Richard Speed writes via The Register: It was 30 years ago when the first public release of the Java programming language introduced the world to Write Once, Run Anywhere -- and showed devs something cuddlier than C and C++. Originally called "Oak," Java was designed in the early 1990s by James Gosling at Sun Microsystems. Initially aimed at digital devices, its focus soon shifted to another platform that was pretty new at the time -- the World Wide Web.

The language, which has some similarities to C and C++, usually compiles to a bytecode that can, in theory, run on any Java Virtual Machine (JVM). The intention was to allow programmers to Write Once Run Anywhere (WORA) although subtle differences in JVM implementations meant that dream didn't always play out in reality. This reporter once worked with a witty colleague who described the system as Write Once Test Everywhere, as yet another unexpected wrinkle in a JVM caused their application to behave unpredictably. However, the language soon became wildly popular, rapidly becoming the backbone of many enterprises. [...]

However, the platform's ubiquity has meant that alternatives exist to Oracle Java, and the language's popularity is undiminished by so-called "predatory licensing tactics." Over 30 years, Java has moved from an upstart new language to something enterprises have come to depend on. Yes, it may not have the shiny baubles demanded by the AI applications of today, but it continues to be the foundation for much of today's modern software development. A thriving ecosystem and a vast community of enthusiasts mean that Java remains more than relevant as it heads into its fourth decade.

Long-time Slashdot reader mbessey (a Mac/iOS developer) writes: As we're coming up on the 50th anniversary of the first release of UCSD Pascal, I thought it would be interesting to poke around in it a bit, and work on some tools to bring this "portable operating system" back to life on modern hardware, in a modern language (Rust).
Wikipedia describes UCSD Pascal as "a version that ran on a custom operating system that could be ported to different platforms. A key platform was the Apple II, where it saw widespread use as Apple Pascal. This led to Pascal becoming the primary high-level language used for development in the Apple Lisa, and later, the Macintosh. Parts of the original Macintosh operating system were hand-translated into Motorola 68000 assembly language from the Pascal source code."

mbessey is chronicling their new project in a series of blog posts which begins here: The p-System was not the first portable byte-code interpreter and compiler system — that idea goes very far back, at least to the origins of the Pascal language itself. But it was arguably one of the most-successful early versions of the idea and served as an inspiration for future portable software systems (including Java's bytecode, and Infocom's Z-machine).
And they've already gotten UCSD Pascal running in an emulator and built some tools (in Rust) to transfer files to disk images. Now they're working towards writing a p-machine emulator in Rust, which they can they port to "something other than the Mac. Ideally, something small â" like an Arduino or Raspberry Pi Pico."

Longtime Slashdot reader frank_adrian314159 writes: According to an article in Wired, Elon Musk has appointed a team of technologists from DOGE to "rewrite the code that runs the SSA in months." This codebase has over 60 million lines of COBOL and handles record keeping for all American workers and payments for all Social Security recipients. Given that the code has to track the byzantine regulations dealing with Social Security, it's no wonder that the codebase is this large. What is in question though is whether a small team can rewrite this code "in months." After all, what could possibly go wrong? "The project is being organized by Elon Musk lieutenant Steve Davis ... and aims to migrate all SSA systems off COBOL ... and onto a more modern replacement like Java within a scheduled tight timeframe of a few months," notes Wired.

"Under any circumstances, a migration of this size and scale would be a massive undertaking, experts tell WIRED, but the expedited deadline runs the risk of obstructing payments to the more than 65 million people in the US currently receiving Social Security benefits."

In 2017, SSA announced a plan to modernize its core systems with a timeline of around five years. However, the work was "pivoted away" because of the pandemic.

Memory safety bugs are "eroding trust in technology and costing billions," argues a new post on Google's security blog — adding that "traditional approaches, like code auditing, fuzzing, and exploit mitigations — while helpful — haven't been enough to stem the tide."

So the blog post calls for a "common framework" for "defining specific, measurable criteria for achieving different levels of memory safety assurance." The hope is this gives policy makers "the technical foundation to craft effective policy initiatives and incentives promoting memory safety" leading to "a market in which vendors are incentivized to invest in memory safety." ("Customers will be empowered to recognize, demand, and reward safety.")

In January the same Google security researchers helped co-write an article noting there are now strong memory-safety "research technologies" that are sufficiently mature: memory-safe languages (including "safer language subsets like Safe Buffers for C++"), mathematically rigorous formal verification, software compartmentalization, and hardware and software protections. (With hardware protections including things like ARM's Memory Tagging Extension and the (Capability Hardware Enhanced RISC Instructions, or "CHERI", architecture.) Google's security researchers are now calling for "a blueprint for a memory-safe future" — though Importantly, the idea is "defining the desired outcomes rather than locking ourselves into specific technologies."

Their blog post this week again urges a practical/actionable framework that's commonly understood, but one that supports different approaches (and allowing tailoring to specific needs) while enabling objective assessment: At Google, we're not just advocating for standardization and a memory-safe future, we're actively working to build it. We are collaborating with industry and academic partners to develop potential standards, and our joint authorship of the recent CACM call-to-action marks an important first step in this process... This commitment is also reflected in our internal efforts. We are prioritizing memory-safe languages, and have already seen significant reductions in vulnerabilities by adopting languages like Rust in combination with existing, wide-spread usage of Java, Kotlin, and Go where performance constraints permit. We recognize that a complete transition to those languages will take time. That's why we're also investing in techniques to improve the safety of our existing C++ codebase by design, such as deploying hardened libc++.

This effort isn't about picking winners or dictating solutions. It's about creating a level playing field, empowering informed decision-making, and driving a virtuous cycle of security improvement... The journey towards memory safety requires a collective commitment to standardization. We need to build a future where memory safety is not an afterthought but a foundational principle, a future where the next generation inherits a digital world that is secure by design.
The security researchers' post calls for "a collective commitment" to eliminate memory-safety bugs, "anchored on secure-by-design practices..." One of the blog post's subheadings? "Let's build a memory-safe future together."

And they're urging changes "not just for ourselves but for the generations that follow."

Brave Browser version 1.75 introduces "custom scriptlets," a new feature that allows advanced users to inject their own JavaScript into websites for enhanced customization, privacy, and usability. The feature is similar to the TamperMonkey and GreaseMonkey browser extensions, notes BleepingComputer. From the report: "Starting with desktop version 1.75, advanced Brave users will be able to write and inject their own scriptlets into a page, allowing for better control over their browsing experience," explained Brave in the announcement. Brave says that the feature was initially created to debug the browser's adblock feature but felt it was too valuable not to share with users. Brave's custom scriptlets feature can be used to modify webpages for a wide variety of privacy, security, and usability purposes.

For privacy-related changes, users write scripts that block JavaScript-based trackers, randomize fingerprinting APIs, and substitute Google Analytics scripts with a dummy version. In terms of customization and accessibility, the scriptlets could be used for hiding sidebars, pop-ups, floating ads, or annoying widgets, force dark mode even on sites that don't support it, expand content areas, force infinite scrolling, adjust text colors and font size, and auto-expand hidden content.

For performance and usability, the scriptlets can block video autoplay, lazy-load images, auto-fill forms with predefined data, enable custom keyboard shortcuts, bypass right-click restrictions, and automatically click confirmation dialogs. The possible actions achievable by injected JavaScript snippets are virtually endless. However, caution is advised, as running untrusted custom scriptlets may cause issues or even introduce some risk.

The Register's Thomas Claburn reports: Oracle this week asked the US Patent and Trademark Office (USPTO) to partially dismiss a challenge to its JavaScript trademark. The move has been criticized as an attempt to either stall or water down legal action against the database goliath over the programming language's name. Deno Land, the outfit behind the Deno JavaScript runtime, filed a petition with the USPTO back in November in an effort to make the trademarked term available to the JavaScript community. This legal effort is led by Node.js creator and Deno Land CEO Ryan Dahl, summarized on the JavaScript.tm website, and supported by more than 16,000 members of the JavaScript community. It aims to remove the fear of an Oracle lawsuit for using the term "JavaScript" in a conference title or business venture.

"Programmers working with JavaScript have formed innumerable community organizations," the website explains. "These organizations, like the standards bodies, have been forced to painstakingly avoid naming the programming language they are built around -- for example, JSConf. Sadly, without risking a legal trademark challenge against Oracle, there can be no 'JavaScript Conference' nor a 'JavaScript Specification.' The world's most popular programming language cannot even have a conference in its name." [...] In the initial trademark complaint, Deno Land makes three arguments to invalidate Oracle's ownership of "JavaScript." The biz claims that JavaScript has become a generic term; that Oracle committed fraud in 2019 when it applied to renew its trademark; and that Oracle has abandoned its trademark because it does not offer JavaScript products or services.

Oracle's motion on Monday focuses on the dismissal of the fraud claim, while arguing that it expects to prevail on the other two claims, citing corporate use of the trademarked term "in connection with a variety of offerings, including its JavaScript Extension Toolkit as well as developer's guides and educational resources, and also that relevant consumers do not perceive JavaScript as a generic term." The fraud claim follows from Deno Land's assertion that the material Oracle submitted in support of its trademark renewal application has nothing to do with any Oracle product. "Oracle, through its attorney, submitted specimens showing screen captures of the Node.js website, a project created by Ryan Dahl, Petitioner's Chief Executive Officer," the trademark cancellation petition says. "Node.js is not affiliated with Oracle, and the use of screen captures of the 'nodejs.org' website as a specimen did not show any use of the mark by Oracle or on behalf of Oracle."

Oracle contends that in fact it submitted two specimens to the USPTO -- a screenshot from the Node.js website and another from its own Oracle JavaScript Extension Toolkit. And this, among other reasons, invalidates the fraud claim, Big Red's attorneys contend. "Where, as here, Registrant 'provided the USPTO with [two specimens]' at least one of which shows use of the mark in commerce, Petitioner cannot plausibly allege that the inclusion of a second, purportedly defective specimen, was material," Oracle's motion argues, adding that no evidence of fraudulent intent has been presented. Beyond asking the court to toss the fraud claim, Oracle has requested an additional thirty days to respond to the other two claims.

Nearly 90% of Oracle Java customers are looking to abandon the software maker's products following controversial licensing changes made in 2023, according to research firm Dimensional Research.

The exodus reflects growing frustration with Oracle's shift to per-employee pricing for its Java platform, which critics called "predatory" and could increase costs up to five times for the same software, Gartner found. The dissatisfaction runs deepest in Europe, where 92% of French and 95% of German users want to switch to alternative providers like Bellsoft Liberica, IBM Semeru, or Azul Platform Core.

Nokia accurately predicted the iPhone would revolutionize the smartphone industry in a confidential analysis prepared the day after Apple unveiled the device in 2007, according to internal documents recently released by Nokia's Design Archive at Aalto University in Finland.

The presentation praised the iPhone's touchscreen interface and recognized Apple's unprecedented control over carrier relationships, though it misjudged the importance of web browsing and Java support.

In 2022 Google released a tool to easily scan for vulnerabilities in dependencies named OSV-Scanner. "Together with the open source community, we've continued to build this tool, adding remediation features," according to Google's security blog, "as well as expanding ecosystem support to 11 programming languages and 20 package manager formats... Users looking for an out-of-the-box vulnerability scanning CLI tool should check out OSV-Scanner, which already provides comprehensive language package scanning capabilities..."

Thursday they also announced an extensible library for "software composition analysis" scanning (as well as file-system scanning) named OSV-SCALIBR (Open Source Vulnerability — Software Composition Analysis LIBRary). The new library "combines Google's internal vulnerability management expertise into one scanning library with significant new capabilities such as:

• Software composition analysis for installed packages, standalone binaries, as well as source code

• OSes package scanning on Linux (COS, Debian, Ubuntu, RHEL, and much more), Windows, and Mac

• Artifact and lockfile scanning in major language ecosystems (Go, Java, Javascript, Python, Ruby, and much more)

• Vulnerability scanning tools such as weak credential detectors for Linux, Windows, and Mac

• Software Bill of Materials (SBOM) generation in SPDX and CycloneDX, the two most popular document formats

• Optimization for on-host scanning of resource constrained environments where performance and low resource consumption is critical

"OSV-SCALIBR is now the primary software composition analysis engine used within Google for live hosts, code repos, and containers. It's been used and tested extensively across many different products and internal tools to help generate SBOMs, find vulnerabilities, and help protect our users' data at Google scale. We offer OSV-SCALIBR primarily as an open source Go library today, and we're working on adding its new capabilities into OSV-Scanner as the primary CLI interface."

Google computer scientists have been using LLMs to streamline internal code migrations, achieving significant time savings of up to 89% in some cases. The findings appear in a pre-print paper titled "How is Google using AI for internal code migrations?" The Register reports: Their focus is on bespoke AI tools developed for specific product areas, such as Ads, Search, Workspace and YouTube, instead of generic AI tools that provide broadly applicable services like code completion, code review, and question answering. Google's code migrations involved: changing 32-bit IDs in the 500-plus-million-line codebase for Google Ads to 64-bit IDs; converting its old JUnit3 testing library to JUnit4; and replacing the Joda time library with Java's standard java.time package. The int32 to int64 migration, the Googlers explain, was not trivial as the IDs were often generically defined (int32_t in C++ or Integer in Java) and were not easily searchable. They existed in tens of thousands of code locations across thousands of files. Changes had to be tracked across multiple teams and changes to class interfaces had to be considered across multiple files. "The full effort, if done manually, was expected to require hundreds of software engineering years and complex crossteam coordination," the authors explain.

For their LLM-based workflow, Google's software engineers implemented the following process. An engineer from Ads would identify an ID in need of migration using a combination of code search, Kythe, and custom scripts. Then an LLM-based migration toolkit, triggered by someone knowledgeable in the art, was run to generate verified changes containing code that passed unit tests. Those changes would be manually checked by the same engineer and potentially corrected. Thereafter, the code changes would be sent to multiple reviewers who are responsible for the portion of the codebase affected by the changes. The result was that 80 percent of the code modifications in the change lists (CLs) were purely the product of AI; the remainder were either human-authored or human-edited AI suggestions.

"We discovered that in most cases, the human needed to revert at least some changes the model made that were either incorrect or not necessary," the authors observe. "Given the complexity and sensitive nature of the modified code, effort has to be spent in carefully rolling out each change to users." Based on this, Google undertook further work on LLM-driven verification to reduce the need for detailed review. Even with the need to double-check the LLM's work, the authors estimate that the time required to complete the migration was reduced by 50 percent. With LLM assistance, it took just three months to migrate 5,359 files and modify 149,000 lines of code to complete the JUnit3-JUnit4 transition. Approximately 87 percent of the code generated by AI ended up being committed with no changes. As for the Joda-Java time framework switch, the authors estimate a time saving of 89 percent compared to the projected manual change time, though no specifics were provided to support that assertion.

An anonymous reader quotes a report from The Guardian: People who get their coffee hit in the morning reap benefits that are not seen in those who have shots later in the day, according to the first major study into the health benefits of the drink at different times. Analysis of the coffee consumption of more than 40,000 adults found that morning coffee drinkers were 16% less likely to die of any cause and 31% less likely to die from cardiovascular disease during a 10-year follow-up period than those who went without. But the benefits to heart health appeared to vanish in people who drank coffee throughout the day, the researchers found, with medical records showing no significant reduction in mortality for all-day drinkers compared with those who avoided coffee. [...]

The study suggests that a morning dose of coffee is better for the heart than an evening one, but it does not explain why. One possible explanation is that drinking coffee later in the day can disrupt circadian rhythms and levels of hormones such as melatonin. This in turn affects sleep, inflammation and blood pressure, all of which can harm heart health. In an accompanying editorial, Prof Thomas Luscher, a consultant cardiologist at the Royal Brompton and Harefield hospitals in London, notes that many all-day drinkers sleep poorly, adding that coffee seems to suppress melatonin, a hormone that is important for inducing sleep in the brain. The effects are driven largely by caffeine, but coffee contains hundreds of other bioactive compounds that affect our physiology. The researchers say some substances in the blood that drive inflammation often peak in the morning and could be countered by anti-inflammatory compounds in a morning coffee. "This explanation applies to both caffeinated and decaffeinated coffee," they write. "Overall, we must accept the now substantial evidence that coffee drinking, particularly in the morning hours, is likely to be healthy," Luscher writes. "Thus, drink your coffee, but do so in the morning!"

The study has been published in the European Heart Journal.

Long-time Slashdot reader theodp writes: In an Op-ed for The Huntington News, fourth year Northeastern University CS student Derek Kaplan argues that real pedagogical merit is what should count when deciding which language to use to teach CS fundamentals (aka 'Fundies'). He makes the case for Northeastern to reconsider its decision to move from Racket to Python and Java later this year in an overhaul of its first-year curriculum.

"Students will get extensive training in Python, which is currently the most requested language by co-op employers," Northeastern explains (some two decades after a Slashdot commenter made the same Hot Languages = Jobs observation in a spirited 2001 debate on Java as a CS introductory language)...

"I have often heard computer science students complain that Fundies 1 teaches Racket instead of a 'useful language' like Python," Kaplan writes. "But the point of Fundies is not to teach Racket — it is to teach program design skills that can be applied using any programming language. Racket is just the tool it uses to do so. A student who does well in Fundies will have no difficulty applying the same skills to Python or any other language. And with how fast the tech industry changes, is it really worth having a course that teaches just Python when tomorrow, some other language might dominate the industry? Our current curriculum focuses on timeless principles rather than fleeting trends."

Also expressing concerns about the selection of suitable languages for novice programming is King's College CS Prof Michael Kölling, who explains, "One of the drivers is the perceived usefulness of the language in a real-world context. Students (and their parents) often have opinions which language is 'better' to learn. In forming these opinions, the definition of 'better' can often be vague and driven by limited insight. One strong aspect commonly cited is the perceived usefulness of a language in the 'real world.' If a language is widely used in industry, it is more likely to be seen as a useful language to learn." Kölling's recommendation? "We need a new language for teaching novices at secondary school and introductory university level," Kölling concludes. "This language should be designed explicitly for teaching [...] Maintenance and adaptation of this language should be driven by pedagogical considerations, not by industry needs."

While noble in intent, one suspects Kaplan and Kölling may be on a quixotic quest in a money wins world, outgunned by the demands, resources, and influence of tech giants like Amazon — the top employer of Northeastern MSCS program grads — who pushed back against NSF advice to deemphasize Java in high school CS and dropped $15 million to have tech-backed nonprofit Code.org develop and push a new Java-based, powered-by-AWS CS curriculum into high schools with the support of a consortium of politicians, educators, and tech companies. Echoing Northeastern, an Amazon press release argued the new Java-based curriculum "best prepares students for the next step in their education and careers."

"Generative AI is transforming software development by enabling natural language prompts to generate code, reducing the need for traditional programming skills," argues Analytics India magazine. Traditionally, coding was the bastion of the select few who had mastered mighty languages like C++, Python, or Java. The idea of programming seemed exclusively reserved for those fluent in syntax and logic. However, the narrative is now being challenged by natural language coding being implemented in AI tools like GitHub Copilot. Andrej Karpathy, senior director of AI at Tesla predicted this trend last year.... English is emerging as the universal coding language.

NVIDIA CEO Jensen Huang believes that English is becoming a new programming language thanks to AI advancements. Speaking at the World Government Summit, Huang explained, "It is our job to create computing technology such that nobody has to program and that the programming language is human"... He calls this a "miracle of AI," emphasising how it closes the technology divide and empowers people from all fields to become effective technologists without traditional coding skills... "In the future, you will tell the computer what you want, and it will do it,"â Huang commented. Large language models (LLMs) like OpenAI's GPT-4 and its successors have made this possible...

Microsoft CEO Satya Nadella has been equally vocal about the potential of English for coding. Microsoft's GitHub Copilot, an AI code assistant, enables developers to describe their needs in natural language and receive functional code in response. Nadella describes this as part of a broader mission to "empower every person and every organisation on the planet to achieve more".... In a discussion earlier last year, Stability AI CEO Emad Mostaque claimed, "41% of codes on GitHub are AI-generated"...

In 2024, the ability to program is no longer reserved for a few. It's a skill anyone can wield, thanks to the power of natural language processing and AI
"No longer is the power to create software restricted to those who can decipher programming languages," the article concludes. "Anyone with a problem to solve and a clear enough articulation of that problem can now write software."

Although the article also includes this consoling quote from Nvidia's Huang in March. "There is an artistry to prompt engineering. It's how you fine-tune the instructions to get exactly what you want"

Not every tech "advent calendar" involves programming puzzles. Instead the geek tradition of programming-language advent calendars "seems to have started way back in 2000," according to one history, "when London-based programmer Mark Fowler launched a calendar highlighting a different Perl module each day."

So the tradition continues...

• Nearly a quarter of a century later, there's still a Perl Advent Calendar, celebrating tips and tricks like "a few special packages waiting under the tree that can give your web applications a little extra pep in their step."

• And of course there's a separate advent calendar for Raku programmers.

• Since 2009 web performance consultant (and former Yahoo and Facebook engineer) Stoyan Stefanov has been pulling together an annual Web Performance calendar with helpful blog posts.

• There's also a JVM Advent calendar with daily helpful hints for Java programmers.

• Another advent calendar promises daily posts about C#.

• The HTMHell site — which bills itself as "a collection of bad practices in HTML, copied from real websites" — is celebrating the season with the "HTMHell Advent Calendar," promising daily articles on security, accessibility, UX, and performance.

• There's even an advent calendar with tips for the reverse-engineering framework Radar.

• There's still a lovely web-design themed calendar at Designcember.com.

And meanwhile developers at the Svelte frontend framework are actually promising to release something new each day, "whether it's a new feature in Svelte or SvelteKit or an improvement to the website!"

But not every tech advent calendar is about programming...

• Adafruit's managing director is publishing a Retrocomputing Advent Calendar — daily looks at the ghosts of computers past.

• The Atlantic continues its 17-year tradition of a Space Telescope advent calendar, featuring daily images from both NASA's Hubble telescope and James Webb Space Telescope

• The gaming blog Rock Paper Shotgun has been counting down their favorite games of 2024...

An anonymous reader quotes a report from VICE: It's early on a Sunday morning in late 1994, and you're shuffling your way through Fitzrovia in Central London, bloodstream still rushing after a long night at Bagley's. The sun comes up as you come down. You navigate side streets that you know like the back of your hand. But your hand's stamped with a party logo. And your brain's kaput. Coffee... yes, coffee. Good idea. Suddenly, you find yourself outside a teal blue cafe. Walking in is like entering an alien world; rows of club kids, tech heads, and game developers sit in front of desktops, lost in the primitive version of some new reality. Tentacular cables hang from the ceiling. Ambient techno reverberates from wall to wall. Cigarette smoke fills the air.

Welcome to Cyberia, the world's first internet cafe. Which, if you're too young to remember, are basically cafes with computers in them. It all began when Eva Pascoe, a Polish computing student living in London, crossed paths with Tim Berners Lee and other early internet mavericks at the dawn of the 90s. "I was very interested in cyberfeminism and wanted to figure out how women could reclaim tech," she recalls. The internet was still in its infancy. Diabolically slow dial-up modems only emerged around 1992; the World Wide Web was a pipe dream until 1993 and hardly anyone had the internet at home. But there wasn't just a lack of javascript; Eva remembers there being no good java, either. "There were no coffee shops in London," she says, which today seems ludicrous. "Just greasy spoons and everyone drank tea. I wanted a European-style cafe."

Linking up with like-minded pioneers David Rowe and husband and wife Keith and Gene Teare, Eva found a spot on the corner of Whitfield Street and launched Cyberia there in 1994. With Hackers-style aesthetics and futuristic furniture, it was based around a U-shaped layout that meant visitors could see each other's screens. "I wanted women to feel safe, because a lot of the stuff on the net was dodgy," she explains. Many of Eva's mates chipped in to help out -- architects, interior designers, graphic artists, publishers, and ravers among them.

And then there was the Amish community in Pennsylvania. Eva had to fly out there to negotiate for the "Cyberia.com" domain name they had bought. "It was a proper barn with horse carts and a wall of modems as they were running a bulletin board and an early ecommerce company. Apparently, there was always one family nominated to be the tech support," she remembers. Back in London, Cyberia quickly became a hotspot. "Virtually the second we opened, we had three lines deep around the block," she says. It's hard to imagine, but nowhere else in the world was doing what they were doing. It was the world's first cybercafe. "If you wanted to collect your emails, we were the only place in town," Eva says. Cyberia opened around 20 cafes worldwide, including branches in Bangkok, Paris, and Rotterdam. "For a fleeting moment it became like a sexier version of Richard Branson's Virgin empire: there was Cyberia Records, Cyberia Channel (a pioneering streaming service), Cyberia Payments, the Cyberia magazine, a Cyberia show on UK TV -- even a Cyberia wedding," writes VICE's Kyle MacNeill. He attended Cyberia's 30th birthday party in September and spoke with some of the cafe's original innovators, "shooting the shit about the good times and the not-so-good coffee."

The Tiobe index tries to track the popularity of programming languages by counting the number of search results for the language's name followed by the word "programming" (on 25 different search engines). And this month there were some surprises...

By TIOBE's reckoning, compared to a year ago PHP has now fallen from #7 to #12, while Delphi/Object Pascal shot up five spots from #16 to #11. In that same year, Fortran jumped from #12 to #8 — while both Visual Basic and SQL dropped down a single rank. Toward the top of the list, C actually fell from the #2 spot over the last 12 months to the #4 spot.

And Go just reached the #7 rank on the TIOBE's ranking of programming language popularity — "an all time high for Go," according to TIOBE CEO Paul Jansen. In this month's note, he explains what he thinks is unusual about this — starting by saying that Go programs are both fast, and easy in many ways — easy to deploy, easy to learn, and easy to understand. Python for instance is easy to learn but not fast, and deployment for larger Python programs is fragile due to dependencies on all kind of versioned libraries in the environment.

If compared to Rust for instance (another contender for a top position), Go is a tiny bit slower, but the Go programs are much easier to understand. The next hurdle for Go in the TIOBE index is JavaScript at position #6. That will be a tough one to pass. JavaScript is ubiquitous in software development, although for larger JavaScript systems we see a shift to TypeScript nowadays.
"If annual trends continue this way, Go will bypass JavaScript within 3 years," TIOBE's CEO predicts. (Adding "Let's see what the future has in store for Go...") Although the Go team actually has specific plans for the future, according to a blog post this week celebrating Go's 15th anniversary: We're working on making Go better for AI — and AI better for Go — by enhancing Go's capabilities in AI infrastructure, applications, and developer assistance. Go is a great language for building production systems, and we want it to be a great language for building production AI systems, too... For AI applications, we will continue building out first-class support for Go in popular AI SDKs, including LangChainGo and Genkit. And from its very beginning, Go aimed to improve the end-to-end software engineering process, so naturally we're looking at bringing the latest tools and techniques from AI to bear on reducing developer toil, leaving more time for the fun stuff — like actually programming!
TIOBE's top 10 programming language rankings for the month of November:

1. Python
2. C++
3. Java
4. C
5. C#
6. JavaScript
7. Go
8. Fortran
9. Visual Basic
10. SQL

"Java application security would be enhanced through two proposals aimed at resisting quantum computing attacks," reports InfoWorld, "one plan involving digital signatures and the other key encapsulation." The two proposals reside in the OpenJDK JEP (JDK Enhancement Proposal) index.

The Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm proposal calls for enhancing the security of Java applications by providing an implementation of the quantum-resistant module-latticed-based digital signature algorithm (ML-DSA). ML-DSA would secure against future quantum computing attacks by using digital signatures to detect unauthorized modifications to data and to authenticate the identity of signatories. ML-DSA was standardized by the United States National Institute of Standards and Technology (NIST) in FIPS 204.

The Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism proposal calls for enhancing application security by providing an implementation of the quantum-resistant module-lattice-based key encapsulation mechanism (ML-KEM). KEMs are used to secure symmetric keys over insecure communication channels using public key cryptography. ML-KEM is designed to be secure against future quantum computing attacks and was standardized by NIST in FIPS 203.

An anonymous reader quotes a report from Oregon Live: Intel told employees this week that it will bring back free coffee and tea at its work sites, one of many benefits the chipmaker eliminated last summer as it sought to slash $10 billion from its annual budget. "Although Intel still faces cost challenges, we understand that small comforts play a significant role in our daily routines," Intel wrote on its internal messaging forum, called Circuit. "We know this is a small step, but we hope it is a meaningful one in supporting our workplace culture." Intel declined comment. The company did not resume offering free fruit, another perk eliminated last summer. Employees say privately that morale has been devastated by Intel's poor financial performance and by cutbacks aimed at returning the business to profitability.

[...] Christy Pambianchi, Intel's chief people officer, told employees that Intel had been spending $100 million annually on free and discounted food and beverages and couldn't afford to keep doing that. "Until we get into a better financial health position, we need to be suspending those," Pambianchi said, according to an account of the meeting reviewed by The Oregonian/OregonLive. By Wednesday the company had reversed itself, committing to keep its employees caffeinated. In August, Intel announced plans to lay off over 16,000 employees, representing more than 15% of its global workforce. Its stock dropped to a 50-year low following the announcement. Starting November 8, Nvidia will replace the chipmaker on the Dow Jones Industrial Average.

GitHub released its annual "State of the Octoverse" report this week. And while "Systems programming languages, like Rust, are also on the rise... Python, JavaScript, TypeScript, and Java remain the most widely used languages on GitHub."

In fact, "In 2024, Python overtook JavaScript as the most popular language on GitHub." They also report usage of Jupyter Notebooks "skyrocketed" with a 92% jump in usage, which along with Python's rise seems to underscore "the surge in data science and machine learning on GitHub..." We're also seeing increased interest in AI agents and smaller models that require less computational power, reflecting a shift across the industry as more people focus on new use cases for AI... While the United States leads in contributions to generative AI projects on GitHub, we see more absolute activity outside the United States. In 2024, there was a 59% surge in the number of contributions to generative AI projects on GitHub and a 98% increase in the number of projects overall — and many of those contributions came from places like India, Germany, Japan, and Singapore...

Notable growth is occurring in India, which is expected to have the world's largest developer population on GitHub by 2028, as well as across Africa and Latin America... [W]e have seen greater growth outside the United States every year since 2013 — and that trend has sped up over the past few years.
Last year they'd projected India would have the most developers on GitHub #1 by 2027, but now believe it will happen a year later. This year's top 10?

1. United States
2. India
3. China
4. Brazil
5. United Kingdom
6. Russia
7. Germany
8. Indonesia
9. Japan
10. Canada

Interestingly, the UK's population ranks #21 among countries of the world, while Germany ranks #19, and Canada ranks #36.)

GitHub's announcement argues the rise of non-English, high-population regions "is notable given that it is happening at the same time as the proliferation of generative AI tools, which are increasingly enabling developers to engage with code in their natural language." And they offer one more data point: GitHub's For Good First Issue is a curated list of Digital Public Goods that need contributors, connecting those projects with people who want to address a societal challenge and promote sustainable development...

Significantly, 34% of contributors to the top 10 For Good Issue projects... made their first contribution after signing up for GitHub Copilot.
There's now 518 million projects on GitHub — with a year-over-year growth of 25%...

Boeing received an email from the chief pilot at Ethiopian Airlines on December 1, 2018 with several questions, reports the New York Times (alternate URL here). "in essence the pilot was asking for direction. If we see a series of warnings on the new 737 Max, he posed, what do we do?" What ensued was an email conversation among a number of Boeing senior officials about whether they could answer the pilot's questions without violating international restrictions on disseminating information about a crash while it was still under investigation. That restriction was in play because a 737 Max flown by Lion Air had crashed a few weeks earlier leaving Indonesia. The inquiry from Ethiopian Airlines would prove chillingly prescient because just months later one of its 737s would go down because of a flight control malfunction similar to the one that led to the Lion Air crash. The Ethiopian Airlines crash would kill everyone on board and leave questions about whether Boeing had done everything it could to inform pilots of what it had learned about the malfunction and how to handle it.

In response to the inquiry from Ethiopian Airlines, Boeing's chief pilot, Jim Webb, proposed to his colleagues that he thank the airline for attending a previous briefing on the flight control system, called MCAS, but otherwise decline to answer the pilot's first two questions and just refer the airline to training materials and previously issued guidance. Most of those on the email agreed.
Boeing's eventual response? "I can only address the current system and the Operations Manual Bulletin. The first two questions directly relate to the accident scenario; therefore, I will be unable to address them here." The Times adds that Boeing's chief pilot Jim Webb then "ended the email by stating that if airline officials had any additional questions about the bulletin and system, they should feel free to reach out....

"It is impossible to know whether any pilots with Ethiopian Arlines would have acted differently if Webb's reply had been more forthcoming. But Boeing's limited response to an airline seeking help highlights a missed opportunity to collaborate on safety and to pass along lessons Boeing had collected following the Lion Air jet's crash into the Java Sea on Oct. 29, 2018."