PHP

'Why PHP Still Beats Your Next Favourite Alternative' (youtube.com) 85

Long-time Slashdot reader Qbertino writes: On PHPday in Verona (Italy) Rasmus Lerdorf, creator of PHP, gave an enlightening talk on PHP and its history. 25 years of PHP (video of the talk) is ripe with details on PHP, the design choices behind the web's favorite server-side templating language and with explanations on why what you may think of as an inconsistent mess actually makes perfect sense just the way it is. Very insightful, fun, interesting and a must-watch for PHP lovers and haters alike.
Introducing one slide, Lerdorf remembers that in the 1990s, "the web looked like this -- CGI bins written in C."

But he also shows his first computers from the 1980s at the beginning of the talk, before moving on to screenshots of Gopher, and then of the Mosaic browser. "This changed everything. And not just for me, for everybody...

"Everybody around at the time, playing with this stuff, and having had UUCP addresses and playing with Usenet and bulletin boards -- it was very easy to see that this was going to change the world."
Programming

Should the Linux Kernel Accept Drivers Written In Rust? (lwn.net) 169

Packt's recent story about Rust had the headline "Rust is the future of systems programming, C is the new Assembly."

But there was an interesting discussion about the story on LWN.net. One reader suggested letting people write drivers for the Linux kernel in Rust. ("There's a good chance that encouraging people to submit their wacky drivers in Rust would improve the quality of the driver, partly because you can focus attention on the unsafe parts.")

And that comment drew an interesting follow-up:

"I spoke with Greg Kroah-Hartman, and he said he'd be willing to accept a framework in the kernel for writing drivers in Rust, as long as 1) for now it wasn't enabled by default (even if you did "make allyesconfig") so that people don't *need* Rust to build the kernel, and 2) it shows real benefits beyond writing C, such as safe wrappers for kernel APIs."
Programming

Intel Engineer Launches Working Group To Bring Rust 'Full Parity With C' (packtpub.com) 111

Someone from the Rust language governance team gave an interesting talk at this year's Open Source Technology Summit. Josh Triplett (who is also a principal engineer at Intel), discussed "what Intel is contributing to bring Rust to full parity with C," in a talk titled Intel and Rust: the Future of Systems Programming.

An anonymous reader quotes Packt: Triplett believes that C is now becoming what Assembly was years ago. "C is the new Assembly," he concludes. Developers are looking for a high-level language that not only addresses the problems in C that can't be fixed but also leverage other exciting features that these languages provide. Such a language that aims to be compelling enough to make developers move from C should be memory safe, provide automatic memory management, security, and much more...

"Achieving parity with C is exactly what got me involved in Rust," says Triplett. Triplett's first contribution to the Rust programming language was in the form of the 1444 RFC, which was started in 2015 and got accepted in 2016. This RFC proposed to bring native support for C-compatible unions in Rust that would be defined via a new "contextual keyword" union...

He is starting a working group that will focus on achieving full parity with C. Under this group, he aims to collaborate with both the Rust community and other Intel developers to develop the specifications for the remaining features that need to be implemented in Rust for system programming. This group will also focus on bringing support for systems programming using the stable releases of Rust, not just experimental nightly releases of the compiler.

Last week Triplett posted that the FFI/C Parity working group "is in the process of being launched, and hasn't quite kicked off yet" -- but he promised to share updates when it does.
Perl

Is Perl 6 Being Renamed? (perl.org) 119

An anonymous reader quotes a blog post by Curtis Poe , a freelance Perl/Agile/testing consultant and the author of the Wrox book Beginning Perl: By now, many of you have seen the Perl 6 Github issue "Perl" in the name "Perl 6" is confusing and irritating. The issue suggested renaming Perl 6. While some may think that the name of the issue is trolling, or offensive, the actual issue was created by Elizabeth (Liz) Mattijsen, one of the core Perl 6 developers, a long-time Perl 5 developer, and with her spouse, Wendy, has long been an enthusiastic support of Perl 5/6. There is no trolling here. There is a lot of deep thought, careful discussion, and a genuine desire to find a way to bypass some deeply divisive issues in the Perl community.

While the proposed name was "camelia", Damian Conway made a strong argument in favor of "raku" and it appears the community is leaning towards this name for various reasons... The far, far too terse backstory: the Perl 6 community seems to be split between those who view Perl 6 as a sister language to Perl 5 and those who view Perl 6 as a successor to Perl 5...

To say that this issue has been bitterly divisive would be an understatement.

Programming

NPM Bans Terminal Ads (zdnet.com) 25

A week after a popular JavaScript library started showing full-blown ads in the npm command-line interface, npm, Inc., the company that runs the npm tool and website, has taken a stance and plans to ban such behavior in the future. From a report: "We are always working on improving our policies and expand on our commitments to the community," Ahmad Nassri, npm, Inc. CTO told ZDNet in an email this week. "To that end, we're making updates to our policies to be more explicit about the type of commercial content we do deem not acceptable." According to these upcoming updates, npm will ban:
1. Packages that display ads at runtime, on installation, or at other stages of the software development lifecycle, such as via npm scripts.
2. Packages with code that can be used to display ads are fine. Packages that themselves display ads are not.
3. Packages that themselves function primarily as ads, with only placeholder or negligible code, data, and other technical content.

Cloud

Oracle Files New Appeal Over Pentagon's $10B JEDI Cloud Contract RFP Process (techcrunch.com) 48

You really have to give Oracle a lot of points for persistence, especially where the $10 billion JEDI cloud contract procurement process is concerned. An anonymous reader shares a report:For more than a year, the company has been complaining across every legal and government channel it can think of. In spite of every attempt to find some issue with the process, it has failed every time. That did not stop it today from filing a fresh appeal of last month's federal court decision that found against the company . Oracle refuses to go quietly into that good night, not when there are $10 billion federal dollars on the line, and today the company announced it was appealing Federal Claims Court Senior Judge Eric Bruggink's decision.
Programming

'Agile Programming is Not Dead, Quite the Opposite' (heartofagile.com) 216

"Agile is not dead, quite the opposite," argues Alistair Cockburn, one of the co-authors of the original Manifesto for Agile Software Development in 2001: Why then, do we read of agile's death? Three reasons: phony ads, misunderstanding ordinary movement of ideas through society, and looking at the wrong curves... The sales pitch is pretty obvious when you look for it. Ignore those articles, they are just cheap sales tricks...

The pundits you are reading typically are innovators and early adopters. They adopted agile 10-15 years ago. Quite naturally, they have moved on and are working on the 2nd or 3rd round of interesting things that have arrived since then... They have been looking at lean startup, hypothesis testing, and agile product management, for example. All agile consequences, just a little more advanced. They have quite naturally (for them) forgotten the joy of discovering the agile approach for the first time. Everyone they know is already using it or has moved forward. To them it looks "passé", "dead"...

Choice A: agile. Choice B: something else. What is the something else that you think is more effective? For most projects, I can't think of another way that is more effective. Collaborate, deliver, reflect, improve, in cycles, from first idea until final delivery. This works whatever the nature of the project (no, agile is not just for software). Even badly done agile (please complain away at this moment, it's fine, there is a lot of bad agile out there), tends to be better than whatever came before it. That only tells you how bad all the things were that came before...

Agile is not dead, on the contrary. It's scarcely gotten started. Collaborate, deliver, reflect, and improve, in tight cycles. If you can find something better, use it.

Open Source

Standard, a Javascript Style Guide Library With 3M Downloads Per Month, Now Showing Ads When Installed Via NPM 82

Standard, a popular Javascript style guide library that is downloaded about three million times each month, is beginning to show ads when installed through npm, a developer announced this week. The move, which has been pegged as an experiment, comes as the developer looks to find sustainable ways to support contributions to the open source development. In a post, Feross Aboukhadijeh, a developer of Standard, said whenever Standard 14 is installed, "we'll display a message from a company that supports open source. The sponsorship pays directly for maintainer time. That is, writing new features, fixing bugs, answering user questions, and improving documentation."

The announcement has sparked a debate in the community with some suggesting that there should be a better way to support the FOSS developers without seeing ads on the terminal.
Programming

Is Agile Becoming Less and Less Relevant? (forbes.com) 235

OneHundredAndTen shares "an interesting Forbes article that posits that Agile software development is losing relevance, it is not the silver bullet that some claimed, and it has become a sort of religion -- 'If Agile doesn't work for you, you are not doing it right.'"

Writer/data scientist Kurt Cagle even describes passing around "the holy hockey stick" while begging the scrum master for forgiveness, arguing that "like most religions it really didn't make that much sense to the outsider -- or even to the participants, when it got right down to it." Agile does not always scale well. Integration dependencies are often not tracked (or are subsumed into hierarchical stories), yet it tends to be one of the most variable aspects of any software development... [T]here are whole classes of projects where traditional Agile is counterproductive. Enterprise data projects, in particular, do not fit the criteria for being good Agile candidates... the kind of work that is being done is shifting from an engineering problem (dedicated short term projects intended to connect systems) to a curational one (mapping models via minimal technical tools).

This transition also points to what the future of Agile will end up being. In many respects we're leaving the application era of development -- applications are thinner, mostly web-based, where connectivity to both data sets and composite enterprise data will be more important than complex client-based functionality. This is also true of mobile applications -- increasingly, smart phone and tablet apps are just thin shells around mobile HTML+CSS, a sea-change from the "there's an app for that" era.

The client as relatively thin endpoint means that the environment for which Agile first emerged and for which it is most well suited -- stand-alone open source applications -- is disappearing. Today, the typical application is more likely a data stream of some sort, in which the value is not in the programming but in the data itself, with the programming consequently far simpler (and with a far broader array of existing tools) than was the case twenty or even ten years ago... While aspects of Agile will remain, the post-Agile world has different priorities and requirements, and we should expect whatever paradigm finally succeeds it to deal with the information stream as the fundamental unit of information.

Python

UK Cybersecurity Agency Urges Devs To Drop Python 2 (zdnet.com) 50

Python's End-of-Life date is 129 days away, warns the UK National Cyber Security Centre (NCSC). "There will be no more bug fixes, or security updates, from Python's core developers."

An anonymous reader quotes ZDNet: The UK's cyber-security agency warned developers Thursday to consider moving Python 2.x codebases to the newer 3.x branch due to the looming end-of-life of Python 2, scheduled for January 1, 2020... "If you continue to use unsupported modules, you are risking the security of your organisation and data, as vulnerabilities will sooner or later appear which nobody is fixing."

"If you maintain a library that other developers depend on, you may be preventing them from updating to 3," the agency added. "By holding other developers back, you are indirectly and likely unintentionally increasing the security risks of others... If migrating your code base to Python 3 is not possible, another option is to pay a commercial company to support Python 2 for you," the NCSC said.

The agency warns that companies who don't invest in migrating their Python 2.x code might end up in the same position as Equifax or the WannaCry victims. "At the NCSC we are always stressing the importance of patching. It's not always easy, but patching is one of the most fundamental things you can do to secure your technology," the agency said. "The WannaCry ransomware provides a classic example of what can happen if you run unsupported software," it said. "By making the decision to continue using Python 2 past its end of life, you are accepting all the risks that come with using unsupported software, while knowing that a secure version is available."

Oracle

Oracle Directors Give Blessing To Shareholder Lawsuit Against Larry Ellison, Safra Catz (techcrunch.com) 14

An anonymous reader quotes a report from TechCrunch: Three years after closing a $9.3 billion deal to acquire NetSuite, several Oracle board members have written an extraordinary letter to the Delaware Court, approving a shareholder lawsuit against company executives Larry Ellison and Safra Catz over the 2016 deal. Reuters broke this story. According to Reuters' Alison Frankel, three board members, including former U.S. Defense Secretary Leon Panetta, sent a letter on August 15th to Sam Glasscock III, vice chancellor for the Court of the Chancery in Georgetown, Delaware, approving the suit as members of a special board of directors entity known as the Special Litigation Committee.

The lawsuit is what is called in legal parlance a derivative suit. According to the site Justia, this type of suit is filed in cases like this. "Since shareholders are generally allowed to file a lawsuit in the event that a corporation has refused to file one on its own behalf, many derivative suits are brought against a particular officer or director of the corporation for breach of contract or breach of fiduciary duty," the Justia site explained. The letter went on to say there was an attempt to settle this suit, which was originally launched in 2017, through negotiation outside of court, but when that attempt failed, the directors wrote this letter to the court stating that the suit should be allowed to proceed. As Frankel wrote in her article, the lawsuit, which was originally filed by the Firemen's Retirement System of St. Louis, could be worth billions.
The report notes that Oracle was struggling to find its cloud footing in 2016, so it's "believed that by buying an established SaaS player like NetSuite, it could begin to build out its cloud business much faster than trying to develop something like it internally."

The Oracle letter can be found here.
Programming

For Young Female Coders, Internship Interviews Can Be Toxic (wired.com) 242

An anonymous reader shares a report: Eyre (an anecdote in the story) is one of more than 1,000 young women college-aged or older, hailing from 300 schools around the country, who participated in a recent survey [PDF] about the challenges female engineers face while applying for technical internships. The study was conducted last fall by Girls Who Code, a nonprofit organization that educates and supports girls studying computer science, which has 30,000 college-aged alumnae and 17,000 alumnae potentially entering college this fall. The analysis was limited to young women in the Girls Who Code network who are studying or previously studied computer science and related fields.

The results reveal that many young women, whom the tech industry is counting on to diversify its heavily male workforce, are put off by their first encounters with tech companies. More than half of the respondents said they either had a negative experience while applying for engineering internships or knew another woman who had a negative experience, such as being subjected to gender-biased interview questions and inappropriate remarks, or observing a noticeable lack of diversity when they interacted with company representatives during the interview process. Although the survey did not explicitly ask about sexual harassment and discrimination, respondents raised both issues in written responses at the end of the survey. They described instances where a male interviewer flirted with them during the interview, sent an unsolicited photo of himself, asked if they had a significant other, or made sexual remarks in their presence. The respondents also reported feeling dismissed or demeaned because of their gender. One respondent was asked why she would want to go into tech as a woman; in another instance, a male interviewer laughed when the candidate said she saw herself becoming a software engineer in five years.

Android

Google Launches Android Studio 3.5 With Improved Memory Settings, Build Speed, and Apply Changes (venturebeat.com) 15

Google today launched Android Studio 3.5, the latest version of its integrated development environment (IDE), with a specific focus on "product quality." From a report: This release is the last one under Project Marble, a fancy name for an initiative Google announced late last year to improve Android Studio. For eight months, the team focused "on making the fundamental features and flows of Android Studio & Emulator rock-solid." All the improvements were either to system health, feature polish, or bug fixes. To improve system health, Google created a new set of infrastructure and internal dashboards to better detect performance problems. The team ultimately fixed over 600 bugs, 50 memory leaks, and 20 IDE hangs, and improved XML & Kotlin typing latency. For the Android Emulator, the team decreased the CPU and memory impact. The team also took a look at app deployment flow to a device, replacing Instant Run with Apply Changes. The new system no longer modifies an APK during your build. Instead, it uses runtime instrumentation to redefine classes on the fly.
Programming

Bitbucket Dropping Support For Mercurial 42

Bitbucket, once one of the largest Mercurial repository hosting sites, said Tuesday it plans to remove Mercurial features and repositories from its platform on June 1, 2020. In a blog post, Bitbucket wrote: As we surpass 10 million registered users on the platform, we're at a point in our growth where we are conducting a deeper evaluation of the market and how we can best support our users going forward. After much consideration, we've decided to remove Mercurial support from Bitbucket Cloud and its API. Bitbucket will stop letting users create new Mercurial repositories starting February 1, 2020, and start removing all the Mercurial repositories four months later. So you will want to backup your repositories and switch to a different platform in the coming months. A different user pointed out, "Another shitty aspect of bitbucket dropping mercurial support and deleting all the old repositories in 2020: all yt pull request discussions from before 2017 are going to be deleted. There's valuable context for how the code got written in those discussions." Several users have expressed their concerns over this decision. Sebastien Jodogne, CSO at Osimis, said, "This is an extremely concerning decision that endangers diversity in the computer science industry by pushing the de facto hegemony of git."

For those of you affected by this, you can consider a number of platforms including SourceForge to host and manage your repositories.
Privacy

Developers Accuse Apple of Anti-Competitive Behavior With Its Privacy Changes in iOS 13 (techcrunch.com) 77

A group of app developers have penned a letter to Apple CEO Tim Cook, arguing that certain privacy-focused changes to Apple's iOS 13 operating system will hurt their business. From a report: In a report by The Information, the developers were said to have accused Apple of anti-competitive behavior when it comes to how apps can access user location data. With iOS 13, Apple aims to curtail apps' abuse of its location-tracking features as part of its larger privacy focus as a company. Today, many apps ask users upon first launch to give their app the "Always Allow" location-tracking permission. Users can confirm this with a tap, unwittingly giving apps far more access to their location data than is actually necessary, in many cases. In iOS 13, however, Apple has tweaked the way apps can request location data. There will now be a new option upon launch presented to users, "Allow Once," which allows users to first explore the app to see if it fits their needs before granting the app developer the ability to continually access location data. This option will be presented alongside existing options, "Allow While Using App" and "Don't Allow." The "Always" option is still available, but users will have to head to iOS Settings to manually enable it. The app developers argue that this change may confuse less technical users, who will assume the app isn't functioning properly unless they figure out how to change their iOS Settings to ensure the app has the proper permissions.
Programming

PayPal Builds 'Zoid' JavaScript Library To 'Make IFrames Cool Again' (medium.com) 85

"Earlier this year I gave a talk at FullStack conference in London about making iFrames cool again," writes a lead engineer at PayPal. In a nutshell: iframes let you build user experiences into embeddable 'cross-domain components', which let users interact with other sites without being redirected. There are a metric ton of awesome uses for that other than tracking and advertizing. Nothing else comes close for this purpose; and as a result, I feel we're not using iframes to their full potential.

There are big problems, though... My talk went into how at PayPal, we built Zoid to solve some of the major problems with iframes and popups:

- Pre-render to avoid the perception of slow rendering

- Automatically resize frames to fit child content

- Automatically resize frames to fit child content

- Pass down any kind of data and functions/callbacks as props (just like React), and avoid the nightmare of cross-domain messaging between windows.

- Make iframes and popups feel like first class (cross-domain) components.

Zoid goes a long way. But there are certain problems a mere javascript library can not solve. This is my bucket list for browser vendors, to make iframes more of a first class citizen on the web... Because fundamentally: the idea of cross-domain embeddable components is actually pretty useful once you start talking about shareable user experiences, rather than just user-tracking and advertizing which are obviously pills nobody enjoys swallowing.

He acknowledges that he "really likes" the work that's been done on Google Chrome's Portals (which he earlier described as "like iframes, but better, and worse.")

"I just hope iframes don't get left behind."
AI

Stack Overflow Touts New Programming Solutions Tool That Mines Crowd Knowledge (stackoverflow.blog) 40

Stack Overflow shares a new tool from a team of researchers that "takes the description of a programming task as a query and then provides relevant, comprehensive programming solutions containing both code snippets and their succinct explanations" -- the Crowd Knowledge Answer Generator (or CROKAGE): In order to reduce the gap between the queries and solutions, the team trained a word-embedding model with FastText, using millions of Q&A threads from Stack Overflow as the training corpus. CROKAGE also expanded the natural language query (task description) to include unique open source software library and function terms, carefully mined from Stack Overflow.

The team of researchers combined four weighted factors to rank the candidate answers... In particular, they collected the programming functions that potentially implement the target programming task (the query), and then promoted the candidate answers containing such functions. They hypothesized that an answer containing a code snippet that uses the relevant functions and is complemented with a succinct explanation is a strong candidate for a solution. To ensure that the written explanation was succinct and valuable, the team made use of natural language processing on the answers, ranking them most relevant by the four weighted factors. They selected programming solutions containing both code snippets and code explanations, unlike earlier studies. The team also discarded trivial sentences from the explanations...

The team analyzed the results of 48 programming queries processed by CROKAGE. The results outperformed six baselines, including the state-of-art research tool, BIKER. Furthermore, the team surveyed 29 developers across 24 coding queries. Their responses confirm that CROKAGE produces better results than that of the state-of-art tool in terms of relevance of the suggested code examples, benefit of the code explanations, and the overall solution quality (code + explanation).

The tool is still being refined, but it's "experimentally available" -- although "It's limited to Java queries for now, but the creators hope to have an expanded version open to the public soon."

It will probably be more useful than Stack Roboflow, a site that uses a neural network to synthesize fake Stack Overflow questions.
Education

How Should Schools Grade Unexpected-But-Correct Answers On Coding Tests? 177

There can be more than one correct answer for academic tests of programming ability, writes long-time Slashdot reader theodp: Take the first of the Free-Response Questions in this year's AP CS A exam, which asked 70,000 college-bound students to "Write the static method numberOfLeapYears, which returns the number of leap years between year1 and year2." The correct answer, according to the CollegeBoard's 2019 Scoring Guidelines, entails iterating over the range of years and invoking a provided helper method called isLeapYear for each year.

Which does work, of course, but what if a student instead took an Excel-like approach to the same problem that consists of a (hopefully correct!) single formula with no iteration or isLeapYear helper function? Would that be a worse — or better -- example of computational thinking than the endorsed AP CS A Java-based solution? (Here's a 7-minute AP Conference discussion of how to correctly grade this problem)?

So, how have you seen schools and companies deal with unexpected-but-correct approaches to coding test questions?
Youtube

YouTube To Allow Everyone To Watch YouTube Originals For Free 57

Last November, YouTube announced that it would be removing the paywall for its original programming starting in 2019. Now, we have more details on exactly how and when this will work. Android Central reports: Per a statement sent out by the YouTube team: "New YouTube Originals series, movies, and live events released after September 24, 2019 will be made available to non-members to watch for free, with ads. For series, members will get immediate access to every episode of a new season, while non-members will have to wait for each new episode to be released."

It appears that YouTube Originals content released prior to that September 24 date will remain exclusive to Premium subscribers, but going forward, it'll be fair game for everyone. While that does slightly water-down the perks of being a YouTube Premium subscriber, it's also noted that paying customers will gain access to additional footage that won't be available for free users: "In most cases, where available, Director's cuts and bonus footage for YouTube Originals movies and live events will be exclusive to members like you, as well."
Security

The Fashion Line Designed To Trick Surveillance Cameras (theguardian.com) 95

Freshly Exhumed shares a report from The Guardian: Automatic license plate readers, which use networked surveillance cameras and simple image recognition to track the movements of cars around a city, may have met their match, in the form of a T-shirt. Or a dress. Or a hoodie. The anti-surveillance garments were revealed at the DefCon cybersecurity conference in Las Vegas on Saturday by the hacker and fashion designer Kate Rose, who presented the inaugural collection of her Adversarial Fashion line.

To human eyes, Rose's fourth amendment T-shirt contains the words of the fourth amendment to the U.S. constitution in bold yellow letters. The amendment, which protects Americans from "unreasonable searches and seizures," has been an important defense against many forms of government surveillance: in 2012, for instance, the U.S. supreme court ruled that it prevented police departments from hiding GPS trackers on cars without a warrant. But to an automatic license plate reader (ALPR) system, the shirt is a collection of license plates, and they will get added to the license plate reader's database just like any others it sees. The intention is to make deploying that sort of surveillance less effective, more expensive, and harder to use without human oversight, in order to slow down the transition to what Rose calls "visual personally identifying data collection."
"It's a highly invasive mass surveillance system that invades every part of our lives, collecting thousands of plates a minute. But if it's able to be fooled by fabric, then maybe we shouldn't have a system that hangs things of great importance on it," she said.

Slashdot Top Deals