JavaScript library manager NPM on Wednesday apologized for its handling of a contentious round of recent layoffs. The Register reports: The company statement, which comes a week after product manager Rebecca Turner resigned in protest, is co-signed by chief executive officer Bryan Bogensberger, chief product officer Isaac Schlueter and chief data officer Laurie Voss. "Recently, we let go of five people in a company restructuring," the statement says. "The way that we undertook the process, unfortunately, made the terminations more painful than they needed to be, which we deeply regret, and we are sorry." By way of explanation, the statement attributes the changes at the company to shifting the firm's source of financial sustenance from venture funding to product revenue. That requires "new levels of commitment, delivery, and accountability," the implementation of which "has been uncomfortable at times."

In response to a question posed by The Register via Twitter, the company's former CTO CJ Silverio said, "The main thing I want to note is how NPM's statement is not an apology by [Isaac's] own standards. His blog post about apologies is very clear about the three things an apology must contain, and it seems to me that all three items were missing from that statement. It said nothing substantive. It went so far as to blame NPM's users for forcing them into the move."

C++ has knocked machine-learning favorite Python out of the top 3 in the TIOBE Index of popular programming languages. From a report: It marks a reversal of fortune for C++, which, after years of occupying third place in the index, was pushed down to fourth place by Python in September last year. First and second place in the list remain unchanged, with Java in pole position and C at number two. The TIOBE Index attempts to estimate the popularity of languages worldwide based on results from major search engines. The index is sometimes criticized for being a rather blunt measure, likely to be influenced by a range of factors beyond a language's popularity, but its rankings are broadly in line with others, with a similar mix of languages albeit arranged in a different order.

In an analysis alongside the latest figures, TIOBE attributes the comeback of C++ to a surge in its popularity, rather than a fall in the use of Python. "This is certainly not because Python is in decline: Python is scoring all time highs almost every month. It is just that C++ is also getting more and more popular," it writes. The report credits this growing interest in C++ to C++11, the version of the language released in 2011 that TIOBE said made C++ "much simpler, safer and more expressive."

Citing "significant" new corporate investments in AI technology, futurist Gary Grossman argues that AI "may be the fastest paradigm shift in the history of technology -- and warns there's a counter-argument to the theory that AI will create as many jobs as its displaces. "The other view is that this time is different, that we are not just automating labor but also cognition and many fewer people will be needed by industry." KPMG claims more than half of business executives plan to implement some form of AI within the next 12 months... The disruption is already beginning, with fully 75% of the organizations KPMG surveyed expecting intelligent automation to significantly impact 10 to 50% of their employees in the next two years. A Citigroup executive told Bloomberg that better AI could reduce headcount at the bank by 30%. In the face of all this change, many companies publicly state that AI will eliminate some dull and repetitive jobs and make it possible for people to do higher-order work. However, as a prominent venture capitalist relayed to me recently on this topic: "most displaced call center workers don't become Java programmers." It is not only low-skilled jobs that are at risk. Gartner analysts recently reported that AI will eliminate 80% of project management tasks....

A New York Times article noted that while many company executives pay public lip service to "human-centered AI" and the need to provide a safety net for those who lose their jobs, they privately talk about racing to automate their workforces "to stay ahead of the competition, with little regard for the impact on workers." The article also cites a Deloitte survey from 2017 that found 53% of companies had already started to use machines to perform tasks previously done by humans. The figure is expected to climb to 72% by next year.... The net of this dynamic is that workers are not a major factor in the economic calculus of the business drive to adopt AI, despite so many public statements to the contrary.

So perhaps it's not a surprise when the Edelman 2019 AI survey shows a widely held view that AI will lead to short-term job losses with the potential for societal disruption and that AI will benefit the rich and hurt the poor.
He also shares a sobering quote from historian, philosopher, and bestselling author Yuval Noah Harari on why Silicon Valley supports Universal Basic Incomes.

"The message is: 'We don't need you. But we are nice, so we'll take care of you.'"

An anonymous reader quotes a report from Ars Technica: Microsoft has removed a trio of references to Markus "Notch" Persson, the creator of Minecraft, from the game's opening menu screen. Random messages known as "splash text" are printed in yellow on this screen, and they used to include "Made by Notch!", "The Work of Notch", and "110813!" (a reference to the day Persson got married), but now all three mentions are gone. Notch is still included in the game's credits, but the change means that Minecraft players will no longer be randomly referenced.

Persson first released the blocky building game in 2009. Five years later, after the game had become a global smash hit, he sold his company Mojang to Microsoft for $2.5 billion, giving Redmond ownership of Minecraft. The references to Notch have remained a feature until their removal in this latest patch. They're reported to have been removed both from the original Java edition played on PCs and the legacy console edition used on PlayStation 4. No official rationale has been offered for the change, but Persson has become something of a polarizing figure on Twitter...

Joseph Tsidulko, writing for CRN: Oracle asked the U.S. Supreme Court on Wednesday to not review an appellate court's decision finding Google violated Oracle's copyright of the Java platform when building the Android mobile operating system. In that opposition brief, Oracle's attorneys said Google's copyright violation shut Oracle, the Java platform owner, out of the emerging smartphone market, causing incalculable harm to its business. The complex case pitting two Silicon Valley giants against each other has raged on since 2010, and already saw many twists in turns before a circuit court last year reversed a jury decision in favor of Oracle. That prompted Google's appeal to the nation's highest court. Oracle notes Google had previously asked for a writ of certiorari -- the legal term for review by the high court -- in 2015 without success in an earlier phase of the case, and the company argues nothing has changed in the time since.

Oracle believes Google destroyed its hopes of competing as a smartphone platform developer with the Java platform, which enables development and execution of software written in Java, including through APIs that access a vast software library. The lawsuit alleged Google copied those APIs without a proper license. Java was developed at Sun Microsystems, which Oracle acquired in 2010. "Google's theory is that, having invested all those resources to create a program popular with platform developers and app programmers alike, Oracle should be required to let a competitor copy its code so that it can coopt the fan base to create its own best-selling sequel," Oracle's brief states.

A new report from the open source security company WhiteSource asks the question, "Is one programming language more secure than the rest?"

An anonymous reader quotes TechRepublic: To answer this question, the report compiled information from WhiteSource's database, which aggregates information on open source vulnerabilities from sources including the National Vulnerability Database, security advisories, GitHub issue trackers, and popular open source projects issue trackers. Researchers focused in on open source security vulnerabilities in the seven most widely-used languages of the past 10 years to learn which are most secure, and which vulnerability types are most common in each...

The most common vulnerabilities across most of these languages are Cross-SiteScripting (XSS); Input Validation; Permissions, Privileges, and Access Control; and Information Leak / Disclosure, according to the report.
Across the seven most widely-used programming languages, here's how the vulnerabilities were distributed:

• C (47%)
• PHP (17%)
• Java (11%)
• JavaScript (10%)
• Python (5%)
• C++ (5%)
• Ruby (4%)

But the results are full of disclaimers -- for example, that C tops the list because it's the oldest language with "the highest volume of written code" and "is also one of the languages behind major infrastructure like Open SSL and the Linux kernel."

The report also notes a "substantial rise" across all languages for known open source security vulnerabilities over the last two years, attributing this to more awareness about vulnerable components -- thanks to more research, automated security tools, and "the growing investment in bug bounty programs" -- as well as the increasing popularity of open source software. And it also reports a drop in the percentage of critical vulnerabilities for most languages -- except JavaScript and PHP.

The report then concludes that "the Winner Of Most Secure Programming Language is...no one and everyone...! It is not about the language itself that makes it any more or less secure, but how you use it. If you are mitigating your vulnerabilities throughout the software development lifecycle with the proper management approach, then you are far more likely to stay secure."

Coincidentally, WhiteSource sells software which monitors open source components throughout the software development lifecycle to provide alerts about security (and licensing) issues.

The battle between PewDiePie, currently the most subscribed channel on YouTube, and T-Series, an Indian music label, continues to have strange repercussions. In recent months, as T-Series closes in on the gap to beat PewDiePie for the crown of the most subscribers on YouTube, alleged supporters of PewDiePie, in an unusual show of love, have hacked Chromecasts and printers to persuade victims to subscribe to PewDiePie's channel. Now ZDNet reports about a second strain of ransomware that is linked to PewDiePie. From the report: A second one appeared in January, and this was actually a fully functional ransomware strain. Called PewCrypt, this ransomware was coded in Java, and it encrypted users' files in the "proper" way, with a method of recovering files at a later date. The catch --you couldn't buy a decryption key, but instead, victims had to wait until PewDiePie gained over 100 million followers before being allowed to decrypt any of the encrypted files. At the time of writing, PewDiePie had around 90 million fans, meaning any victim would be in for a long wait before they could regain access to any of their files. Making matters worse, if T-Series got to 100 million subscribers before PewDiePie, then PewCrypt would delete the user's encryption key for good, leaving users without a way to recover their data.

While the ransomware was put together as a joke, sadly, it did infect a few users, ZDNet has learned. Its author eventually realized the world of trouble he'd get into if any of those victims filed complaints with authorities, and released the ransomware's source code on GitHub, along with a command-line-based decryption tool.

As the Lion Air crew fought to control their diving Boeing 737 Max 8, they got help from an unexpected source: an off-duty pilot who happened to be riding in the cockpit. Bloomberg reports: That extra pilot, who was seated in the cockpit jumpseat, correctly diagnosed the problem and told the crew how to disable a malfunctioning flight-control system and save the plane, according to two people familiar with Indonesia's investigation. The next day, under command of a different crew facing what investigators said was an identical malfunction, the jetliner crashed into the Java Sea killing all 189 aboard.

The previously undisclosed detail on the earlier Lion Air flight represents a new clue in the mystery of how some 737 Max pilots faced with the malfunction have been able to avert disaster while the others lost control of their planes and crashed. The presence of a third pilot in the cockpit wasn't contained in Indonesia's National Transportation Safety Committee's Nov. 28 report on the crash and hasn't previously been reported. The so-called dead-head pilot on the earlier flight from Bali to Jakarta told the crew to cut power to the motor driving the nose down, according to the people familiar, part of a checklist that all pilots are required to memorize. Further reading: Flawed Analysis, Failed Oversight: How Boeing, FAA Certified the Suspect 737 MAX Flight Control System.

An anonymous reader quotes a report from CNBC: The Boeing 737 MAX, the type of plane involved in a deadly crash in Ethiopia over the weekend, is still airworthy and the Federal Aviation Administration plans to issue a notice to the international aviation community later Monday, a person familiar with the matter said. "The FAA continuously assesses and oversees the safety performance of U.S. commercial aircraft," the FAA said in a statement. "If we identify an issue that affects safety, the FAA will take immediate and appropriate action."

Aviation officials in China and Indonesia ordered domestic airlines to ground their fleets of the popular Boeing single-aisle planes after the deadly crash of one operated by Ethiopian Airlines on Sunday. The 149 passengers and eight crew members on board were killed when the plane crashed shortly after takeoff. The incident was the second deadly crash of the new Boeing planes in less than five months. A Lion Air Boeing 737 MAX 8 plunged into the Java Sea shortly after taking off from Jakarta in October, killing all 189 people on board.

Java has a problem -- the language and platform is evolving faster than ever, but many developers are stuck on the five-year-old Java 8. From a report: So why have developers not upgraded? Simply, Java 9 introduced major changes, including internal restructuring, new modularity (known as "Project Jigsaw"), and the removal of little-used APIs. These changes broke code, and even developers who are happy to make the necessary revisions have dependency issues. "We have problems with libraries that do not yet support the latest versions," said one QCon attendee.

"I want to explain why it was necessary," said Oracle's Ron Pressler, part of the Java platform group developing the language and lead for Project Loom. "There are billions of lines of code in Java, and Java 9, it did break some things. The reason is that Java is 20-something years old. It will probably be big and popular in another 20 years. We have to think 20 years ahead. The way the JDK was structured prior to Java 9 was just unmaintainable. We could not keep Java competitive if we had not done that change. That was an absolute necessity."

An anonymous reader quotes a report from Motherboard: Switzerland made headlines this month for the transparency of its internet voting system when it launched a public penetration test and bug bounty program to test the resiliency of the system to attack. But after source code for the software and technical documentation describing its architecture were leaked online last week, critics are already expressing concern about the system's design and about the transparency around the public test. Cryptography experts who spent just a few hours examining the leaked code say the system is a poorly constructed and convoluted maze that makes it difficult to follow what's going on and effectively evaluate whether the cryptography and other security measures deployed in the system are done properly.

"Most of the system is split across hundreds of different files, each configured at various levels," Sarah Jamie Lewis, a former security engineer for Amazon as well as a former computer scientist for England's GCHQ intelligence agency, told Motherboard. "I'm used to dealing with Java code that runs across different packages and different teams, and this code somewhat defeats even my understanding." She said the system uses cryptographic solutions that are fairly new to the field and that have to be implemented in very specific ways to make the system auditable, but the design the programmers chose thwarts this. "It is simply not the standard we would expect," she told Motherboard. [...] It isn't just outside attackers that are a concern; the system raises the possibility for an insider to intentionally misconfigure the system to make it easier to manipulate, while maintaining plausible deniability that the misconfiguration was unintentional. "Someone could wire the thing in the wrong place and suddenly the system is compromised," said Lewis, who is currently executive director of the Open Privacy Research Society, a Canadian nonprofit that develops secure and privacy-enhancing software for marginalized communities. "And when you're talking about code that is supposed to be protecting a national election, that is not a statement someone should be able to make." "You expect secure code to be defensively written that would prevent the implementers of the code from wiring it up incorrectly," Lewis told Motherboard. But instead of building a system that doesn't allow for this, the programmers simply added a comment to their source code telling anyone who compiles and implements it to take care to configure it properly, she said.

The online voting system was developed by Swiss Post, the country's national postal service, and the Barcelona-based company Scytl. "Scytl claims the system uses end-to-end encryption that only the Swiss Electoral Board would be able to decrypt," reports Motherboard. "But there are reasons to be concerned about such claims."

Over 20,000 programmers from more than 150 different countries provided answers for the second annual Python Developers Survey (conducted by the Python Software Foundation and JeBrains).

An anonymous reader submitted this condensed version of their results: 84% of Python users in our survey use Python as their main language...up 5 percentage points from 79% in 2017. But half of all Python users in the survey also use JavaScript, and 47% more say they use HTML/CSS. Reported use of Bash/Shell has also grown from 36% in 2017 to 45% in 2018. [Later 93% of respondents said that their activities included Software testing/Writing automated tests.] Python users who report that they also use Go and SQL have both increased by 2 percentage points, while many other languages (including C/C++, Java, and C#) have decreased their share...

When asked "What do you use Python for?" data analysis has become more popular than Web development, growing from 50% in 2017 to 58% in 2018. Machine learning also grew by 7 percentage points. These types of development are experiencing faster growth than Web development, which has only increased by 2 percentage points when compared to the previous year...

Almost two-thirds of respondents selected Linux as their development environment OS. Most people are using free or open source databases such as PostgreSQL, MySQL, or SQLite... Twenty-something was the prevalent age range among our respondents, with almost a third being in their thirties. [31% more were between the ages of 30 and 39.]

Maximiliano Firtman: Chrome 72 for Android shipped the long-awaited Trusted Web Activity feature, which means we can now distribute PWAs in the Google Play Store! I played with the feature for a while, digging into the APIs and here you have a summary of what's going on, what to expect and how to use it today. Chrome 72 for Android is now shipping from the Play Store to all users and this version included Trusted Web Activity (TWA), that in a nutshell is a way to open Chrome in standalone mode (without any toolbar or Chrome UI) within the scope of our own native Android package. Let me start saying that the publishing process is not straightforward as it should be (such as "enter your URL" in the Play Console and it's done). It's also not a way to use the currently available WebAPK and publish it in the store. It's a Java API that communicates through services with Chrome and seem to be in the early stages, so there is a lot of manual work to do yet today.

This week HackerRank reported Java is now only the second most popular programming language, finally dropping behind JavaScript in the year 2018.

Now long-time Slashdot reader shanen asks about the rumors that Java is dead -- or is it?

Can you convince me that Java isn't as dead as it seems? It's just playing dead and will spring to life?
This week one Java news site argued that Java-based Minecraft has in fact "spawned a new generation of Java developers," citing an interview with Red Hat's JBoss Middleware CTO. (And he adds that "It's still the dominant programming language in the enterprise, so whether you're building enterprise clients, services or something in between, Java likely features in there somewhere.") Yet the original submission drew some interesting comments:

• "The licensing scheme for Java kills it..."

• "Java programs still are 'the alien on your desktop'. They suck in many ways. Users have learned to avoid them and install 'real programs' instead..."

But what do Slashdot's readers think? Leave your own answers in the comments.

How dead is Java?

An AI-enhanced tool that suggests code snippets for Python developers in real time just raised $17 million in VC funding to expand its R&D team "with a focus on accelerating developer productivity."

An anonymous reader quotes VentureBeat: "Our mission is to bring the latest advancements in AI and machine learning (ML) to make writing code fluid, effortless, and more enjoyable," explained [founder Adam] Smith. "Developers using Kite can focus their productive energy toward solving the next big technical challenges, instead of searching the web for code examples illustrating mundane and frequently repeated code patterns...."

Instead of relying on the cloud to run its AI engine, Kite now runs locally on a user's computer, letting developers use it offline and without having to upload any code. (Kite still trains its machine learning models with thousands of publicly available code sources from highly rated developers.) Furthermore, running locally allows Kite to fully operate with lower latencies... In addition to ditching the cloud, the new version of Kite brings a feature the team calls Line-of-Code Completions. Until now, Kite's machine learning models could only suggest the next "token" in a line of code. Line-of-Code Completions can complete entire function calls with a single keystroke... The team boasts that Kite is "the only developer product on the market to offer such advanced completions."
"Today, Kite is used by more than 30,000 Python developers worldwide," reports VentureBeat, adding it locally-based ML plugin is available for top Python IDEs including Visual Studio Code, Atom, Sublime Text, PyCharm, IntelliJ, and Vim.

Kite's investors include the CEO of GitHub, as well as the founders of Dropbox, Paypal, and Twitch.tv, and the company hopes to eventually support more languages, starting with either Java, JavaScript, or Go.

An anonymous reader writes: Today, HackerRank released the 2019 edition of its annual Developer Skills Report (PDF), surveying over 71,000 software developers from more than 100 countries. Every single industry requires software developers, meaning competition for technical talent is fierce. The idea here is to help everyone from CEOs and executives to hiring managers and recruiters understand the developers they're pursuing. We've put together a quick video to summarize the results. HackerRank asked developers which programming languages they knew and which ones they wanted to learn. Seventy-three percent of developers said they knew JavaScript in 2018, up from 66 percent in 2017. JavaScript was 2018's most well-known language, compared to Java in 2017.

Google is asking the Supreme Court to make the final call in its infamous dispute with Oracle. "Today, the company announced it has filed a petition with the Court, asking the justices to determine the boundaries of copyright law in code," reports The Verge. From the report: The case dates back to 2010, when Oracle first accused Google of improperly using elements of Oracle's Java programming language to build Android. Oracle said that Google's use of Java application programing interfaces was a violation of copyright law. Google has responded that APIs are too fundamental to programming to be copyrighted. The case has led to two jury trials, and several rulings have doled out wins and losses to both companies over the course of eight years. Last year, a favorable Oracle decision set Google up to potentially lose billions of dollars.

Google asked for a Supreme Court hearing on the case in 2014, but the Court rejected the request at the time. The company says new issues are now at play, and is asking the Court to decide whether software interfaces can be copyrighted, and whether using them to build something new constitutes fair use under the law. In its new petition to the Supreme Court, Google says the case is not only important to copyright law, but has "sheer practical importance," as it centers around two touchstones of computing: Google's Android and Oracle's Java. The Court's intervention could alter the future of software, the company argues.

The Apache Software Foundation has released NetBeans 10.0, the second major release of the Apache NetBeans IDE. The release, said the Apache Software Foundation, is focused in adding support for JDK 11, JUnit 5, PHP, JavaScript and Groovy, as well in solving many issues. From a blog post: JDK 11 support has been enhanced in the following ways: Integration with the nb-javac project, adding support for JDK 11, removed the CORBA modules, support for JEP 309, Dynamic Class-File Constants, support for JEP 323, Local-Variable Syntax for Lambda Parameters, and support for LVTI Support for Lamdba Parameters.

PHP 7.3: You can now add trailing commas in function calls under PHP 7.3 (mailing list thread), and also use the list reference assignment, the flexible Heredoc and Nowdoc Syntaxes are also supported. [...] And more: context sensitive lexer, PHPStan support, debugger, twig, hints, suggestions, code completionâ¦â visit PHP Features Page and NetBeans 10 New and Noteworthy for more details on PHP support. JUnit 5.3.1 has been added as a new Library to NetBeans, so you can quickly add it to your Java projects. For Maven projects without no existing tests, JUnit 5 is now the default JUnit version.

A previously unknown hacker group is behind a mounting number of breaches that have been reported by local governments across the US. From a report: In a report published today, US cyber-security vendor FireEye has revealed that this yet-to-be-identified hacker group has been breaking into Click2Gov servers and planting malware that stole payment card details. Click2Gov is a popular self-hosted payments solution, a product of US software supplier Superion. It is sold primarily to US local governments, and you can find a Click2Gov server installed anywhere from small towns to large metropolitan areas, where it's used to handle payments for utility bills, permits, fines, and more.

FireEye says this new hacker group has been attacking Click2Gov portals for almost a year. The company's investigators believe hackers are using one or more vulnerabilities in one of Click2Gov's components --the Oracle WebLogic Java EE application server-- to gain a foothold and install a web shell named SJavaWebManage on hacked portals. Forensic evidence suggests the hackers are using this web shell to turn on Click2Gov's debug mode, which, in turn, starts logging payment transactions, card details included.

Thursday a bug report complained that the source code for OpenJDK, the free and open-source implementation of Java, "has too many swear words." An anonymous reader writes: "There are many instances of swear words inside OpenJDK jdk/jdk source, scattered all over the place," reads the bug report. "As OpenJDK is used in a professional context, it seems inappropriate to leave these 12 instances in there, so here's a changeset to remove them."
IBM software developer (and OpenJDK team member and contributor) Adam Farley responded that "after discussion with the community, three determinations were reached":

• "Damn" and "Crap" are not swear words.

• Three of the four f-bombs are located in jszip.js, which should be corrected upstream (will follow up).

• The f-bomb in BitArray.java, as well as the rude typo in SoftChannel.java, *are* swear words and should be removed to resolve this work item.

He promised a new webrev would be uploaded to reflect these determinations, and the bug has been marked as "resolved."