In a new article in Forbes, a Business Technology professor at the Villanova School of Business argues that the way we build software applications is changing: If you're living in the 21st century you turn to your cloud provider for help where many of the most powerful technologies are now offered as-a-service. When your requirements cannot be completely fulfilled from cloud offerings, you build something. But what does "building" mean? What does "programming" mean...? You can program from scratch. You can go to Github (where you can find code of all flavors). Or you can — if you're a little lazier — turn to low-code or no-code programming platforms to develop your applications.

All of this falls under the umbrella of what, the Gartner Group defines as the "democratization of expertise":

"Democratization is focused on providing people with access to technical expertise (for example, ML, application development) or business domain expertise (for example, sales process, economic analysis) via a radically simplified experience and without requiring extensive and costly training...."

[T]he new repositories, platforms and tools are enabling a whole new set of what we used to call "programming." As Satya Nadella said, "Every business will become a software business, build applications, use advanced analytics and provide SAAS services," and as Sajjad Daya says so well in Hackernoon, "Coding takes too long for it to be both profitable and competitively priced. That's not the case with no-code platforms, though. The platforms do the complicated programming automatically, slashing development time..."

The technology democracy has forever changed corporate strategy. And what does this mean? It means that the technical team scales on cue. But "technical" means competencies around Github, low-code/no-code platforms and especially business domains... [A]ll of this levels the technology playing field among companies — so long as they understand the skills and competencies they need.

We live in a world where billions of login credentials have been stolen, enabling the brute-force cyberattacks known as "credential stuffing", reports CSO Online. And it's being made easier by APIs: New data from security and content delivery company Akamai shows that one in every five attempts to gain unauthorized access to user accounts is now done through application programming interfaces (APIs) instead of user-facing login pages. According to a report released today, between December 2017 and November 2019, Akamai observed 85.4 billion credential abuse attacks against companies worldwide that use its services. Of those attacks, around 16.5 billion, or nearly 20%, targeted hostnames that were clearly identified as API endpoints.

However, in the financial industry, the percentage of attacks that targeted APIs rose sharply between May and September 2019, at times reaching 75%.

"API usage and widespread adoption have enabled criminals to automate their attacks," the company said in its report. "This is why the volume of credential stuffing incidents has continued to grow year over year, and why such attacks remain a steady and constant risk across all market segments."
APIs also make it easier to extract information automatically, the article notes, while security experts "have long expressed concerns that implementation errors in banking APIs and the lack of a common development standard could increase the risk of data breaches."

Yet the EU's "Payment Services Directive" included a push for third-party interoperability among financial institutions, so "most banks started implementing such APIs... Even if no similar regulatory requirements exist in non-EU countries, market forces are pushing financial institutions in the same direction since they need to innovate and keep up with the competition."

A powerful antibiotic that kills some of the most dangerous drug-resistant bacteria in the world has been discovered using artificial intelligence. The Guardian reports: To find new antibiotics, the researchers first trained a "deep learning" algorithm to identify the sorts of molecules that kill bacteria. To do this, they fed the program information on the atomic and molecular features of nearly 2,500 drugs and natural compounds, and how well or not the substance blocked the growth of the bug E coli. Once the algorithm had learned what molecular features made for good antibiotics, the scientists set it working on a library of more than 6,000 compounds under investigation for treating various human diseases. Rather than looking for any potential antimicrobials, the algorithm focused on compounds that looked effective but unlike existing antibiotics. This boosted the chances that the drugs would work in radical new ways that bugs had yet to develop resistance to.

Jonathan Stokes, the first author of the study, said it took a matter of hours for the algorithm to assess the compounds and come up with some promising antibiotics. One, which the researchers named "halicin" after Hal, the astronaut-bothering AI in the film 2001: A Space Odyssey, looked particularly potent. Writing in the journal Cell, the researchers describe how they treated numerous drug-resistant infections with halicin, a compound that was originally developed to treat diabetes, but which fell by the wayside before it reached the clinic. Tests on bacteria collected from patients showed that halicin killed Mycobacterium tuberculosis, the bug that causes TB, and strains of Enterobacteriaceae that are resistant to carbapenems, a group of antibiotics that are considered the last resort for such infections. Halicin also cleared C difficile and multidrug-resistant Acinetobacter baumannii infections in mice. Three days after being set loose on a database of about 1.5 billion compounds, the algorithm returned a shortlist of 23 potential antibiotics, of which two appear to be particularly potent.

"[The senior researcher] now wants to use the algorithm to find antibiotics that are more selective in the bacteria they kill," adds The Guardian. "This would mean that taking the antibiotic kills only the bugs causing an infection, and not all the healthy bacteria that live in the gut. More ambitiously, the scientists aim to use the algorithm to design potent new antibiotics from scratch."

A group of engineers and developers with backgrounds from the National Security Agency, Google, and Amazon Web Services are working on Gretel, an early-stage startup that aims to help developers safely share and collaborate with sensitive data in real time. TechCrunch reports: It's not as niche of a problem as you might think, said Alex Watson, one of the co-founders. Developers can face this problem at any company, he said. Often, developers don't need full access to a bank of user data -- they just need a portion or a sample to work with. In many cases, developers could suffice with data that looks like real user data. "It starts with making data safe to share," Watson said. "There's all these really cool use cases that people have been able to do with data." He said companies like GitHub, a widely used source code sharing platform, helped to make source code accessible and collaboration easy. "But there's no GitHub equivalent for data," he said.

And that's how Watson and his co-founders, John Myers, Ali Golshan and Laszlo Bock came up with Gretel. "We're building right now software that enables developers to automatically check out an anonymized version of the data set," said Watson. This so-called "synthetic data" is essentially artificial data that looks and works just like regular sensitive user data. Gretel uses machine learning to categorize the data -- like names, addresses and other customer identifiers -- and classify as many labels to the data as possible. Once that data is labeled, it can be applied access policies. Then, the platform applies differential privacy -- a technique used to anonymize vast amounts of data -- so that it's no longer tied to customer information. "It's an entirely fake data set that was generated by machine learning," said Watson. The startup has already raised $3.5 million in seed funding. "Gretel said it will charge customers based on consumption -- a similar structure to how Amazon prices access to its cloud computing services," adds TechCrunch.

kimanaw shares a report: The Trump administration urged the U.S. Supreme Court to reject an appeal by Alphabet's Google, boosting Oracle's bid to collect more than $8 billion in royalties for Google's use of copyrighted programming code in the Android operating system. The administration weighed in on the high-stakes case on the same day that President Donald Trump attended a re-election campaign fundraiser in California hosted by Oracle's co-founder, billionaire Larry Ellison. Ellison hosted a golf outing and photos with Trump. The event cost a minimum of $100,000 per couple to attend, with a higher ticket price of $250,000 for those who wanted to participate in a policy roundtable with the president, the Palm Springs Desert Sun reported. Google is challenging an appeals court ruling that it violated Oracle copyrights when it included some Oracle-owned Java programming code in Android. The dispute has split Silicon Valley, pitting developers of software code against companies that use the code to create programs. Google's "verbatim copying" of Oracle's code into a competing product wasn't necessary to foster innovation, the U.S. Solicitor General Noel Francisco said Wednesday in a filing with the court.

An anonymous reader writes: Google today launched the first Android 11 developer preview, available for download now at developer.android.com. The preview includes a preview SDK for developers with system images for the Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, and the official Android Emulator. While it's the fifth year running that Google has released the first developer preview of the next Android version in Q1, this is the earliest developer preview yet. Android N (later named Android Nougat), Android O (Android Oreo), Android P (Android Pie), and Android Q (Android 10) were all first shown off in the month of March. Last year, Google used the Android Beta Program, which lets you get early Android builds via over-the-air updates on select devices. This year, however, Google is not making the first preview available as a beta (you'll need to manually flash your device). In other words, Android 11 is not ready for early adopters to try, just developers.

TechRadar shares some surprising results from a new survey of enterprises using COBOL and mainframe technologies: According to a survey by Micro Focus, which follows data gathered in previous 2017 survey, 70 percent favor modernization as an approach for implementing strategic change. This is opposed to replacing or retiring their key COBOL applications as they continue to provide a low-risk and effective means of transforming IT to support digital business initiatives...

This is further supported by the results of the survey with an increase in the size of the average application code base which grew from 8.4m in 2017 to 9.9m this year, showing continued investment, re-use and expansion in core business systems.
"92 percent of respondents felt as though their organization's COBOL applications are strategic in comparison to 84 percent of respondents in 2017," according to the official survey results. The survey spanned 40 different countries, and involved COBOL-connected architects, developers, development managers and IT executives.

"COBOL's credentials as a strong digital technology appear to be set for another decade," according to Micro Focus' senior vice president of application modernization and connectivity. "With 60 years of experience supporting mission-critical applications and business systems, COBOL continues to evolve as a flexible and resilient computer language that will remain relevant and important for businesses around the world."

"Now budding Python developers can read up on the National Security Agency's own Python training materials," reports ZDNet: Software engineer Chris Swenson filed a Freedom of Information Act request with the NSA for access to its Python training materials and received a lightly redacted 400-page printout of the agency's COMP 3321 Python training course. Swenson has since scanned the documents, ran OCR on the text to make it searchable, and hosted it on Digital Oceans Spaces. The material has also been uploaded to the Internet Archive...

"If you don't know any programming languages yet, Python is a good place to start. If you already know a different language, it's easy to pick Python on the side. Python isn't entirely free of frustration and confusion, but hopefully you can avoid those parts until long after you get some good use out of Python," writes the NSA...

Swenson told ZDNet that it was "mostly just curiosity" that motivated him to ask the NSA about its Python training material. He also said the NSA had excluded some course material, but that he'll keep trying to get more from the agency... Python developer Kushal Das has pulled out some interesting details from the material. He found that the NSA has an internal Python package index, that its GitLab instance is gitlab.coi.nsa.ic.gov, and that it has a Jupyter gallery that runs over HTTPS. NSA also offers git installation instructions for CentOS, Red Hat Enterprise Linux, Ubuntu, and Windows, but not Debian.

An anonymous reader shares a report: It comes as no surprise that the guidance computers aboard the Apollo 11 spacecraft were impossibly primitive compared to the pocket computers we all carry around 50 years later. But on his website, an Apple developer analyzed the tech specs even further and found that even something as simple as a modern USB charger is packed with more processing power. Forrest Heller, a software developer who formerly worked on Occipital's Structure 3D scanner accessory for mobile devices, but who now works for Apple, broke down the numbers when it comes to the processing power, memory, and storage capacity of Google's 18W Pixel charger, Huawei's 40W SuperCharge, the Anker PowerPort Atom PD 2 charger, and the Apollo 11 guidance computer, also referred to as the AGC. It's not easy to directly compare those modern devices with the 50-year-old AGC, which was custom developed by NASA for controlling and automating the guidance and navigation systems aboard the Apollo 11 spacecraft.

In a time when computers were the size of giant rooms, the AGC was contained in a box just a few feet in length because it was one of the first computers to be made with integrated circuits. Instead of plopping in an off the shelf processor, NASA's engineers designed and built the AGC with somewhere around 5,600 electronic gates that were capable of performing nearly 40,000 simple mathematical calculations every second. While we measure processor speeds in gigahertz these days, the AGC chugged along at 1.024 MHz. By comparison, the Anker PowerPort Atom PD 2 USB-C charger includes a Cypress CYPD4225 processor running at 48 MHz with the twice the RAM of the AGC, and almost twice the storage space for software instructions.

minstrelmike shares a report. From the article: The best way to get a feel for what NASA's job was like is to read some of the code, now immortalized in a GitHub repository. Choose a file at random. GROUND_TRACKING_DETERMINATION_PROGRAM.agc, for instance, has 204 lines and more than 85 of them are comments. Each of the lines consists of only one operation, unlike modern languages, which can pack dozens of operations with multiple options into one line. The simplicity becomes obvious .... The Apollo Guidance Computer had only 36k of ROM to hold the compiled version."

You didn't need security, function was the only thing that counted, and you only had to do one thing. A Go app compiled with version 1.7 that only prints "Hello World" is 1.6 megabytes alone, and the Go world was totally thrilled with this news because it was 2.3 megabytes before." And you didn't need to deal with lawyers. There are 22 thousand words in the basic Terms of Service for renting a machine in Amazon's cloud. There is also an entirely different TOS for using the website to rent the machine. Then each individual product often has its own TOS, like this one for Activate. Add them up and they're much longer than the 36 thousand instruction words in the ROM in the Lunar Lander's computer.

"Under the age of 39? Odds are that most of your peers learned to code in C.

"Most Baby Boomers and Gen Xers — or, those between the ages of 40 and 74 in 2020 — learned to code in BASIC."

That's just one of the interesting conclusions from HackerRank's third annual "Developer Skills Report," which this year compiled responses from over 116,000 developers (from 162 different countries). Developed for educational use in 1964, BASIC was a popular instructional language in college classrooms. But that began to change in 1972, when Bell Labs invented C, allowing portability of the Unix operating system. Though it wasn't an instant hit, the language rose to popularity in the late 70s and early 80s alongside the growth of Unix. Today, the language is celebrated for its longevity, flexibility, and ease of use — just some of the reasons it's still popular for Gen Zers learning to code today.

Gen Z is more likely than any previous generation to utilize bootcamps. Nearly one in six say they've leveraged bootcamps to learn new skills. On the flip side, they're less likely to learn coding skills from older generations' go-tos, like books and on-the-job training. As Gen Z comes to rely more heavily on non-traditional education sources like bootcamps, they're poised to become a key talent pool.
Jaxenter also summarizes another interesting finding from the survey. "72% of hiring managers reported that bootcamp grads were equally or better equipped for their job." The I-Programmer site even noted the top reasons managers gave the surveyors for why bootcamp grads exceed:

• Ability to learn new technologies & languages quickly (71%)
• Strong practical experience (61%)
• Eager to take on new responsibilities (52%)

And they also summarize another interesting result. "Almost a third of developers at small companies (1-49 employees) haven't obtained a Bachelor's degree -- a proportion that drops to only 9% in companies with 10,000 or more employees."

China's Xiaomi, Huawei, Oppo and Vivo are joining forces to create a platform for developers outside China to upload apps onto all of their app stores simultaneously, in a move analysts say is meant to challenge the dominance of Google's Play store. From a report: The four companies are ironing out kinks in what is known as the Global Developer Service Alliance (GDSA). The platform aims to make it easier for developers of games, music, movies and other apps to market their apps in overseas markets, according to people with knowledge of the matter. The GDSA was initially aiming to launch in March, sources said, although it is not clear how that will be affected by the recent coronavirus outbreak. A prototype website says the platform will initially cover nine "regions" including India, Indonesia and Russia.

Dan Houser, co-founder of Rockstar Games, is leaving the company in March after taking an "extended break" in the spring of 2019. "Rockstar Games was founded in 1998, and Dan Houser contributed prominently to the company's successful franchises, including Grand Theft Auto, Max Payne, Red Dead Redemption, and more," notes The Verge. From the report: Take-Two Interactive is the holdings company for Rockstar Games, and it hasn't officially announced the departure yet. Here's the snippet in full, straight from [an SEC document registered by publisher Take-Two Interactive, which first confirmed the news]: "After an extended break beginning in the spring of 2019, Dan Houser, Vice President, Creative at Rockstar Games, will be leaving the company. Dan Houser's last day will be March 11, 2020. We are extremely grateful for his contributions. Rockstar Games has built some of the most critically acclaimed and commercially successful game worlds, a global community of passionate fans and an incredibly talented team, which remains focused on current and future projects."

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 80 for Windows, Mac, Linux, Android, and iOS. The release includes autoupgrading mixed content to HTTPS, SameSite cookie changes, quieter permission UI for notifications, and more developer features. This release thus beefs up security for the world's most popular browser and begins cracking down on cross-site cookies. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. With over 1 billion users, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome's regular additions and changes, developers often have to stay on top of everything available -- as well as what has been deprecated or removed. Among other things, Chrome 80 has started deprecating FTP support by disabling it by default for non-enterprise clients.

From a report: I'll just pay a little more attention to the Android bit: a total of $80 billion paid out to Android developers, which is significantly less than the $155 billion Apple has paid out via the iOS App Store. Even if you account for Google allowing developers to use their own payment methods and made a bunch of other caveats, I suspect you can't avoid the truth. The vast majority of phones on Earth run Android, and yet it is almost surely the case that there's more money for developers in iPhone apps. That's always been the conventional wisdom, but Google's own numbers all but confirm it.

Eric Raymond has been working on a tool called reposurgeon for editing version-control repository histories -- those "risky operations that version-control systems don't want to let you do." But this led to some interesting thoughts about documentation: "Why doesn't reposurgeon have easy introductory documentation" would normally have a simple answer: because the author, like all too many programmers, hates writing documentation, has never gotten very good at it, and will evade frantically when under pressure to try. But in my case none of that description is even slightly true. Like Donald Knuth, I consider writing good documentation an integral and enjoyable part of the art of software engineering. If you don't learn to do it well you are short-changing not just your users but yourself...

If you go looking for gdb intro documentation, you'll find it's also pretty terrible. Examples of a few basic commands is all they can do; you never get an entire worked example of using gdb to identify and fix a failure point. And why is this....? High-quality introductory software documentation depends on worked examples that are understandable and reproducible. If your software's problem domain features serious technical barriers to mounting and stuffing a gallery of reproducible examples, you have a problem that even great willingness and excellent writing skills can't fix.

Of course my punchline is that reposurgeon has this problem, and arguably an even worse example of it than gdb's. How would you make a worked example of a repository conversion that is both nontrivial and reproducible? What would that even look like...? Having identified the deep problem, I'd love to be able to say something revelatory and upbeat about how to solve it.... Unfortunately, at this point I am out of answers. Perhaps the regulars on my blog will come up with some interesting angle.

Slashdot reader jbmartin6 summarizes a new article from Carnegie Mellon's Software Engineering Institute: An academic study challenges the notion that "some programmers are much, much better than others (the times-10, or x10, programmer), and that the skills, abilities, and talents of these programmers exert an outsized influence on that organization's success or failure."

Instead, the author shows productivity variation is often a result of poor-performing outliers and some wide variation in individual's productivity from day to day. Once these factors are eliminated, the gap between top performers and normal performers isn't that great, and there is a very small supply of consistent top performers anyway. This result has a lot of implications for how software teams and projects are managed.
The article concludes that "while some programmers are better or faster than others, the scale and usefulness of this difference has been greatly exaggerated....

"Rather than try to label programmers with simplistic terms such as 'best' and 'worst,' the most motivating and humane way to improve average performance is to find ways to improve everyone's performance."

Slashdot reader SpaceForceCommander shared Dice's new annual report on America's tech industry salaries based on a survey of over 12,800 "technologists": Columbus and St. Louis enjoyed double-digit year-over-year growth in salaries (14.2 percent and 13.6 percent, respectively), and other cities such as Denver [7 percent] and Atlanta [10 percent] also experienced an ideal mix of growth and high salaries. These up-and-comers benefitted from the presence of key employers such as Amazon and IBM; in addition, a lower cost of living and plentiful amenities have made them increasingly attractive to technologists, even those coming from well-established tech hubs such as Silicon Valley.

Silicon Valley remains a world of high salaries — but the cost of living in the Bay Area remains extraordinarily high, which chews into that higher-than-average paycheck. And that's before we factor in issues such as grinding commutes. In Seattle, New York City (also known as "Silicon Alley"), and other well-established tech hubs, costs are similarly high, which only makes up-and-coming tech hubs more potentially attractive to technologists.
Silicon Valley is still #1 on Dice's ranking of average annual salaries (at $123,826), followed by Seattle, San Diego, Boston, Baltimore, Portland, Denver, and then New York. (And while St. Louis ranks #9, Columbus is #17.)

But the average annual tech-industry salary rose just 1.3 percent last year, according to the survey, with Dice arguing that what made salaries vary was supply and demand. They then ranked the highest-paying skills, starting with Apache Kafka (with average reported salaries of $134,557), followed by HANA (High performance ANalytic Appliance), Cloudera, and MapReduce: Newer skills don't necessarily draw higher salaries; with many older skills, the number of proficient technologists is relatively low, which means employers are willing to pay more in order to secure their services. (That's a key reason why the handful of technologists who still know their way around an ancient mainframe can score six-figure salaries from companies that haven't given up decades-old hardware....) In the case of programming languages such as Swift, which enjoyed significant year-over-year growth and high salaries, a large number of technologists might have mastered it — but the market is huge and white-hot, ensuring that compensation will only rise.

The Go team is planning for a February release of Go 1.14, and "Per the process outlined in the Go 2, here we come! blog post, it is again the time in our development and release cycle to consider if and what language or library changes we might want to include for our next release, Go 1.15, scheduled for August of this year."
The primary goals for Go remain package and version management, better error handling support, and generics. Module support is in good shape and getting better with each day, and we are also making progress on the generics front (more on that later this year).

Our attempt seven months ago at providing a better error handling mechanism, the try proposal, met good support but also strong opposition and we decided to abandon it. In its aftermath there were many follow-up proposals, but none of them seemed convincing enough, clearly superior to the try proposal, or less likely to cause similar controversy. Thus, we have not further pursued changes to error handling for now. Perhaps some future insight will help us to improve upon the status quo.

Given that modules and generics are actively being worked on, and with error handling changes out of the way for the time being, what other changes should we pursue, if any? There are some perennial favorites such as requests for enums and immutable types, but none of those ideas are sufficiently developed yet, nor are they urgent enough to warrant a lot of attention by the Go team, especially when also considering the cost of making a language change.

After reviewing all potentially viable proposals, and more importantly, because we don't want to incrementally add new features without a long-term plan, we concluded that it is better to hold off with major changes this time. Instead we concentrate on a couple of new vet checks and a minor adjustment to the language...

We believe that none of these three proposals are controversial but there's always a chance that we missed something important. For that reason we plan to have the proposals implemented at the beginning of the Go 1.15 release cycle (at or shortly after the Go 1.14 release) so that there is plenty of time to gather experience and provide feedback. Per the proposal evaluation process, the final decision will be made at the end of the development cycle, at the beginning of May, 2020.

Over the course of a year, Apple took down 805 apps in mainland China by its own account. From a report: In Apple's latest transparency report accounting for the first half of 2019, the iPhone maker said it removed 288 apps from China's iOS App Store for both legal and policy violations. The Apple Transparency Report goes out twice a year and details requests received from government agencies and private parties worldwide. The report lists government requests to access information on accounts and devices, but the last two reports also include the number of apps Apple removed that period. When it comes to why those apps are removed, though, Apple is tight-lipped. The reports cite two reasons for app removals: Platform violations, which covers gambling apps (gambling is illegal in China), and legal violations, which according to Apple usually means apps with pornography (also illegal in China) and other illegal content.

[...] The total number of apps missing from the App Store because of government censorship is hard to know. GreatFire has used its tool applecensorship.com to identify 2,678 apps that aren't available inside the mainland China App Store. But this number doesn't paint the full picture. Records of missing apps are only generated when people search for them on the website. And there's no information on whether apps were taken down because of a government request, a decision from Apple or the app makers' choice. Many of the apps recorded were never listed on the mainland China App Store. But the list does provide some insight, like the fact that the 149 unavailable news apps is more than in any other country. "We know that app store removals are happening more often in China," said GreatFire's Karen Reilly. "We know that many of these apps are news sources. We know that many of these apps are VPNs and other software that everyday people use to protect their privacy."