After nearly 20 years and 31,000 commits, OpenSSL wants to change to Apache License v2.0. They're now tracking down all 400 contributors to sign new license agreements, a process expected to take several months. Slashdot reader rich_salz shares links to OpenSSL's official announcement (and their agreement-collecting web site). "This re-licensing activity will make OpenSSL, already the world's most widely-used FOSS encryption software, more convenient to incorporate in the widest possible range of free and open source software," said Mishi Choudhary, Legal Director of Software Freedom Law Center and counsel to OpenSSL. "OpenSSL's team has carefully prepared for this re-licensing, and their process will be an outstanding example of 'how to do it right.'"
Click through for some comments on the significance of this move from the Linux Foundation, Intel, and Oracle.

It was the first widely-adopted open source distributed computing platform. But some geeks running it are telling Datanami that Hadoop "is great if you're a data scientist who knows how to code in MapReduce or Pig...but as you go higher up the stack, the abstraction layers have mostly failed to deliver on the promise of enabling business analysts to get at the data." Slashdot reader atcclears shares their report: "I can't find a happy Hadoop customer. It's sort of as simple as that," says Bob Muglia, CEO of Snowflake Computing, which develops and runs a cloud-based relational data warehouse offering. "It's very clear to me, technologically, that it's not the technology base the world will be built on going forward"... [T]hanks to better mousetraps like S3 (for storage) and Spark (for processing), Hadoop will be relegated to niche and legacy statuses going forward, Muglia says. "The number of customers who have actually successfully tamed Hadoop is probably less than 20 and it might be less than 10..."

One of the companies that supposedly tamed Hadoop is Facebook...but according to Bobby Johnson, who helped run Facebook's Hadoop cluster before co-founding behavioral analytics company Interana, the fact that Hadoop is still around is a "historical glitch. That may be a little strong," Johnson says. "But there's a bunch of things that people have been trying to do with it for a long time that it's just not well suited for." Hadoop's strengths lie in serving as a cheap storage repository and for processing ETL batch workloads, Johnson says. But it's ill-suited for running interactive, user-facing applications... "After years of banging our heads against it at Facebook, it was never great at it," he says. "It's really hard to dig into and actually get real answers from... You really have to understand how this thing works to get what you want."
Johnson recommends Apache Kafka instead for big data applications, arguing "there's a pipe of data and anything that wants to do something useful with it can tap into that thing. That feels like a better unifying principal..." And the creator of Kafka -- who ran Hadoop clusters at LinkedIn -- calls Hadoop "just a very complicated stack to build on."

More than 64,000 developers from 213 countries participated in this year's annual survey by Stack Overflow -- the largest number ever -- giving a glimpse into the collective psyche of programmers around the world. An anonymous reader quotes their announcement: A majority of developers -- 56.5% -- said they were underpaid. Developers who work in government and non-profits feel the most underpaid, while those who work in finance feel the most overpaid... While only 13.1% of developers are actively looking for a job, 75.2% of developers are interested in hearing about new job opportunities...

When asked what they valued most when considering a new job, 53.3% of respondents said remote options were a top priority. 65% of developers reported working remotely at least one day a month, and 11.1% say they're full-time remote or almost all the time. Also, the highest job satisfaction ratings came from developers who work remotely full-time.
62.5% of the respondents reported using JavaScript, while 51.2% reported SQL, with 39.7% using Java and 34.1% using C# -- but for the #5 slot, "the use of Python [32.0%] overtook PHP [28.1%] for the first time in five years." Yet as far as which languages developers wanted to continue using, "For the second year in a row, Rust was the most loved programming language... Swift, last year's second most popular language, ranked as fourth. For the second year in a row, Visual Basic (for 2017, Visual Basic 6, specifically) ranked as the most dreaded language; 88.3% of developers currently using Visual Basic said they did not want to continue using it."

An anonymous reader shares a report on The Register: Microsoft describes Visual Studio Code as a source code editor that's "optimized for building and debugging modern web and cloud applications." In fact, VSC turns out to be rather inefficient when it comes to CPU resources. Developer Jo Liss has found that the software, when in focus and idle, uses 13 percent of CPU capacity just to render its blinking cursor. Liss explains that the issue can be reproduced by closing all VSC windows, opening a new window, opening a new tab with an empty untitled file, then checking CPU activity. For other macOS applications that present a blinking cursor, like Chrome or TextEdit, Liss said, the CPU usage isn't nearly as excessive. The issue is a consequence of rendering the cursor every 16.67ms (60 fps) rather than every 500ms.

Earlier this month, a Slashdot reader asked fellow Slashdotters what they recommended regarding the use of password managers. In their post, they voiced their uncertainty with password managers as they have been hacked in the past, citing an incident in early 2016 where LastPass was hacked due to a bug that allowed users to extract passwords stored in the autofill feature. Flash forward to present time and we now have news that three separate bugs "would have allowed a third-party to extract passwords from users visiting a malicious website." An anonymous Slashdot reader writes via BleepingComputer: LastPass patched three bugs that affected the Chrome and Firefox browser extensions, which if exploited, would have allowed a third-party to extract passwords from users visiting a malicious website. All bugs were reported by Google security researcher Tavis Ormandy, and all allowed the theft of user credentials, one bug affecting the LastPass Chrome extension, while two impacted the LastPass Firefox extension [1, 2]. The exploitation vector was malicious JavaScript code that could be very well hidden in any online website, owned by the attacker or via a compromised legitimate site.

Several Slashdot readers have shared an article by programmer Nicholas Chapman, who talks about a class of bugs that he calls "performance bugs". From the article: A performance bug is when the code computes the correct result, but runs slower than it should due to a programming mistake. The nefarious thing about performance bugs is that the user may never know they are there -- the program appears to work correctly, carrying out the correct operations, showing the right thing on the screen or printing the right text. It just does it a bit more slowly than it should have. It takes an experienced programmer, with a reasonably accurate mental model of the problem and the correct solution, to know how fast the operation should have been performed, and hence if the program is running slower than it should be. I started documenting a few of the performance bugs I came across a few months ago, for example (on some platforms) the insert method of std::map is roughly 7 times slower than it should be, std::map::count() is about twice as slow as it should be, std::map::find() is 15% slower than it should be, aligned malloc is a lot slower than it should be in VS2015.

A year after Google released the Android N Developer Preview, the company has made available the developer preview of the next major version of Android, "Android O." You will not want to put it on your primary Android smartphone as the preview is likely to have rough edges. Google says as much. "it's early days, there are more features coming, and there's still plenty of stabilization and performance work ahead of us. But it's booting :)."

The company is using the developer preview to give beta testers a sneak peek into some new features, such as "notification channels," which will offer users the ability to group notifications. There is also Picture in Picture, which will enable you to have a video appear in a small window on top of homescreen or any application. Google is also adding "multi-display support" and improved "keyboard navigation." Your guess is as good as mine as to what these features will actually do. There's also better "background limits" which will supposedly help save battery, and wider Wi-Fi support to include things like Neighborhood Aware Networking (NAN).

No word on what "O" in Android O stands for.

If it's on company time, it's the company's dime. That's the usual rule in the tech industry -- that if employees use company resources to work on projects unrelated to their jobs, their employer can claim ownership of any intellectual property (IP) they create. But GitHub is throwing that out the window. From a report on Quartz: Today the code-sharing platform announced a new policy, the Balanced Employee IP Agreement (BEIPA). This allows its employees to use company equipment to work on personal projects in their free time, which can occur during work hours, without fear of being sued for the IP. As long as the work isn't related to GitHub's own "existing or prospective" products and services, the employee owns it. Like all things related to tech IP, employee agreements are a contentious issue. In some US states, it's not uncommon for contracts to give companies full ownership of all work employees produce during their tenure, and sometimes even before and after their tenure, regardless of when or how they produce it. These restrictions have led to several horror stories, like the case of Alcatel vs. Evan Brown.

97 Things Every Programmer Should Know was published seven years ago by O'Reilly Media, and was described as "pearls of wisdom for programmers collected from leading practitioners." Today an anonymous reader writes: All 97 are available online for free (and licensed under a Creative Commons Attribution 3), including an essay by "Uncle Bob" on taking personal responsibility and "Unix Tools Are Your Friend" by Athens-based professor Diomidis Spinellis, who writes that the Unix tool chest can be more useful than an IDE.

But the book's official site is also still accepting new submissions, and now points to 68 additional "edited contributions" (plus another seven "contributions in progress"), including "Be Stupid and Lazy" by Swiss-based Java programmer Mario Fusco, and "Decouple That UI" by tech trainer George Brooke.
"There is no overarching narrative," writes the site's editor Kevlin Henney (who also wrote the original book). "The collection is intended simply to contain multiple and varied perspectives on what it is that contributors to the project feel programmers should know...anything from code-focused advice to culture, from algorithm usage to agile thinking, from implementation know-how to professionalism, from style to substance..."

"Seattle tech workers who own their homes can expect to have about $2,000 more in disposable income each month than tech workers in the Bay Area," according to a new study from LinkedIn and Zillow. An anonymous reader writes: "For technology workers who rent, Seattle, Austin and Pittsburgh, Pennsylvania came out on top among the housing markets analyzed, with the Bay Area at #4..." the two companies reported. "Salaries for other industries don't hold up as well in the San Francisco area, though. Even highly-paid finance workers keep only about 32 percent of their incomes after paying for housing and taxes. In Charlotte or Chicago, they can pocket a median of 61 percent."

The Bay Area's high housing prices are apparently offset by the high salaries paid there to tech workers, according to the study. Even so, both home owners and renters pay roughly half the median income for housing on the west coast, "while a rental in the middle of the country costs more like 25 percent of the median income."
The report also identified the best cities for health workers -- Phoenix, Indianapolis, and Boston -- as well as for finance workers, who do best in Charlotte, Chicago and Dallas. The top 15 cities for tech workers also included those same cities except Chicago and Phoenix, while also including known tech hotspots like Denver, Atlanta, and Washington, D.C. But surprisingly the top 15 best cities for tech workers also included Detroit, Nashville, St. Paul (Minnesota) and Tampa, Florida.

Twice a year the tech analysts at RedMonk attempt to gauge adoption trends for programing languages based on data from both GitHub and Stack Overflow. Here's their top 10 list for 2017: JavaScript, Java, Python, and PHP, followed by a two-way tie between C# and C++, a two-way tie between Ruby and CSS, and then C at #9, and Objective-C at #10. But their GitHub data now counts the number of pull requests rather than the number of repositories. An anonymous reader quotes their report: Swift was a major beneficiary of the new GitHub process, jumping eight spots from 24 to 16 on our GitHub rankings. While the language appears to be entering something of a trough of disillusionment from a market perception standpoint, with major hype giving way to skepticism in many quarters, its statistical performance according to the observable metrics we track remains strong. Swift has reached a Top 15 ranking faster than any other language we have tracked since we've been performing these rankings. Its strong performance from a GitHub perspective suggests that the wider, multi-platform approach taken by the language is paying benefits...

Of all of the top tier languages, none jumped more than TypeScript on our GitHub rankings, as the JavaScript superset moved up 17 points.... PowerShell moved from 36 within the GitHub rankings to 19 to match TypeScript's 17 point jump, and that was enough to nudge it into the Top 20 overall from its prior ranking of 25... One of the biggest overall gainers of any of the measured languages, Rust leaped from 47 on our board to 26 â" one spot behind Visual Basic.
Swift and Scala and Shell all just missed out on the top 10, clustering in a three-way tie at the #11 spot.

snydeq writes: Good-bye, programming peers; hello, power to abuse at your whim, writes Bob Lewis in a send-up of an all-too-familiar situation: The engineering colleague who transforms into a greasy political manipulator upon promotion into management. "It's legendary: A CIO promotes his best developer into a management role, losing an excellent programmer and gaining a bad manager. The art of management isn't so much about assembling a dream team, helping others be successful, or solving technical problems. It's about aligning everything you do in service of the business -- the business of yourself.'" What tales do you have of colleagues who broke bad all the way to the top?

linuxwrangler writes: For over 4 years, lights atop Adobe's office building in San Jose have flashed out a secret message. This week, the puzzle was solved by Tennessee math teacher Jimmy Waters. As part of the winnings, Adobe is donating software and 3D printers to Waters' school in his name. "The semaphore had been transmitting the audio broadcast of Neil Armstrong's historic moon landing in 1969," reports The Mercury News. "That's right, not the text but the actual audio." The report provides some backstory: "Waters discovered the project, San Jose Semaphore, last summer while he was looking up something about Thomas Pynchon's 1966 novel, 'The Crying of Lot 49.' The text of that work was the code originally programmed by New York-based artist Ben Rubin in 2006. Seeing there was a new message, Waters began trying to decipher it while watching and writing down the sequences online from Tennessee. He discovered a pattern that led him to believe it could represent a space -- or a silence -- in an audio file, and when he graphed the results it looked like an audio wave. He dismissed that as being too difficult but came back to it and eventually ran his results into a program that would convert his numbers to audio. The first results came back sounding like chipmunks squeaking. So he tweaked things and found himself listening to the historic broadcast, which ends with Armstrong's famous line, 'That's one small step for man, one giant leap for mankind.'" You can listen to the semaphore message here.

davegravy writes: I work at a small but quickly growing acoustic consulting engineering firm, consisting of a mix of mechanical, electrical, civil, and other engineering backgrounds. When I joined almost 10 years ago I was in good company with peers who were very computer literate -- able to develop their own complex excel macros, be their own IT tech support, diagnose issues communicating with or operating instrumentation, and generally dive into any technology-related problem to help themselves. In 2017, these skills and tendencies are more essential than they were 10 years ago; our instruments run on modern OS's and are network/internet-capable, the heavy data processing and analysis we need to do is python-based (SciPy, NumPy) and runs on AWS EC2 instances, and some projects require engineers to interface various data-acquisition hardware and software together in unique ways. The younger generation, while bright in their respective engineering disciplines, seems to rely on senior staff to a concerning degree when it comes to tech challenges, and we're stuck in a situation where we've provided procedures to get results but inevitably the procedures don't cover the vast array of scenarios faced day-to-day. Being a small company we don't have dedicated IT specialists. I believe I gathered my skills and knowledge through insatiable curiosity of all things technology as a child, self-teaching things like Pascal, building and experimenting with my own home LAN, and assembling computers from discrete components. Technology was a fringe thing back then, which I think drew me in. I doubt I'd be nearly as curious about it growing up today given its ubiquity, so I sort of understand why interest might be less common in today's youth.

How do we instill a desire to learn the fundamentals of networking, computing, and coding, so that the younger generation can be self-sufficient and confident working with the modern technology and tools they need to perform -- and be innovative in -- their jobs? I believe that the most effective learning occurs when there's a clearly useful purpose or application, so I'm hesitant to build a training program that consists solely of throwing some online courses at staff. That said, online courses may be a good place to get some background that can be built upon, however most that I've come across are intended for people pursuing careers in computer science, web development, software engineering, etc. Are there any good resources that approach these topics from a more general purpose angle?

According to VentureBeat, "GitLab, a startup that provides open source and premium source code repository software that people use to collaborate on software, is announcing today that it has acquired Gitter, a startup that provides chat rooms that are attached to repositories of code so that collaborators can exchange messages." From the report: GitLab won't bundle it in its community edition or its enterprise edition yet, but it will open-source the Gitter code for others to build on, GitLab cofounder and CEO Sid Sijbrandij told VentureBeat in an interview. What's happening now, though, is that as part of GitLab, Gitter is launching a new feature called Topics, where people will be able to ask and answer questions -- sort of like Stack Overflow. "Although Gitter is best in class with indexing things, it's still sometimes hard to find things," Sijbrandij said. "In this Q&A product, it's a lot easier to structure the Q&A. You're not dealing so much with a chronological timeline where people have different conversations that cross each other. There's a location for every piece of knowledge, and it can grow over time." That technology is already available in beta in Gitter rooms on GitHub, and it will become available on GitLab's Gitter pages over time, Sijbrandij said.

Over the weekend, my colleague David ran a story that sought people's suggestion on how to make (force, encourage, advice) a novice programmer to be more professional. Several people have shared their insightful comment on the topic. One such comment, which has received an unusual support on not just Slashdot but elsewhere, is from William Woody, owner of Glenview Software (and who has previously worked as CTO at Cartifact, architect at AT&T Interactive). He writes: The problem is that our industry, unlike every other single industry except acting and modeling (and note neither are known for "intelligence") worship at the altar of youth. I don't know the number of people I've encountered who tell me that by being older, my experience is worthless since all the stuff I've learned has become obsolete. This, despite the fact that the dominant operating systems used in most systems is based on an operating system that is nearly 50 years old, the "new" features being added to many "modern" languages are really concepts from languages that are between 50 and 60 years old or older, and most of the concepts we bandy about as cutting edge were developed from 20 to 50 years ago. It also doesn't help that the youth whose accomplishments we worship usually get concepts wrong. I don't know the number of times I've seen someone claim code was refactored along some new-fangled "improvement" over an "outdated" design pattern who wrote objects that bear no resemblance to the pattern they claim to be following. And when I indicate that the "massive view controller" problem often represents a misunderstanding as to what constitutes a model and what constitutes a view, I'm told that I have no idea what I'm talking about -- despite having more experience than the critic has been alive, and despite graduating from Caltech -- meaning I'm probably not a complete idiot.) Our industry is rife with arrogance, and often the arrogance of the young and inexperienced. Our industry seems to value "cowboys" despite doing everything it can (with the management technique "flavor of the month") to stop "cowboys." Our industry is agist, sexist, one where the blind leads the blind, and seminal works attempting to understand the problem of development go ignored. You can read the full comment here or here.

Slashdot reader peetm describes himself as a software engineer, programmer, lecturer, and old man. But how can he teach the next generation how to code more professionally? I have to put together a three-hour (maximum) workshop for novice programmers -- people with mostly no formal training and who are probably flying by the seat of their pants (and quite possibly dangerous in doing so). I want to encourage them to think more as a professional developer would. Ideally, I want to give them some sort of practicals to do to articulate and demonstrate this, rather than just "present" stuff on best practices... If you were putting this together, what would you say and include?
This raises the question of not only what you'd teach -- whether it's variable naming, modular programming, test-driven development, or the importance of commenting -- but also how you'd teach it. So leave your best answers in the comments. How do you make novice programmers more professional?

On Tuesday Firefox 52 became the first browser to support WebAssembly, a new standard "to enable near-native performance for web applications" without a plug-in by pre-compiling code into low-level, machine-ready instructions. Mozilla engineer Lin Clark sees this as an inflection point where the speed of browser-based applications increases dramatically. An anonymous reader quotes David Bryant, the head of platform engineering at Mozilla. This new standard will enable amazing video games and high-performance web apps for things like computer-aided design, video and image editing, and scientific visualization... Over time, many existing productivity apps (e.g. email, social networks, word processing) and JavaScript frameworks will likely use WebAssembly to significantly reduce load times while simultaneously improving performance while running... developers can integrate WebAssembly libraries for CPU-intensive calculations (e.g. compression, face detection, physics) into existing web apps that use JavaScript for less intensive work... In some ways, WebAssembly changes what it means to be a web developer, as well as the fundamental abilities of the web.
Mozilla celebrated with a demo video of the high-resolution graphics of Zen Garden, and while right now WebAssembly supports compilation from C and C++ (plus some preliminary support for Rust), "We expect that, as WebAssembly continues to evolve, you'll also be able to use it with programming languages often used for mobile apps, like Java, Swift, and C#."

Long-time Slashdot reader Billly Gates shared some news from Microsoft's Visual C++ blog: Visual Studio 2017 now lets developers write C++ code for Linux desktops, servers, and other devices without an extension, targeting specific architectures, including ARM: Visual Studio will automatically copy and remotely build your sources and can launch your application with the debugger... Today Visual Studio only supports building remotely on the Linux target machine. It is not limited to specific Linux distros, but we do have dependencies on the presence of some tools. Specifically, we need openssh-server, g++, gdb and gdbserver.

Google is making it possible for developers to bring their services into Gmail using new integrations called Add-ons. From a report on PCWorld: It's built so that developers can write one set of code in Google's Apps Script language and have their integration run in Gmail on the web, as well as inside Google's Android and iOS apps for the service. For example, a QuickBooks add-on would let users easily send invoices to people who they're emailing. Google already offers Add-ons for its Docs word processing and Sheets spreadsheet software. This sort of system could be useful for users because it helps them get work done without leaving Gmail. It also helps draw users into Google's official email app, rather than use one of the many other clients that can access the service, including Microsoft Outlook.