itwbennett writes: The OpenSSL Software Foundation has released new patches for the popular open-source cryptographic library, but for two of its older branches, OpenSSL 1.0.0t and 0.9.8zh, they will likely be the last security updates because support for these these two branches will end on Dec. 31. Previous research has shown that many companies using in-house built software keep poor records of which library versions their developers used in which of their applications. 'This makes it very likely that some systems and applications with OpenSSL 0.9.8 and 1.0.0 will never be updated, leaving them exposed to any critical vulnerabilities found in the library in the future,' writes Lucian Constantin.

hcs_$reboot writes: The investigation took a year, but we finally know why Air Asia Flight QZ8501, en route to Singapore from the Indonesian city of Surabaya on December 28 last year, crashed into the Java Sea, killing all 162 people on board. The crash was caused by a combination of system malfunctions and improper pilot responses to cascading electrical and rudder-system problems. A cracked solder joint on the Airbus A320 resulted in an electrical interruption that caused computer-generated warnings of a rudder malfunction. The problem occurred four times during the flight. The first three times, the flight crew responded according to standard procedure, investigators said. The fourth time, however, the flight-data recorder indicated actions similar to those of circuit breakers being reset. That led the autopilot to disengage. Investigators said the crew was unable to react appropriately to "a prolonged stall condition," ending in the crash. The investigation points to weaknesses in pilot training in dealing with upsets, or when an aircraft is angled greater than 45 degrees.

This conversation was generated by a post Eric S. Raymond published on his "Armed and Dangerous" blog that said, "...if you are any kind of open-source leader or senior figure who is male, do not be alone with any female, ever, at a technical conference. Try to avoid even being alone, ever, because there is a chance that a 'women in tech' advocacy group is going to try to collect your scalp." Eric later wrote a post about how Social Justice Warriors may be more of a problem than the problems they complain about.

Whoa! Predatory women in tech trying to entrap people like (and including) Linus Torvalds the way an old-time private eye got the goods on an errant husband as part of a divorce case? Scary! And worrying about thoughtcrime, too? Oh my! But Liz Bennett is an actual software engineer who works at Loggly in San Francisco. She writes for her company's blog when she's not writing Java code, has a (not very active) GitHub account, and plays bassoon. And her attitude is similar to the one espoused by ESR in the second post (above): write great code -- and if you do, they (for any value of they) have no right to be negative about you, period. And, she says, before you take a job you should be sure the company is a good "fit" for you and doesn't harbor people who will work to bring you down -- which is great advice for anyone, in any field of endeavor.

A few weeks ago you had the chance to ask Alan Donovan and Brian Kernighan about programming and their upcoming book, The Go Programming Language (available as an eBook Friday the 20th). Below you'll find their answers to your questions.

Nerval's Lobster writes: While this month's lists of the top programming languages uniformly put Java in the top spot, that's not the only detail of interest to developers. Which language has gained the most users over the past five years? And which are tottering on the edge of obsolescence? According to PYPL, which pulls its raw data for analysis from Google Trends, Python has grown the most over the past five years—up 5 percent since roughly 2010. Over the same period, PHP also declined by 5 percent. Since PYPL looks at how often language tutorials are searched on Google, its data is a good indicator of how many developers are (or aren't) learning a language, presumably because they see it as valuable to their careers. Just because PYPL shows PHP losing market-share over the long term doesn't mean that language is in danger of imminent collapse; over the past year or so, the PHP community has concentrated on making the language more pleasant to use, whether by improving features such as package management, or boosting overall performance. Plus, PHP is still used on hundreds of millions of websites, according to data from Netcraft. Indeed, if there's any language on these analysts' lists that risks doom, it's Objective-C, the primary language used for programming iOS and Mac OS X apps, and its growing obsolescence is by design.

An anonymous reader writes: Stephen Breen from the FoxGlove Security team is calling attention to what he calls the "most underrated, underhyped vulnerability of 2015." It's a remote code execution exploit that affects the latest versions of WebLogic, WebSphere, JBoss, Jenkins, and OpenMMS, and many other pieces of software. How? An extremely common Java library. He says, "No one gave it a fancy name, there were no press releases, nobody called Mandiant to come put out the fires. In fact, even though proof of concept code was released over 9 months ago, none of the products mentioned in the title of the blog post have been patched, along with many more. In fact no patch is available for the Java library containing the vulnerability. In addition to any commercial products that are vulnerable, this also affects many custom applications.

AmiMoJo writes: According to data from Secunia, Apple's software for Windows is now the biggest threat to PC security, surpassing previous long term champion Java. Among U.S. users, some 61 percent of computers detected running QuickTime did not have the latest version. With iTunes, 47 percent of the installations were outdated versions. There were 18 vulnerabilities in Apple QuickTime 7 at the time of the study. Oracle has now fallen/risen to 2nd place, followed by Adobe. All three vendors bundle automatic updater utilities with their software, but users seem to be declining new versions. Update fatigue, perhaps?

itwbennett writes: Oracle said that it has fixed 154 security flaws in Java and a wide range of its other products, including one that Russian cyberespionage group Pawn Storm used to launch stealthy attacks earlier this year. The vulnerability, tracked as CVE-2015-4902, was being used by the Pawn Storm attackers to enable the execution of a malicious Java application without user interaction.

An anonymous reader writes: I have been programming in Python for quite a while, but so far I have not used a version control system. For a new project, a lot more people (10-15) are expected to contribute to the code base, many of them have never written a single line of Python but C, LabVIEW or Java instead. This is a company decision that can be seen as a Python vs. LabVIEW comparison — if successful the company is willing to migrate all code to Python. The code will be mostly geared towards data acquisition and data analysis leading to reports. At the moment I have the feeling, that managing that data (=measurements + reports) might be done within the version control system since this would generate an audit trail on the fly. So far I have been trying to select a version control system, based on google I guess it should be git or mercurial. I get the feeling, that they are quite similar for basic things. I expect, that the differences will show up when more sophisticated topics/problems are addressed — so to pick one I would have to learn both — what are your suggestions? Read below for more specifics.

An anonymous reader writes: Mozilla announced that it will follow the lead of Google Chrome and Microsoft Edge in phasing out support for NPAPI plugins. They expect to have it done by the end of next year. "Plugins are a source of performance problems, crashes, and security incidents for Web users. ... Moreover, since new Firefox platforms do not have to support an existing ecosystem of users and plugins, new platforms such as 64-bit Firefox for Windows will launch without plugin support." Of course, there's an exception: "Because Adobe Flash is still a common part of the Web experience for most users, we will continue to support Flash within Firefox as an exception to the general plugin policy. Mozilla and Adobe will continue to collaborate to bring improvements to the Flash experience on Firefox, including on stability and performance, features and security architecture." There's no exception for Java, though.

An anonymous reader writes: If you ever wanted to program an Altair, an Apple I, or a COSMAC ELF you may think you either have to buy one (expensive now) or load and configure simulation software. However, there's a slew of browser-based emulators for everything from a PDP-11 to Windows 1.0 out there. Some use Java, but many use Javascript and many perform better on a modern PC then they did in their original. If you want to learn some history or just want to finally play with the computers you saw in the magazines 35 years ago, these are great fun and slightly addictive.

urdak writes: At Cassandra Summit opening today, Avi Kivity and Dor Laor (who had previously written KVM and OSv) announced ScyllaDB — an open-source C++ rewrite of Cassandra, the popular NoSQL database. ScyllaDB claims to achieve a whopping 10 times more throughput per node than the original Java code, with sub-millisecond 99%ile latency. They even measured 1 million transactions per second on a single node. The performance of the new code is attributed to writing it in Seastar — a C++ framework for writing complex asynchronous applications with optimal performance on modern hardware.

New submitter Da w00t writes: Talos security researchers detected a malicious shockwave flash file that not only bypasses pop-up blockers, but also accurately fingerprints computers with the help of some JavaScript. The 'Infinity Popup Toolkit' is a prime example of software that falls into this gray area by bypassing browser pop-up blocking. In deciding to classify the toolkit as malware, the researchers pondered where the line lies between software that's harmful and software that's not. Quoting: "Without a clear standard defining what is and is not acceptable behavior, identifying malware is problematic. In many situations, users are confronted with software that exhibits undesirable behavior such as the Java installer including a default option to install the Ask.com toolbar. Even though many users objected to the inclusion of the Ask.com toolbar, Oracle only recently discontinued including it in Java downloads after Microsoft changed their definition of malware which then classified the Ask.com toolbar as malware."

As we said last week, "You can't teach all programming by using Minecraft to keep kids interested, but you can use Minecraft, Java, and Eclipse to give them a good start." That's what Tyler Kilgore and his colleagues at GameStart are doing. Watch today's video (number 2), go back to last week's video (number 1) if you missed it, and read both days' transcripts for the full scoop.

You can't teach all programming by using Minecraft to keep kids interested, but you can use Minecraft, Java, and Eclipse to give them a good start. That's what Tyler Kilgore and his colleagues at GameStart are doing. Watch today's video (number 1), tomorrow's video (number 2) and read both days' transcripts for the full scoop. EDIT: "Tomorrow's video" should read, "Monday's video."

esarjeant writes: For many Java developers, IntelliJ has been our predominant IDE. JetBrains is looking to make their tools easier easier to buy and use by switching to a subscription program. Their plan is to have people pay a monthly/yearly fee for access to the tools instead of upgrading when they're ready. Fortunately, if your subscription lapses it looks like you'll have 30 days to check all your stuff in. How does NetBeans look now? Many members of various developer communities are pushing back against this change: "For a developer with an unstable income, it might be perfectly fine to stay on an older version of the software until they've stashed enough cash to afford the upgrade. That will no longer work." JetBrains has acknowledged the feedback, and say they will act on it.

Nerval's Lobster writes: If you're a programmer, you're knowledgeable about "big" languages such as Java and C++. But what about those little-known languages you only hear about occasionally? Which ones have an impact on the world that belies their obscurity? Erlang (used in high-performance, parallel systems) springs immediately to mind, as does R, which is relied upon my mathematicians and analysts to crunch all sorts of data. But surely there are a handful of others, used only by a subset of people, that nonetheless inform large and important platforms that lots of people rely upon... without realizing what they owe to a language that few have ever heard of.

HughPickens.com writes: If Google sees that you're searching for specific programming terms, they may ask you to apply for a job as Max Rossett writes that three months ago while working on a project, he Googled "python lambda function list comprehension." The familiar blue links appeared on the search page, and he started to look for the most relevant one. But then something unusual happened. The search results split and folded back to reveal a box that said "You're speaking our language. Up for a challenge?" Clicking on the link took Rossett to a page called "foo.bar" that outlined a programming challenge and gave instructions on how to submit his solution. "I had 48 hours to solve it, and the timer was ticking," writes Rossett. "I had the option to code in Python or Java. I set to work and solved the first problem in a couple hours. Each time I submitted a solution, foo.bar tested my code against five hidden test cases."

After solving another five problems the page gave Rossett the option to submit his contact information and much to his surprise, a recruiter emailed him a couple days later asking for a copy of his resume. Three months after the mysterious invitation appeared, Rossett started at Google. Apparently Google has been using this recruiting tactic for some time.

An anonymous reader writes with a link to VentureBeat's article on the information that GitHub released this week about the top-ten languages used by GitHub's users, and how they've changed over the site's history. GitHub's chart shows the change in rank for programming languages since GitHub launched in 2008 all the way to what the site's 10 million users are using for coding today. To be clear, this graph doesn't show the definitive top 10 programming languages. Because GitHub has become so popular (even causing Google Code to shut down), however, it still paints a fairly accurate picture of programming trends over recent years. Trend lines aside, here are the top 10 programming languages on GitHub today: 1. JavaScript 2. Java 3. Ruby 4. PHP 5. Python 6. CSS 7. C++ 8. C# 9. C 10. HTML

itwbennett writes: Oracle made a request late last month to broaden its case against Android. Now, claiming that 'Android has now irreversibly destroyed Java's fundamental value proposition as a potential mobile device operating system,' Oracle on Wednesday filed a supplemental complaint in San Francisco district court that encompasses the six Android versions that have come out since Oracle originally filed its case back in 2010: Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, Kit Kat and Lollipop.