IoT devices since last November, just after BrickerBot appeared. When contacted, BrickerBot's author revealed that the malware is a personal project which he calls "Internet Chemotherapy" and he's "the doctor" who will kill all the cancerous unsecured IoT devices.

It's no secret that Amazon and Oracle don't see eye to eye. But things are far from improving, it appears. From a report: On Wednesday, two months after Oracle co-CEO Mark Hurd called Amazon's cloud infrastructure "old" and claimed his company was gaining share, Amazon Web Services chief Andy Jassy slammed Oracle for locking customers into painfully long and expensive contracts. "People are very sensitive about being locked in given the experience they've had the last 10 to 15 years," Jassy said on Wednesday on stage at Amazon's AWS Summit in San Francisco. "When you look at cloud, it's nothing like being locked into Oracle." Jassy was addressing a cultural shift in the way technology is bought and sold. No longer does the process involve the purchase of heavy proprietary software with multi-year contracts that include annual maintenance fees. Now, Jassy says, it's about choice and ease of use, including letting clients turn things off if they're not working.

From a report: Facebook will rely on an army of outside developers to contribute augmented reality image filters and interactive experiences to its new Camera Effects platform. Later today the first effects will become availabe inside Facebook's Camera feature on smartphones, but the Camera Effects platform is designed to eventually be compatible with future augmented reality hardware such as eyeglasses.

From a report on AnandTech: In a bit of breaking news this morning, it appears that Intel has decided to cancel their Intel Developer Forum tradeshow going forward, including this summer's expected IDF17. The company says, "Intel has evolved its event portfolio and decided to retire the IDF program moving forward. Thank you for nearly 20 great years with the Intel Developer Forum! Intel has a number of resources available on intel.com, including a Resource and Design Center with documentation, software, and tools for designers, engineers, and developers. As always, our customers, partners, and developers should reach out to their Intel representative with questions." Previously, Intel had stated that there would not be an IDF in China this year. However an IDF was still expected in the US, albeit with a "new format."

Over a million lines of code -- in existence for over 10 years -- gets updates in six-week "sprints" using source control and bug-tracking systems. But now an anonymous reader writes: In theory users report bugs, the developers "fix" the bugs, the users test and accept the fix, and finally the "fix" gets released to production as part of a larger change-set. In practice, the bug is reported, the developers implement "a fix", no one else tests it (except for the developer(s) ), and the "fix" gets released with the larger code change set, to production.

We (the developers) don't want to release "fixes" that users haven't accepted, but the code changes often include changes at all levels of the stack (database, DOAs, Business Rules, Webservices and multiple front-ends). Multiple code changes could be occurring in the same areas of code by different developers at the same time, making merges of branches very complex and error prone. Many fingers are in the same pie. Our team size, structure and locations prevent having a single gatekeeper for code check-ins... What tools and procedures do you use to prevent un-approved fixes from being deployed to production as part of the larger code change sets?
Fixes are included in a test build for users to test and accept -- but what if they never do? Leave your best answers in the comments. How woud you stop un-approved code changes from being deployed?

An anonymous reader quotes The Stack: Multinational tech giant Oracle has been charged $293 million USD for corporate tax evasion in South Korea. The $293 million charge is made up of back taxes, as well as a punitive charge from the government tax agency. The company was originally notified of the tax debt in January of last year, when the National Tax Service charged Oracle with evasion of corporate tax payments on 2 trillion won in earnings from 2008-2014.

Oracle was accused of funneling revenues to Ireland to avoid paying taxes in South Korea. In an audit of the company's books, the tax authority found that Oracle had channeled profits generated in South Korea to an Irish subsidiary; however, it was found that those funds ultimately profited the company's headquarters in the United States. Because of this, the NTS determined that Oracle should have paid taxes on profits generated in South Korea to the South Korean government.

Researchers recently surveyed 2,200 software developers to calculate the distribution of unhappiness throughout the profession, and to identify its top causes, "incorporating a psychometrically validated instrument for measuring (un)happiness." An anonymous reader quotes Motherboard: Daniel Graziotin and his team found their survey subjects via GitHub. Contact information was found by mining archived data for past public GitHub events, where email addresses are apparently more plentiful. They wound up with 33,200 records containing developer locations, contact information, and employers. They took a random sampling from this dataset and wound up with about 1,300 valid survey responses... According to survey results released earlier this month, software developers are on average a "slightly happy" group of workers...

Survey responses were scored according to the SPANE-B metric, a standard tool used in psychology to assess "affect," defined as total negative feelings subtracted from total positive feelings. It ranges from -24 to 24. The mean score found in the developer happiness survey was 9.05. Slightly happy. The minimum was -16, while the maximum was 24. So, even in the worst cases, employees weren't totally miserable, whereas in the best cases employees weren't miserable at all.
The paper -- titled "On the Unhappiness of Software Developers" -- found that the top cause of unhappiness was being stuck while solving a problem, followed by "time pressure," bad code quality/coding practices, and "under-performing colleague."

And since happiness has been linked to productivity, the researchers write that "Our results, which are available as open data, can act as guidelines for practitioners in management positions and developers in general for fostering happiness on the job...unhappiness is present, caused by various factors and some of them could easily be prevented."

Andy Hunt is one of the 17 software developers who wrote the Agile Manifesto, and he co-authored The Pragmatic Programmer. Now Slashdot reader cerberusss writes: In an interview with Best Programming Books, Andy Hunt mentions he "hates languages that introduce accidental complexity, such as JavaScript -- what a nightmare of pitfalls for newbies and even seasoned developers... My go-to languages are still Ruby for most things, or straight C for systems programming, Pi or Arduino projects." Furthermore, he mentions that "I tend to do more experimenting and engineering than pure code writing, so there's occasionally some soldering involved ;). Code is just one tool of many."
Andy writes that he also likes Elixir, talks about Agile, reveals how he survived his most challenging project, and says the biggest advancement in programming has been the open source movement. ("Imagine trying to study chemistry, but the first half of the elements were patent-protected by a major pharma company and you couldn't use them...") And he also answered an interesting follow-up question on Twitter: "Do you feel validated in an age of Node and GitHub? Some of your best chapters (scripting and source control) are SOP now!"

Andy's reply? "We've made some great progress, for sure. But there's much to be done still. E.g., You can't ship process."

Google has announced that its widely used Octane JavaScript benchmark is being retired, with Google saying that it's no longer a useful way for browser developers to determine how best to optimize their JavaScript engines. From a report: Google goes as far as saying that developers were essentially cheating the system. It says that compiler optimizations needed to achieve high benchmark scores have become common and, in the real world, these optimizations translate into only very small improvements in webpage performance. In fact, in some instances it was found that tactics used to boost benchmark performance actually had a detrimental effect on real-world performance. Developers exploited known bugs in Octane to achieve higher scores than were warranted, and Google believes the time has now come to retire the system completely.

An anonymous reader writes: Slashdot previously covered the story of Larry Garfield, a Drupal developer who was allegedly banned from the community for his BDSM/Gorean lifestyle, after he was outed by a colleague with a grudge. Now, dozens of core Drupal developers, committers, and funders have banded together in an open letter to Dries Buytaert, the CTO of Acquia, Drupal trademark owner, and Benevolent Dictator for Life (BDFL) of the Drupal project. Among other things, they demand that Larry Garfield be reinstated, threatening to abandon the project if their demands are not met. Here's an excerpt from the letter: "If you will not fight for us and restore our faith in the professionalism of the Drupal community, then a number of us will be permanently leaving the Drupal community, ceasing all contributions to the official, Drupal-branded branch of the codebase, and ceasing participation in all Drupal communities. This is not our first choice, but we cannot and will not participate in a community that encourages abusers to totally destroy people's careers for personal or ideological reasons."

An anonymous reader quotes a report from The Guardian: An artificial intelligence tool that has revolutionized the ability of computers to interpret everyday language has been shown to exhibit striking gender and racial biases. The findings raise the specter of existing social inequalities and prejudices being reinforced in new and unpredictable ways as an increasing number of decisions affecting our everyday lives are ceded to automatons. In the past few years, the ability of programs such as Google Translate to interpret language has improved dramatically. These gains have been thanks to new machine learning techniques and the availability of vast amounts of online text data, on which the algorithms can be trained. However, as machines are getting closer to acquiring human-like language abilities, they are also absorbing the deeply ingrained biases concealed within the patterns of language use, the latest research reveals. Joanna Bryson, a computer scientist at the University of Bath and a co-author, warned that AI has the potential to reinforce existing biases because, unlike humans, algorithms may be unequipped to consciously counteract learned biases. The research, published in the journal Science, focuses on a machine learning tool known as "word embedding," which is already transforming the way computers interpret speech and text.

An anonymous reader quotes a report from Quartz: In the United States, the past decade has been marked by booming cities, soaring rents, and a crush of young workers flocking to job-rich downtowns. Although these are heady days for pavement-pounding urbanists, a record 2.6% of American employees now go to their jobs without ever leaving their houses. That's more than walk and bike to work combined. These numbers come from a Quartz analysis of data from the U.S. census and the American Community Survey. The data show that telecommuting has grown faster than any other way of getting to work -- up 159% since 2000. By comparison, the number of Americans who bike to work has grown by 86% over the same period, while the number who drive or carpool has grown by only 12%. We've excluded both part-time and self-employed workers from these and all results. Though managers are the largest group of remote workers, as a percentage of a specific occupation computer programmers are the most over-represented. Nearly 8% of programmers now work from home, following a staggering increase of nearly 400% since 2000.