Google has cut code migration time in half by deploying AI tools to assist with large-scale software updates, according to a new research paper from the company's engineers. The tech giant used large language models to help convert 32-bit IDs to 64-bit across its 500-million-line codebase, upgrade testing libraries, and replace time-handling frameworks. While 80% of code changes were AI-generated, human engineers still needed to verify and sometimes correct the AI's output. In one project, the system helped migrate 5,359 files and modify 149,000 lines of code in three months.

Replit, an AI coding startup platform, has made a dramatic pivot away from professional programmers in a fundamental shift in how software may be created in the future. "We don't care about professional coders anymore," CEO Amjad Masad told Semafor, as the company refocuses on helping non-developers build software using AI.

The strategic shift follows the September launch of Replit's "Agent" tool, which can create working applications from simple text commands. The tool, powered by Anthropic's Claude 3.5 Sonnet AI model, has driven a five-fold revenue increase in six months. The move marks a significant departure for Replit, which built its business providing online coding tools for software developers. The company is now betting that AI will make traditional programming skills less crucial, allowing non-technical users to create software through natural language instructions.

European Union regulators are investigating Apple's revised app store fees amid concerns they may increase costs for developers, according to Bloomberg News.

The European Commission sent questionnaires to developers in December focusing on Apple's new "core technology fee" of $0.51 per app installation, part of its compliance with EU's Digital Markets Act. Under Apple's revised structure, developers can maintain existing terms with commissions up to 30% on app sales, or choose a new model with lower commission rates but additional charges.

"Oracle has informed us they won't voluntarily withdraw their trademark on 'JavaScript'." That's the word coming from the company behind Deno, the alternative JavaScript/TypeScript/WebAssembly runtime, which is pursuing a formal cancellation with the U.S. Patent and Trademark Office.

So what happens next? Oracle "will file their Answer, and we'll start discovery to show how 'JavaScript' is widely recognized as a generic term and not controlled by Oracle." Deno's social media posts show a schedule of various court dates that extend through July of 2026, so "The dispute between Oracle and Deno Land could go on for quite a while," reports InfoWorld: Deno Land co-founder Ryan Dahl, creator of both the Deno and Node.js runtimes, said a formal answer from Oracle is expected before February 3, unless Oracle extends the deadline again. "After that, we will begin the process of discovery, which is where the real legal work begins. It will be interesting to see how Oracle argues against our claims — genericide, fraud on the USPTO, and non-use of the mark."

The legal process begins with a discovery conference by March 5, with discovery closing by September 1, followed by pretrial disclosure from October 16 to December 15. An optional request for an oral hearing is due by July 8, 2026.
Oracle took ownership of JavaScript's trademark in 2009 when it purchased Sun Microsystems, InfoWorld notes.

But "Oracle does not control (and has never controlled) any aspect of the specification or how the phrase 'JavaScript' can be used by others," argues an official petition filed by Deno Land Inc. with the United States Patent and Trademark Office: Today, millions of companies, universities, academics, and programmers, including Petitioner, use "JavaScript" daily without any involvement with Oracle. The phrase "JavaScript" does not belong to one corporation. It belongs to the public. JavaScript is the generic name for one of the bedrock languages of modern programming, and, therefore, the Registered Mark must be canceled.

An open letter to Oracle discussing the genericness of the phrase "JavaScript," published at https://javascript.tm/, was signed by 14,000+ individuals at the time of this Petition to Cancel, including notable figures such as Brendan Eich, the creator of JavaScript, and the current editors of the JavaScript specification, Michael Ficarra and Shu-yu Guo. There is broad industry and public consensus that the term "JavaScript" is generic.
The seven-page petition goes into great detail, reports InfoWorld. "Deno Land also accused Oracle of committing fraud in its trademark renewal efforts in 2019 by submitting screen captures of the website of JavaScript runtime Node.js, even though Node.js was not affiliated with Oracle."

Slashdot reader rzack writes: Since 1999, I've written a huge amount of PHP code, for dozens of applications and websites. Most of it has been continually updated, and remains active and in-production, in one form or another.

Here's the thing. It's all hand-written using vi, even to this day.

Is there any benefit to migrating this codebase to a more modern PHP framework, like Laravel? And is there an easy and minimally intrusive way this can be done en-masse, across dozens of applications and websites?

Or at this point should I just stick with vi?
Share your thoughts and suggestions in the comments.

What's the best way to transfer legacy PHP code to a modern framework?

An anonymous reader quotes a report from The Register: A leading education software maker has admitted its IT environment was compromised in a cyberattack, with students and teachers' personal data -- including some Social Security Numbers and medical info -- stolen. PowerSchool says its cloud-based student information system is used by 18,000 customers around the globe, including the US and Canada, to handle grading, attendance records, and personal information of more than 60 million K-12 students and teachers. On December 28 someone managed to get into its systems and access their contents "using a compromised credential," the California-based biz told its clients in an email seen by Register this week.

[...] "We believe the unauthorized actor extracted two tables within the student information system database," a spokesperson told us. "These tables primarily include contact information with data elements such as name and address information for families and educators. "For a certain subset of the customers, these tables may also include Social Security Number, other personally identifiable information, and limited medical and grade information. "Not all PowerSchool student information system customers were impacted, and we anticipate that only a subset of impacted customers will have notification obligations." While the company has tightened security measures and offered identity protection services to affected individuals, cybersecurity firm Cyble suggests the intrusion "may have been more serious and gone on much longer than has been publicly acknowledged so far," reports The Register. The cybersecurity vendor says the intrusion could have occurred as far back as June 16, 2011, with it ending on January 2 of this year.

"Critical systems and applications such as Oracle Netsuite ERP, HR software UltiPro, Zoom, Slack, Jira, GitLab, and sensitive credentials for platforms like Microsoft login, LogMeIn, Windows AD Azure, and BeyondTrust" may have been compromised, too.

Developer Q&A platform StackOverflow appears to be facing an existential crisis as volume of new questions on the site has plunged 75% from the 2017 peak and 60% year-on-year in December 2024, according to StackExchange Data Explorer figures.

The decline accelerated after ChatGPT's launch in November 2022, with questions falling 76% since then. Despite banning AI-generated answers two years ago, StackOverflow has embraced AI partnerships, striking deals with Google, OpenAI and GitHub.

An anonymous reader quotes a report from The Guardian: People who get their coffee hit in the morning reap benefits that are not seen in those who have shots later in the day, according to the first major study into the health benefits of the drink at different times. Analysis of the coffee consumption of more than 40,000 adults found that morning coffee drinkers were 16% less likely to die of any cause and 31% less likely to die from cardiovascular disease during a 10-year follow-up period than those who went without. But the benefits to heart health appeared to vanish in people who drank coffee throughout the day, the researchers found, with medical records showing no significant reduction in mortality for all-day drinkers compared with those who avoided coffee. [...]

The study suggests that a morning dose of coffee is better for the heart than an evening one, but it does not explain why. One possible explanation is that drinking coffee later in the day can disrupt circadian rhythms and levels of hormones such as melatonin. This in turn affects sleep, inflammation and blood pressure, all of which can harm heart health. In an accompanying editorial, Prof Thomas Luscher, a consultant cardiologist at the Royal Brompton and Harefield hospitals in London, notes that many all-day drinkers sleep poorly, adding that coffee seems to suppress melatonin, a hormone that is important for inducing sleep in the brain. The effects are driven largely by caffeine, but coffee contains hundreds of other bioactive compounds that affect our physiology. The researchers say some substances in the blood that drive inflammation often peak in the morning and could be countered by anti-inflammatory compounds in a morning coffee. "This explanation applies to both caffeinated and decaffeinated coffee," they write. "Overall, we must accept the now substantial evidence that coffee drinking, particularly in the morning hours, is likely to be healthy," Luscher writes. "Thus, drink your coffee, but do so in the morning!"

The study has been published in the European Heart Journal.

Long-time Slashdot reader theodp writes: In an Op-ed for The Huntington News, fourth year Northeastern University CS student Derek Kaplan argues that real pedagogical merit is what should count when deciding which language to use to teach CS fundamentals (aka 'Fundies'). He makes the case for Northeastern to reconsider its decision to move from Racket to Python and Java later this year in an overhaul of its first-year curriculum.

"Students will get extensive training in Python, which is currently the most requested language by co-op employers," Northeastern explains (some two decades after a Slashdot commenter made the same Hot Languages = Jobs observation in a spirited 2001 debate on Java as a CS introductory language)...

"I have often heard computer science students complain that Fundies 1 teaches Racket instead of a 'useful language' like Python," Kaplan writes. "But the point of Fundies is not to teach Racket — it is to teach program design skills that can be applied using any programming language. Racket is just the tool it uses to do so. A student who does well in Fundies will have no difficulty applying the same skills to Python or any other language. And with how fast the tech industry changes, is it really worth having a course that teaches just Python when tomorrow, some other language might dominate the industry? Our current curriculum focuses on timeless principles rather than fleeting trends."

Also expressing concerns about the selection of suitable languages for novice programming is King's College CS Prof Michael Kölling, who explains, "One of the drivers is the perceived usefulness of the language in a real-world context. Students (and their parents) often have opinions which language is 'better' to learn. In forming these opinions, the definition of 'better' can often be vague and driven by limited insight. One strong aspect commonly cited is the perceived usefulness of a language in the 'real world.' If a language is widely used in industry, it is more likely to be seen as a useful language to learn." Kölling's recommendation? "We need a new language for teaching novices at secondary school and introductory university level," Kölling concludes. "This language should be designed explicitly for teaching [...] Maintenance and adaptation of this language should be driven by pedagogical considerations, not by industry needs."

While noble in intent, one suspects Kaplan and Kölling may be on a quixotic quest in a money wins world, outgunned by the demands, resources, and influence of tech giants like Amazon — the top employer of Northeastern MSCS program grads — who pushed back against NSF advice to deemphasize Java in high school CS and dropped $15 million to have tech-backed nonprofit Code.org develop and push a new Java-based, powered-by-AWS CS curriculum into high schools with the support of a consortium of politicians, educators, and tech companies. Echoing Northeastern, an Amazon press release argued the new Java-based curriculum "best prepares students for the next step in their education and careers."

Researchers from Inria and Microsoft have developed a system to automatically convert specific types of C programming code into memory-safe Rust code, addressing growing cybersecurity concerns about memory vulnerabilities in software systems.

The technique, detailed in a new paper, requires programmers to use a restricted version of C called "Mini-C" that excludes features like pointer arithmetic. The researchers successfully tested their conversion system on two major code libraries, including the 80,000-line HACL* cryptographic library. Parts of the converted code have already been integrated into Mozilla's NSS and OpenSSH security systems, according to the researchers. Memory safety errors account for 76% of Android vulnerabilities in 2019.

Researchers have uncovered widespread manipulation of GitHub's star-rating system, with over 3.1 million fraudulent stars identified across 15,835 repositories, according to a new study by Socket, Carnegie Mellon University, and North Carolina State University.

The research team analyzed 20TB of data from GHArchive, spanning 6 billion GitHub events from 2019 to 2024, using their "StarScout" detection tool. The tool identified 278,000 accounts engaging in coordinated inauthentic behavior to artificially boost repository rankings.

GitHub uses stars, similar to social media likes, to rank projects and recommend content to users. The platform has previously encountered malicious exploitation of this system, including the "Stargazers Ghost Network" malware operation discovered last summer. Approximately 91% of flagged repositories and 62% of suspicious accounts were removed by October 2024.

After a four-year hiatus, 2025 will see the return of the International Obfuscated C Code Contest. Started in 1984 (and inspired partly by a bug in the classic Bourne shell), it's "the Internet's oldest contest," acording to their official social media account on Mastodon.

The contest enters its "pending" state today at 2024-12-29 23:58 UTC — meaning an opening date for submissions has been officially scheduled (for January 31st) as well as a closing date roughly eight weeks later on April 1st, 2025. That's according to the newly-released (proposed and tentative) rules and guidelines, listing contest goals like "show the importance of programming style, in an ironic way" and "stress C compilers with unusual code." And the contest's home page adds an additional goal: "to have fun with C!"

Excerpts from the official rules: Rule 0
Just as C starts at 0, so the IOCCC starts at rule 0. :-)

Rule 1
Your submission must be a complete program....

Rule 5
Your submission MUST not modify the content or filename of any part of your original submission including, but not limited to prog.c, the Makefile (that we create from your how to build instructions), as well as any data files you submit....

Rule 6
I am not a rule, I am a free(void *human);
while (!(ioccc(rule(you(are(number(6)))))) {
ha_ha_ha();
}

Rule 6 is clearly a reference to The Prisoner... (Some other rules are even sillier...) And the guidelines include their own jokes: You are in a maze of twisty guidelines, all different.

There are at least zero judges who think that Fideism has little or nothing to do with the IOCCC judging process....

We suggest that you avoid trying for the 'smallest self-replicating' source. The smallest, a zero byte entry, won in 1994.
And this weekend there was also a second announcement: After a 4 year effort by a number of people, with over 6168+ commits, the Great Fork Merge has been completed and the Official IOCCC web site has been updated! A significant number of improvements has been made to the IOCCC winning entries. A number of fixes and improvements involve the ability of reasonable modern Unix/Linux systems to be able to compile and even run them.
Thanks to long-time Slashdot reader — and C programmer — achowe for sharing the news.

"Over the course of 2024, Python has proven again and again why it's one of the most popular, useful, and promising programming languages out there," writes InfoWorld: The latest version of the language pushes the envelope further for speed and power, sheds many of Python's most decrepit elements, and broadens its appeal with developers worldwide. Here's a look back at the year in Python.

In the biggest news of the year, the core Python development team took a major step toward overcoming one of Python's longstanding drawbacks: the Global Interpreter Lock or "GIL," a mechanism for managing interpreter state. The GIL prevents data corruption across threads in Python programs, but it comes at the cost of making threads nearly useless for CPU-bound work. Over the years, various attempts to remove the GIL ended in tears, as they made single-threaded Python programs drastically slower. But the most recent no-GIL project goes a long way toward fixing that issue — enough that it's been made available for regular users to try out.

The no-GIL or "free-threaded" builds are still considered experimental, so they shouldn't be deployed in production yet. The Python team wants to alleviate as much of the single-threaded performance impact as possible, along with any other concerns, before giving the no-GIL builds the full green light. It's also entirely possible these builds may never make it to full-blown production-ready status, but the early signs are encouraging.

Another forward-looking feature introduced in Python 3.13 is the experimental just-in-time compiler or JIT. It expands on previous efforts to speed up the interpreter by generating machine code for certain operations at runtime. Right now, the speedup doesn't amount to much (maybe 5% for most programs), but future versions of Python will expand the JIT's functionality where it yields real-world payoffs.
Python is now more widely used than JavaScript on GitHub (thanks partly to its role in AI and data science code).

Software development is entering an "autopilot era" with AI coding assistants, but the industry needs to prepare for full autonomy, argues former Salesforce co-CEO Bret Taylor. Drawing parallels with self-driving cars, he suggests the role of software engineers will evolve from code authors to operators of code-generating machines. Taylor, a board member of OpenAI and who once rewrote Google Maps over a weekend, calls for new programming systems, languages, and verification methods to ensure AI-generated code remains robust and secure. From his post: In the Autonomous Era of software engineering, the role of a software engineer will likely transform from being the author of computer code to being the operator of a code generating machine. What is a computer programming system built natively for that workflow?

If generating code is no longer a limiting factor, what types of programming languages should we build?

If a computer is generating most code, how do we make it easy for a software engineer to verify it does what they intend? What is the role of programming language design (e.g., what Rust did for memory safety)? What is the role of formal verification? What is the role of tests, CI/CD, and development workflows?

Today, a software engineer's primary desktop is their editor. What is the Mission Control for a software engineer in the era of autonomous development?

An anonymous reader shared this report from TechCrunch: Microsoft-owned GitHub announced on Wednesday a free version of its popular Copilot code completion/AI pair programming tool, which will also now ship by default with Microsoft's popular VS Code editor. Until now, most developers had to pay a monthly fee, starting at $10 per month, with only verified students, teachers, and open source maintainers getting free access...

There are some limitations to the free version, which is geared toward occasional users, not major work on a big project. Developers on the free plan will get access to 2,000 code completions per month, for example, and as a GitHub spokesperson told me, each Copilot code suggestion will count against this limit — not just accepted suggestions. And while GitHub recently added the ability to switch between different foundation models, users on the free plan are limited to Anthropic's Claude 3.5 Sonnet and OpenAI's GPT-4o. (The paid plans also include Google's Gemini 1.5 Pro and OpenAI's o1-preview and -mini.) For Copilot Chat, the number of chat messages is limited to 50, but otherwise, there aren't any major limitations to the free service. Developers still get access to all Copilot Extensions and skills.

The free Copilot SKU will work in a number of editors, including VS Code, Visual Studio, and JetBrains, as well as on GitHub.com.
GitHub's announcement ends with the words "Happy coding!" and calls the service "GitHub Copilot Free." But TechCrunch points out there's already competition from services like Amazon Q Developer, as well as from companies like Tabnine and Qodo (previously known as Codium) — and they typically offer a free tier. But in addition, "With Copilot Free, we are returning to our freemium roots," GitHub CEO Thomas Dohmke told TechCrunch, as well as "laying the groundwork for something far greater: AI represents our best path to enabling a GitHub with one billion developers.

"There should be no barrier to entry for experiencing the joy of creating software. Now six years after being acquired by Microsoft, it indeed appears GitHub is still GitHub — and we are doing our thing."

Or, as GitHub CEO Satya Nadella said in a video posted on LinkedIn, "The joy of coding is back! And we are looking forward to bringing the same experience to so many more people around the world."