Basecamp's David Heinemeier Hansson (the creator of Ruby on Rails) announced on Twitter this week that "all the tricks and tooling we used to build the front-end for Hey.com" have now been released as Hotwire (also known as New Magic), "an alternative approach to building modern web applications without using much JavaScript by sending HTML instead of JSON over the wire." This includes our brand-new Turbo framework...a set of complimentary techniques for speeding up page changes and form submissions, dividing complex pages into components, and stream partial page updates over WebSocket. All without writing any JavaScript at all...
Hotwire's web page argues HTML over the wire "makes for fast first-load pages, keeps template rendering on the server, and allows for a simpler, more productive development experience in any programming language, without sacrificing any of the speed or responsiveness associated with a traditional single-page application." On Twitter, Hansson called it "a refinement of years of research, experimentation, and SHIPPING HTML AT THE CENTER. It's been a revelation for us. Both for the web, and for our native apps." He shared a 13-minute video demonstration — then added a thoughtful comment about the state of web development today.

"Really curious to continue pushing the ECMAScript 6 + ES Modules approach in the browser. This isn't strictly related to Hotwire, but it's part of deconstructing the overly complicated mess we've all made of frontend development. One brick at the time!"

An anonymous reader quotes a report from Bloomberg: With great fanfare last week, 44 attorneys general hit Google with two antitrust complaints, following a landmark lawsuit the Justice Department and 11 states lodged against the Alphabet Inc. unit in October. What's less known is that Oracle Corp. spent years working behind the scenes to convince regulators and law enforcement agencies in Washington, more than 30 states, the European Union, Australia and at least three other countries to rein in Google's huge search-and-advertising business. Those efforts are paying off.

Officials in more than a dozen of the states that sued Google received what has been called Oracle's "black box" presentation showing how Google tracks users' personal information, said Ken Glueck, Oracle's top Washington lobbyist and the architect of the company's antitrust campaign against Google. Glueck outlined for Bloomberg the presentation, which often entails putting an Android phone inside a black briefcase to show how Google collects users' location details -- even when the phones aren't in use -- and confirmed the contours of the pressure campaign. "I couldn't be happier," said Glueck about the barrage of lawsuits. "As far as I can tell, there are more states suing Google than there are states." Oracle has fallen behind the tech giants in the marketplace, yet is notching one legal and regulatory win after another against them, Google especially. In response, Google spokesman Jose Castaneda denounced Oracle's "cloak-and-dagger lobbying campaign," saying "while Oracle describes itself as the biggest data broker on the planet, we're focused on keeping consumers' information safe and secure."

Application-security company Veracode "has released the 11th volume of its annual State of Software Security report, and its findings reveal that flawed applications are the norm, open-source libraries are increasingly untrustworthy, and it's taking a long time to patch problems," reports TechRepublic.

The top three security flaws — like last year — are still information leakage, cryptographic issues, and CRLF injection: The report found a full 76% of apps contained flaws, and 24% of apps have flaws considered highly severe. Some 70% of apps are inheriting security flaws from their open-source libraries, but it's important to note that only 30% of apps have more security bugs in their open-source libraries than in code written in-house, suggesting that it isn't solely open-source projects that are to blame... In terms of how bugs are being resolved, Veracode found that 73% of the bugs it found as part of the report were patched, which is a big improvement over previous years, when that number was in the mid-50% range. Despite that good sign, it's still taking an average of six months to close half of discovered flaws...

Veracode also released a heatmap of the worst bugs in the most popular languages. Interestingly enough, the language with the least use of open-source libraries is also the one with the most bugs: PHP.

Looking at the heatmap, it's easy to spot which of the five popular languages included has the worst security. Following PHP is C++, then Java, .Net, JavaScript, and Python. The latter two are, doing considerably better than the competition, with the worst flaws in each only being found in roughly 30% of apps. Compared to PHP with 74.6% of its apps vulnerable to cross-site scripting, JavaScript and Python are security powerhouses.

i-programmer reports: The Jakarta EE Working Group has announced that javax is now officially and finally renamed as jakarta with the release of the Jakarta EE 9 Platform and Web Profile specifications and related TCKs. The announcement was made during the JakartaOne Livestream virtual conference, and the group said that the release "provides a new baseline for the evolution and innovation of enterprise Java technologies under an open, vendor-neutral, community-driven process."

The move from Java EE to Jakarta EE was necessary because while Oracle handed over the open source version of Java to the Eclipse Foundation, it kept the names 'Java' and 'javax' and refused permission for their use...

The initial release doesn't include support for Java SE (Standard Edition) 11, the latest long-term support release of the standard Java platform. This will be added in a release in the next few weeks.

Last week, some Goodreads users received a disappointing message: The popular book tracking website is disabling access to its API for users who haven't used the product in more than 30 days. The company says it "plans to retire these tools" altogether and that, as of December 8, it will no longer issue new keys. It's unclear when or if Goodreads will close off its API to active users. From a report: "When I found out, I was pretty upset," says Karen Ellett, a software developer in South Carolina who uses the Goodreads API to power a private tool that tracks book series. The tool, which she had hoped to eventually release for other people to use, keeps track of new releases in book series she reads, which is a function Goodreads doesn't currently offer. When a new book gets added to the series, Ellett's tool updates automatically, so she doesn't have to go looking for it on her own when she's ready to dive back into the series. Since she's read 172 books this year, it's not easy for her to mentally juggle all the new additions she wants to get to on her own.

"I've put so many hours into developing this tool not just for myself, but with an eye towards it being utilized by other people. I'd say I was probably about 70 to 80% done, and now there's just no point," she says. As Goodreads is a stagnant product that has barely improved its functionality and features since it was acquired by Amazon in 2013, thousands of readers with basic coding skills use the Goodreads API to power their own better features and tools. On a thread about the change for Goodreads Developers, one user says the Discord book recommendations bot he was in the process of building suddenly stopped working. Another says his tool, which analyzes statistics related to the authors on a Goodreads user's "read" list, will be shut down, nullifying countless hours of work he put into the feature. Ellett still uses the API daily, so her access to the API hasn't been shut down -- yet. She heard about it from a friend who forwarded the email to her. Many Goodreads API users complain that the communication from Goodreads has been terrible, with people only hearing about the change from intermittent users whose access was suddenly terminated.

An anonymous Slashdot reader writes: For the past year, hackers have been breaking into MySQL databases, downloading tables, deleting the originals, and leaving ransom notes behind, telling server owners to contact the attackers to get their data back. If database owners don't respond and ransom their data back in nine days, the databases are then put up on auction on a dark web portal.
"More than 85,000 MySQL databases are currently on sale on a dark web portal for a price of only $550/database," reports ZDNet: This suggests that both the DB intrusions and the ransom/auction web pages are automated and that attackers don't analyze the hacked databases for data that could contain a higher concentration of personal or financial information. Signs of these ransom attacks have been piling up over the course of 2020, with the number of complaints from server owners finding the ransom note inside their databases popping up on Reddit, the MySQL forums, tech support forums, Medium posts, and private blogs.

Oracle said on Friday it's moving its headquarters from the Silicon Valley to Austin, Texas. CNBC reports: "Oracle is implementing a more flexible employee work location policy and has changed its Corporate Headquarters from Redwood City, California to Austin, Texas. We believe these moves best position Oracle for growth and provide our personnel with more flexibility about where and how they work," a spokesperson confirmed to CNBC. A bulk of employees can choose their office location, or continue to work from home part time or full time, the company said.

"In addition, we will continue to support major hubs for Oracle around the world, including those in the United States such as Redwood City, Austin, Santa Monica, Seattle, Denver, Orlando and Burlington, among others, and we expect to add other locations over time," Oracle said. "By implementing a more modern approach to work, we expect to further improve our employees' quality of life and quality of output." Oracle is one of Silicon Valley's older success stories, founded in Santa Clara in 1977. It moved into its current headquarters in 1989. Several of the buildings on its campus there are constructed in the shape of a squat cylinder, which is the classic symbol in computer systems design for a database, the product on which Oracle built its empire.

Microsoft has made available two different Windows 10 test builds today, one of which includes the promised x64 app emulation for Arm, among other features. ZDNet reports: The RS_Prerelease build 21277 -- which ultimately is expected to be designated as the "Cobalt" branch -- includes the features Microsoft had previously been testing but removed at the end of October. This includes the updated emoji picker, redesigned touch keyboard, voice typing, theme-aware splash screens and more. It also provides the aforementioned Arm emulation support. Currently, Windows on Arm natively supports Arm apps, including ARM64 versions. But so far, only 32-bit Intel (x86) apps are supported in emulation. This lack of x64 emulation has limited the number of apps that can run on Windows on Arm devices, since apps that are 64-bit only have only been available on Windows on Arm (WoA) devices if and when developers created native versions of them. As of now, these x64 Arm apps also can run in emulation. More details on the x64 Arm emulation preview functionality are in this Microsoft post.

An anonymous reader quotes a report from Ars Technica: It's a long time coming for Tesla's Full Self-Driving feature, and it hasn't been a cheap journey. The price for the self-driving feature has increased multiple times and is currently available for supported Teslas for $10,000.While Tesla's Full Self-Driving (FSD) beta continues to expand to more Tesla owners ahead of a planned end-of-year launch, the actual settings for the system have been uncovered and published on Twitter by a well-known Tesla hacker named Green. Not only are there dozens of settings and available adjustments, but there's also a way to show a detailed vehicle view of the world while a Tesla is driving down the road.

In a Twitter thread, Green shares the status of internal states within the system while taking us on a tour of dozens of settings ranging from controls for FSD and Enhanced Summon to information about the Camera and Ultrasonics. The system also shows sliders for GPS, speed threshold, and other items that no one outside of Tesla should ever mess with. There's also an Augmented Vision area where developers can toggle what's seen on a Tesla display while driving. It includes toggles for Pretty, Developer, and Camera Image. Once Developer is enabled, it shows options for a whole host of data that can be shown on the infotainment system. This all may be information overload for the average Tesla owner, but it's a fun way to get more details on how a Tesla sees the world. Tesla being Tesla, the developer settings also have fun settings including California Stop (which generally means you don't bring the car to a halt but just slow down at a stop sign) and something called Chiropractor Adjust Skeleton, which is filed under the City Streets settings. What that means is a mystery, but both items are part of the FSD defaults in the developer controls.

theodp writes: As the 8th annual Hour of Code kicked off this week, the College Board released 2020 AP national and state score breakouts for AP CS program participants. As in past years, this year's results still showed striking gaps in performance and participation across gender and ethnicity segments. Passing rates across major ethnic group segments ranged from 39.8%-78.6% for the Java-based AP CS A course, and 52%-83% for the newer "language agnostic" AP Computer Science Principles (CSP) course. Across gender segments, females accounted for 25% of AP CS A scores (16.2K of 64.9K total students) and 33.9% of AP CSP scores (38.6K of 113.9K students). Asian students accounted for 47% of all passing female AP CS A students. Due to pandemic-related school closures, the overall number of students completing AP STEM-related courses in 2020 declined for all subjects except CS. AP CS A, which had an abbreviated taken-at-home final exam, saw a modest 1.5% YOY increase in completions, while AP CSP saw a whopping 21.5% YOY increase in completions, no doubt helped by the cancellation of its end-of-course exam, which was to have counted for 60% of scores (students were instead assessed only by their portfolio submissions).

Amazon.com, American Express, Daimler AG and Stripe are among those joining a new GitHub program that will let companies directly fund open-source projects and software developers that are key to their businesses. From a report: It's an expansion of GitHub's Sponsors program, which previously let individuals support software projects and the millions of developers who use the digital platform to collaborate on, share and store code. GitHub, whose parent company Microsoft will also participate in the new service announced Tuesday, expects the change to dramatically increase the number of contributions. The year-old sponsors service has already generated enough money for some developers to rely on it as full-time work, said Devon Zuegel, GitHub's director of product for the communities department.

Long-time Slashdot reader destinyland writes: Advent of Code isn't the only geeky tradition that's continuing in 2020. "This is going to be the first full year with Raku being called Raku," notes the site raku-advent.blog. "However, it's going to be the 12th year (after this first article) in a row with a Perl 6 or Raku calendar, previously published in the Perl 6 Advent Calendar blog." The tradition continues, with a new article about the Raku programming language every day until Christmas.

And meanwhile over at perladvent.org, the Perl Advent Calendar is also continuing its own article-a-day tradition (starting with a holiday tale about how Perl's TidyAll library "makes it trivial for the elves to keep their code formatting consistent and clean.")

But they're not the only ones. "Pandemic or not, Christmas time is a time for wonder, joy and sharing," writes Kristofer Giltvedt Selbekk from Oslo-based Bekk Consulting (merging technology with user experience, product innovation and strategy). So this year they're "continuing our great tradition of sharing some of the stuff we know every December" with 11 different advent calendar sites sharing articles (or, on one site, podcast episodes), on topics including JavaScript, Kotlin, React, Elm, functional programming, and cloud computing.

And if you're more interested in outer space, this also marks the 13th year for the official Hubble Space Telescope Advent Calendar. "Every day until Friday, December 25, this page will present one new incredible image of our universe from NASA's Hubble telescope," explains its page at the Atlantic.
There's also a series of daily coding challenges called "24 days of JavaScriptmas" at the tutorial site Scrimba, which has turned the event into a marketing opportunity by promising a $1,000 prize on Christmas Eve to one lucky participant chosen from the ones who publicized their solutions on Twitter.

This week the Microsoft-owned code repository site GitHub released its annual report with statistics about its community, writes programming columnist Mike Melanson: The report offers a deep dive into three specific areas, with a look at developer productivity in the time of COVID, community and collaboration, and open source security. Highlights include increased productivity with 35% more repositories created in 2020 than 2019, a large open source community with more than 56M developers in 2020 with 100M expected by 2025, and security vulnerabilities that often go undetected for more than 4 years before being disclosed and 94% of projects relying on open source components.
"2020 has been a year of extraordinary change," notes GitHub's report. "Yet with 60M+ new repositories created this past year, one thing has remained true — developers came together from all corners of the world to innovate, find connection, and solve problems."

GitHub reports that over 1.9 billion contributions were added in the last year, with users distributed around the globe:

North America:	34%
Asia:	30.7%
Europe:	26.8%
South America:	4.9%
Africa:	2%
Oceania:	1.7%

And while JavaScript is still the most popular language used on the site, Python remains more popular (at #2) than Java (at #3) for the second year in a row.

1. JavaScript
2. Python
3. Java
4. TypeScript
5. C#
6. PHP
7. C++
8. C
9. Shell
10. Ruby

The programming language JavaScript emerged 25 years ago and has grown to become one of the most important pieces of the web and browser applications we use today. From a report: JavaScript is the go-to language for front-end development and has spawned Microsoft's Typescript, a superset of JavaScript with a stronger optional type system for developers that compiles to JavaScript when run in the browser. Both JavaScript and TypeScript conform to ECMAScript, the standard for JavaScript and node.js, the runtime for running applications outside of the browser thanks to Google's powerful V8 JavaScript engine. JavaScript's impact on the web cannot be understated. Tech giants have thrown their weight behind the language. Besides Google's V8, there are open source projects like React from Facebook and Angular from Google, which help spread web applications across smartphones and desktop. After Netscape and Sun Microsystems -- where Java was hatched in May 1995 by James Gosling -- announced JavaScript in December 1995, Microsoft promoted Visual Basic (VB) as a standard for creating web applications using VB Script for its Internet Explorer browser. Oracle would go on to buy Sun Microsystems in 2008 largely to get its hands on Java and its huge development ecosystem. The press release about its launch from 25 years ago.

GitHub has released its annual Octoverse report, revealing trends in one of the largest developer communities on the planet, including a spike in open source project activity following the start of the COVID-19 pandemic. VentureBeat: JavaScript continues to be the most popular programming language on GitHub, while Python is now the second most popular, followed by Java and the fast-growing TypeScript community. Maintained by GitHub owner Microsoft, TypeScript has climbed from seventh place in 2018 and 2019 to fourth overall this year. PHP and Ruby, languages that ranked among the most popular five years ago, continued to decline in popularity.

"Need a vacation from 2020? Why not go on an adventure and learn programming at the same time?" asks developer Eric Wastl on Twitter, announcing this year's edition of the Advent of Code.

From the site: Advent of Code is an Advent calendar of small programming puzzles for a variety of skill sets and skill levels that can be solved in any programming language you like. People use them as a speed contest, interview prep, company training, university coursework, practice problems, or to challenge each other.

You don't need a computer science background to participate - just a little programming knowledge and some problem solving skills will get you pretty far. Nor do you need a fancy computer; every problem has a solution that completes in at most 15 seconds on ten-year-old hardware.

From a recent report: Greg Kroah-Hartman, the Linux Foundation fellow currently responsible for stable Linux kernel releases, shared the lessons he's learned as a kernel developer that are applicable to other developers at this year's Linux App Summit. He started by showing how he could succinctly distill the essence of the talk into a single five-word slide:

"Don't make your users mad...."

Kroah-Hartman explains that one of Linus Torvalds' most deeply-held convictions: don't break userspace. "Other operating systems have this rule as well — it's a very solid rule — because we always want you to upgrade. And we want you to upgrade without worrying about it. We don't want you to feel scared. If you see a new release, and we say, 'Hey, this fixes a bunch of problems,' we don't want you to feel worried about taking that. That's really really important — especially with security...."

If you do make a change, make sure there truly is a compelling reason. "You have to provide enough reason and enough goodness to force somebody to take the time to learn to do something else. That's very rare."

His example of this was systemd, which unified a variety of service configurations and initialization processes. "They did it right. They provided all the functionality, they solved a real problem that was there. They unified all these existing tools and problems in such a way that it was just so much better to use, and it provided enough impetus that everybody was willing to do the work to modify their own stuff and move to the new model. It worked. People still complain about it, but it worked. Everybody switched... It works well. It solves a real problem.

"That was an example of how you can provide a compelling reason to move on — and make the change."

47 of Python's core developers participated in this year's Core Development Sprint, according to this report — "but what's more important is the very real and necessary community building that seemed to have taken place..." It's an especially critical time for Python, which switched to a steering council model in February of 2019, after Guido van Rossum had stepped down as the language's "benevolent dictator for life...." [During the Python Steering Council and Core Developer Q&A] core developer Ned Deily asked a question which had probably been on everyone's minds: how is the steering council experience working, now that van Rossum is no longer serving as the language's benevolent overseer? And core developer/councilmember Carol Willing was the first to respond.

"I've been involved in a lot of governance organizations, and I would say the Steering Council has been towards the top in terms of sticking to the agenda and being thoughtful and collaborative in how things are working." They meet every week for an hour — with a pre-set agenda — and "in general, I think it's working quite well. If there's anything I take away from it, it's I'm amazed that Guido was able to do this function as a single person for as long as he had been. Because it's a lot of work, even amongst five people...."

Core developer/councilmember Barry Warsaw agreed. "A couple of us have been on the Steering Council since its inception. And there was a lot of things that the governance PEPs didn't really cover. So we really had to figure out the process for a number of things. I couldn't be more happy to work with both the first year of Steering Council members, and this year of Steering Council members. I think everybody is doing this for the right reasons — because we love Python, and we love the Python community..."

Deily agreed with their assessments. "My impression is things are going really well, better than might be expected. I was very proud how we as a community met the challenge of coming up with a governance, kind of from scratch. And I think — I don't know for sure all of Guido's motivation for doing it, but I think in a lot of ways he did it the right way, just kind of forced the community to come up with things. And I think all in all that worked out really well...."

About 48 minutes in, there was a question from van Rossum himself about the issue tracker at Bugs.python.org (affectionately known as "BPO"). "So I'm desperately curious about the status of the BPO to GitHub migration." He paused, then asked delicately, "Uh, how much is the Steering Council willing to share of what they know, and how much do you actually know?"

Cannon responded, talking about the group hired to run it, and thanking the groups whose donations had funded it. And then Deily suggested van Rossum volunteer for the working group, "because it's going to affect all of us." van Rossum asked if it would be appropriate if he volunteered, everyone agreed, and he responded, "Okay, I'm game."

"PHP version 8.0 has arrived, bringing with it a major update to the 25-year-old programming language..." writes Tech Republic.

New language features include the nullsafe operator and attributes (commonly known as annotations in other languages) to add metadata to classes — and more: The JIT compiler is designed to bring performance improvements to web applications by turning code into instructions for the CPU at runtime. Meanwhile, union types is a feature that allows data of more than one type to be held by a variable. Named arguments allow developers to assign values to a function by specifying the value name, allowing optional parameters to be ignored. Alongside these, version 8.0 of PHP brings optimizations and enhancements to the language's type system, syntax, error handling and consistency....

Commenting on PHP 8.0, PHP programmer and stitcher.io developer, Brent Roose, noted that the latest version of the language may require developers to review code for any breaking changes.

Windows Central reports: Microsoft is working on a software solution that would allow app developers to bring their Android apps to Windows 10 with little to no code changes by packaging them as an MSIX and allowing developers to submit them to the Microsoft Store. According to sources familiar with the matter, the project is codenamed 'Latte' and I'm told it could show up as soon as next year. The company has toyed with the idea of bringing Android apps to Windows 10 before via a project codenamed Astoria that never saw the light of day. Project Latte aims to deliver a similar product, and is likely powered by the Windows Subsystem for Linux (WSL.) Microsoft will need to provide its own Android subsystem for Android apps to actually run, however.

Microsoft has announced that WSL will soon get support for GUI Linux applications, as well as GPU acceleration which should aid the performance of apps running through WSL. It's unlikely that Project Latte will include support for Play Services, as Google doesn't allow Play Services to be installed on anything other than native Android devices and Chrome OS. This means that apps which require Play Services APIs will need to be updated to remove those dependencies before they can be submitted on Windows 10.