Programming

Developers Can't Seem To Stop Exposing Credentials in Publicly Accessible Code (arstechnica.com) 59

Despite more than a decade of reminding, prodding, and downright nagging, a surprising number of developers still can't bring themselves to keep their code free of credentials that provide the keys to their kingdoms to anyone who takes the time to look for them. From a report: The lapse stems from immature coding practices in which developers embed cryptographic keys, security tokens, passwords, and other forms of credentials directly into the source code they write. The credentials make it easy for the underlying program to access databases or cloud services necessary for it to work as intended. [...]

The number of studies published since following the revelations underscored just how common the practice had been and remained in the years immediately following Uber's cautionary tale. Sadly, the negligence continues even now. Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000 projects submitted to PyPI, the official code repository for the Python programming language. Nearly 3,000 projects contained at least one unique secret. Many secrets were leaked more than once, bringing the total number of exposed secrets to almost 57,000.

Programming

A Coder Considers the Waning Days of the Craft (newyorker.com) 158

Programmer and writer James Somers, writing for New Yorker: Yes, our jobs as programmers involve many things besides literally writing code, such as coaching junior hires and designing systems at a high level. But coding has always been the root of it. Throughout my career, I have been interviewed and selected precisely for my ability to solve fiddly little programming puzzles. Suddenly, this ability was less important.

I had gathered as much from Ben (friend of the author), who kept telling me about the spectacular successes he'd been having with GPT-4. It turned out that it was not only good at the fiddly stuff but also had the qualities of a senior engineer: from a deep well of knowledge, it could suggest ways of approaching a problem. For one project, Ben had wired a small speaker and a red L.E.D. light bulb into the frame of a portrait of King Charles, the light standing in for the gem in his crown; the idea was that when you entered a message on an accompanying Web site the speaker would play a tune and the light would flash out the message in Morse code. (This was a gift for an eccentric British expat.) Programming the device to fetch new messages eluded Ben; it seemed to require specialized knowledge not just of the microcontroller he was using but of Firebase, the back-end server technology that stored the messages. Ben asked me for advice, and I mumbled a few possibilities; in truth, I wasn't sure that what he wanted would be possible. Then he asked GPT-4. It told Ben that Firebase had a capability that would make the project much simpler. Here it was -- and here was some code to use that would be compatible with the microcontroller.

Afraid to use GPT-4 myself -- and feeling somewhat unclean about the prospect of paying OpenAI twenty dollars a month for it -- I nonetheless started probing its capabilities, via Ben. We'd sit down to work on our crossword project, and I'd say, "Why don't you try prompting it this way?" He'd offer me the keyboard. "No, you drive," I'd say. Together, we developed a sense of what the A.I. could do. Ben, who had more experience with it than I did, seemed able to get more out of it in a stroke. As he later put it, his own neural network had begun to align with GPT-4's. I would have said that he had achieved mechanical sympathy. Once, in a feat I found particularly astonishing, he had the A.I. build him a Snake game, like the one on old Nokia phones. But then, after a brief exchange with GPT-4, he got it to modify the game so that when you lost it would show you how far you strayed from the most efficient route. It took the bot about ten seconds to achieve this. It was a task that, frankly, I was not sure I could do myself.

In chess, which for decades now has been dominated by A.I., a player's only hope is pairing up with a bot. Such half-human, half-A.I. teams, known as centaurs, might still be able to beat the best humans and the best A.I. engines working alone. Programming has not yet gone the way of chess. But the centaurs have arrived. GPT-4 on its own is, for the moment, a worse programmer than I am. Ben is much worse. But Ben plus GPT-4 is a dangerous thing.

Education

How 'Hour of Code' Will Teach Students About Issues with AI (code.org) 17

Started in 2013, "Hour of Code" is an annual tradition started by the education non-profit Code.org (which provides free coding lessons to schools). Its FAQ describes the December event for K-12 students as "a worldwide effort to celebrate computer science, starting with 1-hour coding activities," and over 100 million schoolkids have participated over the years.

This year's theme will be "Creativity With AI," and the "computer vision" lesson includes a short video (less than 7 minutes) featuring a Tesla Autopilot product manager from its computer vision team. "I build self-driving cars," they say in the video. "Any place where there can be resources used more efficiently I think is a place where technology can play a role. But of course one of the best, impactful ways of AI, I hope, is through self-driving cars." (The video then goes on to explain how lots of training data ultimately generates a statistical model, "which is just a fancy way of saying, a guessing machine.")

The 7-minute video is part of a larger lesson plan (with a total estimated time of 45 minutes) in which students tackle a fun story problem. If a sports arena's scoreboard is showing digital numbers, what series of patterns would a machine-vision system have to recognize to identify each digit. (Students are asked to collaborate in groups.) And it's just one of seven 45-minute lessons, each one accompanied by a short video. (The longest video is 7 minutes and 28 seconds, and all seven videos, if watched back-to-back, would run for about 31 minutes.)

Not all the lessons involve actual coding, but the goal seems to be familiarizing students (starting at the 6th grade level) with artificial intelligence of today, and the issues it raises. The second-to-last lesson is titled "Algorithmic Bias" — with a video including interviews with an ethicist at Open AI and professor focused on AI from both MIT and Stanford. And the last lesson — "Our AI Code of Ethics" — challenges students to assemble documents and videos on AI-related "ethical pitfalls," and then pool their discoveries into an educational resource "for AI creators and legislators everywhere."

This year's installment is being billed as "the largest learning event in history." And it's scheduled for the week of December 4 so it coincides with "Computer Science Education Week" (a CS-education event launched in 2009 by the Association for Computing Machinery, with help from partners including Intel, Microsoft, Google, and the National Science Foundation).
Security

Highly Invasive Backdoors Hidden in Python Obfuscation Packages, Downloaded by 2,348 Developers (arstechnica.com) 50

The senior security editor at Ars Technica writes: Highly invasive malware targeting software developers is once again circulating in Trojanized code libraries, with the latest ones downloaded thousands of times in the last eight months, researchers said Wednesday.

Since January, eight separate developer tools have contained hidden payloads with various nefarious capabilities, security firm Checkmarx reported. The most recent one was released last month under the name "pyobfgood." Like the seven packages that preceded it, pyobfgood posed as a legitimate obfuscation tool that developers could use to deter reverse engineering and tampering with their code. Once executed, it installed a payload, giving the attacker almost complete control of the developerâ(TM)s machine. Capabilities include:


- Exfiltrate detailed host information
- Steal passwords from the Chrome web browser
- Set up a keylogger
- Download files from the victim's system
- Capture screenshots and record both screen and audio
- Render the computer inoperative by ramping up CPU usage, inserting a batch script in the startup directory to shut down the PC, or forcing a BSOD error with a Python script
- Encrypt files, potentially for ransom
- Deactivate Windows Defender and Task Manager
- Execute any command on the compromised host


In all, pyobfgood and the previous seven tools were installed 2,348 times. They targeted developers using the Python programming language... Downloads of the package came primarily from the US (62%), followed by China (12%) and Russia (6%)

Ars Technica concludes that "The never-ending stream of attacks should serve as a cautionary tale underscoring the importance of carefully scrutinizing a package before allowing it to run."
Programming

Why Chrome Enabled WebAssembly Garbage Collection (WasmGC) By Default (chrome.com) 56

In Chrome, JavaScript (and WebAssembly) code are both executed by Google's open source V8 engine — which already has garbage-collecting capabilities. "This means developers making use of, for example, PHP compiled to Wasm, end up shipping a garbage collector implementation of the ported language (PHP) to the browser that already has a garbage collector," writes Google developer advocate Thomas Steiner, "which is as wasteful as it sounds."

"This is where WasmGC comes in." WebAssembly Garbage Collection (or WasmGC) is a proposal of the WebAssembly Community Group [which] adds struct and array heap types, which means support for non-linear memory allocation... In simplified terms, this means that with WasmGC, porting a programming language to WebAssembly means the programming language's garbage collector no longer needs to be part of the port, but instead the existing garbage collector can be used.
Sometime on Halloween, Steiner wrote that in Chrome, WebAssembly garbage collection is now enabled by default. But then he explored what this means for high-level programming languages (with their own built-in garbage collection) being compiled into WebAssembly: To verify the real-world impact of this improvement, Chrome's Wasm team has compiled versions of the Fannkuch benchmark (which allocates data structures as it works) from C, Rust, and Java. The C and Rust binaries could be anywhere from 6.1 K to 9.6 K depending on the various compiler flags, while the Java version is much smaller at only 2.3 K! C and Rust do not include a garbage collector, but they do still bundle malloc/free to manage memory, and the reason Java is smaller here is because it doesn't need to bundle any memory management code at all. This is just one specific example, but it shows that WasmGC binaries have the potential of being very small, and this is even before any significant work on optimizing for size.
The blog post includes two examples of WasmGC-ported programming languages in action:
  • "One of the first programming languages that has been ported to Wasm thanks to WasmGC is Kotlin in the form of Kotlin/Wasm."
  • "The Dart and Flutter teams at Google are also preparing support for WasmGC. The Dart-to-Wasm compilation work is almost complete, and the team is working on tooling support for delivering Flutter web applications compiled to WebAssembly."

AI

GitHub Announces Its 'Refounding' on Copilot, Including an AI-Powered 'Copilot Chat' Assistant (github.blog) 33

This week GitHub announced the approaching general availability of the GPT-4-powered GitHub Copilot Chat in December "as part of your existing GitHub Copilot subscription" (and "available at no cost to verified teachers, students, and maintainers of popular open source projects.")

And this "code-aware guidance and code generation" will also be integrated directly into github.com, "so developers can dig into code, pull requests, documentation, and general coding questions with Copilot Chat providing suggestions, summaries, analysis, and answers." With GitHub Copilot Chat we're enabling the rise of natural language as the new universal programming language for every developer on the planet. Whether it's finding an error, writing unit tests, or helping debug code, Copilot Chat is your AI companion through it all, allowing you to write and understand code using whatever language you speak...

Copilot Chat uses your code as context, and is able to explain complex concepts, suggest code based on your open files and windows, help detect security vulnerabilities, and help with finding and fixing errors in code, terminal, and debugger...

With the new inline Copilot Chat, developers can chat about specific lines of code, directly within the flow of their code and editor.

InfoWorld notes it will chat in "whatever language a developer speaks." (And that Copilot Chat will also be available in GitHub's mobile app.) But why wait until December? GitHub's blog post says that Copilot Chat "will come to the JetBrains suite of IDEs, available in preview today."

GitHub also plans to introduce "slash commands and context variables" for GitHub Copilot, "so fixing or improving code is as simple as entering /fix and generating tests now starts with /tests."

"With Copilot in the code editor, in the CLI, and now Copilot Chat on github.com and in our mobile app, we are making Copilot ubiquitous throughout the software development lifecycle and always available in all of GitHub's surface areas..."

CNBC adds that "Microsoft-owned GitHub" also plans to introduce "a more expensive Copilot assistant" in February "for developers inside companies that can explain and provide recommendations about internal source code."

Wednesday's blog post announcing these updates was written by GitHub's CEO, who seemed to be predicting an evolutionary leap into a new future. "Just as GitHub was founded on Git, today we are re-founded on Copilot." He promised they'd built on their vision of a future "where AI infuses every step of the developer lifecycle." Open source and Git have fundamentally transformed how we build software. It is now evident that AI is ushering in the same sweeping change, and at an exponential pace... We are certain this foundational transformation of the GitHub platform, and categorically new way of software development, is necessary in a world dependent on software. Every day, the world's developers balance an unsustainable demand to both modernize the legacy code of yesterday and build our digital tomorrow. It is our guiding conviction to make it easier for developers to do it all, from the creative spark to the commit, pull request, code review, and deploy — and to do it all with GitHub Copilot deeply integrated into the developer experience.
And if you're worried about the security of AI-generated code... Today, GitHub Copilot applies an LLM-based vulnerability prevention system that blocks insecure coding patterns in real-time to make GitHub Copilot's suggestions more secure. Our model targets the most common vulnerable coding patterns, including hardcoded credentials, SQL injections, and path injections. GitHub Copilot Chat can also help identify security vulnerabilities in the IDE, explain the mechanics of a vulnerability with its natural language capabilities, and suggest a specific fix for the highlighted code.
But for Enterprise accounts paying for GitHub Advanced Security, there's also an upgrade coming: "new AI-powered application security testing features designed to detect and remediate vulnerabilities and secrets in your code." (It's already available in preview mode.)

GitHub even announced plans for a new AI assistant in 2024 that generates a step-by-step plan for responding to GitHub issues. (GitHub describes it as "like a pair programming session with a partner that knows about every inch of the project, and can follow your lead to make repository-wide changes from the issue to the pull request with the power of AI.")

CNBC notes that AI-powered coding assistants "are still nascent, though, with less than 10% enterprise adoption, according to Gartner, a technology industry research firm."

But last month Microsoft CEO Satya Nadella told analysts GitHub Copilot already had one million paying users...

And GitHub's blog post concludes, "And we're just getting started."
Programming

Do Programming Certifications Still Matter? (infoworld.com) 101

With programmers in high demand, InfoWorld asks if it's really worthwhile for software developers to pursue certifications? "Based on input from those in the field, company executives, and recruiters, the answer is a resounding yes," "The primary benefit of certifications is to verify your skill sets," says Archie Payne, president of the recruiting firm CalTek Staffing... Certifications can be used to "reinforce the experience on your resume or demonstrate competencies beyond what you've done in the workplace in a prior role." Certifications show that you are committed to your field, invested in career growth, and connected to the broader technology landscape, Payne says. "Obtaining certification indicates that you are interested in learning new skills and continuing your learning throughout your career," he says...

In cases where multiple candidates are equally qualified, having a relevant certification can give one candidate an edge over others, says Aleksa Krstic, CTO at Localizely, a provider of a cloud-based translation platform. "When it comes to certifications in general, when we see a junior to mid-level developer armed with programming certifications, it's a big green light for our hiring team," says MichaÅ Kierul, who is CEO of software company INTechHouse.

"It's not just about the knowledge they have gained," Kierul says. "It speaks volumes about their passion, their drive to excel, and their commitment to continuous learning outside their regular work domain. It underscores a key trait we highly value: the desire to grow, learn, and elevate oneself in the world of technology."

Android

Google Plans RISC-V Android Tools In 2024, Wants Developers To 'Be Ready' (arstechnica.com) 47

An anonymous reader quotes a report from Ars Technica: Android is slowly entering the RISC-V era. So far we've seen Google say it wants to give the up-and-coming CPU architecture "tier-1" support in Android, putting RISC-V on equal footing with Arm. Qualcomm has announced the first mass-market RISC-V Android chip, a still-untitled Snapdragon Wear chip for smartwatches. Now Google has announced a timeline for developer tools via the Google Open Source Blog. The last post is titled "Android and RISC-V: What you need to know to be ready."

Getting the Android OS and app ecosystem to support a new architecture is going to take an incredible amount of work from Google and developers, and these tools are laying the foundation for that work. First up, Google already has the "Cuttlefish" virtual device emulator running, including a gif of it booting up. This isn't the official "Android Emulator" -- which is targeted at app developers doing app development -- Cuttlefish is a hardware emulator for Android OS development. It's the same idea as the Android Emulator but for the bottom half of the tech stack -- the kernel, framework, and hardware bits. Cuttlefish lets Google and other Android OS contributors work on a RISC-V Android build without messing with an individual RISC-V device. Google says it's working well enough now that you can download and emulate a RISC-V device today, though the company warns that nothing is optimized yet.

The next step is getting the Android Emulator (for app developers) up and running, and Google says: "By 2024, the plan is to have emulators available publicly, with a full feature set to test applications for various device form factors!" The nice thing about Android is that most app code is written with no architecture in mind -- it's all just Java/Kotlin. So once the Android RunTime starts spitting out RISC-V code, a lot of app code should Just Work. That means most of the porting work will need to go into things written in the NDK, the native developer kit, like libraries and games. The emulator will still be great for testing, though.

Programming

79% of Developers are At Least Considering a New Job, Survey Finds (stackoverflow.blog) 36

"More developers are looking for or are open to a new job now compared to the last two years," writes Stack Overflow's senior analyst for market research and insights — citing the results of their latest survey of developers in 107 different countries.

"More than 1,000 developers responded to this year's survey about jobs and 79% are at least considering new opportunities if not actively looking." New insights from these survey results show that new tech talent and late-career developers are both more likely to be looking. New developers have increasingly switched jobs compared to early- and mid-career developers in the last three years... Interest in looking for a new job drops as developers get older for new to mid-career (44 and younger) respondents (86% to 74%), but picks back up for those 55 to 64 (88%). Late-career developers acknowledge curiosity about other companies as their second top reason to look for a new job this year behind "better salary," which all age groups rank as their top reason. Curiosity grew in importance for late-career developers since last year more than all other age groups (32% vs. 22%) and is more important to this group than reasons other groups ranked higher such as working with new technology and growth opportunities...

In our 2023 Developer Survey, we started asking about AI and the sentiment around it in our developer community; results were very similar when we checked in again through this pulse survey (70% are using AI or planning to). Developers may also feel less enthusiastic about learning opportunities now that AI tools are rapidly developing to help many be more productive in their jobs (30% cite this as the top benefit).

Other interesting findings from the survey:
  • Compared to the 2023 Developer Survey, 8% of developers have exited the technology industry and are increasingly filling roles in manufacturing and supply chain companies (11% vs. 7%)
  • Technology is the industry most developers currently work in (46%), followed by manufacturing/supply chain (14%) and financial services (13%)
  • New tech talent is onboarding at as many jobs by 24 as those up to 10 years their senior and this rapid experience cycle could rival the knowledge and experience of those they report to.

Python

Experimental Project Attempts a Python Virtual Shell for Linux (cjshayward.com) 62

Long-time Slashdot reader CJSHayward shares "an attempt at Python virtual shell."

The home-brewed project "mixes your native shell with Python with the goal of letting you use your regular shell but also use Python as effectively a shell scripting language, as an alternative to your shell's built-in scripting language... I invite you to explore and improve it!"

From the web site: The Python Virtual Shell (pvsh or 'p' on the command line) lets you mix zsh / bash / etc. built-in shell scripting with slightly modified Python scripting. It's kind of like Brython [a Python implementation for client-side web programming], but for the Linux / Unix / Mac command line...

The core concept is that all Python code is indented with tabs, with an extra tab at the beginning to mark Python code, and all shell commands (including some shell builtins) have zero tabs of indentation. They can be mixed line-by-line, offering an opportunity to use built-in zsh, bash, etc. scripting or Python scripting as desired.

The Python is an incomplete implementation; it doesn't support breaking a line into multiple lines. Nonetheless, this offers a tool to fuse shell- and Python-based interactions from the Linux / Unix / Mac command line.

Programming

Pope Francis Encourages More Children To Code 45

theodp writes: The BBC reports that Pope Francis has endorsed a global project aimed at getting more children into computer programming. The Code with Pope initiative, championed by Cosmose AI founder Miron Mironiuk, aims to bridge "the glaring disparities in education" across the globe by providing access to Python coding education through the free online learning platform Codeforia for students aged 11-15 across Europe, Africa and Latin America. Mironiuk will meet the Pope at the Vatican, but he admits he's not anticipating the pontiff to emulate his students in acquiring new skills. "I don't expect him to know Python very well," he said.

This is not the first time the Pope has encouraged young people to get into coding, having helped write a line of code together with tech-backed nonprofit Code.org in 2019. Pope Francis has also blessed AI's potential for good, meeting with Microsoft President Brad Smith (a Code.org Board member) to sign the Rome Call for AI Ethics early this year just ahead of Microsoft's $10B OpenAI investment and announcing "Artificial Intelligence and Peace" as the theme for World Day of Peace 2024 in August.
Businesses

SiFive Lays Off Hundreds of RISC-V Developers (tomshardware.com) 17

An anonymous reader quotes a report from Tom's Hardware: SiFive, one of the key companies in the RISC-V ecosystem, is undergoing a significant restructuring marked by extensive layoffs and apparently a shift in business focus, reports More Than Moore. The company is seemingly retracting from its pre-designed core offerings, which means it may focus on custom cores instead. Meanwhile, the move casts uncertainty over SiFive's future in general along with its contributions to the RISC-V.

RISC-V has become quite a popular choice for making miniature low-cost cores, but there are several companies who are working on higher-performance RISC-V-based offerings. SiFive is one of such companies offering ready-to-use designs and also making custom cores based on what customers need. But now, SiFive has laid off somewhere between 100 to over 300 employees from around 700 in mid-October. Most of these were engineers, along with some sales and product personnel. Meanwhile, the company's leaders, including CEO Patrick Little, are still there.
SiFive issued the following statement to Tom's Hardware: "As we identify and focus on our greatest opportunities, SiFive is shifting to best meet our customers' fast-changing requirements by undergoing a strategic refocusing of all our global teams. Unfortunately, with this realignment, approximately 20% of employees across all different business groups and levels were impacted. The employees are receiving severance and outplacement assistance.

SiFive continues to be excited about the long-term opportunities for the company and for RISC-V. The growth of the company has never been stronger and the opportunities never better. We are well funded for years in the future and continue to work with the market leaders in every segment. We remain focused on our four product groups, essential, intelligence, performance and automotive, and as we explained in a press event earlier this month, have a robust roadmap to meet the needs of these markets. We see tremendous new opportunities in AI and with Consumer products like wearables and mobile as Google brings Android to the RISC-V ecosystem. We will continue to offer customization for specific customers, offering standard and custom products where it makes sense from a business standpoint."
Databases

ICE Uses Tool To Find 'Derogatory' Speech Online (404media.co) 63

An anonymous reader quotes a report from 404 Media: Immigration and Customs Enforcement (ICE) has used a system called Giant Oak Search Technology (GOST) to help the agency scrutinize social media posts, determine if they are "derogatory" to the U.S., and then use that information as part of immigration enforcement, according to a new cache of documents reviewed by 404 Media. The documents peel back the curtain on a powerful system, both in a technological and a policy sense -- how information is processed and used to decide who is allowed to remain in the country and who is not.

GOST's catchphrase included in one document is "We see the people behind the data." A GOST user guide included in the documents says GOST is "capable of providing behavioral based internet search capabilities." Screenshots show analysts can search the system with identifiers such as name, address, email address, and country of citizenship. After a search, GOST provides a "ranking" from zero to 100 on what it thinks is relevant to the user's specific mission. The documents further explain that an applicant's "potentially derogatory social media can be reviewed within the interface." After clicking on a specific person, analysts can review images collected from social media or elsewhere, and give them a "thumbs up" or "thumbs down." Analysts can also then review the target's social media profiles themselves too, and their "social graph," potentially showing who the system believes they are connected to.

DHS has used GOST since 2014, according to a page of the user guide. In turn, ICE has paid Giant Oak Inc., the company behind the system, in excess of $10 million since 2017, according to public procurement records. A Giant Oak and DHS contract ended in August 2022, according to the records. Records also show Customs and Border Protection (CBP), the Drug Enforcement Administration (DEA), the State Department, the Air Force, and the Bureau of the Fiscal Service which is part of the U.S. Treasury have all paid for Giant Oak services over the last nearly ten years. The FOIA documents specifically discuss Giant Oak's use as part of an earlier 2016 pilot called the "HSI [Homeland Security Investigations] PATRIOT Social Media Pilot Program." For this, the program would "target potential overstay violators from particular visa issuance Posts located in countries of concern."
"The government should not be using algorithms to scrutinize our social media posts and decide which of us is 'risky.' And agencies certainly shouldn't be buying this kind of black box technology in secret without any accountability. DHS needs to explain to the public how its systems determine whether someone is a 'risk' or not, and what happens to the people whose online posts are flagged by its algorithms," Patrick Toomey, Deputy Director of the ACLU's National Security Project, told 404 Media in an email. The documents come from a Freedom of Information Act (FOIA) lawsuit brought by both the ACLU and the ACLU of Northern California. Toomey from the ACLU then shared the documents with 404 Media.
Education

Code.org Presses Washington To Make Computer Science a High School Graduation Requirement 95

theodp writes: In July, Seattle-based and tech-backed nonprofit Code.org announced its 10th policy recommendation for all states "to require all students to take computer science (CS) to earn a high school diploma." In August, Washington State Senator Lisa Wellman phoned-in her plans to introduce a bill to make computer science a Washington high school graduation requirement to the state's Board of Education, indicating that the ChatGPT-sparked AI craze and Code.org had helped convince her of the need. Wellman, a former teacher who worked as a Programmer/System Analyst in the 80's before becoming an Apple VP (Publishing) in the '90s, also indicated that exposure to CS given to students in fifth grade could be sufficient to satisfy a HS CS requirement. In 2019, Wellman sponsored Microsoft-supported SB 5088 (Bill details), which required all Washington state public high schools to offer a CS class. Wellman also sponsored SB 5299 in 2021, which allows high school students to take a computer science elective in place of a third year math or science course (that may be required for college admission) to count towards graduation requirements.

And in October, Code.org CEO Hadi Partovi appeared before the Washington State Board of Education, driving home points Senator Wellman made in August with a deck containing slides calling for Washington to "require that all students take computer science to earn a high school diploma" and to "require computer science within all teacher certifications." Like Wellman, Partovi suggested the CS high school requirement might be satisfied by middle school work (he alternatively suggested one year of foreign language could be dropped to accommodate a HS CS course). Partovi noted that Washington contained some of the biggest promoters of K-12 CS in Microsoft Philanthropies' TEALS (TEALS founder Kevin Wang is a member of the Washington State Board of Education) and Code.org, as well some of the biggest funders of K-12 CS in Amazon and Microsoft -- both which are $3,000,000+ Platinum Supporters of Code.org and have top execs on Code.org's Board of Directors.
Businesses

Stack Overflow Cuts 28% Workforce as the AI Coding Boom Continues 36

Coding help forum Stack Overflow is laying off 28 percent of its staff as it struggles toward profitability. From a report: CEO Prashanth Chandrasekar announced today that the company is "significantly reducing the size of our go-to-market organization," as well as "supporting teams" and other groups. After the team doubled its employee base last year, Chandrasekar told The Verge's Nilay Patel in an interview that about 45 percent of those hires were for its go-to-market sales team, which he said was "obviously the largest team." Prosus acquired Stack Overflow in a $1.8 billion deal in mid-2021.
Programming

'OK, So ChatGPT Just Debugged My Code. For Real' (zdnet.com) 174

ZDNet's senior contributing editor also maintains software, and recently tested ChatGPT on two fixes for bugs reported by users, and a new piece of code to add a new feature, It's a "real-world" coding test, "about pulling another customer support ticket off the stack and working through what made the user's experience go south." First...

please rewrite the following code to change it from allowing only integers to allowing dollars and cents (in other words, a decimal point and up to two digits after the decimal point). ChatGPT responded by explaining a two-step fix, posting the modified code, and then explaining the changes. "I dropped ChatGPT's code into my function, and it worked. Instead of about two-to-four hours of hair-pulling, it took about five minutes to come up with the prompt and get an answer from ChatGPT." Next up was reformatting an array. I like doing array code, but it's also tedious. So, I once again tried ChatGPT. This time the result was a total failure. By the time I was done, I probably fed it 10 different prompts. Some responses looked promising, but when I tried to run the code, it errored out. Some code crashed; some code generated error codes. And some code ran, but didn't do what I wanted. After about an hour, I gave up and went back to my normal technique of digging through GitHub and StackExchange to see if there were any examples of what I was trying to do, and then writing my own code.
Then he posted the code for a function handling a Wordpress filter, along with the question: "I get the following error. Why?" Within seconds, ChatGPT responded... Just as it suggested, I updated the fourth parameter of the add_filter() function to 2, and it worked!

ChatGPT took segments of code, analyzed those segments, and provided me with a diagnosis. To be clear, in order for it to make its recommendation, it needed to understand the internals of how WordPress handles hooks (that's what the add_filter function does), and how that functionality translates to the behavior of the calling and the execution of lines of code. I have to mark that achievement as incredible — undeniably 'living in the future' incredible...

As a test, I also tried asking ChatGPT to diagnose my problem in a prompt where I didn't include the handler line, and it wasn't able to help. So, there are very definite limitations to what ChatGPT can do for debugging right now, in 2023...

Could I have fixed the bug on my own? Of course. I've never had a bug I couldn't fix. But whether it would have taken two hours or two days (plus pizza, profanity, and lots of caffeine), while enduring many interruptions, that's something I don't know. I can tell you ChatGPT fixed it in minutes, saving me untold time and frustration.

The article does include a warning. "AI is essentially a black box, you're not able to see what process the AI undertakes to come to its conclusions. As such, you're not really able to check its work... If it turns out there is a problem in the AI-generated code, the cost and time it takes to fix may prove to be far greater than if a human coder had done the full task by hand."

But it also ends with this prediction. "I see a very interesting future, where it will be possible to feed ChatGPT all 153,000 lines of code and ask it to tell you what to fix... I can definitely see a future where programmers can simply ask ChatGPT (or a Microsoft-branded equivalent) to find and fix bugs in entire projects."
Java

C# Challenges Java in Programming Language Popularity (infoworld.com) 109

"The gap between C# and Java never has been so small," according to October's update for TIOBE's "Programming Community Index".

"Currently, the difference is only 1.2%, and if the trends remain this way, C# will surpass Java in about 2 month's time." Java shows the largest decline of -3.92% and C# the largest gain of +3.29% of all programming languages (annually).

The two languages have always been used in similar domains and thus have been competitors for more than 2 decades now. Java's decline in popularity is mainly caused by Oracle's decision to introduce a paid license model after Java 8. Microsoft took the opposite approach with C#. In the past, C# could only be used as part of commercial tool Visual Studio. Nowadays, C# is free and open source and it's embraced by many developers.

There are also other reasons for Java's decline. First of all, the Java language definition has not changed much the past few years and Kotlin, its fully compatible direct competitor, is easier to use and free of charge.

"Java remains a critical language in enterprise computing," argues InfoWorld, "with Java 21 just released last month and Java 22 due next March. And free open source binaries of Java still are available via OpenJDK." InfoWorld also notes TIOBE's ranking is different than other indexes. TIOBE's top 10:
  1. Python (14.82%)
  2. C (12.08%)
  3. C++ (10.67%)
  4. Java (8.92%)
  5. C# (7.71%)
  6. JavaScript (2.91%)
  7. Visual Basic (2.13%)
  8. PHP (1.9%)
  9. SQL (1.78%)
  10. Assembly (1.64%)

And here's the Pypl Popularity of Programming Language (based on searches for language tutorials on Google):

  1. Python, with a 28.05% share
  2. Java (15.88%)
  3. JavaScript (9.27%)
  4. C# (6.79%)
  5. C/C++ (6.59%)
  6. PHP (4.86%)
  7. R (4.45%)
  8. TypeScript (2.93%)
  9. Swift (2.69%)
  10. Objective-C (2.29%)

Transportation

Tesla Releases Official API Documentation To Support Third-Party Apps (electrek.co) 7

An anonymous reader quotes a report from Electrek: Tesla has officially released its API documentation to support third-party apps -- after years of operating in a gray zone with an unofficial API. For now, it is geared toward fleet management, but developers are hoping it is a first step toward creating a healthy app ecosystem. [...] So far, it still only covers the command that you can send to your car through the Tesla app, and it can ping the data from your car that goes to the app. In short, it is going to make official all the third-party fleet management apps, smartwatch integration apps, etc.

In the documentation, Tesla writes that all third-party apps are going to have to go through the new API starting next year: "Following the release of Tesla Vehicle Command SDK support for REST API vehicle command endpoints is now reaching end of life. Starting 2024 most vehicles will require sending commands via Tesla Vehicle Command SDK." Tesla put together a process to onboard those apps on its website. If you are using some of those apps, you will likely receive a notification to give them official authorization to access car data.

Bitcoin

FTX Used Python Code To Fake Its Insurance Fund Figure (cointelegraph.com) 104

Tom Mitchelhill reports via CoinTelegraph: Crypto exchange FTX used hidden Python code to misrepresent the value of its insurance fund -- a pool of funds meant to prevent user losses during huge liquidation events -- according to testimony from FTX co-founder Gary Wang. In a damning testimony on Oct. 6, FTX's former chief technology officer, Gary Wang, said that FTX's so-called $100 million insurance fund in 2021 was fabricated and never contained any of the exchanges' FTX tokens (FTT) as claimed. Instead, the figure shown to the public was calculated by multiplying the daily trading volume of the FTX Token by a random number close to 7,500.

When the prosecution surfaced the above tweet -- among other public statements of its value -- and asked Wang whether this amount was accurate, he replied with a single word: "No." "For one, there is no FTT in the insurance fund. It's just the USD number. And, two, the number listed here does not match what was in the database." An exhibit in the Oct. 6 trial shows the alleged code used to generate the size of the so-called "Backstop Fund" or public insurance fund.

FTX's insurance fund was designed to protect user losses in case of huge, sudden market movements and its value was often touted on its website and social media. According to Wang's testimony, however, the amount contained within the fund was often insufficient to cover these losses. [...] In addition to revealing the allegedly fraudulent nature of FTX's insurance fund, Wang claimed that Bankman-Fried prompted him and Nishad Singh to implement an "allow_negative" balance feature in the code at FTX, which allowed Alameda Research to trade with near-unlimited liquidity on the crypto exchange.

Programming

Man Trains Home Cameras To Help Repel Badgers and Foxes (bbc.co.uk) 77

Tom Singleton reports via the BBC: A man got so fed up with foxes and badgers fouling in his garden that he adapted cameras to help repel them. James Milward linked the Ring cameras at his Surrey home to a device that emits high frequency sounds. He then trained the system using hundreds of images of the nocturnal nuisances so it learned to trigger the noise when it spotted them. Mr Milward said it "sounds crazy" but the gadget he called the Furbinator 3000 has kept his garden clean.

Getting the camera system to understand what it was looking at was not straightforward though. "At first it recognised the badger as an umbrella," he said. "I did some fine tuning and it came out as a sink, or a bear if I was lucky. Pretty much a spectacular failure." He fed in pictures of the animals through an artificial intelligence process called machine learning and finally, the device worked. The camera spotted a badger, and the high frequency sound went off to send the unwanted night-time visitor on its way and leave the garden clean for Mr Milward's children to play in.
The code for the Furbinator 3000 is open source, with detailed instructions available in Milward's Medium post.

Slashdot Top Deals