An anonymous reader quotes a report from Ars Technica: Anyone who has taken a basic computer science class has undoubtedly spent time devising a sorting algorithm -- code that will take an unordered list of items and put them in ascending or descending order. It's an interesting challenge because there are so many ways of doing it and because people have spent a lot of time figuring out how to do this sorting as efficiently as possible. Sorting is so basic that algorithms are built into most standard libraries for programming languages. And, in the case of the C++ library used with the LLVM compiler, the code hasn't been touched in over a decade.

But Google's DeepMind AI group has now developed a reinforcement learning tool that can develop extremely optimized algorithms without first being trained on human code examples. The trick was to set it up to treat programming as a game. [...] The AlphaDev system developed x86 assembly algorithms that treated the latency of the code as a score and tried to minimize that score while ensuring that the code ran to completion without errors. Through reinforcement learning, AlphaDev gradually develops the ability to write tight, highly efficient code. [...]

Since AlphaDev did produce more efficient code, the team wanted to get these incorporated back into the LLVM standard C++ library. The problem here is that the code was in assembly rather than C++. So, they had to work backward and figure out the C++ code that would produce the same assembly. Once that was done, the code was incorporated into the LLVM toolchain -- the first time some of the code had been modified in over a decade. As a result, the researchers estimate that AlphaDev's code is now executed trillions of times a day. The research has been published in the journal Nature.

Reddit is creating an exemption to its unpopular new API pricing terms for makers of accessibility apps, which could come as a big relief for some developers worried about how to afford the potentially expensive fees and the users that rely on the apps to browse Reddit. From a report: As long as those apps are noncommercial and "address accessibility needs," they won't have to pay to access Reddit's data. "We've connected with select developers of non-commercial apps that address accessibility needs and offered them exemptions from our large-scale pricing terms," Reddit spokesperson Tim Rathschmidt says in a statement to The Verge.

The Reddit community has been in an uproar over the API pricing changes that might saddle developers with exorbitant charges and force them to shut down. Apollo developer Christian Selig, for example, says he'll be on the hook for about $20 million per year based on the updated pricing. Three days ago, moderators on the r/Blind subreddit posted an extensive message protesting the pricing changes, which could be hugely detrimental to apps for screen reader users like RedditForBlind and Luna For Reddit.

Apple has made the Apple Developer Program available for anyone with an Apple ID. Previously, the company limited developer betas to developers who have a paid account that costs $99 per year. MacRumors reports: "OS beta releases" is now listed as an available resource even for those who are not members of the Apple Developer Program. This change means that anyone with an Apple ID can download and install the iOS 17, iPadOS 17, and macOS Sonoma betas without waiting for the public betas to launch.

Of course, it is not a good idea to install these betas on a main device as there can be notable bugs and issues with early software. More information can be found on Apple's membership page.

A number of Reddit forums plan to go dark for two days later this month to protest the company's decision to increase prices for third-party app developers. From a report: One developer, who makes a Reddit app called Apollo, said that under the new pricing policy he would have to pay Reddit $20 million a year to continue running the app as-is. Reddit's move comes after Twitter announced in February that the company would no longer support free access to its application programming interface, or API. Twitter instead now offers pricing tiers based on usage. Reddit spokesman Tim Rathschmidt said the company is trying to clear up confusion about the change on the platform, and stressed that Reddit spends millions on hosting. "Reddit needs to be fairly paid to continue supporting high-usage third-party apps," Rathschmidt said. "Our pricing is based on usage levels that we measure to be comparable to our own costs." The company said it is committed to supporting a developer ecosystem. In a post on its platform, Reddit laid out some of its pricing plans for businesses and said the changes would begin July 1.

Long-time Slashdot theodp writes: Writing for the masses in It's the End of Computer Programming as We Know It. (And I Feel Fine.), NY Times opinion columnist Farhad Manjoo explains that while A.I. might not spell the end of programming ("the world will still need people with advanced coding skills"), it could mark the beginning of a new kind of programming — "one that doesn't require us to learn code but instead transforms human-language instructions into software."

"Wasn't coding supposed to be one of the can't-miss careers of the digital age?," Manjoo asks. "In the decades since I puttered around with my [ZX] Spectrum, computer programming grew from a nerdy hobby into a vocational near-imperative, the one skill to acquire to survive technological dislocation, no matter how absurd or callous-sounding the advice. Joe Biden told coal miners: Learn to code! Twitter trolls told laid-off journalists: Learn to code! Tim Cook told French kids: Apprenez à programmer! Programming might still be a worthwhile skill to learn, if only as an intellectual exercise, but it would have been silly to think of it as an endeavor insulated from the very automation it was enabling. Over much of the history of computing, coding has been on a path toward increasing simplicity."

In closing, Manjoo notes that A.I. has alleviated one of his worries (one shared by President Obama). "I've tried to introduce my two kids to programming the way my dad did for me, but both found it a snooze. Their disinterest in coding has been one of my disappointments as a father, not to mention a source of anxiety that they could be out of step with the future. (I live in Silicon Valley, where kids seem to learn to code before they learn to read.) But now I'm a bit less worried. By the time they're looking for careers, coding might be as antiquated as my first PC."

Btw, there are lots of comments — 700+ and counting — on Manjoo's column from programming types and others on whether reports of programming's death are greatly exaggerated.

"The world's most popular online learning course, Harvard University's CS50, is getting a ChatGPT-era makeover," reports Bloomberg: CS50, an introductory course in computer science attended by hundreds of students on-campus and over 40,000 online, plans to use artificial intelligence to grade assignments, teach coding and personalize learning tips, according to its Professor David J. Malan... Even with more than 100 real-life teaching assistants, he said it had become difficult to fully engage with the growing number of students logging in from different time zones and with varying levels of knowledge and experience. "Providing support tailored to students' specific questions has been a challenge at scale, with so many more students online than teachers," said Mr Malan, 46.

His team is now fine-tuning an AI system to mark students' work, and testing a virtual teaching assistant to evaluate and provide feedback on students' programming. The virtual teaching assistant asks rhetorical questions and offers suggestions to help students learn, rather than simply catching errors and fixing coding bugs, he said. Longer term, he expects this to give human teaching assistants more time for in-person or Zoom-based office hours...

Mr Malan said CS50's use of AI could highlight its benefits for education, particularly in improving the quality and access of online learning — an industry that Grand View Research forecasts to grow to $348 billion by 2030, nearly tripling from 2022. "Potentially, AI is just hugely enabling in education," he said.

theodp writes: Golf reports that amateur golf legend Rose Zhang will compete for the first time as a professional when she tees off in the first round of the Mizuho Americas Open Thursday. Golf news is rarely fodder for Slashdot discussion, but when the 20-year-old Stanford student (who plans to complete her degree after a leave of absence) was asked by Golf to identify her toughest class, she threw CS under the bus.

"CS 106A," Zhang replied, referring to a computer science course. "Currently and still trying to grind in that class. It's been a little unfortunate for me. I'm not a CS major. Will never code again after this class." Back in April, Zhang expressed some doubts about being able to juggle the demands of an already-renowned golf career and CS 106A. "I'll be super, super busy," Zhang said in an interview. "I'm planning on taking CS 106A. I don't know if it's a smart decision but it's kind of an essential intro CS class into Stanford so I'm going to try to navigate that, balance that out."

The Stanford Daily reports that CS 106A: Programming Methodology is an introductory programming course taken by 1,600+ students from all academic disciplines each year (2015 Slashdot post on CS 106A's growing pains). According to the syllabus, CS 106A "uses the Python programming language" and there's "no prior programming experience required," although the schedule indicates a lot of ground is covered for someone new to coding (the same could be said of Harvard's famed CS50).

Lest some take Zhang to task for the sin of stating programming is hard, consider that Stanford's CS 106A website suggests the same, reporting that the median score on the midterm exam was only 68%, despite a plethora of review materials and sessions. CS 106A students were offered the chance to submit formal 'regrade requests' to try to improve their midterm scores and can also vie for "a Jamba Juice gift card and 100% on the final exam" by entering a Python programming contest -- one prize will be awarded for "Aesthetic merit", another for "Algorithmic sophistication" (a number of runners-up will be awarded "a grade boost similar to getting a + on one of their assignments").

Nicole Carpenter, reporting for Polygon: There's a bridge to cross the lava pit in The Legend of Zelda: Tears of the Kingdom's Marakuguc Shrine, but it's broken. More than half of the bridge is piled on top of itself on one side of the pit, with one clipped-off segment on the other. The bridge is the obvious choice for crossing the lava, but how to fix it? A clip showing one potential solution went viral on Twitter shortly after Tears of the Kingdom's release: The player uses Link's Ultrahand ability to unfurl the stacked bridge by attaching it to a wheeled platform in the lava. When the wheeled platform -- now attached to the edge of the bridge -- activates and moves forward, it pulls the bridge taut, splashing lava as it goes, until the suspension bridge is actually suspended and can be crossed.

But it wasn't the solution itself that resonated with players; instead, the clip had game developers' jaws on the ground, in awe of how Nintendo's team wrangled the game's physics system to do that. To players, it's simply a bridge, but to game developers, it's a miracle. "The most complicated part of game development is when different systems and features start touching each other," said Shayna Moon, a technical producer who's worked on games like the 2018 God of War reboot and its sequel, God of War: Ragnarok, to Polygon. "It's really impressive. The amount of dynamic objects is why there are so many different kinds of solutions to this puzzle in particular. There are so many ways this could break."

Moon pointed toward the individual segments of the bridge that operate independently. Then there's the lava, the cart, and the fact you can use Link's Ultrahand ability to tie any of these things together -- even the bridge back onto itself. [...] Tears of the Kingdom was seemingly built on top of Breath of the Wild, reportedly with a large portion of the same team working on it. "There is a problem within the games industry where we don't value institutional knowledge," Moon said. "Companies will prioritize bringing someone from outside rather than keeping their junior or mid-level developers and training them up. We are shooting ourselves in the foot by not valuing that institutional knowledge. You can really see it in Tears of the Kingdom. It's an advancement of what made Breath of the Wild special."

Artificial intelligence means everyone can now be a computer programmer as all they need to do is speak to the computer, Nvidia CEO Jensen Huang said on Monday, hailing the end of the "digital divide." From a report: Speaking to thousands of people at the Computex forum in Taipei, Huang, who was born in southern Taiwan before his family emigrated to the United States when he was a child, said AI was leading a computing revolution. "There's no question we're in a new computing era," he said in a speech, occasionally dropping in words of Mandarin or Taiwanese to the delight of the crowd. "Every single computing era you could do different things that weren't possible before, and artificial intelligence certainly qualifies," Huang added. "The programming barrier is incredibly low. We have closed the digital divide. Everyone is a programmer now -- you just have to say something to the computer," he said. "The rate of progress, because it's so easy to use, is the reason why it's growing so fast. This is going to touch literally every single industry."

The PyPi registry of open source Python packages "began evaluating ways to reduce the amount of identifying information that it stores," reports the Register, "even before the U.S. Justice Department came asking for data on suspect users."

But now, "the Python community package registry wants developers to understand that it's working to minimize the user data that it stores." The goal is not to be unable to respond to lawful requests for information; rather it's to store only the minimum amount of data necessary so as not to expose users to unnecessary privacy intrusion. Coincidentally, data minimization may prevent organizations from becoming a preferred source of on-demand surveillance: having excessive amounts of information about users invites legal demands, which staff then have to handle...

Mike Fiedler, a member of the PyPI admin team, said in a statement on Friday that the organization's effort to improve user privacy and security dates back to 2020. Since the receipt of the subpoenas in March and April, that effort has been reinvigorated.

Much of the concern focuses on IP address data, which gets stored in conjunction with web log access; user events such as logins; project events including uploads; events associated with recently introduced organizations; and administrative PyPI journal entries. According to Fiedler, PyPI was able to stop storing IP data for journal entries — an append-only transaction log — because these were only exposed to administrators... To obscure IP addresses, PyPI is salting them — adding an arbitrary value — and then hashing them — running the data through a one-way scrambling function that creates a value called a hash. This provides a way to store a reference to potentially identifying data without actually storing raw data... PyPI has been using its CDN provider Fastly to pass along a salted hash of the IP address for requests via a custom header, along with broad GeoIP data (the country and city where the user is located), and is using that instead of the raw IP address. In April, the registry adopted code changes for hashing and salting IP addresses for requests that PyPI handles directly in Warehouse, the web application that implements the official Python package index.

And over the past few days, it has been replacing IP addresses in the PyPI user interface with geolocation data. PyPI still relies on IP address information to identify abuse — the creation of malicious packages, harassments, and so on — but Fiedler says even that is being looked at. "We're thinking about how to manage that without storing IP data, but we're not there yet," he said. Fiedler says the PyPI team will be weighing whether it can remove IP data from event history records after a period of time and whether the service can handle all its requests via CDN.

"The Python programming language releases new versions yearly, with a feature-locked beta release in the first half of the year and the final release toward the end of the year," writes InfoWorld.

So now Python 3.12 beta 1 has just been released, and InfoWorld compiled a list of its most significant new features. Some highlights: - The widely used Linux profiler tool perf works with Python, but only returns information about what's happening at the C level in the Python runtime. Information about actual Python program functions doesn't show up. Python 3.12 enables an opt-in mode to allow perf to harvest details about Python programs...

- Programs can run as much as an order of magnitude slower when run through a debugger or profiler. PEP 669 provides hooks for code object events that profilers and debuggers can attach to, such as the start or end of a function. A callback function could be registered by a tool to fire whenever such an event is triggered. There will still be a performance hit for profiling or debugging, but it'll be greatly reduced...

- Comprehensions, a syntax that lets you quickly construct lists, dictionaries, and sets, are now constructed "inline" rather than by way of temporary objects. The speedup for this has been clocked at around 11% for a real-world case and up to twice as fast for a micro-benchmark.

- Python's type-hinting syntax, added in Python 3.5, allows linting tools to catch a wide variety of errors ahead of time. With each new version, typing in Python gains features to cover a broader and more granular range of use cases... The type parameter syntax provides a cleaner way to specify types in a generic class, function, or type alias...

- Every object in Python has a reference count that tracks how many times other objects refer to it, including built-in objects like None. PEP 683 allows objects to be treated as "immortal," so that they never have their reference count changed. Making objects immortal has other powerful implications for Python in the long run. It makes it easier to implement multicore scaling, and to implement other optimizations (like avoiding copy-on-write) that would have been hard to implement before.

- With earlier versions of Python, the base size of an object was 208 bytes. Objects have been refactored multiple times over the last few versions of Python to make them smaller, which doesn't just allow more objects to live in memory but helps with cache locality. As of Python 3.12, the base size of an object is now 96 bytes — less than half of what it used to be.

The PyPI blog: In March and April 2023, the Python Software Foundation (PSF) received three (3) subpoenas for PyPI user data. All three subpoenas were issued by the United States Department of Justice. The PSF was not provided with context on the legal circumstances surrounding these subpoenas. In total, user data related to five (5) PyPI usernames were requested. The data request was:

"Names (including subscriber names, user names, and screen names);"
"Addresses (including mailing, residential addresses, business addresses, and email addresses);"
"Connection records;"
"Records of session times and durations, and the temporarily assigned network address (such as Internet Protocol addresses) associated with those sessions;"
"Length of service (including start date) and type of services utilized;"
"Telephone or instrument numbers (including the registration Internet Protocol address);"
"Means and source of payment of any such services (including any credit card or bank account number) and billing records;"
"Records of all Python Package Index (PyPI) packages uploaded by..." given usernames
"IP download logs of any Python Package Index (PyPI) packages uploaded by..." given usernames

The privacy of PyPI users is of utmost concern to PSF and the PyPI Administrators, and we are committed to protecting user data from disclosure whenever possible. In this case, however, PSF determined with the advice of counsel that our only course of action was to provide the requested data. I, as Director of Infrastructure of the Python Software Foundation, fulfilled the requests in consultation with PSF's counsel.

We have waited for the string of subpoenas to subside, though we were committed from the beginning to write and publish this post as a matter of transparency, and as allowed by the lack of a non-disclosure order associated with the subpoenas received in March and April 2023.

On Saturday PyPI, the official third-party registry of open source Python packages, "temporarily suspended new users from signing up, and new projects from being uploaded to the platform" reports BleepingComputer.

"The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion, especially with multiple PyPI administrators on leave," stated an incident notice posted by PyPI admins Saturday.

Hours ago they posted a four-word update: "Suspension has been lifted." No details were provided, but The Hacker News writes the incident "comes as software registries such as PyPI have proven time and time again to be a popular target for attackers looking to poison the software supply chain and compromise developer environments." Earlier this week, Israeli cybersecurity startup Phylum uncovered an active malware campaign that leverages OpenAI ChatGPT-themed lures to bait developers into downloading a malicious Python module capable of stealing clipboard content in order to hijack cryptocurrency transactions. ReversingLabs, in a similar discovery, identified multiple npm packages named nodejs-encrypt-agent and nodejs-cookie-proxy-agent in the npm repository that drops a trojan called TurkoRat.

Google Colab hosts free cloud-based "executable documents" that, among other things, let you write and run code in your browser (in dozens of languages, including Python).

Over 7 million people, including students, already use Colab, according to a recent post on Google's blog, "and now it's getting even better with advances in AI [with] features like code completions, natural language to code generation and even a code-assisting chatbot."

Google says it will "dramatically increase programming speed, quality, and comprehension." Our first features will focus on code generation. Natural language to code generation helps you generate larger blocks of code, writing whole functions from comments or prompts. [For example: "import data.csv as a dataframe."] The goal here is to reduce the need for writing repetitive code, so you can focus on the more interesting parts of programming and data science. Eligible users in Colab will see a new "Generate" button in their notebooks, allowing them to enter any text prompt to generate code.

For eligible paid users, as you type, you'll see autocomplete suggestions.

We're also bringing the helpfulness of a chatbot directly into Colab. Soon, you'll be able to ask questions directly in Colab like, "How do I import data from Google Sheets?" or "How do I filter a Pandas DataFrame?"

Anyone with an internet connection can access Colab, and use it free of charge... Access to these features will roll out gradually in the coming months, starting with our paid subscribers in the U.S. and then expanding into the free-of-charge tier.
It's powered by Google's "next generation" machine-learning language model PaLM 2 (announced earlier this month), which "excels at popular programming languages like Python and JavaScript, but can also generate specialized code in languages like Prolog, Fortran and Verilog." Colab will use Codey, a family of code models built on PaLM 2... fine-tuned on a large dataset of high quality, permissively licensed code from external sources to improve performance on coding tasks. Plus, the versions of Codey being used to power Colab have been customized especially for Python and for Colab-specific uses.

An anonymous reader quotes a report from Bloomberg: A trash can overflowing with disposable drink cups is an all-too-familiar sight outside any high-traffic cafe or fast-food joint. It was during a lunch-time walk in Melbourne that colleagues Aniyo Rahebi and Catherine Hutchins passed by several such eyesores and decided to combat the piles of waste. A few months later they arrived at an idea: a to-go cup that can be eaten. After hundreds of hours in the kitchen refining their concept, the duo took it to market. Their startup Good-Edi now offers an edible, biodegradable, plastic-free alternative to the standard polyethylene-lined paper cups used for coffee that largely end up in landfills or gets incinerated.

The company raised about $98,000 through a crowd-funding site in 2021, and its baking team currently produces about 500 cups a day for clients across Australia, including coffee shops, roasteries and concert venues, from a facility in a suburb of Melbourne. Good-Edi aims to boost output and expand sales internationally this year. The world goes through more than 250 billion plastic-lined paper drink cups every year, according to the United Nations Environment Programme. Only about 1% of those cups are recycled. Good-Edi says about 2.7 million disposable cups find their way to landfills each day in Australia.

Good-Edi's product works for both for hot drinks like coffee and tea as well as cold drinks. After about 250 recipe adjustments, the founders settled on a blend of rye flour, wheat bran, oat bran, sugar, salt, coconut oil and water. They say their container stays crispy holding a hot cup of joe for about 40 minutes and won't leak a cold beverage for about eight hours. For Hutchins and Rahebi, who have a combined 20 years experience in the food-processing and packaging sectors, Good-Edi is still a side hustle. They are banking on shifting consumer sentiment and a beverage industry under pressure to offer more sustainable to-go options to drive sales and compensate for the fact that their containers can increase the cost of a cup of takeaway coffee by A$1. "Will coffee drinkers be keen to gobble up the company's innovation, if it doesn't feel like a treat?" asks a Bloomberg Businessweek reporter that says the cup tasted like an unsweetened wheat biscuit.

Mojo is a new programming language developed by Modular1 that aims to address the performance and deployment limitations of Python in areas like AI model development. After demoing Mojo prior to its launch, Jeremy Howard from the non-profit research group fast.ai said it feels like coding will never be the same again. Here's an excerpt from Howard's article: Modular is a fairly small startup that's only a year old, and only one part of the company is working on the Mojo language. Mojo development was only started recently. It's a small team, working for a short time, so how have they done so much? The key is that Mojo builds on some really powerful foundations. Very few software projects I've seen spend enough time building the right foundations, and tend to accrue as a result mounds of technical debt. Over time, it becomes harder and harder to add features and fix bugs. In a well designed system, however, every feature is easier to add than the last one, is faster, and has fewer bugs, because the foundations each feature builds upon are getting better and better. Mojo is a well designed system.

At its core is MLIR (Multi-Level Intermediate Representation), which has already been developed for many years, initially kicked off by Chris Lattner at Google. He had recognized what the core foundations for an "AI era programming language" would need, and focused on building them. MLIR was a key piece. Just as LLVM made it dramatically easier for powerful new programming languages to be developed over the last decade (such as Rust, Julia, and Swift, which are all based on LLVM), MLIR provides an even more powerful core to languages that are built on it. Another key enabler of Mojo's rapid development is the decision to use Python as the syntax. Developing and iterating on syntax is one of the most error-prone, complex, and controversial parts of the development of a language. By simply outsourcing that to an existing language (which also happens to be the most widely used language today) that whole piece disappears! The relatively small number of new bits of syntax needed on top of Python then largely fit quite naturally, since the base is already in place.

The next step was to create a minimal Pythonic way to call MLIR directly. That wasn't a big job at all, but it was all that was needed to then create all of Mojo on top of that -- and work directly in Mojo for everything else. That meant that the Mojo devs were able to "dog-food" Mojo when writing Mojo, nearly from the very start. Any time they found something didn't quite work great as they developed Mojo, they could add a needed feature to Mojo itself to make it easier for them to develop the next bit of Mojo! You can give Mojo a try here.

Serverless JavaScript is hosted in an edge network or by an HTTP caching service (and only runs when requested), explains Cloudflare. "Developers can write and deploy JavaScript functions that process HTTP requests before they travel all the way to the origin server."

Their platform for serverless JavaScript will soon have built-in AI features, Cloudflare's CTO announced today, "so that developers have a rich toolset at their disposal. A developer platform without AI isn't going to be much use. It'll be a bit like a developer platform that can't do floating point arithmetic, or handle a list of data. We're going to see every developer platform have AI capability built in because these capabilities will allow developers to make richer experiences for users...

As I look back at 40 years of my programming life, I haven't been this excited about a new technology... ever. That's because AI is going to be a pervasive change to how programs get written, who writes programs and how all of us interact with software... I think it'll make us more productive and make more people programmers.
But in addition, developers on the platform will also be able to train and upload their own models to run on Cloudflare's global network: Unlike a database where data might largely be stored and accessed infrequently, AI systems are alive with moving data. To accommodate that, platforms need to stop treating data as something to lock in developers with. Data needs to be free to move from system to system, from platform to platform, without transfer fees, egress or other nonsense. If we want a world of AI, we need a world of data fluidity.

Veteran open source report Steven J. Vaughan-Nichols, writing at The Register: We can all agree that securing our software is a good thing. Thanks to one security fiasco after another -- the SolarWinds software supply chain attack, the perpetual Log4j vulnerability, and the npm maintainer protest code gone wrong -- we know we must secure our code. But the European Union's proposed Cyber Resilience Act (CRA) goes way, way too far in trying to regulate software security. At the top level, it looks good. Brussels states that before "products with digital elements" are allowed on the EU market, manufacturers must follow best practices in four areas. Secure the product over its whole life; follow a coherent cybersecurity framework; show cybersecurity transparency; and ensure customers can use products securely. Sounds great, doesn't it? But the road to hell is paved with good intentions. The devil, as always, is in the details. Some of this has nothing to do with open source software. Good luck creating any program in any way that a clueless user can't screw up.

But the EU commissioners don't have a clue about how open source software works. Or, frankly, what it is. They think that open source is the same as proprietary software with a single company behind it that's responsible for the work and then monetizes it. Nope. Open source, as I've said over and over again, is not a business model. Sure, you can build businesses around it. Who doesn't these days? But just as the AWSes, Googles, and Facebooks of the world depend on open source software, they also use programs written by Tom, Denise, and Harry from around the world. The CRA's underlying assumption is that you can just add security to software, like adding a new color option to your car's paint job. We wish!

Securing software is a long, painful process. Many open source developers have neither the revenue nor resources to secure their programs to a government standard. The notional open source developer in Nebraska, thanklessly maintaining a vital small program, may not even know where Brussels is (it's in Belgium). They can't afford to secure their software to meet EU specifications. They often have no revenue. They certainly have no control over who uses their software. It's open source, for pity's sake! As open source developer Thomas Depierre recently blogged: "We are not suppliers. All the people writing and maintaining these projects, we are not suppliers. We do not have a business relationship with all these organizations. We are volunteers, writing code and putting it online under these Licenses." Exactly.

According to Azure CTO Mark Russinovich, the most recent Windows 11 Insider Preview build is the first to include the memory-safe programming language Rust. Thurrott reports: "If you're on the Win11 Insider ring, you're getting the first taste of Rust in the Windows kernel," Russinovich tweeted last night. It's not clear which Insider channel he is referring to, however.

Regardless, that that was quick: Microsoft only went public with its plans to replace parts of the Windows kernel with Rust code in mid-April at its BlueHat IL 2023 security conference in Israel. At that event, Microsoft vice president David Weston said that "we're using Rust on the operating system along with other constructs" as part of an "aggressive and meaningful pursuit of memory safety," a key source of exploits. And it's not just the Windows kernel. Microsoft is bringing Rust to its Pluton security processor as well.

SimilarWeb: Developers increasingly get advice from AI chatbots and GitHub CoPilot rather than Stack Overflow message boards. While traffic to OpenAI's ChatGPT has been growing exponentially, Stack Overflow has been experiencing a steady decline -- losing some of its standings as the go-to source developers turn to for answers to coding challenges. Actually, traffic to Stack Overflow's community website has been dropping since the beginning of 2022. That may be in part because of a related development, the introduction of the CoPilot coding assistant from Microsoft's GitHub business. CoPilot is built on top of the same OpenAI large language model as ChatGPT, capable of processing both human language and programming language. A plugin to the widely used Microsoft Visual Studio Code allows developers to have CoPilot write entire functions on their behalf, rather than going to Stack Overflow in search of something to copy and paste. CoPilot now incorporates the latest GPT-4 version of OpenAI's platform.

On a year-over-year basis, traffic to Stack Overflow (stackoverflow.com) has been down by an average of 6% every month since January 2022 and was down 13.9% in March. ChatGPT doesn't have a year-over-year track record, having only launched at the end of November, but its website (chat.openai.com) has become one of the world's hottest digital properties in that short time, bigger than Microsoft's Bing search engine for worldwide traffic. It attracted 1.6 billion visits in March and another 920.7 million in the first half of April. The GitHub website has also been seeing strong growth, with traffic to github.com up 26.4% year-over-year in March to 524 million visits. That doesn't reflect all the usage of CoPilot, which normally takes place within an editor like Visual Studio Code, but it would include people coming to the website to get a subscription to the service. Visits to the GitHub CoPilot free trial signup page more than tripled from February to March, topping 800,000.