An anonymous reader writes: Linux 4.18 development is going strong with recent 4.18-rc1 release. This kernel cycle has dropped 107,210 lines of code so far but Linux 4.18 is adding many new features. The kernel is coming in lighter as a result of the LustreFS code being removed and other code cleanups. On the feature front, Phoronix reports, "ew AMDGPU support improvements, mainlining of the V3D DRM driver, initial open-source work on NVIDIA Volta GV100 hardware, merging of the Valve Steam Controller kernel driver, merging of the BPFILTER framework, ARM Spectre mitigation work, Speck file-system encryption support, removal of the Lustre file-system, the exciting restartable sequences system call was merged, the new DM writecache target, and much more."

An anonymous reader writes: "Several gaming companies have announced plans to remove support for an analytics app they have bundled with their games," reports Bleeping Computer. "The decision to remove the app came after several Reddit and Steam users noticed that many game publishers have recently embedded a controversial analytics SDK (software development kit) part of recent updates to their games. The program bundled with all these games, and at the heart of all the recent controversy, is RedShell, an analytics package provided by Innervate, Inc., to game publishers."

The app is intended to collect information about the source of new game installs, and details about the gamer. Following a massive user outcry in the past two weeks, several game makers have given in to pressure and are removing this SDK. Game makers and games who announced they were removing RedShell include Bethesda (Elder Scrolls), All Total War games, Warhammer games, Magic the Gathering Arena, and more. [This Google Docs spreadsheet and Reddit thread have a list of games containing RedShell.]

Long-time Slashdot reader theodp writes: In her Bard College commencement speech, ex-Google VP and former U.S. CTO Megan Smith revealed to graduates that she gave President Obama a computing history lesson on the same day he learned to code in 2014. "I walked into the Oval Office to do coding with President Obama, and, interestingly, Prince William had just stepped out," Smith explained (YouTube). "They had just had a meeting. I said to President Obama, you know what you and I are about to do is related to Prince William, and he said, how's that. Well, the Prince's wife Kate, her mother and grandmother were codebreakers at Bletchley Park, where they cracked the Nazi Enigma codes...." [Presumably Smith meant to say Kate's great-aunt, not mother — Carole Middleton wasn't born until 1955.]

To be fair to the President, Smith once confessed to not knowing much about computing history herself, explaining in a 2012 Official Google Blog post that she and other visiting tech luminaries were embarrassingly clueless about who Ada Lovelace was in a 2011 visit to England. "Last year, a group of us were lucky enough to visit the U.K. Prime Minister's residence at 10 Downing Street, as part of the Silicon Valley Comes to the U.K. initiative," Smith wrote. "While there, we asked about some of the paintings on the wall. When we got to a large portrait of a regally dressed woman, our host said 'and of course, that's Lady Lovelace'... You can imagine our surprise when we learned she was considered by some to be the world's first computer programmer -- having published the first algorithm intended for use on Charles Babbage's Analytical Engine." One imagines Smith might also have been surprised to learn that many programmers older than Smith were already very aware of Lady Ada at that time thanks to the Department of Defense, who tried in vain to make Ada a household name for decades, but had little success popularizing the Ada programming language, which was named after Augusta Ada King, Countess of Lovelace.

Open source guru Eric Raymond warned about the possibility of security bugs in critical code which can now date back more than two decades -- in a talk titled "Rescuing Ancient Code" at last week's SouthEast Linux Fest in North Carolina. In a new interview with ITPro Today, Raymond offered this advice on the increasingly important art of "code archaeology". "Apply code validators as much as you can," he said. "Static analysis, dynamic analysis, if you're working in Python use Pylons, because every bug you find with those tools is a bug that you're not going to have to bleed through your own eyeballs to find... It's a good thing when you have a legacy code base to occasionally unleash somebody on it with a decent sense of architecture and say, 'Here's some money and some time; refactor it until it's clean.' Looks like a waste of money until you run into major systemic problems later because the code base got too crufty. You want to head that off...."

"Documentation is important," he added, "applying all the validators you can is important, paying attention to architecture, paying attention to what's clean is important, because dirty code attracts defects. Code that's difficult to read, difficult to understand, that's where the bugs are going to come out of apparent nowhere and mug you."

For a final word of advice, Raymond suggested that it might be time to consider moving away from some legacy programming languages as well. "I've been a C programmer for 35 years and have written C++, though I don't like it very much," he said. "One of the things I think is happening right now is the dominance of that pair of languages is coming to an end. It's time to start looking beyond those languages for systems programming. The reason is we've reached a project scale, we've reached a typical volume of code, at which the defect rates from the kind of manual memory management that you have to do in those languages are simply unacceptable anymore... think it's time for working programmers and project managers to start thinking about, how about if we not do this in C and not incur those crazy downstream error rates."
Raymond says he prefers Go for his alternative to C, complaining that Rust has a high entry barrier, partly because "the Rust people have not gotten their act together about a standard library."

"A Microsoft employee claimed publicly that 'all of Office 365' was being 'completely rewritten' in JavaScript," writes Paul Thurrott, adding "And then all hell broke loose." First things first. It's not true. So if you were freaking out that Microsoft was somehow abandoning C# and C++ for its most mission-critical offerings, freak out no more. It's not happening. So what is happening? A Microsoft program manager named Sean Larkin perhaps got a little overly-exuberant on Monday... he tried to clarify things in follow-up tweets when his original missive exploded intro controversy. Which shouldn't have been a surprise. And yet, somehow, it was...

[H]e finally corrected himself on Reddit, blaming Twitter's character limitations for his many factual errors. "We are not abandoning C++, C#, or any of the other awesome languages, APIs, and toolings that we use across Microsoft," he clarifies. "Nothing [in Office 365] is converting to 'all/completely' JavaScript/TypeScript."
Thurrott, a long-time Windows blogger, concludes that "getting something this big this wrong is inexcusable."

An anonymous reader shares a report: Although many businesses have begun moving to DevOps-style processes, eight out of 10 respondents to a new survey say they still have separate teams for managing infrastructure/operations and development. The study by managed cloud specialist 2nd Watch of more than 1,000 IT professionals indicates that a majority of companies have yet to fully commit to the DevOps process. 78 percent of respondents say that separate teams are still managing infrastructure/operations and application development. Some organizations surveyed are using infrastructure-as-code tools, automation or even CI/CD pipelines, but those techniques alone do not define DevOps.

Apple has updated its App Store guidelines to close a loophole that let app makers store and share data without many people's consent. The practice has "been employed for years," reports Bloomberg. "Developers ask users for access to their phone contacts, then use it for marketing and sometimes share or sell the information -- without permission from the other people listed on those digital address books." From the report: As Apple's annual developer conference got underway on June 4, the Cupertino, California-based company made many new pronouncements on stage, including new controls that limit tracking of web browsing. But the phone maker didn't publicly mention updated App Store Review Guidelines that now bar developers from making databases of address book information they gather from iPhone users. Sharing and selling that database with third parties is also now forbidden. And an app can't get a user's contact list, say it's being used for one thing, and then use it for something else -- unless the developer gets consent again. Anyone caught breaking the rules may be banned.

While Apple is acting now, the company can't go back and retrieve the data that may have been shared so far. After giving permission to a developer, an iPhone user can go into their settings and turn off apps' contacts permissions. That turns off the data faucet, but doesn't return information already gathered.

Programming languages such as Lua, Objective-C, Erlang, and Ruby (on Rails) offer distinct features, but they are also riddled with certain well-documented drawbacks. However, writes respected critic Dominik Wagner, their origination and continued existence serves a purpose. In 2014, Apple introduced Swift programming language. It has been four years, but Wagner and many developers who have shared the blog post over the weekend, wonder what exactly is Swift trying to solve as they capture the struggle at least a portion of developers who are writing in Swift face today. Writes Wagner: Swift just wanted to be better, more modern, the future -- the one language to rule them all. A first red flag for anyone who ever tried to do a 2.0 rewrite of anything.

On top of that it chose to be opinionated about features of Objective-C, that many long time developers consider virtues, not problems: Adding compile time static dispatch, and making dynamic dispatch and message passing a second class citizen and introspection a non-feature. Define the convenience and elegance of nil-message passing only as a source of problems. Classify the implicit optionality of objects purely as a source of bugs. [...] It keeps defering the big wins to the future while it only offered a very labour intensive upgrade path. Without a steady revenue stream, many apps that would have just compiled fine if done in Objective-C, either can't take advantage of new features of the devices easily, or had to be taken out of the App Store alltogether, because upgrading would be to costly. If you are working in the indie dev-scene, you probably know one of those stories as well. And while this is supposed to be over now, this damage has been done and is real.

On top of all of this, there is that great tension with the existing Apple framework ecosystem. While Apple did a great job on exposing Cocoa/Foundation as graspable into Swift as they could, there is still great tension in the way Swift wants to see the world, and the design paradigms that created the existing frameworks. That tension is not resolved yet, and since it is a design conflict, essentially can't be resolved. Just mitigated. From old foundational design patterns of Cocoa, like delegation, data sources, flat class hierarchies, over to the way the collection classes work, and how forgiving the API in general should be. If you work in that world you are constantly torn between doing things the Swift/standard-library way, or the Cocoa way and bridging in-between. To make matters worse there are a lot of concepts that don't even have a good equivalent. This, for me at least, generates an almost unbearable mental load.

An anonymous reader quotes InfoQ: Ron Jeffries, author, speaker, one of the creators of Extreme Programming (XP), and a signatory of the Agile Manifesto back in 2001, shared a post on his blog in which he advocates that developers should abandon "Agile". The post further elaborated that developers should stay away from the "Faux Agile" or "Dark Agile" forms, and instead get closer to the values and principles of the Manifesto. The terms "Faux Agile" and "Dark Agile" are used by the author to give emphasis to the variety of the so-called "Agile" approaches that have contributed, according to him, to make the life of the developers worse rather than better, which is the antithesis of one of the initial ideas of the Agile Manifesto...
Jeffries writes that "When 'Agile' ideas are applied poorly, they often lead to more interference with developers, less time to do the work, higher pressure, and demands to 'go faster'. This is bad for the developers, and, ultimately, bad for the enterprise as well, because doing 'Agile' poorly will result, more often than not, in far more defects and much slower progress than could be attained. Often, good developers leave such organizations, resulting in a less effective enterprise than prior to installing 'Agile'...

"it breaks my heart to see the ideas we wrote about in the Agile Manifesto used to make developers' lives worse, instead of better. It also saddens me that the enterprise isn't getting what it could out of the deal, but my main concern is for the people doing the work..." He argues developers should instead just focus on Agile's good general software development practices -- like regularly producing fully-tested software and consciously avoiding "crufty" complex designs.

But what do Slashdot's readers think? Should developers abandon Agile?

An anonymous reader quotes SD Times Java remains the most popular primary programming language, but JavaScript is the most used programming language overall. That is according to a recently released report from JetBrains on the State of the Developer Ecosystem in 2018. The report surveyed more than 6,000 developers from 17 countries to reveal the trends driving the world of coding this year... According to the report, Java, JavaScript and Python are the top three programming languages this year, and Go is the most promising language. Twenty percent of developers use multiple versions of Go at the same time, and 26 percent set up their GOPATH per project. The top Go frameworks include Gin, Beego, Echo and Buffalo.

While 38 percent of developers have no plans to adopt any new languages this year, the top languages respondents have started to learn in the last year include Python, JavaScript, Java, Go, TypeScript and Kotlin... Eighty-two percent of respondents use IDEs while 69 percent use editors. Of those using IDEs and editors, only 12 percent cited that they don't customize their IDE/editors. In addition, 77 percent use the dark theme for their editor or IDE... Some fun facts about developers include 77 percent listen to music while they are coding; the top music to listen to includes electronic, pop and rock; 53 percent sleep seven to eight hours a night; 85 percent code on the weekends; and 57 percent prefer coffee over tea.

The Linux Foundation has endorsed Microsoft's acquisition of GitHub. In a blog post, Jim Zemlin, the executive director at the Linux Foundation, said: "This is pretty good news for the world of Open Source and we should celebrate Microsoft's smart move." The Verge reports: 10 years ago, Zemlin was calling for Microsoft to stop secretly attacking Linux by selling patents that targeted the operating system, and he also poked fun at Microsoft multiple times over the years. "I will own responsibility for some of that as I spent a good part of my career at the Linux Foundation poking fun at Microsoft (which, at times, prior management made way too easy)," explains Zemlin. "But times have changed and it's time to recognize that we have all grown up -- the industry, the open source community, even me." Nat Friedman, the future CEO of GitHub (once the deal closes), took to Reddit to answer questions on the company's plans. "We are not buying GitHub to turn it into Microsoft; we are buying GitHub because we believe in the importance of developers, and in GitHub's unique role in the developer community," explains Friedman. "Our goal is to help GitHub be better at being GitHub, and if anything, to help Microsoft be a little more like GitHub."

Facebook granted a select group of companies special access to its users' records even after the point in 2015 that the company has claimed it stopped sharing such data with app developers. USA Today reports: According to the Wall Street Journal, which cited court documents, unnamed Facebook officials and other unnamed sources, Facebook made special agreements with certain companies called "whitelists," which gave them access to extra information about a user's friends. This includes data such as phone numbers and "friend links," which measure the degree of closeness between users and their friends. These deals were made separately from the company's data-sharing agreements with device manufacturers such as Huawei, which Facebook disclosed earlier this week after a New York Times report on the arrangement. Facebook said following the WSJ report it inked deals with a small number of developers that gave them access to users' friends after the more restrictive policy went into effect.

New submitter Fatalis writes: Substack is a venture capital funded startup for subscription-based newsletters, and it admittedly chose its name following the advice from a Paul Graham (co-founder of Y Combinator) article to prefer names not registered in the .com zone. The same name has also been the user handle for a prolific open-source developer who now finds themselves competing for recognition in the tech space with a capital backed company. The lesson seems to be for developers to protect their personal brand by registering a domain name with the .com extension due to it being perceived as the default.

DuroSoft writes: Earlier this week an article ran about how Microsoft's multi-year refusal to rename its terabyte-scale Git extension "GVFS" (Git Virtual File System) had drawn the ire and dismay of the GNOME GVfs project (Gnome Virtual File System) which predates the Microsoft project by years. Thanks to Slashdot coverage and community pressure, Microsoft has now officially promised to rename GVFS to something else, and is asking the community for suggestions for a new name. Is this an official sign that MIcrosoft is finally listening to developers (albeit with a Slashdot-level of negative attention), or are they simply trying to appease the crowd while they are still in the news due to their acquisition of GitHub?

Kesha Williams, reporting for InfoQ (shared by numerous readers): The Java Mission Control suite of tools, also known as JMC, was open sourced by Oracle on May 3rd to much applause and excitement from the Java development community. The excitement was replaced with unease as sources reported that the entire JMC development team had been laid off. JMC is a well-known profiling and diagnostics tools suite for the Java Virtual Machine (JVM) primarily targeting systems running in production. It is used by developers to gather detailed low-level information about how the JVM and the Java application are behaving. The official open source announcement came on May 5th from Marcus Hirt, a member of the Java Platform Group at Oracle. "Just wanted to say thank you to everyone who helped open source Java Mission Control in the relatively short period of time it was done in." According to Hirt, the intent behind open sourcing JMC was to provide the community with the opportunity to add new features and capabilities to the tools suite.

In macOS 10.14 Mojave, which Apple unveiled on Monday, the company is deprecating OpenGL and OpenCL technologies in its desktop operating system. In an announcement post to developers, the company wrote: Apps built using OpenGL and OpenCL will continue to run in macOS 10.14, but these legacy technologies are deprecated in macOS 10.14. Games and graphics-intensive apps that use OpenGL should now adopt Metal. Similarly, apps that use OpenCL for computational tasks should now adopt Metal and Metal Performance Shaders. PCGamer reports that several developers have expressed disappointment over the decision. AnandTech reports that the company is doing away with OpenGL and OpenCL in iOS and its other operating systems as well.

Stephen Shankland, writing for CNET: With its next-generation MacOS Mojave software, Macs will be able to run some apps written for iPhones and iPads, a big new step in bringing the two technology platforms closer together. Craig Federighi, Apple's senior vice president of software engineering, announced the change Monday at Apple's Worldwide Developer Conference in San Jose. And he said Mojave will include four apps Apple itself brought from its iOS mobile software to MacOS: Home, Stocks, News and Voice Memo. "There are millions of iOS apps out there, and we think some of them would look great on the Mac," Federighi said. For now, it's only Apple that has the ability to move iOS apps to MacOS. But that'll change in 2019.

Catalin Cimpanu, writing for BleepingComputer: Mobile app developers are going through the same growing pains that the webdev scene has gone through in the 90s and 2000s when improper input validation led to many security incidents. But while mobile devs have learned to filter user input for dangerous strings, some of these devs have not learned their lesson very well.

In a research paper published earlier this year, Abner Mendoza and Guofei Gu, two academics from Texas A&M University, have highlighted the problem of current-day mobile apps that still include business logic (such as user input validation, user authentication, and authorization) inside the client-side component of their code, instead of its server-side section. This regretable situation leaves the users of these mobile applications vulnerable to simple HTTP request parameter injection attacks that could have been easily mitigated if an application's business logic would have been embedded inside its server-side component, where most of these operations belong.

As rumored, Microsoft said Monday that it has acquired code repository website GitHub for a whopping sum of $7.5B in Microsoft stock. Microsoft Corporate Vice President Nat Friedman, founder of Xamarin and an open source veteran, will assume the role of GitHub CEO. GitHub's current CEO, Chris Wanstrath, will become a Microsoft technical fellow, reporting to Executive Vice President Scott Guthrie, to work on strategic software initiatives. From the blog post: "Microsoft is a developer-first company, and by joining forces with GitHub we strengthen our commitment to developer freedom, openness and innovation," said Satya Nadella, CEO, Microsoft. "We recognize the community responsibility we take on with this agreement and will do our best work to empower every developer to build, innovate and solve the world's most pressing challenges." Under the terms of the agreement, Microsoft will acquire GitHub for $7.5 billion in Microsoft stock. Subject to customary closing conditions and completion of regulatory review, the acquisition is expected to close by the end of the calendar year. GitHub will retain its developer-first ethos and will operate independently to provide an open platform for all developers in all industries. Developers will continue to be able to use the programming languages, tools and operating systems of their choice for their projects -- and will still be able to deploy their code to any operating system, any cloud and any device. The two companies, together, will "empower developers to achieve more at every stage of the development lifecycle, accelerate enterprise use of GitHub, and bring Microsoft's developer tools and services to new audiences," Microsoft said. A portion of the developer community has opposed the move, with some already leaving the platform for alternative services.

Update: In a conference call with reporters, Mr. Nadella said today the company is "all in with open source," and requested people to judge the company's commitment to the open source community with its actions in the recent past, today, and in the coming future. GitHub will remain open and independent, Mr. Nadella said.

The supposed acquisition of popular code repository GitHub by Microsoft has drawn an unprecedented backlash from the developer community. Over the weekend, after Bloomberg reported that the two companies could make the announcement as soon as Monday, hundreds of developers took to forums and social media to express their disappointment, with many saying that they would be leaving the platform if the deal goes through.

So why so much outrage? In a conversation with Slashdot, software developer and student Sean said that he believes a deal of such capacity would be bad for the open source community. "They've shown time and time again that they can't be trusted," he said. Sean and many other believe that Microsoft would eventually start telemetry program on the code repository. "Aside from Microsoft not being trustworthy to the open source community, I'm sure they'll add tracking and possibly even ads to all the sites within GitHub. As well as possibly use it to push LinkedIn (which they own)," he said. Ryan Hoover, the founder of ProductHunt, wrote on Sunday, "Anecdotally, the developer community is very unapproving of this move. I'm curious how Microsoft manages this and how GitHub changes (or doesn't change)." Even as Microsoft has "embraced" the open source community in the recent years (under the leadership of Mr. Nadella), for many developers, it will take time -- if at all -- to forget the company's past closed-ecosystem approach. Just this weekend, a developer accused Microsoft of stealing his code.

A petition that seeks to "stop Microsoft from buying Github" had garnered support from more than 400 developers. Prominent developer Andre Staltz said, "If you're still optimistic about the Microsoft-GitHub acquisition, consider this: They didn't ask your opinion not even a single bit, even though it was primarily your commits, stars, and repositories which made GH become a valuable platform." More importantly, if the comments left on Slashdot, Reddit, and HackerNews, places that overwhelmingly count developers and other IT industry experts among their audience, are anything to go by, Microsoft better has a good plan on how it intends to operate GitHub after the buyout. Security reporter Catalin Cimpanu said, "LinkedIn has turned into a slow-loading junk after the Microsoft acquisition. I can only imagine what awaits GitHub." On his part, Mat Velloso, who is technical advisor to CTO at Microsoft, said, "I don't think people understand how many of us at Microsoft love GitHub to the bottom of our hearts. If anybody decided to mess with that community, there would be a riot to say the least."

Jacques Mattheij: Companies that are too big to fail and that lose money are a dangerous combination, people have warned about GitHub becoming as large as it did as problematic because it concentrates too much of the power to make or break the open source world in a single entity, moreso because there were valid questions about GitHubs financial viability. The model that GitHub has -- sell their services to closed source companies but provide the service for free for open source groups -- is only a good one if the closed source companies bring in enough funds to sustain the model. Some sort of solution should have been found -- preferably in collaboration with the community -- not an 'exit' to one of the biggest sharks in the tank. So, here is what is wrong with this deal and why anybody active in the open source community should be upset that Microsoft is going to be the steward of this large body of code. For starters, Microsoft has a very long history of abusing its position vis-a-vis open source and other companies. I'm sure you'll be able to tell I'm a cranky old guy by looking up the dates to some of these references, but 'new boss, same as the old boss' applies as far as I'm concerned. Yes, the new boss is a nicer guy but it's the same corporate entity. Update: It's official. Microsoft has acquired GitHub for a whopping sum of $7.5B.