An anonymous reader reminded us about the open source reimplementation of Java Web Start, a framework originally developed by Sun Microsystems that allowed users to more easily run Java applications in an applet-like sandbox using a web browser.

From OpenWebStart.com: Java Web Start (JWS) was deprecated in Java 9, and starting with Java 11, Oracle removed JWS from their JDK distributions. This means that clients that have the latest version of Java installed can no longer use JWS-based applications. And since public support of Java 8 has ended in Q2/2019, companies no longer get any updates and security fixes for Java Web Start.

This is why we decided to create OpenWebStart, an open source reimplementation of the Java Web Start technology. Our replacement will provide the most commonly used features of Java Web Start and the JNLP standard, so that your customers can continue using applications based on Java Web Start and JNLP without any change.
Red Hat is apparently involved in its parent project, IcedTea-Web, which it distributes as part of their Windows OpenJDK distribution.

Long-time Slashdot reader rastos1 works for a mid-size software company that for many decades has been developing CAD-CAM software for the textile industry. But last weekend their code-signing certificate was revoked -- and they're looking for advice. On Monday morning we woke up to phones ringing from confused customers unable to launch our software. This has hit mostly Java applications launched from a web page because JRE checks the signature by default using OCSP. But traditional executables and shared libraries also would report invalid signature upon checking.

We reached out, but for half a day we could not get any feedback. Later we got information that some malware was signed with our certificate. Two days and many e-mails and phone calls later, we understand that this is what happened: someone submitted one of our executables to virustotal.com -- a site that runs ~70 antivirus programs on submitted files and reports back whether they flag the uploaded file. Five of their antivirus packages flagged our executable. We tracked down the version and we positively know it was a false positive. There is random guy that wrote a tool that creates a monthly report of files flagged at Virustotal. Sectigo found the report, and, according to their statement, revoked all certificates used to sign executables -- causing major disruption to us and downtime for our customers... There was no attempt to contact us and clarify the situation.

How do you prepare and deal with such scenario? Did you know how little it takes to get your certificate revoked?
They'd bought their certs from the same seller for more than a decade -- and their story has already drawn some interesting comments from long-time Slashdot readers. "False positives are way too common in the anti-virus world today..." argues Z00L00K, adding "you have to cut down all unnecessary players in the chain to a minimum, so the dependency on an external CA is worth reconsidering."

sjames -- Slashdot reader #1,099 -- agrees. "If you must depend on another entity, make sure they're small enough that they would actually care if they lost you as a customer." And Martin S. simply recommends talking to a lawyer, adding "This is a legal problem, not a technology problem."

But what's your advice? Leave your best thoughts in the comments. What should you do when your certificate authority suddenly revokes your cert?

An anonymous reader writes: At its Build 2018 developer conference a year ago, Microsoft previewed Visual Studio IntelliCode, which uses AI to offer intelligent suggestions that improve code quality and productivity. In April, Microsoft launched Visual Studio 2019 for Windows and Mac. At that point, IntelliCode was still an optional extension that Microsoft was openly offering as a preview. But at Build 2019 earlier this month, Microsoft shared that IntelliCode's capabilities are now generally available for C# and XAML in Visual Studio 2019 and for Java, JavaScript, TypeScript, and Python in Visual Studio Code. Microsoft also now includes IntelliCode by default in Visual Studio 2019. IntelliCode has come a long way since May 2018, but Microsoft is only getting started. When it comes to using AI to aid developers, the company wants to help at every step of the way, according to Amanda Silver, a director of Microsoft's developer division.

"If you look at the entire application developer lifecycle, from code review to testing to continuous integration, and so on, there are opportunities at every single stage for machine learning to help," Silver told VentureBeat. "IntelliCode is, very broadly, the notion that we want to take artificial intelligence -- and really machine learning techniques -- and allow that to make developers and development teams more productive. "IntelliCode is really only at the early stages -- authoring and helping to focus code reviews. But over time, we really think that we can apply it to the entire application developer lifecycle."

An anonymous reader shares an article titled "Does IT Run on Java 8?"

"After more than ten years in tech, in a range of different environments, from Fortune 500 companies, to startups, I've finally come to realize that most businesss and developers simply don't revolve around whatever's trending on Hacker News," argues one Python/R/Spark data scientist: Most developers -- and companies -- are part of what [programmer] Scott Hanselman dubbed a while ago as the 99%... "They don't read a lot of blogs, they never write blogs, they don't go to user groups, they don't tweet or facebook, and you don't often see them at large conferences. Lots of technologies don't iterate at this speed, nor should they.

"Embedded developers are still doing their thing in C and C++. Both are deeply mature and well understood languages that don't require a lot of churn or panic on the social networks. Where are the dark matter developers? Probably getting work done. Maybe using ASP.NET 1.1 at a local municipality or small office. Maybe working at a bottling plant in Mexico in VB6. Perhaps they are writing PHP calendar applications at a large chip manufacturer."

While some companies are using Spark and Druid and Airflow, some are still using Coldfusion... Or telnet... Or Microsoft TFS... There are reasons updates are not made. In some cases, it's a matter of national security (like at NASA). In others, people get used to what they know. In some cases, the old tech is better... In some cases, it's both a matter of security, AND IT is not a priority. This is the reason many government agencies return data in PDF formats, or in XML... For all of this variety of reasons and more, the majority of companies that are at the pinnacle of succes in America are quietly running Windows Server 2012 behind the scenes.

And, not only are they running Java on Windows 2012, they're also not doing machine learning, or AI, or any of the sexy buzzwords you hear about. Most business rules are still just that: hardcoded case statements decided by the business, passed down to analysts, and done in Excel sheets, half because of bureacracy and intraction, and sometimes, because you just don't need machine learning. Finally, the third piece of this is the "dark matter" effect. Most developers are simply not talking about the mundane work they're doing. Who wants to share their C# code moving fractions of a cent transactions between banking systems when everyone is doing Tensorflow.js?
In a footnote to his essay, Hanselman had added that his examples weren't hypothetical. "These people and companies all exist, I've met them and spoken to them at length." (And the article includes several tweets from real-world developers, including one which claims Tesla's infotainment firmware and backend services were all run in a single-location datacenter "on the worst VMware deployment known to man.")

But the data scientist ultimately asks if our online filter bubbles are exposing us to "tech-forward biases" that are "overenthusiastic about the promises of new technology without talking about tradeoffs," leading us into over-engineered platforms "that our companies don't need, and that most other developers that pick up our work can't relate to, or can even work with...

"For better or worse, the world runs on Excel, Java 8, and Sharepoint, and I think it's important for us as technology professionals to remember and be empathetic of that."

Google "officially declared Kotlin the go-to language for Android development last week at its Google I/O developer conference," reports Mike Melanson's "This Week in Programming" column, "and the company is backing that up with a couple of initiatives around making it easier (and free) to learn the language now used by a majority of Android developers." Google teamed up with Udacity to offer Developing Android Apps with Kotlin , a free, self-paced online course on how to build Android apps with Jetpack and Kotlin, meant for people who have programming experience and are comfortable with Kotlin basics. Google also announced "Kotlin/Everywhere, a series of community-driven events focussing on the potential of Kotlin on all platforms," which it is putting on in conjunction with JetBrains.

Of course, this leaves the question that has been asked many times before -- why Kotlin? -- and IT consultant Kristen Carter offers a take on how Android app development became Kotlin-first. Carter offers some business angles, such as the 2010 lawsuit against Google by Oracle, which predates Kotlin by just a year, and she speculates may have been the impetus behind the language's development as "Google has always wanted to get away from the [Java] ecosystem." At the same time, Carter offers some language-specific reasoning too, such as the comparably succinct nature of Kotlin, the absence of Java's NullPointerExceptions, and the ease with which Java developers could transition to Kotlin. Carter ends her piece by posing the possibility that Oracle "knows the significance of Java in android app development" and could "ship Java with a few upgrades in its next version to take on Kotlin."

Krystalo writes: At its developer conference Build today, Microsoft previewed new Visual Studio features for remote work, the .NET roadmap, and launched ML.NET 1.0. In April, Microsoft launched Visual Studio 2019 for Windows and Mac. Two notable features were Visual Studio Live Share, a real-time collaboration tool included with Visual Studio 2019, and Visual Studio IntelliCode, an extension offering AI-assisted code completion. At Build 2019, Microsoft shared that IntelliCode's capabilities are now generally available for C# and XAML in Visual Studio 2019 and for Java, JavaScript, TypeScript, and Python in Visual Studio Code. And IntelliCode is now included by default in Visual Studio 2019, starting in version 16.1 Preview 2. The company also previewed an algorithm that can locally track your edits -- repeated edit detection -- and suggest other places where you need that same change. But that's just the tip of the iceberg. Microsoft is experimenting with features that let developers work from anywhere, on any device. The company today announced a private preview for three such new capabilities: Remote-powered developer tools, cloud-hosted developer environments, and a browser-based web companion tool. If the future of work is remote, Microsoft wants to be ready.

[...] Microsoft also announced that it is skipping .NET 4 to avoid confusion with the .NET Framework, which has been on version 4 for years. Going forward, developers will be able to use .NET to target Windows, Linux, macOS, iOS, Android, tvOS, watchOS, WebAssembly, and more. .NET Core 3 will be succeeded by .NET 5, featuring new .NET APIs, runtime capabilities, and language features. Calling it .NET 5 makes it the highest version Microsoft has ever shipped and indicates that the company hopes it is the future for the .NET platform. .NET Core 3 closes much of the remaining capability gap with .NET Framework 4.8, enabling Windows Forms, WPF, and Entity Framework 6. .NET 5 will build on this work, Microsoft says, combining .NET Core, .NET Framework, Xamarin, and Mono (the original cross-platform implementation of .NET) into a single platform. .NET 5 will provide both Just-in-Time (JIT) and Ahead-of-Time (AOT) compilation models. JIT has better performance for desktop/server workloads and development environments. AOT has a faster startup and a small footprint, which is required for mobile and IoT devices. .NET 5 will offer one unified toolchain supported by new SDK project types and a flexible deployment model (side-by-side and self-contained EXEs).

Stefan Nilsson, a computer science professor at the KTH Royal Institute of Technology, recently explained "why I prefer Go to Java or Python," arguing that Go "makes it much easier for me to write good code." Go is a minimalist language, and that's (mostly) a blessing. The formal Go language specification is only 50 pages, has plenty of examples, and is fairly easy to read. A skilled programmer could probably learn Go from the specification alone. The core language consists of a few simple, orthogonal features that can be combined in a relatively small number of ways. This makes it easier to learn the language, and to read and write programs. When you add new features to a language, the complexity doesn't just add up, it often multiplies: language features can interact in many ways. This is a significant problem -- language complexity affects all developers (not just the ones writing the spec and implementing the compiler).

Here are some core Go features:

- The built-in frameworks for testing and profiling are small and easy to learn, but still fully functional. There are plenty of third-party add-ons, but chances are you won't need them.

- It's possible to debug and profile an optimized binary running in production through an HTTP server.

- Go has automatically generated documentation with testable examples. Once again, the interface is minimal, and there is very little to learn.

- Go is strongly and statically typed with no implicit conversions, but the syntactic overhead is still surprisingly small. This is achieved by simple type inference in assignments together with untyped numeric constants. This gives Go stronger type safety than Java (which has implicit conversions), but the code reads more like Python (which has untyped variables).

- Programs are constructed from packages that offer clear code separation and allow efficient management of dependencies. The package mechanism is perhaps the single most well-designed feature of the language, and certainly one of the most overlooked.

- Structurally typed interfaces provide runtime polymorphism through dynamic dispatch.

- Concurrency is an integral part of Go, supported by goroutines, channels and the select statement.
The professor points out that the Java® Language Specification is 750 pages, and blames much of its complexity on feature creep (for example, inner classes, generics, and enum). And he also applauds the strict compatibility guarantees of Go 1 for the core language and standard packages, as well as its open source, BSD-style license, and Go's code transparency.

"There is one standard code format, automatically generated by the fmt tool," he writes, arguing that "Your project is doomed if you can't read and understand your code."

"Whether it is consumers' data or competitors' code, Google's view seems to be the same: What's mine is mine, and what's yours is mine," argues Oracle executive vice president Kenneth Glueck.

Google had urged America's Supreme Court to rule in their ongoing legal case about access to Java's APIs, a case which Google says hinges on "whether developers should be able to create new applications using standard ways of accessing common functions. Those functions are the building blocks of computer programming, letting developers easily assemble the range of applications and tools we all use every day. Making it harder to connect with those functions would lock developers into existing platforms, thus reducing competition and, ultimately, hurting consumers. Access to software interfaces like these is the key to interoperability, the foundation of great software development."

That editorial -- written by Google's senior vice president for global affairs, Kent Walker, notes that 175 startups, developers, academics and other tech companies (including Microsoft) are also asking the Supreme Court to hear this case. Google warns of a risk to innovation posed if companies like Oracle become "gatekeepers to interoperability," calling it "a defining battle of the digital era."

Oracle's executive responds that "There are many 'defining battles' of the digital era -- 5G, Artificial Intelligence, autonomous devices -- but Oracle v. Google is surely not among them." Only in Google's world does weaker intellectual property protection lead to more innovation. It is settled in law and in economics that the opposite is true. And at a time when the U.S. is circling the globe to enhance the protection of U.S. intellectual property -- including strong copyright protection -- Google takes the opposite view...

In a stunning what's-up-is-down and down-is-up statement, Walker attempts to wrap Google in the cloak of interoperability. Java defined the era of interoperability with its "write once, run everywhere" architecture. It was Google that copied Java, built Android around it, and altered it so it was only interoperable with itself (i.e., write once, run only on Google). Android killed Java interoperability, and now Google argues that killing interoperability is good for interoperability?

Those facts are not in dispute. The only issue in dispute is Google's assertion that its actions were all "fair." On this point, the federal circuit court clearly analyzed and methodically decided against Google's fair-use defense. This makes sense because, under no interpretation of fair use, may you copy a competitor's software code and turn around and compete against that competitor in the marketplace. Hard stop... There is no matter of law in question, nor is there a conflict among circuit courts. Google was caught killing interoperability and is now trying to concoct a new "we are too important" legal defense.
Reuters reports that this week the Supreme Court asked the White House "to offer its views on whether it should hear Google's bid to end Oracle's copyright infringement lawsuit."

Indonesia has announced plans to build a new capital city as its current capital, Jakarta, struggles with pollution, traffic gridlock -- and the fact that the city is sinking. From a report: After a Cabinet meeting on Monday, planning minister Bambang Brodjonegoro said President Joko Widodo has decided to move the capital out of Indonesia's main island, Java. It's not clear exactly when this will happen, or where the new capital would be located. The idea has been out there for decades, though previous leaders have been unable to accomplish the ambitious plan. Earlier this month, Widodo secured another term in office, according to independent polling organizations. His challenger also declared victory, and official results have not yet been announced.

"The idea to move the capital city appeared long ago. ... But it has never been decided or discussed in a planned and mature manner," Widodo said before the meeting, according to The Associated Press. Jakarta faces massive challenges. As the BBC has reported, it's the fastest-sinking city in the world, with almost half of its area below sea level.

UCLA professor Yang Yang's lab chock-full of coffee drinkers spent several years searching for a stability-enhancing additive to turn famously unstable perovskite PV cells into a useful product. Then, on a lark, Yang's graduate student Rui Wang suggested they try adding caffeine to the mix. To the team's surprise, caffeine produced longer lasting and more powerful solar cells. IEEE Spectrum reports: The work, completed with collaborators at Hong Kong-based PV firm Solargiga Energy Holdings and two Chinese universities, appears today in energy research journal Joule. Caffeine's calming effect starts during the creation of perovskite crystals. "Without caffeine, the crystallization process will just take 2 seconds, but with caffeine it will take 1 to 2 minutes," says Yang. The more deliberate growth process yields a perovskite material with larger grains of defect-free crystal. They are more stable mechanically and better at moving the charges created from incoming photons.

Caffeine also stabilizes perovskite PV cells during operation because each caffeine molecule can bind to two lead atoms at the boundaries of the crystal grains. This dual molecular lock ties the grains together and, Yang believes, hinders the movement of ions that threaten to reshape the crystal into a weaker pattern. The lab's best caffeine-treated cell captures incoming light with an efficiency of 19.8 percent, up from 17 percent for untreated cells, and retains 86 percent of its output after operating for 1,300 grueling hours at 85C. That's remarkable endurance compared with that of the lab's untreated cells, whose output plummeted by 40 percent after just 175 hours. Still, Yang says they need materials that hold it together through at least one to two years of accelerated testing to provide confidence that they can pump out power for several decades on a rooftop.

"Red Hat is taking over maintenance responsibilities for OpenJDK 8 and OpenJDK 11 from Oracle," reports InfoWorld: Red Hat will now oversee bug fixes and security patches for the two older releases, which serve as the basis for two long-term support releases of Java. Red Hat's updates will feed into releases of Java from Oracle, Red Hat, and other providers... Previously, Red Hat led the OpenJDK 6 and OpenJDK 7 projects. Red Hat is not taking over OpenJDK 9 or OpenJDK 10, which were short-term releases with a six-month support window.

"At the first annual charity event conducted by Puget Sound Programming Python on April 2, four legendary language creators came together to discuss the past and future of language design," reports PacktPub.

- Guido van Rossum, the creator of Python
- James Gosling, the founder, and lead designer behind the Java programming language
- Anders Hejlsberg, the original author of Turbo Pascal who has also worked on the development of C# and TypeScript
- Larry Wall, the creator of Perl

You can watch the video here -- the speaker introductions start about 50 minutes into the video-- or read PacktPub's summary of the event: Guido van Rossum said designing a programming language is very similar to the way JK Rowling writes her books, the Harry Potter series... He says JK Rowling is a genius in the way that some details that she mentioned in her first Harry Potter book ended up playing an important plot point in part six and seven... When designing a language we start with committing to certain details like the keywords we want to use, the style of coding we want to follow, etc. But, whatever we decide on we are stuck with them and in the future, we need to find new ways to use those details, just like Rowling...

When James Gosling was asked how Java came into existence and what were the design principles he abided by, he simply said, "it didn't come out of like a personal passion project or something. It was actually from trying to build a prototype.... It started out as kind of doing better C and then it got out of control that the rest of the project really ended up just providing the context." In the end, the only thing out of that project survived was Java...

Larry Wall wanted to create a language that was more like a natural language. Explaining through an example, he said, "Instead of putting people in a university campus and deciding where they go we're just gonna see where people want to walk and then put shortcuts in all those places." A basic principle behind creating Perl was to provide APIs to everything. It was aimed to be both a good text processing language linguistically but also a glue language....

Similar to the views of Guido van Rossum, Anders Hejlsberg adds that any decision that you make when designing a language you have to live with it. When designing a language you need to be very careful about reasoning over what "not" to introduce in the language.
There was also some discussion of types -- Gosling believes they help improve performance, while Hejlsberg said types are also useful when building coding tools. "It turns out that you can actually be more productive by adding types if you do it in a non-intrusive manner and if you work hard on doing good type inference and so forth." In fact, Hejlsberg told the audience that the TypeScript project was inspired by massive "write-only" JavaScript code bases, while a semantic understanding (including a type system) makes refactoring easier.

Guido van Rossum acknowledged that TypeScript "is actually incredibly useful and so we're adding a very similar idea to Python. We are adding it in a slightly different way because we have a different context.... I've learned a painful lesson, that for small programs dynamic typing is great. For large programs, you have to have a more disciplined approach. And it helps if the language actually gives you that discipline, rather than telling you, 'Well, you can do whatever you want.'"

In the video Larry Wall says the Perl 6 team had also noticed the limitations of loose typing, and added a robust type system to Perl 6 to "help with programming in the large."

This was the first annual benefit for CSforALL, a group promoting high-quality computer science classes at every grade level.

angel'o'sphere shares a report: The annual Stack Overflow survey is one of the most comprehensive snapshots of how programmers work, with this year's poll being taken by almost 90,000 developers across the globe. This year's survey details which languages developers enjoy using, which are associated with the best paid jobs, which are most commonly used, as well as developers' preferred frameworks, databases, and integrated development environments.

Python's versatility continues to fuel its rise through Stack Overflow's rankings for the "most popular" languages, which lists the languages most widely used by developers. This year's survey finds Python to be the fastest-growing major programming language, with Python edging out Android and enterprise workhorse Java to become the fourth most commonly used language. [...] More importantly for developers, this popularity overlaps with demand for the language, with Julia Silge, data scientist at Stack Overflow, saying that jobs data gathered by Stack Overflow also shows Python to be one of the most in-demand languages sought by employers.

[...] Rust may not have as many users as Python or JavaScript but it has earned a lot of affection from those who use it. For the fourth year running, the language tops Stack Overflow's list of "most-loved" languages, which means the proportion of Rust developers who want to continue working with it is larger than that of any other language.[...] Go stands out as a language that is well paid, while also being sought after and where developers report high levels of job satisfaction. Full report here.

JavaScript library manager NPM on Wednesday apologized for its handling of a contentious round of recent layoffs. The Register reports: The company statement, which comes a week after product manager Rebecca Turner resigned in protest, is co-signed by chief executive officer Bryan Bogensberger, chief product officer Isaac Schlueter and chief data officer Laurie Voss. "Recently, we let go of five people in a company restructuring," the statement says. "The way that we undertook the process, unfortunately, made the terminations more painful than they needed to be, which we deeply regret, and we are sorry." By way of explanation, the statement attributes the changes at the company to shifting the firm's source of financial sustenance from venture funding to product revenue. That requires "new levels of commitment, delivery, and accountability," the implementation of which "has been uncomfortable at times."

In response to a question posed by The Register via Twitter, the company's former CTO CJ Silverio said, "The main thing I want to note is how NPM's statement is not an apology by [Isaac's] own standards. His blog post about apologies is very clear about the three things an apology must contain, and it seems to me that all three items were missing from that statement. It said nothing substantive. It went so far as to blame NPM's users for forcing them into the move."

C++ has knocked machine-learning favorite Python out of the top 3 in the TIOBE Index of popular programming languages. From a report: It marks a reversal of fortune for C++, which, after years of occupying third place in the index, was pushed down to fourth place by Python in September last year. First and second place in the list remain unchanged, with Java in pole position and C at number two. The TIOBE Index attempts to estimate the popularity of languages worldwide based on results from major search engines. The index is sometimes criticized for being a rather blunt measure, likely to be influenced by a range of factors beyond a language's popularity, but its rankings are broadly in line with others, with a similar mix of languages albeit arranged in a different order.

In an analysis alongside the latest figures, TIOBE attributes the comeback of C++ to a surge in its popularity, rather than a fall in the use of Python. "This is certainly not because Python is in decline: Python is scoring all time highs almost every month. It is just that C++ is also getting more and more popular," it writes. The report credits this growing interest in C++ to C++11, the version of the language released in 2011 that TIOBE said made C++ "much simpler, safer and more expressive."

Citing "significant" new corporate investments in AI technology, futurist Gary Grossman argues that AI "may be the fastest paradigm shift in the history of technology -- and warns there's a counter-argument to the theory that AI will create as many jobs as its displaces. "The other view is that this time is different, that we are not just automating labor but also cognition and many fewer people will be needed by industry." KPMG claims more than half of business executives plan to implement some form of AI within the next 12 months... The disruption is already beginning, with fully 75% of the organizations KPMG surveyed expecting intelligent automation to significantly impact 10 to 50% of their employees in the next two years. A Citigroup executive told Bloomberg that better AI could reduce headcount at the bank by 30%. In the face of all this change, many companies publicly state that AI will eliminate some dull and repetitive jobs and make it possible for people to do higher-order work. However, as a prominent venture capitalist relayed to me recently on this topic: "most displaced call center workers don't become Java programmers." It is not only low-skilled jobs that are at risk. Gartner analysts recently reported that AI will eliminate 80% of project management tasks....

A New York Times article noted that while many company executives pay public lip service to "human-centered AI" and the need to provide a safety net for those who lose their jobs, they privately talk about racing to automate their workforces "to stay ahead of the competition, with little regard for the impact on workers." The article also cites a Deloitte survey from 2017 that found 53% of companies had already started to use machines to perform tasks previously done by humans. The figure is expected to climb to 72% by next year.... The net of this dynamic is that workers are not a major factor in the economic calculus of the business drive to adopt AI, despite so many public statements to the contrary.

So perhaps it's not a surprise when the Edelman 2019 AI survey shows a widely held view that AI will lead to short-term job losses with the potential for societal disruption and that AI will benefit the rich and hurt the poor.
He also shares a sobering quote from historian, philosopher, and bestselling author Yuval Noah Harari on why Silicon Valley supports Universal Basic Incomes.

"The message is: 'We don't need you. But we are nice, so we'll take care of you.'"

An anonymous reader quotes a report from Ars Technica: Microsoft has removed a trio of references to Markus "Notch" Persson, the creator of Minecraft, from the game's opening menu screen. Random messages known as "splash text" are printed in yellow on this screen, and they used to include "Made by Notch!", "The Work of Notch", and "110813!" (a reference to the day Persson got married), but now all three mentions are gone. Notch is still included in the game's credits, but the change means that Minecraft players will no longer be randomly referenced.

Persson first released the blocky building game in 2009. Five years later, after the game had become a global smash hit, he sold his company Mojang to Microsoft for $2.5 billion, giving Redmond ownership of Minecraft. The references to Notch have remained a feature until their removal in this latest patch. They're reported to have been removed both from the original Java edition played on PCs and the legacy console edition used on PlayStation 4. No official rationale has been offered for the change, but Persson has become something of a polarizing figure on Twitter...

Joseph Tsidulko, writing for CRN: Oracle asked the U.S. Supreme Court on Wednesday to not review an appellate court's decision finding Google violated Oracle's copyright of the Java platform when building the Android mobile operating system. In that opposition brief, Oracle's attorneys said Google's copyright violation shut Oracle, the Java platform owner, out of the emerging smartphone market, causing incalculable harm to its business. The complex case pitting two Silicon Valley giants against each other has raged on since 2010, and already saw many twists in turns before a circuit court last year reversed a jury decision in favor of Oracle. That prompted Google's appeal to the nation's highest court. Oracle notes Google had previously asked for a writ of certiorari -- the legal term for review by the high court -- in 2015 without success in an earlier phase of the case, and the company argues nothing has changed in the time since.

Oracle believes Google destroyed its hopes of competing as a smartphone platform developer with the Java platform, which enables development and execution of software written in Java, including through APIs that access a vast software library. The lawsuit alleged Google copied those APIs without a proper license. Java was developed at Sun Microsystems, which Oracle acquired in 2010. "Google's theory is that, having invested all those resources to create a program popular with platform developers and app programmers alike, Oracle should be required to let a competitor copy its code so that it can coopt the fan base to create its own best-selling sequel," Oracle's brief states.

A new report from the open source security company WhiteSource asks the question, "Is one programming language more secure than the rest?"

An anonymous reader quotes TechRepublic: To answer this question, the report compiled information from WhiteSource's database, which aggregates information on open source vulnerabilities from sources including the National Vulnerability Database, security advisories, GitHub issue trackers, and popular open source projects issue trackers. Researchers focused in on open source security vulnerabilities in the seven most widely-used languages of the past 10 years to learn which are most secure, and which vulnerability types are most common in each...

The most common vulnerabilities across most of these languages are Cross-SiteScripting (XSS); Input Validation; Permissions, Privileges, and Access Control; and Information Leak / Disclosure, according to the report.
Across the seven most widely-used programming languages, here's how the vulnerabilities were distributed:

• C (47%)
• PHP (17%)
• Java (11%)
• JavaScript (10%)
• Python (5%)
• C++ (5%)
• Ruby (4%)

But the results are full of disclaimers -- for example, that C tops the list because it's the oldest language with "the highest volume of written code" and "is also one of the languages behind major infrastructure like Open SSL and the Linux kernel."

The report also notes a "substantial rise" across all languages for known open source security vulnerabilities over the last two years, attributing this to more awareness about vulnerable components -- thanks to more research, automated security tools, and "the growing investment in bug bounty programs" -- as well as the increasing popularity of open source software. And it also reports a drop in the percentage of critical vulnerabilities for most languages -- except JavaScript and PHP.

The report then concludes that "the Winner Of Most Secure Programming Language is...no one and everyone...! It is not about the language itself that makes it any more or less secure, but how you use it. If you are mitigating your vulnerabilities throughout the software development lifecycle with the proper management approach, then you are far more likely to stay secure."

Coincidentally, WhiteSource sells software which monitors open source components throughout the software development lifecycle to provide alerts about security (and licensing) issues.

The battle between PewDiePie, currently the most subscribed channel on YouTube, and T-Series, an Indian music label, continues to have strange repercussions. In recent months, as T-Series closes in on the gap to beat PewDiePie for the crown of the most subscribers on YouTube, alleged supporters of PewDiePie, in an unusual show of love, have hacked Chromecasts and printers to persuade victims to subscribe to PewDiePie's channel. Now ZDNet reports about a second strain of ransomware that is linked to PewDiePie. From the report: A second one appeared in January, and this was actually a fully functional ransomware strain. Called PewCrypt, this ransomware was coded in Java, and it encrypted users' files in the "proper" way, with a method of recovering files at a later date. The catch --you couldn't buy a decryption key, but instead, victims had to wait until PewDiePie gained over 100 million followers before being allowed to decrypt any of the encrypted files. At the time of writing, PewDiePie had around 90 million fans, meaning any victim would be in for a long wait before they could regain access to any of their files. Making matters worse, if T-Series got to 100 million subscribers before PewDiePie, then PewCrypt would delete the user's encryption key for good, leaving users without a way to recover their data.

While the ransomware was put together as a joke, sadly, it did infect a few users, ZDNet has learned. Its author eventually realized the world of trouble he'd get into if any of those victims filed complaints with authorities, and released the ransomware's source code on GitHub, along with a command-line-based decryption tool.