New AI-Assisted Coding Tool Called 'Amazing' (theverge.com) 174
Jacob Jackson, the computer science undergrad at the University of Waterloo who created Deep TabNine, says this sort of software isn't new, but machine learning has hugely improved what it can offer... Earlier this month, he released an updated version that uses a deep learning text-generation algorithm called GPT-2, which was designed by the research lab OpenAI, to improve its abilities. The update has seriously impressed coders, who have called it "amazing," "insane," and "absolutely mind-blowing" on Twitter...
Deep TabNine is trained on 2 million files from coding repository GitHub. It finds patterns in this data and uses them to suggest what's likely to appear next in any given line of code, whether that's a variable name or a function... Most importantly, thanks to the analytical abilities of deep learning, the suggestions Deep TabNine makes are of a high overall quality. And because the software doesn't look at users' own code to make suggestions, it can start helping with projects right from the word go, rather than waiting to get some cues from the code the user writes.
It's not free software. Currently a personal license costs $49 (with a business-use license costing $99), the Verge reports -- but the tool supports the following 22 languages...
Python, JavaScript, Java, C++, C, PHP, Go, C#, Ruby, Objective-C, Rust, Swift, TypeScript, Haskell, OCaml, Scala, Kotlin, Perl, SQL, HTML, CSS, and Bash.
Fedora 30 Linux Distro Is Here (betanews.com) 128
The Most Loved and Most Disliked Programming Languages Revealed in Stack Overflow Survey (stackoverflow.com) 268
Python's versatility continues to fuel its rise through Stack Overflow's rankings for the "most popular" languages, which lists the languages most widely used by developers. This year's survey finds Python to be the fastest-growing major programming language, with Python edging out Android and enterprise workhorse Java to become the fourth most commonly used language. [...] More importantly for developers, this popularity overlaps with demand for the language, with Julia Silge, data scientist at Stack Overflow, saying that jobs data gathered by Stack Overflow also shows Python to be one of the most in-demand languages sought by employers.
[...] Rust may not have as many users as Python or JavaScript but it has earned a lot of affection from those who use it. For the fourth year running, the language tops Stack Overflow's list of "most-loved" languages, which means the proportion of Rust developers who want to continue working with it is larger than that of any other language.[...] Go stands out as a language that is well paid, while also being sought after and where developers report high levels of job satisfaction. Full report here.
Which Programming Language Has The Most Security Vulnerabilities? (techrepublic.com) 330
An anonymous reader quotes TechRepublic: To answer this question, the report compiled information from WhiteSource's database, which aggregates information on open source vulnerabilities from sources including the National Vulnerability Database, security advisories, GitHub issue trackers, and popular open source projects issue trackers. Researchers focused in on open source security vulnerabilities in the seven most widely-used languages of the past 10 years to learn which are most secure, and which vulnerability types are most common in each...
The most common vulnerabilities across most of these languages are Cross-SiteScripting (XSS); Input Validation; Permissions, Privileges, and Access Control; and Information Leak / Disclosure, according to the report.
Across the seven most widely-used programming languages, here's how the vulnerabilities were distributed:
- C (47%)
- PHP (17%)
- Java (11%)
- JavaScript (10%)
- Python (5%)
- C++ (5%)
- Ruby (4%)
But the results are full of disclaimers -- for example, that C tops the list because it's the oldest language with "the highest volume of written code" and "is also one of the languages behind major infrastructure like Open SSL and the Linux kernel."
The report also notes a "substantial rise" across all languages for known open source security vulnerabilities over the last two years, attributing this to more awareness about vulnerable components -- thanks to more research, automated security tools, and "the growing investment in bug bounty programs" -- as well as the increasing popularity of open source software. And it also reports a drop in the percentage of critical vulnerabilities for most languages -- except JavaScript and PHP.
The report then concludes that "the Winner Of Most Secure Programming Language is...no one and everyone...! It is not about the language itself that makes it any more or less secure, but how you use it. If you are mitigating your vulnerabilities throughout the software development lifecycle with the proper management approach, then you are far more likely to stay secure."
Coincidentally, WhiteSource sells software which monitors open source components throughout the software development lifecycle to provide alerts about security (and licensing) issues.
GitHub's Four Most Popular Programming Languages Remain: JavaScript, Java, Python, and PHP (thenewstack.io) 144
When we look at the top languages according to the number of contributors, we see a similar story, with the top four languages mirrored. In this chart, of course, we see that Ruby is on a steady decline, while Typescript is on a steady rise. The only surprise to be seen here is that C, after a brief uptick in popularity, has taken a bit of a nosedive over the past year. Either way, seven of 10 languages have the same exact ranking....
Finally, beyond the language rankings themselves, GitHub offers a wonderful analysis of just what it is that makes a particular language popular in 2018, boiling it down to three key characteristics: thread safety, interoperability, and being open source.
GitHub's report also identifies its fastest growing languages over the last year -- including Kotin, TypeScript, Rust, Python, and Go. "This year, TypeScript shot up to #7 among top languages used on the platform overall, after making its way in the top 10 for the first time last year," the report notes.
"TypeScript is now in the top 10 most used languages across all regions GitHub contributors come from -- and across private, public, and open source repositories."
GitHub's Annual Report Reveals This Year's Top Contributor: Microsoft (github.com) 67
These are among the facts released in GitHub's annual "State of the Octoverse" report -- a surprising number of which involve Microsoft.
- GitHub's top project this year, by contributor count, was Microsoft's Visual Studio Code (with 19,000 contributors), followed by Facebook's React Native (10,000), TensorFlow (9,300) and Angular CLI (8,800) -- as well as Angular (7,600) -- and the open source documentation for Microsoft Azure (7,800).
- Microsoft now has more employees contributing to open source projects than any other company or organization (7,700 employees), followed by Google (5,500), Red Hat (3,300), U.C. Berkeley (2,700), and Intel (2,200).
- The open source documentation for Microsoft Azure is GitHub's fastest-growing open source project, followed by PyTorch (an open source machine learning library for Python).
- Among the "Cool new open source projects" is an Electron app running Windows 95.
But more than 2.1 million organizations are now using GitHub (including public and private repositories) -- which is 40% more than last year -- and the report offers a fun glimpse into the minutiae of life in the coding community.
Read on for more details.
Deserialization Issues Also Affect Ruby -- Not Just Java, PHP, and .NET (zdnet.com)
62
"Versions 2.0 to 2.5 are affected," researchers said. "There is a lot of opportunity for future work including having the technique cover Ruby versions 1.8 and 1.9 as well as covering instances where the Ruby process is invoked with the command line argument --disable-all," the elttam team added. "Alternate Ruby implementations such as JRuby and Rubinius could also be investigated."
The deserialization issues can be used for remote code execution and taking over vulnerable servers. While .NET and PHP were affected, it was Java until now that has faced the biggest issues with deserialization, earlier this year, Oracle announcing it was dropping deserialization support from the Java language's standard package.
Is Julia the Next Big Programming Language? MIT Thinks So, as Version 1.0 Lands (techrepublic.com) 386
Julia 1.0 Released After a Six-Year Wait (insidehpc.com) 131
The Register reports: Created by Jeff Bezanson, Stefan Karpinski, Viral Shah, and Alan Edelman, the language was designed to excel at data science, machine learning, and scientific computing.... Six years ago, Julia's creators framed their goals thus:
"We want a language that's open source, with a liberal license. We want the speed of C with the dynamism of Ruby. We want a language that's homoiconic, with true macros like Lisp, but with obvious, familiar mathematical notation like Matlab. We want something as usable for general programming as Python, as easy for statistics as R, as natural for string processing as Perl, as powerful for linear algebra as Matlab, as good at gluing programs together as the shell. Something that is dirt simple to learn, yet keeps the most serious hackers happy. We want it interactive and we want it compiled...."
In a julialang.org post announcing the milestone, the minders of the language claim to have achieved some of their goals.
Four Years On, Developers Ponder The Real Purpose of Apple's Swift Programming Language (monkeydom.de) 262
On top of that it chose to be opinionated about features of Objective-C, that many long time developers consider virtues, not problems: Adding compile time static dispatch, and making dynamic dispatch and message passing a second class citizen and introspection a non-feature. Define the convenience and elegance of nil-message passing only as a source of problems. Classify the implicit optionality of objects purely as a source of bugs. [...] It keeps defering the big wins to the future while it only offered a very labour intensive upgrade path. Without a steady revenue stream, many apps that would have just compiled fine if done in Objective-C, either can't take advantage of new features of the devices easily, or had to be taken out of the App Store alltogether, because upgrading would be to costly. If you are working in the indie dev-scene, you probably know one of those stories as well. And while this is supposed to be over now, this damage has been done and is real.
On top of all of this, there is that great tension with the existing Apple framework ecosystem. While Apple did a great job on exposing Cocoa/Foundation as graspable into Swift as they could, there is still great tension in the way Swift wants to see the world, and the design paradigms that created the existing frameworks. That tension is not resolved yet, and since it is a design conflict, essentially can't be resolved. Just mitigated. From old foundational design patterns of Cocoa, like delegation, data sources, flat class hierarchies, over to the way the collection classes work, and how forgiving the API in general should be. If you work in that world you are constantly torn between doing things the Swift/standard-library way, or the Cocoa way and bridging in-between. To make matters worse there are a lot of concepts that don't even have a good equivalent. This, for me at least, generates an almost unbearable mental load.
Snapchat Takes a Second Try at Spectacles (cnbc.com) 43
Can Ruby Survive Another 25 Years? (techradar.com) 195
To improve performance further Ruby is introducing JIT (Just-In-Time) technology, which is already used by JVM and other languages. "We've created a prototype of this JIT compiler so that this year, probably on Christmas Day, Ruby 2.6 will be released," Matz confirmed. You can try the initial implementation of the MJIT compiler in the 2.6 preview1... Probably the clearest overview explanation of how MJIT works is supplied by Shannon Skipper: "With MJIT, certain Ruby YARV instructions are converted to C code and put into a .c file, which is compiled by GCC or Clang into a .so dynamic library file. The RubyVM can then use that cached, precompiled native code from the dynamic library the next time the RubyVM sees that same YARV instruction.
Ruby creator Yukihiro Matsumoto says Ruby 3.0 "has a goal of being three times faster than Ruby 2.0," and TechRadar reports that it's obvious that Matsumoto "will do anything he can to enable Ruby to survive and thrive..."
And in addition, "he's thoroughly enjoying himself doing what he does... and his outlook is quite simple: Programming is fun, he's had fun for the last 25 years making Ruby, and at the age of 52 now, he hopes that he'll get to spend the next 25 years having as much fun working on the language he dreamt up and wrote down in -- a now lost -- notebook, at the age of 17."
"We want Ruby to be the language that is around for a long time and people still use," Matsumoto tells another interviewer, "not the one people used to use."
JavaScript Rules But Microsoft Programming Languages Are On the Rise (zdnet.com) 141
TIOBE's top programming language index for March consists of many of the same top 10 languages though in a different order, with Java in top spot, followed by C, C++, Python, C#, Visual Basic .NET, PHP, JavaScript, Ruby, and SQL. These and other popularity rankings are meant to help developers see which skills they should be developing. Outside the RedMonk top 10, O'Grady highlights a few notable changes, including an apparent flattening-out in the rapid ascent of Google's back-end system language, Go.
New Year's Resolutions For Linux Admins: Automate More, Learn New Languages (networkworld.com) 139
Along with that, they suggest learning a new scripting language. "It's easy to keep using the same tools you've been using for decades (I should know), but you might have more fun and more relevance in the long run if you teach yourself a new scripting language. If you've got bash and Perl down pat, consider adding Python or Ruby or some other new language to your mix of skills."
Other suggestions include trying a new distro -- many of which can now be run in "live mode" on a USB drive -- and investigating the security procedures of cloud services (described in the article as "trusting an outside organization with our data").
"And don't forget... There are now only 20 years until 2038 -- The Unix/Linux clockpocalypse."
Which Programming Languages Are Most Prone to Bugs? (i-programmer.info) 247
The results? "The languages with the strongest positive coefficients - meaning associated with a greater number of defect fixes are C++, C, and Objective-C, also PHP and Python. On the other hand, Clojure, Haskell, Ruby and Scala all have significant negative coefficients implying that these languages are less likely than average to result in defect fixing commits."
Or, in the researcher's words, "Language design does have a significant, but modest effect on software quality. Most notably, it does appear that disallowing type confusion is modestly better than allowing it, and among functional languages static typing is also somewhat better than dynamic typing."
Did Programming Language Flaws Create Insecure Apps? (bleepingcomputer.com) 100
Fuzzing involves providing invalid, unexpected, or random data as input to a software application. The researcher created his own fuzzing framework named XDiFF that broke down programming languages per each of its core functions and fuzzed each one for abnormalities. His work exposed severe flaws in all five languages, such as a hidden flaw in PHP constant names that can be abused to perform remote code execution, and undocumented Python methods that can be used for OS code execution. Arnaboldi argues that attackers can exploit these flaws even in the most secure applications built on top of these programming languages.
What Happens to Open Source Code After Its Developer Dies? (wired.com) 78
Most package-management systems have "at least an ad-hoc process for transferring control over a library," according to Wired, but they also note that "that usually depends on someone noticing that a project has been orphaned and then volunteering to adopt it." Evan Phoenix of the Ruby Gems project acknowledges that "We don't have an official policy mostly because it hasn't come up all that often. We do have an adviser council that is used to decide these types of things case by case." Searls suggests GitHub and package managers like Ruby Gems add a "dead man's switch" to their platform, which would allow programmers to automatically transfer ownership of a project or an account to someone else if the creator doesn't log in or make changes after a set period of time.
Wired also spoke to Michael Droettboom, who took over the Python library Matplotlib after John Hunter died in 2012. He points out that "Sometimes there are parts of the code that only one person understands," stressing the need for developers to also understand the code they're inheriting.
Perl is the Most Hated Programming Language, Developers Say (theregister.co.uk) 472
Interviews: Red Hat CEO Jim Whitehurst Answers Your Questions (redhat.com) 133
For Slashdot's 20th anniversary -- and the 23rd anniversary of the first release of Red Hat Linux -- here's a special treat.
Red Hat CEO Jim Whitehurst has responded to questions submitted by Slashdot readers. Read on for his answers...