On the 25th anniversary of Java, Oracle's director of developer content released a list of the 25 greatest Java apps ever written. This week they shared the responses it got.

"The U.S. National Security Agency was secretly pleased we noticed its Ghidra binary decompilation tool..." The tenor of conversation was both positive and polite. That speaks volumes about the excellent character of Java developers, don't you think? But, developers being who they are, opinions on what should have made the list abounded... Another Twitter commenter said I should have included Cassandra, the Spring Framework, Apache Spark, the Hazelcast open source in-memory data grid, and Apache Kafka....

- Reader Victor Duran suggested a Java app called Swish, which, he said, "made the entire Swedish economy go cashless." Swish handled 25 billion Swedish krona in May 2020; that's a little more than 2.8 billion US dollars. According to a company spokesperson, parts of the back end are written in Java.

- There are many Java games to choose from, of course, but I was called out for not including Runescape and Old School Runescape, two popular Java-based applications that entertain millions to this day...

- As a commenter pointed out, mobile apps for both WordPress and Telegram are written in Java — and Telegram's encrypted, self-destruct chat feature makes it one of the most popular apps in the world with more than 400 million active users....

- In the final category, several researchers at CERN pointed out that some Large Hadron Collider (LHC) software and other data analytics software are written in Java. That includes the LHC Logging Service, which captures and stores the LHC data. As you can see in this 2006 paper, the LHC Logging Service has been using Java for many years.

An anonymous reader quotes a report from ZDNet: A browser fingerprinting script is a piece of JavaScript code that runs inside a web page and works by testing for the presence of certain browser features. In an academic paper published earlier this month, a team of academics from the University of Iowa, Mozilla, and the University of California, Davis, has analyzed how popular browser fingerprinting scripts are used today by website operators. Using a machine learning toolkit they developed themselves and named FP-Inspector, the research team scanned and analyzed the top 100,000 most popular websites on the internet, according to the Alexa web traffic ranking.

"We find that browser fingerprinting is now present on more than 10% of the top-100K websites and over a quarter of the top-10K websites," the research team said. However, the research team also points out that despite the large number of websites that are currently using browser fingerprinting, not all scripts are used for tracking. Some fingerprinting scripts are also used for fraud detection since automated bots tend to have the same or similar fingerprints, and fingerprinting scripts are a reliable method of detecting automated behavior. Additional details about the team's research can be found in a paper named "Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors," set to be presented at the IEEE Symposium on Security and Privacy, next year, in May 2021. If you're concerned about the findings, you can block fingerprinting scripts by enabling anti-fingerprinting protections in your respective browser settings or by installing an ad blocker extension.

O'Reilly media's Vice President of Content Strategy (also the coauthor of Unix Power Tools) recently explored why several popular programming languages wound up on the "most dreaded" list in StackOverflow's annual developer survey: There's no surprise that VBA is #1 disliked language. I'll admit to complete ignorance on Objective C (#2), which I've never had any reason to play with. Although I'm a Perl-hater from way back, I'm surprised that Perl is so widely disliked (#3), but some wounds never heal. It will be interesting to see what happens after Perl 7 has been out for a few years. Assembly (#4) is an acquired taste (and isn't a single language)...
But he eventually suggests that both C and Java might be on the list simply because they have millions of users, citing a quote from C++ creator Bjarne Stroustrup: "there are only two kinds of languages: the ones people complain about and the ones nobody uses." Dislike of a language may be "guilt by association": dislike of a large, antiquated codebase with minimal documentation, and an architectural style in which every bug fixed breaks something else. Therefore, it's not surprising to see languages that used to be widely used but have fallen from popularity on the list... Java has been the language people love to hate since its birth. I was at the USENIX session in which James Gosling first spoke about Java (way before 1.0), and people left the room talking about how horrible Java was — none of whom had actually used the language because it hadn't been released yet...

If there's one language on this list that's associated with gigantic projects, it's Java. And there are a lot of things to dislike about it — though a lot of them have to do with bad habits that grew up around Java, rather than the language itself. If you find yourself abusing design patterns, step back and look at what you're doing; making everything into a design pattern is a sign that you didn't understand what patterns are really for... If you start writing a FactoryFactoryFactory, stop and take a nice long walk. If you're writing a ClassWithAReallyLongNameBecauseThatsHowWeDoIt, you don't need to. Java doesn't make you do that... I've found Java easier to read and understand than most other languages, in part because it's so explicit — and most good programmers realize that they spend more time reading others' code than writing their own.
He also notes that Python only rose to #23 on the "most dreaded" languages list, speculating developers may appreciation its lack of curly braces, good libraries, and Jupyter notebooks. "Python wins the award for the most popular language to inspire minimal dislike. It's got a balanced set of features that make it ideal for small projects, and good for large ones."

"And what shall we say about JavaScript, sixteenth on the list? I've got nothing. It's a language that grew in a random and disordered way, and that programmers eventually learned could be powerful and productive... A language that's as widely used as JavaScript, and that's only 16th on the list of most dreaded languages, is certainly doing something right. But I don't have to like it."

Long-time Slashdot reader goombah99 wonders how college students should approach this next academic year.

First, should defer their next academic year? Even universities opening their dorms are still limiting their dining facilities to take-out box lunches and offering most of their classes online. (Though some give students a choice of online or in-person classes). Yet despite the new rules, "Some universities are sticky about deferrals, requiring medical excuses, or else re-application for majors and scholarships. Others are more generous."

And that's just first decision students are facing: If you chose to attend online, would you opt to be in the dorms — or in your parent's house or your home town? What would you be losing (or gaining) by that choice, compared to socially distanced in-person?
For a real-world example, the original submission asks what's the best strategy for a CS major taking just one or two classes online. "Take a freshman core course? Take a super hard foundational upper level course like Algorithm's and Data Structures? Or take a simpler class like Intro to Object- Oriented Programming in Java. Which of these benefit the most from having in-person study buddies and labs with in-person TAs?"

Utimately the original submission asks what it is that makes college transformative — the classes, or being there (and living on-campus) in-person? "For me, I recall not even knowing all the possible majors when I attended, and it was networks, chance, new friends and upperclassmen who were how I learned what I wanted to pursue... What does one lose by remote learning and why, either academically or socially?"

Share your own thoughts in the comments. How should college students approach this academic year?

"Programming language Python is now firmly the second most popular programming language, for the first time knocking Java out of the top two places in RedMonk's language popularity rankings," reports ZDNet: It's the first time since 2012 that Java is not one of the top two most popular languages in the developer analyst firm's programming language popularity list. The company's previous rankings in March placed machine-learning propelled Python in a tie for second place with Java, behind JavaScript.

RedMonk's influential programming popularity rankings are based on GitHub and Stack Overflow data. The company combines them "for a ranking that attempts to reflect both code (GitHub) and discussion (Stack Overflow) traction", says RedMonk analyst Stephen O'Grady, who notes "all numerical rankings should be taken with a grain of salt....

"Python is the first non-Java or JavaScript language ever to place in the top two of these rankings by itself, and would not have been the obvious choice for that distinction in years past," O'Grady notes, comparing it to Perl in its heyday because it has become a "language of first resort" and the "glue" for thousands of small projects, while enjoying high adoption in growing categories such as data science...

Five-year-old systems-programming language Rust, created by Mozilla, has hit a more positive milestone, for the first time becoming the 20th most popular language in RedMonk's rankings.
Last week IEEE Spectrum also declared Python "dominated" their assessment of language popularity (compiled from 11 different online metrics), followed by Java and C (and then C++ and JavaScript).

IEEE Spectrum's August issue will include an article titled "The Top Programming Languages."

Calculated using metrics from 11 online sources, it concludes that "One thing remains constant: the dominance of Python." Our default ranking is weighted toward the interests of an IEEE member, and looking at the top entries, we see that Python has held onto its comfortable lead, with Java and C once again coming in second and third place, respectively. Arduino has seen a big jump, rising from 11th place to seventh. (Purists may argue that Arduino is not a language but rather a hardware platform that is programmed using a derivative of Wiring, which itself is derived from C/C++. But we have always taken a very pragmatic approach to our definition of "programming language," and the reality is that when people are looking to use an Arduino-compatible microcontroller, they typically search for "Arduino code" or buy books about "Arduino programming," not "Wiring code" or "C programming.")

One interpretation of Python's high ranking is that its metrics are inflated by its increasing use as a teaching language: Students are simply asking and searching for the answers to the same elementary questions over and over. There's an historical parallel here. In the 1980s, BASIC was very visible... But few professional programmers used it, and when the home computer bubble burst, so did BASIC's, although some advanced descendants like Microsoft Visual Basic are still relatively popular professionally.

There are two counterarguments, though: The first is that students are people, too! If we pay attention only to what professional and expert coders do, we're at risk of missing an important part of the picture. The second is that, unlike BASIC, Python is frequently used professionally and in high-profile realms, such as machine learning, thanks to its enormous collection of high quality, specialized libraries.
C++ came in fourth, followed by JavaScript, R, "Arduino," Go, Swift, and Matlab.

But because different programmers have different needs, they've also created a special interactive version of their rankings online, "allowing you to weight the metrics as you see fit... "

The R programming language is experiencing a surge in popularity "in the slipstream of Python," according to this month's TIOBE index, leaping into the top ten.

"For historical context, we wrote of R's spot in TIOBE nearly two years ago, and it had just made the leap from #50 to #39," writes programming columnist Mike Melanson.

ZDNet writes: In May, when R crashed out of the top 20 for the first time in three years, Tiobe speculated that the language could be a victim of consolidation in statistical programming, with more developers in the field gravitating towards Python.
But there's been a lot of motion since then, Tech Republic reports: R rose one space to eighth place in July, but its comparison to 2019 is where the real surprise lies: It was in 20th place at the same time last year. TIOBE CEO Paul Jansen cites two reasons why R may be increasing in popularity:

- Universities and research institutes have moved away from commercial statistical languages like SAS and Stata in favor of open source languages Python and R.

- The increase in analytics being used to search for a COVID-19 vaccine....

The largest gainers in popularity between July 2019 and July 2020 are Go, which jumped from 16th to 12th place, Perl, jumping from No. 19 to No. 14, Scratch, jumping from No. 30 to No. 17, Rust, which moved from No. 33 to No. 18, and PL/SQL, which moved from No. 23 to No. 19.

Ruby fell the most, moving from 11th place to 16th, while SQL, MATLAB, and Assembly Language also slipped down the list.
ZDNet adds that "Besides R's upwards shift, Tiobe's July index doesn't show much movement in the popularity of the top languages. The top 10 in descending order are C, Java, Python, C++, C#, Visual Basic, JavaScript, R, PHP and Swift."

Visual Studio magazine argues that the biggest surprise may be that the 29-year-old language classic Visual Basic is still in the top 20 — since its last stable release was 22 years ago, and by 2008 it was finally retired by Microsoft. "VB6 just refuses to go away, achieving cult-like status among a group of hard-core supporters."

Once upon a time, you could play Scrabble on your black-and-white Kindle readers. Or chess or sudoko, or even solve New York Times Crossword Puzzles. Amazon's Kindle Store had included 500 slick Java-based "Active Content" downloads...

Electronic Arts even produced Kindle-specific versions of Monopoly, Yahtzee, and Battleship, while Amazon created original games with titles like Every Word and Pirate Stash — and even a choose-your-own-adventure game named Dusk World.

Amazon soon moved into color touchscreen tablets, where there are many more games to choose from. But while any old downloaded "Active Content" will still work on their black-and-white Kindle readers, Amazon has now stopped selling it in its Kindle Store, reports The Digital Reader: The feature launched in 2010/2011, and was essentially abandoned by 2014 when Amazon launched the Kindle Voyage. Amazon decided to not support Active Content on its then newest ereader. Later Kindle models also lacked support for Active Content, and that meant it was only a matter of time before Amazon also removed the section from the Kindle Store.

And now one of the last remaining holdovers from that crazy time when ebooks were new is now gone.

There was a time, back in the early ebook era, when everyone was throwing really cool ideas up against the wall to see what stuck. Enhanced ebooks, for example, got tried a dozen times in around 7 years, and failed to find a market every time. Augmented reality ebooks was also tried several times, and for the most part failed because the tech wasn't there (AR was always going to be a niche product, but it's time will come). Digital textbooks were tried and failed several times because students could see they didn't make economic sense, but then publishers found a way to force them down students' throats (site licenses)...

And now Kindle Active Content is joining all the other formerly great ideas in the ebook graveyard.

Oracle's Java magazine is celebrating the 25th anniversary of the programming language with a list of the 25 greatest Java apps ever written: From space exploration to genomics, from reverse compilers to robotic controllers, Java is at the heart of today's world. Here are a few of the countless Java apps that stand out from the crowd.

The story of Java began in 1991, at a time when Sun Microsystems sought to extend their lead in the computer workstation market into the burgeoning personal electronics market. Little did anyone know that the programming language Sun was about to create would democratize computing, inspire a worldwide community, and become the platform for an enduring software development ecosystem of languages, runtime platforms, SDKs, open source projects, and lots and lots of tools. After a few years of secret development led by James Gosling, Sun released the landmark "write once, run anywhere" Java platform in 1995, refocusing it beyond its original design for interactive television to applications for the burgeoning World Wide Web. By the turn of the century, Java was animating everything from smartcards to space vehicles.

Today, millions of developers program in Java. Although Java continues to evolve at an ever-faster pace, on the occasion of the platform's 25th anniversary, Java Magazine decided to take a look back at how Java molded our planet. What follows is a list of the 25 most ingenious and influential Java apps ever written, from Wikipedia Search to the US National Security Agency's Ghidra. The scope of these applications runs the gamut: space exploration, video games, machine learning, genomics, automotive, cybersecurity, and more.
The list includes Eclipse, Minecraft, the Maestro Mars Rover controller, and "VisibleTesla," the open source app created by an automobile enthusiast to monitor and control his Tesla Model S.

An anonymous reader quotes ADTmag: The Eclipse Foundation this week announced Jakarta EE 9 Milestone 1, the final version of the enterprise Java specification before the first Release Candidate (RC). The Jakarta EE 9 release marks the final transition away from the javax.* namespace (which Oracle refused to give up) to Eclipse's jakarta.*. This release updates all the APIs to use jakarta.* in package names. In fact, Mike Milinkovich, executive director of the Eclipse Foundation, says that transition is really what this release is all about.

"The main purpose...is to provide a release that is very similar to Java EE 8," Milinkovich told ADTmag, "with everything converted to the jakarta.* namespace. We're providing a stable technical conversion platform, so all the tools and frameworks in the ecosystem that are using, say, javax.servlet, can make the change with confidence." Giving the ecosystem solid footing for the transition from the Java EE coffee cup to the Jakarta EE sailboat is the Foundation's way of setting the stage for rapid innovation, Milinkovich said, once the transition is largely complete.

"These technologies have been around for an awfully long time," he added, "and we had to provide folks with a stable platform for the conversion. At the same time, thanks to a contribution from IBM, we have the Eclipse Transformer Project, which is going to provide runtime enablement. If someone has an application they don't want to recompile, and that application is using the javax.* namespace, they will be able to run it on top of a Jakarta-compatible app server. That's going to provide binary compatibility for apps, going forward..."

A high school computer science teacher claims there's an "unacknowledged failure" of America's computer science (CS) classes at the high school and junior high school level. "Visit classrooms and you'll find students working with robotic sensors, writing games and animations in Scratch, interfacing with Arduino microcontrollers, constructing websites, and building apps with MIT App Inventor...

"Look underneath the celebratory and self-congratulatory remarks, however, and you'll find that, although contemporary secondary education is quite good at generating initial student interest, it has had much less success at sustaining that engagement beyond a few weeks or months, and has frankly been ineffectual in terms of (a) measurable learning for the majority of students; (b) boosting the number of students who take a second CS course, either in high school or college; and (c) adequately preparing students for CS college study."

Long-time Slashdot reader theodp writes: In " A New Pedagogy to Address the Unacknowledged Failure of American Secondary CS Education ," high school computer science teacher Scott Portnoff argues that a big part of the problem is the survey nature of today's most popular high school CS course offerings — Exploring Computer Science (ECS) and AP Computer Science Principles (AP CSP) — both of whose foundational premise is that programming is just one of many CS topics. "Up until a decade ago," Portnoff explains, "introductory high school computer science classes were synonymous with programming instruction, period. No longer."

This new status quo in secondary CS education, Portnoff argues, resulted from baseless speculation that programming was what made Java-based AP CS A inaccessible, opposed to, say, an uninspiring or pedagogically ineffective version of that particular curriculum, or a poorly prepared instructor. It's quite a departure from the 2011 CSTA K-12 Computer Science Standards, which made the case for the centrality of programming in CS education ("Pedagogically, computer programming has the same relation to studying computer science as playing an instrument does to studying music or painting does to studying art. In each case, even a small amount of hands-on experience adds immensely to life-long appreciation and understanding").
This teacher believes that programming languages are acquired rather than learned, just like any other human language — and concludes the solution is multi-year courses focused on one programming language until proficiency is fully acquired.

For this reason, for the last seven years he's also been making his students memorize small programs, and then type them out perfectly, arguing that "the brain subconsciously constructs an internal mental representation of the syntax rules implicitly by induction from the patterns in the data."

At WWDC 2020 earlier this week, Apple announced that it's moving Macs away from Intel processors to its own silicon, based on ARM architecture. To help ease the transition, the company announced Rosetta 2, a translation process that allows users to run apps that contain x86_64 instructions on Apple silicon. The Verge reports: Rosetta 2 essentially "translates" instructions that were written for Intel processors into commands that Apple's chips can understand. Developers won't need to make any changes to their old apps; they'll just work. (The original Rosetta was released in 2006 to facilitate Apple's transition from PowerPC to Intel. Apple has also stated that it will support x86 Macs "for years to come," as far as OS updates are concerned. The company shifted from PowerPC to Intel chips in 2006, but ditched support for the former in 2009; OS X Snow Leopard was Intel-only.) You don't, as a user, interact with Rosetta; it does its work behind-the-scenes. "Rosetta 2 is mostly there to minimize the impact on end-users and their experience when they buy a new Mac with Apple Silicon," says Angela Yu, founder of the software-development school App Brewery. "If Rosetta 2 does its job, your average user should not notice its existence."

There's one difference you might perceive, though: speed. Programs that ran under the original Rosetta typically ran slower than those running natively on Intel, since the translator needed time to interpret the code. Early benchmarks found that popular PowerPC applications, such as Photoshop and Office, were running at less than half their native speed on the Intel systems. We'll have to wait and see if apps under Rosetta 2 take similar performance hits. But there are a couple reasons to be optimistic. First, the original Rosetta converted every instruction in real-time, as it executed them. Rosetta 2 can convert an application right at installation time, effectively creating an ARM-optimized version of the app before you've opened it. (It can also translate on the fly for apps that can't be translated ahead of time, such as browser, Java, and Javascript processes, or if it encounters other new code that wasn't translated at install time.) With Rosetta 2 frontloading a bulk of the work, we may see better performance from translated apps. The report notes that the engine won't support everything. "It's not compatible with some programs, including virtual machine apps, which you might use to run Windows or another operating system on your Mac, or to test out new software without impacting the rest of your system," reports The Verge. "(You also won't be able to run Windows in Boot Camp mode on ARM Macs. Microsoft only licenses the ARM version of Windows 10 to PC manufacturers.) Rosetta 2 also can't translate kernel extensions, which some programs leverage to perform tasks that macOS doesn't have a native feature for (similar to drivers in Windows)."

An anonymous reader quotes technology columnist Mike Melanson: The debate around adding generics to the Go programming language has been going on for years now, often with much resistance, but it's starting to look like one proposal finally has some backing and general acceptance from the greater Go community — much to the surprise of some involved.

Introduced this week in a blog post looking at the next step for generics, penned by Golang team members Ian Lance Taylor and Robert Griesemer, the first update in nearly a year on the topic explains that the generics design draft previously submitted for feedback has been refined, resulting in an updated design draft... For the time being, the team has introduced an experimentation tool that "permits people to type check and run code written using the version of generics described in the design draft" by translating generic code into ordinary Go code. It is meant to give users a feel of how the proposed design would, if accepted work, and they note that it will be implemented differently if so.

As for the proposal itself, it offers several levels of detail, from an abstract, to a high-level overview, to the full level of detail you might expect from such a document. As with everything Go, the design is intended to be fully backward compatible with Go 1, and the authors note that "as the term generic is widely used in the Go community, we will use it below as a shorthand to mean a function or type that takes type parameters.

"Don't confuse the term generic as used in this design with the same term in other languages like C++, C#, Java, or Rust; they have similarities but are not the same."
The article also notes that Go's package repository is now open source.

Stack Overflow asked 65,000 programmers for their favorite programming language, and this year Microsoft's TypeScript knocked Python from the #2 spot. So they interviewed Microsoft's principal engineering lead for the language "to find out what about TypeScript makes it so dang lovable." Q: Do you remember why the team came up with TypeScript, why you wanted to release something like this?

A: When I joined the team, there were a lot of people at Microsoft who wanted to develop JavaScript at what we call "application scale." Teams like TFS and Office wanted to build large JavaScript applications. A lot of those people had familiarity with statically-typed languages — C++, C#, Java, that kind of thing. They wanted to have that static typing available both for conceptual scalability and for the tooling...

Q: Was there a point where you saw an adoption point of no return? Was there something that came along where people were like, oh, yeah, we do TypeScript now?

A: Oh, it was definitely Google announcing that they were going to use TypeScript with Angular. That's kind of lost to time now. But if you look at the graphs for TypeScript, literally any graph — GitHub stars, downloads, pull requests — you can see the exact point when that Angular announcement came out. And the graph just changes. It never looks back... TypeScript shores up that last rough edge on JavaScript and gives you something that's just really fun to work with and runs everywhere. I think if TypeScript were a language that was built on top of a less universal language or a less fun language, I don't think it would be as successful. It's really taking something that's great and making it better...

I think my favorite thing that I see is people on the Internet saying, 'I did this huge refactoring in TypeScript and I was refactoring for three hours. And then I ran my code and it worked the first time.' In a dynamic language, that would just never, ever happen....

I would just say to people, if static types aren't a good fit for you, for either your programming style or the problem you're working on, just skip it. That's fine. It's okay. I won't be offended. If someone can get a thirty thousand line application that gets its job done without static types, I'm very impressed. That just seems really difficult. But kudos to those people who make it work. Python's the same way. Very few people have working Python type annotations, but Python is incredibly popular. I think the data speaks for itself — I think Python is number three in the survey... I guarantee you that a very small proportion of those Python developers have static types. Whatever your problem domain is, that might be the best fit for you.

The creators of the Kotlin programming language — the Czech software development company Jetbrains — announced results from their annual "State of the Developer Ecosystem" survey. This year's survey involved 19,696 developers in 18 countries, and found that:

• JavaScript is the most used overall programming language. Websites are the most common type of application developers work on.

• Python has overtaken Java in the list of programming languages used in the last 12 months. And it is also the most studied language. In the last 12 months 30% of respondents have started or continued to learn Python — even more than last year.

• Go, Kotlin, and Python are the top 3 languages developers are planning to adopt or migrate to.

JetBrains also gathered some statistics from programmers for a special section on Lifestyle and Fun:

• 65% said they preferred laptops, while 33% preferred desktops.
• 52% said they contributed to charity.
• 20% said they owned a cat; another 20% said they owned a dog.
• 16% said they owned cryptocurrency.

And when asked if they contributed to open-source projects:

• 44% said "No, but I would like to."
• 20% said "I have only contributed a few times."
• 16% said "Yes, from time to time (several times a year)."
• 11% said "Yes, regularly (at least once a month)."
• 4% said "No, and I would not like to."
• 3% said "I work full-time on open-source code and get paid for it."
• 2% said "I work full-time on open-source code but do not get paid for it."

Also interesting were the answers to the question: If your country's government replaced your courts with AI, would you trust it? The results were:

• Probably not (26%)
• Definitely not (24%)
• Maybe (26%)
• Probably yes (20%)
• Definitely yes (5%)

"A newly uncovered form of ransomware is going after Windows and Linux systems," reports ZDNet, "in what appears to be a targeted campaign." Named Tycoon after references in the code, this ransomware has been active since December 2019 and looks to be the work of cyber criminals who are highly selective in their targeting. The malware also uses an uncommon deployment technique that helps stay hidden on compromised networks. The main targets of Tycoon are organisations in the education and software industries.

Tycoon has been uncovered and detailed by researchers at BlackBerry working with security analysts at KPMG. It's an unusual form of ransomware because it's written in Java, deployed as a trojanised Java Runtime Environment and is compiled in a Java image file (Jimage) to hide the malicious intentions... [T]he first stage of Tycoon ransomware attacks is less uncommon, with the initial intrusion coming via insecure internet-facing Remote Desktop Protocol servers. This is a common attack vector for malware campaigns and it often exploits servers with weak or previously compromised passwords. Once inside the network, the attackers maintain persistence by using Image File Execution Options (IFEO) injection settings that more often provide developers with the ability to debug software. The attackers also use privileges to disable anti-malware software using ProcessHacker in order to stop removal of their attack...

After execution, the ransomware encrypts the network with files encrypted by Tycoon given extensions including .redrum, .grinch and .thanos — and the attackers demand a ransom in exchange for the decryption key. The attackers ask for payment in bitcoin and claim the price depends on how quickly the victim gets in touch via email.

The fact the campaign is still ongoing suggests that those behind it are finding success extorting payments from victims.

GitHub issued a security alert Thursday warning about new malware spreading on its site via boobytrapped Java projects, ZDNet reports: The malware, which GitHub's security team has named Octopus Scanner, has been found in projects managed using the Apache NetBeans IDE (integrated development environment), a tool used to write and compile Java applications. GitHub said it found 26 repositories uploaded on its site that contained the Octopus Scanner malware, following a tip it received from a security researcher on March 9.
But the article adds GitHub "believes that many more projects have been infected during the past two years." GitHub says that when other users would download any of the 26 projects, the malware would behave like a self-spreading virus and infect their local computers. It would scan the victim's workstation for a local NetBeans IDE installation, and proceed to burrow into the developer's other Java projects. The malware, which can run on Windows, macOS, and Linux, would then download a remote access trojan (RAT) as the final step of its infection, allowing the Octopus Scanner operator to rummage through an infected victim's computer, looking for sensitive information.

GitHub says the Octopus Scanner campaign has been going on for years, with the oldest sample of the malware being uploaded on the VirusTotal web scanner in August 2018, time during which the malware operated unimpeded.

An anonymous reader quotes a report from VentureBeat: Google today launched Android Studio 4.0, the latest version of its integrated development environment (IDE). Android Studio 4.0 is supposed to help developers "code smarter, build faster, and design apps." Version 4.0 includes a new Motion Editor, a Build Analyzer, and Java 8 language APIs. Google also overhauled the CPU Profiler user interface and improved the Layout Inspector. [In the article] you'll find Android Studio 4.0 features broken down by category: design, develop, and build. The new version also includes the usual performance improvements and bug fixes on top of the new features (full release notes). Google didn't share its plans for the next version. Normally we'd get hints at the company's I/O developer conference, but 2020 is a weird year.

Stack Overflow has released the results of its 2020 survey of nearly 65,000 developers, revealing their favorite and most dreaded programming languages, tools and frameworks. From a news writeup: The survey shows that TypeScript, Microsoft's superset of the widely-used JavaScript programming language, has overtaken Python as the second most beloved programming language behind Rust. This year 86% of respondents say they are keen to use Rust, while 67.1% want to use TypeScript, and 66.7% want to use Python. Stack Overflow attributes TypeScript's rising popularity to Microsoft's embrace of open source software as well as the existence of larger and more complex JavaScript and Node.js codebases.

Rust has been the most loved programming language for five years running, despite few developers having experience with it. This year, just 5.1% developers report having used Rust, compared with the 68% who use JavaScript, which is the most commonly used language. [...] Meanwhile, the top 10 most dreaded programming languages are VBA, Objective-C, Perl, Assembly, C, PHP, Ruby, C++, Java and R.

The report also looks at average salaries of each developer role. In the US, engineering managers attract the highest salary at $152,000 per year, followed by site reliability engineers who earn $140,000 per year. Salaries across the globe for these roles are lower, at $92,000 for an engineering manager and $80,000 for a site reliability engineer. Other high-paying roles with an average salary of at least $115,000 in the US include data scientist and machine learning specialist, DevOps specialist, engineer, back-end developer, embedded application developers, mobile developers, scientist, desktop application developer, and educator.

"Around 70% of our serious security bugs are memory safety problems," the Chromium project announced this week. "Our next major project is to prevent such bugs at source."

ZDNet reports: The percentage was compiled after Google engineers analyzed 912 security bugs fixed in the Chrome stable branch since 2015, bugs that had a "high" or "critical" severity rating. The number is identical to stats shared by Microsoft. Speaking at a security conference in February 2019, Microsoft engineers said that for the past 12 years, around 70% of all security updates for Microsoft products addressed memory safety vulnerabilities. Both companies are basically dealing with the same problem, namely that C and C++, the two predominant programming languages in their codebases, are "unsafe" languages....

Google says that since March 2019, 125 of the 130 Chrome vulnerabilities with a "critical" severity rating were memory corruption-related issues, showing that despite advances in fixing other bug classes, memory management is still a problem... Half of the 70% are use-after-free vulnerabilities, a type of security issue that arises from incorrect management of memory pointers (addresses), leaving doors open for attackers to attack Chrome's inner components...

While software companies have tried before to fix C and C++'s memory management problems, Mozilla has been the one who made a breakthrough by sponsoring, promoting and heavily adopting the Rust programming language in Firefox... Microsoft is also heavily investing in exploring C and C++ alternatives⦠But this week, Google also announced similar plans as well... Going forward, Google says it plans to look into developing custom C++ libraries to use with Chrome's codebase, libraries that have better protections against memory-related bugs. The browser maker is also exploring the MiraclePtr project, which aims to turn "exploitable use-after-free bugs into non-security crashes with acceptable performance, memory, binary size and minimal stability impact."

And last, but not least, Google also said it plans to explore using "safe" languages, where possible. Candidates include Rust, Swift, JavaScript, Kotlin, and Java.