Stack Overflow asked 65,000 programmers for their favorite programming language, and this year Microsoft's TypeScript knocked Python from the #2 spot. So they interviewed Microsoft's principal engineering lead for the language "to find out what about TypeScript makes it so dang lovable." Q: Do you remember why the team came up with TypeScript, why you wanted to release something like this?

A: When I joined the team, there were a lot of people at Microsoft who wanted to develop JavaScript at what we call "application scale." Teams like TFS and Office wanted to build large JavaScript applications. A lot of those people had familiarity with statically-typed languages — C++, C#, Java, that kind of thing. They wanted to have that static typing available both for conceptual scalability and for the tooling...

Q: Was there a point where you saw an adoption point of no return? Was there something that came along where people were like, oh, yeah, we do TypeScript now?

A: Oh, it was definitely Google announcing that they were going to use TypeScript with Angular. That's kind of lost to time now. But if you look at the graphs for TypeScript, literally any graph — GitHub stars, downloads, pull requests — you can see the exact point when that Angular announcement came out. And the graph just changes. It never looks back... TypeScript shores up that last rough edge on JavaScript and gives you something that's just really fun to work with and runs everywhere. I think if TypeScript were a language that was built on top of a less universal language or a less fun language, I don't think it would be as successful. It's really taking something that's great and making it better...

I think my favorite thing that I see is people on the Internet saying, 'I did this huge refactoring in TypeScript and I was refactoring for three hours. And then I ran my code and it worked the first time.' In a dynamic language, that would just never, ever happen....

I would just say to people, if static types aren't a good fit for you, for either your programming style or the problem you're working on, just skip it. That's fine. It's okay. I won't be offended. If someone can get a thirty thousand line application that gets its job done without static types, I'm very impressed. That just seems really difficult. But kudos to those people who make it work. Python's the same way. Very few people have working Python type annotations, but Python is incredibly popular. I think the data speaks for itself — I think Python is number three in the survey... I guarantee you that a very small proportion of those Python developers have static types. Whatever your problem domain is, that might be the best fit for you.

"GitHub says it's open-sourcing its in-house linting tool, the GitHub Super Linter, to clean up code," reports ZDNet: Having a tool that checks source code for programming blunders and other errors is useful for developers. Now Microsoft-owned GitHub has released the 'Super Linter' to help developers avoid the hassles of setting up code repositories with multiple linters...

GitHub describes it as a "simple combination of various linters, written in bash, to help validate your source code" for the purpose of preventing broken code from being uploaded to a 'master' branch, the key branch that other branches in a tree are merged to... The Super Linter Action lets developers 'lint' or check their code base using popular linters for Python, JavaScript, Go, XML, YAML, and more programming languages. As such, GitHub engineer Lucas Gravley describes the Super Linter as the "one linter to rule them all".

"The GitHub Super Linter was built out of necessity by the GitHub Services DevOps Engineering team to maintain consistency in our documentation and code while making communication and collaboration across the company a more productive experience," says Gravley... "When you've set your repository to start running this action, any time you open a pull request, it will start linting the code case and return via the Status API. It will let you know if any of your code changes passed successfully, or if any errors were detected, where they are, and what they are," explains Gravley.

The Super Linter doesn't fix problems but does flag them, so developers can then go back and fix them before they reach the master branch.

From a report: Have you ever wondered why online ads appear for things that you were just thinking about? There's no big conspiracy. Ad tech can be creepily accurate. Tech giant Oracle is one of a few companies in Silicon Valley that has near-perfected the art of tracking people across the internet. The company has spent a decade and billions of dollars buying startups to build its very own panopticon of users' web browsing data. One of those startups, BlueKai, which Oracle bought for a little over $400 million in 2014, is barely known outside marketing circles, but it amassed one of the largest banks of web tracking data outside of the federal government. BlueKai uses website cookies and other tracking tech to follow you around the web. By knowing which websites you visit and which emails you open, marketers can use this vast amount of tracking data to infer as much about you as possible -- your income, education, political views, and interests to name a few -- in order to target you with ads that should match your apparent tastes. If you click, the advertisers make money.

But for a time, that web tracking data was spilling out onto the open internet because a server was left unsecured and without a password, exposing billions of records for anyone to find. Security researcher Anurag Sen found the database and reported his finding to Oracle through an intermediary -- Roi Carthy, chief executive at cybersecurity firm Hudson Rock and former TechCrunch reporter.

STERIS Corporation, a company that makes sterilization and other medical equipment, sent a letter to iFixit claiming their online database of repair manuals for ventilators and medical equipment violates their copyrights. Motherboard reports: "It has come to my attention that you have been reproducing certain installation and maintenance manuals relating to our products, documentation which is protected by copyright law," the letter said. The letter then went on to tell [Kyle Wiens, CEO of iFixit] to remove all Steris copyrighted material from the iFixit website within 10 days of the letter. As Motherboard reported in March, major manufacturers of medical devices have long made it difficult for their devices to be repaired through third party repair professionals. Manufacturers have often lobbied against right to repair legislation and many medical devices are controlled by artificial "software locks" that allow only those with authorization to make modifications.

"I'm disappointed that Steris is resorting to legal threats to stop hospitals from having access to information about how to maintain critical sterilization equipment during a pandemic," Wiens told Motherboard in an email. "No manufacturer should be stopping hospitals from repairing their equipment," Wiens said. "The best way to ensure patient safety is to make sure that equipment is being maintained regularly using the manufacturer's recommended procedures. The only way to do that is if hospitals have up to date manuals." With regards to the letter sent by Steris, Wiens said iFixit has not removed any material from its website. "We explained to Steris that what we did is a lawful and protected fair use under the U.S. Copyright act," Wiens said. "iFixit is protected by Section 512 of the Digital Millennium Copyright Act, which allows online platforms to host content contributed by users provided they comply with the Act's requirements, which iFixit does," a letter to Steris from the Electronic Frontier Foundation on behalf of iFixit said.

The European Commission announced Tuesday that it's launching two antitrust investigations into Apple's App Store rules and the Apple Pay platform. From a report: The Commission, the executive arm of the EU, said it will assess whether Apple's rules for app developers on the distribution of apps via the App Store breach EU competition rules. While companies can place their apps on the App Store at no cost, Apple charges companies 30% from in-app purchases and 30% on subscriptions for the first year, then 15% thereafter. Spotify, which competes directly with Apple Music, feels this is unfair and filed a formal complaint in March 2019. Kobo, an e-reader company that competes with Apple Books, has also filed a complaint. Executive Vice-President Margrethe Vestager, in charge of competition policy, said in a statement: "Mobile applications have fundamentally changed the way we access content. Apple sets the rules for the distribution of apps to users of iPhones and iPads. It appears that Apple obtained a 'gatekeeper' role when it comes to the distribution of apps and content to users of Apple's popular devices. We need to ensure that Apple's rules do not distort competition in markets where Apple is competing with other app developers, for example with its music streaming service Apple Music or with Apple Books. I have therefore decided to take a close look at Apple's App Store rules and their compliance with EU competition rules."

Ahead of Apple's Worldwide Developer Conference starting next week, the company has today launched a new version of its Apple Developer App to better support its plans for the virtual event. TechCrunch reports: Notably, the app has been made available for Mac for the first time, in addition to a redesign and other minor feature updates. With the needs of an entirely virtual audience in mind, Apple has redesigned the app's Discover section to make it easier for developers to catch up on the latest stories, news, videos and more, the company says. This section will be regularly updated with "actionable" content, Apple notes, including the latest news, recommendations on implementing new features, and information about inspiring engineers and designers, alongside new videos.

It has also updated its Browse tab where users search for existing sessions, videos, articles and news, including the over 100 technical and design-focused videos found in the WWDC tab. The WWDC tab has also been updated in preparation for the live event starting on Monday, June 22. The redesign has added a way to favorite individual articles, in addition to session content and videos. Plus it includes new iMessage stickers along with other enhancements and bug fixes. The app, which was previously available on iPhone, iPad and Apple TV, is also now offered on Mac.

"The terms 'allowlist' and 'blocklist' describe their purpose, while the other words use metaphors to describe their purpose," reads a change description on the source code for Android -- from over a year ago. 9to5Mac calls it "a shortened version of Google's (internal-only) explanation" for terminology changes which are now becoming more widespread.

And Thursday GitHub's CEO said they were also "already working on" renaming the default branches of code from "master" to a more neutral term like "main," reports ZDNet: GitHub lending its backing to this movement effectively ensures the term will be removed across millions of projects, and effectively legitimizes the effort to clean up software terminology that started this month.

But, in reality, these efforts started years ago, in 2014, when the Drupal project first moved in to replace "master/slave" terminology with "primary/replica." Drupal's move was followed by the Python programming language, Chromium (the open source browser project at the base of Chrome), Microsoft's Roslyn .NET compiler, and the PostgreSQL and Redis database systems... The PHPUnit library and the Curl file download utility have stated their intention to replace blacklist/whitelist with neutral alternatives. Similarly, the OpenZFS file storage manager has also replaced its master/slave terms used for describing relations between storage environments with suitable replacements. Gabriel Csapo, a software engineer at LinkedIn, said on Twitter this week that he's also in the process of filing requests to update many of Microsoft's internal libraries.
A recent change description for the Go programming language says "There's been plenty of discussion on the usage of these terms in tech. I'm not trying to have yet another debate." It's clear that there are people who are hurt by them and who are made to feel unwelcome by their use due not to technical reasons but to their historical and social context. That's simply enough reason to replace them.

Anyway, allowlist and blocklist are more self-explanatory than whitelist and blacklist, so this change has negative cost.
That change was merged on June 9th -- but 9to5Mac reports it's just one of many places these changes are happening. "The Chrome team is beginning to eliminate even subtle forms of racism by moving away from terms like 'blacklist' and 'whitelist.' Google's Android team is now implementing a similar effort to replace the words 'blacklist' and 'whitelist.'" And ZDNet reports more open source projects are working on changing the name of their default Git repo from "master" to alternatives like main, default, primary, root, or another, including the OpenSSL encryption software library, automation software Ansible, Microsoft's PowerShell scripting language, the P5.js JavaScript library, and many others.

Long-time Slashdot reader destinyland writes: Vintage computing enthusiasts have recreated NASA's legendary "Apollo Guidance Computer," the 1960s-era assembly-language onboard guidance and navigation computer for the Apollo missions to the moon. Unfortunately, the software had been lost for the Apollo 10 mission (a manned "dress rehearsal" mission which flew to the moon eight weeks before Neil Armstrong's famous moonwalk mission).

But spaceflight engineer Mike Stewart found a clever way to recreate it, according to one science show on YouTube. Stewart found a print-out of an earlier version of the program, and "with the help of a small army of volunteers, Mike hand-transcribed the source listing and all of its programs..." — all 1,735 pages of it. (Though what used to take 25 minutes to compile together on a Honeywell mainframe now takes less than a second on his modern laptop.) There were also NASA memos which described the change, later versions of the program which had implemented the changes — and most importantly, a recently-discovered NASA document giving the checksum for every version of every program run on the Apollo Guidance Computer. So Stewart was able to cut-and-paste carefully-chosen code and variables from later versions of the program — based on the clues in NASA's memos — until he'd recreated a program with the exact same checksum.

There's also a separate video about the Apollo 10 code, highlighting "lighthearted comments in very serious code." (For example, to warn off people who'd change their crucial constants, they'd actually included a Latin phrase — a play on a biblical quote which translates roughly to "Don't touch these.") The ignition routine that actually lights the descent engine for the moon landing is named BURNBABY. The comment accompanying it? "OFF TO SEE THE WIZARD."

Bjarne Stroustrup, the 69-year-old Danish creator of C++, just released a 168-page paper (published under a Creative Commons Attributions-NoDerivatives license) in the Proceedings of the ACM on Programming Languages, detailing the growth of C++ from its 21st birthday in 2006 up through the year 2020.

It begins by noting that by 2006, C++ "contained parts that had survived unchanged since introduced into C in the early 1970s as well as features that were novel in the early 2000s..." Originally, I designed C++ to answer to the question "How do you directly manipulate hardware and also support efficient high-level abstraction?" Over the years, C++ has grown from a relatively simple solution based on a combination of facilities from the C and Simula languages aimed at systems programming on 1980s computers to a far more complex and effective tool for an extraordinary range of applications... [T]his is also the story of the people involved in the evolution of C++, the way they perceived the challenges, interpreted the constraints on solutions, organized their work, and resolved their inevitable differences.
From the abstract: From 2006 to 2020, the C++ developer community grew from about 3 million to about 4.5 million. It was a period where new programming models emerged, hardware architectures evolved, new application domains gained massive importance, and quite a few well-financed and professionally marketed languages fought for dominance. How did C++ -- an older language without serious commercial backing -- manage to thrive in the face of all that?

This paper focuses on the major changes to the ISO C++ standard for the 2011, 2014, 2017, and 2020 revisions... Themes include efforts to preserve the essence of C++ through evolutionary changes, to simplify its use, to improve support for generic programming, to better support compile-time programming, to extend support for concurrency and parallel programming, and to maintain stable support for decades' old code... Specific language-technical topics include the memory model, concurrency and parallelism, compile-time computation, move-semantics, exceptions, lambda expressions, and modules.
"I hope other languages learn from C++'s successes," the paper concludes. "It would be sad if the lessons learned from C++'s evolution were limited to the C++ community."

The creators of the Kotlin programming language — the Czech software development company Jetbrains — announced results from their annual "State of the Developer Ecosystem" survey. This year's survey involved 19,696 developers in 18 countries, and found that:

• JavaScript is the most used overall programming language. Websites are the most common type of application developers work on.

• Python has overtaken Java in the list of programming languages used in the last 12 months. And it is also the most studied language. In the last 12 months 30% of respondents have started or continued to learn Python — even more than last year.

• Go, Kotlin, and Python are the top 3 languages developers are planning to adopt or migrate to.

JetBrains also gathered some statistics from programmers for a special section on Lifestyle and Fun:

• 65% said they preferred laptops, while 33% preferred desktops.
• 52% said they contributed to charity.
• 20% said they owned a cat; another 20% said they owned a dog.
• 16% said they owned cryptocurrency.

And when asked if they contributed to open-source projects:

• 44% said "No, but I would like to."
• 20% said "I have only contributed a few times."
• 16% said "Yes, from time to time (several times a year)."
• 11% said "Yes, regularly (at least once a month)."
• 4% said "No, and I would not like to."
• 3% said "I work full-time on open-source code and get paid for it."
• 2% said "I work full-time on open-source code but do not get paid for it."

Also interesting were the answers to the question: If your country's government replaced your courts with AI, would you trust it? The results were:

• Probably not (26%)
• Definitely not (24%)
• Maybe (26%)
• Probably yes (20%)
• Definitely yes (5%)

An anonymous reader writes: FreeBSD has has adopted a new LLVM-derived code of conduct. The code of conduct requires users to: be friendly and patient,
be welcoming,
be considerate,
be respectful,
be careful in the words that you choose and be kind to others,
when we disagree, try to understand why.

This isn't an exhaustive list of things that you can't do. Rather, take it in the spirit in which it's intended - a guide to make it easier to communicate and participate in the community. This code of conduct applies to all spaces managed by the FreeBSD project. This includes online chat, mailing lists, bug trackers, FreeBSD events such as the developer meetings and socials, and any other forums created by the project that the community uses for communication. It applies to all of your communication and conduct in these spaces, including emails, chats, things you say, slides, videos, posters, signs, or even t-shirts you display in these spaces. In addition, violations of this code outside these spaces may, in rare cases, affect a person's ability to participate within them, when the conduct amounts to an egregious violation of this code.

An anonymous reader quotes a report from Ars Technica: On Wednesday evening, ZFS founding developer Matthew Ahrens submitted what should have been a simple, non-controversial pull request to the OpenZFS project: wherever possible without causing technical issues, the patch removed references to "slaves" and replaced them with "dependents." This patch in question doesn't change the way the code functions -- it simply changes variable names in a way that brings them in conformance with Linux upstream device-mapper terminology, in 48 total lines of code (42 removed and 48 added; with one comment block expanded slightly to be more descriptive). But this being the Internet, unfortunately, outraged naysayers descended on the pull request, and the comments were quickly closed to non-contributors. I first became aware of this as the moderator of the r/zfs subreddit where the overflow spilled once comments on the PR itself were no longer possible. "The horrible effects of human slavery continue to impact society," writes Ahrens in his pull request. "The casual use of the term 'slave' in computer software is an unnecessary reference to a painful human experience." Ahrens' pull request has been reviewed by fellow lead developers Brian Behlendorf and Ryan Moeller and merged into the OpenZFS project repository.

On Wednesday, Magic: The Gathering publisher Wizards of the Coast took unprecedented measures to remove racist cards from its game. Seven cards in all, dating back to 1994, are now banned from play. Their images will also being removed from the game's official online database. Polygon reports: "The events of the past weeks and the ongoing conversation about how we can better support people of color have caused us to examine ourselves, our actions, and our inactions," Wizards said in a statement. "We appreciate everyone helping us to recognize when we fall short. We should have been better, we can be better, and we will be better." The list of now-banned cards is: Invoke Prejudice, Cleanse, Stone-Throwing Devils, Pradesh Gypsies, Jihad, Imprison, and Crusade.

One card in particular, Invoke Prejudice, was singled out. It shows a hooded executioner with a black axe. "If opponent casts a Summon spell that does not match the color of one of the creatures under your control, that spell is countered," says the card. It effectively kills off creatures that don't look like the creatures already on the table. Gatherer, the official online database of every Magic card ever published, displays the card at a web URL ending in "1488," numbers that are synonymous with white supremacy. All cards will be replaced online with a note that calls out their racist depictions, text, or a combination thereof.

Software developer Danny Bittman tweeted about how he's convinced that his eyesight was damaged from wearing a VR headset for hours a day. The BBC reports: Danny Bittman, who has worked as a virtual reality developer for four years, suggested it could have affected his eyesight. "Just had my first eye doctor visit in three years. Now I'm very worried about my future VR use. I have a new eye convergence problem that acts like dyslexia. The doc, a headset owner, is convinced my VR use caused this. He said "these glasses we usually prescribe to 40-year-olds," he tweeted. He went on to describe the problem: "My eyes jump when I read things like a screen or books. I've always had a small level of this but it's greatly intensified now. It's also linked to headaches and vertigo."

He said that the issue was about "prolonged use," and admitted that he could spend up to six hours a day wearing a headset, split into 30-minute sessions. Ceri Smith-Jaynes, from the Association of Optometrists, told the BBC: "We currently do not have any reliable evidence that VR headsets cause permanent deterioration in eyesight in children or adults. There have been some studies looking into the effects of short-term use of VR headsets only; these did not reveal a deterioration in eyesight. "However, some people do suffer from temporary symptoms such as nausea, dry, irritable eyes, headache or eyestrain." But she did have some advice about usage: "If you spend all day in VR without a break, you'll need time to readjust to the light and the different visual environment of the real world. I would suggest taking a five-to-ten minute break each hour, using that time to move about, blink and look out of a window, or take a short walk.

"A newly uncovered form of ransomware is going after Windows and Linux systems," reports ZDNet, "in what appears to be a targeted campaign." Named Tycoon after references in the code, this ransomware has been active since December 2019 and looks to be the work of cyber criminals who are highly selective in their targeting. The malware also uses an uncommon deployment technique that helps stay hidden on compromised networks. The main targets of Tycoon are organisations in the education and software industries.

Tycoon has been uncovered and detailed by researchers at BlackBerry working with security analysts at KPMG. It's an unusual form of ransomware because it's written in Java, deployed as a trojanised Java Runtime Environment and is compiled in a Java image file (Jimage) to hide the malicious intentions... [T]he first stage of Tycoon ransomware attacks is less uncommon, with the initial intrusion coming via insecure internet-facing Remote Desktop Protocol servers. This is a common attack vector for malware campaigns and it often exploits servers with weak or previously compromised passwords. Once inside the network, the attackers maintain persistence by using Image File Execution Options (IFEO) injection settings that more often provide developers with the ability to debug software. The attackers also use privileges to disable anti-malware software using ProcessHacker in order to stop removal of their attack...

After execution, the ransomware encrypts the network with files encrypted by Tycoon given extensions including .redrum, .grinch and .thanos — and the attackers demand a ransom in exchange for the decryption key. The attackers ask for payment in bitcoin and claim the price depends on how quickly the victim gets in touch via email.

The fact the campaign is still ongoing suggests that those behind it are finding success extorting payments from victims.

Long-time Slashdot reader mrflash818 ("Linux geek since 1999") shared a ZDNet article pointing out that SpaceX's Falcon 9 rocket has an onboard operating system that's "a stripped-down Linux running on three ordinary dual-core x86 processors. The flight software itself runs separately on each processor and is written in C/C++."

Interestingly, back in 2018 a Slashdot headline asked whether C++ was "a really terrible language," and Elon Musk replied on Twitter with his single-word answer. "Yes."

ZDNet points out that "ordinary" processors are often needed because of the multi-year development time for the spacecraft they power. Their article notes that the International Space Station actually runs on 1988-vintage 20 MHz Intel 80386SX CPUs: Of course, while those ancient chips work for the station's command and control multiplexer/demultiplexer, they're not much good for anything else. For ordinary day-in and day-out work, astronauts use HP ZBook 15s running Debian Linux, Scientific Linux, and Windows 10. The Linux systems act as remote terminals to the control multiplexer/demultiplexer, while the Windows systems are used for email, the web, and fun.

Usually, though, chips that go into space aren't ordinary chips. CPUs that stay in space must be radiation-hardened. Otherwise, they tend to fail due to the effects of ionizing radiation and cosmic rays. These customized processors undergo years of design work and then more years of testing before they are certified for spaceflight. For instance, NASA expects its next-generation, general-purpose processor, an ARM A53 variant you may know from the Raspberry Pi 3, to be ready to run in 2021...

The Dragon spacecraft's touchscreen interface is rendered using Chromium and JavaScript. If something were to go wrong with the interface, the astronauts have physical buttons to control the spacecraft.
Today the SpaceX software team answered questions on Reddit, revealing they use Chromium with a reactive library developed in-house, and that "All of our on-board computers either run Linux (with the PREEMPT_RT patch) or are microcontrollers that run bare-metal code...." Later they emphasized that for the Falcon 9 and Dragon software, "All of the application-level autonomous software is written in C++. We generally use object oriented programming techniques from C++, although we like to keep things as simple as possible.

"We do use open source libraries, primarily the standard C++ library, plus some others. However, we limit our use of open source libraries to only extremely high quality ones, and often will opt to develop our own libraries when it is feasible so that we can control the code quality ourselves."

This year Stack Overflow's Developer Survey of 65,000 programmers found that Rust was their most-loved programming language -- for the fifth year in a row. To understand why, they interviewed the top contributor to the site's Rust topic. ("The short answer is that Rust solves pain points present in many other languages, providing a solid step forward with a limited number of downsides...") But Stack Overflow also reached out to the Rust core team, including Berlin-based developer Erin Power, asking about any barriers to entry, and why they think Rust was the survey's most-loved language. ("I think it's because Rust makes big promises, and delivers on them...")

And finally, they got responses from Stack Overflow users in their Rust chatroom and forums, noting "Rust users are a passionate bunch, and I got some fascinating insights along with some friendly debates..." Many current programming discussions revolve around whether to use a fast, low-level language that lets you handle memory management or a higher-level language with greater safety precautions. For fans of Rust, they like that it does both.... While some languages just add polish and ease to existing concepts, several users feel that Rust is actually doing new things with a programming language. And it's not doing new things just to be showy; they feel these design choices solve hard problems with modern programming...

Stack Overflow user janriemer: "A quote from Chris Dickinson, engineer at npm, sums it up perfectly for me, because I have thought the same, without knowing the quote at that time: 'My biggest compliment to Rust is that it's boring, and this is an amazing compliment.' Rust is a programming language that looks like it has been developed by user experience designers. They have a clear vision (a why) of the language and carefully choose what to add to the language and what to rework, while listening to what the community really wants. There are no loose ends, it's all a coherent whole that perfectly supports a developer's workflow."
Stack Overflow's post also quotes Jay Oster, a software architect at the infrastructure-as-a-service company PubNub, who argues Rust "ticks all the boxes":

• Memory safe

• Type safe

• Data race-free

• Ahead-of-time compiled

• Built on and encourages zero-cost abstractions

• Minimal runtime (no stop-the-world garbage collection, no JIT compiler, no VM)

• Low memory footprint (programs run in resource constrained-environments like small microcontrollers)

• Targets bare-metal (e.g. write an OS kernel or device driver; use Rust as a 'high level assembler')"

He also describes Rust as "akin to wandering around in complete darkness for an entire career, and suddenly being enlightened to two facts:

• You are not perfect. You will make mistakes. Those mistakes will cause you a lot of problems.

• It doesn't have to be this way.

An anonymous reader quotes a report from ZDNet: Mint's programmers, led by lead developer, Clement "Clem" Lefebvre, has dropped support for Ubuntu's Snap software packing system. [...] So, what's not to like? Well, a lot, thinks Clem. As he wrote in July 2019, the idea is fine: "When snap was announced it was supposed to be a solution, not a problem. It was supposed to make it possible to run newer apps on top of older libraries and to let third-party editors publish their software easily towards multiple distributions, just like Flatpak and AppImage." But, he said, "What we didn't want it to be was for Canonical to control the distribution of software between distributions and third-party editors, to prevent direct distribution from editors, to make it so software worked better in Ubuntu than anywhere else and to make its store a requirement."

Clem was worried then that Canonical was moving in that direction because: "Ubuntu is planning to replace the Chromium [Google's open-source browser and foundation for Chrome] repository package with an empty package, which installs the Chromium snap. In other words, as you install APT [Debian's program for installing and managing DEB files] updates, Snap becomes a requirement for you to continue to use Chromium and installs itself behind your back. This breaks one of the major worries many people had when Snap was announced and a promise from its developers that it would never replace APT. A self-installing Snap Store which overwrites part of our APT package base is a complete NO-NO. It's something we have to stop and it could mean the end of Chromium updates and access to the snap store in Linux Mint."

Fast forward to now, and that's still the case with Chromium, and Clem has had enough: "In the Ubuntu 20.04 package base, the Chromium package is indeed empty and acting, without your consent, as a backdoor by connecting your computer to the Ubuntu Store. Applications in this store cannot be patched, or pinned. You can't audit them, hold them, modify them, or even point snap to a different store. You've as much empowerment with this as if you were using proprietary software, i.e. none. This is in effect similar to a commercial proprietary solution, but with two major differences: It runs as root, and it installs itself without asking you."

New submitter IBMResearch shares a report from ZDNet: IBM's new toolkit aims to give developers easier access to fully homomorphic encryption (FHE), a nascent technology with significant promise for a number of security use cases. "Today, files are often encrypted in transit and at rest but decrypted while in use, creating a security vulnerability," reports ZDNet. "This often compels organizations to make trade-offs and go through long vetting processes in order to ensure they can keep their valuable data protected while still gaining some value out of it. FHE aims to resolve that issue."

"While the technology holds great potential, it does require a significant shift in the security paradigm," the report adds. "Typically, inside the business logic of an application, data remains decrypted, [Flavio Bergamaschi, FHE pioneer and IBM Researcher] explained. But with the implementation of FHE, that's no longer the case -- meaning some functions and operations will change."

The toolkit is available today in GitHub for MacOS and iOS, and it will soon be available for Linux and Android.

Apple today informed developers that it has launched a new open source project that's designed to let those who develop password management apps create strong passwords compatible with popular websites. From a report: The new Password Manager Resources open source project allows password management apps to integrate website-specific requirements used by the iCloud Keychain password manager to generate strong, unique passwords. "Many password managers generate strong, unique passwords for people, so that they aren't tempted to create their own passwords by hand, which leads to easily guessed and reused passwords. Every time a password manager generates a password that isn't actually compatible with a website, a person not only has a bad experience, but a reason to be tempted to create their own password. Compiling password rule quirks helps fewer people run into issues like these while also documenting that a service's password policy is too restrictive for people using password managers, which may incentivize the services to change," the company said.