alphadogg writes to note that just a day after announcing it would be bringing SQL Server to Linux, "Microsoft has announced that it is joining the Eclipse Foundation, an open source community for developers launched more than 10 years ago." Microsoft, which notes that it has worked with the Eclipse Foundation for years "to improve the Java experience across our portfolio of application platform and development services," made the announcement to attendees at EclipseCon, going on in Reston, Va., this week.

An anonymous reader writes: Criminal gangs in Brazil are experimenting with the first malware families that are packaged as JAR files, capable of being deployed to Windows, Linux, Mac, and even Android from the same codebase, instead of relying on 4 different versions. Right now, only the malware dropper, a component used to infect computers with banking trojans, seems to have been coded in Java, but security experts expect a full-blown banking trojan to soon follow.

An anonymous reader writes: Edge, Microsoft's new browser, uses the WinRT PDF library to automatically embed and present PDF files while navigating the web. This is what Java does with applets, and Flash with SWF files -- it unintentionally allows a hacker to append malicious code to PDF files and trigger drive-by attacks, which exploit WinRT vulnerabilities to target Windows 10 users. All that an attacker needs to do is to find and create a database of WinRT vulnerabilities it could leverage to distribute his malware.

An anonymous reader writes: Google will release a faster beta version of Angular 2 in about two weeks, with a smaller version targeted for April. "We're improving our ability to handle different languages," says Google's Brad Green, noting that 213 contributors are currently working on Angular. "Our plan is to have versions that will work with many server-side technologies, from Java to Python." Microsoft has already demonstrated how it's building Angular into ASP.NET and Google is also working with the Drupal team. But Green says they'll also continue supporting Angular 1 for at least another year, until a majority of users have transitioned to the new syntax. Google says there are currently 21.3 million developers using Angular 1, compared to just 300,000 using Angular 2. "We've got a ways go to," Green admitted.

Qbertino writes: Kotlin, one of the challengers to Java's VM, has been released in version 1. Kotlin is object-oriented, statically typed and comes with professional IDE support by Jetbrains — which is no big surprise, since it's the Jetbrains employees who developed the programming language that saw the light of day four years ago. Kotlin is already in real-world use and development will be moving into fleshing out the Kotlin feature set without breaking backwards compatibility. These features include planned support for JavaScript — which sounds interesting considering JS has gained quite some traction recently. Kotlin is FOSS and is released under the Apache license.

itwbennett writes: On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later. The reason: Older versions of the Java installer were vulnerable to binary planting in the Downloads folder. 'Though considered relatively complex to exploit, this vulnerability may result, if successfully exploited, in a complete compromise of the unsuspecting user's system,' said Eric Maurice, Oracle's software security assurance director, in a blog post.

An anonymous reader writes: There's a German security researcher that is arduously testing the installers of tens of software products to see which of them are vulnerable to basic DLL hijacking. Surprisingly, many companies are ignoring his reports. Until now, only Oracle seems to have addressed this problem in Java and VirtualBox. Here's a short (probably incomplete) list of applications that he found vulnerable to this attack: Firefox, Google Chrome, Adobe Reader, 7Zip, WinRAR, OpenOffice, VLC Media Player, Nmap, Python, TrueCrypt, and Apple iTunes. Mr. Kanthak also seems to have paid special attention to antivirus software installers. Here are some of the security products he discovered vulnerable to DLL hijacking: ZoneAlarm, Emsisoft Anti-Malware, Trend Micro, ESET NOD32, Avira, Panda Security, McAfee Security, Microsoft Security Essentials, Bitdefender, Rapid7's ScanNowUPnP, Kaspersky, and F-Secure.

An anonymous reader writes: After Mozilla said in October that it would stop supporting Firefox plugins on the older NPAPI technology, Oracle had no choice now but to announce the deprecation of the Java browser plugin starting with the release of the JDK version 9, which is set for release in March 2017, and developers are urged to start using the Java Web Start pluginless technology instead. Security issues also had a big part in Java's demise.

theodp writes: From Stephen Wolfram's blog post announcing the Wolfram Programming Lab: "It's a very important — and in fact transformative — moment for programming education. In the past one could use a 'toy programming language' like Scratch, or one could use a professional low-level programming language like C++ or Java. Scratch is easy to use, but is very limited. C++ or Java can ultimately do much more (though they don't have built-in knowledge), but you need to put in significant time—and get deep into the engineering details—to make programs that get beyond a toy level of functionality. With the Wolfram Language, though, it's a completely different story. Because now even beginners can write programs that do really interesting things. And the programs don't have to just be 'computer science exercises': they can be programs that immediately connect to the real world, and to what students study across the whole curriculum. Wolfram Programming Lab gives people a broad way to learn modern programming — and to acquire an incredibly valuable career-building practical skill. But it also helps develop the kind of computational thinking that's increasingly central to today's world." So, when it comes to programming education, are schools hitchIng their cart to the wrong horse?

Nerval's Lobster writes: What was the most popular programming language of 2015? According to the people behind the TIOBE Index, Java took that coveted spot, winning out over C, Python, PHP, and other languages. "At first sight, it might seem surprising that an old language like Java wins this award," read TIOBE's note accompanying the list. "Especially if you take into consideration that Java won the same award exactly 10 years ago." Yet Java remains essential not only for businesses, it continued, but also consumer-centric markets such as mobile development (i.e., Google Android). That being said, even big languages can tumble. (Dice link) Objective-C tumbled from third place to 18th in the past 12 months, thanks to Apple's decision to replace it with Swift. In 2016, TIOBE expects that "Java, PHP (with the new 7 release), JavaScript and Swift will be the top 10 winners for 2016. Scala might gain a permanent top 20 position, whereas Rust, Clojure, Julia and TypeScript will also move up considerably in the chart." What has been your most-used (or best-loved) programming language of the last 12 months?

An anonymous reader writes: Google is ditching the Java application programming interfaces (APIs) in Android and moving to only OpenJDK. The news first came by a "mysterious Android codebase commit" from last month submitted to Hacker News. Google confirmed to VentureBeat that Android N will rely solely on OpenJDK. “As an open-source platform, Android is built upon the collaboration of the open-source community,” a Google spokesperson told VentureBeat. “In our upcoming release of Android, we plan to move Android’s Java language libraries to an OpenJDK-based approach, creating a common code base for developers to build apps and services. Google has long worked with and contributed to the OpenJDK community, and we look forward to making even more contributions to the OpenJDK project in the future.”

An anonymous reader writes: The FTC and Oracle have come to an agreement regarding Oracle's deceptive Java security updates, which only removed recent versions of vulnerable Java SE, but left behind older, insecure versions. Oracle got away without a fine, but will have to overhaul its Java update process to remove older versions as well.

An anonymous reader writes: Programmer Dave Cheney raised an interesting question today: How will you be programming in a decade? If you look back to a decade ago, you can see some huge shifts in the software industry. This includes the rise of smartphones, ubiquitous cloud infrastructure, and containers. We've also seen an explosion of special-purpose libraries and environments, many with an emphasis on networking and scaling. At the same time, we still have a ton of people writing Java and C and Python. Some programmers have jumped headfirst into new tools like Light Table, while others are still quite happy with Emacs. So, programmers of Slashdot, I ask you: How do you think your work (or play) will change in the next ten years?

itwbennett writes: The OpenSSL Software Foundation has released new patches for the popular open-source cryptographic library, but for two of its older branches, OpenSSL 1.0.0t and 0.9.8zh, they will likely be the last security updates because support for these these two branches will end on Dec. 31. Previous research has shown that many companies using in-house built software keep poor records of which library versions their developers used in which of their applications. 'This makes it very likely that some systems and applications with OpenSSL 0.9.8 and 1.0.0 will never be updated, leaving them exposed to any critical vulnerabilities found in the library in the future,' writes Lucian Constantin.

hcs_$reboot writes: The investigation took a year, but we finally know why Air Asia Flight QZ8501, en route to Singapore from the Indonesian city of Surabaya on December 28 last year, crashed into the Java Sea, killing all 162 people on board. The crash was caused by a combination of system malfunctions and improper pilot responses to cascading electrical and rudder-system problems. A cracked solder joint on the Airbus A320 resulted in an electrical interruption that caused computer-generated warnings of a rudder malfunction. The problem occurred four times during the flight. The first three times, the flight crew responded according to standard procedure, investigators said. The fourth time, however, the flight-data recorder indicated actions similar to those of circuit breakers being reset. That led the autopilot to disengage. Investigators said the crew was unable to react appropriately to "a prolonged stall condition," ending in the crash. The investigation points to weaknesses in pilot training in dealing with upsets, or when an aircraft is angled greater than 45 degrees.

This conversation was generated by a post Eric S. Raymond published on his "Armed and Dangerous" blog that said, "...if you are any kind of open-source leader or senior figure who is male, do not be alone with any female, ever, at a technical conference. Try to avoid even being alone, ever, because there is a chance that a 'women in tech' advocacy group is going to try to collect your scalp." Eric later wrote a post about how Social Justice Warriors may be more of a problem than the problems they complain about.

Whoa! Predatory women in tech trying to entrap people like (and including) Linus Torvalds the way an old-time private eye got the goods on an errant husband as part of a divorce case? Scary! And worrying about thoughtcrime, too? Oh my! But Liz Bennett is an actual software engineer who works at Loggly in San Francisco. She writes for her company's blog when she's not writing Java code, has a (not very active) GitHub account, and plays bassoon. And her attitude is similar to the one espoused by ESR in the second post (above): write great code -- and if you do, they (for any value of they) have no right to be negative about you, period. And, she says, before you take a job you should be sure the company is a good "fit" for you and doesn't harbor people who will work to bring you down -- which is great advice for anyone, in any field of endeavor.

A few weeks ago you had the chance to ask Alan Donovan and Brian Kernighan about programming and their upcoming book, The Go Programming Language (available as an eBook Friday the 20th). Below you'll find their answers to your questions.

Nerval's Lobster writes: While this month's lists of the top programming languages uniformly put Java in the top spot, that's not the only detail of interest to developers. Which language has gained the most users over the past five years? And which are tottering on the edge of obsolescence? According to PYPL, which pulls its raw data for analysis from Google Trends, Python has grown the most over the past five years—up 5 percent since roughly 2010. Over the same period, PHP also declined by 5 percent. Since PYPL looks at how often language tutorials are searched on Google, its data is a good indicator of how many developers are (or aren't) learning a language, presumably because they see it as valuable to their careers. Just because PYPL shows PHP losing market-share over the long term doesn't mean that language is in danger of imminent collapse; over the past year or so, the PHP community has concentrated on making the language more pleasant to use, whether by improving features such as package management, or boosting overall performance. Plus, PHP is still used on hundreds of millions of websites, according to data from Netcraft. Indeed, if there's any language on these analysts' lists that risks doom, it's Objective-C, the primary language used for programming iOS and Mac OS X apps, and its growing obsolescence is by design.

An anonymous reader writes: Stephen Breen from the FoxGlove Security team is calling attention to what he calls the "most underrated, underhyped vulnerability of 2015." It's a remote code execution exploit that affects the latest versions of WebLogic, WebSphere, JBoss, Jenkins, and OpenMMS, and many other pieces of software. How? An extremely common Java library. He says, "No one gave it a fancy name, there were no press releases, nobody called Mandiant to come put out the fires. In fact, even though proof of concept code was released over 9 months ago, none of the products mentioned in the title of the blog post have been patched, along with many more. In fact no patch is available for the Java library containing the vulnerability. In addition to any commercial products that are vulnerable, this also affects many custom applications.

AmiMoJo writes: According to data from Secunia, Apple's software for Windows is now the biggest threat to PC security, surpassing previous long term champion Java. Among U.S. users, some 61 percent of computers detected running QuickTime did not have the latest version. With iTunes, 47 percent of the installations were outdated versions. There were 18 vulnerabilities in Apple QuickTime 7 at the time of the study. Oracle has now fallen/risen to 2nd place, followed by Adobe. All three vendors bundle automatic updater utilities with their software, but users seem to be declining new versions. Update fatigue, perhaps?