An anonymous reader shares this enthusiastic report from ZDNet: Earlier this year, Linus Torvalds approved of adding drivers and other components in Rust to Linux.* Last week, at the virtual Linux Plumbers Conference, developers gave serious thought to using the Rust language for new Linux inline code. ["Nothing firm has been determined yet," reported Phoronix, "but it's a topic that is still being discussed."] And, now Amazon Web Services (AWS) has announced that its just-released Bottlerocket Linux for containers is largely written in Rust.

Mozilla may have cut back on Rust's funding, but with Linux embracing Rust, after almost 30-years of nothing but C, Rust's future is assured. Rust was chosen because it lends itself more easily to writing secure software. Samartha Chandrashekar, an AWS Product Manager, said it "helps ensure thread safety and prevent memory-related errors, such as buffer overflows that can lead to security vulnerabilities." Many other developers agree with Chandrashekar.

Bottlerocket also improved its security by using Device-mapper's verity target. This is a Linux kernel feature that provides integrity checking to help prevent attackers from overwriting core system software or other rootkit type attacks. It also includes the extended Berkeley Packet Filter (eBPF), In Linux, eBPF is used for safe and efficient kernel function monitoring.
* Linus's exact words were "people are actively looking at, especially doing drivers and things that are not very central to the kernel itself, and having interfaces to do those, for example, in Rust. People have been looking at that for years now. I'm convinced it's going to happen one day."

The article also reminds readers that AWS's Bottlerocket "is also designed to be quick and easy to maintain... by including the bare essentials needed to run containers..."

"Besides its standard open-source elements, such as the Linux kernel and containerd container runtime, Bottlerocket's own code is licensed under your choice of either the Apache 2.0 or the MIT license."

Dev & Gear created a long list of YouTube channels that offer technical videos to help you learn web development from scratch or just improve your skills. Some of the channels listed include: LearnCode.academy, Dev Ed, Traversy Media, Codecourse, and Wes Bos.

Is your favorite YouTube channel for web development and programming included on the list? If not, let us know what it is in a comment.

A U.S. appeals court rejected Oracle's challenges to the Pentagon's disputed $10 billion cloud-computing contract. From a report: Oracle had raised a number of issues, including allegations of conflicts of interest with Amazon.com, and claims the Pentagon violate its own rules when it set up the contract to be awarded to a single firm. The U.S. Court of Appeals for the Federal Circuit affirmed a lower court ruling that Oracle wasn't harmed by any errors the Pentagon made in developing the contract proposal because it wouldn't have qualified for the contract anyway. Oracle was fighting its exclusion from seeking the lucrative cloud-computing deal, known as the Joint Enterprise Defense Infrastructure, or JEDI. The Pentagon awarded the contract to Microsoft in October over market leader Amazon Web Services. The project, which is valued at as much as $10 billion over a decade, is designed to help the Pentagon consolidate its technology programs and quickly move information to warfighters around the world.

Apple on Monday announced that its new App Store appeals process, first revealed at WWDC in June, is now live, meaning developers can challenge Apple over whether their app is in fact violating one of its guidelines. In addition to that, Apple says developers can also suggest changes to the App Store guidelines through a form submission on its online developer portal. From a report "For apps that are already on the App Store, bug fixes will no longer be delayed over guideline violations except for those related to legal issues. You'll instead be able to address guideline violations in your next submission," reads a note posted to Apple's developer website. "And now, in addition to appealing decisions about whether an app violates guidelines, you can suggest changes to the guidelines." These changes were introduced at WWDC on the heels of a rather public feud with software maker Basecamp, the creator of a new email service called Hey. Basecamp openly challenged Apple over whether it could distribute an iOS companion app to its email service without including in-app sign-up options, as Hey costs $99 a year and Basecamp felt it unnecessary to give Apple its standard 30 percent cut of that revenue (although Apple does only take 15 percent of in-app subscription revenue after one year of service). Apple, in response, held up the company's bug fixes and update capability.

An anonymous reader quotes Psychology Today: While software development jobs sound great right out of the gate, technology roles don't always offer a great career path. The entry-level salary is fantastic, and the job is fun. But five years on, the average developer reaches a senior role, and there aren't many more rungs on the technology career ladder. An article from 1998 in the New York Times reported that six years after finishing college, only 57 percent of computer science graduates were working as programmers. After 20 years, the figure dropped to 19 percent. In contrast, the figures for civil engineering were 61 percent and 52 percent...

It's not just about the money — it's at least as much about the control you have over what you do. And software developers these days have little say in what apps they build. "More than anything, what bothered me is the feeling that my work doesn't matter one way or another," said one of my friends before he quit his programming job. He continued, "You get into software thinking you'll build cool things, but instead, it's about jumping through hoops for business school people with bad ideas."

Rapid changes in technology make programming one of the fastest-moving careers. Avoiding burnout is the only way to have a long and sustainable career in tech. Veteran software developers often recommend to:

- Work at a place where you can grow. Constantly learning new things is a requirement in tech, but it's only sustainable if you can do it as part of the job.

- Build transferable skills. Many developers find it interesting to invest in learning leadership skills and explore technical management roles — those don't change as often as programming languages do.

- Have creative outlets and create a space to focus on yourself, to switch off and relax. Make sure you move enough, eat well, and spend quality time with friends and family.

Of course, there's always the nuclear option: make your money and get out.

Phoronix reports: As mentioned back in July, upstream Linux developers have been working to figure out a path for adding Rust code to the Linux kernel. That topic is now being further explored at this week's virtual Linux Plumbers Conference...

To be clear though, these Rust Linux kernel plans do not involve rewriting large parts of the kernel in Rust (at least for the foreseeable future...), there would be caveats on the extent to which Rust code could be used and what functionality, and the Rust support would be optional when building the Linux kernel. C would remain the dominant language of the kernel and then it's just a matter of what new functionality gets added around Rust if concerned by memory safety, concurrency, and other areas where Rust is popular with developers. Various upstream developers have been interested in Rust for those language benefits around memory safety and security as well as its syntax being close to C. There would be a to-be-determined subset of Rust to be supported by the Linux kernel.... While the Rust code would be optional, the developers do acknowledge there are limitations on where Rust is supported due to the LLVM compiler back-ends. But at least for x86/x86_64, ARM/ARM64, POWER, and other prominent targets there is support along with the likes of RISC-V.

Nothing firm has been determined yet but it's a topic that is still being discussed at the virtual LPC this week and surely over the weeks/months ahead on the kernel mailing list. There is Rust-For-Linux on GitHub with a prototype kernel module implementation. There is also the PDF slides from Thursday's talk on the matter.
It's not clear to me that this is a done deal. But the article argues that "it's still looking like it will happen, it's just a matter of when the initial infrastructure will be in place and how slowly the rollout will be..."

Friday night CNET reported: With a device surgically implanted into the skull of a pig named Gertrude, Elon Musk demonstrated his startup Neuralink's technology to build a digital link between brains and computers. A wireless link from the Neuralink computing device showed the pig's brain activity as it snuffled around a pen on stage Friday night.
Some reactions from Twitter:

- "The potential of #Neuralink is mind-boggling, but fuckkkk why would they use Bluetooth???"

- "they're using C/C++ too lmao"

But then videogame programming legend John Carmack responded: "Quality, reliable software can be delivered in any language, but language choice has an impact. For me, C would be a middle-of-the-road choice; better than a dynamic language like javascript or python, but not as good as a more modern strongly static typed languages.

However, the existence of far more analysis tools for C is not an insignificant advantage. If you really care about robustness, you are going to architect everything more like old Fortran, with no dynamic allocations at all, and the code is going to look very simple and straightforward.

So an interesting question: What are the aspects of C++ that are real wins for that style over C? Range checked arrays would be good. What else?
When asked "What's a better modern choice?" Carmack replied "Rust would be the obvious things, and I don't have any reason to doubt it would be good, but I haven't implemented even a medium sized application in it."

But then somewhere in the discussion, Elon Musk made a joke about C's lack of "class" data structures. Elon Musk responded: I like C, because it avoids class warfare
But then Musk also gave interesting responses to two more questions on Twitter: Which is your fav programming language? Python?

Elon Musk: Actually C, although the syntax could be improved esthetically

Could Neuralink simulate an alternate reality that could be entered at will, like Ready Player One? Implications for VR seem to be massive. Essentially, a simulation within a simulation if we're already in one ...

Elon Musk: Later versions of a larger device would have that potential

An anonymous reader quotes The New Stack: While there are some who may never get over the fact that the Istio service mesh, originally created by Google and IBM, will not be handed over to the Cloud Native Computing Foundation, the project took a big step this past week to assuage those who critiqued the project for being under a Google-majority control: Istio has introduced a new Istio steering committee.

According to the blog post, the new steering committee will consist of 13 seats, with four "elected Community Seats" and nine "proportionally allocated Contribution Seats," a change they say "solidifies our commitment to open governance, ensuring that the community around the project will always be able to steer its direction, and that no one company has majority voting control over the project." This final point is really the key to the announcement here, with them further and more explicitly clarifying later that "no single vendor, no matter how large their contribution, has majority voting control over the Istio project." To this end, they write, they have "implemented a cap on the number of seats a company can hold, such that they can neither unanimously win a vote, or veto a decision of the rest of the committee."

As for how those seats are allocated, the four Community Seats will consist of four representatives from four different organizations and will be chosen in an annual election. The nine Contribution Seats will be assigned to a minimum of three different companies "in proportion to contributions made to Istio in the previous 12 months," with this year's metric being merged pull requests.
But not everyone was satisfied. On Twitter AWS engineer Matthew S. Wilson called it "a crappy way to build a community," objecting to the way it's recognizing and rewarding open source contributions by company rather than by the individuals.

And Knative co-founder Matt Moore called it "what you get when a company wants to 'play community', but treat its employees as interchangeable cogs."

Facebook CEO Mark Zuckerberg took a swing at Apple on Thursday, calling the iPhone maker's app store monopolistic and harmful to customers during a company-wide meeting. From a report: "[Apple has] this unique stranglehold as a gatekeeper on what gets on phones," Zuckerberg said to more than 50,000 employees via webcast. He added that the Cupertino, California-based company's app store "blocks innovation, blocks competition" and "allows Apple to charge monopoly rents." While the Facebook CEO was specifically answering a question about Apple blocking gaming-related apps, his comments came at a time where authorities are scrutinizing both Silicon Valley giants for antitrust behavior. [...] Zuckerberg's comments were another signal that there's no love lost in the long-contentious relationship between the leader of the social network and the $2 trillion electronic device maker. "That's innovation that could really improve people's lives," Zuckerberg said on Thursday. "And Apple's just balking at it."

An anonymous reader quotes a report from ZDNet: A browser fingerprinting script is a piece of JavaScript code that runs inside a web page and works by testing for the presence of certain browser features. In an academic paper published earlier this month, a team of academics from the University of Iowa, Mozilla, and the University of California, Davis, has analyzed how popular browser fingerprinting scripts are used today by website operators. Using a machine learning toolkit they developed themselves and named FP-Inspector, the research team scanned and analyzed the top 100,000 most popular websites on the internet, according to the Alexa web traffic ranking.

"We find that browser fingerprinting is now present on more than 10% of the top-100K websites and over a quarter of the top-10K websites," the research team said. However, the research team also points out that despite the large number of websites that are currently using browser fingerprinting, not all scripts are used for tracking. Some fingerprinting scripts are also used for fraud detection since automated bots tend to have the same or similar fingerprints, and fingerprinting scripts are a reliable method of detecting automated behavior. Additional details about the team's research can be found in a paper named "Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors," set to be presented at the IEEE Symposium on Security and Privacy, next year, in May 2021. If you're concerned about the findings, you can block fingerprinting scripts by enabling anti-fingerprinting protections in your respective browser settings or by installing an ad blocker extension.

Google today released the alpha version of Jetpack Compose, its UI toolkit for helping developers "build beautiful UI across all Android platforms, with native access to the platform APIs." From a report: While an alpha release means it is definitely not production ready, Jetpack Compose promises to let Android developers build apps using "dramatically less code, interactive tools, and intuitive Kotlin APIs." The alpha release also includes new tools including Animations, Constraint Layouts, and performance optimizations. Android Jetpack, which Google launched at its I/O 2018 developer conference, is a set of components for speeding up app development. Think of it as the successor to Support Library, a set of components that makes it easier to leverage new Android features while maintaining backwards compatibility. Jetpack Compose, which Google first showed off at its I/O 2019 developer conference, is an unbundled toolkit meant to simplify UI development by combining a reactive programming model with Kotlin.

The open-source project behind Julia, a programming language for data scientists, has revealed which languages users would shift to if they decided no longer to use Julia. From a report: Julia, a zippy programming language that has roots at MIT, has published the results of its 2020 annual user survey. The study aims to uncover the preferences of those who are building programs in the language. [...] Last year, 73% of Julia users said they would use Python if they weren't using Julia, but this year 76% nominated Python as the other language. MATLAB, another Julia rival in statistical analysis, saw its share of Julia users as a top alternative language drop from 35% to 31% over the past year, but C++ saw its share on this metric rise from 28% to 31%. Meanwhile, R, a popular statistical programming language with a dedicated crowd, also declined from 27% to 25%.

Nicolas Rougier, a computational neuroscientist and programmer at INRIA, the French National Institute for Research in Digital Science and Technology in Bordeaux, writes: I organized with [Konrad Hinsen, a theoretical biophysicist at the French National Centre for Scientific Research (CNRS) in Orleans] the "Ten Years Reproducibility Challenge," whose goal was to check if researchers would be able to run their own code that has been published at least ten years ago (i.e. before 2010). Most participants managed to run it, but it was not without pain. Today, Nature published an article summarizing the different problems we encountered. I myself tried to re-run an Apple II program I wrote 32 years ago on a vintage Apple IIe. This was quite instructive, especially regarding modern software system with the dependencies hell.

NoMoreACs shares a report: On Friday, the internet erupted in a small way to learn that Apple had successfully forced WordPress to monetize its free app -- forcing it to sell premium plans and custom domain names seemingly just so that Apple could get its traditional 30 percent cut. But one afternoon and evening of surprise and outrage later, Apple is backing off. The company is issuing a rare on-the-record apology, and it says that WordPress will no longer have to add in-app purchases now that all is said and done.

Here's Apple's full statement: "We believe the issue with the WordPress app has been resolved. Since the developer removed the display of their service payment options from the app, it is now a free stand-alone app and does not have to offer in-app purchases. We have informed the developer and apologize for any confusion that we have caused." You'll notice that Apple is positioning this as the developer -- WordPress -- having done the right thing and removed the "display of their service payment options from the app," and to my knowledge that is technically true. But as far as I'm aware, that didn't happen today: it happened weeks or months ago.

Rita Liao, reporting for TechCrunch: The technological decoupling between the U.S. and China has been a boon to Chinese firms -- from chipmakers for smartphones and electric vehicles through to software -- that are the backbones of millions of businesses' daily operations. Chinese companies might have established a firm grip on internet services for consumers, but many fundamental technologies undergirding hardware and enterprise software remain in the hands of Western companies. As tech businesses become increasingly entangled in broader geopolitical disputes, their users and clients are feeling the heat. Another area that has made the tech community restless is source code hosting. Chinese developers rely heavily on GitHub, as evident from an apparent government ban of the site in 2013 that prompted former Google China head Kai-Fu Lee to speak out. Now the China developer community is wary that political conflict may inflict GitHub.

[...] Seven-year-old Gitee is at the center of China's push to localize businesses' source codes. The Ministry of Industry and Information Technology (MIIT), one of China's top tech policymakers, recently picked (in Chinese) Gitee to construct an "independent, open-source code hosting platform for China." The project will be carried out by a consortium led by Open Source China, the Shenzhen-based firm behind its namesake open-source community and Gitee. The hosting service appears to be a government-led effort with support from research universities and participation from the private sector -- a group of 10 organizations including Huawei, which is itself suffering from supply chain disruption amid the political storm.

Matt Asay, a former COO of Canonical now working at AWS, argues that the question of open source sustainability "is really a people problem."

But to make the case, he cites comments by Tobie Langel, formerly W3C's testing lead (and a former member of Facebook's Open Source and Web Standards Team) who's now founded an open-source strategies consulting firm whose clients include Mozilla, Intell, Google, and Microsoft. Much of the "open source sustainability" discussion has focused on the one thing that really needs no help being sustained: software. As Tobie Langel rightly points out, "Open source code isn't a scarce resource. It's the exact opposite, actually: It's infinitely reproducible at zero cost to the user and to the ecosystem." Nor is sustainability really a matter of funding, though this gets closer to the truth.

No, open source sustainability is really a people problem. Or, as Langel highlights, "In open source, the maintainers working on the source code are the scarce resource that needs to be protected and nurtured."

Over the past several weeks, I've interviewed a number of maintainers for popular open source projects. In every case, they talked about how they contribute because it's fun, but also acknowledged that some aspects of open source development can make it decidedly "un-fun" (e.g., demanding users who complain about missing features or existing bugs but don't contribute code or fixes). Most have found ways to turn their passion into financial independence, but Langel stresses that cash is critical to keeping open source humming along... "Without revenue, there is no maintenance, and without maintenance, the commons becomes toxic very quickly... As new security issues are discovered, open source code that isn't updated becomes a security risk..."

Langel is absolutely correct to argue, "In an ecosystem with infinite resources, the attention needs to be on the people taking care of and maintaining that resource, because that's where the bottleneck is." Again, that's partly a question of money, but it's even more a question of treating people with dignity and respect, while making open source communities a fun, welcoming place.

Though Mozilla laid off 250 people last week, the Rust Core Team wrote a blog post Tuesday reminding the world that "the Rust project as a whole is very resilient to such events..." it is a common misconception that all of the Mozilla employees who participated in Rust leadership did so as a part of their employment. In fact, many Mozilla employees in Rust leadership contributed to Rust in their personal time, not as a part of their job. Finally, we would like to emphasize that membership in Rust teams is given to individuals and is not connected to one's employer. Mozilla employees who are also members of the Rust teams continue to be members today, even if they were affected by the layoffs...
But they've still got some news: We've developed legal and financial needs that our current organization lacks the capacity to fulfill. While we were able to be successful with Mozilla's assistance for quite a while, we've reached a point where it's difficult to operate without a legal name, address, and bank account. "How does the Rust project sign a contract?" has become a question we can no longer put off....

The Rust Core Team and Mozilla are happy to announce plans to create a Rust foundation. The Rust Core Team's goal is to have the first iteration of the foundation up and running by the end of the year... The various trademarks and domain names associated with Rust, Cargo, and crates.io will move into the foundation, which will also take financial responsibility for the costs they incur.... As an immediate step the Core Team has selected members to form a project group driving the efforts to form the foundation. Expect to see follow-up blog posts from the group with more details about the process and opportunities to give feedback...

We're excited to start the next chapter of the project by forming a foundation. We would like to thank everyone we shared this journey with so far: Mozilla for incubating the project and for their support in creating a foundation, our team of leaders and contributors for constantly improving the community and the language, and everyone using Rust for creating the powerful ecosystem that drives so many people to the project. We can't wait to see what our vibrant community does next.

An anonymous reader quotes a report from Forbes: The security research team at Comparitech today disclosed how an unsecured database left almost 235 million Instagram, TikTok and YouTube user profiles exposed online in what can only be described as a massive data leak. The data was spread across several datasets; the most significant being two coming in at just under 100 million each and containing profile records apparently scraped from Instagram. The third-largest was a dataset of some 42 million TikTok users, followed by just under 4 million YouTube user profiles.

Comparitech says that, based on the samples it collected, one in five records contained either a telephone number or email address. Every record also included at least some, sometimes all, the following information: Profile name; Full real name; Profile photo; and Account description. Statistics about follower engagement, including: Number of followers; Engagement rate; Follower growth rate; Audience gender; Audience age; Audience location; Likes; Last post timestamp; Age; and Gender. "The information would probably be most valuable to spammers and cybercriminals running phishing campaigns," Paul Bischoff, Comparitech editor, says. "Even though the data is publicly accessible, the fact that it was leaked in aggregate as a well-structured database makes it much more valuable than each profile would be in isolation," Bischoff adds. Indeed, Bischoff told me that it would be easy for a bot to use the database to post targeted spam comments on any Instagram profile matching criteria such as gender, age or number of followers. The data appeared to have originated from a company called Deep Social, which was banned by both Facebook and Instagram in 2018 after scraping user profile data. The company was wound down sometime after this.

The researchers reached out to Deep Social, which then forwarded the disclosure to a Hong Kong-registered social media influencer data-marketing company called Social Data. Social Data shut down the database about three hours after the researchers' initial email. "Social Data has denied any connection between itself and Deep Social," reports Forbes, citing Comparitech.

President Trump voiced support on Tuesday for Oracle to buy the U.S. operations of TikTok, adding a fresh wrinkle to the bidding for the Chinese-owned video-sharing app. From a report: Oracle is a new entrant in the negotiations for TikTok, whose owner ByteDance is facing a fall deadline from the Trump administration to divest itself of its U.S. operations. Oracle, a giant in business software, has had preliminary discussions about teaming with some of ByteDance's existing minority investors to buy TikTok's U.S. operations but it isn't clear how advanced the talks are, said people familiar with the matter. Microsoft said earlier this month it was in negotiations with ByteDance, and that it was coordinating with the White House. Twitter is also exploring a bid, The Wall Street Journal previously reported.

Oracle has closer ties to the White House than most other parties involved in the bidding. Larry Ellison, the company's co-founder, chairman and largest shareholder, earlier this year threw a fundraiser at his house for the president. Chief Executive Safra Catz also worked on the executive committee for the Trump transition team in 2016. Asked Tuesday if Oracle would be a good buyer for TikTok, President Trump said, "Well I think Oracle is a great company and I think its owner is a tremendous guy, a tremendous person. I think that Oracle would be certainly somebody that could handle it."

When people build a database to manage reading lists or feed their neighbors, that's coding -- and culture. From an essay: We are past the New York City Covid-19 peak. Things have started to reopen, but our neighborhood is in trouble, and people are hungry. There's a church that's opened space for a food pantry, a restaurant owner who has given herself to feeding the neighborhood, and lots of volunteers. [...] It's a complex data model. It involves date fields, text fields, integers, notes. You need lots of people to log in, but you need to protect private data too. You'd think their planning conversations would be about making lots of rice. But that is just a data point. The tool the mutual aid group has settled on to track everything is Airtable, a database-as-a-service program. You log in and there's your database. There are a host of tools like this now, "low-code" or "no-code" software with names like Zapier or Coda or Appy Pie. At first glance these tools look like flowcharts married to spreadsheets, but they're powerful ways to build little data-management apps. Airtable in particular keeps showing up everywhere for managing office supplies or scheduling appointments or tracking who at WIRED has their fingers on this column. The more features you use, the more they charge for it, and it can add up quickly. I know because I see the invoices at my company; we use it to track projects.

"Real" coders in my experience have often sneered at this kind of software, even back when it was just FileMaker and Microsoft Access managing the flower shop or tracking the cats at the animal shelter. It's not hard to see why. These tools are just databases with a form-making interface on top, and with no code in between. It reduces software development, in all its complexity and immense profitability, to a set of simple data types and form elements. You wouldn't build a banking system in it or a game. It lacks the features of big, grown-up databases like Oracle or IBM's Db2 or PostgreSQL. And since it is for amateurs, the end result ends up looking amateur. But it sure does work. I've noticed that when software lets nonprogrammers do programmer things, it makes the programmers nervous. Suddenly they stop smiling indulgently and start talking about what "real programming" is. This has been the history of the World Wide Web, for example. Go ahead and tweet "HTML is real programming," and watch programmers show up in your mentions to go, "As if." Except when you write a web page in HTML, you are creating a data model that will be interpreted by the browser. This is what programming is. Code culture can be solipsistic and exhausting. Programmers fight over semicolon placement and the right way to be object-oriented or functional or whatever else will let them feel in control and smarter and more economically safe, and always I want to shout back: Code isn't enough on its own. We throw code away when it runs out its clock; we migrate data to new databases, so as not to lose one precious bit. Code is a story we tell about data.