Google

Google Gives Android TV Developers Instant Apps, Speech-to-Text, and Predictive Typing (venturebeat.com) 10

An anonymous reader shares a report: Even before the pandemic, the battle to own your living room was reaching a boiling point. Now the big screen is bigger than ever as 2020 accelerates the streaming wars and raises the smart TV platform stakes. Naturally, Google is making every effort to avoid being left behind. Today the company gave Android TV developers new tools, including Google Play Instant, the Play Store in the emulator, PIN code purchases, Gboard TV, auto low latency mode, and leanback library improvements. [...] Google says Android TV now works with seven of the top 10 smart TV OEMs and over 160 TV operators. The company also added that there are now "over 80% more Android TV monthly active devices than a year ago," but didn't divulge raw numbers. Developers have built about 7,000 apps for Google Play on Android TV, to date, up from 5,000 in April 2019.
Intel

Will We Someday Write Code Just By Describing It? (zdnet.com) 158

Using millions of programs in online repositories, Intel, Georgia Tech, and MIT researchers created a tool called MISIM (Machine Inferred code Similarity) with a database of code scored by the similarity of its outcomes to suggest alternatives (and corrections) to programmers.

The hope is "to aid developers with nitty-gritty choices like 'what is the most efficient way to use this API' or 'how can I correctly validate this input',"Ryan Marcus, scientist at Intel Labs, told ZDNet. "This should give engineers a lot more time to focus on the elements of their job that actually create a real-world impact..." Justin Gottschlich, the lead for Intel's "machine programming" research team, told ZDNet that as software development becomes ever-more complex, MISIM could have a great impact on productivity. "The rate at which we're introducing senior developers is not on track to match the pace at which we're introducing new chip architectures and software complexity," he said. "With today's heterogeneous hardware — CPUs, GPUs, FPGAs, ASICs, neuromorphic and, soon, quantum chips — it will become difficult, perhaps impossible, to find developers who can correctly, efficiently, and securely program across all of that hardware."

But the long-term goal of machine programming goes even further than assisting software development as it stands today. After all, if a technology can assess intent and come up with relevant snippets of code in response, it doesn't seem far-fetched to imagine that the algorithm could one day be used by any member of the general public with a good software idea. Combined with natural language processing, for example, MISIM could in theory react to verbal clues to one day let people write programs simply by describing them. In other words, an Alexa of sorts, but for software development.

Gottschlich explained that software creation is currently limited to the 27 million people around the world who can code. It is machine programming's ultimate goal to expand that number and one day, let people express their ideas in some other fashion than code — be it natural language, visual diagrams or even gestures.

Intel currently plans to use the new tool internally.
Government

Government's PACER Fees Are Too High, Federal Circuit Says (bloomberglaw.com) 17

An anonymous reader quotes a report from Bloomberg Law: The U.S. government charges too much for access to an electronic database of federal court records, the Federal Circuit ruled in a decision curbing a revenue stream the court system uses to help fund other programs. The U.S. Court of Appeals for the Federal Circuit affirmed a lower court's decision that the government was not authorized under federal law to spend $192 million in Public Access to Court Records system fees on court technology projects. The lower court "got it just right" when it limited the government's use of PACER revenues to the costs of operating the system, the court said in a precedential opinion Thursday.

"We agree with plaintiffs and amici that the First Amendment stakes here are high," the court said. But it said it doesn't foresee the lower court's interpretation "as resulting in a level of user fees that will significantly impede public access to courts." The ruling is a win for public access to court information, as PACER fees will go down if the ruling withstands a possible government appeal. But access still won't be free, despite calls for the government to stop charging for it. The Federal Circuit said it was up to Congress to decide whether to require free access. Challengers said PACER fees were too high, while the government said the middle ground reached by the lower court made the fees too low. Fees for downloading a copy of a filing run 10 cents per page, up to $3 per document. The Administrative Office of the U.S. Courts collected more than $145 million in fees in 2014 alone, according to the complaint in the case. Under a 2020 change to the fee waiver rules, about 75% of users pay nothing each quarter.

IBM

Frances E. Allen, the First Woman To Win the Turing Award, Dies At 88 (ibm.com) 19

Frances "Fran" Allen, a pioneer in the world of computing, the first female IBM Fellow and the first woman to win the Turing Award, died on August 4, 2020, the day of her 88th birthday. IBM writes in a blog post remembering Allen: As a pioneer in compiler organization and optimization algorithms, Fran made seminal contributions to the world of computing. Her work on inter-procedural analysis and automatic parallelization continues to be on the leading edge of compiler research. She successfully reduced this science to practice through the transfer of this technology to products such as the STRETCH HARVEST Compiler, the COBOL Compiler, and the Parallel FORTRAN Product. As much as Fran will be remembered for her technical vision and her foundational work in computing, she will equally be remembered for her passion to inspire and mentor others, fostering an environment of perseverance and hard work throughout the IBM community.

Starting as a programmer, Fran's first assignment at IBM was to teach the research community FORTRAN, a new complex language IBM had announced just three months before. This was the start of Fran's career-long focus on compilers for high-performance computing. Following FORTRAN, Fran became one of three designers for IBM's Stretch-Harvest project in the late 1950's and early 1960's. As the language liaison with IBM's client, the National Security Agency (NSA), Fran helped design and build Alpha, a very high-level code breaking language which featured the ability to create new alphabets beyond the system defined alphabets.

An Experimental Compiler for IBM's Advanced Computing System (ACS) became her next project. Fran designed and built the machine-independent, language-independent optimizing component of the compiler. The result was a tool to help drive the hardware design and a new way to analyze and transform programs. This work led to Fran's seminal paper on Program Optimization, first published in 1966, describing a robust new framework for implementing program analysis and optimization as well as a powerful set of new algorithms. Fran's 1970 paper on Control Flow analysis introduced the notion of "intervals" and node dominance relations, important improvements over the control flow abstractions given in her earlier paper. Her 1972 paper, "A Catalog of Optimizing Transformations," identified and discussed many of the transformations commonly used today.

Python

InfoWorld Lists 'Four Powerful Features Python is Still Missing' (infoworld.com) 79

InfoWorld's senior writer calls Python a "living language," citing its recent addition of the "walrus operator" for in-line assignments and the newly-approved pattern matching.

"And they're only two of a slew of useful features that could be added to Python to make the language more expressive, more powerful, more suited to the modern programming world. What else might we wish for?" True constants - Python doesn't really have the concept of a constant value... [E]very time a name is used, Python goes to the trouble of looking up what object it's pointing at. This dynamism is one of the chief reasons Python runs more slowly than some other languages. Python's dynamism offers great flexibility and convenience, but it comes at the cost of runtime performance. One advantage of having true constant declarations in Python would be some reduction in the frequency of object lookups that take place during runtime, and thus better performance. If the runtime knows ahead of time that a given value never changes, it doesn't have to look up its bindings...

True overloading and generics - In many languages, multiple versions of the same function can be written to work with different kinds of input... PEP 3124, advanced in April 2007, proposed a mechanism for decorating functions to indicate they could be overloaded. The proposal was deferred rather than being rejected outright — meaning the idea was fundamentally sound, but the time wasn't right to implement it. One factor that might speed the adoption of overloading in Python — or cause the idea to be ditched entirely — is the implementation of the newly proposed pattern matching system.

In theory, pattern matching could be used under the hood to handle overload dispatch. However, pattern matching could also be given as a rationale for not implementing generics in Python, since it already provides an elegant way to dispatch operations based on type signatures. So we might get true overloading in Python one day, or its advantages might be superseded by other mechanisms.

The article lists two more features Python "probably won't get" — starting with multiline lambdas (anonymous functions). Guido van Rossum had argued in 2006 he couldn't find an acceptable syntax, and the article argues "there is probably no way to do it that doesn't involve creating a special case." And it argues the final missing feature is tail recursion optimizations, "where functions that call themselves don't create new stack frames in the application, and thus risk blowing up the stack if they run for too long.

"Python doesn't do this, and in fact its creators have consistently come out against doing so."
Java

Python Overtakes Java in New Language Popularity Ranking, As Rust Reaches Top 20 (zdnet.com) 91

"Programming language Python is now firmly the second most popular programming language, for the first time knocking Java out of the top two places in RedMonk's language popularity rankings," reports ZDNet: It's the first time since 2012 that Java is not one of the top two most popular languages in the developer analyst firm's programming language popularity list. The company's previous rankings in March placed machine-learning propelled Python in a tie for second place with Java, behind JavaScript.

RedMonk's influential programming popularity rankings are based on GitHub and Stack Overflow data. The company combines them "for a ranking that attempts to reflect both code (GitHub) and discussion (Stack Overflow) traction", says RedMonk analyst Stephen O'Grady, who notes "all numerical rankings should be taken with a grain of salt....

"Python is the first non-Java or JavaScript language ever to place in the top two of these rankings by itself, and would not have been the obvious choice for that distinction in years past," O'Grady notes, comparing it to Perl in its heyday because it has become a "language of first resort" and the "glue" for thousands of small projects, while enjoying high adoption in growing categories such as data science...

Five-year-old systems-programming language Rust, created by Mozilla, has hit a more positive milestone, for the first time becoming the 20th most popular language in RedMonk's rankings.

Last week IEEE Spectrum also declared Python "dominated" their assessment of language popularity (compiled from 11 different online metrics), followed by Java and C (and then C++ and JavaScript).
Programming

Is It Possible to Implement Faster Binary Searches? (github.com) 98

Last week Slashdot reader scandum described the search for the most efficient sorting algorithm.

Now he's back, touting a new implementation for binary searches (using the same GitHub repo, and written in 15 to 30 lines of C code) that he says may be "up to 40%" faster for 32-bit integers. ("Keep in mind performance will vary depending on hardware and compiler optimizations.") The most commonly used binary search variant was first published by Hermann Bottenbruch in 1962 and hasn't notably changed since. Binary searches are one of the corner stones of computer science...

The reason the algorithms are faster appears to be a combination of simpler calculations, branch prediction, and a reduction in cache misses.

The Almighty Buck

Apple Does Not Keep the 30% Commission On a Refund [Update] 60

When a customer gets refunded for an app they purchased, Apple doesn't refund the 30% cut they took from the developer, says developer Simeon Saens of Two Lives Left. While [online] payment processors generally don't refund fees on refunded payments, "the App Store doesn't position itself as a payments processor the way Stripe does, so it sounds really weird that they would act like one," writes HN user chadlavi. Epic Games CEO Tim Sweeney says in a tweet: This is a critical consideration in these 30% store fees. They come off the top, before funding any developer costs. As a result, Apple and Google make more profit from most developers' games than the developers themselves. That is terribly unfair and exploitative. "If the app store took a 3% chunk and never refunded it regardless of the ongoing status of the transaction, that would put them right in line with other payment processors," adds chadlavi. "It would also still net them billions of dollars, I think!"

UPDATE: In a follow-up tweet, Simeon says he "was mistaken in my original (now deleted) tweet." He adds: "Apple does not keep the 30% commission on a refund the refund happens as you'd expect. I don't know where I got the idea that it worked the way I thought it did."

Slashdot reader ravenscar did some digging in the Apple developer forums and found that "Apple has the right to keep its 30%... [but] rarely exercises this right and most developers see a 1 to 1 relationship on funds received vs funds refunded in these situations." They go on to say: "I can't find any cited examples of Apple keeping the commission."
The Internet

Cloudflare Launches Workers Unbound, the Next Evolution of Its Serverless Platform (techcrunch.com) 32

Cloudflare today announced the private beta launch of Workers Unbound, the latest step in its efforts to offer a serverless platform that can compete with the likes of AWS Lambda. TechCrunch reports: The company first launched its Workers edge computing platform in late 2017. Today it has "hundreds of thousands of developers" who use it, and in the last quarter alone, more than 20,000 developers built applications based on the service, according to the company. Cloudflare also uses Workers to power many of its own services, but the first iteration of the platform had quite a few limitations. The idea behind Workers Unbound is to do away with most of those and turn it into a platform that can compete with the likes of AWS, Microsoft and Google. Cloudflare aims to expose to third-party developers all of the services it builds for its internal consumption. The original Workers service will continue to operate (but under the Workers Bundled moniker) and essentially become Cloudflare's serverless platform for basic workloads that only run for a very short time. Workers Unbound -- as the name implies -- is meant for more complex and longer-running processes.

When it first launched Workers, the company said that its killer feature was speed. Today, [CEO Matthew Prince] argues that speed obviously remains an important feature -- and Cloudflare Workers Unbound promises that it essentially does away with cold-start latencies. But developers also adopted the platform because of its ability to scale and its price. Indeed, Workers Unbound, Cloudflare argues, is now significantly more affordable than similar offerings. "For the same workload, Cloudflare Workers Unbound can be 75% percent less expensive than AWS Lambda, 24 percent less expensive than Microsoft Azure Functions, and 52 percent less expensive than Google Cloud Functions," the company says in today's press release.

Another feature Prince highlighted is regulatory compliance. "I think the thing we're realizing as we talk to our largest enterprise customers is that for real companies -- not just the individual developer hacking away at home -- but for real businesses in financial services or anyone who has to deal with a regulated industry, the only thing that trumps ease of use is regulatory compliance, which is not sexy or interesting or anything else but like if your GC says you can't use XYZ platform, then you don't use XYZ platform and that's the end of the story," Prince noted. Speed, though, is of course something developers will always care about. Prince stressed that the team was quite happy with the 5ms cold-start times of the original Workers platform. The way the team engineered this is by queuing up the process while the two servers are still negotiating their TLS handshake. Cloudflare also argues that developers can update their code and have it go live globally within 15 seconds. Another area the team worked on was making it easier to use the service in general. Among the key new features here is support for languages like Python and a new SDK that will allow developers to add support for their favorite languages, too.

Python

Python 'Dominates' IEEE Spectrum's 2020 List of Top Programming Languages (ieee.org) 155

IEEE Spectrum's August issue will include an article titled "The Top Programming Languages."

Calculated using metrics from 11 online sources, it concludes that "One thing remains constant: the dominance of Python." Our default ranking is weighted toward the interests of an IEEE member, and looking at the top entries, we see that Python has held onto its comfortable lead, with Java and C once again coming in second and third place, respectively. Arduino has seen a big jump, rising from 11th place to seventh. (Purists may argue that Arduino is not a language but rather a hardware platform that is programmed using a derivative of Wiring, which itself is derived from C/C++. But we have always taken a very pragmatic approach to our definition of "programming language," and the reality is that when people are looking to use an Arduino-compatible microcontroller, they typically search for "Arduino code" or buy books about "Arduino programming," not "Wiring code" or "C programming.")

One interpretation of Python's high ranking is that its metrics are inflated by its increasing use as a teaching language: Students are simply asking and searching for the answers to the same elementary questions over and over. There's an historical parallel here. In the 1980s, BASIC was very visible... But few professional programmers used it, and when the home computer bubble burst, so did BASIC's, although some advanced descendants like Microsoft Visual Basic are still relatively popular professionally.

There are two counterarguments, though: The first is that students are people, too! If we pay attention only to what professional and expert coders do, we're at risk of missing an important part of the picture. The second is that, unlike BASIC, Python is frequently used professionally and in high-profile realms, such as machine learning, thanks to its enormous collection of high quality, specialized libraries.

C++ came in fourth, followed by JavaScript, R, "Arduino," Go, Swift, and Matlab.

But because different programmers have different needs, they've also created a special interactive version of their rankings online, "allowing you to weight the metrics as you see fit... "
Databases

'Meow' Attack Has Now Wiped Nearly 4,000 Databases (arstechnica.com) 54

On Thursday long-time Slashdot reader PuceBaboon wrote: Ars Technica is reporting a new attack on unprotected databases which, to date, has deleted all content from over 1,000 ElasticSearch and MongoDB databases across the 'net, leaving the calling-card "meow" in its place.

Most people are likely to find this a lot less amusing than a kitty video, so if you have a database instance on a cloud machine, now would be a good time to verify that it is password protected by something other than the default, install password...

From the article: The attack first came to the attention of researcher Bob Diachenko on Tuesday, when he discovered a database that stored user details of the UFO VPN had been destroyed. UFO VPN had already been in the news that day because the world-readable database exposed a wealth of sensitive user information... Besides amounting to a serious privacy breach, the database was at odds with the Hong Kong-based UFO's promise to keep no logs. The VPN provider responded by moving the database to a different location but once again failed to secure it properly. Shortly after, the Meow attack wiped it out.
"Attacks have continued and are getting closer to 4,000," reports Bleeping Computer. "A new search on Saturday using Shodan shows that more than 3,800 databases have entry names matching a 'meow' attack. More than 97% of them are Elastic and MongoDB."
Programming

Is There a Sorting Algorithm Faster than Quicksort and Timsort? (github.com) 130

When asked for the most efficient way to sort a million 32-bit integers in 2008, then-presidential candidate Barack Obama answered, "I think the bubble sort would be the wrong way to go."

But people are still searching for the best possible sorting algorithms, explains Slashdot reader scandum: Long has the conviction been held that quicksort is faster than merge sort. Timsort (derived from merge sort and insertion sort) was introduced in 2002 and while slower than quicksort for random data, Timsort performs better on ordered data.

Quadsort (derived from merge sort) was introduced in 2020 and is faster than quicksort for random data, and slightly faster than Timsort on ordered data.

Also of notice is the significant performance difference on small arrays, quadsort is on average two times faster than Timsort on data sets between 10 and 1000 elements. Quadsort achieves this performance through several optimizations spread out over 1500 lines of code that get the maximum performance out of merge sort.

Quadsort's GitHub page explains: After the first round of sorting a single if check determines if the four swap variables are sorted in order, if that's the case the swap finishes up immediately. Next it checks if the swap variables are sorted in reverse-order, if that's the case the sort finishes up immediately. If both checks fail...two checks remain to determine the final order.
Privacy

Security Breach Exposes More Than One Million DNA Profiles On Major Genealogy Database (buzzfeednews.com) 28

An anonymous reader quotes a report from BuzzFeed News: On July 19, genealogy enthusiasts who use the website GEDmatch to upload their DNA information and find relatives to fill in their family trees got an unpleasant surprise. Suddenly, more than a million DNA profiles that had been hidden from cops using the site to find partial matches to crime scene DNA were available for police to search. The news has undermined efforts by Verogen, the forensic genetics company that purchased GEDmatch last December, to convince users that it would protect their privacy while pursuing a business based on using genetic genealogy to help solve violent crimes.

A second alarm came on July 21, when MyHeritage, a genealogy website based in Israel, announced that some of its users had been subjected to a phishing attack to obtain their log-in details for the site -- apparently targeting email addresses obtained in the attack on GEDmatch just two days before. In a statement emailed to BuzzFeed News and posted on Facebook, Verogen explained that the sudden unmasking of GEDmatch profiles that were supposed to be hidden from law enforcement was "orchestrated through a sophisticated attack on one of our servers via an existing user account." "As a result of this breach, all user permissions were reset, making all profiles visible to all users. This was the case for approximately 3 hours," the statement said. "During this time, users who did not opt in for law enforcement matching were available for law enforcement matching and, conversely, all law enforcement profiles were made visible to GEDmatch users." It's unclear whether any unauthorized profiles were searched by law enforcement.

IOS

Apple Will Start Sending Special Devices To iPhone Hackers (vice.com) 13

Apple has announced that it will send special devices that make it easier to find flaws and vulnerabilities in its mobile operating system iOS to iPhone hackers that apply and qualify for a program the company announced last year. From a report: The program might make some hackers less likely to engage in the underground market for stolen prototype iPhones hackers currently use to research iPhone security, and encourage them to share their findings with Apple. In a new website published on Wednesday, Apple wrote that the program "features an iPhone dedicated exclusively to security research, with unique code execution and containment policies." It's called the Security Research Device Program. Security researchers can apply for it starting today and Apple told Motherboard that if they qualify they will receive the devices soon. Apple doesn't have a goal in terms of how many of these devices it wants to send out, and all you need to qualify is having a public track record of security research, not only on iPhone but also on other popular devices and software like Android phones, Windows, or Linux.
Apple

Apple Hires Economists To Help Prove Its App Store Commissions Aren't Anti-Competitive (cnet.com) 59

Ahead of an antitrust hearing on Capitol Hill next week, Apple is fighting back against the perception that its App Store charges onerous commission rates to developer by hiring economists from the firm Analysis Group, who said the tech giant's fees were similar to competitors. From a report: The research, published Wednesday, collected commission rates reported on or disclosed by app stores from Amazon, Google, Microsoft, Samsung and others. The company's economists also studied ticket resale marketplaces, game stores and ride-hailing apps. Overall, the economists said the commissions charged were similar, though stores generally offered different features for consumers and developers. "The commission rates charged by digital marketplaces most similar to the App Store, such as other app stores and video game digital marketplaces, are generally around 30%," the economists wrote in study [PDF]. The economists also broadly defended these commission rates, saying this system "lower the barriers to entry for small sellers and developers by minimizing upfront payments, and reinforce the marketplace's incentive to promote matches that generate high long-term value." The economists didn't look into whether the fees stifle innovation or are fair, concerns developers have raised.
Encryption

Rare and Hardest To Crack Enigma Code Machine Sells For $437,000 (zdnet.com) 46

An anonymous reader writes: A rare 1944 four-rotor M4 Enigma cipher machine, considered one of the hardest challenges for the Allies to decrypt, has sold at a Christie's auction for $437,955. As noted by Christie's, the M4 Enigma has a special place in computing history as the Allied efforts to break its encryption led to the development of the first programmable computer, the one developed at Bletchley Park that was used to secretly break the M4, giving Allied forces visibility into German naval planning during the Battle of the Atlantic until its surrender in mid-1945.

The M4 Enigmas are considered rare because they were made in smaller numbers than three-rotor machines. After Germany capitulated, the country ordered troops to destroy remaining Enigmas in order to keep them from Allied forces. After the war Winston Churchill also ordered all remaining Enigmas destroyed to help preserve the secret of Allied decoding successes at Bletchley. The M4 Enigmas were made on the order of Admiral Karl Donitz, the commander of the German U-boat fleet, who had concerns over repeated Allied successes against his submarines. The M4 became available to the U-boat fleet in May 1941, preventing Allies from knowing where German's U-boats were positioned for almost a year until Turing and Joe Desch in Dayton, Ohio developed the computer that broke M4 encryption to decipher German messages. By mid-1943 the majority of M4 Enigma messages were being read by the Allies, but it was not until the 1970s that knowledge of the Allied successes against the Enigma was made public.
"Rival auction house Sotheby's sold an M4 Enigma last year for $800,000, which may have reached a higher selling price because it was one of one of 15 Enigma machines found in a bunker at Germany's key Northern European naval base in Trondheim, Norway, which Germany had occupied since 1940," adds ZDNet.
Programming

Are Whiteboard Coding Interviews Just Testing For Social Anxiety? (theregister.com) 196

An anonymous reader quotes The Register: People applying for software engineering positions at companies are often asked to solve problems on a whiteboard, under the watchful eye of an interviewer, as a way to assess technical problem solving skills. But recent research suggests that whiteboard technical tests — so daunting to job seekers that there are books on how to deal with them — often fail to assess technical skill, according to new research. Instead, they're all about pressure.

In a paper to be presented later this year at the ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, researchers from North Carolina State University and Microsoft in the U.S. argue that whiteboard sessions test for stage fright rather than, y'know, coding competency... "A technical interview has an uncanny resemblance to the Trier Social Stress Test, a procedure used for decades by psychologists and is the best known 'gold standard' procedure for the sole purpose of reliably inducing stress." As a consequence, whiteboard interviews may fail to assess coder competency. Rather, the researchers argue, they measure how well job candidates handle anxiety....

In essence, social anxiety took otherwise qualified job candidates out of the running because of the circumstances of the interview.

Programming

'Will 2020 Be The Year Of Rust In The Linux Kernel?' (hackaday.com) 95

An intriguing exchange happened on the Linux Kernel Mailing List after a post by Nick Desaulniers, a Google software engineer working on compiling the Linux Kernel with Clang (and LLVM). Hackaday reports: Nick simply tested the waters for a possible future of Rust within the Linux kernel code base, which is something he's planning to bring up for discussion in this year's Linux Plumbers Conference — the annual kernel developer gathering. [Desaulniers thinks that discussion will include "a larger question of 'should we do this?' or 'how might we place limits on where this can be used?'"]

The interesting part is Linus Torvalds's response on the LKML thread, which leaves everyone hoping for a hearty signature Rust rant akin to his C++ one disappointed. Instead, his main concern is that a soft and optional introduction of the support in the build system would leave possible bugs hidden, and therefore should be automatically enabled if a Rust compiler is present — essentially implying that he seems otherwise on board.

Linus also touched on Rust earlier this month in his keynote interview with Dirk Hohndel, the chief open source officer at VMware, during the special virtual edition of the Linux Foundation's annual Open Source Summit and Embedded Linux Conference North America: Dirk Hohndel: Every new project is done in Go or Rust or another new language I've never heard of. Is there a risk that we are becoming the COBOL programmers of the 2030s?

Linus Torvalds: Well, I don't actually think it's true that nobody writes in C any more. I think C is still one of the top 10 languages easily, if you look at any of the statistics.

That said — I mean, people are actively looking at, especially doing drivers and things that are not very central to the kernel itself, and having interfaces to do those, for example, in Rust. People have been looking at that for years now. I'm convinced it's going to happen one day.

I mean, it might not be Rust, but it is going to happen that we will have different models for writing these kinds of things. And C won't be the only one. I mean right now, it's C or assembly, and most people would rather not touch the assembly parts. [Dirk laughs] But it is something that people are looking at. I'm probably the wrong person. Greg has been more involved, since he's the driver maintainer in general. But things are afoot, and these things take a long, long time. I mean, the kind of infrastructure you need to start integrating other languages into a kernel, and making people trust these other languages — that's a big step.

Security

VPN With 'Strict No-Logs Policy' Exposed Millions of User Log Files (betanews.com) 86

New submitter kimmmos shares a report from BetaNews: An unprotected database belonging to the VPN service UFO VPN was exposed online for more than two weeks. Contained within the database were more than 20 million logs including user passwords stored in plain text. User of both UFO VPN free and paid services are affected by the data breach which was discovered by the security research team at Comparitech. Despite the Hong Kong-based VPN provider claiming to have a "strict no-logs policy" and that any data collected is anonymized, Comparitech says that "based on the contents of the database, users' information does not appear to be anonymous at all." A total of 894GB of data was exposed, and the API access records and user logs included: Account passwords in plain text; VPN session secrets and tokens; IP addresses of both user devices and the VPN servers they connected to; Connection timestamps; Geo-tags; Device and OS characteristics; and URLs that appear to be domains from which advertisements are injected into free users' web browsers. Comparitech notes that this runs counter to UFO VPN's privacy policy.
Data Storage

GitHub Buries Giant Open-Source Archive In An Arctic Vault (zdnet.com) 44

Microsoft-owned GitHub has finally moved its snapshot of all active public repositories on the site to a vault in Norway. ZDNet reports: GiHub announced the archiving plan last November and on February 20 followed through with the 21 terabyte snapshot written to 186 reels of film. GitHub cancelled plans for a team to "personally escort the world's open-source code to the Arctic" due to the coronavirus pandemic, leaving the job to local partners who received the boxed films and deposited them in an old coal mine on July 8. The archive is being stored in Svalbard, Norway, a group of islands that's also home to the global seed bank.

"The code landed in Longyearbyen, a town of a few thousand people on Svalbard, where our boxes were met by a local logistics company and taken into intermediate secure storage overnight," said Julia Metcalf, director of strategic programs at GitHub. "The next morning, it traveled to the decommissioned coal mine set in the mountain, and then to a chamber deep inside hundreds of meters of permafrost, where the code now resides fulfilling their mission of preserving the world's open-source code for over 1,000 years." The repository includes public code repositories and significant dormant repos. The snapshot consists of the HEAD of the default branch of each repository, minus any binaries larger than 100kB in size. Each repository is then packaged as a single TAR file, and for efficiency's sake, most of the data will be stored as QR codes. A human-readable index and guide will itemize the location of each repository and explain how to recover the data.

Slashdot Top Deals