Stack Overflow has launched an API that will require all AI models trained on its coding question-and-answer content to attribute sources linking back to its posts. And it will cost money to use the site's content. From a report: "All products based on models that consume public Stack Overflow data are required to provide attribution back to the highest relevance posts that influenced the summary given by the model," it confirmed in a statement. The Overflow API is designed to act as a knowledge database to help developers build more accurate and helpful code-generation models. Google announced it was using the service to access relevant information from Stack Overflow via the API and integrate the data with its latest Gemini models, and for its cloud storage console.

Apple is reversing its previous decision to remove support for Home Screen web apps in iOS 17.4 for EU users. Apple's statement: Previously, Apple announced plans to remove the Home Screen web apps capability in the EU as part of our efforts to comply with the DMA. The need to remove the capability was informed by the complex security and privacy concerns associated with web apps to support alternative browser engines that would require building a new integration architecture that does not currently exist in iOS.

We have received requests to continue to offer support for Home Screen web apps in iOS, therefore we will continue to offer the existing Home Screen web apps capability in the EU. This support means Home Screen web apps continue to be built directly on WebKit and its security architecture, and align with the security and privacy model for native apps on iOS.

Developers and users who may have been impacted by the removal of Home Screen web apps in the beta release of iOS in the EU can expect the return of the existing functionality for Home Screen web apps with the availability of iOS 17.4 in early March.

Angie Byron, a long-time member of the Drupal community, offers guidance on avoiding common mistakes and general good-practices for those new to contributing to open-source projects: [...] You might not know it yet, but as a newcomer to an open source project, you have this AMAZING superpower: you are often-times the only one in that whole project capable of reading the documentation through new eyes. Because I can guarantee, the people who wrote that documentation are not new. :-)

So take time to read the docs and file issues (or better yet, pull requests) for anything that was unclear. This lets you get a "feel" for contributing in a project/community without needing to go way down the deep end of learning coding standards and unit tests and commit signing and whatever other bananas things they're about to make you do. :) Also, people are more likely to take time to help you, if you've helped them first!

Jacob Kaplan-Moss, one of the lead developers of Django, writes in a long post that he says has come from a place of frustration: [...] Instead, every time a maintainer finds a way to get paid, people show up to criticize and complain. Non-OSI licenses "don"t count" as open source. Someone employed by Microsoft is "beholden to corporate interests" and not to be trusted. Patreon is "asking for handouts." Raising money through GitHub sponsors is "supporting Microsoft's rent-seeking." VC funding means we're being set up for a "rug pull" or "enshitification." Open Core is "bait and switch."

None of this is hypothetical; each of these examples are actual things I've seen said about maintainers who take money for their work. One maintainer even told me he got criticized for selling t-shirts! Look. There are absolutely problems with every tactic we have to support maintainers. It's true that VC investment comes with strings attached that often lead to problems down the line. It sucks that Patreon or GitHub (and Stripe) take a cut of sponsor money. The additional restrictions imposed by PolyForm or the BSL really do go against the Freedom 0 ideal. I myself am often frustrated by discovering that some key feature I want out of an open core tool is only available to paid licensees.

But you can criticize these systems while still supporting and celebrating the maintainers! Yell at A16Z all you like, I don't care. (Neither do they.) But yelling at a maintainer because they took money from a VC is directing that anger in the wrong direction. The structural and societal problems that make all these different funding models problematic aren't the fault of the people trying to make a living doing open source. It's like yelling at someone for shopping at Dollar General when it's the only store they have access to. Dollar General's predatory business model absolutely sucks, as do the governmental policies that lead to food deserts, but none of that is on the shoulders of the person who needs milk and doesn't have alternatives.

Tontoman shares a report: The White House Office of the National Cyber Director (ONCD) urged tech companies to switch to memory-safe programming languages, such as Rust, to improve software security by reducing the number of memory safety vulnerabilities. Such vulnerabilities are coding errors or weaknesses within software that can lead to memory management issues when memory can be accessed, written, allocated, or deallocated. They occur when software accesses memory in unintended or unsafe ways, resulting in various security risks and issues like buffer overflow, use after free, use of uninitialized memory, and double free that attackers can exploit.

Successful exploitation carries severe risks, potentially enabling threat actors to gain unauthorized access to data or execute malicious code with the privileges of the system owner. "For over 35 years, this same class of vulnerability has vexed the digital ecosystem. The challenge of eliminating entire classes of software vulnerabilities is an urgent and complex problem. Looking forward, new approaches must be taken to mitigate this risk," ONCD's report says. "The highest leverage method to reduce memory safety vulnerabilities is to secure one of the building blocks of cyberspace: the programming language. Using memory safe programming languages can eliminate most memory safety errors."

Apple could soon face an investigation over its decision to discontinue iPhone web apps in the European Union, according to a report from the Financial Times. The Verge: The European Commission has reportedly sent Apple and app developers requests for more information to assist in its evaluation. "We are indeed looking at the compliance packages of all gatekeepers, including Apple," the European Commission said in a statement to the Financial Times. "In that context, we're in particular looking into the issue of progressive web apps, and can confirm sending the requests for information to Apple and to app developers, who can provide useful information for our assessment."

theodp writes: Asked at the recent World Government Summit in Dubai what people should focus on when it comes to education, what should they learn, and how they should educate their kids and their societies, Nvidia CEO Jensen Huang made a counterintuitive break from tech CEOs advising youngsters to learn how to code. Huang argued that, even at this early stage of the AI revolution, programming is no longer a vital skill. With coding taken care of by AI, Huang suggested humans can instead focus on more valuable expertise like biology, education, manufacturing, or farming

From the video: "You probably recall over the course of the last 10 years, 15 years, almost everybody who sits on a stage like this would tell you it is vital that your children learn computer science, everybody should learn how to program, and in fact it's almost exactly the opposite. It is our job to create computing technology such that nobody has to program and that the programming language, it's human, everybody in the world is now a programmer. This is the miracle, this is the miracle of artificial intelligence. For the very first time, we have closed the gap, the technology divide has been completely closed and it's the reason why so many people can engage artificial intelligence. It is the reason why every single government, every single industrial conference, every single company is talking about artificial intelligence today. Because for the very first time you can imagine everybody in your company being a technologist.

"And so, this is a tremendous time for all of you to realize that the technology divide has been closed. Or another way to say it, the technology leadership of other countries has now been reset. The countries, the people that understand how to solve a domain problem in digital biology, or in education of young people, or in manufacturing or in farming, those people who understand domain expertise now can utilize technology that is readily available to you. You now have a computer that will do what you tell it to do to help automate your work, to amplify your productivity, to make you more efficient. And so, I think that this is just a tremendous time. The impact of course is great and your imperative to activate and take advantage of the technology is absolutely immediate. And also to realize that to engage AI is a lot easier now than at any time in the history of computing. It is vital that we upskill everyone and the upskilling process, I believe, will be delightful, surprising, to realize that this computer can perform all these things that you're instructing it to do and doing it so easily."

Huang's words come as tech-backed nonprofit Code.org-- which is lobbying to make CS a high school graduation requirement in all 50 states -- hedges its bets by also including AI usage as part of its mission through its new TeachAI initiative (trademark pending). Interestingly, conspicuous by its absence from the Who's Who of tech giants on the advisory committee for the Code.org staffed-and-operated TeachAI is Nvidia (Nvidia is also missing from the list of Code.org donors). So, is it time to revisit the question of Is AI an Excuse for Not Learning To Code?

Julia 1.0 was released in 2018 — after a six-year wait.

And there's now another update. LWN.net gets you up to speed, calling Julia "a general-purpose, open-source programming language with a focus on high-performance scientific computing." Some of Julia's unusual features:

- Lisp-inspired metaprogramming
- The ability to examine compiled representations of code in the REPL or in a "reactive notebook"
- An advanced type and dispatch system
- A sophisticated, built-in package manager.

Version 1.10 brings big increases in speed and developer convenience, especially improvements in code precompilation and loading times. It also features a new parser written in Julia... [I]t is faster, it produces more useful syntax-error messages, and it provides better source-code mapping, which associates locations in compiled code to their corresponding lines in the source. That last improvement also leads to better error messages and makes it possible to write more sophisticated debuggers and linters...

Between the improvements in precompilation and loading times, and the progress in making small binaries, two major and perennial complaints, of beginners and seasoned Julia users alike, have been addressed... StaticCompiler and related WebAssembly tools will make it easier to write web applications in Julia for direct execution in the browser; it is already possible, but may become more convenient over the next few years.
Thanks for sharing the article to long-time Slashdot reader lee1 — who also wrote No Starch Press's Practical Julia: A Hands-On Introduction for Scientific Minds .

lee1 also reminds us that Gnuplot 6.0 was released in December: lee1 writes: This article surveys the new features, including filled contours in 3D, adaptive plotting resolution, watchpoints, clipping of surfaces, pie charts, and new syntax for conditionals.

Stack Overflow's blog reports on a new programming language called Mariposa.

They call it a "toy" programming language, "created as a way to play around with a novel or odd feature, like variable assignment outside of the normal order of execution — more colloquially, time travel." Computer science has long sought to reason about time in electronic systems, thanks to a consistent interest in concurrency and real-time messaging... Mariposa allows you to manipulate the order of execution by assigning an instant to a variable, then setting the context of that instance. Here's a basic example, taken from the Mariposa readme:

x = 1
t = now()
print(x)
at t:
x = 2

According to the normal order of operations, this code should print "1". But because t is assigned to the instance in the second line, any modifications specified within an at t: block are applied immediately, and this code prints "2"...

While Mariposa caught a fair amount of attention recently, it's not the first implementation of time travel in programming. There is a Haskell package appropriately called tardis, which creates two state transformers: one travels forward in time and one backward. As the docs explain, "The most concise way to explain it is this: getPast retrieves the value from the latest sendFuture, while getFuture retrieves the value from the next sendPast." One function's past is another one's future.
The article explores "the history and future of other programming paradigms" applying logic to time, including interval temporal logic systems as well as "modeling, analysis, and verification languages/tools that allow temporal and state modeling without requiring temporal logic understanding."

Ashley Belanger reports via Ars Technica: Canada-based University of Waterloo is racing to remove M&M-branded smart vending machines from campus after outraged students discovered the machines were covertly collecting facial-recognition data without their consent. The scandal started when a student using the alias SquidKid47 posted an image on Reddit showing a campus vending machine error message, "Invenda.Vending.FacialRecognitionApp.exe," displayed after the machine failed to launch a facial recognition application that nobody expected to be part of the process of using a vending machine. "Hey, so why do the stupid M&M machines have facial recognition?" SquidKid47 pondered. The Reddit post sparked an investigation from a fourth-year student named River Stanley, who was writing for a university publication called MathNEWS. [...]

MathNEWS' investigation tracked down responses from companies responsible for smart vending machines on the University of Waterloo's campus. Adaria Vending Services told MathNEWS that "what's most important to understand is that the machines do not take or store any photos or images, and an individual person cannot be identified using the technology in the machines. The technology acts as a motion sensor that detects faces, so the machine knows when to activate the purchasing interface -- never taking or storing images of customers." According to Adaria and Invenda, students shouldn't worry about data privacy because the vending machines are "fully compliant" with the world's toughest data privacy law, the European Union's General Data Protection Regulation (GDPR). "These machines are fully GDPR compliant and are in use in many facilities across North America," Adaria's statement said. "At the University of Waterloo, Adaria manages last mile fulfillment services -- we handle restocking and logistics for the snack vending machines. Adaria does not collect any data about its users and does not have any access to identify users of these M&M vending machines." [...]

But University of Waterloo students like Stanley now question Invenda's "commitment to transparency" in North American markets, especially since the company is seemingly openly violating Canadian privacy law, Stanley told CTV News. On Reddit, while some students joked that SquidKid47's face "crashed" the machine, others asked if "any pre-law students wanna start up a class-action lawsuit?" One commenter summed up students' frustration by typing in all caps, "I HATE THESE MACHINES! I HATE THESE MACHINES! I HATE THESE MACHINES!"

Tech companies are famous for coddling their workers, but after mass layoffs the industry's culture has shifted. Engineers say that getting hired can require days of work on unpaid assignments. From a report: Nearly a dozen engineers, hiring managers, and entrepreneurs who spoke with WIRED describe an environment in which technical job applicants are being put through the wringer. Take-home coding tests used to be rare, deployed only if an employer needed to be further convinced. Now interviewees are regularly given projects described as requiring just two to three hours that instead take days of work.

Live-coding exercises are also more intense, industry insiders say. One job seeker described an experience where an engineering manager said during an interview, "OK, we're going to build a To Do List app right now," a process that might normally take weeks.

Emails reviewed by WIRED showed that in one interview for an engineering role at Netflix, a technical recruiter requested that a job candidate submit a three-page project evaluation within 48 hours -- all before the first round of interviews. A Netflix spokesperson said the process is different for each role and otherwise declined to comment. A similar email at Snap outlined a six-part interview process for a potential engineering candidate, with each part lasting an hour. A company spokesperson says its interview process hasn't changed as a result of labor market changes.

Jennifer Ouellette reports via Ars Technica: Famed naturalist Charles Darwin amassed an impressive personal library over the course of his life, much of which was preserved and cataloged upon his death in 1882. But many other items were lost, including more ephemeral items like unbound volumes, pamphlets, journals, clippings, and so forth, often only vaguely referenced in Darwin's own records. For the last 18 years, the Darwin Online project has painstakingly scoured all manner of archival records to reassemble a complete catalog of Darwin's personal library virtually. The project released its complete 300-page online catalog -- consisting of 7,400 titles across 13,000 volumes, with links to electronic copies of the works -- to mark Darwin's 215th birthday on February 12.

"This unprecedentedly detailed view of Darwin's complete library allows one to appreciate more than ever that he was not an isolated figure working alone but an expert of his time building on the sophisticated science and studies and other knowledge of thousands of people," project leader John van Wyhe of the National University of Singapore said. "Indeed, the size and range of works in the library makes manifest the extraordinary extent of Darwin's research into the work of others."

An anonymous reader shared this post from Phoronix: With Linux 6.8 the kernel's Rust code was brought up to Rust 1.75 while new patches posted this weekend port the code over to Rust 1.76 and then the upcoming Rust 1.77...

With Rust 1.77 they have now stabilized the single-field "offset_of" feature used by the kernel's Rust code. Rust 1.77 also adds a "--check-cfg" option that the Rust kernel code will likely transition to in the future. This follows the Rust for Linux policy of tracking the upstream Rust version upgrades until there is a minimum version that can be declared where all used features are considered stable.

This week the non-profit Rust Foundation announced the release of a report on what their Security Initiative accomplished in the last six months of 2023. "There is already so much to show for this initiative," says the foundation's executive director, "from several new open source security projects to several completed and publicly available security threat models."

From the executive summary: When the user base of any programming language grows, it becomes more attractive to malicious actors. As any programming language ecosystem expands with more libraries, packages, and frameworks, the surface area for attacks increases. Rust is no different. As the steward of the Rust programming language, the Rust Foundation has a responsibility to provide a range of resources to the growing Rust community. This responsibility means we must work with the Rust Project to help empower contributors to participate in a secure and scalable manner, eliminate security burdens for Rust maintainers, and educate the public about security within the Rust ecosystem...

Recent Achievements of the Security Initiative Include:

- Completing and releasing Rust Infrastructure and Crates Ecosystem threat models

- Further developing Rust Foundation open source security project Painter [for building a graph database of dependencies/invocations between crates] and releasing new security project, Typomania [a toolbox to check for typosquatting in package registries].

- Utilizing new tools and best practices to identify and address malicious crates.

- Helping reduce technical debt within the Rust Project, producing/contributing to security-focused documentation, and elevating security priorities for discussion within the Rust Project.

... and more!

Over the Coming Months, Security Initiative Engineers Will Primarily Focus On:

- Completing all four Rust security threat models and taking action to address encompassed threats

- Standing up additional infrastructure to support redundancy, backups, and mirroring of critical Rust assets

- Collaborating with the Rust Project on the design and potential implementation of signing and PKI solutions for crates.io to achieve security parity with other popular ecosystems

- Continuing to create and further develop tools to support Rust ecosystem, including the crates.io admin functionality, Painter, Typomania, and Sandpit

The Tiobe index tries to gauge the popularity of programming languages based on search results for courses, programmers, and third-party vendors, according to InfoWorld.

And by that criteria, "Google's Go language, or golang, has reached its highest position ever..." The language, now in the eighth ranked position for language popularity, has been on the rise for several years.... In 2015, Go hit position #122 in the TIOBE index and all seemed lost," said Paul Jansen, CEO of Tiobe. "One year later, Go adopted a very strict 'half-a-year' release cycle — backed up by Google. Every new release, Go improved... Nowadays, Go is used in many software fields such as back-end programming, web services and APIs," added Jansen...

Elsewhere in the February release of Tiobe's index, Google's Carbon language, positioned as a successor to C++, reached the top 100 for the first time. Python is #1 on both TIOBE's index and the alternative Pypl Popularity of Programming Language index, which InfoWorld says "assesses language popularity based on how often language tutorials are searched on in Google." But the two lists differ on whether Java and JavaScript are more popular than C-derived languages — and which languages should then come after them. (Go ranks #12 on the Pypl index...)

TIOBE's calculation of the 10 most-popular programming languages:

1. Python
2. C
3. C++
4. Java
5. C#
6. JavaScript
7. SQL
8. Go
9. Visual Basic
10. PHP

Pypl's calculation of the 10 most-popular programming languages:

1. Python
2. Java
3. JavaScript
4. C/C++
5. C#
6. R
7. PHP
8. TypeScript
9. Swift
10. Objective-C