Long-time Slashdot reader mrflash818 ("Linux geek since 1999") shared a ZDNet article pointing out that SpaceX's Falcon 9 rocket has an onboard operating system that's "a stripped-down Linux running on three ordinary dual-core x86 processors. The flight software itself runs separately on each processor and is written in C/C++."

Interestingly, back in 2018 a Slashdot headline asked whether C++ was "a really terrible language," and Elon Musk replied on Twitter with his single-word answer. "Yes."

ZDNet points out that "ordinary" processors are often needed because of the multi-year development time for the spacecraft they power. Their article notes that the International Space Station actually runs on 1988-vintage 20 MHz Intel 80386SX CPUs: Of course, while those ancient chips work for the station's command and control multiplexer/demultiplexer, they're not much good for anything else. For ordinary day-in and day-out work, astronauts use HP ZBook 15s running Debian Linux, Scientific Linux, and Windows 10. The Linux systems act as remote terminals to the control multiplexer/demultiplexer, while the Windows systems are used for email, the web, and fun.

Usually, though, chips that go into space aren't ordinary chips. CPUs that stay in space must be radiation-hardened. Otherwise, they tend to fail due to the effects of ionizing radiation and cosmic rays. These customized processors undergo years of design work and then more years of testing before they are certified for spaceflight. For instance, NASA expects its next-generation, general-purpose processor, an ARM A53 variant you may know from the Raspberry Pi 3, to be ready to run in 2021...

The Dragon spacecraft's touchscreen interface is rendered using Chromium and JavaScript. If something were to go wrong with the interface, the astronauts have physical buttons to control the spacecraft.
Today the SpaceX software team answered questions on Reddit, revealing they use Chromium with a reactive library developed in-house, and that "All of our on-board computers either run Linux (with the PREEMPT_RT patch) or are microcontrollers that run bare-metal code...." Later they emphasized that for the Falcon 9 and Dragon software, "All of the application-level autonomous software is written in C++. We generally use object oriented programming techniques from C++, although we like to keep things as simple as possible.

"We do use open source libraries, primarily the standard C++ library, plus some others. However, we limit our use of open source libraries to only extremely high quality ones, and often will opt to develop our own libraries when it is feasible so that we can control the code quality ourselves."

This year Stack Overflow's Developer Survey of 65,000 programmers found that Rust was their most-loved programming language -- for the fifth year in a row. To understand why, they interviewed the top contributor to the site's Rust topic. ("The short answer is that Rust solves pain points present in many other languages, providing a solid step forward with a limited number of downsides...") But Stack Overflow also reached out to the Rust core team, including Berlin-based developer Erin Power, asking about any barriers to entry, and why they think Rust was the survey's most-loved language. ("I think it's because Rust makes big promises, and delivers on them...")

And finally, they got responses from Stack Overflow users in their Rust chatroom and forums, noting "Rust users are a passionate bunch, and I got some fascinating insights along with some friendly debates..." Many current programming discussions revolve around whether to use a fast, low-level language that lets you handle memory management or a higher-level language with greater safety precautions. For fans of Rust, they like that it does both.... While some languages just add polish and ease to existing concepts, several users feel that Rust is actually doing new things with a programming language. And it's not doing new things just to be showy; they feel these design choices solve hard problems with modern programming...

Stack Overflow user janriemer: "A quote from Chris Dickinson, engineer at npm, sums it up perfectly for me, because I have thought the same, without knowing the quote at that time: 'My biggest compliment to Rust is that it's boring, and this is an amazing compliment.' Rust is a programming language that looks like it has been developed by user experience designers. They have a clear vision (a why) of the language and carefully choose what to add to the language and what to rework, while listening to what the community really wants. There are no loose ends, it's all a coherent whole that perfectly supports a developer's workflow."
Stack Overflow's post also quotes Jay Oster, a software architect at the infrastructure-as-a-service company PubNub, who argues Rust "ticks all the boxes":

• Memory safe

• Type safe

• Data race-free

• Ahead-of-time compiled

• Built on and encourages zero-cost abstractions

• Minimal runtime (no stop-the-world garbage collection, no JIT compiler, no VM)

• Low memory footprint (programs run in resource constrained-environments like small microcontrollers)

• Targets bare-metal (e.g. write an OS kernel or device driver; use Rust as a 'high level assembler')"

He also describes Rust as "akin to wandering around in complete darkness for an entire career, and suddenly being enlightened to two facts:

• You are not perfect. You will make mistakes. Those mistakes will cause you a lot of problems.

• It doesn't have to be this way.

An anonymous reader quotes a report from ZDNet: Mint's programmers, led by lead developer, Clement "Clem" Lefebvre, has dropped support for Ubuntu's Snap software packing system. [...] So, what's not to like? Well, a lot, thinks Clem. As he wrote in July 2019, the idea is fine: "When snap was announced it was supposed to be a solution, not a problem. It was supposed to make it possible to run newer apps on top of older libraries and to let third-party editors publish their software easily towards multiple distributions, just like Flatpak and AppImage." But, he said, "What we didn't want it to be was for Canonical to control the distribution of software between distributions and third-party editors, to prevent direct distribution from editors, to make it so software worked better in Ubuntu than anywhere else and to make its store a requirement."

Clem was worried then that Canonical was moving in that direction because: "Ubuntu is planning to replace the Chromium [Google's open-source browser and foundation for Chrome] repository package with an empty package, which installs the Chromium snap. In other words, as you install APT [Debian's program for installing and managing DEB files] updates, Snap becomes a requirement for you to continue to use Chromium and installs itself behind your back. This breaks one of the major worries many people had when Snap was announced and a promise from its developers that it would never replace APT. A self-installing Snap Store which overwrites part of our APT package base is a complete NO-NO. It's something we have to stop and it could mean the end of Chromium updates and access to the snap store in Linux Mint."

Fast forward to now, and that's still the case with Chromium, and Clem has had enough: "In the Ubuntu 20.04 package base, the Chromium package is indeed empty and acting, without your consent, as a backdoor by connecting your computer to the Ubuntu Store. Applications in this store cannot be patched, or pinned. You can't audit them, hold them, modify them, or even point snap to a different store. You've as much empowerment with this as if you were using proprietary software, i.e. none. This is in effect similar to a commercial proprietary solution, but with two major differences: It runs as root, and it installs itself without asking you."

New submitter IBMResearch shares a report from ZDNet: IBM's new toolkit aims to give developers easier access to fully homomorphic encryption (FHE), a nascent technology with significant promise for a number of security use cases. "Today, files are often encrypted in transit and at rest but decrypted while in use, creating a security vulnerability," reports ZDNet. "This often compels organizations to make trade-offs and go through long vetting processes in order to ensure they can keep their valuable data protected while still gaining some value out of it. FHE aims to resolve that issue."

"While the technology holds great potential, it does require a significant shift in the security paradigm," the report adds. "Typically, inside the business logic of an application, data remains decrypted, [Flavio Bergamaschi, FHE pioneer and IBM Researcher] explained. But with the implementation of FHE, that's no longer the case -- meaning some functions and operations will change."

The toolkit is available today in GitHub for MacOS and iOS, and it will soon be available for Linux and Android.

Apple today informed developers that it has launched a new open source project that's designed to let those who develop password management apps create strong passwords compatible with popular websites. From a report: The new Password Manager Resources open source project allows password management apps to integrate website-specific requirements used by the iCloud Keychain password manager to generate strong, unique passwords. "Many password managers generate strong, unique passwords for people, so that they aren't tempted to create their own passwords by hand, which leads to easily guessed and reused passwords. Every time a password manager generates a password that isn't actually compatible with a website, a person not only has a bad experience, but a reason to be tempted to create their own password. Compiling password rule quirks helps fewer people run into issues like these while also documenting that a service's password policy is too restrictive for people using password managers, which may incentivize the services to change," the company said.

Programming language Rust has entered the top 20 of the Tiobe popularity index for the first time, but it's still five spots behind systems programming rival Go. ZDNet reports: There's growing interest in the use of memory-safe Rust for systems programming to build major platforms, in particular at Microsoft, which is exploring it for Windows and Azure with the goal of wiping out memory bugs in code written in C and C++. Amazon Web Services is also using Rust for performance-sensitive components in Lambda, EC2, and S3. Rust has seen its ranking rise considerably on Tiobe, from 38 last year to 20 today. Tiobe's index is based on searches for a language on major search engines, so it doesn't mean more people are using Rust, but it shows that more developers are searching for information about the language.

Rust was voted for the fifth year straight the most loved programming language by developers in Stack Overflow's 2020 survey. This year, 86% of developers said they are keen to use Rust, but just 5% actually use it for programming. On the other hand, it could become more widely used thanks to Microsoft's public preview of its Rust library for the Windows Runtime (WinRT), which makes it easier for developers to write Windows, cross-platform apps and drivers in Rust.

An anonymous reader quotes a report from Ars Technica: A year ago, Take-Two CEO Strauss Zelnick said he was "pretty optimistic" about Google's Stadia game-streaming service. The concept of "being able to play our games on any device whatsoever around the world, and to do it with low latency, well that's very compelling if that can be delivered," he offered in May of 2019. Now, though, Zelnick has changed his tune a bit. In an interview given during the Bernstein Annual Strategic Decisions Conference late last week, Zelnick acknowledges what has been apparent to industry watchers for a while: "The launch of Stadia has been slow," he said. "I think there was some overpromising on what the technology could deliver and some consumer disappointment as a result."

While major publishers like EA and Activision stayed away from Stadia's "Founders" launch last November, Take-Two provided three of the service's highest-profile games in its early months -- Red Dead Redemption 2, NBA 2K20, and Borderlands 3. And Zelnick said such Stadia support will continue in the future "as long as the business model makes sense." (Take-Two's PGA Tour 2K21, WWE2K Battlegrounds, and the Mafia series are currently planned for future Stadia release.) That said, Zelnick was pretty bearish on how much of an impact the streaming business model will really have on Take-Two's bottom-line sales. "It's not a game changer," Zelnick said. "People who want our games now can get our games now. The fact that you could stream them and not have to have a console interface is really not that big of a deal."

Well-known leaker Universe Ice on Twitter, along with dozens of other users, have discovered that simply setting an image as wallpaper on your phone could cause it to crash and become unable to boot. Android Authority reports: Based on user reports, many models from Samsung and Google are affected, while we've also seen some reports from users of OnePlus, Nokia, and Xiaomi devices (it's not clear if these latter devices ran stock software or custom ROMs). From our own testing and looking at user reports, Huawei devices seem to be less exposed to the wallpaper crash issue. There are a few solutions, depending on how hard the phone is hit. Some users were able to change the wallpaper in the short interval between crashes. Others had success deleting the wallpaper using the recovery tool TWRP. But in most cases, the only solution was to reset the phone to factory settings, losing any data that's not backed up.

The issue affects up-to-date phones running Android 10, but as it turns out, it's not actually new. Users have been reporting similar problems for a couple of years, and just last month Android Police reported on what appears to be a closely related issue specifically impacting Pixel phones running the Google Wallpapers app. [...] An issue with a very similar description has been reported in Google's Android issue tracker back in 2018. At the time, Google developers said they were unable to reproduce the issue and closed it out (Hat tip: inverimus on Reddit).

"The Linux kernel has officially deprecated its coding style that the length of lines of code comply with 80 columns as the 'strong preferred limit'," reports Phoronix: The Linux kernel like many long-standing open-source projects has a coding style guideline that lines of code be 80 columns or less, but now that while still recommended is no longer going to be enforced. This stems from Linus Torvalds commenting on Friday that excessive linebreaks are bad and he is against ugly wrapped code that is strictly sticking to 80 characters per line. This is part of the broader trend that most are no longer using 80x25 terminals...

This deprecation involves updating the documentation on the kernel's coding style to be more sensible and updating the checkpatch.pl script that checks patches to no longer have a max line length of 80. Instead, the check patch script is using a maximum line length of 100.
Torvalds noted Friday that spreading code over multiple lines created problems for single-line utilities like grep, while longer lines "are fundamentally useful..." [H]onestly, I don't want to see patches that make the kernel reading experience worse for me and likely for the vast majority of people, based on the argument that some odd people have small terminal windows... If you or Christoph have 80 character lines, you'll get possibly ugly wrapped output. Tough. That's _your_ choice. Your hardware limitations shouldn't be a pain for the rest of us...

So no. I do not care about somebody with a 80x25 terminal window getting line wrapping. For exactly the same reason I find it completely irrelevant if somebody says that their kernel compile takes 10 hours because they are doing kernel development on a Raspberry PI with 4GB of RAM. People with restrictive hardware shouldn't make it more inconvenient for people who have better resources...

If you choose to use a 80-column terminal, you can live with the line wrapping. It's just that simple.
"Yes, staying withing 80 columns is certainly still _preferred_," notes the official commit message for this change. "But it's not the hard limit that the checkpatch warnings imply, and other concerns can most certainly dominate. Increase the default limit to 100 characters. Not because 100 characters is some hard limit either, but that's certainly a 'what are you doing' kind of value and less likely to be about the occasional slightly longer lines.'"

GitHub issued a security alert Thursday warning about new malware spreading on its site via boobytrapped Java projects, ZDNet reports: The malware, which GitHub's security team has named Octopus Scanner, has been found in projects managed using the Apache NetBeans IDE (integrated development environment), a tool used to write and compile Java applications. GitHub said it found 26 repositories uploaded on its site that contained the Octopus Scanner malware, following a tip it received from a security researcher on March 9.
But the article adds GitHub "believes that many more projects have been infected during the past two years." GitHub says that when other users would download any of the 26 projects, the malware would behave like a self-spreading virus and infect their local computers. It would scan the victim's workstation for a local NetBeans IDE installation, and proceed to burrow into the developer's other Java projects. The malware, which can run on Windows, macOS, and Linux, would then download a remote access trojan (RAT) as the final step of its infection, allowing the Octopus Scanner operator to rummage through an infected victim's computer, looking for sensitive information.

GitHub says the Octopus Scanner campaign has been going on for years, with the oldest sample of the malware being uploaded on the VirusTotal web scanner in August 2018, time during which the malware operated unimpeded.

An anonymous reader quotes a report from VentureBeat: Google today launched Android Studio 4.0, the latest version of its integrated development environment (IDE). Android Studio 4.0 is supposed to help developers "code smarter, build faster, and design apps." Version 4.0 includes a new Motion Editor, a Build Analyzer, and Java 8 language APIs. Google also overhauled the CPU Profiler user interface and improved the Layout Inspector. [In the article] you'll find Android Studio 4.0 features broken down by category: design, develop, and build. The new version also includes the usual performance improvements and bug fixes on top of the new features (full release notes). Google didn't share its plans for the next version. Normally we'd get hints at the company's I/O developer conference, but 2020 is a weird year.

Stack Overflow has released the results of its 2020 survey of nearly 65,000 developers, revealing their favorite and most dreaded programming languages, tools and frameworks. From a news writeup: The survey shows that TypeScript, Microsoft's superset of the widely-used JavaScript programming language, has overtaken Python as the second most beloved programming language behind Rust. This year 86% of respondents say they are keen to use Rust, while 67.1% want to use TypeScript, and 66.7% want to use Python. Stack Overflow attributes TypeScript's rising popularity to Microsoft's embrace of open source software as well as the existence of larger and more complex JavaScript and Node.js codebases.

Rust has been the most loved programming language for five years running, despite few developers having experience with it. This year, just 5.1% developers report having used Rust, compared with the 68% who use JavaScript, which is the most commonly used language. [...] Meanwhile, the top 10 most dreaded programming languages are VBA, Objective-C, Perl, Assembly, C, PHP, Ruby, C++, Java and R.

The report also looks at average salaries of each developer role. In the US, engineering managers attract the highest salary at $152,000 per year, followed by site reliability engineers who earn $140,000 per year. Salaries across the globe for these roles are lower, at $92,000 for an engineering manager and $80,000 for a site reliability engineer. Other high-paying roles with an average salary of at least $115,000 in the US include data scientist and machine learning specialist, DevOps specialist, engineer, back-end developer, embedded application developers, mobile developers, scientist, desktop application developer, and educator.

An anonymous reader quotes a report from TechCrunch: When Docker sold off its enterprise division to Mirantis last fall, that didn't mark the end of the company. In fact, Docker still exists and has refocused as a cloud-native developer tools vendor. Today it announced an expanded partnership with Microsoft around simplifying running Docker containers in Azure. As its new mission suggests, it involves tighter integration between Docker and a couple of Azure developer tools including Visual Studio Code and Azure Container Instances (ACI). According to Docker, it can take developers hours or even days to set up their containerized environment across the two sets of tools. The idea of the integration is to make it easier, faster and more efficient to include Docker containers when developing applications with the Microsoft tool set. Docker CEO Scott Johnston says it's a matter of giving developers a better experience.

Among the features they are announcing is the ability to log into Azure directly from the Docker command line interface, a big simplification that reduces going back and forth between the two sets of tools. What's more, developers can set up a Microsoft ACI environment complete with a set of configuration defaults. Developers will also be able to switch easily between their local desktop instance and the cloud to run applications. It's worth noting that these integrations are starting in Beta, but the company promises they should be released some time in the second half of this year.

"Altran has released a new tool that uses artificial intelligence to help software engineers spot bugs during the coding process instead of at the end," reports TechRepublic. "Available on GitHub, Code Defect AI uses machine learning to analyze existing code, spot potential problems in new code, and suggest tests to diagnose and fix the errors." Walid Negm, group chief innovation officer at Altran, said that this new tool will help developers release quality code quickly. "The software release cycle needs algorithms that can help make strategic judgments, especially as code gets more complex," he said in a press release....

"Microsoft and Altran have been working together to improve the software development cycle, and Code Defect AI, powered by Microsoft Azure, is an innovative tool that can help software developers through the use of machine learning," said David Carmona, general manager of AI marketing at Microsoft, in a press release...

In a new report about artificial intelligence and software development, Deloitte predicts that more and more companies will use AI-assisted coding tools. From January 2018 to September 2019, software vendors launched dozens of AI-powered software development tools, and startups working in this space raised $704 million over a similar timeframe.... "The benefits of AI-assisted coding are numerous," according to Deloitte analysts David Schatsky and Sourabh Bumb, the authors of AI is Helping to Make Better Software. " However, the principal benefit for companies is efficiency. Many of the new AI-powered tools work in a similar way to spell- and grammar-checkers, enabling coders to reduce the number of keystrokes they need to type by around 50%. They can also spot bugs while code is being written, while they can also automate as many as half of the tests needed to confirm the quality of software." This capability is even more important as companies continue to rely on open-source code.
The Register got more details about Altran's Code Defect AI: The company told us that the AI does not look much at the source code itself, but rather at the commit metadata, "the number of files in the check-in, code complexity, density of the check-in, bug history of the file, history of the developer, experience of the developer in the particular module/file etc." Training of the model is done only on the project being examined...

An anonymous reader quotes IEEE Spectrum: If you're a newly hired software engineer, setting up your development environment can be tedious. If you're lucky, your company will have a documented, step-by-step process to follow. But this still doesn't guarantee you'll be up and running in no time. When you're tasked with updating your environment, you'll go through the same time-consuming process. With different platforms, tools, versions, and dependencies to grapple with, you'll likely encounter bumps along the way.

Austin-based startup Coder aims to ease this process by bringing development environments to the cloud. "We grew up in a time where [Microsoft] Word documents changed to Google Docs. We were curious why this wasn't happening for software engineers," says John A. Entwistle, who founded Coder along with Ammar Bandukwala and Kyle Carberry in 2017. "We thought that if you could move the development environment to the cloud, there would be all sorts of cool workflow benefits."

With Coder, software engineers access a preconfigured development environment on a browser using any device, instead of launching an integrated development environment installed on their computers... To ensure security, all source code and related development activities are hosted on a company's infrastructure — Coder doesn't host any data. Organizations can deploy Coder on their private servers or on cloud computing platforms such as Amazon Web Services or Google Cloud Platform. This option could be advantageous for banks, defense organizations, and other companies handling sensitive data.
One of Coder's customers is the U.S. Air Force, the article points out -- and thats not the only government agency that's interested in their success.

When Coder closed $30 million in Series B funding last month (bringing total funding to $43 million), one of their backers was a venture capital firm with ties to America's Central Intelligence Agency.

An anonymous reader quotes CNBC: The rise of artificial intelligence will make even software engineers less sought after. That's because artificial intelligence will soon write its own software, according to Jack Dorsey, the tech billionaire boss of Twitter and Square. And that's going to put some beginning-level software engineers in a tough spot.

"We talk a lot about the self-driving trucks in and whatnot" when discussing how automation will replace jobs held by humans, Dorsey told former Democratic presidential hopeful Andrew Yang on an episode of the "Yang Speaks" podcast published Thursday. But A.I. "is even coming for programming" jobs, Dorsey said.

"A lot of the goals of machine learning and deep learning is to write the software itself over time so a lot of entry-level programming jobs will just not be as relevant anymore," Dorsey told Yang.
Dorsey also told Yang that he belives a Universal Basic Income could give workers "peace of mind" that they'll be able to "eat and feed their children while they are learning how to transition into this new world."

"Around 70% of our serious security bugs are memory safety problems," the Chromium project announced this week. "Our next major project is to prevent such bugs at source."

ZDNet reports: The percentage was compiled after Google engineers analyzed 912 security bugs fixed in the Chrome stable branch since 2015, bugs that had a "high" or "critical" severity rating. The number is identical to stats shared by Microsoft. Speaking at a security conference in February 2019, Microsoft engineers said that for the past 12 years, around 70% of all security updates for Microsoft products addressed memory safety vulnerabilities. Both companies are basically dealing with the same problem, namely that C and C++, the two predominant programming languages in their codebases, are "unsafe" languages....

Google says that since March 2019, 125 of the 130 Chrome vulnerabilities with a "critical" severity rating were memory corruption-related issues, showing that despite advances in fixing other bug classes, memory management is still a problem... Half of the 70% are use-after-free vulnerabilities, a type of security issue that arises from incorrect management of memory pointers (addresses), leaving doors open for attackers to attack Chrome's inner components...

While software companies have tried before to fix C and C++'s memory management problems, Mozilla has been the one who made a breakthrough by sponsoring, promoting and heavily adopting the Rust programming language in Firefox... Microsoft is also heavily investing in exploring C and C++ alternatives⦠But this week, Google also announced similar plans as well... Going forward, Google says it plans to look into developing custom C++ libraries to use with Chrome's codebase, libraries that have better protections against memory-related bugs. The browser maker is also exploring the MiraclePtr project, which aims to turn "exploitable use-after-free bugs into non-security crashes with acceptable performance, memory, binary size and minimal stability impact."

And last, but not least, Google also said it plans to explore using "safe" languages, where possible. Candidates include Rust, Swift, JavaScript, Kotlin, and Java.

The State of Software Security (SOSS): Open Source Edition "analyzed the component open source libraries across the Veracode platform database of 85,000 applications which includes 351,000 unique external libraries," reports TechRepublic. "Chris Eng, chief research officer at Veracode, said open source software has a surprising variety of flaws." "An application's attack surface is not limited to its own code and the code of explicitly included libraries, because those libraries have their own dependencies," he said. The study found that 70% of applications have a security flaw in an open source library on an initial scan.
Other findings from the report:

• The most commonly included libraries are present in over 75% of applications for each language.

• 47% of those flawed libraries in applications are transitive.

• More than 61% of flawed libraries in JavaScript contain vulnerabilities without corresponding common vulnerabilities and exposures (CVEs).

• Fixing most library-introduced flaws can be done with a minor version upgrade.

• Using any given PHP library has a greater than 50% chance of bringing a security flaw along with it.

May 23rd marks the 25th anniversary of the day Sun Microsystems introduced Java to the world, notes InfoWorld.

Looking at both the present and the future, they write that currently Java remains popular "with enterprises even as a slew of rival languages, such as Python and Go, now compete for the hearts and minds of software developers." Java continues to rank among the top three programming languages in the most prominent language popularity indexes — Tiobe, RedMonk, and PyPL. Java had enjoyed a five-year stint as the top language in the Tiobe index until this month, when it was overtaken by the C language, thanks perhaps to the combination of C's wide use in medical equipment and the urgency of the COVID-19 pandemic.

Nevertheless, Java represents a huge ecosystem and source of jobs. There were an estimated nine million Java developers worldwide in 2017, according to Oracle. A recent search of jobs site Dice.com found nearly 12,000 Java-related jobs in the USA, compared to roughly 9,000 jobs in JavaScript and 7,600 in Python. Plus, Java has spawned an enormous ecosystem of tools ranging from the Spring Framework to application servers from companies such as IBM, Red Hat, and Oracle to the JavaFX rich media platform.

The developers behind Java — including Oracle and the broader OpenJDK community — have kept the platform moving forward. Released two months ago, Java 14, or Java Development Kit (JDK) 14, added capabilities including switch expressions, to simplify coding, and JDK Flight Recorder (JFR) Event Streaming, for continuous consumption of JFR data. Up next for Java is JDK 15, set to arrive as a production release in September 2020, with capabilities still being lined up for it. So far, the features expected include a preview of sealed classes, which provide more-granular control over code, and records, which provide classes that act as transparent carriers for immutable data. Also under consideration for Java is a plan dubbed Project Leyden, which would address "longterm pain points" in Java including resource footprint, startup time, and performance issues by introducing static images to the platform.

Microsoft has explained why it's pursuing 'safe systems programming' through efforts like its experimental Rust-inspired Project Verona language and its exploration of the Rust programming language for Windows code written in C++. From a report: The short answer is that Microsoft is trying to eliminate memory-related bugs in software written in languages like C++, according to Microsoft Rust expert Ryan Levick. These bugs cost a lot to fix and make up a large share of Patch Tuesday hassles. Levick has now offered more insights into Microsoft's efforts behind safe systems programming. Systems programming includes coding for platforms like Windows, Xbox, and Azure, as opposed to programming applications that run on them.

Key systems programming languages include C++, Google-backed Go, and Mozilla-created Rust, but Rust and Go are 'memory-safe' languages while C++ is not. Other languages are memory safe, such as Swift and Kotlin, but they aren't for systems programming. The thing for Microsoft is that it writes a lot of its platform software in C++ and sometimes still in C. While it works hard to address memory issues, the company says it has "reached a wall". "We can't really do much more than we already have. It's becoming harder and harder and more and more costly to address these issues over time," says Levick, who joined Microsoft via its acquisition of Wanderlist, which has become Microsoft To Do. He gave a rundown of Microsoft's safe systems programming efforts in a session at Build 2020 this week.