TIOBE attempts to calculate programming language popularity using the number of skilled engineers, courses, and third-party vendors.

And the eight most popular languages in September's rankings haven't changed since last month:

1. Python
2. C++
3. C
4. Java
5. C#
6. JavaScript
7. Visual Basic
8. Go

But by TIOBE's ranking, Perl is still the #10 most-popular programming in September (dropping from #9 in August). "One year ago Perl was at position 27 and now it suddenly pops up at position 10 again," marvels TIOBE CEO Paul Jansen. The technical reason why Perl is rated this high is because of its huge number of books on Amazon. It has 4 times more books listed than for instance PHP, or 7 times more books than Rust. The underlying "real" reason for Perl's increase of popularity is unknown to me. The only possibility I can think of is that Perl 5 is now gradually considered to become the real Perl... Perl 6/Raku is at position 129 of the TIOBE index, thus playing no role at all in the programming world. Perl 5 on the other hand is releasing more often recently, thus gaining attention.
An article at the i-Programmer blog thinks Perl's resurgence could be from its text processing capabilities: Even in this era of AI, everything is still governed by text formats; text is still the King. XML, JSON calling APIs, YAML, Markdown, Log files..That means that there's still need to process it, transform it, clean it, extract from it. Perl with its first-class-citizen regular expressions, the wealth of text manipulation libraries up on CPAN and its full Unicode support of all the latest standards, was and is still the best. Simply there's no other that can match Perl's text processing capabilities.
They also cite Perl's backing by the open source community, and its "getting a 'proper' OOP model in the last couple of years... People just don't know what Perl is capable of and instead prefer to be victims of FOMO ephemeral trends, chasing behind the new and shiny."

Perl creator Larry Wall answered questions from Slashdot's readers in 2016. So I'd be curious from Slashdot's readers about Perl today. (Share your experiences in the comments if you're still using Perl -- or Raku...)

Perl's drop to #9 means Delphi/Object Pascal rises up one rank, growing from 1.82% in August to 2.26% in September to claim September's #9 spot. "At number 11 and 1.86%, SQL is quite close to entering the top 10 again," notes TechRepublic. (SQL fell to #12 in June, which the site speculated was due to "the increased use of NoSQL databases for AI applications.")

But TechRepublic adds that the #1 most popular programming language (according to TIOBE) is still Python: Perl sits at 2.03% in TIOBE's proprietary ranking system in September, up from 0.64% in January. Last year, Perl held the 27th position... Python's unstoppable rise dipped slightly from 26.14% in August to 25.98% in September. Python is still well ahead of every other language on the index.

Davis Lu, a former Eaton Corporation developer, has been sentenced to four years in prison for sabotaging his ex-employer's Windows network with malware and a custom kill switch that locked out thousands of employees once his account was disabled. The attack caused significant operational disruption and financial losses, with Lu also attempting to cover his tracks by deleting data and researching privilege escalation techniques. BleepingComputer reports: After a corporate restructuring and subsequent demotion in 2018, the DOJ says that Lu retaliated by embedding malicious code throughout the company's Windows production environment. The malicious code included an infinite Java thread loop designed to overwhelm servers and crash production systems. Lu also created a kill switch named "IsDLEnabledinAD" ("Is Davis Lu enabled in Active Directory") that would automatically lock all users out of their accounts if his account was disabled in Active Directory. When his employment was terminated on September 9, 2019, and his account disabled, the kill switch activated, causing thousands of users to be locked out of their systems.

"The defendant breached his employer's trust by using his access and technical knowledge to sabotage company networks, wreaking havoc and causing hundreds of thousands of dollars in losses for a U.S. company," said Acting Assistant Attorney General Matthew R. Galeotti. When he was instructed to return his laptop, Lu reportedly deleted encrypted data from his device. Investigators later discovered search queries on the device researching how to elevate privileges, hide processes, and quickly delete files. Lu was found guilty earlier this year of intentionally causing damage to protected computers. After his four-year sentence, Lu will also serve three years of supervised release following his prison term.

Last month, Python "reached the highest ranking a programming language ever had in the TIOBE index," according to TIOBE CEO Paul Jansen.

"We thought Python couldn't grow any further, but AI code assistants let Python take yet another step forward." According to recent studies of Stanford University (Yegor Denisov-Blanch), AI code assistants such as Microsoft Copilot, Cursor or Google Gemini Code Assist are 20% more effective if used for popular programming languages. The reason for this is obvious: there is more code for these languages available to train the underlying models. This trend is visible in the TIOBE index as well, where we see a consolidation of languages at the top. Why would you start to learn a new obscure language for which no AI assistance is available? This is the modern way of saying that you don't want to learn a new language that is hardly documented and/or has too few libraries that can help you.
TIOBE's "Programming Community Index" attempts to calculate the popularity of languages using the number of skilled engineers, courses, and third-party vendors. It nows gives Python a 26.14% rating, which TechRepublic notes "is well ahead of the next two programming languages on this month's leaderboard: C++ is at 9.18% and C is 9.03%." But the first top six languages haven't changed since last year...

1. Python
2. C++
3. C
4. Java
5. C#
6. JavaScript

Since August of 2024 SQL has dropped from its #7 rank down to #12 (meaning Visual Basic and Go each rise up one rank from their position a year ago, into the #7 and #8 positions).

In the last year Perl has risen from the #25 position to #9, beating out Delphi/Oracle Pascal at #10, and Fortran at #11 (last year's #10). TIOBE CEO Jansen "told TechRepublic in an email that many people were asking why Perl was becoming more popular, but he didn't have a definitive answer. He said he double-checked the underlying data and found the increase to be accurate, though the reason for the shift remains unclear."

America's nonprofit College Board lets high school students take college-level classes — including a computer programming course that culminates with a 90-minute test. But students did better on questions about If-Then statements than they did on questions about arrays, according to the head of the program. Long-time Slashdot reader theodp explains: Students exhibited "strong performance on primitive types, Boolean expressions, and If statements; 44% of students earned 7-8 of these 8 points," says program head Trevor Packard. But students were challenged by "questions on Arrays, ArrayLists, and 2D Arrays; 17% of students earned 11-12 of these 12 points."

"The most challenging AP Computer Science A free-response question was #4, the 2D array number puzzle; 19% of students earned 8-9 of the 9 points possible."
You can see that question here. ("You will write the constructor and one method of the SumOrSameGame class... Array elements are initialized with random integers between 1 and 9, inclusive, each with an equal chance of being assigned to each element of puzzle...") Although to be fair, it was the last question on the test — appearing on page 16 — so maybe some students just didn't get to it.

theodp shares a sample Java solution and one in Excel VBA solution (which includes a visual presentation).

There's tests in 38 subjects — but CS and Statistics are the subjects where the highest number of students earned the test's lowest-possible score (1 out of 5). That end of the graph also includes notoriously difficult subjects like Latin, Japanese Language, and Physics.

There's also a table showing scores for the last 23 years, with fewer than 67% of students achieving a passing grade (3+) for the first 11 years. But in 2013 and 2017, more than 67% of students achieved that passsing grade, and the percentage has stayed above that line ever since (except for 2021), vascillating between 67% and 70.4%.

2018: 67.8%
2019: 69.6%
2020: 70.4%
2021: 65.1%
2022: 67.6%
2023: 68.0%
2024: 67.2%
2025: 67.0%

The computer science major needs a rebrand, Google's head of Android Sameer Samat said, arguing that the discipline is widely misunderstood as simply learning to code. "It is thought of as, 'go learn how to do Java coding,'" Samat said of the major, adding that if that's what students want to do, "you don't need a degree."

Samat, who studied computer science at UC San Diego, views the field differently: "It's definitely not learning to code. It is the science, in my opinion, of solving problems." The major should focus on breaking down problems, learning system design, and collaboration rather than just coding skills, Samat said.

A survey of 500 IT asset managers in organizations that use Oracle Java has found that 73% have been audited in the last three years. From a report: At the same time, nearly eight out of 10 Oracle Java users said they had migrated, or planned to shift, to open source Java to try to avoid the risk and high costs of the dominant vendor's development and runtime environments.

Oracle introduced a paid subscription for Java in September 2018, and in January 2023, it decided to switch its pricing model to per employee rather than per user, creating a steep price hike for many users. In July 2023, Gartner recorded users experiencing price increases of between two and five times when they switched to the new licensing model.

Two years later, the survey conducted by market research firm Dimensional Research showed only 14% of Oracle Java users intended to stick with the vendor's subscription model.

An anonymous reader shared this report from InfoWorld: Tiobe CEO Paul Jansen says Ada, a system programming language whose initial development dates back to the late 1970s, could outlast similarly aged languages like Visual Basic, Perl, and Fortran in the language popularity race.

In comments on this month's Tiobe language popularity index, posted July 9, Jansen said the index has not seen much change among leading languages such as Python, C#, and Java over the past two years. But there is more movement among older languages such as Visual Basic, SQL, Fortran, Ada, Perl, and Delphi, said Jansen. Every time one of these languages is expected to stay in the top 10, it is replaced by another language, he said. Even more remarkably, newer languages have yet to rise above them. "Where are Rust, Kotlin, Dart, and Julia? Apparently, established languages are hot."
"Which one will win? Honestly, this is very hard to tell," Jansen writes, "but I would put my bets on Ada. With the ever-stronger demands on security, Ada is, as a system programming language in the safety-critical domain, likely the best survivor."

Perhaps proving his point, one year ago, Ada was ranked #24 — but on this month's index it ranks #9. (Whereas the eight languages above it all remain in the exact same positions they held a year ago...)

1. Python
2. C++
3. C
4. Java
5. C#
6. JavaScript
7. Go
8. Visual Basic
9. Ada
10. Delphi/Object Pascal

Apple's Swift programming language is expanding official support to Android through a new "Android Working Group" which will improve compatibility, integration, and tooling. "As it stands today, Android apps are generally coded in Kotlin, but Apple is looking to provide its Swift coding language as an alternative," notes 9to5Google. "Apple first launched its coding language back in 2014 with its own platforms in mind, but currently also supports Windows and Linux officially." From the report: A few of the key pillars the Working Group will look to accomplish include:

- Improve and maintain Android support for the official Swift distribution, eliminating the need for out-of-tree or downstream patches
- Recommend enhancements to core Swift packages such as Foundation and Dispatch to work better with Android idioms
- Work with the Platform Steering Group to officially define platform support levels generally, and then work towards achieving official support of a particular level for Android
- Determine the range of supported Android API levels and architectures for Swift integration
- Develop continuous integration for the Swift project that includes Android testing in pull request checks.
- Identify and recommend best practices for bridging between Swift and Android's Java SDK and packaging Swift libraries with Android apps
- Develop support for debugging Swift applications on Android
- Advise and assist with adding support for Android to various community Swift packages

The developer-focused analyst firm RedMonk releases twice-a-year rankings of programming language popularity. This week they also released a handy graph showing the movement of top 20 languages since 2012. Their current rankings for programming language popularity...

1. JavaScript
2. Python
3. Java
4. PHP
5. C#
6. TypeScript
7. CSS
8. C++
9. Ruby
10. C

The chart shows that over the years the rankings really haven't changed much (other than a surge for TypeScript and Python, plus a drop for Ruby). JavaScript has consistently been #1 (except in two early rankings, where it came in behind Java). And in 2020 Java finally slipped from #2 down to #3, falling behind... Python. Python had already overtaken PHP for the #3 spot in 2017, pushing PHP to a steady #4. C# has maintained the #5 spot since 2014 (though with close competition from both C++ and CSS). And since 2021 the next four spots have been held by Ruby, C, Swift, and R.

The only change in the current top 20 since the last ranking "is Dart dropping from a tie with Rust at 19 into sole possession of 20," writes RedMonk co-founder Stephen O'Grady. "In the decade and a half that we have been ranking these languages, this is by far the least movement within the top 20 that we have seen. While this is to some degree attributable to a general stasis that has settled over the rankings in recent years, the extraordinary lack of movement is likely also in part a manifestation of Stack Overflow's decline in query volume..." The arrival of AI has had a significant and accelerating impact on Stack Overflow, which comprises one half of the data used to both plot and rank languages twice a year... Stack Overflow's value from an observational standpoint is not what it once was, and that has a tangible impact, as we'll see....

As that long time developer site sees fewer questions, it becomes less impactful in terms of driving volatility on its half of the rankings axis, and potentially less suggestive of trends moving forward... [W]e're not yet at a point where Stack Overflow's role in our rankings has been deprecated, but the conversations at least are happening behind the scenes.
"The veracity of the Stack Overflow data is increasingly questionable," writes RedMonk's research director: When we use Stack Overflow for programming language rankings we measure how many questions are asked using specific programming language tags... While other pieces, like Matt Asay's AI didn't kill Stack Overflow are right to point out that the decline existed before the advent of AI coding assistants, it is clear that the usage dramatically decreased post 2023 when ChatGPT became widely available. The number of questions asked are now about 10% what they were at Stack Overflow's peak.
"RedMonk is continuing to evaluate the quality of this analysis," the research director concludes, arguing "there is value in long-lived data, and seeing trends move over a decade is interesting and worthwhile. On the other hand, at this point half of the data feeding the programming language rankings is increasingly stale and of questionable value on a going-forward basis, and there is as of now no replacement public data set available.

"We'll continue to watch and advise you all on what we see with Stack Overflow's data."

Meta and AWS have used Rust, and Netflix uses Go,reports the programming news site InfoQ. But using another language, Apple recently "migrated its global Password Monitoring service from Java to Swift, achieving a 40% increase in throughput, and significantly reducing memory usage."

This freed up nearly 50% of their previously allocated Kubernetes capacity, according to the article, and even "improved startup time, and simplified concurrency." In a recent post, Apple engineers detailed how the rewrite helped the service scale to billions of requests per day while improving responsiveness and maintainability... "Swift allowed us to write smaller, less verbose, and more expressive codebases (close to 85% reduction in lines of code) that are highly readable while prioritizing safety and efficiency."

Apple's Password Monitoring service, part of the broader Password app's ecosystem, is responsible for securely checking whether a user's saved credentials have appeared in known data breaches, without revealing any private information to Apple. It handles billions of requests daily, performing cryptographic comparisons using privacy-preserving protocols. This workload demands high computational throughput, tight latency bounds, and elastic scaling across regions... Apple's previous Java implementation struggled to meet the service's growing performance and scalability needs. Garbage collection caused unpredictable pause times under load, degrading latency consistency. Startup overhead — from JVM initialization, class loading, and just-in-time compilation, slowed the system's ability to scale in real time. Additionally, the service's memory footprint, often reaching tens of gigabytes per instance, reduced infrastructure efficiency and raised operational costs.

Originally developed as a client-side language for Apple platforms, Swift has since expanded into server-side use cases.... Swift's deterministic memory management, based on reference counting rather than garbage collection (GC), eliminated latency spikes caused by GC pauses. This consistency proved critical for a low-latency system at scale. After tuning, Apple reported sub-millisecond 99.9th percentile latencies and a dramatic drop in memory usage: Swift instances consumed hundreds of megabytes, compared to tens of gigabytes with Java.
"While this isn't a sign that Java and similar languages are in decline," concludes InfoQ's article, "there is growing evidence that at the uppermost end of performance requirements, some are finding that general-purpose runtimes no longer suffice."

An anonymous reader quotes a report from The Register: UK universities and colleges have signed a framework worth up to 9.86 million pounds ($13.33 million) with Oracle to use its controversial Java SE Universal Subscription model, in exchange for a "waiver of historic fees due for any institutions who have used Oracle Java since 2023." Jisc, a membership organization that runs procurement for higher and further education establishments in the UK, said it had signed an agreement to purchase the new subscription licenses after consultation with members. In a procurement notice, it said institutions that use Oracle Java SE are required to purchase subscriptions. "The agreement includes the waiver of historic fees due for any institutions who have used Oracle Java since 2023," the notice said.

The Java SE Universal Subscription was introduced in January 2023 to an outcry from licensing experts and analysts. It moved licensing of Java from a per-user basis to a per-employee basis. At the time, Oracle said it was "a simple, low-cost monthly subscription that includes Java SE Licensing and Support for use on Desktops, Servers or Cloud deployments." However, licensing advisors said early calculations to help some clients showed that the revamp might increase costs by up to ten times. Later, analysis from Gartner found the per-employee subscription model to be two to five times more expensive than the legacy model.

"For large organizations, we expect the increase to be two to five times, depending on the number of employees an organization has," Nitish Tyagi, principal Gartner analyst, said in July 2024. "Please remember, Oracle defines employees as part-time, full-time, temporary, agents, contractors, as in whosoever supports internal business operations has to be licensed as per the new Java Universal SE Subscription model." Since the introduction of the new Oracle Java licensing model, user organizations have been strongly advised to move off Oracle Java and find open source alternatives for their software development and runtime environments. A survey of Oracle users found that only one in ten was likely to continue to stay with Oracle Java, in part as a result of the licensing changes.

Longtime Slashdot reader theodp writes: The old Code.org curriculum page for middle and high school students has been changed to include a new Python Lab in the tech-backed nonprofit's K-12 offerings. Elsewhere on the site, a Computer Science and AI Foundations curriculum is described that includes units on 'Foundations of AI Programming [in Python]' and 'Insights from Data and AI [aka Data Science].' A more-detailed AI Foundations Syllabus 25-26 document promises a second semester of material is coming soon: "This semester offers an innovative approach to teaching programming by integrating learning with and about artificial intelligence (AI). Using Python as the primary language, students build foundational programming skills while leveraging AI tools to enhance computational thinking and problem-solving. The curriculum also introduces students to the basics of creating AI-powered programs, exploring machine learning, and applying data science principles."

Newly-posted videos on Code.org's YouTube channel appear to be intended to support the new Python-based CS & AI course. "Python is extremely versatile," explains a Walmart data scientist to open the video for Data Science: Using Python. "So, first of all, Python is one of the very few languages that can handle numbers very, very well." A researcher at the Univ. of Washington's Institute for Health Metrics and Evaluation (IHME) adds, "Python is the gold standard and what people expect data scientists to know [...] Key to us being able to handle really big data sets is our use of Python and cluster computing." Adding to the Python love, an IHME data analyst explains, "Python is a great choice for large databases because there's a lot of support for Python libraries."

Code.org is currently recruiting teachers to attend its CS and AI Foundations Professional Learning program this summer, which is being taught by Code.org's national network of university and nonprofit regional partners (teachers who signup have a chance to win $250 in DonorsChoose credits for their classrooms). A flyer for a five-day Michigan Professional Development program to prepare teachers for a pilot of the Code.org CS & A course touts the new curriculum as "an alternative to the AP [Computer Science] pathway" (teachers are offered scholarships covering registration, lodging, meals, and workshop materials).

Interestingly, Code.org's embrace of Python and Data Science comes as the nonprofit changes its mission to 'make CS and AI a core part of K-12 education' and launches a new national campaign with tech leaders to make CS and AI a graduation requirement. Prior to AI changing the education conversation, Code.org in 2021 boasted that it had lined up a consortium of tech giants, politicians, and educators to push its new $15 million Amazon-bankrolled Java AP CS A curriculum into K-12 classrooms. Just three years later, however, Amazon CEO Andy Jassy was boasting to investors that Amazon had turned to AI to automatically do Java coding that he claimed would have otherwise taken human coders 4,500 developer-years to complete.

Richard Speed writes via The Register: It was 30 years ago when the first public release of the Java programming language introduced the world to Write Once, Run Anywhere -- and showed devs something cuddlier than C and C++. Originally called "Oak," Java was designed in the early 1990s by James Gosling at Sun Microsystems. Initially aimed at digital devices, its focus soon shifted to another platform that was pretty new at the time -- the World Wide Web.

The language, which has some similarities to C and C++, usually compiles to a bytecode that can, in theory, run on any Java Virtual Machine (JVM). The intention was to allow programmers to Write Once Run Anywhere (WORA) although subtle differences in JVM implementations meant that dream didn't always play out in reality. This reporter once worked with a witty colleague who described the system as Write Once Test Everywhere, as yet another unexpected wrinkle in a JVM caused their application to behave unpredictably. However, the language soon became wildly popular, rapidly becoming the backbone of many enterprises. [...]

However, the platform's ubiquity has meant that alternatives exist to Oracle Java, and the language's popularity is undiminished by so-called "predatory licensing tactics." Over 30 years, Java has moved from an upstart new language to something enterprises have come to depend on. Yes, it may not have the shiny baubles demanded by the AI applications of today, but it continues to be the foundation for much of today's modern software development. A thriving ecosystem and a vast community of enthusiasts mean that Java remains more than relevant as it heads into its fourth decade.

Long-time Slashdot reader mbessey (a Mac/iOS developer) writes: As we're coming up on the 50th anniversary of the first release of UCSD Pascal, I thought it would be interesting to poke around in it a bit, and work on some tools to bring this "portable operating system" back to life on modern hardware, in a modern language (Rust).
Wikipedia describes UCSD Pascal as "a version that ran on a custom operating system that could be ported to different platforms. A key platform was the Apple II, where it saw widespread use as Apple Pascal. This led to Pascal becoming the primary high-level language used for development in the Apple Lisa, and later, the Macintosh. Parts of the original Macintosh operating system were hand-translated into Motorola 68000 assembly language from the Pascal source code."

mbessey is chronicling their new project in a series of blog posts which begins here: The p-System was not the first portable byte-code interpreter and compiler system — that idea goes very far back, at least to the origins of the Pascal language itself. But it was arguably one of the most-successful early versions of the idea and served as an inspiration for future portable software systems (including Java's bytecode, and Infocom's Z-machine).
And they've already gotten UCSD Pascal running in an emulator and built some tools (in Rust) to transfer files to disk images. Now they're working towards writing a p-machine emulator in Rust, which they can they port to "something other than the Mac. Ideally, something small â" like an Arduino or Raspberry Pi Pico."

Longtime Slashdot reader frank_adrian314159 writes: According to an article in Wired, Elon Musk has appointed a team of technologists from DOGE to "rewrite the code that runs the SSA in months." This codebase has over 60 million lines of COBOL and handles record keeping for all American workers and payments for all Social Security recipients. Given that the code has to track the byzantine regulations dealing with Social Security, it's no wonder that the codebase is this large. What is in question though is whether a small team can rewrite this code "in months." After all, what could possibly go wrong? "The project is being organized by Elon Musk lieutenant Steve Davis ... and aims to migrate all SSA systems off COBOL ... and onto a more modern replacement like Java within a scheduled tight timeframe of a few months," notes Wired.

"Under any circumstances, a migration of this size and scale would be a massive undertaking, experts tell WIRED, but the expedited deadline runs the risk of obstructing payments to the more than 65 million people in the US currently receiving Social Security benefits."

In 2017, SSA announced a plan to modernize its core systems with a timeline of around five years. However, the work was "pivoted away" because of the pandemic.

Memory safety bugs are "eroding trust in technology and costing billions," argues a new post on Google's security blog — adding that "traditional approaches, like code auditing, fuzzing, and exploit mitigations — while helpful — haven't been enough to stem the tide."

So the blog post calls for a "common framework" for "defining specific, measurable criteria for achieving different levels of memory safety assurance." The hope is this gives policy makers "the technical foundation to craft effective policy initiatives and incentives promoting memory safety" leading to "a market in which vendors are incentivized to invest in memory safety." ("Customers will be empowered to recognize, demand, and reward safety.")

In January the same Google security researchers helped co-write an article noting there are now strong memory-safety "research technologies" that are sufficiently mature: memory-safe languages (including "safer language subsets like Safe Buffers for C++"), mathematically rigorous formal verification, software compartmentalization, and hardware and software protections. (With hardware protections including things like ARM's Memory Tagging Extension and the (Capability Hardware Enhanced RISC Instructions, or "CHERI", architecture.) Google's security researchers are now calling for "a blueprint for a memory-safe future" — though Importantly, the idea is "defining the desired outcomes rather than locking ourselves into specific technologies."

Their blog post this week again urges a practical/actionable framework that's commonly understood, but one that supports different approaches (and allowing tailoring to specific needs) while enabling objective assessment: At Google, we're not just advocating for standardization and a memory-safe future, we're actively working to build it. We are collaborating with industry and academic partners to develop potential standards, and our joint authorship of the recent CACM call-to-action marks an important first step in this process... This commitment is also reflected in our internal efforts. We are prioritizing memory-safe languages, and have already seen significant reductions in vulnerabilities by adopting languages like Rust in combination with existing, wide-spread usage of Java, Kotlin, and Go where performance constraints permit. We recognize that a complete transition to those languages will take time. That's why we're also investing in techniques to improve the safety of our existing C++ codebase by design, such as deploying hardened libc++.

This effort isn't about picking winners or dictating solutions. It's about creating a level playing field, empowering informed decision-making, and driving a virtuous cycle of security improvement... The journey towards memory safety requires a collective commitment to standardization. We need to build a future where memory safety is not an afterthought but a foundational principle, a future where the next generation inherits a digital world that is secure by design.
The security researchers' post calls for "a collective commitment" to eliminate memory-safety bugs, "anchored on secure-by-design practices..." One of the blog post's subheadings? "Let's build a memory-safe future together."

And they're urging changes "not just for ourselves but for the generations that follow."

Brave Browser version 1.75 introduces "custom scriptlets," a new feature that allows advanced users to inject their own JavaScript into websites for enhanced customization, privacy, and usability. The feature is similar to the TamperMonkey and GreaseMonkey browser extensions, notes BleepingComputer. From the report: "Starting with desktop version 1.75, advanced Brave users will be able to write and inject their own scriptlets into a page, allowing for better control over their browsing experience," explained Brave in the announcement. Brave says that the feature was initially created to debug the browser's adblock feature but felt it was too valuable not to share with users. Brave's custom scriptlets feature can be used to modify webpages for a wide variety of privacy, security, and usability purposes.

For privacy-related changes, users write scripts that block JavaScript-based trackers, randomize fingerprinting APIs, and substitute Google Analytics scripts with a dummy version. In terms of customization and accessibility, the scriptlets could be used for hiding sidebars, pop-ups, floating ads, or annoying widgets, force dark mode even on sites that don't support it, expand content areas, force infinite scrolling, adjust text colors and font size, and auto-expand hidden content.

For performance and usability, the scriptlets can block video autoplay, lazy-load images, auto-fill forms with predefined data, enable custom keyboard shortcuts, bypass right-click restrictions, and automatically click confirmation dialogs. The possible actions achievable by injected JavaScript snippets are virtually endless. However, caution is advised, as running untrusted custom scriptlets may cause issues or even introduce some risk.

The Register's Thomas Claburn reports: Oracle this week asked the US Patent and Trademark Office (USPTO) to partially dismiss a challenge to its JavaScript trademark. The move has been criticized as an attempt to either stall or water down legal action against the database goliath over the programming language's name. Deno Land, the outfit behind the Deno JavaScript runtime, filed a petition with the USPTO back in November in an effort to make the trademarked term available to the JavaScript community. This legal effort is led by Node.js creator and Deno Land CEO Ryan Dahl, summarized on the JavaScript.tm website, and supported by more than 16,000 members of the JavaScript community. It aims to remove the fear of an Oracle lawsuit for using the term "JavaScript" in a conference title or business venture.

"Programmers working with JavaScript have formed innumerable community organizations," the website explains. "These organizations, like the standards bodies, have been forced to painstakingly avoid naming the programming language they are built around -- for example, JSConf. Sadly, without risking a legal trademark challenge against Oracle, there can be no 'JavaScript Conference' nor a 'JavaScript Specification.' The world's most popular programming language cannot even have a conference in its name." [...] In the initial trademark complaint, Deno Land makes three arguments to invalidate Oracle's ownership of "JavaScript." The biz claims that JavaScript has become a generic term; that Oracle committed fraud in 2019 when it applied to renew its trademark; and that Oracle has abandoned its trademark because it does not offer JavaScript products or services.

Oracle's motion on Monday focuses on the dismissal of the fraud claim, while arguing that it expects to prevail on the other two claims, citing corporate use of the trademarked term "in connection with a variety of offerings, including its JavaScript Extension Toolkit as well as developer's guides and educational resources, and also that relevant consumers do not perceive JavaScript as a generic term." The fraud claim follows from Deno Land's assertion that the material Oracle submitted in support of its trademark renewal application has nothing to do with any Oracle product. "Oracle, through its attorney, submitted specimens showing screen captures of the Node.js website, a project created by Ryan Dahl, Petitioner's Chief Executive Officer," the trademark cancellation petition says. "Node.js is not affiliated with Oracle, and the use of screen captures of the 'nodejs.org' website as a specimen did not show any use of the mark by Oracle or on behalf of Oracle."

Oracle contends that in fact it submitted two specimens to the USPTO -- a screenshot from the Node.js website and another from its own Oracle JavaScript Extension Toolkit. And this, among other reasons, invalidates the fraud claim, Big Red's attorneys contend. "Where, as here, Registrant 'provided the USPTO with [two specimens]' at least one of which shows use of the mark in commerce, Petitioner cannot plausibly allege that the inclusion of a second, purportedly defective specimen, was material," Oracle's motion argues, adding that no evidence of fraudulent intent has been presented. Beyond asking the court to toss the fraud claim, Oracle has requested an additional thirty days to respond to the other two claims.

Nearly 90% of Oracle Java customers are looking to abandon the software maker's products following controversial licensing changes made in 2023, according to research firm Dimensional Research.

The exodus reflects growing frustration with Oracle's shift to per-employee pricing for its Java platform, which critics called "predatory" and could increase costs up to five times for the same software, Gartner found. The dissatisfaction runs deepest in Europe, where 92% of French and 95% of German users want to switch to alternative providers like Bellsoft Liberica, IBM Semeru, or Azul Platform Core.

Nokia accurately predicted the iPhone would revolutionize the smartphone industry in a confidential analysis prepared the day after Apple unveiled the device in 2007, according to internal documents recently released by Nokia's Design Archive at Aalto University in Finland.

The presentation praised the iPhone's touchscreen interface and recognized Apple's unprecedented control over carrier relationships, though it misjudged the importance of web browsing and Java support.