An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 80 for Windows, Mac, Linux, Android, and iOS. The release includes autoupgrading mixed content to HTTPS, SameSite cookie changes, quieter permission UI for notifications, and more developer features. This release thus beefs up security for the world's most popular browser and begins cracking down on cross-site cookies. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. With over 1 billion users, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome's regular additions and changes, developers often have to stay on top of everything available -- as well as what has been deprecated or removed. Among other things, Chrome 80 has started deprecating FTP support by disabling it by default for non-enterprise clients.

From a report: I'll just pay a little more attention to the Android bit: a total of $80 billion paid out to Android developers, which is significantly less than the $155 billion Apple has paid out via the iOS App Store. Even if you account for Google allowing developers to use their own payment methods and made a bunch of other caveats, I suspect you can't avoid the truth. The vast majority of phones on Earth run Android, and yet it is almost surely the case that there's more money for developers in iPhone apps. That's always been the conventional wisdom, but Google's own numbers all but confirm it.

Eric Raymond has been working on a tool called reposurgeon for editing version-control repository histories -- those "risky operations that version-control systems don't want to let you do." But this led to some interesting thoughts about documentation: "Why doesn't reposurgeon have easy introductory documentation" would normally have a simple answer: because the author, like all too many programmers, hates writing documentation, has never gotten very good at it, and will evade frantically when under pressure to try. But in my case none of that description is even slightly true. Like Donald Knuth, I consider writing good documentation an integral and enjoyable part of the art of software engineering. If you don't learn to do it well you are short-changing not just your users but yourself...

If you go looking for gdb intro documentation, you'll find it's also pretty terrible. Examples of a few basic commands is all they can do; you never get an entire worked example of using gdb to identify and fix a failure point. And why is this....? High-quality introductory software documentation depends on worked examples that are understandable and reproducible. If your software's problem domain features serious technical barriers to mounting and stuffing a gallery of reproducible examples, you have a problem that even great willingness and excellent writing skills can't fix.

Of course my punchline is that reposurgeon has this problem, and arguably an even worse example of it than gdb's. How would you make a worked example of a repository conversion that is both nontrivial and reproducible? What would that even look like...? Having identified the deep problem, I'd love to be able to say something revelatory and upbeat about how to solve it.... Unfortunately, at this point I am out of answers. Perhaps the regulars on my blog will come up with some interesting angle.

Slashdot reader jbmartin6 summarizes a new article from Carnegie Mellon's Software Engineering Institute: An academic study challenges the notion that "some programmers are much, much better than others (the times-10, or x10, programmer), and that the skills, abilities, and talents of these programmers exert an outsized influence on that organization's success or failure."

Instead, the author shows productivity variation is often a result of poor-performing outliers and some wide variation in individual's productivity from day to day. Once these factors are eliminated, the gap between top performers and normal performers isn't that great, and there is a very small supply of consistent top performers anyway. This result has a lot of implications for how software teams and projects are managed.
The article concludes that "while some programmers are better or faster than others, the scale and usefulness of this difference has been greatly exaggerated....

"Rather than try to label programmers with simplistic terms such as 'best' and 'worst,' the most motivating and humane way to improve average performance is to find ways to improve everyone's performance."

Slashdot reader SpaceForceCommander shared Dice's new annual report on America's tech industry salaries based on a survey of over 12,800 "technologists": Columbus and St. Louis enjoyed double-digit year-over-year growth in salaries (14.2 percent and 13.6 percent, respectively), and other cities such as Denver [7 percent] and Atlanta [10 percent] also experienced an ideal mix of growth and high salaries. These up-and-comers benefitted from the presence of key employers such as Amazon and IBM; in addition, a lower cost of living and plentiful amenities have made them increasingly attractive to technologists, even those coming from well-established tech hubs such as Silicon Valley.

Silicon Valley remains a world of high salaries — but the cost of living in the Bay Area remains extraordinarily high, which chews into that higher-than-average paycheck. And that's before we factor in issues such as grinding commutes. In Seattle, New York City (also known as "Silicon Alley"), and other well-established tech hubs, costs are similarly high, which only makes up-and-coming tech hubs more potentially attractive to technologists.
Silicon Valley is still #1 on Dice's ranking of average annual salaries (at $123,826), followed by Seattle, San Diego, Boston, Baltimore, Portland, Denver, and then New York. (And while St. Louis ranks #9, Columbus is #17.)

But the average annual tech-industry salary rose just 1.3 percent last year, according to the survey, with Dice arguing that what made salaries vary was supply and demand. They then ranked the highest-paying skills, starting with Apache Kafka (with average reported salaries of $134,557), followed by HANA (High performance ANalytic Appliance), Cloudera, and MapReduce: Newer skills don't necessarily draw higher salaries; with many older skills, the number of proficient technologists is relatively low, which means employers are willing to pay more in order to secure their services. (That's a key reason why the handful of technologists who still know their way around an ancient mainframe can score six-figure salaries from companies that haven't given up decades-old hardware....) In the case of programming languages such as Swift, which enjoyed significant year-over-year growth and high salaries, a large number of technologists might have mastered it — but the market is huge and white-hot, ensuring that compensation will only rise.

The Go team is planning for a February release of Go 1.14, and "Per the process outlined in the Go 2, here we come! blog post, it is again the time in our development and release cycle to consider if and what language or library changes we might want to include for our next release, Go 1.15, scheduled for August of this year."
The primary goals for Go remain package and version management, better error handling support, and generics. Module support is in good shape and getting better with each day, and we are also making progress on the generics front (more on that later this year).

Our attempt seven months ago at providing a better error handling mechanism, the try proposal, met good support but also strong opposition and we decided to abandon it. In its aftermath there were many follow-up proposals, but none of them seemed convincing enough, clearly superior to the try proposal, or less likely to cause similar controversy. Thus, we have not further pursued changes to error handling for now. Perhaps some future insight will help us to improve upon the status quo.

Given that modules and generics are actively being worked on, and with error handling changes out of the way for the time being, what other changes should we pursue, if any? There are some perennial favorites such as requests for enums and immutable types, but none of those ideas are sufficiently developed yet, nor are they urgent enough to warrant a lot of attention by the Go team, especially when also considering the cost of making a language change.

After reviewing all potentially viable proposals, and more importantly, because we don't want to incrementally add new features without a long-term plan, we concluded that it is better to hold off with major changes this time. Instead we concentrate on a couple of new vet checks and a minor adjustment to the language...

We believe that none of these three proposals are controversial but there's always a chance that we missed something important. For that reason we plan to have the proposals implemented at the beginning of the Go 1.15 release cycle (at or shortly after the Go 1.14 release) so that there is plenty of time to gather experience and provide feedback. Per the proposal evaluation process, the final decision will be made at the end of the development cycle, at the beginning of May, 2020.

Over the course of a year, Apple took down 805 apps in mainland China by its own account. From a report: In Apple's latest transparency report accounting for the first half of 2019, the iPhone maker said it removed 288 apps from China's iOS App Store for both legal and policy violations. The Apple Transparency Report goes out twice a year and details requests received from government agencies and private parties worldwide. The report lists government requests to access information on accounts and devices, but the last two reports also include the number of apps Apple removed that period. When it comes to why those apps are removed, though, Apple is tight-lipped. The reports cite two reasons for app removals: Platform violations, which covers gambling apps (gambling is illegal in China), and legal violations, which according to Apple usually means apps with pornography (also illegal in China) and other illegal content.

[...] The total number of apps missing from the App Store because of government censorship is hard to know. GreatFire has used its tool applecensorship.com to identify 2,678 apps that aren't available inside the mainland China App Store. But this number doesn't paint the full picture. Records of missing apps are only generated when people search for them on the website. And there's no information on whether apps were taken down because of a government request, a decision from Apple or the app makers' choice. Many of the apps recorded were never listed on the mainland China App Store. But the list does provide some insight, like the fact that the 149 unavailable news apps is more than in any other country. "We know that app store removals are happening more often in China," said GreatFire's Karen Reilly. "We know that many of these apps are news sources. We know that many of these apps are VPNs and other software that everyday people use to protect their privacy."

Google will shut down its low-code development platform, App Maker, early next year. From a report: Google today announced it is killing off yet another service: App Maker, G Suite's low-code environment for building custom business apps. Google App Maker will be "turned down" gradually this year and officially shut down on January 19, 2021. Google cited "low usage" as an explanation for the move. If your business was using App Maker or considering moving to App Maker, you'll need to find another tool. Indeed, Google is making today's announcement not even two weeks after acquiring no-code app development platform AppSheet. Google first launched App Maker as part of an Early Adopter Program in November 2016. At the time, we described it as a service that "lets users drag and drop widgets around on a user interface that complies with Google's Material design principles" to create apps that can be "customized further with scripts, as well as HTML, CSS, JavaScript, and JQuery content." Once apps are live, usage can be monitored through Google Analytics. App Maker hit general availability for all G Suite Business, Enterprise, and Education customers in June 2018. A year and a half later, and it's already headed to the grave.

mbadolato (Slashdot reader #105,588) shares this post from Belgium-based programmer Brent Roose: It's no secret among web developers and programmers in general: PHP doesn't have the best reputation. Despite still being one of the most used languages to build web applications; over the years PHP has managed to get itself a reputation of messy codebases, inexperienced developers, insecure code, an inconsistent core library, and what not. While many of the arguments against PHP still stand today, there's also a bright side: you can write clean and maintainable, fast and reliable applications in PHP.

In this post, I want to look at this bright side of PHP development. I want to show you that, despite its many shortcomings, PHP is a worthwhile language to learn. I want you to know that the PHP 5 era is coming to an end. That, if you want to, you can write modern and clean PHP code, and leave behind much of the mess it was 10 years ago.
The article notes PHP's opt-in type system and performance-enhancing rewrites (including the ability to store compiled chunks of PHP code in memory). And it argues that PHP "is still evolving today," with a package repository averaging over 25 million downloads a day. There's also PHP web application frameworks (as well as asynchronous frameworks), so "PHP isn't just WordPress anymore."

And in keeping with the core team's yearly release cycle, PHP 8 is expected at the end of 2020, which will include a JIT compiler, "allowing PHP to enter new areas besides web development..."

From a report: JetBrains has added further destinations to the IntelliJ-based roadmap it sketched out last year, promising more localization, machine learning and Git integration amongst a range of other goodies for the Java IDE...

The Prague-based firm's CTO Dimitry Jemerov said users had long asked to be able to use its IDEs for "general purpose text editing". While this is possible to some degree currently, in some situations it created a temporary project file, leading to disk clutter and "other inconveniences". However, recent performance improvements mean "the possibility of using our IDEs as lightweight text editors has become more plausible, so we're now building a dedicated mode for editing non-project files. In this mode, the IDE will work more like a simple text editor." This will be faster, he promised, but the feature set will be very limited and "you'll be able to easily switch to the full project mode if you need to use features such as refactoring or debugging...

Other upcoming features include more machine learning. Jemerov said this was already being used to improve code completion, but would now be rolled out for other completion features. "We're teaching ML completion to make better use of the context for ranking completion suggestions and to generate completion variants that go beyond a single identifier (full-line completion)". That might take a while, he said, but was a "major area where we are investing our efforts."

The maintainer of the popular Rust web framework Actix has quit the project -- though he's backed off threats to make its code private and delete its repository, instead appointing a new maintainer. "Be a maintainer of large open source project is not a fun task," he'd complained last week on GitHub. "You alway face with rude and hate, everyone knows better how to build software, nobody wants to do home work and read docs and think a bit and very few provide any help...

"You felt betrayed after you put so much effort and then to hear all this shit comments, even if you understand that that is usual internet behavior.... Nowadays supporting actix project is not fun, and be[ing] part of rust community is not fun as well."

The Register reports: Actix Web was developed by Nikolay Kim, who is also a senior software engineer at Microsoft, though the Actix project is not an official Microsoft project. Actix Web is based on Actix, a framework for Rust based on the Actor model, also developed by Kim. The web framework is important to the Rust community partly because it addresses a common use case (development web applications) and partly because of its outstanding performance. For some tests, Actix tops the Techempower benchmarks.

The project is open source and while it is popular, there has been some unhappiness among users about its use of "unsafe" code... Safe code is protected from common bugs (and more importantly, security vulnerabilities) arising from issues like variables which point to uninitialized memory, or variables which are used after the memory allocated to them has been freed, or attempting to write data to a variable which exceeds the memory allocated. Code in Rust is safe by default, but the language also supports unsafe code, which can be useful for interoperability or to improve performance.

There is extensive use of unsafe code in Actix, leading to debate about what should be fixed. Kim was not always receptive to proposed changes... Kim said that he did not ignore or delete issues arbitrarily, but only because he felt he had a better or more creative solution than the one proposed -- while also acknowledging that the "removing issue was a stupid idea." He also threatened to "make [Actix] repos private and then delete them...." Since then, matters have improved. The Github repository was restored and Kim said, "I realized, a lot of people depend on actix. And it would be unfair to just delete repos... I hope new community of developers emerge. And good luck!"
The developer news site DevClass wrote that "The apparent 'ragequit' has prompted questions about the dynamics within the open source community." Over 120 GitHub users have now signed a sympathetic letter to Nikolay from "users, contributors, and followers of your work in the Rust community," saying "We are extremely disappointed at the level of abuse directed towards you."

"Working on open source projects should be rewarding, and your work has empowered thousands of developers across the world to build web services with Rust. It's incredibly tragic for someone who has contributed so much to the community, to be made to feel so unwelcome that they feel that they have no other choice than to leave. This is not the kind of community we want."

An anonymous reader quotes a report from The Hollywood Reporter: Ahead of the Game Developer's Conference (GDC) -- which is dedicated to the art and science of making video games and set to take place March 16-20 at the Moscone Center in San Francisco -- the results of the organization's eighth annual State of Industry report were released Friday. Surveying nearly 4,000 video game developers with the intent of highlighting industry trends and forecasts for the future of gaming, this year's report indicates an increasing interest in the games industry to unionize. This was also a major topic of conversation in 2019, amid reports of gaming professionals working extended overtime hours and tolerating poor working conditions. Among the survey participants, 54 percent said that game industry workers should unionize (a 7 percent increase from last year), 21 percent answered "maybe" and 9 percent said they weren't sure. When the same group was asked whether they thought game industry workers would unionize, only 23 percent said "yes," while 43 percent said "maybe."

Atlassian today announced an update to Jira Software, its popular project and issue-tracking tool, that brings a number of major updates to the roadmapping feature it first introduced back in 2018. From a report: Back in 2018, Atlassian also launched its rebuilt version of Jira Software, which took some of its cues from Trello, and today's release builds upon this. "When we launched that new Jira experience back in October 2018, I think we had a really good idea of what we were trying to do with it and where we were taking it," said Jake Brereton, the head of marketing for Jira Software. "And I think if you fast-forward 14 months to where we are today, we just had some really strong validation in a number of areas that are over the target and that that investment we made was worth it."

With this release then, Jira Software's roadmapping tool is getting progress bars that show you the overall status of every roadmap item and that give you a lot more information about the overall state of the project at a glance. Also new here are hierarchy levels that let you unfold the roadmap item to get more in-depth information about the stories and tasks that are part of an item. You can also now map dependencies by simply dragging and dropping items, something that was missing from the first release but that was surely high on the list for many users. Atlassian is also introducing new filters and a number of UI enhancements.

Huawei has postponed its upcoming HDC.Cloud developer conference as Chinese authorities try to control the spread of the deadly coronavirus detected in the southeastern city of Wuhan. From a report: The controversial company's event was going to take place in Shenzhen -- which lies more than 700 miles south of Wuhan -- Feb. 11-12, but it's been rescheduled to March 27-28. "Based on the prevention and control of the pneumonia epidemic situation of the new coronavirus infection, we attach great importance to the health and safety of all the participants," Huawei said in its announcement. It also asked staff to avoid traveling to Wuhan and limit contact with animals, Reuters reported, and said it set up an outbreak prevention and control team in the city.

Kashmir Hill reporting for The New York Times: A mysterious company that has licensed its powerful facial recognition technology to hundreds of law enforcement agencies is facing attacks from Capitol Hill and from at least one Silicon Valley giant. Twitter sent a letter this week to the small start-up company, Clearview AI, demanding that it stop taking photos and any other data from the social media website "for any reason" and delete any data that it previously collected, a Twitter spokeswoman said. The cease-and-desist letter, sent on Tuesday, accused Clearview of violating Twitter's policies.

The New York Times reported last week that Clearview had amassed a database of more than three billion photos from social media sites -- including Facebook, YouTube, Twitter and Venmo -- and elsewhere on the internet. The vast database powers an app that can match people to their online photos and link back to the sites the images came from. The app is used by more than 600 law enforcement agencies, ranging from local police departments to the F.B.I. and the Department of Homeland Security. Law enforcement officials told The Times that the app had helped them identify suspects in many criminal cases. It's unclear what social media sites can do to force Clearview to remove images from its database. "In the past, companies have sued websites that scrape information, accusing them of violating the Computer Fraud and Abuse Act, an anti-hacking law," notes the NYT. "But in September, a federal appeals court in California ruled against LinkedIn in such a case, establishing a precedent that the scraping of public data most likely doesn't violate the law."

An anonymous reader quotes a report from ZDNet: Microsoft disclosed today a security breach that took place last month in December 2019. In a blog post today, the OS maker said that an internal customer support database that was storing anonymized user analytics was accidentally exposed online without proper protections between December 5 and December 31. The database was spotted and reported to Microsoft by Bob Diachenko, a security researcher with Security Discovery.

The leaky customer support database consisted of a cluster of five Elasticsearch servers, a technology used to simplify search operations, Diachenko told ZDNet today. All five servers stored the same data, appearing to be mirrors of each other. Diachenko said Microsoft secured the exposed database on the same day he reported the issue to the OS maker, despite being New Year's Eve. The servers contained roughly 250 million entries, with information such as email addresses, IP addresses, and support case details. Microsoft said that most of the records didn't contain any personal user information. "Microsoft blamed the accidental server exposure on misconfigured Azure security rules it deployed on December 5, which it now fixed," adds ZDNet.

They went on to list several changes to prevent this sort of thing from happening again, such as "auditing the established network security rules for internal resources" and "adding additional alerting to service teams when security rule misconfigurations are detected."

One of China's top science research institutes has suspended an academic after finding that his "fully independently developed" programming language was based on a widely-used precursor, Python [Editor's note: the link may be paywalled; alternative source]. From a report: Liu Lei, a researcher at the Institute of Computing Technology (ICT) at the Chinese Academy of Sciences, announced last week that his research group had "independently" developed a new programming language, named Mulan after the legendary heroine, and touted as having "applications for artificial intelligence and the internet of things." Days later, Mr Liu wrote an apology to domestic media for "exaggerating" his achievements. Mr Liu admitted that Mulan was based on Python, a programming language whose components are freely available under an "open-source" licence, and that it was primarily designed for teaching programming to children, not for AI applications.

"[A]t the very time that it's become increasingly difficult for anyone to conduct their day to day lives without using the Net, some categories of people are increasingly being treated badly by many software designers," argues long-time Slashdot reader Lauren Weinstein:
The victims of these attitudes include various special needs groups — visually and/or motor impaired are just two examples — but the elderly are a particular target. Working routinely with extremely elderly persons who are very active Internet users (including in their upper 90s!), I'm particularly sensitive to the difficulties that they face keeping their Net lifelines going. Often they're working on very old computers, without the resources (financial or human) to permit them to upgrade. They may still be running very old, admittedly risky OS versions and old browsers — Windows 7 is going to be used by many for years to come, despite hitting its official "end of life" for updates a few days ago.

Yet these elderly users are increasingly dependent on the Net to pay bills (more and more firms are making alternatives increasingly difficult and in some cases expensive), to stay in touch with friends and loved ones, and for many of the other routine purposes for which all of us now routinely depend on these technologies....

There's an aspect of this that is even worse. It's attitudes! It's the attitudes of many software designers that suggest they apparently really don't care about this class of users much — or at all. They design interfaces that are difficult for these users to navigate. Or in extreme cases, they simply drop support for many of these users entirely, by eliminating functionality that permits their old systems and old browsers to function.
He cites the example of Discourse, the open source internet forum software, which recently announced they'd stop supporting Internet Explorer. Weinstein himself hates Microsoft's browser, "Yet what of the users who don't understand how to upgrade? Who don't have anyone to help them upgrade? Are we to tell them that they matter not at all?"

So he confronted Stack Exchange co-founder Jeff Atwood (who is also one of the co-founders of Discourse) on Twitter — and eventually found himself blocked.

"Far more important though than this particular case is the attitude being expressed by so many in the software community, an attitude that suggests that many highly capable software engineers don't really appreciate these users and the kinds of problems that many of these users may have, that can prevent them from making even relatively simple changes or upgrades to their systems — which they need to keep using as much as anyone — in the real world."

Long-time Slashdot reader destinyland writes:
JetBrains (which makes IDEs and other tools for developers and project managers) just open sourced a new "typeface for developers."

JetBrains Mono offers taller lowercase letters while keeping all letters "simple and free from unnecessary details... The easier the forms, the faster the eye perceives them and the less effort the brain needs to process them." There's a dot inside zeroes (but not in O's), and distinguishing marks have also been added to the lowercase L (to distinguish it from both 1's and a capital I). Even the shape of the comma has been made more angular so it's easier to distinguish from a period.

"The shape of ovals approaches that of rectangular symbols. This makes the whole pattern of the text more clear-cut," explains the font's web site. "The outer sides of ovals ensure there are no additional obstacles for your eyes as they scan the text vertically."

And one optional feature even lets you merge multi-character ligatures like -> and ++ into their corresponding symbol. (138 code-specific ligatures are included with the font.)

Ars Technica recently ran a rebuttal by author, podcaster, coder, and "mercenary sysadmin" Jim Salter to some comments Linus Torvalds made last week about ZFS.

While it's reasonable for Torvalds to oppose integrating the CDDL-licensed ZFS into the kernel, Salter argues, he believes Torvalds' characterization of the filesystem was "inaccurate and damaging."
Torvalds dips into his own impressions of ZFS itself, both as a project and a filesystem. This is where things go badly off the rails, as Torvalds states, "Don't use ZFS. It's that simple. It was always more of a buzzword than anything else, I feel... [the] benchmarks I've seen do not make ZFS look all that great. And as far as I can tell, it has no real maintenance behind it any more..."

This jaw-dropping statement makes me wonder whether Torvalds has ever actually used or seriously investigated ZFS. Keep in mind, he's not merely making this statement about ZFS now, he's making it about ZFS for the last 15 years -- and is relegating everything from atomic snapshots to rapid replication to on-disk compression to per-block checksumming to automatic data repair and more to the status of "just buzzwords."

[The 2,300-word article goes on to describe ZFS features like per-block checksumming, automatic data repair, rapid replication and atomic snapshots -- as well as "performance wins" including its Adaptive Replacement caching algorithm and its inline compression (which allows datasets to be live-compressed with algorithms.]

The TL;DR here is that it's not really accurate to make blanket statements about ZFS performance, absent a very particular, well-understood workload to measure that performance on. But more importantly, quibbling about the fastest possible benchmark rather loses the main point of ZFS. This filesystem is meant to provide an eminently scalable filesystem that's extremely resistant to data loss; those are points Torvalds notably never so much as touches on....

Meanwhile, OpenZFS is actively consumed, developed, and in some cases commercially supported by organizations ranging from the Lawrence Livermore National Laboratory (where OpenZFS is the underpinning of some of the world's largest supercomputers) through Datto, Delphix, Joyent, ixSystems, Proxmox, Canonical, and more...

It's possible to not have a personal need for ZFS. But to write it off as "more of a buzzword than anything else" seems to expose massive ignorance on the subject... Torvalds' status within the Linux community grants his words an impact that can be entirely out of proportion to Torvalds' own knowledge of a given topic -- and this was clearly one of those topics.