Rust has been gaining traction in the developer community, thanks to a host of modern features. One of the biggest its its emphasis on memory safety, which greatly improves security since memory issues are one of the leading causes of vulnerabilities. Google has seen significant improvements to Android’s security as a result of incorporating Rust, Microsoft is similarly adding it to the Windows kernel, and the NSA has been encouraging companies to switch to Rust and similar languages.

DARPA’s Translating All C to Rust (TRACTOR) program is designed to help accelerate the transition from legacy C to Rust.

“You can go to any of the LLM websites, start chatting with one of the AI chatbots, and all you need to say is ‘here’s some C code, please translate it to safe idiomatic Rust code,’ cut, paste, and something comes out, and it’s often very good, but not always,” said Dr. Dan Wallach, DARPA program manager for TRACTOR. “The research challenge is to dramatically improve the automated translation from C to Rust, particularly for program constructs with the most relevance.”

“Rust forces the programmer to get things right,” added Wallach. “It can feel constraining to deal with all the rules it forces, but when you acclimate to them, the rules give you freedom. They’re like guardrails; once you realize they’re there to protect you, you’ll become free to focus on more important things.”

Interested developers can learn more here.

CrowdStrike pushed an updated to its cybersecurity update that crippled millions of Windows PCs around the world, bringing multiple industries to their knees. Because CrowdStrike’s software runs at the kernel level, it was nearly impossible to resolve the issue without physical access to the affected machines.

The FSF says the industry needs to learn from the incident, citing a number of issues that led to the outage, including automatic updates:

Let’s be clear: in principle, there is nothing ethically wrong with automatic updates so long as the user has made an informed choice to receive them. For instance, it’s perfectly understandable that a public library might not want to pore over kernel changelogs; they simply want to receive the update and move on with their work. At the same time, software bugs happen. Free software developers know this better than anyone. The Linux(-libre) kernel does not have some mystic immunity to them. What our community does have is a social structure that, most likely, would have rectified the situation swiftly.

The FSF also takes Microsoft to task for blaming CrowdStrike’s access to the Windows kernel as one of the main reasons for the outage:

In a cunning PR spin, it appears that Microsoft has started blaming the incident on third-party firms’ access to kernel source and documentation. Translated out of Redmond-ese, the point they are trying to make amounts to “if only we’d been allowed to be more secretive, this wouldn’t have happened!” Anyone with so much as a basic understanding of software development can see that this argument doesn’t hold water, just as anyone with a basic understanding of rhetoric can appreciate the irony that the same company that develops Copilot is whinging about the need to keep code secret from others. At this very minute, Copilot is ingesting free software on Microsoft’s proprietary platform, GitHub, with little respect for each program’s license.

In our own coverage of CrowdStrike, we pointed out our belief that the situation is slightly more nuanced than the above quote would make it seem. While open-source software does have a good track record with security—thanks to the source being easily inspected and audited—Microsoft being forced to open up kernel access is not an apples to apples comparison.

Windows is closed-source software. Similarly, much of CrowdStrike’s software is closed-source as well. As a result, CrowdStrike’s access to the Windows kernel is combining the worst options, namely marrying two closed-source platforms. Because both platforms are closed-source, they don’t benefit from the same open nature as true open-source software, and lack the transparency and ability to inspect and audit the code.

Nonetheless, the FSF is right that something needs to change:

We also need to see that calling for a diversity of providers of nonfree software that are mere front ends for “cloud” software doesn’t solve the problem. Correcting it fully requires switching to free software that runs on the user’s own computer.

The Free Software Foundation is often accused of being utopian, but we are well aware that moving airlines, libraries, and every other institution affected by the CrowdStrike outage to free software is a tremendous undertaking. Given free software’s distinct ethical advantage, not to mention the embarrassing damage control underway from both Microsoft and CrowdStrike, we think the move is a necessary one. The more public an institution, the more vitally it needs to be running free software.

Apple has been improving Maps for years, building it into a legitimate rival to Google Maps. Conspicuously absent, however, was a web-based option. The company is now rectifying that, offering a beta of an all-new web-based version of Apple Maps.

Unfortunately, as of right now, access is extremely limited. Mac and iPad, as well as Windows, are the only platforms supported, with Linux and Android both blocked. Similarly, Safari, Edge, and Chrome are the only web browsers supported, with Firefox and Brave unsupported.

Hopefully, by the time Apple releases the final product it will support all platforms and all major web browsers.

Google Maps has lacked incident reporting since its inception, making it one of the most requested features among users. While Google is now introducing it, it is only doing so in a single country.

In its India blog post, Google announced the new feature:

Easily report incidents to help your community

One of the things that makes Google Maps so special is our passionate community of local contributors. India boasts the largest such community in the world, with over 60 million people sharing millions of reviews, photos, business edits, and road updates every day. This wealth of authentic, real-world information is a helpful resource for people navigating their everyday lives. We’re always looking for ways to make it easier for users to share valuable information to help the community.

We’ve simplified how you can report road incidents. Whether there’s ongoing construction or a traffic mishap on your route, you can now report it with just a few taps, making it easy and less distracting. You can even confirm others’ reports with a single tap which helps increase confidence in these user reported incidents. This update is available in India on Google Maps across all platforms – Android, iOS, Android Auto, and Apple CarPlay.

While Apple CarPlay has had the feature for some time, it looks like Google Maps users outside of India will have to wait to be able to access the feature.

Fedora’s maintainers originally proposed including opt-out telemetry in Fedora 40 Workstation, a proposition that drew widespread criticism and condemnation since it would be enabled by default. While the proposal emphasized that all telemetry would be anatomized, critics remained unconvinced. As a general rule, Linux users tend to value their privacy much more than Windows or Mac users, making opt-out telemetry a non-starter.

The maintainers took the criticism to heart and revamped the proposal, this time around opt-in telemetry, meaning users have to explicitly enable it. The revised proposal passed with a 6-0 vote.

The proposal includes the follow details:

The goal of this change proposal is to provide the Fedora community with accurate, representative data about the real world use of Fedora Workstation. By doing this, we believe that we can accelerate the development of Fedora Workstation, and ensure that it improves in line with our users’ needs and requirements.

Protecting user privacy is of utmost importance for this initiative. To this end, the service will only collect generic, standardized data, and will never collect anything that is personally identifying. It will also, of course, be fully open source. On the server side, the data will be stored in a way that prevents user identification.

Another important aspect of the initiative is that it will be run in a transparent manner, and will be governed as part of the Fedora project. Although this change is proposed by Red Hat, a new SIG will be responsible for the service and will be open to community participation. It will publish analyses of the data which has been collected, provide documentation about how the service operates, share samples of the database data, and respond to requests from the community.

Finally, we intend to ensure that metrics reporting is fully under the control of end users. Metrics collection will default to off, and will only be enabled through a clear on/off prompt in initial setup. Users will be able to view the data that has been collected locally, and will be able to remove the client software from their systems, should they choose to do so.

It’s good to see the Fedora maintainers listen to the community and change course. A number of open source projects—including KDE—use opt-in telemetry, demonstrating its viability as an option for privacy-conscious user bases.

Markdown is markup language that allows users to easily format plain text. The format is popular among writers, researchers, developers, content creators, and more, thanks to a variety of benefits. The Markdown Guide highlights some of the most popular reasons users opt for Markdown:

• Markdown is portable. Files containing Markdown-formatted text can be opened using virtually any application. If you decide you don’t like the Markdown application you’re currently using, you can import your Markdown files into another Markdown application. That’s in stark contrast to word processing applications like Microsoft Word that lock your content into a proprietary file format.
• Markdown is platform independent. You can create Markdown-formatted text on any device running any operating system.
• Markdown is future proof. Even if the application you’re using stops working at some point in the future, you’ll still be able to read your Markdown-formatted text using a text editing application. This is an important consideration when it comes to books, university theses, and other milestone documents that need to be preserved indefinitely.

Google says it is significantly improving Docs’ Markdown support:

In 2022, we introduced expanded support for composing with Markdown in Google Docs on web. Today, we’re introducing highly-requested features that enhance Docs’ interoperability with other Markdown supporting tools. These include the ability to:

• Convert Markdown to Docs content on paste
• Copy Docs content as Markdown
• Export a Doc as Markdown (from File > Download)
• Import Markdown as a Doc (from File > Open or “Open with Google Docs” from Drive)

This update is particularly useful for technical content writers as they can now convert Docs content to/from Markdown. For example, developers can collaborate on software documentation in Docs and then export it as Markdown for use in other Markdown supporting tools.

Google says the import/export options are enabled by default, while the “Copy as Markdown” and “Paste from Markdown” are off by default and will need to be enabled.

According to Reuters, GitLab is working with investment bankers to explore a possible sale, with cloud monitoring firm Datadog already expressing interest.

GitLab currently is valued at $8 billion, meaning any deal would be a substantial one at a time when regulators are growing increasingly critical of consolidation in the tech industry. As Reuters points out, GitLab has been facing growing challenges competing with GitHub, which was purchased by Microsoft and benefits from its parent company’s deep pockets.

Sid Sijbrandij, GitLab co-founder and CEO, is currently undergoing is second round of treatment for osteosarcoma. Although he has said he is working on a full recovery and will continue as CEO, it’s not outside the realm of possibility that his health could force him to reduce his role in the company.

It is also unclear what role Alphabet could play in a possible sale/acquisition, given the company controls 22.2% of GitLab’s voting shares.

Ultimately, it is too early in the process to know for sure if a deal will be reached.

Million was brought on in October 2023 to help the GNOME Foundation with its fundraising efforts. At the time, the foundation touted Million’s “three decades of invaluable experience in nonprofit management” as one of leading reasons behind hiring her.

Now, nine months later, Million is resigning to pursue a PhD in Psychology and to focus on her own private practice.

“I’m very proud of what I have accomplished in my time with GNOME,” Million said, “and I am dedicated to working with Richard through a transition to ensure that everything I have been working on is handed off smoothly. I will be pursuing a PhD in Psychology and dedicating myself to my own private practice. I want to thank all the wonderful people I have had the pleasure of connecting with here at GNOME, including the staff, board, advisors, founders, and volunteers. You have created something of real value in the world, and I look forward to seeing what you do next.”

The foundation touted the work Million has done in her short tenure:

On behalf of the whole GNOME community, the Board of Directors would like to give our utmost thanks to Holly for her achievements during the past 10 months, including drafting a bold five-year strategic plan for the Foundation, securing two important fiscal sponsorship agreements with GIMP and Black Python Devs, writing our first funding proposal that will now enable the Foundation to apply for more grants, vastly improving our financial operations, and implementing a break-even budget to preserve our financial reserves.

Richard Littauer has joined the foundation as Interim Executive Director while the search for a permanent replacement begins.

The Foundation’s Interim Executive Director, Richard Littauer, brings years of open source leadership as part of his work as an organizer of SustainOSS and CURIOSS, as a sustainability coordinator at the Open Source Initiative, and as a community development manager at Open Source Collective, and through open source contributions to many projects, such as Node.js and IPFS. The Board appointed Richard in June and is confident in his ability to guide the Foundation during this transitional period.

Docker images play an important role in software deployment, giving organizations a way to deploy and application with all the necessary dependencies. This make it easier to deploy, and has a number of security advantages, as Canonical explains.

The distroless container design paradigm describes containers that include only the files specifically required to run a single application. The goal is a container that is smaller and more difficult to exploit when vulnerabilities are discovered, because there are no surplus utilities or additional content inside the container that can aid an attacker.

Canonical will design Docker images for customers, incorporating all the necessary components and dependencies so the Docker image can be deployed on a number of platforms.

Canonical’s move to offer ‘Everything LTS’ expands Ubuntu Pro with thousands of new open source upstream components, including today’s latest AI/ML dependencies and tools for machine learning, training and inference, which are maintained as source alongside Ubuntu instead of as ‘deb’ packages. The CVE security maintenance commitment Canonical makes to these open source components facilitates compliance with regulatory baselines like FIPS, FedRAMP, EU Cyber Resilience Act (CRA), FCC U.S. Cyber Trust Mark and DISA-STIG.

Customers engage Canonical to design a Docker image of an open source application, or a base image that includes all of the open source dependencies to host their proprietary app. They get hardened distroless container images with a minimal attack surface and 12+ years CVE maintenance. The Docker image – an Open Container Initiative (OCI) standard container image format – runs natively on Ubuntu as well as Red Hat Enterprise Linux (RHEL), VMware Kubernetes or public cloud K8s. Canonical will support these custom-built images on all of those platforms.

“Everything LTS means CVE maintenance for your entire open source dependency tree, including open source that is not already packaged as a deb in Ubuntu” said Mark Shuttleworth, CEO of Canonical. “We deliver distroless or Ubuntu-based Docker images to your spec, which we will support on RHEL, VMware, Ubuntu or major public cloud K8s. Our enterprise and ISV customers can now count on Canonical to meet regulatory maintenance requirements with any open source stack, no matter how large or complex, wherever they want to deploy it.”

“Ensuring compliance with FedRAMP or HIPAA is very challenging for CISOs. This is the simplest and most cost effective way to run a large-scale, compliant container estate in hybrid or public clouds” said Alex Gallagher, Head of Public Cloud Alliances at Canonical. “We work closely with certified public clouds to optimise the security and performance of Kubernetes, and integrate Ubuntu Pro to provide seamless, frictionless access to LTS containers.”

Traditionally, apps downloaded from the App Store required double the amount of space as the downloaded app. For example, if a downloaded app takes 100 MB of space on disk, macOS would not allow a user to download the app unless there was 200 MB of free space.

In the release notes for macOS Sequoia 15 Beta 2, Apple says the issue now been addressed.

Starting in macOS 15, the App Store no longer needs twice the space free for an initial app download and install. The free space requirement will now be the final install size of the app, plus a small buffer. Developers should consider this change in any messaging they might have around size requirements.

The change is a welcome one. Although it won’t significantly impact most users, it will help out those who are struggling with limited disk space.

Major Nelson was at Microsoft for more than 22 years, serving as Senior Director Corporate Communications for the last 11. In that role, Major Nelson was often seen as the public face of Xbox. The executive announced in an X post that he was joining Unity, after leaving Microsoft nearly a year ago.

I am thrilled to announce that I’m joining the Community team at @unity! Building on my long history as a developer advocate at @Xbox, I’m excited to collaborate again with developers, harnessing our collective creativity to shape the future of real-time gaming and experiences. Let’s make magic happen!

Larry Hryb, Gamer Emeritus (@majornelson) | June 17, 2024

Major Nelson provided more information in a LinkedIn post, saying how excited he is about Unity’s future potential.

At Unity, I see a horizon brimming with potential. Unity’s mission of empowering creative and business success of creators around the world across games, apps, and experiences aligns with my lifelong passion for innovation and community building. I am eager to collaborate with the talented developers and creators who use Unity’s tools to bring their visions to life. Together, we’ll continue to transform the way stories are told and experiences are shared. I step into this new role with a heart full of memories and a spirit charged by the possibilities ahead.

Unity has had a rough year following a disastrous price change that led to widespread backlash from the developer community. While the company ultimately rolled back many of the changes, CEO John Riccitiello and CTO Marc Whitten both resigned in the aftermath.

Given Major Nelson’s status within the gaming community, he is a natural choice to head up community relations for a company that desperately needs to repair its relationships with its developer community.

The blue screen of death first debuted on Microsoft Windows where it gained notoriety for being painfully unhelpful. Despite that dubious past—or perhaps specifically to make fun of it—Linux devs have decided to co-opt the idea to alert the user when a kernel panic occurs.

Javier Martinez Canillas, a Red Hat and Fedora Linux dev, announced that the change has made its way to Linux (note “DRM panic” refers to “Direct Rendering Manager,” not “Digital Rights Management”).

A “Blue Screen Of Death” on the #BeaglePlay board, using the new DRM panic infrastructure contributed by my awesome colleague Jocelyn Falempe.

— Javier Martinez C. (@javierm@fosstodon.org) | June 15, 2024

The Linux blue screen of death code has been added as of Linux kernel 6.10.

C++ began its life as an extension of C, adding high-level and object-oriented features, something C traditionally lacked. Despite its advantages, C++ has played second fiddle to C, with the latter being preferred by many organizations for its performance and low-level power.

According to TIOBE, C++ has finally overtaken C as of June 2024.

“C++ is the new number 2 in the TIOBE index,” said Paul Jansen CEO TIOBE Software. “Originally, dubbed as the better and object-oriented version of C, it took C++ 39 years after its inception to beat C’s popularity. C++ has never been that high in the TIOBE index, whereas C has never been that low. C++ started a new life as of 2011 with its consistent 3 yearly updates. Although most compilers and most engineers can’t take up with this pace, it is considered a success to see the language evolve. The main strenghts of C++ are its performance and scalability. Its downside is its many ways to get things done, i.e. its rich idiom of features, which is caused by its long history and aim for backward compatibility. C++ is heavily used in embedded systems, game development and financial trading software, just to name a few domains.”

It remains to be seen if the rankings change is a permanent one, or merely a temporary statistical blip.

The Rust programming language has been growing in popularity thanks to a combination of factors, such as speed, security, memory safety, and more. As a result, it is increasingly being used in safety-critical software—such as in transportation, energy, and life sciences—and is one of the languages the NSA recommends.

The Foundation is launch is launching the Consortium in partnership with AdaCore, Arm, Ferrous Systems, HighTec EDV-Systeme GmbH, Lynx Software Technologies, OxidOS, TECHFUND, TrustInSoft, Veecle, and Woven by Toyota. The announcement says Consortium membership is open to Foundation members.

Work under the consortium will begin with the creation of a public charter and goals, and meeting minutes will be published on an ongoing basis. The Safety-Critical Rust Consortium will liaise with the Rust Project through Rust Foundation Project Directors and members of Rust Project teams. The Consortium’s scope, which will be fully delineated in the charter, may include the development of guidelines, linters, libraries, static analysis tools, formal methods and language subsets to meet industrial and legal requirements. The Consortium’s deliverables will be developed and licensed in a manner compatible with other Rust Project endeavors.

A number of critical Rust personnel voiced their support and endorsement:

“This is exciting! I am truly pleased to see the Rust Foundation and anyone in the safety-critical space coming together on this topic,” said Graydon Hoare, creator of the Rust programming language.

“Safety is our foremost priority in vehicle software development. Traditionally, achieving the highest levels of safety has been a complex and lengthy endeavor, requiring the use of specialized tools and processes beyond the programming language. We are therefore pleased to collaborate with leading experts in the safety industry to integrate new tools such as Rust into our safety-critical systems,” said JF Bastien, Distinguished Engineer at Woven by Toyota.

“Rust has already established itself as a safe and secure programming language with developers in open source, industry and governments. Now is the time to use that momentum towards bringing Rust as a mainstream language in safety-critical areas, providing processes and specifications that allow Rust to be certified in this space,” said Joel Marcey, Director of Technology at the Rust Foundation.

The Foundation says the creation of the Consortium will help fill a gap in well-established processes and collective industry knowledge.

Rust offers particular advantages in terms of developer ergonomics, productivity and software quality; however, it lacks a deep and established well of safety-processes and collective industry knowledge of safety-critical systems.

Without closing this gap, a developer must primarily rely on best practices and normative precautions, which can limit innovation. Rust developers who stray from the well-trod path can find themselves facing an inquiry were an accident to occur. In these circumstances, anything that seems unusual will be investigated for fault. This risk creates a disincentive to widespread Rust adoption, leaving developers unable to reap all its advantages while potentially facing financial, reputational and moral costs.

The announcement is good news for Rust developers and the Consortium should help the language continue to grow in popularity, while simultaneously fostering continued innovation among developers.

Naveen Viswanatha, Google’s ChromeOS head, and Cameyo CEO Andrew Miller said the Cameyo team is joining the company, with the “mission to make legacy applications accessible and easy to manage within the ChromeOS ecosystem.” Google cites research supporting the popularity of web-based applications, especially in the business realm, before pointing out that there are a number of issues that still stand in the way.

Forrester’s research recommends a way to fill in the gaps: virtual application delivery (VAD). This innovative approach to virtualization streamlines the delivery of legacy applications to any device, eliminating the need for a full desktop environment. VAD significantly simplifies application management, making it easier for IT teams to keep software up-to-date and secure, all while improving the end-user experience by making all apps accessible without needing to sign in to a separate virtual desktop environment first. With VAD, users have seamless access to both web-based and legacy apps side-by-side without having to change their behavior.

The two executives say today’s announcement builds on the two companies’ previous partnership.

ChromeOS has long been committed to providing users with the best possible experience for virtual applications. Recognizing the potential of VAD, we partnered with Cameyo last year to launch a seamless virtual application delivery experience fully integrated with ChromeOS—with local file system integration, ability to deliver virtual apps as progressive web apps (PWAs) and enhanced clipboard support. These features ensure users can seamlessly access data and files in a secure, easy, and familiar way within virtual apps.

The addition of Cameyo to Google will help business that rely on ChromeOS to simplify app deployment, enhance security, improve productivity, and reduce IT costs.

“Deploying apps with ChromeOS and Cameyo is remarkably simple. Session management, load balancing, failover, etc.—it’s all handled by Cameyo, so all we had to focus on was the apps we wanted to publish,” said Mario Zúñiga, IT Director, Digital Workplace, Sanmina. “It was very easy to get set up, and ongoing management is a breeze —especially when compared to traditional virtual desktop approaches. Cameyo is a key element to enabling our long-term Chrome Enterprise strategy. The fact that Cameyo has deep partnerships and integration with Chrome Enterprise and Google Cloud makes this an even more strategic fit.”

WSL is a feature that allows users and developers to run a Linux environment within Windows, giving them access to Linux apps and utilities. WSL is a popular option for Windows users that want to run Linux apps, since it doesn’t require a virtual machine.

According to Product and Program Manager Craig Loewen, WSL has received improvements in the following areas:

• Memory, storage, and networking
• An upcoming WSL Settings GUI app
• WSL Zero Trust
• Upcoming ability to manage WSL in Dev Home
• Several miscellaneous features, including Sudo for Windows and “AI powered dev container playground”

The features should make working with WSL much easier, and improve performance for the subsystem. For example, Loewen says the new memory features will “automatically release stored memory in WSL back to Windows.”

The upcoming WSL Settings app will greatly improve WSL administration:

In the past, you would need to edit the contents of WSL’s .wslconfig file to control WSL settings. The Linux-style .wslconfig file, text-based approach works well for specific targeted changes. However, it can be difficult to know exactly what settings and input values are available to use in this text-based approach. The WSL Settings app addresses this by breaking out WSL settings into labeled categories, and indicating which ones are available on your machine.

Similarly, WSL Zero Trust brings important security features to WSL:

First, Microsoft Defender for Endpoint’s WSL 2 support is now out of public preview and is generally available! You can view the plugin for WSL docs page here to learn more about using Microsoft Defender for Endpoint to monitor your WSL environment.

Secondly, further Intune features are coming to WSL with Linux Intune agent integration. As of today you can manage WSL settings via Intune, and we’re expanding this by also allowing you to enforce conditional access scenarios based on the state of the Linux distro itself. This is available today as a public preview, which first ships with the ability to determine compliance on WSL distro names and versions using custom scripting. In the future we aim to improve this by allowing you to build your own custom Linux scripts for compliance. To learn more and start using the public preview please see this doc page

Lastly , Microsoft Entra Id will also provide integration with WSL, starting with a public preview in the July and August timeframe. As a user this means that Microsoft’s Authentication Library (MSAL) will be able to communicate with WSL in a secure way, letting you automatically log in using your Entra Id credentials on Windows from experiences in WSL like git, or using Microsoft Edge. For enterprise admins this improves security by providing a secure channel to acquire and utilize tokens bound to the host device. We’ll be sure to post any news on the public preview, so stay tuned!

The changes to WSL will be welcome improvements for countless developers who rely on the Linux subsystem.

PGO allows the Go compiler to optimize code based on system’s real-world behavior, essentially providing customized performance profiles. The feature is described as providing anywhere from a 2% to 14% performance improvement.

Cloudflare says an improvement of just a few points would result in significant benefit to the company and its customers.

In the Observability Team at Cloudflare, we maintain a few Go-based services that use thousands of cores worldwide, so even the 2-7% savings advertised would drastically reduce our CPU footprint, effectively for free. his would reduce the CPU usage for our internal services, freeing up those resources to serve customer requests, providing measurable improvements to our customer experience.

After experimenting with PGO on its Go-based servers, the company saw the results it was hoping for.

Following the release, we’re using ~97 cores fewer than before the release, a ~3.5% reduction. This seems to be inline with the upstream documentation that gives numbers between 2% and 14%.

The second number we can look at is the usage at the same time of day on different days of the week. The average usage for the 7 days prior to the release was 3067.83 cores, whereas the 7 days after the release were 2996.78, a savings of 71 CPUs. Not quite as good as our 97 CPU savings, but still pretty substantial!

This seems to prove the benefits of PGO – without changing the code at all, we managed to save ourselves several servers worth of CPU time.

Cloudflare’s results are a major endorsement of the value of PGO support in Go.

Fortran was developed at IBM and first released in 1957. While many other languages have come and gone, Fortran has shown remarkable staying power and has been growing in popularity in recent years. In fact, the language is now enjoying the most popularity it has seen since 2002, breaking into the top 10 programming languages.

The language has been a staple in scientific computing and engineering, something that has helped contribute to its recent rise, according Paul Jansen, CEO TIOBE Software.

“The main reason for Fortran’s resurrection is the growing importance of numerical/mathematical computing. Despite lots of competitors in this field, Fortran has its reason for existence,” said Jansen. “Let’s briefly check the competition out. Python: choice number one, but slow, MATLAB: very easy to use for mathematical computation but it comes with expensive licenses, C/C++: mainstream and fast, but they have no native mathematical computation support, R: very similar to Python, but less popular and slow, Julia: the rising new kid on the block, but not mature yet. And in this jungle of languages, Fortran appears to be fast, having native mathematical computation support, mature, and free of charge. Silently, slowly but surely, Fortran gains ground. It is surprising but undeniable.”

Interestingly, Fortran is outpacing much new, trendier languages.

There are for instance more than 1,000 hits for “Fortran programming” on Amazon, which is the leading company in books. New cool languages such as Kotlin and Rust, barely hit 300 books for the same search query. So, what is going on? First of all, the Fortran language is still evolving since its inception in 1957. Less than half a year ago, the new ISO Fortran 2023 definition was published.

Fortran’s staying power is a good example of how programmers can make a good living by understanding the market and focusing on a particular field or niche.

Rust has been skyrocketing in popularity, thanks to its performance and memory-safe features. Many developers are choosing Rust for applications, System76 is writing their COSMIC desktop environment for Linux in Rust, and the language has gained support in the Linux kernel.

The Rust Foundation says Microsoft’s $1 million donation is an unrestricted donation the company made at the end of 2023. The foundation says the donation will be used over the next two years and applied to several high-priority tasks, including:

• Hiring an additional Rust Foundation infrastructure engineer
• Funding the Rust Foundation’s capstone “Fellowship” program
• Developing new systems and programs to support the work of Rust Project maintainers and reduce workload strain.

In January 2024, the Rust Foundation’s Board of Directors approved a motion to put $350K of this funding towards employing a new Infrastructure Engineer for two years, and to ringfence $650K for the Rust Project to directly fund priorities of their choosing over a period of two years.

“By making this unrestricted $1M contribution to the Rust Foundation, Microsoft has demonstrated its ongoing commitment to the Rust programming language, the Rust Foundation’s stewardship, and the Leadership Council’s status as an advocate for the wider Rust Project,” said Rust Foundation’s Executive Director & CEO, Dr. Rebecca Rumbul. “The Rust Foundation looks forward to supporting emerging priorities within the Project, in addition to hiring a second Infrastructure Engineer and continuing our direct support of Rust maintainers through the Fellowship program.”

“This contribution demonstrates Microsoft’s commitment to the Rust programming language, and its continued success through the Rust Foundation,” said Nell Shamrell-Harrington, Rust Foundation Member Director for Microsoft and Board Vice-Chair. “Microsoft is pleased to see its $1M investment being used to hire Rust Foundation infrastructure engineers, support the Rust Foundation Community Grants Program, and directly support critical areas of need identified by leaders within the Rust Project.”

Canonical has been pushing its own Snap packaging format in recent Ubuntu releases. Like its competitor Flatpak, Snap is an effort to give users the ability to install the latest and greatest software, regardless of whether they are running a rolling release Linux distro or an older long-term support (LTS) one. Unlike Flatpaks, however, Snaps are relatively unpopular and not used much outside of Ubuntu.

As It’s FOSS points out, Canonical has made it harder to install .deb files—the native app package format for Debian and Ubuntu-based systems—by removing the built-in Software Center’s ability to install them. In previous versions, double-clicking on a .deb package would open the file in the Software Center and prompt the user to install it.

The blog accurately points out that .deb files can still be installed via the Terminal, or by using a third-party app like Eddy or Gdebi, but most new users won’t know about those options.

The move appears to be a deliberate attempt by Canonical to push people toward its Snap format, especially since the issue was raised when Ubuntu 23.10 was still in beta last year. Unfortunately, according to recent posts on GitHub, it seems unlikely that Ubuntu will address the issue.

Canonical developer Steve Langasek said the following:

This bug report is getting some new attention by way of trade press. As an Ubuntu developer and member of the Ubuntu Technical Board, I want to weigh in on the bug.

In the short term, we should fix desktop-file-utils to not declare the snap store as a handler for .debs. It doesn’t handle them, so this is clearly incorrect.

In the long term, I believe this bug asking for automatic desktop handling of .debs through the snap store should be won’t fix.

According Langasek, third-party .deb files represent a possible attack vector:

Every third-party apt repository you enable on your system is an attack vector.

Every third-party deb you install directly on your system is an attack vector.

Every third-party app store you enable on your system is also an attack vector.

Unfortunately, Ubuntu’s Snap store has had multiple incidents involving malware, raising questions about how much better of an option Ubuntu’s Snaps are. While what Langasek said is true, that third-party .debs represent a possible attack vector, Canonical should still provide a way for users who understand and accept the risk to easily install them.