×
AI

GitHub Introduces AI-Powered Tool That Suggests Ways It Can Auto-Fix Your Code (bleepingcomputer.com) 24

"It's a bad day for bugs," joked TechCrunch on Wednesday. "Earlier today, Sentry announced its AI Autofix feature for debugging production code..."

And then the same day, BleepingComputer reported that GitHub "introduced a new AI-powered feature capable of speeding up vulnerability fixes while coding." This feature is in public beta and automatically enabled on all private repositories for GitHub Advanced Security customers. Known as Code Scanning Autofix and powered by GitHub Copilot and CodeQL, it helps deal with over 90% of alert types in JavaScript, Typescript, Java, and Python... After being toggled on, it provides potential fixes that GitHub claims will likely address more than two-thirds of found vulnerabilities while coding with little or no editing.

"When a vulnerability is discovered in a supported language, fix suggestions will include a natural language explanation of the suggested fix, together with a preview of the code suggestion that the developer can accept, edit, or dismiss," GitHub's Pierre Tempel and Eric Tooley said...

Last month, the company also enabled push protection by default for all public repositories to stop the accidental exposure of secrets like access tokens and API keys when pushing new code. This was a significant issue in 2023, as GitHub users accidentally exposed 12.8 million authentication and sensitive secrets via more than 3 million public repositories throughout the year.

GitHub will continue adding support for more languages, with C# and Go coming next, according to their announcement.

"Our vision for application security is an environment where found means fixed."
AI

Ask Slashdot: DuckDB Queries JSON with SQL. But Will AI Change Code Syntax? (pgrs.net) 12

Long-time Slashdot reader theodp writes: Among the amazing features of the in-process analytical database DuckDB, writes software engineer Paul Gross in DuckDB as the New jq, is that it has many data importers included without requiring extra dependencies. This means it can natively read and parse JSON as a database table, among many other formats. "Once I learned DuckDB could read JSON files directly into memory," Gross explains, "I realized that I could use it for many of the things where I'm currently using jq. In contrast to the complicated and custom jq syntax, I'm very familiar with SQL and use it almost daily."

The stark difference of the two programming approaches to the same problem — terse-but-cryptic jq vs. more-straightforward-to-most SQL — also raises some interesting questions: Will the use of Generative AI coding assistants more firmly entrench the status quo of the existing programming paradigms on whose codebases it's been trained? Or could it help bootstrap the acceptance of new, more approachable programming paradigms?

Had something like ChatGPT been around back in the Programming Windows 95 days, might people have been content to use Copilot to generate reams of difficult-to-maintain-and-enhance Windows C code using models trained on the existing codebases instead of exploring easier approaches to Windows programming like Visual BASIC?

Databases

Database For UK Nurse Registration 'Completely Unacceptable' (theregister.com) 42

Lindsay Clark reports via The Register: The UK Information Commissioner's Office has received a complaint detailing the mismanagement of personal data at the Nursing and Midwifery Council (NMC), the regulator that oversees worker registration. Employment as a nurse or midwife depends on enrollment with the NMC in the UK. According to whistleblower evidence seen by The Register, the databases on which the personal information is held lack rudimentary technical standards and practices. The NMC said its data was secure with a high level of quality, allowing it to fulfill its regulatory role, although it was on "a journey of improvement." But without basic documentation, or the primary keys or foreign keys common in database management, the Microsoft SQL Server databases -- holding information about 800,000 registered professionals -- are difficult to query and manage, making assurances on governance nearly impossible, the whistleblower told us.

The databases have no version control systems. Important fields for identifying individuals were used inconsistently -- for example, containing junk data, test data, or null data. Although the tech team used workarounds to compensate for the lack of basic technical standards, they were ad hoc and known by only a handful of individuals, creating business continuity risks should they leave the organization, according to the whistleblower. Despite having been warned of the issues of basic technical practice internally, the NMC failed to acknowledge the problems. Only after exhausting other avenues did the whistleblower raise concern externally with the ICO and The Register. The NMC stores sensitive data on behalf of the professionals that it registers, including gender, sexual orientation, gender identity, ethnicity and nationality, disability details, marital status, as well as other personal information.

The whistleblower's complaint claims the NMC falls well short of [the standards required under current UK law for data protection and the EU's General Data Protection Regulation (GDPR)]. The statement alleges that the NMC's "data management and data retrieval practices were completely unacceptable." "There is not even much by way of internal structure of the databases for self-documentation, such as primary keys, foreign keys (with a few honorable exceptions), check constraints and table constraints. Even fields that should not be null are nullable. This is frankly astonishing and not the practice of a mature, professional organization," the statement says. For example, the databases contain a unique ten-digit number (or PRN) to identify individuals registered to the NMC. However, the fields for PRNs sometimes contain individuals' names, start with a letter or other invalid data, or are simply null. The whistleblower's complaint says that the PRN problem, and other database design deficiencies, meant that it was nearly impossible to produce "accurate, correct, business critical reports ... because frankly no one knows where the correct data is to be found."
A spokesperson for the NMC said the register was "organized and documented" in the SQL Server database. "For clarity, the register of all our nurses, midwives and nursing practitioners is held within Dynamics 365 which is our system of record. This solution and the data held within it, is secure and well documented. It does not rely on any SQL database. The SQL database referenced by the whistleblower relates to our data warehouse which we are in the process of modernizing as previously shared."
Open Source

Redis To Adopt 'Source-Available Licensing' Starting With Next Version (redis.com) 44

Longtime Slashdot reader jgulla shares an announcement from Redis: Beginning today, all future versions of Redis will be released with source-available licenses. Starting with Redis 7.4, Redis will be dual-licensed under the Redis Source Available License (RSALv2) and Server Side Public License (SSPLv1). Consequently, Redis will no longer be distributed under the three-clause Berkeley Software Distribution (BSD). The new source-available licenses allow us to sustainably provide permissive use of our source code.

We're leading Redis into its next phase of development as a real-time data platform with a unified set of clients, tools, and core Redis product offerings. The Redis source code will continue to be freely available to developers, customers, and partners through Redis Community Edition. Future Redis source-available releases will unify core Redis with Redis Stack, including search, JSON, vector, probabilistic, and time-series data models in one free, easy-to-use package as downloadable software. This will allow anyone to easily use Redis across a variety of contexts, including as a high-performance key/value and document store, a powerful query engine, and a low-latency vector database powering generative AI applications. [...]

Under the new license, cloud service providers hosting Redis offerings will no longer be permitted to use the source code of Redis free of charge. For example, cloud service providers will be able to deliver Redis 7.4 only after agreeing to licensing terms with Redis, the maintainers of the Redis code. These agreements will underpin support for existing integrated solutions and provide full access to forthcoming Redis innovations. In practice, nothing changes for the Redis developer community who will continue to enjoy permissive licensing under the dual license. At the same time, all the Redis client libraries under the responsibility of Redis will remain open source licensed. Redis will continue to support its vast partner ecosystem -- including managed service providers and system integrators -- with exclusive access to all future releases, updates, and features developed and delivered by Redis through its Partner Program. There is no change for existing Redis Enterprise customers.

Programming

C++ Creator Rebuts White House Warning (infoworld.com) 258

An anonymous reader quotes a report from InfoWorld: C++ creator Bjarne Stroustrup has defended the widely used programming language in response to a Biden administration report that calls on developers to use memory-safe languages and avoid using vulnerable ones such as C++ and C. In a March 15 response to an inquiry from InfoWorld, Stroustrup pointed out strengths of C++, which was designed in 1979. "I find it surprising that the writers of those government documents seem oblivious of the strengths of contemporary C++ and the efforts to provide strong safety guarantees," Stroustrup said. "On the other hand, they seem to have realized that a programming language is just one part of a tool chain, so that improved tools and development processes are essential."

Safety improvement always has been a goal of C++ development efforts, Stroustrup stressed. "Improving safety has been an aim of C++ from day one and throughout its evolution. Just compare the K&R C language with the earliest C++, and the early C++ with contemporary C++. My CppCon 2023 keynote outlines that evolution," he said. "Much quality C++ is written using techniques based on RAII (Resource Acquisition Is Initialization), containers, and resource management pointers rather than conventional C-style pointer messes." Stroustrup cited a number of efforts to improve C++ safety. "There are two problems related to safety. Of the billions of lines of C++, few completely follow modern guidelines, and peoples' notions of which aspects of safety are important differ. I and the C++ standard committee are trying to deal with that," he said. "Profiles is a framework for specifying what guarantees a piece of code requires and enable implementations to verify them. There are documents describing that on the committee's website -- look for WG21 -- and more are coming. However, some of us are not in a mood to wait for the committee's necessarily slow progress."

Profiles, Stroustrup said, "is a framework that allows us to incrementally improve guarantees -- e.g., to eliminate most range errors relatively soon -- and to gradually introduce guarantees into large code bases through local static analysis and minimal run-time checks. My long-term aim for C++ is and has been for C++ to offer type and resource safety when and where needed. Maybe the current push for memory safety -- a subset of the guarantees I want -- will prove helpful to my efforts, which are shared by many in the C++ standards committee." Stroustrup previously defended the safety of C++ against the NSA, which recommended using memory-safe languages instead of C++ and C in a November 2022 bulletin.

Databases

Database-Based Operating System 'DBOS' Does Things Linux Can't (nextplatform.com) 104

Databricks CTO Matei Zaharia "said that Databricks had to keep track of scheduling a million things," remembers adjunct MIT professor Michael Stonebraker. " He said that this can't be done with traditional operating system scheduling, and so this was done out of a Postgres database. And then he started to whine that Postgres was too slow, and I told him we can do better than that...."

This resulted in DBOS — short for "database operating system" — which they teamed up to build with teams Stanford and MIT, according to The Next Platform: They founded a company to commercialize the idea in April 2023 and secured $8.5 million initial seed funding to start building the real DBOS. Engine Ventures and Construct Capital led the funding, along with Sinewave and GutBrain Ventures...

"The state that the operating system has to keep track of — memory, files, messages, and so on — is approximately linear to the resources you have got," says Stonebraker. "So without me saying another word, keeping track of operating system state is a database problem not addressed by current operating system schedulers. Moreover, OLTP [Online Transaction Processing] database performance has gone up dramatically, and that is why we thought instead of running the database system in user space on top of the operating system, why don't we invert our thinking 180 degrees and run the operating system on top of the database, with all of the operating services are coded in SQL...?"

For now, DBOS can give the same kind of performance as that full blown Linux operating system, and thanks to the distributed database underpinnings of its kernel, it can do things that a Linux kernel just cannot do... One is provide reliable execution, which means that if a program running atop DBOS is ever interrupted, it starts where it left off and does not have to redo its work from some arbitrary earlier point and does not crash and have to start from the beginning. And because every little bit of the state of the operating system — and therefore the applications that run atop it — is preserved, you can go backwards in time in the system and restart the operating system if it experiences some sort of anomaly, such as a bad piece of application software running or a hack attack. You can use this "time travel" feature, as Stonebraker calls it, to reproduce what are called heisenbugs — ones that are very hard to reproduce precisely because there is no shared state in the distributed Linux and Kubernetes environment and that are increasingly prevalent in a world of microservices.

The other benefit of the DBOS is that it presents a smaller attack surface for hackers, which boosts security, and that you analyze the metrics of the operating system in place since they are already in a NoSQL database that can be queried rather than aggregating a bunch of log files from up and down the software stack to try to figure out what is going on...

There is also a custom tier for DBOS, which we presume costs money, that can use other databases and datastores for user application data, stores more than three days of log data, can have multiple users per account, that adds email and Slack support with DBOS techies, and that is available on other clouds as well as AWS.

The operating system kernel/scheduler "is itself largely a database," with services written in TypeScript, according to the article. The first iteration used the FoundationDB distributed key-value store for its scheduling core (open sourced by Apple in 2018), according to the article — "a blazingly fast NoSQL database... Stonebraker says there is no reason to believe that DBOS can't scale across 1 million cores or more and support Java, Python, and other application languages as they are needed by customers..."

And the article speculates they could take things even further. "There is no reason why DBOS cannot complete the circle and not only have a database as an operating system kernel, but also have a relational database as the file system for applications."
Programming

Free/Libre 'GnuCOBOL' Compiler Reaches Maturity, Can Compete with Proprietary Offerings (thenewstack.io) 49

An anonymous reader shared this report: After 20 years of development, the open source GnuCOBOL "has reached an industrial maturity and can compete with proprietary offers in all environments," said OCamlPro founder and GnuCOBOL contributor Fabrice Le Fessant, in a FOSDEM talk about the technology. GnuCOBOL turns COBOL source code into executable applications. It is very cross-platform, running Linux, BSD, many proprietary Unixes, macOS, and Windows, even Android. And the latest version, v.32, is being used in many commercial settings...

Sobisch noted that the GnuCOBOL is seeing a lot of commercial deployments, such as for banking back-end apps, many of which are being migrated from Micro Focus, with users reporting performance improvements as a result. The French DGFIP federal agency moved from a GCOS mainframe to GnuCOBOL, with the help of Le Fessant's firm.

Originally called OpenCOBOL, the project was started in 2002 and renamed GnuCOBOL in 2013. In the past three years, it has received attention from 13 contributors with 460 commits. Most Linux package managers have a copy of GnuCOBOL for the program for downloading... It can compile to C code (C89+), making it extremely portable, from mainframes to Raspberry Pi's, Sobisch said...

Also new is SuperBOL, a development studio for GnuCOBOL developed by Le Fessant's OCamlPro. It runs as a VSCode Extension and features a full COBOL processor (written in OCaml).

Programming

Code.org Tells Court Zuckerberg-Backed Byju's Undermines Mission To Teach Kids CS 14

theodp writes: Tech-backed nonprofit Code.org on Wednesday fired the latest salvo in its legal battle over $3 million in unpaid licensing fees for the use of Code.org's free [for non-commercial purposes] K-12 computer science curriculum by WhiteHat Jr., the learn-to-code edtech company with a controversial past that was bought for $300M in 2020 by Byju's, another edtech firm that received a $50M investment from Mark Zuckerberg's venture firm that still touts its ties to Zuckerberg on its Investors page.

In a filing in support of a motion for default judgement, Code.org founder and CEO Hadi Partovi wrote: "Whitehat's continued use of Code.org's platform and content without payment following Code.org's termination of the Agreement has caused, and is continuing to cause, irreparable injury to Code.org, because it undermines Code.org's charitable and nonprofit purpose of expanding access to computer science in schools and increasing participation by young women and students from other underrepresented groups and because it jeopardizes Code.org's status as an organization described in Section 501(c)(3) of the Internal Revenue Code of 1986. As a Section 501(c)(3) tax exempt organization, Code.org may not use its assets to benefit for-profit entities without receiving fair compensation."

According to the [proposed] default judgement, "Code.org is awarded the principal amount sued for of $3,000,000, along with attorneys' fees, costs, and expenses in an amount to be determined following Code.org's submission of an application, together with pre-judgment interest of $216,001.16, from May 26, 2023 to March 13, 2024, and any additional pre-judgment interest that may accrue until the date of judgment, calculated at the rate of 9% per annum pursuant to CPLR 5001 and 5004, plus any post-judgment interest at the statutory rate, for a total judgment in the amount of $[TBD]."
Games

Discord Opens Up To Games and Apps Embedded In Its Chat App (theverge.com) 7

Tom Warren reports via The Verge: Discord will soon allow developers to build new games and apps that can be used directly in its chat app. A selection of minigames and apps have been available to Discord users for months now, but starting March 18th, all Discord developers will get access to a new Embedded App SDK that lets them build these special embedded apps. Discord has used its Activities feature to enable apps like YouTube, promote minigames like poker, and even encourage users to play with a shared whiteboard experience. These apps all appear as an embedded iframe inside Discord, but they've been limited to select developers so far.

The SDK will open up this Activities section of Discord to many more developers, so we're bound to see a lot more minigames that can be played directly inside Discord chats. [...] Discord is also experimenting with a way to allow users to add apps to their accounts so they roam across servers. Developers will be able to enable their apps for accounts, and the experiment will launch alongside the app SDK on March 18th. Discord is also bringing back its app pitches, where developers can pitch prototype app ideas and secure up to $30,000 in funding.

AI

Gold-Medalist Coders Build an AI That Can Do Their Job for Them (bloomberg.com) 27

A new startup called Cognition AI can turn a user's prompt into a website or video game. From a report: A new installment of Silicon Valley's most exciting game, Are We in a Bubble?!, has begun. This time around the game's premise hinges on whether AI technology is poised to change the world as the consumer internet did -- or even more dramatically -- or peter out and leave us with some advances but not a new global economy. This game isn't easy to play, and the available data points often prove more confusing than enlightening. Take the case of Cognition AI Inc.

You almost certainly have not heard of this startup, in part because it's been trying to keep itself secret and in part because it didn't even officially exist as a corporation until two months ago. And yet this very, very young company, whose 10-person staff has been splitting time between Airbnbs in Silicon Valley and home offices in New York, has raised $21 million from Peter Thiel's venture capital firm Founders Fund and other brand-name investors, including former Twitter executive Elad Gil. They're betting on Cognition AI's team and its main invention, which is called Devin.

Devin is a software development assistant in the vein of Copilot, which was built by GitHub, Microsoft and OpenAI, but, like, a next-level software development assistant. Instead of just offering coding suggestions and autocompleting some tasks, Devin can take on and finish an entire software project on its own. To put it to work, you give it a job -- "Create a website that maps all the Italian restaurants in Sydney," say -- and the software performs a search to find the restaurants, gets their addresses and contact information, then builds and publishes a site displaying the information. As it works, Devin shows all the tasks it's performing and finds and fixes bugs on its own as it tests the code being written. The founders of Cognition AI are Scott Wu, its chief executive officer; Steven Hao, the chief technology officer; and Walden Yan, the chief product officer. Hao was most recently one of the top engineers at Scale AI, a richly valued startup that helps train AI systems. Yan, until recently at Harvard University, requested that his status at the school be left ambiguous because he hasn't yet had the talk with his parents.

EU

Apple To Allow iOS App Downloads Direct From Websites in the EU (theverge.com) 30

Apple is planning to make further changes in EU countries to allow some developers to distribute their iOS apps directly from a website. From a report: The new web distribution feature will be available with a software update "later this spring," according to Apple, providing developers with a key new way to distribute iOS apps in EU markets without the need for a separate app store -- as long as they're willing to adhere to Apple's strict rules.

While Apple is opening up iOS to more third-party apps here, these are still some key security protections around how apps are distributed via websites -- namely, you'll still have to work within the strict Apple app development ecosystem.

Programming

The Apple IIgs: On a Machine This Slow, You Had To Get Weird (bdmonkeys.net) 69

Long-time Slashdot reader garote writes: It's the year 1991. You're a teenage computer geek.

You've just upgraded to an Apple IIgs, your first "16-bit" computer. To relieve the crushing boredom of your High School coursework, you and your friends embark on the computer geek equivalent of forming a heavy metal band: Making your own video game.

You meet at the benches during lunch hour, and pass around crude plans scribbled on graph paper. You assign each other impressive titles like "Master Programmer", "Sound Designer", and "Area Data Input". You swap 3.5" disks like furtive secret agents, and stay up coding untl 3am. Your parents look at your owlish eyes — and your slipping grades — and ask if you're "on drugs".

If that sounds familiar, this essay may prove interesting. It uses the game my friends and I started — but didn't finish — in High School over 30 years ago, to explore the absurd programming contortions we did to make it playable on the Apple IIgs: The red-headed stepchild of the Apple II line; a machine that languished for six years without a hardware upgrade to avoid competing with the Macintosh.

Thanks to the recent release of the first cycle-accurate emulator for this machine, you can actually play the game in all its screen-tearing glory. You can also explore the source code which has survived for 30 years, and been adapted to build on modern hardware thanks to Merlin32 and CiderPress II.
"Nowadays, the content of the game itself is only good for an embarrassing laugh," according to the web page, "but I feel that the code we hammered out shows the unique challenges of a bygone era, which should be remembered..."
Games

Warner Bros. is Now Erasing Games As It Plans To Delist Adult Swim-Published Titles (polygon.com) 42

Michael McWhertor reports via Polygon: Warner Bros. Discovery is telling developers it plans to start "retiring" games published by its Adult Swim Games label, game makers who worked with the publisher tell Polygon. At least three games are under threat of being removed from Steam and other digital stores, with the fate of other games published by Adult Swim unclear. The media conglomerate's planned removal of those games echoes cuts from its film and television business; Warner Bros. Discovery infamously scrapped plans to release nearly complete movies Batgirl and Coyote vs. Acme, and removed multiple series from its streaming services. If Warner Bros. does go through with plans to delist Adult Swim's games from Steam and digital console stores, 18 or more games could be affected.

News of the Warner Bros. plan to potentially pull Adult Swim's games from Steam and the PlayStation Store was first reported by developer Owen Reedy, who released puzzle-adventure game Small Radios Big Televisions through the label in 2016. Reedy said on X Tuesday the game was being "retired" by Adult Swim Games' owner. He responded to the company's decision by making the Windows PC version of Small Radios Big Televisions available to download for free from his studio's website. Polygon reached out to other developers who had worked with Adult Swim Games as a publisher. Two studios responded to say that they'd received a similar warning from Warner Bros. Discovery, but they are still in the dark about what it means for their games. [...]

Polygon reached out to 10 studios and solo developers who had their games published by Adult Swim Games to see what they've heard. Some say they haven't been contacted by WB Discovery, but they expect to. "From what I've heard from others, I will probably be hearing from them soon," developer Andrew Morrish, who published Kingsway and Super Puzzle Platformer Deluxe through Adult Swim, told Polygon. "It's not looking good." Molinari said that if and when his game Soundodger+ is pulled from Steam, he'll republish it there "with as little downtime as possible between the two versions." The game is also available from Molinari's itch page.

Apple

Apple Reinstates Epic Developer Account After Public Backlash for Retaliation (epicgames.com) 41

Epic Games, in a blog post: Apple has told us and committed to the European Commission that they will reinstate our developer account. This sends a strong signal to developers that the European Commission will act swiftly to enforce the Digital Markets Act and hold gatekeepers accountable. We are moving forward as planned to launch the Epic Games Store and bring Fortnite back to iOS in Europe. Epic CEO Tim Sweeney adds: The DMA went through its first major challenge with Apple banning Epic Games Sweden from competing with the App Store, and the DMA just had its first major victory. Following a swift inquiry by the European Commission, Apple notified the Commission and Epic that it would relent and restore our access to bring back Fortnite and launch Epic Games Store in Europe under the DMA law.
Open Source

Feds To Offer New Support To Open-Source Developers (axios.com) 12

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) will start providing more hands-on support to open-source software developers as they work to better secure their projects, the agency said. From a report: CISA hosted a two-day, invite-only summit this week with leaders in the open-source software community and other federal officials. During the private event, the agency also ran what's likely the first tabletop exercise to assess how well the government and the open-source community would respond to a cyberattack targeting one of their projects.

During the summit, CISA and a handful of package repositories unveiled new initiatives to help secure open-source projects. CISA is working on a new communication channel where open-source software developers can share threat intelligence and ask the agency for assistance during an incident. The Rust Foundation is developing new public key infrastructure for its repository, which will help ensure that the code developers are uploading isn't malicious and is coming from legitimate users.

npm, which manages the JavaScript programming language, is requiring project maintainers to enroll in multi-factor authentication and is rolling out a tool to generate "software bills of materials," which provide a recipe list of what code and other elements are in a project. Additional repositories -- including the Python Software Foundation, Packagist, Composer and Maven Central -- are pursuing similar projects and also also rolling out tools to help detect and report malware and other security vulnerabilities.

AI

'AI Prompt Engineering Is Dead' 68

The hype around AI language models has companies scrambling to hire prompt engineers to improve their AI queries and create new products. But new research hints that the AI may be better at prompt engineering than humans, indicating many of these jobs could be short-lived as the technology evolves and automates the role. IEEE Spectrum: Battle and Gollapudi decided to systematically test [PDF] how different prompt engineering strategies impact an LLM's ability to solve grade school math questions. They tested three different open source language models with 60 different prompt combinations each. What they found was a surprising lack of consistency. Even chain-of-thought prompting sometimes helped and other times hurt performance. "The only real trend may be no trend," they write. "What's best for any given model, dataset, and prompting strategy is likely to be specific to the particular combination at hand."

There is an alternative to the trial-and-error style prompt engineering that yielded such inconsistent results: Ask the language model to devise its own optimal prompt. Recently, new tools have been developed to automate this process. Given a few examples and a quantitative success metric, these tools will iteratively find the optimal phrase to feed into the LLM. Battle and his collaborators found that in almost every case, this automatically generated prompt did better than the best prompt found through trial-and-error. And, the process was much faster, a couple of hours rather than several days of searching.
Android

Google Adds New Developer Fees As Part of Play Store's DMA Compliance Plan (techcrunch.com) 22

An anonymous reader quotes a report from TechCrunch: Google today is sharing more details about the fees that will accompany its plan to comply with Europe's new Digital Markets Act (DMA), the new regulation aimed at increasing competition across the app store ecosystem. While Google yesterday pointed to ways it already complied with the DMA -- by allowing sideloading of apps, for example -- it hadn't yet shared specifics about the fees that would apply to developers, noting that further details would come out this week. That time is now, as it turns out.

Today, Google shared that there will be two fees that apply to its External offers program, also announced yesterday. This new program allows Play Store developers to lead their users in the EEA outside their app, including to promote offers. With these fees, Google is going the route of Apple, which reduced its App Store commissions in the EU to comply with the DMA but implemented a new Core Technology Fee that required developers to pay 0.50 euros for each first annual install per year over a 1 million threshold for apps distributed outside the App Store. Apple justified the fee by explaining that the services it provides developers extend beyond payment processing and include the work it does to support app creation and discovery, craft APIs, frameworks and tools to support developers' app creation work, fight fraud and more.

Google is taking a similar tactic, saying today that "Google Play's service fee has never been simply a fee for payment processing -- it reflects the value provided by Android and Play and supports our continued investments across Android and Google Play, allowing for the user and developer features that people count on," a blog post states. It says there will now be two fees that accompany External Offers program transactions:

- An initial acquisition fee, which is 10% for in-app purchases or 5% for subscriptions for two years. Google says this fee represents the value that Play provided in facilitating the initial user acquisition through the Play Store.
- An ongoing services fee, which is 17% for in-app purchases or 7% for subscriptions. This reflects the "broader value Play provides users and developers, including ongoing services such as parental controls, security scanning, fraud prevention, and continuous app updates," writes Google.

Of note, a developer can opt out of the ongoing services and corresponding fees, if the user agrees, after two years. Users who initially installed the app believe they'll have services like parental controls, security scanning, fraud prevention and continuous app updates, which is why opting out requires user consent. Although Google allows the developer to terminate this fee, those ongoing services will no longer apply either. Developers, however, will still be responsible for reporting transactions involving those users who are continuing to receive Play Store services.

Apple

Apple Terminated Epic's Developer Account (epicgames.com) 197

Epic Games, in a blog post: We recently announced that Apple approved our Epic Games Sweden AB developer account. We intended to use that account to bring the Epic Games Store and Fortnite to iOS devices in Europe thanks to the Digital Markets Act (DMA). To our surprise, Apple has terminated that account and now we cannot develop the Epic Games Store for iOS. This is a serious violation of the DMA and shows Apple has no intention of allowing true competition on iOS devices.

The DMA requires Apple to allow third-party app stores, like the Epic Games Store. Article 6(4) of the DMA says: "The gatekeeper shall allow and technically enable the installation and effective use of third-party software applications or software application stores using, or interoperating with, its operating system and allow those software applications or software application stores to be accessed by means other than the relevant core platform services of that gatekeeper."

In terminating Epic's developer account, Apple is taking out one of the largest potential competitors to the Apple App Store. They are undermining our ability to be a viable competitor and they are showing other developers what happens when you try to compete with Apple or are critical of their unfair practices. If Apple maintains its power to kick a third party marketplace off iOS at its sole discretion, no reasonable developer would be willing to utilize a third party app store, because they could be permanently separated from their audience at any time.
Apple said one of the reasons it terminated Epic's developer account only a few weeks after approving it was because the Fortnite-maker publicly criticized its proposed DMA compliance plan, Epic said.
AI

Qualcomm Launches First True 'App Store' For AI With 75 Free Models 20

Wayne Williams reports via TechRadar: Qualcomm has unveiled its AI Hub, an all-inclusive library of pre-optimized AI models ready for use on devices running on Snapdragon and Qualcomm platforms. These models support a wide range of applications including natural language processing, computer vision, and anomaly detection, and are designed to deliver high performance with minimal power consumption, a critical factor for mobile and edge devices. The AI Hub library currently includes more than 75 popular AI and generative AI models including Whisper, ControlNet, Stable Diffusion, and Baichuan 7B. All models are bundled in various runtimes and are optimized to leverage the Qualcomm AI Engine's hardware acceleration across all cores (NPU, CPU, and GPU). According to Qualcomm, they'll deliver four times faster inferencing times.

The AI Hub also handles model translation from the source framework to popular runtimes automatically. It works directly with the Qualcomm AI Engine direct SDK and applies hardware-aware optimizations. Developers can search for models based on their needs, download them, and integrate them into their applications, saving time and resources. The AI Hub also provides tools and resources for developers to customize these models, and they can fine-tune them using the Qualcomm Neural Processing SDK and the AI Model Efficiency Toolkit, both available on the platform.
Programming

'Communications of the ACM' Is Now Open Access (acm.org) 25

Long-time Slashdot reader theodp writes: CACM [Communications of the ACM] Is Now Open Access," proclaims the Association for Computing Machinery (ACM) in its tear-down-this-CACM-paywall announcement. "More than six decades of CACM's renowned research articles, seminal papers, technical reports, commentaries, real-world practice, and news articles are now open to everyone, regardless of whether they are members of ACM or subscribe to the ACM Digital Library."

Ironically, clicking on Google search results for older CACM articles on Aaron Swartz currently returns page-not-found error messages and the CACM's own search can't find Aaron Swarz either, so perhaps there's some work that remains to be done with the transition to CACM's new website. ACM plans to open its entire archive of over 600,000 articles when its five-year transition to full Open Access is complete (January 2026 target date).

"They are right..." the site's editor-in-chief told Slashdot. "We need to get Google to reindex the new site ASAP."

Slashdot Top Deals