Long-time Slashdot reader kruhft brings news about a new S-Expression based language transpiler that has the feel of C. This structure allows for the creation of code generation macros using the full power of the host Common Lisp environment, a language designed for operating on S-Expressions, also known as Lists. It is unknown exactly what power might come about from this combination of low level processing with high level code generation.
This has prompted some discussion online about other attempts to convert Lisp to C -- raising several more questions. How (and why) would you convert your Lisp code into C, and what would then be the best uses for this capability?

On Friday, more than a year after Python 3.5, core developers Elvis Pranskevichus and Yury Selivanov announced the release of version 3.6. An anonymous reader writes: InfoWorld describes the changes as async in more places, speed and memory usage improvements, and pluggable support for JITs, tracers, and debuggers. "Python 3.6 also provides support for DTrace and SystemTap, brings a secrets module to the standard library [to generate authentication tokens], introduces new string and number formats, and adds type annotations for variables. It also gives us easier methods to customize the creation of subclasses."
You can read Slashdot's interview with Python creator Guido van Rossum from 2013. I also remember an interview this July where Perl creator Larry Wall called Python "a pretty okay first language, with a tendency towards style enforcement, monoculture, and group-think...more interested in giving you one adequate way to do something than it is in giving you a workshop that you, the programmer, get to choose the best tool from." Anyone want to share their thoughts today about the future of Python?

Reader Trailrunner7 writes: Apple has pushed back a deadline for developers to support a key transport security technology in apps submitted to the company's app stores. Officials said at the Apple Worldwide Developers Conference earlier this year that developers would have to support Apple Transport Security by the end of 2016. But on Thursday, the company announced that it has decided to extend the deadline indefinitely. ATS is Apple's collection of transport security standards designed to provide attack resistance for data that's sent between iOS and macOS apps and backend servers. It requires apps to support a number of modern transport security technologies, including TLS 1.2, AES-128 or stronger, and certificates must be signed using SHA-2. ATS also requires the use of forward secrecy, a key-exchange method that protects encrypted sessions even if the server certificate is compromised at some point in the future.

In a press release, Crytek, the developer behind hits such as the Crysis and Far Cry shooters, announced that it will be closing five of its studios in an effort to "refocus on its core strengths." The only studios remaining will be Crytek's Frankfurt, Germany and Kiev, Ukraine locations. Polygon reports: Other than Crytek's Frankfurt headquarters and Kiev studio, which develops free-to-play shooter Warface, the company held offices in Budapest, Hungary; Sofia, Bulgaria; Seoul, Korea; Shanghai, China; and Istanbul, Turkey. Crytek's co-founder and managing director, Avni Yerli, said in the release that the "changes are part of the essential steps we are taking to ensure Crytek is a healthy and sustainable business moving forward that can continue to attract and nurture our industry's top talent. The reasons for this have been communicated internally along the way. "Our focus now lies entirely on the core strengths that have always defined Crytek -- world-class developers, state-of-the-art technology and innovative game development, and we believe that going through this challenging process will make us a more agile, viable, and attractive studio, primed for future success," he added. The studio will now focus on its CryEngine technology, which is used by many other developers and licensors. Crytek said it will also continue to "develop and work on premium IPs."

Java SE is free, but Java SE Suite and various flavors of Java SE Advanced are not, and now Oracle "is massively ramping up audits of Java customers it claims are in breach of its licenses," reports the Register. Oracle bought Java with Sun Microsystems in 2010 but only now is its License Management Services division chasing down people for payment, we are told by people familiar with the matter. The database giant is understood to have hired 20 individuals globally this year, whose sole job is the pursuit of businesses in breach of their Java licenses... Huge sums of money are at stake, with customers on the hook for multiple tens and hundreds of thousands of dollars.
Slashdot reader rsilvergun writes, "Oracle had previously sued Google for the use of Java in Android but had lost that case. While that case is being appealed, it remains to be seen if the latest push to monetize Java is a response to that loss or part of a broader strategy on Oracle's part." The Register interviewed the head of an independent license management service who says Oracle's even targeting its own partners now.

But after acquiring Sun in 2010, why did Oracle's License Management Services wait a full six years? "It is believed to have taken that long for LMS to devise audit methodologies and to build a detailed knowledge of customers' Java estates on which to proceed."

"As companies tighten their purse strings, they're spreading out their hires -- this year, and for years to come," reports Backchannel, citing interviews with executives and other workplace analysts. mirandakatz writes: Once a cost-cutting strategy, remote offices are becoming the new normal: from GitHub to Mozilla and Wordpress, more and more companies are eschewing the physical office in favor of systems that allow employees to live out their wanderlust. As workplaces increasingly go remote, they're adopting tools to keep employees connected and socially fulfilled -- as Mozilla Chief of Staff David Slater tells Backchannel, "The wiki becomes the water cooler."
The article describes budget-conscious startups realizing they can cut their overhead and choose from talent located anywhere in the world. And one group of analysts calculated that the number of telecommuting workers doubled between 2005 and 2014, reporting that now "75% of employees who work from home earn over $65,000 per year, putting them in the upper 80th percentile of all employees, home or office-based." Are Slashdot's readers seeing a surge in telecommuting? And does anybody have any good stories about the digital nomad lifestyle?

msm1267 quotes ThreatPost: The amount of insecure software tied to reused third-party libraries and lingering in applications long after patches have been deployed is staggering. It's a habitual problem perpetuated by developers failing to vet third-party code for vulnerabilities, and some repositories taking a hands-off approach with the code they host. This scenario allows attackers to target one overlooked component flaw used in millions of applications instead of focusing on a single application security vulnerability.

The real-world consequences have been demonstrated in the past few years with the Heartbleed vulnerability in OpenSSL, Shellshock in GNU Bash, and a deserialization vulnerability exploited in a recent high-profile attack against the San Francisco Municipal Transportation Agency. These are three instances where developers reuse libraries and frameworks that contain unpatched flaws in production applications... According to security experts, the problem is two-fold. On one hand, developers use reliable code that at a later date is found to have a vulnerability. Second, insecure code is used by a developer who doesn't exercise due diligence on the software libraries used in their project.
That seems like a one-sided take, so I'm curious what Slashdot readers think. Does code reuse endanger secure software development?

Though not much popular outside the technology circles, GitHub is very popular among coders around the world. The startup operates a sort of Google Docs for programmers, giving them a place to store, share and collaborate on their work. But GitHub is losing money through profligate spending and has stood by as new entrants emerged in a software category it essentially gave birth to, according to people familiar with the business and financial paperwork reviewed by Bloomberg. From the report: The rise of GitHub has captivated venture capitalists. Sequoia Capital led a $250 million investment in mid-2015. But GitHub management may have been a little too eager to spend the new money. The company paid to send employees jetting across the globe to Amsterdam, London, New York and elsewhere. More costly, it doubled headcount to 600 over the course of about 18 months. GitHub lost $27 million in the fiscal year that ended in January 2016, according to an income statement seen by Bloomberg. It generated $95 million in revenue during that period, the internal financial document says. The income statement shows a loss of $66 million in the first three quarters of this year. That's more than twice as much lost in any nine-month time frame by Twilio Inc., another maker of software tools founded the same year as GitHub. At least a dozen members of GitHub's leadership team have left since last year.

An anonymous reader quotes a report from The Guardian: Twitter has blocked federally funded "domestic spy centers" from using a powerful social media monitoring tool after public records revealed that the government had special access to users' information for controversial surveillance efforts. The American Civil Liberties Union of California discovered that so-called fusion centers, which collect intelligence, had access to monitoring technology from Dataminr, an analytics company partially owned by Twitter. The ACLU's records prompted the companies to announce that Dataminr had terminated access for all fusion centers and would no longer provide social media surveillance tools to any local, state or federal government entities. The government centers are partnerships between agencies that work to collect vast amounts of information purportedly to analyze "threats". The spy centers, according to the ACLU, target protesters, journalists and others protected by free speech rights while also racially profiling people deemed "suspicious" by law enforcement. Records that the ACLU obtained uncovered that a fusion center in southern California had access to Dataminr's "geospatial analysis application", which allowed the government to do location-based tracking as well as searches tied to keywords. That means the center could use Dataminr to search billions of tweets and monitor specific demographics or organizations.

An anonymous reader writes: Analysts at VisionMobile have begun conducting this year's "State of the Developer" Survey -- their perennial assessment of salaries, skills, and tools -- but this time with a twist. "Based on your responses, you'll find out what kind of character you'd be in a fantasy world: A mage? A fighter? A dragon slayer?" according to a blog post publicizing the event by Amazon's manager of developer marketing. "As in previous years, you'll also receive your personal Developer Scorecard showing how you compare to other developers in your country, a free copy of the final State of the Developer Nation report, and a chance to win some cool prizes."
The survey presents a map of seven "kingdoms" -- IoT, Mobile, Desktop, Backend, Web, Machine learning, and AR/VR -- and invites developers to complete their "quest," awarding virtual badges and real-world prizes, which include an Oculus Rift headset, a Surface Pro 3, an Apple Watch, and a Pixel Phone. Along your "journey," a developer owl even dispatches encouraging geeky jokes. (Like "Whenever I see a door that says 'push', I always pull first, to avoid conflicts.")

Google today announced it will open up Home to third-party developers, allowing all developers to start bringing their applications and services to the Google Assistant. Developers can start building "conversation actions" for the Google Assistant, which "allows developers to create back-and-forth conversations with users through the Assistant," writes Frederic Lardinois via TechCrunch. "Users can simply start these conversations by using a phrase like 'OK Google, talk to Eliza.'" TechCrunch reports: While the Assistant also runs on the Pixel phones and inside the Allo chat app, Google says it plans to bring actions to these other "Assistant surfaces" in the future, but it's unclear when exactly this will happen. To help developers who want to build these new Conversation Actions get started, Google has teamed up with a number of partners, including API.AI, GupShup, DashBot and VoiceLabs, Assist, Notify.IO, Witlingo and Spoken Layer. Google has also allowed a small number of partners to enable their apps on Google Home already. These integrations will roll out as early as next week. Given that users will be able to invoke these new actions with a simple command (and without having to first enable a skill, like on Alexa), Google's platform looks to be a rather accessible and low-friction way for developers to get their voice-enabled services to users. Google will have the final say over which actions will be enabled on Google Home.

AI will soon help programmers improve development, says Diego Lo Giudice, VP and principal analyst at Forrester, in an article published on ZDNet today. He isn't saying that programmers will be out of jobs soon and AIs will take over. But he is making a compelling argument for how AI has already begun disrupting how developers build applications. An excerpt from the article: We can see early signs of this: Microsoft's Intellisense is integrated into Visual Studio and other IDEs to improve the developer experience. HPE is working on some interesting tech previews that leverage AI and machine learning to enable systems to predict key actions for participants in the application development and testing life cycle, such as managing/refining test coverage, the propensity of a code change to disrupt/break a build, or the optimal order of user story engagement. But AI will do much more for us in the future. How fast this happens depends on the investments and focus on solving some of the harder problems, such as "unsupervised deep learning," that firms like Google, FaceBook, Baidu and others are working on, with NLP linguists that are too researching on how to improve language comprehension by computers leveraging ML and neural networks. But in the short term, AI will most likely help you be more productive and creative as a developer, tester, or dev team rather than making you redundant.

Eloking writes: Canadian Prime Minister Justin Trudeau's Twitter account lit up today with a message all too familiar to many indie devs: Mr. Trudeau has made a video game, and he'd like everyone to play it. It was a cute bit of promotion for Hour of Code, the computer science education event masterminded every year by the Code.org nonprofit. While the Hour of Code websites hosts one-hour tutorials (in 45 languages) for coding all sorts of simple applications, game developers may appreciate that the lion's share appears to be game projects, like the one Trudeau modified into a sort of hockey-themed Breakout variant.

An anonymous reader quotes a report from BleepingComputer: For the past two months, a new exploit kit has been serving malicious code hidden in the pixels of banner ads via a malvertising campaign that has been active on several high profile websites. Discovered by security researchers from ESET, this new exploit kit is named Stegano, from the word steganography, which is a technique of hiding content inside other files. In this particular scenario, malvertising campaign operators hid malicious code inside PNG images used for banner ads. The crooks took a PNG image and altered the transparency value of several pixels. They then packed the modified image as an ad, for which they bought ad displays on several high-profile websites. Since a large number of advertising networks allow advertisers to deliver JavaScript code with their ads, the crooks also included JS code that would parse the image, extract the pixel transparency values, and using a mathematical formula, convert those values into a character. Since images have millions of pixels, crooks had all the space they needed to pack malicious code inside a PNG photo. When extracted, this malicious code would redirect the user to an intermediary ULR, called gate, where the host server would filter users. This server would only accept connections from Internet Explorer users. The reason is that the gate would exploit the CVE-2016-0162 vulnerability that allowed the crooks to determine if the connection came from a real user or a reverse analysis system employed by security researchers. Additionally, this IE exploit also allowed the gate server to detect the presence of antivirus software. In this case, the server would drop the connection just to avoid exposing its infrastructure and trigger a warning that would alert both the user and the security firm. If the gate server deemed the target valuable, then it would redirect the user to the final stage, which was the exploit kit itself, hosted on another URL. The Stegano exploit kit would use three Adobe Flash vulnerabilities (CVE-2015-8651, CVE-2016-1019 or CVE-2016-4117) to attack the user's PC, and forcibly download and launch into execution various strains of malware.

bongey writes: Youtube, Facebook, Twitter and Microsoft are teaming up to create a common database to flag extremist videos and pictures. The database is set to go live in 2017. The system will not automatically remove content. Reuters reports: "The companies will share 'hashes' -- unique digital fingerprints they automatically assign to videos or photos -- of extremist content they have removed from their websites to enable their peers to identify the same content on their platforms. 'We hope this collaboration will lead to greater efficiency as we continue to enforce our policies to help curb the pressing global issue of terrorist content online,' the companies said in a statement on Tuesday. Each company will decide what image and video hashes to add to the database and matching content will not be automatically removed, they said. The database will be up and running in early 2017 and more companies could be brought into the partnership."

An anonymous reader quotes a report from Reuters: A California state senator introduced a bill on Monday that would mandate reporting of antibiotic-resistant infections and deaths and require doctors to record the infections on death certificates when they are a cause of death. The legislation also aims to establish the nation's most comprehensive statewide surveillance system to track infections and deaths from drug-resistant pathogens. Data from death certificates would be used to help compile an annual state report on superbug infections and related deaths. In September, a Reuters investigation revealed that tens of thousands of superbug deaths nationwide go uncounted every year. The infections are often omitted from death certificates, and even when they are recorded, they aren't counted because of the lack of a unified national surveillance system. Because there is no federal surveillance system, monitoring of superbug infections and deaths falls to the states. A Reuters survey of all 50 state health departments and the District of Columbia found that reporting requirements vary widely. Hill's bill would require hospitals and clinical labs to submit an annual summary of antibiotic-resistant infections to the California Department of Health beginning July 1, 2018; amend a law governing death certificates by requiring that doctors specify on death certificates when a superbug was the leading or a contributing cause of death; and require the state Health Department to publish an annual report on resistant infections and deaths, including data culled from death certificates.

In 1962, 24-year-old Donald Knuth began writing The Art of Computer Programming, publishing three volumes by 1973, with volume 4 arriving in 2005. (Volume 4A appeared in 2011, with new paperback fascicles planned for every two years, and fascicle 6, "Satisfiability," arriving last December). "You should definitely send me a resume if you can read the whole thing," Bill Gates once said, in a column where he described working through the book. "If somebody is so brash that they think they know everything, Knuth will help them understand that the world is deep and complicated."

But now long-time Slashdot reader Qbertino has a question: I've had The Art of Computer Programming on my book-buying list for just about two decades now and I'm still torn...about actually getting it. I sometimes believe I would mutate into some programming demi-god if I actually worked through this beast, but maybe I'm just fooling myself...

Have any of you worked through or with TAOCP or are you perhaps working through it? And is it worthwhile? I mean not just for bragging rights. And how long can it reasonably take? A few years?
Share your answers and experiences in the comments. Have you read The Art of Computer Programming?

An anonymous reader writes: The organization team for a regional Drupal event apologized Thursday for distributing copies of Playboy to attendees. The magazines were distributed in welcome bags, according to a statement from the organizers of DrupalCamp Munich, and "were provided by Burda, a major German publisher, who also provided other technical magazines as part of their sponsorship. These magazines were approved for inclusion by the camp organizers.

"At the time, we thought it would be a good idea, as playboy.de was one of the first major Drupal 8 websites ever released. Upon reflection, this wasn't the best idea, and the magazines have been removed... It was a decision made in poor taste, and we regret it.
The inclusion of the magazine had attracted criticism on Twitter from both male and female developers, with one writing sarcastically, "Dunno about you, but I only read playboy.de for the Drupal code."

An anonymous reader writes: Thursday brought this year's first new posts on the Perl Advent Calendar, a geeky tradition first started back in 2000. Friday's post described Santa's need for fast, efficient code, and the day that a Christmas miracle occurred during Santa's annual code review (involving the is_hashref subroutine from Perl's reference utility library). And for the last five years, the calendar has also had its own Twitter feed.

But in another corner of the North Pole, you can also unwrap the Perl 6 Advent Calendar, which this year celebrates the one-year anniversary of the official launch of Perl 6. Friday's post was by brian d foy, a writer on the classic Perl textbooks Learning Perl and Intermediate Perl (who's now also crowdfunding his next O'Reilly book, Learning Perl 6). foy's post talked about Perl 6's object hashes, while the calendar kicked off its new season Thursday with a discussion about creating Docker images using webhooks triggered by GitHub commits as an example of Perl 6's "whipupitude".

On the campaign trail last year, President-elect Donald Trump said he would consider requiring Muslim-Americans to register with a government database. While he has back-stepped on a number of campaign promises after being elected president, Trump and his transition team have recently resurfaced the idea to create a national Muslim registry. In response, The Intercept contacted nine of the "most prominent" technology companies in the United States "to ask if they would sell their services to help create a national Muslim registry." Twitter was the only company that responded with "No." The Intercept reports: Even on a purely hypothetical basis, such a project would provide American technology companies an easy line to draw in the sand -- pushing back against any effort to track individuals purely (or essentially) on the basis of their religious beliefs doesn't take much in the way of courage or conviction, even by the thin standards of corporate America. We'd also be remiss in assuming no company would ever tie itself to such a nakedly evil undertaking: IBM famously helped Nazi Germany computerize the Holocaust. (IBM has downplayed its logistical role in the Holocaust, claiming in a 2001 statement that "most [relevant] documents were destroyed or lost during the war.") With all this in mind, we contacted nine different American firms in the business of technology, broadly defined, with the following question: "Would [name of company], if solicited by the Trump administration, sell any goods, services, information, or consulting of any kind to help facilitate the creation of a national Muslim registry, a project which has been floated tentatively by the president-elect's transition team?" After two weeks of calls and emails, only three companies provided an answer, and only one said it would not participate in such a project. A complete tally is below.

Facebook: No answer. Twitter: "No," and a link to this blog post, which states as company policy a prohibition against the use, by outside developers, of "Twitter data for surveillance purposes. Period." Microsoft: "We're not going to talk about hypotheticals at this point," and a link to a company blog post that states that "we're committed to promoting not just diversity among all the men and women who work here, but [...] inclusive culture" and that "it will remain important for those in government and the tech sector to continue to work together to strike a balance that protects privacy and public safety in what remains a dangerous time." Google: No answer. Apple: No answer. IBM: No answer. Booz Allen Hamilton: Declined to comment. SRA International: No answer.