dryriver writes: If you are a user of a popular professional desktop software program, it is not uncommon for that program to get anywhere from 5 to 20 major or minor new features and functions about once a year to stay desirable and competitive. But it seems that hugely popular internet-based sites and services like Instagram, Facebook, YouTube, Google Search, Gmail, Outlook, WhatsApp, Telegram and others get major new features/changes much, much slower than desktop software. Quite often you'll come across a barrage of breathless news articles that say "Popular Internet Service X will add Y feature starting from April 1st." It is often one single and very obvious feature or functionality being added that people have wanted for years, not a cluster of 5 or 10 funky new functions at the same time.

Why is this the case? How is it that desktop software with just a few hundred thousand users and no more than a few dozen coders working can add 5 to 20 major new functions in just one year, and do this year after year, but a major internet-based service with tens or hundreds of millions of users and presumably hundreds or thousands of techies working behind the curtain keeps everyone waiting three years or longer to build a much requested feature into the system, and then only rolls out that one desired feature to great fanfare as if it is a huge achievement? Is it really that much harder to code major new features into an internet/cloud service, versus coding major new features into desktop software; or is this a deliberate business model that has become popular?

BrianFagioli writes: People sometimes forget that when the first-ever iPhone launched in 2007, there was no App Store. Believe it or not, Apple's smartphone was limited to the apps with which it came. In fact, Steve Jobs famously didn't want third-party apps on the iPhone at all. Ultimately, the App Store was added in 2008 despite Jobs' initial push against it. This move changed the computer industry forever.

This month, the Apple App Store reaches an impressive milestone -- its 10th Birthday. This day is important for three groups -- Apple (of course), but more importantly, consumers and developers. Apple has made billions of dollars from the App Store, but third party developers have as well -- the company has literally transformed some devs into millionaires. Consumers have benefited from high-quality applications too.

Regardless of your feelings about Apple, the world owes it a collective thank you for its App Store. It inspired other companies, such as Google with Android and Microsoft with Windows 8/10, to adopt the same app concepts. It really did change everything.

An anonymous reader quotes a report from CNET: Drivers in England and Wales now have a direct line to police for ratting on their fellow motorists, thanks to a new national dash cam database. The National Dash Cam Safety Portal, run by UK dashcam manufacturer Nextbase, lets drivers upload footage from their dashcam to a single database and send it directly to police, the BBC reports. Drivers can choose their region of England or Wales and send footage of accidents or illegal behavior on the road directly to local police, as well as sending a witness statement that can then be used in court.

According to The Wall Street Journal, hundreds of app developers have access to millions of inboxes belonging to Gmail users (Warning: source paywalled; alternative source). The developers reportedly receive access to messages from Gmail users who signed up for things like price-comparison services or automated travel-itinerary planners. Some of these companies train software to scan the email, while others enable their workers to pore over private messages. INSIDER reports: It's not news that Google and many top email providers enable outside developers to access users' inboxes. In most cases, the people who signed up for the price-comparison deals or other programs agreed to provide access to their inboxes as part of the opt-in process. In Google's case, outside developers must pass a vetting process, and as part of that, Google ensures they have an acceptable privacy agreement, The Journal reported, citing a Google representative.

What is unclear is how closely these outside developers adhere to their agreements and whether Google does anything to ensure they do, as well as whether Gmail users are fully aware that individual employees may be reading their emails, as opposed to an automated system, the report says. It's interesting to note that, judging from The Journal's story, very little indicates that Google is doing anything different from Microsoft or other top email providers. According to the newspaper, nothing in Microsoft or Yahoo's policy agreements explicitly allows people to read others' emails.

An anonymous reader quotes a report from Ars Technica: A team led by Martin Fussenegger of ETH Zurich in Basel has shown that caffeine can be used as a trigger for synthetic genetic circuitry, which can then in turn do useful things for us -- even correct or treat medical conditions. For a buzz-worthy proof of concept, the team engineered a system to treat type 2 diabetes in mice with sips of coffee, specifically Nespresso Volluto coffee. Essentially, when the animals drink the coffee (or any other caffeinated beverage), a synthetic genetic system in cells implanted in their abdomens switches on. This leads to the production of a hormone that increases insulin production and lowers blood sugar levels -- thus successfully treating their diabetes after a simple morning brew.

The system, published Tuesday in Nature Communications, is just the start, Fussenegger and his colleagues suggest enthusiastically. "We think caffeine is a promising candidate in the quest for the most suitable inducer of gene expression," they write. They note that synthetic biologists like themselves have long been in pursuit of such inducers that can jolt artificial genetics. But earlier options had problems. These included antibiotics that can spur drug-resistance in bacteria and food additives that can have side effects. Caffeine, on the other hand, is non-toxic, cheap to produce, and only present in specific beverages, such as coffee and tea, they write. It's also wildly popular, with more than two billion cups of coffee poured each day worldwide.

An anonymous reader quotes ITWire: Well-known British security researcher Kevin Beaumont says the breach of the British operations of American multinational ticket sales and distribution company Ticketmaster, that has led to the possible leak of tens of thousands of credit card details, was caused by the incorrect placement of a single line of code... Beaumont said Inbenta was providing a chat bot for website developers "by providing a single line of HTML which calls a JavaScript from Inbenta's Web server...."

He pointed out that while Inbenta had provided Ticketmaster a customised JavaScript one-liner, the ticketing company had placed this chatbot code on its payment processing website without informing Inbenta it had done so. "This means that Inbenta's webserver was placed in the middle of all Ticketmaster credit card transactions, with the ability to execute JavaScript code in customer browsers," Beaumont said. This code had been altered by some malicious person back in February and the problems began at that point, he said.
Beaumont warns businesses to be cautious with third-party JavaScript code in sensitive processes. "Check your supply chain. Because attackers are."

And he also highlights how anti-virus tools started flagging the the script months before Ticketmaster announced the breach. "I can see the Javascript file being uploaded to a variety of threat intelligence tools from April through just before the breach announcement, so clearly somebody was looking into it."

Troy Hunt, web security expert and creator of the website Have I Been Pwned (HIBP), wrote a blog post announcing his partnerships with Firefox and 1Password. For those unfamiliar with the site, Have I Been Pwned allows you to search across multiple data breaches to see if your email address has been compromised. The service is especially handy now that data breaches are becoming a daily occurrence. Hunt writes: Last November, there was much press about Mozilla integrating HIBP into Firefox. I was a bit surprised at the time as it was nothing more than their Breach Alerts feature which simply highlighted if the site being visited had previously been in a data breach (it draws this from the freely accessible breach API on HIBP). But the press picked up on some signals which indicated that in the long term, we had bigger plans than that and the whole thing got a heap of very positive attention. I ended up fielding a heap of media calls just on that one little feature - people loved the idea of HIBP in Firefox, even in a very simple form. As it turns out, we had much bigger plans and that's what I'm sharing here today. Over the coming weeks, Mozilla will begin trialling integration between HIBP and Firefox to make breach data searchable via a new tool called "Firefox Monitor." Here's what Hunt has to say about 1Password: As of now, you can search HIBP from directly within 1Password via the Watchtower feature in the web version of the product. This helps Watchtower become "mission control" for accounts and introduces the "Breach Report" feature. If you're a 1Password user you can use this feature right now, just head on over to the 1Password login page.

A reminder for commenters: non-commercial use of Java remains free. An anonymous reader quotes InfoWorld: Oracle has revamped its commercial support program for Java SE (Standard Edition), opting for a subscription model instead of one that has had businesses paying for a one-time perpetual license plus an annual support fee... It is required for Java SE 8, and includes support for Java SE 7. (As of January 2019, Oracle will require a subscription for businesses to continue getting updates to Java SE 8.)

The price is $25 per month per processor for servers and cloud instances, with volume discounts available. For PCs, the price starts at $2.50 per month per user, again with volume discounts. One-, two-, and three-year subscriptions are available... The previous pricing for the Java SE Advanced program cost $5,000 for a license for each server processor plus a $1,100 annual support fee per server processor, as well as $110 one-time license fee per named user and a $22 annual support fee per named user (each processor has a ten-user minimum)...

If users do not renew a subscription, they lose rights to any commercial software downloaded during the subscription. Access to Oracle Premier Support also ends. Oracle recommends that those choosing not to renew transition to OpenJDK binaries from the company, offered under the GPL, before their subscription ends. Doing so will let users keep running applications uninterrupted.
Oracle's senior director of product management stresses that the company is "working to make the Oracle JDK and OpenJDK builds from Oracle interchangeable -- targeting developers and organisations that do not want commercial support or enterprise management tools."

Valve's "Knuckles" controllers for VR, first introduced in 2016, are getting upgraded. According to Engadget, Valve is "sending game makers another version, the EV2, that has revamped buttons, straps and a slew of sensors that essentially translate finger motion and pressure to let you touch, grab and squeeze objects inside games." From the report: Some of the EV2's changes are evident: The old Steam Controller-style touchpad that dominated the controller's top has been shrunken to an oval 'track button' that measures touch and force. That's flanked by traditional inputs: A joystick (by developer demand, Valve noted in a blog post) and standard circular buttons. The strap is adjustable for different hand sizes and pulls tight to let players let go of the controller completely without dropping it -- which could be key for the pressure inputs.

While last year's model had touch inputs tracking each finger in the 'grip' area, the EV2 introduces pressure sensors that measure how much force the wielder is using. Obviously, this has implications for VR developers who want players to grip or squeeze objects in the world, but as Valve's blog post points out, combining those with the touch sensors tells games when players let go of the grips -- like, say, when they're throwing things in-game. Lastly, the battery life has been extended to last six hours.

owenferguson shares a report from Obscene Works: Medium.com and GitHub have today quashed the release of a set of data comprising of all the ICE employees who openly list themselves on LinkedIn.com. All the data released was gathered from publicly listed LinkedIn profiles. The data was assembled by Sam Lavigne of http://lav.io/ and was published as a repository on GitHub, and announced via an article on Medium.com.

An anonymous reader writes: Linux 4.18 development is going strong with recent 4.18-rc1 release. This kernel cycle has dropped 107,210 lines of code so far but Linux 4.18 is adding many new features. The kernel is coming in lighter as a result of the LustreFS code being removed and other code cleanups. On the feature front, Phoronix reports, "ew AMDGPU support improvements, mainlining of the V3D DRM driver, initial open-source work on NVIDIA Volta GV100 hardware, merging of the Valve Steam Controller kernel driver, merging of the BPFILTER framework, ARM Spectre mitigation work, Speck file-system encryption support, removal of the Lustre file-system, the exciting restartable sequences system call was merged, the new DM writecache target, and much more."

An anonymous reader writes: "Several gaming companies have announced plans to remove support for an analytics app they have bundled with their games," reports Bleeping Computer. "The decision to remove the app came after several Reddit and Steam users noticed that many game publishers have recently embedded a controversial analytics SDK (software development kit) part of recent updates to their games. The program bundled with all these games, and at the heart of all the recent controversy, is RedShell, an analytics package provided by Innervate, Inc., to game publishers."

The app is intended to collect information about the source of new game installs, and details about the gamer. Following a massive user outcry in the past two weeks, several game makers have given in to pressure and are removing this SDK. Game makers and games who announced they were removing RedShell include Bethesda (Elder Scrolls), All Total War games, Warhammer games, Magic the Gathering Arena, and more. [This Google Docs spreadsheet and Reddit thread have a list of games containing RedShell.]

Long-time Slashdot reader theodp writes: In her Bard College commencement speech, ex-Google VP and former U.S. CTO Megan Smith revealed to graduates that she gave President Obama a computing history lesson on the same day he learned to code in 2014. "I walked into the Oval Office to do coding with President Obama, and, interestingly, Prince William had just stepped out," Smith explained (YouTube). "They had just had a meeting. I said to President Obama, you know what you and I are about to do is related to Prince William, and he said, how's that. Well, the Prince's wife Kate, her mother and grandmother were codebreakers at Bletchley Park, where they cracked the Nazi Enigma codes...." [Presumably Smith meant to say Kate's great-aunt, not mother — Carole Middleton wasn't born until 1955.]

To be fair to the President, Smith once confessed to not knowing much about computing history herself, explaining in a 2012 Official Google Blog post that she and other visiting tech luminaries were embarrassingly clueless about who Ada Lovelace was in a 2011 visit to England. "Last year, a group of us were lucky enough to visit the U.K. Prime Minister's residence at 10 Downing Street, as part of the Silicon Valley Comes to the U.K. initiative," Smith wrote. "While there, we asked about some of the paintings on the wall. When we got to a large portrait of a regally dressed woman, our host said 'and of course, that's Lady Lovelace'... You can imagine our surprise when we learned she was considered by some to be the world's first computer programmer -- having published the first algorithm intended for use on Charles Babbage's Analytical Engine." One imagines Smith might also have been surprised to learn that many programmers older than Smith were already very aware of Lady Ada at that time thanks to the Department of Defense, who tried in vain to make Ada a household name for decades, but had little success popularizing the Ada programming language, which was named after Augusta Ada King, Countess of Lovelace.

Open source guru Eric Raymond warned about the possibility of security bugs in critical code which can now date back more than two decades -- in a talk titled "Rescuing Ancient Code" at last week's SouthEast Linux Fest in North Carolina. In a new interview with ITPro Today, Raymond offered this advice on the increasingly important art of "code archaeology". "Apply code validators as much as you can," he said. "Static analysis, dynamic analysis, if you're working in Python use Pylons, because every bug you find with those tools is a bug that you're not going to have to bleed through your own eyeballs to find... It's a good thing when you have a legacy code base to occasionally unleash somebody on it with a decent sense of architecture and say, 'Here's some money and some time; refactor it until it's clean.' Looks like a waste of money until you run into major systemic problems later because the code base got too crufty. You want to head that off...."

"Documentation is important," he added, "applying all the validators you can is important, paying attention to architecture, paying attention to what's clean is important, because dirty code attracts defects. Code that's difficult to read, difficult to understand, that's where the bugs are going to come out of apparent nowhere and mug you."

For a final word of advice, Raymond suggested that it might be time to consider moving away from some legacy programming languages as well. "I've been a C programmer for 35 years and have written C++, though I don't like it very much," he said. "One of the things I think is happening right now is the dominance of that pair of languages is coming to an end. It's time to start looking beyond those languages for systems programming. The reason is we've reached a project scale, we've reached a typical volume of code, at which the defect rates from the kind of manual memory management that you have to do in those languages are simply unacceptable anymore... think it's time for working programmers and project managers to start thinking about, how about if we not do this in C and not incur those crazy downstream error rates."
Raymond says he prefers Go for his alternative to C, complaining that Rust has a high entry barrier, partly because "the Rust people have not gotten their act together about a standard library."

"A Microsoft employee claimed publicly that 'all of Office 365' was being 'completely rewritten' in JavaScript," writes Paul Thurrott, adding "And then all hell broke loose." First things first. It's not true. So if you were freaking out that Microsoft was somehow abandoning C# and C++ for its most mission-critical offerings, freak out no more. It's not happening. So what is happening? A Microsoft program manager named Sean Larkin perhaps got a little overly-exuberant on Monday... he tried to clarify things in follow-up tweets when his original missive exploded intro controversy. Which shouldn't have been a surprise. And yet, somehow, it was...

[H]e finally corrected himself on Reddit, blaming Twitter's character limitations for his many factual errors. "We are not abandoning C++, C#, or any of the other awesome languages, APIs, and toolings that we use across Microsoft," he clarifies. "Nothing [in Office 365] is converting to 'all/completely' JavaScript/TypeScript."
Thurrott, a long-time Windows blogger, concludes that "getting something this big this wrong is inexcusable."

An anonymous reader shares a report: Although many businesses have begun moving to DevOps-style processes, eight out of 10 respondents to a new survey say they still have separate teams for managing infrastructure/operations and development. The study by managed cloud specialist 2nd Watch of more than 1,000 IT professionals indicates that a majority of companies have yet to fully commit to the DevOps process. 78 percent of respondents say that separate teams are still managing infrastructure/operations and application development. Some organizations surveyed are using infrastructure-as-code tools, automation or even CI/CD pipelines, but those techniques alone do not define DevOps.

Apple has updated its App Store guidelines to close a loophole that let app makers store and share data without many people's consent. The practice has "been employed for years," reports Bloomberg. "Developers ask users for access to their phone contacts, then use it for marketing and sometimes share or sell the information -- without permission from the other people listed on those digital address books." From the report: As Apple's annual developer conference got underway on June 4, the Cupertino, California-based company made many new pronouncements on stage, including new controls that limit tracking of web browsing. But the phone maker didn't publicly mention updated App Store Review Guidelines that now bar developers from making databases of address book information they gather from iPhone users. Sharing and selling that database with third parties is also now forbidden. And an app can't get a user's contact list, say it's being used for one thing, and then use it for something else -- unless the developer gets consent again. Anyone caught breaking the rules may be banned.

While Apple is acting now, the company can't go back and retrieve the data that may have been shared so far. After giving permission to a developer, an iPhone user can go into their settings and turn off apps' contacts permissions. That turns off the data faucet, but doesn't return information already gathered.

Programming languages such as Lua, Objective-C, Erlang, and Ruby (on Rails) offer distinct features, but they are also riddled with certain well-documented drawbacks. However, writes respected critic Dominik Wagner, their origination and continued existence serves a purpose. In 2014, Apple introduced Swift programming language. It has been four years, but Wagner and many developers who have shared the blog post over the weekend, wonder what exactly is Swift trying to solve as they capture the struggle at least a portion of developers who are writing in Swift face today. Writes Wagner: Swift just wanted to be better, more modern, the future -- the one language to rule them all. A first red flag for anyone who ever tried to do a 2.0 rewrite of anything.

On top of that it chose to be opinionated about features of Objective-C, that many long time developers consider virtues, not problems: Adding compile time static dispatch, and making dynamic dispatch and message passing a second class citizen and introspection a non-feature. Define the convenience and elegance of nil-message passing only as a source of problems. Classify the implicit optionality of objects purely as a source of bugs. [...] It keeps defering the big wins to the future while it only offered a very labour intensive upgrade path. Without a steady revenue stream, many apps that would have just compiled fine if done in Objective-C, either can't take advantage of new features of the devices easily, or had to be taken out of the App Store alltogether, because upgrading would be to costly. If you are working in the indie dev-scene, you probably know one of those stories as well. And while this is supposed to be over now, this damage has been done and is real.

On top of all of this, there is that great tension with the existing Apple framework ecosystem. While Apple did a great job on exposing Cocoa/Foundation as graspable into Swift as they could, there is still great tension in the way Swift wants to see the world, and the design paradigms that created the existing frameworks. That tension is not resolved yet, and since it is a design conflict, essentially can't be resolved. Just mitigated. From old foundational design patterns of Cocoa, like delegation, data sources, flat class hierarchies, over to the way the collection classes work, and how forgiving the API in general should be. If you work in that world you are constantly torn between doing things the Swift/standard-library way, or the Cocoa way and bridging in-between. To make matters worse there are a lot of concepts that don't even have a good equivalent. This, for me at least, generates an almost unbearable mental load.

An anonymous reader quotes InfoQ: Ron Jeffries, author, speaker, one of the creators of Extreme Programming (XP), and a signatory of the Agile Manifesto back in 2001, shared a post on his blog in which he advocates that developers should abandon "Agile". The post further elaborated that developers should stay away from the "Faux Agile" or "Dark Agile" forms, and instead get closer to the values and principles of the Manifesto. The terms "Faux Agile" and "Dark Agile" are used by the author to give emphasis to the variety of the so-called "Agile" approaches that have contributed, according to him, to make the life of the developers worse rather than better, which is the antithesis of one of the initial ideas of the Agile Manifesto...
Jeffries writes that "When 'Agile' ideas are applied poorly, they often lead to more interference with developers, less time to do the work, higher pressure, and demands to 'go faster'. This is bad for the developers, and, ultimately, bad for the enterprise as well, because doing 'Agile' poorly will result, more often than not, in far more defects and much slower progress than could be attained. Often, good developers leave such organizations, resulting in a less effective enterprise than prior to installing 'Agile'...

"it breaks my heart to see the ideas we wrote about in the Agile Manifesto used to make developers' lives worse, instead of better. It also saddens me that the enterprise isn't getting what it could out of the deal, but my main concern is for the people doing the work..." He argues developers should instead just focus on Agile's good general software development practices -- like regularly producing fully-tested software and consciously avoiding "crufty" complex designs.

But what do Slashdot's readers think? Should developers abandon Agile?

An anonymous reader quotes SD Times Java remains the most popular primary programming language, but JavaScript is the most used programming language overall. That is according to a recently released report from JetBrains on the State of the Developer Ecosystem in 2018. The report surveyed more than 6,000 developers from 17 countries to reveal the trends driving the world of coding this year... According to the report, Java, JavaScript and Python are the top three programming languages this year, and Go is the most promising language. Twenty percent of developers use multiple versions of Go at the same time, and 26 percent set up their GOPATH per project. The top Go frameworks include Gin, Beego, Echo and Buffalo.

While 38 percent of developers have no plans to adopt any new languages this year, the top languages respondents have started to learn in the last year include Python, JavaScript, Java, Go, TypeScript and Kotlin... Eighty-two percent of respondents use IDEs while 69 percent use editors. Of those using IDEs and editors, only 12 percent cited that they don't customize their IDE/editors. In addition, 77 percent use the dark theme for their editor or IDE... Some fun facts about developers include 77 percent listen to music while they are coding; the top music to listen to includes electronic, pop and rock; 53 percent sleep seven to eight hours a night; 85 percent code on the weekends; and 57 percent prefer coffee over tea.