According to The Register, IBM has shifted the roles of US IBM Systems employees developing AIX over to the Indian office. From the report: Prior to this transition, said to taken place in the third quarter of 2022, AIX development was split more or less evenly between the US and India, an IBM source told The Register. With the arrival of 2023, the entire group had been moved to India. Roughly 80 US-based AIX developers were affected, our source estimates. We're told they were "redeployed," and given an indeterminate amount of time to find a new position internally, in keeping with practices we reported last week based on claims by other IBM employees.

Evidently, the majority of those redeployed found jobs elsewhere at IBM. A lesser number of staff are evidently stuck in "redeployment limbo," with no IBM job identified and no evident prospects at the company. "It also appears that these people in 'redeployment' limbo within IBM are all older, retirement eligible employees," our source said. "The general sense among my peers is that redeployment is being used to nudge older employees out of the company and to do so in a manner that avoids the type of scrutiny that comes with layoffs."

Layoffs generally come with a severance payment and may have reporting requirements. Redeployments -- directing workers to find another internal position, which may require relocating -- can avoid cost and bureaucracy. They also have the potential to encourage workers to depart on their own. We're told that IBM does not disclose redeployment numbers to its employees and does not report how internal jobs were obtained -- through internal search, with the assistance of management -- or were not obtained -- employees left in limbo or who choose to leave rather than wait.

InfoWorld reports: JavaScript, Java, and Python skills are most in-demand by recruiters, according to a report published this week by tech hiring platforms CodinGame and CoderPad. But while the supply of those skills exceeds demand, the demand for TypeScript, Swift, Scala, Kotlin, and Go skills all exceed supply.

The State of Tech Hiring in 2023, a CodinGame-CoderPad report published January 10, draws on a survey of 14,000 professionals and offers insights into what 2023 may hold for tech industry recruiters and job seekers. The demand for JavaScript, Java, and Python skills is consistent with previous years, the report notes.

Among development frameworks, Node.js, React, and .NET Core proved to be the best-known and most in-demand.
InfoWorld summarizes some other interesting findings:

• "59% of developers do not have a university degree in computer science. Nearly one-third consider themselves primarily self-taught."

• "Developers' main challenges at work include unplanned changes to their schedule, unclear direction, and a lack of technical knowledge by team members."

• "Most teams are now hybrid between remote and on-site work. Only 15% work onsite 100% of the time."

"Can editing code feel more tactile, like painting with Photoshop brushes?"

Researchers at GitHub Next asked that question this week — and then supplied the answer. "We added a toolbox of brushes to our Copilot Labs Visual Studio Code extension that can modify your code.... Just select a few lines, choose your brush, and see your code update."

The tool's web page includes interactive before-and-after examples demonstrating:

• Add Types brush
• Fix Bugs brush
• Add Debugging Statements brush
• Make More Readable brush

And last month Microsoft's principle program manager for browser tools shared an animated GIF showing all the brushes in action.

"In the future, we're interested in adding more useful brushes, as well as letting developers store their own custom brushes," adds this week's announcement. "As we explore enhancing developers' workflows with Machine Learning, we're focused on how to empower developers, instead of automating them. This was one of many explorations we have in the works along those lines."

It's ultimately grafting an incredibly easy interface onto "ML-powered code modification", writes Visual Studio Magazine, noting that "The bug-fixing brush, for example can fix a simple typo, changing a variable name from the incorrect 'low' to the correct 'lo'....

"All of the above brushes and a few others have been added to the Copilot Labs brushes toolbox, which is available for anyone with a GitHub Copilot license, costing $10 per month or $100 per year.... At the time of this writing, the extension has been installed 131,369 times, earning a perfect 5.0 rating from six reviewers."

Apple today shared an update on its subscription businesses and global App Store, noting that the tech company has now paid out a record $320 billion to app developers since 2008 -- a number that reflects the revenue apps have generated, minus Apple's commission. From a report: In addition, the tech giant said it now has more than 900 million paid subscriptions across Apple services, with subscriptions on the App Store driving a "significant" part of that figure. [...] The company noted that more than 650 million visitors from 175 regions worldwide visit the App Store every week and it's still delivering new experiences. Among the highlights was the launch of Apex Legends on mobile earlier this year, and the growing popularity of a new form of social networking with BeReal, Apple's "app of the year."

Jacob Ridley writes via PC Gamer: MSI Afterburner is an app used the world over for graphics card monitoring, overclocking, and undervolting. It's become pretty synonymous with general GPU tinkering, yet the app's developer has suggested it might not have long left to live in a forum post earlier this month. MSI disagrees, telling us "we fully intend to continue with MSI Afterburner." MSI Afterburner is developed by Alexey 'Unwinder' Nicolaychuk, a Russian national who has kept the overclocking app functioning over many years. Nicolaychuk is also responsible for the development of RivaTuner Statistics Server, which is part of the foundational software layer powering Afterburner. In a post on the Guru3D forums (via TechPowerUp), Nicolaychuk suggests that Afterburner's development has been "semi-abandoned." "...MSI afterburner project is probably dead," Nicolaychuk says.

"War and politics are the reasons. I didn't mention it in MSI Afterburner development news thread, but the project is semi abandoned by company during quite a long time already. Actually we're approaching the one year mark since the day when MSI stopped performing their obligations under Afterburner license agreement due to 'politic [sic] situation'." Nicolaychuk says development of the app has continued over the past 11 months, but that may also be ending soon. "I tried to continue performing my obligations and worked on the project on my own during the last 11 months, but it resulted in nothing but disappointment; I have a feeling that I'm just beating a dead horse and waste energy on something that is no longer needed by company. "Anyway I'll try to continue supporting it myself while I have some free time, but will probably need to drop it and switch to something else, allowing me to pay my bills."

Development of the RivaTuner Statistics Server -- software is pivotal to many of the functions of Afterburner -- is materially separate from Afterburner and will continue, Nicolaychuk notes. Nicolaychuk suggests the issue comes down to Russia's invasion of Ukraine, and we've since confirmed with MSI that this is the case. MSI has stated to PC Gamer that the payments were halted due to the ongoing war in Ukraine, saying: "payments had been put on hold due to the RU/UA war and the economic regulations that entailed." [...] On this being the end for Afterburner, MSI disagrees. "We fully intend to continue with MSI Afterburner," MSI tells PC Gamer. "MSI have been working on a solution and expect it to be resolved soon."

"The Tiobe index gauges language popularity using a formula that assesses searches on programming languages in Google, Bing, Yahoo, Wikipedia, and other search engines," writes InfoWorld. And they add that this year the "vaunted" C++ programming language was the index's biggest gainer in 2022.

TIOBE's announcement includes their calculation that C++ rose 4.62% in popularity in 2022: Runners up are C (+3.82%) and Python (+2.78%). Interestingly, C++ surpassed Java to become the number 3 of the TIOBE index in November 2022. The reason for C++'s popularity is its excellent performance while being a high level object-oriented language. Because of this, it is possible to develop fast and vast software systems (over millions of lines of code) in C++ without necessarily ending up in a maintenance nightmare.
So which programming languages are most popular now? For what it's worth, here's TIOBE's latest ranking:


- Python
- C
- C++
- Java
- C#
- Visual Basic
- JavaScript
- SQL
- Assembly Language
- PHP


InfoWorld adds that "Helping C++ popularity was the publication of new language standards with interesting features, such as C++ 11 and C++ 20."

More from TIOBE: What else happened in 2022? Performance seemed to be important. C++ competitor Rust entered the top 20 again (being at position #26 one year ago), but this time it seems to be for real. Lua, which is known for its easy interfacing with C, jumped from position #30 to #24. F# is another language that made an interesting move: from position #74 to position #33 in one years' time. Promising languages such as Kotlin (from #29 to #25), Julia (from #28 to #29) and Dart (from #37 to #38) still have a long way to go before they reach the top 20. Let's see what happens in 2023.

Amazon Simple Storage Service (S3) will now automatically encrypt all new objects added on buckets on the server side, using AES-256 by default. BleepingComputer reports: While the server-side encryption system has been available on AWS for over a decade, the tech giant has enabled it by default to bolster security. Administrators will not have to take any actions for the new encryption system to affect their buckets, and Amazon promises it won't have any negative performance impact. Administrators may leave the system to encrypt at the default 256-bit AES or choose one of the alternative methods, namely SSE-C or SSE-KMS.

The first option (SSE-C) gives bucket owners control of the keys, while the second (SSE-KMS) lets Amazon do the key management. However, bucket owners can set different permissions for each KMS key to maintain more granular control over the asset access system. To confirm that the changes have been applied to your buckets, admins can configure CloudTrail to log data events at no extra cost. Then perform a test object upload, and look in the event logs for the "SSEApplied": "Default_SSE_S3." field in the log for the uploaded file. To retroactively encrypt objects already in S3 buckets, follow this official guide. "This change puts another security best practice into effect automatically -- with no impact on performance and no action required on your side," reads Amazon's announcement.

"S3 buckets that do not use default encryption will now automatically apply SSE-S3 as the default setting. Existing buckets currently using S3 default encryption will not change."

January's Communications of the ACM includes an essay predicting "the end of programming," in an AI-powered future where "programming will be obsolete."

But IT analyst and ZDNet contributor Joe McKendrick remains skeptical, judging by a new essay sardonically titled "It's the end of programming as we know it — again." Over the past few decades, various movements, paradigms, or technology surges — whatever you want to call them — have roiled the software world, promising either to hand a lot of programming grunt work to end users, or automate more of the process. CASE tools, 4GL, object-oriented programming, service oriented architecture, microservices, cloud services, Platform as a Service, serverless computing, low-code, and no-code all have theoretically taken the onerous burdens out of software development. And, potentially, threaten the job security of developers.

Yet, here we are. Software developers are busier than ever, with demand for skills only increasing.

"I remember when the cloud first started becoming popular and companies were migrating to Office 365, everyone was saying that IT Pros will soon have no job," says Vlad Catrinescu, author at Pluralsight. "Guess what — we're still here and busier than ever."

The question is how developers' job will ultimately evolve. There is the possibility that artificial intelligence, applied to application development and maintenance, may finally make low-level coding a thing of the past.... Catrinescu believes that the emerging generation of automated or low-code development solutions actually "empowers IT professionals and developers to work on more challenging applications. IT departments can focus on enterprise applications and building complicated apps and automations that will add a lot of value to the enterprise."
Even the man predicting "the end of programming" in an AI-powered future also envisions new technology that "potentially opens up computing to almost anyone" (in ACM's video interview). But in ZDNet's article Jared Ficklin, chief creative technologist and co-founder of argodesign, even predicts the possibility of real-time computing.

"You could imagine asking Alexa to make you an app to help organize your kitchen. AI would recognize the features, pick the correct patterns and in real time, over the air deliver an application to your mobile phone or maybe into your wearable mobile computer."

Matt Welsh is the CEO and co-founder of Fixie.ai, an AI-powered software delivery company founded by a team from Google and Apple. "I believe the conventional idea of 'writing a program' is headed for extinction," he opines in January's Communications of the ACM, "and indeed, for all but very specialized applications, most software, as we know it, will be replaced by AI systems that are trained rather than programmed."

His essay is titled "The End of programming," and predicts a future will "Programming will be obsolete." In situations where one needs a "simple" program (after all, not everything should require a model of hundreds of billions of parameters running on a cluster of GPUs), those programs will, themselves, be generated by an AI rather than coded by hand.... with humans relegated to, at best, a supervisory role.... I am not just talking about things like Github's CoPilot replacing programmers. I am talking about replacing the entire concept of writing programs with training models. In the future, CS students are not going to need to learn such mundane skills as how to add a node to a binary tree or code in C++. That kind of education will be antiquated, like teaching engineering students how to use a slide rule.

The engineers of the future will, in a few keystrokes, fire up an instance of a four-quintillion-parameter model that already encodes the full extent of human knowledge (and then some), ready to be given any task required of the machine. The bulk of the intellectual work of getting the machine to do what one wants will be about coming up with the right examples, the right training data, and the right ways to evaluate the training process. Suitably powerful models capable of generalizing via few-shot learning will require only a few good examples of the task to be performed. Massive, human-curated datasets will no longer be necessary in most cases, and most people "training" an AI model will not be running gradient descent loops in PyTorch, or anything like it. They will be teaching by example, and the machine will do the rest.

In this new computer science — if we even call it computer science at all — the machines will be so powerful and already know how to do so many things that the field will look like less of an engineering endeavor and more of an an educational one; that is, how to best educate the machine, not unlike the science of how to best educate children in school. Unlike (human) children, though, these AI systems will be flying our airplanes, running our power grids, and possibly even governing entire countries. I would argue that the vast majority of Classical CS becomes irrelevant when our focus turns to teaching intelligent machines rather than directly programming them. Programming, in the conventional sense, will in fact be dead....

We are rapidly moving toward a world where the fundamental building blocks of computation are temperamental, mysterious, adaptive agents.... This shift in the underlying definition of computing presents a huge opportunity, and plenty of huge risks. Yet I think it is time to accept that this is a very likely future, and evolve our thinking accordingly, rather than just sit here waiting for the meteor to hit.
"I think the debate right now is primarily around the extent to which these AI models are going to revolutionize the field," Welsh says in a video interview. "It's more a question of degree rather than whether it's going to happen....

"I think we're going to change from a world in which people are primarily writing programs by hand to a world in which we're teaching AI models how to do things that we want them to do... It starts to feel more like a field that focuses on AI education and maybe even AI psychiatry. In order to solve these problems, you can't just assume that people are going to be writing the code by hand."

Remember when MIT researchers did fMRI brain scans measuring the blood flow through brains to determine which parts were engaged when programmers evaluated code? MIT now says that a new paper (by many of the same authors) delves even deeper: Whereas the previous study looked at 20 to 30 people to determine which brain systems, on average, are relied upon to comprehend code, the new research looks at the brain activity of individual programmers as they process specific elements of a computer program. Suppose, for instance, that there's a one-line piece of code that involves word manipulation and a separate piece of code that entails a mathematical operation. "Can I go from the activity we see in the brains, the actual brain signals, to try to reverse-engineer and figure out what, specifically, the programmer was looking at?" asks Shashank Srikant, a PhD student in MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL). "This would reveal what information pertaining to programs is uniquely encoded in our brains." To neuroscientists, he notes, a physical property is considered "encoded" if they can infer that property by looking at someone's brain signals.

Take, for instance, a loop — an instruction within a program to repeat a specific operation until the desired result is achieved — or a branch, a different type of programming instruction than can cause the computer to switch from one operation to another. Based on the patterns of brain activity that were observed, the group could tell whether someone was evaluating a piece of code involving a loop or a branch. The researchers could also tell whether the code related to words or mathematical symbols, and whether someone was reading actual code or merely a written description of that code.....

The team carried out a second set of experiments, which incorporated machine learning models called neural networks that were specifically trained on computer programs. These models have been successful, in recent years, in helping programmers complete pieces of code. What the group wanted to find out was whether the brain signals seen in their study when participants were examining pieces of code resembled the patterns of activation observed when neural networks analyzed the same piece of code. And the answer they arrived at was a qualified yes. "If you put a piece of code into the neural network, it produces a list of numbers that tells you, in some way, what the program is all about," Srikant says. Brain scans of people studying computer programs similarly produce a list of numbers. When a program is dominated by branching, for example, "you see a distinct pattern of brain activity," he adds, "and you see a similar pattern when the machine learning model tries to understand that same snippet."
But where will it all lead? They don't yet know what these recently-gleaned insights can tell us about how people carry out more elaborate plans in the real world.... Creating models of code composition, says O'Reilly, a principal research scientist at CSAIL, "is beyond our grasp at the moment." Lipkin, a BCS PhD student, considers this the next logical step — figuring out how to "combine simple operations to build complex programs and use those strategies to effectively address general reasoning tasks." He further believes that some of the progress toward that goal achieved by the team so far owes to its interdisciplinary makeup. "We were able to draw from individual experiences with program analysis and neural signal processing, as well as combined work on machine learning and natural language processing," Lipkin says. "These types of collaborations are becoming increasingly common as neuro- and computer scientists join forces on the quest towards understanding and building general intelligence."

Phoronix checks systemd's Git activity in 2022 (and compares it to previous years): If measuring a open-source project's progress by the commity activity per year, while not the most practical indicator, systemd had a very good year. In 2022 there were 6,271 commits which is under 2021's all-time-high of 6,787 commits. But this year's activity count effectively ties 2018 for second place with the most commits in a given calendar year.

This year saw 201k lines of new code added to systemd and 110k lines removed, or just under one hundred thousand lines added in total to systemd in 2022....

Systemd continues to grow and is closing out 2022 at around 1,715,111 lines within its Git repository.
Also interesting: "[W]hen it comes to the most commits overall to systemd over its history, Lennart Poettering easily wins the race and there is no competition. As a reminder, this year Lennart joined Microsoft as one of the surprises for 2022."

An anonymous reader quotes a report from TechCrunch: A recent study finds that software engineers who use code-generating AI systems are more likely to cause security vulnerabilities in the apps they develop. The paper, co-authored by a team of researchers affiliated with Stanford, highlights the potential pitfalls of code-generating systems as vendors like GitHub start marketing them in earnest. The Stanford study looked specifically at Codex, the AI code-generating system developed by San Francisco-based research lab OpenAI. (Codex powers Copilot.) The researchers recruited 47 developers -- ranging from undergraduate students to industry professionals with decades of programming experience -- to use Codex to complete security-related problems across programming languages including Python, JavaScript and C.

Codex was trained on billions of lines of public code to suggest additional lines of code and functions given the context of existing code. The system surfaces a programming approach or solution in response to a description of what a developer wants to accomplish (e.g. "Say hello world"), drawing on both its knowledge base and the current context. According to the researchers, the study participants who had access to Codex were more likely to write incorrect and "insecure" (in the cybersecurity sense) solutions to programming problems compared to a control group. Even more concerningly, they were more likely to say that their insecure answers were secure compared to the people in the control.

Megha Srivastava, a postgraduate student at Stanford and the second co-author on the study, stressed that the findings aren't a complete condemnation of Codex and other code-generating systems. The study participants didn't have security expertise that might've enabled them to better spot code vulnerabilities, for one. That aside, Srivastava believes that code-generating systems are reliably helpful for tasks that aren't high risk, like exploratory research code, and could with fine-tuning improve in their coding suggestions. "Companies that develop their own [systems], perhaps further trained on their in-house source code, may be better off as the model may be encouraged to generate outputs more in-line with their coding and security practices," Srivastava said. The co-authors suggest vendors use a mechanism to "refine" users' prompts to be more secure -- "akin to a supervisor looking over and revising rough drafts of code," reports TechCrunch. "They also suggest that developers of cryptography libraries ensure their default settings are secure, as code-generating systems tend to stick to default values that aren't always free of exploits."

Game developer Archer Maclean recently passed away at the age of 60. Maclean was a longtime programmer and designer best known for Dropzone on the Atari 8-bit and Commodore 64. Game Developer reports: Born January 28, 1962, Maclean's first game was the aforementioned Dropzone. Following the success of that title, he would go on to do design and graphics for 1986's International Karate (and its 1987 sequel, International Karate+), and several snooker simulation games, including Archer Maclean Presents Pool Paradise. Several of these titles were developed at Awesome Studios, a subsidiary of the now defunct Ignition Entertainment. Maclean co-founded Awesome in 2002, and later left the developer in 2005. He went on to found Awesome Play, creators of the 2009 Nintendo Wii title Speedzone (or Wheelspin in Europe). Though Speedzone marked the end of his time as a game developer, Maclean also wrote columns for Retro Gamer Magazine.

A developer managed to use an exploit found in iOS 16 to change the default font of the system without jailbreak. 9to5Mac reports: Zhuowei Zhang shared his project on Twitter, which he calls a "proof-of-concept app." According to Zhang, the app he developed uses the CVE-2022-46689 exploit to overwrite the default iOS font, so that users can customize the system's appearance with a different font other than the default (which is San Francisco). The CVE-2022-46689 exploit affects devices running iOS 16.1.2 or earlier versions of the operating system, and it basically lets apps execute arbitrary code with kernel privileges. The exploit was fixed with iOS 16.2, which also fixed a bunch of other security breaches found in the previous version of iOS.

Since iOS has its own font format, the developer performed the experiment using only a few fonts, including DejaVu Sans Condensed, Serif, Mono, and Choco Cooky. And in case you're wondering, Choco Cooky is the weird font that used to come pre-installed by default on Samsung smartphones. Now you can finally have it on your iPhone. Zhang explains that the process should be safe for everyone, since all changes are reversed after rebooting the device. Still, the developer recommends users trying out the app to back up their devices before replacing the default system font. He also details that the change only affects some of the text on iOS, as other parts of the system use different fonts. More details about the project, including its source code, are available on GitHub.

Computer scientists from Stanford University have found that programmers who accept help from AI tools like Github Copilot produce less secure code than those who fly solo. From a report: In a paper titled, "Do Users Write More Insecure Code with AI Assistants?", Stanford boffins Neil Perry, Megha Srivastava, Deepak Kumar, and Dan Boneh answer that question in the affirmative. Worse still, they found that AI help tends to delude developers about the quality of their output. "We found that participants with access to an AI assistant often produced more security vulnerabilities than those without access, with particularly significant results for string encryption and SQL injection," the authors state in their paper.

"Surprisingly, we also found that participants provided access to an AI assistant were more likely to believe that they wrote secure code than those without access to the AI assistant." Previously, NYU researchers have shown that AI-based programming suggestions are often insecure in experiments under different conditions. The Stanford authors point to an August 2021 research paper titled "Asleep at the Keyboard? Assessing the Security of GitHub Copilot's Code Contributions," which found that given 89 scenarios, about 40 per cent of the computer programs made with the help of Copilot had potentially exploitable vulnerabilities.

That study, the Stanford authors say, is limited in scope because it only considers a constrained set of prompts corresponding to 25 vulnerabilities and just three programming languages: Python, C, and Verilog. The Stanford scholars also cite a followup study from some of the same NYU eggheads, "Security Implications of Large Language Model Code Assistants: A User Study," as the only comparable user study they're aware of. They observe, however, that their work differs because it focuses on OpenAI's codex-davinci-002 model rather than OpenAI's less powerful codex-cushman-001 model, both of which play a role in GitHub Copilot, itself a fine-tuned descendant of a GPT-3 language model.

Justin Garrison works at Amazon Web Services on the Kubernetes team (and was senior systems engineer on several animated films).

This week he spotted a new milestone for Linux in the 2022 StackOverflow developer survey: [Among the developers surveyed] Linux as a primary operating system had been steadily climbing for the past 5 years. 2018 through 2021 saw steady growth with 23.2%, 25.6%, 26.6%, 25.3%, and finally in 2022 the usage was 40.23%. Linux usage was more than macOS in 2021, but only by a small margin. 2022 it is now 9% more than macOS.
Their final stats for "professional use" operating system:

• Windows: 48.82%
• Linux-based: 39.89%
• MacOs: 32.97%

But Garrison's blog post notes that that doesn't include the million-plus people all the Linux-based cloud development environments (like GitHub Workspaces) — not to mention the 15% of WSL users on Windows and all the users of Docker (which uses a Linux VM).

"It's safe to say more people use Linux as part of their development workflow than any other operating system."

For three years Stockholm-based games studio Embark has been working on the Rust-gpu project to make Rust "a first class language and ecosystem for GPU programming." The project's latest announcement? rust-gpu now supports ray-tracing.

Their original announcement explained the rationale for this years-long dvelopment effort: Historically in games GPU programming has been done through writing either HLSL, or to a lesser extent GLSL. These are simple programming languages that have evolved along with rendering APIs over the years. However, as game engines have evolved, these languages have failed to provide mechanisms for dealing with large codebases, and have generally stayed behind the curve compared to other programming languages.

In part this is because it's a niche language for a niche market, and in part this has been because the industry as a whole has sunk quite a lot of time and effort into the status quo. While over-all better alternatives to both languages exist, none of them are in a place to replace HLSL or GLSL. Either because they are vendor locked, or because they don't support the traditional graphics pipeline. Examples of this include CUDA and OpenCL. And while attempts have been made to create language in this space, none of them have gained any notable traction in the gamedev community.

Our hope with this project is that we push the industry forward by bringing an existing, low-level, safe, and high performance language to the GPU; namely Rust. And with it come some additional benefits that can't be overlooked: a package/module system that's one of the industry's best, built in safety against race-conditions or out of bounds memory access, a wide range of tools and utilities to improve programmer workflows, and many others!
Along with ray-tracing, this week they announced plans to keep rust-gpu on the same schedule as the stable Rust release, "so you can use your favorite new language features as new stable versions of Rust are being released, by just updating your rust-gpu version."

Thanks to Slashdot reader guest reader for sharing the news!

A Microsoft .NET Community standup has left Windows desktop developers wondering what kind of future, if any, the company has planned for its older desktop application frameworks, Windows Forms and Windows Presentation Foundation (WPF). From a report: A "what's new" slide for WPF presented by senior program manager Olia Gavrysh last week shows "Community Run Project" as the first bullet point, causing consternation among attendees. "Who's happy that WPF is now a community run project? This is soooo scary," remarked Morten Nielsen, a senior principal engineer at ESRI working on the ArcGIS runtime, for location-based analytics.

The slide was perhaps misinterpreted. It was intended as an update on what is happening with pull requests from the community, rather than meaing that WPF has been handed over to the community. Nevertheless, concerns about the future of the framework are well founded. "It's not dead. we have a team working on WPF and supporting it," said Gavrysh, but added, "we now switch to the model where we accept a lot of PRs [pull requests] from the community because we think of WPF as [a] very mature project so not that much rapid development is happening."

Stack Overflow has the announced the results of its annual survey of developers. ZDNet reports: Almost three-quarters (74%) of developers are actively looking for new roles or are open to fresh opportunities, according to research.... The highest percentage of active job seekers is in the 20-24 year-old cohort (27%), with 21% for 25-34 year-olds, 17% for 35-44 year-olds, and only 12% for 45-54 year-olds.

Additionally, the percentage of younger developers actively searching for their next role increased nine points year over year, according to the survey of 2,600 developers by StackOverflow....

Some 54% of respondents to the StackOverflow survey said a better salary is the largest motivator when considering a new opportunity. The biggest factors that stop developers from looking for new jobs are flexibility (58%), salary (54%), and learning opportunities (54%). Developers also want flexibility and the option to work from home, with 46% citing starting/ending the day at a precise time or being expected to work from an office (44%) as the top drawbacks in their current roles.

"Regardless of the economy, it's clear salary is important but it's not everything," says StackOverflow CEO Prashanth Chandrasekar.

TechCrunch reports: Every developer knows that it's a bad idea to hardcode security credentials into source code. Yet it happens and when it does, the consequences can be dire. Until now, GitHub only made its secret scanning service available to paying enterprise users who paid for GitHub Advanced Security, but starting Thursday, the Microsoft-owned company is making its secrets scanning service available for all public GitHub repos for free.

In 2022 alone, the company notified partners in its secret scanning partner program of more than 1.7 million potential secrets that were exposed in public repositories. The service scans repositories for over 200 known token formats and then alerts partners of potential leaks — and you can define your own regex patterns, too.... However, the rollout of the service will be gradual and it will not be available to all users until the end of January 2023.
TechCrunch also notes there's alternatives (including open source GitLeaks).