One year away from graduating with a CS degree, an anonymous reader wants some insights from the Slashdot community: [My] curriculum is rather broad, ranging from systems programming on a Raspberry Pi to HTML, CSS, JavaScript, C, Java, JPA, Python, Go, Node.js, software design patterns, basic network stuff (mostly Cisco) and various database technologies... I'm working already part-time as a system administrator for two small companies, but don't want to stay there forever because it's basically a dead-end position. Enjoying the job, though... With these skills under my belt, what career path should I pursue?
There's different positions as well as different fields, and the submission explains simply that "I'm looking for satisfying and rewarding work," adding that "pay is not that important." So leave your suggestions in the comments. What's the best job for this recent CS grad?

An anonymous reader writes: Java overtook C as the most popular language in mid-2015 on the TIOBE Programming Community index. But now over the last 13 months, they show C's popularity consistently dropping more and more. C's score had hovered between 15% and 20% for over 15 years but as 2016 ended, the language's popularity is now down to 8.7%. "There is no clear way back to the top," reports the site, asking what happened to C? "It is not a language that you think of while writing programs for popular fields such as mobile apps or websites, it is not evolving that much and there is no big company promoting the language."

But the Insights blog at Dice.com counters that TIOBE "has hammered on C for quite some time. Earlier this year, it again emphasized how C is 'hardly suitable for the booming fields of web and mobile app development.' That being said, job postings on Dice (as well as rankings compiled by other organizations) suggest there's still widespread demand for C, which can be used in everything from operating systems to data-intensive applications, and serves many programmers well as an intermediate language."
i-programmer suggests this could just be an artifact of the way TIOBE calculates language popularity (by totaling search engine queries). Noting that Assembly language rose into TIOBE's top 10 this year, their editor wrote, "Perhaps it is something to do with the poor state of assembly language documentation that spurs on increasingly desperate searches for more information." Maybe C programmers are just referring to their K&R book instead of searching for solutions online?

An anonymous reader quotes InfoWorld: Grumpy, an experimental project from Google, transpiles Python code into Go, allowing Python programs to be compiled and run as static binaries using the Go toolchain... In a blog post announcing the open source release, Google stated the project stemmed from its efforts to speed up the Python-powered front end for YouTube. But Google hit an obstacle that's familiar to folks who've deployed Python in production: It's hard to get CPython -- the default Python interpreter written in C -- to scale efficiently. "We think Grumpy has the potential to scale more gracefully than CPython for many real world workloads," writes Google...

Because it doesn't support C extensions, Grumpy doesn't have CPython's Global Interpreter Lock, which is commonly cited as a roadblock to running Python concurrent workloads smoothly. Grumpy also uses Go's garbage collection mechanisms to manage memory under the hood, instead of CPython's. Grumpy creates close interoperation between Python and Go by allowing Go packages to be imported and used with the same syntax as Go modules.

An anonymous reader writes: What's the best unofficial way to deal with a gaslighting colleague? For those not familiar, I mean "bullies unscheduling things you've scheduled, misplacing files and other items that you are working on and co-workers micro-managing you and being particularly critical of what you do and keeping it under their surveillance. They are watching you too much, implying or blatantly saying that you are doing things wrong when, in fact, you are not...a competitive maneuver, a way of making you look bad so that they look good." I'd add poring over every source-code commit, and then criticizing it even if the criticism is contradictory to what he previously said.
The submission adds that "Raising things through the official channels is out of the question, as is confronting the colleague in question directly as he is considered something of a superstar engineer who has been in the company for decades and has much more influence than any ordinary engineer." So leave your best suggestions in the comments. How would you deal with a gaslighting colleague?

WikiLeaks said on Twitter earlier today that it wants to publish the private information of hundreds of thousands of verified Twitter users. The group said an online database would include such sensitive details as family relationships and finances. USA Today reports: "We are thinking of making an online database with all 'verified' twitter accounts [and] their family/job/financial/housing relationships," the WikiLeaks Task Force account tweeted Friday. The account then tweeted: "We are looking for clear discrete (father/shareholding/party membership) variables that can be put into our AI software. Other suggestions?" Wikileaks told journalist Kevin Collier on Twitter that the organization wants to "develop a metric to understand influence networks based on proximity graphs." Twitter bans the use of Twitter data for "surveillance purposes." In a statement, Twitter said: "Posting another person's private and confidential information is a violation of the Twitter rules." Twitter declined to say how many of its users have verified accounts but the Verified Twitter account which follows verified accounts currently follows 237,000. Verified accounts confirm the identity of the person tweeting by displaying a blue check mark. Twitter says it verifies an account when "it is determined to be an account of public interest." Twitter launched the feature in 2009 after celebrities complained about people impersonating them on the social media service.

From a report on Neowin: A few months ago, Microsoft announced that it was shuttering its TechRewards program in 2017. The project, that was originally started by Nokia under the name DVLUP rewards program, aimed to reward developers with badges, XP, gift cards and other prizes for developing or incorporating new features in their apps. When Microsoft acquired Nokia's devices and services division back in 2014, the program was rebranded to Microsoft TechRewards. Today, Microsoft has formally shut down the TechRewards program.

Senior Program Manager at Microsoft has responded to speculations that Command Prompt is going away. He writes: The Cmd shell remains an essential part of Windows, and is used daily by millions of businesses, developers, and IT Pro's around the world. In fact:
1. Much of the automated system that builds and tests Windows itself is a collection of many Cmd scripts that have been created over many years, without which we couldn't build Windows itself!
2. Cmd is one of the most frequently run executables on Windows with a similar number of daily launches as File Explorer, Edge and Internet Explorer!
3. Many of our customers and partners are totally dependent on Cmd, and all its quirks, for their companies" existence!
In short: Cmd is an absolutely vital feature of Windows and, until there's almost nobody running Cmd scripts or tools, Cmd will remain within Windows.

Apple said Thursday its App Store generated $20 billion for developers in 2016, a 40 percent increase from 2015, helped by the popularity of games such as Pokemon Go and Super Mario Run and increased revenue from subscriptions. From a report on CNBC: "2016 was an amazingly great year for the App Store," Philip Schiller, Apple's senior vice president of worldwide marketing, told CNBC. "We continue to advance what is available for developers to create. And our catalog of apps grew 20 percent to 2.2 million." Schiller said the biggest drivers for the App Store included games such as "Pokemon Go," which was the most downloaded app in 2016; "Super Mario," which was the most downloaded app on Christmas and New Year's days; and subscription-based apps, such as Netflix, Hulu and Time Warner's HBO Go. The tech giant said its biggest day of sales on the App Store was on Jan. 1, 2017, when customers spent a record $240 million. The top grossing markets included the U.S, U.K., Japan and China, which saw 90 percent year-over-year growth.

An employee at Forza Horizon 3 developer Playground Games accidentally green-lighted the wrong update file for PC players, who found themselves downloading a whopping 53GB download that turned out to be an unencrypted future build (.37.2) of the entire game intended for developers. Motherboard reports: Naturally, players who'd managed to download it yesterday had a field day leaking the information within, right down to massive posts on Imgur showing all the new cars and forum threads detailing the Porsches thought to come in an future unannounced pack. Since Forza Horizon 3 requires a constant online connection and works off of a constantly refreshing save file, anyone who played the new patch on PC found themselves slapped with an error saying their Forza profiles were no longer available. Playing it with the new build would thus effectively mean starting a new game from scratch, even if they'd dumped dozens of hours into Forza Horizon 3 since its release last September. But starting over is exactly what players shouldn't have done. The best thing they could do was shut down the game, walk away, and wait for a fix. "PC players who completed the download of .37.2 and then started a new game save will have a corrupted saved game," wrote Brian Ekberg, Forza's community manager, in a forum post. "Avoid creating a new saved game on .37.2, and only play on .35.2 to avoid this issue. As long as you have an existing save and have not created a new one on .37.2, your saved game will work correctly once the update is available."

An anonymous reader writes: "An attacker going by the name of Harak1r1 is hijacking unprotected MongoDB databases, stealing and replacing their content, and asking for a 0.2 Bitcoin ($200) ransom to return the data," reports Bleeping Computer. According to John Matherly, Shodan founder, over 1,800 MongoDB databases have had their content replaced with a table called WARNING that contains the ransom note. Spotted by security researcher Victor Gevers, these databases are MongoDB instances that feature no administrator password and are exposed to external connections from the internet. Database owners in China have been hit, while Bleeping Computer and MacKeeper have confirmed other infections, one which hit a prominent U.S. healthcare organization and blocked access to over 200,000 user records. These attacks are somewhat similar to attacks on Redis servers in 2016, when an unknown attacker had hijacked and installed the Fairware ransomware on hundreds of Linux servers running Redis DB. The two series of attacks don't appear to be related.

An anonymous reader writes: Chuck Finley checked out 2,361 books from a Florida library in just nine months, increasing their total circulation by 3.9%. But he doesn't exist. "The fictional character was concocted by two employees at the library, complete with a false address and driver's license number," according to the Orlando Sentinel. The department overseeing the library acknowledges their general rule is "if something isn't circulated in one to two years, it's typically weeded out of circulation." So the fake patron scheme was concocted by a library assistant working with the library's branch supervisor, who "said he wanted to avoid having to later repurchase books purged from the shelf." But according to the newspaper the branch supervisor "said the same thing is being done at other libraries, too."

Slashdot reader horrido shares an article that "has done more for Smalltalk advocacy than any other article in memory." It was the second-most popular article of the year on the Hewlett Packard Enterprise site TechBeacon (recently passing 20,000 views), with Richard Eng, the founder of the nonprofit Smalltalk Renaissance, arguing that the 44-year-old language is much more than a tool for teachers -- and not just because Amber Smalltalk transpiles to JavaScript for front-end web programming. It's a superlative prototyping language for startups. It's an industrial-strength enterprise language used by businesses both big and small all around the globe... Smalltalk's implementation of the object-oriented paradigm is so excellent that it has influenced an entire generation of OO languages, such as Objective-C, Python, Ruby, CLOS, PHP 5, Perl 6, Erlang, Groovy, Scala, Dart, Swift, and so on. By learning Smalltalk, you'll understand how all of those useful features in today's OO languages came to be.
The article also argues that Smalltalk pioneered just-in-time compilation and virtual machines, the model-view-controller design paradigm, and to a large extent, even test-driven development. But most importantly, Smalltalk's reliance on domain-specific languages makes it "the 'purest' OO, and one of the earliest... It is often said that programming in Smalltalk or Python is rather like Zen; your mind just flows effortlessly with the task. This is the beauty and value of language simplicity, and Smalltalk has this in spades... Smalltalk, by virtue of its object purity and consistency, will give you a profoundly better understanding of object-oriented programming and how to use it to its best effect."

An anonymous reader writes: Remember that story about how women "get pull requests accepted more (except when you know they're women)." The study actually showed that men also had their code accepted more often when their gender wasn't known, according to Tech In Asia -- and more importantly, the lower acceptance rates (for both men and women) applied mostly to code submitters from outside the GitHub community. "Among insiders, there's no evidence of discrimination against women. In fact, the reverse is true: women who are on the inside and whose genders are easy to discern get more of their code approved, and to a statistically significant degree."

Eight months after the story ran, the BBC finally re-wrote their original headline ("Women write better code, study suggests") and added the crucial detail that acceptance rates for women fell "if they were not regulars on the service and were identified by their gender."

An anonymous reader quotes a report from International Business Times: According to a report from ProPublica, the world's largest social network knows far more about its users than just what they do online. What Facebook can't glean from a user's activity, it's getting from third-party data brokers. ProPublica found the social network is purchasing additional information including personal income, where a person eats out and how many credit cards they keep. That data all comes separate from the unique identifiers that Facebook generates for its users based on interests and online behavior. A separate investigation by ProPublica in which the publication asked users to report categories of interest Facebook assigned to them generated more than 52,000 attributes. The data Facebook pays for from other brokers to round out user profiles isn't disclosed by the company beyond a note that it gets information "from a few different sources." Those sources, according to ProPublica, come from commercial data brokers who have access to information about people that isn't linked directly to online behavior. The social network doesn't disclose those sources because the information isn't collected by Facebook and is publicly available. Facebook does provide a page in its help center that details how to get removed from the lists held by third-party data brokers. However, the process isn't particularly easy. In the case of the Oracle-owned Datalogix, users who want off the list have to send a written request and a copy of a government-issued identification in the mail to Oracle's chief privacy officer. Another data collecting service, Acxiom, requires users provide the last four digits of their social security number to see the information the company has gathered about them.

An anonymous reader quotes a report from ZDNet: Nevada's state government website has leaked the personal data on over 11,700 applicants for dispensing medical marijuana in the state. Each application, eight pages in length, includes the person's full name, home address, citizenship, and even their weight and height, race, and eye and hair color. The applications also include the applicant's citizenship, their driving license number (where applicable), and social security number. Security researcher Justin Shafer found the bug in the state's website portal, allowing anyone with the right web address to access and enumerate the thousands of applications. Though the medical marijuana portal can be found with a crafted Google search query, we're not publishing the web address out of caution until the bug is fixed. A spokesperson for the Nevada Dept. Health and Human Services, which runs the medical marijuana application program, told ZDNet that the website has been pulled offline to limit the vulnerability. The spokesperson added that the leaked data was a "portion" of one of several databases.

An anonymous reader writes from a report via BleepingComputer: A security flaw discovered in a common PHP class allows knowledgeable attackers to execute code on a website that uses a vulnerable version of the script, which in turn can allow an attacker to take control over the underlying server. The vulnerable library is PHPMailer, a PHP script that allows developers to automate the task of sending emails using PHP code, also included with WordPress, Drupal, Joomla, and more. The vulnerability was fixed on Christmas with the release of PHPMailer version 5.2.18. Nevertheless, despite the presence of a patched version, it will take some time for the security update to propagate. Judging by past incidents, millions of sites will never be updated, leaving a large chunk of the Internet open to attacks. Even though the security researcher who discovered the flaw didn't publish any in-depth details about his findings, someone reverse-engineered the PHPMailer patch and published their own exploit code online, allowing others to automate attacks using this flaw, which is largely still unpatched due to the holiday season.

Long-time Slashdot reader kruhft brings news about a new S-Expression based language transpiler that has the feel of C. This structure allows for the creation of code generation macros using the full power of the host Common Lisp environment, a language designed for operating on S-Expressions, also known as Lists. It is unknown exactly what power might come about from this combination of low level processing with high level code generation.
This has prompted some discussion online about other attempts to convert Lisp to C -- raising several more questions. How (and why) would you convert your Lisp code into C, and what would then be the best uses for this capability?

On Friday, more than a year after Python 3.5, core developers Elvis Pranskevichus and Yury Selivanov announced the release of version 3.6. An anonymous reader writes: InfoWorld describes the changes as async in more places, speed and memory usage improvements, and pluggable support for JITs, tracers, and debuggers. "Python 3.6 also provides support for DTrace and SystemTap, brings a secrets module to the standard library [to generate authentication tokens], introduces new string and number formats, and adds type annotations for variables. It also gives us easier methods to customize the creation of subclasses."
You can read Slashdot's interview with Python creator Guido van Rossum from 2013. I also remember an interview this July where Perl creator Larry Wall called Python "a pretty okay first language, with a tendency towards style enforcement, monoculture, and group-think...more interested in giving you one adequate way to do something than it is in giving you a workshop that you, the programmer, get to choose the best tool from." Anyone want to share their thoughts today about the future of Python?

Reader Trailrunner7 writes: Apple has pushed back a deadline for developers to support a key transport security technology in apps submitted to the company's app stores. Officials said at the Apple Worldwide Developers Conference earlier this year that developers would have to support Apple Transport Security by the end of 2016. But on Thursday, the company announced that it has decided to extend the deadline indefinitely. ATS is Apple's collection of transport security standards designed to provide attack resistance for data that's sent between iOS and macOS apps and backend servers. It requires apps to support a number of modern transport security technologies, including TLS 1.2, AES-128 or stronger, and certificates must be signed using SHA-2. ATS also requires the use of forward secrecy, a key-exchange method that protects encrypted sessions even if the server certificate is compromised at some point in the future.

In a press release, Crytek, the developer behind hits such as the Crysis and Far Cry shooters, announced that it will be closing five of its studios in an effort to "refocus on its core strengths." The only studios remaining will be Crytek's Frankfurt, Germany and Kiev, Ukraine locations. Polygon reports: Other than Crytek's Frankfurt headquarters and Kiev studio, which develops free-to-play shooter Warface, the company held offices in Budapest, Hungary; Sofia, Bulgaria; Seoul, Korea; Shanghai, China; and Istanbul, Turkey. Crytek's co-founder and managing director, Avni Yerli, said in the release that the "changes are part of the essential steps we are taking to ensure Crytek is a healthy and sustainable business moving forward that can continue to attract and nurture our industry's top talent. The reasons for this have been communicated internally along the way. "Our focus now lies entirely on the core strengths that have always defined Crytek -- world-class developers, state-of-the-art technology and innovative game development, and we believe that going through this challenging process will make us a more agile, viable, and attractive studio, primed for future success," he added. The studio will now focus on its CryEngine technology, which is used by many other developers and licensors. Crytek said it will also continue to "develop and work on premium IPs."