The long-running Advent of Code site just entered its 10th year, with 162,809 people completing both of its Day One puzzles (which involve a hunt for the missing historian of the North Pole). But its not the only site offering Christmas-themed programming puzzles:

• Hundreds of SQL lovers are trying the daily challenges from the "Advent of SQL" site.

• You can sign up for daily emails with webdev challenges from the Advent of JavaScript and Advent of CSS sites.

• The "Advent of No-Code" site challenges you to build something new every day using no-code tools like AI-powered dev environments or the social coding site Val Town.

• TryHackMe.com is publishing "beginner-friendly, daily gamified cyber security challenges" in an event they're calling the "Advent of Cyber."

• And Norway's biggest chess club (founded by world champion Magnus Carlsen) has even launched a site with daily chess puzzles called — what else? — Advent of Chess. (It promises at the end of the event someone will win a chessboard signed by Magnus Carlsen).

Greg Kroah-Hartman noted some coming changes in Linux 6.13 will make it possible to create "way more" Rust-based kernel drivers. "The veteran kernel developer believes we're at a tipping point of seeing more upstream Rust drivers ahead," reports Phoronix: These Rust char/misc changes are on top of the main Rust pull for Linux 6.13 that brought 3k lines of code for providing more Rust infrastructure. Linux 6.13 separately is also bringing Rust file abstractions.
"Sorry for doing this at the end of the merge window," Greg Kroah-Hartman wrote in the pull request, explaining that "conference and holiday travel got in the way on my side (hence the 5am pull request emails...)" Loads of things in here...

— Rust misc driver bindings and other rust changes to make misc drivers actually possible. I think this is the tipping point, expect to see way more rust drivers going forward now that these bindings are present.

Next merge window hopefully we will have pci and platform drivers working, which will fully enable almost all driver subsystems to start accepting (or at least getting) rust drivers. This is the end result of a lot of work from a lot of people, congrats to all of them for getting this far, you've proved many of us wrong in the best way possible, working code :)

Long-time Slashdot reader jaromil writes: As a fun project, we hacked together a C interpreter (based on Tiny C Compiler) that compiles C code in-memory and runs it live.

CJIT today is a 2MB executable that can do a lot, including call functions from any installed library on Linux, Windows, and MacOSX.
Slashdot reader oliwer points out "they are also including a REPL, which could be interesting." And the CJIT web page promises there's "no EULA to sign, no IDE to install... 100% Free and open source!"

It also says the project was inspired by Terry Davis (TempleOS) and Fabrice Bellard (Tiny C Compiler).

Nonprofit Code.org has posted this year's cartoon for "Hour of Code," their annual learn-to-code event for schoolchildren.

Long-time Slashdot reader theodp notes its animated pigeon gives a shout-out to the AI that could ultimately replace programmers: In an Instagram post introducing the video, Code.org explains: "Bartlett the Pigeon just learned how to code and now thinks he's smarter than us. Honestly...he might be. Meet the face (and feathers) of this year's #HourOfCode." In the video, Bartlett wows a social media influencer with his coding skills. "Is this pigeon typing code?" she asks in disbelief. "I'm going to film this for my socials!" Bartlett goes on to explain that the song he remixes with coding blocks — Aloe Blacc's "I Need a Dollar" — could have instead been generated by simply using AI, which he says is "like having a personal DJ assistant who never misses a beat!"

Interestingly, Blacc noted in a 2011 interview that he wrote "I Need a Dollar" after being made redundant in his career as a business consultant by Ernst & Young. That multinational company is now advising global business leaders on how they can harness the power of GenAI "to achieve more with fewer resources" by disrupting professions — like programming — that "involve a high degree of repetitive and data-driven tasks that AI can automate."

Software company Deno Land has filed a petition with the U.S. Patent and Trademark Office to cancel Oracle's JavaScript trademark, citing trademark abandonment and fraud. The November 22 filing claims Oracle has not sold JavaScript products or services since acquiring the trademark through its 2009 Sun Microsystems purchase. The petition alleges Oracle committed fraud during its 2019 trademark renewal by submitting Node.js website screenshots without authorization.

The legal action follows a September open letter from JavaScript creator Brendan Eich, Node.js and Deno creator Ryan Dahl, and other prominent JavaScript developers urging Oracle to relinquish the trademark. The letter has garnered over 14,000 signatures.

A Stanford study of over 50,000 software engineers across hundreds of companies has found that approximately 9.5% of engineers perform minimal work while drawing full salaries, potentially costing tech companies billions annually.

The research showed the issue is most prevalent in remote work settings, where 14% of engineers were classified as "ghost engineers" compared to 6% of office-based staff. The study evaluated productivity through analysis of private Git repositories and simulated expert assessments of code commits.

Major tech companies could be significantly impacted, with IBM estimated to have 17,100 underperforming engineers at an annual cost of $2.5 billion. Across the global software industry, the researchers estimate the total cost of underperforming engineers could reach $90 billion, based on a conservative 6.5% rate of "ghost engineers" worldwide.

An anonymous reader quotes a report from TheGamer: With thousands of cards available in Pokemon's "Pokemon Trading Card Game," it can be hard to remember what is what. After all, since first debuting in the mid 1990s to coincide with the games of the same name, the popular collectible has been going strong ever since, with new releases constantly filling store shelves. That said, one avid Pokemon fan took it upon themselves to archive the card game's unique artwork. After hundreds of hours of work, over 23,000 cards have been archived, along with an additional 2,000 pieces of artwork. The end result is one of the best fan creations around.

Meet Twitter user pkm_jp, who devoted hundreds of hours to learning how to program in order to make their dream of a one-stop shop of all available card art a reality. "I remember the joy of getting the first set page working, displaying a small collection of cards," they wrote on Twitter. "I knew it was just the beginning." The site, artofpkm.com, "is dedicated to bringing artists and fans together," the created said on X (formerly Twitter). They note that there is still "lots of artwork still to be added and labeled," among other features such as "custom lists, voting, and a proper blog."

A new bill introduced by Sen. Peter Welch (D-Vt) aims to make it easier for human creators to find out if their work was used without permission to train artificial intelligence. NBC News reports: The Transparency and Responsibility for Artificial Intelligence Networks (TRAIN) Act would enable copyright holders to subpoena training records of generative AI models, if the holder can declare a "good faith belief" that their work was used to train the model. The developers would only need to reveal the training material that is "sufficient to identify with certainty" whether the copyright holder's works were used. Failing to comply would create a legal assumption -- until proven otherwise -- that the AI developer did indeed use the copyrighted work. [...]

In a news release, Welch said the TRAIN Act has been endorsed by several organizations -- including the Screen Actors Guild-American Federation of Television and Radio Artists (SAG-AFTRA), the American Federation of Musicians, and the Recording Academy -- as well as major music labels -- including Universal Music Group, Warner Music Group and Sony Music Group.

U.S. software developer job listings have plummeted 56% since 2019, according to CompTIA data, as coding bootcamp graduates face mounting challenges from AI tools and widespread tech industry layoffs.

For entry-level positions, postings have dropped even further at 67%. The downturn has forced several bootcamps to adapt or close. Boston's Launch Academy suspended operations in May after job placement rates fell from 90% to below 60%. Meanwhile, AI coding tools like ChatGPT and GitHub's Copilot are transforming the industry, with Google reporting that AI now generates over 25% of its new code.

"This is the worst environment for entry-level tech jobs I've seen in 25 years," said Menlo Ventures partner Venky Ganesan.

An anonymous reader shared this report from the New York Times: Between the time [construction worker Florencio] Rendon applied for the coding boot camp and the time he graduated, what Mr. Rendon imagined as a "golden ticket" to a better life had expired. About 135,000 start-up and tech industry workers were laid off from their jobs, according to one count. At the same time, new artificial intelligence tools like ChatGPT, an online chatbot from OpenAI, which could be used as coding assistants, were quickly becoming mainstream, and the outlook for coding jobs was shifting. Mr. Rendon says he didn't land a single interview.

Coding boot camp graduates across the country are facing a similarly tough job market. In Philadelphia, Mal Durham, a lawyer who wanted to change careers, was about halfway through a part-time coding boot camp late last year when its organizers with the nonprofit Launchcode delivered disappointing news. "They said: 'Here is what the hiring metrics look like. Things are down. The number of opportunities is down,'" she said. "It was really disconcerting." In Boston, Dan Pickett, the founder of a boot camp called Launch Academy, decided in May to pause his courses indefinitely because his job placement rates, once as high as 90 percent, had dwindled to below 60 percent. "I loved what we were doing," he said. "We served the market. We changed a lot of lives. The team didn't want that to turn sour."

Compared with five years ago, the number of active job postings for software developers has dropped 56 percent, according to data compiled by CompTIA. For inexperienced developers, the plunge is an even worse 67 percent. "I would say this is the worst environment for entry-level jobs in tech, period, that I've seen in 25 years," said Venky Ganesan, a partner at the venture capital firm Menlo Ventures.
A Stack Overflow survey of 65,000 developers found that 60% had used AI coding tools this year, the article points out. And it includes two predictions about the future:

• Armando Solar-Lezama, leader of MIT's Computer-Assisted Programming Group, "believes that A.I. tools are good news for programming careers. If coding becomes easier, he argues, we'll just make more, better software. We'll use it to solve problems that wouldn't have been worth the hassle previously, and standards will skyrocket."

• Zach Sims, a co-founder of Codecademy, said of the job prospects for coding boot camp graduates" "I think it's pretty grim."

Back in the mid-1980s Mark Roth was in 5th grade when the game ChipWits "helped kindle his interest in coding," according to an online biography. ("By middle school, he wrote his first Commodore 64 assembler and by high school he authored a 3D Graphics library for DOS.")

And 40 years later, Slashdot reader markroth8 writes that the programming puzzle/logic game "inspired many people to become professional coders": ChipWits was first released for Mac in 1984, and was later ported to Commodore 64 and Apple II in 1985. To celebrate the game's 40th anniversary, the team behind the new Steam reboot of ChipWits (including its original co-creator Doug Sharp, also of fame for the game King of Chicago) is announcing the recovery and open source release of the original game's source code, written in the FORTH programming language, for both Mac and Commodore 64 platforms.

Recovering data from 40-year old 5.25" and 3.5" disks was a challenge in and of itself, and most of the data survived unscathed! It's interesting to read the 40-year-old code, and compare it to modern game development.
"Our goal for open sourcing the original version of ChipWits is to ensure its legacy lives on," according to the announcement. (It adds that "We also wanted to share an appreciation for what cross-platform software development for 8-bit microcomputers was like in 1984.")

The Rust community has "recognized the unsafety of Rust (if used incorrectly)," according to a blog post by Amazon Web Services.

So now AWS and the Rust Foundation are "crowdsourcing an effort to verify the Rust standard library," according to an article at DevClass.com, "by setting out a series of challenges for devs and offering financial rewards for solutions..." Rust includes ways to bypass its safety guarantees though, with the use of the "unsafe" keyword... The issue AWS highlights is that even if developers use only safe code, most applications still depend on the Rust standard library. AWS states that there are approximately 7.5K unsafe functions in the Rust Standard Library and notes that 57 "soundness issues" and 20 CVEs (Common Vulnerabilities and Exposures) have been reported in the last three years. [28% of the soundness issues were discovered in 2024.]

Marking a function as unsafe does not mean it is vulnerable, only that Rust does not guarantee its safety. AWS plans to reduce the risk by using tools and techniques for formal verification of key library code, but believes that "a single team would be unable to make significant inroads" for reasons including the lack of a verification mechanism in the Rust ecosystem and what it calls the "unknowns of scalable verification." The plan therefore is to turn this over to the community, by posing challenges and rewarding developers for solutions.... A GitHub repository provides a fork of the Rust code and includes a set of challenges, currently 13 of them... The Rust Foundation says that there is a financial reward tied to each challenge, and that the "challenge rewards committee is responsible for reviewing activity and dispensing rewards." How much will be paid though is not stated.

Despite the wide admiration for Rust, there is no formal specification for the language, an issue which impacts formal verification efforts.
Thanks to Slashdot reader sean-it-all for sharing the news.

Microsoft-owned GitHub published a blog post asking "Does GitHub Copilot improve code quality? Here's what the data says."

Its first paragraph includes statistics from past studies — that GitHub Copilot has helped developers code up to 55% faster, leaving 88% of developers feeling more "in the flow" and 85% feeling more confident in their code.

But does it improve code quality? [W]e recruited 202 [Python] developers with at least five years of experience. Half were randomly assigned GitHub Copilot access and the other half were instructed not to use any AI tools... We then evaluated the code with unit tests and with an expert review conducted by developers.

Our findings overall show that code authored with GitHub Copilot has increased functionality and improved readability, is of better quality, and receives higher approval rates... Developers with GitHub Copilot access had a 56% greater likelihood of passing all 10 unit tests in the study, indicating that GitHub Copilot helps developers write more functional code by a wide margin. In blind reviews, code written with GitHub Copilot had significantly fewer code readability errors, allowing developers to write 13.6% more lines of code, on average, without encountering readability problems. Readability improved by 3.62%, reliability by 2.94%, maintainability by 2.47%, and conciseness by 4.16%. All numbers were statistically significant... Developers were 5% more likely to approve code written with GitHub Copilot, meaning that such code is ready to be merged sooner, speeding up the time to fix bugs or deploy new features.
"While GitHub's reports have been positive, a few others haven't," reports Visual Studio magazine: For example, a recent study from Uplevel Data Labs said, "Developers with Copilot access saw a significantly higher bug rate while their issue throughput remained consistent."

And earlier this year a "Coding on Copilot" whitepaper from GitClear said, "We find disconcerting trends for maintainability. Code churn — the percentage of lines that are reverted or updated less than two weeks after being authored — is projected to double in 2024 compared to its 2021, pre-AI baseline. We further find that the percentage of 'added code' and 'copy/pasted code' is increasing in proportion to 'updated,' 'deleted,' and 'moved 'code. In this regard, AI-generated code resembles an itinerant contributor, prone to violate the DRY-ness [don't repeat yourself] of the repos visited."

Longtime Slashdot reader theodp writes: Past corporate-sponsored Hour of Code tutorials for the nation's schoolchildren have blurred the lines between coding lessons and product infomercials. So too is the case again with this year's newly-announced Hour of Code 2024 flagship tutorials, which include Microsoft Minecraft, Amazon Music, and Transformers One movie-themed intros to coding. The press release announcing the tutorials from tech-backed nonprofit Code.org, which organizes the Hour of Code and counts Microsoft and Amazon as $30+ million donors, boasts of its "decade of partnership with [Microsoft] Minecraft this year, reaching more than 300 million sessions of Minecraft Hour of Code since 2015!"

Interestingly, The Transformers (Paramount Pictures, which released Transformers One in the U.S., is a $25,000+ Code.org donor) is cited as one of the OG's of children's Saturday morning cartoon advertising (aka 30-minute commercials) that prompted the Children's Television Act (CTA) of 1990, an act of Congress that ordered the FCC to put in place regulations to protect children from advertising. Throughout the 1980s, Action for Children's Television (ACT) criticized children's television programs that "blur(red) the distinction between program content and commercial speech."

TV Time's parent company criticized Apple's App Store control after the tech giant removed its streaming app over an intellectual property dispute. "Apple holds significant power over app developers by controlling access to a massive market and, in this case, seems to have acted on a complaint without requiring robust evidence from the complainant," Jerry Inman, CMO of Whip Media, which operates the app, told TechCrunch.

The app was pulled from the store by Apple after the developer refused to pay a settlement fee related to user-uploaded cover art. The app has since been reinstated.

Slashdot readers damn_registrars and GFS666 share the news of the passing of Thomas E. Kurtz, co-inventor of the BASIC programming language back in the 1960s. He was 96. Hackaday reports: The origins of BASIC lie in the Dartmouth Timesharing System, like similar timesharing operating systems of the day, designed to allow the resources of a single computer to be shared across many terminals. In this case the computer was at Dartmouth College, and BASIC was designed to be a language with which software could be written by average students who perhaps didn't have a computing background. In the decade that followed it proved ideal for the new microcomputers, and few were the home computers of the era which didn't boot into some form of BASIC interpreter. Kurtz continued his work as a distinguished academic and educator until his retirement in 1993, but throughout he remained as the guiding hand of the language.

The goal? "Make C++ and Rust interoperability easily accessible and approachable to the widest possible audience." And the Rust Foundation's "Interop Initiative" is specifically focused on the goal of interoperability "within the same executable," through either inline embedding that allows "integrated compilation", or foreign function interfaces.

To that end, a statement addressing "the challenges and opportunities in C++ and Rust interoperability" was announced this week by the Rust Foundation. Pointing out that the "Interop Initiative" was launched in February 2024 with a $1M contribution from Google, it now "proposes a collaborative, problem-space approach engaging key stakeholders from both language communities.

"Rather than prescribing specific solutions, this problem statement serves as a foundation for community input and participation in shaping both the strategic direction and tactical implementation of improved C++/Rust interoperability."

Their official problem statement outlines three "key strategic approaches."

- Improve existing tools and address tactical issues to reduce interoperability friction and risk in the short term.

- Build consensus around long-term goals requiring changes to Rust itself and develop the tactical approaches to begin pursuing them.

- Engage with the C++ community and committee to improve the quality of interoperation for both languages to help realize the mutual goals of safety and performance.

And it argues that interoperability "is essential to pursuing safety and performance which is maintainable and scalable." A significant amount of development has gone into libraries to facilitate interoperability with both C and C++, but from the language and compiler level, the situation remains largely unchanged from the early days of Rust. As the desire to integrate Rust into more C++ codebases increases, the value of making C++/Rust interoperability safer, easier, and more efficient is rapidly increasing. While each language takes a different overall approach, both view safety as an essential concern in modern systems. Both Rust and C++ have language- and standard-library-level facilities to improve safety in seemingly compatible ways, but significant benefits are lost when transiting the foreign function interfaces (FFI) boundary using the C ABI...

The consequence of this increased cost to interoperate means both C++ and Rust codebases are less able to access valuable code that already exists in the other language, and the ability to transition system components from one language to another is reduced outside of existing C-like interface boundaries. Ultimately, this reduction in freedom leads to worse outcomes for all users since technologists are less free to choose the most effective solutions.

The Tiobe index tries to track the popularity of programming languages by counting the number of search results for the language's name followed by the word "programming" (on 25 different search engines). And this month there were some surprises...

By TIOBE's reckoning, compared to a year ago PHP has now fallen from #7 to #12, while Delphi/Object Pascal shot up five spots from #16 to #11. In that same year, Fortran jumped from #12 to #8 — while both Visual Basic and SQL dropped down a single rank. Toward the top of the list, C actually fell from the #2 spot over the last 12 months to the #4 spot.

And Go just reached the #7 rank on the TIOBE's ranking of programming language popularity — "an all time high for Go," according to TIOBE CEO Paul Jansen. In this month's note, he explains what he thinks is unusual about this — starting by saying that Go programs are both fast, and easy in many ways — easy to deploy, easy to learn, and easy to understand. Python for instance is easy to learn but not fast, and deployment for larger Python programs is fragile due to dependencies on all kind of versioned libraries in the environment.

If compared to Rust for instance (another contender for a top position), Go is a tiny bit slower, but the Go programs are much easier to understand. The next hurdle for Go in the TIOBE index is JavaScript at position #6. That will be a tough one to pass. JavaScript is ubiquitous in software development, although for larger JavaScript systems we see a shift to TypeScript nowadays.
"If annual trends continue this way, Go will bypass JavaScript within 3 years," TIOBE's CEO predicts. (Adding "Let's see what the future has in store for Go...") Although the Go team actually has specific plans for the future, according to a blog post this week celebrating Go's 15th anniversary: We're working on making Go better for AI — and AI better for Go — by enhancing Go's capabilities in AI infrastructure, applications, and developer assistance. Go is a great language for building production systems, and we want it to be a great language for building production AI systems, too... For AI applications, we will continue building out first-class support for Go in popular AI SDKs, including LangChainGo and Genkit. And from its very beginning, Go aimed to improve the end-to-end software engineering process, so naturally we're looking at bringing the latest tools and techniques from AI to bear on reducing developer toil, leaving more time for the fun stuff — like actually programming!
TIOBE's top 10 programming language rankings for the month of November:

1. Python
2. C++
3. Java
4. C
5. C#
6. JavaScript
7. Go
8. Fortran
9. Visual Basic
10. SQL

Google's transistion to Safe Coding and memory-safe languages "will take multiple years," according to a post on Google's security blog. So "we're also retrofitting secure-by-design principles to our existing C++ codebase wherever possible," a process which includes "working towards bringing spatial memory safety into as many of our C++ codebases as possible, including Chrome and the monolithic codebase powering our services." We've begun by enabling hardened libc++, which adds bounds checking to standard C++ data structures, eliminating a significant class of spatial safety bugs. While C++ will not become fully memory-safe, these improvements reduce risk as discussed in more detail in our perspective on memory safety, leading to more reliable and secure software... It's also worth noting that similar hardening is available in other C++ standard libraries, such as libstdc++. Building on the successful deployment of hardened libc++ in Chrome in 2022, we've now made it default across our server-side production systems. This improves spatial memory safety across our services, including key performance-critical components of products like Search, Gmail, Drive, YouTube, and Maps... The performance impact of these changes was surprisingly low, despite Google's modern C++ codebase making heavy use of libc++. Hardening libc++ resulted in an average 0.30% performance impact across our services (yes, only a third of a percent) ...

In just a few months since enabling hardened libc++ by default, we've already seen benefits. Hardened libc++ has already disrupted an internal red team exercise and would have prevented another one that happened before we enabled hardening, demonstrating its effectiveness in thwarting exploits. The safety checks have uncovered over 1,000 bugs, and would prevent 1,000 to 2,000 new bugs yearly at our current rate of C++ development...

The process of identifying and fixing bugs uncovered by hardened libc++ led to a 30% reduction in our baseline segmentation fault rate across production, indicating improved code reliability and quality. Beyond crashes, the checks also caught errors that would have otherwise manifested as unpredictable behavior or data corruption... Hardened libc++ enabled us to identify and fix multiple bugs that had been lurking in our code for more than a decade. The checks transform many difficult-to-diagnose memory corruptions into immediate and easily debuggable errors, saving developers valuable time and effort.
The post notes that they're also working on "making it easier to interoperate with memory-safe languages. Migrating our C++ to Safe Buffers shrinks the gap between the languages, which simplifies interoperability and potentially even an eventual automated translation."

Longtime Slashdot reader DaPhil writes: I taught myself to code at 12 years old in the 90s and I've always liked the back-and-forth with the runtime to achieve the right result. I recently got back from other roles to code again, and when starting a new project last year, I decided to give the new "AI assistants" a go.

My initial surprise at the quality and the speed you can achieve when using ChatGPT and/or Copilot when coding turned sour over the months, as I realized that all the joy I felt about trying to get the result I want -- slowly improving my code by (slowly) thinking, checking the results against the runtime, and finally achieving success -- is, well, gone. What I do now is type English sentences in increasingly desperate attempts to get ChatGPT to output what I want (or provide snippets to Copilot to get the right autocompletion), which -- as they are pretty much black boxes -- is frustrating and non-linear: it either "just works," or it doesn't. There is no measure of progress. In a way, having Copilot in the IDE was even worse, since it often disrupts my thinking when suggesting completions.

I've since disabled Copilot. Interestingly, I myself now feel somehow "disabled" without it in the IDE; however, the abstention has given me back the ability to sit back and think, and through that, the joy of programming. Still, it feels like I'm now somehow an ex-drug addict always on the verge of a relapse. I was wondering if any of you felt the same, or if I'm just... old.