European Union regulators are investigating Apple's revised app store fees amid concerns they may increase costs for developers, according to Bloomberg News.

The European Commission sent questionnaires to developers in December focusing on Apple's new "core technology fee" of $0.51 per app installation, part of its compliance with EU's Digital Markets Act. Under Apple's revised structure, developers can maintain existing terms with commissions up to 30% on app sales, or choose a new model with lower commission rates but additional charges.

"Oracle has informed us they won't voluntarily withdraw their trademark on 'JavaScript'." That's the word coming from the company behind Deno, the alternative JavaScript/TypeScript/WebAssembly runtime, which is pursuing a formal cancellation with the U.S. Patent and Trademark Office.

So what happens next? Oracle "will file their Answer, and we'll start discovery to show how 'JavaScript' is widely recognized as a generic term and not controlled by Oracle." Deno's social media posts show a schedule of various court dates that extend through July of 2026, so "The dispute between Oracle and Deno Land could go on for quite a while," reports InfoWorld: Deno Land co-founder Ryan Dahl, creator of both the Deno and Node.js runtimes, said a formal answer from Oracle is expected before February 3, unless Oracle extends the deadline again. "After that, we will begin the process of discovery, which is where the real legal work begins. It will be interesting to see how Oracle argues against our claims — genericide, fraud on the USPTO, and non-use of the mark."

The legal process begins with a discovery conference by March 5, with discovery closing by September 1, followed by pretrial disclosure from October 16 to December 15. An optional request for an oral hearing is due by July 8, 2026.
Oracle took ownership of JavaScript's trademark in 2009 when it purchased Sun Microsystems, InfoWorld notes.

But "Oracle does not control (and has never controlled) any aspect of the specification or how the phrase 'JavaScript' can be used by others," argues an official petition filed by Deno Land Inc. with the United States Patent and Trademark Office: Today, millions of companies, universities, academics, and programmers, including Petitioner, use "JavaScript" daily without any involvement with Oracle. The phrase "JavaScript" does not belong to one corporation. It belongs to the public. JavaScript is the generic name for one of the bedrock languages of modern programming, and, therefore, the Registered Mark must be canceled.

An open letter to Oracle discussing the genericness of the phrase "JavaScript," published at https://javascript.tm/, was signed by 14,000+ individuals at the time of this Petition to Cancel, including notable figures such as Brendan Eich, the creator of JavaScript, and the current editors of the JavaScript specification, Michael Ficarra and Shu-yu Guo. There is broad industry and public consensus that the term "JavaScript" is generic.
The seven-page petition goes into great detail, reports InfoWorld. "Deno Land also accused Oracle of committing fraud in its trademark renewal efforts in 2019 by submitting screen captures of the website of JavaScript runtime Node.js, even though Node.js was not affiliated with Oracle."

Slashdot reader rzack writes: Since 1999, I've written a huge amount of PHP code, for dozens of applications and websites. Most of it has been continually updated, and remains active and in-production, in one form or another.

Here's the thing. It's all hand-written using vi, even to this day.

Is there any benefit to migrating this codebase to a more modern PHP framework, like Laravel? And is there an easy and minimally intrusive way this can be done en-masse, across dozens of applications and websites?

Or at this point should I just stick with vi?
Share your thoughts and suggestions in the comments.

What's the best way to transfer legacy PHP code to a modern framework?

An anonymous reader quotes a report from The Register: A leading education software maker has admitted its IT environment was compromised in a cyberattack, with students and teachers' personal data -- including some Social Security Numbers and medical info -- stolen. PowerSchool says its cloud-based student information system is used by 18,000 customers around the globe, including the US and Canada, to handle grading, attendance records, and personal information of more than 60 million K-12 students and teachers. On December 28 someone managed to get into its systems and access their contents "using a compromised credential," the California-based biz told its clients in an email seen by Register this week.

[...] "We believe the unauthorized actor extracted two tables within the student information system database," a spokesperson told us. "These tables primarily include contact information with data elements such as name and address information for families and educators. "For a certain subset of the customers, these tables may also include Social Security Number, other personally identifiable information, and limited medical and grade information. "Not all PowerSchool student information system customers were impacted, and we anticipate that only a subset of impacted customers will have notification obligations." While the company has tightened security measures and offered identity protection services to affected individuals, cybersecurity firm Cyble suggests the intrusion "may have been more serious and gone on much longer than has been publicly acknowledged so far," reports The Register. The cybersecurity vendor says the intrusion could have occurred as far back as June 16, 2011, with it ending on January 2 of this year.

"Critical systems and applications such as Oracle Netsuite ERP, HR software UltiPro, Zoom, Slack, Jira, GitLab, and sensitive credentials for platforms like Microsoft login, LogMeIn, Windows AD Azure, and BeyondTrust" may have been compromised, too.

Developer Q&A platform StackOverflow appears to be facing an existential crisis as volume of new questions on the site has plunged 75% from the 2017 peak and 60% year-on-year in December 2024, according to StackExchange Data Explorer figures.

The decline accelerated after ChatGPT's launch in November 2022, with questions falling 76% since then. Despite banning AI-generated answers two years ago, StackOverflow has embraced AI partnerships, striking deals with Google, OpenAI and GitHub.

An anonymous reader quotes a report from The Guardian: People who get their coffee hit in the morning reap benefits that are not seen in those who have shots later in the day, according to the first major study into the health benefits of the drink at different times. Analysis of the coffee consumption of more than 40,000 adults found that morning coffee drinkers were 16% less likely to die of any cause and 31% less likely to die from cardiovascular disease during a 10-year follow-up period than those who went without. But the benefits to heart health appeared to vanish in people who drank coffee throughout the day, the researchers found, with medical records showing no significant reduction in mortality for all-day drinkers compared with those who avoided coffee. [...]

The study suggests that a morning dose of coffee is better for the heart than an evening one, but it does not explain why. One possible explanation is that drinking coffee later in the day can disrupt circadian rhythms and levels of hormones such as melatonin. This in turn affects sleep, inflammation and blood pressure, all of which can harm heart health. In an accompanying editorial, Prof Thomas Luscher, a consultant cardiologist at the Royal Brompton and Harefield hospitals in London, notes that many all-day drinkers sleep poorly, adding that coffee seems to suppress melatonin, a hormone that is important for inducing sleep in the brain. The effects are driven largely by caffeine, but coffee contains hundreds of other bioactive compounds that affect our physiology. The researchers say some substances in the blood that drive inflammation often peak in the morning and could be countered by anti-inflammatory compounds in a morning coffee. "This explanation applies to both caffeinated and decaffeinated coffee," they write. "Overall, we must accept the now substantial evidence that coffee drinking, particularly in the morning hours, is likely to be healthy," Luscher writes. "Thus, drink your coffee, but do so in the morning!"

The study has been published in the European Heart Journal.

Long-time Slashdot reader theodp writes: In an Op-ed for The Huntington News, fourth year Northeastern University CS student Derek Kaplan argues that real pedagogical merit is what should count when deciding which language to use to teach CS fundamentals (aka 'Fundies'). He makes the case for Northeastern to reconsider its decision to move from Racket to Python and Java later this year in an overhaul of its first-year curriculum.

"Students will get extensive training in Python, which is currently the most requested language by co-op employers," Northeastern explains (some two decades after a Slashdot commenter made the same Hot Languages = Jobs observation in a spirited 2001 debate on Java as a CS introductory language)...

"I have often heard computer science students complain that Fundies 1 teaches Racket instead of a 'useful language' like Python," Kaplan writes. "But the point of Fundies is not to teach Racket — it is to teach program design skills that can be applied using any programming language. Racket is just the tool it uses to do so. A student who does well in Fundies will have no difficulty applying the same skills to Python or any other language. And with how fast the tech industry changes, is it really worth having a course that teaches just Python when tomorrow, some other language might dominate the industry? Our current curriculum focuses on timeless principles rather than fleeting trends."

Also expressing concerns about the selection of suitable languages for novice programming is King's College CS Prof Michael Kölling, who explains, "One of the drivers is the perceived usefulness of the language in a real-world context. Students (and their parents) often have opinions which language is 'better' to learn. In forming these opinions, the definition of 'better' can often be vague and driven by limited insight. One strong aspect commonly cited is the perceived usefulness of a language in the 'real world.' If a language is widely used in industry, it is more likely to be seen as a useful language to learn." Kölling's recommendation? "We need a new language for teaching novices at secondary school and introductory university level," Kölling concludes. "This language should be designed explicitly for teaching [...] Maintenance and adaptation of this language should be driven by pedagogical considerations, not by industry needs."

While noble in intent, one suspects Kaplan and Kölling may be on a quixotic quest in a money wins world, outgunned by the demands, resources, and influence of tech giants like Amazon — the top employer of Northeastern MSCS program grads — who pushed back against NSF advice to deemphasize Java in high school CS and dropped $15 million to have tech-backed nonprofit Code.org develop and push a new Java-based, powered-by-AWS CS curriculum into high schools with the support of a consortium of politicians, educators, and tech companies. Echoing Northeastern, an Amazon press release argued the new Java-based curriculum "best prepares students for the next step in their education and careers."

Researchers from Inria and Microsoft have developed a system to automatically convert specific types of C programming code into memory-safe Rust code, addressing growing cybersecurity concerns about memory vulnerabilities in software systems.

The technique, detailed in a new paper, requires programmers to use a restricted version of C called "Mini-C" that excludes features like pointer arithmetic. The researchers successfully tested their conversion system on two major code libraries, including the 80,000-line HACL* cryptographic library. Parts of the converted code have already been integrated into Mozilla's NSS and OpenSSH security systems, according to the researchers. Memory safety errors account for 76% of Android vulnerabilities in 2019.

Researchers have uncovered widespread manipulation of GitHub's star-rating system, with over 3.1 million fraudulent stars identified across 15,835 repositories, according to a new study by Socket, Carnegie Mellon University, and North Carolina State University.

The research team analyzed 20TB of data from GHArchive, spanning 6 billion GitHub events from 2019 to 2024, using their "StarScout" detection tool. The tool identified 278,000 accounts engaging in coordinated inauthentic behavior to artificially boost repository rankings.

GitHub uses stars, similar to social media likes, to rank projects and recommend content to users. The platform has previously encountered malicious exploitation of this system, including the "Stargazers Ghost Network" malware operation discovered last summer. Approximately 91% of flagged repositories and 62% of suspicious accounts were removed by October 2024.

After a four-year hiatus, 2025 will see the return of the International Obfuscated C Code Contest. Started in 1984 (and inspired partly by a bug in the classic Bourne shell), it's "the Internet's oldest contest," acording to their official social media account on Mastodon.

The contest enters its "pending" state today at 2024-12-29 23:58 UTC — meaning an opening date for submissions has been officially scheduled (for January 31st) as well as a closing date roughly eight weeks later on April 1st, 2025. That's according to the newly-released (proposed and tentative) rules and guidelines, listing contest goals like "show the importance of programming style, in an ironic way" and "stress C compilers with unusual code." And the contest's home page adds an additional goal: "to have fun with C!"

Excerpts from the official rules: Rule 0
Just as C starts at 0, so the IOCCC starts at rule 0. :-)

Rule 1
Your submission must be a complete program....

Rule 5
Your submission MUST not modify the content or filename of any part of your original submission including, but not limited to prog.c, the Makefile (that we create from your how to build instructions), as well as any data files you submit....

Rule 6
I am not a rule, I am a free(void *human);
while (!(ioccc(rule(you(are(number(6)))))) {
ha_ha_ha();
}

Rule 6 is clearly a reference to The Prisoner... (Some other rules are even sillier...) And the guidelines include their own jokes: You are in a maze of twisty guidelines, all different.

There are at least zero judges who think that Fideism has little or nothing to do with the IOCCC judging process....

We suggest that you avoid trying for the 'smallest self-replicating' source. The smallest, a zero byte entry, won in 1994.
And this weekend there was also a second announcement: After a 4 year effort by a number of people, with over 6168+ commits, the Great Fork Merge has been completed and the Official IOCCC web site has been updated! A significant number of improvements has been made to the IOCCC winning entries. A number of fixes and improvements involve the ability of reasonable modern Unix/Linux systems to be able to compile and even run them.
Thanks to long-time Slashdot reader — and C programmer — achowe for sharing the news.

"Over the course of 2024, Python has proven again and again why it's one of the most popular, useful, and promising programming languages out there," writes InfoWorld: The latest version of the language pushes the envelope further for speed and power, sheds many of Python's most decrepit elements, and broadens its appeal with developers worldwide. Here's a look back at the year in Python.

In the biggest news of the year, the core Python development team took a major step toward overcoming one of Python's longstanding drawbacks: the Global Interpreter Lock or "GIL," a mechanism for managing interpreter state. The GIL prevents data corruption across threads in Python programs, but it comes at the cost of making threads nearly useless for CPU-bound work. Over the years, various attempts to remove the GIL ended in tears, as they made single-threaded Python programs drastically slower. But the most recent no-GIL project goes a long way toward fixing that issue — enough that it's been made available for regular users to try out.

The no-GIL or "free-threaded" builds are still considered experimental, so they shouldn't be deployed in production yet. The Python team wants to alleviate as much of the single-threaded performance impact as possible, along with any other concerns, before giving the no-GIL builds the full green light. It's also entirely possible these builds may never make it to full-blown production-ready status, but the early signs are encouraging.

Another forward-looking feature introduced in Python 3.13 is the experimental just-in-time compiler or JIT. It expands on previous efforts to speed up the interpreter by generating machine code for certain operations at runtime. Right now, the speedup doesn't amount to much (maybe 5% for most programs), but future versions of Python will expand the JIT's functionality where it yields real-world payoffs.
Python is now more widely used than JavaScript on GitHub (thanks partly to its role in AI and data science code).

Software development is entering an "autopilot era" with AI coding assistants, but the industry needs to prepare for full autonomy, argues former Salesforce co-CEO Bret Taylor. Drawing parallels with self-driving cars, he suggests the role of software engineers will evolve from code authors to operators of code-generating machines. Taylor, a board member of OpenAI and who once rewrote Google Maps over a weekend, calls for new programming systems, languages, and verification methods to ensure AI-generated code remains robust and secure. From his post: In the Autonomous Era of software engineering, the role of a software engineer will likely transform from being the author of computer code to being the operator of a code generating machine. What is a computer programming system built natively for that workflow?

If generating code is no longer a limiting factor, what types of programming languages should we build?

If a computer is generating most code, how do we make it easy for a software engineer to verify it does what they intend? What is the role of programming language design (e.g., what Rust did for memory safety)? What is the role of formal verification? What is the role of tests, CI/CD, and development workflows?

Today, a software engineer's primary desktop is their editor. What is the Mission Control for a software engineer in the era of autonomous development?

An anonymous reader shared this report from TechCrunch: Microsoft-owned GitHub announced on Wednesday a free version of its popular Copilot code completion/AI pair programming tool, which will also now ship by default with Microsoft's popular VS Code editor. Until now, most developers had to pay a monthly fee, starting at $10 per month, with only verified students, teachers, and open source maintainers getting free access...

There are some limitations to the free version, which is geared toward occasional users, not major work on a big project. Developers on the free plan will get access to 2,000 code completions per month, for example, and as a GitHub spokesperson told me, each Copilot code suggestion will count against this limit — not just accepted suggestions. And while GitHub recently added the ability to switch between different foundation models, users on the free plan are limited to Anthropic's Claude 3.5 Sonnet and OpenAI's GPT-4o. (The paid plans also include Google's Gemini 1.5 Pro and OpenAI's o1-preview and -mini.) For Copilot Chat, the number of chat messages is limited to 50, but otherwise, there aren't any major limitations to the free service. Developers still get access to all Copilot Extensions and skills.

The free Copilot SKU will work in a number of editors, including VS Code, Visual Studio, and JetBrains, as well as on GitHub.com.
GitHub's announcement ends with the words "Happy coding!" and calls the service "GitHub Copilot Free." But TechCrunch points out there's already competition from services like Amazon Q Developer, as well as from companies like Tabnine and Qodo (previously known as Codium) — and they typically offer a free tier. But in addition, "With Copilot Free, we are returning to our freemium roots," GitHub CEO Thomas Dohmke told TechCrunch, as well as "laying the groundwork for something far greater: AI represents our best path to enabling a GitHub with one billion developers.

"There should be no barrier to entry for experiencing the joy of creating software. Now six years after being acquired by Microsoft, it indeed appears GitHub is still GitHub — and we are doing our thing."

Or, as GitHub CEO Satya Nadella said in a video posted on LinkedIn, "The joy of coding is back! And we are looking forward to bringing the same experience to so many more people around the world."

An anonymous reader shares a report: Amazon Web Services said in a post earlier this month that developers report spending an average of "just one hour per day" on actual coding. But that doesn't mean these workers twiddle their thumbs the remaining seven hours per day. Instead, developers spend the majority of their time on "tedious, undifferentiated tasks such as learning codebases, writing and reviewing documentation, testing, managing deployments, troubleshooting issues or finding and fixing vulnerabilities," according to Amazon Web Services.

Google has announced an experimental AI-powered code agent called "Jules" that can automatically fix coding errors for developers. From a report: Jules was introduced today alongside Gemini 2.0, and uses the updated Google AI model to create multi-step plans to address issues, modify multiple files, and prepare pull requests for Python and Javascript coding tasks in GitHub workflows.

Microsoft introduced a similar experience for GitHub Copilot last year that can recognize and explain code, alongside recommending changes and fixing bugs. Jules will compete against Microsoft's offering, and also against tools like Cursor and even Claude and ChatGPT's coding abilities. Google's launch of a coding-focused AI assistant is no surprise -- CEO Sundar Pichai said in October that more than a quarter of all new code at the company is now generated by AI.

"Jules handles bug fixes and other time-consuming tasks while you focus on what you actually want to build," Google says in its blog post. "This effort is part of our long-term goal of building AI agents that are helpful in all domains, including coding."

An anonymous reader shares a report: Software vulnerability submissions generated by AI models have ushered in a "new era of slop security reports for open source" -- and the devs maintaining these projects wish bug hunters would rely less on results produced by machine learning assistants. Seth Larson, security developer-in-residence at the Python Software Foundation, raised the issue in a blog post last week, urging those reporting bugs not to use AI systems for bug hunting.

"Recently I've noticed an uptick in extremely low-quality, spammy, and LLM-hallucinated security reports to open source projects," he wrote, pointing to similar findings from the Curl project in January. "These reports appear at first glance to be potentially legitimate and thus require time to refute." Larson argued that low-quality reports should be treated as if they're malicious.

As if to underscore the persistence of these concerns, a Curl project bug report posted on December 8 shows that nearly a year after maintainer Daniel Stenberg raised the issue, he's still confronted by "AI slop" -- and wasting his time arguing with a bug submitter who may be partially or entirely automated.

"Generative AI is transforming software development by enabling natural language prompts to generate code, reducing the need for traditional programming skills," argues Analytics India magazine. Traditionally, coding was the bastion of the select few who had mastered mighty languages like C++, Python, or Java. The idea of programming seemed exclusively reserved for those fluent in syntax and logic. However, the narrative is now being challenged by natural language coding being implemented in AI tools like GitHub Copilot. Andrej Karpathy, senior director of AI at Tesla predicted this trend last year.... English is emerging as the universal coding language.

NVIDIA CEO Jensen Huang believes that English is becoming a new programming language thanks to AI advancements. Speaking at the World Government Summit, Huang explained, "It is our job to create computing technology such that nobody has to program and that the programming language is human"... He calls this a "miracle of AI," emphasising how it closes the technology divide and empowers people from all fields to become effective technologists without traditional coding skills... "In the future, you will tell the computer what you want, and it will do it,"â Huang commented. Large language models (LLMs) like OpenAI's GPT-4 and its successors have made this possible...

Microsoft CEO Satya Nadella has been equally vocal about the potential of English for coding. Microsoft's GitHub Copilot, an AI code assistant, enables developers to describe their needs in natural language and receive functional code in response. Nadella describes this as part of a broader mission to "empower every person and every organisation on the planet to achieve more".... In a discussion earlier last year, Stability AI CEO Emad Mostaque claimed, "41% of codes on GitHub are AI-generated"...

In 2024, the ability to program is no longer reserved for a few. It's a skill anyone can wield, thanks to the power of natural language processing and AI
"No longer is the power to create software restricted to those who can decipher programming languages," the article concludes. "Anyone with a problem to solve and a clear enough articulation of that problem can now write software."

Although the article also includes this consoling quote from Nvidia's Huang in March. "There is an artistry to prompt engineering. It's how you fine-tune the instructions to get exactly what you want"

Not every tech "advent calendar" involves programming puzzles. Instead the geek tradition of programming-language advent calendars "seems to have started way back in 2000," according to one history, "when London-based programmer Mark Fowler launched a calendar highlighting a different Perl module each day."

So the tradition continues...

• Nearly a quarter of a century later, there's still a Perl Advent Calendar, celebrating tips and tricks like "a few special packages waiting under the tree that can give your web applications a little extra pep in their step."

• And of course there's a separate advent calendar for Raku programmers.

• Since 2009 web performance consultant (and former Yahoo and Facebook engineer) Stoyan Stefanov has been pulling together an annual Web Performance calendar with helpful blog posts.

• There's also a JVM Advent calendar with daily helpful hints for Java programmers.

• Another advent calendar promises daily posts about C#.

• The HTMHell site — which bills itself as "a collection of bad practices in HTML, copied from real websites" — is celebrating the season with the "HTMHell Advent Calendar," promising daily articles on security, accessibility, UX, and performance.

• There's even an advent calendar with tips for the reverse-engineering framework Radar.

• There's still a lovely web-design themed calendar at Designcember.com.

And meanwhile developers at the Svelte frontend framework are actually promising to release something new each day, "whether it's a new feature in Svelte or SvelteKit or an improvement to the website!"

But not every tech advent calendar is about programming...

• Adafruit's managing director is publishing a Retrocomputing Advent Calendar — daily looks at the ghosts of computers past.

• The Atlantic continues its 17-year tradition of a Space Telescope advent calendar, featuring daily images from both NASA's Hubble telescope and James Webb Space Telescope

• The gaming blog Rock Paper Shotgun has been counting down their favorite games of 2024...

This week AWS pledged up to $100 million in cloud-computing credits for educational organizations over the next five years, to help them build "technology-based learning experiences" on AWS, including:

• AI assistants
• coding curriculums - connectivity tools
• student learning platforms
• mobile apps
• chatbots

One example shared by Amazon: The nonprofit Code.org will use AWS's cloud credits to scale their AI teaching assistant that "has already helped teachers reduce the time they spend assessing students' coding projects by up to 50%." (Amazon's blog post notes that "Improved efficiency means teachers have more time to work on personalized lesson plans and coach students" — and that Code.org's assistant uses an AWS service for building AI tools...)

$100 million sounds pretty generous. But long-time Slashdot reader theodp notes the application for the cloud credits limits education organization to $100,000 in credits (though "your organization may be able to apply for a credits expansion" if needed). Do these figures suggest Amazon expects less than 1,000 organizations to apply for free cloud-computing over the next five years? ($100,000,000/$100,000 = 1,000)

theodp also spotted a GitHub comment from a Code.org software engineer comparing accuracy for its teaching assistant after a switch from GPT-4 Turbo to Claude. Both before and after the switch, the teaching assistant averaged an accuracy rate of 77%, the comment notes.

I guess that 77% accuracy rate is what Amazon is calling "improved efficiency" that "means teachers have more time to work on personalized lesson plans and coach students." (Maybe you're never to young to learn that AI makes mistakes?)

Mozilla's developer blog is announcing "JavaScriptmas". [F]rom December 1st to December 24th, we will release a fun, daily coding challenge for you to solve on [code-learning platform] Scrimba. Each challenge comes with an introductory screencast called "scrim", some starter code, and then it's your turn to fill in the gaps.

JavaScriptmas is about coding, learning, and the chance to win exciting prizes. Two lucky coders will be chosen as winners at the end of JavaScriptmas, and each will win a MacBook Air M3, swag from MDN and Scrimba, and a lifetime Scrimba Pro membership (worth ~$200 per year). The Scrimba membership will give you access to all courses, including the Frontend Developer Career Path based on the MDN curriculum.

Most of the challenges will evolve around JavaScript algorithms. You will also practice subjects like DOM manipulation, UI design, CSS, accessibility, and even a bit of cyber security. The challenges are a collaborative effort from Scrimba teachers, mentors, and MDN content writers, all with the goal of turning you into a more well-rounded web developer.

Winners will be chosen randomly from everyone who submits correct solutions. We want JavaScriptmas to be accessible for both beginners and experienced developers alike. That said, the more challenges you solve, the better your chances of winning! To maximize your chances, try to solve all 24 challenges and submit them as both regular entries and social entries. You don't have to submit your solutions on the same day they're published — the deadline for any submission is midnight UTC on Christmas Eve.