Tech News - Programming

Yesterday, the LLVM team announced the stable release of LLVM 9; though LLVM 9.0 missed its planned release date, which was 28th August. LLVM 9.0 RC3 was made available earlier this month. With LLVM 9, the RISC-V target is now out of the experimental mode and turned on by default. Other changes include improved support for asm goto in the MIPS target, another assembly-level support added to the Armv8.1-M architecture, new immarg parameter attribute added to the LLVM IR, and more. LLVM 9 also explores many bug fixes, optimizations, and diagnostics improvements. LLVM 9 also presents an experimental support for C++ in Clang 9. What’s new in LLVM 9 Two new extension points, called EP_FullLinkTimeOptimizationEarly and EP_FullLinkTimeOptimizationLast are available as plugins for specializing the legacy pass manager full LTO pipeline. A new COFF object files/executables support for llvm-objcopy/llvm-strip. It will support the most common copying/stripping options. LLVM_ENABLE_Z3_SOLVER has replaced the CMake parameter CLANG_ANALYZER_ENABLE_Z3_SOLVER. LLVM 9.0 has finally made the “experimental” RISC-V LLVM backend “official” and will be enabled by default. This means that it no longer needs to be enabled by LLVM_EXPERIMENTAL_TARGETS_TO_BUILD. The RISC-V Target has full codegen support for the RV32I and RV64I based RISC-V instruction set variants, along with the MAFDC standard extensions. Explaining the reason behind this update, Alex Bradbury, CTO and Co-Founder of the lowRISC said, “As well as being more convenient for end users, this also makes it significantly easier for e.g. Rust/Julia/ Swift and other languages using LLVM for code generation to do so using the system-provided LLVM libraries. This will make life easier for those working on RISC-V ports of Linux distros encountering issues with Rust dependencies.” A new support for target-independent hardware loops is added along with PowerPC and Arm implementations, in IR. Other changes in LLVM 9 LLVM IR: A new immarg parameter attribute is added. It indicates that an intrinsic parameter is required to be a simple constant. The atomicrmw xchg now allows floating point types and supports fadd and fsub. ARM Backend: A assembly-level support is added for the Armv8.1-M architecture, including the M-Profile Vector Extension (MVE). Another pipeline model to be used for cores is also added to Cortex-M4. MIPS Target: Improved experimental support for GlobalISel instruction selection framework. New support for .cplocal assembler directive, sge, sgeu, sgt, sgtu pseudo instructions and asm goto constraint. PowerPC Target: Improved handling of TOC pointer spills for indirect calls and better precision of square root reciprocal estimates. SystemZ Target: A new support for the arch13 architecture is added. The builtins for the new vector instructions can be enabled using the -mzvector option. What’s new in Clang 9? With the stable release of LLVM 9, Clang 9 official release was also made available. The major new feature in Clang 9 is the new addition of experimental support for C++ for OpenCL. Clang 9 also new compiler flags- -ftime-trace and ftime-trace-granularity=N.  C Language improvements in Clang 9 The __FILE_NAME__ macro is added as a Clang specific extension and supports all C-family languages. It also provides initial support for asm goto statements for control flow from inline assembly to labels. The main consumers of this construct are the Linux kernel (CONFIG_JUMP_LABEL=y) and glib. Also, with the addition of asm goto support, the mainline Linux kernel for x86_64 is now buildable and bootable with Clang 9. The release notes also specifies about an issue that could not be fixed before the LLVM 9 release, “PR40547 Clang gets miscompiled by GCC 9.” C++ Language improvements in Clang 9 An experimental support for C++is added to OpenCL. Clang 9 also brings backward compatibility with OpenCL C v2.0. Other implemented features include: The address space behavior is improved in the majority of C++ features like templates parameters and arguments, reference types, type deduction, and more. OpenCL-specific types like images, samplers, events, pipes, are now accepted OpenCL standard header in Clang can be compiled in C++ mode Users are happy with the LLVM 9 features, especially the support for asm goto. A user on Hacker News comments, “This is big. Support for asm goto was merged into the mainline earlier this year, but now it's released [1]. Aside from the obvious implications of this - being able to build the kernel with LLVM - working with eBPF/XDP just got way easier” Another user says, “The support for asm goto is great for Linux, no longer being dependent on a single compiler for one of the most popular ISAs can only be a good thing for the overall health of the project.” For the complete list of changes, check out the official LLVM 9 release notes. Other news in Programming Dart 2.5 releases with the preview of ML complete, the dart:ffi foreign function interface and improvements in constant expressions Microsoft releases Cascadia Code version 1909.16, the latest monospaced font for Windows Terminal and Visual Studio Code Linux 5.3 releases with support for AMD Navi GPUs, Zhaoxin x86 CPUs and power usage improvements

Scala in its recent announcement suggested the roadmap for Scala 3.0 and what features developers can expect in Scala 3. Following this, the Scala community also announced the new release will be Scala 2.13 and mentioned that Scala 3 will succeed Scala 2.13. With the first official talk about Scala 3, the community also unveiled its secret project called Dotty. It announced that Dotty will become Scala 3. Dotty is a set of compiler technology for Scala. The suggested timeline for the preview release of Scala 3.0 is around early 2020. With this development, the community has suggested that Scala 2.13, expected to release in few months, will be an important release for migration to Scala 3. What can you expect in Scala 3? The community is working to fuse two big paradigms: Object-Oriented programming and functional programming together to make development more convenient in Scala ecosystem. Alongside this ongoing improvement, the community is focussing on the following aspects: With Scala 3, the community is emphasizing on 4 main features of Scala: consistency, safety, ergonomics, and performance. The community is working on adding types and operators to carry out these functionalities. In Scala 3 expect advanced programming paradigms like metaprogramming and generative programming. Currently, the macro systems are implemented at an experimental level to carry out metaprogramming. The community has suggested replacing the macro system with some other solution. Generative programming design with scala is currently under development. Improvement in Scala tools for building strong foundations for software design. Also removal of some components of the language that are rarely used to make the language lightweight. Automatic rewriting through the scalafix tool for efficient migration of code from Scala 2 to Scala 3. Updated Scala compiler, IDE plugins, REPL, Scaladoc, and build tools. The community is working on updating the Dotty plugins and its standard build tools SBT for working properly with Scala 3. Scala 3 will share the same standard library used in Scala 2. However, with the update, Scala 3 will not be binary compatible with Scala 2 because of the update in Scala compiler. The community is working on making the migration as smooth as possible which makes the release of Scala 2.14 pivotal. To get an early preview of Scala 3 features, developers can start working on the development of Dotty, available on the GitHub repository and report any issues on the issues page. Scala 2.12.5 is here!

Although not due to arrive until March 2021, Java Development Kit (JDK) 16 has begun to take shape, with proposed features including concurrent thread-stack processing for garbage collection, support for C++ 14 language features, and an “elastic metaspace” capability to more quickly return unused class metadata memory to the OS. JDK 16 will be the reference implementation of the version of standard Java set to follow JDK 15, which arrived September 15. The six-month release cadence for standard Java would have JDK 16 arriving next March. [ Also on InfoWorld: JDK 15: The new features in Java 15 ] As of October 8, eight proposals officially target JDK 16. The new capabilities coming to Java 16 include: To read this article in full, please click here

It’s been more than 20 years since Microsoft released the first version of the C# language. Over the years C# has experienced a remarkable evolution, from being called as a Java copycat to one of the most loved and used programming languages. The current developments in C# 7 ecosystem are exciting, and grabbing the attention of developers, but what about the future? Can developers take a sneak peek into the future of C#? Well of course they can! The Microsoft language design team have been developing the language features ‘in the open’ for quite some time now. They have proposed several new features for the upcoming C# 8.0 and have released several prototypes for the developers, to try them out and provide feedback on the official Github repo. Let’s take a look at the most likely new C# 8 features: Nullable Reference Types The name of this particular feature might confuse a lot of developers wondering “Isn’t nullable reference a bad idea?” or “Shouldn’t it be called non nullable reference types?”. Sir Tony Hoare, a British computer scientist invented null references and famously called them the “Billion Dollar Mistake” as the biggest problem is, of course, the risk of getting the infamous null-reference exception. Since all reference types in C# can be null, you always run the risk of getting an exception when you try to access some member of the object. Functional languages try to deal with this problem by having a type that represents the concept of potential absent value. Instead of introducing non-nullable reference types in C#, Microsoft has chosen to consider reference types as non-nullable by default and provide mechanisms to deal with nullable types. Since the premise of a reference is often considered to be non-nullable and to be dereferenced. Asynchronous Streams Asynchronous streams provide the ability to use async/await inside an iterator. In most cases, an iterator is implemented synchronously. There are some cases, however, where it might need to await a call on every iteration to fetch the next item. In such cases, asynchronous streams can come in handy. To support this feature, a couple of things need to be taken care of: New types, the async equivalents of IEnumerable and IEnumerator Ability to specify an await on an iterator construct such as foreach. Default interface implementations: The primary use case for default interface methods is to enable the developer to safely evolve an interface. You could add new methods to it and, as long as you provide a default implementation, existing clients of the interface wouldn’t be forced to implement it. Another important value proposition of default implementation on interfaces relates to Android and iOS. Since both Java and Swift offer this feature, it’s tricky to use C# to wrap Android/iOS APIs that make use of default interface implementations. C# 8.0 will make it possible to wrap those APIs more faithfully. There are plenty of other features proposed to be implemented in C# 8 such as target-typed new expressions, covariant return types, and extension everything. All these features are in different stages of development and a lot can (and probably will) change from now until C# 8.0’s release Till then you can closely follow the official Github repo for C#.   Stay up to date with the latest features, release dates, and general discussions on key programming tools and tech by subscribing to Packt Hub. Check out other latest news: Red Programming Language for Android development! What’s new in Visual Studio 1.22 OpenCV 4.0 is on schedule for July release

Yesterday, Daniel Stenberg, the lead developer of curl announced that Google is planning to reimplement curl in libcrurl and it will be renamed as libcurl_on_cronet. https://twitter.com/bagder/status/1141588339100934149 The official blog post reads, “The Chromium bug states that they will create a library of their own (named libcrurl) that will offer (parts of) the libcurl API and be implemented using Cronet.” Daniel Stenberg explains the reason for reimplementation, “Implementing libcurl using Cronet would allow developers to take advantage of the utility of the Chrome Network Stack, without having to learn a new interface and its corresponding workflow. This would ideally increase ease of accessibility of Cronet, and overall improve adoption of Cronet by first-party or third-party applications.” According to him, the team might also hope that 3rd party applications can switch to this library without the need for switching to another API. So if this works then there is a possibility that the team might also create “crurl” tool which then will be their own version of the tool using their own library. Daniel Stenberg states in the post, “In itself is a pretty strong indication that their API will not be fully compatible, as if it was they could just use the existing curl tool…” He writes, “As the primary author and developer of the libcurl API and the libcurl code, I assume that Cronet works quite differently than libcurl so there’s going to be quite a lot of wrestling of data and code flow to make this API work on that code.” The libcurl API is quite versatile and has developed over a period of almost 20 years. There’s a lot of functionality, options and subtle behavior that may or may not be easy to mimic. If the subset is limited to a number of functions and libcurl options and they are made to work exactly the way they have been documented, then it could be difficult as well as time-consuming. He writes, “I don’t think applications will be able to arbitrarily use either library for a very long time, if ever. libcurl has 80 public functions and curl_easy_setopt alone takes 268 different options!” Read Also: Cisco merely blacklisted a curl instead of actually fixing the vulnerable code for RV320 and RV325 According to Stenberg, there’s still no clarity on API/ABI stability or how are they planning to ship or version their library. Stenberg writes, “There’s this saying about imitation and flattery but getting competition from a giant like Google is a little intimidating. If they just put two paid engineers on their project they already have more dedicated man power than the original libcurl project does…” So, the team from Google’s end finds and fixes issues in the code and API such that curl improves. This makes more users aware of libcurl and its API and the team behind curl make it easier for users and applications to do safe and solid Internet transfers. According to Stenberg, applications need to be aware of the APIs they work with to avoid confusion. He also highlighted that users might have been confused because of the names, “libcrurl” and “crurl” as they appear to be like typos. He added, “Since I don’t think “libcrurl” will be able to offer a compatible API without a considerable effort, I think applications will need to be aware of which of the APIs they work with and then we have a “split world” to deal with for the foreseeable future and that will cause problems, documentation problems and users misunderstanding or just getting things wrong.” “Their naming will possibly also be the reason for confusion since “libcrurl” and “crurl” look so much like typos of the original names,” he said. To know more about this news, check out the blog post by Daniel Stanberg. Google Calendar was down for nearly three hours after a major outage How Genius used embedded hidden Morse code in lyrics to catch plagiarism in Google search results Google, Facebook and Twitter submit reports to EU Commission on progress to fight disinformation  

Just two months ago, the team behind GCC (GNU Compiler Collection) made certain changes to GCC 9.1. And Last week, the team released GCC 9.1 with improved diagnostics, location and simpler C++ errors.  What’s new in GCC 9.1? Changes to diagnostics The team added a left-hand margin that shows line numbers. GCC 9.1 now has a new look for the diagnostics. The diagnostics can label regions of the source code in order to show relevant information. The diagnostics come with left-hand and right-hand sides of the “+” operator, so GCC highlights them inline. The team has added a JSON output format such that GCC 9.1 now has a machine-readable output format for diagnostics. C++ errors  The compiler usually has to consider several functions while dealing with C++ at a given call site and reject all of them for different reasons. Also, the g++‘s error messages need to be handled and a specific reason needs to be given for rejecting each function. This makes simple cases difficult to read. This release comes with a  special-casing to simplify g++ errors for common cases. Improved C++ syntax in GCC 9.1 The major issue within GCC’s internal representation is that not every node within the syntax tree has a source location. For GCC 9.1, the team has worked to solve this problem so that most of the places in the C++ syntax tree now retain location information for longer. Users can now emit optimization information GCC 9.1 can now automatically vectorize loops and reorganize them to work on multiple iterations at once. Users will now have an option, -fopt-info, that will help in emitting optimization information. Improved runtime library in GCC 9.1 This release comes with improved experimental support for C++17, including <memory_resource>. There will also be a support for opening file streams with wide character paths on Windows. Arm specific This release comes with support for the deprecated Armv2 and Armv3 architectures and their variants have been removed. Support for the Armv5 and Armv5E architectures has also been removed. To know more about this news, check out RedHat’s blog post. DragonFly BSD 5.4.1 released with new system compiler in GCC 8 and more The D language front-end support finally merged into GCC 9 GCC 8.1 Standards released!

Last week, Bryn Jackson, CEO of Spectrum, a real-time community-centered conversational platform, announced that the project is now acquired by GitHub. Bryn, along with Brian Lovin, and Max Stoiber founded the Spectrum community platform in February 2017. This community is a place to ask questions, request features, report bugs, and also chat with the Spectrum team for queries. In a blogpost Bryn wrote, “After releasing an early prototype, people told us they also wanted to use it for their communities, so we decided to go all-in and build an open, inclusive home for developer and designer communities. Since officially launching the platform late last year, Spectrum has become home to almost 5,000 communities!” What will Spectrum bring to GitHub communities? By joining GitHub, Spectrum aims to align to GitHub’s goals of making developer lives easier and of fostering a strong community across the globe. For communities across GitHub, Spectrum will provide: A space for different communities across the internet. Free access to its full suite of features - including unlimited moderators, private communities and channels, and community analytics. A deeper integration with GitHub Spectrum has also opened a pull request to add some of GitHub’s policies to Spectrum’s Privacy Policy, which will be merged this week. Though many users have not heard about Spectrum, they are positively reacting towards its acquisition by GitHub. Many users have also compared it with other platforms such as Slack, Discord, and Gitter. To know more about this news, read Bryn Jackson’s blog post. GitHub Octoverse: The top programming languages of 2018 GitHub has passed an incredible 100 million repositories Github now allows repository owners to delete an issue: curse or a boon?

Last week, Google announced that its Cloud Healthcare API is now available in beta. The API acts as a bridge between on-site healthcare systems and applications that are hosted on Google Cloud. This API is HIPAA compliant, ecosystem-ready and developer-friendly. The aim of the team at Google is to give hospitals and other healthcare facilities more analytical power with the help of Cloud Healthcare API. The official post reads, "From the beginning, our primary goal with Cloud Healthcare API has been to advance data interoperability by breaking down the data silos that exist within care systems. The API enables healthcare organizations to ingest and manage key data and better understand that data through the application of analytics and machine learning in real time, at scale." This API offers a managed solution for storing and accessing healthcare data in Google Cloud Platform (GCP). With the help of this API, users can now explore new capabilities for data analysis, machine learning, and application development for healthcare solutions. The  Cloud Healthcare API also simplifies app development and device integration to speed up the process. This API also supports standards-based data formats and protocols of existing healthcare tech. For instance, it will allow healthcare organizations to stream data processing with Cloud Dataflow, analyze data at scale with BigQuery, and tap into machine learning with the Cloud Machine Learning Engine. Features of Cloud Healthcare API Compliant and certified This API is HIPAA compliant and HITRUST CSF certified. Google is also planning ISO 27001, ISO 27017, and ISO 27018 certifications for Cloud Healthcare API. Explore your data This API allows users to explore their healthcare data by incorporating advanced analytics and machine learning solutions such as BigQuery, Cloud AutoML, and Cloud ML Engine. Managed scalability Google’s Cloud Healthcare API provides web-native, serverless scaling which is optimized by Google’s infrastructure. Users can simply activate the API to send requests as the initial capacity configuration is not required. Apigee Integration This API integrates with Apigee, which is recognized by Gartner as a leader in full lifecycle API management, for delivering app and service ecosystems around user data. Developer-friendly This API organizes users’ healthcare information into datasets with one or more modality-specific stores per set where each store exposes both a REST and RPC interface. Enhanced data liquidity The API also supports bulk import and export of FHIR data and DICOM data, which accelerates delivery for applications with dependencies on existing datasets. It further provides a convenient API for moving data between projects. The official post reads, “While our product and engineering teams are focused on building products to solve challenges across the healthcare and life sciences industries, our core mission embraces close collaboration with our partners and customers.” Google will highlight what its partners, including the American Cancer Society, CareCloud, Kaiser Permanente, and iDigital are doing with the API at the ongoing Google Cloud Next. To know more about this news, check out Google’s official announcement. Ian Goodfellow quits Google and joins Apple as a director of machine learning Google dissolves its Advanced Technology External Advisory Council in a week after repeat criticism on selection of members Google employees filed petition to remove anti-trans, anti-LGBTQ and anti-immigrant Kay Coles James from the AI council  

Today, we are releasing the October 2020 Security and Quality Rollup Updates for .NET Framework. Security CVE-2020-16937– .NET Framework Information Disclosure Vulnerability An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system’s memory. To exploit the vulnerability, an authenticated attacker would need to run a specially crafted application. The update addresses the vulnerability by correcting how the .NET Framework handles objects in memory. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). CVE-2020-16937 Quality and Reliability This release contains the following quality and reliability improvements. ASP.NET Disabled resuse of AppPathModifier in ASP.Net control output. HttpCookie objects in the ASP.Net request context will be created with configured defaults for cookie flags instead of .NET-style primitive defaults to match the behavior of `new HttpCookie(name)`. CLR1 Added a CLR config variable Thread_AssignCpuGroups (1 by default) that can be set to 0 to disable automatic CPU group assignment done by the CLR for new threads created by Thread.Start() and thread pool threads, such that an app may do its own thread-spreading. Addressed a rare data corruption that can occur when using new API’s such as Unsafe.ByteOffset which are often used with the new Span types. The corruption could occur when a GC operation is performed while a thread is calling Unsafe.ByteOffset from inside of a loop. SQL Addressed a failure that sometimes occured when a user connects to one Azure SQL database, performed an enclave based operation, and then connected to another database under the same server that has the same Attestation URL and performed an enclave operation on the second server. Windows Forms Addressed a regression introduced in .NET Framework 4.8, where Control.AccessibleName, Control.AccessibleRole, and Control.AccessibleDescription properties stopped working for the following controls:Label, GroupBox, ToolStrip, ToolStripItems, StatusStrip, StatusStripItems, PropertyGrid, ProgressBar, ComboBox, MenuStrip, MenuItems, DataGridView. Addressed a regression in accessible name for combo box items for data bound combo boxes. .NET Framework 4.8 started using type name instead of the value of the DisplayMember property as an accessible name, this improvement uses the DisplayMember again. WCF2 Addressed an issue with WCF services sometimes failing to start when starting multiple services concurrently. 1 Common Language Runtime (CLR) 2 Windows Communication Foundation (WCF) Getting the Update The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog. Microsoft Update Catalog You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog. Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update. **Note**: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply. The following table is for Windows 10 and Windows Server 2016+ versions. Product Version Cumulative Update Windows 10 Version Next and Windows Server, Version Next .NET Framework 3.5, 4.8 Catalog 4578967 Windows 10, version 20H2 and Windows Server, version 20H2 .NET Framework 3.5, 4.8 Catalog 4578968 Windows 10 2004 and Windows Server, version 2004 .NET Framework 3.5, 4.8 Catalog 4578968 Windows 10 1909 and Windows Server, version 1909 .NET Framework 3.5, 4.8 Catalog 4578974 Windows 10 1903 and Windows Server, version 1903 .NET Framework 3.5, 4.8 Catalog 4578974 Windows 10 1809 (October 2018 Update) and Windows Server 2019 4579976 .NET Framework 3.5, 4.7.2 Catalog 4578966 .NET Framework 3.5, 4.8 Catalog 4578973 Windows 10 1803 (April 2018 Update) .NET Framework 3.5, 4.7.2 Catalog 4580330 .NET Framework 4.8 Catalog 4578972 Windows 10 1709 (Fall Creators Update) .NET Framework 3.5, 4.7.1, 4.7.2 Catalog 4580328 .NET Framework 4.8 Catalog 4578971 Windows 10 1703 (Creators Update) .NET Framework 3.5, 4.7, 4.7.1, 4.7.2 Catalog 4580370 .NET Framework 4.8 Catalog 4578970 Windows 10 1607 (Anniversary Update) and Windows Server 2016 .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 4580346 .NET Framework 4.8 Catalog 4578969 Windows 10 1507 .NET Framework 3.5, 4.6, 4.6.1, 4.6.2 Catalog 4580327 The following table is for earlier Windows and Windows Server versions. Product Version Security and Quality Rollup Security Only Update Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 4579979 4580469 .NET Framework 3.5 Catalog 4578953 Catalog 4578981 .NET Framework 4.5.2 Catalog 4578956 Catalog 4578984 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 4578962 Catalog 4578986 .NET Framework 4.8 Catalog 4578976 Catalog 4578989 Windows Server 2012 4579978 4580468 .NET Framework 3.5 Catalog 4578950 Catalog 4578978 .NET Framework 4.5.2 Catalog 4578954 Catalog 4578982 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 4578961 Catalog 4578985 .NET Framework 4.8 Catalog 4578975 Catalog 4578988 Windows 7 SP1 and Windows Server 2008 R2 SP1 4579977 4580467 .NET Framework 3.5.1 Catalog 4578952 Catalog 4578980 .NET Framework 4.5.2 Catalog 4578955 Catalog 4578983 .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 4578963 Catalog 4578987 .NET Framework 4.8 Catalog 4578977 Catalog 4578990 Windows Server 2008 4579980 4580470 .NET Framework 2.0, 3.0 Catalog 4578951 Catalog 4578979 .NET Framework 4.5.2 Catalog 4578955 Catalog 4578983 .NET Framework 4.6 Catalog 4578963 Catalog 4578987   Previous Monthly Rollups The last few .NET Framework Monthly updates are listed below for your convenience: .NET Framework October 1, 2020 Cumulative Update Preview Update for Windows 10, version 2004 and Windows Server, version 2004 .NET Framework September 2020 Cumulative Update Preview Update .NET Framework September 2020 Security and Quality Rollup Updates The post .NET Framework October 2020 Security and Quality Rollup Updates appeared first on .NET Blog.

Last week, Poetry, a dependency management and packaging tool for Python released their version 1 beta 1. Before venturing into details of this Poetry release, let’s have a brief overview about Python, its issues with dependency management, pipenv and Poetry in general. There’s no doubt that Python is loved by many developers. It is considered as one of the top-rated programming languages with benefits like extensive support library, less-complex syntax, high productivity, excellent integration feature, and many more. Though it has been rated as one of the fastest growing programming languages in 2019, there are some problems with Python, which if rectified, can make it more powerful and accessible to users. Python’s poor dependency management is one such issue. Dependency management helps in managing all the libraries required to make an application work. It becomes extremely necessary when working in a complex project or in a multi-environment. An ideal dependency management tool assists in tracking, updating libraries easier and faster, as well as to solve package dependency issues. Python’s dependency management requires users to make a virtual environment to have separate dependencies, manual addition of version number in every file, inability to parallelize dependency installation and more.  To combat these issues, Python now has two maturing dependency management tools called Pipenv and Poetry. Each of these tools simplify the process of creating a virtual environment and sorting dependencies.  The PyPA-endorsed Pipenv automatically creates and manages a virtualenv for user projects. It also adds/removes packages from the Pipfile as a user installs/uninstalls packages. Its main features include automatically generating a Pipfile and a Pipfile.lock, if one doesn't exist, creating a virtualenv, adding packages to a Pipfile when installed to name a few. On the other hand, Poetry dependency management tool uses only one pyproject.toml file to manage all the dependencies. Poetry allows users to declare the libraries that their project depends on and Poetry will automatically install/update them for the user. It allows projects to be directly published to PyPI, easy tracking of the state of dependencies, and more.  New features in Poetry v1 beta 1 The major highlight in Poetry v1 beta 1 is the new added support for url dependencies in the pull request checklist. This new feature is a significant one for Python users, as it can be added to a current project via the add command or by modifying the pyproject.toml file directly.  Other features in Poetry v1 beta 1 Support for publishing to PyPI using API tokens Licenses can be identified by their full name Settings can be specified with environment variables Settings no longer need to be prefixed by settings, when using the config command.  Users, in general, are quite happy with the Poetry dependency management tool for Python, as can be seen in the user reactions below from Hacker News.  A comment on Hacker News reads, “I like how transparent poetry is about what's happening when you run it, and how well presented that information is. I've come to loathe pipenv's progress bar. Running it in verbose mode isn't much better. I can't be too mad at pipenv, but all in all poetry is a better experience.” Another user says, “Poetry is very good. I think projects should use it. I hope the rest of the ecosystem can catch up quickly. Tox and pip and and pex need full support for PEP 517/518.” Another user comments, “When you run poetry, it activates the virtualenv before it runs whatever you wanted. So `poetry add` (it's version of pip install) doesn't require you to have the virtualenv active. It will activate it, run the install, and update your dependency specifications in pyproject.toml.  You can also do `poetry run` and it will activate the virtualenv before it runs whatever shell command comes after. Or you can do `poetry shell` to run a shell inside the virtualenv. I like the seamless integration, personally.” Łukasz Langa at PyLondinium19: “If Python stays synonymous with CPython for too long, we’ll be in big trouble” PyTorch 1.2 is here with a new TorchScript API, expanded ONNX export, and more NumPy 1.17.0 is here, officially drops Python 2.7 support pushing forward Python 3 adoption

The Bazel team announced the release of Bazel 1.0, last week. The team calls this version a “stability milestone” as it tries to address the stability concerns associated with Bazel by switching to semantic versioning. Along with this change, Bazel 1.0 features new genrule support, C++ and Java-related improvements, gRPC connections with default TLS enabled, and more. Bazel is the open-source version of the Blaze tool that Google uses internally. It is a polyglot build system that enables you to automate software building and testing. It provides features like reproducibility via sandboxing, distributed caching, static analysis of build dependencies, uniform CLI for builds and tests, and more. Key updates in Bazel 1.0 Windows A genrule generates one or more files based on a user-defined Bash command. Starting with Bazel 1.0, genrule supports cmd_bash, cmd_ps, and cmd_bat attributes for better integration on Windows. You can now get a new generated DEF file from the def_file output group of cc_library. Execution Previously, tags were not being propagated from a Bazel’s target to the action’s execution requirements. In Bazel 1.0, this is possible with the help of the --experimental_allow_tags_propagation flag. A rule consists of a series of actions that Bazel performs on inputs to produce a set of outputs. Now all rules have a default exec_properties attribute just like the one on a platform rule. Starting with Bazel 1.0, all gRPC connections from Bazel will have TLS enabled by default. You can disable TLS by going to the grpc:// scheme in your URIs. Configurability The config_setting general rule matches an expected configuration state for the purpose of triggering configurable attributes. With Bazel 1.0 release, it can now check multiple values on "--foo=firstVal --foo=secondVal ..."-style flags. This release comes with --enable_platform_specific_config that enable flags in bazelrc according to your host platform. C++ The cc_* rules now support non-transitive defines via a local_defines attribute. This attribute returns the set of defines needed to compile a particular target. Bazel 1.0 comes with support for ThinLTO builds, the new link-time optimization (LTO) compilation type, on Linux for Clang versions 6.0 or above. You can enable ThinLTO via --features=thin_lto. Java The Java-Starlark API, java_common.create_provider is now removed. Also, the JavaInfo() legacy arguments including actions, sources, source_jars, use_ijar, java_toolchain, and host_javabase are removed. Starting with Bazel 1.0, maven_jar and maven_server do not permit the use of plain HTTP URLs without a specified checksum. If you are using maven_jar it recommends switching to rules_jvm_external for transitive dependency management. The team has also advised that developers check the compatibility of their codebase by running bazelisk --migrate or by building their code with Bazel 0.29.1 and a list of flags before they upgrade to Bazel 1.0. These were some of the updates in Bazel 1.0. Check out the official announcement to know what else has shipped in this release. Rust 1.38 releases with pipelined compilation for better parallelism while building a multi-crate project Pivotal open sources kpack, a Kubernetes-native image build service Mozilla releases WebThings Gateway 0.9 experimental builds targeting Turris Omnia and Raspberry Pi 4 Introducing Weld, a runtime written in Rust and LLVM for cross-library optimizations LLVM 9 releases with official RISC-V target support, asm goto, Clang 9, and more

Racket programming language has a new version update, Racket 7.0. Users might not see huge differences between the previous version of Racket, v6.12 released in January 2018. However, v7.0 differs in the internals significantly. Racket or Racket lang is a multi-paradigm programming language--with an emphasis on functional programming--in the Lisp-Scheme family. Though not a popular one, Racket is considered as one of the easiest programming language. Languages such as Python, C#, Assembly, and so on are often talked about in the easy-categories; however, Racket lang is also a great choice as a starter language. What’s new in Racket 7.0? Updated Runtime This version includes a substantial change in its current runtime system and supports multiple runtime systems. New macro expander Version 7.0 replaces about ⅛ of the core v6.12 implementation with a new macro expander that bootstraps itself. The expander turns out to be about 40% of the new code needed to replace Racket’s core with Chez Scheme. Most of the other 60% is also implemented, but it is not included in this release. However, Racket-on-Chez will be ready for production use later in the v7.x series. Updates to DrRacket, the programming environment for Racket DrRacket’s “Create Executable” option for the teaching language (Beginner Student, etc.) uses --embed-dlls to create single-file, standalone ".exe"s on Windows. Improved supports within TypedRacket TypedRacket is Racket’s gradually-typed sister language which allows the incremental addition of statically-checked type annotations. TypedRacket’s support for prefab structs is significantly improved. This supports using prefab structs more polymorphically and fixes significant bugs in the current implementation. Programs which currently use predicates for prefab structs on unknown data may need to be revised since previous versions of Typed Racket allowed potentially buggy programs to type check. Check out Typed Racket RFC 1 and prefab Changes doc for more details on this change and on how to fix programs affected by it. Typed Racket also supports #:rest-star in the ->* type constructor, which allows function types to specify rest arguments with more complex patterns of types, such as the hash function. Other features in the Racket 7.0 include: The syntax (#') form supports new template subforms: ~@ for splicing and ~? for choosing between subtemplates based on whether pattern variables have “absent” value (from an ~optional pattern in syntax-parse, for example). The syntax/parse/experimental/templatelibrary, where these features originated, re-exports the new forms under old names for compatibility. On Windows, an --embed-dlls flag for raco exe creates a truly standalone, single-file ".exe" that embeds Racket’s DLLs. Interactive overlays can be added to plots produced by plot-snip. This allows constructing interactive plots or displaying additional information when the mouse hovers over the plot area. Examples of how to use this feature can be found on Alex Harsanyi’s blog racket/plot provides procedures for displaying candlestick charts for use in financial time series analysis. Added contract-equivalent?, a way to check whether two contracts are mutually stronger than each other without the exponential slowdown that two calls to contract-stronger? brings. Lazy Racket supports functions with keyword arguments. Read more about Racket 7.0 on the Racket official blog. What is the difference between functional and object-oriented programming? Putting the Function in Functional Programming Elixir Basics – Foundational Steps toward Functional Programming

Qt 5.11 has been released ahead of the planned schedule. Qt is one of the most popular cross-platform software development framework for embedded and desktop applications. It holds a variety of new features and bug fixes. Qt for Web assembly and Python Qt for Web assembly version 1 has been released to allow users to target the web and browsers as a platform for Qt applications. In addition, Qt is actively working on supporting Qt on Python and the first release is planned for June. Qt Core and Network Both the Qt Core and item model have received a couple of updates. Most importantly, Qt Core now has Unicode support. So, QChar, QString, QTextBoundaryFinder and Qt algorithm for bidirectional text are now fully compatible with Unicode 10. In the Qt network, ALPN and HTTP/2 are now supported on iOS. Qt GUI and Widgets Accessibility support on Windows is now based on Microsoft UI automation. Widget styles on Windows are also updated to better support High-DPI displays. Qt widgets have received support for quick text selection by mouse in QLineEdit, along with a number of bug-fixes. The print dialog on Linux now also features much better support for all the CUPS provided options. Qt QML Engine The Qt QML compiler pipeline is completely re-written with major improvements in performance and maintainability. This pipeline always compiles QML to a platform-independent bytecode. You can also generate the bytecode ahead of time, using the qmlcompiler feature. The new bytecode interpreter has vastly improved and reaches 80-90% of the performance of the JIT in Qt 5.10. Qt Quick Qt Quick, now supports loading compressed textures in the image element. As this feature stores images in a format that is directly digestible by the GPU, it reduces application startup time and memory consumption. Qt Quick also supports both .ktx and .pkm container file formats. Qt Location Qt Location now includes experimental support for turn-by-turn navigation. It also has an experimental API to create map objects that are not bound to QQuickItems. In MapPolyline objects,  layers are now working in combination with Map items. Routing and Places API are extensible and there is a newly added element, known as WayPoint. Qt 3D and Qt 3D Studio Qt 3D Studio 2.0 is currently in beta and the complete release will soon be available with a fully rewritten runtime, that’ll be based on top of Qt 3D. With this work, Qt 3D has also received numerous new features, performance improvements, and bug fixes. Qt Webengine The Chromium version underneath Qt Webengine has been updated to Chromium 65. In addition, Qt now supports embedded DevTools without requiring the use of a separate browser, an installable cookie filter and quota permissions. Other items qdoc now uses libclang to parse C++ giving a much better support for modern C++ in the documentation. Qt Serialbus and Bluetooth have now improved support for CAN bus and BTLE. To read the complete coverage, visit the release notes page. Qt 5.11 free version will be supported for one year. For longer support periods, developers should prefer Qt 5.9 which will be supported until June 2020.  An extended lifetime support can be purchased from the Qt Company if required. The next release, Qt 5.12 is planned for November and will be a long-term supported release. How to create multithreaded applications in Qt How to Debug an application using Qt Creator 3 ways to deploy a QT and OpenCV application

Yesterday Facebook released a new JavaScript engine called Hermes under an open source MIT license. According to Facebook, this new engine will speed up start times for native Android apps built with React Native framework. https://twitter.com/reactnative/status/1149347916877901824 Facebook software engineer Marc Horowitz unveiled Hermes at the Chain React 2019 conference held yesterday in Portland, Oregon. Hermes is a new tool for developers to primarily improve app startup performance in the same way Facebook does for its apps, and to make apps more efficient on low-end smartphones. The supposed advantage of Hermes is that developers can target all three mobile platforms with a single code base; but as with any cross-platform framework, there are trade offs in terms of performance, security and flexibility. Hermes is available on GitHub for all developers to use. It has also got its own Twitter account and home page. In a demo, Horowitz showed that a React Native app with Hermes was fully loaded within half the time the same app without Hermes loaded, or about two seconds faster. Check out the video below: Horowitz emphasized on the fact that Hermes cuts the APK size (the size of the app file) to half the 41MB of a stock React Native app, and removes a quarter of the app's memory usage. In other words, with Hermes developers can get users interacting with an app faster with fewer obstacles like slow download times and constraints caused by multiple apps sharing in a limited memory resources, especially on lower-end phones. And these are exactly the phones Facebook is aiming at with Hermes, compared to the fancy high-end phones that well-paid developers typically use themselves. "As developers we tend to carry the latest flagship devices. Most users around the world don't," he said. "Commonly used Android devices have less memory and less storage than the newest phones and much less than a desktop. This is especially true outside of the United States. Mobile flash is also relatively slow, leading to high I/O latency." It's not every day a new JavaScript engine is born, but while there are plenty such engines available for browsers, like Google's V8, Mozilla's SpiderMonkey, Microsoft's Chakra, Horowitz notes Hermes is not aimed at browsers or, for example, how Node.js on the server side. "We're not trying to compete in the browser space or the server space. Hermes could in theory be for those kinds of use cases, that's never been our goal." The Register reports that Facebook has no plan to push Hermes' beyond React Native to Node.js or to turn it into the foundation of a Facebook-branded browser. This is because it's optimized for mobile apps and wouldn't offer advantages over other engines in other usage scenarios. Hermes tries to be efficient through bytecode precompilation – rather than loading JavaScript and then parsing it. Hermes employs ahead-of-time (AOT) compilation during the mobile app build process to allow for more extensive bytecode optimization. Along similar lines, the Fuchsia Dart compiler for iOS is an AOT compiler. There are other ways to squeeze more performance out of JavaScript. The V8 engine, for example, offers a capability called custom snapshots. However, this is a bit more technically demanding than using Hermes. Hermes also abandons the just in time (JIT) compiler used by other JavaScript engines to compile frequently interpreted code into machine code. In the context of React Native, the JIT doesn't do that much to ease mobile app workloads. The reason Hermes exists, as per Facebook, is to make React Native better. "Hermes allows for more optimization on mobile since developers control the build stack," said a Facebook spokesperson in an email to The Register. "For example, we implemented bytecode precompilation to improve performance and developed more efficient garbage collection to reduce memory usage." In a discussion on Hacker News, Microsoft developer Andrew Coates claims that internal testing of Hermes and React Native in conjunction with Microsoft Office for Android shows TTI using Hermes at 1.1s, compared to 1.4s for V8, and with 21.5MB runtime memory impact, compared to 30MB with V8. Hermes is mostly compatible with ES6 JavaScript. To keep the engine small, support for some language features is missing, like with statements and local mode eval(). Facebook’s spokesperson also said to The Register that they are planning to publish benchmark figures in the next week to support its performance claims. Declarative UI programming faceoff: Apple’s SwiftUI vs Google’s Flutter OpenID Foundation questions Apple’s Sign In feature, says it has security and privacy risks Material-UI v4 releases with CSS specificity, Classes boilerplate, migration to Typescript and more

Yesterday Elm 0.19.1 was released with a new improvements to the compiler that now display syntactical errors in a new fashion that pointing users to their mistakes as well as suggesting them additional resources.  The goal of 0.19.1 is to clean up the rough edges such that we have a really solid foundation for newcomers, professionals, scientists. Evan Czaplicki, the creator of these improved error messages explains in a blog post, “the new error messages points to the spot where it got stuck, but more importantly, it tries to help by (1) giving examples and (2) linking to a page that explains how imports work. It tries to help you learn!” For example, if you miss out on including a curly braces in your JavaScript code, the error message shows up at the very end of the file. Now with the improved Elm compiler, the error message will point out the error where it occurred while also suggesting a viable fix. Source: Elm’s blog Czaplicki hopes that this project can eliminate the survivorship bias present in the programming ecosystem, which he believes is also one of the reasons why it took so long for Elm to prioritize this project. “I hope this work on syntax error messages will help make Elm more friendly and accessible, and I hope it will help make space for other language designers to prioritize this kind of project!”, he adds. Other improvements in Elm 0.19.1 Faster compilation, especially for incremental compiles Uses filelocks so that cached files are not corrupted when plugins run elm make multiple times on the same project at the same time. More intuitive multiline declarations in REPL Various bug fixes (e.g. --debug, x /= 0, type Height = Height Float in --optimize) Developers on Twitter appreciated Elm’s focus on errors. https://twitter.com/vronnie911/status/1186377031015157762 https://twitter.com/domenkozar/status/1163795173022806016 Read more about improved error messages in Elm 0.19.1 on this blog post. What to expect from D programming language in the near future OpenBSD 6.6 comes with GCC disabled in base for ARMv7 and i386, SMP improvements and more. Swift shares diagnostic architecture improvements that will be part of the Swift 5.2 release.