A backlash against the app stores of Apple and Google is gaining steam, with a growing number of companies saying the tech giants are collecting too high a tax for connecting consumers to developers' wares. From a report: Netflix and video game makers Epic Games and Valve are among companies that have recently tried to bypass the app stores or complained about the cost of the tolls Apple and Google charge. Grumbling about app store economics isn't new. But the number of complaints, combined with new ways of reaching users, regulatory scrutiny and competitive pressure are threatening to undermine what have become digital goldmines for Apple and Google. "It feels like something bubbling up here," said Ben Schachter, an analyst at Macquarie. "The dollars are just getting so big. They just don't want to be paying Apple and Google billions." Apple and Google launched their app stores in 2008, and they soon grew into powerful marketplaces that matched the creations of millions of independent developers with billions of smartphone users. In exchange, the companies take up to 30 percent of the money consumers pay developers.

Programmers may love hot newer languages like Kotlin and Rust, but according to a Cloud Foundry Foundation (CFF) recent survey of global enterprise developers and IT decision makers, Java and Javascript are the top enterprise languages. ZDNet: That said, the CFF also found [PDF] that, "More and more, businesses are employing a polyglot and a multi-platform strategy to meet their exact needs." The CFF discovered 77 percent of enterprises are using or evaluating Platforms-as-a-Service (PaaS); 72 percent are using or considering containers; and 46 percent are using or thinking about serverless computing. Simultaneously, more than a third (39 percent) are using all three technologies together. For companies this "flexibility of cloud-native practices enables [companies to move] away from a monolithic approach and towards a world of computing that is flexible, portable and interoperable." That means, while Java and JavaScript are only growing ever more popular, the larger the company, the more languages are used. After the Java twins, C++, C#, Python, and PHP are the most popular languages.

The FTC has "failed to convince a federal judge in San Francisco that DirecTV should pay nearly $4 billion in restitution to customers for allegedly misleading consumers about the costs of programming packages," reports the Los Angeles Times. From the report: The judge didn't eliminate all of the FTC's false-advertising claims but made clear that "the scope of the maximum potential recovery in this case has been substantially curtailed." "This case did not involve the type of strong proof the court would expect to see in a case seeking nearly $4 billion in restitution, based on a claim that all of DirecTV's 33 million customers between 2007 and 2015 were necessarily deceived," U.S. District Judge Haywood Gilliam said Thursday.

The ruling follows an August 2017 nonjury trial of the FTC suit, alleging that DirecTV failed to adequately disclose to consumers in 40,000 print, mail, online and TV advertisements that its lower introductory pricing lasted just one year but tied buyers to a two-year contract. The FTC also alleged the subscription television service failed to alert customers that its offer for 90 days of premium channels required them to cancel the subscription to avoid continuing monthly charges.

It's a day that developers of some of the most high-profile Twitter third-party apps have dreaded, though it's one they've long-known was coming: Twitter is finally shutting off some of the developer tools that popular apps like Tweetbot and Twitterific have heavily relied on. From a report: With the change, many third-party Twitter apps will lose some functionality, like the ability to instantly refresh users' Twitter feeds and send push notifications. It won't make these apps unusable -- in some cases the apps' users may not even immediately notice the changes -- but it's a drastic enough change that developers have mounted a public campaign against the decision.

Now, Twitter is finally weighing in on the changes, after months of publicly declining to comment on the state of third-party Twitter clients. The verdict, unsurprisingly, is complicated. The company is adamant that its goal isn't to single out these developers. The company is retiring these APIs out of necessity, it says, as it's no longer feasible to support them."We are sunsetting very old, legacy software that we don't have an ability to keep supporting for practical reasons," says Ian Caims, group product manager at Twitter. At the same time, though, the company has also made a conscious decision not to create new APIs with the same functionality. Here's how Twitter's senior director of product management Rob Johnson explains the move: "It is now time to make the hard decision to end support for these legacy APIs -- acknowledging that some aspects of these apps would be degraded as a result. Today, we are facing technical and business constraints we can't ignore. The User Streams and Site Streams APIs that serve core functions of many of these clients have been in a 'beta' state for more than 9 years, and are built on a technology stack we no longer support.

An anonymous reader quotes a report from TechCrunch: In an effort to provide more transparency and deliver on a promise to Congress, Google just published an archive of political ads that have run on its platform. Google's new database, which it calls the Ad Library, is searchable through a dedicated launch page. Anyone can search for and filter ads, viewing them by candidate name or advertiser, spend, the dates the ads were live, impressions and type. For anyone looking for the biggest ad budget or the farthest reaching political ad, the ads can be sorted by spend, impressions and recency, as well. Google also provided a report on the data, showing ad spend by U.S. state, by advertiser and by top keywords.

Apple invited a group of app developers to a secret April 2017 meeting in New York's Tribeca district, asking them to move from selling apps at low prices to renting app access through subscriptions, Business Insider reports. From a story: This change is intended to keep users paying for apps "on a regular basis, putting money into developer coffers on a regular schedule," the report claims.

An anonymous reader quotes a report from Bloomberg: Oracle is named in a lawsuit alleging the company's executives lied to shareholders when they explained why cloud sales were growing. The investor leading the case, the City of Sunrise Firefighters' Pension Fund, claimed Oracle engaged in coercion and threats to sell its cloud-computing products, creating an unsustainable model that fell apart, according to the suit seeking class-action status and filed Friday in San Jose, California. The Florida-based firefighter pension fund and other investors lost money when Oracle's stock plummeted in March after reporting a disappointing earnings report and outlook, according to the lawsuit.

The suit claimed that Oracle's executives lied in forward-looking statements, which are never guaranteed, during earnings calls and at investor conferences in 2017 when they said customers were rapidly adopting their cloud-based products and cloud sales would accelerate. The firefighter pension, which manages about $143 million for 235 participants, alleged that Oracle used software license audits and weakened existing maintenance programs to compel customers to buy the cloud products.

Tesla CEO Elon Musk announced he would share the source code for Tesla's car security software with other manufacturers, adding that it would be "extremely important" to ensure the safety of future self-driving cars. Engadget reports: Musk didn't provide a timeline for availability, and you might not want to get your hopes up when it took years for Tesla just to post any source code. And this isn't strictly a selfless gesture. If rival brands adopt Tesla's approach, it could set an unofficial standard for connected car security that would look good from a marketing standpoint. The code could provide a boost to connected car security if and when it arrives. There are few common frameworks (technical or legal) for safeguarding networked vehicles, and security might not always be a top priority. This could give companies a baseline level of security that would save brands the trouble of developing an effective defense from scratch.

At the DefCon hacking conference on Friday, Rachel Greenstadt, an associate professor of computer science at Drexel University, and Aylin Caliskan, Greenstadt's former PhD student and now an assistant professor at George Washington University, presented a number of studies they've conducted using machine learning techniques to de-anonymize the authors of code samples. "Their work could be useful in a plagiarism dispute, for instance, but it could also have privacy implications, especially for the thousands of developers who contribute open source code to the world," reports Wired. From the report: First, the algorithm they designed identifies all the features found in a selection of code samples. That's a lot of different characteristics. Think of every aspect that exists in natural language: There's the words you choose, which way you put them together, sentence length, and so on. Greenstadt and Caliskan then narrowed the features to only include the ones that actually distinguish developers from each other, trimming the list from hundreds of thousands to around 50 or so. The researchers don't rely on low-level features, like how code was formatted. Instead, they create "abstract syntax trees," which reflect code's underlying structure, rather than its arbitrary components. Their technique is akin to prioritizing someone's sentence structure, instead of whether they indent each line in a paragraph.

The method also requires examples of someone's work to teach an algorithm to know when it spots another one of their code samples. If a random GitHub account pops up and publishes a code fragment, Greenstadt and Caliskan wouldn't necessarily be able to identify the person behind it, because they only have one sample to work with. (They could possibly tell that it was a developer they hadn't seen before.) Greenstadt and Caliskan, however, don't need your life's work to attribute code to you. It only takes a few short samples.

An anonymous reader quotes InsideHPC: Today Julia Computing announced the Julia 1.0 programming language release, "the most important Julia milestone since Julia was introduced in February 2012." As the first complete, reliable, stable and forward-compatible Julia release, version 1.0 is the fastest, simplest and most productive open-source programming language for scientific, numeric and mathematical computing. "With today's Julia 1.0 release, Julia now provides the language stability that commercial customers require together with the unique combination of lightning speed and high productivity that gives Julia its competitive advantage compared with Python, R, C++ and Java."
The Register reports: Created by Jeff Bezanson, Stefan Karpinski, Viral Shah, and Alan Edelman, the language was designed to excel at data science, machine learning, and scientific computing.... Six years ago, Julia's creators framed their goals thus:

"We want a language that's open source, with a liberal license. We want the speed of C with the dynamism of Ruby. We want a language that's homoiconic, with true macros like Lisp, but with obvious, familiar mathematical notation like Matlab. We want something as usable for general programming as Python, as easy for statistics as R, as natural for string processing as Perl, as powerful for linear algebra as Matlab, as good at gluing programs together as the shell. Something that is dirt simple to learn, yet keeps the most serious hackers happy. We want it interactive and we want it compiled...."

In a julialang.org post announcing the milestone, the minders of the language claim to have achieved some of their goals.

swm writes: The Baltimore police department is still using an antiquated (1996) case-management system based on Lotus notes. A recent technology assessment found "millions of records and roughly 150 databases built into the system, each designed to address different unit and personnel needs," reports Baltimore Sun. The report found that the "siloed nature of the Lotus Notes databases made it difficult for officers to match, verify or search for information. [...] Various systems may also contain 'conflicting information' about the same case, or may not reflect the most complete information."

"At the same time, detectives continue compiling and using paper case folders," the report stated. "Depending on the unit and the detective, the appropriate Lotus Notes database and/or hard copy case folder system may or may not be up-to-date, and the systems may or may not match." The consultant who is paid to maintain the system says that it is "working wonderfully for the police." Despite these concerns that the assessment addressed, Baltimore's spending panel agreed to pay $176,800 to the consultant to help maintain the outdated system. The police department's chief spokesperson said in a statement Thursday that the agency will be moving away from Lotus Notes in the future. "However, until such time, we must manage and maintain the product that we currently use which is Lotus Notes," he said.

New submitter georgecarlyle76 writes: Amazon AI researchers have publicly released a dataset of almost 400,000 transliterated names, to aid the development of natural-language-understanding systems that can search across databases that use different scripts. They describe the dataset's creation in a paper [PDF] they're presenting at COLING, together with experiments using the dataset to train different types of machine learning models.

Oracle has filed an official complaint with the U.S. government over plans to award the Pentagon's lucrative cloud contract to a single vendor. Rebecca Hill writes via The Register: The Joint Enterprise Defense Infrastructure (JEDI) contract, which has a massive scope, covering different levels of secrecy and classification across all branches of the military, will run for a maximum of 10 years and is worth a potential $10 billion. In spite of this pressure from vendors and the tech lobby -- as well as concerns from Congress -- the US Department of Defense (DoD) refused to budge, and launched a request for proposals (RFP) at the end of last month. Oracle is less than impressed with the Pentagon's failure to back down, and this week filed a bid protest to congressional watchdog the Government Accountability Office asking for the RFP to be amended.

In the protest, the database goliath sets out its arguments against a single vendor award -- broadly that it could damage innovation, competition, and security. Reading between the lines, it doesn't want either of Amazon or Microsoft or Google to get the whole pie to itself, and thus endanger Oracle's cosiness with Uncle Sam. Summing up its position in a statement to The Register, Oracle said that JEDI "virtually assures DoD will be locked into legacy cloud for a decade or more" at a time when cloud technology is changing at an unprecedented pace.

tacarat shares a report from The Next Web with the caption, "Oops": A GitHub with the handle i5xx, believed to be from the village of Tando Bago in Pakistan's southeastern Sindh province, created a GitHub repository called Source-Snapchat. At the time of writing, the repo has been removed by GitHub following a DMCA request from Snap Inc, so we can't take a closer look and see what it contains. That said, there are a few clues to its contents. The repository has a description of "Source Code for SnapChat," and is written in Apple's Objective-C programming language. This strongly suggests that the repo contained part or whole of the company's iOS application, although there's no way we can know for certain. It could just as easily be a minor component to the service, or a separate project from the company.

The most fascinating part of this saga is that the leak doesn't appear to be malicious, but rather comes from a researcher who found something, but wasn't able to communicate his findings to the company. According to several posts on a Twitter account believed to belong to i5xx, the researcher tried to contact SnapChat, but was unsuccessful. "The problem we tried to communicate with you but did not succeed In that we decided [sic] Deploy source code," wrote i5xx. The account also threatened to re-upload the source code. "I will post it again until you reply :)," he said. A Snap spokesperson said in a statement: "An iOS update in May exposed a small amount of our source code and we were able to identify the mistake and rectify it immediately. We discovered that some of this code had been posted online and it has been subsequently removed. This did not compromise our application and had no impact on our community."

According to Motherboard, some researchers appear to be trading the data privately.

A large majority of organizations are struggling to implement security into their DevOps processes, despite saying they want to do so, according to a new report. From a report: The study commissioned by application security specialist Checkmarx looks at the biggest barriers to securing software today depending on where organizations sit on the DevOps maturity curve. The report finds 96 percent of respondents believe it is 'desirable' or 'highly desirable' for developers to be properly trained on how to produce secure code.

As developers take responsibility for the security of their software, respondents believe it is more important to educate developers and empower them than it is to educate other stakeholders in the organization like ops specialists and security specialists. However, 41 percent agree that defining clear ownership and responsibility in relation to software security remains a big challenge, and just 11 percent say they have adequately addressed the need for developer education. Software security is a boardroom issue according to 57 percent of respondents, it's a matter of business risk.

It sounds like a joke, but the idea actually makes sense: More bugs, not less, could theoretically make a system safer. From a report: Carefully scatter non-exploitable decoy bugs in software, and attackers will waste time and resources on trying to exploit them. The hope is that attackers will get bored, overwhelmed, or run out of time and patience before finding an actual vulnerability. Computer science researchers at NYU suggested this strategy in a study published August 2, and call these fake-vulnerabilities "chaff bugs." Brendan Dolan-Gavitt, assistant professor at NYU Tandon and one of the researcher on this study, told me in an email that they've been working on techniques to automatically put bugs into programs for the past few years as a way to test and evaluate different bug-finding systems. Once they had a way to fill a program with bugs, they started to wonder what else they could do with it. "I also have a lot of friends who write exploits for a living, so I know how much work there is in between finding a bug and coming up with a reliable exploit -- and it occurred to me that this was something we might be able to take advantage of," he said. "People who can write exploits are rare, and their time is expensive, so if you can figure out how to waste it you can potentially have a great deterrent effect." Brendan has previously suggested that adding bugs to experimental software code could help with ultimately winding up with programs that have fewer vulnerabilities.

A new article in CIO magazine argues that when it comes to computer science, "few of us really need much of any of it." Slashdot reader itwbennett offers this summary: At the heart of the matter is the fact that most businesses don't really need programmers to be deep thinkers. For them, it's "just as worthwhile to hire someone from a physics lab who just used Python to massage some data streams from an instrument. They can learn the shallow details just as readily as the CS genius," according to the article.
CIO's anonymous author promises an incomplete list of "why we may be better off ignoring CS majors." Some of the highlights:

• Theory distracts and confuses. "Many computer scientists are mathematicians at heart and the theorem-obsessed mindset permeates the discipline."

• Academic languages are rarely used. "...the academy breeds snobbery and a love for arcane solutions."

• Many CS professors are mathematicians, not programmers. "One of the dirty secrets about most computer science departments is that most of the professors can't program computers. Their real job is giving lectures and wrangling grants...."

• Many required subjects are rarely used. "...it's too bad few of us use many data structures any more."

• Institutions breed arrogance. "...the very nature of academic degrees are designed to give graduates the ability to argue one's superiority with authority. "

• Many modern skills are ignored. "If you want to understand Node.js, React, game design or cloud computation, you'll find very little of it in the average curriculum... It's very common for computer science departments to produce deep thinkers who understand some of the fundamental challenges without any shallow knowledge of the details that dominate the average employee's day."

"It's not that CS degrees are bad," the article concludes. "It's just that they're not going to speak to the problems that most of us need to solve."

"Ever wondered why pages seem to load slower and slower? Or why it is that browsing seems to take just as long to load a page, even though your broadband connection doubled in speed a couple of months ago?" gb7djk, a long-time Slashdot reader, blames "the bullshit web" -- as described in this essay by Calgary-based front-end developer Nick Heer (who does his testing on a 50 Mbps connection). A story at the Hill took over nine seconds to load; at Politico, seventeen seconds; at CNN, over thirty seconds. This is the bullshit web... When I use the word "bullshit" in this article, it isn't in a profane sense. It is much closer to Harry Frankfurt's definition in On Bullshit: "It is just this lack of connection to a concern with truth -- this indifference to how things really are -- that I regard as of the essence of bullshit...." The average internet connection in the United States is about six times as fast as it was just ten years ago, but instead of making it faster to browse the same types of websites, we're simply occupying that extra bandwidth with more stuff. Some of this stuff is amazing.... But a lot of the stuff we're seeing is a pile-up of garbage on seemingly every major website that does nothing to make visitors happier -- if anything, much of this stuff is deeply irritating and morally indefensible.

Take that CNN article, for example. Here's what it contained when I loaded it:

- Eleven web fonts, totalling 414 KB
- Four stylesheets, totalling 315 KB
- Twenty frames
- Twenty-nine XML HTTP requests, totalling about 500 KB
- Approximately one hundred scripts, totalling several megabytes -- though it's hard to pin down the number and actual size because some of the scripts are "beacons" that load after the page is technically finished downloading.

The vast majority of these resources are not directly related to the information on the page, and I'm including advertising... In addition, pretty much any CNN article page includes an autoplaying video... Also, have you noticed just how many websites desperately want you to sign up for their newsletter?
The essay also deals harshly with AMP, "a collection of standard HTML elements and AMP-specific elements on a special ostensibly-lightweight page that needs an 80 kilobyte JavaScript file to load correctly....required by the AMP spec to be hotlinked from cdn.amp-project.org, which is a Google-owned domain. That makes an AMP website dependent on Google to display its basic markup, which is super weird for a platform as open as the web."

It argues AMP is only speedier "because AMP restricts the kinds of elements that can be used on a page and severely limits the scripts that can be used," calling it a pseudo-solution. "Better choices should be made by web developers to not ship this bullshit in the first place.... An honest web is one in which the overwhelming majority of the code and assets downloaded to a user's computer are used in a page's visual presentation, with nearly all the remainder used to define the semantic structure and associated metadata on the page."

Microsoft released version 3.0 of TypeScript, which Microsoft describes as an "extension" of JavaScript "that aims to bring static types to modern JavaScript." Quoting Microsoft's Developer Tools blog: The TypeScript compiler reads in TypeScript code, which has things like type declarations and type annotations, and emits clean readable JavaScript with those constructs transformed and removed. That code runs in any ECMAScript runtime like your favorite browsers and Node.js. At its core, this experience means analyzing your code to catch things like bugs and typos before your users run into them; but it brings more than that. Thanks to all that information and analysis TypeScript can provide a better authoring experience, providing code completion and navigation features like Find all References, Go to Definition, and Rename in your favorite editor.
Neowin reports: With any major version release, it is not unexpected for breaking changes to be introduced and that's certainly the case for TypeScript 3.0. One obvious change is that with "unknown" becoming a new type, it is now a reserved type name and can no longer be used in type declarations. Otherwise, there's a range of API breaking changes due to a number of functions and internal methods being deprecated or being made internal.
On the plus side, TypeScript 3.0 reportedly has improved error messages, along with project references that let TypeScript projects have dependencies on other TypeScript projects.

Jonathan Edwards has been programming since 1969 (starting on a PDP-11/20). "Programming today," he writes, "is exactly what you'd expect to get by paying an isolated subculture of nerdy young men to entertain themselves for fifty years. You get a cross between Dungeons & Dragons and Rubik's Cube, elaborated a thousand-fold."

theodp summarizes the rest: To be a 'full stack' developer, Edwards laments, one must master the content of something like a hundred thousand pages of documentation. "Isn't the solution to design technology that doesn't require a PhD...?" he asks. "What of the #CSForAll movement? I have mixed feelings. The name itself betrays confusion -- what we really want is #ProgrammingForAll. Computer science is not a prerequisite for most programming, and may in fact be more of a barrier to many. The confusion of computer science with programming is actually part of the problem, which seems invisible to this movement."

It wasn't always this way, Edwards notes, citing spreadsheets, HyperCard, and the many incarnations of Basic as examples of how programming technology can be vastly easier and more accessible. "Unfortunately application programming got trampled in the internet gold rush," Edwards explains. "Suddenly all that mattered was building large-scale systems as fast as possible, and money was no object, so the focus shifted to 'rock star' programmers and the sophisticated high-powered tools they preferred. As a result the internet age has seen an exponential increase in the complexity of programming, as well as its exclusivity."
"It is long past time to return to designing tools not just for rock stars at Google but the vast majority of programmers and laypeople with simple small-scale problems," the essay concludes, arguing we need new institutions to fund changes in both the technology and culture of programming.

"We've done it before so we can do it again, even better this time."