From a longform piece on The Atlantic: What made programming so difficult was that it required you to think like a computer. The strangeness of it was in some sense more vivid in the early days of computing, when code took the form of literal ones and zeros. Anyone looking over a programmer's shoulder as they pored over line after line like "100001010011" and "000010011110" would have seen just how alienated the programmer was from the actual problems they were trying to solve; it would have been impossible to tell whether they were trying to calculate artillery trajectories or simulate a game of tic-tac-toe. The introduction of programming languages like Fortran and C, which resemble English, and tools, known as "integrated development environments," or IDEs, that help correct simple mistakes (like Microsoft Word's grammar checker but for code), obscured, though did little to actually change, this basic alienation -- the fact that the programmer didn't work on a problem directly, but rather spent their days writing out instructions for a machine. "The problem is that software engineers don't understand the problem they're trying to solve, and don't care to," says Leveson, the MIT software-safety expert. The reason is that they're too wrapped up in getting their code to work. "Software engineers like to provide all kinds of tools and stuff for coding errors," she says, referring to IDEs. "The serious problems that have happened with software have to do with requirements, not coding errors." When you're writing code that controls a car's throttle, for instance, what's important is the rules about when and how and by how much to open it. But these systems have become so complicated that hardly anyone can keep them straight in their head. "There's 100 million lines of code in cars now," Leveson says. "You just cannot anticipate all these things."

An anonymous reader quotes a report from Scientific American about a device that delivers infusions of DNA and other molecules to restore injured limbs in mice, and maybe someday, humans: Cells are typically reprogrammed using mixtures of DNA, RNA and proteins. The most popular method uses viruses as a delivery vehicle -- although they can infect unintended cells, provoke immune responses and even turn cells cancerous. One alternative, called bulk electroporation, exposes cells to an electric field that pokes holes in their membranes to let in genetic material and proteins. Yet this method can stress or kill them. Tissue nanotransfection, described in a study published in August in Nature Nanotechnology, involves a chip containing an array of tiny channels that apply electric fields to individual cells. "You affect only a small area of the cell surface, compared with the conventional method, which upsets the entire cell," says study co-author James Lee, a chemical and biomolecular engineer at The Ohio State University. "Essentially we create a tiny hole and inject DNA right into the cell, so we can control the dosage."

Chandan Sen, a physiologist at Ohio State, and his colleagues developed a genetic cocktail that rapidly converts skin cells into endothelial cells -- the main component of blood vessels. They then used their technique on mice whose legs had been damaged by a severed artery that cut off blood supply. New blood vessels formed, blood flow increased, and after three weeks the legs had completely healed.

Three female, former Oracle employees are suing Oracle for allegedly paying women less than men in similar jobs. Rong Jewett, Sophy Wang and Xian Murray filed a lawsuit August 28, seeking a class-action status to represent all other women who have worked at the company. TechCrunch reports: The lawsuit, first reported by The Information, alleges that Oracle discriminated against women by "systematically paying them lower wage rates than Oracle pays to male employees performing substantially equal or similar work under similar working conditions," the filing states. The time period the lawsuit references is four years prior to the filing and through the date of the trial in California. Referencing how the U.S. Department of Labor sued Oracle in January based on its compliance review that found "systemic discrimination against women" and "gross disparities in pay," the lawsuit states Oracle had known or should have known about the pay disparity between its male and female employees. The plaintiffs are seeking wages due, interest and liquidated damages plus interest. They also want Oracle to guarantee they won't pay women less than men for similar work in the future.

In 1970 mathematician John Conway created rules for the "Game of Life," a now famous "zero-player game" where a grid of cells evolves (following Conway's rules) from an initial state proposed by the player. In 2013 someone challenged readers of StackExchange's "Programming Puzzles & Code Golf" section to devise an initial state "that will allow for the playing of a game of Tetris."

An anonymous Slashdot reader reports that "This challenge sat around, gathering upvotes but no answer, for four years. Then, it was answered." Citing the work of seven contributors, a massive six-part response says their solution took one and a half years to create, and "began as a quest but ended as an odyssey." The team created their own assembly language, known as QFTASM (Quest for Tetris Assembly) for use within Conway's mathematical universe, and then also designed their own processor architecture, and eventually even a higher-level language that they named COGOL. Their StackExchange response includes a link to all of their code on GitHub, as well as to a page where you can run the code online.

One StackExchange reader hailed the achievement as "the single greatest thing I've ever scrolled through while understanding very little."

"Static vs dynamic typing is always one of those topics that attracts passionately held positions," writes the Morning Paper -- reporting on an "encouraging" study that attempted to empirically evaluate the efficacy of statically-typed systems on mature, real-world code bases. The study was conducted by Christian Bird at Microsoft's "Research in Software Engineering" group with two researchers from University College London. Long-time Slashdot reader phantomfive writes: This study looked at bugs found in open source Javascript code. Looking through the commit history, they enumerated the bugs that would have been caught if a more strongly typed language (like Typescript) had been used. They found that a strongly typed language would have reduced bugs by 15%.

Does this make you want to avoid Python?

An anonymous reader quotes InfoWorld: Swift 4.0 is now available. It's a major upgrade to Apple's Swift, the three-year old successor to the Objective-C language used for MacOS and iOS application development. The Swift 4 upgrade enhances the Swift Package Manager and provides new compatibility modes for developers. Apple said Swift 4 also makes Swift more stable and improves its standard library. Swift 4 is largely source-compatible with Swift 3 and ships as part of Apple's Xcode 9 IDE...

Swift 4's new compatibility modes could save you from having to modify code to be able to use the new version of the compiler. Two modes are supported, including the Swift 3.2 mode, which accepts most source files built with Swift 3.x compilers, and the Swift 4.0 mode, which includes Swift 4 and API changes. Apple said that some source migration will be needed for many projects, but the number of source changes are "quite modest" compared to many previous major changes between Swift releases.
Apple calls Swift 4.0 "a major language release" that also includes new language changes and updates that came through the Swift Evolution process.

An anonymous reader quotes TechRepublic: On Wednesday, IBM revealed the Open Liberty project, open sourcing its WebSphere Liberty code on GitHub to support Java microservices and cloud-native apps. The company created Liberty five years ago to help developers more quickly and easily create applications using agile and DevOps principles, according to an IBM developerWorks blog post from Ian Robinson, WebSphere Foundation chief architect at IBM... Developers can also choose to move to the commercial versions of WebSphere Liberty at any time, he noted, which include technical support and more specialized features... "We hope Open Liberty will help more developers turn their ideas into full-fledged, enterprise ready apps," Robinson wrote. "We also hope it will broaden the WebSphere family to include more ideas and innovations to benefit the broader Java community of developers at organizations big and small."
IBM argues that Open Liberty, along with the OpenJ9 VM they open sourced last week, "provides the full Java stack from IBM with a fully open licensing model."

Interestingly, Slashdot ran a story asking "IBM WebSphere SE To Be Opened?" -- back in 2000.

rastos1 writes: Oracle has announced the general availability of Java SE 9 (JDK 9), Java Platform Enterprise Edition 8 (Java EE 8) and the Java EE 8 Software Development Kit (SDK). JDK 9 is a production-ready implementation of the Java SE 9 Platform Specification, which was recently approved together with Java EE 8 in the Java Community Process (JCP). Java SE 9 provides more than 150 new features, including a new module system and improvements that bring more scalability, improved security, better performance management and easier development to the world's most popular programming platform.

According to a new survey, coders with a bachelor's degree in computer science only earn 3,000 British Pounds (BP) more a year than those who don't have one. The survey of 4,700 developers in the UK was conducted by Stack Overflow, a community site frequented by developers for answers to technical questions. The Register reports the findings: This is despite the average degree now costing 9,000 BP a year in tuition fees alone. Average student debt is now more than 50,000 BP, according the Institute of Fiscal Studies. The research found that the median salary of those who did not have higher education was 35,000 BP per year, while those who gained a bachelor's degree earned 38,000 BP and postgraduates took home 42,000 BP. It found that 48 per cent of developers with less than four years of professional experience currently hold a Computer Science-related undergraduate degree, while 49 per cent had completed an online course instead. The research also found that JavaScript developers were most in demand, with almost 27 per cent of jobs advertised on Stack Overflow now requiring this skill, followed by Java (22 per cent), Python (16 per cent), C# (15 per cent) and ReactJS (9 per cent).

Oracle went on the offensive again versus Amazon.com this week with a new cloud pricing plan that gives discounts to Oracle database customers who move their databases to the cloud. From a report: Chairman and Chief Technology Officer Larry Ellison said during an event at its Redwood City, California headquarters that while Oracle has matched Amazon Web Services for base-level computing, storage and networking services known as infrastructure as a service, it's now moving to make higher-level cloud services such as databases and analytics cheaper than AWS's. Actually, Ellison claimed that Oracle's infrastructure runs faster and therefore ends up costing less, but it's clear that the company is focusing more on its traditional strengths one tier up from the infrastructure: so-called platform as a service offerings such as the Oracle Database. Oracle said it will allow customers to move their existing licenses for databases, middleware and analytics to Oracle's platform services, just as they've allowed them to bring licenses to its infrastructure before.

An anonymous reader writes: Stack Overflow today launched Salary Calculator, a tool that lets developers check out typical salaries across the industry. The calculated results are based on five factors: location, education, years of professional coding experience, developer type, and technologies used professionally. Stack Overflow is releasing the tool because it believes developers should be empowered with more information around job searches, careers, and salary. The company noticed ads on Stack Overflow Jobs that include salary information get 75 percent more clicks than ads without salary information. Even in cases when the salary range is below average, the ads still get 60 percent more clicks.

IBM has open sourced a "high performance, scalable virtual machine" with "a great pedigree... [it's] at the core of many IBM enterprise software products." Slashdot reader dxb1230 writes: IBM has open sourced their JDK/JVM implementation named J9 as OpenJ9. The community now has an alternative implementation of Java which has been well tested on enterprise workloads and hardware. This unlike, OpenJDK, has all the bells and whistles like jit.

An anonymous reader quotes BleepingComputer: The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI -- Python Package Index -- the official third-party software repository for the Python programming language. NBU experts say attackers used a technique known as typosquatting to upload Python libraries with names similar to legitimate packages -- e.g.: "urlib" instead of "urllib." The PyPI repository does not perform any types of security checks or audits when developers upload new libraries to its index, so attackers had no difficulty in uploading the modules online.

Developers who mistyped the package name loaded the malicious libraries in their software's setup scripts. "These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script, setup.py, is modified to include a malicious (but relatively benign) code," NBU explained. Experts say the malicious code only collected information on infected hosts, such as name and version of the fake package, the username of the user who installed the package, and the user's computer hostname. Collected data, which looked like "Y:urllib-1.21.1 admin testmachine", was uploaded to a Chinese IP address. NBU officials contacted PyPI administrators last week who removed the packages before officials published a security advisory on Saturday."
The advisory lays some of the blame on Python's 'pip' tool, which executes arbitrary code during installations without requiring a cryptographic signature.

Ars Technica also reports that another team of researchers "was able to seed PyPI with more than 20 libraries that are part of the Python standard library," and that group now reports they've already received more than 7,400 pingbacks.

An anonymous reader writes from a report via Bleeping Computer: Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people's browsers (mostly Monero), without their knowledge. The way crooks pulled this off was by using an online advertising company that allows them to deploy ads with custom JavaScript code. The JavaScript code is a modified version of MineCrunch (also known as Web Miner), a script released in 2014 that can mine cryptocurrencies using JavaScript code executed inside the browser. Cryptocurrency mining operations are notoriously resource-intensive and tend to slow down a user's computer. To avoid raising suspicion, crooks delivered malicious ads mainly on video streaming and browser-based gaming sites (currently mostly Ukrainian and Russian sites). Both types of sites use lots of resources, and users wouldn't get suspicious when their computer slowed down while accessing the site. Furthermore, users tend to linger more on browser games and video streaming services, allowing the mining script to do its job and generate profits for the crooks.

Oracle has chosen the Eclipse Foundation to be the new home of the Java Platform Enterprise Edition (Java EE), the company announced this week. Oracle made the decision in collaboration with IBM and Red Hat, the two other largest contributors to the platform. From a report: "The Eclipse Foundation has strong experience and involvement with Java EE and related technologies," wrote Oracle software evangelist David Delabassee in a blog post. This will help us transition Java EE rapidly, create community-friendly processes for evolving the platform, and leverage complementary projects such as MicroProfile. We look forward to this collaboration." Mike Milinkovich, executive director of the Eclipse Foundation, is optimistic about this move, which he said is exactly what the enterprise Java needs and what the community has been hoping for.

BrianFagioli shares a report from BetaNews: The documentation aspect of any project is very important, as it can help people to both understand it and track changes. Unfortunately, many developers aren't very interested in documentation aspect, so it often gets neglected. Luckily, if you want to maintain proper documentation and stay organized, today, Google is releasing its internal developer documentation style guide. This can quite literally guide your documentation, giving you a great starting point and keeping things consistent.

Jed Hartman, Technical Writer, Google says, "For some years now, our technical writers at Google have used an internal-only editorial style guide for most of our developer documentation. In order to better support external contributors to our open source projects, such as Kubernetes, AMP, or Dart, and to allow for more consistency across developer documentation, we're now making that style guide public. If you contribute documentation to projects like those, you now have direct access to useful guidance about voice, tone, word choice, and other style considerations. It can be useful for general issues, like reminders to use second person, present tense, active voice, and the serial comma; it can also be great for checking very specific issues, like whether to write 'app' or 'application' when you want to be consistent with the Google Developers style." You can access Google's style guide here.

An anonymous reader quotes Stack Overflow Blog: In this post, we'll explore the extraordinary growth of the Python programming language in the last five years, as seen by Stack Overflow traffic within high-income countries. The term "fastest-growing" can be hard to define precisely, but we make the case that Python has a solid claim to being the fastest-growing major programming language... June 2017 was the first month that Python was the most visited [programming language] tag on Stack Overflow within high-income nations. This included being the most visited tag within the US and the UK, and in the top 2 in almost all other high income nations (next to either Java or JavaScript). This is especially impressive because in 2012, it was less visited than any of the other 5 languages, and has grown by 2.5-fold in that time. Part of this is because of the seasonal nature of traffic to Java. Since it's heavily taught in undergraduate courses, Java traffic tends to rise during the fall and spring and drop during the summer.

Does Python show a similar growth in the rest of the world, in countries like India, Brazil, Russia and China? Indeed it does. Outside of high-income countries Python is still the fastest growing major programming language; it simply started at a lower level and the growth began two years later (in 2014 rather than 2012). In fact, the year-over-year growth rate of Python in non-high-income countries is slightly higher than it is in high-income countries... We're not looking to contribute to any "language war." The number of users of a language doesn't imply anything about its quality, and certainly can't tell you which language is more appropriate for a particular situation. With that perspective in mind, however, we believe it's worth understanding what languages make up the developer ecosystem, and how that ecosystem might be changing. This post demonstrated that Python has shown a surprising growth in the last five years, especially within high-income countries.
The post was written by Stack Overflow data scientist David Robinson, who notes that "I used to program primarily in Python, though I have since switched entirely to R."

An anonymous reader writes: "Malware developers can abuse a programming error in the Windows kernel to prevent security software from identifying if, and when, malicious modules have been loaded at runtime," reports Bleeping Computer. "The bug affects PsSetLoadImageNotifyRoutine, one of the low-level mechanisms some security solutions use to identify when code has been loaded into the kernel or user space. The problem is that an attacker can exploit this bug in a way that PsSetLoadImageNotifyRoutine returns an invalid module name, allowing an attacker to disguise malware as a legitimate operation. The issue came to light earlier this year when enSilo researchers were analyzing the Windows kernel code. Omri Misgav, Security Researcher at enSilo and the one who discovered the issue, says the bug affects all Windows versions released since Windows 2000. Misgav's tests showed that the programming error has survived up to the most recent Windows 10 releases." In an interview, the researcher said Microsoft did not consider this a security issue. Bug technical details are available here.

theodp writes: After a flood of cheating cases roiled Harvard's Computer Science 50: "Introduction to Computer Science I" last year, Dean of Undergraduate Education Jay Harris implored students in the course not to cheat on assignments at an orientation session Wednesday night. Course head David Malan, the Harvard Crimson reports, spent the last five minutes of the orientation session fielding questions from students confused about the course's collaboration policy and whether or not CS50 enrollees are allowed to use code found online. He told them never to Google solutions, and never to borrow a friend's work. Last week, CS50 students were informed via a CS50 FAQ that they are also now "encouraged" to physically attend the course's taped weekly lectures. In an essay last year, Prof. Malan had questioned the value of saying everyone should attend every lecture. Attendance is now also expected at every discussion section until the first mid-semester exam. In case you're curious, the estimated sticker price for attending Harvard College during the 2017-2018 school year is $69,600-$73,600 (health insurance sold separately).

The latest version of Google Chrome has launched, bringing a host of new developer features like JavaScript modules and WebUSB support. An anonymous Slashdot reader shares a report from VentureBeat: Google has launched Chrome 61 for Windows, Mac, and Linux. Additions in this release include JavaScript modules and WebUSB support, among other developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome. Google also released Chrome 61 for Android today. In addition to performance and stability fixes, you can expect two new features: Translate pages with a more compact toolbar and pick images with an improved image picker.

Chrome now supports JavaScript modules natively via the new element, letting developers declare a script's dependencies. Modules are already popular in third-party build tools, which use them to bundle only the required scripts. Native support means the browser can fetch granular dependencies in parallel, taking advantage of caching, avoiding duplications across the page, and ensuring the script executes in the correct order, all without a build step. Google recommends these two blog posts for more information: ECMAScript modules in browsers and ES6 Modules in Depth. Speaking of JavaScript, Chrome 61 also upgrades the browser's V8 JavaScript engine to version 6.1. Developers can expect performance improvements and a binary size reduction. The WebUSB API meanwhile allows web apps to access user-permitted USB devices. This enables all the functionality provided by hardware peripherals such as keyboards, mice, printers, and gamepads, while still preserving the security guarantees of the web.