Python

Did Programming Language Flaws Create Insecure Apps? (bleepingcomputer.com) 96

Several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks, according to research presented at the Black Hat Europe 2017 security conference. An anonymous reader writes: The author of this research is IOActive Senior Security Consultant Fernando Arnaboldi, who says he used an automated software testing technique named fuzzing to identify vulnerabilities in the interpreters of five of today's most popular programming languages: JavaScript, Perl, PHP, Python, and Ruby.

Fuzzing involves providing invalid, unexpected, or random data as input to a software application. The researcher created his own fuzzing framework named XDiFF that broke down programming languages per each of its core functions and fuzzed each one for abnormalities. His work exposed severe flaws in all five languages, such as a hidden flaw in PHP constant names that can be abused to perform remote code execution, and undocumented Python methods that can be used for OS code execution. Arnaboldi argues that attackers can exploit these flaws even in the most secure applications built on top of these programming languages.

Open Source

What Happens to Open Source Code After Its Developer Dies? (wired.com) 78

An anonymous reader writes: The late Jim Weirich "was a seminal member of the western world's Ruby community," according to Ruby developer Justin Searls, who at the age of 30 took over Weirich's tools (which are used by huge sites like Hulu, Kickstarter, and Twitter). Soon Searls made a will and a succession plan for his own open-source projects. Wired calls succession "a growing concern in the open-source software community," noting developers have another option: transferring their copyrights to an open source group (for example, the Apache Foundation).

Most package-management systems have "at least an ad-hoc process for transferring control over a library," according to Wired, but they also note that "that usually depends on someone noticing that a project has been orphaned and then volunteering to adopt it." Evan Phoenix of the Ruby Gems project acknowledges that "We don't have an official policy mostly because it hasn't come up all that often. We do have an adviser council that is used to decide these types of things case by case." Searls suggests GitHub and package managers like Ruby Gems add a "dead man's switch" to their platform, which would allow programmers to automatically transfer ownership of a project or an account to someone else if the creator doesn't log in or make changes after a set period of time.

Wired also spoke to Michael Droettboom, who took over the Python library Matplotlib after John Hunter died in 2012. He points out that "Sometimes there are parts of the code that only one person understands," stressing the need for developers to also understand the code they're inheriting.
Programming

Perl is the Most Hated Programming Language, Developers Say (theregister.co.uk) 472

Thomas Claburn, writing for The Register: Developers really dislike Perl, and projects associated with Microsoft, at least among those who volunteer their views through Stack Overflow. The community coding site offers programmers a way to document their technical affinities on their developer story profile pages. Included therein is an input box for tech they'd prefer to avoid. For developers who have chosen to provide testaments of loathing, Perl tops the list of disliked programming languages, followed by Delphi and VBA. The yardstick here consists of the ratio of "likes" and "dislikes" listed in developer story profiles; to merit chart position, the topic or tag in question had to show up in at least 2,000 stories. Further down the down the list of unloved programming language comes PHP, Objective-C, CoffeeScript, and Ruby. In a blog post seen by The Register ahead of its publication today, Stack Overflow data scientist David Robinson said usually there's a relationship between how fast a particular tag is growing and how often it's disliked. "Almost everything disliked by more than 3 per cent of Stories mentioning it is shrinking in Stack Overflow traffic (except for the quite polarizing VBA, which is steady or slightly growing)," said Robinson. "And the least-disliked tags -- R, Rust, TypeScript and Kotlin -- are all among the fast-growing tags (TypeScript and Kotlin growing so quickly they had to be truncated in the plot)."
Stats

HackerRank Tries To Calculate Which US States Have The Best Developers (venturebeat.com) 66

An anonymous reader writes: Palo Alto-based HackerRank, which offers online programmng challenges, "dug into our data of about 450,000 unique U.S. developers to uncover which states are home to the best software engineers, and which pockets of the country have the highest rate of developer growth." Examining the 24 months from 2015 through the end of 2016, they calculated the average score for each state in eight programming-related domains. (Algorithms, data structures, functional programming, math, Java, Ruby, C++, and Python.) But it seems like low-population states would have fewer people taking the tests, meaning a disproportionate number of motivated and knowledgeable test takers could drastically skew the results. Sure enough, Wyoming -- with a population of just 584,153 -- has the smallest population of any U.S. state, but the site's second-highest average score, and the top score in three subject domains -- Ruby, data structures, and algorithms. And the District of Columbia -- population 681,170 -- has the highest average score for functional programming.

California, New York and Virginia still had the highest number of developers using the site, while Alaska, Wyoming and South Dakota not surprisingly had the least number of developers. But maybe the real take-away is that programmers are now becoming more distributed. HackerRank's announcement notes that the site "found growing developer communities and skilled developers all across the country. Previously, the highest concentrations of developers did not stray far from the tech hubs in California. Hawaii, Colorado, Virginia, and Nevada demonstrated the fastest growth in terms of developer activity on the HackerRank platform..." In addition, "we've had a noticeable uptick in customers across industries, from healthcare to retail and finance, with strong demand for identifying technical skills quickly."

Their conclucion? "Today, as the demand for developers goes beyond technology and as there is more opportunity to work remotely, there's a more distributed workforce of skilled developers across the nation, from the Rust Belt to the East Coast... Software developers aren't just attached to VCs, startups or Silicon Valley anymore."
Programming

IEEE Spectrum Declares Python The #1 Programming Language (ieee.org) 372

An anonymous reader quotes IEEE Spectrum's annual report on the top programming languages: As with all attempts to rank the usage of different languages, we have to rely on various proxies for popularity. In our case, this means having data journalist Nick Diakopoulos mine and combine 12 metrics from 10 carefully chosen online sources to rank 48 languages. But where we really differ from other rankings is that our interactive allows you choose how those metrics are weighted when they are combined, letting you personalize the rankings to your needs. We have a few preset weightings -- a default setting that's designed with the typical Spectrum reader in mind, as well as settings that emphasize emerging languages, what employers are looking for, and what's hot in open source...

Python has continued its upward trajectory from last year and jumped two places to the No. 1 slot, though the top four -- Python, C, Java, and C++ -- all remain very close in popularity. Indeed, in Diakopoulos's analysis of what the underlying metrics have to say about the languages currently in demand by recruiting companies, C comes out ahead of Python by a good margin... Ruby has fallen all the way down to 12th position, but in doing so it has given Apple's Swift the chance to join Google's Go in the Top Ten... Outside the Top Ten, Apple's Objective-C mirrors the ascent of Swift, dropping down to 26th place. However, for the second year in a row, no new languages have entered the rankings. We seem to have entered a period of consolidation in coding as programmers digest the tools created to cater to the explosion of cloud, mobile, and big data applications.

"Speaking of stabilized programming tools and languages," the article concludes, "it's worth noting Fortran's continued presence right in the middle of the rankings (sitting still in 28th place), along with Lisp in 35th place and Cobol hanging in at 40th."
Programming

Open Source Contributions More Important Than Tabs Vs Spaces For Salary (opensource.com) 164

Jason Baker, a Red Hat data analyst, doesn't believe developers who use spaces make more money than those who use tabs. An anonymous reader quotes Baker's blog post: After reading the study one data scientist, Evelina Gabasova, performed some additional analysis and came to a slightly different conclusion, which feels a little more precise: "Environments where people use Git and contribute to open source are more associated both with higher salaries and spaces, rather than with tabs." In other words, if you're at a company where you're using version control and committing open source code upstream, you're statistically a little more likely to be a space-user and a higher wage-earner.
Even across all experience levels, contributing to open source still correlates to higher salaries, Gabasova concludes. "My theory is that when diverse people are working on open source projects together without enforced coding style, the possible formatting mess is nudging people towards using spaces simply because the code is consistent for everyone.

"This is just one of the possible theories, I didn't look to see if possibly language communities that use predominantly spaces (like Python or Ruby) are more active in open source."
Security

Ashley Madison Parent in $11.2 Million Settlement Over Data Breach (reuters.com) 78

From a report: The owner of the Ashley Madison adultery website said on Friday it will pay $11.2 million to settle U.S. litigation brought on behalf of roughly 37 million users whose personal details were exposed in a July 2015 data breach. Ruby Corp, formerly known as Avid Life Media Inc, denied wrongdoing in agreeing to the preliminary class-action settlement, which requires approval by a federal judge in St. Louis. Ashley Madison marketed itself as a means to help people, primarily men, cheat on their spouses, and was known for its slogan "Life is short. Have an affair."
Ruby

Is Ruby's Decline In Popularity Permanent? (computerworld.com.au) 253

An anonymous reader quotes Computerworld: Ruby has had a reputation as a user-friendly language for building web applications. But its slippage in this month's RedMonk Programming Language Rankings has raised questions about where exactly the language stands among developers these days. The twice-yearly RedMonk index ranked Ruby at eighth, the lowest position ever for the language. "Swift and now Kotlin are the obvious choices for native mobile development. Go, Rust, and others are clearer modern choices for infrastructure," said RedMonk analyst Stephen O'Grady. "The web, meanwhile, where Ruby really made its mark with Rails, is now an aggressively competitive and crowded field." Although O'Grady noted that Ruby remains "tremendously popular," participants on sites such as Hacker News and Quora have increasingly questioned whether Ruby is dying. In the Redmonk rankings, Ruby peaked at fourth place in 2013, reinforcing the perception it is in decline, if a slow one.
Open Source

Alpine Linux 3.6.0 Released (alpinelinux.org) 59

An anonymous reader quotes DistroWatch: Natanael Copa has announced the release of Alpine Linux 3.6.0. Alpine Linux is an independent, minimal operating system that is well suited to running servers, routers and firewalls. Version 3.6.0 introduces support for 64-bit POWER machines, 64-bit IBM z Systems computers and features many up to date packages, including PHP 7.1, LLVM 4.0 and version 6.3 of the GNU Compiler.
"Noteworthy new packages" include Rust 1.17.0 and Cargo 0.18.0, as well as Julia 0.5.2, as we ll as "significant updates" like Go 1.8, Python 3.6, and Ruby 2.4. And in addition, "MD5 and SHA-1 hashes have been removed from APKBUILDs, being obsoleted by SHA-512."
Education

Should The Government Pay For Veterans To Attend Code Schools? (backchannel.com) 168

mirandakatz writes: David Molina was finishing up his 12-year time in the army when he started teaching himself to code, and started to think that he might like to pursue it professionally once his service was done. But with a wife and family, he couldn't dedicate the four years he'd need to get an undergraduate degree in computer science -- and the GI Bill, he learned, won't cover accelerated programs like code schools. So he started an organization dedicated to changing that. Operation Code is lobbying politicians to allow vets to attend code schools through the GI Bill and prepare themselves for the sorts of stable, middle-class jobs that have come to be called "blue-collar coding." Molina sees it as a serious failing that the GI Bill will cover myriad vocational programs, but not those that can prepare veterans for one of the fastest-growing industries in existence.
The issue seems to be quality. The group estimates there are already nine code schools in the U.S. which do accept GI Bill benefits -- but only "longer-standing ones that have made it through State Approving Agencies." Meanwhile, Course Report calculates 18,000 people finished coding bootcamps last year -- and that two thirds of them found a job within three months.

But I just liked how Molina described his introduction into the world of programmers. While stationed at Dover Air Force Base, he attended Baltimore's long-standing Meetup for Ruby on Rails, where "People taught me about open source. There was pizza, there was beer. They made me feel like I was at home."
Programming

'Pragmatic Programmer' Author Andy Hunt Loves Arduino, Hates JavaScript (bestprogrammingbooks.com) 185

Andy Hunt is one of the 17 software developers who wrote the Agile Manifesto, and he co-authored The Pragmatic Programmer. Now Slashdot reader cerberusss writes: In an interview with Best Programming Books, Andy Hunt mentions he "hates languages that introduce accidental complexity, such as JavaScript -- what a nightmare of pitfalls for newbies and even seasoned developers... My go-to languages are still Ruby for most things, or straight C for systems programming, Pi or Arduino projects." Furthermore, he mentions that "I tend to do more experimenting and engineering than pure code writing, so there's occasionally some soldering involved ;). Code is just one tool of many."
Andy writes that he also likes Elixir, talks about Agile, reveals how he survived his most challenging project, and says the biggest advancement in programming has been the open source movement. ("Imagine trying to study chemistry, but the first half of the elements were patent-protected by a major pharma company and you couldn't use them...") And he also answered an interesting follow-up question on Twitter: "Do you feel validated in an age of Node and GitHub? Some of your best chapters (scripting and source control) are SOP now!"

Andy's reply? "We've made some great progress, for sure. But there's much to be done still. E.g., You can't ship process."
Stats

RedMonk Identifies 2017's Most Popular Languages: JavaScript, Java, And Python (redmonk.com) 125

Twice a year the tech analysts at RedMonk attempt to gauge adoption trends for programing languages based on data from both GitHub and Stack Overflow. Here's their top 10 list for 2017: JavaScript, Java, Python, and PHP, followed by a two-way tie between C# and C++, a two-way tie between Ruby and CSS, and then C at #9, and Objective-C at #10. But their GitHub data now counts the number of pull requests rather than the number of repositories. An anonymous reader quotes their report: Swift was a major beneficiary of the new GitHub process, jumping eight spots from 24 to 16 on our GitHub rankings. While the language appears to be entering something of a trough of disillusionment from a market perception standpoint, with major hype giving way to skepticism in many quarters, its statistical performance according to the observable metrics we track remains strong. Swift has reached a Top 15 ranking faster than any other language we have tracked since we've been performing these rankings. Its strong performance from a GitHub perspective suggests that the wider, multi-platform approach taken by the language is paying benefits...

Of all of the top tier languages, none jumped more than TypeScript on our GitHub rankings, as the JavaScript superset moved up 17 points.... PowerShell moved from 36 within the GitHub rankings to 19 to match TypeScript's 17 point jump, and that was enough to nudge it into the Top 20 overall from its prior ranking of 25... One of the biggest overall gainers of any of the measured languages, Rust leaped from 47 on our board to 26 â" one spot behind Visual Basic.

Swift and Scala and Shell all just missed out on the top 10, clustering in a three-way tie at the #11 spot.
Businesses

Programmers Are Confessing Their Coding Sins To Protest a Broken Job Interview Process (theoutline.com) 1001

A number of programmers have taken it Twitter to bring it to everyone's, but particularly recruiter's, attention about the grueling interview process in their field that relies heavily on technical questions. David Heinemeier Hansson, a well-known programmer and the creator of the popular Ruby on Rails coding framework, started it when he tweeted, "Hello, my name is David. I would fail to write bubble sort on a whiteboard. I look code up on the internet all the time. I don't do riddles." Another coder added, "Hello, my name is Tim. I'm a lead at Google with over 30 years coding experience and I need to look up how to get length of a python string." Another coder chimed in, "Hello my name is Mike, I'm a GDE and lead at NY Times, I don't know what np complete means. Should I?" A feature story on The Outline adds: This interview style, widely used by major tech companies including Google and Amazon, typically pits candidates against a whiteboard without access to reference material -- a scenario working programmers say is demoralizing and an unrealistic test of actual ability. People spend weeks preparing for this process, afraid that the interviewer will quiz them on the one obscure algorithm they haven't studied. "A cottage industry has emerged that reminds us uncomfortably of SAT prep," Karla Monterroso, VP of programs for Code2040, an organization for black and Latino techies, wrote in a critique of the whiteboard interview. [...] This means companies tend to favor recent computer science grads from top-tier schools who have had time to cram; in other words, it doesn't help diversify the field with women, older people, and people of color.
Programming

GitHub Commits Reveal The Top 'Weekend Programming' Languages (medium.com) 149

An anonymous reader writes: Google "developer advocate" Felipe Hoffa has determined the top "weekend programming languages," those which see the biggest spike in commit activity on the weekends. "Clearly 2016 was a year dedicated to play with functional languages, up and coming paradigms, and scripting 3d worlds," he writes, revealing that the top weekend programming languages are:

Rust, Glsl, D, Haskell, Common Lisp, Kicad, Emacs Lisp, Lua, Scheme, Julia, Elm, Eagle, Racket, Dart, Nsis, Clojure, Kotlin, Elixir, F#, Ocaml

Earlier this week another data scientist calculated ended up with an entirely different list by counting the frequency of each language's tag in StackOverflow questions. But Hoffa's analysis was performed using Google's BigQuery web service, and he's also compiled a list of 2016's least popular weekend languages -- the ones people seem to prefer using at the office rather than in their own free time.

Nginx, Matlab, Processing, Vue, Fortran, Visual Basic, Objective-C++, Plsql, Plpgsql, Web Ontology Language, Smarty, Groovy, Batchfile, Objective-C, Powershell, Xslt, Cucumber, Hcl, Puppet, Gcc Machine Description

What's most interesting is the changes over time. In the last year Perl has become more popular than Java, PHP, and ASP as a weekend programming language. And Rust "used to be a weekday language," Hoffa writes, but it soon also grew more popular for Saturdays and Sunday. Meanwhile, "The more popular Go grows, the more it settles as a weekday language," while Puppet "is the champion of weekday coders." Ruby on the other hand, is "slowly leaving the week and embracing the weekend."

Hoffa is also a long-time Slashdot reader who analyzed one billion files on GitHub last summer to determine whether they'd been indented with spaces or tabs. But does this new list resonate with anybody? What languages are you using for your weekend coding projects?
Programming

Developer Argues For 'Forgotten Code Constructs' Like GOTO and Eval (techbeacon.com) 600

mikeatTB quotes TechBeacon: Some things in the programming world are so easy to misuse that most people prefer to never use them at all. These are the programming equivalent of a flamethrower... [But] creative use of features such as goto, multiple inheritance, eval, and recursion may be just the right solution for experienced developers when used in the right situation. Is it time to resurrect these four forgotten code constructs?
The article notes that the Linux kernel uses goto statements, and links to Linus Torvalds' defense of them. ("Any if-statement is a goto. As are all structured loops...") And it points out that eval statements are supported by JavaScript, Python, PHP, and Ruby. But when the article describes recursion as "more forgotten than forbidden," it begs the inevitable question. Are you using these "forgotten code constructs" -- and should you be?
Programming

Can Learning Smalltalk Make You A Better Programmer? 343

Slashdot reader horrido shares an article that "has done more for Smalltalk advocacy than any other article in memory." It was the second-most popular article of the year on the Hewlett Packard Enterprise site TechBeacon (recently passing 20,000 views), with Richard Eng, the founder of the nonprofit Smalltalk Renaissance, arguing that the 44-year-old language is much more than a tool for teachers -- and not just because Amber Smalltalk transpiles to JavaScript for front-end web programming. It's a superlative prototyping language for startups. It's an industrial-strength enterprise language used by businesses both big and small all around the globe... Smalltalk's implementation of the object-oriented paradigm is so excellent that it has influenced an entire generation of OO languages, such as Objective-C, Python, Ruby, CLOS, PHP 5, Perl 6, Erlang, Groovy, Scala, Dart, Swift, and so on. By learning Smalltalk, you'll understand how all of those useful features in today's OO languages came to be.
The article also argues that Smalltalk pioneered just-in-time compilation and virtual machines, the model-view-controller design paradigm, and to a large extent, even test-driven development. But most importantly, Smalltalk's reliance on domain-specific languages makes it "the 'purest' OO, and one of the earliest... It is often said that programming in Smalltalk or Python is rather like Zen; your mind just flows effortlessly with the task. This is the beauty and value of language simplicity, and Smalltalk has this in spades... Smalltalk, by virtue of its object purity and consistency, will give you a profoundly better understanding of object-oriented programming and how to use it to its best effect."
Security

Ashley Madison To Pay $1.6M Settlement Related To Data Breach (pcworld.com) 45

The company behind Ashley Madison, the adultery enabling website, has agreed to pay a $1.6 million settlement related to a major data breach last year that exposed account details of 36 million users. From a PCWorld report: Ashley Madison's operator, Toronto-based Ruby, is making the settlement for failing to protect the account information and for creating fake user profiles to lure in prospective customers, the U.S. Federal Trade Commission said on Wednesday. In July 2015, a hacking group called Impact Team managed to steal the account details and then post them online a month later -- potentially damaging the reputation of the customers using the adultery website. The FTC alleges the Ashley Madison site suffered from lax security, allowing hackers to break in several times between Nov. 2014 and June 2015. The service also retained personal information of users who had paid $19 to delete their data from the site, the FTC said.
Programming

Ask Slashdot: Has Your Team Ever Succumbed To Hype Driven Development? (daftcode.pl) 332

marekkirejczyk, the VP of Engineering at development shop Daftcode, shares a warning about hype-driven development: Someone reads a blog post, it's trending on Twitter, and we just came back from a conference where there was a great talk about it. Soon after, the team starts using this new shiny technology (or software architecture design paradigm), but instead of going faster (as promised) and building a better product, they get into trouble. They slow down, get demotivated, have problems delivering the next working version to production.
Describing behind-schedule teams that "just need a few more days to sort it all out," he blames all the hype surrounding React.js, microservices, NoSQL, and that "Test-Driven Development Is Dead" blog post by Ruby on Rails creator David Heinemeier Hansson. ("The list goes on and on... The root of all evil seems to be social media.") Does all this sound familiar to any Slashdot readers? Has your team ever succumbed to hype-driven development?

Slashdot Top Deals