Everything You Wanted to Know About PYTHON POPULARITY STILL SOARING IN 2022 – FUTURE OF JAVA TECHNOLOGY Will Help You Get There August 2022

Nearly a year after Python first topped Tiobe’s index of programming language popularity, the language continues to score high with developers.

In the just-published August 2022 rankings, Python once again topped the chart as the most popular programming language, gaining two percentage points since last month to register a 15.42% market share, an all time high for the language. Python first took the top spot in the index last October, becoming the only language besides Java and C to hold the No. 1 position.

“Python seems to be unstoppable,” said the Tiobe commentary accompanying the August index. The Tiobe index is based on a formula that assesses the results of searches on the languages in leading search engines such as Google, Yahoo, and Bing and websites such as Wikipedia.

“It is hard to find a field of programming in which Python is not used extensively nowadays. The only exception is (safety-critical) embedded systems because of Python being dynamically typed and too slow,” Tiobe’s commentary noted. C and C++, meanwhile, are being leveraged for embedded systems, said Tiobe, which provides software quality management services.

In other Tiobe index results for August, Rust ranked No. 22, closing in on the top 20, while Carbon, recently unveiled as a potential successor to C++, entered the index at 192.

The top 10 rankings for the Tiobe index for August were:

Python, 15.42% share

C, 14.59%

Java, 12.4%

C++, 10.17%

C#, 5.59%

Visual Basic, 4.99%

JavaScript, 2.33%

Assembly, 2.17%

SQL, 1.7%

PHP, 1.39%

In the alternative Pypl Popularity of Programming Language index, which assesses language popularity based on Google searches of programming language tutorials, the top 10 rankings for August were:

Python, 28.11% share

Java, 17.35%

JavaScript, 9.48%

C#, 7.08%

C/C++, 6.19%

PHP, 5.47%

R, 4.35%

TypeScript, 2.79%

Swift, 2.09%

Objective-C, 2.03%

10 malicious Python packages exposed in latest repository attack

Enlarge / Supply-chain attacks, like the latest PyPi discovery, insert malicious code into seemingly functional software packages used by developers. They're becoming increasingly common.

Researchers have discovered yet another set of malicious packages in PyPi, the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar packages could be subject to malware downloads or theft of user credentials and passwords.

Check Point Research, which reported its findings Monday, wrote that it didn't know how many people had downloaded the 10 packages, but it noted that PyPi has 613,000 active users, and its code is used in more than 390,000 projects. Installing from PyPi through the pip command is a foundational step for starting or setting up many Python projects. PePy, a site that estimates Python project downloads, suggests most of the malicious packages saw hundreds of downloads.

Such supply-chain attacks are becoming increasingly common, especially among open source software repositories that support a wide swath of the world's software. Python's repository is a frequent target, with researchers finding malicious packages in September 2017; June, July, and November 2021; and June of this year. But trick packages have also been found in RubyGems in 2020, NPM in December 2021, and many more open source repositories.

Most notably, a private-source supply-chain attack by Russian hackers through the SolarWinds business software wreaked notable havoc, resulting in the infection of more than 100 companies and at least nine US federal agencies, including the National Nuclear Security Administration, the Internal Revenue Service, the State Department, and the Department of Homeland Security.

The increasingly common discovery of fake, malicious packages is moving repositories to act. Just yesterday, GitHub, owner of the NPM repository for JavaScript packages, opened a request for comments on offering an opt-in system for package developers to sign and verify their packages. Using Sigstore, a collaboration among numerous open source and industry groups, NPM developers can sign off on packages, signaling that the code inside them matches their original repository.

Having a clear indication that the package you're downloading is related to the code you need might have helped people avoid the most recently discovered PyPi bad actors, though perhaps not entirely. "Ascii2text" directly copied almost every aspect of the ASCII art library "art," minus the release details. To perhaps nearly 1,000 downloaders, its descriptive name might have suggested a more defined purpose than "art."

Installing ascii2text triggered the download of a malicious script, which then searched the local storage of Opera, Chrome, and other browsers for tokens, passwords, or cookies, along with certain crypto wallets, and sent them along to a Discord server.

Enlarge / The malicious script inside the misleading asciii2text Python package, as discovered by Check Point Software.

Other packages discovered by Check Point targeted AWS and other credentials and environment variables. Here's the list of reported and since removed PyPi packages:

ascii2text

pyg-utils

pymocks

PyProto2

test-async

free-net-vpn

free-net-vpn2

zlibsrc

browserdiv

WINRPCexploit

Deephaven Streamlines Access to Real-Time Analytics Platform

Getting Deephaven’s real-time analytics system up and running will be easier thanks to a new installation technique using a standard Python library. The open source software also sports a new integration with Jupyter and a new table operation that will streamline aggregation functions.

The technology behind Deephaven Data Labs was originally developed 10 years ago to power analytics on fast-moving ticker data for a hedge fund. After seeing what it could do in finance, in 2017 CEO Pete Goddard decided to take his principal engineers and spin the tech out into its own company that could target a variety of industries.

After first selling the software as a proprietary solution, Deephaven has since pivoted to the open source business model, which has helped attract new users. Considering how quickly Python has grown, it was a natural fit to bring the Deephaven software closer to the open Python environment.

Last month, the Minneapolis-based company released a new Pip-based installation routine for the Deephaven product. According to Goddard, using the popular Pyhon installation routine should make it easier for users to get up and running with the software.

“We’re really focused right now on the intersection of real-time data and Python, so we’ve made a lot of investments to make it easier to launch Deephaven as a Python user,” Goddard said.

While users can still download the Docker images or build the system natively from open source repositories, Goddard expects most users to choose the simplified Pip method instead. A new integration with Juypter is also likely to attract data folks who prefer the simplicity of staying in the comfy confines of the popular data science notebook.

Deephaven lets users run functions against data stored in streaming tables

“We’re really focused on usability,” Goddard said. “We know people like having a nice data IDE. A lot of people like Jupyter notebooks. So we’ve done quite a bit of work to make sure all of our JavaScript widgets for real time tables…and for real time plots work natively in Jupyter.”

Deephaven already offered a browser-based front-end to go along with its data engine, which does the heavy analytical lifting on both batch and streaming data. But Goddard is excited to see what users do once they realize they can crunch real-time data, such as streams of Apache Kafka event data, using his software and the new Juypter front-end.

“We think that’s a big deal because that’s the only solution where we foresee real-time data in Jupyter notebooks,” he told Datanami. “There are a number of people who want to do that, and we’re looking forward to making it easier.”

In July, Deephaven also introduced a new table operation. Called updateBy, the new function will allow “columns to be derived from aggregations over a range of rows within a group,” the company said. That will produce an output table with the same structure and rows as the input table, but for added columns (as in update), the company said.

Goddard is confident that once users grasp the power and simplicity of the Deephaven approach and its table operation API, that they’ll want to use the software for more real time analytics and application use cases–potentially maybe even signing an enterprise software agreement.

A key advantage of Deephaven is the ability to write data processing routines that execute against both static and changing data, Goddard said. The software achieves this via the concept a streaming table. As new data arrives into the table, Deephaven performs a differential compute operation that minimizes the cycles needed to calculate the answer.

“The system is architected to think about changes in data instead of thinking about data itself,” Goddard said. “Instead of a ‘Give me a whole new table all the time,’ it can be ‘Just give me the deltas.’”

Streaming data is finally emerging into the mainstream, as companies look to take advantage of shrinking windows of opportunity to take action on new data. While it’s not as well known, Deephaven is “in the same conversation” with more well-known streaming frameworks, like Spark’s Structured Streaming, Apache Flink, and Kafka Streams, Goddard said.

A proper streaming data system can do things that databases aren’t really designed to do, Goddard said. For starters, the ACID transactions typically associated with a database is just overkill. Also, SQL often doesn’t fit well with the real-time use cases.

“SQL is great. Love it. It’s a great vehicle and tool for interacting with data. But there is evidence that other models also add value,” Goddard said. “From our perspective, our table API, our operations are really very nice to work with because you just write one after the other, linearly. You don’t have to try to organize things for the optimizer.”

Deephaven also lets users bring Python libraries to bear and to tap into user defined functions (UDFs), Goddard said. Users can also get data out of Deephaven using Java, C++, and Go. Hard core developer skills aren’t necessary, although users do need the ability to string operations together.

Everglades python hunt draws hundreds of snake wranglers competing for $24,000 in cash prizes

OCHOPEE, Fla. — Florida has a job for you if you’ve got what it takes to forage through the Everglades and wrestle a 10-foot Burmese python into submission.

The state is at the tail end of its annual python challenge to capture as many pythons as possible to help prevent the invasive species from decimating the critical Everglades ecosystem.

More than 850 people from across the country and Canada registered for this year’s competition and a chance to win $24,000 in cash prizes, including the ultimate grand prize of $10,000 for removing the most pythons in 10 days.

Competitors include dozens of people who work as professional snake-hunting contractors. Those who hunt year-round for the pythons often spend nights searching the vast, undeveloped Everglades and Big Cypress National Preserve for the camouflaged and elusive species.

The snakes, likely introduced as discarded pets, have proliferated so dramatically since the first Everglades sighting more than 40 years ago that they have wiped out nearly all the marsh rabbits, raccoons and other mammals except for rats in the 4-million-acre South Florida habitat.

Beth Koehler and Peggy Van Gorder of St. Petersburg have captured hundreds of pythons — some more than 10 feet long — since they began hunting the snakes as state contractors in 2016. The women are avid campers who love the outdoors and fishing.

By day, they run a dog-grooming business. At night, when the pythons are most active, they drive their Jeep into the Big Cypress National Preserve and the Everglades.

“We get paid minimum wage to drive around, but for each python that we catch, it’s $50 for the first 4 feet and an additional $25 for every additional foot,” Ms. Van Gorder said as Ms. Koehler steered their Jeep, decked out with searchlights and state-issued tracking equipment, through the preserve.

The money barely covers the expense of the gas for the Jeep and the equipment needed to track down snakes, so they are not in it the business for the money.

“Finding a decent-sized snake is like a $100 bill on the grass, but it’s a wash financially. It’s a privilege and an adventure, and I’m grateful to be on the clock doing it, but if somebody thinks that they’re going to sustain a lifestyle doing it — no.”

When they spot a snake, the two women wrestle it into submission, often by holding it on the ground with their bodies until the snake is drained of energy. Ms. Van Gorder said the snake is “all muscle.”

They put the live snake into a canvas bag and carry it home. They measure and weigh the snake and occasionally pinch open its jaws to swab its mouth for viruses. They either humanely euthanize the snake or turn it over alive to the Florida Fish and Wildlife Conservation Commission or one of the biologists at the University of Florida involved in python eradication research. Sometimes they release snakes with tracking devices installed.

If the snake looks like it has eaten something large, they cut it open.

Ms. Van Gorder said one of their captured pythons had consumed an entire adult great blue heron, an indigenous wading bird with a 6-foot wingspan.

The pythons eat just about any wildlife they can capture and are known to consume bobcats, white-tailed deer and even alligators.

Contractors have removed more than 10,000 pythons from the Everglades since the state began employing them in 2017.

Female pythons can lay clutches of 50 or more eggs each year, and nobody knows how many are in the wild.

“We don’t have a great answer for that because pythons are so hard to find,” Sarah Funk, the nonnative fish and wildlife program coordinator for the wildlife commission, told The Washington Times.

“They’re so cryptic, they’re so camouflaged. You could be standing right next to one in the Everglades environment and not even see it, and because of that part of their biology, it makes it very, very challenging for researchers to really nail down exactly how many there are out there.”

The novice participants in the python challenge are instructed to kill the snakes on site to ensure they aren’t released alive elsewhere in the state. The contractors, on the other hand, take them alive to record information to help state wildlife officials and biologists learn more about pythons’ movements, breeding habits and additional information to someday find a way to eradicate them more efficiently.

The COVID-19 pandemic has changed the protocol. The contractors often meet with wildlife officials over Zoom and show them what they have captured.

“Sometimes you euthanize them, do the Zoom meeting and it’s done,” Ms. Van Gorder said. “Other areas, they want us to email a biologist and they have an agreed-upon location where you put the snake in a drop box, and that helps them with either a telemetry program or if they want to do a necropsy.”

Neither Ms. Koehler, 63, nor Ms. Van Gorder, 56, worries much about charging into shallow water to capture a large snake, even though the Everglades and Big Cypress National Preserve are loaded with alligators, whose distinctive croaking is heard at night every few feet.

Both women have been bitten by pythons, which are nonvenomous. Ms. Van Gorder once had to pluck a young alligator’s jaws from her finger while she was trying to capture a swimming python.

They think nothing of letting a heavy python wrap itself around one of their legs. Ms. Van Gorder said that “makes it a lot easier” to lug the snake up the steep and rocky levee embankments where they often search for pythons.

“In order to unwrap it, I just laid down and rolled the opposite way,” Ms. Van Gorder said about one recent encounter.

The snakes constrict and can be difficult to remove.

“It is not optimal to have it wrap around you because it is difficult to get it off, but every once in a while, to get up the levee, it’s going to happen,” Ms. Koehler said.

Neither of them wears gloves or carries a weapon. It’s just bare hands, flashlights and a lot of self-taught knowledge about how to capture a Burmese python.

One of the most important rules, Ms. Koehler said, is to grab the snake by the top third of its body; otherwise, it will escape or bite.

“If you don’t control the top third of the python, you don’t control the python,” Ms. Koehler said.

In the seven years that they have been chasing pythons, only two have managed to slither away.

Days before the start of the contest, Rollins College student Joshua Laquis and a group of friends captured a python nearly 18 feet long after spotting it crossing U.S. 41 near Everglades National Forest. It doesn’t qualify for the cash prize because the contest had not officially started.

The 10-day python challenge began on Aug. 5.

The Florida Fish and Wildlife Conservation Commission said the participants in the challenge last year bagged 223 snakes, including a 15-foot, 9-inch python trapped by Brandon Call, a science teacher who works for the Florida School for the Deaf and Blind. He won a $1,500 prize for capturing the longest snake.

Ms. Funk said the python challenge is just one of many approaches wildlife officials are using to eradicate the pythons from the Everglades because no single method has succeeded.

Some of the other tools are “scout” snakes trapped by contractors. They are fitted with transmitters and released back into the Everglades. Wildlife officials also have started using detector dogs and infrared cameras.

“We don’t have the one control tool that works perfectly,” Ms. Funk said. “Part of that, of course, is awareness and outreach and public support for what managers are doing. That’s where the python challenge comes into play. It’s all about awareness, getting the word out on this really important conservation issue and also simultaneously offering the public an opportunity to get involved in invasive species control in Everglades restoration. So it’s a really cool, unique approach to get so many people involved every year.”

10 Credential Stealing Python Libraries Found on PyPI Repository

In what's yet another instance of malicious packages creeping into public code repositories, 10 modules have been removed from the Python Package Index (PyPI) for their ability to harvest critical data points such as passwords and API tokens.

The packages "install info-stealers that enable attackers to steal developer's private data and personal credentials," Israeli cybersecurity firm Check Point said in a Monday report.

A short summary of the offending packages is below -

Ascii2text, which downloads a nefarious script that gathers passwords stored in web browsers such as Google Chrome, Microsoft Edge, Brave, Opera, and Yandex Browser

Pyg-utils, Pymocks, and PyProto2, which are designed to steal users' AWS credentials

Test-async and Zlibsrc, which download and execute malicious code during installation

Free-net-vpn, Free-net-vpn2, and WINRPCexploit, which steal user credentials and environment variables, and

Browserdiv, which are capable of collecting credentials and other information saved in the web browser's Local Storage folder

The disclosure is the latest in a rapidly ballooning list of recent cases where threat actors have published rogue software on widely used software repositories such as PyPI and Node Package Manager (NPM) with the goal of disrupting the software supply chain.

Malicious NPM Packages Steal Discord Tokens and Bank Card Data

If anything, the elevated risk posed by such incidents heightens the need to review and exercise due diligence prior to downloading third-party and open source software from public repositories.

Just last month, Kaspersky disclosed four libraries, viz small-sm, pern-valids, lifeculer, and proc-title, in the NPM package registry that contained highly obfuscated malicious Python and JavaScript code designed to steal Discord tokens and linked credit card information.

The campaign, dubbed LofyLife, proves how such services have proven to be a lucrative attack vector for adversaries to reach a significant number of downstream users by dressing up malware as seemingly useful libraries.

"Supply chain attacks are designed to exploit trust relationships between an organization and external parties," the researchers said. "These relationships could include partnerships, vendor relationships, or the use of third-party software."

"Cyber threat actors will compromise one organization and then move up the supply chain, taking advantage of these trusted relationships to gain access to other organizations' environments."

The growing misuse of open source software repositories to distribute malware has also prompted GitHub to open a new request for comments (RFC) for an opt-in system that enables package maintainers to sign and verify packages published to NPM in collaboration with Sigstore.

Which is the Best Python Training Institute in Noida

Python is a coding language that is in demand, both from learner and employer perspective. It has a simple syntax and is easy to learn. It is easily readable and is good for prototype building. This generates a lot of interest in learning this language. Since it can be used many different purposes and good coders are available, and it is very widely used and popular frameworks are based in python, employers are happy to hire python full stack developers. There is also good use for data science. So, yes, Python programming is in high demand. Noida, with its various industries offer a lot of opportunities. There is great demand for learning with Python course in Noida at APTRON Noida.

Python promotes less coding for functions. It is easy to learn. It is easy to code. More importantly, it is easy to read and follow another’s code in Python. Additionally, a lot of tools including full stack tools and technologies support python and these are reasons enough for learning Online Python course at APTRON Noida and getting certified with crampete. It also has a good community and is updated periodically.

Python Training in Noida at APTRON Noida are provided by industry experts who are worked in leading MNC companies.

Online Python Training at APTRON Noida is designed to give our students the most practical experience possible. We also provide you with industry insights and industry standards from the computer development and software application development industries. This ensures that our students have the proficiency and confidence to enhance practical, highly qualified use of the Python language through the Python Certification course in Noida.

10 malicious Python packages exposed in latest repository attack

Deephaven Streamlines Access to Real-Time Analytics Platform

Everglades python hunt draws hundreds of snake wranglers competing for $24,000 in cash prizes

10 Credential Stealing Python Libraries Found on PyPI Repository

Top 25 Python Interview Questions

Which is the Best Python Training Institute in Noida