Slashdot reader SpaceForceCommander shared Dice's new annual report on America's tech industry salaries based on a survey of over 12,800 "technologists": Columbus and St. Louis enjoyed double-digit year-over-year growth in salaries (14.2 percent and 13.6 percent, respectively), and other cities such as Denver [7 percent] and Atlanta [10 percent] also experienced an ideal mix of growth and high salaries. These up-and-comers benefitted from the presence of key employers such as Amazon and IBM; in addition, a lower cost of living and plentiful amenities have made them increasingly attractive to technologists, even those coming from well-established tech hubs such as Silicon Valley.

Silicon Valley remains a world of high salaries — but the cost of living in the Bay Area remains extraordinarily high, which chews into that higher-than-average paycheck. And that's before we factor in issues such as grinding commutes. In Seattle, New York City (also known as "Silicon Alley"), and other well-established tech hubs, costs are similarly high, which only makes up-and-coming tech hubs more potentially attractive to technologists.
Silicon Valley is still #1 on Dice's ranking of average annual salaries (at $123,826), followed by Seattle, San Diego, Boston, Baltimore, Portland, Denver, and then New York. (And while St. Louis ranks #9, Columbus is #17.)

But the average annual tech-industry salary rose just 1.3 percent last year, according to the survey, with Dice arguing that what made salaries vary was supply and demand. They then ranked the highest-paying skills, starting with Apache Kafka (with average reported salaries of $134,557), followed by HANA (High performance ANalytic Appliance), Cloudera, and MapReduce: Newer skills don't necessarily draw higher salaries; with many older skills, the number of proficient technologists is relatively low, which means employers are willing to pay more in order to secure their services. (That's a key reason why the handful of technologists who still know their way around an ancient mainframe can score six-figure salaries from companies that haven't given up decades-old hardware....) In the case of programming languages such as Swift, which enjoyed significant year-over-year growth and high salaries, a large number of technologists might have mastered it — but the market is huge and white-hot, ensuring that compensation will only rise.

The Go team is planning for a February release of Go 1.14, and "Per the process outlined in the Go 2, here we come! blog post, it is again the time in our development and release cycle to consider if and what language or library changes we might want to include for our next release, Go 1.15, scheduled for August of this year."
The primary goals for Go remain package and version management, better error handling support, and generics. Module support is in good shape and getting better with each day, and we are also making progress on the generics front (more on that later this year).

Our attempt seven months ago at providing a better error handling mechanism, the try proposal, met good support but also strong opposition and we decided to abandon it. In its aftermath there were many follow-up proposals, but none of them seemed convincing enough, clearly superior to the try proposal, or less likely to cause similar controversy. Thus, we have not further pursued changes to error handling for now. Perhaps some future insight will help us to improve upon the status quo.

Given that modules and generics are actively being worked on, and with error handling changes out of the way for the time being, what other changes should we pursue, if any? There are some perennial favorites such as requests for enums and immutable types, but none of those ideas are sufficiently developed yet, nor are they urgent enough to warrant a lot of attention by the Go team, especially when also considering the cost of making a language change.

After reviewing all potentially viable proposals, and more importantly, because we don't want to incrementally add new features without a long-term plan, we concluded that it is better to hold off with major changes this time. Instead we concentrate on a couple of new vet checks and a minor adjustment to the language...

We believe that none of these three proposals are controversial but there's always a chance that we missed something important. For that reason we plan to have the proposals implemented at the beginning of the Go 1.15 release cycle (at or shortly after the Go 1.14 release) so that there is plenty of time to gather experience and provide feedback. Per the proposal evaluation process, the final decision will be made at the end of the development cycle, at the beginning of May, 2020.

Over the course of a year, Apple took down 805 apps in mainland China by its own account. From a report: In Apple's latest transparency report accounting for the first half of 2019, the iPhone maker said it removed 288 apps from China's iOS App Store for both legal and policy violations. The Apple Transparency Report goes out twice a year and details requests received from government agencies and private parties worldwide. The report lists government requests to access information on accounts and devices, but the last two reports also include the number of apps Apple removed that period. When it comes to why those apps are removed, though, Apple is tight-lipped. The reports cite two reasons for app removals: Platform violations, which covers gambling apps (gambling is illegal in China), and legal violations, which according to Apple usually means apps with pornography (also illegal in China) and other illegal content.

[...] The total number of apps missing from the App Store because of government censorship is hard to know. GreatFire has used its tool applecensorship.com to identify 2,678 apps that aren't available inside the mainland China App Store. But this number doesn't paint the full picture. Records of missing apps are only generated when people search for them on the website. And there's no information on whether apps were taken down because of a government request, a decision from Apple or the app makers' choice. Many of the apps recorded were never listed on the mainland China App Store. But the list does provide some insight, like the fact that the 149 unavailable news apps is more than in any other country. "We know that app store removals are happening more often in China," said GreatFire's Karen Reilly. "We know that many of these apps are news sources. We know that many of these apps are VPNs and other software that everyday people use to protect their privacy."

Google will shut down its low-code development platform, App Maker, early next year. From a report: Google today announced it is killing off yet another service: App Maker, G Suite's low-code environment for building custom business apps. Google App Maker will be "turned down" gradually this year and officially shut down on January 19, 2021. Google cited "low usage" as an explanation for the move. If your business was using App Maker or considering moving to App Maker, you'll need to find another tool. Indeed, Google is making today's announcement not even two weeks after acquiring no-code app development platform AppSheet. Google first launched App Maker as part of an Early Adopter Program in November 2016. At the time, we described it as a service that "lets users drag and drop widgets around on a user interface that complies with Google's Material design principles" to create apps that can be "customized further with scripts, as well as HTML, CSS, JavaScript, and JQuery content." Once apps are live, usage can be monitored through Google Analytics. App Maker hit general availability for all G Suite Business, Enterprise, and Education customers in June 2018. A year and a half later, and it's already headed to the grave.

mbadolato (Slashdot reader #105,588) shares this post from Belgium-based programmer Brent Roose: It's no secret among web developers and programmers in general: PHP doesn't have the best reputation. Despite still being one of the most used languages to build web applications; over the years PHP has managed to get itself a reputation of messy codebases, inexperienced developers, insecure code, an inconsistent core library, and what not. While many of the arguments against PHP still stand today, there's also a bright side: you can write clean and maintainable, fast and reliable applications in PHP.

In this post, I want to look at this bright side of PHP development. I want to show you that, despite its many shortcomings, PHP is a worthwhile language to learn. I want you to know that the PHP 5 era is coming to an end. That, if you want to, you can write modern and clean PHP code, and leave behind much of the mess it was 10 years ago.
The article notes PHP's opt-in type system and performance-enhancing rewrites (including the ability to store compiled chunks of PHP code in memory). And it argues that PHP "is still evolving today," with a package repository averaging over 25 million downloads a day. There's also PHP web application frameworks (as well as asynchronous frameworks), so "PHP isn't just WordPress anymore."

And in keeping with the core team's yearly release cycle, PHP 8 is expected at the end of 2020, which will include a JIT compiler, "allowing PHP to enter new areas besides web development..."

From a report: JetBrains has added further destinations to the IntelliJ-based roadmap it sketched out last year, promising more localization, machine learning and Git integration amongst a range of other goodies for the Java IDE...

The Prague-based firm's CTO Dimitry Jemerov said users had long asked to be able to use its IDEs for "general purpose text editing". While this is possible to some degree currently, in some situations it created a temporary project file, leading to disk clutter and "other inconveniences". However, recent performance improvements mean "the possibility of using our IDEs as lightweight text editors has become more plausible, so we're now building a dedicated mode for editing non-project files. In this mode, the IDE will work more like a simple text editor." This will be faster, he promised, but the feature set will be very limited and "you'll be able to easily switch to the full project mode if you need to use features such as refactoring or debugging...

Other upcoming features include more machine learning. Jemerov said this was already being used to improve code completion, but would now be rolled out for other completion features. "We're teaching ML completion to make better use of the context for ranking completion suggestions and to generate completion variants that go beyond a single identifier (full-line completion)". That might take a while, he said, but was a "major area where we are investing our efforts."

The maintainer of the popular Rust web framework Actix has quit the project -- though he's backed off threats to make its code private and delete its repository, instead appointing a new maintainer. "Be a maintainer of large open source project is not a fun task," he'd complained last week on GitHub. "You alway face with rude and hate, everyone knows better how to build software, nobody wants to do home work and read docs and think a bit and very few provide any help...

"You felt betrayed after you put so much effort and then to hear all this shit comments, even if you understand that that is usual internet behavior.... Nowadays supporting actix project is not fun, and be[ing] part of rust community is not fun as well."

The Register reports: Actix Web was developed by Nikolay Kim, who is also a senior software engineer at Microsoft, though the Actix project is not an official Microsoft project. Actix Web is based on Actix, a framework for Rust based on the Actor model, also developed by Kim. The web framework is important to the Rust community partly because it addresses a common use case (development web applications) and partly because of its outstanding performance. For some tests, Actix tops the Techempower benchmarks.

The project is open source and while it is popular, there has been some unhappiness among users about its use of "unsafe" code... Safe code is protected from common bugs (and more importantly, security vulnerabilities) arising from issues like variables which point to uninitialized memory, or variables which are used after the memory allocated to them has been freed, or attempting to write data to a variable which exceeds the memory allocated. Code in Rust is safe by default, but the language also supports unsafe code, which can be useful for interoperability or to improve performance.

There is extensive use of unsafe code in Actix, leading to debate about what should be fixed. Kim was not always receptive to proposed changes... Kim said that he did not ignore or delete issues arbitrarily, but only because he felt he had a better or more creative solution than the one proposed -- while also acknowledging that the "removing issue was a stupid idea." He also threatened to "make [Actix] repos private and then delete them...." Since then, matters have improved. The Github repository was restored and Kim said, "I realized, a lot of people depend on actix. And it would be unfair to just delete repos... I hope new community of developers emerge. And good luck!"
The developer news site DevClass wrote that "The apparent 'ragequit' has prompted questions about the dynamics within the open source community." Over 120 GitHub users have now signed a sympathetic letter to Nikolay from "users, contributors, and followers of your work in the Rust community," saying "We are extremely disappointed at the level of abuse directed towards you."

"Working on open source projects should be rewarding, and your work has empowered thousands of developers across the world to build web services with Rust. It's incredibly tragic for someone who has contributed so much to the community, to be made to feel so unwelcome that they feel that they have no other choice than to leave. This is not the kind of community we want."

An anonymous reader quotes a report from The Hollywood Reporter: Ahead of the Game Developer's Conference (GDC) -- which is dedicated to the art and science of making video games and set to take place March 16-20 at the Moscone Center in San Francisco -- the results of the organization's eighth annual State of Industry report were released Friday. Surveying nearly 4,000 video game developers with the intent of highlighting industry trends and forecasts for the future of gaming, this year's report indicates an increasing interest in the games industry to unionize. This was also a major topic of conversation in 2019, amid reports of gaming professionals working extended overtime hours and tolerating poor working conditions. Among the survey participants, 54 percent said that game industry workers should unionize (a 7 percent increase from last year), 21 percent answered "maybe" and 9 percent said they weren't sure. When the same group was asked whether they thought game industry workers would unionize, only 23 percent said "yes," while 43 percent said "maybe."

Atlassian today announced an update to Jira Software, its popular project and issue-tracking tool, that brings a number of major updates to the roadmapping feature it first introduced back in 2018. From a report: Back in 2018, Atlassian also launched its rebuilt version of Jira Software, which took some of its cues from Trello, and today's release builds upon this. "When we launched that new Jira experience back in October 2018, I think we had a really good idea of what we were trying to do with it and where we were taking it," said Jake Brereton, the head of marketing for Jira Software. "And I think if you fast-forward 14 months to where we are today, we just had some really strong validation in a number of areas that are over the target and that that investment we made was worth it."

With this release then, Jira Software's roadmapping tool is getting progress bars that show you the overall status of every roadmap item and that give you a lot more information about the overall state of the project at a glance. Also new here are hierarchy levels that let you unfold the roadmap item to get more in-depth information about the stories and tasks that are part of an item. You can also now map dependencies by simply dragging and dropping items, something that was missing from the first release but that was surely high on the list for many users. Atlassian is also introducing new filters and a number of UI enhancements.

Huawei has postponed its upcoming HDC.Cloud developer conference as Chinese authorities try to control the spread of the deadly coronavirus detected in the southeastern city of Wuhan. From a report: The controversial company's event was going to take place in Shenzhen -- which lies more than 700 miles south of Wuhan -- Feb. 11-12, but it's been rescheduled to March 27-28. "Based on the prevention and control of the pneumonia epidemic situation of the new coronavirus infection, we attach great importance to the health and safety of all the participants," Huawei said in its announcement. It also asked staff to avoid traveling to Wuhan and limit contact with animals, Reuters reported, and said it set up an outbreak prevention and control team in the city.

Kashmir Hill reporting for The New York Times: A mysterious company that has licensed its powerful facial recognition technology to hundreds of law enforcement agencies is facing attacks from Capitol Hill and from at least one Silicon Valley giant. Twitter sent a letter this week to the small start-up company, Clearview AI, demanding that it stop taking photos and any other data from the social media website "for any reason" and delete any data that it previously collected, a Twitter spokeswoman said. The cease-and-desist letter, sent on Tuesday, accused Clearview of violating Twitter's policies.

The New York Times reported last week that Clearview had amassed a database of more than three billion photos from social media sites -- including Facebook, YouTube, Twitter and Venmo -- and elsewhere on the internet. The vast database powers an app that can match people to their online photos and link back to the sites the images came from. The app is used by more than 600 law enforcement agencies, ranging from local police departments to the F.B.I. and the Department of Homeland Security. Law enforcement officials told The Times that the app had helped them identify suspects in many criminal cases. It's unclear what social media sites can do to force Clearview to remove images from its database. "In the past, companies have sued websites that scrape information, accusing them of violating the Computer Fraud and Abuse Act, an anti-hacking law," notes the NYT. "But in September, a federal appeals court in California ruled against LinkedIn in such a case, establishing a precedent that the scraping of public data most likely doesn't violate the law."

An anonymous reader quotes a report from ZDNet: Microsoft disclosed today a security breach that took place last month in December 2019. In a blog post today, the OS maker said that an internal customer support database that was storing anonymized user analytics was accidentally exposed online without proper protections between December 5 and December 31. The database was spotted and reported to Microsoft by Bob Diachenko, a security researcher with Security Discovery.

The leaky customer support database consisted of a cluster of five Elasticsearch servers, a technology used to simplify search operations, Diachenko told ZDNet today. All five servers stored the same data, appearing to be mirrors of each other. Diachenko said Microsoft secured the exposed database on the same day he reported the issue to the OS maker, despite being New Year's Eve. The servers contained roughly 250 million entries, with information such as email addresses, IP addresses, and support case details. Microsoft said that most of the records didn't contain any personal user information. "Microsoft blamed the accidental server exposure on misconfigured Azure security rules it deployed on December 5, which it now fixed," adds ZDNet.

They went on to list several changes to prevent this sort of thing from happening again, such as "auditing the established network security rules for internal resources" and "adding additional alerting to service teams when security rule misconfigurations are detected."

One of China's top science research institutes has suspended an academic after finding that his "fully independently developed" programming language was based on a widely-used precursor, Python [Editor's note: the link may be paywalled; alternative source]. From a report: Liu Lei, a researcher at the Institute of Computing Technology (ICT) at the Chinese Academy of Sciences, announced last week that his research group had "independently" developed a new programming language, named Mulan after the legendary heroine, and touted as having "applications for artificial intelligence and the internet of things." Days later, Mr Liu wrote an apology to domestic media for "exaggerating" his achievements. Mr Liu admitted that Mulan was based on Python, a programming language whose components are freely available under an "open-source" licence, and that it was primarily designed for teaching programming to children, not for AI applications.

"[A]t the very time that it's become increasingly difficult for anyone to conduct their day to day lives without using the Net, some categories of people are increasingly being treated badly by many software designers," argues long-time Slashdot reader Lauren Weinstein:
The victims of these attitudes include various special needs groups — visually and/or motor impaired are just two examples — but the elderly are a particular target. Working routinely with extremely elderly persons who are very active Internet users (including in their upper 90s!), I'm particularly sensitive to the difficulties that they face keeping their Net lifelines going. Often they're working on very old computers, without the resources (financial or human) to permit them to upgrade. They may still be running very old, admittedly risky OS versions and old browsers — Windows 7 is going to be used by many for years to come, despite hitting its official "end of life" for updates a few days ago.

Yet these elderly users are increasingly dependent on the Net to pay bills (more and more firms are making alternatives increasingly difficult and in some cases expensive), to stay in touch with friends and loved ones, and for many of the other routine purposes for which all of us now routinely depend on these technologies....

There's an aspect of this that is even worse. It's attitudes! It's the attitudes of many software designers that suggest they apparently really don't care about this class of users much — or at all. They design interfaces that are difficult for these users to navigate. Or in extreme cases, they simply drop support for many of these users entirely, by eliminating functionality that permits their old systems and old browsers to function.
He cites the example of Discourse, the open source internet forum software, which recently announced they'd stop supporting Internet Explorer. Weinstein himself hates Microsoft's browser, "Yet what of the users who don't understand how to upgrade? Who don't have anyone to help them upgrade? Are we to tell them that they matter not at all?"

So he confronted Stack Exchange co-founder Jeff Atwood (who is also one of the co-founders of Discourse) on Twitter — and eventually found himself blocked.

"Far more important though than this particular case is the attitude being expressed by so many in the software community, an attitude that suggests that many highly capable software engineers don't really appreciate these users and the kinds of problems that many of these users may have, that can prevent them from making even relatively simple changes or upgrades to their systems — which they need to keep using as much as anyone — in the real world."

Long-time Slashdot reader destinyland writes:
JetBrains (which makes IDEs and other tools for developers and project managers) just open sourced a new "typeface for developers."

JetBrains Mono offers taller lowercase letters while keeping all letters "simple and free from unnecessary details... The easier the forms, the faster the eye perceives them and the less effort the brain needs to process them." There's a dot inside zeroes (but not in O's), and distinguishing marks have also been added to the lowercase L (to distinguish it from both 1's and a capital I). Even the shape of the comma has been made more angular so it's easier to distinguish from a period.

"The shape of ovals approaches that of rectangular symbols. This makes the whole pattern of the text more clear-cut," explains the font's web site. "The outer sides of ovals ensure there are no additional obstacles for your eyes as they scan the text vertically."

And one optional feature even lets you merge multi-character ligatures like -> and ++ into their corresponding symbol. (138 code-specific ligatures are included with the font.)

Ars Technica recently ran a rebuttal by author, podcaster, coder, and "mercenary sysadmin" Jim Salter to some comments Linus Torvalds made last week about ZFS.

While it's reasonable for Torvalds to oppose integrating the CDDL-licensed ZFS into the kernel, Salter argues, he believes Torvalds' characterization of the filesystem was "inaccurate and damaging."
Torvalds dips into his own impressions of ZFS itself, both as a project and a filesystem. This is where things go badly off the rails, as Torvalds states, "Don't use ZFS. It's that simple. It was always more of a buzzword than anything else, I feel... [the] benchmarks I've seen do not make ZFS look all that great. And as far as I can tell, it has no real maintenance behind it any more..."

This jaw-dropping statement makes me wonder whether Torvalds has ever actually used or seriously investigated ZFS. Keep in mind, he's not merely making this statement about ZFS now, he's making it about ZFS for the last 15 years -- and is relegating everything from atomic snapshots to rapid replication to on-disk compression to per-block checksumming to automatic data repair and more to the status of "just buzzwords."

[The 2,300-word article goes on to describe ZFS features like per-block checksumming, automatic data repair, rapid replication and atomic snapshots -- as well as "performance wins" including its Adaptive Replacement caching algorithm and its inline compression (which allows datasets to be live-compressed with algorithms.]

The TL;DR here is that it's not really accurate to make blanket statements about ZFS performance, absent a very particular, well-understood workload to measure that performance on. But more importantly, quibbling about the fastest possible benchmark rather loses the main point of ZFS. This filesystem is meant to provide an eminently scalable filesystem that's extremely resistant to data loss; those are points Torvalds notably never so much as touches on....

Meanwhile, OpenZFS is actively consumed, developed, and in some cases commercially supported by organizations ranging from the Lawrence Livermore National Laboratory (where OpenZFS is the underpinning of some of the world's largest supercomputers) through Datto, Delphix, Joyent, ixSystems, Proxmox, Canonical, and more...

It's possible to not have a personal need for ZFS. But to write it off as "more of a buzzword than anything else" seems to expose massive ignorance on the subject... Torvalds' status within the Linux community grants his words an impact that can be entirely out of proportion to Torvalds' own knowledge of a given topic -- and this was clearly one of those topics.

Monday Red Hat and IBM jointly filed their own amicus brief with the U.S. Supreme Court in the "Google vs. Oracle" case, arguing that APIs cannot be copyrighted.

"That simple, yet powerful principle has been a cornerstone of technological and economic growth for over sixty years. When published (as has been common industry practice for over three decades) or lawfully reverse engineered, they have spurred innovation through competition, increased productivity and economic efficiency, and connected the world in a way that has benefited commercial enterprises and consumers alike."

An anonymous reader quotes Red Hat's announcement of the brief: "The Federal Circuit's unduly narrow construction of 17 U.S.C. 102(b) is harmful to progress, competition, and innovation in the field of software development," Red Hat stated in the brief. "IBM and Red Hat urge the Court to reverse the decision below on the basis that 17 U.S.C. 102(b) excludes software interfaces from copyright protection...."

The lower court incorrectly extended copyright protection to software interfaces. If left uncorrected, the lower court rulings could harm software compatibility and interoperability and have a chilling effect on the innovation represented by the open source community... Red Hat's significant involvement with Java development over the last 20 years has included extensive contributions to OpenJDK, an open source implementation of the Java platform, and the development of Red Hat Middleware, a suite of Java-based middleware solutions to build, integrate, automate and deploy enterprise applications. As an open source leader, Red Hat has a stake in the consistent and correct determination of the scope of copyright protection that applies to interfaces of computer programs, including the Java platform interface at stake in this case.

Open source software development relies on the availability of and unencumbered access to software interfaces, including products that are compatible with or interoperate with other computer products, platforms, and services...

An anonymous reader quotes Slate:
Separating out the meaningful threats from the noise is hard. Is Facebook really the danger to democracy it looks like? Is Uber really worse than the system it replaced? Isn't Amazon's same-day delivery worth it? Which harms are real and which are hypothetical? Has the techlash gotten it right? And which of these companies is really the worst? Which ones might be, well, evil?

We don't mean evil in the mustache-twirling, burn-the-world-from-a-secret-lair sense -- well, we mostly don't mean that -- but rather in the way Googlers once swore to avoid mission drift, respect their users, and spurn short-term profiteering, even though the company now regularly faces scandals in which it has violated its users' or workers' trust. We mean ills that outweigh conveniences. We mean temptations and poison pills and unanticipated outcomes.
Slate sent ballots to "a wide range of journalists, scholars, advocates, and others who have been thinking critically about technology for years," and reported that while America's big tech companies topped the list, "our respondents are deeply concerned about foreign companies dabbling in surveillance and A.I., as well as the domestic gunners that power the data-broker business."

But while there were some disagreements, Palantir still rose to #4 on the list because "almost everyone distrusts Peter Thiel."

Interestingly, their list ranks SpaceX at #17 (for potentially disrupting astronomy by clogging the sky with satellites) and ranks Tesla at #14 for "its troubled record of worker safety and its dubious claims that it will soon offer 'full self-driving' to customers who have already paid $7,000 for the promised add-on... Our respondents say the very real social good that Tesla has done by creating safe, zero-emission vehicles does not justify misdeeds, like apparent 'stealth recalls' of defects that appear to violate safety laws or the 19 unresolved Clean Air Act violations at its paint shop."

Slate's article includes its comprehensive list of the 30 most dangerous tech companies. But here's the top 10:

1. Amazon
2. Facebook
3. Alphabet
4. Palantir Technologies
5. Uber
6. Apple
7. Microsoft
8. Twitter
9. ByteDance
10. Exxon Mobil

There's also lots of familiar names higher up on the list, including both 8chan (#20) and Cloudflare (#21). 23andMe came in at #18, while Huawei was #11. Netflix does not appear anywhere on the list, but Disney ranks #15.

And Oracle was #19. "It takes a lot to make me feel like Google is being victimized by a bully," wrote Cory Doctorow, "but Oracle managed it."

Slashdot reader JoshuaZ writes:
In a major breakthrough in quantum computing it was shown that MIP* equals RE. MIP* is the set of problems that can be efficiently demonstrated to a classical computer interacting with multiple quantum computers with any amount of shared entanglement between the quantum computers. RE is the set of problems which are recursive; this is essentially all problems which can be computed.

This result comes through years of deep development of understanding interactive protocols, where one entity, a verifier, has much less computing power than another set of entities, provers, who wish to convince the verifier of the truth of a claim. In 1990, a major result was that a classical computer with a polynomial amount of time could be convince of any claim in PSPACE by interacting with an arbitrarily powerful classical computer. Here PSPACE is the set of problems solvable by a classical computer with a polynomial amount of space. Subsequent results showed that if one allowed a verifier able to interact with multiple provers, the verifier could be convinced of a solution of any problem in NEXPTIME, a class conjectured to be much larger than PSPACE. For a while, it was believed that in the quantum case, the set of problems might actually be smaller, since multiple quantum computers might be able to use their shared entangled qubits to "cheat" the verifier. However, this has turned out not just to not be the case, but the exact opposite: MIP* is not only large, it is about as large as a computable class can naturally be.

This result while a very big deal from a theoretical standpoint is unlikely to have any immediate applications since it supposes quantum computers with arbitrarily large amounts of computational power and infinite amounts of entanglement.

The paper in question is a 165 tour de force which includes incidentally showing that the The Connes embedding conjecture, a 50 year old major conjecture from the theory of operator algebras, is false.

An anonymous reader quotes a report from Ars Technica: Serious vulnerabilities have recently come to light in three WordPress plugins that have been installed on a combined 400,000 websites, researchers said. InfiniteWP, WP Time Capsule, and WP Database Reset are all affected. The highest-impact flaw is an authentication bypass vulnerability in the InfiniteWP Client, a plugin installed on more than 300,000 websites. It allows administrators to manage multiple websites from a single server. The flaw lets anyone log in to an administrative account with no credentials at all. From there, attackers can delete contents, add new accounts, and carry out a wide range of other malicious tasks.

The critical flaw in WP Time Capsule also leads to an authentication bypass that allows unauthenticated attackers to log in as an administrator. WP Time Capsule, which runs on about 20,000 sites, is designed to make backing up website data easier. By including a string in a POST request, attackers can obtain a list of all administrative accounts and automatically log in to the first one. The bug has been fixed in version 1.21.16. Sites running earlier versions should update right away. Web security firm WebARX has more details.

The last vulnerable plugin is WP Database Reset, which is installed on about 80,000 sites. One flaw allows any unauthenticated person to reset any table in the database to its original WordPress state. The bug is caused by reset functions that aren't secured by the standard capability checks or security nonces. Exploits can result in the complete loss of data or a site reset to the default WordPress settings. A second security flaw in WP Database Reset causes a privilege-escalation vulnerability that allows any authenticated user -- even those with minimal system rights -- to gain administrative rights and lock out all other users. All site administrators using this plugin should update to version 3.15, which patches both vulnerabilities. Wordfence has more details about both flaws here.