Python is one of the fastest-growing programming languages in the world. According to Slashdata, there are 8.2 million active python users in the world. It is mostly used by Software Engineers but also by Mathematicians, Data Analysts, and students for various purposes like automation, artificial intelligence, big data analysis, and for investment schemes by the fintech companies. However, regardless of what computer language you use, the language is never secure on its own. It entirely depends on how you use the language. The same applies when it comes to Python, which is why Python Security is highly essential.

But, before we go there, lets talk about what Python is.

Unlike other programming languages, Python is a general-purpose coding language. You can use it for other types of programming and software development, aside from web development. It is highly readable as it uses English keywords when other programming languages use punctuation. It also has fewer syntactical construction than the other language.

Python is an open-source programming language. Even the source codes for python are freely available to download and distribute for commercial use.

With features like faster execution, readability, and code clarity provides a seamless experience.

The source code in python syntax as a whole is interpreted line by line at one go.

Rich in libraries and frameworks, it supports web development, data science, and machine learning, therefore increasing the programmers productivity.

Python is more than 30 years old and has a more matured community of developers and users as compared to any programming language

It has powerful control capabilities as it can invoke directly through C, C++, or Java. Python also processes XML and other markup languages with the same byte code.

Python is a top-notch programming language for aspirants with a technical and non-technical background. They can immediately start coding as it is like learning how to read and write.

Python developers have the highest paid salaries in the IT industry. The average Python Developer salary in the United States is approximately $79,395 per year. Python can be effective in a myriad of areas, a few of which are:

Due to Pythons competence, its used in the areas mentioned above and in web-scraping applications, audio and video applications, cad applications, embedded applications, testing frameworks, and automating tasks.

While Python is extremely helpful and widely used, it is not 100% secure from cyber threats like any scripting language. In fact, one of the most common is Python backdoor attacks. For example, Iran used a MechaFlounder Python backdoor attack against Turkey last year.

Here are some of the most common Python-based risks:

Some of the more popular injection attacks are SQL injection attacks and command injection attacks. These types of attacks can impact not just the language but the environment as a whole.

Its normal for files to load and parse XML files if you are in the habit of using an XML standard library module, especially external XML files. Most of these attacks are DoS and DDoS styled attacks that aim to crash the system instead of infiltrating it.

Testing a file is always good; however, beware of creating temp files using the mltemp() function as a different process may also create a file with this name to attempt to load the wrong data or expose other temporary data.

It has become important to secure your network and data with the increase in data breaches regularly.

Here are some ways you can ensure Python security:

However, if you are looking for a more detailed approach to Python security, take a look at EC-Councils Microdegree program.

The EC-Councils Python Security Microdegree program teaches you Python programming, such as data structures, string operations, OOPS concepts, file interaction, and database management. It also covers advanced programming like parallel processing, decorators, and generating cross-platform programs. This course will also teach you about cybersecurity applications like socket programming, packet capturing, parsing, and integrating other languages for Python cryptography, metadata analysis, and password cracking.

The benefit of this Microdegree program is that world-class industry experts will teach you in a self-paced, video-based training that comes with an option to perform hands-on live exercises via our Cyber Range, iLabs with 55+ hands-on virtual labs and assessment to help you establish as a secure programmer

Learn more about EC-Councils CodeRed Microdegree programs

FAQs

1. Where is Python mostly used?

Python is popular and widely used in various industry sectors like insurance, finance and fintech companies, healthcare, entertainment, startups, and many more. Python is extensively being used in Data Science and Machine Learning domain. It is highly being considered one of the most demanded career paths.

2. What can you do with Python code?

Due to the simplicity of the language, it can be used in any scenario. As Python is a scripting language for web applications, it can be used in automating tasks boring things, thus making them more efficient. One can learn to create games according to their preference. You can also learn to build stunning things like fingerprint identification scanner, predicting stocks, and spam detection. You can also learn to build futuristic robots.

Read this article:

3 of the Most Common Python Security Vulnerabilities | EC-Council CodeRed Blog - EC-Council Blog

Wakefield, MA, Oct. 14, 2020 (GLOBE NEWSWIRE) -- The Apache Software Foundation (ASF), the all-volunteer developers, stewards, and incubators of more than 350 Open Source projects and initiatives, announced today the twenty-year anniversary of OpenOffice, the last eight of which as an Apache Top-Level Project.

"It's inspiring to see so many dedicated people from around the world volunteer their time to mentor, contribute code, test issues, moderate mailing lists, help on forums, translations, marketing and more to keep making this great product better and available for millions of users," said Carl Marcum, Vice President of Apache OpenOffice. "OpenOffice is more than just software. It's a great community that I'm glad to be a part of."

With more than 300 million downloads, Apache OpenOffice is used by countless individuals, organizations, and institutions around the world who are seeking a reliable, robust, and freely-available Open Source office document productivity suite. Apache OpenOffice features the following applications for Windows, macOS and Linux:

Apache OpenOffice supports more than 120 languages, 41 of which are officially maintained and released by the Project. Apache OpenOffice is the productivity suite of choice for governments seeking to meet mandates for using ISO/IEC standard Open Document Format (ODF) files.

Originally created as "StarOffice" in 1985 by StarDivision, who was acquired by Sun Microsystems in 1999. The project was open-sourced under the name "OpenOffice.org", and continued development after Oracle Corporation acquired Sun Microsystems in 2010. OpenOffice entered the Apache Incubator in 2011 and graduated as an Apache Top-level Project in October 2012.

"At Apache OpenOffice, we are very excited about 20 years of OpenOffice," said Marcus Lange, ASF Member and Apache OpenOffice Committer since the project first arrived at the ASF. "Countless users, developers and friends have made it possible that we can today celebrate this incredible anniversary. Their commitment makes me believe that we will see many more years of this great Open Source productivity suite."

"The need and, in fact, the demand, for a permissively licensed Open Source office suite, available to the masses and not just the privileged few fortunate enough to have the latest hardware and software, has never been greater within the last two decades," said Jim Jagielski, ASF co-Founder and Apache OpenOffice incubating mentor. "Apache OpenOffice exists to provide essential functionality, with as few licensing restrictions as possible, to the world at large. It is truly a noble mission, and I am honored to be a small part of it."

"As a long-term user, I joined the project in 2016 to give something back," said Matthias Seidel, Committer and member of the Apache OpenOffice Project Management Committee. "After a steep learning curve, I am proud to be part of the community that provides this great software for the public good and benefits millions worldwide."

Apache OpenOffice is available as a free download to all users at 100% no cost, charge, or fees of any kind. OpenOffice source code is readily available for anyone who wishes to enhance the applications. The Project welcomes contributions back to the project, its code, and its community. Those interested in participating with Apache OpenOffice can find out more at https://openoffice.apache.org/get-involved.html .

Availability and OversightAs with all Apache projects, OpenOffice software is released under the Apache License v2.0 and is overseen by a self-selected team of active contributors to the project. A Project Management Committee (PMC) guides the Project's day-to-day operations, including community development and product releases. For project data, documentation, and more information on Apache OpenOffice, visit https://openoffice.apache.org/ and https://twitter.com/ApacheOO .

12 releases have been made under the auspices of the ASF. The project strongly recommends that users download OpenOffice only from the official site https://www.openoffice.org/download/ to ensure that they receive the original software in the correct and most recent version.

About The Apache Software Foundation (ASF)Established in 1999, The Apache Software Foundation (ASF) is the worlds largest Open Source foundation, stewarding 227M+ lines of code and providing more than $20B+ worth of software to the public at 100% no cost. The ASFs all-volunteer community grew from 21 original founders overseeing the Apache HTTP Server to 813 individual Members and 206 Project Management Committees who successfully lead 350+ Apache projects and initiatives in collaboration with 7,900+ Committers through the ASF's meritocratic process known as "The Apache Way". Apache software is integral to nearly every end user computing device, from laptops to tablets to mobile devices across enterprises and mission-critical applications. Apache projects power most of the Internet, manage exabytes of data, execute teraflops of operations, and store billions of objects in virtually every industry. The commercially-friendly and permissive Apache License v2 is an Open Source industry standard, helping launch billion dollar corporations and benefiting countless users worldwide. The ASF is a US 501(c)(3) not-for-profit charitable organization funded by individual donations and corporate sponsors including Aetna, Alibaba Cloud Computing, Amazon Web Services, Anonymous, Baidu, Bloomberg, Budget Direct, Capital One, Cerner, Cloudera, Comcast, Facebook, Google, Handshake, Huawei, IBM, Inspur, Pineapple Fund, Red Hat, Target, Tencent, Union Investment, Verizon Media, and Workday. For more information, visit http://apache.org/ and https://twitter.com/TheASF

The Apache Software Foundation. "Apache", "OpenOffice", "OpenOffice.org", "Apache OpenOffice", and "ApacheCon" are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. All other brands and trademarks are the property of their respective owners.

# # #

Go here to see the original:

The Apache Software Foundation Celebrates 20 Years of OpenOffice - GlobeNewswire

The U.S. Department of Justice (DOJ) and 11 state attorneys general filed a long-anticipated antitrust lawsuit in federal court on Tuesday alleging that Google maintains a monopoly in violation of federal law.

Two decades ago, Google became the darling of Silicon Valley as a scrappy startup with an innovative way to search the emerging internet, the complaint filed in the U.S. District Court for the District of Columbia begins. That Google is long gone.

The Google of today is a monopoly gatekeeper for the internet, and one of the wealthiest companies on the planet, with a market value of $1 trillion and annual revenue exceeding $160 billion, the complaint continues. For many years, Google has used anticompetitive tactics to maintain and extend its monopolies in the markets for general search services, search advertising, and general search text advertisingthe cornerstones of its empire.

Filed under the auspices of the Sherman Antitrust Act, Mondays filing is the result of a year-long investigation and will likely take several years to litigateif the incoming administration even decides to maintain the case.

The Barack Obama administration was serially criticized for failure to hold large technology companies accountable for perceived violations of the countrys anti-monopoly laws even though European regulators have exacted several concessions and repeatedly fined companies such as Google over the last decade. This reticence may be explained by the Democratic Partys strong associations with Googlea trend that Obama in particular exacerbated during his time in office.

The lawsuit alleges that Googles vast suite of anticompetitive behavior has separately and collectively harmed competition by stamping out any meaningful competition in the realm of general internet search services, by excluding would-be rivals from effective and already-available distribution channels that would allow them to effectively compete and by impeding other potential distribution paths in general.

Additionally, the lawsuit claims that Googles tactics create a nearly impenetrable wall of barriers to entry for potential competitors on both desktop and mobile devices and that such tactics actually stunt innovation overallwhile insulating Google from having to actually do much in the way innovation or product improvement.

The heart of the DOJs case against the technology giant focuses on Googles exclusionary agreements and distribution agreements that have served the tech behemoth well by making multiple Google products the default access point for internet searches and other services across millions of desktop and mobile devices.

Between its exclusionary contracts and owned-and-operated properties, Google effectively owns or controls search distribution channels accounting for roughly 80 percent of the general search queries in the United States, the complaint notes. Largely as a result of Googles exclusionary agreements and anticompetitive conduct, Google in recent years has accounted for nearly 90 percent of all general-search-engine queries in the United States, and almost 95 percent of queries on mobile devices.

The lawsuit mentions several such agreementsspotlighting Googles partnerships with Apple and Android device manufacturers.

Google has contracted with Apple for many years to preset Googles search engine as the default for Apples Safari browser and, more recently, other search access points on Apples mobile devices, the complaint notes. When a consumer takes a new iPhone or iPad out of its box, all the significant access points default to Google as their general search provider. Indeed, Google has preset default status for an overwhelming share of the search access points on mobile devices sold in the United States.

Per the DOJ, Apples business relationship with Google is essentially an anticompetitive version of the quid pro quo [emphasis in original]:

Apple has not developed and does not offer its own general search engine. Under the current agreement between Apple and Google, which has a multi-year term, Apple must make Googles search engine the default for Safari, and use Google for Siri and Spotlight in response to general search queries. In exchange for this privileged access to Apples massive consumer base, Google pays Apple billions of dollars in advertising revenue each year, with public estimates ranging around $812 billion. The revenues Google shares with Apple make up approximately 1520 percent of Apples worldwide net income.

Although it is possible to change the search default on Safari from Google to a competing general search engine, few people do, making Google the de facto exclusive general search engine. That is why Google pays Apple billions on a yearly basis for default status. Indeed, Googles documents recognize that Safari default is a significant revenue channel and that losing the deal would fundamentally harm Googles bottom line. Thus, Google views the prospect of losing default status on Apple devices as a Code Red scenario. In short, Google pays Apple billions to be the default search provider, in part, because Google knows the agreement increases the companys valuable scale; this simultaneously denies that scale to rivals.

A similar situation has developed with Google and the companies that create Android-based mobile devices.

The lawsuit notes that Google uses preinstallation agreements which force manufacturers to pair devices running the Android operating system with Googles own cash-generating products to ensure that its entire suite of search-related products is given premium placement.

Other contracts, such as those focused on revenue sharing, force manufacturers into doing the samebut also expressly foreclose against manufacturers featuring apps developed by Googles competitors. Still other contracts inhibit startups from actually doing much with Androids technically open source code because they threaten would-be developers with losing access to Googles entire network if the company deems them guilty of so-called fragmentation.

All of this, the DOJ and the states claim, are the makings of a monopolistic monster.

Absent Googles exclusionary agreements and other conduct, dynamic competition for general search services would lead to higher quality search, increased consumer choice, and a more beneficial user experience, the filing alleges.

But theres likely an awful lot more in the offing.

[T]he complaint centers on Googles contracts with device manufacturers running Android and the way those contracts preference Google to lock in its dominance in Internet search and mobile search, antitrust law expert and University of Michigan Law Professor Daniel A. Crane told Law&Crime in an email.

Its a bit of a surprise that the complaint is so focused on anticompetitive vertical agreements as opposed to other things that many critics accuse Google ofsuch as the design of its search verticals and the way it sells advertising, Crane continued. But those additional claims may well come out in further complaints to be filed shortly. So consider this just the tip of the iceberg.

Read the full complaint below:

US v Google Complaint by Law&Crime on Scribd

[image via ALASTAIR PIKE/AFP/Getty Images]

Have a tip we should know? [emailprotected]

See the original post here:

Just the Tip of the Iceberg: DOJs Antitrust Suit Against Google Is a Full-Frontal Attack on Big Tech - Law & Crime

Septentrio, a leader in high-precision GNSS* positioning solutions, announces today two importantopen sourceresources for itsGPS/GNSS modulereceivers. The first,ROSaic,isa ROS (Robot Operating System) driverforthemosaic-X5 module as well as other Septentrio GNSS receivers.The second project,mosaicHAT, is an open source hardware reference design combining mosaic-X5 with a Raspberry Pi single-board computer. Both projects facilitateintegrationofcentimeter-levelreliable positioning intorobotic and other machine automation applications.

ROSaicdriveroperates onROS,a widely used programming environment within the industry as well as academics,commonly usedforintegrating robot technologyanddeveloping advanced robotics and autonomous systems. ROS allows data from numerous sensors to be combined allowing highlevelsofautonomy.

ThemosaicHATproject facilitates accurate and reliable GNSS positioning for robotics and automation on a hardware level. Numerous engineers today use Raspberry Pi for prototyping and initial integrations. ThemosaicHATboard is an easy way for integrators to get started with Septentrios mosaic-X5 GNSS module. By pluggingmosaicHATinto a compatible Raspberry Pi, users have access to high-accuracy positioning with a high update rate, ideal for machine navigation and control. The small 5665 mm board exposes basic interfaces such as USB, serial, and general-purposecommunication pins. The reference design, footprint and documentation are available for easy board printing or further customization.

We are excitedaboutboth theROSaic driver and themosaicHATbeing part of theGitHub community and we highly appreciate the initial authors work as well as the future contributors. Both projects are available as open source, thus empowering the community to easily fit autonomous or robotic systems with highly accurate and reliable GNSS positioning technology, notes Gustavo Lopez, Market Access Manager at Septentrio.

The ROSaic driver is available on theROS wiki pageand on theSeptentrio GitHub repositorywhile themosaicHATcan be found on the followingGitHub repository. Formore information on Septentrios industry-leading GNSS receivers, please visitwww.septentrio.com.

ROS [and/or the nine dots ROS logo and/or any other ROS trademark used] is a trademark of Open Robotics.Raspberry Pi is a trademark of the Raspberry Pi organization.

*Global Navigation Satellite Systemincludingthe American GPS, European Galileo, Russian GLONASS, Chinese BeiDou, Japans QZSS and IndiasNavIC. These satellite constellations broadcast positioning information to receivers which use it to calculate their absolute position.

About Septentrio:

Septentriodesigns and manufacturesmulti-frequencymulti-constellationGPS/GNSS positioning technology for demanding applications. Reliable centimeter-level positioning enables machineautomationimprovingefficiency andsafety. Septentrio provides positioning solutions forindustrial applicationssuch as robotics, construction, survey and mapping,maritime, logistics and unmanned aerial vehicles (UAVs).

Septentrio has its headquarters in Leuven, Belgium and has a world-wide presence with offices in Los Angeles, Shanghai, Seouland Yokohama as well as numerous partners around the world.

To learn more about Septentrio and itsproducts, visitseptentrio.com.

Read the original:
Septentrio announces open-source software and hardware for autonomous applications with GNSS - UASweekly.com

C# has been instrumental in setting technical benchmarks for the developer landscape since its creation in 2000. Lead designer Mads Torgersen shares the secrets of its success with TechRepublic.

Mads Torgersen, lead designer for C# at Microsoft.

Image: Microsoft

Two decades after its creation, C# continues to be one of the most popular and widely used programming languages in the world. Favored by millions for its versatility and easy-to-read syntax, the programming language has quickly become a go-to for web and mobile apps, game development, business applications and more.

While it shares a close heritage with Java originally being designed as a rival to the programming language developed at Sun Microsystems (now Oracle) in 1996 C# has evolved largely along its own path since its beginnings in 2001, not least thanks to extensive support from Microsoft.

SEE: The best programming languages to learn in 2020 (TechRepubic)

Much of C#'s popularity lies its tendency to embrace new features quickly. Mads Torgersen, Microsoft program manager and lead designer for C#, says it is this forward-thinking design that has allowed the programming language to accrue such a large userbase over the course of its 20-year history.

"Leaning strongly into innovation has always been one of the things that distinguishes C#," Torgersen tells TechRepublic.

"I think it strikes a fairly pragmatic balance where the things we do focus on scenarios that real programmers find themselves in. We're very keen on the innovation being driven by usefulness, not so much beauty. At the same time, we try really hard to keep the language coherent, and having a unified field to it."

Torgersen has been the lead orchestrator of C#'s design for the past 15 years. Torgersen, who spent four years as an associate professor at Denmark's Aarhus University before leaving academia for industry in 2005, now leads a team at Microsoft whose roles are to coordinate the future direction of C#.

Unlike Torgersen, most of those on the C# design team are involved in building and implementing the programming language, and tend to be working in adjacent fields at Microsoft. Meanwhile, it's Torgersen's job to actually run the C# language design process, and maintain the language's specification.

"We get together quite frequently, roughly twice a week for two hours, to make the decisions and drive the creative work around how we should do things in the next version of C#," he explains.

"I'm sort of the orchestrator of that, and one of the people that does a lot of the groundwork around bringing in ideas and working out details for that project."

While it's always had its center of gravity at Microsoft, C# is an open-source programming language and as such follows an open-source design process. While this is primarily driven by Microsoft, ideas regularly come down the pipeline from the C# community.

"We do have a GitHub site dedicated to the design of C# and another one that's dedicated to the implementation," says Torgersen.

"On the design site, we have a lot of interaction with folks who are not day to day involved [with C#] but who often are C# users, and they contribute ideas for discussion. Some of the features that come into C# come through that channel."

With ideas coming in from some many angles, then, how does Torgersen and his team filter out what's important?

"That's a challenge, because a lot comes in," he admits. "It's a big programming language in terms of usage there are millions of C# developers and so there is quite a lot of input."

SEE:Top 5 programming languages for systems admins to learn (free PDF)(TechRepublic)

This is where good old-fashioned democracy comes in handy. To aid the process, Torgersen and his fellow C# designers have adopted a championing mechanism, whereby each member of the team will assess the ideas that come in via GitHub and advocate for any they feel worth bringing to the table.

Decisions are not only based on the amount of interest each idea receives, but whether it fits the language's planned evolutionary path and the uptake of similar ideas in other languages, Torgersen explains.

"It's a very debate-oriented approach," he says.

"Having a design team like that is really the key to managing this kind of process and making the right decisions. You need to have lots of perspectives in the room at all the time, but also a process for them not just talking in all directions.

"We circle around a lot to make sure we've covered all the bases, but we also have a way to reach agreement and say, 'OK this is what we're doing'. It's a balance of having a lot of input and doing a lot of things, but having a strong stewardship of how it all comes together, so that what comes out feels like it's been designed holistically."

While C# may not hold the number one spot in terms of popularity (this honor goes to C or JavaScript, depending on which index you look at), it is credited for introducing significant technical changes to the developer landscape with the shift to asynchronous programming in the mid-2000s, which was largely spearheaded by core design changes made by Torgersen and his team at Microsoft.

Having programming language support for asynchronous programming suddenly went from being a fringe desire to being a key aspect for many developers, setting a new standard for the industry and causing several other major programming languages including JavaScript to subsequently pick up the model.

"That was a big turning point, because it helped us with addressing one of these big changes in the developer landscape, which was the turn to cloud and mobile," says Torgersen.

"All of a sudden, there was much more need for programs to communicate across different devices, whether it was up to a server in the cloud, or whether it was between mobile devices and servers, and so on. We solved that very successfully and the industry picked up since then on our approach to it. That's something I'm very proud of."

Of course, a lot has happened in the 15 years since Torgersen took over the helm of C# from creator, Anders Hejlsberg. More recently, the rise of no-code, low-code platforms particularly amid the COVID-19 pandemic has started to level the playing field by allowing people with little to no coding ability to build functional apps.

SEE:Linux commands for user management(TechRepublic Premium)

Given the current global shortage of developers, these platforms are straightforward enough to allow even non-programmers to develop fully functional business workflow applications that can be integrated into businesses' wider IT infrastructure.

"I know a lot of programmers kind of view that with a bit of scorn, and we also realize that it can only take you so far, but at the same time I really appreciate that it gets more people into being creative with computers," says Torgersen.

"It makes it less of a sort of esoteric or secretive or cabal-like thing, the whole coding thing becomes less mysterious, and more accessible."

Torgersen is also optimistic that low-code, no-code platforms and traditional programming can coexist peacefully, though he acknowledges that there's a challenge "as to what happens on the boundary".

"That has always been the challenge of low-code approaches, even before we called them that, which is that the low-code, no-code setup just inherently introduces at least, with the technologies we have today some limitations on what you can do," he says.

"That has always been an uneasy kind of terrain in the past, to the point where I think it has contributed to the failure of some no-code approaches that didn't have a growth story for when things needed to get a little smarter. That's a challenge that we need to keep trying to address."

Like all modern programming languages, C# continues to evolve. With C# 9.0 on course to arrive in November, the next update will focus on supporting "terse and immutable" (i.e. unchangeable) representation of data shapes.

"C# 9.0 is trying to take some next steps for C# in making it easier to deal with data that comes over the wire, and to express the right semantics for data, if you will, that comes out of what we call an object-oriented paradigm originally," says Torgersen.

C# 9.0 takes the next step in that direction with a feature called Records, says Torgersen. These are a reference type that allow a whole object to be immutable and instead make it act like a value.

"We've found ourselves, for a long time now, borrowing ideas from functional programming to supplement the object-oriented programming in a way that really helps with, for instance, cloud-oriented programming, and helps with data manipulation," Torgersen explains.

"Records is a key feature of C# 9.0 that will help with that."

Beyond C# 9.0 is where things get more theoretical, though. Torgersen insists that there's no concrete 'endgame' for the programming language or at least, not until it finally reaches some as-yet unknown expiration date.

"Which will happen one day!" he adds. "I think some interesting things, that it's time to look at again, have to do with software composition making it easier to combine different pieces of software after the fact.

"There's a degree of adaptation that most programming languages are good at, but aren't good enough, and I want to lead a charge to have more powerful features for adaptation so that you can bring existing software components better into play with each other."

Can we expect this in C# 10? "That's sort of a long-term project that we're also working on, even as we're doing more short-term useful features," says Torgersen.

"This would be universal. This would help anyone who does software development, but in particular when you're bringing several frameworks together and trying to make them cooperate."

From the hottest programming languages to the jobs with the highest salaries, get the developer news and tips you need to know. Weekly

Read more from the original source:
C# designer Torgersen: Why the programming language is still so popular and where it's going next - TechRepublic

PHOTO:Unsplash

The Drupal Association recently announced a new partnership with Google. With this partnership, both Google and Drupal aim at improving owner success, user experience, and building a more secure web altogether. To do that, Google and Drupal will roll out webinars and case studies to the Drupal Community and will gather feedback on the community's needs.Google will provide the community with collaborative programming tools and the chance to give input on Google tools and initiatives.

A few months after releasing WP 5.5 Eckstine, the open-source CMS followed up with version 5.5.1. This maintenance release features 34 bug fixes, 5 enhancements, and 5 bug fixes for the block editor. The new release corrects the bugs that affected WP 5.5, which means that it's a good idea to update if you're using 5.5.

Nevertheless, keep in mind that WordPress 5.5.1 is a short-cycle maintenance release. If you're looking for a major overhaul, you'll have to wait until 5.6. Check the full list of changes and fixes in the 5.5.1 documentation page.

TYPO3 released versions 10.4.9 and 9.5.22 of its CMS. The good news is that both versions are maintenance releases only and users don't need database upgrades if they wish to upgrade. In these versions, TYPO3 addressed some edge-case bugs and increased the length of the database files in those cases where database upgrades are needed.

Liferay announced the release of Liferay DXP 7.3, the new iteration of its DXP. The latest version extends Liferay's offerings and includes an API Explorer, streamlined content creation, an application builder and a new analytics engine. If you want to have a look at Liferay's new DXP, watch this webinar.

Finally, OpenCms released a new version of its software, OpenCms 11.0.2. This new release is a maintenance version of OpenCms 11. It includes an extended import/export solution, new list types, and some updates to the Docker image as well as the documentation and demo site. Read the release notes on OpenCms' website.

Read the rest here:
Newsbyte: Google and Drupal Partner Up, WordPress Releases Updates and More Open Source News - CMSWire

Key Takeaways

Recently I have encountered research on the correlation between a programming language used in the project and code quality. I was intrigued because the results were contrary to what I would expect. On the one hand the study could be flawed on the other hand many established practices and beliefs in software development are of obscure origin. We adapt them because "everybody" is doing them or they are considered best practices, or they are preached by evangelists (the very name should be a warning sign). Do they really work or are urban legends? What if we look at the hard data? I checked a couple of other papers, in all cases the results held surprises.

Taking into account how important software systems are in our economy it is surprising how scarce are scientific researches on the development process. One of the reasons could be that the software development process is very expensive, usually owned by companies that are not eager to let in researchers, which makes experiments on real projects impractical. Recently public code repositories like GitHub or GitLab change this situation providing easily accessible data. More and more researchers try to dig into the data.

One of the first studies based on data from public repositories - titled A large ecosystem study to understand the effect of programming languages on code quality - was published in 2016. It tried to validate belief - almost ubiquitously taken for granted - that some programming languages produce a higher quality code than others. The researchers were looking for a correlation between a programming language and the number and type of defects. Analysis of bug related commits in 729 GitHub projects developed in 17 languages indeed showed an expected correlation. Notable, languages like TypeScript, Clojure, Haskell, Ruby, and Scala were less error-prone than C, C++, Objective-C, JavaScript, PHP, and Python.

In general functional and statically typed languages were less error-prone than dynamically typed, scripting, or procedural languages. Interestingly defect types correlated stronger with language than the number of defects. In general, the results were not surprising, confirming what the majority of the community believed to be true. The study got popularity and was extensively cited. There is one caveat, the results were statistical and interpreting statistical results one must be careful. Statistical significance does not always entail practical significance and, as the authors rightfully warn, correlation is not causation. The results of the study do not imply (although many readers have interpreted it in such a way) that if you change C to Haskell you will have fewer bugs in the code. Anyway, the paper at least provided data-backed arguments.

But thats not the end of the story. As one of the cornerstones of the scientific method is replication, a team of researchers tried to replicate the study from 2016. The result, after correcting some methodological shortcomings found in the original paper, was published in 2019 in the paper On the Impact of Programming Languages on Code Quality A Reproduction Study.

The replication was far from successful, most of the claims from the original paper were not reproduced. Although some correlations were still statistically significant, they were not significant from a practical point of view. In other words, if we look at the data, it seems that it is of marginal importance which programming language we choose, at least as far as the number of bugs is concerned. Not convinced? Lets look at another paper.

Paper from 2019, Understanding Real-World Concurrency Bugs in Go, focused on concurrency bugs in projects developed in Go, a modern programming language developed by Google. It was especially designed to make concurrent programming easier and less error-prone. Although Go advocates using message passing concurrency as less error-prone it provides mechanisms for both message passing and shared memory synchronization concurrency, hence it is a natural choice if one wants to compare both approaches. The researchers analyzed concurrency bugs found in six popular open source Go projects including Docker, Kubernetes, and gRPC. The results bewildered even the authors:

"Surprisingly, our study shows that it is as easy to make concurrency bugs with message passing as with shared memory, sometimes even more."

Although the studies we have seen so far suggest that advances in programming language have little bearing on code defects, there can be another explanation.

Lets take a look at yet another research - the classical Munich Taxi-cab Experiment conducted in the early 1980s. Although the research is not related to IT but road safety, the researchers encountered similar unintuitive results. In the 1980s German car manufacturers began to install the first ABS (anti-lock braking system) in cars. As ABS makes the car more stable during braking, it is a natural expectation that it improves safety on the road. The researchers wanted to find out how much. They cooperated with a taxi company that planned to install ABS in part of their fleet. 3000 taxi cars were selected and in half of randomly selected cars ABS was installed. The researchers had been observing the cars for 3 years. Afterward, they compared accident rates in the group with ABS and without ABS. The result was at least surprising, there was practically no difference, even the cars with the ABS were slightly more likely to be involved in an accident.

As in the case of the research on bugs rate and concurrency bugs in Go, in theory, there should be a difference, but data shows otherwise. In the ABS experiment, the investigators had collected additional data. Firstly, the cars were equipped in kind of black boxes collecting information like speed and acceleration. Secondly, observers were assigned to the drivers to take notes of their behavior on the road. The picture from the data was clear. With ABS installed in the cars the drivers changed their behavior on the road. Noticing that now they have better control of the car and stopping distance is shorter the drivers started to drive faster and more dangerously, taking sharper turns, tailgating.

The explanation of this phenomenon is based on the concept of target risk from psychology - people behave so that overall risk - called target risk - is on a constant level. When circumstances change people adapt their behavior so that the level of risk is constant. Installing the ABS in the cars lowers the risk of driving, so the drivers, to compensate for this change, begin to drive more aggressively. Similar risk compensation was found in other areas as well. Children take more physical risk when playing sports with protective gears, medicine bottles with childproof lids make parents more careless with medicines, better ripcords on parachutes are pulled later.

Lets come back to the studies on the code quality. What the researchers were analyzing? Commits to the code repository. When the developer commits the code? When he is sure enough that the code quality is acceptable. In other words, when the risk of committed buggy code is at a reasonable level. What happens when the developer switches to a language that is less error-prone? She will quickly notice that she can now write fewer tests, spend less time reviewing the code, and skip some quality checks at the same time maintaining the same risk of committing low quality code. Like in the case of drivers with installed ABS, she adapted her behavior to the new situation, so that the target risk is the same as before. Every developer has an inner standard of code quality and target risk of committing the code below this standard. Note that the target risk and the standard will vary among developers, but the studies suggest that on average they are the same among developers of different languages.

Natural question is what about other established techniques to improve code quality? I looked for papers on two of them: pair programming and code review. Do they work as is commonly preached? Well, yes and no, it turns out that the situation is a bit more complicated. In both cases there are several studies examining the effectiveness of the approach.

Lets look at meta-analysis of experiments on pair programming The effectiveness of pair programming: A meta-analysis. Does it improve code quality? "The analysis shows a small significant positive overall effect of pair programming on quality". Small positive effect sounds a bit disappointing, but thats not the end of the story.

"A more detailed examination of the evidence suggests that pair programming is faster than solo programming when programming task complexity is low and yields code solutions of higher quality when task complexity is high. The higher quality for complex tasks comes at a price of considerably greater effort, while the reduced completion time for the simpler tasks comes at a price of noticeably lower quality."

In the case of the code review the results of the researches were usually more consistent, but main benefits are not as I would expect, in the area of early defects detection. As authors of the study on code review practices at Microsoft - Expectations, Outcomes, and Challenges of Modern Code Review - conclude:

"Our study reveals that while finding defects remains the main motivation for review, reviews are less about defects than expected and instead provide additional benefits such as knowledge transfer, increased team awareness, and creation of alternative solutions to problems."

Natural question is why is there such a discrepancy between results of scientific research and common beliefs in our community? One of the reasons can be the divide between academia and practitioners, so that the results of studies find difficult way to the developers, but thats only half of the story.

In the mid 1980s Fred Brooks published the famous paper "No Silver Bullet Essence and Accident in Software Engineering". In the introduction he compares the software project to a werewolf

"The familiar software project has something of this character (at least as seen by the non-technical manager), usually innocent and straightforward, but capable of becoming a monster of missed schedules, blown budgets, and flawed products. So we hear desperate cries for a silver bullet, something to make software costs drop as rapidly as computer hardware costs do."

He argues that there are no silver bullets in software development due to its very nature. It is inherently complex endeavour. In the 1980s most software ran on a single machine with a single one-core processor, the Internet was in its early infancy, smartphones were in distant future, and nobody heard about virtualization or clouds. Brooks was writing mainly about technical complexity, now we are more aware of the complexity of the social, psychological and business processes involved in the software development.

This complexity has also increased substantially since Brooks publication. Development teams are larger, often distributed and multicultural, the software systems are much closer entangled with business and social tissue. Despite all the progress, software development is still extremely complex, sometimes on the verge of chaos. We must face constantly changing requirements, rising technical complexity, and confusing nonlinear feedback loops created by entangled technical, business, and social forces. The natural wiring of our brains is quite poor at figuring out what is going on in such an environment. It is not surprising the IT community is plagued with hypes, myths, and religious wars. We desperately want to make sense of all the staff, so our brains do what they are really good at - finding patterns.

Sometimes they are too good, and we see channels on the Mars surface, faces in random dots, rules in roulette wheel. Once we start to believe in something we are getting literally addicted to it, each confirmation of our belief gives us a dopamine shot. We start to protect our beliefs, as a result we close ourselves in echo chambers, we choose conferences, books, media that confirms our cherished beliefs. With time the beliefs solidify in a dogma that hardly anyone dares to challenge.

Even with the scientific method that allows us to tackle complexity and our biases in a more rational way it can be very hard to predict the result of an action in complex processes like software development. We change programming language to better and code quality does not change, we introduce pair programming or code review to improve code quality and we experience lower quality, or we get benefits in unexpected areas. But there is also a bright side of the complexity - we can find unexpected leverage points. If we want to improve code quality, instead of looking for technical solutions, like a new programming language or better tools we can focus on improving development culture, raising the quality standards, or making committing the bugs more risky.

Looking from this perspective can shed light on some unobvious opportunities. For example, if a team introduces code reviews it makes the code produced by a developer more visible to other members of the team and hence rises the risk of committing poor quality code. Hence code review should have the effect of raising the quality of committed code, not only by finding bugs or standard violations by the reviewers (what quoted above researches were looking for), but by preventing developers from commiting bugs. In other words, to raise the quality of the code it should be enough to convince the developers that their code is being reviewed even if nobody is doing it.

The moral of the studies is also that technological factors cannot be separated from psychological and cultural ones. As in many other areas, data based researches show that the world does not function in the way we believe. To check how far our belief corresponds with reality we dont have to wait for researchers to conduct long term studies. Some time ago we had an emotional dispute on some topic with many arguments from both sides. After about half an hour someone said - lets check it on the Internet. We sorted out the disagreement in 30 seconds. Scientific thinking and some dose of scepticism are not reserved for scientists, sometimes quick check on the Internet is enough, sometimes we need to collect and analyze data, but in many cases it is not rocket science. But how to introduce more rationality into the software development practices is a broad topic maybe worth another article.

Jacek Sokulski has 20+ years experience in software development. Currently works in DOT Systems as a software architect. His interest spans from distributed systems and software architecture to complex systems, AI, Psychology and Philosophy. He has a PhD in Mathematics and a postgraduate diploma in Psychology.

Continued here:
In the Search of Code Quality - InfoQ.com

Apache Isis has been updated with improvements, including a new programming model for action parameter negotiation, and a simplified command service.

Isis is a framework for rapidly developing domain-driven apps in Java. To use it you write your business logic in entities, domain services or view models, and Isis then builds both a generic user interface and also a rich hypermedia REST API directly from the underlying domain objects. The Isis team says this makes for extremely rapid prototyping and a short feedback cycle, perfect for agile development..

The domain objects are the key part of an Isis app, either as persisted entities or view models. Business rules can be associated directly with domain objects, or can be factored out into separate services.

Isis includes a wide range of open source add-on modules for security, auditing, command profiling, mail merge and other cross-cutting concerns. It also has a number of UI extensions for maps, calendars etc. as well as a catalog of generic subdomains such as documents, communications, notes and tasks.

Over the last year, the Isis developers have restructured the framework, and moved it to run on the Java Spring Boot framework. The latest release includes support for an additional programming model for action parameters. This is designed to allow for more sophisticated management of parameters that interact with each other. It also has a simplified version of the command service and background commands. This includes new extension modules to persist commands (Command Log and Command Replay, to assist regression testing.

The developers have also brought the Kroviz client into the incubator. This is a single-page app that runs within the browser to provide a UI similar to that of the Wicket Viewer, but interacting with the domain application exclusively through the REST API provided by the Restful Objects Viewer.

The release also includes some preliminary work preparing the way for support for JPA (as an alternative to JDO/DataNucleus. This support is expected to be in the next milestone release.

Isis On GitHub

Apache Isis Website

Java Choices Explored

IntelliJ Improves Spring Boot Handling

Javalin 2.0 Released

To be informed about new articles on IProgrammer,sign up for ourweekly newsletter,subscribe to theRSSfeedandfollow us on,Twitter,Facebook orLinkedin.

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info

More:
Apache Isis Updated With New Programming Model - iProgrammer

The tech industry is growing like never before. Every now and then, we see new software products released in the market. So, no matter whether youre a beginner or an experienced Python developer, there are always opportunities waiting for you.

The only requirement is that you have to convince the employer to use your skills and proving yourself during aPython programming interview.

However, youll need to prepare yourself. Otherwise, someone else might get the job. You can either try Python programming challenges or simply revise the frequently asked Python interview questions and answers.

Today, Im gonna share my personal experience of Python interviews with you. Ill list the questions they asked me including their possible solutions. So itll be an ultimate guide for you to get hired as a Python Programmer.

[Read: Here are the 20 JavaScript questions youll be asked in your next interview]

Iris Data Set Details:

Official Website

Download in CSV format

Code:

Output:

Both of these are used to pass a variable number of arguments in a function. We use *args for non-keyword arguments whereas **kwargs is used for keyword-based arguments, for example, key-value pair).

We can pass the module name inside the dir() function to retrieve its functions and properties names.

For example:

Lets say we have a module called m.py with a variable and two user-defined functions.

Here you can see the dir() function also gets all the built-in properties and methods.

In Python, literal is the data/value assigned to a variable or constant. For example, Python has four different types of literals:

The concatenation of tuples refers to the process through which we can join two or more tuples. For example, lets suppose we have two tuples:

Now, we can concatenate them together by using a plus + symbol. Basically, this statement will add the elements of tuple_2 at the end of tuple_1.

Like this:

Lambda is a small function in Python that can only process one expression. But, we can add as many parameters as needed.

Generally, its more suitable to use the lambda function inside of another function. Lets use the lambda function to multiply 14 with a number passed through an argument:

Slicing is a process to retrieve parts of a string, array, list, or tuple. Basically, we pass a start and end index to specify the position of data were interested in. Its important to note the value at the start index is included in the result whereas the value at the end index is excluded.

We can even pass a step value to skip some data. For example, retrieve every other item from an array.

In the below code snippet, the slicing is performed using square brackets []. We passed three arguments and separated them with a colon : symbol. The first parameter specifies the start position of slicing, the second argument is used to mark the end, whereas the last parameter is used to define the step.

All of the three parameters of slicing are optional. If we dont specify the start then Python will assume 0 index as the starting position. Similarly, when we skip the second parameter then the length of array/string/tuple/list will be used. Whereas, by default Python consider 1 as a step.

Python decorator is a feature that is used to enhance the functionality of an existing function or a class. It is preferred when a developer wants to dynamically update the working of a function without actually modifying it.

Lets say we have a function that prints the name of the website developer. But, now the requirement is to display a welcome message to the user and then show the developer name.

We can add this functionality with the help of a decorator function.

Here, you can see that welcome_user() is a decorator whereas dev_name() is the main function that we updated dynamically.

Output:

sort() and sorted() functions implement the Timsort algorithm. It is because this sorting algorithm is very stable and efficient. The value of Big O in its worst case is O(N log N).

By default, Python comes with a built-in debugger known as pdb .

We can start the debugging of any Python file by executing a command something like mentioned below.

In Python, there is a very popular library called pickle . It is used for object serialization. Meaning that it takes a Python object as input and converts it into a byte stream. This whole process of transforming a Python object is known as pickling.

On the other hand, unpickling is its opposite. Here, a byte stream is accepted as input and transformed into an object hierarchy.

List Comprehension is a quick way to create a Python list. Instead of manually entering a value for each index, we can simply fill the list by iterating through our data.

Lets suppose I want to create a list whose each index will contain a letter from my name in sequential order.

No. In Python, there is no such concept of tuple comprehension.

The process to dynamically change a class or module at run-time is known as Monkey Patching.

Did you spot that I actually called func() method but the output I received was from welcome()?

Explanation:

The major confusing point in this code occurs in the last print() statement.

Before printing, we just updated the value of x in the Parent class. It automatically updates the value of Child_2.x but not the Child_1.x. It is because we have already set the value of Child_1.x.

In other words, Python tries to use the properties/methods of child class first. It only searches the parent class if the property/method is not found in the child class.

Lets suppose we have this binary tree. Now, retrieve the ancestors of 65 and display them using Python code.

Practicing for an interview is super important to land your dream job. In this article, weve covered some popular interview questions but theres much more you should know. There are entire sites which can prepare you for your next interview, its a huge subject, so keep learning.

This article was originally published on Live Code Stream by Juan Cruz Martinez (twitter: @bajcmartinez), founder and publisher of Live Code Stream, entrepreneur, developer, author, speaker, and doer of things.

Live Code Stream is also available as a free weekly newsletter. Sign up for updates on everything related to programming, AI, and computer science in general.

Read next: DxOMark debuts a new way to rate phone displays

Read more:
The ultimate guide to getting hired as a Python programmer - TNW

The Raspberry Pi Foundation has unveiled the new Raspberry Pi Compute Module 4, a stripped-down Raspberry Pi 4 Model B, which is available today from $25.

This latest Raspberry Pi module for deeply embedded applications succeedsthe Compute Module 3 and 3+ from 2017 and 2019, respectively.

The previous model, theRaspberry Pi Compute Module 3(CM3), had the same 1.2GHz, quad-core Broadcom BCM2837 processor, VideoCore IV GPU and 1GB memory used on the Pi 3 Model B but packed its components into a slimmer and smaller board. Similarly, the Raspberry Pi Compute Module 4 is based on the Raspberry Pi 4 Model B, but in a smaller form factor.

SEE: Virtual hiring tips for job seekers and recruiters (free PDF) (TechRepublic)

The Compute Module 4 features the same 64-bit 1.5GHz quad-core BCM2711 processor as the Raspberry Pi 4 Model B, and offers key improvements over its compute module predecessors, including faster CPU cores, better multimedia, more interfacing capabilities, a range of RAM densities and a wireless connectivity option.

It's available with 1GB, 2GB, 4GB or 8GB LPDDR4-3200 SDRAM with optional storage of 8GB, 16GB or 32GB eMMC Flash. The wireless option includes 2.4GHz and 5GHz 802.11b/g/n/ac wireless LAN and Bluetooth 5.0. There's also Gigabit Ethernet.

On the video side, there's dual HDMI output, VideoCore VI graphics with OpenGL ES 3.x support, 4Kp60 hardware decode of H.265 (HEVC) video, and 1080p30 hardware encode of H.264 (AVC) video.

Instead of the 40 GPIO pins on the Raspberry Pi 4, the Compute Module 4 features 28 GPIO pins, with up to six UART, six I2C and five SPI connections.

The Compute Module 4 has a different form factor to previous modules, which does break compatibility between them, but it also enables a smaller footprint on the carrier board. The computer measures 55mm 40mm (2.16 x 1.57 inches).

This design is aimed at developers who will be using the board for industrial and commercial applications. According to the foundation, seven million Raspberry Pi units per year go to this market.

"Where previous modules adopted the JEDEC DDR2 SODIMM mechanical standard, with I/O signals on an edge connector, we now bring I/O signals to two high-density perpendicular connectors (one for power and low-speed interfaces, and one for high-speed interfaces),"said Een Upton, CEO of Raspberry Pi Trading.

With the Compute Module 4, there are now 32 variants of the Raspberry Pi that range from the $25 Lite edition with 1GB RAM and no wireless, to $90 for the variant with 8GB RAM, 32GB Flash and wireless.

There's also a new Compute Module 4 IO Board to accompany the Compute Module. It includes two full-size HDMI ports, a Gigabit Ethernet jack, two USB 2.0 ports, a MicroSD card socket only for use with Lite, no-eMMC Compute Module 4 variants PCI Express Gen 2 x1 socket, a HAT footprint with 40-pin GPIO connector and Power over Ethernet (PoE) header, a 12V input via barrel jack that supports up to 26V if PCIe unused, camera and display FPC connectors, and a real-time clock with battery backup.

SEE: Programming languages: Developers reveal what they love and loathe, and what pays best

The IO board costs $35, giving the complete package with a Compute Module a starting price of $60.

There's also a new Compute Module 4 Antenna Kit for those who want more than the on-board PCB antenna. It features a whip antenna, with a bulkhead screw fixture and U.FL connector to attach to the socket on the module.

Here's the Raspberry Pi Foundation's summary of the Raspberry Pi Compute Module 4's specs:

The 55mm 40mm Compute Module 4 has a different form factor to previous modules, which does break compatibility between them, but it also enables a smaller footprint on the carrier board.

Continue reading here:
Raspberry Pi Compute Module 4 is out: $25 with a new form factor and new connectors - ZDNet