theodp writes: Chicago Public School (CPS) teachers were 'blindsided' after access to popular classroom software was yanked due to CPS's interpretation of Illinois' Student Online Personal Protection Act (SOPPA), the Chicago Sun-Times reports. Sneha Dey writes, "Among the software products that violate the law, CPS now says, are programs like Code.org, which is widely used in computer science classes, and Adobe applications used for artistic design and newspaper page layouts. That left has many high school newspapers unable to produce their print editions. Also off limits is Scratch, software to create interactive stores, animations and games. CPS had partnered with the Scratch Foundation to hold family coding nights, among other events."

The Blueprint's Karen Buecking has more on how the new student data protection law has upended the computer science curriculum at CPS, noting that CPS teachers received an email from tech-backed Code.org explaining the situation: "We've already signed student data protection agreements with over 150 districts across the state to comply with the new law," said the Code.org representative. "The bad news is CPS's agreement and application process contains onerous requirements unrelated to student privacy that make it prohibitive for organizations like Code.org to agree to CPS's requirements as written."

The Oracle JDK "is available free of charge for production use again," reports InfoQ, under a new "Oracle No-Fee Terms and Conditions" license.

The move, announced in mid-September, "reverses a 2018 decision to charge for Oracle JDK production use and does not affect Oracle's OpenJDK distribution," they write, noting that the new license "applies to the recently released version 17 of Oracle JDK and future versions." Donald Smith, Senior Director of Product Management at Oracle, explained the reason for this decision in a recent blog post, writing:

"Providing Oracle OpenJDK builds under the GPL was highly welcomed, but feedback from developers, academia, and enterprises was that they wanted the trusted, rock-solid Oracle JDK under an unambiguously free terms license, too. Oracle appreciates the feedback from the developer ecosystem and are pleased to announce that as of Java 17 we are delivering on exactly that request."

Smith explicitly stated that the No-Fee Terms and Conditions license "includes commercial and production use" [although the license does not seem to highlight this fact] and stated that "redistribution is permitted as long as it is not for a fee."

Abstract of a paper written by Michael Navarrete of University of Maryland: The United States experienced an unprecedented increase in unemployment insurance (UI) claims starting in March 2020, mainly due to layoffs caused by COVID-19. State unemployment insurance systems were inadequately prepared to process these claims. Those states using an antiquated programming language, COBOL, to process UI claims experienced longer delays in benefit disbursement. Using daily card consumption data from Affinity Solutions, I employ a two-way fixed effects estimator to measure the causal impact of COBOL-induced delays in UI benefits on aggregate consumption. The delays caused a 4.4 percentage point relative decline in total card consumption in COBOL states relative to non-COBOL states. Performing a back-of-the-envelope calculation using 2019 data, I find that real GDP declined by $181 billion (in 2012 dollars).

An indie developer has found an interesting observation: Though only 5.8% of his game's buyers were playing on Linux, they generated over 38% of the bug reports. Not because the Linux platform was buggier, either. Only 3 of the roughly 400 bug reports submitted by Linux users were platform specific, that is, would only happen on Linux. PC Gamer reports: The developer, posting as Koderski for developer Kodera Software on Reddit, makes indie game [Delta] V: Rings of Saturn -- that's Delta V, or DV, for the non-rocket-science-literate. [...] Koderski says he's sold a little over 12,000 copies of his game, and about 700 of those were bought by Linux players. "I got 1040 bug reports in total, out of which roughly 400 are made by Linux players," says Koderski's post. "That's one report per 11.5 users on average, and one report per 1.75 Linux players. That's right, an average Linux player will get you 650% more bug reports." Koderski's numbers are a limited sample size drawn from one person's experience, but tell a compelling story.

Koderski also says that very few of those bugs were specific to Linux, being clear that "This 5.8% of players found 38% of all the bugs that affected everyone." The bug reports themselves were also pretty high quality, he said, including software and OS versions, logs, and steps for replication. Multiple commenters on the post chalked this up to the kind of people who use Linux: Software professionals, IT employees, and engineers who would already be familiar with official bug reporting processes. It's a strong theory as to why this might be, though the sheer passion that the gaming on Linux community has for anyone who supports their favorite hobby may be another.

"Microsoft is reversing a decision to remove a key feature from its upcoming .NET 6 release, after a public outcry from the open source community," reports the Verge.

"Microsoft angered the .NET open source community earlier this week by removing a key part of Hot Reload in the upcoming release of .NET 6, a feature that allows developers to modify source code while an app is running and immediately see the results." It's a feature many had been looking forward to using in Visual Studio Code and across multiple platforms, until Microsoft made a controversial last-minute decision to lock it to Visual Studio 2022 which is a paid product that's limited to Windows. Sources at Microsoft, speaking on condition of anonymity, told The Verge that the last-minute change was made by Julia Liuson, the head of Microsoft's developer division, and was a business-focused move.

Microsoft has now reversed the change following a backlash, and anger inside the company from many of Microsoft's own employees. "We made a mistake in executing on our decision and took longer than expected to respond back to the community," explains Scott Hunter, director of program management for .NET. Microsoft has now approved the community's pull request to re-enable this feature and it will be available in the final version of the .NET 6 SDK...

This eventful episode came after weeks of unrest in the .NET community over Microsoft's involvement in the .NET Foundation. The foundation was created in 2014 when Microsoft made .NET open source, and it's supposed to be an independent organization that exists to improve open source software development and collaboration for .NET.

"Bringing VS Code to the browser is the realization of the original vision for the product," Microsoft said in a blog post. "It is also the start of a completely new one. An ephemeral editor that is available to anyone with a browser and an internet connection is the foundation for a future where we can truly edit anything from anywhere."

Or, as Mike Melanson describes it in his "This Week in Programming" column, "Microsoft continued its march toward developer dominance this week with the launch of Visual Studio Code for the Web, a lightweight version of the company's highly popular (mostly) open source code editor..." Now, before you go getting too excited, VS Code for the Web isn't really a fully-functional version of VS Code running in the browser, as it has no backend to back it up, which means its primary purpose is for client-side HTML, JavaScript, and CSS applications... VS Code for the Web is able to provide syntax colorization, text-based completions and other such features for popular languages such as C/C++, C#, Java, PHP, Rust, and Go, while TypeScript, JavaScript, and Python are "all powered by language services that run natively in the browser" and therefore provide a "better" experience, while those aforementioned Web languages, such as JSON, HTML, CSS, and LESS, will provide the best experience. Extensions, meanwhile — which are among the top reasons for using VS Code — generally work for user interface customizations (and can be synced with your other environments), but, again, not so much for those back-end features.

Caveats aside, VS Code for the Web does, indeed, offer a lightweight, available-anywhere code editor for things like your tablet, your Chromebook, and heck, even your XBOX...

While companies like Amazon and Google seem to be sitting idly by in this arena, Microsoft is not the only company focused on providing remote developer experiences. The Eclipse Foundation, for example, last year offered what it said was "a true open source alternative to Visual Studio Code" with Eclipse Theia, and Eclipse Foundation executive director Mike Milinkovich said he expects this to be just the beginning. "We have been saying for years that the future of developer tools is the browser. Developers already use their browsers for the vast majority of their day-to-day tasks, with code editing being amongst the last to move," Milinkovich wrote in an email. "Microsoft's recent vscode.dev announcement is a recognition of this trend. I expect that every serious cloud vendor will be following suit over the next few quarters."

GitPod, meanwhile, has been hard at work in this very same arena, with its own launch just last month of the open source OpenVSCode Server, which also lets developers run upstream Visual Studio Code in the browser.
Gitpod co-founder Johannes Landgraf calls it "yet another validation that we reached a tipping point of how and where we develop software" — but also more. "Think orchestration and provisioning of compute, operating system, language servers and all other tools you require for professional software development in the cloud."

Melanson's column also argues VS Code for the Web is meant to entice geeks further into the Microsoft development universe. "The next thing you know, you've spent $100 on other things...like GitHub Codespaces, which is, after all, pretty much the same exact thing, except it provides all those back-end services and, more importantly for Microsoft, is not free to use. And more important still, once you've got all those developers fully hooked on VS Code, Codespaces, GitHub, and the rest of it, Azure isn't too far down the line now, is it?"

TechCrunch's Sarah Perez writes about the new set of App Store Guidelines that Apple introduced today: One of the changes is the result of a previously announced settlement agreement with a class of U.S. app developers. It clarifies that developers are allowed to communicate with their customers about other payment methods available outside their app. Related to this, another new guideline explains that apps may request customer information like name and email, but the request must be optional for the user and shouldn't prevent them from using the app. The third guideline is unrelated to legal action, and simply details how developers can use a new App Store feature, called in-app events, which rolls out next week.

Specifically, Apple deleted a clause from guideline 3.1.3 which had previously said developers were not permitted to use information obtained within their app to target individual users outside of the app to use purchasing methods other than Apple's own in-app purchases. The old rule had also said this would include sending out emails to the address on file obtained when the customer signed up for the app. With this clause gone, developers are no longer barred from those sorts of communications. Apple also added a new section to guideline 5.1.1 (x) which explains further how developers may go about requesting user contact information. It says: "Apps may request basic contact information (such as name and email address) so long as the request is optional for the user, features and services are not conditional on providing the information, and it complies with all other provisions of these guidelines, including limitations on collecting information from kids."

Intel has open-sourced ControlFlag , a tool that uses machine learning to detect problems in computer code -- ideally to reduce the time required to debug apps and software. From a report: In tests, the company's machine programming research team says that ControlFlag has found hundreds of defects in proprietary, "production-quality" software, demonstrating its usefulness. "Last year, ControlFlag identified a code anomaly in Client URL (cURL), a computer software project transferring data using various network protocols over one billion times a day," Intel principal AI scientist Justin Gottschlich wrote in a blog post on LinkedIn.

"Most recently, ControlFlag achieved state-of-the-art results by identifying hundreds of latent defects related to memory and potential system crash bugs in proprietary production-level software. In addition, ControlFlag found dozens of novel anomalies on several high-quality open-source software repositories." The demand for quality code draws an ever-growing number of aspiring programmers to the profession. After years of study, they learn to translate abstracts into concrete, executable programs -- but most spend the majority of their working hours not programming. A recent study found that the IT industry spent an estimated $2 trillion in 2020 in software development costs associated with debugging code, with an estimated 50% of IT budgets spent on debugging.

Akamai researchers have analyzed 10,000 JavaScript samples including malware droppers, phishing pages, scamming tools, Magecart snippets, cryptominers, etc. At least 26% of them use some form of obfuscation to evade detection, indicating an uptick in the adoption of this basic yet effective technique. BleepingComputer reports: Obfuscation is when easy-to-understand source code is converted into a hard to understand and confusing code that still operates as intended. Threat actors commonly use obfuscation to make it harder to analyze malicious scripts and to bypass security software. Obfuscation can be achieved through various means like the injection of unused code into a script, the splitting and concatenating of the code (breaking it into unconnected chunks), or the use of hexadecimal patterns and tricky overlaps with function and variable naming.

But not all obfuscation is malicious or tricky. As the report explains, about 0.5% of the 20,000 top-ranking websites on the web (according to Alexa), also use obfuscation techniques. As such, detecting malicious code based on the fact that is obfuscated isn't enough on its own, and further correlation with malicious functionality needs to be made. This mixing with legitimate deployment is precisely what makes the detection of risky code challenging, and the reason why obfuscation is becoming so widespread in the threat landscape.

"One of Python's long-standing weaknesses, its inability to scale well in multithreaded environments, is the target of a new proposal among the core developers of the popular programming language," reports InfoWorld: Developer Sam Gross has proposed a major change to the Global Interpreter Lock, or GIL — a key component in CPython, the reference implementation of Python. If accepted, Gross's proposal would rewrite the way Python serializes access to objects in its runtime from multiple threads, and would boost multithreaded performance significantly... The new proposal makes changes to the way reference counting works for Python objects, so that references from the thread that owns an object are handled differently from those coming from other threads.

The overall effect of this change, and a number of others with it, actually boosts single-threaded performance slightly — by around 10%, according to some benchmarks performed on a forked version of the interpreter versus the mainline CPython 3.9 interpreter. Multithreaded performance, on some benchmarks, scales almost linearly with each new thread in the best case — e.g., when using 20 threads, an 18.1x speedup on one benchmark and a 19.8x speedup on another.

Apple was on a collision course with South Korea on Friday over new requirements that it stop forcing app developers to use its payment systems, with a government official warning of a possible investigation into the iPhone maker's compliance. From a report: The development comes after South Korea amended the Telecommunication Business Act in August to try to curb the tech majors' market dominance and stop the big app store operators such as Apple and Alphabet's Google from charging commissions on in-app purchases. The law went into effect last month but Apple had told the South Korean government that it was already complying and did not need to change its app store policy, a Korea Communications Commission (KCC) official in charge of the matter told Reuters. "This goes against the purpose of the amended law," the official said, requesting anonymity as the KCC was still in talks with Apple on compliance.

Blender today announced that Apple has joined the Blender Development Fund to support continued development of the free open source 3D graphics tool. From a report: Alongside a contribution to the Development Fund, Apple will provide engineering expertise and additional resources to Blender and its broader development community to help support Blender artists and developers, according to the announcement. Blender CEO Ton Roosendaal said the announcement means that "macOS will be back as a complete supported Blender platform."

ZDNet reports: "Python 3.10.0 is the newest major release of the Python programming language, and it contains many new features and optimizations," CPython maintainers announced in a blogpost...

One of the headline features is "structural pattern matching" in Python 3.10 -- a technique for handling data that's already available in C, Java, JavaScript, Scala and Elixir. "Structural pattern matching has been added in the form of a match statement and case statements of patterns with associated actions. Patterns consist of sequences, mappings, primitive data types as well as class instances. Pattern matching enables programs to extract information from complex data types, branch on the structure of data, and apply specific actions based on different forms of data," the project explains in release 3.10 notes. "While structural pattern matching can be used in its simplest form comparing a variable to a literal in a case statement, its true value for Python lies in its handling of the subject's type and shape," it adds.

Python core contributors presented the update in a meeting this week. Pablo Galindo Salgado, a physicist and core Python contributor, explained how the project is using Microsoft's GitHub Actions DevOps (CI/CD) tools to test Python changes on Windows, Linux and macOS systems. "When you merge something to Python, there is a CI in GitHub Actions, and we have other providers, although we are mainly using GitHub Actions now. It tests your commits on every single commit on Linux, Windows, and macOS," said Salgado.
Besides better error messages (including more precise and reliable line numbers for debugging), other changes to the language include overloading the pipe operator to allow a new syntax for writing union types, and type aliases (a kind of user-specified type, offering a way to explicitly declare an assignment as a type alias).

ZDNet reports that Python "is now the most popular language, according to one popularity ranking."

"For the first time in more than 20 years we have a new leader of the pack..." the TIOBE Index announced this month. "The long-standing hegemony of Java and C is over."

When Slashdot reached out to Guido van Rossum for a comment, he replied "I honestly don't know what the appropriate response is...! I am honored, and I want to thank the entire Python community for making Python so successful."

ZDNet reports: [I]t seems that Python is winning these days, in part because of the rise of data science and its ecosystem of machine-learning software libraries like NumPy, Pandas, Google's TensorFlow, and Facebook's PyTorch. Python is also an easy-to-learn language that has found a niche in high-end hardware, although less so mobile devices and the web — an issue that Python creator Guido van Rossum hopes to address through performance upgrades he's working on at Microsoft.

Tiobe, a Dutch software quality assurance company, has been tracking the popularity of programming languages for the past 20 years. Its rankings are based on search terms related to programming and is one measure of languages that developers should consider learning, along with IEEE Spectrum's list and a ranking produced by developer analyst RedMonk. JavaScript, the default for front-end web development, is always at the top of RedMonk's list. For Tiobe, its enterprise focus, has seen Java and C dominate in recent years, but Python has been snapping at the heels of Java, and has now overtaken it...

Python's move to top spot on the Tiobe index was a result of other languages falling in searches rather than Python rising. With an 11.27% share of searches, it was flat, while second place language C fell 5.79% percentage points compared to October last year down to 11.16%. Java made way for Python with a 2.11 percentage point drop to 10.46%.

Other languages that made the top 10 in Tiobe's October 2021 index: C++, C#, Visual Basic, JavaScript,. SQL, PHP, and Assemblyy Language. Also rising on a year-on-year basis and in the top 20 were Google-designed Go, number-crunching favorite MATLAB, and Fortran.
"Python, which started as a simple scripting language, as an alternative to Perl, has become mature," TIOBE says in announcing its new rankings.

"Its ease of learning, its huge amount of libraries, and its widespread use in all kinds of domains, has made it the most popular programming language of today. Congratulations Guido van Rossum!"

The U.S. Supreme Court turned away a lingering appeal by Oracle stemming from its challenge to the now-scrapped $10 billion cloud-computing contract the Pentagon awarded to Microsoft in 2019. From a report: The rejection was a formality given the Defense Department's decision in July to drop the contract and divide the work among multiple bidders, potentially between Microsoft and Amazon. Oracle's appeal centered on alleged conflicts of interest involving Amazon, and on claims that the Pentagon violated its own rules when it set up the contract to be awarded to a single firm.

Oracle's Java magazine takes a look at some current JDK Enhancement Proposals, "the vehicle of long standing for updating the Java language and the JVM." Today, concurrency in Java is delivered via nonlightweight threads, which are, for all intents, wrappers around operating-system threads... Project Loom aims to deliver a lighter version of threads, called virtual threads. In the planned implementation, a virtual thread is programmed just as a thread normally would be, but you specify at thread creation that it's virtual. A virtual thread is multiplexed with other virtual threads by the JVM onto operating system threads. This is similar in concept to Java's green threads in its early releases and to fibers in other languages... Because the JVM has knowledge of what your task is doing, it can optimize the scheduling. It will move your virtual thread (that is, the task) off the OS thread when it's idle or waiting and intelligently move some other virtual thread onto the OS thread. When implemented correctly, this allows many lightweight threads to share a single OS thread. The benefit is that the JVM, rather than the OS, schedules your task. This difference enables application-aware magic to occur behind the curtains...

Project Valhalla aims to improve performance as it relates to access to data items... by introducing value types, which are a new form of data type that is programmed like objects but accessed like primitives. Specifically, value types are data aggregates that contain only data (no state) and are not mutable. By this means, [value types] can be stored as a single array with only a single header field for the entire array and direct access to the individual fields...

Project Panama simplifies the process of connecting Java programs to non-Java components. In particular, Panama aims to enable straightforward communication between Java applications and C-based libraries...

Several Amber subprojects are still in progress.

Sealed classes, which have been previewed in the last few Java releases and are scheduled to be finalized in Java 17. Sealed classes (and interfaces) can limit which other classes or interfaces can extend or implement them...

Pattern matching in switches is a feature that will be previewed in Java 17...
The article concludes that Java's past and current projects "testify to how much Java has evolved and how actively the language and runtime continue to evolve."

An anonymous reader writes: This week saw the annual check-in with Linux creator Linus Torvalds at the Open Source Summit North America, this year held in Seattle (as well as virtually). Torvalds took the stage for the event's traditional half-hour of questions from Dirk Hohndel, an early Linux contributor (now also the chief open source officer and vice president at VMware) in an afternoon keynote session.... And the theme of community seemed to keep coming up — notably about what that community has ultimately taught Linus Torvalds. (For example, while Torvalds said he'd originally planned on naming the operating system Freax, "I am eternally grateful for two other people for having more taste than I did.")

But even then Linux was a project that "I probably would've left behind," Torvalds remembered, "if it was only up to me." Torvalds credits the larger community for its interest (and patches) "that just kept the motivation going. And here we are 30 years later, and it's still what keeps the motivation going. Because as far as I'm concerned, it's been done for 29 of those 30 years, and every single feature ever since has been about things that other people needed or wanted or were interested in."

Torvalds also says "I'm very proud of the fact that there's actually a fair number of people still involved with the kernel that came in in 1991 — I mean, literally 30 years ago.... I think that's a testament to how good the community, on the whole, has been, and how much fun it's been."

And Torvalds says you can see that sense of fun in discussions about writing some Linux kernel modules using Rust. "From a technical angle, does that make sense?" Torvalds asked. "Who knows. That's not the point. The point is for a project to stay interesting — and to stay fun — you have to play with it....

"Probably next year, we'll start seeing some first intrepid modules being written in Rust, and maybe being integrated in the mainline kernel."
"I really love C," Torvalds said at one point. "I think C is a great language, and C is, to me, is really a way to control the hardware at a fairly low level..." Yet Torvalds also saw Hohndel's analogy that it can be like juggling chainsaws. As a long-time watcher of C, Torvalds knows that C's subtle type interactions "are not always logical" and "are pitfalls for pretty much anybody. And they're easy to overlook, and in the kernel that's not always a good thing." Torvalds called Rust "the first language I saw which looked like this might actually be a solution"

An anonymous reader shares an excerpt from a ZDNet article, written by Liam Tung: [A] survey has come up with another reason why your engineers might want to quit -- their fellow developers' terrible code. Software engineers have long struggled with 'technical debt' created by past coding practices that might have been clever but also were undocumented and exotic. At a high level, technical debt is the price paid by supporting legacy systems rather than overhauling them or implementing a better, new system. The term can span everything from a major IT implementation, such as a core banking system that requires a decade of bug fixes, to the choice of programming language to build backend systems. In the latter case, subsequent language updates can require today's developers to rewrite old code written by long-gone developers who wrote under different conditions and who might not have documented what they did and why they did it. That's a big problem for companies that have millions of lines of code written in a language.

Stepsize, a firm that focuses on technical debt by tracking development issues in major code editors such as VS Code, conducted a fairly small survey of 200 software engineers to find out why they leave their jobs. The company said that 51% of engineers in its survey have considered leaving or left a job because of technical debt. Of that group who feel irked by technical debt issues, some 20% said that type of debt is the main reason they left a company. The results should be taken in context: the company's key selling point is trying to solve technical debt challenges that organizations face, but at the same time, technical debt could be one area worthy of attention considering how hard it is to hire and retain software engineers.

Technical debt, or 'code quality and codebase health', was the fourth most important issue cited by respondents. Salary still trumped it, with 82% citing it as one of the "most important factors" when interviewing for a new role. The survey allowed respondents to choose several primary factors. "Technical challenges and growth opportunities" was the second priority, with 75% choosing it as the one of the most important factors. Some 68% of respondents said remote work was the most important actor, while 62% put said 'code quality and codebase health' was one of those prime factors. Slashdot reader ellithligraw first shared the report, adding: "Yet another reason developers are quitting... to escape the technical debt, or schlock code, or code rot. COBOL anyone?"

The Supreme Court of California has thrown out Oracle's appeal against a decision to award $3 billion damages to HPE in a case which dates back a decade and relates to Big Red's commitment to develop on Itanium hardware. From a report:On Wednesday, the court denied a review of Oracle's appeal against a summary judgement, apparently without comment or any written dissents. The decision follows a ruling made in the California Court of Appeal that affirmed HPE's $3.14bn win for alleged contract violation, stating that an agreement between the firms had created a legal obligation for Oracle to support software on HPE's Itanium server. The case hinged on the companies' statements that they had a "longstanding strategic relationship" and a "mutual desire to continue to support their mutual customers." The agreement stated that Oracle, for its part, "will continue to offer its product suite on HP platforms" while HPE "will continue to support Oracle products (including Oracle Enterprise Linux and Oracle VM) on its hardware." The ruling reads: "We conclude that the second sentence, moreover, does more than declare an aspiration or intent to continue working together, as Oracle claims. It commits the parties to continue the actions specified (Oracle offering its product suite and HP supporting the products)," as it had done previously.

Stack Overflow's copy-paste keyboard, an April Fools' Day prank that ribbed lazy programmers, is now actually for sale. CNET reports: It's been a joke in programming circles for years: Instead of writing your code from scratch, just head over to the Stack Overflow forums and copy the way another programmer already solved your problem. The meme is such a fixture that Stack Overflow turned it into an April Fools' Day prank this year, saying it would limit free access to its site unless people bought The Key, a device with buttons for opening Stack Overflow, copying and pasting. Enough people said they'd actually buy one that Stack Overflow, with help from keyboard aficionado Cassidy Williams and custom keyboard maker Drop, designed one for real and began selling it for $29. A portion of the keyboard sales' proceeds will go to Digitalundivided, a nonprofit set up to help Black and Latinx women succeed as technology entrepreneurs. Further reading: How Often Do People Actually Copy and Paste From Stack Overflow?