Apple's App Store grossed more than $64 billion in 2020, according to an analysis by CNBC. From a report: That's up from an estimated $50 billion in 2019 and $48.5 billion in 2018, according to the same analysis, suggesting that App Store sales growth accelerated strongly during the Covid-19 pandemic, as people sheltered at home and spent more time and money on apps and games. App Store revenue grew 28% in 2020, up from 3.1% growth in 2019, according to CNBCâ(TM)s analysis. Apple's App Store is a core growth area for the company. It's reported as part of Apple's Services division, which reported $53.7 billion in sales in Apple's fiscal 2020, which ended in September. The money that Apple makes from its App Store has become a flash point for critics of Apple which argue it has too much power. Apple charges 30% for digital sales through its platform, with a few exceptions. Apple recently altered its fee structure, and now it only takes a 15% cut from companies that generate less than $1 million in the App Store.

Last July, GitHub prevented users in Iran and several other nations from accessing portions of the service due to U.S. sanction laws. Today, the world's largest host of source code announced that it has secured a license from the U.S. government to operate in Iran. It's also working to secure similar licenses for developers in Crimea and Syria as well. MSPoweruser reports: "Over the course of two years, we were able to demonstrate how developer use of GitHub advances human progress, international communication, and the enduring U.S. foreign policy of promoting free speech and the free flow of information. We are grateful to OFAC for the engagement which has led to this great result for developers. We are in the process of rolling back all restrictions on developers in Iran, and reinstating full access to affected accounts," wrote Nat Friedman, CEO of GitHub. GitHub is also working with the U.S. government to secure similar licenses for developers in Crimea and Syria as well.

"When you do computer programming, what sort of mental work are you doing?" asks science/tech journalist Clive Thompson: For a long time, folks have speculated on this. Since coding involves pondering hierarchies of symbols, maybe the mental work is kinda like writing or reading? Others have speculated it's more similar to the way our brains process math and puzzles. A group of MIT neuroscientists recently did fMRI brain-scans of young adults while they were solving a small coding challenge using a textual programming language (Python) and a visual one (Scratch Jr.). The results?

The brain activity wasn't similar to when we process language. Instead, coding seems to activate the "multiple demand network," which — as the scientists note in a public-relations writeup of their work — "is also recruited for complex cognitive tasks such as solving math problems or crossword puzzles."

So, coding is more like doing math than processing language?

Sorrrrrrt of ... but not exactly so. The scientists saw activity patterns that differ from those you'd see during math, too.

The upshot: Coding — in this (very preliminary!) work, anyway — looks to be a little different from either language or math. As the note, in a media release...

"Understanding computer code seems to be its own thing...."

Just anecdotally — having interviewed hundreds of coders and computer scientists for my book CODERS — I've met amazing programmers and computer scientists with all manner of intellectual makeups. There were math-heads, and there were people who practically counted on their fingers. There were programmers obsessed with — and eloquent in — language, and ones gently baffled by written and spoken communication. Lots of musicians, lots of folks who slid in via a love of art and visual design, then whose brains just seized excitedly on the mouthfeel of algorithms.

Long-time programmer/researcher/former MIT research fellow Jonathan Edwards writes a blog called "Alarming Development: Dispatches from the User Liberation Front."

He began the new year by arguing that software "is eating the world. But progress in software technology itself largely stalled around 1996." Slashdot reader tonique summarizes Edwards' argument: In 1996 there were "LISP, Algol, Basic, APL, Unix, C, Oracle, Smalltalk, Windows, C++, LabView, HyperCard, Mathematica, Haskell, WWW, Python, Mosaic, Java, JavaScript, Ruby, Flash, Postgress [sic]". After that we're supposed to have achieved "IntelliJ, Eclipse, ASP, Spring, Rails, Scala, AWS, Clojure, Heroku, V8, Go, React, Docker, Kubernetes, Wasm".

Edwards's main thesis is that the Internet boom around 1996 caused this slowdown because programmers could get rich quick. Then smart and ambitious people moved into Silicon Valley, and founded startups. But you can't do research at a startup due to time and money constraints. Today only "megacorps" like Google, Facebook, Apple and Microsoft are supposedly able to do relevant research because of their vast resources.

Computer science wouldn't help, either, because "most of our software technology was built in companies" and because computer science "strongly disincentivizes risky long-range research". Further, according to Edwards, the aversion to risk and "hyper-professionalization of Computer Science" is part of a larger and worrisome trend throughout the whole field and all of western civilisation.
Edwards' blog post argues that since 1996 "almost everything has been cleverly repackaging and re-engineering prior inventions. Or adding leaky layers to partially paper over problems below. Nothing is obsoleted, and the teetering stack grows ever higher..."

"[M]aybe I'm imagining things. Maybe the reason progress stopped in 1996 is that we invented everything. Maybe there are no more radical breakthroughs possible, and all that's left is to tinker around the edges. This is as good as it gets: a 50 year old OS, 30 year old text editors, and 25 year old languages.

"Bullshit. No technology has ever been permanent. We've just lost the will to improve."

A new report by Sensor Tower reveals that 2020 has been a record-setting year for worldwide spending on the Apple App Store and Google Play Store, which collectively passed $100 billion in a single year for the first time ever in November. From a report: The trend of increased spending continued over Christmas, when consumers around the world spent an estimated $407.6 million across Apple's App Store and Google Play. This represents a 34.5 percent year-on-year growth from approximately $303 million in 2019. At the same time in 2019, spending only increased by 17.1 percent year-on-year. Spending on Christmas day constituted 4.5 percent of December's total spending so far, which reached nine billion dollars globally on December 27. The majority of holiday spending was on mobile games, which climbed by 27 percent from $232.4 million at the same time last year to $295.6 million. Tencent's "Honor of Kings" was the leading game with approximately $10.7 million in consumer spending, which is a 205.7 percent increase from Christmas 2019. TikTok was the top app for spending outside of games, generating $4.7 million globally. Following previous years, Apple's App Store captured the majority of spending between the App Store and the Google Play Store, with 68.4 percent of spending, up 35.2 percent year-on-year. The Google Play Store saw $129 million in revenue compared to the App Store's $278.6 million.

Basecamp's David Heinemeier Hansson (the creator of Ruby on Rails) announced on Twitter this week that "all the tricks and tooling we used to build the front-end for Hey.com" have now been released as Hotwire (also known as New Magic), "an alternative approach to building modern web applications without using much JavaScript by sending HTML instead of JSON over the wire." This includes our brand-new Turbo framework...a set of complimentary techniques for speeding up page changes and form submissions, dividing complex pages into components, and stream partial page updates over WebSocket. All without writing any JavaScript at all...
Hotwire's web page argues HTML over the wire "makes for fast first-load pages, keeps template rendering on the server, and allows for a simpler, more productive development experience in any programming language, without sacrificing any of the speed or responsiveness associated with a traditional single-page application." On Twitter, Hansson called it "a refinement of years of research, experimentation, and SHIPPING HTML AT THE CENTER. It's been a revelation for us. Both for the web, and for our native apps." He shared a 13-minute video demonstration — then added a thoughtful comment about the state of web development today.

"Really curious to continue pushing the ECMAScript 6 + ES Modules approach in the browser. This isn't strictly related to Hotwire, but it's part of deconstructing the overly complicated mess we've all made of frontend development. One brick at the time!"

An anonymous reader quotes a report from Bloomberg: With great fanfare last week, 44 attorneys general hit Google with two antitrust complaints, following a landmark lawsuit the Justice Department and 11 states lodged against the Alphabet Inc. unit in October. What's less known is that Oracle Corp. spent years working behind the scenes to convince regulators and law enforcement agencies in Washington, more than 30 states, the European Union, Australia and at least three other countries to rein in Google's huge search-and-advertising business. Those efforts are paying off.

Officials in more than a dozen of the states that sued Google received what has been called Oracle's "black box" presentation showing how Google tracks users' personal information, said Ken Glueck, Oracle's top Washington lobbyist and the architect of the company's antitrust campaign against Google. Glueck outlined for Bloomberg the presentation, which often entails putting an Android phone inside a black briefcase to show how Google collects users' location details -- even when the phones aren't in use -- and confirmed the contours of the pressure campaign. "I couldn't be happier," said Glueck about the barrage of lawsuits. "As far as I can tell, there are more states suing Google than there are states." Oracle has fallen behind the tech giants in the marketplace, yet is notching one legal and regulatory win after another against them, Google especially. In response, Google spokesman Jose Castaneda denounced Oracle's "cloak-and-dagger lobbying campaign," saying "while Oracle describes itself as the biggest data broker on the planet, we're focused on keeping consumers' information safe and secure."

Application-security company Veracode "has released the 11th volume of its annual State of Software Security report, and its findings reveal that flawed applications are the norm, open-source libraries are increasingly untrustworthy, and it's taking a long time to patch problems," reports TechRepublic.

The top three security flaws — like last year — are still information leakage, cryptographic issues, and CRLF injection: The report found a full 76% of apps contained flaws, and 24% of apps have flaws considered highly severe. Some 70% of apps are inheriting security flaws from their open-source libraries, but it's important to note that only 30% of apps have more security bugs in their open-source libraries than in code written in-house, suggesting that it isn't solely open-source projects that are to blame... In terms of how bugs are being resolved, Veracode found that 73% of the bugs it found as part of the report were patched, which is a big improvement over previous years, when that number was in the mid-50% range. Despite that good sign, it's still taking an average of six months to close half of discovered flaws...

Veracode also released a heatmap of the worst bugs in the most popular languages. Interestingly enough, the language with the least use of open-source libraries is also the one with the most bugs: PHP.

Looking at the heatmap, it's easy to spot which of the five popular languages included has the worst security. Following PHP is C++, then Java, .Net, JavaScript, and Python. The latter two are, doing considerably better than the competition, with the worst flaws in each only being found in roughly 30% of apps. Compared to PHP with 74.6% of its apps vulnerable to cross-site scripting, JavaScript and Python are security powerhouses.

i-programmer reports: The Jakarta EE Working Group has announced that javax is now officially and finally renamed as jakarta with the release of the Jakarta EE 9 Platform and Web Profile specifications and related TCKs. The announcement was made during the JakartaOne Livestream virtual conference, and the group said that the release "provides a new baseline for the evolution and innovation of enterprise Java technologies under an open, vendor-neutral, community-driven process."

The move from Java EE to Jakarta EE was necessary because while Oracle handed over the open source version of Java to the Eclipse Foundation, it kept the names 'Java' and 'javax' and refused permission for their use...

The initial release doesn't include support for Java SE (Standard Edition) 11, the latest long-term support release of the standard Java platform. This will be added in a release in the next few weeks.

Last week, some Goodreads users received a disappointing message: The popular book tracking website is disabling access to its API for users who haven't used the product in more than 30 days. The company says it "plans to retire these tools" altogether and that, as of December 8, it will no longer issue new keys. It's unclear when or if Goodreads will close off its API to active users. From a report: "When I found out, I was pretty upset," says Karen Ellett, a software developer in South Carolina who uses the Goodreads API to power a private tool that tracks book series. The tool, which she had hoped to eventually release for other people to use, keeps track of new releases in book series she reads, which is a function Goodreads doesn't currently offer. When a new book gets added to the series, Ellett's tool updates automatically, so she doesn't have to go looking for it on her own when she's ready to dive back into the series. Since she's read 172 books this year, it's not easy for her to mentally juggle all the new additions she wants to get to on her own.

"I've put so many hours into developing this tool not just for myself, but with an eye towards it being utilized by other people. I'd say I was probably about 70 to 80% done, and now there's just no point," she says. As Goodreads is a stagnant product that has barely improved its functionality and features since it was acquired by Amazon in 2013, thousands of readers with basic coding skills use the Goodreads API to power their own better features and tools. On a thread about the change for Goodreads Developers, one user says the Discord book recommendations bot he was in the process of building suddenly stopped working. Another says his tool, which analyzes statistics related to the authors on a Goodreads user's "read" list, will be shut down, nullifying countless hours of work he put into the feature. Ellett still uses the API daily, so her access to the API hasn't been shut down -- yet. She heard about it from a friend who forwarded the email to her. Many Goodreads API users complain that the communication from Goodreads has been terrible, with people only hearing about the change from intermittent users whose access was suddenly terminated.

An anonymous Slashdot reader writes: For the past year, hackers have been breaking into MySQL databases, downloading tables, deleting the originals, and leaving ransom notes behind, telling server owners to contact the attackers to get their data back. If database owners don't respond and ransom their data back in nine days, the databases are then put up on auction on a dark web portal.
"More than 85,000 MySQL databases are currently on sale on a dark web portal for a price of only $550/database," reports ZDNet: This suggests that both the DB intrusions and the ransom/auction web pages are automated and that attackers don't analyze the hacked databases for data that could contain a higher concentration of personal or financial information. Signs of these ransom attacks have been piling up over the course of 2020, with the number of complaints from server owners finding the ransom note inside their databases popping up on Reddit, the MySQL forums, tech support forums, Medium posts, and private blogs.

Oracle said on Friday it's moving its headquarters from the Silicon Valley to Austin, Texas. CNBC reports: "Oracle is implementing a more flexible employee work location policy and has changed its Corporate Headquarters from Redwood City, California to Austin, Texas. We believe these moves best position Oracle for growth and provide our personnel with more flexibility about where and how they work," a spokesperson confirmed to CNBC. A bulk of employees can choose their office location, or continue to work from home part time or full time, the company said.

"In addition, we will continue to support major hubs for Oracle around the world, including those in the United States such as Redwood City, Austin, Santa Monica, Seattle, Denver, Orlando and Burlington, among others, and we expect to add other locations over time," Oracle said. "By implementing a more modern approach to work, we expect to further improve our employees' quality of life and quality of output." Oracle is one of Silicon Valley's older success stories, founded in Santa Clara in 1977. It moved into its current headquarters in 1989. Several of the buildings on its campus there are constructed in the shape of a squat cylinder, which is the classic symbol in computer systems design for a database, the product on which Oracle built its empire.

Microsoft has made available two different Windows 10 test builds today, one of which includes the promised x64 app emulation for Arm, among other features. ZDNet reports: The RS_Prerelease build 21277 -- which ultimately is expected to be designated as the "Cobalt" branch -- includes the features Microsoft had previously been testing but removed at the end of October. This includes the updated emoji picker, redesigned touch keyboard, voice typing, theme-aware splash screens and more. It also provides the aforementioned Arm emulation support. Currently, Windows on Arm natively supports Arm apps, including ARM64 versions. But so far, only 32-bit Intel (x86) apps are supported in emulation. This lack of x64 emulation has limited the number of apps that can run on Windows on Arm devices, since apps that are 64-bit only have only been available on Windows on Arm (WoA) devices if and when developers created native versions of them. As of now, these x64 Arm apps also can run in emulation. More details on the x64 Arm emulation preview functionality are in this Microsoft post.

An anonymous reader quotes a report from Ars Technica: It's a long time coming for Tesla's Full Self-Driving feature, and it hasn't been a cheap journey. The price for the self-driving feature has increased multiple times and is currently available for supported Teslas for $10,000.While Tesla's Full Self-Driving (FSD) beta continues to expand to more Tesla owners ahead of a planned end-of-year launch, the actual settings for the system have been uncovered and published on Twitter by a well-known Tesla hacker named Green. Not only are there dozens of settings and available adjustments, but there's also a way to show a detailed vehicle view of the world while a Tesla is driving down the road.

In a Twitter thread, Green shares the status of internal states within the system while taking us on a tour of dozens of settings ranging from controls for FSD and Enhanced Summon to information about the Camera and Ultrasonics. The system also shows sliders for GPS, speed threshold, and other items that no one outside of Tesla should ever mess with. There's also an Augmented Vision area where developers can toggle what's seen on a Tesla display while driving. It includes toggles for Pretty, Developer, and Camera Image. Once Developer is enabled, it shows options for a whole host of data that can be shown on the infotainment system. This all may be information overload for the average Tesla owner, but it's a fun way to get more details on how a Tesla sees the world. Tesla being Tesla, the developer settings also have fun settings including California Stop (which generally means you don't bring the car to a halt but just slow down at a stop sign) and something called Chiropractor Adjust Skeleton, which is filed under the City Streets settings. What that means is a mystery, but both items are part of the FSD defaults in the developer controls.

theodp writes: As the 8th annual Hour of Code kicked off this week, the College Board released 2020 AP national and state score breakouts for AP CS program participants. As in past years, this year's results still showed striking gaps in performance and participation across gender and ethnicity segments. Passing rates across major ethnic group segments ranged from 39.8%-78.6% for the Java-based AP CS A course, and 52%-83% for the newer "language agnostic" AP Computer Science Principles (CSP) course. Across gender segments, females accounted for 25% of AP CS A scores (16.2K of 64.9K total students) and 33.9% of AP CSP scores (38.6K of 113.9K students). Asian students accounted for 47% of all passing female AP CS A students. Due to pandemic-related school closures, the overall number of students completing AP STEM-related courses in 2020 declined for all subjects except CS. AP CS A, which had an abbreviated taken-at-home final exam, saw a modest 1.5% YOY increase in completions, while AP CSP saw a whopping 21.5% YOY increase in completions, no doubt helped by the cancellation of its end-of-course exam, which was to have counted for 60% of scores (students were instead assessed only by their portfolio submissions).

Amazon.com, American Express, Daimler AG and Stripe are among those joining a new GitHub program that will let companies directly fund open-source projects and software developers that are key to their businesses. From a report: It's an expansion of GitHub's Sponsors program, which previously let individuals support software projects and the millions of developers who use the digital platform to collaborate on, share and store code. GitHub, whose parent company Microsoft will also participate in the new service announced Tuesday, expects the change to dramatically increase the number of contributions. The year-old sponsors service has already generated enough money for some developers to rely on it as full-time work, said Devon Zuegel, GitHub's director of product for the communities department.

Long-time Slashdot reader destinyland writes: Advent of Code isn't the only geeky tradition that's continuing in 2020. "This is going to be the first full year with Raku being called Raku," notes the site raku-advent.blog. "However, it's going to be the 12th year (after this first article) in a row with a Perl 6 or Raku calendar, previously published in the Perl 6 Advent Calendar blog." The tradition continues, with a new article about the Raku programming language every day until Christmas.

And meanwhile over at perladvent.org, the Perl Advent Calendar is also continuing its own article-a-day tradition (starting with a holiday tale about how Perl's TidyAll library "makes it trivial for the elves to keep their code formatting consistent and clean.")

But they're not the only ones. "Pandemic or not, Christmas time is a time for wonder, joy and sharing," writes Kristofer Giltvedt Selbekk from Oslo-based Bekk Consulting (merging technology with user experience, product innovation and strategy). So this year they're "continuing our great tradition of sharing some of the stuff we know every December" with 11 different advent calendar sites sharing articles (or, on one site, podcast episodes), on topics including JavaScript, Kotlin, React, Elm, functional programming, and cloud computing.

And if you're more interested in outer space, this also marks the 13th year for the official Hubble Space Telescope Advent Calendar. "Every day until Friday, December 25, this page will present one new incredible image of our universe from NASA's Hubble telescope," explains its page at the Atlantic.
There's also a series of daily coding challenges called "24 days of JavaScriptmas" at the tutorial site Scrimba, which has turned the event into a marketing opportunity by promising a $1,000 prize on Christmas Eve to one lucky participant chosen from the ones who publicized their solutions on Twitter.

This week the Microsoft-owned code repository site GitHub released its annual report with statistics about its community, writes programming columnist Mike Melanson: The report offers a deep dive into three specific areas, with a look at developer productivity in the time of COVID, community and collaboration, and open source security. Highlights include increased productivity with 35% more repositories created in 2020 than 2019, a large open source community with more than 56M developers in 2020 with 100M expected by 2025, and security vulnerabilities that often go undetected for more than 4 years before being disclosed and 94% of projects relying on open source components.
"2020 has been a year of extraordinary change," notes GitHub's report. "Yet with 60M+ new repositories created this past year, one thing has remained true — developers came together from all corners of the world to innovate, find connection, and solve problems."

GitHub reports that over 1.9 billion contributions were added in the last year, with users distributed around the globe:

North America:	34%
Asia:	30.7%
Europe:	26.8%
South America:	4.9%
Africa:	2%
Oceania:	1.7%

And while JavaScript is still the most popular language used on the site, Python remains more popular (at #2) than Java (at #3) for the second year in a row.

1. JavaScript
2. Python
3. Java
4. TypeScript
5. C#
6. PHP
7. C++
8. C
9. Shell
10. Ruby

The programming language JavaScript emerged 25 years ago and has grown to become one of the most important pieces of the web and browser applications we use today. From a report: JavaScript is the go-to language for front-end development and has spawned Microsoft's Typescript, a superset of JavaScript with a stronger optional type system for developers that compiles to JavaScript when run in the browser. Both JavaScript and TypeScript conform to ECMAScript, the standard for JavaScript and node.js, the runtime for running applications outside of the browser thanks to Google's powerful V8 JavaScript engine. JavaScript's impact on the web cannot be understated. Tech giants have thrown their weight behind the language. Besides Google's V8, there are open source projects like React from Facebook and Angular from Google, which help spread web applications across smartphones and desktop. After Netscape and Sun Microsystems -- where Java was hatched in May 1995 by James Gosling -- announced JavaScript in December 1995, Microsoft promoted Visual Basic (VB) as a standard for creating web applications using VB Script for its Internet Explorer browser. Oracle would go on to buy Sun Microsystems in 2008 largely to get its hands on Java and its huge development ecosystem. The press release about its launch from 25 years ago.

GitHub has released its annual Octoverse report, revealing trends in one of the largest developer communities on the planet, including a spike in open source project activity following the start of the COVID-19 pandemic. VentureBeat: JavaScript continues to be the most popular programming language on GitHub, while Python is now the second most popular, followed by Java and the fast-growing TypeScript community. Maintained by GitHub owner Microsoft, TypeScript has climbed from seventh place in 2018 and 2019 to fourth overall this year. PHP and Ruby, languages that ranked among the most popular five years ago, continued to decline in popularity.