From Mike Melanson's "This Week in Programming" column: The 20th anniversary of .NET is upon us this week and with it, Microsoft is pulling out all the stops in celebration of what it says is "the most loved framework by developers for three years in a row now — 2019, 2020, 2021, according to Stack Overflow's developer survey."

First launched in 2002, .NET is, in some ways, something that Microsoft can roll out as evidence of its changed ways over the years. It went from a company embroiled in a monopoly case just a year before this release, to one that later decided to turn around, mend its former ways, and open source .NET Core. "When Microsoft made another major transformation, this time towards open source, .NET was also at the forefront," Microsoft writes in this week's celebratory blog post. "By 2012, we had fully open-sourced the ASP.NET MVC web framework and were accepting contributions. It was one of Microsoft's first major open-source projects at the time. In 2014, we started to build a cross-platform and open-source .NET on GitHub and were floored at the incredible support and contributions from the open-source community...."

Certainly, in comparison to the Microsoft we once knew, there has been a massive shift in its approach to open source software and openness in general. Indeed, these days, Microsoft is also synonymous with another giant in the world of open source, its now-subsidiary GitHub — as well as the npm Registry and countless other projects. Microsoft has transformed from a company that was once led by a man who said that "Linux is a cancer" to one that has more recently welcomed Linux to the Windows desktop, among numerous other open source endeavors.
The column ends by remembering what it calls "Microsoft 'hot reload' drama" last year — Microsoft's removal of the feature from the .NET SDK repo (and its subsequent return, with an apology). "All that's to say, perhaps all's well that ends well, and we should indeed celebrate 20 years of success with a now open source framework. In the same breath, vigilance may be necessary should we want to celebrate another such anniversary in the future."

"As of the 1st of May, the Alexa web traffic ranking engine is going to stop its services," the TIOBE Index reminds us. So for the first time, TIOBE has switched to Similarweb this month to choose which search engines' results to use for its ranking of the popularity of programming languages. Fortunately, there are no big changes in the index due to this swap. The only striking difference is that the top 3 languages, Python, C, and Java, all gained more than 1 percent in the rankings.

We are still fine-tuning the integration with Similarweb, which is combined with a shift to HtmlUnit in the back-end. Some websites are not onboarded yet, but will follow soon. Now that HtmlUnit is applied for web crawling, it will become possible to add more sites to the index, such as Stackoverflow and Github. This will hopefully happen in the next few months.
TechRepublic reports: Python continues to sit atop the index, with C and Java directly behind it. In Feb. 2021, those three also occupied the top spot, but with Python in the number three position, C at top, and Java in second place.

Beyond the top three, there hasn't been much movement in the index, with positions four through eight unchanged from the same time last year. Those slots are occupied, respectively, by C++, C#, Visual Basic, JavaScript and PHP. Positions nine and 10 swapped from Feb. 21 to now, with Assembly Language and SQL now occupying each other's positions.

The one big move of note between Feb. 2021 and Feb. 2022 was with the Groovy programming language, an object-oriented language for Java. Over the course of the year, Groovy fell from 12th position all the way to 20th, putting it perilously close to the "other programming languages" list.
Thanks to Amigan (Slashdot reader #25,469) for sharing the story.

An anonymous reader quotes a report from Ars Technica: The San Francisco Police Department's crime lab has been checking DNA collected from sexual assault victims to determine whether any of the victims committed a crime, according to District Attorney Chesa Boudin, who called for an immediate end to the alleged practice. "The crime lab attempts to identify crime suspects by searching a database of DNA evidence that contains DNA collected from rape and sexual assault victims," Boudin's office said in a press release yesterday. Boudin's release denounced the alleged "practice of using rape and sexual assault victims' DNA to attempt to subsequently incriminate them."

"Boudin said his office was made aware of the purported practice last week, after a woman's DNA collected years ago as part of a rape exam was used to link her to a recent property crime," the San Francisco Chronicle reported yesterday. The woman "was recently arrested on suspicion of a felony property crime, with police identifying her based on the rape-kit evidence she gave as a victim, Boudin said." That was the only example provided, and Boudin gave few details about the case to protect the woman's privacy. But the database may include "thousands of victims' DNA profiles, with entries over 'many, many years,' Boudin said," according to the Chronicle. "We should encourage survivors to come forward -- not collect evidence to use against them in the future. This practice treats victims like evidence, not human beings. This is legally and ethically wrong," Boudin said.

San Francisco Police Chief Bill Scott said the department will investigate and that he is "committed to ending the practice" if Boudin's allegation is accurate. But Scott also said the suspect cited by Boudin may have been identified from a different DNA database. "We will immediately begin reviewing our DNA collection practices and policies... Although I am informed of the possibility that the suspect in this case may have been identified through a DNA hit in a non-victim DNA database, I think the questions raised by our district attorney today are sufficiently concerning that I have asked my assistant chief for operations to work with our Investigations Bureau to thoroughly review the matter and report back to me and to our DA's office partners," Scott said in a statement published by KRON 4. Scott also said, "I am informed that our existing DNA collection policies have been legally vetted and conform with state and national forensic standards," but he noted that "there are many important principles for which the San Francisco Police Department stands that go beyond state and national standards." "We must never create disincentives for crime victims to cooperate with police, and if it's true that DNA collected from a rape or sexual assault victim has been used by SFPD to identify and apprehend that person as a suspect in another crime, I'm committed to ending the practice," Scott said. Even though the alleged practice may already be illegal under California's Victims' Bill of Rights, State Senator Scott Wiener (D-San Francisco) and District 9 Supervisor Hillary Ronen are planning legislation to stop the alleged misuse of DNA.

Wiener said that "if survivors believe their DNA may end up being used against them in the future, they'll have one more reason not to participate in the rape kit process. That's why I'm working with the DA's office to address this problem through state legislation, if needed."

Google today announced the first developer release of Android 13. These very early releases, which are only meant for developers and aren't available through over-the-air updates, typically don't include too many user-facing changes. From a report: That's true this time as well, but even in this early release, the company is already showing off a few changes that will impact how you'll use your Android phone. Unlike with Android 12, Google plans to have two developer releases and then launch a beta in April, a month earlier than in 2021. The final release could come as early as August, based on Google's roadmap, whereas Android 12 launched in early October. All of this is happening while Android 12L, the Android release for large-screen devices, is still in development, too, though Google notes that it will bring some of those features to Android 13 as well. These include improved support for tablets, foldables and Android apps on Chromebooks. One of the most visible changes in Android 13 so far is that Google will bring the dynamic color feature of Material You, which by default takes its cues from your home screen image to all app icons. Developers will have to supply a monochromatic app icon for this to work, which many will hopefully do, because the current mix of themed and un-themed icons doesn't make for a great look. For now, this will only be available on Pixel devices, though, and Google says it will work with its partners to bring it to more devices. With this release, Google supports the Pixel 6 Pro, Pixel 6, Pixel 5a 5G, Pixel 5, Pixel 4a (5G), Pixel 4a, Pixel 4 XL, and Pixel 4.

Microsoft executives are warming up regulators to their proposed acquisition of gaming giant Activision Blizzard in Washington by pledging a future that includes an open, "universal" app store. From a report: On Wednesday, Microsoft announced a set of "Open App Store Principles" the company says will apply to the Microsoft Store on Windows and the next generation of its marketplaces for games. [...] Seven of those principles center around security, privacy, quality, safety, accountability, fairness and transparency, and the company says it is committing to those principles starting today. The four remaining principles would change how developers use app stores by not requiring developers to use Microsoft's payment system, not giving its app store more favorable terms, not disadvantaging developers who use a different payment system and not preventing developers from communicating directly with customers.

An anonymous reader quotes a report from The Associated Press: The Washington State Department of Licensing said the personal information of potentially millions of licensed professionals may have been exposed after it detected suspicious activity on its online licensing system. The agency licenses about 40 categories of businesses and professionals, from auctioneers to real estate agents, and it shut down its online platform temporarily after learning of the activity in January, agency spokesperson Christine Anthony said Friday. Data stored on the system, which is called POLARIS, could include Social Security numbers, birth dates and driver's licenses. The agency doesn't yet know whether such data was actually accessed or how many individuals may have been affected, Anthony said.

Anthony said the agency has been working with the state Office of Cybersecurity, the state Attorney General's Office and a third-party cybersecurity firm to understand the scope of the incident, The Seattle Times reported Friday. In the meantime, the shutdown of the POLARIS system is causing problems for some professionals and firms that need to apply for, renew or modify their licensing. The size of the breach remains unclear. Data from 23 professions and business types licensed by the state is processed via POLARIS, Anthony said. Within those 23 categories, which also include bail bonds agents, funeral directors, home inspectors and notaries, the agency has around 257,000 active licenses in its system, Anthony said, adding that "there are likely more records that may be identified while conducting our investigation."

From Mike Melanson's "This Week in Programming" column: The second beta of Go 1.18 was released this week, following up the first beta, which the team writes was "the most downloaded Go beta ever, with twice as many downloads as any previous release." With it comes support for generics in both gopls [the official Go language server] and Visual Studio Code's Go extension.

In addition to the long-awaited generics feature, Go 1.18 introduces fuzzing and the new Go workspace mode.

Having put the first beta through its paces, the team also writes that it "has also proved very reliable; in fact, we are already running it in production here at Google." Nonetheless, Beta 2 is here to make sure everything is good, as Beta 1 uncovered some "obscure bugs in the new support for generics".

The release candidate is also expected later this month, with the final Go 1.18 release slated for March. And while we're talking about Go 1.18, Go AWK creator Ben Hoyt decided to take a look at Go performance from version 1.2 to 1.18 using the performance of his own tool "when compiled using each released version of Go from 1.2 (the earliest version I could download) to 1.18 (which is in beta now)." As you might expect (or hope, rather), Go has picked up the pace over recent versions. "Overall, countwords is now about 5x as fast as it would have been with Go 1.2, and sumloop is 14x as fast! (Though I first released GoAWK when Go was already at version 1.11, so it wasn't around for the huge early gains.)," Hoyt writes.

"For an actively-developed compiler like Go, it's cool to be able to get performance improvements just by waiting and letting others do all the hard work. :-)"

"A few years ago, GitHub introduced sponsorships that allowed anybody to make direct financial contributions to open source developers," TechCrunch reported this week, adding that Microsoft-owned GitHub is now "taking this concept a bit further by launching sponsor-only repositories, that is, private repositories that only sponsors will get access to." GitHub says the idea here is to give funders early access to projects as they are being built, for example, or access to what the company calls "sponsorware," that is access to projects just for sponsors. The company notes that developers can also use these repositories to host discussions with sponsors. And to give developers some flexibility here, they can attach specific repositories to different sponsorship tiers... The company is also adding a new call to action to sponsor-enabled repositories to give more visibility to the program.
"In effect, the new feature formalizes something that many developers were already enabling themselves manually," reports VentureBeat, "but GitHub now takes care of all the heavy lifting such as sending invites..." The launch comes at a time when industry and government are looking for new ways to support and secure the software supply chain. The recently discovered Log4j vulnerability resurfaced age-old questions around the security of open source software, particularly software that isn't backed by full-time developer teams. For example, one of Log4j's core maintainers has a full-time job elsewhere as a software architect, and only works on "Log4j and other open source projects" in his spare time.

With Sponsors-only repositories, developers will not only be able to solicit donations, but also better engage with backers — corporate or otherwise — at a deeper and more personalized level... Elsewhere, GitHub also now allows developers to attach metadata to their sponsor page URLs, which may help them track how new sponsors arrived on the scene — for example, they can see whether a tweet they sent out resulted in any direct sponsor signups.

"Developers reacted with astonishment and anger at Apple's 27% commission policy as a minimal form of compliance with a new antitrust law regarding the App Store," reports 9to5Mac. After being ordered by Dutch regulators to allow developers to opt-out of the App Store payment platform, Apple announced today that it "would reduce its commission by only three percent" from the 30 percent commission it typically charges developers, reports 9to5Mac. Additionally, Apple said it would "impose onerous administrative overheads -- such as applying for permission to use a specific API, maintaining a separate version of the app, and filing reports with Apple." 9to5Mac highlights a number of reactions from disgruntled developers: Macworld did a great roundup of reactions to this by a number of well-known developers: "Apple was blasted by developers on Twitter who took issue with the exorbitant fee. Steve Troughton-Smith called the move 'absolutely vile' [...] Marco Arment wrote that you 'can just FEEL how much they despise having to do any of this.' Others noted that it 'defeats the purpose of the law' and that developers will still need to pay at least 3 percent to the payment provider, thus negating even the small savings."

Steve Troughton-Smith retweeted our story, and commented: "Absolutely vile. This says everything about @tim_cook's Apple and what it thinks of developers. I hope the company gets exactly what it deserves. Everybody on their executive team should be ashamed, and some of them should not be here when it's all over. We all see you."

Marco Arment highlighted the conditions imposed by Apple:

- Separate app, only available in Netherlands
- Cannot also support IAP
- Must display scary sheets before payment
- Website links are all to a single URL specified in Info.plist with no parameters
- Must submit monthly report to Apple listing EVERY external transaction

Adding: "And after you pay your ~3% to your payment processor, Apple's 27% commission takes you right back up to 30%. Glorious. Come on, THIS is comedy. Amazing, ridiculous comedy. I'd be surprised if a single app ever took them up on this. (And that's exactly by design.)"

DeepMind has created an AI system named AlphaCode that it says "writes computer programs at a competitive level." From a report: The Alphabet subsidiary tested its system against coding challenges used in human competitions and found that its program achieved an "estimated rank" placing it within the top 54 percent of human coders. The result is a significant step forward for autonomous coding, says DeepMind, though AlphaCode's skills are not necessarily representative of the sort of programming tasks faced by the average coder. Oriol Vinyals, principal research scientist at DeepMind, told The Verge over email that the research was still in the early stages but that the results brought the company closer to creating a flexible problem-solving AI -- a program that can autonomously tackle coding challenges that are currently the domain of humans only. "In the longer-term, we're excited by [AlphaCode's] potential for helping programmers and non-programmers write code, improving productivity or creating new ways of making software," said Vinyals.

An anonymous reader writes: Ransomware is driving developer interest in cybersecurity while the Internet of Things and games development has spurred more interest in 35-year-old programming language C++, according to O'Reilly Media's 2021 learning platform analysis. However, it could the case that developers are looking at some newer languages to give them the edge. O'Reilly, a developer-focused education content provider, creates an analysis of search terms and content modules consumed on its learning platform each year to reveal developer trends. Content usage is an aggregate measurement of "units viewed" across all forms, including online-training courses, books, videos, online conferences, and other products.

The topic of cybersecurity has grown significantly on the platform, likely as a result of the high-profile ransomware attack on Colonial Pipeline, and software supply chain attacks on customers of SolarWinds and IT management firm Kaseya. Content usage on ransomware grew 270% over the past year, according to O'Reilly, while privacy grew 90%, identity was up 50%, and application security was up 45%. Developers building Internet of Things products and games are boosting interest in the C++ programming language. Software quality firm Tiobe has also noted a recent surge in interest in C++. While interest in C++ did see a noteworthy rise, Python and Java still dominate O'Reilly's platform usage. O'Reilly says it has seen usage of content about Mozilla-hatched Rust and Google-backed Go "growing rapidly." Both are popular for systems and infrastructure programming. Rust in particular is being used in place of C++ to help avoid memory-related security issues. It's being used at Microsoft, AWS and Google, and has been positioned as the second official language for the Linux kernel.

Eighty-four percent of app developers support an antitrust bill aimed at curtailing the market power of Apple's and Google's app stores, according to a poll (PDF) from the Coalition for App Fairness released Monday. The Hill reports: The industry group for app developers is pushing Congress to pass the Open App Markets Act, a bipartisan Senate bill that would block app stores from favoring their own in-house apps in searches, requiring developers to use their payment systems and preventing users from downloading apps from third-party stores. Developers surveyed by the group complained about exorbitant fees charged by the largest app stores -- Apple charges a 30 percent commission on app store sales for large developers -- and expressed how they'd experienced difficulty getting their apps featured or accepted by app stores. Just 13 percent of app developers surveyed oppose the bill. [...] The poll, conducted by ClearPath Strategies, surveyed 190 app developers in 11 states between December 2021 and January 2022. The margin of error is plus or minus 7.11 percentage points.

"The evidence is clear -- app developers want the Open App Markets Act to pass so that they can have the opportunity to compete in a fair digital marketplace," Meghan DiMuzio, executive director of the Coalition for App Fairness, said in a statement. "For too long, developers have been harmed by gatekeepers' monopolistic practices, and consumers have suffered from less choice and innovation."

"Focus on the horse race and the flashy news and you'll miss the real stories," argues Mike Loukides, the content strategy VP at O'Reilly Media. So instead he shares trends observed on O'Reilly's learning platform in the first nine months of 2021: While new technologies may appear on the scene suddenly, the long, slow process of making things that work rarely attracts as much attention. We start with an explosion of fantastic achievements that seem like science fiction — imagine, GPT-3 can write stories! — but that burst of activity is followed by the process of putting that science fiction into production, of turning it into real products that work reliably, consistently, and fairly. AI is making that transition now; we can see it in our data. But what other transitions are in progress...?

Important signals often appear in technologies that have been fairly stable. For example, interest in security, after being steady for a few years, has suddenly jumped up, partly due to some spectacular ransomware attacks. What's important for us isn't the newsworthy attacks but the concomitant surge of interest in security practices — in protecting personal and corporate assets against criminal attackers. That surge is belated but healthy.... Usage of content about ransomware has almost tripled (270% increase). Content about privacy is up 90%; threat modeling is up 58%; identity is up 50%; application security is up 45%; malware is up 34%; and zero trust is up 23%. Safety of the supply chain isn't yet appearing as a security topic, but usage of content about supply chain management has seen a healthy 30% increase....

Another important sign is that usage of content about compliance and governance was significantly up (30% and 35%, respectively). This kind of content is frequently a hard sell to a technical audience, but that may be changing.... This increase points to a growing sense that the technology industry has gotten a regulatory free ride and that free ride is coming to an end. Whether it's stockholders, users, or government agencies who demand accountability, enterprises will be held accountable. Our data shows that they're getting the message.

According to a study by UC Berkeley's School of Information, cybersecurity salaries have crept slightly ahead of programmer salaries in most states, suggesting increased demand for security professionals. And an increase in demand suggests the need for training materials to prepare people to supply that demand. We saw that play out on our platform....

C++ has grown significantly (13%) in the past year, with usage that is roughly twice C's. (Usage of content about C is essentially flat, down 3%.) We know that C++ dominates game programming, but we suspect that it's also coming to dominate embedded systems, which is really just a more formal way to say "internet of things." We also suspect (but don't know) that C++ is becoming more widely used to develop microservices. On the other hand, while C has traditionally been the language of tool developers (all of the Unix and Linux utilities are written in C), that role may have moved on to newer languages like Go and Rust. Go and Rust continue to grow. Usage of content about Go is up 23% since last year, and Rust is up 31%. This growth continues a trend that we noticed last year, when Go was up 16% and Rust was up 94%....

Both Rust and Go are here to stay. Rust reflects significantly new ways of thinking about memory management and concurrency. And in addition to providing a clean and relatively simple model for concurrency, Go represents a turn from languages that have become increasingly complex with every new release.
Other highlights from their report:

• "Quantum computing remains a topic of interest. Units viewed is still small, but year-over-year growth is 39%. That's not bad for a technology that, honestly, hasn't been invented yet...."

• "Whether it's the future of finance or history's biggest Ponzi scheme, use of content about cryptocurrency is up 271%, with content about the cryptocurrencies Bitcoin and Ethereum (ether) up 166% and 185% respectively...."

• "Use of JavaScript content on our platform is surprisingly low — though use of content on TypeScript (a version of JavaScript with optional static typing) is up.... Even with 19% growth, TypeScript has a ways to go before it catches up; TypeScript content usage is roughly a quarter of JavaScript's..."

• "Python, Java, and JavaScript are still the leaders, with Java up 4%, Python down 6%, and JavaScript down 3%...."

• "Finally, look at the units viewed for Linux: it's second only to Kubernetes. While down very slightly in 2021, we don't believe that's significant. Linux has long been the most widely used server operating system, and it's not ceding that top spot soon."

Wikipedia defines youtube-dl as "a free and open source download manager for video and audio from YouTube and over 1,000 other video hosting websites." It was created in 2006, and "According to libraries.io, 308 other packages and 1.43k repositories depend on it." The project now has over 106,000 stars on GitHub, and by one calculation it's their fourth-most starred project that's written in Python.

A new issue today describes the project as "Under new management."

I hope that we'll be able to make a new release soon and subsequently keep the program more up-to-date than has been the case for the last few months.

The project has a fork https://github.com/yt-dlp that offers a lot of extra functions but demands an up-to-date Python version. This project will continue to target Python version 2.6, 2.7, or 3.2+, at least until no-one complains about 2.6 compatibility.

Pull Requests are very welcome, although there is a significant back-log to be handled. Back-ports of yt-dlp features are also welcome.

Finally, I'd encourage anyone else who is interested in sharing maintenance duties to establish a track record and make themselves known. We want to keep this popular project alive with a community of future maintainers.

`Long-time Slashdot reader shanen writes: If you're doing any web page programming for money, then I'm pretty sure you're paid to support Edge, too. Probably even required to test it. So this question is really directed to the relative amateur programmers among us.

As I think about the topic from my overly philosophic perspective, I even considered asking "Do you feel pressured or even blackmailed to support MS Edge?"
The original submission tells the story of a homegrown app involving "moderately complicated data structures embedded in JavaScript files that are loaded on the fly..." that might grow into an 800K re-write. "Since it's mostly for my own use, I don't care at all about Edge, but it got me to thinking and led to this question." So do others uses Edge to test their web pages? Long-time Slashdot reader Z00L00K has already answered, "I don't. If I test I avoid the quite erratic variations that Javascript can create as much as possible and resort to HTML and CSS Validators."

How about the rest of you? Use the comments to share your own thoughts, opinions, and experiences.

Do you test your web pages with Microsoft Edge?

Apple will no longer bundle Python 2.7 with macOS 12.3, according to developer release notes for the upcoming software update. MacRumors reports: Python 2 has not been supported since January 1, 2020 and no longer receives any bug fixes, security patches, or other changes. Apple says that developers should use an alternative programming language instead, such as Python 3, but it's worth noting that Python 3 also does not come preinstalled on macOS. Developers can run the stub /usr/bin/python3 in Terminal, but it prompts users to install Xcode developer tools, which includes Python 3.

Remember that developer who intentionally corrupted his two libraries which collectively had over 20 million weekly downloads and thousands of dependent projects? In the immediate aftermath he'd complained on Twitter that NPM "has reverted to a previous version of the faker.js package and Github has suspended my access to all public and private projects. I have 100s of projects. #AaronSwartz."

That was January 6th, and within about a week GitHub had restored his access, while one of his two libraries (faker-js) was forked by its community to create a community-driven project. But Thursday the developer announced on his Twitter account: What's up @Github? Ten days since you removed my ability to publish to NPM and fix the Infinity Zalgo bug in colors.js

Never responded to my support emails.

I have 100s of packages I need to maintain.

Everyone makes programming mistakes from time to time. Nobody is perfect.
It hasn't been confirmed that NPM has actually blocked his ability to publish — but the tweet already appears to be attracting reactions from other developers on social media.

Two-thirds of technology firms are experiencing a shortage of skilled workers, reports the BBC (citing a recent report from recruitment firm Harvey Nash).

But what's the solution? In an article shared by Chrisq, the BBC's business technology reporter field-tested some computer programming training: I attended Teach the Nation to Code, a free one-day Python coding workshop run by UK training firm, QA... But when it works, there's not much pay-off — just some lines on a screen. I also took classes with Cypher Coders and Creator Academy to teach me Scratch — a coding language for children with a simple visual interface... [I] found the step change from learning Scratch to Python similarly jarring in the children's toys — you suddenly go from colourful blocks to an empty screen with no handholding. What could help bridge this gap from fun games for kids, to more professional level complex coding?

Garry Law, founder of Australian coding training firm, Creator Academy, says IT education needs to be better. "We need to teach kids coding with visual, auditory and kinesthetic learning styles, and we need to adapt this learning method for adults, to attract more people to science, technology, engineering and mathematics (STEM)," he says....

Cost is also a big problem. According to Anna Brailsford, chief executive of social enterprise Code First: Girls, it typically costs £10,000 to learn coding and often there isn't a clear link between what is taught and the jobs available.
Long-time Slashdot reader AmiMoJo remembers that "the way I got started was by borrowing books from the library that contained example programs." Back then there were loads of books that were nothing but little BASIC apps for various machines. That got me started with a program that worked and often did something quite interesting or useful, like a graphical effect. Then I could tinker with it and learn that way.
But is that enough of a reward to attract new programmers — or should beginning courses target more learning styles? Share your own thoughts and experiences in the comments.

Do we need better computer programming courses for visual learners?

Owen Williams, writing for TechCrunch: [...] As a result, it shouldn't be a surprise that some open source developers are beginning to realize they wield outsized power, despite the lack of compensation they receive for their work, because their projects are used by some of the largest, most profitable companies in the world. In early January, for example, Marak Squires, the developer of two popular NPM packages, 'colors' and 'faker,' intentionally introduced changes to their code that broke their functionality for anyone using them, outputting "LIBERTY LIBERTY LIBERTY" followed by gibberish and an infinite loop when used. While Squires didn't comment on the reason for making the changes, he had previously said on GitHub that "I am no longer going to support Fortune 500s ( and other smaller sized companies ) with my free work." Squires' changes broke other popular projects, including Amazon's Cloud Development Kit, as his libraries were installed almost 20 million times per week on npm, with thousands of projects directly depending on them. Within a few hours, NPM had rolled back the rogue release and GitHub suspended the developer's account in response.

While NPM's response was to be expected after previous incidents in which malicious code was added to libraries and was ultimately rolled back to limit damage, GitHub's was a new one: the code hosting platform took down Squires' entire account, even though he was the owner of the code and was his rights to change it as he pleased. This isn't the first time a developer has pulled their code in protest, either. The developer of 'left-pad' pulled his code from NPM in 2016, breaking tens of thousands of websites that depended on it following a fight with the Kik messenger over the naming of another open source project he owned. What's astonishing is that despite the occasional high-profile libraries protesting the way the industry works, these types of incidents aren't all that common: open source developers continue to work for free, maintaining their projects as best they can, even though multi-million dollar products being created off of the back of their work.

Last weekend a developer intentionally corrupted two of his libraries which collectively had more than 20 million weekly downloads and thousands of dependent projects.

Eight days later, one of those libraries has become a community controlled project.

Some highlights from the announcement at fakerjs.dev: We're a group of engineers who were using Faker in prod when the main package was deleted. We have eight maintainers currently....

What has the team done so far?

1. Created a GitHub org [repository] for the new Faker package under @faker-js/faker.
2. Put together a team of eight maintainers.
3. Released all previous versions of Faker at @faker-js/faker on npm.
4. Released the Version 6 Alpha
5. Almost completed migrating to TypeScript so that DefinitelyTyped no longer needs to maintain its external @types/faker package.
6. Created a public Twitter account for communicating with the community.
7. Released the first official Faker documentation website....

Faker has never had an official docs website and the awesome Jeff Beltran has been maintaining a project called "Un-Official faker.js Documentation" for the last 3 years.

He gave us permission to re-use his work to create fakerjs.dev

8. Cleaned up tooling like Prettier, CI, Netlify Deploy Previews, and GitHub Actions.
9. Done a TON of issue triage and many, many PR reviews.
10. We've gotten in contact with the Open Collective and discussed a transition plan for the project.

We fully intend to extend Faker, continuously develop it, and make it even better.

As such, we will work on a roadmap after we release 6.x and merge all of the TypeScript Pull Requests in the next week....

We're now turning Faker into a community-controlled project currently maintained by eight engineers from various backgrounds and companies....

We're excited to give new life to this idea and project.

This project can have a fresh start and it will become even cooler.

We felt we needed to do a public announcement because of all of the attention the project received in the media and from the community.

We believe that we have acted in the way that is best for the community.
According to the announcement, they've now also forked the funding so the project's original sponsors can continue to support the community-driven development in the future, while the original developers Marak and Brian "were able to retain the $11,652.69 USD previously donated to the project."

Friday the official Twitter account for the new community project announced "It's been a week. We've merged all of the active forks. Currently at 1532 stars. Looks like everything is settling." [It's now up to over 1,800 stars.]

One of the new maintainers has posted on Twitter, "I'm just grateful to the faker community that willed itself into existence and stepped up."