news.com.au reports: The GitHub Arctic Vault program is part of the now Microsoft-owned code repository GitHub...aimed at preserving the information for generations to come...

"We chose to store GitHub's public repositories in the Arctic World Archive in Svalbard [a Norwegian island] because it is one of the most remote and geopolitically stable places on Earth and is about a mile down the road from the famous Global Seed Vault," said GitHub vice president of special projects Thomas Dohmke. Mr Dohmke said open source code in particular was worth preserving... "Ultimately, it's time to create multiple durable backups of the software our world depends on..." Other treasures include the original source code for MS-DOS (the precursor to Microsoft Windows), the open source code that powers Bitcoin, Facebook's React, and the publishing platform Wordpress...

"The Arctic Code Vault was just the beginning of the GitHub Archive Program's journey to secure the world's open source code," GitHub vice president of special projects Thomas Dohmke told news.com.au. "We've partnered with multiple organisations and advisers to help us maximise the GitHub Archive Program's value and preserve all open-source software for future generations." One of those partners is Norwegian archival experts Piql, who specialise in very-long-term data storage. The company uses around 200 silver halide and polyester film reels designed to last a thousand years to store the information...

VCs have given nearly half a billion dollars to a stealth startup called SambaNova Systems to build "a new kind of computer to replace the typical Von Neumann machines expressed in processors from Intel and AMD, and graphics chips from Nvidia."

ZDNet reports: The last thirty years in computing, said CEO Rodrigo Liang, have been "focused on instructions and operations, in terms of what you optimize for. The next five, to ten, to twenty years, large amounts of data and how it flows through a system is really what's going to drive performance." It's not just a novel computer chip, said Liang, rather, "we are focused on the complete system," he told ZDNet. "To really provide a fundamental shift in computing, you have to obviously provide a new piece of silicon at the core, but you have to build the entire system, to integrate across several layers of hardware and software...."

[One approach to training neural networks with very little labeled data] is part of the shift of computer programming from hard-coded to differentiable, in which code is learned on the fly, commonly referred to as "software 2.0." Liang's co-founders include Stanford professor Kunle Olukotun, who says a programmable logic device similar to a field-programmable gate array could change its shape over and over to align its circuitry [to] that differentiated program, with the help of a smart compiler such as Spatial. [Spatial is "a computing language that can take programs and de-compose them into operations that can be run in parallel, for the purpose of making chips that can be 'reconfigurable,' able to change their circuitry on the fly."]

In an interview in his office last spring, Olukotun laid out a sketch of how all that might come together. In what he refers to as a "data flow," the computing paradigm is turned inside-out. Rather than stuffing a program's instructions into a fixed set of logic gates permanently etched into the processor, the processor re-arranges its circuits, perhaps every clock cycle, to variably manipulate large amounts of data that "flows" through the chip.... Today's chips execute instructions in an instruction "pipeline" that is fixed, he observed, "whereas in this reconfigurable data-flow architecture, it's not instructions that are flowing down the pipeline, it's data that's flowing down the pipeline, and the instructions are the configuration of the hardware that exists in place.

The new 1.14 release of the Go programming language "is dotted with performance and security improvements," reports the developer news site DevClass, "but also gives devs more flexibility when it comes to module use."

And they also give a nice overview of Go's development process: Go is the language most containerization projects are built with. The wide adoption of this approach is one of the reasons that made the Go team implement a new feedback-based system for language enhancements. In it, only a limited number of new features are proposed for an upcoming release, giving the community room to weigh in on them. If they decide a change will do more good than harm the feature will make it into the new version. However, since alterations affect a quite wide range of people, they are often heavily disputed. This already led to the abandoning of a proposal thought to improve the language's often discussed error handling. Currently, a couple of new vet checks and minor adjustments are discussed for the 1.15 release.

Updates in Go 1.14 mainly concern the toolchain, runtime, and libraries. The only change to the language allows for methods of embedded interfaces to have the same name and signature as those on the embedding interface. Supposedly to facilitate the creation of somewhat safer applications, version 1.14 includes a hash/maphash package. The hash functions on byte sequences contained in it are meant to help with the implementation of hash tables or similar data structures. The Go team warns though that "the hash functions are collision-resistant but not cryptographically secure...."

Go 1.14 is the last release to run on macOS 10.11 and support 32-bit binaries on Apple's operating system. Meanwhile binaries for Windows come with data execution prevention enabled, experimental support for 64-bit RISC-V on Linux is included, and v1.14 should work with 64-bit ARM architecture on FreeBSD 12.0 or later.

Facebook has canceled the in-person portion of F8, the company's annual developer conference, due to coronavirus concerns. F8 was originally scheduled to take place on May 5th and May 6th later this year. From a report: Instead, Facebook says that it will replace the main F8 conference with "locally hosted events, videos and live-streamed content."

Kazuhisa Hashimoto, a producer credited with implementing the fabled "Konami Code" that gave players godlike cheats in Contra, Gradius, Castlevania, and other Konami games for the Nintendo Entertainment System, died on Tuesday. He was 61. Polygon reports: Hashimoto was a programmer and producer for the home console port of Gradius, which in 1986 was the first video game to use the Konami Code. Hashimoto put it in the game as an aid for his playtesting, memorably saying that he "obviously couldn't beat it." For unclear reasons, the Konami Code was left in the shipped game, and was later used to playtest other games made by the publisher.

Contra, which launched on the NES in 1988, sold much better than Gradius and is more closely associated with the Konami Code's origins. In it, cheat-code sharers discovered video gaming's Charm of Making -- up, up, down, down, left, right, left, right, B, A, start! -- and were blessed with 30 lives, absolutely critical to a super-tough one-hit-kill side-scroller like Contra. Nostalgia for the Konami Code, if not gratitude for its usefulness to many difficult games of the day, led to its inclusion in numerous other works. A Wikipedia entry on the code counts more than 100 Konami games with the cheat or some version of it inside them. Another 22 games made by other publishers included the code as a tribute, often revealing an Easter egg or secret message. It has also shown up elsewhere in popular culture, most recently in Google Stadia's website (and on its controller), and as a pastime Easter egg in Fortnite in October.

A former YC partner co-founded a recruiting company for technical hiring, and one of its software engineers is long-time Slashdot reader compumike. He now writes: Like the decade-old Fizz Buzz Test, there are some questions that are trivial for anyone who can build software at a professional level, but are likely to stump anyone who can't hack it. I analyzed the data from over 100,000 programmers to reveal how five multiple-choice questions easily separate the real software engineers from the rest.
The questions (and the data about correct answers) come from Triplebyte's own coder-recruiting quiz, and "98% of successful engineers answer at least 4 of 5 correctly," explains Mike's article. ("Successful" engineers are defined as those who went on to receive an inbound message from a company matching their preferences through Triplebyte's platform.) "I'm confident that if you're an engineering manager running an interview, you wouldn't give an offer to someone who performed below that line."

Question 1: What kind of SQL statement retrieves data from a table?

• LOOKUP
• READ
• FETCH
• SELECT

In a new article in Forbes, a Business Technology professor at the Villanova School of Business argues that the way we build software applications is changing: If you're living in the 21st century you turn to your cloud provider for help where many of the most powerful technologies are now offered as-a-service. When your requirements cannot be completely fulfilled from cloud offerings, you build something. But what does "building" mean? What does "programming" mean...? You can program from scratch. You can go to Github (where you can find code of all flavors). Or you can — if you're a little lazier — turn to low-code or no-code programming platforms to develop your applications.

All of this falls under the umbrella of what, the Gartner Group defines as the "democratization of expertise":

"Democratization is focused on providing people with access to technical expertise (for example, ML, application development) or business domain expertise (for example, sales process, economic analysis) via a radically simplified experience and without requiring extensive and costly training...."

[T]he new repositories, platforms and tools are enabling a whole new set of what we used to call "programming." As Satya Nadella said, "Every business will become a software business, build applications, use advanced analytics and provide SAAS services," and as Sajjad Daya says so well in Hackernoon, "Coding takes too long for it to be both profitable and competitively priced. That's not the case with no-code platforms, though. The platforms do the complicated programming automatically, slashing development time..."

The technology democracy has forever changed corporate strategy. And what does this mean? It means that the technical team scales on cue. But "technical" means competencies around Github, low-code/no-code platforms and especially business domains... [A]ll of this levels the technology playing field among companies — so long as they understand the skills and competencies they need.

We live in a world where billions of login credentials have been stolen, enabling the brute-force cyberattacks known as "credential stuffing", reports CSO Online. And it's being made easier by APIs: New data from security and content delivery company Akamai shows that one in every five attempts to gain unauthorized access to user accounts is now done through application programming interfaces (APIs) instead of user-facing login pages. According to a report released today, between December 2017 and November 2019, Akamai observed 85.4 billion credential abuse attacks against companies worldwide that use its services. Of those attacks, around 16.5 billion, or nearly 20%, targeted hostnames that were clearly identified as API endpoints.

However, in the financial industry, the percentage of attacks that targeted APIs rose sharply between May and September 2019, at times reaching 75%.

"API usage and widespread adoption have enabled criminals to automate their attacks," the company said in its report. "This is why the volume of credential stuffing incidents has continued to grow year over year, and why such attacks remain a steady and constant risk across all market segments."
APIs also make it easier to extract information automatically, the article notes, while security experts "have long expressed concerns that implementation errors in banking APIs and the lack of a common development standard could increase the risk of data breaches."

Yet the EU's "Payment Services Directive" included a push for third-party interoperability among financial institutions, so "most banks started implementing such APIs... Even if no similar regulatory requirements exist in non-EU countries, market forces are pushing financial institutions in the same direction since they need to innovate and keep up with the competition."

kimanaw shares a report: The Trump administration urged the U.S. Supreme Court to reject an appeal by Alphabet's Google, boosting Oracle's bid to collect more than $8 billion in royalties for Google's use of copyrighted programming code in the Android operating system. The administration weighed in on the high-stakes case on the same day that President Donald Trump attended a re-election campaign fundraiser in California hosted by Oracle's co-founder, billionaire Larry Ellison. Ellison hosted a golf outing and photos with Trump. The event cost a minimum of $100,000 per couple to attend, with a higher ticket price of $250,000 for those who wanted to participate in a policy roundtable with the president, the Palm Springs Desert Sun reported. Google is challenging an appeals court ruling that it violated Oracle copyrights when it included some Oracle-owned Java programming code in Android. The dispute has split Silicon Valley, pitting developers of software code against companies that use the code to create programs. Google's "verbatim copying" of Oracle's code into a competing product wasn't necessary to foster innovation, the U.S. Solicitor General Noel Francisco said Wednesday in a filing with the court.

TechRadar shares some surprising results from a new survey of enterprises using COBOL and mainframe technologies: According to a survey by Micro Focus, which follows data gathered in previous 2017 survey, 70 percent favor modernization as an approach for implementing strategic change. This is opposed to replacing or retiring their key COBOL applications as they continue to provide a low-risk and effective means of transforming IT to support digital business initiatives...

This is further supported by the results of the survey with an increase in the size of the average application code base which grew from 8.4m in 2017 to 9.9m this year, showing continued investment, re-use and expansion in core business systems.
"92 percent of respondents felt as though their organization's COBOL applications are strategic in comparison to 84 percent of respondents in 2017," according to the official survey results. The survey spanned 40 different countries, and involved COBOL-connected architects, developers, development managers and IT executives.

"COBOL's credentials as a strong digital technology appear to be set for another decade," according to Micro Focus' senior vice president of application modernization and connectivity. "With 60 years of experience supporting mission-critical applications and business systems, COBOL continues to evolve as a flexible and resilient computer language that will remain relevant and important for businesses around the world."

"Now budding Python developers can read up on the National Security Agency's own Python training materials," reports ZDNet: Software engineer Chris Swenson filed a Freedom of Information Act request with the NSA for access to its Python training materials and received a lightly redacted 400-page printout of the agency's COMP 3321 Python training course. Swenson has since scanned the documents, ran OCR on the text to make it searchable, and hosted it on Digital Oceans Spaces. The material has also been uploaded to the Internet Archive...

"If you don't know any programming languages yet, Python is a good place to start. If you already know a different language, it's easy to pick Python on the side. Python isn't entirely free of frustration and confusion, but hopefully you can avoid those parts until long after you get some good use out of Python," writes the NSA...

Swenson told ZDNet that it was "mostly just curiosity" that motivated him to ask the NSA about its Python training material. He also said the NSA had excluded some course material, but that he'll keep trying to get more from the agency... Python developer Kushal Das has pulled out some interesting details from the material. He found that the NSA has an internal Python package index, that its GitLab instance is gitlab.coi.nsa.ic.gov, and that it has a Jupyter gallery that runs over HTTPS. NSA also offers git installation instructions for CentOS, Red Hat Enterprise Linux, Ubuntu, and Windows, but not Debian.

An anonymous reader shares a report: It comes as no surprise that the guidance computers aboard the Apollo 11 spacecraft were impossibly primitive compared to the pocket computers we all carry around 50 years later. But on his website, an Apple developer analyzed the tech specs even further and found that even something as simple as a modern USB charger is packed with more processing power. Forrest Heller, a software developer who formerly worked on Occipital's Structure 3D scanner accessory for mobile devices, but who now works for Apple, broke down the numbers when it comes to the processing power, memory, and storage capacity of Google's 18W Pixel charger, Huawei's 40W SuperCharge, the Anker PowerPort Atom PD 2 charger, and the Apollo 11 guidance computer, also referred to as the AGC. It's not easy to directly compare those modern devices with the 50-year-old AGC, which was custom developed by NASA for controlling and automating the guidance and navigation systems aboard the Apollo 11 spacecraft.

In a time when computers were the size of giant rooms, the AGC was contained in a box just a few feet in length because it was one of the first computers to be made with integrated circuits. Instead of plopping in an off the shelf processor, NASA's engineers designed and built the AGC with somewhere around 5,600 electronic gates that were capable of performing nearly 40,000 simple mathematical calculations every second. While we measure processor speeds in gigahertz these days, the AGC chugged along at 1.024 MHz. By comparison, the Anker PowerPort Atom PD 2 USB-C charger includes a Cypress CYPD4225 processor running at 48 MHz with the twice the RAM of the AGC, and almost twice the storage space for software instructions.

The sophistication of the Emotet malware's code base and its regularly evolving methods for tricking targets into clicking on malicious links has allowed it to spread widely. "Now, Emotet is adopting yet another way to spread: using already compromised devices to infect devices connected to nearby Wi-Fi networks," reports Ars Technica. From the report: Last month, Emotet operators were caught using an updated version that uses infected devices to enumerate all nearby Wi-Fi networks. It uses a programming interface called wlanAPI to profile the SSID, signal strength, and use of WPA or other encryption methods for password-protecting access. Then, the malware uses one of two password lists to guess commonly used default username and password combinations. After successfully gaining access to a new Wi-Fi network, the infected device enumerates all non-hidden devices that are connected to it. Using a second password list, the malware then tries to guess credentials for each user connected to the drive. In the event that no connected users are infected, the malware tries to guess the password for the administrator of the shared resource.

"With this newly discovered loader-type used by Emotet, a new threat vector is introduced to Emotet's capabilities," researchers from security firm Binary Defense wrote in a recently published post. "Previously thought to only spread through malspam and infected networks, Emotet can use this loader-type to spread through nearby wireless networks if the networks use insecure passwords." The Binary Defense post said the new Wi-Fi spreader has a timestamp of April 2018 and was first submitted to the VirusTotal malware search engine a month later. While the module was created almost two years ago, Binary Defense didn't observe it being used in the wild until last month.

minstrelmike shares a report. From the article: The best way to get a feel for what NASA's job was like is to read some of the code, now immortalized in a GitHub repository. Choose a file at random. GROUND_TRACKING_DETERMINATION_PROGRAM.agc, for instance, has 204 lines and more than 85 of them are comments. Each of the lines consists of only one operation, unlike modern languages, which can pack dozens of operations with multiple options into one line. The simplicity becomes obvious .... The Apollo Guidance Computer had only 36k of ROM to hold the compiled version."

You didn't need security, function was the only thing that counted, and you only had to do one thing. A Go app compiled with version 1.7 that only prints "Hello World" is 1.6 megabytes alone, and the Go world was totally thrilled with this news because it was 2.3 megabytes before." And you didn't need to deal with lawyers. There are 22 thousand words in the basic Terms of Service for renting a machine in Amazon's cloud. There is also an entirely different TOS for using the website to rent the machine. Then each individual product often has its own TOS, like this one for Activate. Add them up and they're much longer than the 36 thousand instruction words in the ROM in the Lunar Lander's computer.

"Under the age of 39? Odds are that most of your peers learned to code in C.

"Most Baby Boomers and Gen Xers — or, those between the ages of 40 and 74 in 2020 — learned to code in BASIC."

That's just one of the interesting conclusions from HackerRank's third annual "Developer Skills Report," which this year compiled responses from over 116,000 developers (from 162 different countries). Developed for educational use in 1964, BASIC was a popular instructional language in college classrooms. But that began to change in 1972, when Bell Labs invented C, allowing portability of the Unix operating system. Though it wasn't an instant hit, the language rose to popularity in the late 70s and early 80s alongside the growth of Unix. Today, the language is celebrated for its longevity, flexibility, and ease of use — just some of the reasons it's still popular for Gen Zers learning to code today.

Gen Z is more likely than any previous generation to utilize bootcamps. Nearly one in six say they've leveraged bootcamps to learn new skills. On the flip side, they're less likely to learn coding skills from older generations' go-tos, like books and on-the-job training. As Gen Z comes to rely more heavily on non-traditional education sources like bootcamps, they're poised to become a key talent pool.
Jaxenter also summarizes another interesting finding from the survey. "72% of hiring managers reported that bootcamp grads were equally or better equipped for their job." The I-Programmer site even noted the top reasons managers gave the surveyors for why bootcamp grads exceed:

• Ability to learn new technologies & languages quickly (71%)
• Strong practical experience (61%)
• Eager to take on new responsibilities (52%)

And they also summarize another interesting result. "Almost a third of developers at small companies (1-49 employees) haven't obtained a Bachelor's degree -- a proportion that drops to only 9% in companies with 10,000 or more employees."

China's Xiaomi, Huawei, Oppo and Vivo are joining forces to create a platform for developers outside China to upload apps onto all of their app stores simultaneously, in a move analysts say is meant to challenge the dominance of Google's Play store. From a report: The four companies are ironing out kinks in what is known as the Global Developer Service Alliance (GDSA). The platform aims to make it easier for developers of games, music, movies and other apps to market their apps in overseas markets, according to people with knowledge of the matter. The GDSA was initially aiming to launch in March, sources said, although it is not clear how that will be affected by the recent coronavirus outbreak. A prototype website says the platform will initially cover nine "regions" including India, Indonesia and Russia.

From a report: I'll just pay a little more attention to the Android bit: a total of $80 billion paid out to Android developers, which is significantly less than the $155 billion Apple has paid out via the iOS App Store. Even if you account for Google allowing developers to use their own payment methods and made a bunch of other caveats, I suspect you can't avoid the truth. The vast majority of phones on Earth run Android, and yet it is almost surely the case that there's more money for developers in iPhone apps. That's always been the conventional wisdom, but Google's own numbers all but confirm it.

Eric Raymond has been working on a tool called reposurgeon for editing version-control repository histories -- those "risky operations that version-control systems don't want to let you do." But this led to some interesting thoughts about documentation: "Why doesn't reposurgeon have easy introductory documentation" would normally have a simple answer: because the author, like all too many programmers, hates writing documentation, has never gotten very good at it, and will evade frantically when under pressure to try. But in my case none of that description is even slightly true. Like Donald Knuth, I consider writing good documentation an integral and enjoyable part of the art of software engineering. If you don't learn to do it well you are short-changing not just your users but yourself...

If you go looking for gdb intro documentation, you'll find it's also pretty terrible. Examples of a few basic commands is all they can do; you never get an entire worked example of using gdb to identify and fix a failure point. And why is this....? High-quality introductory software documentation depends on worked examples that are understandable and reproducible. If your software's problem domain features serious technical barriers to mounting and stuffing a gallery of reproducible examples, you have a problem that even great willingness and excellent writing skills can't fix.

Of course my punchline is that reposurgeon has this problem, and arguably an even worse example of it than gdb's. How would you make a worked example of a repository conversion that is both nontrivial and reproducible? What would that even look like...? Having identified the deep problem, I'd love to be able to say something revelatory and upbeat about how to solve it.... Unfortunately, at this point I am out of answers. Perhaps the regulars on my blog will come up with some interesting angle.

Slashdot reader jbmartin6 summarizes a new article from Carnegie Mellon's Software Engineering Institute: An academic study challenges the notion that "some programmers are much, much better than others (the times-10, or x10, programmer), and that the skills, abilities, and talents of these programmers exert an outsized influence on that organization's success or failure."

Instead, the author shows productivity variation is often a result of poor-performing outliers and some wide variation in individual's productivity from day to day. Once these factors are eliminated, the gap between top performers and normal performers isn't that great, and there is a very small supply of consistent top performers anyway. This result has a lot of implications for how software teams and projects are managed.
The article concludes that "while some programmers are better or faster than others, the scale and usefulness of this difference has been greatly exaggerated....

"Rather than try to label programmers with simplistic terms such as 'best' and 'worst,' the most motivating and humane way to improve average performance is to find ways to improve everyone's performance."

Slashdot reader SpaceForceCommander shared Dice's new annual report on America's tech industry salaries based on a survey of over 12,800 "technologists": Columbus and St. Louis enjoyed double-digit year-over-year growth in salaries (14.2 percent and 13.6 percent, respectively), and other cities such as Denver [7 percent] and Atlanta [10 percent] also experienced an ideal mix of growth and high salaries. These up-and-comers benefitted from the presence of key employers such as Amazon and IBM; in addition, a lower cost of living and plentiful amenities have made them increasingly attractive to technologists, even those coming from well-established tech hubs such as Silicon Valley.

Silicon Valley remains a world of high salaries — but the cost of living in the Bay Area remains extraordinarily high, which chews into that higher-than-average paycheck. And that's before we factor in issues such as grinding commutes. In Seattle, New York City (also known as "Silicon Alley"), and other well-established tech hubs, costs are similarly high, which only makes up-and-coming tech hubs more potentially attractive to technologists.
Silicon Valley is still #1 on Dice's ranking of average annual salaries (at $123,826), followed by Seattle, San Diego, Boston, Baltimore, Portland, Denver, and then New York. (And while St. Louis ranks #9, Columbus is #17.)

But the average annual tech-industry salary rose just 1.3 percent last year, according to the survey, with Dice arguing that what made salaries vary was supply and demand. They then ranked the highest-paying skills, starting with Apache Kafka (with average reported salaries of $134,557), followed by HANA (High performance ANalytic Appliance), Cloudera, and MapReduce: Newer skills don't necessarily draw higher salaries; with many older skills, the number of proficient technologists is relatively low, which means employers are willing to pay more in order to secure their services. (That's a key reason why the handful of technologists who still know their way around an ancient mainframe can score six-figure salaries from companies that haven't given up decades-old hardware....) In the case of programming languages such as Swift, which enjoyed significant year-over-year growth and high salaries, a large number of technologists might have mastered it — but the market is huge and white-hot, ensuring that compensation will only rise.