Remember when MIT researchers did fMRI brain scans measuring the blood flow through brains to determine which parts were engaged when programmers evaluated code? MIT now says that a new paper (by many of the same authors) delves even deeper: Whereas the previous study looked at 20 to 30 people to determine which brain systems, on average, are relied upon to comprehend code, the new research looks at the brain activity of individual programmers as they process specific elements of a computer program. Suppose, for instance, that there's a one-line piece of code that involves word manipulation and a separate piece of code that entails a mathematical operation. "Can I go from the activity we see in the brains, the actual brain signals, to try to reverse-engineer and figure out what, specifically, the programmer was looking at?" asks Shashank Srikant, a PhD student in MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL). "This would reveal what information pertaining to programs is uniquely encoded in our brains." To neuroscientists, he notes, a physical property is considered "encoded" if they can infer that property by looking at someone's brain signals.

Take, for instance, a loop — an instruction within a program to repeat a specific operation until the desired result is achieved — or a branch, a different type of programming instruction than can cause the computer to switch from one operation to another. Based on the patterns of brain activity that were observed, the group could tell whether someone was evaluating a piece of code involving a loop or a branch. The researchers could also tell whether the code related to words or mathematical symbols, and whether someone was reading actual code or merely a written description of that code.....

The team carried out a second set of experiments, which incorporated machine learning models called neural networks that were specifically trained on computer programs. These models have been successful, in recent years, in helping programmers complete pieces of code. What the group wanted to find out was whether the brain signals seen in their study when participants were examining pieces of code resembled the patterns of activation observed when neural networks analyzed the same piece of code. And the answer they arrived at was a qualified yes. "If you put a piece of code into the neural network, it produces a list of numbers that tells you, in some way, what the program is all about," Srikant says. Brain scans of people studying computer programs similarly produce a list of numbers. When a program is dominated by branching, for example, "you see a distinct pattern of brain activity," he adds, "and you see a similar pattern when the machine learning model tries to understand that same snippet."
But where will it all lead? They don't yet know what these recently-gleaned insights can tell us about how people carry out more elaborate plans in the real world.... Creating models of code composition, says O'Reilly, a principal research scientist at CSAIL, "is beyond our grasp at the moment." Lipkin, a BCS PhD student, considers this the next logical step — figuring out how to "combine simple operations to build complex programs and use those strategies to effectively address general reasoning tasks." He further believes that some of the progress toward that goal achieved by the team so far owes to its interdisciplinary makeup. "We were able to draw from individual experiences with program analysis and neural signal processing, as well as combined work on machine learning and natural language processing," Lipkin says. "These types of collaborations are becoming increasingly common as neuro- and computer scientists join forces on the quest towards understanding and building general intelligence."

Phoronix checks systemd's Git activity in 2022 (and compares it to previous years): If measuring a open-source project's progress by the commity activity per year, while not the most practical indicator, systemd had a very good year. In 2022 there were 6,271 commits which is under 2021's all-time-high of 6,787 commits. But this year's activity count effectively ties 2018 for second place with the most commits in a given calendar year.

This year saw 201k lines of new code added to systemd and 110k lines removed, or just under one hundred thousand lines added in total to systemd in 2022....

Systemd continues to grow and is closing out 2022 at around 1,715,111 lines within its Git repository.
Also interesting: "[W]hen it comes to the most commits overall to systemd over its history, Lennart Poettering easily wins the race and there is no competition. As a reminder, this year Lennart joined Microsoft as one of the surprises for 2022."

An anonymous reader quotes a report from TechCrunch: A recent study finds that software engineers who use code-generating AI systems are more likely to cause security vulnerabilities in the apps they develop. The paper, co-authored by a team of researchers affiliated with Stanford, highlights the potential pitfalls of code-generating systems as vendors like GitHub start marketing them in earnest. The Stanford study looked specifically at Codex, the AI code-generating system developed by San Francisco-based research lab OpenAI. (Codex powers Copilot.) The researchers recruited 47 developers -- ranging from undergraduate students to industry professionals with decades of programming experience -- to use Codex to complete security-related problems across programming languages including Python, JavaScript and C.

Codex was trained on billions of lines of public code to suggest additional lines of code and functions given the context of existing code. The system surfaces a programming approach or solution in response to a description of what a developer wants to accomplish (e.g. "Say hello world"), drawing on both its knowledge base and the current context. According to the researchers, the study participants who had access to Codex were more likely to write incorrect and "insecure" (in the cybersecurity sense) solutions to programming problems compared to a control group. Even more concerningly, they were more likely to say that their insecure answers were secure compared to the people in the control.

Megha Srivastava, a postgraduate student at Stanford and the second co-author on the study, stressed that the findings aren't a complete condemnation of Codex and other code-generating systems. The study participants didn't have security expertise that might've enabled them to better spot code vulnerabilities, for one. That aside, Srivastava believes that code-generating systems are reliably helpful for tasks that aren't high risk, like exploratory research code, and could with fine-tuning improve in their coding suggestions. "Companies that develop their own [systems], perhaps further trained on their in-house source code, may be better off as the model may be encouraged to generate outputs more in-line with their coding and security practices," Srivastava said. The co-authors suggest vendors use a mechanism to "refine" users' prompts to be more secure -- "akin to a supervisor looking over and revising rough drafts of code," reports TechCrunch. "They also suggest that developers of cryptography libraries ensure their default settings are secure, as code-generating systems tend to stick to default values that aren't always free of exploits."

Game developer Archer Maclean recently passed away at the age of 60. Maclean was a longtime programmer and designer best known for Dropzone on the Atari 8-bit and Commodore 64. Game Developer reports: Born January 28, 1962, Maclean's first game was the aforementioned Dropzone. Following the success of that title, he would go on to do design and graphics for 1986's International Karate (and its 1987 sequel, International Karate+), and several snooker simulation games, including Archer Maclean Presents Pool Paradise. Several of these titles were developed at Awesome Studios, a subsidiary of the now defunct Ignition Entertainment. Maclean co-founded Awesome in 2002, and later left the developer in 2005. He went on to found Awesome Play, creators of the 2009 Nintendo Wii title Speedzone (or Wheelspin in Europe). Though Speedzone marked the end of his time as a game developer, Maclean also wrote columns for Retro Gamer Magazine.

A developer managed to use an exploit found in iOS 16 to change the default font of the system without jailbreak. 9to5Mac reports: Zhuowei Zhang shared his project on Twitter, which he calls a "proof-of-concept app." According to Zhang, the app he developed uses the CVE-2022-46689 exploit to overwrite the default iOS font, so that users can customize the system's appearance with a different font other than the default (which is San Francisco). The CVE-2022-46689 exploit affects devices running iOS 16.1.2 or earlier versions of the operating system, and it basically lets apps execute arbitrary code with kernel privileges. The exploit was fixed with iOS 16.2, which also fixed a bunch of other security breaches found in the previous version of iOS.

Since iOS has its own font format, the developer performed the experiment using only a few fonts, including DejaVu Sans Condensed, Serif, Mono, and Choco Cooky. And in case you're wondering, Choco Cooky is the weird font that used to come pre-installed by default on Samsung smartphones. Now you can finally have it on your iPhone. Zhang explains that the process should be safe for everyone, since all changes are reversed after rebooting the device. Still, the developer recommends users trying out the app to back up their devices before replacing the default system font. He also details that the change only affects some of the text on iOS, as other parts of the system use different fonts. More details about the project, including its source code, are available on GitHub.

Computer scientists from Stanford University have found that programmers who accept help from AI tools like Github Copilot produce less secure code than those who fly solo. From a report: In a paper titled, "Do Users Write More Insecure Code with AI Assistants?", Stanford boffins Neil Perry, Megha Srivastava, Deepak Kumar, and Dan Boneh answer that question in the affirmative. Worse still, they found that AI help tends to delude developers about the quality of their output. "We found that participants with access to an AI assistant often produced more security vulnerabilities than those without access, with particularly significant results for string encryption and SQL injection," the authors state in their paper.

"Surprisingly, we also found that participants provided access to an AI assistant were more likely to believe that they wrote secure code than those without access to the AI assistant." Previously, NYU researchers have shown that AI-based programming suggestions are often insecure in experiments under different conditions. The Stanford authors point to an August 2021 research paper titled "Asleep at the Keyboard? Assessing the Security of GitHub Copilot's Code Contributions," which found that given 89 scenarios, about 40 per cent of the computer programs made with the help of Copilot had potentially exploitable vulnerabilities.

That study, the Stanford authors say, is limited in scope because it only considers a constrained set of prompts corresponding to 25 vulnerabilities and just three programming languages: Python, C, and Verilog. The Stanford scholars also cite a followup study from some of the same NYU eggheads, "Security Implications of Large Language Model Code Assistants: A User Study," as the only comparable user study they're aware of. They observe, however, that their work differs because it focuses on OpenAI's codex-davinci-002 model rather than OpenAI's less powerful codex-cushman-001 model, both of which play a role in GitHub Copilot, itself a fine-tuned descendant of a GPT-3 language model.

Justin Garrison works at Amazon Web Services on the Kubernetes team (and was senior systems engineer on several animated films).

This week he spotted a new milestone for Linux in the 2022 StackOverflow developer survey: [Among the developers surveyed] Linux as a primary operating system had been steadily climbing for the past 5 years. 2018 through 2021 saw steady growth with 23.2%, 25.6%, 26.6%, 25.3%, and finally in 2022 the usage was 40.23%. Linux usage was more than macOS in 2021, but only by a small margin. 2022 it is now 9% more than macOS.
Their final stats for "professional use" operating system:

• Windows: 48.82%
• Linux-based: 39.89%
• MacOs: 32.97%

But Garrison's blog post notes that that doesn't include the million-plus people all the Linux-based cloud development environments (like GitHub Workspaces) — not to mention the 15% of WSL users on Windows and all the users of Docker (which uses a Linux VM).

"It's safe to say more people use Linux as part of their development workflow than any other operating system."

For three years Stockholm-based games studio Embark has been working on the Rust-gpu project to make Rust "a first class language and ecosystem for GPU programming." The project's latest announcement? rust-gpu now supports ray-tracing.

Their original announcement explained the rationale for this years-long dvelopment effort: Historically in games GPU programming has been done through writing either HLSL, or to a lesser extent GLSL. These are simple programming languages that have evolved along with rendering APIs over the years. However, as game engines have evolved, these languages have failed to provide mechanisms for dealing with large codebases, and have generally stayed behind the curve compared to other programming languages.

In part this is because it's a niche language for a niche market, and in part this has been because the industry as a whole has sunk quite a lot of time and effort into the status quo. While over-all better alternatives to both languages exist, none of them are in a place to replace HLSL or GLSL. Either because they are vendor locked, or because they don't support the traditional graphics pipeline. Examples of this include CUDA and OpenCL. And while attempts have been made to create language in this space, none of them have gained any notable traction in the gamedev community.

Our hope with this project is that we push the industry forward by bringing an existing, low-level, safe, and high performance language to the GPU; namely Rust. And with it come some additional benefits that can't be overlooked: a package/module system that's one of the industry's best, built in safety against race-conditions or out of bounds memory access, a wide range of tools and utilities to improve programmer workflows, and many others!
Along with ray-tracing, this week they announced plans to keep rust-gpu on the same schedule as the stable Rust release, "so you can use your favorite new language features as new stable versions of Rust are being released, by just updating your rust-gpu version."

Thanks to Slashdot reader guest reader for sharing the news!

A Microsoft .NET Community standup has left Windows desktop developers wondering what kind of future, if any, the company has planned for its older desktop application frameworks, Windows Forms and Windows Presentation Foundation (WPF). From a report: A "what's new" slide for WPF presented by senior program manager Olia Gavrysh last week shows "Community Run Project" as the first bullet point, causing consternation among attendees. "Who's happy that WPF is now a community run project? This is soooo scary," remarked Morten Nielsen, a senior principal engineer at ESRI working on the ArcGIS runtime, for location-based analytics.

The slide was perhaps misinterpreted. It was intended as an update on what is happening with pull requests from the community, rather than meaing that WPF has been handed over to the community. Nevertheless, concerns about the future of the framework are well founded. "It's not dead. we have a team working on WPF and supporting it," said Gavrysh, but added, "we now switch to the model where we accept a lot of PRs [pull requests] from the community because we think of WPF as [a] very mature project so not that much rapid development is happening."

Stack Overflow has the announced the results of its annual survey of developers. ZDNet reports: Almost three-quarters (74%) of developers are actively looking for new roles or are open to fresh opportunities, according to research.... The highest percentage of active job seekers is in the 20-24 year-old cohort (27%), with 21% for 25-34 year-olds, 17% for 35-44 year-olds, and only 12% for 45-54 year-olds.

Additionally, the percentage of younger developers actively searching for their next role increased nine points year over year, according to the survey of 2,600 developers by StackOverflow....

Some 54% of respondents to the StackOverflow survey said a better salary is the largest motivator when considering a new opportunity. The biggest factors that stop developers from looking for new jobs are flexibility (58%), salary (54%), and learning opportunities (54%). Developers also want flexibility and the option to work from home, with 46% citing starting/ending the day at a precise time or being expected to work from an office (44%) as the top drawbacks in their current roles.

"Regardless of the economy, it's clear salary is important but it's not everything," says StackOverflow CEO Prashanth Chandrasekar.

TechCrunch reports: Every developer knows that it's a bad idea to hardcode security credentials into source code. Yet it happens and when it does, the consequences can be dire. Until now, GitHub only made its secret scanning service available to paying enterprise users who paid for GitHub Advanced Security, but starting Thursday, the Microsoft-owned company is making its secrets scanning service available for all public GitHub repos for free.

In 2022 alone, the company notified partners in its secret scanning partner program of more than 1.7 million potential secrets that were exposed in public repositories. The service scans repositories for over 200 known token formats and then alerts partners of potential leaks — and you can define your own regex patterns, too.... However, the rollout of the service will be gradual and it will not be available to all users until the end of January 2023.
TechCrunch also notes there's alternatives (including open source GitLeaks).

In June GitHub announced they'd retire their customizable text editor Atom on December 15th — so they could focus their development efforts on the IDEs Microsoft Visual Studio Code and GitHub Codespaces. "As new cloud-based tools have emerged and evolved over the years, Atom community involvement has declined significantly," according to a post on GitHub's blog.

So while "GitHub and our community have benefited tremendously from those who have filed issues, created extensions, fixed bugs, and built new features on Atom," this now means that:

- Atom package management will stop working
- No more security updates
- Teletype will no longer work
- Deprecated redirects that supported downloading Electron symbols and headers will no longer work
- Pre-built Atom binaries can continue to be downloaded from the atom repository releases

Fortunately, in 2014 GitHub open sourced the code for Atom. And according to It's FOSS News: A community build for it is already available; however, there seems to be a new version (Pulsar) that aims to bring feature parity with the original Atom and introduce modern features and updated architecture....

The reason why they made a separate fork is because of different goals for the projects. Pulsar wants to modernize everything to present a successor to Atom. Of course, the user interface is much of the same. Considering Pulsar hasn't had a stable release yet, the branding could sometimes seem all over the place. However, the essentials seem to be there with the documentation, packages, and features like the ability to install packages from Git repositories....

As of now, it is too soon to say if Pulsar will become something better than what the Atom community version offers. However, it is something that we can keep an eye on.... You can head to its official download page to get the package required for your system and test it out.
Like Atom, Pulsar is cross-platform support (supporting Linux, macOS, and Windows).

IBM has quietly announced it's planning a 24-core Power 10 processor, seemingly to make one of its servers capable of running Oracle's database in a cost-effective fashion. From a report: A hardware announcement dated December 13 revealed the chip in the following "statement of general direction" about Big Blue's Power S1014 technology-based server: "IBM intends to announce a high-density 24-core processor for the IBM Power S1014 system (MTM 9105-41B) to address application environments utilizing an Oracle Database with the Standard Edition 2 (SE2) licensing model. It intends to combine a robust compute throughput with the superior reliability and availability features of the IBM Power platform while complying with Oracle Database SE2 licensing guidelines."

Apple is preparing to allow alternative app stores on its iPhones and iPads, part of a sweeping overhaul aimed at complying with strict European Union requirements coming in 2024. From a report: Software engineering and services employees are engaged in a major push to open up key elements of Apple's platforms, according to people familiar with the efforts. As part of the changes, customers could ultimately download third-party software to their iPhones and iPads without using the company's App Store, sidestepping Apple's restrictions and the up-to-30% commission it imposes on payments. The moves -- a reversal of long-held policies -- are a response to EU laws aimed at leveling the playing field for third-party developers and improving the digital lives of consumers. For years, regulators and software makers have complained that Apple and Google, which run the two biggest mobile app stores, wield too much power as gatekeepers.

"Java is no longer among the top three most popular programming languages in the TIOBE Index," reports the Register, "one of several not particularly definitive yardsticks by which such things are measured." According to Paul Jansen, CEO of Netherlands-based TIOBE Software, the rising popularity of C++ has pushed Java down a notch. The index's rankings are now:

- Python in first place
- C second
- C++ third, and
- Java fourth.

C++ stepped up to third, and Java fell to fourth. "C++ surpassed Java for the first time in the history of the TIOBE Index, which means that Java is at position 4 now," said Jansen in the December update for the TIOBE Index. "This is the first time that Java is not part of the top 3 since the beginning of the TIOBE Index in 2001."

The surge in C++, perhaps in part helped by the stable release of C++ 20 in December 2020, is particularly ironic in light of the language's recent dismissal by Microsoft CTO Mark Russinovich, which coincides with industry evangelism for Rust and its capacity for memory safety.
The article points out that other rankings still show a slighty higher popularity for Java. And ZDNet notes the other languages rising quickly in popularity over the last 12 months: In a year-on-year comparison in Tiobe's index, the languages now in the top 20 that made significant gains over the period are: Rust (up from 27 to 20), Objective-C (up from 29 to 19), science-specialized MATLAB (20 to 14), and Google's Go language (up from 19 to 12).

"Linus has released the 6.1 kernel," reports LWN.net — and it's the one with initial support for kernel development in Rust.

Elsewhere LWN explains the specifics of this milestone: No system with a production 6.1 kernel will be running any Rust code, but this change does give kernel developers a chance to play with the language in the kernel context and get a sense for how Rust development feels....

There are other initiatives underway, including the writing of an Apple graphics driver in the Rust language. For the initial merge into the mainline kernel, though, Linus Torvalds made it clear that as little functionality as possible should be included. So those drivers and their support code were trimmed out and must wait for a future kernel release. What is there is the support needed to build a module that can be loaded into the kernel, along with a small sample module.... Torvalds asked for something that could do "hello world" and that is what we got. It is something that can be played with, but it cannot be used for any sort of real kernel programming at this point.

That situation will, hopefully, change in the near future.
Meanwhile, Linux 6.1 also includes "support for destructive BPF programs, some significant io_uring performance improvements, better user-space control over transparent huge-page creation, improved memory-tiering support."

The Register adds: Other interesting additions include more support for the made-in-China LoongArch CPU architecture, introductory work to support Wi-Fi 7 and security fixes for some flaky Wi-Fi routines in previous versions of the kernel. There's also plenty of effort to improve the performance of Linux on laptops, and enhanced power efficiency for AMD's PC-centric RYZEN silicon.

"When the third major release of the Dart programming language debuts in mid-2023, null values will no longer be allowed where they're not expected," reports the Register: Null in this context is an assignment value indicating the absence of a value or referenced object.... Dart, an object-oriented, garbage-collected C-like language that once aspired to replace JavaScript, supported sound null safety — a way to prevent errors from accessing variables set to null — as of version 2.12. But it maintained modes for running code without null safety or with partial null safety. Dart 3 will no longer entertain those suboptimal possibilities.

"Our next release, Dart 3, completes the journey to a fully sound null safe language," explained Michael Thomsen, product manager on Dart and Flutter, in a blog post. "As the last step of that journey, we're removing several historical Dart language and SDK artifacts, including removing support for running without sound null safety." Sound null safety, Thomsen explains, means that a non-nullable variable never contains a null value. Not every implementation of null safety is so certain: TypeScript, for example, is unsound — you can assign a null value to a non-null variable. C# has exceptions to its null checks. And Kotlin also has exceptions.

Dart's transition will help catch type-related bugs at compile time, and should improve code readability, maintainability, and ahead-of-time (AOT) compilation. There's a cost however. Sound null safety will be the only option so pubspec files — Dart package metadata — with an SDK constraint set for less than 2.12 will no longer resolve in Dart 3. According to Thomsen, about 85 percent of Flutter code (which is written in Dart) supports sound null safety at this point. Those with apps and packages in the remaining 15 percent are urged to adapt their code prior to Dart 3's arrival....

Following the release of Dart 3, the next significant milestone for the language is likely to be support for compiling Dart code into WebAssembly (Wasm), which will allow Flutter Web apps to run as native code in browsers.

DeepMind's new artificial intelligence system called AlphaCode was able to "achieve approximately human-level performance" in a programming competition. The findings have been published in the journal Science. Slashdot reader sciencehabit shares a report from Science Magazine: AlphaCode's creators focused on solving those difficult problems. Like the Codex researchers, they started by feeding a large language model many gigabytes of code from GitHub, just to familiarize it with coding syntax and conventions. Then, they trained it to translate problem descriptions into code, using thousands of problems collected from programming competitions. For example, a problem might ask for a program to determine the number of binary strings (sequences of zeroes and ones) of length n that don't have any consecutive zeroes. When presented with a fresh problem, AlphaCode generates candidate code solutions (in Python or C++) and filters out the bad ones. But whereas researchers had previously used models like Codex to generate tens or hundreds of candidates, DeepMind had AlphaCode generate up to more than 1 million.

To filter them, AlphaCode first keeps only the 1% of programs that pass test cases that accompany problems. To further narrow the field, it clusters the keepers based on the similarity of their outputs to made-up inputs. Then, it submits programs from each cluster, one by one, starting with the largest cluster, until it alights on a successful one or reaches 10 submissions (about the maximum that humans submit in the competitions). Submitting from different clusters allows it to test a wide range of programming tactics. That's the most innovative step in AlphaCode's process, says Kevin Ellis, a computer scientist at Cornell University who works AI coding.

After training, AlphaCode solved about 34% of assigned problems, DeepMind reports this week in Science. (On similar benchmarks, Codex achieved single-digit-percentage success.) To further test its prowess, DeepMind entered AlphaCode into online coding competitions. In contests with at least 5000 participants, the system outperformed 45.7% of programmers. The researchers also compared its programs with those in its training database and found it did not duplicate large sections of code or logic. It generated something new -- a creativity that surprised Ellis. The study notes the long-term risk of software that recursively improves itself. Some experts say such self-improvement could lead to a superintelligent AI that takes over the world. Although that scenario may seem remote, researchers still want the field of AI coding to institute guardrails, built-in checks and balances.

An anonymous reader quotes a report from TechCrunch: Apple is loosening its requirements around how developers have to price their apps as legal and regulatory pressure over its tight control of the App Store intensifies. The company announced today it's expanding its App Store pricing system to offer developers access to 700 additional price points, bringing the new total number of price points available to 900. It will also allow U.S. developers to set prices for apps, in-app purchases or subscriptions as low as $0.29 or as high as $10,000, and in rounded endings (like $1.00) instead of just $0.99. Similar new policies to reduce restrictions around price points will roll out in global markets, alongside new tools aimed at helping developers better manage pricing outside their local market. The changes will initially become available starting today, Dec. 6, 2022, for auto-renewable subscriptions. They'll become available to paid apps and in-app purchases in Spring 2023.

U.S. consumers may have noticed some App Store prices already ended in other digits besides just $0.99. But that's because auto-renewing subscriptions had access to a slightly wider range of price points than other consumables -- including the ability to set their prices as low as $0.49. But these same rules did not apply to non-subscription app pricing, which added to consumer and developer confusion. The new system is looking to simplify the pricing so it's more consistent across the board. For U.S. apps in the lowest tiers, price points can increase in $0.10 increments up to $10.00 going forward. These price steps become less granular when you move into higher price points. For example, between $10 and $50, they then can increase by $0.50 increments. Between $50 and $200, the price steps would be $1.00, and so on.

In addition to the updated pricing policies, Apple is also now rolling out tools to help developers better manage currency and taxes across storefronts. Starting today, developers will be able to set their subscription prices in their local currency as the basis for automatically generating pricing across the other 174 storefronts and 44 currencies, or they can choose to manually set prices in each market. When pricing is set automatically, pricing outside a developer's home market will update as foreign exchange and tax rates change. This functionality will expand to all other apps beyond subscription apps in Spring 2023. Also coming in 2023, developers with paid apps and in-app purchases will be able to choose to set local territory pricing, which isn't impacted by automatic price adjustments based on the changes in taxes and foreign exchange rates. And all developers will also be able to define the availability of in-app purchases by storefront.

"The Perl Advent Calendar has come a long way since it's first year in 2000," says an announcement on Reddit. But in fact the online world now has many daily advent calendars aimed at programmers — offering tips about their favorite language or coding challenges.

• The HTMHell site — which bills itself as "a collection of bad practices in HTML, copied from real websites" — decided to try publishing 24 original articles for their 2022 HTMHell Advent Calendar. Elsewhere on the way there's the Web Performance Calendar, promising daily articles for speed geeks. And the 24 Days in December blog comes to life every year with new blog posts for PHP users.

• The JVM Advent Calendar brings a new article daily about a JVM-related topic. And there's also a C# Advent calendar promising two new blog posts about C# every day up to (and including) December 25th.

• The Perl Advent Calendar offers fun stories about Perl tools averting December catastrophes up at the North Pole. (Day One's story — "Silent Mite" — described Santa's troubles building software for a ninja robot alien toy, since its embedded hardware support contract prohibited unwarrantied third-party code, requiring a full code rewrite using Perl's standard library.) Other stories so far this December include "Santa is on GitHub" and "northpole.cgi"

• The code quality/security software company SonarSource has a new 2022 edition of their Code Security Advent Calendar — their seventh consecutive year — promising "daily challenges until December 24th. Get ready to fill your bag of security tricks!" (According to a blog post the challenges are being announced on Twitter and on Mastadon.

• Just as the Perl community spawned another language named Perl 6 — now called Raku — there's also a Raku-themed advent calendar. (It's now at a new URL, though it's been running since 2009.) Day Three's post tells the story of Santa and the Rakupod Wranglers.

• "24 Pull Requests" dares participants to make 24 pull requests before December 24th. (The site's tagline is "giving back to open source for the holidays.") Over the years tens of thousands of developers (and organizations) have participated — and this year they're also encouraging organizers to hold hack events.

• The Advent of JavaScript and Advent of CSS sites promise 24 puzzles delivered by email (though you'll have to pay if you also want them to email you the solutions!)

• TryHackMe.com has its own set of darily cybersecurity puzzles (and even a few prizes).

• For 2022 Oslo-based Bekk Consulting (a "strategic internet consulting company") is offering an advent calendar of their own. A blog post says its their sixth annual edition, and promises "new original articles, podcasts, tutorials, listicles and videos every day up until Christmas Eve... all written and produced by us - developers, designers, project managers, agile coaches, management consultants, specialists and generalists."

Whether you participate or not, the creation of programming-themed advent calendar sites is a long-standing tradition among geeks, dating back more than two decades. (Last year Smashing magazine tried to compile an exhaustive list of the various sites serving all the different developer communities.)

But no list would be complete without mentioning Advent of Code. This year's programming puzzles involve everything from feeding Santa's reindeer and loading Santa's sleigh. The site's About page describes it as "an Advent calendar of small programming puzzles for a variety of skill sets and skill levels that can be solved in any programming language you like."

Now in its eighth year, the site's daily two-part programmig puzzles have a massive online following. This year's Day One puzzle was solved by 178,628 participants...