Security researcher David Buchanan has found that Twitter image uploads can be polyglot files, meaning they can be valid simultaneously in multiple formats, such as a .jpg, a .rar archive and a .zip archive. From a report: Using some Python code he wrote, he created a thumbnail image of William Shakespeare overlaid with the words, "Unzip Me" and posted it to Twitter. The .jpg image is also a valid .zip file, so if you download it, you can unzip it and extract the contents, a multipart .rar archive of the text of Shakespeare's plays. [...] Twitter performs some processing on uploaded images, which has the potential to mess with the data. But Buchanan found that his multi-format file survived this process. It may be that image itself (excluding the rather bulky metadata) is light enough not to trigger any compression or post-upload processing.

Jeffrey M. Perkel, writing for Nature: Perched atop the Cerro Pachon ridge in the Chilean Andes is a building site that will eventually become the Large Synoptic Survey Telescope (LSST). When it comes online in 2022, the telescope will generate terabytes of data each night as it surveys the southern skies automatically. And to crunch those data, astronomers will use a familiar and increasingly popular tool: the Jupyter notebook. Jupyter is a free, open-source, interactive web tool known as a computational notebook, which researchers can use to combine software code, computational output, explanatory text and multimedia resources in a single document. Computational notebooks have been around for decades, but Jupyter in particular has exploded in popularity over the past couple of years. This rapid uptake has been aided by an enthusiastic community of user-developers and a redesigned architecture that allows the notebook to speak dozens of programming languages -- a fact reflected in its name, which was inspired, according to co-founder Fernando Perez, by the programming languages Julia (Ju), Python (Py) and R.

[...] For data scientists, Jupyter has emerged as a de facto standard, says Lorena Barba, a mechanical and aeronautical engineer at George Washington University in Washington DC. Mario Juric, an astronomer at the University of Washington in Seattle who coordinates the LSST's data-management team, says: "I've never seen any migration this fast. It's just amazing." Computational notebooks are essentially laboratory notebooks for scientific computing. Instead of pasting, say, DNA gels alongside lab protocols, researchers embed code, data and text to document their computational methods. The result, says Jupyter co-creator Brian Granger at California Polytechnic State University in San Luis Obispo, is a "computational narrative" -- a document that allows researchers to supplement their code and data with analysis, hypotheses and conjecture. For data scientists, that format can drive exploration.

An anonymous reader writes: A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code. The 12 packages used typo-squatting in the hopes a user would install them by accident or carelessness when doing a "pip install" operation for a mistyped more popular package, like Django (ex: diango).

Eleven libraries would attempt to either collect data about each infected environment, obtain boot persistence, or even open a reverse shell on remote workstations. A twelfth package, named "colourama," was financially-motivated and hijacked an infected users' operating system clipboard, where it would scan every 500ms for a Bitcoin address-like string, which it would replace with the attacker's own Bitcoin address in an attempt to hijack Bitcoin payments/transfers made by an infected user.
54 users downloaded that package -- although all 12 malicious packages have since been taken down.

Four of the packages were misspellings of django -- diango, djago, dajngo, and djanga.

Economist Paul Romer, a co-winner of the 2018 Nobel Prize in economics, uses the programming language Python for his research, according to Quartz. Romer reportedly tried using Wolfram Mathematica to make his work transparent, but it didn't work so he converted to a Jupyter notebook instead. From the report: Romer believes in making research transparent. He argues that openness and clarity about methodology is important for scientific research to gain trust. As Romer explained in an April 2018 blog post, in an effort to make his own work transparent, he tried to use Mathematica to share one of his studies in a way that anyone could explore every detail of his data and methods. It didn't work. He says that Mathematica's owner, Wolfram Research, made it too difficult to share his work in a way that didn't require other people to use the proprietary software, too. Readers also could not see all of the code he used for his equations.

Instead of using Mathematica, Romer discovered that he could use a Jupyter notebook for sharing his research. Jupyter notebooks are web applications that allow programmers and researchers to share documents that include code, charts, equations, and data. Jupyter notebooks allow for code written in dozens of programming languages. For his research, Romer used Python -- the most popular language for data science and statistics. Importantly, unlike notebooks made from Mathematica, Jupyter notebooks are open source, which means that anyone can look at all of the code that created them. This allows for truly transparent research. In a compelling story for The Atlantic, James Somers argued that Jupyter notebooks may replace the traditional research paper typically shared as a PDF.

At an event this month (you can find the video of it here), Davide Cavalca, a production engineer at Facebook, spoke about the growing adoption of systemd at the data centers of the company. From a report: Facebook continues making use of systemd's many features inside their data centers. Some of their highlights for systemd use in 2018 includes: Facebook's servers have been relying on systemd for about the past two years. Facebook is using CentOS 7 everywhere from hosts to containers. While relying on CentOS 7, Facebook backports a lot of packages including new systemd releases, Meson, other dependencies, and of course new Linux kernel releases. Facebook is working on "pystemd" as a Python (Cython) wrapper on top of SD-BUS.

talonyx writes: D-Wave Systems, the contentious but scrappy maker of quantum annealing processors, has launched a cloud-based platform where developers can sign up for free and run problems on their quantum processor unit (QPU). There's an in-depth set of demos, documentation, and an open-source Python SDK to look at. "Leap is the latest addition to the quantum cloud -- services that virtualize quantum computing for almost anyone with a computer and a broadband connection to use," reports IEEE Spectrum. "Leap allows anyone to sign up, giving them one minute of time on a cloud-connected 2000Q each month. That might not sound like much, but a key advantage of quantum computing is to be able to solve in milliseconds problems like factoring large numbers, optimizing routes, or calculating molecular structures that could take traditional computers days or weeks."

"D-Wave estimates that each user's free minute of quantum computing time should be enough to run between 400 and 4,000 jobs each month," the report adds. "If developers want more, the company will charge commercial users $2,000 for one hour of access each month."

"There is a kind of programming trap I occasionally fall into that is so damn irritating that it needs a name," writes Eric S. Raymond, in a new blog post: The task is easy to specify and apparently easy to write tests for. The code can be instrumented so that you can see exactly what is going on during every run. You think you have a complete grasp on the theory. It's the kind of thing you think you're normally good at, and ought to be able to polish off in 20 LOC and 45 minutes.

And yet, success eludes you for an insanely long time. Edge cases spring up out of nowhere to mug you. Every fix you try drags you further off into the weeds. You stare at dumps from the instrumentation until you're dizzy and numb, and no enlightenment occurs. Even as you are bashing your head against a wall of incomprehension, consciousness grows that when you find the solution, it will be damningly simple and you will feel utterly moronic, like you should have gotten there days ago.

Welcome to programmer hell. This is your shtoopid problem.... If you ever find yourself staring at your instrumentation results and thinking "It...can't...possibly...be...doing...that", welcome to shtoopidland. Here's your mallet, have fun pounding your own head. (Cue cartoon sound effects.)
Raymond's latest experience in shtoopidland came while working on a Python-translating tool, and left him analyzing why there's some programming conundrums that repel solutions. "You're not defeated by what you don't know so much as by what you think you do know," he concludes. So how do you escape?

"[I]nstrument everything. I mean EVERYTHING, especially the places where you think you are sure what is going on. Your assumptions are your enemy; printf-equivalents are your friend. If you track every state change in the your code down to a sufficient level of detail, you will eventually have that forehead-slapping moment of why didn't-I-see-this-sooner that is the terminal characteristic of a shtoopid problem."

Share your own stories in the comments. Are there any programmers on Slashdot who've experienced their own shtoopid problems?

Long-time Slashdot reader mni12 writes: Anybody interested to try out this "retro game" Amazon Alexa skill I created? Just say "Alexa, enable moon lander".

DESCRIPTION:
Your mission is to land the Apollo 11 Lunar Module to the surface of the Moon.Alexa will help you by reading out your altitude and velocity. Houston Mission Control is also monitoring your descend using telemetry. The telemetry data is shown on your Alexa companion app or website.

HOW TO PLAY:
You control the descent by throttling the rocket engine burn."Burn 100" will give maximum 100% thrust and "Burn 0" will give you no thrust.You can use any value between 0 and 100 to control the descent velocity.

The game starts at 1000 meters with descent velocity of -50 meters/second.The maximum landing velocity is 5 meters/second and you have 75 seconds to complete the mission.If you make a successful landing, you will be added on the Leader board with your score and ranking.
In a discussion on Reddit, the Python developer behind the game also remembers watching Neil Armstrong and Buzz Aldrin's actual 1969 moon landing on TV. "I added some 1969 sound clips from Apollo 11 mission to make the game experience sound more real...."

The original submission also offers some more hints about winning the game, while Wikipedia has a whole page devoted to the "Lunar Lander videogame genre," noting that the first version was created in 1969 on a PDP-8.

After breaking into the top three most popular programming languages for the first time this month, behind C and Java, Python has also won the hearts of hackers and web nasties, according to attack statistics published this week by web security biz Imperva. From a report: The company says more than a third of daily attacks against sites the company protects come from a malicious or legitimate tool coded in Python. Imperva says that around 77 percent of all the sites the company protects, have been attacked by at least one Python-based tool. Furthermore, when the company looked at the list of tools that hackers used for their attacks, more than a quarter were coded in Python, by far the attackers' favorite tool. "Hackers, like developers, enjoy Python's advantages which makes it a popular hacking tool," the Imperva team says.

Python creator Guido van Rossum retired in July, but he's been pulled back in to resolve a debate about politically incorrect language. The Register reports: Like other open source communities, Python's minders have been asked whether they really want to continue using the terms "master" and "slave" to describe technical operations and relationships, given that the words remind some people of America's peculiar institution, a historical legacy that fires political passions to this day. Last week Victor Stinner, a Python developer who works for Red Hat, published four pull requests seeking to change "master" and "slave" in Python documentation and code to terms like "parent," "worker," or something similarly anodyne. "For diversity reasons, it would be nice to try to avoid 'master' and 'slave' terminology which can be associated to slavery," he explained in his bug report, noting that there have been complaints but they've been filed privately -- presumably to avoid being dragged into a fractious flame war. And when Python 3.8 is released, there will be fewer instances of these terms.

InfoWorld described the move as a "breakthrough": As expected, Python has climbed into the Top 3 of the Tiobe index of language popularity, achieving that milestone for the first time ever in the September 2018 edition of the index. With a rating of 7.653 percent, Python placed third behind first-place Java, which had a rating of 17.436 percent, and second-place C, rated at 15.447. Python displaced C++, which finished third last month and took fourth place this month, with a rating of 7.394 percent...

Python also has been scoring high in two other language rankings:

- The PyPL Popularity of Programming Language index, where it ranked No. 1 this month, as it has done before, and has had the most growth in the past five years.

- The RedMonk Programming Language Rankings, where Python again placed third.
Tiobe notes that Python's arrival in the top 3 "really took a long time," since it first entered their chart at the beginning of the 1990s. But today, "It is already the first choice at universities (for all kinds of subjects for which programming is demanded) and is now also conquering the industrial world." In February Tiobe also added a new programming language to their index: SQL. (Since "SQL appears to be Turing complete.")

"Other interesting moves this month are: Rust jumps from #36 to #31, Groovy from #44 to #34 and Julia from #50 to #39."

Julia, the MIT-created programming language for developers "who want it all", hit its milestone 1.0 release this month -- with MIT highlighting its rapid adoption in the six short years since its launch. From a report: Released in 2012, Julia is designed to combine the speed of C with the usability of Python, the dynamism of Ruby, the mathematical prowess of MatLab, and the statistical chops of R. "The release of Julia 1.0 signals that Julia is now ready to change the technical world by combining the high-level productivity and ease of use of Python and R with the lightning-fast speed of C++," says MIT professor Alan Edelman. The breadth of Julia's capabilities and ability to spread workloads across hundreds of thousands of processing cores have led to its use for everything from machine learning to large-scale supercomputer simulation. MIT says Julia is the only high-level dynamic programming language in the "petaflop club," having been used to simulate 188 million stars, galaxies, and other astronomical objects on Cori, the world's 10th-most powerful supercomputer. The simulation ran in just 14.6 minutes, using 650,000 Intel Knights Landing Xeon Phi cores to handle 1.5 petaflops (quadrillion floating-point operations per second).

Programmers may love hot newer languages like Kotlin and Rust, but according to a Cloud Foundry Foundation (CFF) recent survey of global enterprise developers and IT decision makers, Java and Javascript are the top enterprise languages. ZDNet: That said, the CFF also found [PDF] that, "More and more, businesses are employing a polyglot and a multi-platform strategy to meet their exact needs." The CFF discovered 77 percent of enterprises are using or evaluating Platforms-as-a-Service (PaaS); 72 percent are using or considering containers; and 46 percent are using or thinking about serverless computing. Simultaneously, more than a third (39 percent) are using all three technologies together. For companies this "flexibility of cloud-native practices enables [companies to move] away from a monolithic approach and towards a world of computing that is flexible, portable and interoperable." That means, while Java and JavaScript are only growing ever more popular, the larger the company, the more languages are used. After the Java twins, C++, C#, Python, and PHP are the most popular languages.

An anonymous reader quotes InsideHPC: Today Julia Computing announced the Julia 1.0 programming language release, "the most important Julia milestone since Julia was introduced in February 2012." As the first complete, reliable, stable and forward-compatible Julia release, version 1.0 is the fastest, simplest and most productive open-source programming language for scientific, numeric and mathematical computing. "With today's Julia 1.0 release, Julia now provides the language stability that commercial customers require together with the unique combination of lightning speed and high productivity that gives Julia its competitive advantage compared with Python, R, C++ and Java."
The Register reports: Created by Jeff Bezanson, Stefan Karpinski, Viral Shah, and Alan Edelman, the language was designed to excel at data science, machine learning, and scientific computing.... Six years ago, Julia's creators framed their goals thus:

"We want a language that's open source, with a liberal license. We want the speed of C with the dynamism of Ruby. We want a language that's homoiconic, with true macros like Lisp, but with obvious, familiar mathematical notation like Matlab. We want something as usable for general programming as Python, as easy for statistics as R, as natural for string processing as Perl, as powerful for linear algebra as Matlab, as good at gluing programs together as the shell. Something that is dirt simple to learn, yet keeps the most serious hackers happy. We want it interactive and we want it compiled...."

In a julialang.org post announcing the milestone, the minders of the language claim to have achieved some of their goals.

A new article in CIO magazine argues that when it comes to computer science, "few of us really need much of any of it." Slashdot reader itwbennett offers this summary: At the heart of the matter is the fact that most businesses don't really need programmers to be deep thinkers. For them, it's "just as worthwhile to hire someone from a physics lab who just used Python to massage some data streams from an instrument. They can learn the shallow details just as readily as the CS genius," according to the article.
CIO's anonymous author promises an incomplete list of "why we may be better off ignoring CS majors." Some of the highlights:

• Theory distracts and confuses. "Many computer scientists are mathematicians at heart and the theorem-obsessed mindset permeates the discipline."

• Academic languages are rarely used. "...the academy breeds snobbery and a love for arcane solutions."

• Many CS professors are mathematicians, not programmers. "One of the dirty secrets about most computer science departments is that most of the professors can't program computers. Their real job is giving lectures and wrangling grants...."

• Many required subjects are rarely used. "...it's too bad few of us use many data structures any more."

• Institutions breed arrogance. "...the very nature of academic degrees are designed to give graduates the ability to argue one's superiority with authority. "

• Many modern skills are ignored. "If you want to understand Node.js, React, game design or cloud computation, you'll find very little of it in the average curriculum... It's very common for computer science departments to produce deep thinkers who understand some of the fundamental challenges without any shallow knowledge of the details that dominate the average employee's day."

"It's not that CS degrees are bad," the article concludes. "It's just that they're not going to speak to the problems that most of us need to solve."

New submitter rfengineer shares a report: Welcome to IEEE Spectrum's fifth annual interactive ranking of the top programming languages. Because no one can peer over the shoulders of every coder out there, anyone attempting to measure the popularity of computer languages must rely on proxy measures of relative popularity. In our case, this means combining metrics from multiple sources to rank 47 languages. But recognizing that different programmers have different needs and domains of interest, we've chosen not to blend all those metrics up into One Ranking to Rule Them All. [...] Python has tightened its grip on the No. 1 spot. Last year it came out on top by just barely beating out C, with Python's score of 100 to C's 99.7. But this year, there's a wider gap between first and second place, with C++ coming in at 98.4 for the No. 2 slot (last year, Java had come third with a score of 99.4, while this year its fallen to 4th place with a score of 97.5). C has fallen to third place, with a score of 98.2.

Since Venmo's transactions are "public" by default and broadcast on Venmo's API, a Python programmer decided to publicize a few of them, reports the Mercury News: The creator of the bot named "Who's buying drugs on Venmo" under the Twitter handle @venmodrugs says he wanted users to consider their privacy settings before using Venmo. The bot finds Venmo transactions that include words such as heroin, marijuana, cocaine, meth, speed or emojis that denote drugs and tweets the transaction with the names of the sender and receiver and the sender's photo, if there is one... "I wanted to demonstrate how much data Venmo was making publicly available with their open API and their public by default settings and encourage people to consider their privacy settings," Joel Guerra, the creator of the bot, told Motherboard, a technology news outlet run by Vice.
He shut the bot after 24 hours, according to a Medium essay titled "Why I blasted your 'drug' deals on Twitter": I chose drugs, sex and alcohol keywords as the trigger for the bot because because they were funny and shocking. I removed the last names of users because I didn't want to actually contribute to the problem of lack of privacy... I braced myself for backlash but the response was overwhelmingly positive. People understood my point and I had sparked a lot of discussion about online privacy and the need for users to do a better job of understanding the terms of software they were using -- and a lot of discussion about how companies need to do a better job of informing customers how their data was being used...

After about 24 hours of tweeting everyone's drug laden Venmo transactions I shut down the bot (Python script!!) and deleted all the tweets. I had successfully made my point and gotten more attention than I had imagined possible. Thousands of people were reading tweets and articles about the bot and discussing data privacy. I saw no further value in tweeting out anyone's personal transactions anymore. However, all I ever did was format the data and automate a Twitter account -- the data is still readily available.
His closure of the bot drew some interesting reactions on Twitter.

"booooooooo. I was so entertained by this."

"I remember I had a dealer take my phone and set venmo to private lol."

"we're looking to add a Python developer to our team and I think you'd be a good fit."

The Economist argues that Guido Van Rossum resembled the reluctant Messiah in Monty Python's Life of Brian. An anonymous reader quotes their report: "I certainly didn't set out to create a language that was intended for mass consumption," he explains. But in the past 12 months Google users in America have searched for Python more often than for Kim Kardashian, a reality-TV star. The rate of queries has trebled since 2010, while inquiries after other programming languages have been flat or declining. The language's popularity has grown not merely among professional developers -- nearly 40% of whom use it, with a further 25% wishing to do so, according to Stack Overflow, a programming forum -- but also with ordinary folk. Codecademy, a website that has taught 45 million novices how to use various languages, says that by far the biggest increase in demand is from those wishing to learn Python. It is thus bringing coding to the fingertips of those once baffled by the subject. Pythonistas, as aficionados are known, have helped by adding more than 145,000 packages to the Cheese Shop, covering everything from astronomy to game development....

Python was already the most popular introductory language at American universities in 2014, but the teaching of it is generally limited to those studying science, technology, engineering and mathematics. A more radical proposal is to catch 'em young by offering computer science to all, and in primary schools. Hadi Partovi, the boss of Code.org, a charity, notes that 40% of American schools now offer such lessons, up from 10% in 2013. Around two-thirds of 10- to 12-year-olds have an account on Code.org's website. Perhaps unnerved by a future filled with automated jobs, 90% of American parents want their children to study computer science.
"The CIA has employed Python for hacking, Pixar for producing films, Google for crawling web pages and Spotify for recommending songs," notes the Economist.

Though Van Rossum was Python's Benevolent Dictator For Life, "I'm uncomfortable with that fame," he tells the magazine. "Sometimes I feel like everything I say or do is seen as a very powerful force."

After almost 30 years of overseeing the development of the world's most popular language, Python, its founder and "Benevolent Dictator For Life" (BDFL), Guido van Rossum, has decided to remove himself entirely from the decision process. From a report: Van Rossum isn't leaving Python entirely. He said, "I'll still be there for a while as an ordinary core dev, and I'll still be available to mentor people -- possibly more available." It's clear from van Rossum's note he's sick and tired of running the organization. He wrote, "I don't ever want to have to fight so hard for a PEP (Python Enhancement Proposals) [PEP 572 Assignment Expressions] and find that so many people despise my decisions." In addition, van Rossum hints he's not been well. "I'm not getting younger... (I'll spare you the list of medical issues.)" So, "I'm basically giving myself a permanent vacation from being BDFL, and you all will be on your own." From the email: I am not going to appoint a successor. So what are you all going to do? Create a democracy? Anarchy? A dictatorship? A federation? I'm not worried about the day to day decisions in the issue tracker or on GitHub. Very rarely I get asked for an opinion, and usually it's not actually important. So this can just be dealt with as it has always been. At Slashdot, we had the privilege of interviewing Guido van Rossum, a Computer History Museum honoree, in 2013.

Geoff Boeing, a postdoc in the Urban Analytics Lab at the University California, Berkeley, has published a blog post that offers a fascinating look at the street orientation of major cities in the USA and around the world. What is interesting in his findings is how cities from different historical periods form different patterns, and also just how uniformly grid-structured most American cities are. From his post: In 1960, Kevin Lynch published The Image of the City, his treatise on the legibility of urban patterns. How coherent is a city's spatial organization? How do these patterns help or hinder urban navigation? I recently wrote about visualizing street orientations with Python and OSMnx. That is, how is a city's street network oriented in terms of the streets' compass bearings? How well does it adhere to a straightforward north-south-east-west layout? I wanted to revisit this by comparing 25 major US cities' orientations.

Each of the cities is represented by a polar histogram (aka rose diagram) depicting how its streets orient. Each bar's direction represents the compass bearings of the streets (in that histogram bin) and its length represents the relative frequency of streets with those bearings. [...] Most cities' polar histograms similarly tend to cluster in at least a rough, approximate way. But then there are Boston and Charlotte. Unlike most American cities that have one or two primary street grids organizing city circulation, their streets are more evenly distributed in every direction. Boeing published a follow-up to the post to include to compare world cities.