An anonymous reader quotes a report from ZDNet: Google has announced Flutter 2, a major upgrade to its framework for building user interfaces for mobile, the web and desktop. Flutter promises to allow developers to use the same codebase to build native apps for iOS, Android, Windows 10, macOS, and Linux and for the web on browsers including Chrome, Firefox, Safari or Edge. It can also be embedded in an IoT device with a screen, such as cars, TVs, and home appliances.

The move to Flutter 2 promises to benefit the over 150,000 Flutter Android apps already available on the Play Store. Every app will get a free upgrade with Flutter 2 allowing developers to target desktop and web without rewriting them. Google apps now built with Flutter include Google Pay, Stadia and Google Nest Hub among others. Flutter 2 also brings production quality support for the web, with a focus on progressive web apps (PWAs) that behave like desktop apps, single page apps, and mobile apps on the web. Google has added a new CanvasKit-powered rendering engine built with WebAssembly. For mobile web apps, in recent months it's added autofill, control over address bar URLs and routing, and PWA manifests.

For desktop browsers, it has added interactive scrollbars and keyboard shortcuts, increased the default content density in desktop modes, and added screen reader support for accessibility on Windows, macOS and ChromeOS. Google has been working with Ubuntu maker Canonical to bring Flutter to the desktop. Canonical will make Flutter the default choice for future desktop and mobile apps it creates. Microsoft is also releasing contributions to the Flutter engine that supports foldable Android devices, such as the Microsoft Surface Duo.

An anonymous reader quotes a report from Ars Technica: Over the weekend, word emerged that a hacker breached far-right social media website Gab and downloaded 70 gigabytes of data by exploiting a garden-variety security flaw known as an SQL injection. A quick review of Gab's open source code shows that the critical vulnerability -- or at least one very much like it -- was introduced by the company's chief technology officer. The change, which in the parlance of software development is known as a "git commit," was made sometime in February from the account of Fosco Marotto, a former Facebook software engineer who in November became Gab's CTO. On Monday, Gab removed the git commit from its website. Below is an image showing the February software change, as shown from a site that provides saved commit snapshots.

The commit shows a software developer using the name Fosco Marotto introducing precisely the type of rookie mistake that could lead to the kind of breach reported this weekend. Specifically, line 23 strips the code of "reject" and "filter," which are API functions that implement a programming idiom that protects against SQL injection attacks. This idiom allows programmers to compose an SQL query in a safe way that "sanitizes" the inputs that website visitors enter into search boxes and other web fields to ensure that any malicious commands are stripped out before the text is passed to backend servers. In their place, the developer added a call to the Rails function that contains the "find_by_sql" method, which accepts unsanitized inputs directly in a query string. Rails is a widely used website development toolkit.

"Sadly Rails documentation doesn't warn you about this pitfall, but if you know anything at all about using SQL databases in web applications, you'd have heard of SQL injection, and it's not hard to come across warnings that find_by_sql method is not safe," Dmitry Borodaenko, a former production engineer at Facebook who brought the commit to my attention wrote in an email. "It is not 100% confirmed that this is the vulnerability that was used in the Gab data breach, but it definitely could have been, and this code change is reverted in the most recent commit that was present in their GitLab repository before they took it offline." Ironically, Fosco in 2012 warned fellow programmers to use parameterized queries to prevent SQL injection vulnerabilities.

Microsoft today announced Power Fx, a new low-code language that "will become the standard for writing logic customization across Microsoft's own low-code Power Platform," reports TechCrunch. "[S]ince the company is open-sourcing the language, Microsoft also hopes others will implement it as well and that it will become the de facto standard for these kinds of use cases." From the report: Microsoft says the language was developed by a team led by Vijay Mital, Robin Abraham, Shon Katzenberger and Darryl Rubin. Beyond Excel, the team also took inspiration from tools and languages like Pascal, Mathematica and Miranda, a functional programming language developed in the 1980s. Microsoft plans to bring Power Fx to all of its low-code platforms, but given the focus on community, it'll start making appearances in Power Automate, Power Virtual Agents and elsewhere soon.

But the team clearly hopes that others will adopt it as well. Low-code developers will see it pop up in the formula bars of products like Power Apps Studio, but more sophisticated users will also be able to use it to go to Visual Studio Code and build more complex applications with it. As the team noted, it focused on not just making the language Excel-like but also having it behave like Excel -- or like a REPL, for you high-code programmers out there. That means formulas are declarative and instantly recalculate as developers update their code.

Results were announced this week for the fourth "official annual Python Developers Survey" of over 28,000 developers (in nearly 200 countries) conducted by the Python Software Foundation and JetBrains.

85% of the survey respondents use Python as their main programming language, InfoWorld reports: Python developers cite simplicity and ease of use as principal reasons for using the language, but they still want capabilities such as static typing and performance improvements, based on survey results released this week. Python's simple syntax, syntactic sugar, and ease of learning were the most-favored features, capturing 37% of respondents, who were asked which three features they liked the most...

Which three features would Python developers most like to see added to the language? Static typing and strict type hinting proved to be the most-desired features, with 21% of respondents, closely followed by performance improvements, with 20%. Better concurrency and parallelism came in third, with 15% saying they were their most-desired capabilities.
InfoWorld also describes some other interesting results:

• "JavaScript was the most popular language used in conjunction with Python, with about 42% of respondents using both together. 75% of web developers said they were using both Python and JavaScript."

• "Just 8% of Python developers performing data-related tasks do not use any additional languages while only 3% of web developers use only Python."

• "Use of Python 3 has grown from 75% in 2017 to 94% in 2020."

A US magistrate judge has ordered Valve to provide sales data to Apple in response to a subpoena issued amid Apple's continuing legal fight with Epic Games. From a report: In addition to some aggregate sales data for the entirety of Steam, Valve will only have to provide specific, per-title pricing and sales data for "436 specific apps that are available on both Steam and the Epic Games Store," according to the order. That's a significant decrease from the 30,000+ titles Apple for which Apple originally requested data. In resisting the subpoena, Valve argued that its Steam sales data was irrelevant to questions about the purely mobile app marketplaces at issue in the case. Refocusing the request only on games available on both Steam and the Epic Games Store makes it more directly relevant to the questions of mobile competition in the case, Judge Thomas Hixson writes in his order.

"Recall that in these related cases, [Epic] allege that Apple's 30% commission on sales through its App Store is anti-competitive and that allowing iOS apps to be sold through other stores would force Apple to reduce its commission to a more competitive level," Hixson writes in the order. "By focusing... on 436 specific games that are sold in both Steam and Epic's store, Apple seeks to take discovery into whether the availability of other stores does in fact affect commissions in the way [Epic] allege." The California judge overseeing Apple's attempts to drag Valve into an ongoing beef with Epic Games admitted that Apple "salted the Earth with subpoenas, so don't worry, it's not just you."

theodp writes: Amazon on Wednesday announced it has lined up the support of Governors and State School Superintendents from five 'key states' for a pilot that aims to reimagine the Java-based Advanced Placement Computer Science A (AP CS A) course taken by high school students for college credit. By doing so, Amazon indicated it hopes to address "the diversity gaps in today's technology workforce."

From the press release: "Amazon's signature computer science education program, Amazon Future Engineer, is trying to help close those gaps by donating $15 million to Code.org over three years. The money will support the creation of the new equity-minded curriculum and other initiatives designed to reach more students from underrepresented groups. The initiatives aim to increase student awareness of academic and career pathways in computer science as well as equip them to be successful in college-level computer science and beyond. Working together, we have our eyes set on an ambitious goal of doubling the participation of students from underrepresented groups in AP CSA within five years of the course's launch."

After CEO Jeff Bezos came under fire [PDF] last summer for the company's continued resistance to making its EEO-1 diversity regulatory filing public, Amazon finally agreed to publicly disclose its race, gender and ethnicity workforce data sometime in 2021.

RoccamOccam writes: The developers at Discord have seen success with Rust on their video encoding pipeline for Go Live and on their Elixir NIFs' server. Recently, they penned a post explaining how they have drastically improved the performance of a service by switching its implementation from Go to Rust.

From the post, "Remarkably, we had only put very basic thought into optimization as the Rust version was written. Even with just basic optimization, Rust was able to outperform the hyper hand-tuned Go version. This is a huge testament to how easy it is to write efficient programs with Rust compared to the deep dive we had to do with Go."

Ryan Dahl, creator of Node.js and Deno, gave a new interview this week to the IT outsourcing company Evrone: Evrone: You have hands-on experience with lots of programming languages: C, Rust, Ruby, JavaScript, TypeScript. Which one do you enjoy the most to work with?

Ryan: I have the most fun writing Rust these days. It has a steep learning curve and is not appropriate for many problems; but for the stuff I'm working on now it's perfect. It's a much better C++. I'm convinced that I will never start a new C++ project. Rust is beautiful in its ability to express low-level machinery with such simplicity.

JavaScript has never been my favorite language — it's just the most common language — and for that reason it is a useful way to express many ideas. I don't consider TypeScript a separate language; its beauty is that it's just marked up JavaScript. TypeScript allows one to build larger, more robust systems in JavaScript, and I'd say it's my go-to language for small everyday tasks.

With Deno we are trying to remove a lot of the complexity inherent in transpiling TypeScript code down to JavaScript with the hope this will enable more people to utilize it.

Evrone: Gradual typing was successfully added into core Python, PHP, and Ruby. What, in your opinion, is the main showstopper for adding types into JavaScript?

Ryan: Types were added to JavaScript (with TypeScript) far more successfully than has been accomplished in Python, PHP, or Ruby. TypeScript is JavaScript with types. The better question is: what is blocking the JavaScript standardization organization (TC39) from adopting TypeScript? Standardization, by design, moves slowly and carefully. They are first looking into proposing Types-As-Comments, which would allow the JavaScript runtimes to execute TypeScript syntax by ignoring the types. I think eventually TypeScript (or something like it) will be proposed as part of the JavaScript standard, but that will take time.

Evrone: As a respectable VIM user, what do you think of modern programmer editors like Visual Studio Code? Are they good enough for the old guard?

Ryan: Everyone I work with uses vscode and they love it. Probably most people should use that.

I continue to use VIM for two reasons. 1) I'm just very familiar and fast with it, I like being able to work over ssh and tmux and I enjoy the serenity of a full screen terminal. 2) It's important for software infrastructure to be text-based and accessible with simple tools. In the Java world they made the mistake of tying the IDEs too much into the worldflows of the language, creating a situation where practically one was forced to use an IDE to program Java. By using simple tooling myself, I ensure that the software I develop does not become unnecessarily reliant on IDEs. If you use grep instead of jump-to-definition too much indirection becomes intolerable. For what I do, I think this results in better software.

Today is the 30th anniversary of the Python programming language, "which has never been more popular, arguably thanks to the rise of data science and AI projects in the enterprise," writes Venture Beat.

To celebrate the historical releases file has been updated to include Guido van Rossum's original 0.9.1 beta release from 1991. (Its ReadMe file advises that Python 0.9 "can be used instead of shell, Awk or Perl scripts, to write prototypes of real applications, or as an extension language of large systems, you name it.")

And meanwhile, VentureBeat interviewed Pablo Galindo, one of the five members of the 2021 Python Steering Council and a software engineer at Bloomberg: VentureBeat: What's your current assessment of Python?

Galindo: Python is a very mature language, and it has evolved. It also has a bunch of things that it carries over. Python has some baggage that nowadays feels a bit old, but the community and the ecosystem has to be preserved. It's similar to how C and C++ are evolving right now. When you make changes to the language, it's quite dangerous [because you can] break things. That's what people are scared of the most.

But even though Python is quite old, there are big changes. The Python 3.1 release for this October will include pattern matching, which is one of the biggest syntax changes that Python has seen in a long time. We can learn from other languages. I think we're happy to say that we are still evolving and adapting. We have a good experience with respecting the importance of backwards compatibility.

VentureBeat: If you could be Python king for a day, what would you change?

Galindo: I would be a horrible King for a day. The first order of business would be to fix all these things that we have acquired over the years in the language. That would require breaking a bunch of things. Obviously, I will not do that, but I think one of the things I really would like to see in the future is for Python to become faster than it is. I think Python still has a lot of potential to become faster. I'm thinking this will be impossible. But one can dream.

VentureBeat: What do you know now about Python today that you wish you knew when you first began using it?

Galindo: I think the most important thing I learned is how many different uses there are for Python. It's important to listen to all these sorts of users when considering the evolution of the language. It's quite surprising and quite revealing to consider how changes or improvements will conflict or will interact with other users of the language.

That's something that when I started I didn't even consider. It would be good if people could be empathetic to us changing the language when we have to balance these things.

Almost exactly a year after Google announced the first developer preview of Android 11, the company today released the first developer preview of Android 12. From a report: Google delayed the roll-out of Android 11 a bit as the teams and the company's partners adjusted to working during a pandemic, but it looks like that didn't stop it from keeping Android 12 on schedule. As you would expect from an early developer preview, most of the changes here are under the hood and there's no over-the-air update yet for intrepid non-developers who want to give it a spin. Among the highlights of the release so far -- and it's important to note that Google tends to add more user-facing changes and UI updates throughout the preview cycle -- are the ability to transcode media into higher-quality formats like the AV1 image format, faster and more responsive notifications and a new feature for developers that now makes individual changes in the platform togglable so they can more easily test the compatibility of their apps. Google also promises that just like with Android 11, it'll add a Platform Stability milestone to Android 12 to give developers advance notice when final app-facing changes will occur in the development cycle of the operating system. Last year, the team hit that milestone in July when it launched its second beta release. Developers who want to get started with bringing their apps to Android 12 can do so today by flashing a device image to a Pixel device. For now, Android 12 supports the Pixel 3/3 XL, Pixel 3a/3a XL, Pixel 4/4 XL, Pixel 4a/4a 5G and Pixel 5. You can also use the system image in the Android Emulator in Google's Android Studio.

In its bid for TikTok, Oracle was supposed to prevent data from being passed to Chinese police. Instead, it's been marketing its own software for their surveillance work. From a report: Police in China's Liaoning province were sitting on mounds of data collected through invasive means: financial records, travel information, vehicle registrations, social media, and surveillance camera footage. To make sense of it all, they needed sophisticated analytic software. Enter American business computing giant Oracle, whose products could find relevant data in the police department's disparate feeds and merge it with information from ongoing investigations. So explained a China-based Oracle engineer at a developer conference at the company's California headquarters in 2018. Slides from the presentation, hosted on Oracle's website, begin with a "case outline" listing four Oracle "product[s] used" by Liaoning police to "do criminal analysis and prediction." One slide shows Oracle software enabling Liaoning police to create network graphs based on hotel registrations and track down anyone who might be linked to a given suspect.

Another shows the software being used to build a police dashboard and create "security case heat map[s]." Apparent pictures of the software interface show a blurred face and various Chinese names. The concluding slide states that the software helped police, whose datasets had been "incomprehensible," more easily "trace the key people/objects/events" and "identify potential suspect[s]" -- which in China often means dissidents. Oracle representatives have marketed the company's data analytics for use by police and security industry contractors across China, according to dozens of company documents hosted on its website. In at least two cases, the documents imply that provincial departments used the software in their operations. One is the slideshow story about Liaoning province. The other is an Oracle document describing police in Shanxi province as a "client" in need of an intelligence platform. Oracle also boasted that its data security services were used by other Chinese police entities, according to the documents -- including police in Xinjiang, the site of a genocide against Muslim Uyghurs and other ethnic groups. In marketing materials, Oracle said that its software could help police leverage information from online comments, investigation records, hotel registrations, license plate information, DNA databases, and images for facial recognition. Oracle presentations even suggested that police could use its products to combine social media activity with dedicated Chinese government databases tracking drug users and people in the entertainment industry, a group that includes sex workers. Oracle employees also promoted company technology for China's "Police Cloud," a big data platform implemented as part of the emerging surveillance state.

In its ongoing attempt to gauge the popularity of programming languages, "C is at the top of the list of TIOBE'S Index for February 2021 with Java in second place," reports TechRepublic: Those two languages swapped positions on the list as compared to 2020, but the rest of the list is almost exactly the same as a year ago. Python is in the No. 3 spot followed by C++, C#, Visual Basic, JavaScript, PHP, and SQL.

Assembly Language rounds out the top 10 list, up from spot 12 in 2020. R moved up two spots over the last year from 13 to 11. Groovy jumped to the 12h spot, up from 26 a year ago. Classic Visual Basic is on the rise also moving up four spots to 18.
For what it's worth, in the last year Go has dropped to #13 on the list — overtaken by assembly language, R, and Groovy.

And Swift dropped from #10 to #15, also being overtaken in the last year by Ruby.

From today's "This Week in Programming" column: Rejoice, long at last, all you Gophers, for the question of whether or not the Go programming language will adopt generics has finally, after many years of debate, been answered this week with the acceptance of a proposal made last month.

In this most recent proposal, Golang team member Ian Lance Taylor writes that generics have been "one of the most commonly requested language features" since the language was first released in 2009, but even then, it's adoption doesn't come without concerns. Taylor explains the idea of generics in the intro of his proposal:

"Generics can give us powerful building blocks that let us share code and build programs more easily. Generic programming means writing functions and data structures where some types are left to be specified later. For example, you can write a function that operates on a slice of some arbitrary data type, where the actual data type is only specified when the function is called. Or, you can define a data structure that stores values of any type, where the actual type to be stored is specified when you create an instance of the data structure."

It is precisely this value proposition — being able to write reusable code — that excites some developers and has been behind the push all along...

Generics wasn't the only controversial programming language addition this week, with the Python Steering Council making the decision to accept a number of Python Enhancement Proposals (PEPs) collectively known as the Pattern Matching PEPs. "We acknowledge that Pattern Matching is an extensive change to Python and that reaching consensus across the entire community is close to impossible," the council writes, saying that, nonetheless, they "are confident that Pattern Matching as specified in PEP 634, et al, will be a great addition to the Python language."

One dissenter to the addition found their way to the pages of iProgrammer, with the snarky headline "Python Adopts Pattern Matching — Kitchen Sink Next."
In other news, Google increased its support for the Python Software Foundation with a donation of more than $350,000 to support three specific projects, and also says it will continue its donation of Google Cloud infrastructure to the foundation.

New submitter Pibroch(CiH) writes: Andrew Spinks, the creator of Terraria and lead developer for Re-Logic, has been trying to find out why his Google account (which encompasses YouTube, Gmail, and many other important services) was suddenly banned and locked with no warning.

According to Ars Technica: "Spinks says his entire Google account has been down for three weeks now, and Google has 'done nothing but given me the runaround.' You can view the quality of Google's support on Twitter for yourself. After the tweet from the official Terrarria account, YouTube support declined Re-logic's request to try to solve the problem privately, choosing instead to publicly offer irrelevant suggestions to the game developer with over 30 million customers. First, YouTube asked if Re-Logic could access its banned email account, which the developer already explained was banned. Then, YouTube suggested trying Google's account recovery system, which is only for users who have forgotten their Google password. Finally, YouTube shared instructions for how to recover a voluntarily deleted Google account, which is in no way relevant to an account ban."

Spinks has moved to cancel the release of the popular game Terraria on Google's Stadia game streaming platform.

Rust -- the programming language, not the survival game -- now has a new home: the Rust Foundation. From a report: AWS, Huawei, Google, Microsoft and Mozilla banded together to launch this new foundation today and put a two-year commitment to a million-dollar budget behind it. This budget will allow the project to "develop services, programs, and events that will support the Rust project maintainers in building the best possible Rust." Rust started as a side project inside of Mozilla to develop an alternative to C/C++. Designed by Mozilla Research's Graydon Hore, with contributions from the likes of JavaScript creator Brendan Eich, Rust became the core language for some of the fundamental features of the Firefox browser and its Gecko engine, as well as Mozilla's Servo engine. Today, Rust is the most-loved language among developers. But with Mozilla's layoffs in recent months, many on the Rust team lost jobs and the future of the language became unclear without a main sponsor, though the project itself has thousands of contributors and a lot of corporate users, so the language itself wasn't going anywhere.

Over the past several weeks, developer Kosta Eleftheriou has been highlighting many apparent scam applications on the App Store. The formula for each scam application is virtually identical, and it centers on fake reviews and ratings paired with a deceptive weekly subscription. From a report: Eleftheriou is the developer behind FlickType, a popular Apple Watch keyboard application that brings gesture typing to the wearable device. He was also one of the creators of the Flesky keyboard app, acquired by Pinterest, and Blind Type, acquired by Google. The thread began two weeks ago, when Eleftheriou began highlighting applications that were essentially non-functional ripoffs of FlickType. One of the most blatant ones was KeyWatch: "Just a few months ago, I was way ahead of my competition. By the time they figured out just how hard autocorrect algorithms were, I was already rolling out the swipe version of my keyboard, quickly approaching iPhone typing speeds. So how did they beat me? First, they made an app that appeared to fulfill the promise of a watch keyboard -- but was practically unusable. Then, they started heavily advertising on FB & Instagram, using my own promo video, of my own app, with my actual name on it."

When users downloaded the app, the first screen was a blank interface with an "Unlock now" button. Tap the "Unlock now" button, and you'd be prompted with Apple's buy screen to confirm an $8/week subscription for an app that was nonfunctional.

It's been estimated that there are 24 million developers in the world. 14 million of them now use Microsoft's Visual Studio Code (VS Code) as their IDE, reports ZDNet, with five million new users arriving in 2020.

Julia Liuson, corporate vice president of Microsoft's developer division, tells them why: "The strategy for VS Code is really to support our any, any, any strategy. You can be a developer working with any programming language, working on any operating system and develop any kind of software." VS Code runs on macOS, Windows 10, and multiple distributions of Linux, it supports Arm64 on Linux, and runs on Raspberry Pi and Chromebooks. It's also available in preview form
Part of VS Code's popularity is the breadth of language extensions for C++, C#, Python and various Python libraries for data scientists, Java, and JavaScript/Typescript... "We have almost two million Python developers using VS Code and well over a million C++ developers using VS Code," said Liuson. "And even our Java usage is approaching one million...."

Liuson also talked about Microsoft's inner source approach to software development. The company doubled down on inner source in 2019, and recently highlighted its inner-source approach as a factor that mitigated the threat of the SolarWinds hackers accessing its source code. Microsoft didn't make up the term inner source and the approach means taking open-source development practices and applying them inside a single organization. GitHub and GitHub's Enterprise Server fits snuggly with this approach to help organizations collaborate but do so in private.

"Inner source means if you have private IP, but you're inviting other teams within the company to collaborate with you. That's the fundamental difference between open source and inner source. Today, it's very common in large enterprise..."

An anonymous reader quotes a report from BuzzFeed News: Over the last two years, the government of Pakistan has forced Google and Apple to take down apps in the country created by developers based in other nations who are part of a repressed religious minority. The move is part of a crackdown led by the country's telecommunications regulator targeting the Ahmadiyya Muslim community. Adherents, called Ahmadis, number about 4 million in Pakistan. Though Ahmadis identify as Muslim, Pakistan's government views them as heretics, and a 1984 ordinance forbids them from "posing" as Muslims, adopting Islamic religious practices, and referring to their houses of worship as mosques. Pakistan is the only country to declare that Ahmadis are not Muslim.

Ahmadis have faced persecution for decades, including an attack in 2010 that killed 93 people. But the pressure on multinational tech companies from Pakistan's telecom regulator, the Pakistan Telecommunication Authority (PTA), signals a new willingness to target religious minorities beyond its borders. It is also one of the first examples of governments using anti-blasphemy rules to force international tech companies to censor content. At issue are seven religious apps created by the Ahmadi community in the United States, published under the name "Ahmadiyya Muslim Community." Three of the apps contain "the exact same [Arabic] text found universally in all versions of the Holy Quran," as well as commentary from the Ahmadi perspective, according to their descriptions. They are still available on app stores in other countries. All of these have been taken down by Google in Pakistan. In addition, there are four other apps, which include an FAQ on Islam and a weekly Urdu-language news magazine, that the PTA is pressuring Google to remove, but which have not been taken down.

An anonymous Slashdot reader warns of a possible miscalculation: 20 years ago today, cobolreport.com published an article, according to which there are 30 billion Customer Information Control System/COBOL transactions per day. This number has since been cited countless times... [T]his number is still to be found in the marketing of most COBOL service providers, compiler vendors (IBM, Micro-Focus and others) and countless articles about how relevant COBOL supposedly still was. The article originally reported 30 billion "CICS transactions", but within 2 years it had already been turned into "COBOL transactions"...

The "30 billion" likely originates from a DataPro survey in 1997, in which they still reported 20 billion transactions per day. Only 421 companies participated in that survey. They actually scaled the results from such a small survey up to the IT-market of the entire world!

That same survey is also the source of many other numbers that are still to be found in the marketing of COBOL compiler vendors and articles:

- There are 200 billion lines of COBOL Code

- That's 60-80% of all the source codes in the world [sic]

- 5 billion lines of COBOL code are newly written each year

- There are 2 million COBOL developers in the world

- COBOL processes 95% of all "in person transactions", "ATM swipes" or similar

DataPro was bought by Gartner Inc. in 1997. Since then, all the numbers are reported to come "from Gartner". Only very early sources quote DataPro as their source.

Some of these numbers are obvious nonsense. The explanation for this is that DataPro had only surveyed mainframe owners. So it only says that 60-80% of all the source codes on mainframes are written in COBOL (which is plausible at least for 1997). And only 95% of all credit companies that have mainframes use their mainframes for processing credit card transactions. Considering the low participation, we are probably talking about 19 of 20 credit companies here.

"The domain name perl.com was stolen and now points to an IP address associated with malware campaigns," reports Bleeping Computer: Perl.com is a site owned by Tom Christiansen and has been used since 1997 to post news and articles about the Perl programming language. On January 27th, Perl programming author and Perl.com editor brian d foy tweeted that the perl.com domain was suddenly registered under another person. Intellectual property lawyer John Berryhill later replied to the tweet that the domain was stolen in September 2020 while at Network Solutions, transferred to a registrar in China on Christmas Day, and finally moved to the Key-Systems registrar on January 27th, 2020.

It wasn't until the last transfer that the IP addresses assigned to the domain were changed from 151.101.2.132 to the Google Cloud IP address 35.186.238[.]101...

On the 28th, d foy tweeted that they have set up perl.com temporarily at http://perldotcom.perl.org for users who wish to access the site until the domain is recovered...

d foy has told BleepingComputer that it is not believed that the domain owner's account was hacked and that they are currently working with Network solutions and Key-Systems to resolve the issue. "I do know from direct communication with the Network Solutions and Key Systems that they are working on this and that the perl.com domain is locked. Tom Christiansen, the rightful owner, is going through the recovery process with those registrars."

"Both registrars, along with a few others, reached out to me personally to offer help and guidance. We are confident that we will be able to recover the domain, but I do not have a timetable for that," d foy told BleepingComputer.

The IP address that perl.com is now hosted has a long history of being used in older malware campaigns and more recent ones.
"Anyone using a perl.com host for their CPAN mirror should use www.cpan.org instead," advises an announcement page today at Perl.org, which d foy tweeted "is now going to be the source for the latest http://Perl.com info."

On Thursday d foy tweeted that "There's no news on the recovery progress. Everyone who needs to be talking is talking to each other and it's just a process now."