IEEE Spectrum reports on Codon, a Python compiler specifically developed to, as they put it, "turbocharge Python's Notoriously slow compiler."

"We do type checking during the compilation process, which lets us avoid all of that expensive type manipulation at runtime," says Ariya Shajii, an MIT CSAIL graduate student and lead author on a recent paper about Codon. Without any unnecessary data or type checking during runtime, Codon results in zero overhead, according to Shajii. And when it comes to performance, "Codon is typically on par with C++. Versus Python, what we usually see is 10 to 100x improvement," he says. But Codon's approach comes with its trade-offs. "We do this static type checking, and we disallow some of the dynamic features of Python, like changing types at runtime dynamically," says Shajii. "There are also some Python libraries we haven't implemented yet...."

Codon was initially designed for use in genomics and bioinformatics. "Data sets are getting really big in these fields, and high-level languages like Python and R are too slow to handle terabytes per set of sequencing data," says Shajii. "That was the gap we wanted to fill — to give domain experts who are not necessarily computer scientists or programmers by training a way to tackle large data without having to write C or C++ code." Aside from genomics, Codon could also be applied to similar applications that process massive data sets, as well as areas such as GPU programming and parallel programming, which the Python-based compiler supports. In fact, Codon is now being used commercially in the bioinformatics, deep learning, and quantitative finance sectors through the startup Exaloop, which Shajii founded to shift Codon from an academic project to an industry application.

To enable Codon to work with these different domains, the team developed a plug-in system. "It's like an extensible compiler," Shajii says. "You can write a plug-in for genomics or another domain, and those plug-ins can have new libraries and new compiler optimizations...." In terms of what's next for Codon, Shajii and his team are currently working on native implementations of widely used Python libraries, as well as library-specific optimizations to get much better performance out of these libraries. They also plan to create a widely requested feature: a WebAssembly back end for Codon to enable running code on a Web browser.

Gabi Dobocan, writing at auditing firm Sandworm: More than half of all new packages that are currently (29 Mar 2023) being submitted to npm are SEO spam. That is - empty packages, with just a single README file that contains links to various malicious websites. Out of the ~320k new npm packages or versions that Sandworm has scanned over the past week, at least ~185k were labeled as SEO spam. Just in the last hour as of writing this article, 1583 new e-book spam packages have been published. All the identified spam packages are currently live on npmjs.com.

After launching My Ad Center last fall, Google is now introducing the Ads Transparency Center as a "searchable hub of all ads served from verified advertisers." 9to5Google reports: The Ads Transparency Center will let you view all the advertisements a company has run using Google's networks. Each ad includes the date it last ran, format (text, video, etc.), and what region (country) it was shown in: "For example, imagine you're seeing an ad for a skincare product you're interested in, but you don't recognize the brand, or you're curious to understand if you recognize other ads from this brand. With the Ads Transparency Center, you can look up the advertiser and learn more about them before purchasing or visiting their site."

You can search by advertiser (with approximate ad quantity noted) or website, with filters for topics, time, and country. Once an advertiser is selected, Google will show the feed of ads with the ability to select for more details. You'll be able to access it directly here or from the My Ad Center, which lets you customize advertising that appears in Search, Discover, Shopping, and YouTube.

Apple set a June 5 date for the event where it plans to unveil a mixed-reality headset, the first major new product since its smartwatch debuted eight years ago. From a report: The company scheduled its annual Worldwide Developers Conference, better known as WWDC, to kick off on that Monday and run through Friday, June 9. It typically uses the first day of the conference to discuss its next-generation platforms and operating systems. This year's conference will be held as an "all-day experience" at headquarters in Cupertino, California. Central to the agenda this time around will be the headset, likely to be dubbed the Reality One or Reality Pro, Bloomberg News has reported. Apple will also showcase the accompanying xrOS operating system and a way for developers to write apps for the device.

GitHub, the popular developer platform, has laid off virtually its entire engineering team in India as the Microsoft-owned firm cuts its expenses amid weakening global market conditions. From a report: The developer firm has eliminated over 100 jobs in the South Asian market, a person familiar with the matter said. GitHub informed the employees about the job cut on Tuesday.

An anonymous reader shares a report: Back in 2019, Amazon announced Sidewalk, its low-bandwidth, long-range wireless network that uses the 900 MHz spectrum to connect Internet of Things (IoT) devices. It does this by creating a mesh network between Amazon's own Echo and Ring devices and sharing a small part of their owner's bandwidth. Ideally, this means Sidewalk will be able to connect devices that sit beyond the reach of a Bluetooth or Wi-Fi signal. Until now, though, only a select number of developers were able to build applications for the network. But that's changing today. The company is now shipping software and hardware development kits, as well as an easy-to-use test kit to test the available Sidewalk connectivity in your neighborhood.

Using the new test kit, developers will be able to check their local signal strength on a map to get a better sense of whether their devices will be able to connect to the network before they start working on a product. Amazon sent me one of these Ring-branded devices to try. Getting started with it involves little more than powering it up (it does have a battery for mobile usage) and logging into Amazon's web-based Sidewalk coverage service. From there, you can quickly see all of the raw data from the GPS-enabled test kit and get access to Amazon's U.S.-wide coverage map. To ensure user privacy, the coverage maps only show coverage within a 900m-by-900m square area. You will be able to see the exact location of your own device, but not other devices that report into the coverage map.

InfoWorld reports that TypeScript 5.0 is smaller, faster, and simpler: TypeScript 5.0, an update to Microsoft's strongly typed JavaScript variant, is now available as a production release, Microsoft announced March 16. With the upgrade, TypeScript has been rebuilt to use ECMAScript modules. TypeScript 5.0 also modernizes decorators for class customization.

ECMAScript modules reduce package size and boost performance. Decorators, an upcoming ECMAScript feature, allow for customizing classes and their members in a reusable way, Microsoft noted in a March 1 blog post. Decorators can be used on methods, properties, getters, setters, and auto-accessors. Classes can be decorated for subclassing and registration. While TypeScript previously supported experimental decorators, these were modeled on a much older version of the decorators proposal. TypeScript 5.0 will permit decorators to be placed before or after export and export default, a change made since the January 26 beta release of the new version.

Anyone have career advice for this anonymous Slashdot reader? I've had a great career from 1992 to today. I've been a front line coder for most of that, but also a team lead, a supervisor, a project manager, a scrum master, etc. My career has been marked by expediency — I did whatever needed doing at the time, in whatever tools necessary.

However, now I'm 52, and I'm getting tired of leadership and project management, and I would like to return to that front line again. The legacy skills I have are no longer in demand. (They aren't Cobol.) Here's the rub: I am happy to do the work nobody else wants to do. Dead languages, abandoned codebases with little documentation, precariously built systems with rickety infrastructure... I've worked in them before, and I would be fine doing it again.

I'm afraid of nothing, but I don't want to keep climbing the bleeding edge of the technical mountain. I'd be happy to be silently, competently keeping things moving. By 55 I would like to make that move. It's either that or retire, which is an option... but I love the technical work.
They're soliciting suggestions from other Slashdot readers. ("Where to focus? How to prep?") So share your own best advice in the comments.

How can an aging project manager return to coding on unpopular legacy codebases?

Alex Ellis: Earlier this month, Docker sent an email to any Docker Hub user who had created an "organisation", telling them their account will be deleted including all images, if they do not upgrade to a paid team plan. The email contained a link to a tersely written PDF (since, silently edited) which was missing many important details which caused significant anxiety and additional work for open source maintainers. As far as we know, this only affects organisation accounts that are often used by open source communities. There was no change to personal accounts. Free personal accounts have a a 6 month retention period. Why is this a problem?

1. Paid team plans cost 420 USD per year (paid monthly)
2. Many open source projects including ones I maintain have published images to the Docker Hub for years
3. Docker's Open Source program is hostile and out of touch

Why should you listen to me? I was one of the biggest advocates around for Docker, speaking at their events, contributing to their projects and being a loyal member of their voluntary influencer program "Docker Captains". I have written dozens if not hundreds of articles and code samples on Docker as a technology. I'm not one of those people who think that all software and services should be free. I pay for a personal account, not because I publish images there anymore, but because I need to pull images like the base image for Go, or Node.js as part of my daily open source work. When one of our OpenFaaS customers grumbled about paying for Docker Desktop, and wanted to spend several weeks trying to get Podman or Rancher Desktop working, I had to bite my tongue. If you're using a Mac or a Windows machine, it's worth paying for in my opinion. But that is a different matter. Having known Docker's new CTO personally for a very long time, I was surprised how out of touch the communication was. More: Docker: We apologize. We did a terrible job announcing the end of Docker Free Teams..

Microsoft's GitHub unit created one of the first widely deployed programs using OpenAI's language-generation tools -- an app called Copilot that helped software developers write computer code. Now GitHub is adding a chat and voice feature that will let programmers ask how to accomplish certain coding tasks. From a report: The new version announced Wednesday is called Copilot X, which GitHub Chief Executive Officer Thomas Dohmke said he demonstrated to one of his children by asking it how to program a snake game in Python. The chat window can provide explanations of what segments of code are meant to do, create ways to test the code and propose fixes for bugs. Developers can also give instructions or ask questions using their voice.

GitHub first previewed Copilot in 2021 and widely released it last year. The initial product contained a completion tool that suggested snippets of programming code as a software developer typed. It attracted hundreds of thousands of developers by November and its product name had become short-hand for Microsoft's strategy to deploy these kinds of assistive technologies to a wide array of its products, from Office software to security programs. Now that OpenAI's ChatGPT chatbot has made a splash in popular culture, companies are trying to follow Microsoft in embedding the research lab's tools into products and business strategies. At the same time, rivals such as Alphabet's Google are releasing chatbot competitors.

The Reg has seen two recent incidents of Russian developers being blocked from public development of FOSS code. One was a refusal on the Linux kernel mailing list, the other a more general block on Github. In the last week, these events have both caused active, and sometimes heated, discussions in FOSS developer communities. From the report: The GitHub account of developer Alexander Amelkin has been blocked, and his repositories marked as "archived" â" including ipmitool, whose README describes it as "a utility for managing and configuring devices that support the Intelligent Platform Management Interface." Unable to comment on Github itself, Amelkin described what happened on the project's older Soureforge page.

Amelkin works for Russian chipbuilder Yadro, which we described as working on RISC-V chips back in 2021. Microsoft is just obeying US law in this: according to the War and Sanctions database of the Ukrainian National Agency on Corruption Prevention, the NACP, Yadro is a sanctioned company. However, on LinkedIn, Amelkin disputes his employer's involvement. Over on Hacker News, commentators seem to be generally in favor of the move, although the discussion on LWN is more measured, pointing out both that there is little threat from server-management tools like this, but that Microsoft probably has no choice.

Amelkin is not alone. Over on the Linux Kernel Mailing List, a contribution from Sergey Semin has been refused with the terse notice: "We don't feel comfortable accepting patches from or relating to hardware produced by your organization. Please withhold networking contributions until further notice." Semin is a developer at chipmaker Baikal Electronics, a company whose website has been suspended for a year now, as we noted a year ago in a story that also mentions Yadro. We were reporting on Baikal's efforts to develop its own CPUs nearly a decade ago, mere months after the Russian annexation of Crimea. And once again, there is spirited debate over the move on the Orange Site.

Oracle today announced the availability of Java 20, the latest version of the popular programming language and development platform. From a report: The latest version of the 27-year-old language includes thousands of performance, stability and security improvements and features seven enhancement proposals to the Java Development Kit that are aimed at increasing developer productivity and enhancing performance, stability and security. Oracle has coordinated a disciplined rollout of new Java releases on a six-month cadence for the past five years and says it's the top contributor to the open-source project. Java is the world's third most widely used programming language, according to Tiobe Software BV, and is No. 1 in organizational development, according to Oracle. "The innovation pipeline has never been richer," said Chad Arimura, vice president of developer relations at Oracle. "The problem space is changing and developers have higher demands on their programming languages than ever."

Codon is a new "high-performance Python compiler that compiles Python code to native machine code without any runtime overhead," according to its README file on GitHub. Typical speedups over Python are on the order of 10-100x or more, on a single thread. Codon's performance is typically on par with (and sometimes better than) that of C/C++. Unlike Python, Codon supports native multithreading, which can lead to speedups many times higher still.
Its development team includes researchers from MIT's Computer Science and Artificial Intelligence lab, according to this announcement from MIT shared by long-time Slashdot reader Futurepower(R): The compiler lets developers create new domain-specific languages (DSLs) within Python — which is typically orders of magnitude slower than languages like C or C++ — while still getting the performance benefits of those other languages. "We realized that people don't necessarily want to learn a new language, or a new tool, especially those who are nontechnical. So we thought, let's take Python syntax, semantics, and libraries and incorporate them into a new system built from the ground up," says Ariya Shajii SM '18, PhD '21, lead author on a new paper about the team's new system, Codon. "The user simply writes Python like they're used to, without having to worry about data types or performance, which we handle automatically — and the result is that their code runs 10 to 100 times faster than regular Python. Codon is already being used commercially in fields like quantitative finance, bioinformatics, and deep learning."

The team put Codon through some rigorous testing, and it punched above its weight. Specifically, they took roughly 10 commonly used genomics applications written in Python and compiled them using Codon, and achieved five to 10 times speedups over the original hand-optimized implementations.... The Codon platform also has a parallel backend that lets users write Python code that can be explicitly compiled for GPUs or multiple cores, tasks which have traditionally required low-level programming expertise.... Part of the innovation with Codon is that the tool does type checking before running the program. That lets the compiler convert the code to native machine code, which avoids all of the overhead that Python has in dealing with data types at runtime.

"Python is the language of choice for domain experts that are not programming experts. If they write a program that gets popular, and many people start using it and run larger and larger datasets, then the lack of performance of Python becomes a critical barrier to success," says Saman Amarasinghe, MIT professor of electrical engineering and computer science and CSAIL principal investigator. "Instead of needing to rewrite the program using a C-implemented library like NumPy or totally rewrite in a language like C, Codon can use the same Python implementation and give the same performance you'll get by rewriting in C. Thus, I believe Codon is the easiest path forward for successful Python applications that have hit a limit due to lack of performance."

The other piece of the puzzle is the optimizations in the compiler. Working with the genomics plugin, for example, will perform its own set of optimizations that are specific to that computing domain, which involves working with genomic sequences and other biological data, for example. The result is an executable file that runs at the speed of C or C++, or even faster once domain-specific optimizations are applied.

InfoWorld interviews Grady Booch, chief scientist for software engineering at IBM Research (who is also a pioneer in design patterns, agile methods, and one of the creators of UML).

Here's some of the highlights: Q: Let me begin by asking something "of the moment." There has been an almost cultural war between object-oriented programming and functional programming. What is your take on this?

Booch: I had the opportunity to conduct an oral history with John Backus — one of the pioneers of functional programming — in 2006 on behalf of the Computer History Museum. I asked John why functional programming didn't enter the mainstream, and his answer was perfect: "Functional programming makes it easy to do hard things" he said, "but functional programming makes it very difficult to do easy things...."


Q: Would you talk a bit about cryptography and Web3?

Booch: Web3 is a flaming pile of feces orbiting a giant dripping hairball. Cryptocurrencies — ones not backed by the full faith and credit of stable nation states — have only a few meaningful use cases, particularly if you are a corrupt dictator of a nation with a broken economic system, or a fraud and scammer who wants to grow their wealth at the expense of greater fools. I was one of the original signatories of a letter to Congress in 2022 for a very good reason: these technologies are inherently dangerous, they are architecturally flawed, and they introduce an attack surface that threatens economies....


Q: What do you make of transhumanism?

Booch: It's a nice word that has little utility for me other than as something people use to sell books and to write clickbait articles....


Q: Do you think we'll ever see conscious machines? Or, perhaps, something that compels us to accept them as such?

Booch: My experience tells me that the mind is computable. Hence, yes, I have reason to believe that we will see synthetic minds. But not in my lifetime; or yours; or your children; or your children's children. Remember, also, that this will likely happen incrementally, not with a bang, and as such, we will co-evolve with these new species.

Long-time Slashdot reader theodp writes: In Something Pretty Right: A History of Visual Basic, Retool's Ryan Lucas has a nice round-up of how Visual Basic became the world's most dominant programming environment, its sudden fall from grace, and why its influence is still shaping the future of software development.

Visual Basic (or VB) burst onto the scene at a magical, transitional moment, presenting a radically simpler alternative for Windows 3.0 development. Bill Gates' genuine enthusiasm for VB is evident in an accompanying 1991 video in which BillG personally and playfully demonstrates Visual Basic 1.0 at its launch event, as well as in a 1994 video in which Gates thanks Alan Cooper, the "Father of Visual Basic," with the Windows Pioneer Award.

For Gates, VB was love at first sight. "It blew his mind, he had never seen anything like it," recalls Cooper of Gates's reaction to his 1988 demo of a prototype. "At one point he turned to his retinue and asked 'Why can't we do stuff like this?'" Gates even came up with the idea of taking Cooper's visual programming frontend and replacing its small custom internal language with BASIC.

After seeing what Microsoft had done to his baby, Cooper reportedly sat frustrated in the front row at the launch event. But it's hard to argue with success, and Cooper eventually came to appreciate VB's impact. "Had Ruby [Cooper's creation] gone to the market as a shell construction set," Cooper said, "it would have made millions of people happier, but then Visual Basic made hundreds of millions of people happier. I was not right, or rather, I was right enough, had a modicum of rightness. Same for Bill Gates, but the two of us together did something pretty right."

At its peak, Visual Basic had nearly 3.5 million developers worldwide. Many of the innovations that Alan Cooper and Scott Ferguson's teams introduced 30 years ago with VB are nowhere to be found in modern development, fueling a nostalgic fondness for the ease and magic VB delivered that we have yet to rekindle.

TomTom, the Dutch navigation software company most known for its GPS navigation systems, announced that it's support the OpenStreetMap Foundation (OSMF) as a Platinum Member. It's a U-turn for the company, which launched an article in 2012 on what they called the "negative aspects" of open data projects such as OpenStreetMap. From the press release: Last year, the geolocation company explained the instrumental role that OpenStreetMap (OSM) data is playing in its efforts to build the smartest map on the planet via the TomTom Maps Platform. Its latest move further affirms the company's commitment to the global OSM project. TomTom is contributing 20,000 euros to the OSMF as the first corporate OSM member to join the foundation at the Platinum level.

The OSMF is a not-for-profit organization that supports the OSM project in various ways, such as by running the OSM infrastructure and raising funds, as well as communicating with OSM working groups. With this annual contribution to the foundation, TomTom is providing direct financial support to OSM's operations and infrastructure, including hardware, cloud costs and engineering hours.

An anonymous reader quotes a report from Ars Technica: A public pool in the UK is expected to save [about $24,000] and cut carbon emissions by 25.8 tons annually by warming a 25-meter children's pool with waste heat from a data center from startup Deep Green. UK-based Deep Green is a newcomer in the data-center heat game and is making its entrance notable by putting a monetary figure on potential savings, which are fueled by the heat's low, low rate of free. Deep Green's paying customers are machine-learning and AI firms seeking computing resources. As reported by Datacenter Dynamics on Tuesday, clients can leverage Deep Green's 28 kW system with high-performance computing (HPC) capabilities. The HPC cluster at the Exmouth Leisure Centre swimming pool has 12 four-CPU cards and could eventually be used for cloud services and video rendering, Deep Green CEO Mark Bjornsgaard told the publication. According to the BBC , the server is about the size of a washing machine.

The computers are submerged in mineral oil that captures heat that gets transferred into pool water with a heat exchanger. The pool still has a gas boiler to boost the water's temperature if required. Deep Green claims it's transferring about 96 percent of the energy used by its computers and reducing a pool's gas heat usage by 62 percent. Deep Green is paying the Exmouth Leisure Centre for all the electricity its data center uses, as well as any setup costs, and the Exmouth Leisure Centre gets the heat for free.

Deep Green CTO Mat Craggs told Datacenter Dynamics: "Our expected heat transfer from the kit is 139,284 kWh a year, equivalent to 62 percent of the pool's heat needs." He noted that adding more servers to the tub could extend the figure to 70 or 80 percent. Deep Green's data center can heat the Exmouth Leisure Centre's 25 meter pool to 86 degrees Fahrenheit for about 60 percent of the time, BBC reported. The startup has plans to set up data centers in seven more UK locations and has a 2023 target of 20 locations.

An anonymous reader shares a report: Socket has found a way to protect developers from npm, GitHub's insufficiently safe JavaScript package manager, by wrapping it in a security blanket. The npm registry, operated by NPM until the security biz was acquired by Microsoft's GitHub in 2020, hosts software packages for the JavaScript ecosystem. It is, by its own account, "the world's largest software registry." In the past few years, the maliciously inclined have increasingly focused on compromising package registries like npm in what's known as a supply chain attack. Subverting a popular software library has the potential to enable widespread viral distribution. Those running the npm registry have put in place various defenses over the years, such as npm audit, a vulnerability scanning command in the npm command line interface (CLI). But the tool's implementation leaves something to be desired and developers often ignore audit warning messages, particularly if automated resolution doesn't work.

Socket built its own vulnerability scanning system and last year made it available for free (with paid tiers for teams and organizations) for open source projects. Its scanner runs as a GitHub app on code repositories when changes are made. It catches more issues than npm audit -- covering not just supply chain risk but also quality, maintenance, vulnerability, and license concerns. But Socket's scanner is also now available as a CLI that developers can install on their machines. On Thursday, Socket updated its CLI with a safe npm command that defends developers whenever they invoke npm install or npm uninstall, which perversely can install packages amid removing others. "npm creates what is called the 'ideal tree' for a given package.json," explained Feross Aboukhadijeh, told The Register. "So by removing a package you might actually change what the ideal tree is. Removing a package may remove a constraint which is keeping a package on an older version, so then npm may update those packages to a more ideal/recent version."

Ethereum's next major software upgrade, which could make crypto's biggest commercial highway more attractive to investors and developers alike, will take place around April 12. From a report: Called Shanghai, it will let people who pledged their Ether tokens to order transactions on the Ethereum blockchain to withdraw them. Currently, some 17.5 million of such so-called staked Ether, worth about $29 billion at current prices, can't be accessed on the network, although the coins do earn their owners a yield. Ethereum software developers have been working on Shanghai for months, and have finally been able to set the date after deploying a final software test earlier this week. Developers confirmed the target date during a call on Thursday. Once Shanghai launches, that's expected to kick off a wave of withdrawals, though they will be limited to ensure the network's continued security. Waiting in line to withdraw could take weeks or months. However, many investors stake through crypto platforms such as Lido, which already give them some flexibility with their coins.

By the end of 2023, GitHub will require all code contributors to enable two-factor authentication — part of "a platform-wide effort to secure software development by improving account security."

But on Monday they'll start rolling it out, according to a new blog post, reaching out to "smaller" groups of developers and administrators "to notify them of their 2FA enrollment requirement." If your account is selected for enrollment, you will be notified via email and see a banner on GitHub.com, asking you to enroll. You'll have 45 days to configure 2FA on your account — before that date nothing will change about using GitHub except for the reminders. We'll let you know when your enablement deadline is getting close, and once it has passed you will be required to enable 2FA the first time you access GitHub.com.

You'll have the ability to snooze this notification for up to a week, but after that your ability to access your account will be limited. Don't worry: this snooze period only starts once you've signed in after the deadline, so if you're on vacation or out of office, you'll still get that one week period to set up 2FA when you're back at your desk....

Twenty-eight (28) days after you enable 2FA, you'll be asked to perform a 2FA check-up while using GitHub.com, which validates that your 2FA setup is working correctly. Previously signed-in users will be able to reconfigure 2FA if they have misconfigured or misplaced second factors during onboarding.
GitHub's blog post says their gradual rollout plan "will let us make sure developers are able to successfully onboard, and make adjustments as needed before we scale to larger groups as the year progresses." InfoWorld summarizes the options: Users can choose between 2FA methods such as TOTP (Time-based One-Time Password), SMS (Short Message Service), security keys, or GitHub Mobile as a preferred 2FA method. GitHub advises using security keys and TOTPs wherever possible; SMS does not provide the same level of protection and is no longer recommended under NIST 800-63B, the company said.
Internally GitHub is also testing passkeys, according to their blog post. "Protecting developers and consumers of the open source ecosystem from these types of attacks is the first and most critical step toward securing the supply chain."