Software engineer Kieran Potts asks: does JavaScript need to be renamed? There's no doubt there are problems with JavaScript's branding...

- Correctly, "JavaScript" refers to a subset of ECMAScript specified by Mozilla, but the word is used interchangeably to refer to multiple different ECMAScript supersets, depending on context.

- JavaScript is a trademark of Oracle Corporation, which doesn't fit comfortably with the language's position as a central component of the web platform, which is meant to be built entirely from open technologies and standards.

- There isn't even an official logo for JavaScript, let alone a cute mascot like Go's gopher or PHP's elephant.

- And famously, JavaScript is unrelated to Java. This has confused the hell out of non-technical managers and recruiters for decades.
The article also suggests "a standard convention" to identify the runtime's host system (for example, "WebJS" or "ServerJS").

But in response to the question of rebranding JavaScript, "the most common, knee jerk reaction was a quick guffaw and an exclaimed 'no!'" notes tech columnist Mike Melanson, "while others offered that the simple contraction to JS would suffice."

The senior editor of Dice Insights writes: Which programming languages are most in-demand by employers? That's an excellent (and vital) question for developers out there, especially those who want to leverage their skills to land a particularly high-paying job. Fortunately, a new list gives us a pretty accurate rundown, and it's filled with the usual suspects: SQL, Java, JavaScript, Python, and so on.

The data comes from Burning Glass, which compiles and analyzes millions of job postings, so we can treat it as pretty comprehensive (although, as with any massive dataset, there's always the potential for errors)... The top-ranked presence of SQL shouldn't come as a shocker to anyone: although the language is older than many of the technologists who utilize it (it was created in 1974), it's still very much a key standardized language for relational databases (it's ranked eighth on the TIOBE Index, a popular but controversial ranking of the world's most popular programming languages). Businesses always need databases; and they're clearly hungry for technologists who can set up and manage them.

A recent study by IEEE Spectrum also noted that employers want developers skilled in Python, Java, C, C++, and JavaScript, so these languages' presence on the Burning Glass list should come as no surprise, either. All of these programming languages enjoy massive install bases across a variety of platforms, including mobile and the web; they're also taught widely in schools and bootcamps, ensuring that there's a steady pipeline of newly minted technologists who know them. In addition to building new stuff, businesses need to maintain legacy code written in these languages.

Nearly 7.5 million Adobe Creative Cloud users are left open to phishing campaigns after their records were left exposed to the internet. Threatpost reports: Adobe Creative Cloud, which has an estimated 15 million subscribers, is a monthly service that gives users access to a suite of popular Adobe products such as Photoshop, Lightroom, Illustrator, InDesign, Premiere Pro, Audition, After Effects and others. Comparitech partnered with security researcher Bob Diachenko to uncover the exposed database. The Elasticsearch database could be tapped without a password or any other authentication; offering an attacker access to email addresses, account information and which Adobe products that users purchased. The data did not include payment information or passwords. The user data "wasn't particularly sensitive," but it could be used to create convincing phishing emails aimed at Adobe users, according to Comparitech researcher Paul Bischoff, in Friday research shared with Threatpost. "The information exposed in this leak could be used against Adobe Creative Cloud users in targeted phishing emails and scams," Bischoff noted. "Fraudsters could pose as Adobe or a related company and trick users into giving up further info, such as passwords, for example."

In July, GitHub blocked several accounts to prevent users in Iran from accessing several portions of its service. A few days later Amazon Web Services followed suite. With major cloud services pulling support for developers in the country, many lost their academic work and several apps ceased to function. A solution for these developers now is to cut reliance on American giants and build their own services. But there's a catch: Internet in Iran is heavily censored, so they can't rely on local networks.

After Trump backed away from the nuclear deal, there's been a tremendous pressure on tech companies to block IPs from Iran. Plus, Mozilla decided to omit a whole transparency section in its report on the country succumbing to the government pressure. With sanctions on one side and censorship on the other, there's a tough road ahead for developers. Ivan Mehta, a journalist at The Next Web, looks at the issue.

An open database exposing records containing the sensitive data of hotel customers as well as US military personnel and officials has been disclosed by researchers. ZDNet reports: On Monday, vpnMentor's cybersecurity team, led by Noam Rotem and Ran Locar, said the database belonged to Autoclerk, a service owned by Best Western Hotels and Resorts group. Autoclerk is a reservations management system used by resorts to manage web bookings, revenue, loyalty programs, guest profiles, and payment processing.

In a report shared with ZDNet, the researchers said the open Elasticsearch database was discovered through vpnMentor's web mapping project. It was possible to access the database, given it had no encryption or security barriers whatsoever, and perform searches to examine the records contained within. The team says that "thousands" of individuals were impacted, although due to ethical reasons it was not possible to examine every record in the leaking database to come up with a specific number. Hundreds of thousands of booking reservations for guests were available to view and data including full names, dates of birth, home addresses, phone numbers, dates and travel costs, some check-in times and room numbers, and masked credit card details were also exposed. Some of the records were logs for U.S. Army generals visiting Russia and Israel, the report says. In total, the AWS-hosted database contained over 179GB of data.

David Shayer, who worked as a software engineer at Apple for 18 years across iPod, the Apple Watch, and Apple's bug-tracking system Radar, among other projects, looks at the current iOS and macOS releases and tries to work out why they are so buggy. He writes: 1. Overloaded Feature Lists Lead to Schedule Chicken: Apple is aggressive about including significant features in upcoming products. Tight schedules and ambitious feature sets mean software engineers and quality assurance (QA) engineers routinely work nights and weekends as deadlines approach. Inevitably some features are postponed for a future release, as we saw with iCloud Drive Folder Sharing. In a well-run project, features that are lagging behind are cut early, so engineers can devote their time to polishing the features that will actually ship. But sometimes managers play "schedule chicken" since no one wants to admit in the departmental meeting that their part of the project is behind. Instead, they hope someone else working on another aspect of that feature is running even later, so they reap the benefit of the feature being delayed without taking the hit of being the one who delayed it. But if no one blinks, engineers continue to work on a feature that can't possibly be completed in time and that eventually gets pushed off to a future release.

2. Crash Reports Don't Identify Non-Crashing Bugs: If you have reporting turned on (which I recommend), Apple's built-in crash reporter automatically reports application crashes, and even kernel crashes, back to the company. A crash report includes a lot of data. Especially useful is the stack trace, which shows exactly where the code crashed, and more importantly, how it got to that point. A stack trace often enables an engineer to track down the crash and fix it. Crash reports are uniquely identified by the stack trace. The same stack trace on multiple crash reports means all those users are seeing the same crash. The crash reporter backend sorts crash reports by matching the stack traces, and those that occur most often get the highest priority. Apple takes crash reports seriously and tries hard to fix them. As a result, Apple software crashes a lot less than it used to. Unfortunately, the crash reporter can't catch non-crashing bugs. It's blind to the photos that never upload to iCloud, the contact card that just won't sync from my Mac to my iPhone, the Time Capsule backups that get corrupted and have to be restarted every few months, and the setup app on my new iPhone 11 that got caught in a loop repeatedly asking me to sign in to my iCloud account, until I had to call Apple support. (These are all real problems I've experienced.) Shayer has offered several more possible explanations in the original post.

Christine Peterson, a long-time futurist who co-founded the nanotech advocacy group the Foresight Institute in 1986 and coined the term "Open Source software" among other things writes: I am currently cited on the home page of the Ethical Source Movement, home of the Ethical Source Definition: "In the twenty years since Christine Peterson first coined the term 'open source', our community has grown astronomically, all the while learning from its successes and failures." While it is pleasant to be cited, some might interpret this as my 100% endorsement, and this would be incorrect. The Definition calls for a code of conduct, which by itself is not a problem. And a sample of such a code that I examined uses plain, seemingly-clear English words such as reasonable, inappropriate, harassment, etc. As always, the devil is in the details, or in this case, the interpretation. Although I am not a coder, and am only peripherally involved with the Open Source community these days, it has come to my attention that guidelines such as these are being used to, for example, suppress discussion of male/female differences. This would be problematic for me to endorse, since as part of my never-ending quest to help people find their life partner, I routinely discuss such topics at length myself (video online now).

This raises the broader question of whether speech bans in general are a good idea and serve effectively to advance positive goals, or not. To explore this issue with less emotion, let's make up a fantasy example. Let's say that a rumor arises that people who are genetically able to taste phenylthiocarbamide (PTC) are better at coding. The rumor goes viral. Job seekers with the supposedly favorable status put it on their LinkedIn page and try to send genetic test results to prospective employers, along with their resumes.

Those unable to taste PTC try to suppress the rumor, fail, organize protests, and finally resort to speech bans regarding PTC status. People who brag about their tasting status, point out that someone else is a non-taster, or even just try to discuss the topic itself more generally, lose their positions on open source projects and even in some cases their jobs.

Do these punished individuals then realize the error of their ways? By no means: they are now martyrs, drift in a more radical direction, and become leaders of PTC taster groups who feel they are victims of reverse discrimination. They form secret online groups in which genetic data must be submitted to join, and they quietly meet in person to show off tasting abilities in blind tests. They bond and form communities which reinforce their superior identity as tasters. Believing that 'tasters are better coders' is now regarded as Secret Banned Knowledge.

Statisticians try to point out that even if the claim is true, such a correlation is not usefully predictive since great coders are found among both tasters and non-tasters. They further point out that this means finding good coders requires testing for those skills regardless of PTC status, so what difference does it really make? Meanwhile the general public looks on, notices the speech ban, and decides that if such extreme action must be taken against the Secret Banned Knowledge, that knowledge must be powerful indeed, and true.

Perhaps speech bans worked better in the old days, before the internet enabled outcasts to find each other, but in any case they don't seem to work well now, as we see with racist speech bans in Europe. One can even make the case that this heavy-handed way of trying to solve social problems was one factor (among many) that helped elect Trump president.

So if speech bans aren't the answer, what is? How do we persuade people to step away from incorrect biased views and treat others better? Sadly, there are no easy answers, just difficult work. We can divide the world needing persuading into two groups: (A) those who can be persuaded with rational discussion, and (B) the others. For group A, we use rational discussion. For group B, we need to look at why they are in such desperate need of identity and community that they latch onto false stories of their superiority. For those with the stomach for it, we can try to copy the success of Daryl Davis, the African-American musician who has converted over two dozen white supremacists away from their old beliefs -- by befriending them. This is how hearts and minds are changed, one by one.

An anonymous reader quotes a report from The Associated Press: The Trump administration is planning to collect DNA samples from asylum-seekers and other migrants detained by immigration officials and will add the information to a massive FBI database used by law enforcement hunting for criminals, a Justice Department official said. The Justice Department on Monday issued amended regulations that would mandate DNA collection for almost all migrants who cross between official entry points and are held even temporarily. The official said the rules would not apply to legal permanent residents or anyone entering the U.S. legally, and children under 14 are exempt, but it's unclear whether asylum-seekers who come through official crossings will be exempt. The new policy, which was first reported in October, would allow the government to collect DNA samples from hundreds of thousands of people booked into federal immigration custody each year for entry into a national criminal database. Immigrant and privacy advocates said at the time that the move "raised privacy concerns for an already vulnerable population that could face profiling or discrimination as a result of their personal data being shared among law enforcement authorities."

Trump administration officials say hope the database will lead to more crimes being solved and act as a deterrent to prevent migrants from trying to enter the United States. The new regulations go into effect Tuesday.

Mark Hurd, who was co-chief of Oracle, one of the world's top business-software firms, until he stepped aside last month for health reasons, died Friday. He was 62. From a report: "Oracle has lost a brilliant and beloved leader who personally touched the lives of so many of us during his decade at Oracle," Oracle chairman Larry Ellison wrote. "All of us will miss Mark's keen mind and rare ability to analyze, simplify, and solve problems quickly. Some of us will miss his friendship and mentorship. I will miss his kindness and sense of humor." Hurd announced a leave of absence from Oracle in September due to unspecified health reasons. Oracle stock had gone up about 37% since he and Safra Catz were appointed as CEOs in September 2014.

theodp writes: On Thursday evening, Amazon is hosting a national field trip of sorts, inviting kids and teachers to take part in a Twitch livestream tour inside an Amazon robotics fulfillment center with the goal of inspiring students to learn about robotics and to "illustrate the importance of a computer science education." From the press release: "On the tour, students will see first-hand how teams of associates work alongside robotic technologies to fulfill customer orders. They will see where inventory items are stowed into the system, learn how robots bring storage pods to our associates to pick customer items, and finally, they'll see trucks being loaded with thousands of customer orders." Hey, "program, or be programmed," as they warn kids and parents over at Amazon-bankrolled Code.org!

GitLab, a San-Francisco provider of hosted git software, recently changed its company handbook to declare that it won't ban potential customers on "moral/value grounds," and that employees should not discuss politics at work. The Register reports: The policy addition, created by co-founder and CEO Sid Sijbrandij and implemented as a git pull request, was merged (with no approval required) about two weeks ago. It was proposed to clarify that GitLab is committed to doing business with "customers with values that are incompatible with our own values." Such a declaration could run afoul of legal boundaries in some circumstances. While workers have no constitutional speech protection in the context of their employment, federal labor law requires that employees be allowed to discuss the terms and conditions of their employment and possible unlawful conduct like harassment, discrimination, and safety violations.

But it's perhaps understandable given how, over the past few years, workers in the tech industry have become more vocal in objecting to business deals with entities deemed to be immoral or work that conflicts with declared or presumed values. Sijbrandij amended his company's handbook to state: "We do not discuss politics in the workplace and decisions about what customer to serve might get political." And what reason does Sijbrandij's pull request provide to support this position? It says, "Efficiency is one of our values and vetting customers is time consuming and potentially distracting."

Continuing its embracing of open source, Microsoft has today announced two new open source projects. From a report: The first is Open Application Model (OAM), a new standard for developing and operating applications on Kubernetes and other platforms. The second project is Dapr (Distributed Application Runtime), designed to make it easier to build microservice applications. Microsoft says that both OAM and Dapr "help developers remove barriers when building applications for cloud and edge." Microsoft has worked on OAM with Alibaba, and the aim is to simplify the development and deployment of applications. The company explains that: "OAM is a specification for describing applications so that the application description is separated from the details of how the application is deployed onto and managed by the infrastructure. This separation of concerns is helpful for multiple reasons." The second open source project is Dapr, which Microsoft describes as "an open source, portable, event-driven runtime that makes it easy for developers to build resilient, microservice stateless and stateful applications that run on the cloud and edge."

The npm ecosystem of JavaScript libraries is more interwoven than most developers think, and the entire thing is a gigantic house of cards, being one bad hack away from compromising hundreds of thousands of projects, according to a recent academic study. From a report: The research, carried out by the Department of Computer Science from the Technical University of Darmstadt, in Germany, analyzed the dependency graph of the entire npm ecosystem. Researchers downloaded metadata for all the npm packages published until April 2018 and created a giant graph that included 676,539 nodes and 4,543,473 edges (lines connecting the nodes). In addition, academics also analyzed different versions of the same packages, looking at historical versions (5,386,239 versions for the 676,539 packages), but also at the package maintainers (199,327 npm accounts), and known security flaws impacting the packages (609 public reports). [...]

Their goal was to get an idea of how hacking one or more npm maintainer accounts, or how vulnerabilities in one or more packages, reverberated across the npm ecosystem; along with the critical mass needed to cause security incidents inside tens of thousands of npm projects at a time. [...] But while some npm packages load code from too many packages and from too many developers, there is another dangerous trend forming on the npm package repository -- namely the consolidation of popular npm packages under a few maintainer accounts. "391 highly influential maintainers affect more than 10,000 packages, making them prime targets for attacks," the research team said. "If an attacker manages to compromise the account of any of the 391 most influential maintainers, the community will experience a serious security incident."

Scientists have uncovered a glitch in a piece of code that could have yielded incorrect results in over 100 published studies that cited the original paper. From a report: The glitch caused results of a common chemistry computation to vary depending on the operating system used, causing discrepancies among Mac, Windows, and Linux systems. The researchers published the revelation and a debugged version of the script, which amounts to roughly 1,000 lines of code, last week in the journal Organic Letters. "This simple glitch in the original script calls into question the conclusions of a significant number of papers on a wide range of topics in a way that cannot be easily resolved from published information because the operating system is rarely mentioned," the new paper reads. "Authors who used these scripts should certainly double-check their results and any relevant conclusions using the modified scripts in the [supplementary information]." Yuheng Luo, a graduate student at the University of Hawai'i at Manoa, discovered the glitch this summer when he was verifying the results of research conducted by chemistry professor Philip Williams on cyanobacteria. The aim of the project was to "try to find compounds that are effective against cancer," Williams said.

An anonymous reader writes: TED Conferences has its own educational YouTube channel (now with 10 million subscribers and over 1.5 billion views). Two weeks ago it launched a 10-episode animated series about computer programming, and its first episode -- The Prison Break -- has already been viewed nearly a quarter of a milllion times.

In the 7-minute video, a programmer wakes up in a prison cell -- with total amnesia -- and discovers a "mysterious stranger" squeezing through the jail cell's bars. It's a floating anthropomorphic drone, saying it needs the programmer's help to rescue a dystopian future world "in turmoil. Robots have taken over." The video introduces the computer programming concept of a loop -- since escaping the jail cell involves testing a key in every possible position. And the video's page on the TED-Ed web site offers links to related resources from Code.org and Free Code Camp, as well as from Advent of Code, "which is run by Eric Wastl, who consulted extensively on Think Like a Coder and inspired quite a few of the puzzles."

The episode ends with the programmer dangling from the flying drone, off on an attempt to recover three artifacts -- nodes of memory, power, and creation -- that are currently being used for "nefarious purposes."

Long-time Slashdot reader hondo77 notes that Larry Wall has given his approval to the re-naming of Perl 6.

In the "Path to Raku" pull request, Larry Wall indicated his approval, leaving this comment: I am in favor of this change, because it reflects an ancient wisdom:

"No one sews a patch of unshrunk cloth on an old garment, for the patch will pull away from the garment, making the tear worse. Neither do people pour new wine into old wineskins. If they do, the skins will burst; the wine will run out and the wineskins will be ruined. No, they pour new wine into new wineskins, and both are preserved."
"Perl 6 will become Raku, assuming the four people who haven't yet approved the pull request give their okay," reports the Register, adding that Perl 5 will then become simply Perl.

Dozens of comments on that pull request have now already been marked as "outdated," and while a few contributors have made a point of abstaining from the approval process, reviewer Alex Daniel notes that "this pull request will be merged on October 14th if nobody in the list rejects it or requests more changes."

Over 100 published studies may have incorrect results thanks to a glitchy piece of Python code discovered by researchers at the University of Hawaii.

An anonymous reader quotes Motherboard: The glitch caused results of a common chemistry computation to vary depending on the operating system used, causing discrepancies among Mac, Windows, and Linux systems. The researchers published the revelation and a debugged version of the script, which amounts to roughly 1,000 lines of code, on Tuesday in the journal Organic Letters.

"This simple glitch in the original script calls into question the conclusions of a significant number of papers on a wide range of topics in a way that cannot be easily resolved from published information because the operating system is rarely mentioned," the new paper reads. "Authors who used these scripts should certainly double-check their results and any relevant conclusions using the modified scripts in the [supplementary information]."

Yuheng Luo, a graduate student at the University of Hawaii at Manoa, discovered the glitch this summer when he was verifying the results of research conducted by chemistry professor Philip Williams on cyanobacteria... Under supervision of University of Hawaii at Manoa assistant chemistry professor Rui Sun, Luo used a script written in Python that was published as part of a 2014 paper by Patrick Willoughby, Matthew Jansma, and Thomas Hoye in the journal Nature Protocols . The code computes chemical shift values for NMR, or nuclear magnetic resonance spectroscopy, a common technique used by chemists to determine the molecular make-up of a sample. Luo's results did not match up with the NMR values that Williams' group had previously calculated, and according to Sun, when his students ran the code on their computers, they realized that different operating systems were producing different results.

Sun then adjusted the code to fix the glitch, which had to do with how different operating systems sort files.
The researcher who wrote the flawed script told Motherboard that the new study was "a beautiful example of science working to advance the work we reported in 2014. They did a tremendous service to the community in figuring this out."

Sun described the original authors as "very gracious," saying they encouraged the publication of the findings.

GitHub CEO Nat Friedman explained why the company plans to renew a contract with U.S. Immigration and Customs Enforcement (ICE), even though he and others at GitHub oppose ICE's policy of separating children from parents at the border, Motherboard reported on Wednesday, citing an internal GitHub email. From a report: The email shows the continuing debate within the tech industry about whether companies should work specifically with ICE, and comes as a host of other companies have dealt with employee protests over corporate involvement with ICE. "In August, the GitHub leadership team learned about a pending renewal of our product by the U.S. Immigration & Customs Enforcement (ICE) agency. Since then, we have been talking with people throughout the company, based on our own personal concerns and those raised by Hubbers," Friedman's email reads, referring to GitHub employees. Evan Greer, deputy director at activism group Fight for the Future tweeted a copy of the email on Tuesday. Motherboard also separately obtained a copy of the email from a source inside GitHub. The product up for renewal is a license of GitHub Enterprise Server, an on-premises deployment of GitHub that customers can run on their own server, according to the email. ICE originally bought a license in April, 2016.

An anonymous reader quotes a report from The Wall Street Journal: Some of the Federal Bureau of Investigation's electronic surveillance activities violated the constitutional privacy rights of Americans swept up in a controversial foreign intelligence program (Warning: source paywalled; alternative source), a secretive surveillance court has ruled. The ruling deals a rare rebuke to U.S. spying activities that have generally withstood legal challenge or review. The intelligence community disclosed Tuesday that the Foreign Intelligence Surveillance Court last year found that the FBI's pursuit of data about Americans ensnared in a warrantless internet-surveillance program intended to target foreign suspects may have violated the law authorizing the program, as well as the Constitution's Fourth Amendment protections against unreasonable searches.

The court concluded that the FBI had been improperly searching a database of raw intelligence for information on Americans -- raising concerns about oversight of the program, which as a spy program operates in near total secrecy. The court ruling identifies tens of thousands of improper searches of raw intelligence databases by the bureau in 2017 and 2018 that it deemed improper in part because they involved data related to tens of thousands of emails or telephone numbers -- in one case, suggesting that the FBI was using the intelligence information to vet its personnel and cooperating sources. Federal law requires that the database only be searched by the FBI as part of seeking evidence of a crime or for foreign intelligence information. In other cases, the court ruling reveals improper use of the database by individuals. In one case, an FBI contractor ran a query of an intelligence database -- searching information on himself, other FBI personnel and his relatives, the court revealed. U.S. District Judge James Boasberg said that the Trump administration failed to persuasively argue that the bureau would not be able to properly tackle national security threats if the program was altered to better protect citizen privacy.

Last year, Apple software chief Craig Federighi said developers would be able to easily bring their iPad apps to Mac computers, essentially letting coders write an app once and deploy it across millions more devices. So far, the reality has fallen short for some developers and is even leaving consumers paying twice for apps. From a report: Major app developers and service providers like Netflix are also demurring on taking part, at least at this early stage. Apple rolled out Catalyst, the technology to transition iPad apps into Mac versions, on Monday. It's the initial step toward a bigger goal: By 2021, developers should be able to build an app once and have it work on iPhones, iPads and Mac computers through a single, unified App Store. But the first iteration, which appears to still be quite raw and in a number of ways frustrating to developers, risks upsetting users who may have to pay again when they download the Mac version of an iPad app they've already bought.

"As a user, I don't want to pay again just to have the same app," said longtime Apple developer Steven Troughton-Smith. "As a developer, I don't want my users to have to make that decision." James Thompson has had to work harder than he expected to get his popular PCalc calculator iPad app running well on Mac computers. Getting paid a second time for that extra work makes sense for developers, but consumers may not immediately understand that after Apple made the porting process sound as easy as checking a box, he said. Kevin Reutter, who has brought his Planny app to Mac computers, called the situation "sad."