National Geographic reports: About a million years ago, an asteroid smacked into the normally tranquil surface of Mars. The impact released a fountain of debris, and some of the rocky fragments pierced the sky, escaping the planet's gravity to journey through the dark. Some of the rocks eventually found their way to Earth and survived the plunge through our planet's atmosphere to thud into the surface-including a hefty 15-pound shard that crashed into Morocco in 2011.... Determining what part of Mars these meteorites came from is a critical part of piecing together the planet's history — but it's proven to be a major scientific challenge.

Now, with the assistance of a crater-counting machine learning program, a team of researchers studying the depleted shergottites may have finally cracked the case: They concluded that these geologic projectiles came from a single crater atop Tharsis, the largest volcanic feature in the solar system. This ancient volcanic behemoth on Mars is adorned with thousands of individual volcanoes and extends three times the area of the continental United States. It was built over billions of years by countless magma injections and lava flows. It is so heavy that, as it formed, it effectively tipped the planet over by 20 degrees. If these meteorites do come from Tharsis, as the analysis published in Nature Communications suggests, then scientists have their hands on meteorites that can help identify the infernal forces that fueled the construction of this world-tipping edifice. "This could really change the game about how we understand Mars," says Luke Daly, a meteorite expert at the University of Glasgow who was not involved with the study.
Debris from meteor impacts tend to also form smaller craters — so the scientists trained their machine learning tools to scan orbital images of Mars to find appropriately-sized crazers (less than two thirds of a mile long). "It quickly found about 90 million, says Kosta Servis, a data scientist at Curtin University and co-author of the study..."

But after sifting through the data, "the team identified 19 large craters in volcanic regions on Mars that were surrounded by multiple secondary craters — a sign that these planetary scars could be as young as the 1.1-million-year-old crater they sought..." Out of those 19 craters, just two were excavated from youthful volcanic deposits by an impact event 1.1 million years ago: crater 09-00015 and Tooting crater. The latter (named after a district in London) looks to have been formed by a powerful oblique impact — the kind of collision that would propel a lot of Martian meteorites into space..."

Buoyed by their discovery, Lagain's team is hoping to identify the source craters of other Martian meteorites — including some of the very oldest, which could reveal more about Mars's waterlogged past.... Machine learning "is a really inventive way of trying to tackle this problem," says Lauren Jozwiak, a planetary volcanologist at Johns Hopkins University Applied Physics Laboratory not involved with the study. "Boy, I hope this method works," she says, because if it does, "it would be really cool to take this and apply it to other planets."

North Dakota has just 266 electric cars, the fewest of any state in America, reports the Washington Post. But the state's biggest booster for electric cars may be: the coal industry: The thinking is straightforward: More electric cars would mean more of a market for the [lower carbon] lignite coal that produces most of North Dakota's electricity, and if a long-shot project to store carbon emissions in deep underground wells works out, it might even result in cleaner air as well. "EVs will be soaking up electricity," said Jason Bohrer, head of a coal trade group that has launched a statewide campaign to promote electric vehicles and charging stations along North Dakota's vast distances. "So coal power plants, our most resilient and available power plants, can continue to be online...."

In North Dakota, Wyoming, West Virginia — and in the nine other states where coal is the main fuel for electric power plants — electric cars will still rely on the combustion of ancient carbon-based deposits for their energy unless other sources of power come to the fore... [C]oal remains by far the main fuel for power plants worldwide, and a recent surge in its price suggests that demand is not waning. Without an intensive turn to carbon capture — a technically feasible but commercially unproven technology — electric vehicles may not be able to make that much of a difference in the effort to reduce greenhouse gas emissions... [A] carbon capture experiment at the Milton R. Young Generation Station adjacent to the BNI mine, devised by a partnership of scientists and the Minnkota Power Cooperative, could make coal more attractive in the clean-energy future — if it works. The idea, known as Project Tundra, is to scrub the carbon dioxide out of the plant's exhaust smoke, condense it and inject it into deep wells...

Carbon capture has been a popular idea within the coal, oil and gas sectors for years now. The technology is not out of reach. Plenty of pilot projects have been launched. But so far no one has been able to make it a paying proposition. A pioneering $7.5 billion carbon capture power plant in Mississippi was razed with dynamite on Oct. 9 after its owners wrote it off as an 11-year-old economic failure. North Dakota hopes to break through that last barrier, for both coal and oil... If Project Tundra can show that stuffing carbon dioxide back into the earth is economically feasible, he said, "it's opening the door for a CO2 economy. It gives the lignite [coal] industry a way to survive." His group has launched a promotional campaign called Drive Electric North Dakota, which sponsors promotional events, conducts public attitude surveys and lobbies for EVs in the state capital...

Clean-air advocates range from dubious to dismissive. The promise of electric vehicles wasn't that they would spur more coal mining — or oil extraction...

And unproven though it may be, critics contend, the publicity surrounding carbon capture has created a false sense of complacency that world-changing solutions are just around the corner.
The Post also reports that "the oil sector, too, is putting its chips on carbon capture... "

Phoronix reports: System76's Pop!_OS Linux distribution already has their own "COSMIC" desktop that is based on GNOME, but moving ahead they are working on their own Rust-written desktop that is not based on GNOME or any existing desktop environment.

Stemming from a Reddit discussion over the possibility of seeing a KDE flavor of Pop!_OS, it was brought up by one of their own engineers they are working on their "own desktop". System76 engineer and Pop!_OS maintainer Michael Murphy "mmstick" commented that System76 will be its own desktop. When further poked about that whether that means a fork from GNOME, the response was "No it is its own thing written in Rust."

Word of System76 making their "own" desktop not based on GNOME does follow some recent friction between Pop!_OS and GNOME developers over their approach to theming and customizations.
Or, as Murphy wrote (in response to a later comment): What are you expecting us to do? We have a desktop environment that is a collection of GNOME Shell extensions which break every GNOME Shell release. Either we move towards maintaining tens of thousands of lines of monkey patches, or we do it the right way and make the next step a fully fledged desktop environment equal to GNOME Shell.
In other comments Murphy clarified that essentially the gist of it would be an independent/distro-agnostic desktop environment, and that they'd be "using tooling that already exists (mutter, kwin, wlroots), but implementing the surrounding shell in Rust from scratch..." And he added later that "We already do our best to follow freedesktop specifications with our software. So there's no reason to think we'd do otherwise."

One of the most interesting exchanges happened when one long-time Reddit user questioned the need for another desktop. That user had posted, "Linux is great, choices are great, but our biggest problem is that in the pursuit of choices for the sake of choices we have a ton of projects that are 95% of the way to prime time readiness, but none that are fully there, because instead of fixing problems, everyone decides they just want to start over."

Murphy responded: "You have it backwards. Choice is the best part about open source. None of us would be here today if people weren't brave enough to take the next step with a new solution to an existing problem..."

ZDNet reports: JavaScript is now used by more than 16.4 million developers globally, says a survey of more than 19,000 coders — making it the world's most popular programming language "by a wide margin".

SlashData's 21st State of the Developer Nation Report examined global software developer trends across 160 countries during Q3 2021, covering programming languages, tools, APIs, apps and technology segments, as well as attitudes of developers themselves... While not necessarily a surprise in itself — JavaScript has, after all, been the world's most-used language for a number of years now — SlashData found that upwards of 2.5 million developers had joined the JavaScript community in the past six months alone. That's the same as the entire user base of Swift; or, the combined communities of Rust and Ruby.

The data for JavaScript also included language derivatives TypeScript and CoffeeScript.

Python might not be a close second, but its popularity is impressive nonetheless: according to SlashData, the language is now used by some 11.3 million coders, primarily within data science and machine learning, and IoT applications. The brainchild of Guido van Rossum, Python's popularity has exploded in recent years, overtaking that of Java, which is currently used by 9.6m developers. Java remains a go-to for mobile and desktop apps, SlashData's survey found. According to SlashData, Python added 2.3m developers to its community in the past 12 months. "That's a 25% growth rate, one of the highest across all the large programming language communities of more than 7M users," the report noted.

"The rise of data science and machine learning (ML) is a clear factor in Python's popularity. More than 70% of ML developers and data scientists report using Python. For perspective, only 17% use R, the other language often associated with data science."
The survey concluded these are, in order, the 10 most popular programming languages:

1. JavaScript
2. Python
3. Java
4. C/C++ [Yes, it lumps them together]
5. PHP
6. C#
7. "Visual development tools"
8. Kotlin
9. Swift
10. Go

The report also found that Rust, although coming in at #14, grew faster than any other language in the past 24 months, "nearly tripling in size from just 0.4M developers in Q3 2019 to 1.1M."

"Intel is gearing up to go to a war with Nvidia," writes Slashdot reader labloke11. "They have their OneAPI and their GPU. It will be interesting... For me, I like competition." Phoronix reports: While Intel Alder Lake is dominating today's news cycle, Intel and Microsoft also announced today that they have brought oneAPI Level Zero and Intel OpenCL support to Windows Subsystem for Linux (WSL2) while employing Intel graphics hardware acceleration. Similar to NVIDIA bringing CUDA and their accelerated GPU support to WSL2 as well as similar efforts by AMD on the Radeon side, Intel and Microsoft are now having Intel graphics compute working within the Linux confines on Windows 11 or Windows 10 21'H2. Hardware-accelerated oneAPI Level Zero, OpenVINO, and OpenCL on Intel graphics hardware can now be enjoyed within the WSL2 environment when using the latest updates and drivers. Like with the rest of the WSL2 stack and capabilities from other GPU vendors, this is at a near-native level of performance. More information can be found via the Microsoft Command Line blog and Intel blog.

Phoronix ran some fun performance tests this week. "Now that Windows 11 has been out as stable and the initial round of updates coming out, I've been running fresh Windows 11 vs. Linux benchmarks for seeing how Microsoft's latest operating system release compares to the fresh batch of Linux distributions." First up is the fresh look at the Windows 11 vs. Linux performance on an Intel Core i9 11900K Rocket Lake system... The Windows 11 performance was being compared to all of the latest prominent Linux distributions, including:

- Ubuntu 20.04.3 LTS
- Ubuntu 21.10
- Arch Linux (latest rolling)
- Fedora Workstation 35
- Clear Linux 35150

[...] Each operating system was cleanly installed and then run at its OS default settings for seeing how the out-of-the-box OS performance compares for these five Linux distributions to Microsoft Windows 11 Pro...

The geometric mean for all 44 tests showed Linux clearly in front of Windows 11 for this current-generation Intel platform. Ubuntu / Arch / Fedora were about 11% faster overall than Windows 11 Pro on this system. Meanwhile, Clear Linux was about 18% faster than Windows 11 and enjoyed about 5% better performance overall than the other Linux distributions.
Out of 44 tests, here's a breakdown of how many first-place wins were scored by each OS:

• Clear Linux: 33 (75%)
• Fedora Workstation 35: 4 (9.1%)
• Windows 11 Pro: 3 (6.8%)
• Ubuntu 20.04.3 LTS: 2 (4.5%)
• Arch Linux: 1 (2.3%)
• Ubuntu 21.10: 1 (2.3%)

Phoronix: Now that Windows 11 has been out as stable and the initial round of updates coming out, I've been running fresh Windows 11 vs. Linux benchmarks for seeing how Microsoft's latest operating system release compares to the fresh batch of Linux distributions. First up is the fresh look at the Windows 11 vs. Linux performance on an Intel Core i9 11900K Rocket Lake system. Microsoft Windows 11 Pro with all stable updates as of 18 October was used for this round of benchmarking on Intel Rocket Lake. The Windows 11 performance was being compared to all of the latest prominent Linux distributions, including: Ubuntu 20.04.3 LTS, Ubuntu 21.10, Arch Linux (latest rolling), Fedora Workstation 35, Clear Linux 35150. All the testing was done on the same Intel Core i9 11900K test system at stock speeds (any frequency differences reported in the system table come down to how the information is exposed by the OS, i.e. base or turbo reporting) with 2 x 16GB DDR4-3200 memory, 2TB Corsair Force MP600 NVMe solid-state drive, and an AMD Radeon VII graphics card.

Each operating system was cleanly installed and then run at its OS default settings for seeing how the out-of-the-box OS performance compares for these five Linux distributions to Microsoft Windows 11 Pro. But for the TLDR version... Out of 44 tests run across all six operating systems, Windows 11 had just three wins on this Core i9 11900K system. Meanwhile Intel's own Clear Linux platform easily dominated with coming in first place 75% of the time followed by Fedora Workstation 35 in second place with first place finishes 9% of the time. The geometric mean for all 44 tests showed Linux clearly in front of Windows 11 for this current-generation Intel platform. Ubuntu / Arch / Fedora were about 11% faster overall than Windows 11 Pro on this system. Meanwhile, Clear Linux was about 18% faster than Windows 11 and enjoyed about 5% better performance overall than the other Linux distributions.

Despite a world economy that slowed significantly because of COVID-19, the accumulation of greenhouse gases in the atmosphere reached a new record last year, putting the goal of slowing the rise of global temperatures "way off track," according to the World Meteorological Organization (WMO). NPR reports: The United Nations body said Monday that carbon dioxide had risen by more than the 10-year average in 2020 to 413.2 parts per million, despite a slight decrease in emissions due to the coronavirus pandemic. Methane and nitrous oxide, two other potent greenhouse gases, also showed increases, the WMO said in the latest issue of its Greenhouse Gas Bulletin. "At the current rate of increase in greenhouse gas concentrations, we will see a temperature increase by the end of this century far in excess of the Paris Agreement targets of 1.5 to 2 C above preindustrial levels," WMO Secretary-General Petteri Taalas said. "We are way off track," he said.

Taalas said the last time the Earth had a comparable level of carbon dioxide in the atmosphere was 3 million to 5 million years ago, when the average global temperature was 2 to 3 Celsius hotter and the sea level was 10 to 20 meters (32 to 65 feet) higher than today. The WMO says that only half of human-emitted carbon dioxide is absorbed by oceans and land ecosystems. The other half remains in the atmosphere, and the overall amount in the air is sensitive to climate and land-use changes. Because carbon emissions increased in the last decade, even though there was a decrease last year due to reduced economic activity, atmospheric levels continued to increase progressively from the accumulation.

"Bringing VS Code to the browser is the realization of the original vision for the product," Microsoft said in a blog post. "It is also the start of a completely new one. An ephemeral editor that is available to anyone with a browser and an internet connection is the foundation for a future where we can truly edit anything from anywhere."

Or, as Mike Melanson describes it in his "This Week in Programming" column, "Microsoft continued its march toward developer dominance this week with the launch of Visual Studio Code for the Web, a lightweight version of the company's highly popular (mostly) open source code editor..." Now, before you go getting too excited, VS Code for the Web isn't really a fully-functional version of VS Code running in the browser, as it has no backend to back it up, which means its primary purpose is for client-side HTML, JavaScript, and CSS applications... VS Code for the Web is able to provide syntax colorization, text-based completions and other such features for popular languages such as C/C++, C#, Java, PHP, Rust, and Go, while TypeScript, JavaScript, and Python are "all powered by language services that run natively in the browser" and therefore provide a "better" experience, while those aforementioned Web languages, such as JSON, HTML, CSS, and LESS, will provide the best experience. Extensions, meanwhile — which are among the top reasons for using VS Code — generally work for user interface customizations (and can be synced with your other environments), but, again, not so much for those back-end features.

Caveats aside, VS Code for the Web does, indeed, offer a lightweight, available-anywhere code editor for things like your tablet, your Chromebook, and heck, even your XBOX...

While companies like Amazon and Google seem to be sitting idly by in this arena, Microsoft is not the only company focused on providing remote developer experiences. The Eclipse Foundation, for example, last year offered what it said was "a true open source alternative to Visual Studio Code" with Eclipse Theia, and Eclipse Foundation executive director Mike Milinkovich said he expects this to be just the beginning. "We have been saying for years that the future of developer tools is the browser. Developers already use their browsers for the vast majority of their day-to-day tasks, with code editing being amongst the last to move," Milinkovich wrote in an email. "Microsoft's recent vscode.dev announcement is a recognition of this trend. I expect that every serious cloud vendor will be following suit over the next few quarters."

GitPod, meanwhile, has been hard at work in this very same arena, with its own launch just last month of the open source OpenVSCode Server, which also lets developers run upstream Visual Studio Code in the browser.
Gitpod co-founder Johannes Landgraf calls it "yet another validation that we reached a tipping point of how and where we develop software" — but also more. "Think orchestration and provisioning of compute, operating system, language servers and all other tools you require for professional software development in the cloud."

Melanson's column also argues VS Code for the Web is meant to entice geeks further into the Microsoft development universe. "The next thing you know, you've spent $100 on other things...like GitHub Codespaces, which is, after all, pretty much the same exact thing, except it provides all those back-end services and, more importantly for Microsoft, is not free to use. And more important still, once you've got all those developers fully hooked on VS Code, Codespaces, GitHub, and the rest of it, Azure isn't too far down the line now, is it?"

Mike Bouma (Slashdot reader #85,252) writes: A-EON Technology Ltd has released Enhancer Software Release 2.1 for AmigaOS4.1 FE update 2, which itself was released on 23 December 2020. It's an OS enhancement package with large amounts of updated and upgraded OS components.

Also earlier this year Hyperion released AmigaOS 3.2 for all classic Amigas. Here's a roundup of new features by The Guru Meditation on YouTube.

Long-time Slashdot reader ArchieBunker writes: Everyone's favorite security focused operating system OpenBSD released version 7.0 Thursday. In addition to the usual bug fixes and performance enhancements, support for RISC-V processors has been added.
It's 26 years old, and still chugging along. One interesting feature highlighted by Phoronix: Improving the ARM64 platform support with improved drivers for the Apple Silicon / Apple M1 but still not considered ready yet for end-users. OpenBSD 7.0 improvements on the Apple M1 include support for installing on a disk with a GPT and various Apple driver improvements for USB, GPIO, SPMI, NVMe storage, and other Apple M1 hardware components.
Also check out the 7.0 Song: "The Style Hymn" (part of an archive of all the OpenBSD release songs).

An anonymous reader quotes a report from Motherboard: Texas' energy grid has problems. Those issues were laid bare this past winter when a storm put the state in a deep freeze, causing blackouts for millions and killing hundreds of people. Sen. Ted Cruz told a cryptocurrency conference in Austin last week that he believes the state's Bitcoin mining boom could repair its floundering energy grid. In a fireside chat at the Texas Blockchain Summit on Oct. 8, the Republican senator expressed his faith that the mass buildout of crypto mines in the Lone Star State could add additional energy capacity to the state's grid in the event of blackouts or power shortages. "Because of the ability to Bitcoin mining to turn on or off instantaneously, if you have a moment where you have a power shortage or a power crisis, whether it's a freeze or some other natural disaster where power generation capacity goes down, that creates the capacity to instantaneously shift that energy to put it back on the grid," Cruz told conference attendees.

Bitcoin mines, which typically consist of rooms full of specialized computers that churn numbers all day in search of the answer to a puzzle that creates the next block on the blockchain, are notorious for their energy use. Bitcoin mining is well-known to use more energy than many countries and corporations, and it's designed to become more difficult (and thus use more energy) as more miners plug into the network in search of profits as the price of Bitcoin increases. But in the event that the grid is being overburdened, these mines are essentially industrial energy consumers that can shut down instantaneously, freeing up additional grid space for the heating and cooling of homes, hospitals, and other critical infrastructure. Already, some miners in Texas are making a killing by shutting down during such times and selling their contracted power supply back to the grid. Texas is the perfect candidate for this setup, Cruz said, and Bitcoin mining could play "a significant role [in] strengthening and hardening the resilience of the grid." Tim De Chant from Ars Technica says the numbers and potential incentives that Sen. Ted Cruz touts "just don't add up." Here's why he thinks Cruz is wrong: First, large bitcoin-mining operations use hundreds or thousands of powerful computers, which create a demand for power. If power plants can profitably mine bitcoin using the electricity they generate -- and there are examples of that already -- it stands to reason that bitcoin mining could create enough demand that investors would be enticed to build new power plants. Those plants could theoretically be tasked with providing power to the grid in cases of emergency. At first glance, the argument holds up. But if you dig into it, even just a bit, things quickly fall apart.

For one, the blackouts during Texas' February cold snap happened because power companies failed to winterize their generators, whether they were natural gas, coal, nuclear, or wind. Lives were at stake, and yet the companies didn't prepare for the worst. Unlike power plants that serve the grid, bitcoin mining isn't critical infrastructure -- no one dies if a crypto data center shuts down. Plus, bitcoin miners are in the game first and foremost for the money, and they would be loath to spend extra cash to winterize their operations. But let's say the power stays on but demand surges. In that case, bitcoin miners would be unlikely to offer their generating capacity to the grid unless they were sufficiently compensated. Texas already has a system like that in place, offering generators a premium for bringing additional power online during shortages. During the February cold snap, wholesale electricity prices surged to $9,000 per MWh, the maximum allowed by law, leading to electricity bills as high as $10,000 for some people.

One bitcoin currently sells for $57,000, and to crunch the numbers to win that one bitcoin, mining rigs draw just under 0.285 MWh, based on Digiconomist estimates. In other words, for bitcoin miners to be willing to contribute to the grid, wholesale electricity prices would have to hit $206,000 per MWh, or nearly 23 times greater than prices during the February cold snap. Those $10,000 bills would turn into $230,000 bills. [...] At today's prices, the power plants that Ted Cruz is imagining would cost over $50 billion to build. At that price, there are probably more effective ways to stabilize Texas' grid.

Following a brief beta-testing period, Ubuntu 21.10 has finally become available to download in the "final" stable form. BetaNews: Code-named "Impish Indri," this version of Ubuntu is not a Long Term Support (LTS) version, so it is only supported for nine months. Ubuntu 21.10 features Linux kernel 5.13 and a Snap variant of the Mozilla Firefox browser. "Ubuntu 21.10 brings the all-new PHP 8 and GCC 11 including full support for static analysis, greatly improving everyday developer security awareness in low-level programming. With Gnome 40 desktop users gain dynamic workspaces and touchpad gestures. The new Firefox snap, published by Mozilla, improves security and guarantees access to both the latest and the extended support release versions of the browser. The exact same versions of the browser are available on multiple different versions of Ubuntu, simplifying enterprise developer platform management," says Canonical.

Security Week reports: A previously unknown, modular malware family that targets Linux systems has been used in targeted attacks to collect credentials and gain access to victim systems, ESET reported on Thursday. Dubbed FontOnLake, the malware family employs a rootkit to conceal its presence and uses different command and control servers for each sample, which shows how careful its operators are to maintain a low profile.

What's more, the malware developers are constantly modifying the FontOnLake modules, and use three categories of components that have been designed to work together, namely trojanized applications, backdoors, and rootkits.

Evidence suggests that FontOnLake has been used in attacks aimed at organizations in Southeast Asia. The first malware samples related to this family emerged last May. The malware was previously described by Avast and Lacework as the HCRootkit / Sutersu Linux rootkit, as well as by Tencent Security Response Center in a February report.

The various trojanized applications that ESET's researchers have identified during their investigation are used to load custom backdoor or rootkit modules, but also to collect sensitive data when needed. Posing as standard Linux utilities, these files were also designed to achieve persistence on the compromised systems. What the researchers haven't figured out yet is the manner in which the trojanized applications are delivered to the victims. ESET's analysis of FontOnLake has revealed the use of three different backdoors, all written in C++, all using the same Asio library from Boost, and all capable of exfiltrating sshd credentials and bash command history.

The simplest of the three was designed to launch and mediate access to a local SSH server, update itself, and transmit collected credentials. The malware appears to be under development.
The second backdoor was also capable of file manipulation, updating itself, and uploading and downloading files, according to the article, while the third backdoor "accepts remote connections, serves as a proxy and can download and run Python scripts, in addition to exfiltrating credentials."

ZDNet reports that Python "is now the most popular language, according to one popularity ranking."

"For the first time in more than 20 years we have a new leader of the pack..." the TIOBE Index announced this month. "The long-standing hegemony of Java and C is over."

When Slashdot reached out to Guido van Rossum for a comment, he replied "I honestly don't know what the appropriate response is...! I am honored, and I want to thank the entire Python community for making Python so successful."

ZDNet reports: [I]t seems that Python is winning these days, in part because of the rise of data science and its ecosystem of machine-learning software libraries like NumPy, Pandas, Google's TensorFlow, and Facebook's PyTorch. Python is also an easy-to-learn language that has found a niche in high-end hardware, although less so mobile devices and the web — an issue that Python creator Guido van Rossum hopes to address through performance upgrades he's working on at Microsoft.

Tiobe, a Dutch software quality assurance company, has been tracking the popularity of programming languages for the past 20 years. Its rankings are based on search terms related to programming and is one measure of languages that developers should consider learning, along with IEEE Spectrum's list and a ranking produced by developer analyst RedMonk. JavaScript, the default for front-end web development, is always at the top of RedMonk's list. For Tiobe, its enterprise focus, has seen Java and C dominate in recent years, but Python has been snapping at the heels of Java, and has now overtaken it...

Python's move to top spot on the Tiobe index was a result of other languages falling in searches rather than Python rising. With an 11.27% share of searches, it was flat, while second place language C fell 5.79% percentage points compared to October last year down to 11.16%. Java made way for Python with a 2.11 percentage point drop to 10.46%.

Other languages that made the top 10 in Tiobe's October 2021 index: C++, C#, Visual Basic, JavaScript,. SQL, PHP, and Assemblyy Language. Also rising on a year-on-year basis and in the top 20 were Google-designed Go, number-crunching favorite MATLAB, and Fortran.
"Python, which started as a simple scripting language, as an alternative to Perl, has become mature," TIOBE says in announcing its new rankings.

"Its ease of learning, its huge amount of libraries, and its widespread use in all kinds of domains, has made it the most popular programming language of today. Congratulations Guido van Rossum!"

An anonymous reader shares a report: Outsiders have long profited from Africa's riches of gold, diamonds, and even people. Digital resources have proven no different. Millions of internet addresses assigned to Africa have been waylaid, some fraudulently, including through insider machinations linked to a former top employee of the nonprofit that assigns the continent's addresses. Instead of serving Africa's internet development, many have benefited spammers and scammers, while others satiate Chinese appetites for pornography and gambling. New leadership at the nonprofit, AFRINIC, is working to reclaim the lost addresses. But a legal challenge by a deep-pocketed Chinese businessman is threatening the body's very existence. The businessman is Lu Heng, a Hong Kong-based arbitrage specialist. Under contested circumstances, he obtained 6.2 million African addresses from 2013 to 2016. That's about 5% of the continent's total -- more than Kenya has.

The internet service providers and others to whom AFRINIC assigns IP address blocks aren't purchasing them. They pay membership fees to cover administrative costs that are intentionally kept low. That left lots of room, though, for graft. When AFRINIC revoked Lu's addresses, now worth about $150 million, he fought back. His lawyers in late July persuaded a judge in Mauritius, where AFRICNIC is based, to freeze its bank accounts. His company also filed a $80 million defamation claim against AFRINIC and its new CEO. It's a shock to the global networking community, which has long considered the internet as technological scaffolding for advancing society. Some worry it could undermine the entire numerical address system that makes the internet work.

An anonymous reader quotes a report from The Associated Press: Much of the world is unprepared for the floods, hurricanes and droughts expected to worsen with climate change and urgently needs better warning systems to avert water-related disasters, according to a report by the United Nations' weather agency. Global water management is "fragmented and inadequate," the report published Tuesday found, with nearly 60% of 101 countries surveyed needing improved forecasting systems that can help prevent devastation from severe weather. As populations grow, the number of people with inadequate access to water is also expected to rise to more than 5 billion by 2050, up from 3.6 billion in 2018, the report said.

Among the actions recommended by the report were better warning systems for flood- and drought-prone areas that can identify, for example, when a river is expected to swell. Better financing and coordination among countries on water management is also needed, according to the report by the U.N.'s World Meteorological Organization, development agencies and other groups. The report found that since 2000, flood-related disasters globally rose 134% compared with the previous two decades. Most flood-related deaths and economic losses were in Asia, where extreme rainfall caused massive flooding in China, India, Indonesia, Japan, Nepal and Pakistan in the past year. The frequency of drought-related disasters rose 29% over the same period. African countries recorded the most-drought related deaths. The steepest economic losses from drought were in North America, Asia and the Caribbean, the report said. Globally, the report found 25% of all cities are already experiencing regular water shortages. Over the past two decades, it said the planet's combined supplies of surface water, ground water and water found in soil, snow and ice have declined by 0.4 inches (1 centimeter) per year. Despite some progress in recent years, the report found 107 countries would not meet goals to sustainably manage water supplies and access by 2030 at current rates.

Thomas Claburn writes via The Register: Microsoft Exchange clients like Outlook have been supplying unprotected user credentials if you ask in a particular way since at least 2016. Though aware of this, Microsoft's advice continues to be that customers should communicate only with servers they trust. On August 10, 2016, Marco van Beek, managing director at UK-based IT consultancy Supporting Role, emailed the Microsoft Security Response Center to disclose an Autodiscover exploit that worked with multiple email clients, including Microsoft Outlook. "Basically, I have discovered that it is extremely easy to get access to Exchange (and therefore Active Directory) user passwords in plain text," he wrote. "It doesn't necessarily require any breach of corporate security, and at its most secure, is only as secure as file level access to the corporate website." His proof-of-concept exploit code, which affected Outlook (both Mac and PC), default email apps for Android and iOS, Apple Mail for Mac OS X, and others, consisted of 11 lines of PHP, though he insisted the exploit probably could have been reduced to three lines.

Microsoft acknowledged on August 11, 2016, that it had reproduced the issue in van Beek's report. Then on August 30, 2016, the Windows titan responded to van Beek by saying the report doesn't describe a genuine vulnerability: "Our security engineers and product team have reviewed this report and determined that it is not a security issue to be serviced as part of our monthly Patch Tuesday process. 'Never accept an SSL certificate without a matching host name' is already recommended for clients in the doc cited by your report: [link]. Before you send a request to a candidate, make sure it is trustworthy. Remember that you're sending the user's credentials, so it's important to make sure that you're only sharing them with a server you can trust. At a minimum, you should verify: That the endpoint is an HTTPS endpoint. Client applications should not authenticate or send data to a non-SSL endpoint. That the SSL certificate presented by the server is valid and from a trusted authority."

"This response casually forgets to consider that a hacked web server still retains a perfectly valid certificate -- it just happens to use that trusted tunnel to serve up problems," said van Beek. "Also, I have only found one Exchange client so far which actually checks the hostname against the certificate, which is Microsoft's own test tool." Van Beek said he thought it was incredible that Microsoft confirmed the behavior he reported within hours but does not consider it to be a problem. He suggested three mitigations: changing the order of operations so that DNS gets checked first; never accepting an SSL certificate without a matching host name; and reviewing why and when clients respond to authentication requests. When asked if the company plans to take any steps to address credential exposure and whether it believes its guidance adequately addresses the problem, a Microsoft spokesperson said: "We are continuing to investigate the specific scenario shared by the researcher."

Phoronix reports: Google's Android had been notorious for all of its downstream patches carried by the mobile operating system as well as various vendor/device kernel trees while in recent years more of that code has been upstreamed. Google has also been shifting to the Android Generic Kernel Image (GKI) as the basis for all their product kernels to further reduce the fragmentation. Looking ahead, Google is now talking of an "upstream first" approach for pushing new kernel features into mainline Linux before deploying them on Android. Google's Todd Kjos talked today during Linux Plumbers Conference (LPC2021) around their Generic Kernel Image initiative. With Android 12 and their Linux 5.10 based GKI image they have further cut down the fragmentation to the extent that it's "nearly eliminated."

With the Android 12 GKI, most of the vendor/OEM kernel features have now either been upstreamed into the Linux kernel, isolated to vendor modules/hooks, or merged into the Android Common Kernel. They are making good progress on the GKI front and also ensuring vendors adapt to the new approach to cut down on the kernel mess. But perhaps most exciting is their outlook for 2023 to 2024 for further reducing technical debt. They are going to pursue an "upstream first development model for new features" in making sure new code first lands into the mainline Linux kernel rather than aiming straight for lodging within the Android source tree.

"According to one measure, Python is potentially on the verge of becoming the most popular computer programming language," reports ZDNet, joining C and Java as the only other two languages to attain the #1 spot.

Of course, it depends on who's making the list... Python has been snapping at the heels of Java and C for the past few years on the 20-year-old Tiobe index and recently knocked Java off the second spot to rival C. Tiobe, a software testing company, bases its rankings on searches for programming languages on popular websites and search engines.

The Tiobe index is updated monthly, and it doesn't align with other language popularity rankings. For example, the electrical engineering magazine IEEE Spectrum has ranked Python as the most popular language since at least 2020, followed by Java, C, and JavaScript, while developer analyst RedMonk has JavaScript in top place, followed by Python and Java, and places C at tenth...

"Python has never been so close to the number 1 position of the TIOBE index," writes Paul Jansen, chief of Tiobe software. "It only needs to bridge 0.16% to surpass C. This might happen any time now..."

Python is hugely popular because of machine learning, but it has no place in mobile app development or web applications or development on mobile devices. It's also slow. Python's creator, Guido van Rossum, who works at Microsoft, recently conceded Python consumes too much memory and energy from hardware. He's working to improve Python's performance and reckons double is feasible...

Tiobe's top 10 programming languages in September 2021 were C, Python, Java, C++, C#, Visual Basic, JavaScript, Assembly language, PHP, and SQL. The top 20 languages also included Classic Visual Basic, Groovy, Ruby, Go, Swift, MATLAB, Fortran, R, Perl, and Delphi. Fortran's re-emergence as a top 20 language is notable. Just in July 2020, Tiobe ranked it as the 50th most popular language. But earlier this year, Fortran shot up to the 20th spot in Tiobe's index.
Paul Jansen, chief of Tiobe software, also called out some other interesting moves in this month's calculation. "Assembly gained 1 position from #9 to #8, Ruby gained 2 positions from #15 to #13, and Go went up even 4 positions from #18 to #14."