Programming

Ukranian Programmers Continue Working While Being Bombed (cnbc.com) 160

CNBC reminds us that Ukraine is also home "to a massive community of software developers who work remotely for companies all over the U.S. and Europe.

"There were 200,000 Ukrainian developers in the country in 2020, according to Amsterdam-based software development outsourcing company Daxx, which says that 20% of Fortune 500 companies have their remote development teams in Ukraine." As major cities across Ukraine endure devastating attacks that have seen buildings reduced to rubble, company leaders in the U.S. and Europe have expressed awe at their Ukraine-based staff. Those developers, along with other Ukrainian civilians in the country, are now being forced to defend their homes and cities while sheltering from Russian bombs. But many are still continuing to remotely work for their employers, supporting the local defense effort by day while sending in their deliverables by night.

"Yes our teams are sending deliverables from a f — ing parking garage in Kharkiv under heavy shelling and gunfire in the area. Amazing humans," Logan Bender, chief financial officer at a San Francisco-based software licensing company, said in a story posted to Instagram on Tuesday by venture capital meme account PrayingforExits. "We of course told them all deliverables are off the table. Nothing of you expected other than to let us know how we can help other than wiring money and getting their visa process going," he said. Bender has been working to get a defense service to extract his employees from the conflict zone under armed guards....

"Our lead front-end developer fled to Lviv to his parents' rural house 40km outside the city and is still submitting pull requests," Eric Hovagim, CEO and founder of Los Angeles-based betting platform Pogbet, told CNBC. "He's returning to Lviv tomorrow morning to continue his work while helping with the fight."

"These Ukrainians are built different," Hovagim said. "No armed guard extraction necessary. These people are their own armed guards...."

Ukrainians in IT-related fields are also deploying their skills for the fight at home. Employees at a local digital marketing agency in Kyiv are helping carry out cyberattacks against Russian entities in collaboration with Ukraine's Ministry of Digital Transformation. A local Telegram channel dedicated to crowd-sourcing programmers to carry out cyberattacks against Russia has nearly a million subscribers...

Alexandru Asimionese, co-founder of Moldova-based software developer Labs42, described one of his freelance designers based in the northwestern Ukrainian city of Lutsk. "In the morning goes to buy high-protein snacks to deliver to the local army. Late night, sends logo ideas. Always paid in crypto (via) Binance," he said. Another start-up manager said that his Ukrainian girlfriend was returning to Ukraine from overseas to fight, and plans to continue working for her tech company while not fighting invaders.

Open Source

Linux Foundation's 'Census II' of Open Source Libraries Urges Support, Security, and Standardization (sdtimes.com) 9

"Much of the most widely used free and open source software is developed by only a handful of contributors," warns the Linux Foundation, in the executive summary for its massive new census of free and open source software application libraries. It was prepared in conjunction with Harvard's Laboratory for Innovation Science — and that's just one of its five high-level findings.

The census also notes "the increasing importance of individual developer account security," but also the persistence of legacy software, the need for a standardized naming schema for software components, and "complexities" around package versions. But there's also just a lot of data about package popularity, writes SD Times: The report, Census II, is a follow-up to Census I, which was conducted in 2015 to identify the packages in Debian Linux that were most critical to the operation and security of the kernel. According to the Linux Foundation, Census II allows for a more "complete picture of free and open source (FOSS) adoption."

"Understanding what FOSS packages are the most critical to society allows us to proactively support projects that warrant operations and security support," said Brian Behlendorf, executive director at Linux Foundation's Open Source Security Foundation (OpenSSF).

The census "aggregates data from over half a million observations of FOSS libraries used in production applications at thousands of companies," according to its executive summary. It argues that preserving FOSS will require this kind of data-sharing (about where and how FOSS packages are being used ) as well as coordination — including standardizing terminology — and of course, investment.

"The motivation behind publishing these findings is to not only inform, but also to inspire action by developers to improve their security practices and by end users to support the FOSS ecosystem and developers who need assistance." (It suggests companies companies could provide not just financial support but also the technical talent and their time.) The results take the form of eight Top 500 lists — four that include version numbers in the analysis and four that are version agnostic. Further, as mentioned above, we present npm and non-npm packages in separate lists... Although these lists provide valuable, important insights into the most widely used FOSS projects, it is important to also consider the level of security related to these projects. Therefore, in each list, we also include the "Tiered %" measure from the OpenSSF Best Practices Badging Program....
Programming

Wordle Rip-offs Are Running Rampant on the App Store Again (theverge.com) 50

The Wordle clones are back on the App Store, just a few weeks after Apple wiped out nearly all the copycat games in January. From a report: A quick glance at the top free apps on the App Store reveals at least two prominently placed Wordle-alikes, while diving into Apple's more specific word games category (or simply searching "Wordle") surfaces plenty of other copycats, many of which appear to have been part of Apple's first wave of takedowns a few months ago. None of the new games are actively passing themselves off as Wordle -- at least, not in name. Instead, the clones have creatively rebranded to "Wordus," "Word Guess," "Wordl," and other thinly veiled references to the original game. But all of them offer some variant on Wordle's gameplay, down to the same gameplay, UI, design, and color scheme.
GNU is Not Unix

Free Software Foundation Announces Five Papers Exploring Microsoft's 'GitHub Copilot' (fsf.org) 39

GitHub's Copilot is an AI-powered autocompletion tool for coders, but the FSF has come up with a new way to describe it:

Service as a Software Substitute (SaaSS).

But they also feel the service "immediately raised serious questions for the free software movement and our ability to safeguard user and developer freedom" — which is why last July they'd put out a call for papers from the free software community. And they're now announcing the results: [W]e concluded there were five papers that would be best suited to inform the community and foster critical conversations to help guide our actions in the search for solutions.... The papers contain opinions with which the Free Software Foundation (FSF) may or may not agree, and any views expressed by the authors do not necessarily represent the FSF. They were selected because we thought they advanced discussion of important questions, and did so clearly....
The five papers are:

The FSF adds:

"If this subject is of interest to you, we recommend you read this selection of papers and share your thoughts and feedback. Several of the authors have agreed to participate in follow-up discussions which will be held via IRC, LibrePlanet Wiki, and LibrePlanet Discuss mailing list.... Whether or not you are able to attend any of the live events, we encourage you to contribute to the discussion on the wiki and mailing list. As stakeholders in free software, the preservation of user freedom and copyleft, we would like to engage the community in any possible actions that must be taken."


Programming

Why Swift Creator Chris Lattner Stepped Down From Its Core Team This Week (devclass.com) 98

The creator of Apple's Swift programming language stayed involved in the Swift core team and Evolution community... until this week. Though he'd left Apple more than five years ago, "Swift is important to me, so I've been happy to spend a significant amount of time to help improve and steer it," Lattner wrote in an explanatory comment on the Swift community forum. "This included the ~weekly core team meetings (initially in person, then over WebEx)..."

The tech news site DevClass notes Lattner is also "the mind behind compiler infrastructure project LLVM," but reports that "Apparently, Lattner hasn't been part of the [Swift] core team since autumn 2021, when he tried discussing what he perceived as a toxic meeting environment with project leadership after an especially noteworthy call made him take a break in summer." "[...] after avoiding dealing with it, they made excuses, and made it clear they weren't planning to do anything about it. As such, I decided not to return," Lattner wrote in his explanation post. Back then, he planned to keep participating via the Swift Evolution community "but after several discussions generating more heat than light, when my formal proposal review comments and concerns were ignored by the unilateral accepts, and the general challenges with transparency working with core team, I decided that my effort was triggering the same friction with the same people, and thus I was just wasting my time."

Lattner had been the steering force behind Swift since the language's inception in 2010. However, after leaving Apple in 2017 and handing over his project lead role, design premises like "single things that compose" seem to have fallen by the wayside, making the decision to move on completely easier for language-creator Lattner.

The article points out Lattner's latest endeavour is AI infrastructure company Modular.AI.

And Lattner wrote in his comment that Swift's leadership "reassures me they 'want to make sure things are better for others in the future based on what we talked about' though...." Swift has a ton of well meaning and super talented people involved in and driving it. They are trying to be doing the best they can with a complicated situation and many pressures (including lofty goals, fixed schedules, deep bug queues to clear, internal folks that want to review/design things before the public has access to them, and pressures outside their team) that induce odd interactions with the community. By the time things get out to us, the plans are already very far along and sometimes the individuals are attached to the designs they've put a lot of energy into. This leads to a challenging dynamic for everyone involved.

I think that Swift is a phenomenal language and has a long and successful future ahead, but it certainly isn't a community designed language, and this isn't ambiguous. The new ideas on how to improve things sounds promising — I hope they address the fundamental incentive system challenges that the engineers/leaders face that cause the symptoms we see. I think that a healthy and inclusive community will continue to benefit the design and evolution of Swift.

DevClass also reported on the aftermath: Probably as a consequence of the move, the Swift core team is currently looking to restructure project leadership. According to Swift project lead Ted Kremenek... "The intent is to free the core team to invest more in overall project stewardship and create a larger language workgroup that can incorporate more community members in language decisions."

Kremenek also used the announcement to thank Lattner for his leadership throughout the formative years of the project, writing "it has been one of the greatest privileges of my life to work with Chris on Swift."

In 2017 Chris Lattner answered questions from Slashdot's readers.
Programming

Programming in Rust is Fun - But Challenging, Finds Annual Community Survey (rust-lang.org) 58

Respondents to the annual survey of the Rust community reported an uptick in weekly usage and challenges, writes InfoWorld: Among those surveyed who are using Rust, 81% were using the language on at least a weekly basis, compared to 72% in last year's survey. Of all Rust users, 75% said they are able to write production-ready code but 27% said it was at times a struggle to write useful, production-ready code.... While the survey pointed toward a growing, healthy community of "Rustaceans," it also found challenges. In particular, Rust users would like to see improvements in compile times, disk usage, debugging, and GUI development...

- For those who adopted Rust at work, 83% found it "challenging." But it was unclear how much of this was a Rust-specific issue or general challenges posed by adopting a new language. During adoption, only 13% of respondents believed the language was slowing their team down while 82% believed Rust helped their teams achieve their goals.

- Of the respondents using Rust, 59% use it at least occasionally at work and 23% use it for the majority of their coding. Last year, only 42% used Rust at work.

From the survey's results: After adoption, the costs seem to be justified: only 1% of respondents did not find the challenge worth it while 79% said it definitely was. When asked if their teams were likely to use Rust again in the future, 90% agreed. Finally, of respondents using Rust at work, 89% of respondents said their teams found it fun and enjoyable to program.

As for why respondents are using Rust at work, the top answer was that it allowed users "to build relatively correct and bug free software" with 96% of respondents agreeing with that statement. After correctness, performance (92%) was the next most popular choice. 89% of respondents agreed that they picked Rust at work because of Rust's much-discussed security properties.

Overall, Rust seems to be a language ready for the challenges of production, with only 3% of respondents saying that Rust was a "risky" choice for production use.

Thanks to Slashdot reader joshuark for submitting the story...
Education

Code.org and Coldplay Launch Global Campaign To Inspire Kids To Code and Dance 53

theodp writes: Tech-bankrolled nonprofit Code.org is inviting kids to join the Coldplay Dance Party, explaining in a Medium post that "we've teamed up with award-winning band Coldplay to launch a global campaign that celebrates music and computer science." Teachers and students are encouraged to "share your creations for Code.org and Coldplay to see!" on Twitter, Instagram, TikTok, and Facebook, although a footnote warns: "In most countries, use of social media is not permitted for underage students [Dance Party targets kindergarten thru high school students]. Do not post videos or photos of students without the permission of a parent or guardian." From the announcement: "Coldplay and Code.org believe in the power of computer science education for every student, in every classroom around the world. That's why we're teaming up to inspire students everywhere to code and dance [YouTube] -- let's celebrate the magic of computer science and music! Join the party by using Code.org's Dance Party activity to code your own choreography to Coldplay's "Higher Power." Get creative with classic moves, and have fun with new album-inspired visuals and dancer formations! Post or submit your creations for Coldplay and Code.org to see, and we'll share the best ones on social media [GitHub]. Plus, you'll get a chance to win tickets to see Coldplay on tour, or a chance for your classroom to video chat with the band." "This is a new creative way to continue introducing people to play with and dance around the practice of programming," Google AI Chief Jeff Dean tweeted to his 200K+ Twitter followers. "Since it launched in 2018 [in partnership with Amazon]," Code.org exclaimed in its Medium post, "Dance Party has engaged more than 5.7 million students!"
Bug

Linux Developers Patch Bugs Faster Than Microsoft, Apple, and Google, Study Shows (zdnet.com) 43

Linux programmers fixed bugs faster than anyone — in an average of just 25 days (improving from 32 days in 2019 to just 15 in 2021). That's the conclusion of Google's "Project Zero" security research team, which studied the speed of bug-fixing from January 2019 to December 2021.

ZDNet reports that Linux's competition "didn't do nearly as well." For instance, Apple, 69 days; Google, 44 days; and Mozilla, 46 days. Coming in at the bottom was Microsoft, 83 days, and Oracle, albeit with only a handful of security problems, with 109 days.

By Project Zero's count, others, which included primarily open-source organizations and companies such as Apache, Canonical, Github, and Kubernetes, came in with a respectable 44 days.

Generally, everyone's getting faster at fixing security bugs. In 2021, vendors took an average of 52 days to fix reported security vulnerabilities. Only three years ago the average was 80 days. In particular, the Project Zero crew noted that Microsoft, Apple, and Linux all significantly reduced their time to fix over the last two years.

As for mobile operating systems, Apple iOS with an average of 70 days is a nose better than Android with its 72 days. On the other hand, iOS had far more bugs, 72, than Android with its 10 problems.

Browsers problems are also being fixed at a faster pace. Chrome fixed its 40 problems with an average of just under 30 days. Mozilla Firefox, with a mere 8 security holes, patched them in an average of 37.8 days. Webkit, Apple's web browser engine, which is primarily used by Safari, has a much poorer track record. Webkit's programmers take an average of over 72 days to fix bugs.

Cloud

Is It More Energy-Efficient to Program in Rust? (amazon.com) 243

A recent post on the AWS Open Source blog announced that AWS "is investing in the sustainability of Rust, a language we believe should be used to build sustainable and secure solutions."

It was written by the chair of the Rust foundation (and leader of AWS's Rust team) with a Principal Engineer at AWS, and reminds us that Rust "combines the performance and resource efficiency of systems programming languages like C with the memory safety of languages like Java."

But there's another reason they're promoting Rust: Worldwide, data centers consume about 200 terawatt hours per year. That's roughly 1% of all energy consumed on our planet... [C]loud and hyperscale data centers have been implementing huge energy efficiency improvements, and the migration to that cloud infrastructure has been keeping the total energy use of data centers in balance despite massive growth in storage and compute for more than a decade... [I]s the status quo good enough? Is keeping data center energy use to 1% of worldwide energy consumption adequate..? [Will] innovations in energy efficiency continue to keep pace with growth in storage and compute in the future? Given the explosion we know is coming in autonomous drones, delivery robots, and vehicles, and the incredible amount of data consumption, processing, and machine learning training and inference required to support those technologies, it seems unlikely that energy efficiency innovations will be able to keep pace with demand...

[J]ust like security, sustainability is a shared responsibility. AWS customers are responsible for energy efficient choices in storage policies, software design, and compute utilization, while AWS owns efficiencies in hardware, utilization features, and cooling systems.... In the same way that operational excellence, security, and reliability have been principles of traditional software design, sustainability must be a principle in modern software design. That's why AWS announced a sixth pillar for sustainability to the AWS Well-Architected Framework. What that looks like in practice is choices like relaxing service-level agreements for non-critical functions and prioritizing resource use efficiency. We can take advantage of virtualization and allow for longer device upgrade cycles. We can leverage caching and longer times-to-live whenever possible. We can classify our data and implement automated lifecycle policies that delete data as soon as possible. When we choose algorithms for cryptography and compression, we can include efficiency in our decision criteria.

Last, but not least, we can choose to implement our software in energy efficient programming languages.

There was a really interesting study a few years ago that looked at the correlation between energy consumption, performance, and memory use.... What the study did is implement 10 benchmark problems in 27 different programming languages and measure execution time, energy consumption, and peak memory use. C and Rust significantly outperformed other languages in energy efficiency. In fact, they were roughly 50% more efficient than Java and 98% more efficient than Python. It's not a surprise that C and Rust are more efficient than other languages. What is shocking is the magnitude of the difference. Broad adoption of C and Rust could reduce energy consumption of compute by 50% — even with a conservative estimate....

No one developer, service, or corporation can deliver substantial impact on sustainability. Adoption of Rust is like recycling; it only has impact if we all participate. To achieve broad adoption, we are going to have to grow the developer community.

That "interesting study" cited also found that both C and Rust execute faster than other programming languages, the blog post points out, so "when you choose to implement your software in Rust for the sustainability and security benefits, you also get the optimized performance of C."

And the post also notes Linus Torvalds' recent acknowledgement that while he really loves C, it can be like juggling chainsaws, with easily-overlooked and "not always logical" type interactions. (Torvalds then went on to call Rust "the first language I saw which looked like this might actually be a solution.")

The Rust Foundation is a non-profit partnership between Amazon Web Services (AWS), Google, Huawei, Microsoft, and Mozilla.
Microsoft

New Open Source-Loving Microsoft Celebrates .NET's 20th Anniversary (thenewstack.io) 65

From Mike Melanson's "This Week in Programming" column: The 20th anniversary of .NET is upon us this week and with it, Microsoft is pulling out all the stops in celebration of what it says is "the most loved framework by developers for three years in a row now — 2019, 2020, 2021, according to Stack Overflow's developer survey."

First launched in 2002, .NET is, in some ways, something that Microsoft can roll out as evidence of its changed ways over the years. It went from a company embroiled in a monopoly case just a year before this release, to one that later decided to turn around, mend its former ways, and open source .NET Core. "When Microsoft made another major transformation, this time towards open source, .NET was also at the forefront," Microsoft writes in this week's celebratory blog post. "By 2012, we had fully open-sourced the ASP.NET MVC web framework and were accepting contributions. It was one of Microsoft's first major open-source projects at the time. In 2014, we started to build a cross-platform and open-source .NET on GitHub and were floored at the incredible support and contributions from the open-source community...."

Certainly, in comparison to the Microsoft we once knew, there has been a massive shift in its approach to open source software and openness in general. Indeed, these days, Microsoft is also synonymous with another giant in the world of open source, its now-subsidiary GitHub — as well as the npm Registry and countless other projects. Microsoft has transformed from a company that was once led by a man who said that "Linux is a cancer" to one that has more recently welcomed Linux to the Windows desktop, among numerous other open source endeavors.

The column ends by remembering what it calls "Microsoft 'hot reload' drama" last year — Microsoft's removal of the feature from the .NET SDK repo (and its subsequent return, with an apology). "All that's to say, perhaps all's well that ends well, and we should indeed celebrate 20 years of success with a now open source framework. In the same breath, vigilance may be necessary should we want to celebrate another such anniversary in the future."
Programming

TIOBE Adjusts Programming Language Popularity Calculations. Python, C, and Java Still Popular (techrepublic.com) 31

"As of the 1st of May, the Alexa web traffic ranking engine is going to stop its services," the TIOBE Index reminds us. So for the first time, TIOBE has switched to Similarweb this month to choose which search engines' results to use for its ranking of the popularity of programming languages. Fortunately, there are no big changes in the index due to this swap. The only striking difference is that the top 3 languages, Python, C, and Java, all gained more than 1 percent in the rankings.

We are still fine-tuning the integration with Similarweb, which is combined with a shift to HtmlUnit in the back-end. Some websites are not onboarded yet, but will follow soon. Now that HtmlUnit is applied for web crawling, it will become possible to add more sites to the index, such as Stackoverflow and Github. This will hopefully happen in the next few months.

TechRepublic reports: Python continues to sit atop the index, with C and Java directly behind it. In Feb. 2021, those three also occupied the top spot, but with Python in the number three position, C at top, and Java in second place.

Beyond the top three, there hasn't been much movement in the index, with positions four through eight unchanged from the same time last year. Those slots are occupied, respectively, by C++, C#, Visual Basic, JavaScript and PHP. Positions nine and 10 swapped from Feb. 21 to now, with Assembly Language and SQL now occupying each other's positions.

The one big move of note between Feb. 2021 and Feb. 2022 was with the Groovy programming language, an object-oriented language for Java. Over the course of the year, Groovy fell from 12th position all the way to 20th, putting it perilously close to the "other programming languages" list.

Thanks to Amigan (Slashdot reader #25,469) for sharing the story.
Crime

SFPD Puts Rape Victims' DNA Into Database Used To Find Criminals, DA Alleges (arstechnica.com) 132

An anonymous reader quotes a report from Ars Technica: The San Francisco Police Department's crime lab has been checking DNA collected from sexual assault victims to determine whether any of the victims committed a crime, according to District Attorney Chesa Boudin, who called for an immediate end to the alleged practice. "The crime lab attempts to identify crime suspects by searching a database of DNA evidence that contains DNA collected from rape and sexual assault victims," Boudin's office said in a press release yesterday. Boudin's release denounced the alleged "practice of using rape and sexual assault victims' DNA to attempt to subsequently incriminate them."

"Boudin said his office was made aware of the purported practice last week, after a woman's DNA collected years ago as part of a rape exam was used to link her to a recent property crime," the San Francisco Chronicle reported yesterday. The woman "was recently arrested on suspicion of a felony property crime, with police identifying her based on the rape-kit evidence she gave as a victim, Boudin said." That was the only example provided, and Boudin gave few details about the case to protect the woman's privacy. But the database may include "thousands of victims' DNA profiles, with entries over 'many, many years,' Boudin said," according to the Chronicle. "We should encourage survivors to come forward -- not collect evidence to use against them in the future. This practice treats victims like evidence, not human beings. This is legally and ethically wrong," Boudin said.

San Francisco Police Chief Bill Scott said the department will investigate and that he is "committed to ending the practice" if Boudin's allegation is accurate. But Scott also said the suspect cited by Boudin may have been identified from a different DNA database. "We will immediately begin reviewing our DNA collection practices and policies... Although I am informed of the possibility that the suspect in this case may have been identified through a DNA hit in a non-victim DNA database, I think the questions raised by our district attorney today are sufficiently concerning that I have asked my assistant chief for operations to work with our Investigations Bureau to thoroughly review the matter and report back to me and to our DA's office partners," Scott said in a statement published by KRON 4. Scott also said, "I am informed that our existing DNA collection policies have been legally vetted and conform with state and national forensic standards," but he noted that "there are many important principles for which the San Francisco Police Department stands that go beyond state and national standards." "We must never create disincentives for crime victims to cooperate with police, and if it's true that DNA collected from a rape or sexual assault victim has been used by SFPD to identify and apprehend that person as a suspect in another crime, I'm committed to ending the practice," Scott said.
Even though the alleged practice may already be illegal under California's Victims' Bill of Rights, State Senator Scott Wiener (D-San Francisco) and District 9 Supervisor Hillary Ronen are planning legislation to stop the alleged misuse of DNA.

Wiener said that "if survivors believe their DNA may end up being used against them in the future, they'll have one more reason not to participate in the rape kit process. That's why I'm working with the DA's office to address this problem through state legislation, if needed."
Android

The First Developer Preview of Android 13 Has Arrived (techcrunch.com) 60

Google today announced the first developer release of Android 13. These very early releases, which are only meant for developers and aren't available through over-the-air updates, typically don't include too many user-facing changes. From a report: That's true this time as well, but even in this early release, the company is already showing off a few changes that will impact how you'll use your Android phone. Unlike with Android 12, Google plans to have two developer releases and then launch a beta in April, a month earlier than in 2021. The final release could come as early as August, based on Google's roadmap, whereas Android 12 launched in early October. All of this is happening while Android 12L, the Android release for large-screen devices, is still in development, too, though Google notes that it will bring some of those features to Android 13 as well. These include improved support for tablets, foldables and Android apps on Chromebooks. One of the most visible changes in Android 13 so far is that Google will bring the dynamic color feature of Material You, which by default takes its cues from your home screen image to all app icons. Developers will have to supply a monochromatic app icon for this to work, which many will hopefully do, because the current mix of themed and un-themed icons doesn't make for a great look. For now, this will only be available on Pixel devices, though, and Google says it will work with its partners to bring it to more devices. With this release, Google supports the Pixel 6 Pro, Pixel 6, Pixel 5a 5G, Pixel 5, Pixel 4a (5G), Pixel 4a, Pixel 4 XL, and Pixel 4.
Microsoft

Microsoft Proclaims Support for a More Open Gaming Future (axios.com) 41

Microsoft executives are warming up regulators to their proposed acquisition of gaming giant Activision Blizzard in Washington by pledging a future that includes an open, "universal" app store. From a report: On Wednesday, Microsoft announced a set of "Open App Store Principles" the company says will apply to the Microsoft Store on Windows and the next generation of its marketplaces for games. [...] Seven of those principles center around security, privacy, quality, safety, accountability, fairness and transparency, and the company says it is committing to those principles starting today. The four remaining principles would change how developers use app stores by not requiring developers to use Microsoft's payment system, not giving its app store more favorable terms, not disadvantaging developers who use a different payment system and not preventing developers from communicating directly with customers.
Databases

Breach of Washington State Database May Expose Personal Info of Millions (apnews.com) 11

An anonymous reader quotes a report from The Associated Press: The Washington State Department of Licensing said the personal information of potentially millions of licensed professionals may have been exposed after it detected suspicious activity on its online licensing system. The agency licenses about 40 categories of businesses and professionals, from auctioneers to real estate agents, and it shut down its online platform temporarily after learning of the activity in January, agency spokesperson Christine Anthony said Friday. Data stored on the system, which is called POLARIS, could include Social Security numbers, birth dates and driver's licenses. The agency doesn't yet know whether such data was actually accessed or how many individuals may have been affected, Anthony said.

Anthony said the agency has been working with the state Office of Cybersecurity, the state Attorney General's Office and a third-party cybersecurity firm to understand the scope of the incident, The Seattle Times reported Friday. In the meantime, the shutdown of the POLARIS system is causing problems for some professionals and firms that need to apply for, renew or modify their licensing. The size of the breach remains unclear. Data from 23 professions and business types licensed by the state is processed via POLARIS, Anthony said. Within those 23 categories, which also include bail bonds agents, funeral directors, home inspectors and notaries, the agency has around 257,000 active licenses in its system, Anthony said, adding that "there are likely more records that may be identified while conducting our investigation."

Programming

Golang's Most-Downloaded Beta Ever Brings Support for Generics, Fuzzing (thenewstack.io) 27

From Mike Melanson's "This Week in Programming" column: The second beta of Go 1.18 was released this week, following up the first beta, which the team writes was "the most downloaded Go beta ever, with twice as many downloads as any previous release." With it comes support for generics in both gopls [the official Go language server] and Visual Studio Code's Go extension.

In addition to the long-awaited generics feature, Go 1.18 introduces fuzzing and the new Go workspace mode.

Having put the first beta through its paces, the team also writes that it "has also proved very reliable; in fact, we are already running it in production here at Google." Nonetheless, Beta 2 is here to make sure everything is good, as Beta 1 uncovered some "obscure bugs in the new support for generics".

The release candidate is also expected later this month, with the final Go 1.18 release slated for March. And while we're talking about Go 1.18, Go AWK creator Ben Hoyt decided to take a look at Go performance from version 1.2 to 1.18 using the performance of his own tool "when compiled using each released version of Go from 1.2 (the earliest version I could download) to 1.18 (which is in beta now)." As you might expect (or hope, rather), Go has picked up the pace over recent versions. "Overall, countwords is now about 5x as fast as it would have been with Go 1.2, and sumloop is 14x as fast! (Though I first released GoAWK when Go was already at version 1.11, so it wasn't around for the huge early gains.)," Hoyt writes.

"For an actively-developed compiler like Go, it's cool to be able to get performance improvements just by waiting and letting others do all the hard work. :-)"

Programming

GitHub Launches New Sponsors-Only Repositories (techcrunch.com) 32

"A few years ago, GitHub introduced sponsorships that allowed anybody to make direct financial contributions to open source developers," TechCrunch reported this week, adding that Microsoft-owned GitHub is now "taking this concept a bit further by launching sponsor-only repositories, that is, private repositories that only sponsors will get access to." GitHub says the idea here is to give funders early access to projects as they are being built, for example, or access to what the company calls "sponsorware," that is access to projects just for sponsors. The company notes that developers can also use these repositories to host discussions with sponsors. And to give developers some flexibility here, they can attach specific repositories to different sponsorship tiers... The company is also adding a new call to action to sponsor-enabled repositories to give more visibility to the program.
"In effect, the new feature formalizes something that many developers were already enabling themselves manually," reports VentureBeat, "but GitHub now takes care of all the heavy lifting such as sending invites..." The launch comes at a time when industry and government are looking for new ways to support and secure the software supply chain. The recently discovered Log4j vulnerability resurfaced age-old questions around the security of open source software, particularly software that isn't backed by full-time developer teams. For example, one of Log4j's core maintainers has a full-time job elsewhere as a software architect, and only works on "Log4j and other open source projects" in his spare time.

With Sponsors-only repositories, developers will not only be able to solicit donations, but also better engage with backers — corporate or otherwise — at a deeper and more personalized level... Elsewhere, GitHub also now allows developers to attach metadata to their sponsor page URLs, which may help them track how new sponsors arrived on the scene — for example, they can see whether a tweet they sent out resulted in any direct sponsor signups.

The Almighty Buck

Developers React To 27% Commission With Astonishment and Anger (9to5mac.com) 275

"Developers reacted with astonishment and anger at Apple's 27% commission policy as a minimal form of compliance with a new antitrust law regarding the App Store," reports 9to5Mac. After being ordered by Dutch regulators to allow developers to opt-out of the App Store payment platform, Apple announced today that it "would reduce its commission by only three percent" from the 30 percent commission it typically charges developers, reports 9to5Mac. Additionally, Apple said it would "impose onerous administrative overheads -- such as applying for permission to use a specific API, maintaining a separate version of the app, and filing reports with Apple." 9to5Mac highlights a number of reactions from disgruntled developers: Macworld did a great roundup of reactions to this by a number of well-known developers: "Apple was blasted by developers on Twitter who took issue with the exorbitant fee. Steve Troughton-Smith called the move 'absolutely vile' [...] Marco Arment wrote that you 'can just FEEL how much they despise having to do any of this.' Others noted that it 'defeats the purpose of the law' and that developers will still need to pay at least 3 percent to the payment provider, thus negating even the small savings."

Steve Troughton-Smith retweeted our story, and commented: "Absolutely vile. This says everything about @tim_cook's Apple and what it thinks of developers. I hope the company gets exactly what it deserves. Everybody on their executive team should be ashamed, and some of them should not be here when it's all over. We all see you."

Marco Arment highlighted the conditions imposed by Apple:

- Separate app, only available in Netherlands
- Cannot also support IAP
- Must display scary sheets before payment
- Website links are all to a single URL specified in Info.plist with no parameters
- Must submit monthly report to Apple listing EVERY external transaction

Adding: "And after you pay your ~3% to your payment processor, Apple's 27% commission takes you right back up to 30%. Glorious. Come on, THIS is comedy. Amazing, ridiculous comedy. I'd be surprised if a single app ever took them up on this. (And that's exactly by design.)"

AI

DeepMind Says Its New AI Coding Engine is as Good as an Average Human Programmer (theverge.com) 135

DeepMind has created an AI system named AlphaCode that it says "writes computer programs at a competitive level." From a report: The Alphabet subsidiary tested its system against coding challenges used in human competitions and found that its program achieved an "estimated rank" placing it within the top 54 percent of human coders. The result is a significant step forward for autonomous coding, says DeepMind, though AlphaCode's skills are not necessarily representative of the sort of programming tasks faced by the average coder. Oriol Vinyals, principal research scientist at DeepMind, told The Verge over email that the research was still in the early stages but that the results brought the company closer to creating a flexible problem-solving AI -- a program that can autonomously tackle coding challenges that are currently the domain of humans only. "In the longer-term, we're excited by [AlphaCode's] potential for helping programmers and non-programmers write code, improving productivity or creating new ways of making software," said Vinyals.
Python

Python Dominates, But Developers Are Adding New Skills To Stand Out (zdnet.com) 18

An anonymous reader writes: Ransomware is driving developer interest in cybersecurity while the Internet of Things and games development has spurred more interest in 35-year-old programming language C++, according to O'Reilly Media's 2021 learning platform analysis. However, it could the case that developers are looking at some newer languages to give them the edge. O'Reilly, a developer-focused education content provider, creates an analysis of search terms and content modules consumed on its learning platform each year to reveal developer trends. Content usage is an aggregate measurement of "units viewed" across all forms, including online-training courses, books, videos, online conferences, and other products.

The topic of cybersecurity has grown significantly on the platform, likely as a result of the high-profile ransomware attack on Colonial Pipeline, and software supply chain attacks on customers of SolarWinds and IT management firm Kaseya. Content usage on ransomware grew 270% over the past year, according to O'Reilly, while privacy grew 90%, identity was up 50%, and application security was up 45%. Developers building Internet of Things products and games are boosting interest in the C++ programming language. Software quality firm Tiobe has also noted a recent surge in interest in C++. While interest in C++ did see a noteworthy rise, Python and Java still dominate O'Reilly's platform usage. O'Reilly says it has seen usage of content about Mozilla-hatched Rust and Google-backed Go "growing rapidly." Both are popular for systems and infrastructure programming. Rust in particular is being used in place of C++ to help avoid memory-related security issues. It's being used at Microsoft, AWS and Google, and has been positioned as the second official language for the Linux kernel.

Slashdot Top Deals