As the Lion Air crew fought to control their diving Boeing 737 Max 8, they got help from an unexpected source: an off-duty pilot who happened to be riding in the cockpit. Bloomberg reports: That extra pilot, who was seated in the cockpit jumpseat, correctly diagnosed the problem and told the crew how to disable a malfunctioning flight-control system and save the plane, according to two people familiar with Indonesia's investigation. The next day, under command of a different crew facing what investigators said was an identical malfunction, the jetliner crashed into the Java Sea killing all 189 aboard.

The previously undisclosed detail on the earlier Lion Air flight represents a new clue in the mystery of how some 737 Max pilots faced with the malfunction have been able to avert disaster while the others lost control of their planes and crashed. The presence of a third pilot in the cockpit wasn't contained in Indonesia's National Transportation Safety Committee's Nov. 28 report on the crash and hasn't previously been reported. The so-called dead-head pilot on the earlier flight from Bali to Jakarta told the crew to cut power to the motor driving the nose down, according to the people familiar, part of a checklist that all pilots are required to memorize. Further reading: Flawed Analysis, Failed Oversight: How Boeing, FAA Certified the Suspect 737 MAX Flight Control System.

An anonymous reader quotes a report from CNBC: The Boeing 737 MAX, the type of plane involved in a deadly crash in Ethiopia over the weekend, is still airworthy and the Federal Aviation Administration plans to issue a notice to the international aviation community later Monday, a person familiar with the matter said. "The FAA continuously assesses and oversees the safety performance of U.S. commercial aircraft," the FAA said in a statement. "If we identify an issue that affects safety, the FAA will take immediate and appropriate action."

Aviation officials in China and Indonesia ordered domestic airlines to ground their fleets of the popular Boeing single-aisle planes after the deadly crash of one operated by Ethiopian Airlines on Sunday. The 149 passengers and eight crew members on board were killed when the plane crashed shortly after takeoff. The incident was the second deadly crash of the new Boeing planes in less than five months. A Lion Air Boeing 737 MAX 8 plunged into the Java Sea shortly after taking off from Jakarta in October, killing all 189 people on board.

Java has a problem -- the language and platform is evolving faster than ever, but many developers are stuck on the five-year-old Java 8. From a report: So why have developers not upgraded? Simply, Java 9 introduced major changes, including internal restructuring, new modularity (known as "Project Jigsaw"), and the removal of little-used APIs. These changes broke code, and even developers who are happy to make the necessary revisions have dependency issues. "We have problems with libraries that do not yet support the latest versions," said one QCon attendee.

"I want to explain why it was necessary," said Oracle's Ron Pressler, part of the Java platform group developing the language and lead for Project Loom. "There are billions of lines of code in Java, and Java 9, it did break some things. The reason is that Java is 20-something years old. It will probably be big and popular in another 20 years. We have to think 20 years ahead. The way the JDK was structured prior to Java 9 was just unmaintainable. We could not keep Java competitive if we had not done that change. That was an absolute necessity."

An anonymous reader quotes a report from Motherboard: Switzerland made headlines this month for the transparency of its internet voting system when it launched a public penetration test and bug bounty program to test the resiliency of the system to attack. But after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system's design and about the transparency around the public test. Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what's going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly.

"Most of the system is split across hundreds of different files, each configured at various levels," Sarah Jamie Lewis, a former security engineer for Amazon as well as a former computer scientist for England's GCHQ intelligence agency, told Motherboard. "I'm used to dealing with Java code that runs across different packages and different teams, and this code somewhat defeats even my understanding." She said the system uses cryptographic solutions that are fairly new to the field and that have to be implemented in very specific ways to make the system auditable, but the design the programmers chose thwarts this. "It is simply not the standard we would expect," she told Motherboard. [...] It isn't just outside attackers that are a concern; the system raises the possibility for an insider to intentionally misconfigure the system to make it easier to manipulate, while maintaining plausible deniability that the misconfiguration was unintentional. "Someone could wire the thing in the wrong place and suddenly the system is compromised," said Lewis, who is currently executive director of the Open Privacy Research Society, a Canadian nonprofit that develops secure and privacy-enhancing software for marginalized communities. "And when you're talking about code that is supposed to be protecting a national election, that is not a statement someone should be able to make." "You expect secure code to be defensively written that would prevent the implementers of the code from wiring it up incorrectly," Lewis told Motherboard. But instead of building a system that doesn't allow for this, the programmers simply added a comment to their source code telling anyone who compiles and implements it to take care to configure it properly, she said.

The online voting system was developed by Swiss Post, the country's national postal service, and the Barcelona-based company Scytl. "Scytl claims the system uses end-to-end encryption that only the Swiss Electoral Board would be able to decrypt," reports Motherboard. "But there are reasons to be concerned about such claims."

Over 20,000 programmers from more than 150 different countries provided answers for the second annual Python Developers Survey (conducted by the Python Software Foundation and JeBrains).

An anonymous reader submitted this condensed version of their results: 84% of Python users in our survey use Python as their main language...up 5 percentage points from 79% in 2017. But half of all Python users in the survey also use JavaScript, and 47% more say they use HTML/CSS. Reported use of Bash/Shell has also grown from 36% in 2017 to 45% in 2018. [Later 93% of respondents said that their activities included Software testing/Writing automated tests.] Python users who report that they also use Go and SQL have both increased by 2 percentage points, while many other languages (including C/C++, Java, and C#) have decreased their share...

When asked "What do you use Python for?" data analysis has become more popular than Web development, growing from 50% in 2017 to 58% in 2018. Machine learning also grew by 7 percentage points. These types of development are experiencing faster growth than Web development, which has only increased by 2 percentage points when compared to the previous year...

Almost two-thirds of respondents selected Linux as their development environment OS. Most people are using free or open source databases such as PostgreSQL, MySQL, or SQLite... Twenty-something was the prevalent age range among our respondents, with almost a third being in their thirties. [31% more were between the ages of 30 and 39.]

Maximiliano Firtman: Chrome 72 for Android shipped the long-awaited Trusted Web Activity feature, which means we can now distribute PWAs in the Google Play Store! I played with the feature for a while, digging into the APIs and here you have a summary of what's going on, what to expect and how to use it today. Chrome 72 for Android is now shipping from the Play Store to all users and this version included Trusted Web Activity (TWA), that in a nutshell is a way to open Chrome in standalone mode (without any toolbar or Chrome UI) within the scope of our own native Android package. Let me start saying that the publishing process is not straightforward as it should be (such as "enter your URL" in the Play Console and it's done). It's also not a way to use the currently available WebAPK and publish it in the store. It's a Java API that communicates through services with Chrome and seem to be in the early stages, so there is a lot of manual work to do yet today.

This week HackerRank reported Java is now only the second most popular programming language, finally dropping behind JavaScript in the year 2018.

Now long-time Slashdot reader shanen asks about the rumors that Java is dead -- or is it?

Can you convince me that Java isn't as dead as it seems? It's just playing dead and will spring to life?
This week one Java news site argued that Java-based Minecraft has in fact "spawned a new generation of Java developers," citing an interview with Red Hat's JBoss Middleware CTO. (And he adds that "It's still the dominant programming language in the enterprise, so whether you're building enterprise clients, services or something in between, Java likely features in there somewhere.") Yet the original submission drew some interesting comments:

• "The licensing scheme for Java kills it..."

• "Java programs still are 'the alien on your desktop'. They suck in many ways. Users have learned to avoid them and install 'real programs' instead..."

But what do Slashdot's readers think? Leave your own answers in the comments.

How dead is Java?

An AI-enhanced tool that suggests code snippets for Python developers in real time just raised $17 million in VC funding to expand its R&D team "with a focus on accelerating developer productivity."

An anonymous reader quotes VentureBeat: "Our mission is to bring the latest advancements in AI and machine learning (ML) to make writing code fluid, effortless, and more enjoyable," explained [founder Adam] Smith. "Developers using Kite can focus their productive energy toward solving the next big technical challenges, instead of searching the web for code examples illustrating mundane and frequently repeated code patterns...."

Instead of relying on the cloud to run its AI engine, Kite now runs locally on a user's computer, letting developers use it offline and without having to upload any code. (Kite still trains its machine learning models with thousands of publicly available code sources from highly rated developers.) Furthermore, running locally allows Kite to fully operate with lower latencies... In addition to ditching the cloud, the new version of Kite brings a feature the team calls Line-of-Code Completions. Until now, Kite's machine learning models could only suggest the next "token" in a line of code. Line-of-Code Completions can complete entire function calls with a single keystroke... The team boasts that Kite is "the only developer product on the market to offer such advanced completions."
"Today, Kite is used by more than 30,000 Python developers worldwide," reports VentureBeat, adding it locally-based ML plugin is available for top Python IDEs including Visual Studio Code, Atom, Sublime Text, PyCharm, IntelliJ, and Vim.

Kite's investors include the CEO of GitHub, as well as the founders of Dropbox, Paypal, and Twitch.tv, and the company hopes to eventually support more languages, starting with either Java, JavaScript, or Go.

An anonymous reader writes: Today, HackerRank released the 2019 edition of its annual Developer Skills Report (PDF), surveying over 71,000 software developers from more than 100 countries. Every single industry requires software developers, meaning competition for technical talent is fierce. The idea here is to help everyone from CEOs and executives to hiring managers and recruiters understand the developers they're pursuing. We've put together a quick video to summarize the results. HackerRank asked developers which programming languages they knew and which ones they wanted to learn. Seventy-three percent of developers said they knew JavaScript in 2018, up from 66 percent in 2017. JavaScript was 2018's most well-known language, compared to Java in 2017.

Google is asking the Supreme Court to make the final call in its infamous dispute with Oracle. "Today, the company announced it has filed a petition with the Court, asking the justices to determine the boundaries of copyright law in code," reports The Verge. From the report: The case dates back to 2010, when Oracle first accused Google of improperly using elements of Oracle's Java programming language to build Android. Oracle said that Google's use of Java application programing interfaces was a violation of copyright law. Google has responded that APIs are too fundamental to programming to be copyrighted. The case has led to two jury trials, and several rulings have doled out wins and losses to both companies over the course of eight years. Last year, a favorable Oracle decision set Google up to potentially lose billions of dollars.

Google asked for a Supreme Court hearing on the case in 2014, but the Court rejected the request at the time. The company says new issues are now at play, and is asking the Court to decide whether software interfaces can be copyrighted, and whether using them to build something new constitutes fair use under the law. In its new petition to the Supreme Court, Google says the case is not only important to copyright law, but has "sheer practical importance," as it centers around two touchstones of computing: Google's Android and Oracle's Java. The Court's intervention could alter the future of software, the company argues.

The Apache Software Foundation has released NetBeans 10.0, the second major release of the Apache NetBeans IDE. The release, said the Apache Software Foundation, is focused in adding support for JDK 11, JUnit 5, PHP, JavaScript and Groovy, as well in solving many issues. From a blog post: JDK 11 support has been enhanced in the following ways: Integration with the nb-javac project, adding support for JDK 11, removed the CORBA modules, support for JEP 309, Dynamic Class-File Constants, support for JEP 323, Local-Variable Syntax for Lambda Parameters, and support for LVTI Support for Lamdba Parameters.

PHP 7.3: You can now add trailing commas in function calls under PHP 7.3 (mailing list thread), and also use the list reference assignment, the flexible Heredoc and Nowdoc Syntaxes are also supported. [...] And more: context sensitive lexer, PHPStan support, debugger, twig, hints, suggestions, code completionâ¦â visit PHP Features Page and NetBeans 10 New and Noteworthy for more details on PHP support. JUnit 5.3.1 has been added as a new Library to NetBeans, so you can quickly add it to your Java projects. For Maven projects without no existing tests, JUnit 5 is now the default JUnit version.

A previously unknown hacker group is behind a mounting number of breaches that have been reported by local governments across the US. From a report: In a report published today, US cyber-security vendor FireEye has revealed that this yet-to-be-identified hacker group has been breaking into Click2Gov servers and planting malware that stole payment card details. Click2Gov is a popular self-hosted payments solution, a product of US software supplier Superion. It is sold primarily to US local governments, and you can find a Click2Gov server installed anywhere from small towns to large metropolitan areas, where it's used to handle payments for utility bills, permits, fines, and more.

FireEye says this new hacker group has been attacking Click2Gov portals for almost a year. The company's investigators believe hackers are using one or more vulnerabilities in one of Click2Gov's components --the Oracle WebLogic Java EE application server-- to gain a foothold and install a web shell named SJavaWebManage on hacked portals. Forensic evidence suggests the hackers are using this web shell to turn on Click2Gov's debug mode, which, in turn, starts logging payment transactions, card details included.

Thursday a bug report complained that the source code for OpenJDK, the free and open-source implementation of Java, "has too many swear words." An anonymous reader writes: "There are many instances of swear words inside OpenJDK jdk/jdk source, scattered all over the place," reads the bug report. "As OpenJDK is used in a professional context, it seems inappropriate to leave these 12 instances in there, so here's a changeset to remove them."
IBM software developer (and OpenJDK team member and contributor) Adam Farley responded that "after discussion with the community, three determinations were reached":

• "Damn" and "Crap" are not swear words.

• Three of the four f-bombs are located in jszip.js, which should be corrected upstream (will follow up).

• The f-bomb in BitArray.java, as well as the rude typo in SoftChannel.java, *are* swear words and should be removed to resolve this work item.

He promised a new webrev would be uploaded to reflect these determinations, and the bug has been marked as "resolved."

Microsoft's Visual Basic .NET now ranks above JavaScript, PHP, SQL on TIOBE's index of programming language popularity, which ZDNet notes is "the highest it's ever been since [TIIOBE] started tracking the Microsoft language in 2001." Tiobe analysts said it was "very surprising" that Visual Basic .Net is now the fifth most popular language, only behind C++, Python, C, and Java. It's even ahead of JavaScript, which currently lies in seventh place, down from sixth a year ago. C# meanwhile fell from fifth spot a year ago to sixth this month. The language index still reckons Visual Basic .Net will "sooner or later go into decline", but concedes it's popular for dedicated office applications in small and medium enterprises, and is probably still used by many developers because it's easy to learn.
TIOBE's methodology "basically...comes down to counting hits for the search query +"<language> programming," TIOBE explains on its web page -- though its results don't always agree with other analysts.

InfoWorld points out that on this month's PyPL Popularity of Programming Language index, which analyzes how often language tutorials are searched for on Google, VB.NET "doesn't even register Visual Basic.Net or Visual Basic among its Top 10 languages" -- and JavaScript comes in third, behind only Python and Java.

Google has launched Flutter 1.0, the first stable release of its open source, cross-platform UI toolkit and SDK. "Flutter lets developers share a single code base across Android and iOS apps, with a focus on speed and maintaining a native feel," reports Ars Technica. From the report: Flutter enables cross-platform app code by sidestepping the UI frameworks of both Android and iOS. Flutter apps run on the Flutter rendering engine and Flutter framework, which are shipped with every app. The Flutter platform handles communication with each OS and can spit out Android and iOS binaries with native-looking widgets and scrolling behavior if desired. It's kind of like applying a "video game" style of development to apps: if you write for a game engine like Unity or Unreal, those engines are packaged with your game, allowing it to run on multiple different platforms. It's the same deal with Flutter.

Flutter apps are written in Dart, and the SDK offers programmers nice quality-of-life benefits like the "stateful hot reload," a way to instantly make code changes appear in the emulator. For IDEs, there are plugins for Visual Studio Code, Android Studio, and IntelliJ. Apps come with their own set of Flutter UI widgets for Android and iOS, with the iOS widgets closely following Apple's guidelines and the Android widgets following Google's Material Design. Flutter is designed to be fast, with its custom app engine running on Google's hardware-accelerated Skia engine. This means 60fps apps on Android and iOS and a path for 120fps apps in the future. This is a bigger deal on Android than it is on iOS. The Google Ads app is already built on Flutter, which means Google "thinks Flutter is ready for prime time," writes Ron Amadeo. There's a list of other apps built on Flutter, too. Amadeo goes on to suggest that Flutter may be the path to Android's replacement. "Flutter ships its own app engine on Android and iOS, but in secret, Google is also developing an OS called 'Fuchsia' that runs these Flutter apps natively," writes Amadeo. "With Fuchsia, Google would switch from the Android apps written in Java to Flutter apps written in Dart..."

Two Iranian officials have been indicted by U.S. federal prosecutors for creating and deploying the notorious SamSam ransomware, which exploits a deserialization vulnerability in Java-based servers. TechCrunch reports: Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, were indicted by a federal grand jury in New Jersey on Monday on several counts of computer hacking and fraud charges. The case was unsealed Wednesday, shortly before a press conference announcing the charges by U.S. deputy attorney general Rod Rosenstein. In total, SamSam has generated some $6 million in proceeds to date -- or 1,430 bitcoin at today's value. In a separate announcement, the Treasury said it had imposed sanctions against two bitcoin addresses associated with the ransomware. The department said the two addresses processed more than 7,000 transactions used to collect ransom demands from victims. "The Iranian defendants allegedly used hacking and malware to cause more than $30 million in losses to more than 200 victims," said Rosenstein. "According to the indictment, the hackers infiltrated computer systems in ten states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims."

One of the victims was the City of Atlanta, which was knocked offline earlier this year and spent a projected $2.6 million in recovery. "It was later discovered that the city's computers had long been vulnerable to leaked exploits developed by the National Security Agency -- later stolen and leaked online for anyone to use," reports TechCrunch.

A recent TechCrunch article claimed to have identified the best indicator of programming language popularity: GitHub's annual "State of the Octoverse" reports. So Austin-based technology reporter Mike Melanson explored the new verdict in GitHub's 2018 report: It felt to me like the overarching theme of the numbers was one of quiet stasis for the year past, at least when it comes to those languages deemed the cream of the crop. One of the first graphics offered in the post shows the top languages according to the number of repositories created and we see that everything seems to be flowing along, just as it has for the last decade. While GitHub points to a "steady uptick" for JavaScript after 2011, it looks like this list of languages hasn't changed much over time. [The graphic shows the four most popular languages -- every year since early 2014 -- have been JavaScript, Java, Python, and PHP.]

When we look at the top languages according to the number of contributors, we see a similar story, with the top four languages mirrored. In this chart, of course, we see that Ruby is on a steady decline, while Typescript is on a steady rise. The only surprise to be seen here is that C, after a brief uptick in popularity, has taken a bit of a nosedive over the past year. Either way, seven of 10 languages have the same exact ranking....

Finally, beyond the language rankings themselves, GitHub offers a wonderful analysis of just what it is that makes a particular language popular in 2018, boiling it down to three key characteristics: thread safety, interoperability, and being open source.
GitHub's report also identifies its fastest growing languages over the last year -- including Kotin, TypeScript, Rust, Python, and Go. "This year, TypeScript shot up to #7 among top languages used on the platform overall, after making its way in the top 10 for the first time last year," the report notes.

"TypeScript is now in the top 10 most used languages across all regions GitHub contributors come from -- and across private, public, and open source repositories."

An anonymous reader quotes SD Times: Amazon wants to make sure Java is available for free to its users in the long term with the introduction of Amazon Corretto. The solution is a no-cost, multi-platform, production-ready distribution of the Open Java Development Kit (OpenJDK). "Java is one of the most popular languages in use by AWS customers, and we are committed to supporting Java and keeping it free," Arun Gupta, principal open-source technologist at Amazon, wrote in a blog post. "Many of our customers have become concerned that they would have to pay for a long-term supported version of Java to run their workloads. As a first step, we recently re-affirmed long-term support for Java in Amazon Linux. However, our customers and the broader Java community run Java on a variety of platforms, both on and off of AWS."

Amazon Corretto will be available with long-term support and Amazon will continue to make performance enhancements and security fixes to it, the company explained. Amazon plans on making quarterly updates with bug fixes and patches, as well as any urgent fixes necessary outside of its schedule... Corretto 8 is available as a preview with features corresponding to those in OpenJDK 8. General availability for the solution is planned for Q1 2019... "Corretto is designed as a drop-in replacement for all Java SE distributions unless you're using features not available in OpenJDK (e.g., Java Flight Recorder)," Gupta wrote....

According to Gupta, Corretto 8 will be available at no cost until at least June of 2023. The company is working on Corretto 11, which will be available until at least August of 2024. "Amazon has already made several contributions to OpenJDK 8 and we look forward to working closely with the OpenJDK community on future enhancements to OpenJDK 8 and 11," Gupta wrote. "We downstream fixes made in OpenJDK, add enhancements based on our own experience and needs, and then produce Corretto builds. In case any upstreaming efforts for such patches is not successful, delayed, or not appropriate for OpenJDK project, we will provide them to our customers for as long as they add value. If an issue is solved a different way in OpenJDK, we will move to that solution as soon as it is safe to do so."

GitHub saw more than 67 million pull requests this year -- more than a third of GitHub's "lifetime" total of 200 million pull requests since its launch in 2008. It now hosts 96 million repositories, and has over 31 million contributors -- including 8 million who just joined within the last 12 months.

These are among the facts released in GitHub's annual "State of the Octoverse" report -- a surprising number of which involve Microsoft.

• GitHub's top project this year, by contributor count, was Microsoft's Visual Studio Code (with 19,000 contributors), followed by Facebook's React Native (10,000), TensorFlow (9,300) and Angular CLI (8,800) -- as well as Angular (7,600) -- and the open source documentation for Microsoft Azure (7,800).

• Microsoft now has more employees contributing to open source projects than any other company or organization (7,700 employees), followed by Google (5,500), Red Hat (3,300), U.C. Berkeley (2,700), and Intel (2,200).

• The open source documentation for Microsoft Azure is GitHub's fastest-growing open source project, followed by PyTorch (an open source machine learning library for Python).

• Among the "Cool new open source projects" is an Electron app running Windows 95.

But more than 2.1 million organizations are now using GitHub (including public and private repositories) -- which is 40% more than last year -- and the report offers a fun glimpse into the minutiae of life in the coding community.

Read on for more details.

An anonymous reader quotes a report from NPR: A team of researchers conducted their analysis using data stored in something called the UK Biobank. More than 500,000 people have contributed blood, urine and saliva samples to the biobank, which scientists can use to answer various research questions. The volunteers also filled out questionnaires asking a variety of health-related questions, including how much coffee they drink. Part of what determines our sensitivity to bitter substances is determined by the genes we inherit from our parents. So the researchers used genetic analysis of samples from the biobank to find people who were more or less sensitive to three bitter substances: caffeine, quinine (think tonic water) and a chemical called propylthiouracil that is frequently used in genetic tests of people's ability to taste bitter compounds.

Then they looked to see if people sensitive to one or more of these substances drank more or less coffee than people who were not sensitive. To the researchers' surprise, people who were more sensitive to caffeine reported increased coffee consumption compared with people who were less sensitive. The result was restricted to the bitterness of caffeine. People sensitive to quinine and propylthiouracil -- neither of which is in coffee -- tended to drink less coffee. The effect of increased caffeine sensitivity was small: it only amounted to about two tablespoons more coffee per day. But by analyzing so many samples, the researchers were able to detect even small differences like that. The reason may be that people "learn to associate that bitter taste with the stimulation that coffee can provide," says one of the study authors.