Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Python Is On the Rise, While PHP Falls ( 232

Nerval's Lobster writes: While this month's lists of the top programming languages uniformly put Java in the top spot, that's not the only detail of interest to developers. Which language has gained the most users over the past five years? And which are tottering on the edge of obsolescence? According to PYPL, which pulls its raw data for analysis from Google Trends, Python has grown the most over the past five years—up 5 percent since roughly 2010. Over the same period, PHP also declined by 5 percent. Since PYPL looks at how often language tutorials are searched on Google, its data is a good indicator of how many developers are (or aren't) learning a language, presumably because they see it as valuable to their careers. Just because PYPL shows PHP losing market-share over the long term doesn't mean that language is in danger of imminent collapse; over the past year or so, the PHP community has concentrated on making the language more pleasant to use, whether by improving features such as package management, or boosting overall performance. Plus, PHP is still used on hundreds of millions of websites, according to data from Netcraft. Indeed, if there's any language on these analysts' lists that risks doom, it's Objective-C, the primary language used for programming iOS and Mac OS X apps, and its growing obsolescence is by design.

Vulnerability In Java Commons Library Leads To Hundreds of Insecure Applications ( 115

An anonymous reader writes: Stephen Breen from the FoxGlove Security team is calling attention to what he calls the "most underrated, underhyped vulnerability of 2015." It's a remote code execution exploit that affects the latest versions of WebLogic, WebSphere, JBoss, Jenkins, and OpenMMS, and many other pieces of software. How? An extremely common Java library. He says, "No one gave it a fancy name, there were no press releases, nobody called Mandiant to come put out the fires. In fact, even though proof of concept code was released over 9 months ago, none of the products mentioned in the title of the blog post have been patched, along with many more. In fact no patch is available for the Java library containing the vulnerability. In addition to any commercial products that are vulnerable, this also affects many custom applications.

Apple Usurps Oracle As the Biggest Threat To PC Security 320

AmiMoJo writes: According to data from Secunia, Apple's software for Windows is now the biggest threat to PC security, surpassing previous long term champion Java. Among U.S. users, some 61 percent of computers detected running QuickTime did not have the latest version. With iTunes, 47 percent of the installations were outdated versions. There were 18 vulnerabilities in Apple QuickTime 7 at the time of the study. Oracle has now fallen/risen to 2nd place, followed by Adobe. All three vendors bundle automatic updater utilities with their software, but users seem to be declining new versions. Update fatigue, perhaps?

Oracle Fixes Java Vulnerability Used By Russian Cyberspies ( 126

itwbennett writes: Oracle said that it has fixed 154 security flaws in Java and a wide range of its other products, including one that Russian cyberespionage group Pawn Storm used to launch stealthy attacks earlier this year. The vulnerability, tracked as CVE-2015-4902, was being used by the Pawn Storm attackers to enable the execution of a malicious Java application without user interaction.

Ask Slashdot: Selecting a Version Control System For an Inexperienced Team 325

An anonymous reader writes: I have been programming in Python for quite a while, but so far I have not used a version control system. For a new project, a lot more people (10-15) are expected to contribute to the code base, many of them have never written a single line of Python but C, LabVIEW or Java instead. This is a company decision that can be seen as a Python vs. LabVIEW comparison — if successful the company is willing to migrate all code to Python. The code will be mostly geared towards data acquisition and data analysis leading to reports. At the moment I have the feeling, that managing that data (=measurements + reports) might be done within the version control system since this would generate an audit trail on the fly. So far I have been trying to select a version control system, based on google I guess it should be git or mercurial. I get the feeling, that they are quite similar for basic things. I expect, that the differences will show up when more sophisticated topics/problems are addressed — so to pick one I would have to learn both — what are your suggestions? Read below for more specifics.

Firefox Support For NPAPI Plugins Ends Next Year ( 147

An anonymous reader writes: Mozilla announced that it will follow the lead of Google Chrome and Microsoft Edge in phasing out support for NPAPI plugins. They expect to have it done by the end of next year. "Plugins are a source of performance problems, crashes, and security incidents for Web users. ... Moreover, since new Firefox platforms do not have to support an existing ecosystem of users and plugins, new platforms such as 64-bit Firefox for Windows will launch without plugin support." Of course, there's an exception: "Because Adobe Flash is still a common part of the Web experience for most users, we will continue to support Flash within Firefox as an exception to the general plugin policy. Mozilla and Adobe will continue to collaborate to bring improvements to the Flash experience on Firefox, including on stability and performance, features and security architecture." There's no exception for Java, though.

Retro Roundup: Old Computers Emulated Right In Your Browser 78

An anonymous reader writes: If you ever wanted to program an Altair, an Apple I, or a COSMAC ELF you may think you either have to buy one (expensive now) or load and configure simulation software. However, there's a slew of browser-based emulators for everything from a PDP-11 to Windows 1.0 out there. Some use Java, but many use Javascript and many perform better on a modern PC then they did in their original. If you want to learn some history or just want to finally play with the computers you saw in the magazines 35 years ago, these are great fun and slightly addictive.

Cassandra Rewritten In C++, Ten Times Faster 341

urdak writes: At Cassandra Summit opening today, Avi Kivity and Dor Laor (who had previously written KVM and OSv) announced ScyllaDB — an open-source C++ rewrite of Cassandra, the popular NoSQL database. ScyllaDB claims to achieve a whopping 10 times more throughput per node than the original Java code, with sub-millisecond 99%ile latency. They even measured 1 million transactions per second on a single node. The performance of the new code is attributed to writing it in Seastar — a C++ framework for writing complex asynchronous applications with optimal performance on modern hardware.

When Does Software Start Becoming Malware? 165

New submitter Da w00t writes: Talos security researchers detected a malicious shockwave flash file that not only bypasses pop-up blockers, but also accurately fingerprints computers with the help of some JavaScript. The 'Infinity Popup Toolkit' is a prime example of software that falls into this gray area by bypassing browser pop-up blocking. In deciding to classify the toolkit as malware, the researchers pondered where the line lies between software that's harmful and software that's not. Quoting: "Without a clear standard defining what is and is not acceptable behavior, identifying malware is problematic. In many situations, users are confronted with software that exhibits undesirable behavior such as the Java installer including a default option to install the toolbar. Even though many users objected to the inclusion of the toolbar, Oracle only recently discontinued including it in Java downloads after Microsoft changed their definition of malware which then classified the toolbar as malware."

Video GameStart Uses Minecraft to Teach Kids Programming (Video 2) 18

As we said last week, "You can't teach all programming by using Minecraft to keep kids interested, but you can use Minecraft, Java, and Eclipse to give them a good start." That's what Tyler Kilgore and his colleagues at GameStart are doing. Watch today's video (number 2), go back to last week's video (number 1) if you missed it, and read both days' transcripts for the full scoop.

Video GameStart Uses Minecraft to Teach Kids Programming (Video 1) 30

You can't teach all programming by using Minecraft to keep kids interested, but you can use Minecraft, Java, and Eclipse to give them a good start. That's what Tyler Kilgore and his colleagues at GameStart are doing. Watch today's video (number 1), tomorrow's video (number 2) and read both days' transcripts for the full scoop. EDIT: "Tomorrow's video" should read, "Monday's video."

JetBrains Moving Its Dev Tools To Subscription Model 141

esarjeant writes: For many Java developers, IntelliJ has been our predominant IDE. JetBrains is looking to make their tools easier easier to buy and use by switching to a subscription program. Their plan is to have people pay a monthly/yearly fee for access to the tools instead of upgrading when they're ready. Fortunately, if your subscription lapses it looks like you'll have 30 days to check all your stuff in. How does NetBeans look now? Many members of various developer communities are pushing back against this change: "For a developer with an unstable income, it might be perfectly fine to stay on an older version of the software until they've stashed enough cash to afford the upgrade. That will no longer work." JetBrains has acknowledged the feedback, and say they will act on it.

The Most Important Obscure Languages? 429

Nerval's Lobster writes: If you're a programmer, you're knowledgeable about "big" languages such as Java and C++. But what about those little-known languages you only hear about occasionally? Which ones have an impact on the world that belies their obscurity? Erlang (used in high-performance, parallel systems) springs immediately to mind, as does R, which is relied upon my mathematicians and analysts to crunch all sorts of data. But surely there are a handful of others, used only by a subset of people, that nonetheless inform large and important platforms that lots of people rely upon... without realizing what they owe to a language that few have ever heard of.

Google May Try To Recruit You For a Job Based On Your Search Queries 182 writes: If Google sees that you're searching for specific programming terms, they may ask you to apply for a job as Max Rossett writes that three months ago while working on a project, he Googled "python lambda function list comprehension." The familiar blue links appeared on the search page, and he started to look for the most relevant one. But then something unusual happened. The search results split and folded back to reveal a box that said "You're speaking our language. Up for a challenge?" Clicking on the link took Rossett to a page called "" that outlined a programming challenge and gave instructions on how to submit his solution. "I had 48 hours to solve it, and the timer was ticking," writes Rossett. "I had the option to code in Python or Java. I set to work and solved the first problem in a couple hours. Each time I submitted a solution, tested my code against five hidden test cases."

After solving another five problems the page gave Rossett the option to submit his contact information and much to his surprise, a recruiter emailed him a couple days later asking for a copy of his resume. Three months after the mysterious invitation appeared, Rossett started at Google. Apparently Google has been using this recruiting tactic for some time.

The Top 10 Programming Languages On GitHub, Over Time 132

An anonymous reader writes with a link to VentureBeat's article on the information that GitHub released this week about the top-ten languages used by GitHub's users, and how they've changed over the site's history. GitHub's chart shows the change in rank for programming languages since GitHub launched in 2008 all the way to what the site's 10 million users are using for coding today. To be clear, this graph doesn't show the definitive top 10 programming languages. Because GitHub has become so popular (even causing Google Code to shut down), however, it still paints a fairly accurate picture of programming trends over recent years. Trend lines aside, here are the top 10 programming languages on GitHub today: 1. JavaScript 2. Java 3. Ruby 4. PHP 5. Python 6. CSS 7. C++ 8. C# 9. C 10. HTML

Oracle: Google Has "Destroyed" the Market For Java 457

itwbennett writes: Oracle made a request late last month to broaden its case against Android. Now, claiming that 'Android has now irreversibly destroyed Java's fundamental value proposition as a potential mobile device operating system,' Oracle on Wednesday filed a supplemental complaint in San Francisco district court that encompasses the six Android versions that have come out since Oracle originally filed its case back in 2010: Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, Kit Kat and Lollipop.

Compiling to JavaScript: TypeScript vs. Haxe 94

lars_doucet writes: Released in 2012, Microsoft's TypeScript is perhaps the best-known "compile to JS" language, but it wasn't the first. One of the earliest was Haxe, whose JS target first appeared in 2006. In his illuminating article, TypeScript vs Haxe, Andy Li gives an excellent rundown of the two languages' various merits, but the bottom line is: "Existing JS developers will favor TypeScript as they are more similar in many ways. They can utilize their existing skills immediately. Non-JS developers with backgrounds like Java/C# or even from the functional programming world will appreciate Haxe more since it fixes a lot of weirdness of JS." The full article includes an excellent rundown of the type systems, syntax, scope handling, compilers, and overall language design philosophy.

Pawn Storm Group Makes Trend Micro IP Address a C&C Server 45

An anonymous reader writes: Following Trend Micro's disclosure of Russian hacking group Pawn Storm's 7-year campaign against military-industrial targets in and related to the United States, the security company has today announced that one of the IP addresses it owns has been 'designated' by the hackers as a C&C server for their spear-phishing scenario. The intent of the DNS record redirection, according to the company, is likely to be to convince others that it has been hacked (which it hasn't), or else to push one of its IP addresses into administrative blacklists.

First Java 0-Day In 2 Years Exploited By Pawn Storm Hackers 122

An anonymous reader writes with Help Net Security's report that a new zero-day vulnerability in Java is being exploited, quoting from which: The flaw was spotted by Trend Micro researchers, who are closely monitoring a targeted attack campaign mounted by the economic and political cyber-espionage operation Pawn Storm. The existence of the flaw was discovered by finding suspicious URLs that hosted the exploit. The exploit allows attackers to execute arbitrary code on target systems with default Java settings. Until a patch is made, disabling Java is the recommended course of action.