Mozilla asks developers to take Bespin for a spin

WWDC Apple this week at its Worldwide Developer Conference delivered software development kits (SDKs) for beta versions of its iOS 16, iPadOS 16, macOS 13, tvOS 16, and watchOS 9 platforms.

For developers sold on seeking permission from Apple to distribute their software and paying a portion of revenue for the privilege, it's a time to celebrate and harken to the message from the mothership.

While the consumer-facing features in the company's various operating systems consist largely of incremental improvements like aesthetic and workflow enhancements, the developer APIs in the underlying code should prove more significant because they will allow programmers to build apps and functions that weren't previously possible. Many of the new capabilities are touched on in Apple's Platforms State of the Union presentation.

Updated The Python Package Index (PyPI), a repository for Python software libraries, has advised Python developers that the ctx package has been compromised.

Any installation of the software in the past ten days should be investigated to determine whether sensitive account identifiers stored in environment variables, such as cloud access keys, have been stolen.

The PyPI administrators estimate that about 27,000 malicious copies of ctx were downloaded from the registry since the rogue versions of ctx first appeared, starting around 19:18 UTC on May 14, 2022.

RAD Basic has edged a little closer to bringing Visual Basic 6 back to your PC with the release of 0.5.0 Alpha 3.

We last looked at RAD Basic a year ago and soaked in a warm bath of nostalgia for a time when Windows applications could be knocked out with the same skills needed to persuade Sinclair or Commodore hardware to display naughty words in a 1980s computer shop.

While Microsoft ditched Visual Basic 6 in favor of .NET and C# many years ago, there remain plenty of IT professionals who owe their career to the language and an abundance of lashed-up solutions still underpinning substantial chunks of the corporate world.

Google IO Google I/O, the ad biz's annual developer conference, returned to the Shoreline Amphitheater in California's Mountain View on Wednesday, for the first time in three years. The gathering remained largely a remote event due to the persistence of COVID-19 though there were enough Googlers, partners, and assorted software developers in attendance to fill venue seats and punctuate important points with applause.

Sundar Pichai, CEO of Google parent Alphabet, opened the keynote by sounding familiar themes. He leaned into the implied sentiment, "We're here to help," an increasingly iffy proposition in light of the many controversies facing the company.

He said he wanted to explain how Google is advancing its mission in two ways, "by deepening our understanding of information so that we can turn it into knowledge and advancing the state of computing so that knowledge is easier to access no matter who or where you are."

What are your peers doing to stave off burnout? Research from Stack Overflow suggests about half of developers are still spending their breaks in front of a screen.

The Q&A programming resource surveyed 800 devs, and found most of the top five things they do when they need a break involve screens: listening to music (46 percent), visiting Stack Overflow (41 percent), browsing social media (37 percent), and watching videos (36 percent).

Actually talking with fellow humans did not make the top five, and 4 percent of respondents had some other outlet for stress (possibly angrily banging some really terse comments into the source).

There are doubts about the future of the new read-write NTFS driver in the Linux kernel, because its author is not maintaining the code, or even answering his email, leaving the code orphaned, says a would-be helper.

It took a long time and a lot of work to get Paragon Software's NTFS3 driver merged into the Linux kernel. It finally happened in kernel release 5.15 on the 31st October 2021. It has received no maintenance since.

If you're developing software or working with anything serverless, you'll know that remote and as-a-service APIs are what make the clouds float.

It's debatable whether the proliferation of cloud APIs is a good thing, and taking remote API advice from Google may strike some people as unusual given its past. Nonetheless, Google Cloud's director of product, Vikas Anand, and Google Cloud senior product manager David Feuer published a jointly-written blog post of seven trends in the cloud API world they've noted.

A timely reminder is being issued to the effect that free web services are not the same as free software: the creator of the SSLPing service says he can't look after it anymore.

SSLPing was a useful tool to have around. Sign up, add your servers and the service would check certificates, protocols, ciphers and known vulnerabilities. It checked versions of TLS from SSL v3 to TLS 1.2 and, importantly for some major vendors who should know better, would also bleat if certificates were due for renewal (with nags at 10 days, three days and then on the renewal date.)

The tool was wielded by over 500 registered users, monitoring more than 12,500 TLS servers. It was lightweight and mercifully ad-free. Which appears to have become a problem for its creator, Chris Hartwig.

Salt Security spotted a vulnerability in a large fintech company's digital platform that would have granted attackers admin access to banking systems in addition to allowing them to transfer funds to their own accounts.

If exploited, the flaw would have also exposed both users' personal data and financial transactions.

"This vulnerability is a critical flaw, one that completely compromises every bank user," Yaniv Balmas, vice president of research at Salt, an API security firm, told The Register.

The Mozilla Developer Network, which hosts free, open access to web standard documentation, tools, samples and other good stuff, is going pay-for-play with a premium subscription plan that adds new personalization features. 

The Firefox maker announced today the subscription service, called MDN Plus, saying it will add three features for paid MDN users at launch: Notifications, collections, and MDN Offline.

The MDN Learning Area and the front-end web developer learning pathway in MDN were the first indicators of what users wanted, Mozilla senior head of product Hermina Condei said, noting that MDN Plus marks "our first step to providing a personalized and more powerful experience while continuing to invest in our always free and open webdocs."