Tech News - Programming

Last week, the team behind Git released Git 2.23 that comes with experimental commands, backward compatibility and much more. This release has received contributions from over 77 contributors out of which 26 were new. What’s new in Git 2.23? Experimental commands This release comes with a new pair of experimental commands, git switch and git restore for providing a better interface for the git checkout.  “Two new commands "git switch" and "git restore" are introduced to split "checking out a branch to work on advancing its history" and "checking out paths out of the index and/or a tree-ish to work on advancing the current history" out of the single "git checkout" command,” the official mail thread reads.  Git checkout can be used to change branches with git checkout <branch>. In case if the user doesn’t want to switch branches, git checkout can be used to change individual files, too. These new commands aim to separate the responsibilities of git checkout into two narrower categories that is operations, which change branches and operations that change files.  Backward compatibility  The "--base" option of "format-patch" is now compatible with "git patch-id --stable".  Git fast-export/import pair The "git fast-export/import" pair will be now used to handle commits with log messages in encoding other than UTF-8. git clone --recurse-submodules "git clone --recurse-submodules" has now learned to set up the submodules for ignoring commit object names that are recorded in the superproject gitlink. git diff/grep The pattern "git diff/grep" that is used for extracting funcname and words boundary for Rust has now been added. git fetch" and "git pull The commands "git fetch" and "git pull" are used to report when a fetch results in non-fast-forward updates that lets the user notice unusual situation.    git status With this release, the extra blank lines in "git status" output have been reduced. Developer support This release comes with developer support for emulating unsatisfied prerequisites in tests for ensuring that the remainder of the tests succeeds when tests with prerequisites are skipped. A new tutorial for git-core developers This release comes with a new tutorial that target aspiring git-core developers. This tutorial demonstrates end-to-end workflow of creating a change to the Git tree, for sending it for review, as well as making changes that are based on comments. Bug fixes in Git 2.23 In the earlier version, "git worktree add" used to fail when another worktree that was connected to the same repository was corrupt. This issue has been corrected in this release. An issue with the file descriptor has been fixed. This release comes with an updated parameter validation. The code for parsing scaled numbers out of configuration files has been made more robust and easier to follow with this release. Few users seem to be happy about the new changes made, a user commented on HackerNews, “It's nice to hear that there appears to be progress being made in making git's tooling nicer and more consistent. Git's model itself is pretty simple, but the command line tools for working with it aren't and I feel that this fuels most of the "Git is hard" complaints.” Few others are still skeptical about the new commands, another user commented, “On the one hand I'm happy on the new "switch" and "restore" commands. On the other hand, I wonder if they truly add any value other than the semantic distinction of functions otherwise present in checkout.” To know more about this news in detail, read the official blog post on GitHub. GitHub has blocked an Iranian software developer’s account GitHub services experienced a 41-minute disruption yesterday iPhone can be hacked via a legit-looking malicious lightning USB cable worth $200, DefCon 27 demo shows

Back in July 2010, Graydon Hoare showcased the Rust programming language for the very first time at Mozilla Annual Summit. Rust is an open-source system programming language that was created with speed, memory safety, and parallelism in mind. Looking at Rust’s memory and thread safety guarantees, a supportive community, a quickly evolving toolchain, many major projects are being rewritten in Rust. And, one of the major ones was Servo, an HTML rendering engine that will eventually replace Firefox’s rendering engine. Mozilla is also using Rust for rewriting many other key parts of Firefox under Project Quantum. Fastly chose Rust to implement Lucet, its native WebAssembly compiler and runtime. More recently, Facebook also chose Rust to implement its controversial Libra blockchain. As the 9th anniversary of the day when Hoare first presented Rust in front of a large audience is approaching, The New Stack took a very interesting interview with him. In the interview, he talked about the current state of system programming, how safe he considers our current complex systems are, how they can be made safer, and more. Here are the key highlights from the interview: Hoare on a brief history of Rust Hoare started working on Rust as a side-project in 2006. Mozilla, his employer at that time, got interested in the project and provided him a team of engineers to help him in the further development of the language. In 2013, he experienced burnout and decided to step down as a technical lead. After working on some less-time-sensitive projects, he quit Mozilla and worked for the payment network, Stellar. In 2016, he got a call from Apple to work on the Swift programming language. Rust is now being developed by the core teams and an active community of volunteer coders. This programming language that he once described as “spare-time kinda thing” is being used by many developers to create a wide range of new software applications from operating systems to simulation engines for virtual reality. It was also "the most loved programming language" in the Stack Overflow Developer Survey for four years in a row (2016-2019). Hoare was very humble about the hard work and dedication he has put into creating the Rust programming language. When asked to summarize Rust’s history he simply said that “we got lucky”.  He added, “that Mozilla was willing to fund such a project for so long; that Apple, Google, and others had funded so much work on LLVM beforehand that we could leverage; that so many talented people in academia, industry and just milling about on the internet were willing to volunteer to help out.” The current state of system programming and safety Hoare considers the state of system programming language “healthy” as compared to the starting couple of decades in his career. Now, it is far easier to sell a language that is focused on performance and correctness. We are seeing more good languages coming into the market because of the increasing interaction between academia and industry. When asked about safety, Hoare believes that though we are slowly taking steps towards better safety, the overall situation is not getting better. He attributes building a number of new complex computing systems is making it worse. He said, “complexity beyond comprehension means we often can’t even define safety, much less build mechanisms that enforce it.” Another reason according to him is the huge number of vulnerable software present in the field that can be exploited anytime by a bad actor. For instance, on Tuesday, a zero-day vulnerability was fixed in Firefox that was being “exploited in the wild” by attackers. “Like much of the legacy of the 20th century, there’s just a tremendous mess in software that’s going to take generations to clean up, assuming humanity even survives that long,” he adds. How system programming can be made safer Hoare designed Rust with safety in mind. Its rich type system and ownership model ensures memory and thread safety. However, he suggests that we can do a lot better when it comes to safety in system programming. He listed a bunch of new improvements that we can implement, “information flow control systems, effect systems, refinement types, liquid types, transaction systems, consistency systems, session types, unit checking, verified compilers and linkers, dependent types.” Hoare believes that there are already many features suggested by academia. The main challenge for us is to implement these features “in a balanced, niche-adapted language that’s palatable enough to industrial programmers to be adopted and used.” You can read Hoare’s full interview on The New Stack. Rust 1.35.0 released Rust shares roadmap for 2019 Rust 1.34 releases with alternative cargo registries, stabilized TryFrom and TryInto, and more

Node.JS is a popular backend widely for web development despite some of its flaws. For embedded systems, now there is low.js, a Node.js port with far lower system requirements. In low.js you can program JavaScript applications by utilizing the full Node.js API. You can run these on regular computers and also on embedded devices, which are based on the $3 ESP32 microcontroller. The JavaScript V8 engine at the center of Node.js is replaced with Duktape. Duktape is an embeddable ECMAScript E5/E5.1 engine with a compact footprint. Some parts of the Node.js system library are rewritten for more compact footprint and use more native code. low.js currently uses under 2 MB of disk space with a minimum requirement of around 1.5 MB of RAM for the ESP32 version. low.js features low.js is good for hobbyists and people interested in electronics. It allows using Node.JS scripts on smaller devices like routers which are based on Linux or uClinux without using much of the resources. This is great for scripting especially if they communicate over the internet. The neonious one is a microcontroller board based on low.js for ESP32, which can be programmed in JavaScript ES 6 with the Node API. It includes Wifi, Ethernet, additional flash and an extra I/O controller. The lower systems requirements in low.js allow you to run it comfortably on the ESP32-WROVER module. The ESP32-WROVER costs under $3 for large orders and is a very cost effective solution for IoT devices requiring a microcontroller and Wifi. low.js for ESP32 also adds the additional benefit of fast software development and maintenance. Specialized software developers are not needed for the microcontroller software. How to install? The community edition of low.js can be run on POSIX based systems including Linux, uClinux, and Mac OS X. It is available on Github and currently ./configure is not present. You might need some programming skills and knowledge to get low.js up and running on your systems. The commands are as follows: git clone https://github.com/neonious/lowjs cd lowjs git submodule update --init --recursive make low.js for ESP32 is the same as the community edition, but adapted for the ESP32 microcontroller. This version is not open source and is pre-flashed on the neonious one. For more information and documentation visit the low.js website. Deno, an attempt to fix Node.js flaws, is rewritten in Rust Node.js announces security updates for all their active release lines for August 2018 Deploying Node.js apps on Google App Engine is now easy

Deno is a runtime by creator of Node, Ryan Dahl. It aims at fixing some of the problems in Node. Originally written in Go, Deno is now rewritten in Rust and is in version 0.1. Node.js was developed nearly a decade ago. It was designed in 2009 to use server-side JavaScript. The implementation solved problems of 2009, for which Dahl has no regrets. But lately, he did have regrets elaborated in a talk on 10 things he regrets about Node in the JSConf 2018. Some of the regrets included packages, security issues, the entire build system, among others. Deno is a secure TypeScript run-time on Chrome V8. It was originally written in Go and now has been rewritten in Rust to avoid potential garbage collector issues. Deno is similar to Node.js but is focused on security. Deno takes full advantage of JavaScript being a secure sandbox. So, unlike Node.js, Deno is sandboxed. Scripts should run without any write access by default. Using untrusted utilities like linters will be optional. There is no package.json in Deno, no npm and it is not explicitly compatible with Node. An important thing to note is that the requirement is Python 2, not Python 3. This is because Chrome V8 scripts still use Python 2. There were plans to rewrite Deno in Rust when it was originally released in June this year. Dahl mentioned in a GitHub comment: “The reason for not using Go is that it has a rather complex runtime - including a GC. Although I haven't experienced any problems with that yet, it's not hard to imagine that down the road that might clash badly with V8's very complex runtime.” You can get the binaries here to get started and check out the Github repo. Deploying Node.js apps on Google App Engine is now easy Creating Macros in Rust [Tutorial] Rust Language Server, RLS 1.0 releases with code intelligence, syntax highlighting and more

Luna, a data processing and visualization environment, provides a library of highly tailored, domain-specific components as well as a framework for building new components. Luna focuses on domains related to data processing, such as IoT, bioinformatics, data science, graphic design and architecture. What’s so interesting about Luna? Data flow modeling Luna is a data flow modeling whiteboard that allows users to draw components and the way data flows between them. Components in Luna have simply nested data flow graphs and users can enter into any component or into its subcomponents to move from high to low levels of abstraction. It is also designed as a general purpose programming language with two equivalent representations, visual and textual. Data processing and visualizing Luna components can visualise their results and further use colors for indicating the type of data they exchange. Users can compare all the intermediate outcomes and also understand the flow of data by looking at the graph. Users can also work around the parameters and observe how they affect each step of the computation in real time. Debugging Luna can help in assisting and analyzing network service outages and data corruption. In case any errors occur, Luna tracks and display its path through the graph so that users can easily follow and understand where it comes from.  It also records and visualizes information about performance and memory consumption. Luna explorer, the search engine Luna comes with Explorer which is a context-aware fuzzy search engine that lets users query libraries for desired components as well as browse their documentation. Since the Explorer is context-aware, it can easily understand the flow of data and also predict users’ intentions and adjust the search results accordingly. Dual syntax representation Luna is also the world’s first programming language that features two equivalent syntax representations, that is visual and textual. Automatic parallelism Luna also features parallelism that uses the state of the art Haskell’s GHC runtime system which helps to run thousands of threads in a fraction of a second. It also automatically partitions a program and schedules its execution over available CPU cores. Users seem to be happy with Luna, a user commented on HackerNews, “Luna looks great. I've been doing work in this area myself and hope to launch my own visual programming environment next month or so.” Few others are happy because Luna features text syntax supports building functional blocks. Another user commented, “I like that Luna has a text syntax. I also like that Luna supports building graph functional blocks that can be nested inside other graphs. That's a missing link in other tools of this type that limits the scale of what you can do with them.” To know more about this, check out the official Luna website. Declarative UI programming faceoff: Apple’s SwiftUI vs Google’s Flutter Polyglot programming allows developers to choose the right language to solve tough engineering problems Researchers highlight impact of programming languages on code quality and reveal flaws in the original FSE study

NVIDIA announced the release of CUDA 10.2 last week. This is the last version to have macOS support for developing CUDA applications and will be completely dropped in the next release. Other updates include libcu++, new interoperability APIs, and more. Key updates in CUDA 10.2 General CUDA 10.2 updates New APIs: CUDA 10.2 ships with CUDA Virtual Memory Management APIs. New interoperability APIs are added for buffer allocation, synchronization, and streaming. However, these are in beta and may change in future releases. Support for new operating systems: This release adds support for a few new operating systems including Fedora 29, Red Hat Enterprise Linux (RHEL) 7.x and 8.x, OpenSUSE 15.x, SUSE SLES 12.4 and SLES 15.x, Ubuntu 16.04.6 LTS and Ubuntu 18.04.3 LTS. In CUDA 10.2, RHEL 6.x is deprecated and support will be dropped in the next release of CUDA. Increased texture size limit for Maxwell+ GPUs: The 1D linear texture size limit for Maxwell+ GPUs in CUDA is now increased to 2^28. Updates in CUDA tools The Nvidia CUDA Compiler (NVCC) now has support for Clang 8.0 and Xcode 10.2 as host compilers. There is a new -forward-unknown-to-host-compiler option that allows forwarding options not recognized by NVCC to the host compiler. Visual Profiler and NVProf now allow tracing features for non-root and non-admin users on desktop platforms. The events and metrics profiling is still restricted to non-root and non-admin users. Also, starting with CUDA 10.2, Visual Profiler and NVProf use dynamic/shared CUPTI library. Users are required to set the path to the CUPTI library before launching Visual Profiler and NVProf. Updates in CUDA libraries cuBLAS: The cuBLAS library is a fast GPU-accelerated implementation of the standard basic linear algebra subroutines (BLAS). In CUDA 10.2, performance is further improved on some large and other GEMM sizes due to increased internal workspace size. cuSOLVER: This library includes a collection of direct solvers that deliver significant acceleration for computer vision, CFD, and linear optimization apps. In this release, a new Tensor Cores Accelerated Iterative Refinement Solver (TCAIRS) is introduced. The cusolverMg library includes ‘cusolverMgGetrf’ and ‘cusolverMgGetrs’ to support multi-GPU LU. cuFFT: This library provides GPU-accelerated FFT implementations that perform up to 10x faster than CPU-only alternatives. This release comes with improved performance and scalability for these use cases: multi-GPU non-power of 2 transforms, R2C and Z2D odd-sized transforms, 2D transforms with small sizes and large batch counts These were a few updates in CUDA 10.2. Read the official release notes to know what else has shipped with this release. CUDA 10.1 released with new tools, libraries, improved performance and more Implementing color and shape-based object detection and tracking with OpenCV and CUDA [Tutorial] NVIDIA releases Kaolin, a PyTorch library to accelerate research in 3D computer vision and AI

Headlines about the recent NPM layoff has raised questions about the company culture and ethics. NPM which stands for Node Package Manager is now being regarded as “Not Politely Managed”. The San Francisco startup, NPM Inc, the company behind the widely used NPM JavaScript package repository,  laid off 5 employees in a wrong, unprofessional and unethical manner. The incident stands imperative of the fact that many of us while accepting those lucrative job offers merely ask companies not to be unethical, and seldom expect them to actually be good. Indeed, social psychologist, Roy Baumeister convincingly argues there’s an evolutionary reason to focus more on getting people to avoid bad things than to do good things; among other reasons, humans are hardwired to consider potential threats that could harm us. Bob Sutton, author of fantastic and influential books like Good Boss, Bad Boss and The No Asshole Rule, draws on Baumeister’s work to highlight why it’s so critical to stamp out poorly behaving leaders (and employees) in organizations. Frédéric Harper, a developer advocate who was among those who lost their jobs, posted at length about the situation on Twitter. His concerns, did not come from being laid off. That happens, he said, and will happen again. "It’s the total lack of respect, empathy and professionalism of the process," he said. In an email to The Register, he said there appeared to be a disconnect between the company's professed values and its behavior. NPM layoff took its roots under the new leadership The layoffs actually started last summer when the company hired a new CEO, Bryan Bogensberger, to take the company from about $3m in annual revenue to 10x-20x, explained an early NPM employee who spoke with The Register on condition of anonymity. Bogensberger was previously the CEO and co-founder of Inktank, a leading provider of scale-out, open source storage systems that was acquired by Red Hat, Inc. for $175 million in 2014. , He has been running NPM since around July or August 2018, a source explained, but wasn't actually announced as CEO until January 2019 because his paperwork wasn't in order. Bryan brought in his own people, displacing longtime NPM staffers. "As he stacked the management ranks with former colleagues from a previous startup, there were unforced errors," another source explained to the Register. A culture of suspicion and hostility emerged under the new leadership. At NPM an all-hands meeting was held at which employees were encouraged to ask frank questions about the company's new direction. Those who spoke up were summarily fired last week, the individual said, at the recommendation of an HR consultant. https://twitter.com/ThatMightBePaul/status/1112843936136159232 People were very surprised by the layoffs at NPM. "There was no sign it was coming. It wasn't skills based because some of them heard they were doing great." said CJ Silverio, ex-CTO at NPM who was laid off last December. Silverio and Harper both are publicizing the layoff as they had declined to sign the non-disparagement clause in the NPM severance package. The non-disparagement clause prevents disclosure of the company’s wrongdoing publicly. A California law which came into effect in January, SB 1300 prohibits non-disparagement clause in the employment severance package but in general such clauses are legal. One of the employees fired last Friday was a month away from having stock options vest. The individual could have retained those options by signing a non-disparagement clause, but refused. https://twitter.com/neverett/status/1110626264841359360 “We can not comment on confidential personnel matters," CEO Bryan Bogensberger mentioned. "However, since November 1, we have approximately doubled in size to 55 people today, and continue to hire aggressively for many positions that will optimize and expand our ability to support and grow the JavaScript ecosystem over the long term.” Javascript community sees it as a leadership failure The community is full of outrage on this incident, many of them have regarded this as a 100% leadership failure. Others have commented that they would put NPM under the list of “do not apply” for jobs in this company. This news comes to them as a huge disappointment and there are questions asked about the continuity of the npm registry. Some of them also commented on creating a non profit node packages registry. While others have downgraded their paid package subscription to a free subscription. Rebecca Turner, core contributor to the project and one of the direct reportees to Harper has voluntarily put down her papers in solidarity with her direct reports who were let go. https://twitter.com/ReBeccaOrg/status/1113121700281851904 How goodness inspires goodness in organization Compelling research by David Jones and his colleagues finds that job applicants would prefer to work for companies that show real social responsibility–those that improve their communities, the environment, and the world. Employees are most likely to be galvanized by leaders who are actively perceived to be fair, virtuous, and self-sacrificing. Separate research by Ethical Systems founder, Jonathan Haidt demonstrates that such leaders influence employees to feel a sense of “elevation”—a positive emotion that lifts them up as a result of moral excellence. Liz Fong, a developer advocate at Honeycomb tweets on the npm layoff that she will never want to be a manager again if she had to go through this kind of process. https://twitter.com/lizthegrey/status/1112902206381064192 Layoffs becoming more common and frequent in Tech Last week we also had IBM in news for being sued by former employees for violating laws prohibiting age discrimination in the workplace: the Older Workers Benefit Protection Act (OWBPA) and the Age Discrimination in Employment Act (ADEA). Another news last week which came as a shocker was Oracle laying off a huge number of employees as a part of its “organizational restructuring”. The reason behind this layoff round was not clear, while some said that this was done to save money, some others said that people working on a legacy product were let go. While all of these does raise questions about the company culture, it may not be wrong to say that the Internet and social media makes corporate scandals harder than ever to hide. With real social responsibility easier than ever to see and applaud–we hope to see more of “the right things” actually getting done. Update from the NPM statement after 10 days of the incident After receiving public and community backlash on such actions, NPM published a statement on Medium on April 11 that, "we let go of 5 people in a company restructuring. The way that we undertook the process, unfortunately, made the terminations more painful than they needed to be, which we deeply regret, and we are sorry. As part of our mission, it’s important that we treat our employees and our community well. We will continue to refine and review our processes internally, utilizing the feedback we receive to be the best company and community we can be." Does this mean that any company for its selfish motives can remove its employees and later apologize to clean its image? Update on 14th June, Special report from The Register The Register published a special report last Friday saying that JavaScript package registry and NPM Inc is planning to fight union-busting complaints brought to America's labor watchdog by fired staffers, rather than settling the claims. An NLRB filing obtained by The Register alleges several incidents in which those terminated claim executives took action against them in violation of labor laws. On February 27, 2019, the filing states, a senior VP "during a meeting with employees at a work conference in Napa Valley, California, implicitly threatened employees with unspecified reprisals for raising group concerns about their working conditions." The document also describes a March 25, 2019, video conference call in which it was "impliedly [sic] threatened that [NPM Inc] would terminate employees who engaged in union activities," and a message sent over the company's Keybase messaging system that threatened similar reprisals "for discussing employee layoffs." The alleged threats followed a letter presented to this VP in mid-February that outlined employee concerns about "management, increased workload, and employee retention." The Register has heard accounts of negotiations between the tech company and its aggrieved former employees, from individuals apprised of the talks, during which a clearly fuming CEO Bryan Bogensberger called off settlement discussions, a curious gambit – if accurate – given the insubstantial amount of money on the table. NPM Inc has defended its moves as necessary to establish a sustainable business, but in prioritizing profit – arguably at the expense of people – it has alienated a fair number of developers who now imagine a future that doesn't depend as much on NPM's resources. The situation has deteriorated to the point that former staffers say the code for the npm command-line interface (CLI) suffers from neglect, with unfixed bugs piling up and pull requests languishing. The Register understands further staff attrition related to the CLI is expected. To know about this story in detail check out the report published by The Register. The npm engineering team shares why Rust was the best choice for addressing CPU-bound bottlenecks npm Inc. announces npm Enterprise, the first management code registry for organizations npm JavaScript predictions for 2019: React, GraphQL, and TypeScript are three technologies to learn

Go, the popular programming language is adding an internal language server protocol (LSP). This is expected to bring features like code autocompletion and diagnostics available in Golang. LSP is used between a user and a server to integrate features such as autocomplete, go to definition, find all references and alike into the tool. It was created by Microsoft to define a common language for enabling programming language analyzers to communicate. It is growing in popularity with adoption from companies like Codenvy, Red Hat, and Sourcegraph. There is also a rapidly growing list of editor and language communities supporting LSP. Golang already has a language server available on GitHub. This version has support for Hover jump to def, workspace symbols, and find references. But, it does not support code completion and diagnostics. Sourcegraph CEO Quinn Slack stated in a comment on Hacker News: “The idea is that with a Go language server becoming a core part of Go, it will have a lot more resources invested into it and it will surpass where the current implementation is now.” The Go language server made by Sourcegraph available currently on GitHub is not a core part of Golang. It uses tools and custom extensions not maintained by the Go team. The hope is that the core LSP implementation will be good enough and that SourceGraph can re-use this implementation in the future to bring down the number of implementations to just one. Slack said in a comment that they are very happy with this implementation: “We are 10,000% supportive of this, as we've discussed openly in the golang-tools group and with the Go team. The Go team was commendably empathetic about the optics here, and we urged them very, very, very directly to do this.” This core implementation of LSP by the Golang team is also beneficial for Sourcegraph from a business perspective. Sourcegraph sells a product that lets you search and browse all your code, which involves using language servers for certain features like hovers, definitions and references. Since the core work will be done by the Golang team, Sourcegraph won’t have to invest more time into building their implementation of Go language server. For more information, visit the Googlesource website. Golang 1.11 is here with modules and experimental WebAssembly port among other updates Why Golang is the fastest growing language on GitHub Go 2 design drafts include plans for better error handling and generics

Yesterday, on the first day of Microsoft Build 2019, the team at Microsoft introduced WSL 2, the newest architecture for the Windows Subsystem for Linux. With WSL 2, file system performance will increase and users will be able to run more Linux apps. The initial builds of WSL 2 will be available by the end of June, this year. https://twitter.com/windowsdev/status/1125484494616649728 https://twitter.com/poppastring/status/1125489352795201539 What’s new in WSL 2? Run Linux libraries WSL 2 powers Windows Subsystem for Linux to run ELF64 Linux binaries on Windows. This new architecture brings changes to how these Linux binaries interact with Windows and computer’s hardware, but it will still manage to provide the same user experience as in WSL Linux distros With this release, the individual Linux distros can be run either as a WSL 1 distro, or as a WSL 2 distro, and can be upgraded or downgraded at any time. Also, users can run WSL 1 and WSL 2 distros side by side. This new architecture uses an entirely new architecture that uses a real Linux kernel. Increases speed With this release, file-intensive operations like git clone, npm install, apt update, apt upgrade, and more will get faster. The initial tests that the team has run have WSL 2 running up to 20x faster as compared to WSL 1, when unpacking a zipped tarball. And it is around 2-5x faster while using git clone, npm install and cmake on various projects. Linux kernel with Windows The team will be shipping an open source real Linux kernel with Windows which will make full system call compatibility possible. This will also be the first time a Linux kernel is shipped with Windows. The team is building the kernel in house and in the initial builds they will ship version 4.19 of the kernel. This kernel is been designed in tune with WSL 2 and it has been optimized for size and performance. The team will service this Linux kernel through Windows updates, users will get the latest security fixes and kernel improvements without needing to manage it themselves. The configuration for this kernel will be available on GitHub once WSL 2 will release. The WSL kernel source will consist of links to a set of patches in addition to the long-term stable source. Full system call compatibility The Linux binaries use system calls for performing functions such as accessing files, requesting memory, creating processes, and more. In WSL 1 the team has created a translation layer that interprets most of these system calls and allow them to work on the Windows NT kernel. It is challenging to implement all of these system calls, where some of the apps don’t run properly in WSL 1. WSL 2 includes its own Linux kernel which has full system call compatibility. To know more about this news, check out Microsoft’s blog post. Microsoft introduces Remote Development extensions to make remote development easier on VS Code Docker announces collaboration with Microsoft’s .NET at DockerCon 2019 Microsoft and GitHub employees come together to stand with the 996.ICU repository      

Yesterday, the Qt team came up with two major releases, Qt Creator 4.8.0 and the long term support of Qt 5.12. In October, the team released the beta version of Qt Creator 4.8.0 and Qt 5.12 LTS beta. Qt, a cross-platform SDK, helps in quickly and cost-effectively designing, developing, deploying, and maintaining software. What’s new in Qt Creator 4.8.0? Programming Language Support Qt Creator 4.8.0 comes with an added support to Language Server Protocol (LSP), a  standardized bridge between an editor/IDE and a programming language that supports various programming languages. Generic highlighter Qt Creator features code completion, highlighting the symbol under cursor, jumping to the symbol definition, and integrating diagnostics from the language server. This code highlighting is possible with the help of generic highlighter. C++ Support This version of Qt Creator has updated Clang code model to LLVM 7.0. The project information that the code model has, can be exported as a compilation database using the  new Build > Generate Compilation Database. New plugins Compilation Database Projects Qt Creator 4.8.0 comes with CompilationDatabaseProjectManager plugin, which helps users to work with compilation databases as projects. A compilation database is a list of files and the compiler flags are used for compiling them. Clang Format The ClangFormat plugin does the auto-indentation with the help of LibFormat, a library that implements automatic source code formatting based on Clang Format. Cppcheck The Cppcheck plugin integrates the diagnostics which are generated by the tool Cppcheck into the editor. LanguageClient This version comes with an experimental plugin, LanguageClient for supporting the language server protocol. Editing Qt Creator 4.8.0 comes with added support for the pastecode.xyz code pasting service. Also, now it is possible to change default editors in MIME type settings. Debugging With Qt Creator 4.8.0, it is possible to simultaneously run multiple debuggers. The debugger toolbar has an additional pop up menu where users can easily switch between running debugger instances and the preset view for starting new debuggers. The running debugger instances can also maintain its own set of views and their layout. Git This version comes with an added support for GitHub and GitLab. A navigation pane has been added to this version that shows branches. Also, an option for copy/move detection to git blame has been added. Android This release comes with an added support for command line arguments, environment variables, and API level 28. Improvements There is also an option for disabling automatic creation of run configurations in Qt Creator 4.8.0 An option that opens terminal with build or run environment has been added in the in this release. In Qt Creator 4.8.0, the process of handling the relative file paths for custom error parsers has been improved. It is now possible to add libraries for other target platforms in Add Library wizard. There are improvements made to the Qbs projects as it has added qmlDesignerImportPaths property for specifying QML import paths for Qt Quick Designer. The remote Linux has been updated to Botan 2.8 in this version. Major bug fixes Issues with local references for operator arguments has been fixed Qt Creator 4.8.0 now supports UI headers. The crash that occurs while removing diagnostics configuration has been fixed now. The issues regarding the detecting language version have been fixed now. It is now possible to process function extraction from nested classes. The startup issue with localized debugger output has been fixed. The previous version gave invalid access to network paths, this problem has now been fixed with Qt Creator 4.8.0. Get more information about Qt Creator 4.8.0 on Qt’s official blog post. Qt 5.12 LTS releases with support for Python, WebAssembly and more Qt for Python Qt 5.12 LTS supports Python by making all of the Qt APIs available to Python developers. The tech preview is currently available to the users for testing, while the official release will come up shortly after Qt 5.12 LTS. Qt for Python also supports Qt’s C++ APIs and makes them accessible to Python programmers. Python developers will now be able to create complex graphical applications and user interfaces. Qt for WebAssembly Qt 5.12 contains the technology preview for Qt for WebAssembly. Qt for WebAssembly compiles a Qt application to run in any modern Web browser. Qt Remote Objects Qt Remote Objects helps in making the IPC between Qt based processes seamless. It exposes the properties, signals, and slots of a QObject to other processes. Major improvements in Qt Creator 5.12 LTS Improvements to JavaScript engine The new release brings improvements to JavaScript engine, which now supports QML. This release now fully supports ECMAScript 7 which enables modern JavaScript and also simplifies the integration of Javascript libraries. Qt Creator 5.12 LTS supports ECMAScript modules and they can be loaded from C++ as well as QML/JS. TableView Qt Creator 5.12 LTS comes with TableView as another type of Item View in Qt Quick, a free software application framework developed and maintained by the Qt Project. Its performance is better than its previous QQC1 implementation. Pointer Handlers The Pointer Handlers of Qt 5.11 are now renamed as Input Handlers and are also fully supported as a feature in Qt Quick in Qt 5.12. The Input Handlers now simplify the creation of complex interactions. This release comes with two new Input Handlers for hovering and dragging items. Windows UI Automation This version comes with Windows UI Automation that allows Qt-based UWP applications to operate with accessibility and programmatic UI control tools. The tablet/touchscreen/touchpad/mouse input has been replaced with a unified implementation based Windows Pointer Input Messages on Windows 8 and above versions. To know more about Qt Creator 5.12 LTS, check out Qt’s official blog post. Qt creator 4.8 beta released, adds language server protocol Qt Creator 4.7.0 releases! How to Debug an application using Qt Creator

.NET Core 3.0 was announced in May this year, it adds support for building desktop applications using WinForms, WPF, and Entity Framework 6. Updates to .NET Framework were also announced which enable use of new modern controls from UWP in existing WinForms and WPF applications. Now, more details are out on both of them. .NET Core 3.0 .NET Core 3.0 addresses three scenarios asked by the .NET framework developer community. Multiple versions of .NET on the same machine As of now, only one version of .NET Framework can be installed on a machine. An update to the .NET Framework poses a risk of a security fix, bug fix, or new API breaking applications on the machine. Now Microsoft aims to solve this problem by allowing multiple versions of .NET Core  to reside on one machine. The applications that need to be stable can be locked to one of the stable versions then later on be moved to use the newer version as it is ready. Embedding .NET directly into an application Since there can only be one version of .NET Framework on a machine, to take advantage of the latest framework or language features, the newer version needs to be installed. With .NET Core, you can now ship the framework as a part of an application. This enables developers to take advantage of the new features of the latest version without having to wait for the framework to install. Taking advantage of .NET Core features The side-by-side nature of .NET enables introduction of new innovative APIs and Base Class Library (BCL) improvements without the risk of breaking compatibility. WinForms and WPF applications on Windows can now take advantage of the latest .NET Core features. These features include more fundamental fixes for a better high-DPI support. .NET Framework 4.8 .NET Framework 4.8 also addresses three scenarios asked for by the .NET Framework developer community. Modern browser and media controls .NET desktop applications use the Internet Explorer and Windows Media Player for displaying HTML and playing media files. These legacy controls don’t show the latest HTML or play the latest media files. Hence, Microsoft is adding new controls to advantage of Microsoft Edge and newer media players thereby supporting the latest standards. Access to touch and UWP Controls The Universal Windows Platform (UWP) contains new controls to take advantage of the latest Windows features and the devices with touch displays. The code in your application does not have to be rewritten to use these new features and controls. Microsoft is going to make them available to WinForms and WPF enabling the developers to take advantage of these new features in the existing code of applications created. Improvements for high DPI The standard resolution of computer displays is steadily becoming 4K and now even 8K resolutions are available. WIth the newer versions WinForms and WPF applications will look great on these high resolution displays. The future of .NET .NET Framework is installed over one billion machines, hence even a security fix introducing a bug will affect a lot of devices. .NET Core is a fast-moving version of .NET. Because of its side-by-side nature it can take changes that can prove very risky in .NET Framework. Meaning, .NET Core is bound to get new APIs and language features over time that .NET Framework cannot. If your existing applications are on .NET Framework, there is no immediate need to move to .NET Core. For more details, visit the Microsoft Blog. .NET Core 2.0 reaches end of life, no longer supported by Microsoft .NET announcements: Preview 2 of .NET Core 2.2 and Entity Framework Core 2.2, C# 7.3, and ML.NET 0.5 Microsoft’s .NET Core 2.1 now powers Bing.com

Yesterday, Microsoft released a new static type checker for Python called Pyright to fill in the gaps in existing Python type checkers like mypy. Currently, this type checker supports Python 3.0 and its newer versions. What are the type checking features Pyright brings in? It comes with support for PEP 484 (type hints including generics), PEP 526 (syntax for variable annotations), and PEP 544 (structural subtyping). It supports type inference for function return values, instance variables, class variables, and globals. It provides smart type constraints that can understand conditional code flow constructs like if/else statements. Increased speed Pyright shows 5x speed as compared to mypy and other existing type checkers written in Python. It was built keeping large source bases in mind and can perform incremental updates when files are modified. No need for setting up a Python Environment Since Pyright is written in TypeScript and runs within Node, you do not need to set up a Python environment or import third-party packages for installation. This proves really helpful when using the VS Code editor, which has Node as its extension runtime. Flexible configurability Pyright enables users to have granular control over settings. You can specify different execution environments for different subsets of a source base. For each environment, you can specify different PYTHONPATH settings, Python version, and platform target. To know more in detail about Pyright, check out its GitHub repository. Debugging and Profiling Python Scripts [Tutorial] Python 3.8 alpha 2 is now available for testing Core CPython developer unveils a new project that can analyze his phone’s ‘silent connections’  

Last week, the team at Telegram, the messaging app, introduced new features for group admins and users. These features include Slow Mode switch, custom titles, features for videos, and much more. What’s new in Telegram? Admins get more authority to manage the group  Slow Mode switch The Slow Mode feature will allow the group admin to control how often a member could send a message in the group. Once the admin enables Slow Mode in a group, the users will be able to send one message per the interval they choose. Also, a timer will be shown to the users which would tell them how long they need to wait before sending their next message. This feature is introduced to make group conversations more orderly and also to raise the value of each individual message. The official post suggests admins to “Keep it (Slow Mode feature) on permanently, or toggle as necessary to throttle rush hour traffic.” Image Source: Telegram Custom titles Group owners will now be able to set custom titles for admins like ‘Meme Queen’, ‘Spam Hammer’ or ‘El Duderino’. These custom titles will be shown with the default admin labels. For adding a custom title, users need to edit admin's rights in Group Settings. Image Source: Telegram Silent messages Telegram has now planned to bring more peace of mind to its users by introducing a feature that allows its users to message friends without any sound. Users just have to hold the send button to have any message or media delivered. New feature for videos Videos shared on Telegram now show thumbnail previews as users scroll through the videos to help them find the moment they were looking for. If users add a timestamp like 0:45 to a video caption, it will be automatically highlighted as a link. Also, if a user taps on a timestamp the video will play from the right spot.  Comments widget The team has come up with a new tool called Comments.App for users to comment on channel posts. With the help of the comments widget, users can log in with just two taps and comment with text and photos, as well as like, dislike and further reply to comments from others. Few users are excited about this news and appreciate Telegram over Whatsapp because it provides by default end to end encryption. A user commented on HackerNews, “I really like Telegram. Only end-to-end encryption by default and in group chats would make it perfect.” To know more about this news, check out the official post by Telegram. Telegram faces massive DDoS attack; suspects link to the ongoing Hong Kong protests Hacker destroys Iranian cyber-espionage data; leaks source code of APT34’s hacking tools on Telegram Trick or a treat: Telegram announces its new ‘delete feature’ that deletes messages on both the ends

GrapheneOS, an open source privacy and security focused mobile OS comes with Android app compatibility. The GrapheneOS releases are supported by the Auditor app as well as attestation service for hardware-based attestation. The GrapheneOS research and engineering project has been in progress for over 5 years. In March, the AndroidHardening project got renamed to GrapheneOS. Two days ago, GrapheneOS released a new website grapheneos.org with additional documentation, tutorials and coverage of topics related to software, firmware and hardware as well as privacy/security features expected in the future. The team has also released a new version PQ3A.190605.003.2019.06.03.18 with device support, Auditor app and Hardened malloc among other fixes. Changes in GrapheneOS project Auditor: update to version 12 The Auditor app has an added support for verifying CalyxOS on the Pixel 2, Pixel 2 XL, Pixel 3 and Pixel 3 XL and even verified boot hash display has been added. Auditor uses hardware security features on supported devices for validating the integrity of the operating system from another Android device. The Auditor app will now also verify that the device is running the stock operating system with the bootloader locked and further will check that no tampering has occurred with the operating system. The list of supported devices for the auditor app include BlackBerry Key2, BQ Aquaris X2 Pro, Google Pixel, 2, Google Pixel 2 XL, Google Pixel 3, Google Pixel 3 XL, Google Pixel 3a, Google Pixel 3a XL, Huawei Honor 7A Pro, Huawei Honor 10, and more. Full list here. https://twitter.com/GrapheneOS/status/1125928692671057920 Hardened malloc Hardened malloc is a security-focused general purpose memory allocator that provides the malloc API along with various extensions. This security-focused design leads to lesser metadata overhead and memory waste from fragmentation than a traditional allocator design. https://twitter.com/GrapheneOS/status/1113556017768325120 It also offers substantial hardening against heap corruption vulnerabilities and aims to provide a decent overall performance focused on long-term performance and memory usage. Hardened malloc currently supports Bionic (Android), musl and glibc and it may also support other non-Linux operating systems in the future. There's custom integration along with other hardening features for which has also been planned for musl in the future. The hardened_malloc for GrapheneOS only is further expanded to workaround for Pixel 3 and Pixel 3 XL camera issues. GrapheneOS now needs to move towards a microkernel-based model with a Linux compatibility layer and it needs to adopt virtualization-based isolation. According to the team, the project will have to move into the hardware space in the long term. Restoration of past features Restoration of past features since the 2019.05.18.20 release include: Exec spawning while using debugging options has been disabled. Exec spawning has been enabled by default. Verizon visual voicemail support has been enabled. Toggle for disabling newly added USB devices has been added to Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL Properties for controlling deny_new_usb has been added Implementation of dynamic deny_new_usb toggle mode deny_new_usb feature is set to dynamic by default Many are happy with this latest update. A user commented on HackerNews, “They're making good progress and I can't wait to be able to update my handheld device with mainline pieces for as long as anyone who still uses one cares to update it. Currently my Samsung Android device is at Dec 2018 patchlevel and nothing I can do about it.” Few others are skeptical about this news, another user commented, “There is security, and then there is freedom. You can have the most secure system in the world -- but if there are state sponsored, or company back doors it means nothing.” To know more about this news, check out the official website. AndroidHardening Project renamed to GrapheneOS to reflect progress and expansion of the project GitHub introduces ‘Template repository’ for easy boilerplate code management and distribution Microsoft quietly deleted 10 million faces from MS Celeb, the world’s largest facial recognition database      

Yesterday Facebook released a new JavaScript engine called Hermes under an open source MIT license. According to Facebook, this new engine will speed up start times for native Android apps built with React Native framework. https://twitter.com/reactnative/status/1149347916877901824 Facebook software engineer Marc Horowitz unveiled Hermes at the Chain React 2019 conference held yesterday in Portland, Oregon. Hermes is a new tool for developers to primarily improve app startup performance in the same way Facebook does for its apps, and to make apps more efficient on low-end smartphones. The supposed advantage of Hermes is that developers can target all three mobile platforms with a single code base; but as with any cross-platform framework, there are trade offs in terms of performance, security and flexibility. Hermes is available on GitHub for all developers to use. It has also got its own Twitter account and home page. In a demo, Horowitz showed that a React Native app with Hermes was fully loaded within half the time the same app without Hermes loaded, or about two seconds faster. Check out the video below: Horowitz emphasized on the fact that Hermes cuts the APK size (the size of the app file) to half the 41MB of a stock React Native app, and removes a quarter of the app's memory usage. In other words, with Hermes developers can get users interacting with an app faster with fewer obstacles like slow download times and constraints caused by multiple apps sharing in a limited memory resources, especially on lower-end phones. And these are exactly the phones Facebook is aiming at with Hermes, compared to the fancy high-end phones that well-paid developers typically use themselves. "As developers we tend to carry the latest flagship devices. Most users around the world don't," he said. "Commonly used Android devices have less memory and less storage than the newest phones and much less than a desktop. This is especially true outside of the United States. Mobile flash is also relatively slow, leading to high I/O latency." It's not every day a new JavaScript engine is born, but while there are plenty such engines available for browsers, like Google's V8, Mozilla's SpiderMonkey, Microsoft's Chakra, Horowitz notes Hermes is not aimed at browsers or, for example, how Node.js on the server side. "We're not trying to compete in the browser space or the server space. Hermes could in theory be for those kinds of use cases, that's never been our goal." The Register reports that Facebook has no plan to push Hermes' beyond React Native to Node.js or to turn it into the foundation of a Facebook-branded browser. This is because it's optimized for mobile apps and wouldn't offer advantages over other engines in other usage scenarios. Hermes tries to be efficient through bytecode precompilation – rather than loading JavaScript and then parsing it. Hermes employs ahead-of-time (AOT) compilation during the mobile app build process to allow for more extensive bytecode optimization. Along similar lines, the Fuchsia Dart compiler for iOS is an AOT compiler. There are other ways to squeeze more performance out of JavaScript. The V8 engine, for example, offers a capability called custom snapshots. However, this is a bit more technically demanding than using Hermes. Hermes also abandons the just in time (JIT) compiler used by other JavaScript engines to compile frequently interpreted code into machine code. In the context of React Native, the JIT doesn't do that much to ease mobile app workloads. The reason Hermes exists, as per Facebook, is to make React Native better. "Hermes allows for more optimization on mobile since developers control the build stack," said a Facebook spokesperson in an email to The Register. "For example, we implemented bytecode precompilation to improve performance and developed more efficient garbage collection to reduce memory usage." In a discussion on Hacker News, Microsoft developer Andrew Coates claims that internal testing of Hermes and React Native in conjunction with Microsoft Office for Android shows TTI using Hermes at 1.1s, compared to 1.4s for V8, and with 21.5MB runtime memory impact, compared to 30MB with V8. Hermes is mostly compatible with ES6 JavaScript. To keep the engine small, support for some language features is missing, like with statements and local mode eval(). Facebook’s spokesperson also said to The Register that they are planning to publish benchmark figures in the next week to support its performance claims. Declarative UI programming faceoff: Apple’s SwiftUI vs Google’s Flutter OpenID Foundation questions Apple’s Sign In feature, says it has security and privacy risks Material-UI v4 releases with CSS specificity, Classes boilerplate, migration to Typescript and more