


C++ Zooms Past Java in Programming Language Popularity Contest (theregister.com) 108
- Python in first place
- C second
- C++ third, and
- Java fourth.
C++ stepped up to third, and Java fell to fourth. "C++ surpassed Java for the first time in the history of the TIOBE Index, which means that Java is at position 4 now," said Jansen in the December update for the TIOBE Index. "This is the first time that Java is not part of the top 3 since the beginning of the TIOBE Index in 2001."
The surge in C++, perhaps in part helped by the stable release of C++ 20 in December 2020, is particularly ironic in light of the language's recent dismissal by Microsoft CTO Mark Russinovich, which coincides with industry evangelism for Rust and its capacity for memory safety.
The article points out that other rankings still show a slighty higher popularity for Java. And ZDNet notes the other languages rising quickly in popularity over the last 12 months: In a year-on-year comparison in Tiobe's index, the languages now in the top 20 that made significant gains over the period are: Rust (up from 27 to 20), Objective-C (up from 29 to 19), science-specialized MATLAB (20 to 14), and Google's Go language (up from 19 to 12).

Linux 6.1 Released With Initial Support for Rust-Based Kernel Development (lwn.net) 65
Elsewhere LWN explains the specifics of this milestone: No system with a production 6.1 kernel will be running any Rust code, but this change does give kernel developers a chance to play with the language in the kernel context and get a sense for how Rust development feels....
There are other initiatives underway, including the writing of an Apple graphics driver in the Rust language. For the initial merge into the mainline kernel, though, Linus Torvalds made it clear that as little functionality as possible should be included. So those drivers and their support code were trimmed out and must wait for a future kernel release. What is there is the support needed to build a module that can be loaded into the kernel, along with a small sample module.... Torvalds asked for something that could do "hello world" and that is what we got. It is something that can be played with, but it cannot be used for any sort of real kernel programming at this point.
That situation will, hopefully, change in the near future.
Meanwhile, Linux 6.1 also includes "support for destructive BPF programs, some significant io_uring performance improvements, better user-space control over transparent huge-page creation, improved memory-tiering support."
The Register adds: Other interesting additions include more support for the made-in-China LoongArch CPU architecture, introductory work to support Wi-Fi 7 and security fixes for some flaky Wi-Fi routines in previous versions of the kernel. There's also plenty of effort to improve the performance of Linux on laptops, and enhanced power efficiency for AMD's PC-centric RYZEN silicon.

Google's Dart Programming Language Soon Won't Take 'Null' For an Answer (theregister.com) 43
"Our next release, Dart 3, completes the journey to a fully sound null safe language," explained Michael Thomsen, product manager on Dart and Flutter, in a blog post. "As the last step of that journey, we're removing several historical Dart language and SDK artifacts, including removing support for running without sound null safety." Sound null safety, Thomsen explains, means that a non-nullable variable never contains a null value. Not every implementation of null safety is so certain: TypeScript, for example, is unsound — you can assign a null value to a non-null variable. C# has exceptions to its null checks. And Kotlin also has exceptions.
Dart's transition will help catch type-related bugs at compile time, and should improve code readability, maintainability, and ahead-of-time (AOT) compilation. There's a cost however. Sound null safety will be the only option so pubspec files — Dart package metadata — with an SDK constraint set for less than 2.12 will no longer resolve in Dart 3. According to Thomsen, about 85 percent of Flutter code (which is written in Dart) supports sound null safety at this point. Those with apps and packages in the remaining 15 percent are urged to adapt their code prior to Dart 3's arrival....
Following the release of Dart 3, the next significant milestone for the language is likely to be support for compiling Dart code into WebAssembly (Wasm), which will allow Flutter Web apps to run as native code in browsers.

AI Learns To Write Computer Code In 'Stunning' Advance (science.org) 153
To filter them, AlphaCode first keeps only the 1% of programs that pass test cases that accompany problems. To further narrow the field, it clusters the keepers based on the similarity of their outputs to made-up inputs. Then, it submits programs from each cluster, one by one, starting with the largest cluster, until it alights on a successful one or reaches 10 submissions (about the maximum that humans submit in the competitions). Submitting from different clusters allows it to test a wide range of programming tactics. That's the most innovative step in AlphaCode's process, says Kevin Ellis, a computer scientist at Cornell University who works AI coding.
After training, AlphaCode solved about 34% of assigned problems, DeepMind reports this week in Science. (On similar benchmarks, Codex achieved single-digit-percentage success.) To further test its prowess, DeepMind entered AlphaCode into online coding competitions. In contests with at least 5000 participants, the system outperformed 45.7% of programmers. The researchers also compared its programs with those in its training database and found it did not duplicate large sections of code or logic. It generated something new -- a creativity that surprised Ellis. The study notes the long-term risk of software that recursively improves itself. Some experts say such self-improvement could lead to a superintelligent AI that takes over the world. Although that scenario may seem remote, researchers still want the field of AI coding to institute guardrails, built-in checks and balances.

Apple Loosens Grip On App Store Pricing With 700 New Price Points (techcrunch.com) 24
U.S. consumers may have noticed some App Store prices already ended in other digits besides just $0.99. But that's because auto-renewing subscriptions had access to a slightly wider range of price points than other consumables -- including the ability to set their prices as low as $0.49. But these same rules did not apply to non-subscription app pricing, which added to consumer and developer confusion. The new system is looking to simplify the pricing so it's more consistent across the board. For U.S. apps in the lowest tiers, price points can increase in $0.10 increments up to $10.00 going forward. These price steps become less granular when you move into higher price points. For example, between $10 and $50, they then can increase by $0.50 increments. Between $50 and $200, the price steps would be $1.00, and so on.
In addition to the updated pricing policies, Apple is also now rolling out tools to help developers better manage currency and taxes across storefronts. Starting today, developers will be able to set their subscription prices in their local currency as the basis for automatically generating pricing across the other 174 storefronts and 44 currencies, or they can choose to manually set prices in each market. When pricing is set automatically, pricing outside a developer's home market will update as foreign exchange and tax rates change. This functionality will expand to all other apps beyond subscription apps in Spring 2023. Also coming in 2023, developers with paid apps and in-app purchases will be able to choose to set local territory pricing, which isn't impacted by automatic price adjustments based on the changes in taxes and foreign exchange rates. And all developers will also be able to define the availability of in-app purchases by storefront.

2022's Geeky 'Advent Calendars' Tempt Programmers with Coding Challenges and Tips 11
- The HTMHell site — which bills itself as "a collection of bad practices in HTML, copied from real websites" — decided to try publishing 24 original articles for their 2022 HTMHell Advent Calendar. Elsewhere on the way there's the Web Performance Calendar, promising daily articles for speed geeks. And the 24 Days in December blog comes to life every year with new blog posts for PHP users.
- The JVM Advent Calendar brings a new article daily about a JVM-related topic. And there's also a C# Advent calendar promising two new blog posts about C# every day up to (and including) December 25th.
- The Perl Advent Calendar offers fun stories about Perl tools averting December catastrophes up at the North Pole. (Day One's story — "Silent Mite" — described Santa's troubles building software for a ninja robot alien toy, since its embedded hardware support contract prohibited unwarrantied third-party code, requiring a full code rewrite using Perl's standard library.) Other stories so far this December include "Santa is on GitHub" and "northpole.cgi"
- The code quality/security software company SonarSource has a new 2022 edition of their Code Security Advent Calendar — their seventh consecutive year — promising "daily challenges until December 24th. Get ready to fill your bag of security tricks!" (According to a blog post the challenges are being announced on Twitter and on Mastadon.
- Just as the Perl community spawned another language named Perl 6 — now called Raku — there's also a Raku-themed advent calendar. (It's now at a new URL, though it's been running since 2009.) Day Three's post tells the story of Santa and the Rakupod Wranglers.
- "24 Pull Requests" dares participants to make 24 pull requests before December 24th. (The site's tagline is "giving back to open source for the holidays.") Over the years tens of thousands of developers (and organizations) have participated — and this year they're also encouraging organizers to hold hack events.
- The Advent of JavaScript and Advent of CSS sites promise 24 puzzles delivered by email (though you'll have to pay if you also want them to email you the solutions!)
- TryHackMe.com has its own set of darily cybersecurity puzzles (and even a few prizes).
- For 2022 Oslo-based Bekk Consulting (a "strategic internet consulting company") is offering an advent calendar of their own. A blog post says its their sixth annual edition, and promises "new original articles, podcasts, tutorials, listicles and videos every day up until Christmas Eve... all written and produced by us - developers, designers, project managers, agile coaches, management consultants, specialists and generalists."
Whether you participate or not, the creation of programming-themed advent calendar sites is a long-standing tradition among geeks, dating back more than two decades. (Last year Smashing magazine tried to compile an exhaustive list of the various sites serving all the different developer communities.)
But no list would be complete without mentioning Advent of Code. This year's programming puzzles involve everything from feeding Santa's reindeer and loading Santa's sleigh. The site's About page describes it as "an Advent calendar of small programming puzzles for a variety of skill sets and skill levels that can be solved in any programming language you like."
Now in its eighth year, the site's daily two-part programmig puzzles have a massive online following. This year's Day One puzzle was solved by 178,628 participants...

Over 50 Programmers Generate 50,000-Word Novels For 9th Annual 'Nanogenmo' Event (github.com) 12
"The only rule is that you share at least one novel and also your source code at the end," explains the event's official page on GitHub.
From the repository's README file: The "novel" is defined however you want. It could be 50,000 repetitions of the word "meow" (and yes it's been done!). It could literally grab a random novel from Project Gutenberg. It doesn't matter, as long as it's 50k+ words.
Please try to respect copyright. We're not going to police it, as ultimately it's on your head if you want to just copy/paste a Stephen King novel or whatever, but the most useful/interesting implementations are going to be ones that don't engender lawsuits.
This year's computer-generated novels include " sunday in the sunday in the," mapping the colors from each dot in the Pointillist painting Sunday Afternoon on the Island of La Grande Jatte onto words from the lyrics of a musical about that painting. ("Rush blind. Link adds shallot again....")

Using Rust at a Startup: A Cautionary Tale (scribe.rip) 141
My primary experience from Rust comes from working with it for a little more than 2 years at a previous startup. This project was a cloud-based SaaS product that is, more-or-less, a conventional CRUD app: it is a set of microservices that provide a REST and gRPC API endpoint in front of a database, as well as some other back-end microservices (themselves implemented in a combination of Rust and Python). Rust was used primarily because a couple of the founders of the company were Rust experts. Over time, we grew the team considerably (increasing the engineering headcount by nearly 10x), and the size and complexity of the codebase grew considerably as well. As the team and codebase grew, I felt that, over time, we were paying an increasingly heavy tax for continuing to use Rust. Development was sometimes sluggish, launching new features took longer than I would have expected, and the team was feeling a real productivity hit from that early decision to use Rust. Rewriting the code in another language would have, in the long run, made development much more nimble and sped up delivery time, but finding the time for the major rewrite work would have been exceedingly difficult.
So we were kind of stuck with Rust unless we decided to bite the bullet and rewrite a large amount of the code. Rust is supposed to be the best thing since sliced bread, so why was it not working so well for us? [...] Despite being some of the smartest and most experienced developers I had worked with, many people on the team (myself included) struggled to understand the canonical ways to do certain things in Rust, how to grok the often arcane error messages from the compiler, or how to understand how key libraries worked (more on this below). We started having weekly "learn Rust" sessions for the team to help share knowledge and expertise. This was all a significant drain on the team's productivity and morale as everyone felt the slow rate of development. As a comparison point of what it looks like to adopt a new language on a software team, one of my teams at Google was one of the first to switch entirely from C++ to Go, and it took no more than about two weeks before the entire 15-odd-person team was quite comfortably coding in Go for the first time.

Military Sim Developer Tired of Its Game Being Used To Fake War Footage (vice.com) 59
Arma 3 is a hyper realistic military simulation and sandbox. It's meant to be a realistic modeling of real world conflict. It's even teamed up with the International Committee of the Red Cross to release DLC that details the after effects of armed conflict. A sister studio, Bohemia Interactive Simulations, broke from the company in 2013 and makes simulations for the Pentagon using similar technology. The game is also a sandbox with a vibrant modding scene (PlayerUnknown's Battlegrounds began its life as an Arma 3 mod) that allows players to customize the game however they want. That devotion to realism and open platform has made Arma 3 the perfect platform to use to create fake war footage. "While it's flattering that Arma 3 simulates modern war conflicts in such a realistic way, we are certainly not pleased that it can be mistaken for real-life combat footage and used as war propaganda," Pavel Krizka, PR Manager of Bohemia Interactive, said in a November 28 press release. "It has happened in the past (Arma 3 videos allegedly depicted conflicts in Afghanistan, Syria, Palestine, and even between India and Pakistan), but nowadays this content has gained traction in regard to the current conflict in Ukraine."
The life cycle is almost always the same. An Arma 3 nerd uploads something to YouTube and other people pull the video, edit it to make it look more realistic, then pass it off as actual footage of the conflict. The footage goes viral then the fact-checkers come in and tell everyone it's a video game. Bohemia Interactive issues a statement and then everyone waits for the next fake to come along. "We've been trying to fight against such content by flagging these videos to platform providers (FB, YT, TW, IG etc.), but it's very ineffective," Krizka said in the press release. "With every video taken down, ten more are uploaded each day. We found the best way to tackle this is to actively cooperate with leading media outlets and fact-checkers (such as AFP, Reuters, and others), who have better reach and the capacity to fight the spreading of fake news footage effectively." Some of the tells of fake footage include a low resolution, a shaky camera, and/or a night setting. "They're often without sound, don't feature people in motion, and sometimes still include the HUD elements from the video game," adds Motherboard. "There's typically unnatural particle effects, unrealistic vehicles, uniforms, and equipment."
"We have seen many Arma players pointing out mistakenly identified footage, which helps viewers understand what they're seeing," said Bohemia Interactive. "Thank you for helping!"

Cheeky New Book Identifies 26 Lines of Code That Changed the World (thenewstack.io) 48
With chapter titles like "Wear this code, go to jail" and "the code that launched a million cat videos," each chapter offers appreciations for programmers, gathering up stories about not just their famous lives but their sometimes infamous works. (In Chapter 10 — "The Accidental Felon" — journalist Katie Hafner reveals whatever happened to that Harvard undergraduate who went on to inadvertently create one of the first malware programs in 1988...) The book quickly jumps from milestones like the Jacquard Loom and the invention of COBOL to bitcoin and our thought-provoking present, acknowledging both the code that guided the Apollo 11 moon landing and the code behind the 1962 videogame Spacewar. The Smithsonian Institution's director for their Center for the Study of Invention and Innovation writes in Chapter 4 that the game "symbolized a shift from computing being in the hands of priest-like technicians operating massive computers to enthusiasts programming and hacking, sometimes for the sheer joy of it."
I contributed chapter 9, about a 1975 comment in some Unix code that became "an accidental icon" commemorating a "momentary glow of humanity in a world of unforgiving logic." This chapter provided the book with its title. (And I'm also responsible for the book's index entry for "Linux, expletives in source code of".) In a preface, the book's editor describes the book's 29 different authors as "technologists, historians, journalists, academics, and sometimes the coders themselves," explaining "how code works — or how, sometimes, it doesn't work — owing in no small way to the people behind it."
"I've been really interested over the past several years to watch the power of the tech activists and tech labor movements," the editor says in this interview. "I think they've shown really immense power to effect change, and power to say, 'I'm not going to work on something that doesn't align with what I want for the future.' That's really something to admire.
"But of course, people are up against really big forces...."

Linux Kernel Gets More Infrastructure for Rust, Increasing Interest in the Language (sdtimes.com) 39
And there's still no actual Rust code in Linux: "You need to get all those things that can make sure that Rust can compile, and you can do the debugging and all these things," explained Joel Marcey, director of advocacy and operations for the Rust Foundation, "and make sure that the memory safety is there and all that sort of stuff. And that has to happen first before you can actually write any real code in Rust for the Linux kernel itself."
Marcey explained that Linux is going to be doing this inclusion very piecemeal, with lots of little integrations here and there over time so they can see how it is working. "I would imagine that over the next year, you're going to see more small incremental changes to the kernel with Rust, but as people are seeing that it's actually kind of working out, you'll be able to maybe, for example, write Linux drivers or whatever with Rust," said Marcey....
According to Bec Rumbul, executive director of the Rust Foundation, Rust being added to the kernel is an "enormous vote of confidence in the Rust programming language." She explained that in the past other languages have been planned to make it into the kernel and ended up not getting put in. "I think having someone with the kind of intellectual gravity of Linus Torvalds saying 'No, it's going in there,' that kind of says an awful lot about how reliable Rust already is and how much potential there is for the future as well," she said.
Rumbul believes that there will be an increased interest in the language, which is still relatively new (It first made its debut in 2010) compared to some of the other languages out there to choose from. "I suspect that because Rust is now in the kernel, and it's just being talked about much ... more widely, that it will seem like an attractive prospect to a lot of people that are looking to develop their skills and their knowledge," she said. Rumbul hopes people will also be inspired to participate in the language as contributors and maintainers, because those are some of the less popular roles within open source, but are extremely critical to the health of a language, she explained.
The Rust Foundation also launched a new security team in September to ensure best practices (including a dedicated security engineer). Their first initiative will be a security audit and threat modeling exercises. "We want to basically shore up," Rust operations director Marcey tells SD Times, "to ensure that Rust itself is actually as secure as we always say it is."
In this year's Stack Overflow Developer Survey, 86.73% of developers said they love Rust.

Google's Secret New Project Teaches AI To Write and Fix Code (businessinsider.com) 50
Pitchfork is now part of a new group at Labs named the AI Developer Assistance team run by Olivia Hatalsky, a long-term X employee who worked on Google Glass and several other moonshot projects. Hatalsky, who ran Pitchfork at X, moved to Labs when it migrated this past summer. Pitchfork was built for "teaching code to write and rewrite itself," according to internal materials seen by Insider. The tool is designed to learn programming styles and write new code based on those learnings, according to people familiar with it and patents reviewed by Insider. "The team is working closely with the Research team," a Google representative said. "They're working together to explore different use cases to help developers."

AI-Assisted Coding Start-Up Kite Is Saying Farewell and Open-Sourcing Its Code 32
Copilot was first revealed in June 2021 as an AI assistant for programmers that essentially does for coding what predictive text does for writing emails. Developed in collaboration with OpenAI, GitHub had kept Copilot in technical preview until this summer, during which time it had been used by more than 1.2m developers. The AI was made available to all developers in June, at a cost of $10 a month or $100 a year. However, Smith said that the inadequacy of machine learning models in understanding the structure of code, such as non-local context, has been an insurmountable challenge for the Kite team. "We made some progress towards better models for code, but the problem is very engineering intensive. It may cost over $100m to build a production-quality tool capable of synthesizing code reliably, and nobody has tried that quite yet."
While the business could have still been successful without necessarily increasing developer productivity by 10 times using AI, Smith said he thinks that Kite's delay and unsuccessful attempt at monetizing the service prevented the start-up from taking flight. "We sequenced building our business in the following order: First we built our team, then the product, then distribution and then monetization," he explained, adding that Kite did not reach product-market fit until 2019, five years after starting the company. Despite the time taken to get to the market, Smith said Kite was able to capture 500,000 monthly active developers using its AI with "almost zero marketing spend." But the product failed to generate revenue because the developers refused to pay for it. Smith says most of their code has been open sourced on GitHub, including their "data-driven Python type inference engine, Python public-package analyzer, desktop software, editor integrations, GitHub crawler and analyzer, and more more."

Survey of 26K Developers Finds Java, Python, Kotlin, and Rust Growing Rapidly (zdnet.com) 67
ZDNet believe it shows developers "experimenting less and sticking with what they know and what works." JavaScript remains the largest programming language community, SlashData found. According to its research, there are an estimated 19.6 million developers worldwide using JavaScript every day in everything from web development and mobile apps to backend coding, cloud and game design. Java, meanwhile, is growing rapidly. In the last two years, the size of the Java community has more than doubled from 8.3 million to 16.5 million, SlashData found. For perspective, the global developer population grew about half as fast over the same period....
Python also continued to grow strongly, adding about eight million new developers over the last two years, according to SlashData. It accredited the rise of data science and machine learning as "a clear factor in Python's growing popularity". Approximately 63% of machine-learning developers and data scientists report using Python, whereas less than 15% use R, another programming language often associated with data science.
Both the Kotlin and Rust communities doubled in size in the past two years, the article points out. But according to the survey, only 9% of developers were involved in blockchain technologies.
Yet 27% of respondents reported they were learning about (if not currently working on) cryptocurrency-based projects. ZDNet summarizes the findings: Of the three blockchain technologies covered in the report, non-fungible tokens (NFTs) were found to be of least interest to developers: 58% showed "no interest" in NFTs, which SlashData said was "likely due to its perception as a novelty".
The report found that one-quarter (25%) of developers currently work on, or are learning about, blockchain applications other than cryptocurrencies.

Should Functional Programming Be the Future of Software Development? (ieee.org) 186
"To address such issues, companies usually just throw more people at the problem: more developers, more testers, and more technicians who intervene when systems fail. Surely there must be a better way," they write in IEEE Spectrum. "I'm part of a growing group of developers who think the answer could be functional programming...." Today, we have a slew of dangerous practices that compromise the robustness and maintainability of software. Nearly all modern programming languages have some form of null references, shared global state, and functions with side effects — things that are far worse than the GOTO ever was. How can those flaws be eliminated? It turns out that the answer has been around for decades: purely functional programming languages....
Indeed, software based on pure functions is particularly well suited to modern multicore CPUs. That's because pure functions operate only on their input parameters, making it impossible to have any interactions between different functions. This allows the compiler to be optimized to produce code that runs on multiple cores efficiently and easily....
Functional programming also has a solution to Hoare's "billion-dollar mistake," null references. It addresses that problem by disallowing nulls. Instead, there is a construct usually called Maybe (or Option in some languages). A Maybe can be Nothing or Just some value. Working with Maybe s forces developers to always consider both cases. They have no choice in the matter. They must handle the Nothing case every single time they encounter a Maybe. Doing so eliminates the many bugs that null references can spawn.
Functional programming also requires that data be immutable, meaning that once you set a variable to some value, it is forever that value. Variables are more like variables in math...
Pure functional programming solves many of our industry's biggest problems by removing dangerous features from the language, making it harder for developers to shoot themselves in the foot.... I anticipate that the adoption of pure functional languages will improve the quality and robustness of the whole software industry while greatly reducing time wasted on bugs that are simply impossible to generate with functional programming. It's not magic, but sometimes it feels like that, and I'm reminded of how good I have it every time I'm forced to work with a non-functional codebase.

NVIDIA Security Team: 'What if We Just Stopped Using C?' (adacore.com) 239
In my opinion, this is the most important point of the case study — that test-oriented software verification simply doesn't work for security. Once you come out of the costly process of thoroughly testing your software, you can have a metric on the quality of the features that you provide to the users, but there's not much you can say about security.
Rohrer continues, "We wanted to emphasize provability over testing as a preferred verification method." Fortunately, it is possible to prove mathematically that your code behaves in precise accordance with its specification. This process is known as formal verification, and it is the fundamental paradigm shift that made NVIDIA investigate SPARK, the industry-ready solution for software formal verification.
Back in 2018, a Proof-of-Concept (POC) exercise was conducted. Two low-level security-sensitive applications were converted from C to SPARK in only three months. After an evaluation of the return on investment, the team concluded that even with the new technology ramp-up (training, experimentation, discovery of new tools, etc.), gains in application security and verification efficiency offered an attractive trade-off. They realized major improvements in the security robustness of both applications (See NVIDIA's Offensive Security Research D3FC0N talk for more information on the results of the evaluation).
As the results of the POC validated the initial strategy, the use of SPARK spread rapidly within NVIDIA. There are now over fifty developers trained and numerous components implemented in SPARK, and many NVIDIA products are now shipping with SPARK components.

NSA Urges Organizations To Shift To Memory Safe Programming Languages (nsa.gov) 196
Microsoft and Google have each stated that software memory safety issues are behind around 70 percent of their vulnerabilities. Poor memory management can lead to technical issues as well, such as incorrect program results, degradation of the program's performance over time, and program crashes. NSA recommends that organizations use memory safe languages when possible and bolster protection through code-hardening defenses such as compiler options, tool options, and operating system configurations. The full report is available here (PDF).

Wired Hails Rust as 'the Viral Secure Programming Language That's Taking Over Tech' (wired.com) 126
"Rust makes it impossible to introduce some of the most common security vulnerabilities. And its adoption can't come soon enough...." [A] growing movement to write software in a language called Rust is gaining momentum because the code is goof-proof in an important way. By design, developers can't accidentally create the most common types of exploitable security vulnerabilities when they're coding in Rust, a distinction that could make a huge difference in the daily patch parade and ultimately the world's baseline cybersecurity....
[B]ecause Rust produces more secure code [than C] and, crucially, doesn't worsen performance to do it, the language has been steadily gaining adherents and now is at a turning point. Microsoft, Google, and Amazon Web Services have all been utilizing Rust since 2019, and the three companies formed the nonprofit Rust Foundation with Mozilla and Huawei in 2020 to sustain and grow the language. And after a couple of years of intensive work, the Linux kernel took its first steps last month to implement Rust support. "It's going viral as a language," says Dave Kleidermacher, vice president of engineering for Android security and privacy. "We've been investing in Rust on Android and across Google, and so many engineers are like, 'How do I start doing this? This is great'...."
By writing new software in Rust instead, even amateur programmers can be confident that they haven't introduced any memory-safety bugs into their code.... These types of vulnerabilities aren't just esoteric software bugs. Research and auditing have repeatedly found that they make up the majority of all software vulnerabilities. So while you can still make mistakes and create security flaws while programming in Rust, the opportunity to eliminate memory-safety vulnerabilities is significant....
"Yes, it's a lot of work, it will be a lot of work, but the tech industry has how many trillions of dollars, plus how many talented programmers? We have the resources," says Josh Aas, executive director of the Internet Security Research Group, which runs the memory-safety initiative Prossimo as well as the free certificate authority Let's Encrypt. "Problems that are merely a lot of work are great."
Here's how Dan Lorenc, CEO of the software supply-chain security company Chainguard, explains it to Wired. "Over the decades that people have been writing code in memory-unsafe languages, we've tried to improve and build better tooling and teach people how to not make these mistakes, but there are just limits to how much telling people to try harder can actually work.
"So you need a new technology that just makes that entire class of vulnerabilities impossible, and that's what Rust is finally bringing to the table."

Stack Overflow CEO Shares Plans for Certification Programs, Opinions on No-Code Programming (zdnet.com) 52
In a new interview, he says the site's been accessed about 50 billion times over the past 14 years — and then shares his thoughts on the notion that programmers could be replaced by no-code, low-code, or AI-driven pair programming: A: Over the years, there have many, many tools, trying to democratize software development. That's a very positive thing. I actually love the fact that programming is becoming easier to do with these onramps. I was speaking at Salesforce recently, and they've got people in sales organizations writing workflows, and that's low code. You've got all these folks who are not software engineers that are creating their own automations and applications.
However, there is this trade-off. If you're making software easier to build, you're sacrificing things like customizability and a deeper understanding of how this code actually works. Back in the day, you might remember Microsoft FrontPage [an early HTML web page editor] as an example of that. You were limited to certain basic things, but you could get web work done. So similarly, these tools will work for general use cases. But, if they do that, without learning the fundamental principles of code, they will inevitably have some sort of a limit. For example, having to fix something that broke, I think they're going to be really dumbfounded.
Still, I think it's important, and I'm a believer. It's a great way to get people engaged, excited, and started. But you got to know what you're building. Access to sites like Stack Overflow help, but with more people learning as they're building, it's essential to make learning resources accessible at every stage of their journey....
Q: Is Stack Overflow considering any kind of certification? Particularly, as you just mentioned, since it's so easy now for people to step in and start programming. But then there's that big step from "Yes, I got it to work," but now "I have to maintain it for users using it in ways I never dreamed of."
A: "It's very much part of our vision for our company. We see Stack Overflow going from collective knowledge to collective learning. Having all the information is fine and dandy, but are you learning? Now, that we're part of Prosus's edtech division, we're very much looking forward to offering educational opportunities. Just as today, we can get knowledge to developers at the right place and time, we think we can deliver learning at just the right place and time. We believe we can make a huge impact with education and by potentially getting into the certification game.
Q: Some of the open-source nonprofits are moving into education as well. The Linux Foundation, in particular, has been moving here with the LF Training and Certification programs. Are you exploring that?
A: This is very much part of our vision....
Stack Overflow's CEO adds that the site's hot topics now include blockchain, machine learning, but especially technical cloud questions, "rising probably about 50% year over year over the past 10 years.... Related to this is an increase in interest in containerization and cloud-native services."