IBM, HPE tout new A.I.-oriented servers

IBM and Hewlett Packard Enterprise this week introduced new servers optimized for artificial intelligence, and the two had one thing in common: Nvidia technology.

HPE this week announced Gen10 of its HPE Apollo 6500 platform, running Intel Skylake processors and up to eight Pascal or Volta Nvidia GPUs connected by NVLink, Nvidia’s high-speed interconnect.

A fully loaded V100s server will get you 66 peak double-precision teraflops of performance, which HPE says is three times the performance of the previous generation.

The Apollo 6500 Gen10 platform is aimed at deep-learning workloads and traditional HPC use cases. The NVLink technology is up to 10 times faster than PCI Express Gen 3 interconnects.

For its part, IBM held its OpenPOWER Summit in Las Vegas this past week and announced that more than 325 member companies are working on products and services for A.I.-themed workloads in the enterprise.

The event highlighted more than 50 vendors that have built new OpenPOWER-based products, including Google. Google announced that it is deploying Zaius, a server custom-built by Rackspace and using IBM’s POWER9 RISC processor within its data centers.

This is huge for IBM because it breaks the x86 stranglehold on Google data centers with its RISC-based POWER9 processor. Up to 2013, if you wanted a POWER-based server you had to buy an IBM Power system. IBM created the OpenPOWER consortium to get POWER processors adopted by other vendors. Getting Google is the technical equivalent of the Pope’s blessing for the POWER processor.

IBM launched its first POWER9 chip late last year. It uses Nvidia’s NVLink as a high-speed interconnect in part because the PCI Express Gen3 interface was several years old and just not fast enough. POWER9 systems also use PCI Express Gen4, which doubles performance over Gen3. Overall, IBM claims a tenfold improvement in performance over POWER8 processors.

A number of customers announced their plans to use POWER9 in their data centers, including Uber, PayPal, Tencent, Ali Cloud, and LimeLight, a digital content provider, which specifically cited using POWER9 to get around the PCIe Gen3 performance bottleneck on x86.

https://www.networkworld.com

FITBIT’S VERSA IS ITS BEST SMARTWATCH YET

Fitbit needs a win. For several years, it was the clear leader in wearables, but its transition to smartwatches has been bumpy: the Fitbit Ionic didn’t sell as well as expected, and Apple has now slid back into the top spot in the global wearables market. Fitbit has insisted that more advanced health tracking is coming — stuff that could potentially track sleep apnea or glucose levels — but in the meantime, it just needs something to sell.

That’s where the Fitbit Versa comes in. It’s a simplified, GPS-free, less expensive version of the Ionic watch, one that’s supposed to have mass-market appeal. It also looks nicer than the Ionic, and as I sit here wearing a rose gold Versa with a watermelon pink band, it would be easy to jump to the conclusion that this is the Fitbit smartwatch for women. But Fitbit has avoided explicitly marketing it this way, similar to the way Garmin describes the Fenix 5S as a fitness watch for smaller wrists.

The Versa also has a battery life of four days on one charge, something that must feel like a thumb in Apple’s eye.

The way the Fitbit Versa handles notifications is bad, same as it was on the Ionic. Text message notifications from iOS, in particular, are frustrating. They’re not remotely actionable on the watch, meaning there’s no way to respond to them. (The Versa doesn’t have a speaker or microphone.) Fitbit says that eventually it will roll out quick replies for Android phone users, but that won’t happen until May.

But even if or when shortcut responses for Android roll out, there’s still the way message notifications are displayed on the watch. They roll down from the top, rather than briefly taking priority over the whole screen, and the actual text is tiny. Swiping left on any notification will expand it a bit, but the text size remains the same. Multimedia message notifications don’t display the actual media. I also found there was an annoying lag between when I first felt a notification vibration on my wrist, and when the notification would appear on the display; more times than not, I ended up having to tap the watchface just to see what the alert was.

Phone call notifications were more fluid. I could at least accept and reject phone calls from the watch. The Versa shows calendar notifications, too. But the overall notification experience on the Versa does make you wonder what smartwatches are actually for: are they for health and fitness? Are they supposed to do the things a phone does? Or are they notification devices? The Versa is, perhaps unsurprisingly, more of the former, and not so much the latter.

Another gripe I have about the Versa is that switching watch bands is unnecessarily complicated. Score one for the Apple Watch and any other watch with quick-release straps.

Another nice thing about Fitbits is that they’re easy to use. With the Versa, the watch’s UI has been redesigned a little bit to give wearers even easier access to their daily step count, heart rate data, and exercise logs.

The Versa tracks everything you’d expect a Fitbit to track, with built-in GPS being the main thing that’s missing. It measures steps, stairs climbed, calories burned, sleep, distance traveled throughout the day (relying on accelerometer data), heart rate, resting heart rate, cardio score (an approximation of VO2 max, based on cardio exercise data), and a variety of specific exercises. Right now on the loaner watch I’ve been wearing, I have my seven exercise shortcuts set to Run, Swim, Treadmill, Weights, Yoga, Spinning, and Bike. But there are more you can access in the mobile app.

Some of these metrics, like sleep tracking and heart rate tracking, require a leap of faith on the part of the user, which is to say you can expect a certain margin of error. It’s also difficult to say, as a reviewer, how well these work without comparing the Fitbit data to data that’s been rigorously recorded in testing labs.

https://www.theverge.com

GitHub discovers 4 million vulnerabilities in public code libraries

GitHub has found four million security vulnerabilities in its public code repository, sparking developers to do some serious spring cleaning.

Having conducted a scan for security bugs in its JavaScript and Ruby libraries, back in November, GitHub soon dug up a mass of known vulnerabilities, spread across some 500,000 of its public code libraries.

The company quickly informed the administrators of those libraries and by 1 December 450,000 known security holes had been plugged, either by shutting down vulnerable code or launching secure versions.

And it appears this process of identifying vulnerabilities and flagging them to developers and repository admins is delivering benefits, as GitHub noted that its users are now rapidly fixing security flaws in code that's freely available for anyone to access and use to create the next popular app.

"Since [December 2017], our rate of vulnerabilities resolved in the first seven days of detection has been about 30 percent. Additionally, 15 percent of alerts are dismissed within seven days – that means nearly half of all alerts are responded to within a week. Of the remaining alerts that are unaddressed or unresolved, the majority belong to repositories that have not had a contribution in the last 90 days," said GitHub.

"In other words, for almost all repositories with recent contributions, we see maintainers patching vulnerabilities in fewer than seven days."

Vulnerabilities in open source code that's regularly accessed and integrated into the other software and firmware, can lead to security exploits spreading to all manner of apps, services and devices. So effectively policing and sanitising readily available code is one way to prevent the spread of known security flaws.

And GitHub has plans to further expand its efforts into ensuring its code repositories are better maintained.

"Security alerts are opening the door to new ways we can improve code checking and generation by combining publicly available data with GitHub’s unique data set. And this is just the beginning – we’ve got more ways to help you keep code safer on the way!" it said.

Such efforts should help forge the way to safer public code libraries, though it's always worth proceeding with caution and a focus on security vigilance when using code that's been contributed by an open community.

http://www.itpro.co.uk

Blockchain to ‘radically’ transform anti-fraud, anti-money-laundering efforts

Blockchain could be the answer to increasingly tough anti-money laundering (AML) statutes and enterprise fraud management (EFM) requirements looming for the financial services industry.

In a report released this week by Forrester Research, blockchain's distributed ledger technology – because it is both secure and immutable – is ideal for meeting new government requirements and serving as a trusted repository for identification purposes.

"This makes it a trusted repository for providing device ID, known fraudster, transaction and other blacklists used in AML and EFM," Forrester said in the report. "Updating these repositories will no longer be the privilege of AML and EFM vendors only. In addition to these existing vendors, new identity coin and social identity verification vendors and [financial institutions] themselves will be able to update crucial blacklists."

Governments are also considering using blockchain networks to secure sensitive data, but none as of yet have, according to Martha Bennett, a principal analyst at Forrester Research and co-author of the report.



This year, several new regulations will toughen requirements on financial services to ensure customer privacy and secure online and mobile payments. The new laws include the Revised Payment Service Directive (PSD2) and the General Data Protection Regulation (GDPR). Additionally, the Fifth European Union Anti-Money Laundering Directive (5AMLD), which is currently being negotiated, will likely increase oversight of virtual currencies, prepaid cards, information sharing and enhanced customer due diligence.

Starting in May, GDPR will force European banks to rethink how they store, manage, use and disseminate personally identifiable information, according to the report.

"If they wish to partake in blockchain-based AML and EFM device, whitelist, and transactional data sharing, [financial institutions] must adapt their privacy policies and tools to be able to cope with this requirement," Forrester said.

The research firm expects that privacy regulations and disclosures will have to cover blockchain-stored data assets as well.

"GDPR is one key requirement for handling [personally identifiable information] data securely," Andras Cser, a Forrester principal analyst and co-author of the report, said in via email. "Encryption algorithm standardization and strength testing (FIPS, etc.) are also key steps here."

Fraud and money laundering cost billions
Last year, the cost of retail fraud — everything from fraudulent transactions to fraudulent returns — amounted to 1.9% of revenue, up from 1.47% in 2016. With Forrester's estimate of $3.56 trillion in U.S. retail sales in 2017, fraud will cost U.S. merchants almost $68 billion. On top of that, the cost of detecting and preventing money laundering is steep, as are the fines for businesses that fail to do so.

In 2018, for example, Dutch Rabobank was fined $369 million by authorities for handling illicit funds. And last fall, a data breach at consumer credit reporting agency Equifax, resulted in 143 million records being stolen.

Widespread availability of sensitive consumer information on the darknet and synthetic identity fraud – where criminals use stolen data combined with fake information to create credit and bank accounts – has proven traditional know-your-customer verification and knowledge-based authentication is unreliable.



AML and EFM are harder than ever to enforce and need to rely on the most diverse data possible, Forrester said, adding that "verifying identities before allowing them to transact helps avoid fraud losses in a complex payment ecosystem."

That's where blockchain can be useful.

Because it is an immutable, auditable electronic record, blockchain ensures that transaction records contain artifacts and identifiers of previous transactions. "This allows authorized investigators to backtrack transactions on the blockchain more easily than with current AML and EFM systems," Forrester said.



Blockchain implementations will challenge the monopoly of legacy identity verifiers – credit bureaus such as Equifax, Experian, RELX, and TransUnion, as well as watch list providers such as Dow Jones and World-Check – by providing auditable data for anti-money laundering.

Blockchain implementations for AML and EFM aren't expected to begin surfacing for another year to two in North America and for two to three years in other geographies, according to Cser.

Initially, enterprise blockchain networks will likely co-exist alongside more traditional AML and EFM tools, "at least Initially," Cser said.



"The biggest issue is creating the regulatory, privacy and legal framework for [blockchain's] adoption in EFM and AML," Cser said.

Forrester expects that existing and new data provider vendors, as well as banks and financial institutions, will be able to contribute to distributed and controlled blacklists/whitelists and privacy-controlled transaction repository blockchains.

And, because blockchain is built on open-source software such as Ethereum, MultiChain, OpenChain and other iternations, it is less expensive to acquire a platform, while anyone can also view, audit and fix security flaws in blockchain implementations.

Requirements for enterprise fraud management and anti-money laundering are similar in that it's "all about looking for patterns, identifying known bad players, and performing investigations.

"The main difference is that, while AML has traditionally been batch-based and reactive, EFM in the past five years has largely turned proactive," the Forrester report said. "Using real-time data in EFM is now a standard and critical requirement. EFM will use blockchain in risk-based authentication and account takeover detection as well as in back-end transaction (payment) monitoring."

https://www.computerworld.com

Google Delivers Broad Array of Cloud Platform Security Improvements

Though corporate concerns about cloud security have waned considerably in recent years, it still remains a big reason why enterprise balk at move IT workloads more quickly to cloud environments. 

Google this week introduced as many as 20 new security enhancements to its cloud portfolio in one of the company's most comprehensive efforts yet to address some of those security concerns. 

The updates are designed to give organizations more visibility and control over their security environment in the cloud and include new tools and services for protecting data, for mitigating threats such as denial of service attacks and managing user and administrator actions. 

In a blog March 21, Google's vice president of security and privacy Gerald Eschelbeck described the updates as the latest examples of the company's efforts to make it easier for organizations to build and grow workloads in the cloud. 

"We continue to develop new ways to give our customers the capabilities they need to keep up with today’s ever-evolving security challenges," he said. 

One of the more significant announcements today is a new service—currently in the alpha stage—that Google is calling VPC Service Controls. 

VPC Service Controls gives enterprise security administrators a way to extend perimeter security defenses to the cloud, according to Eschelbeck.  Just like firewalls and anti-malware tools work to protect on-premise systems and data, VPC Service Control can be used to define a perimeter around enterprise assets on Google Cloud services including cloud storage, Bigtable and BigQuery, he said. VPC Service Center gives organizations a way to enable secure communications between resources spanning cloud and on-premise deployments. 

A so-called Access Context Manager feature in VPC Service Controls gives administrators more granular control over user access to cloud resources. For example, with it, administrators can control access based on a user's location end point security status or IP address, Eschelbeck said. 

Another update this week is Cloud Security Command Center, also in alpha status, which is designed to give enterprise administrators more visibility over all of their resources across Google's various cloud infrastructure components such as Compute Engine, Cloud Storage and Cloud Datastore. 

The goal, according to Eschelbeck is to give enterprises a way to get a quick handle on the projects they have running on Google's cloud, the resources they are using, where sensitive data might be located and how security settings are configured. 

The command center lets administrators quickly gauge if their cloud deployment configuration has changed in any way. It helps them identify potential issues such as cloud storage settings that are open to the Internet, sensitive data that may be openly accessible and whether cloud applications are vulnerable to specific threats including cross-site scripting errors, Eschelbeck said. 

Google has also bolstered its Cloud Audit Logging feature with a new Access Transparency feature that gives organizations better visibility into all actions taken by Google's own engineers and support staff when they interact with enterprise workloads in the cloud. 

Such access has traditionally been a huge consideration for organizations planning cloud migrations. According to Eschelbeck, Access Transparency augments the controls that are already available in Cloud Audit Logging for keeping an eye on administrator activity in cloud settings. The new feature restricts the actions that Google's staff can take with enterprise workloads and provides an immutable audit trail of all their activity, Eschelbeck claimed. 

To help organizations mitigate the impact of denial of service attacks, Google has introduced Cloud Armor, a new service based on technologies the company currently uses to protect its own Gmail and YouTube cloud services. Organizations need to do little to activate the new capability, which also protects against attacks such as SQL injection and cross-site scripting, said Jennifer Lin, director of product management with Google's cloud security and privacy team in a separate blog. 

With this week's updates, enterprises using Google's G Suite cloud productivity and communications suite will get new default protections against phishing threats. The new controls include automatic flagging of emails from untrusted senders that contain embedded scripts and encrypted attachments. It also incorporates a control that warns against email attempting to spoof other employees. 

Google claims these protections help ensure that more than 99 percent of the email threats that result in Business Email Compromise are automatically flagged or sent to the spam folder said Suzanne Frey, director of security, trust and privacy at Google cloud in a third blog post describing the new updates.

http://www.eweek.com/

IBM Now Offering Cloud-Based Security for Mainframes

Amid all the talk, videos and live demos at IBM Think 2018 around artificial intelligence, quantum computing and dozens of other cool technologies, the host company also spent some quality time on good, old-fashioned security.

IBM on March 20 unveiled four new cloud services for mainframe-level data protection—solutions already trusted by the world's largest financial institutions and banks—for implementation in the IBM Cloud. These include what IBM claims is the first cloud hardware security module solution built with the industry's highest cryptographic standards (FIPS 140-2 Level 4 certified technology) offered by a public cloud provider.

With these new services, IBM aims to simplify how enterprises can securely bridge to the public cloud by helping to address their needs throughout the journey, from accelerating the migration of existing workloads to the cloud to modernizing and extending existing apps to delivering tools to build next-gen cloud native apps.

Cloud Services with Mainframe-Level Data Protection

According to a recent study from the Ponemon Institute, only 40 percent of all data stored in the cloud is secured with encryption and key management solutions. According to the Breach Level Index, of the nearly 10 billion records breached since 2013, only 4 percent of the stolen data was encrypted and therefore rendered useless to the hackers;Cloud adoption has been increasing at a rapid pace for several years, but security and data concerns still remain barriers to adoption. Check out these facts:

• A second Ponemon Institute survey pointed out that in security of privileged users, 80 percent of threats are internal, and 58 percent of IT operations and security managers believe their organizations are unnecessarily granting access to individuals beyond their roles and responsibilities.

The new IBM Cloud Hyper Protect product line includes four new services that are made possible by bringing IBM Z into IBM’s global public cloud data centers. Through the IBM Cloud catalog, developers can gain easy access to industry-leading security capabilities to modernize their applications in the IBM Cloud. This includes:

• IBM Cloud Hyper Protect Crypto Services are designed to enable developers to infuse security with data encryption and key management capabilities into their modern applications. These new services bring the capability of IBM Z to the IBM Cloud through the same state-of-the-art cryptographic technology relied upon by leading banks and financial institutions. This service supports secure key operations and random number generation via IBM Z cryptographic hardware. This is the industry’s first and only Cloud HSM Solution built with FIPS 140-2 Level 4 certified technology offered by a public cloud provider, and is the same technology that is the backbone of IBM’s Enterprise Blockchain Platform solution.

• IBM Cloud Hyper Protect DBaaS is designed to enable enterprises to protect cloud-native database services, such as MongoDB – EE, with data stores that are security-rich and private. This is ideal for highly regulated industries that are responsible for sensitive personal data (SPI) such as credit card numbers, financial data, social security numbers and more.

• IBM Cloud Hyper Protect Containers are designed to enable enterprises to deploy container-based applications and microservices, supported through the IBM Cloud Container service, that handle sensitive data with a security-rich Service Container Systems environment in IBM Z/LinuxOne platform. This environment is built with IBM LinuxONE Systems that offer extreme security, designed for EAL5+ isolation and Secure Services Containers technology that are designed to prevent privileged access from malicious users and Cloud Admins.

• IBM Cloud Hyper Protect Developer Starter Kits are designed to enable iOS developers to safeguard credentials, services and data using the Hyper Protect cloud services when building enterprise apps on IBM Cloud. This complements the high level of security of Apple devices.

http://www.eweek.com

The programming languages you should learn now

Learning a programming language is not hard. In fact, if you’re experienced, you can learn the basics in under 24 hours. So if you’re in the market for a new lingua franca, such as to bolster your hirability, what you choose next might be influenced by your current language of choice.

Here are the languages I suggest you consider learning if you don’t already know them, based on the languages you already know.

If you know Java, choose from these languages

If you know Java, you’re not one of the cool kids any more. Although it is fair to say that most business software is written in Java, the days of paying a premium for a Java developer are long over. So, if you’re a Java developer what’s your next step? One or more of the following languages.

Scala

Scala is like functional Java—if functional Java’s syntax wasn’t kinda cracked. Functional purists aren’t big fans of Scala, but the trek from Java to Scala is short. Moreover, with AI and machine learning becoming the hot topics of the day and Apache Spark being written in Scala, this is kind of an obvious choice.

JavaScript

If you’re a Java developer, statistically you’re probably older than 35—unless you work for a large outsourcing firm. Your last taste of JavaScript was probably that cruddy Netscape thing that they shoved in the browser to make “DHTML” and slapped the word “Java” on because Java was popular (a shortsighted branding decision!).

But JavaScript has changed, and so has server-side software. You already know Java, so you should learn functional constructs. JavaScript has become a server-side and client-side language and is used nearly anywhere you need a “quick fix” scripting language. It’s a good thing to have in your toolkit.

C

If you never learned C, this classic language is back on the rise. Moreover, even if you don’t use it (to, say, program Arduino devices), it will help you understand how Java works and how to debug the big issues when they go wrong, like concurrency issues and race conditions.

If you know C#, choose from these languages

If you know C# then you’re a ’Softie. But while you were worshipping at the Microsoft house that was built by Gates, the world changed. So you should make yourself more marketable both outside of the Microsoft world and within it by learning one or more of these languages.

JavaScript

Again, this isn’t the JavaScript of old. And it is now used everywhere. JavaScript is also the most accessible and for server-side command-line (CLI) apps, and, no, you don’t have to use that JScript turd that Microsoft plopped out a few years back. There are other, better .Net bindings for JavaScript.

It is also still a good time to try using Node.js or a similar runtime or try to make a pure web app if you’ve been making client apps in C#.

F#

While F# didn’t set the world on fire as predicted, it is still a great way to get totally dirty with functional programming and expose yourself to the data science mindset. If you’re working your way toward AI or machine learning, or if you just want a cleaner way to do complex calculations, then F# is your daddy.

C

You thought Java was going to make this list, didn’t you? No, just like Java developers, C# programmers need to go deeper and understand how the runtime actually works. And that means understanding C. Learn C because it is good for you.

PowerShell or Bash

Clicking around to make things happen is for users. You need to be able to automate all of your mundane tasks. Microsoft’s PowerShell and the Bash terminal available in multiple operating systems are the most widely used tools for such automation.

If you know JavaScript, choose from these languages

You put “full-stack developer” on your résumé, didn’t you? But you haven’t really been fooling anyone because you’re a much better front-end developer than back-end. Frankly, it is time to make good on that “full stack” promise.

R

What, you say? Isn’t R for data scientists and statisticians? Yes, but it is also a relatively simple language that can easily generate visualizations with data. Grab that R Studio and take an online class from Harvard or Microsoft if you’re so inclined. (Hint: the Harvard course is more affordable than Microsoft—go figure!)

SQL

You’re a NoSQL guy or gal, so why SQL? Because it is a fair bet that more people know SQL than any other language. It also isn’t going anywhere, and it is a good way to help you think about data in the right way.

Python

Python isn’t simple to learn, but it is easier to learn enough to do something meaningful than, say, Java or Scala. Moreover, the more obvious choice of Ruby is declining in popularity, so I can’t really recommend it because I’m not sure it will be useful in a few years outside of a cult following.

If you know Ruby, choose from these languages

You went to a code bootcamp. You learned Ruby. You probably now realize that you might have wasted your money. Where do you go from here?

JavaScript

You’ve probably already had a taste of JavaScript on the front end. Go deeper and learn JavaScript. Also consider learning Angular or a similar framework with it. Play with Node.js or a similar back-end runtime.

Python

Python is a popular language with the data crowd but you can still do web apps with it. If you want to make yourself more versatile and marketable (read: make more money), learning Python might just be your jumping-off point. 

R

I have the same advice for you as I had for JavaScript developers: Learn R, a relatively simple language that allows generating visualizations and changes how you think about data.

If you know C or C++, choose from these languages

If you’re programming in C or C++, you’re doing embedded stuff, drivers, or low-level stuff—or you’re just old. The bottom line is you should learn at least one language with managed memory.

D

Learning D will not help you get a job anywhere, and it may be of little practical use. But it is a convenient way to taste managed memory and all of the “new” concepts without leaving familiar tool chains and losing the C library.

JavaScript

Learn the language of the web: JavaScript. Learn it as a back-end language or as a front-end languages, or both, but learn the language of the web. To learn it correctly these days is to learn it somewhat functionally. D is probably a shorter trek at first.

R

Again, this simple language changes how you think about data. R is also almost immediately useful because you can make visualizations. Surely you have some log data to debug somewhere; this will help.

If you know Perl, choose from these languages

So, your neckbeard is long and you’re still convinced the camel was right and right was wrong or some kinda twisted logic. Text processing isn’t the thing it once was and “look, ma, regex is embedded” isn’t impressing anyone the way it once did. So learn one or more of the following languages.

R

I know I’ve said it before, but R is an immediately useful, simple language, and a good step that should be easy for most Perl programmers.

JavaScript

You’ve probably had some exposure to JavaScript, but go deeper and go functional.

C

You’ve used C for decades under the covers in CPAN modules. So, go write your own CPAN module in native C. And watch how its build crashes when trying to install on most platforms unless they are just so. By learning C, you’ll understand those just-sos. C will be a bit of a trek, but you’ve probably debugged the hardest part about it already: the builds.

Languages you should not learn today

If you weren’t there for these revolutions, don’t bother showing up now. Look instead at a language that is not oversaturated with talented developers or that is on the wane.

Java

If you’re not a seasoned Java developer or planning to work for a body shop like Wipro or Infosys, by the time you don’t suck in Java your friends will have run rings around you careerwise in JavaScript as “full-stack developers.”

Ruby

The Ruby language is declining in popularity, with no bulwark to hold it in place, Ruby will soon go the way of Groovy, a weird cult language (I’ll get the most hate mail for denigrating Groovy, I promise) that isn’t even in the top 50 in terms of popularity.

Groovy

Give it up, people. It is over. Go learn Scala or JavaScript. If a Groovy cultist comes to you, tell him or her you’d rather learn Perl and spell it in all caps to annoy the Perl people.

Perl

Perl too is a weird cult in its own right. It’s been declining in popularity for years, but it remains useful for things that are mainly somewhat-solved problems (I mean: I can just grab code to deal with that mangled CSV file, so why am I writing Perl again?).

Languages newbies should start with

If you know no programming languages, start here with the following languages.

HTML, CSS, and JavaScript

If you are front-end-inclined, learn the languages of the web: HTML, CSS, and JavaScript.

R

Because it is a relatively simple language that can immediately help you with charts and visualizations, R is a good thing to know.

C

Everyone should have a basic understanding of how a computer works. For that purpose, C gets you closer to the metal. It is also one of the most popular languages and will help you in the era of the internet of things.

Bash or PowerShell

Understanding shell scripting is understanding life. It will automate so many mundane tasks for you. Bash is widely useful, while PowerShell is core to the Microsoft ecosystem.

https://www.infoworld.com