A new report published in the journal Science Direct says there is no link between insomnia and early death. The researchers reportedly "reviewed 17 studies, which covered close to 37 million people, to compile their results," the BBC notes. From the report: This new report goes against what the NHS says, which claims that as well as putting people at risk of obesity, heart disease and type 2 diabetes, that insomnia shortens life expectancy. The NHS recommends things like exercising to tire yourself out during the day and cutting down on caffeine. It also says smoking, eating too much or drinking alcohol late at night can stop you from sleeping well. Other recommendations include writing a list of things that are playing on your mind and trying to get to bed at a similar time every night. "There was no difference in the odds of mortality for those individuals with symptoms of insomnia when compared to those without symptoms," the study says. "This finding was echoed in the assessment of the rate of mortality in those with and without symptoms of insomnia using the outcomes of multivariate models, with the most complete adjustment for potential confounders, as reported by the individual studies included in this meta-analysis. Additional analyses revealed a tendency for an increased risk of mortality associated with hypnotic use."

What do Heartbleed, WannaCry, and million dollar iPhone bugs have in common? From a report: One bug affects iPhones, another affects Windows, and the third affects servers running Linux. At first glance these might seem unrelated, but in reality all three were made possible because the software that was being exploited was written in programming languages which allow a category of errors called "memory unsafety." By allowing these types of vulnerabilities, languages such as C and C++ have facilitated a nearly unending stream of critical computer security vulnerabilities for years.

Imagine you had a program with a list of 10 numbers. What should happen if you asked the list for its 11th element? Most of us would say an error of some sort should occur, and in a memory safe programming language (for example, Python or Java) that's what would happen. In a memory unsafe programming language, it'll look at wherever in memory the 11th element would be (if it existed) and try to access it. Sometimes this will result in a crash, but in many cases you get whatever happens to be at that location in memory, even if that portion of memory has nothing to do with our list. This type of vulnerability is called a "buffer-overflow," and it's one of the most common types of memory unsafety vulnerabilities. HeartBleed, which impacted 17 percent of the secure web servers on the internet, was a buffer-overflow exploit, letting you read 60 kilobytes past the end of a list, including passwords and other users' data.

An anonymous reader writes: The Ruby programming language is impacted by a similar "deserialization issue" that has affected and wreaked havoc in the Java ecosystem in 2016; an issue that later also proved to be a problem for .NET and PHP applications as well. Researchers published proof-of-concept code this week showing how to exploit serialization/deserialization operations supported by the built-in features of the Ruby programming language itself.

"Versions 2.0 to 2.5 are affected," researchers said. "There is a lot of opportunity for future work including having the technique cover Ruby versions 1.8 and 1.9 as well as covering instances where the Ruby process is invoked with the command line argument --disable-all," the elttam team added. "Alternate Ruby implementations such as JRuby and Rubinius could also be investigated."

The deserialization issues can be used for remote code execution and taking over vulnerable servers. While .NET and PHP were affected, it was Java until now that has faced the biggest issues with deserialization, earlier this year, Oracle announcing it was dropping deserialization support from the Java language's standard package.

A new study conducted at the University of Innsbruck in Austria finds that people who drink their coffee black often has psychopathic or sadistic traits. The study surveyed more than 1,000 adults about their taste preferences with foods and drinks that are bitter. They also took four different personality tests that assessed traits like narcissism, psychopathy, sadism, and aggression. From a report: Researchers found a trend that suggested a correlation between preferences for black coffee, and other bitter tastes, and sadistic or psychopathic personality traits. They also found that people who enjoyed milky or sugary coffee, and other sweet flavors, generally tended to have more "agreeable" personality traits like sympathy, cooperation, and kindness. The closest correlation found in the study was between bitter foods, like radishes and tonic water, and "everyday sadism," or the enjoyment of inflicting moderate levels of pain on others. The researchers went further, suggesting that this association between bitter foods and psychopathic tendencies could "become chronic" and get worse with time.

An anonymous reader quotes a report from ZDNet: Google announced today four new security features for securing Google accounts. These four updates are meant to bolster protections before and after users sign into accounts, but also in the case of recovering after a hack. According to Google's Jonathan Skelker, the first of these protections that Google has rolled out today comes into effect even before users start typing their username and password. In the coming future, Skelker says that Google won't allow users to sign into accounts if they disabled JavaScript in their browser. The reason is that Google uses JavaScript to run risk assessment checks on the users accessing the login page, and if JavaScript is disabled, this allows crooks to pass through those checks undetected. This change is likely to impact only a very small number of users -- around 0.01 percent according to Google's data -- but it will likely impact bots harder, as many of them run through headless browsers where this feature is turned off for performance reasons. Google also plans to pull data from Google Play Protect and list all malicious apps that are still installed on a user's Android smartphone. Google's Jonathan Skelker says they will be notifying you "whenever you share any data from your Google Account," expanding on the notifications it sends when you've granted access to sensitive information, like Gmail data or your Google Contacts.

"Last but not least is a security feature that Google plans to use after an account hack," reports ZDNet. "This feature is already live and is a new set of procedures for regaining access and re-securing compromised profiles. The procedure is detailed in this Google support page, and besides just helping users regain access to accounts, it will also help them check financial activity related to Google Pay accounts, review new files added to Gmail or Drive, and secure other accounts at other services that are tied to the main Google account."

Four years after Microsoft acquired Minecraft developer Mojang, the company has decided to open source some of Minecraft's Java code. According to Kotaku, Microsoft and Mojang released two parts of Minecraft's Java code in library form, so that "anyone can pick them up and use them in their own game," says Lead Engineer Nathan Adams. From the report: For now, there's just the two libraries: "Brigadier," a "command parser and dispatcher"; and "DataFixerUpper," designed for "incremental building, merging and optimization of data transformations ... [to convert] the game data for Minecraft: Java Edition between different versions of the game." While the news doesn't mean much for players, it will be a boon for interested programmers and developers, keen to see the guts of Minecraft. The plan is to open source more components in the future, though no time frame is specified. For now, if you want to check out Brigadier or DataFixerUpper, both can be found on Mojang's GitHub page.

After breaking into the top three most popular programming languages for the first time this month, behind C and Java, Python has also won the hearts of hackers and web nasties, according to attack statistics published this week by web security biz Imperva. From a report: The company says more than a third of daily attacks against sites the company protects come from a malicious or legitimate tool coded in Python. Imperva says that around 77 percent of all the sites the company protects, have been attacked by at least one Python-based tool. Furthermore, when the company looked at the list of tools that hackers used for their attacks, more than a quarter were coded in Python, by far the attackers' favorite tool. "Hackers, like developers, enjoy Python's advantages which makes it a popular hacking tool," the Imperva team says.

InfoWorld described the move as a "breakthrough": As expected, Python has climbed into the Top 3 of the Tiobe index of language popularity, achieving that milestone for the first time ever in the September 2018 edition of the index. With a rating of 7.653 percent, Python placed third behind first-place Java, which had a rating of 17.436 percent, and second-place C, rated at 15.447. Python displaced C++, which finished third last month and took fourth place this month, with a rating of 7.394 percent...

Python also has been scoring high in two other language rankings:

- The PyPL Popularity of Programming Language index, where it ranked No. 1 this month, as it has done before, and has had the most growth in the past five years.

- The RedMonk Programming Language Rankings, where Python again placed third.
Tiobe notes that Python's arrival in the top 3 "really took a long time," since it first entered their chart at the beginning of the 1990s. But today, "It is already the first choice at universities (for all kinds of subjects for which programming is demanded) and is now also conquering the industrial world." In February Tiobe also added a new programming language to their index: SQL. (Since "SQL appears to be Turing complete.")

"Other interesting moves this month are: Rust jumps from #36 to #31, Groovy from #44 to #34 and Julia from #50 to #39."

Programmers may love hot newer languages like Kotlin and Rust, but according to a Cloud Foundry Foundation (CFF) recent survey of global enterprise developers and IT decision makers, Java and Javascript are the top enterprise languages. ZDNet: That said, the CFF also found [PDF] that, "More and more, businesses are employing a polyglot and a multi-platform strategy to meet their exact needs." The CFF discovered 77 percent of enterprises are using or evaluating Platforms-as-a-Service (PaaS); 72 percent are using or considering containers; and 46 percent are using or thinking about serverless computing. Simultaneously, more than a third (39 percent) are using all three technologies together. For companies this "flexibility of cloud-native practices enables [companies to move] away from a monolithic approach and towards a world of computing that is flexible, portable and interoperable." That means, while Java and JavaScript are only growing ever more popular, the larger the company, the more languages are used. After the Java twins, C++, C#, Python, and PHP are the most popular languages.

An anonymous reader quotes InsideHPC: Today Julia Computing announced the Julia 1.0 programming language release, "the most important Julia milestone since Julia was introduced in February 2012." As the first complete, reliable, stable and forward-compatible Julia release, version 1.0 is the fastest, simplest and most productive open-source programming language for scientific, numeric and mathematical computing. "With today's Julia 1.0 release, Julia now provides the language stability that commercial customers require together with the unique combination of lightning speed and high productivity that gives Julia its competitive advantage compared with Python, R, C++ and Java."
The Register reports: Created by Jeff Bezanson, Stefan Karpinski, Viral Shah, and Alan Edelman, the language was designed to excel at data science, machine learning, and scientific computing.... Six years ago, Julia's creators framed their goals thus:

"We want a language that's open source, with a liberal license. We want the speed of C with the dynamism of Ruby. We want a language that's homoiconic, with true macros like Lisp, but with obvious, familiar mathematical notation like Matlab. We want something as usable for general programming as Python, as easy for statistics as R, as natural for string processing as Perl, as powerful for linear algebra as Matlab, as good at gluing programs together as the shell. Something that is dirt simple to learn, yet keeps the most serious hackers happy. We want it interactive and we want it compiled...."

In a julialang.org post announcing the milestone, the minders of the language claim to have achieved some of their goals.

Kotlin, which Google blessed last year as an alternative to Java for programming Android apps, has already made its way into almost 12 per cent of open source Android apps, and in so doing has elevated their code quality. From a report: So we're told by computer scientists Bruno Gois Mateus and Matias Martinez, affiliated with University of Valenciennes in France, who observed that Google at the end of 2017 said Kotlin had infiltrated more than 17 per cent of Android apps developed with its IDE, Android Studio 3.0. Kotlin is an open source statically typed programing language that targets the JVM, Android, JavaScript (transpiling to ES5.1) and native platforms (via LLVM). JetBrains, the company that created it, contends Kotlin is more concise and more type-safe than Java. It estimates that apps written in Kotlin require about 40 per cent less code than they would with Java. With fewer lines of code, in theory, one can expect fewer bugs. In a paper distributed through pre-print service ArXiv, "An Empirical Study on Quality of Android Applications written in Kotlin language," Mateus and Martinez describe how they gathered 925 apps from the open source F-Droid repository, measured the amount of Kotlin code in each, and analyzed the code for "smells" as an indicator of code quality.

New submitter rfengineer shares a report: Welcome to IEEE Spectrum's fifth annual interactive ranking of the top programming languages. Because no one can peer over the shoulders of every coder out there, anyone attempting to measure the popularity of computer languages must rely on proxy measures of relative popularity. In our case, this means combining metrics from multiple sources to rank 47 languages. But recognizing that different programmers have different needs and domains of interest, we've chosen not to blend all those metrics up into One Ranking to Rule Them All. [...] Python has tightened its grip on the No. 1 spot. Last year it came out on top by just barely beating out C, with Python's score of 100 to C's 99.7. But this year, there's a wider gap between first and second place, with C++ coming in at 98.4 for the No. 2 slot (last year, Java had come third with a score of 99.4, while this year its fallen to 4th place with a score of 97.5). C has fallen to third place, with a score of 98.2.

Long-time Slashdot reader Qbertino does PHP for a living, but says he's growing "increasingly frustrated with the ignorant and clueless in the vincinity of PHP." Crappy code and baaaaad application setups is one thing, but people refusing to fix them or simply not even understanding the broader implications of bad applications or attempting SEO with gadgets while refusing to fix 3.5 MB-per-pagecall are just minor tidbits in a history of increasingly unnerving run-ins with knuckledragers in the "web agency" camp...

Will I leave the larger part of this backwards stuff behind if I move to another server-side programming language such as Java or Kotlin for professional work in the broader web area? Do I have a chance to do quality work on quality projects using PHP, or are those slim compare to other programming languages? In short, should I ditch PHP?
"I think .NET is a much cleaner language to work in with Microsoft's excellent Visual Studio IDE and debugger," argues Slashdot reader Agret , adding "there are many large projects in my city hiring .NET developers and being a strongly typed language the code quality is generally better than PHP."

But what's been your experience? And would a frustrated developer find more quality projects by ditching PHP?

An anonymous reader quotes a report from Ars Technica: A team led by Martin Fussenegger of ETH Zurich in Basel has shown that caffeine can be used as a trigger for synthetic genetic circuitry, which can then in turn do useful things for us -- even correct or treat medical conditions. For a buzz-worthy proof of concept, the team engineered a system to treat type 2 diabetes in mice with sips of coffee, specifically Nespresso Volluto coffee. Essentially, when the animals drink the coffee (or any other caffeinated beverage), a synthetic genetic system in cells implanted in their abdomens switches on. This leads to the production of a hormone that increases insulin production and lowers blood sugar levels -- thus successfully treating their diabetes after a simple morning brew.

The system, published Tuesday in Nature Communications, is just the start, Fussenegger and his colleagues suggest enthusiastically. "We think caffeine is a promising candidate in the quest for the most suitable inducer of gene expression," they write. They note that synthetic biologists like themselves have long been in pursuit of such inducers that can jolt artificial genetics. But earlier options had problems. These included antibiotics that can spur drug-resistance in bacteria and food additives that can have side effects. Caffeine, on the other hand, is non-toxic, cheap to produce, and only present in specific beverages, such as coffee and tea, they write. It's also wildly popular, with more than two billion cups of coffee poured each day worldwide.

An anonymous reader quotes a report from the Seattle Times: A robot with true artificial intelligence is about to invade space. The large, round, plastic robot head is part of SpaceX's latest supply delivery to the International Space Station. Friday's pre-dawn liftoff also includes two sets of genetically identical female mice, 20 mousestronauts that will pick up where NASA's identical twin brother astronauts left off a few years ago. Super-caffeinated coffee is also flying up for the space station's java-craving crew.

As intriguing as identical space siblings and turbo-charged space coffee may be, it's the German robot -- named Cimon, pronounced Simon, after a genius doctor in science fiction's "Captain Future" -- that's stealing the show. Like HAL, the autonomous Cimon is an acronym: it stands for Crew Interactive Mobile Companion. Its AI brain is courtesy of IBM. German astronaut Alexander Gerst, who arrived at the orbiting lab a month ago, will introduce Cimon to space life during three one-hour sessions. Already savvy about Gerst's science experiments, the self-propelling Cimon will float at the astronaut's side and help, when asked, with research procedures. To get Cimon's attention, Gerst will need only to call its name. Their common language will be English, the official language of the space station.

A reminder for commenters: non-commercial use of Java remains free. An anonymous reader quotes InfoWorld: Oracle has revamped its commercial support program for Java SE (Standard Edition), opting for a subscription model instead of one that has had businesses paying for a one-time perpetual license plus an annual support fee... It is required for Java SE 8, and includes support for Java SE 7. (As of January 2019, Oracle will require a subscription for businesses to continue getting updates to Java SE 8.)

The price is $25 per month per processor for servers and cloud instances, with volume discounts available. For PCs, the price starts at $2.50 per month per user, again with volume discounts. One-, two-, and three-year subscriptions are available... The previous pricing for the Java SE Advanced program cost $5,000 for a license for each server processor plus a $1,100 annual support fee per server processor, as well as $110 one-time license fee per named user and a $22 annual support fee per named user (each processor has a ten-user minimum)...

If users do not renew a subscription, they lose rights to any commercial software downloaded during the subscription. Access to Oracle Premier Support also ends. Oracle recommends that those choosing not to renew transition to OpenJDK binaries from the company, offered under the GPL, before their subscription ends. Doing so will let users keep running applications uninterrupted.
Oracle's senior director of product management stresses that the company is "working to make the Oracle JDK and OpenJDK builds from Oracle interchangeable -- targeting developers and organisations that do not want commercial support or enterprise management tools."

Open source guru Eric Raymond warned about the possibility of security bugs in critical code which can now date back more than two decades -- in a talk titled "Rescuing Ancient Code" at last week's SouthEast Linux Fest in North Carolina. In a new interview with ITPro Today, Raymond offered this advice on the increasingly important art of "code archaeology". "Apply code validators as much as you can," he said. "Static analysis, dynamic analysis, if you're working in Python use Pylons, because every bug you find with those tools is a bug that you're not going to have to bleed through your own eyeballs to find... It's a good thing when you have a legacy code base to occasionally unleash somebody on it with a decent sense of architecture and say, 'Here's some money and some time; refactor it until it's clean.' Looks like a waste of money until you run into major systemic problems later because the code base got too crufty. You want to head that off...."

"Documentation is important," he added, "applying all the validators you can is important, paying attention to architecture, paying attention to what's clean is important, because dirty code attracts defects. Code that's difficult to read, difficult to understand, that's where the bugs are going to come out of apparent nowhere and mug you."

For a final word of advice, Raymond suggested that it might be time to consider moving away from some legacy programming languages as well. "I've been a C programmer for 35 years and have written C++, though I don't like it very much," he said. "One of the things I think is happening right now is the dominance of that pair of languages is coming to an end. It's time to start looking beyond those languages for systems programming. The reason is we've reached a project scale, we've reached a typical volume of code, at which the defect rates from the kind of manual memory management that you have to do in those languages are simply unacceptable anymore... think it's time for working programmers and project managers to start thinking about, how about if we not do this in C and not incur those crazy downstream error rates."
Raymond says he prefers Go for his alternative to C, complaining that Rust has a high entry barrier, partly because "the Rust people have not gotten their act together about a standard library."

An anonymous reader quotes SD Times Java remains the most popular primary programming language, but JavaScript is the most used programming language overall. That is according to a recently released report from JetBrains on the State of the Developer Ecosystem in 2018. The report surveyed more than 6,000 developers from 17 countries to reveal the trends driving the world of coding this year... According to the report, Java, JavaScript and Python are the top three programming languages this year, and Go is the most promising language. Twenty percent of developers use multiple versions of Go at the same time, and 26 percent set up their GOPATH per project. The top Go frameworks include Gin, Beego, Echo and Buffalo.

While 38 percent of developers have no plans to adopt any new languages this year, the top languages respondents have started to learn in the last year include Python, JavaScript, Java, Go, TypeScript and Kotlin... Eighty-two percent of respondents use IDEs while 69 percent use editors. Of those using IDEs and editors, only 12 percent cited that they don't customize their IDE/editors. In addition, 77 percent use the dark theme for their editor or IDE... Some fun facts about developers include 77 percent listen to music while they are coding; the top music to listen to includes electronic, pop and rock; 53 percent sleep seven to eight hours a night; 85 percent code on the weekends; and 57 percent prefer coffee over tea.

Kesha Williams, reporting for InfoQ (shared by numerous readers): The Java Mission Control suite of tools, also known as JMC, was open sourced by Oracle on May 3rd to much applause and excitement from the Java development community. The excitement was replaced with unease as sources reported that the entire JMC development team had been laid off. JMC is a well-known profiling and diagnostics tools suite for the Java Virtual Machine (JVM) primarily targeting systems running in production. It is used by developers to gather detailed low-level information about how the JVM and the Java application are behaving. The official open source announcement came on May 5th from Marcus Hirt, a member of the Java Platform Group at Oracle. "Just wanted to say thank you to everyone who helped open source Java Mission Control in the relatively short period of time it was done in." According to Hirt, the intent behind open sourcing JMC was to provide the community with the opportunity to add new features and capabilities to the tools suite.

An anonymous reader quotes InfoWorld: Oracle plans to drop from Java its serialization feature that has been a thorn in the side when it comes to security. Also known as Java object serialization, the feature is used for encoding objects into streams of bytes... Removing serialization is a long-term goal and is part of Project Amber, which is focused on productivity-oriented Java language features, says Mark Reinhold, chief architect of the Java platform group at Oracle.

To replace the current serialization technology, a small serialization framework would be placed in the platform once records, the Java version of data classes, are supported. The framework could support a graph of records, and developers could plug in a serialization engine of their choice, supporting formats such as JSON or XML, enabling serialization of records in a safe way. But Reinhold cannot yet say which release of Java will have the records capability. Serialization was a "horrible mistake" made in 1997, Reinhold says. He estimates that at least a third -- maybe even half -- of Java vulnerabilities have involved serialization. Serialization overall is brittle but holds the appeal of being easy to use in simple use cases, Reinhold says.