itwbennett writes: Oracle said that it has fixed 154 security flaws in Java and a wide range of its other products, including one that Russian cyberespionage group Pawn Storm used to launch stealthy attacks earlier this year. The vulnerability, tracked as CVE-2015-4902, was being used by the Pawn Storm attackers to enable the execution of a malicious Java application without user interaction.

An anonymous reader writes: I have been programming in Python for quite a while, but so far I have not used a version control system. For a new project, a lot more people (10-15) are expected to contribute to the code base, many of them have never written a single line of Python but C, LabVIEW or Java instead. This is a company decision that can be seen as a Python vs. LabVIEW comparison — if successful the company is willing to migrate all code to Python. The code will be mostly geared towards data acquisition and data analysis leading to reports. At the moment I have the feeling, that managing that data (=measurements + reports) might be done within the version control system since this would generate an audit trail on the fly. So far I have been trying to select a version control system, based on google I guess it should be git or mercurial. I get the feeling, that they are quite similar for basic things. I expect, that the differences will show up when more sophisticated topics/problems are addressed — so to pick one I would have to learn both — what are your suggestions? Read below for more specifics.

An anonymous reader writes: Mozilla announced that it will follow the lead of Google Chrome and Microsoft Edge in phasing out support for NPAPI plugins. They expect to have it done by the end of next year. "Plugins are a source of performance problems, crashes, and security incidents for Web users. ... Moreover, since new Firefox platforms do not have to support an existing ecosystem of users and plugins, new platforms such as 64-bit Firefox for Windows will launch without plugin support." Of course, there's an exception: "Because Adobe Flash is still a common part of the Web experience for most users, we will continue to support Flash within Firefox as an exception to the general plugin policy. Mozilla and Adobe will continue to collaborate to bring improvements to the Flash experience on Firefox, including on stability and performance, features and security architecture." There's no exception for Java, though.

An anonymous reader writes: If you ever wanted to program an Altair, an Apple I, or a COSMAC ELF you may think you either have to buy one (expensive now) or load and configure simulation software. However, there's a slew of browser-based emulators for everything from a PDP-11 to Windows 1.0 out there. Some use Java, but many use Javascript and many perform better on a modern PC then they did in their original. If you want to learn some history or just want to finally play with the computers you saw in the magazines 35 years ago, these are great fun and slightly addictive.

urdak writes: At Cassandra Summit opening today, Avi Kivity and Dor Laor (who had previously written KVM and OSv) announced ScyllaDB — an open-source C++ rewrite of Cassandra, the popular NoSQL database. ScyllaDB claims to achieve a whopping 10 times more throughput per node than the original Java code, with sub-millisecond 99%ile latency. They even measured 1 million transactions per second on a single node. The performance of the new code is attributed to writing it in Seastar — a C++ framework for writing complex asynchronous applications with optimal performance on modern hardware.

New submitter Da w00t writes: Talos security researchers detected a malicious shockwave flash file that not only bypasses pop-up blockers, but also accurately fingerprints computers with the help of some JavaScript. The 'Infinity Popup Toolkit' is a prime example of software that falls into this gray area by bypassing browser pop-up blocking. In deciding to classify the toolkit as malware, the researchers pondered where the line lies between software that's harmful and software that's not. Quoting: "Without a clear standard defining what is and is not acceptable behavior, identifying malware is problematic. In many situations, users are confronted with software that exhibits undesirable behavior such as the Java installer including a default option to install the Ask.com toolbar. Even though many users objected to the inclusion of the Ask.com toolbar, Oracle only recently discontinued including it in Java downloads after Microsoft changed their definition of malware which then classified the Ask.com toolbar as malware."

As we said last week, "You can't teach all programming by using Minecraft to keep kids interested, but you can use Minecraft, Java, and Eclipse to give them a good start." That's what Tyler Kilgore and his colleagues at GameStart are doing. Watch today's video (number 2), go back to last week's video (number 1) if you missed it, and read both days' transcripts for the full scoop.

You can't teach all programming by using Minecraft to keep kids interested, but you can use Minecraft, Java, and Eclipse to give them a good start. That's what Tyler Kilgore and his colleagues at GameStart are doing. Watch today's video (number 1), tomorrow's video (number 2) and read both days' transcripts for the full scoop. EDIT: "Tomorrow's video" should read, "Monday's video."

esarjeant writes: For many Java developers, IntelliJ has been our predominant IDE. JetBrains is looking to make their tools easier easier to buy and use by switching to a subscription program. Their plan is to have people pay a monthly/yearly fee for access to the tools instead of upgrading when they're ready. Fortunately, if your subscription lapses it looks like you'll have 30 days to check all your stuff in. How does NetBeans look now? Many members of various developer communities are pushing back against this change: "For a developer with an unstable income, it might be perfectly fine to stay on an older version of the software until they've stashed enough cash to afford the upgrade. That will no longer work." JetBrains has acknowledged the feedback, and say they will act on it.

Nerval's Lobster writes: If you're a programmer, you're knowledgeable about "big" languages such as Java and C++. But what about those little-known languages you only hear about occasionally? Which ones have an impact on the world that belies their obscurity? Erlang (used in high-performance, parallel systems) springs immediately to mind, as does R, which is relied upon my mathematicians and analysts to crunch all sorts of data. But surely there are a handful of others, used only by a subset of people, that nonetheless inform large and important platforms that lots of people rely upon... without realizing what they owe to a language that few have ever heard of.

HughPickens.com writes: If Google sees that you're searching for specific programming terms, they may ask you to apply for a job as Max Rossett writes that three months ago while working on a project, he Googled "python lambda function list comprehension." The familiar blue links appeared on the search page, and he started to look for the most relevant one. But then something unusual happened. The search results split and folded back to reveal a box that said "You're speaking our language. Up for a challenge?" Clicking on the link took Rossett to a page called "foo.bar" that outlined a programming challenge and gave instructions on how to submit his solution. "I had 48 hours to solve it, and the timer was ticking," writes Rossett. "I had the option to code in Python or Java. I set to work and solved the first problem in a couple hours. Each time I submitted a solution, foo.bar tested my code against five hidden test cases."

After solving another five problems the page gave Rossett the option to submit his contact information and much to his surprise, a recruiter emailed him a couple days later asking for a copy of his resume. Three months after the mysterious invitation appeared, Rossett started at Google. Apparently Google has been using this recruiting tactic for some time.

An anonymous reader writes with a link to VentureBeat's article on the information that GitHub released this week about the top-ten languages used by GitHub's users, and how they've changed over the site's history. GitHub's chart shows the change in rank for programming languages since GitHub launched in 2008 all the way to what the site's 10 million users are using for coding today. To be clear, this graph doesn't show the definitive top 10 programming languages. Because GitHub has become so popular (even causing Google Code to shut down), however, it still paints a fairly accurate picture of programming trends over recent years. Trend lines aside, here are the top 10 programming languages on GitHub today: 1. JavaScript 2. Java 3. Ruby 4. PHP 5. Python 6. CSS 7. C++ 8. C# 9. C 10. HTML

itwbennett writes: Oracle made a request late last month to broaden its case against Android. Now, claiming that 'Android has now irreversibly destroyed Java's fundamental value proposition as a potential mobile device operating system,' Oracle on Wednesday filed a supplemental complaint in San Francisco district court that encompasses the six Android versions that have come out since Oracle originally filed its case back in 2010: Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, Kit Kat and Lollipop.

lars_doucet writes: Released in 2012, Microsoft's TypeScript is perhaps the best-known "compile to JS" language, but it wasn't the first. One of the earliest was Haxe, whose JS target first appeared in 2006. In his illuminating article, TypeScript vs Haxe, Andy Li gives an excellent rundown of the two languages' various merits, but the bottom line is: "Existing JS developers will favor TypeScript as they are more similar in many ways. They can utilize their existing skills immediately. Non-JS developers with backgrounds like Java/C# or even from the functional programming world will appreciate Haxe more since it fixes a lot of weirdness of JS." The full article includes an excellent rundown of the type systems, syntax, scope handling, compilers, and overall language design philosophy.

An anonymous reader writes: Following Trend Micro's disclosure of Russian hacking group Pawn Storm's 7-year campaign against military-industrial targets in and related to the United States, the security company has today announced that one of the IP addresses it owns has been 'designated' by the hackers as a C&C server for their spear-phishing scenario. The intent of the DNS record redirection, according to the company, is likely to be to convince others that it has been hacked (which it hasn't), or else to push one of its IP addresses into administrative blacklists.

An anonymous reader writes with Help Net Security's report that a new zero-day vulnerability in Java is being exploited, quoting from which: The flaw was spotted by Trend Micro researchers, who are closely monitoring a targeted attack campaign mounted by the economic and political cyber-espionage operation Pawn Storm. The existence of the flaw was discovered by finding suspicious URLs that hosted the exploit. The exploit allows attackers to execute arbitrary code on target systems with default Java settings. Until a patch is made, disabling Java is the recommended course of action.

Nerval's Lobster writes: Simon Hughes, Dice's Chief Data Scientist, has put together an experimental visualization that explores how tech skills relate to one another. In the visualization, every circle or node represents a particular skill; colors designate communities that coalesce around skills. Try clicking "Java", for example, and notice how many other skills accompany it (a high-degree node, as graph theory would call it). As a popular skill, it appears to be present in many communities: Big Data, Oracle Database, System Administration, Automation/Testing, and (of course) Web and Software Development. You may or may not agree with some relationships, but keep in mind, it was all generated in an automatic way by computer code, untouched by a human. Building it started with Gephi, an open-source network analysis and visualization software package, by importing a pair-wise comma-separated list of skills and their similarity scores (as Simon describes in his article) and running a number of analyses: Force Atlas layout to draw a force-directed graph, Avg. Path Length to calculate the Betweenness Centrality that determines the size of a node, and finally Modularity to detect communities of skills (again, color-coded in the visualization). The graph was then exported as an XML graph file (GEXF) and converted to JSON format with two sets of elements: Nodes and Links. "We would love to hear your feedback and questions," Simon says.

An anonymous reader writes: My wife has been on a maternity leave for three years, now. She is starting to think about refreshing her coding skills and looking for a job. Before, she worked as a Java developer for around two years doing mostly Java Enterprise stuff. However, she is not very eager to go back to coding. I think she has the right mental skills to be a developer, but she is just not very passionate about coding or IT in general. On the other hand, it's relatively easier to find a job in IT than starting a new career.

We live in Spain, and with the current economic situation, the market for software developers is not great — but it's definitely better than other jobs. I there anything else she might do, ideally Java (but could be anything IT related) that would be easier and more fun than the typical Java Enterprise stuff, while also giving her a good change to find a decent job? (I'm a Java developer myself with many years of experience but mostly doing boring Java Enterprise stuff.)

New submitter Neil_Brown writes: The Supreme Court of the United States has today denied Google's request to appeal against the Court of Appeals for the Federal Circuit's ruling (PDF) that the structure, sequence and organization of 37 of Oracle's APIs (application program interfaces) was capable of copyright protection. The case is not over, as Google can now seek to argue that, despite the APIs being restricted by copyright, its handling amounts to "fair use". Professor Pamela Samuelson has previously commented (PDF) on the implications if SCOTUS declined to hear the appeal. The Verge reports: "A district court ruled in Google's favor back in 2012, calling the API "a utilitarian and functional set of symbols" that couldn't be tied up by copyrights. Last May, a federal appeals court overturned that ruling by calling the Java API copyrightable. However, the court said that Google could still have lawfully used the APIs under fair use, sending the case back to a lower court to argue the issue. That's where Google will have to go next, now that the Supreme Court has declined to hear the issue over copyright itself.

itwbennett writes: At the company's shareholder meeting on Wednesday, Yahoo CEO Marissa Mayer announced a partnership with Oracle that could result in Yahoo becoming your default search provider in your browser. Starting this month, when users are prompted to update to the next version of Java, they'll be asked to make Yahoo their default search engine on Chrome (and Internet Explorer, for what it's worth). And, according to a Wall Street Journal report, the button will be checked by default, so if you aren't looking out for it, you might unwittingly find yourself a Yahoo user.