For Stack Overflow's annual survey, "Over 73,000 developers from 180 countries each spent roughly 15 minutes answering our questions," a blog post announces: The top five languages for professional developers haven't changed: JavaScript is still the most used, and Rust is the most loved for a seventh year. The big surprise came in the most loved web framework category. Showing how fast web technologies change, newcomer Phoenix took the most loved spot from Svelte, itself a new entry last year.... Check out the full results from this year's Developer Survey here.
In fact, 87% of Rust developers said that they want to continue using Rust, notes SD Times' summary of the results: Rust also tied with Python as the most wanted technology in this year's report, with TypeScript and Go following closely behind. The distinction between most loved and most wanted is that most wanted includes only developers who are not currently developing with the language, but have an interest in developing with it.
Slashdot reader logankilpatrick writes, "It should come as no surprise to those following the growth and expansion of the Julia Programming Language ecosystem that in this year's Stack Overflow developer survey, Julia ranked in the top 5 for the most loved languages (above Python — 6th, MatLab — Last, and R — 33rd)."

And the Register shares more highlights: Also notable in the 71,547 responses regarding programming languages was a switch again between Python and SQL. In 2021, Python pushed out SQL to be the third most commonly used language. This year SQL regained third place, just behind second placed HTML /CSS.

And the most hated...

Unsurprisingly, developers still dread that tap on the shoulder from the finance department for a tweak to that bit of code upon which the entire company depends. Visual Basic for Applications and COBOL still lurk within the top three most dreaded technologies.

The operating system rankings were little changed: Windows won out for personal and professional use, although for professional use Linux passed macOS to take second place with 40 percent of responses compared to Apple's 33 percent. Most notable was the growth of Windows Subsystem for Linux, which now accounts for 14 percent of personal use compared with a barely registering 3 percent in 2021.
But SD Times noted what may be the most interesting statistic: Only 15% of developers work on-site full time. Forty-three percent are fully remote and 42% are hybrid. Smaller organizations with 2-19 employees are more likely to be in-person, while large organizations with over 10k employees are more likely to be hybrid, according to the survey.
InfoWorld delves into what this means: "The world has made the decision to go hybrid and remote, I have a lot of confidence given the data I have seen that that is a one-way train that has left the station," Prashanth Chandrasekar, CEO of Stack Overflow told InfoWorld.

Chandrasekar says that flexibility and the tech stack developers get to work with are the most important contributors to overall happiness at work. "Many developers drop out of the hiring process because of the tech stack they will be working with," he said... Organizational culture is also shifting, and cloud-native techniques have taken hold among Stack Overflow survey respondents. Most professional developers (70%) now use some form of CI/CD and 60% have a dedicated devops function....

Lastly, Web3 still has software developers torn, with 32% of respondents favorable, 31% unfavorable, and 26% indifferent. Web3 refers to the emerging idea of a decentralized web where data and content are registered on blockchains, tokenized, or managed and accessed on peer-to-peer distributed networks.

It was June 29th of 2021 that Microsoft-owned GitHub first announced its AI-powered autocompletion tool for programmers — trained on GitHub repositories and other publicly-available source code.

But after a year in "technical preview," GitHub Copilot has reached a new milestone, reports Info-Q: you'll now have to pay to use it after a 60-day trial: The transition to general availability mostly means that Copilot ceases to be available for free. Interested developers will have to pay 10 USD/month or $100 USD/year to use the service, with a 60-day free trial.... According to GitHub, while not frequent, there is definitely a possibility that Copilot outputs code snippets that match those in the training set.
Info-Q also cites GitHub stats showing over 1.2 million developers used Copilot in the last 12 months "with a shocking 40% figure of code written by Copilot in files where it is enabled." That's up from 35% earlier in the year, reports TechCrunch — which has more info on the rollout: It'll be free for students as well as "verified" open source contributors — starting with roughly 60,000 developers selected from the community and students in the GitHub Education program... One new feature coinciding with the general release of Copilot is Copilot Explain, which translates code into natural language descriptions. Described as a research project, the goal is to help novice developers or those working with an unfamiliar codebase.

Ryan J. Salva, VP of product at GitHub, told TechCrunch via email... "As an example of the impact we've observed, it's worth sharing early results from a study we are conducting. In the experiment, we are asking developers to write an HTTP server — half using Copilot and half without. Preliminary data suggests that developers are not only more likely to complete their task when using Copilot, but they also do it in roughly half the time."

Owing to the complicated nature of AI models, Copilot remains an imperfect system. GitHub said that it's implemented filters to block emails when shown in standard formats, and offensive words, and that it's in the process of building a filter to help detect and suppress code that's repeated from public repositories. But the company acknowledges that Copilot can produce insecure coding patterns, bugs and references to outdated APIs, or idioms reflecting the less-than-perfect code in its training data.
The Verge ponders where this is going — and how we got here: "Just like the rise of compilers and open source, we believe AI-assisted coding will fundamentally change the nature of software development, giving developers a new tool to write code easier and faster so they can be happier in their lives," says GitHub CEO Thomas Dohmke.

Microsoft's $1 billion investment into OpenAI, the research firm now led by former Y Combinator president Sam Altman, led to the creation of GitHub Copilot. It's built on OpenAI Codex, a descendant of OpenAI's flagship GPT-3 language-generating algorithm.

GitHub Copilot has been controversial, though. Just days after its preview launch, there were questions over the legality of Copilot being trained on publicly available code posted to GitHub. Copyright issues aside, one study also found that around 40 percent of Copilot's output contained security vulnerabilities.

An anonymous reader quotes a report from Kotaku: On July 5, Zachtronics will be releasing Last Call BBS, a collection of stylish little puzzle games wrapped up in a retro PC gaming vibe. After 11 years in business (and even longer outside of commercial releases), a time which has seen the studio develop a cult following almost unrivaled in indie gaming, it will be the last new game Zachtronics will ever release. We spoke to founder Zach Barth to find out why.

Named for founder Zach Barth, Zachtronics has spent most of those 11 years specializing in puzzle games (or variations on the theme). And pretty much every single one of them has been great (or at least interesting). [...] The result has been a succession of games that may not have been to everyone's tastes, but for those with whom they resonated, it was their shit. It's not hard seeing why: most of Zachtronics' games involved challenging puzzles, but also a deeply cool and interesting presentation surrounding them, such as the grimy hacker aesthetic of Exapunks, or the Advance Wars-like Mobius Front 83. Given those initial and superficial differences, it can sometimes be hard pinpointing exactly what makes a game so clearly a Zachtronics joint, but like love and art, when you see it you just know it.

So it's sad, but also awesome in its own way, that 2022 will see the end of Zachtronics. Not because their publisher shuttered them, or because their venture capital funding ran out, or because Activision made them work on Call of Duty, or any other number of reasons (bankruptcy! scandal!) game developers usually close their doors. No, Zachtronics is closing because...they want to. "We're wrapping things up!" Barth tells Kotaku's Luke Plunkett. "Zachtronics will release Last Call BBS next month. We're also working on a long-awaited solitaire collection that we're hoping to have out by the end of the year. After that, the team will disband. We all have different ideas, interests, tolerances for risk, and so on, so we're still figuring out what we want to do next."

"We felt it was time for a change. This might sound weird, but while we got very good at making 'Zachtronics games' over the last twelve years, it was hard for us to make anything else. We were fortunate enough to carve out a special niche, and I'm thankful that we've been able to occupy it and survive in it, but it also kept us locked into doing something we didn't feel like doing forever."

Last Call BBS will be released on July 5 on Steam. You can view the trailer here.

At its re:Mars conference, Amazon today announced the launch of CodeWhisperer, an AI pair programming tool similar to GitHub's Copilot that can autocomplete entire functions based on only a comment or a few keystrokes. From a report: The company trained the system, which currently supports Java, JavaScript and Python, on billions of lines of publicly available open-source code and its own codebase, as well as publicly available documentation and code on public forums. It's now available in preview as part of the AWS IDE Toolkit, which means developers can immediately use it right inside their preferred IDEs, including Visual Studio Code, IntelliJ IDEA, PyCharm, WebStorm and Amazon's own AWS Cloud 9. Support for the AWS Lambda Console is also coming soon. Ahead of today's announcement, Vasi Philomin, Amazon's VP in charge of its AI services, stressed that the company didn't simply create this in order to offer a copy of Copilot. He noted that with CodeGuru, its AI code reviewer and performance profiler, and DevOps Guru, its tool for finding operation issues, the company laid the groundwork for today's launch quite a few years ago.

"The most impactful change to come out of WWDC had nothing to do with APIs, a new framework or any hardware announcement," writes Jordan Morgan via Daring Fireball. "Instead, it was a change I've been clamoring for the last several years -- and it's one that's incredibly indie friendly. As you've no doubt heard by now, I'm of course talking about iCloud enabled apps now allowing app transfers." 9to5Mac explains how it works: According to Apple, you already could transfer an app when you've sold it to another developer or you would want to move it to another App Store Connect account or organization. You can also transfer the ownership of an app to another developer without removing it from the App Store. The company said: "The app retains its reviews and ratings during and after the transfer, and users continue to have access to future updates. Additionally, when an app is transferred, it maintains its Bundle ID -- it's not possible to update the Bundle ID after a build has been uploaded for the app."

The news here is that it's easier for developers to transfer the ownership of apps that use iCloud. Apple said that if your app uses any of the following, it will be transferred to the transfer recipient after they accept the app transfer: iCloud to store user data; iCloud containers; and KVS identifiers are associated with the app.

The company said: "If multiple apps on your account share a CloudKit container, the transfer of one app will disable the other apps' ability to read or store data using the transferred CloudKit container. Additionally, the transferor will no longer have access to user data for the transferred app via the iCloud dashboard. Any app updates will disable the app's ability to read or store data using the transferred CloudKit container. If your app uses iCloud Key-Value Storage (KVS), the full KVS value will be embedded in any new provisioning profiles you create for the transferred app. Update your entitlements plist with the full KVS value in your provisioning profile." You can learn more about the news via this Apple Developer page.

Ars Technica describes Travis CI as "a service that helps open source developers write and test software." They also wrote Monday that it's "leaking thousands of authentication tokens and other security-sensitive secrets.

"Many of these leaks allow hackers to access the private accounts of developers on Github, Docker, AWS, and other code repositories, security experts said in a new report." The availability of the third-party developer credentials from Travis CI has been an ongoing problem since at least 2015. At that time, security vulnerability service HackerOne reported that a Github account it used had been compromised when the service exposed an access token for one of the HackerOne developers. A similar leak presented itself again in 2019 and again last year.

The tokens give anyone with access to them the ability to read or modify the code stored in repositories that distribute an untold number of ongoing software applications and code libraries. The ability to gain unauthorized access to such projects opens the possibility of supply chain attacks, in which threat actors tamper with malware before it's distributed to users. The attackers can leverage their ability to tamper with the app to target huge numbers of projects that rely on the app in production servers.

Despite this being a known security concern, the leaks have continued, researchers in the Nautilus team at the Aqua Security firm are reporting. A series of two batches of data the researchers accessed using the Travis CI programming interface yielded 4.28 million and 770 million logs from 2013 through May 2022. After sampling a small percentage of the data, the researchers found what they believe are 73,000 tokens, secrets, and various credentials.

"These access keys and credentials are linked to popular cloud service providers, including GitHub, AWS, and Docker Hub," Aqua Security said. "Attackers can use this sensitive data to initiate massive cyberattacks and to move laterally in the cloud. Anyone who has ever used Travis CI is potentially exposed, so we recommend rotating your keys immediately."

Speaking of TikTok moving US users' data to Oracle, a new report says that ByteDance staff in China accessed US TikTok users' data between September 2021 and January 2022. From the report: For years, TikTok has responded to data privacy concerns by promising that information gathered about users in the United States is stored in the United States, rather than China, where ByteDance, the video platform's parent company, is located. But according to leaked audio from more than 80 internal TikTok meetings, China-based employees of ByteDance have repeatedly accessed nonpublic data about US TikTok users -- exactly the type of behavior that inspired former president Donald Trump to threaten to ban the app in the United States.

The recordings, which were reviewed by BuzzFeed News, contain 14 statements from nine different TikTok employees indicating that engineers in China had access to US data between September 2021 and January 2022, at the very least. Despite a TikTok executive's sworn testimony in an October 2021 Senate hearing that a "world-renowned, US-based security team" decides who gets access to this data, nine statements by eight different employees describe situations where US employees had to turn to their colleagues in China to determine how US user data was flowing. US staff did not have permission or knowledge of how to access the data on their own, according to the tapes.

"Everything is seen in China," said a member of TikTok's Trust and Safety department in a September 2021 meeting. In another September meeting, a director referred to one Beijing-based engineer as a "Master Admin" who "has access to everything." (While many employees introduced themselves by name and title in the recordings, BuzzFeed News is not naming anyone to protect their privacy.) The recordings range from small-group meetings with company leaders and consultants to policy all-hands presentations and are corroborated by screenshots and other documents, providing a vast amount of evidence to corroborate prior reports of China-based employees accessing US user data.

TikTok has completed migrating its U.S. users' information to servers at Oracle, in a move that could address U.S. regulatory concerns over data integrity on the popular video app, the company confirmed to Reuters. From a report: The move comes nearly two years after a U.S. national security panel ordered ByteDance to divest TikTok because of fears that U.S. user data could be passed on to China's government.

Nolan Lawson, writing in a blogpost: Anyone who's worked in the tech industry for long enough, especially at larger organizations, has seen it before. A legacy system exists: it's big, it's complex, and no one fully understands how it works. Architects are brought in to "fix" the system. They might wheel out a big whiteboard showing a lot of boxes and arrows pointing at other boxes, and inevitably, their solution is... to add more boxes and arrows. Nobody can subtract from the system; everyone just adds. This might go on for several years. At some point, though, an organizational shakeup probably occurs -- a merger, a reorg, the polite release of some senior executive to go focus on their painting hobby for a while. A new band of architects is brought in, and their solution to the "big diagram of boxes and arrows" problem is much simpler: draw a big red X through the whole thing. The old system is sunset or deprecated, the haggard veterans who worked on it either leave or are reshuffled to other projects, and a fresh-faced team is brought in to, blessedly, design a new system from scratch.

As disappointing as it may be for those of us who might aspire to write the kind of software that is timeless and enduring, you have to admit that this system works. For all its wastefulness, inefficiency, and pure mendacity ("The old code works fine!" "No wait, the old code is terrible!"), this is the model that has sustained a lot of software companies over the past few decades. Will this cycle go on forever, though? I'm not so sure. Right now, the software industry has been in a nearly two-decade economic boom (with some fits and starts), but the one sure thing in economics is that booms eventually turn to busts. During the boom, software companies can keep hiring new headcount to manage their existing software (i.e. more engineers to understand more boxes and arrows), but if their labor force is forced to contract, then that same system may become unmaintainable. A rapid and permanent reduction in complexity may be the only long-term solution.

One thing working in complexity's favor, though, is that engineers like complexity. Admit it: as much as we complain about other people's complexity, we love our own. We love sitting around and dreaming up new architectural diagrams that can comfortably sit inside our own heads -- it's only when these diagrams leave our heads, take shape in the real world, and outgrow the size of any one person's head that the problems begin. It takes a lot of discipline to resist complexity, to say "no" to new boxes and arrows. To say, "No, we won't solve that problem, because that will just introduce 10 new problems that we haven't imagined yet." Or to say, "Let's go with a much simpler design, even if it seems amateurish, because at least we can understand it." Or to just say, "Let's do less instead of more."

Shutterfly recently moved its photo libraries to Amazon's cloud division — and became one of the companies that stopped using Oracle for it database management, Bloomberg reports: Businesses are opting to align with newer providers such as MongoDB Inc., Databricks Inc. and Snowflake Inc. instead of Oracle, the sector stalwart, as a result of changes across the enterprise technology landscape.

The move to the cloud is challenging the systems of the past. Newer providers are also making it much easier to adopt their technology directly, alleviating the need for corporate purchasers to negotiate large contracts with salespeople and allowing end users to more easily pick their own tools. Offerings from the newer software makers can also be deployed without large teams of database administrators that are typically needed to support Oracle's products, a cost-saver for organizations that would otherwise have to fight against other businesses for these in-demand engineers. The evidence of the shift is widespread. JPMorgan Chase & Co. chose Cockroach Labs Inc. as the database vendor to support its new retail banking application in Europe. Nasdaq Inc. is working with closely held Databricks and Amazon.com Inc.'s Amazon Web Services, among others, in its quest to upgrade from on-premises Oracle data repositories. Alongside AWS, database products from rival cloud vendors Microsoft Corp. and Alphabet Inc.'s Google Cloud are also growing quickly. And many businesses, like JetBlue Airways Corp. and Automatic Data Processing Inc., are tapping Snowflake to help store and analyze corporate data to power sales dashboards, among other uses....

Collectively, the initiatives are just a small fragment of the estimated $155 billion database market. But it's evidence of a tectonic shift happening within the industry, one that is threatening the leadership status Oracle cultivated over the past 43 years, ever since co-founder Larry Ellison and his team brought to market the first relational database, or one in which information was organized in tables that could be more easily accessed, manipulated and analyzed.... Oracle doesn't disclose financial results specifically for its database business. Much of that revenue comes from providing support and maintenance for existing customers versus new sales. But Oracle's influence is slowly fading. While it owned an estimated 27% of the database market in 2019, that fell to 24% in 2020, per Gartner. In the same time frame, Amazon went from 17% market share to almost 21%.

Oracle declined to comment for this story. Rivals are growing quickly. At MongoDB, for example, sales rose 57% to $285 million in the most recent quarter. Those results, analysts and company executives say, indicate businesses are using MongoDB for increasingly larger projects.... Oracle makes a significant portion of its revenue on existing customers. Every few years, when companies have to renew their contracts, Oracle can raise prices for maintenance and support — a business with margins hovering around 95%, according to Craig Guarente, a 16-year veteran of Oracle who is now CEO and co-founder of consulting firm Palisade Compliance.

"The entire profit of the company comes from Oracle database maintenance," he said. With each contract negotiation, "you go from paying $20 million a year, to $30 million a year, to paying $50 million a year."

At Silicon Valley's Computer History Museum, the senior curator just announced the results of a multi-year recovery and restoration process: making available 21 never-before-seen video recordings of a legendary 1976 conference: For five summer days in 1976, the first generation of computer rock stars had its own Woodstock. Coming from around the world, dozens of computing's top engineers, scientists, and software pioneers got together to reflect upon the first 25 years of their discipline in the warm, sunny (and perhaps a bit unsettling) climes of the Los Alamos National Laboratories, birthplace of the atomic bomb.
Among the speakers:

- A young Donald Knuth on the early history of programming languages

- FORTRAN designer John Backus on programming in America in the 1950s — some personal perspectives

- Harvard's Richard Milton Bloch (who worked with Grace Hopper in 1944)

- Mathematician/nuclear physicist Stanislaw M. Ulam on the interaction of mathematics and computing

- Edsger W. Dijkstra on "a programmer's early memories."


The Computer History Museum teases some highlights: Typical of computers of this generation, the 1946 ENIAC, the earliest American large-scale electronic computer, had to be left powered up 24 hours a day to keep its 18,000 vacuum tubes healthy. Turning them on and off, like a light bulb, shortened their life dramatically. ENIAC co-inventor John Mauchly discusses this serious issue....

The Los Alamos peak moment was the brilliant lecture on the British WW II Colossus computing engines by computer scientist and historian of computing Brian Randell. Colossus machines were special-purpose computers used to decipher messages of the German High Command in WW II. Based in southern England at Bletchley Park, these giant codebreaking machines regularly provided life-saving intelligence to the allies. Their existence was a closely-held secret during the war and for decades after. Randell's lecture was — excuse me — a bombshell, one which prompted an immediate re-assessment of the entire history of computing. Observes conference attendee (and inventor of ASCII) IBM's Bob Bemer, "On stage came Prof. Brian Randell, asking if anyone had ever wondered what Alan Turing had done during World War II? From there he went on to tell the story of Colossus — that day at Los Alamos was close to the first time the British Official Secrets Act had permitted any disclosures. I have heard the expression many times about jaws dropping, but I had really never seen it happen before."

Publishing these original primary sources for the first time is part of CHM's mission to not only preserve computing history but to make it come alive. We hope you will enjoy seeing and hearing from these early pioneers of computing.

Apple announced on Friday that it's once again updated its rules about how Dutch dating apps can use third-party payment systems, after the company had "productive conversations with the Netherlands Authority for Consumers and Markets (ACM)." From a report: The updated rules give developers more flexibility about which payment systems they use, change the language users see when they go to pay, and remove other restrictions that the previous rules put in place. While the rules aren't wide-reaching (again, they only apply to Dutch dating apps), they do show what Apple's willing to do to comply with government regulation -- which it could be facing a lot more of as the EU and US gear up to fight tech monopolies, and potentially even force the company to ditch the iPhone's Lightning port.

In December the ACM announced a ruling that Apple had to let dating apps use payment services besides the one built into iOS, after the regulator received a complaint from Match Group, the company behind dating services like Tinder, Match.com, and OkCupid. Since then, Apple has proposed a variety of solutions for complying with the order, which the regulator has said aren't good enough. In May, the ACM said that Apple's most recent rules, the ones prior to the Friday update, were improvements over its past ideas, but that they still didn't comply with Dutch and European laws. There's been increasing pressure for Apple to comply: even while the company works on changes, it's been racking up tens of millions of Euros in fines.

GitHub has announced that it will sunset Atom, the text editor for software development that the company introduced in 2011. In a blog post, GitHub said that it will archive the Atom repository and all other repositories remaining in the Atom organization on December 15, 2022. From a report: Atom served as the foundation for the Electron framework, which paved the way for thousands of apps including Microsoft Visual Studio Code, Slack, GitHub's own GitHub Desktop. But GitHub asserts that Atom community involvement has declined as new tools have emerged over the years. Atom itself hasn't seen significant feature development for the past several months beyond maintenance and security updates.

"Besides new language features and other improvements, Python 3.11 performance is looking fantastic with very nice performance uplift over prior Python 3.x releases," writes Phoronix's Michael Larabel. From the report: Python 3.11 has been baking support for task groups in asyncio, fine-grained error locations in tracebacks, the self-type to return an instance of their class, TypeVarTuple for variadic generics, and various other features. Besides changes affecting the Python language itself, Python 3.11 has been landing performance work from the "Faster Cython Project" to speed-up the reference implementation. Python 3.11 is 10~60% faster than Python 3.10 according to the official figures and a 1.22x speed-up with their standard benchmark suite.

The Python Docs cover some of the significant performance improvements made for this upcoming release. The formal Python 3.11.0 release isn't expected until October while multiple betas will come through July and then at least two release candidates in the following months before early October.

Hirrolot's blog: When you use Rust, it is sometimes outright preposterous how much knowledge of language, and how much of programming ingenuity and curiosity you need in order to accomplish the most trivial things. When you feel particularly desperate, you go to rust/issues and search for a solution for your problem. Suddenly, you find an issue with an explanation that it is theoretically impossible to design your API in this way, owing to some subtle language bug. The issue is Open and dated Apr 5, 2017.

I entered Rust four years ago. To this moment, I co-authored teloxide and dptree, wrote several publications and translated a number of language release announcements. I also managed to write some production code in Rust, and had a chance to speak at one online meetup dedicated to Rust. Still, from time to time I find myself disputing with Rust's borrow checker and type system for no practical reason. Yes, I am no longer stupefied by such errors as cannot return reference to temporary value - over time, I developed multiple heuristic strategies to cope with lifetimes...

But one recent situation has made me to fail ignominiously. [...]

The developers behind the open source MongoDB, and its commercial service counterpart MongoDB Atlas, have been busy making the document database easier to use for developers. From a report: Available in preview, Queryable Encryption provides the ability to query encrypted data, and with the entire query transaction be encrypted -- an industry first according to MongoDB. This feature will be of interest to organizations with a lot of sensitive data, such as banks, health care institutions and the government. This eliminates the need for developers to be experts in encryption, Davidson said. This end-to-end client-side encryption uses novel encrypted index data structures, the data being searched remains encrypted at all times on the database server, including in memory and in the CPU. The keys never leave the application and the company maintains that the query speed nor overall application performance are impacted by the new feature.

MongoDB is also now supporting time series data, which are important for monitoring physical systems, quick-moving financial data, or other temporally-oriented datasets. In MongoDB 6.0, time-series collections can have secondary indexes on measurements, and the database system has been optimized to sort time-based data more quickly. Although there are a number of databases specifically geared towards time-series data specifically, such as InfluxDB, many organizations may not want to stand-up an entire database system for this specific use, a separate system costing more in terms of support and expertise, Davidson argued. Another feature is Cluster-to-Cluster Synchronization, which provides the continuous data synchronization of MongoDB clusters across environments. It works with Atlas, in private cloud, on-premises, or on the edge. This sets the stage for using data in multiple places for testing, analytics, and backup.

As expected, Apple has used the stage at its WWDC 2022 keynote to reveal the features and changes coming to macOS in the next major software update for the platform, macOS 13 Ventura. From a report: Ventura's headlining feature is a new multitasking interface called Stage Manager. It's being billed as a way to fight window clutter on a busy desktop -- enter Stage Manager mode, and one of your windows floats to the center of the screen, pushing your other windows into a compressed navigation column on the left of the screen. Click a different app window on the left, and it will fly to the center of the screen, knocking the app you were using before into the navigation column. Spotlight also gets some handy quality-of-life updates, adding the ability to Quick Look search results directly from the Spotlight window, and the ability to run Shortcuts from within Spotlight.

Safari picks up the ability to share groups of tabs with other users, letting all users add and remove tabs. The browser is also adding a FIDO-compliant security technology called PassKeys, which aim to replace passwords with cryptographically generated keys that sync between devices using iCloud Keychain. Sites that support PassKeys can be opened using TouchID or FaceID. Apple's cross-device Continuity features were also updated. FaceTime calls can be handed off seamlessly between different Macs and iDevices, while Continuity Camera allows you to use an iPhone as a webcam (your iPhone's LED can even be used as a makeshift ring light). Continuity Camera supports Center Stage and Portrait Mode effects, too, though presumably they will require newer iPhones with hardware that supports those features.

"C++ allows for writing high-performance applications but this comes at a price, security..." So says Google's Chrome security team in a recent blog post, adding that in general, "While there is appetite for different languages than C++ with stronger memory safety guarantees, large codebases such as Chromium will use C++ for the foreseeable future."

So the post discusses "our journey of using heap scanning technologies to improve memory safety of C++." The basic idea is to put explicitly freed memory into quarantine and only make it available when a certain safety condition is reached. Microsoft has shipped versions of this mitigation in its browsers: MemoryProtector in Internet Explorer in 2014 and its successor MemGC in (pre-Chromium) Edge in 2015. In the Linux kernel a probabilistic approach was used where memory was eventually just recycled. And this approach has seen attention in academia in recent years with the MarkUs paper. The rest of this article summarizes our journey of experimenting with quarantines and heap scanning in Chrome.
In essence the C++ memory allocator (used by new and delete) is "intercepted." There are various hardening options which come with a performance cost:


- Overwrite the quarantined memory with special values (e.g. zero);

- Stop all application threads when the scan is running or scan the heap concurrently;

- Intercept memory writes (e.g. by page protection) to catch pointer updates;

- Scan memory word by word for possible pointers (conservative handling) or provide descriptors for objects (precise handling);

- Segregation of application memory in safe and unsafe partitions to opt-out certain objects which are either performance sensitive or can be statically proven as being safe to skip;

- Scan the execution stack in addition to just scanning heap memory...


Running our basic version on Speedometer2 regresses the total score by 8%. Bummer...

To reduce the regression we implemented various optimizations that improve the raw scanning speed. Naturally, the fastest way to scan memory is to not scan it at all and so we partitioned the heap into two classes: memory that can contain pointers and memory that we can statically prove to not contain pointers, e.g. strings. We avoid scanning memory that cannot contain any pointers. Note that such memory is still part of the quarantine, it is just not scanned....

[That and other] optimizations helped to reduce the Speedometer2 regression from 8% down to 2%.
Thanks to Slashdot reader Hari Pota for sharing the link

Denmark-based Poul-Henning Kamp describes himself as the "author of a lot of FreeBSD, most of Varnish and tons of other Open Source Software." And he shares this message in June's Communications of the ACM.

"The software industry is still the problem." If any science fiction author, famous or obscure, had submitted a story where the plot was "modern IT is a bunch of crap that organized crime exploits for extortion," it would have gotten nowhere, because (A) that is just not credible, and (B) yawn!

And yet, here we are.... As I write this, 200-plus corporations, including many retail chains, have inoperative IT because extortionists found a hole in some niche, third-party software product most of us have never heard of.
But he's also proposing a solution. In Denmark, 129 jobs are regulated by law. There are good and obvious reasons why it is illegal for any random Ken, Brian, or Dennis to install toilets or natural-gas furnaces, perform brain surgery, or certify a building is strong enough to be left outside during winter. It may be less obvious why the state cares who runs pet shops, inseminates cattle, or performs zoological taxidermy, but if you read the applicable laws, you will learn that animal welfare and protection of endangered species have many and obscure corner cases.

Notably absent, as in totally absent, on that list are any and all jobs related to IT; IT architecture, computers, computer networks, computer security, or protection of privacy in computer systems. People who have been legally barred and delicensed from every other possible trade — be it for incompetence, fraud, or both — are entirely free to enter the IT profession and become responsible for the IT architecture or cybersecurity of the IT system that controls nearly half the hydrocarbons to the Eastern Seaboard of the U.S....

With respect to gas, water, electricity, sewers, or building stability, the regulations do not care if a company is hundreds of years old or just started this morning, the rules are always the same: Stuff should just work, and only people who are licensed — because they know how to — are allowed to make it work, and they can be sued if they fail to do so.

The time is way overdue for IT engineers to be subject to professional liability, like almost every other engineering profession. Before you tell me that is impossible, please study how the very same thing happened with electricity, planes, cranes, trains, ships, automobiles, lifts, food processing, buildings, and, for that matter, driving a car.

As with software product liability, the astute reader is apt to exclaim, "This will be the end of IT as we know it!" Again, my considered response is, "Yes, please, that is precisely my point!"

An anonymous reader quotes a report from Motherboard: A hacker has obtained a database that includes the full name, email address, corporate ID numbers, and phone number of hundreds of Verizon employees. It's unclear if all the data is accurate or up to date. Motherboard was able to confirm that at least some of the data is legitimate by calling phone numbers in the database. Four people confirmed their full names and email addresses, and said they work at Verizon. Another one confirmed the data, and said she used to work at the company. Around a dozen other numbers returned voicemails that included the names in the database, suggesting those are also accurate.

The hacker contacted Motherboard last week to share the information. The anonymous hacker said they obtained the data by convincing a Verizon employee to give them remote access to their corporate computer. At that point the hacker said they gained access to a Verizon internal tool that shows employee's information, and wrote a script to query and scrape the database. "These employees are idiots and will allow you to connect to their PC under the guise that you are from internal support," they told Motherboard in an online chat. The hacker said they would like Verizon to pay them $250,000 as a reward. A Verizon spokesperson confirmed the hacker has been in contact with the company.

"A fraudster recently contacted us threatening to release readily available employee directory information in exchange for payment from Verizon. We do not believe the fraudster has any sensitive information and we do not plan to engage with the individual further," the spokesperson told Motherboard. "As always, we take the security of Verizon data very seriously and we have strong measures in place to protect our people and systems."