"Python seems to be unstoppable," argues the commentary on August's edition of the TIOBE index (which attempts to calculate programming-language popularity based on search results for courses, vendors, and "skilled engineers").

By that measure Python's "market share" rose another 2% in this month's index — to an all-time high of 15.42%. It is hard to find a field of programming in which Python is not used extensively nowadays. The only exception is (safety-critical) embedded systems because of Python being dynamically typed and too slow. That is why the performant languages C and C++ are gaining popularity as well at the moment.

If we look at the rest of the TIOBE index, not that much happened last month. Swift and PHP swapped places again at position 10, Rust is getting close to the top 20, Kotlin is back in the top 30, and the new Google language Carbon enters the TIOBE index at position 192.
InfoWorld notes it's been 10 months since Python first claimed the index's #1 spot last October, "becoming the only language besides Java and C to hold the No. 1 position." In the alternative Pypl Popularity of Programming Language index, which assesses language popularity based on Google searches of programming language tutorials, the top 10 rankings for August were:

1. Python, 28.11% share
2. Java, 17.35%
3. JavaScript, 9.48%
4. C#, 7.08%
5. C/C++, 6.19%
6. PHP, 5.47%
7. R, 4.35%
8. TypeScript, 2.79%
9. Swift, 2.09%
10. Objective-C, 2.03%

Patrick Wardle, founder of the Objective-See Foundation, a nonprofit that creates open-source security tools for macOS, has had his code make its way into a number of commercial products over the years -- "all without the users crediting him or licensing and paying for the work," reports The Verge. Wardle, a Mac malware specialist and former employee of the NSA and NASA, will lay out his case in a presentation today at the Black Hat cybersecurity conference with Tom McGuire, a cybersecurity researcher at Johns Hopkins University. From the report: The problem, Wardle says, is that it's difficult to prove that the code was stolen rather than implemented in a similar way by coincidence. Fortunately, because of Wardle's skill in reverse-engineering software, he was able to make more progress than most. "I was only able to figure [the code theft] out because I both write tools and reverse engineer software, which is not super common," Wardle told The Verge in a call before the talk. "Because I straddle both of these disciplines I could find it happening to my tools, but other indie developers might not be able to, which is the concern."

One of the central examples in Wardle's case is a software tool called OverSight, which Wardle released in 2016. Oversight was developed as a way to monitor whether any macOS applications were surreptitiously accessing the microphone or webcam, with much success: it was effective not only as a way to find Mac malware that was surveilling users but also to uncover the fact that a legitimate application like Shazam was always listening in the background. [...] But years after Oversight was released, he was surprised to find a number of commercial applications incorporating similar application logic in their own products -- even down to replicating the same bugs that Wardle's code had.

Three different companies were found to be incorporating techniques lifted from Wardle's work in their own commercially sold software. None of the offending companies are named in the Black Hat talk, as Wardle says that he believes the code theft was likely the work of an individual employee, rather than a top-down strategy. The companies also reacted positively when confronted about it, Wardle says: all three vendors he approached reportedly acknowledged that his code had been used in their products without authorization, and all eventually paid him directly or donated money to the Objective-See Foundation. The Verge notes that Wardle's cousin Josh Wardle created the popular Wordle game, which was purchased earlier this year by The New York Times.

In a lengthy document submitted to the Brazilian government as part of its investigation into Microsoft's acquisition of Activision Blizzard, Microsoft has claimed Sony pays developers "blocking rights" to prevent games from appearing on Xbox Game Pass. From a report: The accusation appears in a 27-page rebuttal of Sony's recent objections to Microsoft's Activision Blizzard buyout, made to Brazil's Administrative Council for Economic Defense (CADE) as part of its investigation. Much of Sony's argument had focused on Call of Duty - which it claimed had "no rival" and was "so popular that it influences users' choice of console" -- with the PlayStation maker suggesting, among other things, that the inclusion of Call of Duty on Microsoft's Game Pass service would hamper its ability to compete.

Microsoft's response is as wide-ranging as Sony's initial objections, touching on everything from the fact it has previously managed to grow Game Pass without Activision Blizzard's titles -- suggesting Call of Duty mightn't be quite as "essential" as Sony claims -- to a reiteration of its assurances that it won't be making Call of Duty an Xbox console exclusive. It's here that Microsoft takes a swipe at Sony, pointing out (as per a Google-translated version of its filing) that for all its concerns around exclusivity, "the use of exclusive arrangements has been at the heart of Sony's strategy to strengthen its presence in the gaming industry." Microsoft says Sony's concerns are "incoherent", given that, by virtue of PlayStation's dominant market share, the company is a leader in the distribution of digital games - especially when, as Microsoft claims, Sony has actively hampered the growth of Game Pass by paying for "'blocking rights' to prevent developers from adding content to Game Pass and other competing subscription services." Further reading: Microsoft Justifies Activision Blizzard's $69 Billion Acquisition By Telling Regulator Call of Duty Publisher Doesn't Release 'Unique' Games.

Roman Semenov, one of the co-founders of Tornado Cash, has reported his account was suspended at the developer platform, GitHub, following the United States Treasury Department's sanctioning of the privacy protocol. From a report: In a Monday tweet, Semenov said that despite not being individually named as a Specially Designated National, or SDN, of Treasury's Office of Foreign Asset Control, he seemed to be facing repercussions from the Treasury alleging Tornado Cash had laundered more than $7 billion worth of cryptocurrency. As SDNs, identified firms and individuals have their assets blocked and "U.S. persons are generally prohibited from dealing with them."

Being identified as an SDN would seemingly include any contact for business purposes, which could extend to associations on GitHub. According to a joint statement from the Federal Financial Institutions Examination Council and Office of Foreign Asset Control, prohibited transactions could be interpreted to include "downloading a software patch from a sanctioned entity." Semenov called the move to suspend his account "a bit illogical." However, U.S. residents have been effectively barred from using the crypto mixer, given its alleged failure "to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks," according to Brian Nelson, Under Secretary of the Treasury for Terrorism and Financial Intelligence.

JavaScript, the world's most popular programming language according to most surveys, has become a barrier to progress, according to Douglas Crockford, creator of the JSON (JavaScript Object Notation) specification used everywhere for serializing data in web applications.

Crockford made this assertion in an interview last month:

"The best thing we can do today to JavaScript is to retire it. Twenty years ago, I was one of the few advocates for JavaScript. Its cobbling together of nested functions and dynamic objects was brilliant. I spent a decade trying to correct its flaws. I had a minor success with ES5. But since then, there has been strong interest in further bloating the language instead of making it better. So JavaScript, like the other dinosaur languages, has become a barrier to progress. We should be focused on the next language, which should look more like E than like JavaScript."

According to a StackOverflow survey earlier this year, JavaScript is used by over 65% of developers, way ahead of second placed Python at 48 percent (ignoring HTML, CSS and SQL which are not general purpose languages).
Crockford also acknowledged there's be two difficulties in replacing browser-based JavaScript, according to the article. "First, we don't have the next language yet. It needs to be a minimal capability-based actor language that is designed specifically for secure distributed programming. Nothing less should be considered.

"Second, we need all of the browser makers to adopt it and to simultaneously replace the DOM with a well designed interface. Good luck with that."

After layoffs at Oracle, Business Insider spoke to current and former employees, learning that some marketing teams reportedly saw their headcount "slashed by anywhere from 30% to 50%."

One former marketing employee complained that "It's just a horrible environment left. It's complete chaos...." "The common verb to describe Oracle's Advertising and Customer Experience team is that they were obliterated," said a person who works at Oracle. Insider was unable to determine exactly how many ACX employees were cut, but one person familiar said it may have reached 80% of the division... "There's no marketing anymore," a senior marketing leader who was laid off on Monday told Insider. "We're not even supposed to say we're in marketing because there is no marketing division...." One recently laid off marketing leader told Insider that their team was cut in half, and no successor has been appointed to take their place. "My team is texting me; they still have no idea who they work for," the person said. "No one told them I was gone, so they're just floating in the wind...."

While the company is known for cutting workers every year, some employees said they were shocked by how many senior, experienced, and high-performing staffers were let go on Monday. For example, Oracle's code base is so complicated that it can take years before engineers are fully up to speed with how everything works, and workers with over a decade of experience were cut, some employees said.

Other employees who were laid off in recent months have said they're furious they were cut before their restricted stock units were scheduled to vest, costing them tens of thousands of dollars in expected compensation. "It's just deplorable," said a recently-laid off marketing leader whose primary compensation package included stock. "I know there were people on medical leave laid off. I know people on parental leave that were laid off."
The article points out that in June Oracle also reported $191 million on restructuring costs for the previous fiscal year — and another $431 million for the year before. ("Oracle did not respond to requests for comment from Insider at the time of publication.")

A recently laid-off marketing employee told the site that "We've been kind of working like zombies the last couple of weeks because there's just this sense of 'What am I doing here?"

Thanks to long-time Slashdot reader SpzToid for sharing the article.

"GitLab has reversed its decision to automatically delete projects that are inactive for more than a year and belong to its free-tier users," reports the Register. Thursday GitLab tweeted:

"We discussed internally what to do with inactive repositories. We reached a decision to move unused repos to object storage. Once implemented, they will still be accessible but take a bit longer to access after a long period of inactivity."

But the Register says they've seen internal documents from "well-placed sources" showing that GitLab had originally "hoped the move would save it up to $1 million a year and help make its SaaS business sustainable." And the company had spent a long time preparing for such a move: Documents we have seen gave staff notice of an internal meeting scheduled for August 9. The agenda for the meeting lays out the plan to delete dormant code repositories... Other internal documents seen by The Register mention the possible use of object storage to archive projects but express concerns that doing so would increase GitLab's costs by creating a need for multiple redundant backups.

We have also seen internal discussions confirming the automation code to delete inactive projects was completed by the end of July, and was ready to roll out after months of debate and development work.

One of our sources told us [Thursday] that it was online pressure, led by The Register's reporting, that forced a dramatic rethink at the GitHub rival. Word of the deletion policy as a money-saving exercise sparked fury on Twitter and Reddit.
On GitLab's Twitter feed Thursday, someone raised an interesting point about GitLab's new promise to move inactive repos into object storage. "Wait, does 'inactive' mean repositories that have no new commits? Or only those without new commits AND without read access by cloning / fetching?"

And GitLab's CEO/co-founder Sid Sijbrandij replied, "We're not sure yet. Probably all write operations would keep a project active, creating an issue, a merge request, pushing changes to a branch, etc. We might also keep it active as long as people are doing read operations such as cloning, forking, etc."

Friday Sijbrandij tweeted this status update:

"Archived projects is a user activated state that signals intent. We're not sure yet but very likely the storage type used is orthogonal to that. Our current plan for object storage would keep the repos visible to everyone."

ZDNet's Stephanie Condon spoke with Red Hat's new CEO, Matt Hicks, a veteran of the company that's been working there for over 14 years. An anonymous reader shares an excerpt from their discussion: Matt Hicks, Red Hat's new CEO, doesn't have the background of your typical chief executive. He studied computer hardware engineering in college. He began his career as an IT consultant at IBM. His on-the-ground experience, however, is one of his core assets as the company's new leader, Hicks says. "The markets are changing really quickly," he tells ZDNet. "And just having that intuition -- of where hardware is going, having spent time in the field with what enterprise IT shops struggle with and what they do well, and then having a lot of years in Red Hat engineering -- I know that's intuition that I'll lean on... Around that, there's a really good team at Red Hat, and I get to lean on their expertise of how to best deliver, but that I love having that core intuition."

Hicks believes his core knowledge helps him to guide the company's strategic bets. While his experience is an asset, Hicks says it's not a given that a good developer will make a good leader. You also need to know how to communicate your ideas persuasively. "You can't just be the best coder in the room," he says. "Especially in STEM and engineering, the softer skills of learning how to present, learning how to influence a group and show up really well in a leadership presentation or at a conference -- they really start to define people's careers."

Hicks says that focus on influence is an important part of his role now that he didn't relish earlier in his career. "I think a lot of people don't love that," he says. "And yet, you can be the best engineer on the planet and work hard, but if you can't be heard, if you can't influence, it's harder to deliver on those opportunities." Hicks embraced the art of persuasion to advance his career. And as an open-source developer, he learned to embrace enterprise products to advance Red Hat's mission. He joined Red Hat just a few years after Paul Cormier -- then Red Hat's VP of engineering, and later Hicks' predecessor as CEO -- moved the company from its early distribution, Red Hat Linux, to Red Hat Enterprise Linux (RHEL). It was a move that not everyone liked. [...] "As he settles into his new role as CEO, the main challenge ahead of Hicks will be picking the right industries and partners to pursue at the edge," writes Condon. "Red Hat is already working at the edge, in a range of different industries. It's working with General Motors on Ultifi, GM's end-to-end software platform, and it's partnering with ABB, one of the world's leading manufacturing automation companies. It's also working with Verizon on hybrid mobile edge computing. Even so, the opportunity is vast. Red Hat expects to see around $250 billion in spending at the edge by 2025."

"There'll be a tremendous growth of applications that are written to be able to deliver to that," Hicks says. "And so our goals in the short term are to pick the industries and build impactful partnerships in those industries -- because it's newer, and it's evolving."

UPDATE (8/5): "GitLab has reversed its decision to automatically delete projects that are inactive for more than a year and belong to its free-tier users," the Register reported Friday.

Thursday the same site had reported that GitLab planned to automatically delete projects if they've been inactive for a year and are owned by users of its free tier. From that report: The Register has learned that such projects account for up to a quarter of GitLab's hosting costs, and that the auto-deletion of projects could save the cloudy coding collaboration service up to $1 million a year. The policy has therefore been suggested to help GitLab's finances remain sustainable. People with knowledge of the situation, who requested anonymity as they are not authorized to discuss it with the media, told The Register the policy is scheduled to come into force in September 2022. GitLab is aware of the potential for angry opposition to the plan, and will therefore give users weeks or months of warning before deleting their work. A single comment, commit, or new issue posted to a project during a 12-month period will be sufficient to keep the project alive. The Register understands some in the wider GitLab community worry that the policy could see projects disappear before users have the chance to archive code on which they rely. As many open-source projects are widely used, it is feared that the decision could have considerable negative impact.

Alexis Ong writes via The Verge: It is a truth universally acknowledged that if you build something on the internet, people will find ways to creatively break it. This is exactly what happened with cohost, a new social media platform that allows posts with CSS. Digging through the #interactables hashtag on cohost reveals a bounty of clickable, CSS-enabled experiments that go far beyond GIFs -- there's a WarioWare mug-catching game, an interactive Habbo tribute, magnetic fridge poetry, this absolutely bananas cog machine, and even a "playable" Game Boy Color (which was, at one point, used for a "GIF plays Pokemon" event). Yes, there's also Doom. The cohost team embraced the madness. It was the beginning of a creative avalanche that simply isn't possible on other social media sites -- a phenomenon that the cohost community has since dubbed "CSS crimes."

Oracle has started to lay off employees in the United States, The Information said on Monday, citing a person with direct knowledge of the matter. Reuters reports: The publication in July reported that Oracle was considering cutting thousands of jobs in its global workforce after targeting cost cuts of up to $1 billion. The company had about 143,000 full-time employees as of May 31, according to its latest annual report. The layoffs at Oracle will affect employees at its offices in the San Francisco Bay Area, Monday's report said, but it did not mention the number of employees affected. The report also said layoffs in Canada, India and parts of Europe were expected in the coming weeks and months.

"If combating attacks and hijackings of legitimate software on open source registries like npm weren't challenging enough, app makers are increasingly experiencing the consequences of software self-sabotage," writes security researcher and reporter Ax Sharma via TechCrunch. "A developer can, on a whim, change their mind and do whatever they want with their open source code that, most of the time anyway, comes 'as is' without any warranty. Or, as seen by a growing trend this year, developers deliberately sabotaging their own software libraries as a means of protest -- turning software into 'protestware.'"

One of the many examples Sharma mentions happened during the first week of 2022, when thousands of applications that rely on the heavily used npm projects colors and faker broke and began printing gibberish text on users' screens. "It wasn't a malicious actor hijacking and altering these legitimate libraries," writes Sharma. "It turned out the projects' developer Mark Squires had intentionally corrupted his own work to send a message of protest to big corporations..." An anonymous reader shares an excerpt from his report: Open source developers are discovering new and creative avenues that no longer limit them to implementing new features for their projects, but to actively express their views on larger social matters by modifying their projects for a cause. And, unlike proprietary code that has to function in line with a paying customer's expectations, most open source licenses are quite permissive -- both for the consumer and the developer -- offering their code with licenses that offer no guarantees as to what a developer is not supposed to and will never do with their code, making protestware a gray area for defenders. In fact, as a security researcher at Sonatype, I observed how protestware posed a challenge for us in the early stages and how we would tweak our automated malware detection algorithms to now catch self-sabotages with projects like colors and faker. Traditionally, the system was designed to spot typosquatting malware uploaded to open source repositories, but cases like malicious hijacks or developers modifying their own libraries without warning required a deeper understanding of the intricacies of how protestware works.

The theme has also put major open source registries like npm -- owned by GitHub, a Microsoft subsidiary -- at a crossroads when having to deal with these edge cases. Socket's founder Feross Aboukhadijeh told TechCrunch that registries like GitHub are in a difficult position. "On the one hand, they want to support maintainers' right to freedom of expression and the ability to use their platform to support the causes they believe in. But on the other hand, GitHub has a responsibility to npm users to ensure that malicious code isn't served from npm servers. It's sometimes a difficult balancing act," said Aboukhadijeh. A simple solution to ensuring you are getting only vetted versions of a component in your build is to pin your npm dependency versions. That way, even if future versions of a project are sabotaged or hijacked, your build continues to use the "pinned" version as opposed to fetching the latest, tainted one. But this may not always be an effective strategy for all ecosystems, like PyPI, where existing versions of a component can be republished -- as we saw in the case of the hijacking of the ctx PyPI project.

"The conversation around 'protestware' is really a conversation about software supply chain security. You can't trust what you can't verify," Dan Lorenc, the co-founder and chief executive at Chainguard, a startup that specializes in software supply chain security, told TechCrunch. Lorenc's advice against preventing protestware is to follow good open source security hygiene and best practices that can help developers develop protestware more easily and early on. "Knowing and understanding your dependencies, conducting regular scans and audits of open source code you are using in your environments are a start." But Lorenc warns the debate about protestware could draw in copycats who would contribute to the problem and detract open source software defenders from focusing on tackling what's truly important -- keeping malicious actors at bay. And with protestware there remain unknown unknowns. What issue is too small -- or too big -- for protestware? While no one can practically dictate what an open source developer can do with their code -- it is a power developers have always possessed, but are now just beginning to harness.

Microsoft is rallying other big-name cloud-computing providers such as Alphabet's Google and Oracle to press the U.S. government into spreading its spending on such services more widely, taking aim at Amazon's dominance in such contracts. From a report: The software giant has issued talking points to other cloud companies aimed at jointly lobbying Washington to require major government projects to use more than one cloud service, according to people familiar with the effort and a document viewed by The Wall Street Journal. Microsoft also approached VMware, Dell, IBM and HP said the people familiar with the effort. It hasn't yet asked Amazon to join the loose alliance, the people said.

Amazon dominates the cloud-infrastructure industry with a 39% share of the 2021 global market ahead of Microsoft at No. 2 with a 21% share, according to research firm Gartner Inc. Amazon looms even larger in the business of selling cloud services to governments. Amazon's cloud had a 47% share of the 2021 U.S. and Canada public-sector market orders, ahead of 28% for Microsoft, according to Gartner. The National Security Agency last year picked Amazon as the sole vendor for a cloud contract that could be worth potentially as much as $10 billion over the next decade, renewing an existing business relationship.

It's difficult for large projects to convert existing C++ codebases into Rust, argue Google engineers — so they've created a new "experimental" open source programming language called Carbon.

Google Principal Software Engineer Chandler Carruth introduced Carbon this week at the "CPP North" C++ conference in Toronto. TechRadar reports: The newly announced Carbon should be interoperable with the popular C++ code, however for users looking to make the full switch, the migration should be fairly easy. For those unsure about a full changeover, Carruth delved into more detail about some of the reasons why Carbon should be considered a powerful successor to the C++ language, including simpler grammar and smoother API imports.
Google's engineers are already building tools to translate C++ into this new language. "While Carbon began as a Google internal project, the development team ultimately wants to reduce contributions from Google, or any other single company, to less than 50% by the end of the year," reports The New Stack, adding that Google ultimately wants to hand off the project to an independent software foundation where development will be led by volunteers: Long the language of choice for building performance-critical applications, C++ is plagued with a number of issues that hamper modern developers, Carruth explained on a GitHub page. It has accumulated decades of technical debt, bringing with it many of the outdated practices that were part of the language's predecessor, C. The keepers of C++ prioritize backward compatibility, in order to continue to support widely-used projects such as Linux and its package management ecosystem, Carruth charged.

The language's evolution is also stymied by a bureaucratic committee process, oriented around standardization rather than design. Which can make it difficult to add new features. C++ has largely a sequestered development process, in which a select committee makes the important decisions, in a waterfall process that can take years. "The committee structure is designed to ensure representation of nations and companies, rather than building an inclusive and welcoming team and community of experts and people actively contributing to the language," Carruth wrote. "Access to the committee and standard is restricted and expensive, attendance is necessary to have a voice, and decisions are made by live votes of those present."

Carruth wants to build Carbon by a more open community-led environment. The project will be maintained on GitHub, and discussed on Discord.... The design team wants to release a core working version ("0.1") by the end of the year.
Carbon will boast modern features like generics and memory safety (including dynamic bounds checks), the article points out. And "The development team will also set out to create a built-in package manager, something that C++ sorely lacks."

For roughly a year and a half software engineer Pablo Galindo has been one of five members on the Python Steering Council, which took the reins when language creator Guido van Rossum stepped down. "The Python Steering Council attempts to reflect the decisions of the community, weighing up all the advantages and disadvantages [of each proposal]," Galindo explains in TechRadar's look at how the language now manages its evolution. (Alternate URL here.)

"Our responsibility is to make sure everyone is represented in a decision. It's not about what we think personally, it's about the community mind." So while static typing would've benefited one specific sub-community, the article argues, the necessary changes were ultimately "deemed by the council to have an overall detrimental effect," the article points out, "and were therefore rejected." Given the popularity of Python and size of the application base, the Steering Council has to exercise considerable caution when deciding upon changes to the language. Broadly, the goal is to improve the level of performance and range of functionality in line with the demands of the community, but doing so is rarely straightforward. "There is an important distinction between making a new language fast, versus increasing the performance of a 30-year-old language without breaking the code," noted Galindo. "That is extremely difficult; I cannot tell you how difficult it is."

"There are a number of industry techniques that everyone uses [to improve performance], but Python is incompatible with these methods. Instead, we have to develop entirely new techniques to achieve only similarly good results."

Separately, the team has to worry about the knock-on effects of a poorly-implemented change, of which there could be many. As an example, Galindo gestured towards the impact of a drop-off in language performance on energy usage (and therefore carbon emissions). "When you make changes in the language, it can be daunting," he said. "How many CPU cycles will I cost the planet with a mistake...?"

Despite the various headwinds, the Python Steering Council has lofty ambitions for the language, with the next major release (version 3.11) set to go live in October. Apparently, speed is the first item on the agenda. Galindo told us the aim is to improve performance by up to 60% (depending on the workload) with Python 3.11 and again with version 3.12. In the longer term, meanwhile, the goal is to make the language between two and five times faster within the next decade.

The council will also continue to focus on improving the quality of error messages generated by the Python Interpreter in an effort to make debugging much simpler, a pet project of Galindo's and a major focus during his time on the council.

The Dell XPS 13 Plus Developer Edition with Ubuntu 22.04 Long Term Support (LTS) will arrive on August 23rd. "This means, of course, Canonical and Dell officially have been certified for Ubuntu 22.04 LTS," writes ZDNet's Steven Vaughan-Nichols. "So if you already have a current XPS 13 Plus, you can install Ubuntu 22.04 and automatically receive the same hardware-optimized experience that will ship with the new Developer Edition." From the report: What this certification means is that all of XPS's components have been tested to deliver the best possible experience out of the box. Ubuntu-certified devices are based on Long Term Support (LTS) releases and therefore receive updates for up to 10 years. So if you actually still have an XPS 13 that came with Ubuntu back in the day, it's still supported today. [...] Dell and Canonical have been at this for years. Today's Dell's Developer Editions are the official continuation of Project Sputnik. This initiative began 10 years ago to create high-end Dell systems with Ubuntu preinstalled. These were, and are, designed with programmer input and built for developers.

As Jaewook Woo, Dell's product manager, Linux, explained: "XPS is an innovation portal for Dell -- from its application of cutting-edge technology to experimentation of new user interfaces and experiential design. By bringing the enhanced performance and power management features of Ubuntu 22.04 LTS to our most advanced premium laptop, Dell and Canonical reinforce our joint commitment to continue delivering the best computing experience for developers using Ubuntu."

The forthcoming Dell XPS Plus Developer Edition's specifications are impressive. The base configuration is powered by a 12th-generation Intel i5 1240P processor that runs up to 4.4GHz. For graphics, it uses Intel Iris Xe Graphics. This backs up the 13.4-inch 1920x1200 60Hz display. For storage, it uses a 512GB SSD. The list price is $1,389.

Cloud services and servers hosted by Google and Oracle in the UK have dropped offline due to cooling issues as the nation experiences a record-breaking heatwave. From a report: When the mercury hit 40.3C (104.5F) in eastern England, the highest ever registered by a country not used to these conditions, datacenters couldn't take the heat. Selected machines were powered off to avoid long-term damage, causing some resources, services, and virtual machines to became unavailable, taking down unlucky websites and the like.

Multiple Oracle Cloud Infrastructure resources are offline, including networking, storage, and compute provided by its servers in the south of UK. Cooling systems were blamed, and techies switched off equipment in a bid to prevent hardware burning out, according to a status update from Team Oracle. "As a result of unseasonal temperatures in the region, a subset of cooling infrastructure within the UK South (London) Data Centre has experienced an issue," Oracle said on Tuesday at 1638 UTC. "As a result some customers may be unable to access or use Oracle Cloud Infrastructure resources hosted in the region.

Google will start allowing the developers of non-gaming apps in the European Economic Area (EEA) to offer alternate payment systems. In a blog post, Google outlines its plans to comply with the Digital Markets Act (or DMA), a piece of legislation aimed at regulating big tech. From a report: The DMA passed through the European Parliament earlier this month, but it isn't expected to go into force until spring 2023. But Google is rolling out the changes ahead of time to make sure that its plans "serve the needs" of users.

The legislation requires "gatekeepers," or companies with a market capitalization of $75.8 billion or over, to follow a set of rules meant to promote competition among digital platforms. Failing to comply could lead to fines of up to 10 percent of a firm's global revenue or 20 percent in case of repeat offenses. Android developers who choose to use an alternate payment processor will still have to pay Google a service fee for each transaction on the first $1 million they make within one year. However, Google says it will reduce this fee by 3 percent, meaning the company will take a 12 percent or lower cut from every transaction. If developers make more than $1 million in one year, Google will charge developers a 27 percent fee on transactions (3 percent less than the standard 30 percent).

Phoronix reports: The GCC Steering Committee has approved of the GCC Rust front-end providing Rust programming language support by the GNU Compiler Collection. This Rust front-end will likely be merged ahead of the GCC 13 release next year.

The GCC Steering Committee this morning has announced that the Rust front-end "GCC Rust" is appropriate for inclusion into the GCC mainline code-base. This is the effort that has been in the works for a while as an alternative to Rust's official LLVM-based compiler. GCC Rust is still under active development but is getting into shape for mainlining.

The hope is to have at least "beta" level support for the Rust programming language in GCC 13, which will be released as stable around April of next year.

Steve Springett is a conscientious senior security architect. And in 2018, he published an essay on GitHub arguing that from a security engineer's perspective, WebAssembly "increases the attack surface of any browser that supports it."

Springett wrote that WebAssembly modules are sent in (unsigned) binary format — without a transport-layer security mechanism — and rely on browser sandboxing for safety. But the binary format makes it harder to analyze the code, while sandboxing "is prone to breakouts and effectiveness varies largely by implementation. Adobe Flash is an example of a technology that was sandboxed after a series of exploits, yet exploits and breakouts still occurred." Springett even went so far as to offer the commands for switching off WebAssembly in your browser.

Now Tablizer (Slashdot reader #95,088) wants to know what other Slashdot readers think of Spingett's security concrens around WebAssembly.

And also offers this suggestion to browser makers: Browsers should have a way to easily disable WebAssembly — including whitelisting. For example, if you need it for specific gaming site, you can whitelist just that site and not have WASM exposed for other sites.