mikejuk writes "Every January it is traditional to compare the state of the languages as indicated by the TIOBE index. So what's up and what's down this year? There have been headlines that C# is the language of the year, but this is based on a new language index. What the TIOBE index shows is that Java is no longer number one as it has been beaten by C — yes C not C++ or even Objective C."

Last year a group of UK teachers started working on a Creative Commons licensed teaching manual for the Raspberry Pi. That work has produced the Raspberry Pi Education Manual which is available at the Pi Store or here as a PDF. From Raspberry Pi: "The manual is released under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 unported licence, which is a complicated way of saying that it’s free for you to download, copy, adapt and use – you just can’t sell it. You’ll find chapters here on Scratch, Python, interfacing, and the command line. There’s a group at Oracle which is currently working with us on a faster Java virtual machine (JVM) for the Pi, and once that work’s done, chapters on Greenfoot and Geogebra will also be made available – we hope that’ll be very soon."

An anonymous reader writes "First, some quick background: I am 26 years old and I have been working for a large software development company with more than 50,000 employees for about 5 years now. My actual title is Senior Software Engineer, and I am paid well considering I have no degrees and all of the programming languages I have learned (C, C++, C#, Java) are completely self taught. The only real reason I was able to get this job is because I spent a year or so in a support position and I was able to impress the R&D Lead Developer with a handful of my projects. My job is secure for the time being, but what really concerns me is the ability to find another job in the field without 95% of companies discarding me for lack of formal education. I started looking into local community colleges and universities, and much to my dismay, they offer neither nighttime or online courses for computer science. Quitting the job to pursue a degree is not an option, especially considering they will compensate me up to $10,000/yr for going back to school. Has anyone else been in a similar situation? Does anyone know of any accredited colleges and universities that offer a CS degree through online courses? Obviously excluding the scam 'colleges' such as Univ. of Phoenix and DeVry."

hypnosec writes "Oracle has proposed a new project for OpenJDK — Nashorn, which aims to implement a high-performance yet lightweight JavaScript runtime that would run on the JVM natively. Nashorn will be headed by Jim Laskey, multi-language Lead at Oracle and the project will be sponsored by HotSpot group. The project proposes an implementation of JavaScript such that it can run standalone JavaScript applications via the JSR 223 APIs. Nashorn's design will enable it to take advantage of new JVM technologies like the MethodHandles and the InvokeDynamic APIs."

First time accepted submitter Hatfield56 writes "I've been in IT since the mid-1980s, mainly working for financial institutions. After 16 years at a company, as a programmer (Java, C#, PL/SQL, some Unix scripting) and technical lead, my job was outsourced. That was in 2009 when the job market was basically dead. After many false starts, here I am 3 years later wondering what to do. I'm sure if I were 40 I'd be working already but over 60 you might as well be dead. SO, I'm wondering about A+. Does anyone think that this will make me more employable? Or should I being a greeter at Walmart?"

theodp writes "When it comes to monolithic IDEs, Wille Faler has lost that loving feeling. In IDEs Are a Language Smell, Faler blogs about a Eureka! moment he had after years of using Eclipse for Java development. 'If the language is good enough,' Faler argues, 'an IDE is strictly not needed as long as you have good support for syntax highlighting and parens matching in the case of Clojure, or indentation in the case of Haskell.' So why do Java coders turn to Eclipse? 'Because [of] a combination of shortcomings in the Java compiler and Java's OO nature,' explains Faler, 'we end up with lots and lots of small files for every interface and class in our system. On any less than trivial Java system, development quickly turns into a game of code- and file-system navigation rather than programming and code editing. This nature of Java development requires IDEs to become navigation tools above all.' Yes, only an IDE could love AbstractSingletonProxyFactoryBean!"

hypnosec writes "Developers over at Red Hat are busy porting OpenJDK to ARM's latest 64-bit architecture — the ARMv8, also known as the AArch64. The current OpenJDK ARM situation is rather unsatisfactory: for the current 32-bit ARM processors, there are two versions of the HotSpot JVM for OpenJDK — Oracle's proprietary JIT, and a less sophisticated free JIT that performs poorly in comparison. To avoid a similar situation for the 64-bit platform, the developers are working on an entirely Free Software port of HotSpot to 64-bit ARM."

Gunkerty Jeb writes "The death knell for SSL is getting louder. Researchers at the University of Texas at Austin and Stanford University have discovered that poorly designed APIs used in SSL implementations are to blame for vulnerabilities in many critical non-browser software packages. Serious security vulnerabilities were found in programs such as Amazon's EC2 Java library, Amazon's and PayPal's merchant SDKs, Trillian and AIM instant messaging software, popular integrated shopping cart software packages, Chase mobile banking software, and several Android applications and libraries. SSL connections from these programs and many others are vulnerable to a man in the middle attack."

Trailrunner7 writes "A security researcher has submitted to Oracle a patch he said took him 30 minutes to produce that would repair a zero-day vulnerability currently exposed in Java SE. He hopes his actions will spur Oracle to issue an out-of-band patch for the sandbox-escape vulnerability, rather than wait for the February 2013 Critical Patch Update as Oracle earlier said it would. Adam Gowdiak of Polish security consultancy Security Explorations reported the vulnerability to Oracle on Sept. 25, as well as proof-of-concept exploit code his team produced. The vulnerability is present in Java versions 5, 6 and 7 and would allow an attacker to remotely control an infected machine once a user landed on a malicious website hosting the exploit. Gowdiak said his proof-of-concept exploit was successfully used against a fully patched Windows 7 machine using Firefox 15.0.1, Chrome 21, IE 9, Opera 12, and Safari 5.1.7."

StonyCreekBare writes "I started out programming in Z80 assembler in the 1970s. Then I programmed in Pascal. Then x86 Assembler in the early '90s. Over time I did a smattering of C, Basic, Visual C++, Visual Basic, and even played at Smalltalk. Most recently I settled on Perl, and Perl/Tk as the favorite 'Swiss army Chainsaw' tool set, and modestly consider myself reasonably competent with that. But suddenly, in this tight financial environment I need to find a way to get paid for programming, and perl seems so 'yesterday.' The two hot areas I see are iOS programming and Python, perhaps to a lesser extent, Java. I need to modernize my skill-set and make myself attractive to employers. I recently started the CS193P Stanford course on iTunesU to learn iPad programming, but am finding it tough going. I think I can crack it, but it will take some time, and I need a paycheck sooner rather than later. What does the Slashdot crowd see as the best path to fame, wealth and full employment for gray-haired old coots who love to program?"

jcatcw writes "Just as Oracle is ramping up for the September 30 start of JavaOne 2012 in San Francisco, researchers from the Polish firm Security Explorations disclosed yet another critical Java vulnerability that might 'spoil the taste of Larry Ellison's morning ... Java.' According to Security Explorations researcher Adam Gowdiak, who sent the email to the Full Disclosure Seclist, this Java exploit affects one billion users of Oracle Java SE software, Java 5, 6 and 7. It could be exploited by apps on Chrome, Firefox, Internet Explorer, Opera and Safari. Wow, thanks a lot Oracle."

snydeq writes "Self-taught technologists are almost always better hires than those with a bachelor's degree in computer science and a huge student loan, writes Andrew Oliver. 'A recruiter recently asked me why employers are so picky. I explained that of the people who earned a computer science degree, most don't know any theory and can't code. Instead, they succeed at putting things on their resume that match keywords. Plus, companies don't consider it their responsibility to provide training or mentoring. In fairness, that's because the scarcity of talent has created a mercenary culture: "Now that my employer paid me to learn a new skill, let me check to see if there's an ad for it on Dice or Craigslist with a higher rate of pay." When searching for talent, I've stopped relying on computer science degrees as an indicator of anything except a general interest in the field. Most schools suck at teaching theory and aren't great at Java instruction, either. Granted, they're not much better with any other language, but most of them teach Java.'"

hypnosec writes "Just yesterday Apple released updates to fix Java vulnerabilities, but it seems the patch doesn't actually target the recently discovered high-profile Java bug that has been the talk of the web during the last two weeks. The two updates – Java for OS X 2012-005 for OS X Lion and Java for Mac OS X 10.6 Update 10 for Mountain Lion, are meant to tackle the vulnerability described in CVE-2012-0547. But according to KerbsOnSecurity, it seems Cupertino hasn't addressed the recent mega-vulnerabilities in Java as described in CVE-2012-4681." Update: 09/07 12:00 GMT by S : As readers have pointed out, these updates address flaws in Java 6, which is the version Apple maintains. The recently-reported Java vulnerabilities primarily affect Java 7, the patching of which is handled solely by Oracle. Nothing to see here.

First time accepted submitter WIn5t0n writes "Just a day after the alleged leak of 12million Apple UDID's, both Apple and FBI have denied the story that Anonymous, a global hacking community, gained access to the files by hacking into an FBI laptop through a Java vulnerability. Earlier this morning the FBI claimed that, even though the agent cited in Anonymous's story is an actual FBI operative, neither he nor anyone else in the agency has or has had access to Apple device information. This afternoon Apple followed up on the FBI's statement, with an unidentified Apple representative claiming that, 'The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization.' It should also be noted that while the hackers claim to have accessed 12 million UDID's, only 1 million were publicly released. The Apple representative who made the previous statements also said that, 'Apple has replaced the types of identifiers the hackers appear to have gotten and will be discontinuing their use.' Even though neither Anonymous nor the FBI/APPLE will admit where the data actually came from, it does appear that at least some of the leaked UDID's are legit and can be tied back to current, privately owned devices. So far no information besides the devices UDID, DevToken ID, and device name has been released, however the original hackers claimed that some devices were tied to details as exact as phone numbers and billing addresses."

Orome1 writes "A file containing a million and one record sets containing Apple Unique Device Identifiers (UDIDs) and some other general information about the devices has been made available online by Anonymous hackers following an alleged breach of an FBI computer. 'During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java,' the hackers claim." Update: 09/04 13:44 GMT by T : A piece at SlashCloud points out that if the leak is genuine, this raises some sticky questions about privacy and security; in particular: "[H]ow did the agency obtain said information, and to what purpose? Why did all that personal data reside on the laptop of one special agent?"

PCM2 writes "The Register reports that Security Explorations' Adam Gowdiak says there is still an exploitable vulnerability in the Java SE 7 Update 7 that Oracle shipped as an emergency patch yesterday. 'As in the case of the earlier vulnerabilities, Gowdiak says, this flaw allows an attacker to bypass the Java security sandbox completely, making it possible to install malware or execute malicious code on affected systems.'"

First time accepted submitter JavaBear writes "Oracle have just released the u7 release of their Java 7. From the article: 'In response to the findings of a recent vulnerability in Java 7 that was being exploited by malware developers, Oracle has released an official patch that takes care of the problem. In the past week, a new vulnerability was unveiled in Oracle's Java 7 runtime, which has been used by hackers in targeted attacks on Windows-based systems. Similar to the recent Flashback malware in OS X, this vulnerability allows criminals to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet."

dutchwhizzman writes "Polish security researcher Adam Gowdiak submitted bug reports months ago for the current Java 7 zero-day exploit that's wreaking havoc all over the Internet. It seems that Oracle can't — or won't? — take such reports seriously. Is it really time to ditch Oracle's Java and go for an open source VM?"

tsu doh nimh writes "A new exploit for a zero-day vulnerability in Oracle's Java JRE version 7 and above is making the rounds. A Metasploit module is now available to attack the flaw, and word in the underground is that it will soon be incorporated into BlackHole, a widely used browser exploit pack. KrebsOnSecurity.com talked to the BlackHole developer, who said the Java exploit would be worth at least $100,000 if sold privately. Instead, this vulnerability appears to have been first spotted in targeted/espionage attacks that used the exploit to drop the remote control malware Poison Ivy, according to experts from Deep End Research. Because Oracle has put Java on a quarterly patch cycle, and the next cycle is not scheduled until October, experts have devised and are selectively releasing an unofficial patch for the flaw."

Trailrunner7 writes "The Windows version of the Crisis Trojan is able to sneak onto VMware implementations, making it possibly the first malware to target such virtual machines. It also has found a way to spread to Windows Mobile devices. Samples of Crisis, also called Morcut, were first discovered about a month ago targeting Mac machines running various versions of OS X. The Trojan spies on users by intercepting e-mail and instant messenger exchanges and eavesdropping on webcam conversations. Launching as a Java archive (JAR) file made to look like an Adobe Flash Installer, Crisis scans an infected machine and drops an OS-specific executable to open a backdoor and monitor activity. This week, researchers also discovered W32.Crisis was capable of infecting VMware virtual machines and Windows Mobile devices."