InfoWorld reports that "the once-declining C language" has "completed a comeback" -- citing its rise to second place in the Tiobe Index of language popularity, the biggest rise of any language in 2017. An anonymous reader quotes their report: Although the language only grew 1.69 percentage points in its rating year over year in the January index, that was enough beat out runners-up Python (1.21 percent gain) and Erlang (0.98 percent gain). Just five months ago, C was at its lowest-ever rating, at 6.477 percent; this month, its rating is 11.07 percent, once again putting it in second place behind Java (14.215 percent) -- although Java dropped 3.05 percent compared to January 2017. C's revival is possibly being fueled by its popularity in manufacturing and industry, including the automotive market, Tiobe believes...

But promising languages such as Julia, Hack, Rust, and Kotlin were not able to reach the top 20 or even the top 30, Tiobe pointed out. "Becoming part of the top 10 or even the top 20 requires a large ecosystem of communities and evangelists including conferences," said Paul Jansen, Tiobe managing director and compiler of the index. "This is not something that can be developed in one year's time."
For 2017 Tiobe also reports that after Java and C, the most popular programming languages were C++, Python, C#, JavaScript, Visual Basic .Net, R, PHP, and Perl.

The rival Pypl Popularity of Programming Language index calculates that the most popular languages are Java, Python, PHP, JavaScript, C#, C++, C, R, Objective-C, and Swift.

InfoWorld writes that 2017 "presented a mixed bag of improvements to both long-established and newer programming languages." An anonymous reader quotes their report: Developers followed a soap opera over Java, with major disagreements over a modularization plan for standard Java and, in a surprising twist, Oracle washing its hands of the Java EE enterprise variant. Microsoft's TypeScript, meanwhile, has increased in popularity by making life easier for developers looking for an alternative to JavaScript. Microsoft also launched Q#, a language for quantum computing...

In web development, developers received a lot of help building with JavaScript itself or with JavaScript alternatives. Among the tools released in 2017 were: Google's Angular 5 JavaScript framework, released in November, featuring a build optimizer and supports progressive web apps and use of Material Design components... And React, the JavaScript UI library from Facebook, went to Version 16 in September, featuring a rewriting of the React core to boost responsiveness for complex applications...

TypeScript was not the only JavaScript alternative making waves this year. For web developers who would rather use Google's Go (Golang) language instead of JavaScript, the beta Joy compiler introduced in December promises to allow cross-compilation. Another language that offers compilation to JavaScript -- although it began on the JVM -- is Kotlin, which has experienced rising fortunes this year. It was boosted considerably by Google endorsing it in May for building Android applications, which has been chiefly the domain of Java...
2017 also saw the release of the long-awaited C++ 17.

Another 2017 memory: Eric Raymond admitting that he hates C++, and predicting that Go (but not Rust) will eventually replace C -- if not a new language like Cx.

hjf writes: On December 2nd, Twitter user Noah Dinkin tweeted a screenshot that showed that Starbucks' in-store "free WiFi" is using their captive portal to briefly mine the Monero cryptocurrency during the 10-second delay splash screen. Starbucks has not yet responded to the tweet, and neither has their wifi provider, Fibertel Argentina. While Dinkin mentioned that the culprit behind the scheme could be Starbucks' in-store wifi provider, it's possible that a cybercriminal could have hacked their website to place CoinHive code secretly. HackRead notes that "just a few days ago researchers identified more than 5,000 sites that were hijacked to insert CoinHive code, yet Starbucks' direct involvement is still unclear." CoinHive is a company that produces a JavaScript miner for the Monero Blockchain that you can embed in your website. Any coins mined by the browser are sent to the owner of the website.

schwit1 shares a Recode report: The story that appeared in Quartz this November seemed shocking enough on its own: Google had quietly tracked the location of its Android users, even those who had turned off such monitoring on their smartphones. But missing from the news site's report was another eyebrow-raising detail: Some of its evidence, while accurate, appears to have been furnished by one of Google's fiercest foes: Oracle. For the past year, the software and cloud computing giant has mounted a cloak-and-dagger, take-no-prisoners lobbying campaign against Google, perhaps hoping to cause the company intense political and financial pain at a time when the two tech giants are also warring in federal court over allegations of stolen computer code. Since 2010, Oracle has accused Google of copying Java and using key portions of it in the making of Android. Google, for its part, has fought those claims vigorously. More recently, though, their standoff has intensified. And as a sign of the worsening rift between them, this summer Oracle tried to sell reporters on a story about the privacy pitfalls of Android, two sources confirmed to Recode.

Slashdot reader Beeftopia shares "a detailed history of WebAssembly...from one of the developers." IEEE Spectrum reports that "Like a lot of stories about tech innovation, this one started with video games." [Mozilla's Alon Zakai] wanted to take a game he had helped write in C++ and convert it to JavaScript code that would run well on the Web. This was in 2010, and back then, converting C++ to JavaScript was unthinkable... so he started working to adapt an open-source tool that could translate C++ code into JavaScript automatically. He called his project Emscripten... we were able to formalize the permitted JavaScript patterns, to make the contract between Emscripten and the browser completely clear. We named the resulting subset of JavaScript asm.js... I would optimize the JavaScript engine in Firefox to run the resulting code even faster...

This brings us to the present... Emscripten can take code written in C++ and convert it directly into WebAssembly. And there will be ways in time to run other languages as well, including Rust, Lua, Python, Java, and C#. With WebAssembly, multimillion-line code bases can now load in a few seconds and then run at 80 percent of the speed of native programs. And both load time and execution speed are expected to improve as the browser engines that run the code are made better.
They'd started with a C++ game because "If we could make games run well on the Web, other computationally intensive applications would soon follow."

The article -- by Mozilla software engineer Luke Wagner -- remembers that the name Emscripten was a "a mash-up of 'script' from JavaScript and 'embiggen' from the TV show The Simpsons."

Open source guru Eric S. Raymond followed up his post on alternatives to C by explaining why he won't touch C++ any more, calling the story "a launch point for a disquisition on the economics of computer-language design, why some truly unfortunate choices got made and baked into our infrastructure, and how we're probably going to fix them." My problem with [C++] is that it piles complexity on complexity upon chrome upon gingerbread in an attempt to address problems that cannot actually be solved because the foundational abstractions are leaky. It's all very well to say "well, don't do that" about things like bare pointers, and for small-scale single-developer projects (like my eqn upgrade) it is realistic to expect the discipline can be enforced. Not so on projects with larger scale or multiple devs at varying skill levels (the case I normally deal with)... C is flawed, but it does have one immensely valuable property that C++ didn't keep -- if you can mentally model the hardware it's running on, you can easily see all the way down. If C++ had actually eliminated C's flaws (that is, been type-safe and memory-safe) giving away that transparency might be a trade worth making. As it is, nope.
He calls Java a better attempt at fixing C's leaky abstractions, but believes it "left a huge hole in the options for systems programming that wouldn't be properly addressed for another 15 years, until Rust and Go." He delves into a history of programming languages, touching on Lisp, Python, and programmer-centric languages (versus machine-centric languages), identifying one of the biggest differentiators as "the presence or absence of automatic memory management." Falling machine-resource costs led to the rise of scripting languages and Node.js, but Raymond still sees Rust and Go as a response to the increasing scale of projects.
Eventually we will have garbage collection techniques with low enough latency overhead to be usable in kernels and low-level firmware, and those will ship in language implementations. Those are the languages that will truly end C's long reign. There are broad hints in the working papers from the Go development group that they're headed in this direction... Sorry, Rustaceans -- you've got a plausible future in kernels and deep firmware, but too many strikes against you to beat Go over most of C's range. No garbage collection, plus Rust is a harder transition from C because of the borrow checker, plus the standardized part of the API is still seriously incomplete (where's my select(2), again?).

The only consolation you get, if it is one, is that the C++ fans are screwed worse than you are. At least Rust has a real prospect of dramatically lowering downstream defect rates relative to C anywhere it's not crowded out by Go; C++ doesn't have that.

An anonymous reader shares a report from Android Police: Google's in-development operating system, named "Fuchsia," first appeared over a year ago. It's quite different from Android and Chrome OS, as it runs on top of the real-time "Magenta" kernel instead of Linux. According to recent code commits, Google is working on Fuchsia OS support for the Swift programming language. If you're not familiar with it, Swift is a programming language developed by Apple, which can be used to create iOS/macOS/tvOS/watchOS applications (it can also compile to Linux). Apple calls it "Objective-C without the C," and on the company's own platforms, it can be mixed with existing C/Objective-C/C++ code (similar to how apps on Android can use both Kotlin and Java in the same codebase). We already know that Fuchsia will support apps written in Dart, a C-like language developed by Google, but it looks like Swift could also be supported. On Swift's GitHub repository, a pull request was created by a Google employee that adds Fuchsia OS support to the compiler. At the time of writing, there are discussions about splitting it into several smaller pull requests to make reviewing the code changes easier.

Slashdot reader boudie2 tipped us off to some Linux news. Liliputing reports: Samsung's DeX dock lets you connect one of the company's recent phones to an external display, mouse, and keyboard to use your phone like a desktop PC... assuming you're comfortable with a desktop PC that runs Android. But soon you may also be able to use your Android phone as a Linux PC [and] the company has released a brief video that provides more details. One of those details? At least one of the Linux environments in question seems to be Ubuntu 16.04... While that's the only option shown, the fact that it does seem to be an option suggests you may be able to run different Linux environments as well.

Once Ubuntu is loaded, the video shows a user opening Eclipse, an integrated development environment that's used to create Java (and Android apps). In other words, you can develop apps for Android phones with ARM-based processors on an Android phone with an ARM-based processor.
Samsung promised in October that its Linux on Galaxy app will ultimately let users "run their preferred Linux distribution on their smartphones utilizing the same Linux kernel that powers the Android OS."

On this day, eight years ago, a group of programmers at Google released Go, a brand-new open-source programming language that they hoped would solve some of the problems they faced with Java, C++ and other programming languages. In the past eight years, Go has gotten a tremendous traction, with Go helping drive several services running inside Google. The company, on its part, has added a handful of features to Go, including a revamped garbage collector in 2015, and support for various ARM processors. From a blog post: Go has been embraced by developers all over the world with approximately one million users worldwide. In the freshly published 2017 Octoverse by GitHub, Go has become the #9 most popular language, surpassing C. Go is the fastest growing language on GitHub in 2017 in the top 10 with 52% growth over the previous year. In growth, Go swapped places with Javascript, which fell to the second spot with 44%. In Stack Overflow's 2017 developer survey, Go was the only language that was both on the top 5 most loved and top 5 most wanted languages. People who use Go, love it, and the people who aren't using Go, want to be. [...] Since Go was first open sourced we have had 10 releases of the language, libraries and tooling with more than 1680 contributors making over 50,000 commits to the project's 34 repositories; More than double the number of contributors and nearly double the number of commits from only two years ago. This year we announced that we have begun planning Go 2, our first major revision of the language and tooling.

A user writes: Barreling towards my late 40s, I've enjoyed 25+ years of coding for a living, working in telecoms, government, and education. In recent years, it's been typical enterprise Java stuff. Looking around, I'm pretty much always the oldest in the room. So where are the other old guys? I can't imagine they've all moved up the chain into management. There just aren't enough of those positions to absorb the masses of aging coders. Clearly there *are* older workers in software, but they are a minority. What sectors have the others gone into? Retired early? Low-wage service sector? Genuinely interested to hear your story about having left the field, willfully or otherwise.

For Slashdot's 20th anniversary, "What could be geekier than celebrating with the help of an open-source neural network?" Neural network hobbyist Janelle Shane has already used machine learning to generate names for paint colors, guinea pigs, heavy metal bands, and even craft beers, she explains on her blog. "Slashdot sent me a list of all the headlines they've ever run, over 162,000 in all, and asked me to train a neural network to try to generate more." Could she distill 20 years of news -- all of humanity's greatest technological advancements -- down to a few quintessential words?

She trained it separately on the first decade of Slashdot headlines -- 1997 through 2007 -- as well as the second decade from 2008 to the present, and then re-ran the entire experiment using the whole collection of every headline from the last 20 years. Among the remarkable machine-generated headlines?

• Microsoft To Develop Programming Law
• More Pong Users for Kernel Project
• New Company Revises Super-Things For Problems
• Steve Jobs To Be Good

But that was just the beginning...

Sarah Jeong at The Verge has an interesting profile of William H. Alsup, the judge in Oracle v. Google case, who to many's surprise was able to comment on the technical issues that Oracle and Google were fighting about. Alsup admits that he learned the Java programming language only so that he could better understand the substance of the case. Here's an excerpt from the interview: On May 18th, 2012, attorneys for Oracle and Google were battling over nine lines of code in a hearing before Judge William H. Alsup of the northern district of California. The first jury trial in Oracle v. Google, the fight over whether Google had hijacked code from Oracle for its Android system, was wrapping up. The argument centered on a function called rangeCheck. Of all the lines of code that Oracle had tested -- 15 million in total -- these were the only ones that were "literally" copied. Every keystroke, a perfect duplicate. It was in Oracle's interest to play up the significance of rangeCheck as much as possible, and David Boies, Oracle's lawyer, began to argue that Google had copied rangeCheck so that it could take Android to market more quickly. Judge Alsup was not buying it. "I couldn't have told you the first thing about Java before this trial," said the judge. "But, I have done and still do a lot of programming myself in other languages. I have written blocks of code like rangeCheck a hundred times or more. I could do it. You could do it. It is so simple." It was an offhand comment that would snowball out of control, much to Alsup's chagrin. It was first repeated among lawyers and legal wonks, then by tech publications. With every repetition, Alsup's skill grew, until eventually he became "the judge who learned Java" -- Alsup the programmer, the black-robed nerd hero, the 10x judge, the "master of the court and of Java."

Slashdot reader Orome1 quotes Help Net Security: A group of Virginia Tech researchers has analyzed hundreds of posts on Stack Overflow, a popular developer forum/Q&A site, and found that many of the developers who offer answers do not appear to understand the security implications of coding options, showing a lack of cybersecurity training. Another thing they discovered is that, sometimes, the most upvoted posts/answers contain insecure suggestions that introduce security vulnerabilities in software, while correct fixes are less popular and visible simply because they have been offered by users with a lower reputation score...

The researchers concentrated on posts relevant to Java security, from both software engineering and security perspectives, and on posts addressing questions tied to Spring Security, a third-party Java framework that provides authentication, authorization and other security features for enterprise applications... Developers are frustrated when they have to spend too much time figuring out the correct usage of APIs, and often end up choosing completely insecure-but-easy fixes such as using obsolete cryptographic hash functions, disabling cross-site request forgery protection, trusting all certificates in HTTPS verification, or using obsolete communication protocols. "These poor coding practices, if used in production code, will seriously compromise the security of software products," the researchers pointed out.
The researchers blame "the rapidly increasing need for enterprise security applications, the lack of security training in the software development workforce, and poorly designed security libraries." Among their suggested solutions: new developer tools which can recognize security errors and suggest patches.

An anonymous reader quotes TechRepublic: On Wednesday, IBM revealed the Open Liberty project, open sourcing its WebSphere Liberty code on GitHub to support Java microservices and cloud-native apps. The company created Liberty five years ago to help developers more quickly and easily create applications using agile and DevOps principles, according to an IBM developerWorks blog post from Ian Robinson, WebSphere Foundation chief architect at IBM... Developers can also choose to move to the commercial versions of WebSphere Liberty at any time, he noted, which include technical support and more specialized features... "We hope Open Liberty will help more developers turn their ideas into full-fledged, enterprise ready apps," Robinson wrote. "We also hope it will broaden the WebSphere family to include more ideas and innovations to benefit the broader Java community of developers at organizations big and small."
IBM argues that Open Liberty, along with the OpenJ9 VM they open sourced last week, "provides the full Java stack from IBM with a fully open licensing model."

Interestingly, Slashdot ran a story asking "IBM WebSphere SE To Be Opened?" -- back in 2000.

rastos1 writes: Oracle has announced the general availability of Java SE 9 (JDK 9), Java Platform Enterprise Edition 8 (Java EE 8) and the Java EE 8 Software Development Kit (SDK). JDK 9 is a production-ready implementation of the Java SE 9 Platform Specification, which was recently approved together with Java EE 8 in the Java Community Process (JCP). Java SE 9 provides more than 150 new features, including a new module system and improvements that bring more scalability, improved security, better performance management and easier development to the world's most popular programming platform.

According to a new survey, coders with a bachelor's degree in computer science only earn 3,000 British Pounds (BP) more a year than those who don't have one. The survey of 4,700 developers in the UK was conducted by Stack Overflow, a community site frequented by developers for answers to technical questions. The Register reports the findings: This is despite the average degree now costing 9,000 BP a year in tuition fees alone. Average student debt is now more than 50,000 BP, according the Institute of Fiscal Studies. The research found that the median salary of those who did not have higher education was 35,000 BP per year, while those who gained a bachelor's degree earned 38,000 BP and postgraduates took home 42,000 BP. It found that 48 per cent of developers with less than four years of professional experience currently hold a Computer Science-related undergraduate degree, while 49 per cent had completed an online course instead. The research also found that JavaScript developers were most in demand, with almost 27 per cent of jobs advertised on Stack Overflow now requiring this skill, followed by Java (22 per cent), Python (16 per cent), C# (15 per cent) and ReactJS (9 per cent).

IBM has open sourced a "high performance, scalable virtual machine" with "a great pedigree... [it's] at the core of many IBM enterprise software products." Slashdot reader dxb1230 writes: IBM has open sourced their JDK/JVM implementation named J9 as OpenJ9. The community now has an alternative implementation of Java which has been well tested on enterprise workloads and hardware. This unlike, OpenJDK, has all the bells and whistles like jit.

Oracle has chosen the Eclipse Foundation to be the new home of the Java Platform Enterprise Edition (Java EE), the company announced this week. Oracle made the decision in collaboration with IBM and Red Hat, the two other largest contributors to the platform. From a report: "The Eclipse Foundation has strong experience and involvement with Java EE and related technologies," wrote Oracle software evangelist David Delabassee in a blog post. This will help us transition Java EE rapidly, create community-friendly processes for evolving the platform, and leverage complementary projects such as MicroProfile. We look forward to this collaboration." Mike Milinkovich, executive director of the Eclipse Foundation, is optimistic about this move, which he said is exactly what the enterprise Java needs and what the community has been hoping for.

The blame for the record-breaking cybersecurity breach that affects at least 143 million people falls on the open-source server framework, Apache Struts, according to an unsubstantiated report by equity research firm Baird. The firm's source, per one report, is believed to be Equifax. ZDNet reports: Apache Struts is a popular open-source software programming Model-View-Controller (MVC) framework for Java. It is not, as some headlines have had it, a vendor software program. It's also not proven that Struts was the source of the hole the hackers drove through. In fact, several headlines -- some of which have since been retracted -- all source a single quote by a non-technical analyst from an Equifax source. Not only is that troubling journalistically, it's problematic from a technical point of view. In case you haven't noticed, Equifax appears to be utterly and completely clueless about their own technology. Equifax's own data breach detector isn't just useless: it's untrustworthy. Adding insult to injury, the credit agency's advice and support site looks, at first glance, to be a bogus, phishing-type site: "equifaxsecurity2017.com." That domain name screams fake. And what does it ask for if you go there? The last six figures of your social security number and last name. In other words, exactly the kind of information a hacker might ask for. Equifax's technical expertise, it has been shown, is less than acceptable. Could the root cause of the hack be a Struts security hole? Two days before the Equifax breach was reported, ZDNet reported a new and significant Struts security problem. While many jumped on this as the security hole, Equifax admitted hackers had broken in between mid-May through July, long before the most recent Struts flaw was revealed. "It's possible that the hackers found the hole on their own, but zero-day exploits aren't that common," reports ZDNet. "It's far more likely that -- if the problem was indeed with Struts -- it was with a separate but equally serious security problem in Struts, first patched in March." The question then becomes: is it the fault of Struts developers or Equifax's developers, system admins, and their management? "The people who ran the code with a known 'total compromise of system integrity' should get the blame," reports ZDNet.

T-Mobile offered the fastest internet speed to subscribers between Q1 and Q2 of 2017 (which ended in June), according to the Wirefly Speed Test, which combed through thousands of test results made using its service. T-Mobile scored highest in overall speed while Verizon ended up with a close second spot, Wirefly, which doesn't require Java or Flash for its tests, added. AT&T and Sprint rounded out the ranking at third and fourth, respectively, the report added, which was done in collaboration with SourceForge. T-Mobile also topped the chart for offering the fastest mobile download speed. An anonymous user writes: T-Mobile offered 22.18 Mbps download speed, while Verizon Wireless ended up with another close second with 21.45 Mbps download. AT&T came in with an average download speed of 17.00 Mbps, and Sprint was trailing all with 15.76 Mbps. Verizon finished with the fastest average upload speed at 16.06 Mbps. You can read the full report here.