GitHub, the popular developer platform, has laid off virtually its entire engineering team in India as the Microsoft-owned firm cuts its expenses amid weakening global market conditions. From a report: The developer firm has eliminated over 100 jobs in the South Asian market, a person familiar with the matter said. GitHub informed the employees about the job cut on Tuesday.

An anonymous reader shares a report: Back in 2019, Amazon announced Sidewalk, its low-bandwidth, long-range wireless network that uses the 900 MHz spectrum to connect Internet of Things (IoT) devices. It does this by creating a mesh network between Amazon's own Echo and Ring devices and sharing a small part of their owner's bandwidth. Ideally, this means Sidewalk will be able to connect devices that sit beyond the reach of a Bluetooth or Wi-Fi signal. Until now, though, only a select number of developers were able to build applications for the network. But that's changing today. The company is now shipping software and hardware development kits, as well as an easy-to-use test kit to test the available Sidewalk connectivity in your neighborhood.

Using the new test kit, developers will be able to check their local signal strength on a map to get a better sense of whether their devices will be able to connect to the network before they start working on a product. Amazon sent me one of these Ring-branded devices to try. Getting started with it involves little more than powering it up (it does have a battery for mobile usage) and logging into Amazon's web-based Sidewalk coverage service. From there, you can quickly see all of the raw data from the GPS-enabled test kit and get access to Amazon's U.S.-wide coverage map. To ensure user privacy, the coverage maps only show coverage within a 900m-by-900m square area. You will be able to see the exact location of your own device, but not other devices that report into the coverage map.

InfoWorld reports that TypeScript 5.0 is smaller, faster, and simpler: TypeScript 5.0, an update to Microsoft's strongly typed JavaScript variant, is now available as a production release, Microsoft announced March 16. With the upgrade, TypeScript has been rebuilt to use ECMAScript modules. TypeScript 5.0 also modernizes decorators for class customization.

ECMAScript modules reduce package size and boost performance. Decorators, an upcoming ECMAScript feature, allow for customizing classes and their members in a reusable way, Microsoft noted in a March 1 blog post. Decorators can be used on methods, properties, getters, setters, and auto-accessors. Classes can be decorated for subclassing and registration. While TypeScript previously supported experimental decorators, these were modeled on a much older version of the decorators proposal. TypeScript 5.0 will permit decorators to be placed before or after export and export default, a change made since the January 26 beta release of the new version.

Anyone have career advice for this anonymous Slashdot reader? I've had a great career from 1992 to today. I've been a front line coder for most of that, but also a team lead, a supervisor, a project manager, a scrum master, etc. My career has been marked by expediency — I did whatever needed doing at the time, in whatever tools necessary.

However, now I'm 52, and I'm getting tired of leadership and project management, and I would like to return to that front line again. The legacy skills I have are no longer in demand. (They aren't Cobol.) Here's the rub: I am happy to do the work nobody else wants to do. Dead languages, abandoned codebases with little documentation, precariously built systems with rickety infrastructure... I've worked in them before, and I would be fine doing it again.

I'm afraid of nothing, but I don't want to keep climbing the bleeding edge of the technical mountain. I'd be happy to be silently, competently keeping things moving. By 55 I would like to make that move. It's either that or retire, which is an option... but I love the technical work.
They're soliciting suggestions from other Slashdot readers. ("Where to focus? How to prep?") So share your own best advice in the comments.

How can an aging project manager return to coding on unpopular legacy codebases?

Alex Ellis: Earlier this month, Docker sent an email to any Docker Hub user who had created an "organisation", telling them their account will be deleted including all images, if they do not upgrade to a paid team plan. The email contained a link to a tersely written PDF (since, silently edited) which was missing many important details which caused significant anxiety and additional work for open source maintainers. As far as we know, this only affects organisation accounts that are often used by open source communities. There was no change to personal accounts. Free personal accounts have a a 6 month retention period. Why is this a problem?

1. Paid team plans cost 420 USD per year (paid monthly)
2. Many open source projects including ones I maintain have published images to the Docker Hub for years
3. Docker's Open Source program is hostile and out of touch

Why should you listen to me? I was one of the biggest advocates around for Docker, speaking at their events, contributing to their projects and being a loyal member of their voluntary influencer program "Docker Captains". I have written dozens if not hundreds of articles and code samples on Docker as a technology. I'm not one of those people who think that all software and services should be free. I pay for a personal account, not because I publish images there anymore, but because I need to pull images like the base image for Go, or Node.js as part of my daily open source work. When one of our OpenFaaS customers grumbled about paying for Docker Desktop, and wanted to spend several weeks trying to get Podman or Rancher Desktop working, I had to bite my tongue. If you're using a Mac or a Windows machine, it's worth paying for in my opinion. But that is a different matter. Having known Docker's new CTO personally for a very long time, I was surprised how out of touch the communication was. More: Docker: We apologize. We did a terrible job announcing the end of Docker Free Teams..

Microsoft's GitHub unit created one of the first widely deployed programs using OpenAI's language-generation tools -- an app called Copilot that helped software developers write computer code. Now GitHub is adding a chat and voice feature that will let programmers ask how to accomplish certain coding tasks. From a report: The new version announced Wednesday is called Copilot X, which GitHub Chief Executive Officer Thomas Dohmke said he demonstrated to one of his children by asking it how to program a snake game in Python. The chat window can provide explanations of what segments of code are meant to do, create ways to test the code and propose fixes for bugs. Developers can also give instructions or ask questions using their voice.

GitHub first previewed Copilot in 2021 and widely released it last year. The initial product contained a completion tool that suggested snippets of programming code as a software developer typed. It attracted hundreds of thousands of developers by November and its product name had become short-hand for Microsoft's strategy to deploy these kinds of assistive technologies to a wide array of its products, from Office software to security programs. Now that OpenAI's ChatGPT chatbot has made a splash in popular culture, companies are trying to follow Microsoft in embedding the research lab's tools into products and business strategies. At the same time, rivals such as Alphabet's Google are releasing chatbot competitors.

The Reg has seen two recent incidents of Russian developers being blocked from public development of FOSS code. One was a refusal on the Linux kernel mailing list, the other a more general block on Github. In the last week, these events have both caused active, and sometimes heated, discussions in FOSS developer communities. From the report: The GitHub account of developer Alexander Amelkin has been blocked, and his repositories marked as "archived" â" including ipmitool, whose README describes it as "a utility for managing and configuring devices that support the Intelligent Platform Management Interface." Unable to comment on Github itself, Amelkin described what happened on the project's older Soureforge page.

Amelkin works for Russian chipbuilder Yadro, which we described as working on RISC-V chips back in 2021. Microsoft is just obeying US law in this: according to the War and Sanctions database of the Ukrainian National Agency on Corruption Prevention, the NACP, Yadro is a sanctioned company. However, on LinkedIn, Amelkin disputes his employer's involvement. Over on Hacker News, commentators seem to be generally in favor of the move, although the discussion on LWN is more measured, pointing out both that there is little threat from server-management tools like this, but that Microsoft probably has no choice.

Amelkin is not alone. Over on the Linux Kernel Mailing List, a contribution from Sergey Semin has been refused with the terse notice: "We don't feel comfortable accepting patches from or relating to hardware produced by your organization. Please withhold networking contributions until further notice." Semin is a developer at chipmaker Baikal Electronics, a company whose website has been suspended for a year now, as we noted a year ago in a story that also mentions Yadro. We were reporting on Baikal's efforts to develop its own CPUs nearly a decade ago, mere months after the Russian annexation of Crimea. And once again, there is spirited debate over the move on the Orange Site.

Oracle today announced the availability of Java 20, the latest version of the popular programming language and development platform. From a report: The latest version of the 27-year-old language includes thousands of performance, stability and security improvements and features seven enhancement proposals to the Java Development Kit that are aimed at increasing developer productivity and enhancing performance, stability and security. Oracle has coordinated a disciplined rollout of new Java releases on a six-month cadence for the past five years and says it's the top contributor to the open-source project. Java is the world's third most widely used programming language, according to Tiobe Software BV, and is No. 1 in organizational development, according to Oracle. "The innovation pipeline has never been richer," said Chad Arimura, vice president of developer relations at Oracle. "The problem space is changing and developers have higher demands on their programming languages than ever."

Codon is a new "high-performance Python compiler that compiles Python code to native machine code without any runtime overhead," according to its README file on GitHub. Typical speedups over Python are on the order of 10-100x or more, on a single thread. Codon's performance is typically on par with (and sometimes better than) that of C/C++. Unlike Python, Codon supports native multithreading, which can lead to speedups many times higher still.
Its development team includes researchers from MIT's Computer Science and Artificial Intelligence lab, according to this announcement from MIT shared by long-time Slashdot reader Futurepower(R): The compiler lets developers create new domain-specific languages (DSLs) within Python — which is typically orders of magnitude slower than languages like C or C++ — while still getting the performance benefits of those other languages. "We realized that people don't necessarily want to learn a new language, or a new tool, especially those who are nontechnical. So we thought, let's take Python syntax, semantics, and libraries and incorporate them into a new system built from the ground up," says Ariya Shajii SM '18, PhD '21, lead author on a new paper about the team's new system, Codon. "The user simply writes Python like they're used to, without having to worry about data types or performance, which we handle automatically — and the result is that their code runs 10 to 100 times faster than regular Python. Codon is already being used commercially in fields like quantitative finance, bioinformatics, and deep learning."

The team put Codon through some rigorous testing, and it punched above its weight. Specifically, they took roughly 10 commonly used genomics applications written in Python and compiled them using Codon, and achieved five to 10 times speedups over the original hand-optimized implementations.... The Codon platform also has a parallel backend that lets users write Python code that can be explicitly compiled for GPUs or multiple cores, tasks which have traditionally required low-level programming expertise.... Part of the innovation with Codon is that the tool does type checking before running the program. That lets the compiler convert the code to native machine code, which avoids all of the overhead that Python has in dealing with data types at runtime.

"Python is the language of choice for domain experts that are not programming experts. If they write a program that gets popular, and many people start using it and run larger and larger datasets, then the lack of performance of Python becomes a critical barrier to success," says Saman Amarasinghe, MIT professor of electrical engineering and computer science and CSAIL principal investigator. "Instead of needing to rewrite the program using a C-implemented library like NumPy or totally rewrite in a language like C, Codon can use the same Python implementation and give the same performance you'll get by rewriting in C. Thus, I believe Codon is the easiest path forward for successful Python applications that have hit a limit due to lack of performance."

The other piece of the puzzle is the optimizations in the compiler. Working with the genomics plugin, for example, will perform its own set of optimizations that are specific to that computing domain, which involves working with genomic sequences and other biological data, for example. The result is an executable file that runs at the speed of C or C++, or even faster once domain-specific optimizations are applied.

InfoWorld interviews Grady Booch, chief scientist for software engineering at IBM Research (who is also a pioneer in design patterns, agile methods, and one of the creators of UML).

Here's some of the highlights: Q: Let me begin by asking something "of the moment." There has been an almost cultural war between object-oriented programming and functional programming. What is your take on this?

Booch: I had the opportunity to conduct an oral history with John Backus — one of the pioneers of functional programming — in 2006 on behalf of the Computer History Museum. I asked John why functional programming didn't enter the mainstream, and his answer was perfect: "Functional programming makes it easy to do hard things" he said, "but functional programming makes it very difficult to do easy things...."


Q: Would you talk a bit about cryptography and Web3?

Booch: Web3 is a flaming pile of feces orbiting a giant dripping hairball. Cryptocurrencies — ones not backed by the full faith and credit of stable nation states — have only a few meaningful use cases, particularly if you are a corrupt dictator of a nation with a broken economic system, or a fraud and scammer who wants to grow their wealth at the expense of greater fools. I was one of the original signatories of a letter to Congress in 2022 for a very good reason: these technologies are inherently dangerous, they are architecturally flawed, and they introduce an attack surface that threatens economies....


Q: What do you make of transhumanism?

Booch: It's a nice word that has little utility for me other than as something people use to sell books and to write clickbait articles....


Q: Do you think we'll ever see conscious machines? Or, perhaps, something that compels us to accept them as such?

Booch: My experience tells me that the mind is computable. Hence, yes, I have reason to believe that we will see synthetic minds. But not in my lifetime; or yours; or your children; or your children's children. Remember, also, that this will likely happen incrementally, not with a bang, and as such, we will co-evolve with these new species.

Long-time Slashdot reader theodp writes: In Something Pretty Right: A History of Visual Basic, Retool's Ryan Lucas has a nice round-up of how Visual Basic became the world's most dominant programming environment, its sudden fall from grace, and why its influence is still shaping the future of software development.

Visual Basic (or VB) burst onto the scene at a magical, transitional moment, presenting a radically simpler alternative for Windows 3.0 development. Bill Gates' genuine enthusiasm for VB is evident in an accompanying 1991 video in which BillG personally and playfully demonstrates Visual Basic 1.0 at its launch event, as well as in a 1994 video in which Gates thanks Alan Cooper, the "Father of Visual Basic," with the Windows Pioneer Award.

For Gates, VB was love at first sight. "It blew his mind, he had never seen anything like it," recalls Cooper of Gates's reaction to his 1988 demo of a prototype. "At one point he turned to his retinue and asked 'Why can't we do stuff like this?'" Gates even came up with the idea of taking Cooper's visual programming frontend and replacing its small custom internal language with BASIC.

After seeing what Microsoft had done to his baby, Cooper reportedly sat frustrated in the front row at the launch event. But it's hard to argue with success, and Cooper eventually came to appreciate VB's impact. "Had Ruby [Cooper's creation] gone to the market as a shell construction set," Cooper said, "it would have made millions of people happier, but then Visual Basic made hundreds of millions of people happier. I was not right, or rather, I was right enough, had a modicum of rightness. Same for Bill Gates, but the two of us together did something pretty right."

At its peak, Visual Basic had nearly 3.5 million developers worldwide. Many of the innovations that Alan Cooper and Scott Ferguson's teams introduced 30 years ago with VB are nowhere to be found in modern development, fueling a nostalgic fondness for the ease and magic VB delivered that we have yet to rekindle.

TomTom, the Dutch navigation software company most known for its GPS navigation systems, announced that it's support the OpenStreetMap Foundation (OSMF) as a Platinum Member. It's a U-turn for the company, which launched an article in 2012 on what they called the "negative aspects" of open data projects such as OpenStreetMap. From the press release: Last year, the geolocation company explained the instrumental role that OpenStreetMap (OSM) data is playing in its efforts to build the smartest map on the planet via the TomTom Maps Platform. Its latest move further affirms the company's commitment to the global OSM project. TomTom is contributing 20,000 euros to the OSMF as the first corporate OSM member to join the foundation at the Platinum level.

The OSMF is a not-for-profit organization that supports the OSM project in various ways, such as by running the OSM infrastructure and raising funds, as well as communicating with OSM working groups. With this annual contribution to the foundation, TomTom is providing direct financial support to OSM's operations and infrastructure, including hardware, cloud costs and engineering hours.

An anonymous reader quotes a report from Ars Technica: A public pool in the UK is expected to save [about $24,000] and cut carbon emissions by 25.8 tons annually by warming a 25-meter children's pool with waste heat from a data center from startup Deep Green. UK-based Deep Green is a newcomer in the data-center heat game and is making its entrance notable by putting a monetary figure on potential savings, which are fueled by the heat's low, low rate of free. Deep Green's paying customers are machine-learning and AI firms seeking computing resources. As reported by Datacenter Dynamics on Tuesday, clients can leverage Deep Green's 28 kW system with high-performance computing (HPC) capabilities. The HPC cluster at the Exmouth Leisure Centre swimming pool has 12 four-CPU cards and could eventually be used for cloud services and video rendering, Deep Green CEO Mark Bjornsgaard told the publication. According to the BBC , the server is about the size of a washing machine.

The computers are submerged in mineral oil that captures heat that gets transferred into pool water with a heat exchanger. The pool still has a gas boiler to boost the water's temperature if required. Deep Green claims it's transferring about 96 percent of the energy used by its computers and reducing a pool's gas heat usage by 62 percent. Deep Green is paying the Exmouth Leisure Centre for all the electricity its data center uses, as well as any setup costs, and the Exmouth Leisure Centre gets the heat for free.

Deep Green CTO Mat Craggs told Datacenter Dynamics: "Our expected heat transfer from the kit is 139,284 kWh a year, equivalent to 62 percent of the pool's heat needs." He noted that adding more servers to the tub could extend the figure to 70 or 80 percent. Deep Green's data center can heat the Exmouth Leisure Centre's 25 meter pool to 86 degrees Fahrenheit for about 60 percent of the time, BBC reported. The startup has plans to set up data centers in seven more UK locations and has a 2023 target of 20 locations.

An anonymous reader shares a report: Socket has found a way to protect developers from npm, GitHub's insufficiently safe JavaScript package manager, by wrapping it in a security blanket. The npm registry, operated by NPM until the security biz was acquired by Microsoft's GitHub in 2020, hosts software packages for the JavaScript ecosystem. It is, by its own account, "the world's largest software registry." In the past few years, the maliciously inclined have increasingly focused on compromising package registries like npm in what's known as a supply chain attack. Subverting a popular software library has the potential to enable widespread viral distribution. Those running the npm registry have put in place various defenses over the years, such as npm audit, a vulnerability scanning command in the npm command line interface (CLI). But the tool's implementation leaves something to be desired and developers often ignore audit warning messages, particularly if automated resolution doesn't work.

Socket built its own vulnerability scanning system and last year made it available for free (with paid tiers for teams and organizations) for open source projects. Its scanner runs as a GitHub app on code repositories when changes are made. It catches more issues than npm audit -- covering not just supply chain risk but also quality, maintenance, vulnerability, and license concerns. But Socket's scanner is also now available as a CLI that developers can install on their machines. On Thursday, Socket updated its CLI with a safe npm command that defends developers whenever they invoke npm install or npm uninstall, which perversely can install packages amid removing others. "npm creates what is called the 'ideal tree' for a given package.json," explained Feross Aboukhadijeh, told The Register. "So by removing a package you might actually change what the ideal tree is. Removing a package may remove a constraint which is keeping a package on an older version, so then npm may update those packages to a more ideal/recent version."

Ethereum's next major software upgrade, which could make crypto's biggest commercial highway more attractive to investors and developers alike, will take place around April 12. From a report: Called Shanghai, it will let people who pledged their Ether tokens to order transactions on the Ethereum blockchain to withdraw them. Currently, some 17.5 million of such so-called staked Ether, worth about $29 billion at current prices, can't be accessed on the network, although the coins do earn their owners a yield. Ethereum software developers have been working on Shanghai for months, and have finally been able to set the date after deploying a final software test earlier this week. Developers confirmed the target date during a call on Thursday. Once Shanghai launches, that's expected to kick off a wave of withdrawals, though they will be limited to ensure the network's continued security. Waiting in line to withdraw could take weeks or months. However, many investors stake through crypto platforms such as Lido, which already give them some flexibility with their coins.

By the end of 2023, GitHub will require all code contributors to enable two-factor authentication — part of "a platform-wide effort to secure software development by improving account security."

But on Monday they'll start rolling it out, according to a new blog post, reaching out to "smaller" groups of developers and administrators "to notify them of their 2FA enrollment requirement." If your account is selected for enrollment, you will be notified via email and see a banner on GitHub.com, asking you to enroll. You'll have 45 days to configure 2FA on your account — before that date nothing will change about using GitHub except for the reminders. We'll let you know when your enablement deadline is getting close, and once it has passed you will be required to enable 2FA the first time you access GitHub.com.

You'll have the ability to snooze this notification for up to a week, but after that your ability to access your account will be limited. Don't worry: this snooze period only starts once you've signed in after the deadline, so if you're on vacation or out of office, you'll still get that one week period to set up 2FA when you're back at your desk....

Twenty-eight (28) days after you enable 2FA, you'll be asked to perform a 2FA check-up while using GitHub.com, which validates that your 2FA setup is working correctly. Previously signed-in users will be able to reconfigure 2FA if they have misconfigured or misplaced second factors during onboarding.
GitHub's blog post says their gradual rollout plan "will let us make sure developers are able to successfully onboard, and make adjustments as needed before we scale to larger groups as the year progresses." InfoWorld summarizes the options: Users can choose between 2FA methods such as TOTP (Time-based One-Time Password), SMS (Short Message Service), security keys, or GitHub Mobile as a preferred 2FA method. GitHub advises using security keys and TOTPs wherever possible; SMS does not provide the same level of protection and is no longer recommended under NIST 800-63B, the company said.
Internally GitHub is also testing passkeys, according to their blog post. "Protecting developers and consumers of the open source ecosystem from these types of attacks is the first and most critical step toward securing the supply chain."

Stack Overflow explored the "hype cycle" by asking thousands of real developers whether nascent tech trends have really proven themselves, and how they feel about them. "With AI-assisted technologies in the news, this survey's aim was to get a baseline for perceived utility and impact" of various technologies, writes Stack Overflow's senior analyst for market research and insights.

The results? "Open source is clearly positioned as the north star to all other technologies, lighting the way to the chosen land of future technology prosperity." Technologies such as blockchain or AI may dominate tech media headlines, but are they truly trusted in the eyes of developers and technologists? On a scale of zero (Experimental) to 10 (Proven), the top proven technologies by mean score are open source with 6.9, cloud computing with 6.5, and machine learning with 5.9. The lowest scoring were quantum computing with 3.7, nanotechnology with 4.5, and low code/no code with 4.6....

[When asked for the next technology that everyone will use], AI comes in at the top of the list by a large margin, but our three top proven selections (open source, machine learning, cloud computing) follow after....

It's one thing to believe a technology has a prosperous future, it's another to believe a technology deserves a prosperous future. Alongside the emergent sentiment, respondents also scored the same technologies on a zero (Negative Impact) to 10 (Positive Impact) scale for impact on the world. The top positive mean scoring technologies were open source with 7.2, sustainable technologies with 6.6 and machine learning with 6.5; the top negative mean scoring technologies were low code/no code, InnerSource, and blockchain all with 5.3. Seeing low code/no code and blockchain score so low here makes sense because both could be associated with questionable job security in certain developer careers; however it's surprising that AI is not there with them on the negative end of the spectrum. AI-assisted technology had an above average mean score for positive impact (6.2) and the percent positive score is not that far off from those machine learning and cloud computing (28% vs. 33% or 32%).

Possibly what we are seeing here as far as why developers would not rate AI more negatively than technologies like low code/no code or blockchain but do give it a higher emergent score is that they understand the technology better than a typical journalist or think tank analyst. AI-assisted tech is the second highest chosen technology on the list for wanting more hands-on training among respondents, just below machine learning. Developers understand the distinction between media buzz around AI replacing humans in well-paying jobs and the possibility of humans in better quality jobs when AI and machine learning technologies mature. Low code/no code for the same reason probably doesn't deserve to be rated so low, but it's clear that developers are not interested in learning more about it.

Open source software is the overall choice for most positive and most proven scores in sentiment compared to the set of technologies we polled our users about.
One quadrant of their graph shows three proven technologies which developers still had negative feelings about: biometrics, serverless computing, and rapid prototyping tools. (With "Internet of Things" straddling the line between positive and negative feelings.)

And there were two technologies which 10% of respondents thought would never be widely used in the future: low code/no code and blockchain. "Post-FTX scandal, it's clear that most developers do not feel blockchain is positive or proven," the analyst writes.

"However there is still desire to learn as more respondents want training with blockchain than cloud computing. There's a reason to believe in the direct positive impact of a given technology when it pays the bills."

"Google's Go language has re-entered the top 10 of the Tiobe index of programming language popularity, after a nearly six-year absence," reports InfoWorld: Go ranks 10th in the March edition of the index, after placing 11th the previous month. The language last appeared in the top 10 in July 2017.

The re-emergence of Go in the March 2023 index is being attributed to its popularity with software engineers and its strength in combining the right features, namely built-in concurrency, garbage collection, static typing, and good performance. Google's backing also helps, improving long-term trust in the language, Tiobe said.
The languages Go beat out include "assembly language" at #11, followed by MATLAB, Delphi/Object Pascal, Scratch, and Classic Visual Basic.

Here's the complete top-ten most popular programming languages, according to TIOBE:

• Python
• C
• Java
• C++
• C#
• Visual Basic
• JavaScript
• SQL
• PHP
• Go

Systems-oriented developers already have programming languages like C, C++, Rust, and Go, notes InfoWorld.

But now, "we also have Zig, a newer language that seeks to absorb what's best about these languages and offer comparable performance with a better, more reliable developer experience." Zig is a very active project. It was started by Andrew Kelley in 2015 and now seems to be reaching critical mass. Zig's ambition is rather momentous in software history: to become the heir to C's longstanding reign as both the go-to portable low-level language and as a standard to which other languages are compared....

Currently, Zig is being used to implement the Bun.js JavaScript runtime as an alternative to Node.js. Bun's creator Jarred Sumner told me "Zig is sort of similar to writing C, but with better memory safety features in debug mode and modern features like defer (sort of similar to Go's) and arbitrary code can be executed at compile-time via comptime. It has very few keywords so it's a lot easier to learn than C++ or Rust."

Zig differs from most other languages in its small feature footprint, which is the outcome of an explicit design goal: Only one obvious way to do things. Zig's developers take this goal so much to heart that for a time, Zig had no for loop, which was deemed an unnecessary syntactic elaboration upon the already adequate while loop. Kevin Lynagh, coming from a Rust background, wrote, "The language is so small and consistent that after a few hours of study I was able to load enough of it into my head to just do my work." Nathan Craddock, a C developer, echoed the sentiment. Programmers seem to really like the focused quality of Zig's syntax.
While Zig is "approaching" production-ready status, the article notes its high degree of interoperability with C and C++, its unique error-handling system, and its elimination of a malloc keyword (leaving memory allocation to the standard library).

"For now, the Zig team appears to be taking its time with the 1.0 release, which may drop in 2025 or later — but none of that stops us from building all sorts of things with the language today."

Politico reports: Governments and businesses have spent two decades rushing to the cloud — trusting some of their most sensitive data to tech giants that promised near-limitless storage, powerful software and the knowhow to keep it safe.

Now the White House worries that the cloud is becoming a huge security vulnerability.

So it's embarking on the nation's first comprehensive plan to regulate the security practices of cloud providers like Amazon, Microsoft, Google and Oracle, whose servers provide data storage and computing power for customers ranging from mom-and-pop businesses to the Pentagon and CIA.... Among other steps, the Biden administration recently said it will require cloud providers to verify the identity of their users to prevent foreign hackers from renting space on U.S. cloud servers (implementing an idea first introduced in a Trump administration executive order). And last week the administration warned in its national cybersecurity strategy that more cloud regulations are coming — saying it plans to identify and close regulatory gaps over the industry....

So far, cloud providers have haven't done enough to prevent criminal and nation-state hackers from abusing their services to stage attacks within the U.S., officials argued, pointing in particular to the 2020 SolarWinds espionage campaign, in which Russian spooks avoided detection in part by renting servers from Amazon and GoDaddy. For months, they used those to slip unnoticed into at least nine federal agencies and 100 companies. That risk is only growing, said Rob Knake, the deputy national cyber director for strategy and budget. Foreign hackers have become more adept at "spinning up and rapidly spinning down" new servers, he said — in effect, moving so quickly from one rented service to the next that new leads dry up for U.S. law enforcement faster than it can trace them down.

On top of that, U.S. officials express significant frustration that cloud providers often up-charge customers to add security protections — both taking advantage of the need for such measures and leaving a security hole when companies decide not to spend the extra money. That practice complicated the federal investigations into the SolarWinds attack, because the agencies that fell victim to the Russian hacking campaign had not paid extra for Microsoft's enhanced data-logging features.... Part of what makes that difficult is that neither the government nor companies using cloud providers fully know what security protections cloud providers have in place. In a study last month on the U.S. financial sector's use of cloud services, the Treasury Department found that cloud companies provided "insufficient transparency to support due diligence and monitoring" and U.S. banks could not "fully understand the risks associated with cloud services."