The PHP programming language has sunk to its lowest position ever on the long-running TIOBE index of programming language popularity. It now ranks #17 — lower than Assembly Language, Ruby, Swift, Scratch, and MATLAB. InfoWorld reports: When the Tiobe index started in 2001, PHP was about to become the standard language for building websites, said Paul Jansen, CEO of software quality services vendor Tiobe. PHP even reached the top 3 spot in the index, ranking third several times between 2006 and 2010. But as competing web development frameworks such as Ruby on Rails, Django, and React arrived in other languages, PHP's popularity waned.

"The major driving languages behind these new frameworks were Ruby, Python, and most notably JavaScript," Jansen noted in his statement accompanying the index. "On top of this competition, some security issues were found in PHP. As a result, PHP had to reinvent itself." Nowadays, PHP still has a strong presence in small and medium websites and is the language leveraged in the WordPress web content management system. "PHP is certainly not gone, but its glory days seem to be over," Jansen said.
A note on the rival Pypl Popularity of Programming Language Index argues that the TIOBE Index "is a lagging indicator. It counts the number of web pages with the language name." So while "Objective-C" ranks #30 on TIOBE's index (one rank above Classic Visual Basic), "who is reading those Objective-C web pages? Hardly anyone, according to Google Trends data." On TIOBE's index, Fortran now ranks #10.

Meanwhile, PHP ranks #7 on Pypl (based on the frequency of searches for language tutorials).

TIOBE's top ten?

1. Python
2. C
3. C++
4. Java
5. C#
6. JavaScript
7. Go
8. Visual Basic
9. SQL
10. Fortran

The next two languages, ranked #11 and #12, are Delphi/Object Pascal and Assembly Language.

Apple, in a blog post: We are delighted to announce the open source first release of Pkl (pronounced Pickle), a programming language for producing configuration. When thinking about configuration, it is common to think of static languages like JSON, YAML, or Property Lists. While these languages have their own merits, they tend to fall short when configuration grows in complexity. For example, their lack of expressivity means that code often gets repeated. Additionally, it can be easy to make configuration errors, because these formats do not provide any validation of their own. To address these shortcomings, sometimes formats get enhanced by ancillary tools that add special logic. For example, perhaps there's a need to make code more DRY, so a special property is introduced that understands how to resolve references, and merge objects together. Alternatively, there's a need to guard against validation errors, so some new way is created to validate a configuration value against an expected type. Before long, these formats almost become programming languages, but ones that are hard to understand and hard to write.

On the other end of the spectrum, a general-purpose language might be used instead. Languages like Kotlin, Ruby, or JavaScript become the basis for DSLs that generate configuration data. While these languages are tremendously powerful, they can be awkward to use for describing configuration, because they are not oriented around defining and validating data. Additionally, these DSLs tend to be tied to their own ecosystems. It is a hard sell to use a Kotlin DSL as the configuration layer for an application written in Go. We created Pkl because we think that configuration is best expressed as a blend between a static language and a general-purpose programming language. We want to take the best of both worlds; to provide a language that is declarative and simple to read and write, but enhanced with capabilities borrowed from general-purpose languages. When writing Pkl, you are able to use the language features you'd expect, like classes, functions, conditionals, and loops. You can build abstraction layers, and share code by creating packages and publishing them. Most importantly, you can use Pkl to meet many different types of configuration needs. It can be used to produce static configuration files in any format, or be embedded as a library into another application runtime.

We designed Pkl with three overarching goals:
To provide safety by catching validation errors before deployment.
To scale from simple to complex use-cases.
To be a joy to write, with our best-in-class IDE integrations.

In response to new EU regulations, Apple on Thursday outlined plans to allow iOS developers to distribute apps outside the App Store starting in March, though developers must still submit apps for Apple's review and pay commissions. Now critics say the changes don't go far enough and Apple retains too much control.

Epic Games CEO Tim Sweeney: They are forcing developers to choose between App Store exclusivity and the store terms, which will be illegal under DMA (Digital Markets Act), or accept a new also-illegal anticompetitive scheme rife with new Junk Fees on downloads and new Apple taxes on payments they don't process. 37signals's David Heinemeier Hansson, who is also the creator of Ruby on Rails: Let's start with the extortion regime that'll befell any large developer who might be tempted to try hosting their app in one of these new alternative app stores that the EU forced Apple to allow. And let's take Meta as a good example. Their Instagram app alone is used by over 300 million people in Europe. Let's just say for easy math there's 250 million of those in the EU. In order to distribute Instagram on, say, a new Microsoft iOS App Store, Meta would have to pay Apple $11,277,174 PER MONTH(!!!) as a "Core Technology Fee." That's $135 MILLION DOLLARS per year. Just for the privilege of putting Instagram into a competing store. No fee if they stay in Apple's App Store exclusively.

Holy shakedown, batman! That might be the most blatant extortion attempt ever committed to public policy by any technology company ever. And Meta has many successful apps! WhatsApp is even more popular in Europe than Instagram, so that's another $135M+/year. Then they gotta pay for the Facebook app too. There's the Messenger app. You add a hundred million here and a hundred million there, and suddenly you're talking about real money! Even for a big corporation like Meta, it would be an insane expense to offer all their apps in these new alternative app stores.

Which, of course, is the entire point. Apple doesn't want Meta, or anyone, to actually use these alternative app stores. They want everything to stay exactly as it is, so they can continue with the rake undisturbed. This poison pill is therefore explicitly designed to ensure that no second-party app store ever takes off. Without any of the big apps, there will be no draw, and there'll be no stores. All of the EU's efforts to create competition in the digital markets will be for nothing. And Apple gets to send a clear signal: If you interrupt our tool-booth operation, we'll make you regret it, and we'll make you pay. Don't resist, just let it be. Let's hope the EU doesn't just let it be. Coalition of App Fairness, an industry body that represents over 70 firms including Tinder, Spotify, Proton, Tile, and News Media Europe: "Apple clearly has no intention to comply with the DMA. Apple is introducing new fees on direct downloads and payments they do nothing to process, which violates the law. This plan does not achieve the DMA's goal to increase competition and fairness in the digital market -- it is not fair, reasonable, nor non-discriminatory," said Rick VanMeter, Executive Director of the Coalition for App Fairness.

"Apple's proposal forces developers to choose between two anticompetitive and illegal options. Either stick with the terrible status quo or opt into a new convoluted set of terms that are bad for developers and consumers alike. This is yet another attempt to circumvent regulation, the likes of which we've seen in the United States, the Netherlands and South Korea. Apple's 'plan' is a shameless insult to the European Commission and the millions of European consumers they represent -- it must not stand and should be rejected by the Commission."

Web software firm 37Signals has migrated off the cloud after spending $3.2 million on Amazon Web Services last year, said co-founder David Heinemeier Hansson, who is also the creator of Ruby on Rails. The Basecamp project management software-maker bought $600,000 of Dell servers and expects to save over $7 million in five years by running operations in-house. From a report: DHH likened clouds to "merchants of complexity" where they are incentivized to make things as complex as possible to keep customers hooked. He compared that to the original Internet, which was not built on complex cloud services geared for multi-tenancy, but rather on simpler tools such as Linux and PHP, which anyone could use without cost. This is not to say cloud has zero value for all use cases, [Kelsey] Hightower and DHH agreed.

Clouds make perfect sense in many cases, for start-ups that do not know how much infrastructure they will need, and also for enterprises with a lack of expertise and money to burn. For many companies in the middle, though a lot of profit margin can be recovered by reducing cloud costs and running things in-house instead, the two argued.

An anonymous Slashdot reader shared this report from CNET: Marking its 60th year on television, the British time-travel series will close out 2023 with one last anniversary special that arrives on Christmas Day. Ncuti Gatwa's Doctor helms the Tardis in The Church on Ruby Road, which centers on an abandoned baby who grows up looking for answers... Disney Plus will stream Doctor Who: The Church on Ruby Road on Monday, Dec. 25, at 12:55 p.m. ET (9:55 a.m. PT) in all regions except the UK and Ireland, where it will air on the BBC. In case you missed it, viewers can also watch David Tennant starring in the other three anniversary specials: The Star Beast, Wild Blue Yonder and The Giggle. All releases are available on Disney Plus.
But what's interesting is CNET goes on to explain "why a VPN could be a useful tool." Perhaps you're traveling abroad and want to stream Disney Plus while away from home. With a VPN, you're able to virtually change your location on your phone, tablet or laptop to get access to the series from anywhere in the world. There are other good reasons to use a VPN for streaming too. A VPN is the best way to encrypt your traffic and stop your ISP from throttling your speeds...

You can use a VPN to stream content legally as long as VPNs are allowed in your country and you have a valid subscription to the streaming service you're using. The U.S. and Canada are among the countries where VPNs are legal

An anonymous reader shared this report from InfoWorld: JetBrains' Kotlin language, a Java rival endorsed by Google for Android mobile development, continues to scale up Tiobe's index of language popularity, reaching the 15th spot in the November 2023 rankings...

Software quality services company Tiobe cites Kotlin advantages including interoperability with Java and unrivaled Android accommodations as reasons for the language's rise. Kotlin, Tiobe CEO Paul Jansen said, also fits in with a modern programming culture of expressive languages that have a strong type system and avoid null pointer exceptions by design. "Based on my experience, I am pretty sure Kotlin can reach a top 10 position," Jansen said. It remains to be seen if it can ever scale as high as a top four slot, he added...

In the rival Pypl Popularity of Programming languages index this month, Kotlin was ranked 13th with a 1.76% share, having slipped slightly year-over-year.
Kotlin's rank on the TIOBE index rose three positions in the last month — after rising two positions the month before. TIOBE's CEO says the language has now achieved its highest ranking ever on the index, surpassing 2017's "first wave of Kotlin popularity...when Google announced first class support for Kotlin on Android."

Rust now ranks #20 on the index, behind Delphi/Object Pascal, Swift, Ruby, and R.

Here's TIOBE November rankings for top-20 most popular programming languages:

1. Python
2. C
3. C++
4. Java
5. C#
6. JavaScript
7. PHP
8. Visual Basic
9. SQL
10. Assembly Language
11. Scratch
12. Fortran
13. Go
14. MATLAB
15. Kotlin
16. Delphi/Object Pascal
17. Swift
18. Ruby
19. R
20. Rust

The senior security editor at Ars Technica writes: Highly invasive malware targeting software developers is once again circulating in Trojanized code libraries, with the latest ones downloaded thousands of times in the last eight months, researchers said Wednesday.

Since January, eight separate developer tools have contained hidden payloads with various nefarious capabilities, security firm Checkmarx reported. The most recent one was released last month under the name "pyobfgood." Like the seven packages that preceded it, pyobfgood posed as a legitimate obfuscation tool that developers could use to deter reverse engineering and tampering with their code. Once executed, it installed a payload, giving the attacker almost complete control of the developerâ(TM)s machine. Capabilities include:


- Exfiltrate detailed host information
- Steal passwords from the Chrome web browser
- Set up a keylogger
- Download files from the victim's system
- Capture screenshots and record both screen and audio
- Render the computer inoperative by ramping up CPU usage, inserting a batch script in the startup directory to shut down the PC, or forcing a BSOD error with a Python script
- Encrypt files, potentially for ransom
- Deactivate Windows Defender and Task Manager
- Execute any command on the compromised host


In all, pyobfgood and the previous seven tools were installed 2,348 times. They targeted developers using the Python programming language... Downloads of the package came primarily from the US (62%), followed by China (12%) and Russia (6%)
Ars Technica concludes that "The never-ending stream of attacks should serve as a cautionary tale underscoring the importance of carefully scrutinizing a package before allowing it to run."

An anonymous reader shared this report from InfoWorld: JetBrains is previewing a dedicated IDE for the Rust programming language, called RustRover, which combines coding assistance with an integrated Rust toolchain. Available in preview September 13, RustRover is positioned to simplify the Rust coding experience while "unlocking the language's full potential," JetBrains said. Capabilities include real-time feedback, code suggestions, simplified toolchain management, and team collaboration.

Previously, JetBrains offered IntelliJ Rust, an open source Rust plugin for IntelliJ IDEs. But with RustRover, the company aims to provide a dedicated product with enhanced functionality for the growing Rust developer community. JetBrains also has been previewing a multi-language editor and IDE, called JetBrains Fleet, that supports Rust development...

RustRover will have some similarities to JetBrains' other language-specific IDEs including PyCharm for Python, GoLand for Go, and RubyMine for Ruby.
RustRover integrates with version control systems, supporting GitHub and Git.

Ruby on Rails creator David Heinemeier Hansson has removed TypeScript from the forthcoming version 8 of the Turbo framework, saying he has "never been a fan," but many Turbo users have protested that the decision was rushed and the change is unwelcome. From a report: A comment on the GitHub pull request that removes TypeScript states that this "is a step back, for both library users and contributors." This comment has -- at the time of writing -- 357 likes and just 8 downvotes, suggesting wide support. Turbo is a framework for delivering HTML pages intended to "dramatically reduce the amount of custom JavaScript," and is sponsored by Hannson's company 37signals, whose products include the Basecamp project management platform and the Hey messaging system. Turbo is the engine of Hotwire, short for "HTML over the wire," because it prefers sending HTML itself rather than JSON data and JavaScript code.

Although Turbo itself is not among the most popular frameworks, Ruby on Rails is well-known and used by major web sites including GitHub and Shopify. Hansson posted that TypeScript "pollutes the code with type gymnastics that add ever so little joy to my development experience, and quite frequently considerable grief. Things that should be easy become hard." The community around the open source Turbo project though is for the most part perplexed and disappointed, not only by the change itself, but also by the manner in which it was made.

Canonical engineering manager Ben Hoyt believes that a variable's name is more important than its type, so "the name should be more prominent and come first in declarations." In many popular programming languages, including C, C++, Java, and C#, when you define a field or variable, you write the type before the name. For example (in C++):

// Struct definition
struct person {
std::string name;
std::string email;
int age;
};

In other languages, including Go, Rust, TypeScript, and Python (with type hints), you write the name before the type. For example (in Go):

// Struct definition
type Person struct {
Name string
Email string
Age int
}

There's a nice answer in the Go FAQ about why Go chose this order: "Why are declarations backwards?". It starts with "they're only backwards if you're used to C", which is a good point — name-before-type has a long history in languages like Pascal. In fact, Go's type declaration syntax (and packages) were directly inspired by Pascal.

The FAQ goes on to point out that parsing is simpler with name-before-type, and declaring multiple variables is less error-prone than in C. In C, the following declares x to be a pointer, but (surprisingly at first!) y to be a normal integer:

int* x, y;

Whereas the equivalent in Go does what you'd expect, declaring both to be pointers:

var x, y *int

The Go blog even has an in-depth article by Rob Pike on Go's Declaration Syntax, which describes more of the advantages of Go's syntax over C's, particularly with arrays and function pointers.

Oddly, the article only hints at what I think is the more important reason to prefer name-before-type for everyday programming: it's clearer.
Hoyt argues a variable's name has more meaning (semantically) — pointing out dynamically-typed languages like Python and Ruby don't even need types, and that languages like Java, Go, C++ and C# now include type inference.

"I think the takeaway is this: we can't change the past, but if you're creating a new language, please put names before types!"

RSS Advisory Board: This month marks the 20th anniversary of the effort that became the Atom feed format. It all began on June 16, 2003, with a blog post from Apache Software Foundation contributor Sam Ruby asking for feedback about what constitutes a well-formed blog entry. The development of RSS 2.0 had been an unplanned hopscotch from a small group at Netscape to a smaller one at UserLand Software, but Atom was a barn raising. Hundreds of software developers, web publishers and technologists gathered for a discussion in the abstract that led to a concrete effort to build a well-specified syndication format and associated publishing API that could become Internet standards. Work was done on a project wiki that grew to over 1,500 pages. Everything was up for a vote, including a plebiscite on choosing a name that ballooned into a four-month-long bikeshed discussion in which Pie, Echo, Wingnut, Feedcast, Phaistos and several dozen alternatives finally, mercifully, miraculously lost out to Atom.

The road map of the Atom wiki lists the people, companies and projects that jumped at the chance to create a new format for feeds. XML specification co-author Tim Bray wrote: "The time to write it all down and standardize it is not when you're first struggling to invent the technology. We now have aggregators and publishing systems and search engines and you-name-it, and I think the community collectively understands pretty well what you need, what you don't need, and what a good syntax looks like. So, now's the time."

Slashdot reader Zapotek brings an update from the Ecsypno skunkworks, where they've been busy with R&D for distributed computing systems: Armed with Cuboid, Qmap was built, which tackled the handling of nmap in a distributed environment, with great results. Afterwards, an iterative clean-up process led to a template of sorts, for scheduling most applications in such environments.

With that, Peplum was born, which allows for OS applications, Ruby code and C/C++/Rust code (via Ruby extensions) to be distributed across machines and tackle the processing of neatly grouped objects.

In essence, Peplum:

- Is a distributed computing solution backed by Cuboid.
- Its basic function is to distribute workloads and deliver payloads across multiple machines and thus parallelize otherwise time consuming tasks.
- Allows you to combine several machines and built a cluster/supercomputer of sorts with great ease.

After that was dealt with, it was time to port Qmap over to Peplum for easier long-term maintenance, thus renamed Peplum::Nmap.

We have high hopes for Peplum as it basically means easy, simple and joyful cloud/clustering/super-computing at home, on-premise, anywhere really. Along with the capability to turn a lot of security oriented apps into super versions of themselves, it is quite the infrastructure.
Yes, this means there's a new solution if you're using multiple machines for "running simulations, to network mapping/security scans, to password cracking/recovery or just encoding your collection of music and video" -- or anything else: Peplum is a F/OSS (MIT licensed) project aimed at making clustering/super-computing affordable and accessible, by making it simple to setup a distributed parallel computing environment for abstract applications... TLDR: You no longer have to only imagine a Beowulf cluster of those, you can now easily build one yourself with Peplum.
Some technical specs: It is written in the Ruby programming language, thus coming with an entire ecosystem of libraries and the capability to run abstract Ruby code, execute external utilities, run OS commands, call C/C++/Rust routines and more...

Peplum is powered by Cuboid, a F/OSS (MIT licensed) abstract framework for distributed computing — both of them are funded by Ecsypno Single Member P.C., a new R&D and Consulting company.

"I write all novel client-side code as JavaScript instead of TypeScript, and it's a delight," says the creator of Ruby on Rails. Posting on Twitter, David Heinemeier Hansson opined that TypeScript "sucked out much of the joy I had writing JavaScript. I'm forever grateful that Yukihiro 'Matz' Matsumoto didn't succumb to the pressure of adding similar type hints to Ruby."

When it comes to static vs dynamic typing, "I've heard a million arguments from both sides throughout my entire career," Hansson wrote on his blog today, "but seen very few of them ever convinced anyone of anything."

But wait — he thinks we can all get along: Personally, I'm unashamedly a dynamic typing kind of guy. That's why I love Ruby so very much. It takes full advantage of dynamic typing to allow the poetic syntax that results in such beautiful code. To me, Ruby with explicit, static typing would be like a salad with a scoop of ice cream. They just don't go together.

I'll also confess to having embraced the evangelical position for dynamic typing in the past. To the point of suffering from a One True Proposition affliction. Seeing the lack of enthusiasm for dynamic typing as a reflection of missing education, experience, or perhaps even competence.

Oh what folly. Like trying to convince an introvert that they'd really like parties if they'd just loosen up a bit...

These days, I've come to appreciate the magnificence of multiplicity. Programming would be an awful endeavor if we were all confined to the same paradigm. Human nature is much too varied to accept such constraint on its creativity...But it took a while for me to come to these conclusions. I'm a recovering solutionist. So when I see folks cross their heart in disbelief that anyone, anywhere might fancy JavaScript over TypeScript, I smile, and I remember the days when I'd recognize their zeal in the mirror.
Hansson also sees the "magnificence of multiplicity" in positions about functional vs object-oriented programming. "Poles on both these axes have shown to deliver excellent software over the decades (and awful stuff too!)."

Amazon is making its AI-powered coding assistant CodeWhisperer free for individual developers, reports the Verge, "undercutting the $10 per month pricing of its Microsoft-made rival." Amazon launched CodeWhisperer as a preview last year, which developers can use within various integrated development environments (IDEs), like Visual Studio Code, to generate lines of code based on a text-based prompt....

CodeWhisperer automatically filters out any code suggestions that are potentially biased or unfair and flags any code that's similar to open-source training data. It also comes with security scanning features that can identify vulnerabilities within a developer's code, while providing suggestions to help close any security gaps it uncovers. CodeWhisperer now supports several languages, including Python, Java, JavaScript, TypeScript, and C#, including Go, Rust, PHP, Ruby, Kotlin, C, C++, Shell scripting, SQL, and Scala.
Here's how Amazon's senior developer advocate pitched the usefulness of their "real-time AI coding companion": Helping to keep developers in their flow is increasingly important as, facing increasing time pressure to get their work done, developers are often forced to break that flow to turn to an internet search, sites such as StackOverflow, or their colleagues for help in completing tasks. While this can help them obtain the starter code they need, it's disruptive as they've had to leave their IDE environment to search or ask questions in a forum or find and ask a colleague — further adding to the disruption. Instead, CodeWhisperer meets developers where they are most productive, providing recommendations in real time as they write code or comments in their IDE. During the preview we ran a productivity challenge, and participants who used CodeWhisperer were 27% more likely to complete tasks successfully and did so an average of 57% faster than those who didn't use CodeWhisperer....

It provides additional data for suggestions — for example, the repository URL and license — when code similar to training data is generated, helping lower the risk of using the code and enabling developers to reuse it with confidence.

An anonymous reader shares a report from the New York Post: A supposed glitch in the popular "Find My iPhone" app has been directing random strangers to the home of an unsuspecting Texas dad at all hours of the day, falsely accusing him of stealing their electronic devices.

[Software engineer] Scott Schuster told the local news station KTRK that he's been visited by close to a dozen irate people over the past few years, telling him that their missing phone had last pinged at his address. "[I] had to wake up and go answer the door and explain to them that I didn't have their device, and people don't tend to believe you," the dad of two told the outlet.
The Texas resident tells KTRK that his biggest concern was "someone coming to the house potentially with a weapon."

And the same station reports that local sheriff Eric Fagan "said he was so shocked and concerned that he informed his patrol units and dispatchers, just in case anyone called about the address." "Apple needs to do more about this," Fagan said. "Please come out and check on this. This is your expertise. Mine is criminal and keeping our public safe here in Fort Bend County." Fagan added that Apple doing nothing puts a family's safety in jeopardy. "I would ask them to come out and see what they can do. It should be taken seriously. You are putting innocent lives at risk," he said....

There have been other high-profile device pinging errors elsewhere in the country, with at least one that brought armored vehicles to a neighborhood. In 2021, body camera footage captured a Denver police SWAT team raiding the home of a 77-year-old woman in Colorado over a false ping on the app. Denver officers believed she had stolen guns connected to a car theft after tracking a stolen iPhone to her address using the Find My app. That woman later sued the lead detective.

ABC13 has tried contacting the software giant since Tuesday. Someone called back, so we know they are aware of the incident. Still, no one has said if they are going to fix the issue, or at the very least, look into the matter.

Long-time Slashdot reader theodp writes: In Something Pretty Right: A History of Visual Basic, Retool's Ryan Lucas has a nice round-up of how Visual Basic became the world's most dominant programming environment, its sudden fall from grace, and why its influence is still shaping the future of software development.

Visual Basic (or VB) burst onto the scene at a magical, transitional moment, presenting a radically simpler alternative for Windows 3.0 development. Bill Gates' genuine enthusiasm for VB is evident in an accompanying 1991 video in which BillG personally and playfully demonstrates Visual Basic 1.0 at its launch event, as well as in a 1994 video in which Gates thanks Alan Cooper, the "Father of Visual Basic," with the Windows Pioneer Award.

For Gates, VB was love at first sight. "It blew his mind, he had never seen anything like it," recalls Cooper of Gates's reaction to his 1988 demo of a prototype. "At one point he turned to his retinue and asked 'Why can't we do stuff like this?'" Gates even came up with the idea of taking Cooper's visual programming frontend and replacing its small custom internal language with BASIC.

After seeing what Microsoft had done to his baby, Cooper reportedly sat frustrated in the front row at the launch event. But it's hard to argue with success, and Cooper eventually came to appreciate VB's impact. "Had Ruby [Cooper's creation] gone to the market as a shell construction set," Cooper said, "it would have made millions of people happier, but then Visual Basic made hundreds of millions of people happier. I was not right, or rather, I was right enough, had a modicum of rightness. Same for Bill Gates, but the two of us together did something pretty right."

At its peak, Visual Basic had nearly 3.5 million developers worldwide. Many of the innovations that Alan Cooper and Scott Ferguson's teams introduced 30 years ago with VB are nowhere to be found in modern development, fueling a nostalgic fondness for the ease and magic VB delivered that we have yet to rekindle.

Three years after Rails was introduced in 2005, InfoWorld asked whether it might the successor to Java.

That didn't happen. So this week InfoWorld "spoke to current and former Ruby programmers to try to trace the language's rise and fall." Some responses: "Rails came along at the cusp of a period of transformation and growth for the web," says Matthew Boeh, a Ruby developer since 2006. "It both benefited from and fueled that growth, but it was a foregone conclusion that it wasn't going to be the only success story." Boeh recently took a job as a senior staff software engineer at Lattice, a TypeScript shop. "You could say that Ruby has been a victim of its own success, in that its community was a major driving force in the command-line renaissance of recent years," he says. "In the early '00s it was introducing REPL-driven development to people who had never heard of Lisp, package management to people who would have been scared off by Perl's CPAN, test-driven development to people outside the highly corporate Java world, and so on. This is all stuff that is considered table stakes today. Ruby didn't originate any of it, but it was all popularized and made accessible by Rubyists...."

"The JavaScript ecosystem in its current form would have been unimaginable in 2004 — it needed both the command line renaissance and the takeoff of the web platform," adds Lattice's Boeh. "Did you know it took a full decade, 1999 to 2009, to release a single new version of the JavaScript standard? We get one yearly now. Rails became a big deal in the very last time period where it was possible to be a full-stack developer without knowing JavaScript...."

[W]hen it comes to data science, Python has a leg up because of the ready availability of libraries like TensorFlow and Keras. "These frameworks make it easy for coders to build data visualizations and write programs for machine learning," says Pulkit Bhardwaj, e-commerce coach at BoutiqueSetup.net. JavaScript, meanwhile, has spawned seemingly endless libraries that developers can easily download and adapt for just about any purpose. "As a technologist, you can go on your own hero's journey following whatever niche thing you think is the right way to go," says Trowbridge. But when it comes to JavaScript, "these libraries are excellent. Why ignore all of that?"

Many of those libraries were developed by community members, which inspired others to contribute in a snowball effect familiar to anyone involved in open source. But one big player has had an outsized influence here. Python's TensorFlow, which Bhardwaj called a "game-changer," was released by Google, which has followed academia's lead and made Python its internal scripting language. Google, as the maker of the dominant web browser, also has an obvious interest in boosting JavaScript, and Trowbridge gives Google much of the credit for making JavaScript much faster and more memory efficient than it once was: "In some ways it feels almost like a low level language," he says. Meanwhile, Ruby is widely acknowledged to be lagging in performance, in part because it lacks the same sort of corporate sponsor with resources for improving it.

"When people talk about crypto mining the first thing usually mentioned is the amount of electricity it uses," writes Slashdot reader quonset. "What few realize is how loud rack after rack of servers and fans for cooling running 24/7 can be. The people of Murphy, North Carolina found out, and are not happy about it." From a report: When Judy Stines first heard about cryptocurrency, "I always thought it was smoke and mirrors," she said. "But if that's what you want to invest in, you do you." But then she heard the sound of crypto, a noise that neighbor Mike Lugiewicz describes as "a small jet that never leaves" and her ambivalence turned into activism. The racket was coming from stacks and stacks of computer servers and cooling fans, mysteriously set up in a few acres of open farm field down on Harshaw Road.

Once they fired up and the noise started bouncing around their Blue Ridge Mountain homes, sound meters in the Lugiewicz yard showed readings from 55-85 decibels depending on the weather, but more disturbing than the volume is the fact that the noise never stopped. "There's a racetrack three miles out right here," Lugiewicz said, pointing away from the crypto mine next door. "You can hear the cars running. It's cool!" "But at least they stop," Stines chimed in, "And you can go to bed!"

[...] The mine in Murphy is just one of a dozen in Kentucky, Tennessee and North Carolina owned by a San Francisco-based company called PrimeBlock, which recently announced $300 million in equity financing and plans to scale up and go public. But a year and a half after crypto came to this ruby red pocket of Republican retirees and Libertarian life-timers, anger over the mine helped flip the balance of local power and forced the Board of Commissioners to officially ask their state and federal officials to "introduce and champion legislation through the US Congress that would ban and/or regulate crypto mining operations in the United States of America."

An anonymous reader shares a report: David Heinemeier Hansson, CTO of 37Signals -- which operates project management platform Basecamp and other products -- has detailed the colossal cloud bills that saw the outfit quit the cloud in October 2022. The CTO and creator of Ruby On Rails did all the sums and came up with an eye-watering cloud bill for $3,201,564 in 2022 -- or $266,797 each month. Plenty of that spend -- $759,983 -- went on compute, in the form of Amazon Web Services' EC2 and EKS services.

On Twitter, Hansson contrasted that cost with the spend needed to acquire servers packing 288 vCPUs and plenty more besides over three years. Hansson was at pains to point out that even that bill was the result of a concerted effort to keep it low. "Getting this massive spend down to just $3.2 million has taken a ton of work. The ops team runs a vigilant cost-inspection program, with monthly reporting and tracking, and we've entered into long-term agreements on Reserved Instances and committed usage, as part of a Private Pricing Agreement," he wrote. "This is a highly optimized budget."

In an press release published earlier today, the National Security Agency (NSA) says it will be making a strategic shift to memory safe programming languages. The agency is advising organizations explore such changes themselves by utilizing languages such as C#, Go, Java, Ruby, or Swift. From the report: The "Software Memory Safety" Cybersecurity Information Sheet (PDF) highlights how malicious cyber actors can exploit poor memory management issues to access sensitive information, promulgate unauthorized code execution, and cause other negative impacts. "Memory management issues have been exploited for decades and are still entirely too common today," said Neal Ziring, Cybersecurity Technical Director. "We have to consistently use memory safe languages and other protections when developing software to eliminate these weaknesses from malicious cyber actors."

Microsoft and Google have each stated that software memory safety issues are behind around 70 percent of their vulnerabilities. Poor memory management can lead to technical issues as well, such as incorrect program results, degradation of the program's performance over time, and program crashes. NSA recommends that organizations use memory safe languages when possible and bolster protection through code-hardening defenses such as compiler options, tool options, and operating system configurations. The full report is available here (PDF).