Gaming pioneer John Carmack believes we're not nearly as dependent on cutting-edge silicon as most assume -- we just lack the economic incentive to prove it. Responding to a "CPU apocalypse" thought experiment on X, the id Software founder and former Oculus CTO suggested that software inefficiency, not hardware limitations, is our greatest vulnerability. "More of the world than many might imagine could run on outdated hardware if software optimization was truly a priority," Carmack wrote, arguing that market pressures would drive dramatic efficiency improvements if new chips stopped arriving.

His solution? "Rebuild all the interpreted microservice based products into monolithic native codebases!" -- essentially abandoning modern development patterns for the more efficient approaches of earlier computing eras. The veteran programmer noted that such changes would come with significant tradeoffs: "Innovative new products would get much rarer without super cheap and scalable compute."

An anonymous reader shares a report: After weeks of news about Google's antitrust travails, the tech giant will try to reset the narrative next week by highlighting advances it is making in artificial intelligence, cloud and Android technology at its annual I/O developer conference.

Ahead of I/O, Google has been demonstrating to employees and outside developers an array of different products, including an AI agent for software development. Known internally as a "software development lifecycle agent," it is intended to help software engineers navigate every stage of the software process, from responding to tasks to documenting code, according to three people who have seen demonstrations of the product or been told about it by Google employees. Google employees have described it as an always-on coworker that can help identify bugs to fix or flag security vulnerabilities, one of the people said, although it's not clear how close it is to being released.

Cybersecurity researchers have flagged three malicious npm packages that target the macOS version of AI-powered code-editing tool Cursor, reports The Hacker News: "Disguised as developer tools offering 'the cheapest Cursor API,' these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor's main.js file, and disable auto-updates to maintain persistence," Socket researcher Kirill Boychenko said. All three packages continue to be available for download from the npm registry. "Aiide-cur" was first published on February 14, 2025...

In total, the three packages have been downloaded over 3,200 times to date.... The findings point to an emerging trend where threat actors are using rogue npm packages as a way to introduce malicious modifications to other legitimate libraries or software already installed on developer systems... "By operating inside a legitimate parent process — an IDE or shared library — the malicious logic inherits the application's trust, maintains persistence even after the offending package is removed, and automatically gains whatever privileges that software holds, from API tokens and signing keys to outbound network access," Socket told The Hacker News.

"This campaign highlights a growing supply chain threat, with threat actors increasingly using malicious patches to compromise trusted local software," Boychenko said.
The npm packages "restart the application so that the patched code takes effect," letting the threat actor "execute arbitrary code within the context of the platform."

"When Rust developers think of us C++ folks, they picture a cursed bloodline," writes professional game developer Mamadou Babaei (also a *nix enthusiast who contributes to the FreeBSD Ports collection). "To them, every line of C++ we write is like playing Russian Roulette — except all six chambers are loaded with undefined behavior." But you know what? We don't need a compiler nanny. No borrow checker. No lifetimes. No ownership models. No black magic. Not even Valgrind is required. Just raw pointers, raw determination, and a bit of questionable sanity.
He's created a video on "how to hunt down memory leaks like you were born with a pointer in one hand and a debugger in the other." (It involves using a memory leak tracker — specifically, Visual Studio's _CrtDumpMemoryLeaks, which according to its documentation "dumps all the memory blocks in the debug heap when a memory leak has occurred," identifying the offending lines and pointers.)

"If that sounds unreasonably dangerous — and incredibly fun... let's dive into the deep end of the heap."

"The method is so easy, it renders Rust's memory model (lifetimes, ownership) and the borrow checker useless!" writes Slashdot reader NuLL3rr0r. Does anybody agree with him? Share your own experiences and reactions in the comments.

And how do you feel about Rust's "borrow-checking compiler nanny"?

Fast Company's "AI Decoded" newsletter makes the case that the first "killer app" for generative AI... is coding. Tools like Cursor and Windsurf can now complete software projects with minimal input or oversight from human engineers... Naveen Rao, chief AI officer at Databricks, estimates that coding accounts for half of all large language model usage today. A 2024 GitHub survey found that over 97% of developers have used AI coding tools at work, with 30% to 40% of organizations actively encouraging their adoption.... Microsoft CEO Satya Nadella recently said AI now writes up to 30% of the company's code. Google CEO Sundar Pichai echoed that sentiment, noting more than 30% of new code at Google is AI-generated.

The soaring valuations of AI coding startups underscore the momentum. Anysphere's Cursor just raised $900 million at a $9 billion valuation — up from $2.5 billion earlier this year. Meanwhile, OpenAI acquired Windsurf (formerly Codeium) for $3 billion. And the tools are improving fast. OpenAI's chief product officer, Kevin Weil, explained in a recent interview that just five months ago, the company's best model ranked around one-millionth on a well-known benchmark for competitive coders — not great, but still in the top two or three percentile. Today, OpenAI's top model, o3, ranks as the 175th best competitive coder in the world on that same test. The rapid leap in performance suggests an AI coding assistant could soon claim the number-one spot. "Forever after that point computers will be better than humans at writing code," he said...

Google DeepMind research scientist Nikolay Savinov said in a recent interview that AI coding tools will soon support 10 million-token context windows — and eventually, 100 million. With that kind of memory, an AI tool could absorb vast amounts of human instruction and even analyze an entire company's existing codebase for guidance on how to build and optimize new systems. "I imagine that we will very soon get to superhuman coding AI systems that will be totally unrivaled, the new tool for every coder in the world," Savinov said.

Long-time Slashdot reader mbessey (a Mac/iOS developer) writes: As we're coming up on the 50th anniversary of the first release of UCSD Pascal, I thought it would be interesting to poke around in it a bit, and work on some tools to bring this "portable operating system" back to life on modern hardware, in a modern language (Rust).
Wikipedia describes UCSD Pascal as "a version that ran on a custom operating system that could be ported to different platforms. A key platform was the Apple II, where it saw widespread use as Apple Pascal. This led to Pascal becoming the primary high-level language used for development in the Apple Lisa, and later, the Macintosh. Parts of the original Macintosh operating system were hand-translated into Motorola 68000 assembly language from the Pascal source code."

mbessey is chronicling their new project in a series of blog posts which begins here: The p-System was not the first portable byte-code interpreter and compiler system — that idea goes very far back, at least to the origins of the Pascal language itself. But it was arguably one of the most-successful early versions of the idea and served as an inspiration for future portable software systems (including Java's bytecode, and Infocom's Z-machine).
And they've already gotten UCSD Pascal running in an emulator and built some tools (in Rust) to transfer files to disk images. Now they're working towards writing a p-machine emulator in Rust, which they can they port to "something other than the Mac. Ideally, something small â" like an Arduino or Raspberry Pi Pico."

The specialized role of prompt engineering, not long ago heralded as a promising new career path in AI, has virtually disappeared just two years after its emergence. Many companies are now considering strong AI prompting a standard skill rather than a dedicated position, Fast Company reports, with some firms even deploying AI systems to generate optimal prompts for other AI tools.

"AI is already eating its own," Malcolm Frank, CEO of TalentGenius, told the publication. "Prompt engineering has become something that's embedded in almost every role, and people know how to do it. It's turned from a job into a task very, very quickly." The prompt engineer's decline serves as a case study for the broader AI job market, where evidence suggests AI is primarily reshaping existing careers rather than creating entirely new ones.

Further reading: 'AI Prompt Engineering Is Dead.'

"Our future won't be handed to us," says the young narrator in a new ad from the nonprofit Code.org. "We will build it."

"But how can we when the education we need is still just an elective?" says another young voice...

The ad goes on to tout the power "to create with computer science and AI — the skills transforming every industry..." and ends by saying "This isn't radical. It's what education is supposed to do. Make computer science and AI a graduation requirement."

There's also a hard-hitting new web site, which urges people to sign a letter of support (already signed by executives from top tech companies including Microsoft, Dropbox, AMD, Meta, Blue Origin, and Palantir — and by Steve Ballmer, who is listed as the chairman of the L.A. Clippers basketball team).

Long-time Slashdot reader theodp says the letter ran in the New York Times, while this campaign will officially kick off Monday... Code.org teased the new Unlock8 campaign last month on social media as it celebrated a new Executive Order that makes K–12 AI literacy a U.S. priority, which it called a big win for CS & AI education, adding, "We've been building to this moment."

The move to make CS and AI a graduation requirement is a marked reversal of Code.org's early days, when it offered Congressional testimony on behalf of itself and tech-led Computing in the Core reassuring lawmakers that: "Making computer science courses 'count' would not require schools to offer computer science or students to study it; it would simply allow existing computer science courses to satisfy a requirement that already exists."

Thursday the Free Software Foundation announced plans for a celebratory hackathon in November to improve free/libre software "in honor of its fortieth anniversary.

The FSF has been campaigning for software freedom for over forty years. As part of its celebrations, the organization is inviting the wider free software community (both projects and individual contributors) to participate in a global, online hackathon to help improve important libre software projects.

All free software projects, regardless of affiliation or (free) license, are invited to participate. As of now, the advanced GNU/Linux distribution and package manager GNU Guix, the boot software distribution GNU Boot, the media publishing system MediaGoblin, and the Free Software Directory, the FSF's catalog of useful free software, have announced that they will submit a project. Interested contributors are encouraged to review the hackathon guidelines, which the FSF has made available online...

Hackathon contributions will be judged by a panel appointed by the FSF. The project and contributors making the most noteworthy contributions/patches will be given prizes by the Foundation. The hackathon will conclude with a closing ceremony.
"The FSF's free software hackathon will be held November 21-23, 2025," according to the announcement. "Submissions will be open until May 27."

The Open Source Initiative is joining "a global community of contributors" for GitHub's annual event "honoring the individuals who steward and sustain Open Source projects."

And the theme of the 5th Annual "Maintainer Month" will be: securing Open Source: Throughout the month, OSI and our affiliates will be highlighting maintainers who prioritize security in their projects, sharing their stories, and providing a platform for collaboration and learning... Maintainer Month is a time to gather, share knowledge, and express appreciation for the people who keep Open Source projects running. These maintainers not only review issues and merge pull requests — they also navigate community dynamics, mentor new contributors, and increasingly, adopt security best practices to protect their code and users....

- OSI will publish a series of articles on Opensource.net highlighting maintainers whose work centers around security...

- As part of our programming for May, OSI will host a virtual Town Hall [May 21st] with our affiliate organizations and invite the broader Open Source community to join....

- Maintainer Month is also a time to tell the stories of those who often work behind the scenes. OSI will be amplifying voices from across our affiliate network and encouraging communities to recognize the people whose efforts are often invisible, yet essential.
"These efforts are not just celebrations — they are opportunities to recognize the essential role maintainers play in safeguarding the Open Source infrastructure that underpins so much of our digital world," according to the OSI's announcement. And this year they're focusing on three key areas of open source security:

• Adopting security best practices in projects and communities

• Recognizing contributors who improve project security

• Collaborating to strengthen the ecosystem as a whole

An anonymous reader shares a report: Apple is teaming up with startup Anthropic on a new "vibe-coding" software platform that will use AI to write, edit and test code on behalf of programmers.

The system is a new version of Xcode, Apple's programming software, that will integrate Anthropic's Claude Sonnet model, according to people with knowledge of the matter. Apple will roll out the software internally and hasn't yet decided whether to launch it publicly, said the people, who asked not to be identified because the initiative hasn't been announced.

The work shows how Apple is using AI to improve its internal workflow, aiming to speed up and modernize product development. The approach is similar to one used by companies such as Windsurf and Cursor maker Anysphere, which offer advanced AI coding assistants popular with software developers. Further reading: 'Vibe Coding' is Letting 10 Engineers Do the Work of a Team of 50 To 100, Says YC CEO.

Redis, the popular in-memory data store, has returned to open source licensing with Redis 8 now available under the AGPL v3 license. The move reverses last year's controversial shift to proprietary licensing schemes (RSALv2 and SSPLv1) that aimed to force major cloud providers to pay for offering Redis as a managed service.

The decision follows significant market pressure, including AWS, Google, and Oracle backing the Valkey fork, which gained momentum in the open source community.

Redis believes the AGPL license provides sufficient protection from cloud providers while satisfying open source requirements. Redis 8 will incorporate vector sets and integrate previously separate Redis Stack features including JSON, Time Series, and probabilistic data support.

An anonymous reader quotes a report from TechCrunch: Epic Games is taking a victory lap. After notching a big win against Apple in a years-long legal dispute, Epic announced that its Epic Games Store will allow developers to open webshops, which can offer players out-of-app purchases to circumvent fees from Apple and Google. [...] With the Epic Games Store's new webshops feature, other developers will be more easily able to follow suit.

Usually, Epic takes a 12% share of a developer's earnings from the Epic Games Store, which is still a better deal than what developers get from Apple. But starting in June, Epic Games will not take a cut from the first $1 million each game earns annually. Only after a game eclipses $1 million in revenue will Epic begin taking a cut. "With new legal rulings in place, developers will be able to send players from games to make digital purchases from webshops on any platform that allows it, including iOS in the European Union and United States," Epic said.

Microsoft CEO Satya Nadella said that 20%-30% of code inside the company's repositories was "written by software" -- meaning AI -- during a fireside chat with Meta CEO Mark Zuckerberg at Meta's LlamaCon conference on Tuesday. From a report: Nadella gave the figure after Zuckerberg asked roughly how much of Microsoft's code is AI-generated today. The Microsoft CEO said the company was seeing mixed results in AI-generated code across different languages, with more progress in Python and less in C++.

Electronic Arts (EA) has laid off around 300 employees across multiple departments, including about 100 at Respawn Entertainment. IGN reports: IGN understands that these wider cuts largely impacted EA's Experiences team, which includes groups such as EA's Fan Care team and various others working on customer support and marketing, though other EA departments saw reductions as well. As with other cuts at EA, those impacted will be given the opportunity to apply for other roles internally prior to being let go.

The roughly 100 jobs impacted at Respawn included individuals in development, publishing, and QA workers on Apex Legends, as well as smaller groups of individuals working on the Jedi team and two canceled incubation projects, one of which we reported on back in March, and the other of which was, per Bloomberg's reporting, a new Titanfall game. "As part of our continued focus on our long-term strategic priorities, we've made select changes within our organization that more effectively aligns teams and allocates resources in service of driving future growth," an EA spokesperson said in an official statement. "We are treating our people with care and respect throughout this process, working to minimize impacts by helping affected employees explore new opportunities within the company when possible and providing support during the transition."

A new study [PDF] reveals AI-generated code frequently references non-existent third-party libraries, creating opportunities for supply-chain attacks. Researchers analyzed 576,000 code samples from 16 popular large language models and found 19.7% of package dependencies -- 440,445 in total -- were "hallucinated."

These non-existent dependencies exacerbate dependency confusion attacks, where malicious packages with identical names to legitimate ones can infiltrate software. Open source models hallucinated at nearly 22%, compared to 5% for commercial models. "Once the attacker publishes a package under the hallucinated name, containing some malicious code, they rely on the model suggesting that name to unsuspecting users," said lead researcher Joseph Spracklen. Alarmingly, 43% of hallucinations repeated across multiple queries, making them predictable targets.

Oracle engineers mistakenly triggered a five-day software outage at a number of Community Health Systems hospitals, causing the facilities to temporarily return to paper-based patient records. From a report: CHS told CNBC that the outage involving Oracle Health, the company's electronic health record (EHR) system, affected "several" hospitals, leading them to activate "downtime procedures." Trade publication Becker's Hospital Review reported that 45 hospitals were hit.

The outage began on April 23, after engineers conducting maintenance work mistakenly deleted critical storage connected to a key database, a CHS spokesperson said in a statement. The outage was resolved on Monday, and was not related to a cyberattack or other security incident. CHS is based in Tennessee and includes 72 hospitals in 14 states, according to the medical system's website.

The university blamed it on "the significant number of students" who violated their coding competition's rules. Long-time Slashdot reader theodp quotes this report from The Logic: Finding that many students violated rules and submitted code not written by themselves, the University of Waterloo's Centre for Computing and Math decided not to release results from its annual Canadian Computing Competition (CCC), which many students rely on to bolster their chances of being accepted into Waterloo's prestigious computing and engineering programs, or land a spot on teams to represent Canada in international competitions.

"It is clear that many students submitted code that they did not write themselves, relying instead on forbidden external help," the CCC co-chairs explained in a statement. "As such, the reliability of 'ranking' students would neither be equitable, fair, or accurate."
"It is disappointing that the students who violated the CCC Rules will impact those students who are deserving of recognition," the univeresity said in its statement. They added that they are "considering possible ways to address this problem for future contests."

Some developers are "crying foul" after Microsoft's C/C++ extension for Visual Studio Code stopped working with VS Code derivatives like VS Codium and Cursor, reports The Register. The move has prompted Cursor to transition to open-source alternatives, while some developers are calling for a regulatory investigation into Microsoft's alleged anti-competitive behavior. From the report: In early April, programmers using VS Codium, an open-source fork of Microsoft's MIT-licensed VS Code, and Cursor, a commercial AI code assistant built from the VS Code codebase, noticed that the C/C++ extension stopped working. The extension adds C/C++ language support, such as Intellisense code completion and debugging, to VS Code. The removal of these capabilities from competing tools breaks developer workflows, hobbles the editor, and arguably hinders competition. The breaking change appears to have occurred with the release of v1.24.5 on April 3, 2025.

Following the April update, attempts to install the C/C++ extension outside of VS Code generate this error message: "The C/C++ extension may be used only with Microsoft Visual Studio, Visual Studio for Mac, Visual Studio Code, Azure DevOps, Team Foundation Server, and successor Microsoft products and services to develop and test your applications." Microsoft has forbidden the use of its extensions outside of its own software products since at least September 2020, when the current licensing terms were published. But it hasn't enforced those terms in its C/C++ extension with an environment check in its binaries until now. [...]

Developers discussing the issue in Cursor's GitHub repo have noted that Microsoft recently rolled out a competing AI software agent capability, dubbed Agent Mode, within its Copilot software. One such developer who contacted us anonymously told The Register they sent a letter about the situation to the US Federal Trade Commission, asking them to probe Microsoft for unfair competition -- alleging self-preferencing, bundling Copilot without a removal option, and blocking rivals like Cursor to lock users into its AI ecosystem.

US government agencies and Fortune 500 companies are turning to AI to modernize mission-critical systems built on COBOL, a programming language dating back to the late 1950s. The US Social Security Administration plans a three-year, $1 billion AI-assisted upgrade of its legacy COBOL codebase [alternative source], according to Bloomberg.

Treasury Secretary Scott Bessent has repeatedly stressed the need to overhaul government systems running on COBOL. As experienced programmers retire, organizations face growing challenges maintaining these systems that power everything from banking applications to pension disbursements. Engineers now use tools like ChatGPT and IBM's watsonX to interpret COBOL code, create documentation, and translate it to modern languages.