Programming language Rust has entered the top 20 of the Tiobe popularity index for the first time, but it's still five spots behind systems programming rival Go. ZDNet reports: There's growing interest in the use of memory-safe Rust for systems programming to build major platforms, in particular at Microsoft, which is exploring it for Windows and Azure with the goal of wiping out memory bugs in code written in C and C++. Amazon Web Services is also using Rust for performance-sensitive components in Lambda, EC2, and S3. Rust has seen its ranking rise considerably on Tiobe, from 38 last year to 20 today. Tiobe's index is based on searches for a language on major search engines, so it doesn't mean more people are using Rust, but it shows that more developers are searching for information about the language.

Rust was voted for the fifth year straight the most loved programming language by developers in Stack Overflow's 2020 survey. This year, 86% of developers said they are keen to use Rust, but just 5% actually use it for programming. On the other hand, it could become more widely used thanks to Microsoft's public preview of its Rust library for the Windows Runtime (WinRT), which makes it easier for developers to write Windows, cross-platform apps and drivers in Rust.

An anonymous reader quotes a report from Ars Technica: A year ago, Take-Two CEO Strauss Zelnick said he was "pretty optimistic" about Google's Stadia game-streaming service. The concept of "being able to play our games on any device whatsoever around the world, and to do it with low latency, well that's very compelling if that can be delivered," he offered in May of 2019. Now, though, Zelnick has changed his tune a bit. In an interview given during the Bernstein Annual Strategic Decisions Conference late last week, Zelnick acknowledges what has been apparent to industry watchers for a while: "The launch of Stadia has been slow," he said. "I think there was some overpromising on what the technology could deliver and some consumer disappointment as a result."

While major publishers like EA and Activision stayed away from Stadia's "Founders" launch last November, Take-Two provided three of the service's highest-profile games in its early months -- Red Dead Redemption 2, NBA 2K20, and Borderlands 3. And Zelnick said such Stadia support will continue in the future "as long as the business model makes sense." (Take-Two's PGA Tour 2K21, WWE2K Battlegrounds, and the Mafia series are currently planned for future Stadia release.) That said, Zelnick was pretty bearish on how much of an impact the streaming business model will really have on Take-Two's bottom-line sales. "It's not a game changer," Zelnick said. "People who want our games now can get our games now. The fact that you could stream them and not have to have a console interface is really not that big of a deal."

Well-known leaker Universe Ice on Twitter, along with dozens of other users, have discovered that simply setting an image as wallpaper on your phone could cause it to crash and become unable to boot. Android Authority reports: Based on user reports, many models from Samsung and Google are affected, while we've also seen some reports from users of OnePlus, Nokia, and Xiaomi devices (it's not clear if these latter devices ran stock software or custom ROMs). From our own testing and looking at user reports, Huawei devices seem to be less exposed to the wallpaper crash issue. There are a few solutions, depending on how hard the phone is hit. Some users were able to change the wallpaper in the short interval between crashes. Others had success deleting the wallpaper using the recovery tool TWRP. But in most cases, the only solution was to reset the phone to factory settings, losing any data that's not backed up.

The issue affects up-to-date phones running Android 10, but as it turns out, it's not actually new. Users have been reporting similar problems for a couple of years, and just last month Android Police reported on what appears to be a closely related issue specifically impacting Pixel phones running the Google Wallpapers app. [...] An issue with a very similar description has been reported in Google's Android issue tracker back in 2018. At the time, Google developers said they were unable to reproduce the issue and closed it out (Hat tip: inverimus on Reddit).

"The Linux kernel has officially deprecated its coding style that the length of lines of code comply with 80 columns as the 'strong preferred limit'," reports Phoronix: The Linux kernel like many long-standing open-source projects has a coding style guideline that lines of code be 80 columns or less, but now that while still recommended is no longer going to be enforced. This stems from Linus Torvalds commenting on Friday that excessive linebreaks are bad and he is against ugly wrapped code that is strictly sticking to 80 characters per line. This is part of the broader trend that most are no longer using 80x25 terminals...

This deprecation involves updating the documentation on the kernel's coding style to be more sensible and updating the checkpatch.pl script that checks patches to no longer have a max line length of 80. Instead, the check patch script is using a maximum line length of 100.
Torvalds noted Friday that spreading code over multiple lines created problems for single-line utilities like grep, while longer lines "are fundamentally useful..." [H]onestly, I don't want to see patches that make the kernel reading experience worse for me and likely for the vast majority of people, based on the argument that some odd people have small terminal windows... If you or Christoph have 80 character lines, you'll get possibly ugly wrapped output. Tough. That's _your_ choice. Your hardware limitations shouldn't be a pain for the rest of us...

So no. I do not care about somebody with a 80x25 terminal window getting line wrapping. For exactly the same reason I find it completely irrelevant if somebody says that their kernel compile takes 10 hours because they are doing kernel development on a Raspberry PI with 4GB of RAM. People with restrictive hardware shouldn't make it more inconvenient for people who have better resources...

If you choose to use a 80-column terminal, you can live with the line wrapping. It's just that simple.
"Yes, staying withing 80 columns is certainly still _preferred_," notes the official commit message for this change. "But it's not the hard limit that the checkpatch warnings imply, and other concerns can most certainly dominate. Increase the default limit to 100 characters. Not because 100 characters is some hard limit either, but that's certainly a 'what are you doing' kind of value and less likely to be about the occasional slightly longer lines.'"

GitHub issued a security alert Thursday warning about new malware spreading on its site via boobytrapped Java projects, ZDNet reports: The malware, which GitHub's security team has named Octopus Scanner, has been found in projects managed using the Apache NetBeans IDE (integrated development environment), a tool used to write and compile Java applications. GitHub said it found 26 repositories uploaded on its site that contained the Octopus Scanner malware, following a tip it received from a security researcher on March 9.
But the article adds GitHub "believes that many more projects have been infected during the past two years." GitHub says that when other users would download any of the 26 projects, the malware would behave like a self-spreading virus and infect their local computers. It would scan the victim's workstation for a local NetBeans IDE installation, and proceed to burrow into the developer's other Java projects. The malware, which can run on Windows, macOS, and Linux, would then download a remote access trojan (RAT) as the final step of its infection, allowing the Octopus Scanner operator to rummage through an infected victim's computer, looking for sensitive information.

GitHub says the Octopus Scanner campaign has been going on for years, with the oldest sample of the malware being uploaded on the VirusTotal web scanner in August 2018, time during which the malware operated unimpeded.

An anonymous reader quotes a report from VentureBeat: Google today launched Android Studio 4.0, the latest version of its integrated development environment (IDE). Android Studio 4.0 is supposed to help developers "code smarter, build faster, and design apps." Version 4.0 includes a new Motion Editor, a Build Analyzer, and Java 8 language APIs. Google also overhauled the CPU Profiler user interface and improved the Layout Inspector. [In the article] you'll find Android Studio 4.0 features broken down by category: design, develop, and build. The new version also includes the usual performance improvements and bug fixes on top of the new features (full release notes). Google didn't share its plans for the next version. Normally we'd get hints at the company's I/O developer conference, but 2020 is a weird year.

Stack Overflow has released the results of its 2020 survey of nearly 65,000 developers, revealing their favorite and most dreaded programming languages, tools and frameworks. From a news writeup: The survey shows that TypeScript, Microsoft's superset of the widely-used JavaScript programming language, has overtaken Python as the second most beloved programming language behind Rust. This year 86% of respondents say they are keen to use Rust, while 67.1% want to use TypeScript, and 66.7% want to use Python. Stack Overflow attributes TypeScript's rising popularity to Microsoft's embrace of open source software as well as the existence of larger and more complex JavaScript and Node.js codebases.

Rust has been the most loved programming language for five years running, despite few developers having experience with it. This year, just 5.1% developers report having used Rust, compared with the 68% who use JavaScript, which is the most commonly used language. [...] Meanwhile, the top 10 most dreaded programming languages are VBA, Objective-C, Perl, Assembly, C, PHP, Ruby, C++, Java and R.

The report also looks at average salaries of each developer role. In the US, engineering managers attract the highest salary at $152,000 per year, followed by site reliability engineers who earn $140,000 per year. Salaries across the globe for these roles are lower, at $92,000 for an engineering manager and $80,000 for a site reliability engineer. Other high-paying roles with an average salary of at least $115,000 in the US include data scientist and machine learning specialist, DevOps specialist, engineer, back-end developer, embedded application developers, mobile developers, scientist, desktop application developer, and educator.

An anonymous reader quotes a report from TechCrunch: When Docker sold off its enterprise division to Mirantis last fall, that didn't mark the end of the company. In fact, Docker still exists and has refocused as a cloud-native developer tools vendor. Today it announced an expanded partnership with Microsoft around simplifying running Docker containers in Azure. As its new mission suggests, it involves tighter integration between Docker and a couple of Azure developer tools including Visual Studio Code and Azure Container Instances (ACI). According to Docker, it can take developers hours or even days to set up their containerized environment across the two sets of tools. The idea of the integration is to make it easier, faster and more efficient to include Docker containers when developing applications with the Microsoft tool set. Docker CEO Scott Johnston says it's a matter of giving developers a better experience.

Among the features they are announcing is the ability to log into Azure directly from the Docker command line interface, a big simplification that reduces going back and forth between the two sets of tools. What's more, developers can set up a Microsoft ACI environment complete with a set of configuration defaults. Developers will also be able to switch easily between their local desktop instance and the cloud to run applications. It's worth noting that these integrations are starting in Beta, but the company promises they should be released some time in the second half of this year.

"Altran has released a new tool that uses artificial intelligence to help software engineers spot bugs during the coding process instead of at the end," reports TechRepublic. "Available on GitHub, Code Defect AI uses machine learning to analyze existing code, spot potential problems in new code, and suggest tests to diagnose and fix the errors." Walid Negm, group chief innovation officer at Altran, said that this new tool will help developers release quality code quickly. "The software release cycle needs algorithms that can help make strategic judgments, especially as code gets more complex," he said in a press release....

"Microsoft and Altran have been working together to improve the software development cycle, and Code Defect AI, powered by Microsoft Azure, is an innovative tool that can help software developers through the use of machine learning," said David Carmona, general manager of AI marketing at Microsoft, in a press release...

In a new report about artificial intelligence and software development, Deloitte predicts that more and more companies will use AI-assisted coding tools. From January 2018 to September 2019, software vendors launched dozens of AI-powered software development tools, and startups working in this space raised $704 million over a similar timeframe.... "The benefits of AI-assisted coding are numerous," according to Deloitte analysts David Schatsky and Sourabh Bumb, the authors of AI is Helping to Make Better Software. " However, the principal benefit for companies is efficiency. Many of the new AI-powered tools work in a similar way to spell- and grammar-checkers, enabling coders to reduce the number of keystrokes they need to type by around 50%. They can also spot bugs while code is being written, while they can also automate as many as half of the tests needed to confirm the quality of software." This capability is even more important as companies continue to rely on open-source code.
The Register got more details about Altran's Code Defect AI: The company told us that the AI does not look much at the source code itself, but rather at the commit metadata, "the number of files in the check-in, code complexity, density of the check-in, bug history of the file, history of the developer, experience of the developer in the particular module/file etc." Training of the model is done only on the project being examined...

An anonymous reader quotes IEEE Spectrum: If you're a newly hired software engineer, setting up your development environment can be tedious. If you're lucky, your company will have a documented, step-by-step process to follow. But this still doesn't guarantee you'll be up and running in no time. When you're tasked with updating your environment, you'll go through the same time-consuming process. With different platforms, tools, versions, and dependencies to grapple with, you'll likely encounter bumps along the way.

Austin-based startup Coder aims to ease this process by bringing development environments to the cloud. "We grew up in a time where [Microsoft] Word documents changed to Google Docs. We were curious why this wasn't happening for software engineers," says John A. Entwistle, who founded Coder along with Ammar Bandukwala and Kyle Carberry in 2017. "We thought that if you could move the development environment to the cloud, there would be all sorts of cool workflow benefits."

With Coder, software engineers access a preconfigured development environment on a browser using any device, instead of launching an integrated development environment installed on their computers... To ensure security, all source code and related development activities are hosted on a company's infrastructure — Coder doesn't host any data. Organizations can deploy Coder on their private servers or on cloud computing platforms such as Amazon Web Services or Google Cloud Platform. This option could be advantageous for banks, defense organizations, and other companies handling sensitive data.
One of Coder's customers is the U.S. Air Force, the article points out -- and thats not the only government agency that's interested in their success.

When Coder closed $30 million in Series B funding last month (bringing total funding to $43 million), one of their backers was a venture capital firm with ties to America's Central Intelligence Agency.

An anonymous reader quotes CNBC: The rise of artificial intelligence will make even software engineers less sought after. That's because artificial intelligence will soon write its own software, according to Jack Dorsey, the tech billionaire boss of Twitter and Square. And that's going to put some beginning-level software engineers in a tough spot.

"We talk a lot about the self-driving trucks in and whatnot" when discussing how automation will replace jobs held by humans, Dorsey told former Democratic presidential hopeful Andrew Yang on an episode of the "Yang Speaks" podcast published Thursday. But A.I. "is even coming for programming" jobs, Dorsey said.

"A lot of the goals of machine learning and deep learning is to write the software itself over time so a lot of entry-level programming jobs will just not be as relevant anymore," Dorsey told Yang.
Dorsey also told Yang that he belives a Universal Basic Income could give workers "peace of mind" that they'll be able to "eat and feed their children while they are learning how to transition into this new world."

"Around 70% of our serious security bugs are memory safety problems," the Chromium project announced this week. "Our next major project is to prevent such bugs at source."

ZDNet reports: The percentage was compiled after Google engineers analyzed 912 security bugs fixed in the Chrome stable branch since 2015, bugs that had a "high" or "critical" severity rating. The number is identical to stats shared by Microsoft. Speaking at a security conference in February 2019, Microsoft engineers said that for the past 12 years, around 70% of all security updates for Microsoft products addressed memory safety vulnerabilities. Both companies are basically dealing with the same problem, namely that C and C++, the two predominant programming languages in their codebases, are "unsafe" languages....

Google says that since March 2019, 125 of the 130 Chrome vulnerabilities with a "critical" severity rating were memory corruption-related issues, showing that despite advances in fixing other bug classes, memory management is still a problem... Half of the 70% are use-after-free vulnerabilities, a type of security issue that arises from incorrect management of memory pointers (addresses), leaving doors open for attackers to attack Chrome's inner components...

While software companies have tried before to fix C and C++'s memory management problems, Mozilla has been the one who made a breakthrough by sponsoring, promoting and heavily adopting the Rust programming language in Firefox... Microsoft is also heavily investing in exploring C and C++ alternatives⦠But this week, Google also announced similar plans as well... Going forward, Google says it plans to look into developing custom C++ libraries to use with Chrome's codebase, libraries that have better protections against memory-related bugs. The browser maker is also exploring the MiraclePtr project, which aims to turn "exploitable use-after-free bugs into non-security crashes with acceptable performance, memory, binary size and minimal stability impact."

And last, but not least, Google also said it plans to explore using "safe" languages, where possible. Candidates include Rust, Swift, JavaScript, Kotlin, and Java.

The State of Software Security (SOSS): Open Source Edition "analyzed the component open source libraries across the Veracode platform database of 85,000 applications which includes 351,000 unique external libraries," reports TechRepublic. "Chris Eng, chief research officer at Veracode, said open source software has a surprising variety of flaws." "An application's attack surface is not limited to its own code and the code of explicitly included libraries, because those libraries have their own dependencies," he said. The study found that 70% of applications have a security flaw in an open source library on an initial scan.
Other findings from the report:

• The most commonly included libraries are present in over 75% of applications for each language.

• 47% of those flawed libraries in applications are transitive.

• More than 61% of flawed libraries in JavaScript contain vulnerabilities without corresponding common vulnerabilities and exposures (CVEs).

• Fixing most library-introduced flaws can be done with a minor version upgrade.

• Using any given PHP library has a greater than 50% chance of bringing a security flaw along with it.

May 23rd marks the 25th anniversary of the day Sun Microsystems introduced Java to the world, notes InfoWorld.

Looking at both the present and the future, they write that currently Java remains popular "with enterprises even as a slew of rival languages, such as Python and Go, now compete for the hearts and minds of software developers." Java continues to rank among the top three programming languages in the most prominent language popularity indexes — Tiobe, RedMonk, and PyPL. Java had enjoyed a five-year stint as the top language in the Tiobe index until this month, when it was overtaken by the C language, thanks perhaps to the combination of C's wide use in medical equipment and the urgency of the COVID-19 pandemic.

Nevertheless, Java represents a huge ecosystem and source of jobs. There were an estimated nine million Java developers worldwide in 2017, according to Oracle. A recent search of jobs site Dice.com found nearly 12,000 Java-related jobs in the USA, compared to roughly 9,000 jobs in JavaScript and 7,600 in Python. Plus, Java has spawned an enormous ecosystem of tools ranging from the Spring Framework to application servers from companies such as IBM, Red Hat, and Oracle to the JavaFX rich media platform.

The developers behind Java — including Oracle and the broader OpenJDK community — have kept the platform moving forward. Released two months ago, Java 14, or Java Development Kit (JDK) 14, added capabilities including switch expressions, to simplify coding, and JDK Flight Recorder (JFR) Event Streaming, for continuous consumption of JFR data. Up next for Java is JDK 15, set to arrive as a production release in September 2020, with capabilities still being lined up for it. So far, the features expected include a preview of sealed classes, which provide more-granular control over code, and records, which provide classes that act as transparent carriers for immutable data. Also under consideration for Java is a plan dubbed Project Leyden, which would address "longterm pain points" in Java including resource footprint, startup time, and performance issues by introducing static images to the platform.

Microsoft has explained why it's pursuing 'safe systems programming' through efforts like its experimental Rust-inspired Project Verona language and its exploration of the Rust programming language for Windows code written in C++. From a report: The short answer is that Microsoft is trying to eliminate memory-related bugs in software written in languages like C++, according to Microsoft Rust expert Ryan Levick. These bugs cost a lot to fix and make up a large share of Patch Tuesday hassles. Levick has now offered more insights into Microsoft's efforts behind safe systems programming. Systems programming includes coding for platforms like Windows, Xbox, and Azure, as opposed to programming applications that run on them.

Key systems programming languages include C++, Google-backed Go, and Mozilla-created Rust, but Rust and Go are 'memory-safe' languages while C++ is not. Other languages are memory safe, such as Swift and Kotlin, but they aren't for systems programming. The thing for Microsoft is that it writes a lot of its platform software in C++ and sometimes still in C. While it works hard to address memory issues, the company says it has "reached a wall". "We can't really do much more than we already have. It's becoming harder and harder and more and more costly to address these issues over time," says Levick, who joined Microsoft via its acquisition of Wanderlist, which has become Microsoft To Do. He gave a rundown of Microsoft's safe systems programming efforts in a session at Build 2020 this week.

One of the world's most prolific hacking groups recently infected several Massively Multiplayer Online game makers, a feat that made it possible for the attackers to push malware-tainted apps to one target's users and to steal in-game currencies of a second victim's players. Ars Technica reports: Researchers from Slovakian security company ESET have tied the attacks to Winnti, a group that has been active since at least 2009 and is believed to have carried out hundreds of mostly advanced attacks. Targets have included Chinese journalists, Uyghur and Tibetan activists, the government of Thailand, and prominent technology organizations. Winnti has been tied to the 2010 hack that stole sensitive data from Google and 34 other companies. More recently, the group has been behind the compromise of the CCleaner distribution platform that pushed malicious updates to millions of people. Winnti carried out a separate supply-chain attack that installed a backdoor on 500,000 ASUS PCs.

The recent attack used a never-before-seen backdoor that ESET has dubbed PipeMon. To evade security defenses, PipeMon installers bore the imprimatur of a legitimate Windows signing certificate that was stolen from Nfinity Games during a 2018 hack of that gaming developer. The backdoor -- which gets its name for the multiple pipes used for one module to communicate with another and the project name of the Microsoft Visual Studio used by the developers -- used the location of Windows print processors so it could survive reboots. In a post published early Thursday morning, ESET revealed little about the infected companies except to say they included several South Korea- and Taiwan-based developers of MMO games that are available on popular gaming platforms and have thousands of simultaneous players.

theodp writes: Arkansas Governor Asa Hutchinson had an odd way of showing his appreciation for the unemployed computer programmer who pointed out a vulnerability in Arkansas's Pandemic Unemployment Assistance website, framing the programmer's actions as illegal.

The Arkansas Times' Lindsey Millar explains: "Beginning on Saturday at a news conference and continuing Monday, Hutchinson has framed the applicant who sounded the alarm as acting illegally. He announced Monday that the FBI was investigating the matter. He said he understood personal information had been 'exploited.' 'We don't believe that the data was manipulated,' Hutchinson said. 'In other words, where someone would go in and change a bank account number, which is what criminals would do. When you say 'exploited,' I believe that is a technical term of art that includes visual seeing of someone else's data. That is a concern to us and that is what constitutes a breach.' Asked about his rationale for framing the programmer's actions as illegal, the governor said, 'When you go in and manipulate a system in order to gain an access that you're not allowed to have permission to access, that is a violation of the security that we want to have in place in these systems, and it would be a violation of the law as well, I would think (video).'"

Hutchinson is a member of Governors for CS (and a founding co-chair), who "share best practices for computer science and advocate for federal policies to expand computer science instruction" in partnership with tech-backed Code.org. Andrew Morris, a cybersecurity expert with more than a decade of experience and the founder of GreyNoise Intelligence in Washington, D.C., said the governor's framing of the programmer as acting illegally was "the wrongest way" to handle the situation.

"They're shooting the messenger," he said. "There are so many reasons why that is bad. It creates a culture where they're punishing people for doing the right thing and trying to report the vulnerabilities and get them fixed. This person didn't have to say anything."

According to CEO Kyle Wiens, teardown and repair website iFixit has just posted "the most comprehensive online resource for medical repair professionals." The Verge reports: The new database contains dedicated sections for clinical, laboratory, and medical support equipment, in addition to numerous other categories of devices. It also provides more than 13,000 manuals from hundreds of medical device manufacturers. Wiens says the effort began with a crowdsourcing campaign to collect repair information for hospital equipment, with a focus on "ventilator documentation, anesthesia systems, and respiratory analyzers -- devices widely used to support COVID-19 patients." But the effort grew from there, spanning more than two months as iFixit added dozens more staff members to the project; began talking to more biomedical technicians, doctors, and nurses about their day-to-day needs; and started collecting and cataloging information from libraries and other sources.

The medical repair database is split up into nine categories, with each containing countless subcategories for basically any type of device you'd find in a medical setting. For instance, the clinical equipment category contains 53 subcategories for everything from anesthesia systems and Bilevel Positive Airway Pressure (BiPAP) machines to respiratory analyzers and ventilators. The database also has medical training manuals, information on medical furniture like decontamination systems and hospital beds, and an exhaustive section on surgical equipment repair and maintenance. Wiens explains in iFixit's announcement post that some medical device manufacturers make this information more easily available online than others. "But for their day-to-day work, biomeds have long relied on a rag-tag set of web resources to get the job done. Among the most popular is Frank's Hospital Workshop, a Tanzania-based site that hosts hundreds of medical device manuals -- it's the unofficial biomed bible," Wiens writes. The goal was not to outdo that website or try to overtake it in popularity, but to add new documents and manuals that weren't available before to a database including existing resources. Another bonus: the website will not make money on this project. "We are providing hosting and curation free of charge, and free of advertising, to the medical community," Wiens says.

An anonymous reader quotes a report from VentureBeat: It's finally happening. Microsoft is giving developers a command line interface to install their favorite tools. That's right -- at Build 2020 today, Microsoft announced Windows Package Manager in preview. This is not simply about helping developers build for Windows. It's about helping developers and businesses embrace Windows. Microsoft is on a mission to get developers to love using Windows over macOS and Linux. Part of that mission involves releasing tools like Windows Terminal for enterprises and improving WSL for anyone who needs Linux while they code. Another part is helping developers (and IT admins) set up their Windows environments as effortlessly as possible. In a similar vein, Microsoft today also threw in highly requested features for PowerToys: Run and Keyboard Remapper. But the former is definitely the bigger news.

Windows Package Manager is a command line interface for searching, viewing, and installing commonly used developer tools. Developers list their applications in a GitHub repository; the package manager grabs and installs them. Even better, Windows Package Manager is open source -- Microsoft is asking for developers to help improve it.

"The makers of the widely used JavaScript server-side runtime, Node.js, have released Deno 1.0, a new runtime for JavaScript and TypeScript that addresses 'design mistakes' in Node.js," reports ZDNet: Just like Node.js or Node, the Deno runtime is for executing JavaScript outside a web browser. However, unlike Node.js, Deno offers first-class support for Microsoft's increasingly popular Typescript, a superset of JavaScript designed for large projects... "With the changing JavaScript language, and new additions like TypeScript, building Node projects can become an arduous endeavor, involving managing build systems and other heavy-handed tooling that takes away from the fun of dynamic language scripting," writes Node.js creator Ryan Dahl in a blogpost co-authored by fellow Deno developers Bert Belder and Bartek Iwanczuk...

Deno is based on Google's Chromium V8 JavaScript engine.
While its standard modules are all written in TypeScript, Infoworld points out that Deno "can be a replacement for utility scripts that may have been written in Python or Bash... Deno was designed as a series of Rust crates to allow integration at different layers." (A blog post by its developers notes Deno "makes it easy to bind Rust future-based APIs into JavaScript promises.")

But "Like a web browser, it knows how to fetch external code," the developers wrote, calling Deno "a web browser for command-line scripts" while arguing that with Node, "the mechanism for linking to external libraries is fundamentally centralized through the NPM repository, which is not inline with the ideals of the web... Also like browsers, [Deno] code is executed in a secure sandbox by default. Scripts cannot access the hard drive, open network connections, or make any other potentially malicious actions without permission." In an interview Dahl tells JAXenter they're already keeping an index of third party modules that work on Deno at https://deno.land/x/.

"It's important to understand that Deno is not a fork of Node," the developers' blog post explains. "It's a completely new implementation..."

"One last thing," the blog post concludes. "Consider supporting this open source software work by pre-ordering a Deno v1.0 hoodie."