"The .NET ecosystem is affected by a similar flaw that has wreaked havoc among Java apps and developers in 2016," reports BleepingComputer. An anonymous reader writes: The issue at hand is in how some .NET libraries deserialize JSON or XML data, doing it in a total unsecured way, but also how developers handle deserialization operations when working with libraries that offer optional secure systems to prevent deserialized data from accessing and running certain methods automatically. The issue is similar to a flaw known as Mad Gadget (or Java Apocalypse) that came to light in 2015 and 2016. The flaw rocked the Java ecosystem in 2016, as it affected the Java Commons Collection and 70 other Java libraries, and was even used to compromise PayPal's servers.

Organizations such as Apache, Oracle, Cisco, Red Hat, Jenkins, VMWare, IBM, Intel, Adobe, HP, and SolarWinds , all issued security patches to fix their products. The Java deserialization flaw was so dangerous that Google engineers banded together in their free time to repair open-source Java libraries and limit the flaw's reach, patching over 2,600 projects. Now a similar issue was discovered in .NET. This research has been presented at the Black Hat and DEF CON security conferences. On page 5 [of this PDF], researchers included reviews for all the .NET and Java apps they analyzed, pointing out which ones are safe and how developers should use them to avoid deserialization attacks when working with JSON data.

An anonymous reader writes: Palo Alto-based HackerRank, which offers online programmng challenges, "dug into our data of about 450,000 unique U.S. developers to uncover which states are home to the best software engineers, and which pockets of the country have the highest rate of developer growth." Examining the 24 months from 2015 through the end of 2016, they calculated the average score for each state in eight programming-related domains. (Algorithms, data structures, functional programming, math, Java, Ruby, C++, and Python.) But it seems like low-population states would have fewer people taking the tests, meaning a disproportionate number of motivated and knowledgeable test takers could drastically skew the results. Sure enough, Wyoming -- with a population of just 584,153 -- has the smallest population of any U.S. state, but the site's second-highest average score, and the top score in three subject domains -- Ruby, data structures, and algorithms. And the District of Columbia -- population 681,170 -- has the highest average score for functional programming.

California, New York and Virginia still had the highest number of developers using the site, while Alaska, Wyoming and South Dakota not surprisingly had the least number of developers. But maybe the real take-away is that programmers are now becoming more distributed. HackerRank's announcement notes that the site "found growing developer communities and skilled developers all across the country. Previously, the highest concentrations of developers did not stray far from the tech hubs in California. Hawaii, Colorado, Virginia, and Nevada demonstrated the fastest growth in terms of developer activity on the HackerRank platform..." In addition, "we've had a noticeable uptick in customers across industries, from healthcare to retail and finance, with strong demand for identifying technical skills quickly."
Their conclucion? "Today, as the demand for developers goes beyond technology and as there is more opportunity to work remotely, there's a more distributed workforce of skilled developers across the nation, from the Rust Belt to the East Coast... Software developers aren't just attached to VCs, startups or Silicon Valley anymore."

An anonymous reader quotes IEEE Spectrum's annual report on the top programming languages: As with all attempts to rank the usage of different languages, we have to rely on various proxies for popularity. In our case, this means having data journalist Nick Diakopoulos mine and combine 12 metrics from 10 carefully chosen online sources to rank 48 languages. But where we really differ from other rankings is that our interactive allows you choose how those metrics are weighted when they are combined, letting you personalize the rankings to your needs. We have a few preset weightings -- a default setting that's designed with the typical Spectrum reader in mind, as well as settings that emphasize emerging languages, what employers are looking for, and what's hot in open source...

Python has continued its upward trajectory from last year and jumped two places to the No. 1 slot, though the top four -- Python, C, Java, and C++ -- all remain very close in popularity. Indeed, in Diakopoulos's analysis of what the underlying metrics have to say about the languages currently in demand by recruiting companies, C comes out ahead of Python by a good margin... Ruby has fallen all the way down to 12th position, but in doing so it has given Apple's Swift the chance to join Google's Go in the Top Ten... Outside the Top Ten, Apple's Objective-C mirrors the ascent of Swift, dropping down to 26th place. However, for the second year in a row, no new languages have entered the rankings. We seem to have entered a period of consolidation in coding as programmers digest the tools created to cater to the explosion of cloud, mobile, and big data applications.
"Speaking of stabilized programming tools and languages," the article concludes, "it's worth noting Fortran's continued presence right in the middle of the rankings (sitting still in 28th place), along with Lisp in 35th place and Cobol hanging in at 40th."

An anonymous reader quotes InfoWorld:With a new round of voting completed this week, the Java Community Process Executive Committee passed by a 24-0 vote the Java Platform Module System public review ballot, the subject of Java Specification Request 376. In May, the same group, citing concerns over the plan being disruptive and lacking consensus, voted the measure down, 13 to 10... Red Hat, which voted no on the previous ballot but abstained from the latest one, said there were still several items in the current proposal that it wanted further work on. "However, we do not want to delay the Java 9 release," Red Hat said. Getting "real world" feedback on the modularity system will be key to determine where further changes need to occur, Red Hat said. The Eclipse Foundation, Hazelcast, and Twitter, all of which voted no previously and yes this time around, cited sufficient progress with modularity.
Java 9 is still slated for release on September 21st.

An anonymous reader shares their thoughts on language popuarity: In the PYPL index, which is based on Google searches and is supposed to be forward looking, the trend is unmistakable. Python is rising fast and Java and others are declining. Combine this with the fact that Python is now the most widely taught language in the universities. In fields such as data science and machine learning, Python is already dominating. "Python where you can, C++ where you must" enterprises are following suit too, especially in data science but for everything else from web development to general purpose computing...

People who complain that you can't build large scale systems without a compiler likely over-rely on the latter and are slaves to IDEs. If you write good unit tests and enforce Test Driven Development, the compiler becomes un-necessary and gets in the way. You are forced to provide too much information to it (also known as boilerplate) and can't quickly refactor code, which is necessary for quick iterations.
The original submission ends with a question: "Is Python going to dominate in the future?" Slashdot readers should have some interesting opinions on this. So leave your own thoughts in the comments. Will Python become the dominant programming language?

Qbertino writes: I'm about to move on in my career after having a "short rethink and regroup break" and was for quite some time now thinking about getting into perhaps a new programming language and technology, like NodeJS or Java/Kotlin or something. But I have the seriously growing suspicion that artificial intelligence is coming for us programmers and IT experts faster than we might want to admit. Just last weekend I heard myself saying to a friend who was a pioneer on the web, "AI is today what the web was in 1993" -- I think that to be very true. So just 20 minutes ago I started thinking and wondering about what types of jobs there are in AI. Is anything popping up in the industry from the AI hype and what are these positions called, what do they precisely do and what are the skills needed to do them? I suspect something like an "AI Architect" for planning AI setups and clearly defining the boundaries of what the AI is supposed to do and explore. Then I presume the requirements for something like an "AI Maintainer" and/or "AI Trainer," which would probably resemble something like an admin of a big data storage, looking at statistics and making educated decisions on which "AI Training Paths" the AI should continue to explore to gain the skill required and deciding when the "AI" is ready to be let go on to the task. You're seeing we -- AFAIK -- don't even have names for these positions yet, but I suspect, just as in the internet/web boom 20 years ago, that is about to change *very* fast.

And what about Tensor Flow? Should I toy around with it or are we past that stage already and will others do AI setup and installation better than me before I know how this thing really works? Because I also suspect most of the AI work for humans will closely be tied to services and providers such as Google. You know, renting "AI" as you rent webspace or subscribe to bandwidth today. Any services and industry vendors I should look into -- besides the obvious Google that is? In a nutshell, what work is there in the field of AI that can be done and how do I move into that? Like now. And what should I maybe get a degree in if I want to be on top of this AI thing? And how would you go about gaining skill and knowledge on AI today, and I mean literally, today. I know, tons of questions but insightful advice is requested from an educated slashdot crowd. And I bet I'm not the only one interested in this topic. Thanks.

An anonymous reader quotes InfoWorld: Java 9 won't be released on July 27 after all. Oracle has proposed that Java 9 Standard Edition be delayed until September 21 so the open source community that is finalizing Java 9 can address the ongoing controversy over a planned but later rejected approach to modularity, said Georges Saab, vice president of software development in the Java platform group at Oracle and chairman of the OpenJDK governing board...

The [Java Platform Module System] measure was sent back to the proposal's expert group for further discussion. Since then, the group has reached consensus on addressing the modularity concerns, Saab said. But they cannot rework Java 9 in time for the original July 27 release date... If the revised JSR 376 approved, as expected, work can proceed on implementing it in the official version of Java 9 SE. This setback for Java 9s upcoming upgrade, however, should just be temporary, with Oracle expecting a more rapid cadence of Java SE releases going forward, Saab said.

Tech analyst James Governor argues that Amazon's cloud business is "demolishing the cult of youth." It just announced it is hiring James Gosling, one of the original inventors of Java... Meanwhile James Hamilton continues to completely kick ass in compute, network, and data center design for AWS... He's in his 50s. Tim Bray, one of the inventors of XML, joined Amazon in 2014. He's another Sun alumni. He's 61 now. He still codes. When you sit down with one of the AWS engineering teams you're sitting down with grownups... Adrian Cockcroft joined AWS in October 2016. He graduated in 1982, not 2002. He is VP Cloud Architecture Strategy at AWS, a perfect role for someone that helped drive Netflix's transition from on-prem Java hairball to serious cloud leadership.

Great engineering is not maths -- it involves tradeoffs, wisdom and experience... The company puts such a premium on independent groups working fast and making their own decisions it requires a particular skillset, which generally involves a great deal of field experience. A related trend is hiring seasoned marketing talent from the likes of IBM. Some other older companies have older distinguished engineers because they grew up with the company. AWS is explicitly bringing that experience in. It's refreshing to the see a different perspective on value.
In a later post the analyst acknowledges engineering managers are generally older than their reports, but adds that "If AWS sees value in hiring engineering leadership from folks that are frankly a bit older than the norm in the industry, isn't that worth shining a light on?" In response to the article, XML inventor Tim Bray suggested a new acronym: GaaS. "Geezers as a service," while Amazon CTO Werner Vogels tweeted "There is no compression algorithm for experience."

An anonymous reader shares Computerworld's interview with David Michael Smith of Gartner. "Most enterprises still have a 'standard' browser, and most of the time, that's something from Microsoft. These days it's IE11. But we've found that people actually use Chrome more than IE... It's the most-used browser in enterprise," he said... IE retains a sizable share -- Smith called it "a significant presence" -- largely because it's still required in most companies. "There are a lot of [enterprise] applications that only work in IE, because [those apps] use plug-ins," Smith said, ticking off examples like Adobe Flash, Java and Microsoft's own Silverlight. "Anything that requires an ActiveX control needs IE."

Many businesses have adopted the two-prong strategy that Gartner and others began recommending years ago: Keep a "legacy" browser to handle older sites, services and web apps, but offer another for everything else... Chrome, said Smith, is now the "overwhelming choice" as the modern enterprise browser... Smith wasn't optimistic that Edge would supplant Chrome, even when Windows 10 is widely deployed on corporate computers in the next few years. "Edge certainly will have opportunities" once Windows 10 is the enterprise-standard OS, "but I would say that Chrome has a lot of momentum, largely for the fact that it is so popular on the internet."
While a year ago Chrome and Microsoft's browsers both held 41% of the browser market share, now Chrome holds 59% to just 24% for both IE and Edge combined.

Responding to Firefox marketing head Eric Petitt's blog post from earlier this week, Andreas Gal, former chief technology officer of Mozilla (who spent seven years at the company) offers his insights. Citing latest market share figures, Gal says "it's safe to say that Chrome is eating the browser market, and everyone else except Safari is getting obliterated." From his blog post (edited and condensed for length): With a CEO transition about 3 years ago there was a major strategic shift at Mozilla to re-focus efforts on Firefox and thus the Desktop. Prior to 2014 Mozilla heavily invested in building a Mobile OS to compete with Android: Firefox OS. I started the Firefox OS project and brought it to scale. While we made quite a splash and sold several million devices, in the end we were a bit too late and we didn't manage to catch up with Android's explosive growth. Mozilla's strategic rationale for building Firefox OS was often misunderstood. Mozilla's founding mission was to build the Web by building a browser. [...] Browsers are a commodity product. They all pretty much look the same and feel the same. All browsers work pretty well, and being slightly faster or using slightly less memory is unlikely to sway users. If even Eric -- who heads Mozilla's marketing team -- uses Chrome every day as he mentioned in the first sentence, it's not surprising that almost 65% of desktop users are doing the same. [...] I don't think there will be a new browser war where Firefox or some other competitor re-captures market share from Chrome. It's like launching a new and improved horse in the year 2017. We all drive cars now. Some people still use horses, and there is value to horses, but technology has moved on when it comes to transportation. Does this mean Google owns the Web if they own Chrome? No. Absolutely not. Browsers are what the Web looked like in the first decades of the Internet. Mobile disrupted the Web, but the Web embraced mobile and at the heart of most apps beats a lot of JavaScript and HTTPS and REST these days. The future Web will look yet again completely different. Much will survive, and some parts of it will get disrupted.

The legendary computer scientist and founder of Java, James Gosling, is joining forces with Amazon Web Services. Gosling made the announcement today on Facebook saying that he's "starting a new Adventure" with the cloud computing juggernaut as a Distinguished Engineer. GeekWire reports: Gosling wrote Java, one of the most widely used programming languages in the history of computing, while at Sun Microsystems in the early 1990s. After leaving Sun following its acquisition by Oracle, Gosling did a short stint at Google before settling in for almost six years at Liquid Robotics, which is working on an autonomous boat called the Wave Glider. He likely ruffled a few feathers in Seattle last year after speaking out about fears of cloud vendor lock-in. "You get cloud providers like Amazon saying: 'Take your applications and move them to the cloud.' But as soon as you start using them you're stuck in that particular cloud," he said at IP Expo according to The Inquirer, echoing the sentiment of some skeptical IT organizations burned by enterprise vendors in the past.

Slashdot reader snydeq shares an InfoWorld article identifying "The Working Dead: IT Jobs Bound For Extinction." Here's some of its predictions.

• The president of one job leadership consultancy argues C and C++ coders will soon be as obsolete as Cobol programmers. "The entire world has gone to Java or .Net. You still find C++ coders in financial companies because their systems are built on that, but they're disappearing."
• A data scientist at Stack Overflow "says demand for PHP, WordPress, and LAMP skills are seeing a steady decline, while newer frameworks and languages like React, Angular, and Scala are on the rise."
• The CEO and co-founder of an anonymous virtual private network service says "The rise of Azure and the Linux takeover has put most Windows admins out of work. Many of my old colleagues have had to retrain for Linux or go into something else entirely."
• In addition, "Thanks to the massive migration to the cloud, listings for jobs that involve maintaining IT infrastructure, like network engineer or system administrator, are trending downward, notes Terence Chiu, vice president of careers site Indeed Prime."
• The CTO of the job site Ladders adds that Smalltalk, Flex, and Pascal "quickly went from being popular to being only useful for maintaining older systems. Engineers and programmers need to continually learn new languages, or they'll find themselves maintaining systems instead of creating new products."
• The president of Dice.com says "Right now, Java and Python are really hot. In five years they may not be... jobs are changing all the time, and that's a real pain point for tech professionals."

But the regional dean of Northeastern University-Silicon Valley has the glummest prediction of all. "If I were to look at a crystal ball, I don't think the world's going to need as many coders after 2020. Ninety percent of coding is taking some business specs and translating them into computer logic. That's really ripe for machine learning and low-end AI."

In addition to Java and C++, Google announced at its I/O 2017 conference today that Android is gaining official support for the Kotlin programming language. VentureBeat reports: Kotlin is developed by JetBrains, the same people who created IntelliJ. Google describes Kotlin, which is an open sourced project under the Apache 2.0 license, as "a brilliantly designed, mature language that we believe will make Android development faster and more fun." The company notes that some have already adopted the programming language for their production apps, including Expedia, Flipboard, Pinterest, and Square. There are already many enthusiastic Kotlin developers for Android, and the company says it is simply listening to what the community wants. But Google's choice didn't just come down to the team believing Kotlin will make writing Android apps easier. Developers will be happy to know that Kotlin's compiler emits Java byte-code. Kotlin can call Java, and Java can call Kotlin. Indeed, "the effortless interoperation between the two languages" was a large part of Kotlin's appeal to the Android team. This means you can add as little or as much Kotlin into your existing codebase as you want, mixing the two languages freely within the same project. Calling out to Kotlin code from Java code should just work, while calling to Java code requires some automatically applied translation conventions.

An anonymous reader writes: Saturday night saw the announcement of an experimental Perl 5 to Java compiler. "This is the first release," posted developer FlÃvio S. Glock -- after 100 weeks of development. "Note that you don't need to compile a Java file. Perlito5 now compiles the Perl code to JVM bytecode in memory and executes it." He describes the compiler as "a work-in-progress" that "provides an impressive coverage of Perl features, but it will not run most existing Perl programs due to platform differences."

An anonymous reader quotes InfoWorld: The next edition of standard Java had been proceeding toward its planned July 27 release after earlier bumps in the road over modularity. But now Red Hat and IBM have opposed the module plan. "JDK 9 might be held up by this," Oracle's Georges Saab, vice president of development for the Java platform, said late Wednesday afternoon. "As is the case for all major Java SE releases, feedback from the Java Community Process may affect the timeline..."

Red Hat's Scott Stark, vice president of architecture for the company's JBoss group, expressed a number of concerns about how applications would work with the module system and its potential impact on the planned Java Enterprise Edition 9. Stark also said the module system, which is featured in Java Specification Request 376 and Project Jigsaw, could result in two worlds of Java: one for Jigsaw and one for everything else, including Java SE classloaders and OSGI. Stark's analysis received input from others in the Java community, including Sonatype.
"The result will be a weakened Java ecosystem at a time when rapid change is occurring in the server space with increasing use of languages like Go," Stark wrote, also predicting major challenges for applications dealing with services and reflection. His critique adds that "In some cases the implementation...contradicts years of modular application deployment best practices that are already commonly employed by the ecosystem as a whole." And he ultimately concludes that this effort to modularize Java has limitations which "almost certainly prevent the possibility of Java EE 9 from being based on Jigsaw, as to do so would require existing Java EE vendors to completely throw out compatibility, interoperability, and feature parity with past versions of the Java EE specification."

An anonymous reader writes: Functional programming seems to be all the rage these days. Efforts are being made to highlight its use in Java, JavaScript, C# and elsewhere. Lots of claims are being made about it's virtues that seem relatively easy to prove or disprove such as "Its use will reduce your debugging time." Or "It will clarify your code." My co-workers are resorting to arm-wrestling matches over this style choice. Half of my co-workers have drunk the Kool-Aid and are evangelizing its benefits. The other half are unconvinced of its virtues over Object Oriented Design patterns, etc.

What is your take on functional programming and related technologies (i.e. lambdas and streams)? Is it our salvation? Is it merely another useful design pattern? Or is it a technological dead-end?
Python creator Guido van Rossum has said most programmers aren't used to functional languages, and when he answered Slashdot reader questions in 2013 said the only functional language he knew much about was Haskell, and "any language less popular than Haskell surely has very little practical value." He even added "I also don't think that the current crop of functional languages is ready for mainstream."

Leave your own opinions in the comments. Do you like functional programming?

This question was inspired by news that Stanford's computer science professor Eric Roberts will try JavaScript instead of Java in a new version of the college's introductory computer programming course. The Stanford Daily reports: When Roberts came to Stanford in 1990, CS106A was still taught in Pascal, a programming language he described as not "clean." The department adopted the C language in 1992. When Java came out in 1995, the computer science faculty was excited to transition to the new language. Roberts wrote the textbooks, worked with other faculty members to restructure the course and assignments and introduced Java at Stanford in 2002... "Java had stabilized," Roberts said. "It was clear that many universities were going in that direction. It's 2017 now, and Java is showing its age." According to Roberts, Java was intended early on as "the language of the Internet". But now, more than a decade after the transition to Java, Javascript has taken its place as a web language.
In 2014 Python and Java were the two most commonly-taught languages at America's top universities, according to an analysis published by the Communications of the ACM. And Java still remains the most-commonly taught language in a university setting, according to a poll by the Special Interest Group on Computer Science Education. In a spreadsheet compiling the results, "Python appears 60 times, C++ 54 times, Java 84 times, and JavaScript 28 times," writes a computing professor at the Georgia Institute of Technology, adding "if Java is dying (or "showing its age"...) it's going out as the reigning champ."

I'm guessing Slashdot's readers have their own opinions about this, so share your educational experiences in the comments. What was your first programming language?

From a report on Reuters: Bill Hinshaw is not a typical 75-year-old. He divides his time between his family -- he has 32 grandchildren and great-grandchildren -- and helping U.S. companies avert crippling computer meltdowns. Hinshaw, who got into programming in the 1960s when computers took up entire rooms and programmers used punch cards, is a member of a dwindling community of IT veterans who specialize in a vintage programming language called COBOL. The Common Business-Oriented Language was developed nearly 60 years ago and has been gradually replaced by newer, more versatile languages such as Java, C and Python. Although few universities still offer COBOL courses, the language remains crucial to businesses and institutions around the world. In the United States, the financial sector, major corporations and parts of the federal government still largely rely on it because it underpins powerful systems that were built in the 70s or 80s and never fully replaced. And here lies the problem: if something goes wrong, few people know how to fix it. The stakes are especially high for the financial industry, where an estimated $3 trillion in daily commerce flows through COBOL systems. The language underpins deposit accounts, check-clearing services, card networks, ATMs, mortgage servicing, loan ledgers and other services. The industry's aggressive push into digital banking makes it even more important to solve the COBOL dilemma. Mobile apps and other new tools are written in modern languages that need to work seamlessly with old underlying systems. That is where Hinshaw and fellow COBOL specialists come in. A few years ago, the north Texas resident planned to shutter his IT firm and retire after decades of working with financial and public institutions, but calls from former clients just kept coming.

"Scala is one of the JVM languages that manages to maintain a hip and professional vibe at the same time," writes long-time Slashdot reader Qbertino -- building up to a big question: One reason for this probably being that Scala was built by people who knew what they were doing. It has been around for a few years now in a mature form and I got curious about it a few years back. My question to the Slashdot community: Is getting into Scala worthwhile from a practical/industry standpoint or is it better to just stick with Java? Have you done larger, continuous multi-year, multi-man and mission-critical applications in Scala and what are your experiences?
The original submission asks two related questions. First, "Do you have to be a CS/math genius to make sense of Scala and use it correctly?" But more importantly, "Is Scala there to stay wherever it is deployed and used in real-world scenarios, or are there pitfalls and cracks showing up that would deter you from using Scala once again?" So share your experiences and answers in the comments. Would you recommend moving from Java to Scala?

Paul Kunert writes in an exclusive report via The Register: Oracle has hired global specialists to explore the feasibility of buying multi-billion dollar consultancy Accenture, sources have told us. The database giant has engaged a team of consultants to conduct due diligence to "explore the synergies that could be created if they [Oracle] bought Accenture lock stock and barrel," one source claimed. On top of the financial considerations, the consultants are evaluating the pros and cons including the potential impact on Oracle's wider channel. "While these things have a habit of fizzling out there are some fairly serious players around the table," a contact added. Another claimed the process was at an early stage. "If buying Accenture was a 100 meter race, Oracle is at the 10 to 15 meter stage now." [T]his buy would be an immensely bold, complicated and pricey move: NYSE-listed Accenture has a market cap of $77.5 billion, and shareholders will expect a premium offer. A deal would dwarf Oracle's $10 billion buy of PeopleSoft, its $7.4 billion deal for Sun Microsystems, and more recently, the $9.3 billion splashed on Netsuite. In buying Accenture, Oracle would be taking a leaf out of the mid-noughties handbook - when HP fatefully bought EDS and IBM acquired PWC to carve out a brighter future.