Developers who mistyped the package name loaded the malicious libraries in their software's setup scripts. "These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script, setup.py, is modified to include a malicious (but relatively benign) code," NBU explained. Experts say the malicious code only collected information on infected hosts, such as name and version of the fake package, the username of the user who installed the package, and the user's computer hostname. Collected data, which looked like "Y:urllib-1.21.1 admin testmachine", was uploaded to a Chinese IP address. NBU officials contacted PyPI administrators last week who removed the packages before officials published a security advisory on Saturday."
The advisory lays some of the blame on Python's 'pip' tool, which executes arbitrary code during installations without requiring a cryptographic signature.
Ars Technica also reports that another team of researchers "was able to seed PyPI with more than 20 libraries that are part of the Python standard library," and that group now reports they've already received more than 7,400 pingbacks.
Does Python show a similar growth in the rest of the world, in countries like India, Brazil, Russia and China? Indeed it does. Outside of high-income countries Python is still the fastest growing major programming language; it simply started at a lower level and the growth began two years later (in 2014 rather than 2012). In fact, the year-over-year growth rate of Python in non-high-income countries is slightly higher than it is in high-income countries... We're not looking to contribute to any "language war." The number of users of a language doesn't imply anything about its quality, and certainly can't tell you which language is more appropriate for a particular situation. With that perspective in mind, however, we believe it's worth understanding what languages make up the developer ecosystem, and how that ecosystem might be changing. This post demonstrated that Python has shown a surprising growth in the last five years, especially within high-income countries.
The post was written by Stack Overflow data scientist David Robinson, who notes that "I used to program primarily in Python, though I have since switched entirely to R."
On mobile, where the majority of the world's content is now consumed, Google and Facebook own eight of the top 10 apps, with apps devouring 87% of our time spent on smartphones and tablets, according to new comScore data. For that remaining 13% of time spent on the mobile web, Google and Apple offer the two dominant browsers... the majority of our time online is now mediated by just a few megacorporations, and for the most part their top incentive is to borrow our privacy just long enough to target an ad at us. Then there's Mozilla, an organization whose mantra is "Internet for people, not profit." That feels like a necessary voice to add to today's internet oligopoly, but it's not one we're hearing... We clearly need an organization standing up for web freedom, as expecting Google to do that is like asking the fox to guard the henhouse. Google does many great things, but its clear incentive is to sell ads. We are Google's product, as the saying goes.
The article applauds the Mozilla-sponsored Rust programming language as promising, "but not to save the web from the all-consuming embrace of Facebook and Google, especially as they wall off the experience in apps... "If I sound like I don't know what to propose Mozilla should do, it's because I don't. I simply feel strongly that the role Mozilla played in the early browser wars needs to be resurrected to save the web today."
Open-source makes it hard for us to develop some features "in the clear" (like our recent video launch) without leaking our plans too far in advance. As Reddit is now a larger player on the web, it is hard for us to be strategic in our planning when everyone can see what code we are committing. Because of the above, our internal development, production and "feature" branches have been moving further and further from the "canonical" state of the open source repository... We are actively moving away from the "monolithic" version of reddit that works using only the original repository... Because of these reasons, we are making the following changes to our open-source practice. We're going to archive reddit/reddit and reddit/reddit-mobile. These will still be accessible in their current state, but will no longer receive updates.
The announcement has been condensed slightly, but Reddit's founding engineer insists that "We believe in open source, and want to make sure that our contributions are both useful and meaningful. We will continue to open source tools that are of use to engineers everywhere." In addition, "Much of the core of Reddit is based on open source technologies (Postgres, python, memcached, Cassanda to name a few!) and we will continue to contribute to projects we use and modify..."
"Those who have been paying attention will realize that this isn't really a change to how we're doing anything but rather making explicit what's already been going on."
In Asciidots, the aforementioned go-kart track is represented by lines (|,-,/,\)... Most of the other non-line symbols are mathematical operators, but there are also symbols that direct the program to request input from the user, set values, print values, and change the direction of the unit of data... Under the hood, Asciidots is a Python program. An Asciidots program is just fed into that underlying program and digested into normal Python code, which is then executed.
The article includes some examples, and argues that esoteric esolangs like Asciidots force programmers to consider fresh perspectives. And in addition, "it looks really cool."
Sébastien's comments were surrounded by a <rant-on-languages> tag, but they're still crying out for some serious discussion. Any Slashdot readers want to share their own insights on Python, some fond thoughts on gedit, or suggestions for maintaining a great piece of open source software?
California, New York and Virginia still had the highest number of developers using the site, while Alaska, Wyoming and South Dakota not surprisingly had the least number of developers. But maybe the real take-away is that programmers are now becoming more distributed. HackerRank's announcement notes that the site "found growing developer communities and skilled developers all across the country. Previously, the highest concentrations of developers did not stray far from the tech hubs in California. Hawaii, Colorado, Virginia, and Nevada demonstrated the fastest growth in terms of developer activity on the HackerRank platform..." In addition, "we've had a noticeable uptick in customers across industries, from healthcare to retail and finance, with strong demand for identifying technical skills quickly."
Their conclucion? "Today, as the demand for developers goes beyond technology and as there is more opportunity to work remotely, there's a more distributed workforce of skilled developers across the nation, from the Rust Belt to the East Coast... Software developers aren't just attached to VCs, startups or Silicon Valley anymore."
Fedora is now gathering feedback on a Wiki page explaining the switch.
The article specifically highlights these four new projects:
- Rust-CPython - a set of bindings in Rust for the CPython runtime
- PyO3 - a basic way to write Rust software with bindings to Python in both directions.
- Snaek - lets developers create Rust libraries that are loaded dynamically into Python as needed, but don't rely on being linked statically against Python's runtime.
- Cookiecutter PyPackage Rust Cross-Platform Publish - simplifies the process of bundling Rust binaries with a Python library.
Python has continued its upward trajectory from last year and jumped two places to the No. 1 slot, though the top four -- Python, C, Java, and C++ -- all remain very close in popularity. Indeed, in Diakopoulos's analysis of what the underlying metrics have to say about the languages currently in demand by recruiting companies, C comes out ahead of Python by a good margin... Ruby has fallen all the way down to 12th position, but in doing so it has given Apple's Swift the chance to join Google's Go in the Top Ten... Outside the Top Ten, Apple's Objective-C mirrors the ascent of Swift, dropping down to 26th place. However, for the second year in a row, no new languages have entered the rankings. We seem to have entered a period of consolidation in coding as programmers digest the tools created to cater to the explosion of cloud, mobile, and big data applications.
"Speaking of stabilized programming tools and languages," the article concludes, "it's worth noting Fortran's continued presence right in the middle of the rankings (sitting still in 28th place), along with Lisp in 35th place and Cobol hanging in at 40th."
Even across all experience levels, contributing to open source still correlates to higher salaries, Gabasova concludes. "My theory is that when diverse people are working on open source projects together without enforced coding style, the possible formatting mess is nudging people towards using spaces simply because the code is consistent for everyone.
"This is just one of the possible theories, I didn't look to see if possibly language communities that use predominantly spaces (like Python or Ruby) are more active in open source."
People who complain that you can't build large scale systems without a compiler likely over-rely on the latter and are slaves to IDEs. If you write good unit tests and enforce Test Driven Development, the compiler becomes un-necessary and gets in the way. You are forced to provide too much information to it (also known as boilerplate) and can't quickly refactor code, which is necessary for quick iterations.
The original submission ends with a question: "Is Python going to dominate in the future?" Slashdot readers should have some interesting opinions on this. So leave your own thoughts in the comments. Will Python become the dominant programming language?
There are software tools that can turn, say, C code into a visual flow chart representation of said C code. Is there any way to do the opposite -- draw a flowchart, and have that flowchart turn into working C code?
Leave your best answers in the comments.
"Noteworthy new packages" include Rust 1.17.0 and Cargo 0.18.0, as well as Julia 0.5.2, as we ll as "significant updates" like Go 1.8, Python 3.6, and Ruby 2.4. And in addition, "MD5 and SHA-1 hashes have been removed from APKBUILDs, being obsoleted by SHA-512."
- The president of one job leadership consultancy argues C and C++ coders will soon be as obsolete as Cobol programmers. "The entire world has gone to Java or .Net. You still find C++ coders in financial companies because their systems are built on that, but they're disappearing."
- A data scientist at Stack Overflow "says demand for PHP, WordPress, and LAMP skills are seeing a steady decline, while newer frameworks and languages like React, Angular, and Scala are on the rise."
- The CEO and co-founder of an anonymous virtual private network service says "The rise of Azure and the Linux takeover has put most Windows admins out of work. Many of my old colleagues have had to retrain for Linux or go into something else entirely."
- In addition, "Thanks to the massive migration to the cloud, listings for jobs that involve maintaining IT infrastructure, like network engineer or system administrator, are trending downward, notes Terence Chiu, vice president of careers site Indeed Prime."
- The CTO of the job site Ladders adds that Smalltalk, Flex, and Pascal "quickly went from being popular to being only useful for maintaining older systems. Engineers and programmers need to continually learn new languages, or they'll find themselves maintaining systems instead of creating new products."
- The president of Dice.com says "Right now, Java and Python are really hot. In five years they may not be... jobs are changing all the time, and that's a real pain point for tech professionals."
But the regional dean of Northeastern University-Silicon Valley has the glummest prediction of all. "If I were to look at a crystal ball, I don't think the world's going to need as many coders after 2020. Ninety percent of coding is taking some business specs and translating them into computer logic. That's really ripe for machine learning and low-end AI."