Kazuhisa Hashimoto, a producer credited with implementing the fabled "Konami Code" that gave players godlike cheats in Contra, Gradius, Castlevania, and other Konami games for the Nintendo Entertainment System, died on Tuesday. He was 61. Polygon reports: Hashimoto was a programmer and producer for the home console port of Gradius, which in 1986 was the first video game to use the Konami Code. Hashimoto put it in the game as an aid for his playtesting, memorably saying that he "obviously couldn't beat it." For unclear reasons, the Konami Code was left in the shipped game, and was later used to playtest other games made by the publisher.

Contra, which launched on the NES in 1988, sold much better than Gradius and is more closely associated with the Konami Code's origins. In it, cheat-code sharers discovered video gaming's Charm of Making -- up, up, down, down, left, right, left, right, B, A, start! -- and were blessed with 30 lives, absolutely critical to a super-tough one-hit-kill side-scroller like Contra. Nostalgia for the Konami Code, if not gratitude for its usefulness to many difficult games of the day, led to its inclusion in numerous other works. A Wikipedia entry on the code counts more than 100 Konami games with the cheat or some version of it inside them. Another 22 games made by other publishers included the code as a tribute, often revealing an Easter egg or secret message. It has also shown up elsewhere in popular culture, most recently in Google Stadia's website (and on its controller), and as a pastime Easter egg in Fortnite in October.

A former YC partner co-founded a recruiting company for technical hiring, and one of its software engineers is long-time Slashdot reader compumike. He now writes: Like the decade-old Fizz Buzz Test, there are some questions that are trivial for anyone who can build software at a professional level, but are likely to stump anyone who can't hack it. I analyzed the data from over 100,000 programmers to reveal how five multiple-choice questions easily separate the real software engineers from the rest.
The questions (and the data about correct answers) come from Triplebyte's own coder-recruiting quiz, and "98% of successful engineers answer at least 4 of 5 correctly," explains Mike's article. ("Successful" engineers are defined as those who went on to receive an inbound message from a company matching their preferences through Triplebyte's platform.) "I'm confident that if you're an engineering manager running an interview, you wouldn't give an offer to someone who performed below that line."

Question 1: What kind of SQL statement retrieves data from a table?

• LOOKUP
• READ
• FETCH
• SELECT

In a new article in Forbes, a Business Technology professor at the Villanova School of Business argues that the way we build software applications is changing: If you're living in the 21st century you turn to your cloud provider for help where many of the most powerful technologies are now offered as-a-service. When your requirements cannot be completely fulfilled from cloud offerings, you build something. But what does "building" mean? What does "programming" mean...? You can program from scratch. You can go to Github (where you can find code of all flavors). Or you can — if you're a little lazier — turn to low-code or no-code programming platforms to develop your applications.

All of this falls under the umbrella of what, the Gartner Group defines as the "democratization of expertise":

"Democratization is focused on providing people with access to technical expertise (for example, ML, application development) or business domain expertise (for example, sales process, economic analysis) via a radically simplified experience and without requiring extensive and costly training...."

[T]he new repositories, platforms and tools are enabling a whole new set of what we used to call "programming." As Satya Nadella said, "Every business will become a software business, build applications, use advanced analytics and provide SAAS services," and as Sajjad Daya says so well in Hackernoon, "Coding takes too long for it to be both profitable and competitively priced. That's not the case with no-code platforms, though. The platforms do the complicated programming automatically, slashing development time..."

The technology democracy has forever changed corporate strategy. And what does this mean? It means that the technical team scales on cue. But "technical" means competencies around Github, low-code/no-code platforms and especially business domains... [A]ll of this levels the technology playing field among companies — so long as they understand the skills and competencies they need.

We live in a world where billions of login credentials have been stolen, enabling the brute-force cyberattacks known as "credential stuffing", reports CSO Online. And it's being made easier by APIs: New data from security and content delivery company Akamai shows that one in every five attempts to gain unauthorized access to user accounts is now done through application programming interfaces (APIs) instead of user-facing login pages. According to a report released today, between December 2017 and November 2019, Akamai observed 85.4 billion credential abuse attacks against companies worldwide that use its services. Of those attacks, around 16.5 billion, or nearly 20%, targeted hostnames that were clearly identified as API endpoints.

However, in the financial industry, the percentage of attacks that targeted APIs rose sharply between May and September 2019, at times reaching 75%.

"API usage and widespread adoption have enabled criminals to automate their attacks," the company said in its report. "This is why the volume of credential stuffing incidents has continued to grow year over year, and why such attacks remain a steady and constant risk across all market segments."
APIs also make it easier to extract information automatically, the article notes, while security experts "have long expressed concerns that implementation errors in banking APIs and the lack of a common development standard could increase the risk of data breaches."

Yet the EU's "Payment Services Directive" included a push for third-party interoperability among financial institutions, so "most banks started implementing such APIs... Even if no similar regulatory requirements exist in non-EU countries, market forces are pushing financial institutions in the same direction since they need to innovate and keep up with the competition."

kimanaw shares a report: The Trump administration urged the U.S. Supreme Court to reject an appeal by Alphabet's Google, boosting Oracle's bid to collect more than $8 billion in royalties for Google's use of copyrighted programming code in the Android operating system. The administration weighed in on the high-stakes case on the same day that President Donald Trump attended a re-election campaign fundraiser in California hosted by Oracle's co-founder, billionaire Larry Ellison. Ellison hosted a golf outing and photos with Trump. The event cost a minimum of $100,000 per couple to attend, with a higher ticket price of $250,000 for those who wanted to participate in a policy roundtable with the president, the Palm Springs Desert Sun reported. Google is challenging an appeals court ruling that it violated Oracle copyrights when it included some Oracle-owned Java programming code in Android. The dispute has split Silicon Valley, pitting developers of software code against companies that use the code to create programs. Google's "verbatim copying" of Oracle's code into a competing product wasn't necessary to foster innovation, the U.S. Solicitor General Noel Francisco said Wednesday in a filing with the court.

TechRadar shares some surprising results from a new survey of enterprises using COBOL and mainframe technologies: According to a survey by Micro Focus, which follows data gathered in previous 2017 survey, 70 percent favor modernization as an approach for implementing strategic change. This is opposed to replacing or retiring their key COBOL applications as they continue to provide a low-risk and effective means of transforming IT to support digital business initiatives...

This is further supported by the results of the survey with an increase in the size of the average application code base which grew from 8.4m in 2017 to 9.9m this year, showing continued investment, re-use and expansion in core business systems.
"92 percent of respondents felt as though their organization's COBOL applications are strategic in comparison to 84 percent of respondents in 2017," according to the official survey results. The survey spanned 40 different countries, and involved COBOL-connected architects, developers, development managers and IT executives.

"COBOL's credentials as a strong digital technology appear to be set for another decade," according to Micro Focus' senior vice president of application modernization and connectivity. "With 60 years of experience supporting mission-critical applications and business systems, COBOL continues to evolve as a flexible and resilient computer language that will remain relevant and important for businesses around the world."

"Now budding Python developers can read up on the National Security Agency's own Python training materials," reports ZDNet: Software engineer Chris Swenson filed a Freedom of Information Act request with the NSA for access to its Python training materials and received a lightly redacted 400-page printout of the agency's COMP 3321 Python training course. Swenson has since scanned the documents, ran OCR on the text to make it searchable, and hosted it on Digital Oceans Spaces. The material has also been uploaded to the Internet Archive...

"If you don't know any programming languages yet, Python is a good place to start. If you already know a different language, it's easy to pick Python on the side. Python isn't entirely free of frustration and confusion, but hopefully you can avoid those parts until long after you get some good use out of Python," writes the NSA...

Swenson told ZDNet that it was "mostly just curiosity" that motivated him to ask the NSA about its Python training material. He also said the NSA had excluded some course material, but that he'll keep trying to get more from the agency... Python developer Kushal Das has pulled out some interesting details from the material. He found that the NSA has an internal Python package index, that its GitLab instance is gitlab.coi.nsa.ic.gov, and that it has a Jupyter gallery that runs over HTTPS. NSA also offers git installation instructions for CentOS, Red Hat Enterprise Linux, Ubuntu, and Windows, but not Debian.

An anonymous reader shares a report: It comes as no surprise that the guidance computers aboard the Apollo 11 spacecraft were impossibly primitive compared to the pocket computers we all carry around 50 years later. But on his website, an Apple developer analyzed the tech specs even further and found that even something as simple as a modern USB charger is packed with more processing power. Forrest Heller, a software developer who formerly worked on Occipital's Structure 3D scanner accessory for mobile devices, but who now works for Apple, broke down the numbers when it comes to the processing power, memory, and storage capacity of Google's 18W Pixel charger, Huawei's 40W SuperCharge, the Anker PowerPort Atom PD 2 charger, and the Apollo 11 guidance computer, also referred to as the AGC. It's not easy to directly compare those modern devices with the 50-year-old AGC, which was custom developed by NASA for controlling and automating the guidance and navigation systems aboard the Apollo 11 spacecraft.

In a time when computers were the size of giant rooms, the AGC was contained in a box just a few feet in length because it was one of the first computers to be made with integrated circuits. Instead of plopping in an off the shelf processor, NASA's engineers designed and built the AGC with somewhere around 5,600 electronic gates that were capable of performing nearly 40,000 simple mathematical calculations every second. While we measure processor speeds in gigahertz these days, the AGC chugged along at 1.024 MHz. By comparison, the Anker PowerPort Atom PD 2 USB-C charger includes a Cypress CYPD4225 processor running at 48 MHz with the twice the RAM of the AGC, and almost twice the storage space for software instructions.

The sophistication of the Emotet malware's code base and its regularly evolving methods for tricking targets into clicking on malicious links has allowed it to spread widely. "Now, Emotet is adopting yet another way to spread: using already compromised devices to infect devices connected to nearby Wi-Fi networks," reports Ars Technica. From the report: Last month, Emotet operators were caught using an updated version that uses infected devices to enumerate all nearby Wi-Fi networks. It uses a programming interface called wlanAPI to profile the SSID, signal strength, and use of WPA or other encryption methods for password-protecting access. Then, the malware uses one of two password lists to guess commonly used default username and password combinations. After successfully gaining access to a new Wi-Fi network, the infected device enumerates all non-hidden devices that are connected to it. Using a second password list, the malware then tries to guess credentials for each user connected to the drive. In the event that no connected users are infected, the malware tries to guess the password for the administrator of the shared resource.

"With this newly discovered loader-type used by Emotet, a new threat vector is introduced to Emotet's capabilities," researchers from security firm Binary Defense wrote in a recently published post. "Previously thought to only spread through malspam and infected networks, Emotet can use this loader-type to spread through nearby wireless networks if the networks use insecure passwords." The Binary Defense post said the new Wi-Fi spreader has a timestamp of April 2018 and was first submitted to the VirusTotal malware search engine a month later. While the module was created almost two years ago, Binary Defense didn't observe it being used in the wild until last month.

minstrelmike shares a report. From the article: The best way to get a feel for what NASA's job was like is to read some of the code, now immortalized in a GitHub repository. Choose a file at random. GROUND_TRACKING_DETERMINATION_PROGRAM.agc, for instance, has 204 lines and more than 85 of them are comments. Each of the lines consists of only one operation, unlike modern languages, which can pack dozens of operations with multiple options into one line. The simplicity becomes obvious .... The Apollo Guidance Computer had only 36k of ROM to hold the compiled version."

You didn't need security, function was the only thing that counted, and you only had to do one thing. A Go app compiled with version 1.7 that only prints "Hello World" is 1.6 megabytes alone, and the Go world was totally thrilled with this news because it was 2.3 megabytes before." And you didn't need to deal with lawyers. There are 22 thousand words in the basic Terms of Service for renting a machine in Amazon's cloud. There is also an entirely different TOS for using the website to rent the machine. Then each individual product often has its own TOS, like this one for Activate. Add them up and they're much longer than the 36 thousand instruction words in the ROM in the Lunar Lander's computer.

"Under the age of 39? Odds are that most of your peers learned to code in C.

"Most Baby Boomers and Gen Xers — or, those between the ages of 40 and 74 in 2020 — learned to code in BASIC."

That's just one of the interesting conclusions from HackerRank's third annual "Developer Skills Report," which this year compiled responses from over 116,000 developers (from 162 different countries). Developed for educational use in 1964, BASIC was a popular instructional language in college classrooms. But that began to change in 1972, when Bell Labs invented C, allowing portability of the Unix operating system. Though it wasn't an instant hit, the language rose to popularity in the late 70s and early 80s alongside the growth of Unix. Today, the language is celebrated for its longevity, flexibility, and ease of use — just some of the reasons it's still popular for Gen Zers learning to code today.

Gen Z is more likely than any previous generation to utilize bootcamps. Nearly one in six say they've leveraged bootcamps to learn new skills. On the flip side, they're less likely to learn coding skills from older generations' go-tos, like books and on-the-job training. As Gen Z comes to rely more heavily on non-traditional education sources like bootcamps, they're poised to become a key talent pool.
Jaxenter also summarizes another interesting finding from the survey. "72% of hiring managers reported that bootcamp grads were equally or better equipped for their job." The I-Programmer site even noted the top reasons managers gave the surveyors for why bootcamp grads exceed:

• Ability to learn new technologies & languages quickly (71%)
• Strong practical experience (61%)
• Eager to take on new responsibilities (52%)

And they also summarize another interesting result. "Almost a third of developers at small companies (1-49 employees) haven't obtained a Bachelor's degree -- a proportion that drops to only 9% in companies with 10,000 or more employees."

China's Xiaomi, Huawei, Oppo and Vivo are joining forces to create a platform for developers outside China to upload apps onto all of their app stores simultaneously, in a move analysts say is meant to challenge the dominance of Google's Play store. From a report: The four companies are ironing out kinks in what is known as the Global Developer Service Alliance (GDSA). The platform aims to make it easier for developers of games, music, movies and other apps to market their apps in overseas markets, according to people with knowledge of the matter. The GDSA was initially aiming to launch in March, sources said, although it is not clear how that will be affected by the recent coronavirus outbreak. A prototype website says the platform will initially cover nine "regions" including India, Indonesia and Russia.

From a report: I'll just pay a little more attention to the Android bit: a total of $80 billion paid out to Android developers, which is significantly less than the $155 billion Apple has paid out via the iOS App Store. Even if you account for Google allowing developers to use their own payment methods and made a bunch of other caveats, I suspect you can't avoid the truth. The vast majority of phones on Earth run Android, and yet it is almost surely the case that there's more money for developers in iPhone apps. That's always been the conventional wisdom, but Google's own numbers all but confirm it.

Eric Raymond has been working on a tool called reposurgeon for editing version-control repository histories -- those "risky operations that version-control systems don't want to let you do." But this led to some interesting thoughts about documentation: "Why doesn't reposurgeon have easy introductory documentation" would normally have a simple answer: because the author, like all too many programmers, hates writing documentation, has never gotten very good at it, and will evade frantically when under pressure to try. But in my case none of that description is even slightly true. Like Donald Knuth, I consider writing good documentation an integral and enjoyable part of the art of software engineering. If you don't learn to do it well you are short-changing not just your users but yourself...

If you go looking for gdb intro documentation, you'll find it's also pretty terrible. Examples of a few basic commands is all they can do; you never get an entire worked example of using gdb to identify and fix a failure point. And why is this....? High-quality introductory software documentation depends on worked examples that are understandable and reproducible. If your software's problem domain features serious technical barriers to mounting and stuffing a gallery of reproducible examples, you have a problem that even great willingness and excellent writing skills can't fix.

Of course my punchline is that reposurgeon has this problem, and arguably an even worse example of it than gdb's. How would you make a worked example of a repository conversion that is both nontrivial and reproducible? What would that even look like...? Having identified the deep problem, I'd love to be able to say something revelatory and upbeat about how to solve it.... Unfortunately, at this point I am out of answers. Perhaps the regulars on my blog will come up with some interesting angle.

Slashdot reader jbmartin6 summarizes a new article from Carnegie Mellon's Software Engineering Institute: An academic study challenges the notion that "some programmers are much, much better than others (the times-10, or x10, programmer), and that the skills, abilities, and talents of these programmers exert an outsized influence on that organization's success or failure."

Instead, the author shows productivity variation is often a result of poor-performing outliers and some wide variation in individual's productivity from day to day. Once these factors are eliminated, the gap between top performers and normal performers isn't that great, and there is a very small supply of consistent top performers anyway. This result has a lot of implications for how software teams and projects are managed.
The article concludes that "while some programmers are better or faster than others, the scale and usefulness of this difference has been greatly exaggerated....

"Rather than try to label programmers with simplistic terms such as 'best' and 'worst,' the most motivating and humane way to improve average performance is to find ways to improve everyone's performance."

Slashdot reader SpaceForceCommander shared Dice's new annual report on America's tech industry salaries based on a survey of over 12,800 "technologists": Columbus and St. Louis enjoyed double-digit year-over-year growth in salaries (14.2 percent and 13.6 percent, respectively), and other cities such as Denver [7 percent] and Atlanta [10 percent] also experienced an ideal mix of growth and high salaries. These up-and-comers benefitted from the presence of key employers such as Amazon and IBM; in addition, a lower cost of living and plentiful amenities have made them increasingly attractive to technologists, even those coming from well-established tech hubs such as Silicon Valley.

Silicon Valley remains a world of high salaries — but the cost of living in the Bay Area remains extraordinarily high, which chews into that higher-than-average paycheck. And that's before we factor in issues such as grinding commutes. In Seattle, New York City (also known as "Silicon Alley"), and other well-established tech hubs, costs are similarly high, which only makes up-and-coming tech hubs more potentially attractive to technologists.
Silicon Valley is still #1 on Dice's ranking of average annual salaries (at $123,826), followed by Seattle, San Diego, Boston, Baltimore, Portland, Denver, and then New York. (And while St. Louis ranks #9, Columbus is #17.)

But the average annual tech-industry salary rose just 1.3 percent last year, according to the survey, with Dice arguing that what made salaries vary was supply and demand. They then ranked the highest-paying skills, starting with Apache Kafka (with average reported salaries of $134,557), followed by HANA (High performance ANalytic Appliance), Cloudera, and MapReduce: Newer skills don't necessarily draw higher salaries; with many older skills, the number of proficient technologists is relatively low, which means employers are willing to pay more in order to secure their services. (That's a key reason why the handful of technologists who still know their way around an ancient mainframe can score six-figure salaries from companies that haven't given up decades-old hardware....) In the case of programming languages such as Swift, which enjoyed significant year-over-year growth and high salaries, a large number of technologists might have mastered it — but the market is huge and white-hot, ensuring that compensation will only rise.

The Go team is planning for a February release of Go 1.14, and "Per the process outlined in the Go 2, here we come! blog post, it is again the time in our development and release cycle to consider if and what language or library changes we might want to include for our next release, Go 1.15, scheduled for August of this year."
The primary goals for Go remain package and version management, better error handling support, and generics. Module support is in good shape and getting better with each day, and we are also making progress on the generics front (more on that later this year).

Our attempt seven months ago at providing a better error handling mechanism, the try proposal, met good support but also strong opposition and we decided to abandon it. In its aftermath there were many follow-up proposals, but none of them seemed convincing enough, clearly superior to the try proposal, or less likely to cause similar controversy. Thus, we have not further pursued changes to error handling for now. Perhaps some future insight will help us to improve upon the status quo.

Given that modules and generics are actively being worked on, and with error handling changes out of the way for the time being, what other changes should we pursue, if any? There are some perennial favorites such as requests for enums and immutable types, but none of those ideas are sufficiently developed yet, nor are they urgent enough to warrant a lot of attention by the Go team, especially when also considering the cost of making a language change.

After reviewing all potentially viable proposals, and more importantly, because we don't want to incrementally add new features without a long-term plan, we concluded that it is better to hold off with major changes this time. Instead we concentrate on a couple of new vet checks and a minor adjustment to the language...

We believe that none of these three proposals are controversial but there's always a chance that we missed something important. For that reason we plan to have the proposals implemented at the beginning of the Go 1.15 release cycle (at or shortly after the Go 1.14 release) so that there is plenty of time to gather experience and provide feedback. Per the proposal evaluation process, the final decision will be made at the end of the development cycle, at the beginning of May, 2020.

Over the course of a year, Apple took down 805 apps in mainland China by its own account. From a report: In Apple's latest transparency report accounting for the first half of 2019, the iPhone maker said it removed 288 apps from China's iOS App Store for both legal and policy violations. The Apple Transparency Report goes out twice a year and details requests received from government agencies and private parties worldwide. The report lists government requests to access information on accounts and devices, but the last two reports also include the number of apps Apple removed that period. When it comes to why those apps are removed, though, Apple is tight-lipped. The reports cite two reasons for app removals: Platform violations, which covers gambling apps (gambling is illegal in China), and legal violations, which according to Apple usually means apps with pornography (also illegal in China) and other illegal content.

[...] The total number of apps missing from the App Store because of government censorship is hard to know. GreatFire has used its tool applecensorship.com to identify 2,678 apps that aren't available inside the mainland China App Store. But this number doesn't paint the full picture. Records of missing apps are only generated when people search for them on the website. And there's no information on whether apps were taken down because of a government request, a decision from Apple or the app makers' choice. Many of the apps recorded were never listed on the mainland China App Store. But the list does provide some insight, like the fact that the 149 unavailable news apps is more than in any other country. "We know that app store removals are happening more often in China," said GreatFire's Karen Reilly. "We know that many of these apps are news sources. We know that many of these apps are VPNs and other software that everyday people use to protect their privacy."

Google will shut down its low-code development platform, App Maker, early next year. From a report: Google today announced it is killing off yet another service: App Maker, G Suite's low-code environment for building custom business apps. Google App Maker will be "turned down" gradually this year and officially shut down on January 19, 2021. Google cited "low usage" as an explanation for the move. If your business was using App Maker or considering moving to App Maker, you'll need to find another tool. Indeed, Google is making today's announcement not even two weeks after acquiring no-code app development platform AppSheet. Google first launched App Maker as part of an Early Adopter Program in November 2016. At the time, we described it as a service that "lets users drag and drop widgets around on a user interface that complies with Google's Material design principles" to create apps that can be "customized further with scripts, as well as HTML, CSS, JavaScript, and JQuery content." Once apps are live, usage can be monitored through Google Analytics. App Maker hit general availability for all G Suite Business, Enterprise, and Education customers in June 2018. A year and a half later, and it's already headed to the grave.

mbadolato (Slashdot reader #105,588) shares this post from Belgium-based programmer Brent Roose: It's no secret among web developers and programmers in general: PHP doesn't have the best reputation. Despite still being one of the most used languages to build web applications; over the years PHP has managed to get itself a reputation of messy codebases, inexperienced developers, insecure code, an inconsistent core library, and what not. While many of the arguments against PHP still stand today, there's also a bright side: you can write clean and maintainable, fast and reliable applications in PHP.

In this post, I want to look at this bright side of PHP development. I want to show you that, despite its many shortcomings, PHP is a worthwhile language to learn. I want you to know that the PHP 5 era is coming to an end. That, if you want to, you can write modern and clean PHP code, and leave behind much of the mess it was 10 years ago.
The article notes PHP's opt-in type system and performance-enhancing rewrites (including the ability to store compiled chunks of PHP code in memory). And it argues that PHP "is still evolving today," with a package repository averaging over 25 million downloads a day. There's also PHP web application frameworks (as well as asynchronous frameworks), so "PHP isn't just WordPress anymore."

And in keeping with the core team's yearly release cycle, PHP 8 is expected at the end of 2020, which will include a JIT compiler, "allowing PHP to enter new areas besides web development..."