GitHub's new "Copilot" tool (created by Microsoft and OpenAI) shares the autocompletion suggestions of an AI trained on code repositories. But can that violate the original coder's license? Now the Free Software Foundation (FSF) is calling for a closer look at these and many other issues...

"We already know that Copilot as it stands is unacceptable and unjust, from our perspective," they wrote in a blog post this week, arguing that Copilot "requires running software that is not free/libre (Visual Studio, or parts of Visual Studio Code), and Copilot is Service as a Software Substitute. These are settled questions as far as we are concerned."

"However, Copilot raises many other questions which require deeper examination..." The Free Software Foundation has received numerous inquiries about our position on these questions. We can see that Copilot's use of freely licensed software has many implications for an incredibly large portion of the free software community. Developers want to know whether training a neural network on their software can really be considered fair use. Others who may be interested in using Copilot wonder if the code snippets and other elements copied from GitHub-hosted repositories could result in copyright infringement. And even if everything might be legally copacetic, activists wonder if there isn't something fundamentally unfair about a proprietary software company building a service off their work.

With all these questions, many of them with legal implications that at first glance may have not been previously tested in a court of law, there aren't many simple answers. To get the answers the community needs, and to identify the best opportunities for defending user freedom in this space, the FSF is announcing a funded call for white papers to address Copilot, copyright, machine learning, and free software.

We will read the submitted white papers, and we will publish ones that we think help elucidate the problem. We will provide a monetary reward of $500 for the papers we publish.
They add that the following questions are of particular interest:

• Is Copilot's training on public repositories infringing copyright? Is it fair use?
• How likely is the output of Copilot to generate actionable claims of violations on GPL-licensed works?
• How can developers ensure that any code to which they hold the copyright is protected against violations generated by Copilot?
• Is there a way for developers using Copilot to comply with free software licenses like the GPL?
• If Copilot learns from AGPL-covered code, is Copilot infringing the AGPL?
• If Copilot generates code which does give rise to a violation of a free software licensed work, how can this violation be discovered by the copyright holder on the underlying work?
• Is a trained artificial intelligence (AI) / machine learning (ML) model resulting from machine learning a compiled version of the training data, or is it something else, like source code that users can modify by doing further training?
• Is the Copilot trained AI/ML model copyrighted? If so, who holds that copyright?
• Should ethical advocacy organizations like the FSF argue for change in copyright law relevant to these questions?

"Dallas-based Texas Instruments' latest generation of calculators is getting a modern-day update with the addition of programming language Python," reports the Dallas Morning News: The goal is to expand students' ability to explore science, technology, engineering and math through the device that's all-but-required in the nation's high schools and colleges...

Though most of the company's $14 billion in annual revenue comes from semiconductors, its graphing calculator remains its most recognized consumer product. This latest TI-84 model, priced between $120 to $160 depending on the retailer, was made to accommodate the increasing importance of programming in the modern world.
Judging by photos in their press release, an "alpha" key maps the calculator's keys to the letters of the alphabet (indicated with yellow letters above each key). One page on its web site also mentions "Menu selections" that "help students with discovery and syntax." (And the site confirms the calculator will "display expressions, symbols and fractions just as you write them.")

There's even a file manager that "gives quick access to Python programs you have saved on your calculator. From here, you can create, edit, run and manage your files." And one page also mentions something called TI Connect CE software application, which "connects your computer and graphing calculator so they can talk to each other. Use it to transfer data, update your operating system, download calculator software applications or take screenshots of your graphing calculator."

I'm sure Slashdot's readers have some fond memories of their first calculator. But these new models have a full-color screen and a rechargeable battery that can last up to a month on a single charge. And Texas Instruments seems to think they could even replace computers in the classroom. "By adding Python to the calculators many students are already familiar with and use in class, we are making programming more accessible and approachable for all students," their press release argues, "eliminating the need for teachers to reserve separate computer labs to teach these important skills.

"GitHub has announced a partnership with the Stanford Law School to support developers facing takedown requests related to the Digital Millennium Copyright Act (DMCA)," reports VentureBeat: While the DMCA may be better known as a law for protecting copyrighted works such as movies and music, it also has provisions (17 U.S.C. 1201) that criminalize attempts to circumvent copyright-protection controls — this includes any software that might help anyone infringe DMCA regulations. However, as with the countless spurious takedown notices delivered to online content creators, open source coders too have often found themselves in the DMCA firing line with little option but to comply with the request even if they have done nothing wrong. The problem, ultimately, is that freelance coders or small developer teams often don't have the resources to fight DMCA requests, which puts the balance of power in the hands of deep-pocketed corporations that may wish to use DMCA to stifle innovation or competition. Thus, GitHub's new Developer Rights Fellowship — in conjunction with Stanford Law School's Juelsgaard Intellectual Property and Innovation Clinic — seeks to help developers put in such a position by offering them free legal support.

The initiative follows some eight months after GitHub announced it was overhauling its Section 1201 claim review process in the wake of a takedown request made by the Recording Industry Association of America (RIAA), which had been widely criticized as an abuse of DMCA... [M]oving forward, whenever GitHub notifies a developer of a "valid takedown claim," it will present them with an option to request free independent legal counsel.

The fellowship will also be charged with "researching, educating, and advocating on DMCA and other legal issues important for software innovation," GitHub's head of developer policy Mike Linksvayer said in a blog post, along with other related programs.
Explaining their rationale, GitHub's blog post argues that currently "When developers looking to learn, tinker, or make beneficial tools face a takedown claim under Section 1201, it is often simpler and safer to just fold, removing code from public view and out of the common good.

"At GitHub, we want to fix this."

Open source packages downloaded an estimated 30,000 times from the PyPI open source repository contained malicious code that surreptitiously stole credit card data and login credentials and injected malicious code on infected machines, researchers said on Thursday. Ars Technica reports: In a post, researchers Andrey Polkovnichenko, Omer Kaspi, and Shachar Menashe of devops software vendor JFrog said they recently found eight packages in PyPI that carried out a range of malicious activity. Based on searches on https://pepy.tech, a site that provides download stats for Python packages, the researchers estimate the malicious packages were downloaded about 30,000 times. [...] Different packages from Thursday's haul carried out different kinds of nefarious activities. Six of them had three payloads, one for harvesting authentication cookies for Discord accounts, a second for extracting any passwords or payment card data stored by browsers, and the third for gathering information about the infected PC, such as IP addresses, computer name, and user name. The remaining two packages had malware that tries to connect to an attacker-designated IP address on TCP port 9009, and to then execute whatever Python code is available from the socket. It's not now known what the IP address was or if there was malware hosted on it.

Like most novice Python malware, the packages used only a simple obfuscation such as from Base64 encoders. Karas told me that the first six packages had the ability to infect the developer computer but couldn't taint the code developers wrote with malware. "For both the pytagora and pytagora2 packages, which allows code execution on the machine they were installed, this would be possible." he said in a direct message. "After infecting the development machine, they would allow code execution and then a payload could be downloaded by the attacker that would modify the software projects under development. However, we don't have evidence that this was actually done."

theodp writes: The commonly held belief that programming is inherently hard lacks sufficient evidence," begins CS Prof Brett Becker in [an article published in the journal Communications of the ACM]. "Stating this belief can send influential messages that can have serious unintended consequences including inequitable practices. [...] Language is a powerful tool. Stating that programming is hard should raise several questions but rarely does. Why does it seem routinely acceptable -- arguably fashionable -- to make such a general and definitive statement? Why are these statements often not accompanied by supporting evidence? What is the empirical evidence that programming, broadly speaking, is inherently hard, or harder than possible analogs such as calculus in mathematics? Even if that evidence exists, what does it mean in practice? In what contexts does it hold? To whom does it, and does it not, apply?"

Becker concludes: "Blanket messages that 'programming is hard' seem outdated, unproductive, and likely unhelpful at best. At worst they could be truly harmful. We need to stop blaming programming for being hard and focus on making programming more accessible and enjoyable, for everyone.

Threatpost reports on "another vast software supply-chain attack" that was "found lurking in the npm open-source code repository...a credentials-stealing code bomb" that used the password-recovery tools in Google's Chrome web browser. Researchers caught the malware filching credentials from Chrome on Windows systems. The password-stealer is multifunctional: It also listens for incoming commands from the attacker's command-and-control (C2) server and can upload files, record from a victim's screen and camera, and execute shell commands...

ReversingLabs researchers, who published their findings in a Wednesday post, said that during an analysis of the code repository, they found an interesting embedded Windows executable file: a credential-stealing threat. Labeled "Win32.Infostealer.Heuristics", it showed up in two packages: nodejs_net_server and temptesttempfile. At least for now, the first, main threat is nodejs_net_server. Some details:

nodejs_net_server: A package with 12 published versions and a total of more than 1,300 downloads since it was first published in February 2019...finally upgrading it last December with a script to download the password-stealer, which the developer hosts on a personal website. It was subsequently tweaked to run TeamViewer.exe instead, "probably because the author didn't want to have such an obvious connection between the malware and their website," researchers theorized...

ReversingLabs contacted the npm security team on July 2 to give them a heads-up about the nodejs_net_server and tempdownloadtempfile packages and circled back once again last week, on Thursday, since the team still hadn't removed the packages from the repository. When Threatpost reached out to npm Inc., which maintains the repository, a GitHub spokesperson sent this statement: "Both packages were removed following our investigation...."

An anonymous reader quotes a report from Ars Technica: Muse Group -- owner of the popular audio-editing app Audacity -- is in hot water with the open source community again. This time, the controversy isn't over Audacity -- it's about MuseScore, an open source application that allows musicians to create, share, and download musical scores (especially, but not only, in the form of sheet music). The MuseScore app itself is licensed GPLv3, which gives developers the right to fork its source and modify it. One such developer, Wenzheng Tang ("Xmader" on GitHub) went considerably further than modifying the app -- he also created separate apps designed to bypass MuseScore Pro subscription fees. After thoroughly reviewing the public comments made by both sides at GitHub, Ars spoke at length with Muse Group Head of Strategy Daniel Ray -- known on GitHub by the moniker "workedintheory" -- to get to the bottom of the controversy.

While Xmader did, in fact, fork MuseScore, that's not the root of the controversy. Xmader forked MuseScore in November 2020 and appears to have abandoned that fork entirely; it only has six commits total -- all trivial, and all made the same week that the fork was created. Xmader is also currently 21,710 commits behind the original MuseScore project repository. Muse Group's beef with Xmader comes from two other repositories, created specifically to bypass subscription fees. Those repositories are musescore-downloader (created November 2019) and musescore-dataset (created March 2020). Musescore-downloader describes itself succinctly: "download sheet music from musescore.com for free, no login or MuseScore Pro required." Musescore-dataset is nearly as straightforward: it declares itself "the unofficial dataset of all music sheets and users on musescore.com." In simpler terms: musescore-downloader lets you download things from musescore.com that you shouldn't be able to; musescore-dataset is those files themselves, already downloaded. For scores that are in the public domain or that users have uploaded under Creative Commons licenses, this isn't necessarily a problem. But many of the scores are only available by arrangement between the score owner and Muse Group itself -- and this has several important implications.

Just because you can access the score via the app or website doesn't mean you're free to access it anywhere, anyhow, or redistribute that score yourself. The distribution agreement between Muse Group and the rightsholder allows legitimate downloads, but only when using the site or app as intended. Those agreements do not give users carte blanche to bypass controls imposed on those downloads. Further, those downloads can often cost the distributor real money -- a free download of a score licensed to Muse Group by a commercial rightsholder (e.g., Disney) is generally not "free" to Muse Group itself. The site has to pay for the right to distribute that score -- in many cases, based on the number of downloads made. Bypassing those controls leaves Muse Group on the hook either for costs it has no way to monetize (e.g., by ads for free users) or for violating its own distribution agreements with rightsholders (by failing to properly track downloads).

Long-time Slashdot reader RoccamOccam shares "an interesting take on SQL and its issues from Jamie Brandon (who describes himself as an independent researcher who's built database engines, query planners, compilers, developer tools and interfaces).

It's title? "Against SQL." The relational model is great... But SQL is the only widely-used implementation of the relational model, and it is: Inexpressive, Incompressible, Non-porous. This isn't just a matter of some constant programmer overhead, like SQL queries taking 20% longer to write. The fact that these issues exist in our dominant model for accessing data has dramatic downstream effects for the entire industry:

- Complexity is a massive drag on quality and innovation in runtime and tooling
- The need for an application layer with hand-written coordination between database and client renders useless most of the best features of relational databases

The core message that I want people to take away is that there is potentially a huge amount of value to be unlocked by replacing SQL, and more generally in rethinking where and how we draw the lines between databases, query languages and programming languages...

I'd like to finish with this quote from Michael Stonebraker, one of the most prominent figures in the history of relational databases:

"My biggest complaint about System R is that the team never stopped to clean up SQL... All the annoying features of the language have endured to this day. SQL will be the COBOL of 2020..."
It's been interesting to follow the discussion on Twitter, where the post's author tweeted screenshots of actual SQL code to illustrate various shortcomings. But he also notes that "The SQL spec (part 2 = 1732) pages is more than twice the length of the Javascript 2021 spec (879 pages), almost matches the C++ 2020 spec (1853) pages and contains 411 occurrences of 'implementation-defined', occurrences which include type inference and error propagation."

His Twitter feed also includes a supportive retweet from Rust creator Graydon Hoare, and from a Tetrane developer who says "The Rust of SQL remains to be invented. I would like to see it come."

Slashdot reader Beeftopia writes: Rust has two modes: its default, safe mode, and an unsafe mode. In its default, safe mode, Rust prevents memory errors, such as "use-after-free" errors. It also prevents "data races" which is unsynchronized access to shared memory. In its unsafe mode (via use of the "unsafe" block), in which some of its APIs are written, it allows the use of potentially unsafe C-style features. The key challenge in verifying Rust's safety claims is accounting for the interaction between its safe and unsafe code. This article from April's issue of Communications of the ACM provides an overview of Rust and investigates its safety claims.
The article is co-authored by Ralf Jung, a prominent postdoctoral researcher in the 'Foundations of Programming' research group at the Max Planck Institute for Software Systems. And (spoiler alert) Jung has just received one of two 'Honorable Mentions' for the 'Dissertation Award' of the 'Association for Computing Machinery' (ACM), reports a nonprofit site operated by the American Association for the Advancement of Science: In his dissertation, Ralf Jung now provides the first formal proof that the safety promises of Rust actually hold. "We were able to verify the safety of Rust's type system and thus show how Rust automatically and reliably prevents entire classes of programming errors," says Ralf Jung.

In doing so, he also successfully addressed a special aspect of the programming language: "The so-called 'type safety' goes hand in hand with the fact that Rust imposes restrictions on the programmer and does not allow everything that the programmer wants to do. Sometimes, however, it is necessary to write an operation into the code that Rust would not accept because of its type safety," the computer scientist continues. "This is where a special feature of Rust comes into play: programmers can mark their code as 'unsafe' if they want to achieve something that contradicts the programming language's safety precautions. Together with international collaborators, including my thesis advisor Derek Dreyer, we developed a theoretical framework that allows us to prove that Rust's safety claims hold despite the possibility of writing 'unsafe' code," Jung says.

This proof, called RustBelt, is complemented by Ralf Jung with a tool called Miri, with which 'unsafe' Rust code can be automatically tested for compliance with important rules of the Rust specification - a basic requirement for correctness and safety of this code. "While RustBelt was a great success, especially in academic circles, Miri is already established in industry as a tool for security testing of programs written in Rust," explains Ralf Jung.... The ACM states: "Through Jung's leadership and active engagement with the Rust Unsafe Code Guidelines working group, his work has already had profound impact on the design of Rust and laid essential foundations for its future."

AmiMoJo shares a report from VentureBeat: Apple critics such as Epic Games CEO Tim Sweeney have complained about Apple's alleged anticompetitive behavior with the App Store. But Consumer Acquisition's Brian Bowman has frequently sounded the alarm on Apple's decision to favor user privacy over targeted ads by changing access to its Identifier for Advertisers (IDFA). Based on Consumer Acquisition's analysis of $300 million in paid social ad spending, IDFA has had a devastating impact, Bowman said in an interview with GamesBeat. In a report issued today, Bowman said that iOS advertisers are experiencing a 15% to 20% revenue drop and inflation in unattributed organic traffic.

Starting in April, Apple began releasing iOS 14.5, which prompted users to answer whether they would allow their data to be tracked for advertising purposes. Apple believes this puts privacy front and center. But Consumer Acquisition and many of its game developer advertisers worry it will break personalized advertising. Only 20% of consumers are saying yes to Apple's App Tracking Transparency prompt, which means they will enable apps to personalize ads by tracking their personal data. For the traffic Bowman's company evaluated, performance has faded. Across paid social platforms, downstream event optimization and "lookalike audience performance" is also eroding. [...] Bowman believes -- or at least holds out hope -- that Apple will roll back or soften the IDFA changes by Black Friday.

CoinDesk reports that "A project is in the works to make the Tor Client more adaptable and easier for third parties to use, with some help from Zcash Open Major Grants (ZOMG)." ZOMG announced on Tuesday that it is awarding the privacy-focused Tor Project a $670,000 grant to continue to develop Arti, a Rust coding language implementation of the Tor Client... Arti should make it simpler for third parties to embed and customize the Tor Client than the current implementation in the C coding language... "Arti is a project to make an improved version of Tor that will be more reliable, more secure, and easier for other software to use," said Nick Mathewson, chief network architect and co-founder of the Tor Project. "We hope that within the next several years, Arti will become the preferred implementation of the Tor protocols...."

"Onion routing has just had its 25th anniversary in May, and although Tor is a great set of privacy tools, the C program 'tor' itself (note the lowercase t) is beginning to show its age," Mathewson said. "We've found over the recent years that the complexity of the existing C code, and the fragility of the C language, make it unnecessarily difficult to improve the code while maintaining our security and privacy guarantees....

"Roughly half of Tor's security issues since 2016 would have been impossible in Rust, and many of the other issues would have been much less likely, based on our informal audit," he said...

The funding will go toward developer salaries as they develop Arti. Mathewson said the goal with this round of funding is to advance Arti to the point where it is ready for general use, testing and embedding.

SD Times takes another look at the uptake of Java 11 Previous reports of the Java community found that developers were still mainly using Java 8 and didn't adopt newer versions, but according to Snyk's JVM Ecosystem Report 2021, that is starting to change. This year, 61.5% of respondents are using Java 11 somewhere in production, and almost 12% are using the latest release, which was Java 15 during the survey. "This is huge, because it shows that developers do upgrade their Java version beyond Java 8 to some extent. The mantra that most Java developers are comfortable staying on Java 8 seems to be slowly breaking apart," Snyk stated in the report.

However, half of the Java 11 users — which is currently the most used version — still use Java 8 in their production stack...

In addition, almost half of developers (44%) use the free AdoptOpenJDK distribution in production as one of their JDKs and 48% use it in development.
"Other findings are that Java is still by far the most popular language by a long shot and Snyk stated it will probably remain that way in the foreseeable future and that JetBrains IntellIJ IDEA still remains dominant as an IDE in the Java ecosystem."

The TIOBE index of programming language popularity celebrates 20 years of continuous publishing this month. Started as a hobbyist project back in 2001, the site estimates each programming language's popularity by counting search engine results for the phrase <language> programming (indirectly counting each listing for developers, courses, and third-party vendors).

When it was started 20 years ago, the top languages were Java, C, and C++.

20 years later, the top languages are now C, Java, Python, and C++

And "The difference between position 1 and position 3 is only 0.67%." This means that the next few months will be exciting. What language is going to win this battle? Python seems to have the best chances to become number 1, thanks to its market leadership in the booming field of data mining and artificial intelligence.
ZDNet also noted the trends: Searches for C were down 4.83 percentage points compared to last July. Java searches were down 3.93% over the period, while Python gained 1.86%.

The top 10 languages behind C, Java and Python are C++, C#, Visual Basic, Javascript, PHP, Assembly Language, and SQL.
But they also have this to say about TIOBE's calculations: It's a different methodology to developer analyst RedMonk, which looks at language usage on software projects hosted on GitHub and discussions on the developer Q&A site, Stack Overflow.

RedMonk's Q1 2021 rankings place JavaScript in top place, followed by Python and Java.

Other interesting moves this month:

• C++ gained more than 0.5% getting closer to the top 3
• Rust rose from #30 to #27
• Go rose from #20 to #13
• TypeScript rose from #45 to #37
• Haskellrose rose from #49 to #39

Reactions are starting to come in for GitHub's new Copilot coding tool, which one site calls "a product of the partnership between Microsoft and AI research and deployment company OpenAI — which Microsoft invested $1 billion into two years ago." According to the tech preview page: GitHub Copilot is currently only available as a Visual Studio Code extension. It works wherever Visual Studio Code works — on your machine or in the cloud on GitHub Codespaces. And it's fast enough to use as you type. "Copilot looks like a potentially fantastic learning tool — for developers of all abilities," said James Governor, an analyst at RedMonk. "It can remove barriers to entry. It can help with learning new languages, and for folks working on polyglot codebases. It arguably continues GitHub's rich heritage as a world-class learning tool. It's early days but AI-assisted programming is going to be a thing, and where better to start experiencing it than GitHub...?"

The issue of scale is a concern for GitHub, according to the tech preview FAQ: "If the technical preview is successful, our plan is to build a commercial version of GitHub Copilot in the future. We want to use the preview to learn how people use GitHub Copilot and what it takes to operate it at scale." GitHub spent the last year working closely with OpenAI to build Copilot. GitHub developers, along with some users inside Microsoft, have been using it every day internally for months.

[Guillermo Rauch, CEO of developer software provider Vercel, who also is founder of Vercel and creator of Next.js], cited in a tweet a statement from the Copilot tech preview FAQ page, "GitHub Copilot is a code synthesizer, not a search engine: the vast majority of the code that it suggests is uniquely generated and has never been seen before."

To that, Rauch simply typed: "The future."

Rauch's post is relevant in that one of the knocks against Copilot is that some folks seem to be concerned that it will generate code that is identical to code that has been generated under open source licenses that don't allow derivative works, but which will then be used by a developer unknowingly...
GitHub CEO Nat Friedman has responded to those concerns, according to another article, arguing that training an AI system constitutes fair use: Friedman is not alone — a couple of actual lawyers and experts in intellectual property law took up the issue and, at least in their preliminary analysis, tended to agree with Friedman... [U.K. solicitor] Neil Brown examines the idea from an English law perspective and, while he's not so sure about the idea of "fair use" if the idea is taken outside of the U.S., he points simply to GitHub's terms of service as evidence enough that the company can likely do what it's doing. Brown points to passage D4, which grants GitHub "the right to store, archive, parse, and display Your Content, and make incidental copies, as necessary to provide the Service, including improving the Service over time." "The license is broadly worded, and I'm confident that there is scope for argument, but if it turns out that Github does not require a license for its activities then, in respect of the code hosted on Github, I suspect it could make a reasonable case that the mandatory license grant in its terms covers this as against the uploader," writes Brown. Overall, though, Brown says that he has "more questions than answers."
Armin Ronacher, the creator of the Flask web framework for Python, shared an interesting example on Twitter (which apparently came from the game Quake III Arena) in which Copilot apparently reproduces a chunk of code including not only its original comment ("what the fuck?") but also its original copyright notice.

After yesterday's industry-wide discussion of the cost of being visible on Sony's PlayStation Store, Kotaku has heard from multiple independent developers and publishers expressing similar frustrations and fury. From a report: There were two main responses to our article yesterday highlighting one independent developer's frustrations with working with Sony to sell games on the PlayStation store. The first was a confusing number of people convinced that this was somehow part of an underground conspiracy to destroy Sony. The second was many indie game developers and publishers getting in touch to say that, yes, wow, Sony are far harder to work with and sell games through than anywhere else.

It's not possible to rationalize with the former group. We had confirmed hard figures on Sony's fees for getting any visibility on the PlayStation's in-built store, so we reported them. The conspiracy, disappointingly, ends there. However, the information about just how much worse it is for indies to work with Sony than Microsoft or Nintendo keeps piling in. "Oh yeah, so there's Nintendo who supports you," one such response begins. "[Then] Microsoft who supports you and [then] there is Sony who supports its own AAA machine and gives a fuck about everyone else."

As Bloomberg reported in April, Sony shows extraordinary caution even with the games it makes itself, with an obsessive focus on blockbuster success. According to that article, the Japanese corporation is moving away from developing smaller in-house games, so fixated are they on only the largest games. It seems this lack of interest in smaller titles extends to third-party developers attempting to sell their games on the system. "Sony does not understand what indie means," an independent publisher tells me under the condition of anonymity, via Twitter DMs. "Not at all. For them indie is something in the lower million budgets."

An anonymous reader shares a report: When Kevin Modzelewski and his colleagues at Dropbox set out to create Pyston in 2014, they had a very simple objective: to lower the costs of running Python code on Dropbox's servers, by making the code itself faster. "We were growing exponentially, so our server cost was growing exponentially," Modzelewski tells TechRepublic. "If we could get Python running faster, we would spend less money running Python." The original cost reduction initiative at Dropbox snowballed into a bigger project for Modzelewski when the company moved away from Python in 2017 and cancelled the Pyston project. He had realized while working on the language that there was a strong demand for faster Python among the developer community, and while there were plenty of tools around for improving the performance in smaller applications, there were none designed for big, business logic-type applications such as Dropbox.

"There's a lot of tools out there for helping you run Python faster, but there weren't any that were a good fit for Dropbox's use case," says Modzelewski. "This was an area of the Python market where a lot of money was being spent, but not very many tools were being developed for helping. It was under served." Fast forward to today and Pyston is now in version 2.2, and has been open-sourced, with Modzelewski and fellow developer Marius Wachtler now leading the project as co-founders. The latest implementation promises a 30% performance improvement over Python 3.8.8, with a key benefit being that developers can simply drop their Python applications into Pyston and get going, without having to rewrite their code. It's also a "completely separate thing" to what Modzelewski and fellow developers built for Dropbox some seven years ago.

Microsoft on Tuesday announced an artificial intelligence system that can recommend code for software developers to use as they write code. From a report: Microsoft is looking to simplify the process of programming, the area where the company got its start in 1975. That could keep programmers who already use the company's tools satisfied and also attract new ones. The system, called GitHub Copilot, draws on source code uploaded to code-sharing service GitHub, which Microsoft acquired in 2018, as well as other websites. Microsoft and GitHub developed it with help from OpenAI, an AI research start-up that Microsoft backed in 2019.

Researchers at Microsoft and other institutions have been trying to teach computers to write code for decades. The concept has yet to go mainstream, at times because programs to write programs have not been versatile enough. The GitHub Copilot effort is a notable attempt in the field, relying as it does on a large volume of code in many programming languages and vast Azure cloud computing power. Nat Friedman, CEO of GitHub, describes GitHub Copilot as a virtual version of what software creators call a pair programmer -- that's when two developers work side by side collaboratively on the same project. The tool looks at existing code and comments in the current file and the location of the cursor, and it offers up one or more lines to add. As programmers accept or reject suggestions, the model learns and becomes more sophisticated over time. The new software makes coding faster, Friedman said in an interview last week. Hundreds of developers at GitHub have been using the Copilot feature all day while coding, and the majority of them are accepting suggestions and not turning the feature off, Friedman said.

An anonymous reader quotes a report from The Guardian: From espresso to instant, coffee is part of the daily routine for millions. Now research suggests the brew could be linked to a lower chance of developing or dying from chronic liver disease. Chronic liver disease is a major health problem around the world. According to the British Liver Trust, liver disease is the third leading cause of premature death in the UK, with deaths having risen 400% since 1970. Writing in the journal BMC Public Health, Roderick and colleagues report how they analyzed data from 494,585 participants in the UK Biobank -- a project designed to help unpick the genetic and environmental factors associated with particular conditions. All participants were aged 40 to 69 when they signed up to the project, with 384,818 saying they were coffee drinkers at the outset compared with 109,767 who did not consume the beverage.

The team looked at the liver health of the participants over a median period of almost 11 years, finding 3,600 cases of chronic liver disease, with 301 deaths, and 1,839 cases of simple fatty liver disease. The analysis revealed that after taking into account factors such as body mass index, alcohol consumption, and smoking status, those who drank any amount of coffee, and of any sort, had a 20% lower risk of developing chronic liver disease or fatty liver disease (taken together) than those who did not consume the brew. The coffee drinkers also had a 49% lower risk of dying from chronic liver disease. The team said the magnitude of the effect increased with the amount of coffee consumed, up to about three to four cups a day, "beyond which further increases in consumption provided no additional benefit." A reduction in risk was also found when instant, decaffeinated and ground coffee were considered separately -- although the latter linked to the largest effect.

"Google said Thursday it's funding a project to increase Linux security by writing parts of the operating system's core in the Rust programming language, a modernization effort that could bolster the security of the internet and smartphones," reports CNET: If the project succeeds, it'll be possible to add new elements written in Rust into the heart of Linux, called the kernel. Such a change would mark a major technological and cultural shift for an open-source software project that's become foundational to Google's Android and Chrome operating systems as well as vast swaths of the internet. Miguel Ojeda, who's written software used by the Large Hadron Collider particle accelerator and worked on programming language security, is being contracted to write software in Rust for the Linux kernel. Google is paying for the contract, which is being extended through the Internet Security Research Group, a nonprofit that's also made it easier to secure website communications through the Let's Encrypt effort.

Adding Rust modules to the Linux kernel would improve security by closing some avenues for hackers can use to attack phones, computers or servers. Since it was launched in 1991, Linux has been written solely in the powerful but old C programming language. The language was developed in 1972 and is more vulnerable to hacks than contemporary programming languages...

Google credits the Linux community programmers who began the Rust for Linux project. "The community had already done and continues to do great work toward adding Rust support to the Linux kernel build system," Google said in a blog post...

[Rust] has been the most loved programming language for five years running in Stack Overflow's annual developer survey. "Rust represents the best alternative to C and C++ currently available," Microsoft's security team concluded in 2019. The team said Rust would have prevented memory problems at fault in 70% of its significant security issues. And because Rust's checks happen while software is being built, the safety doesn't come at the expense of performance when the software is running.

The goal of the Linux on Rust project isn't to replace all of Linux's C code but rather to improve selective and new parts.

A new extension for Microsoft's code-editing tool, Visual Studio Code, "allows you to open, edit, and commit back to source-control repos without having to clone them on your local machine," explains a new video.

A Microsoft blog post calls it "a new experience that we've been building in partnership with our friends at GitHub to enable working with source code repositories quickly and safely inside VS Code." In VS Code, we've offered integrated support for Git from the very beginning, and we've been supporting many other source control management (SCM) providers through extensions. This has allowed developers to clone and work with repositories directly within VS Code.

However, a large part of what developers do every day involves reading other people's code: reviewing pull requests, browsing open-source repositories, experimenting with new technologies or projects, inspecting upstream dependencies to debug applications, etc. What all of these have in common is that as a first step, you usually clone the repository locally and then open the code in your favorite code editor (which we hope is VS Code!). Yet, cloning a repository takes time, may lead you to review an outdated version of the repo if you forget to pull, and can sometimes be a security risk if you're unfamiliar with the code. The new Remote Repositories extension, published by GitHub, makes the experience of opening source code repositories in VS Code instant and safe. With this, you can quickly browse, search, edit, and commit to any remote GitHub repository (and soon, Azure Repos) directly from within VS Code, no clone necessary!

You can work on as many repos as you like without having to save any source code on your machine. Remote Repositories saves you time and local disk space and empowers you to stay entirely within VS Code for all your source control tasks.

For the first time, you can code, iterate and build apps on the iPad itself. 9to5Mac reports: Using Swift Playgrounds on iPadOS 15, customers will be able to create iPhone and iPad apps from scratch and then deploy them to the App Store. It remains to be seen how limited or not the development experience will be. It is probably notable that Apple chose not to rebrand this as "Xcode," signifying that you aren't going to be able to do everything you can do with Xcode on the Mac. TechCrunch highlights some of the other new features available in iPadOS 15: iPadOS 15 retains the overall look and feel of the current iPad operating system. The updates in the new OS are mostly centered around multitasking. The iPad's widget support gets a big update with iPadOS 15. The widgets are larger, more immersive and dynamic. And, iOS's App Library is finally available on the iPad, where it tweaks the overall user experience. The feature, added to the iPhone in 2020, presents the user with an organized view of the apps on the iPad.

Also added to iPadOS 15 is a new multitasking system. Called Split View, a drop-down menu at the top of the screen unlocks several multitasking, multiwindow options. The system seems much smoother than the current multiscreen option on iPad OS, which is clunky and hidden. With Split View a feature called Shelf makes it easy to switch between different screens and screen grouping.

A new column in Inc. argues that 14 years ago, Steve Jobs sent the most important email in the history of business — a one-sentence email to Bertrand Serlet, the company's senior vice president of Software Engineering, that's just recently been made public (through Apple's trial with Epic): It reveals a conversation about the things Apple needs to be able to accomplish in order to allow third-party apps on the iPhone. Until that point, the iPhone only ran 16 apps pre-installed on every device. Jobs had famously said told developers that if they wanted to create apps for the iPhone, they could make web apps that ran in Safari... Except web apps aren't the same as native apps, and users immediately set about finding ways to jailbreak their devices in order to get apps on them.

Apple had really no choice but to find a way to make it possible to develop apps through some kind of official SDK. Serlet lays out a series of considerations about protecting users, creating a development platform, and ensuring that the APIs needed are sustainable and documented. The list only has 4 things, but the point Serlet is trying to make is that it is important to Apple to "do it right this time, rather than rush a half-cooked story with no real support."

Steve Jobs' reply was only one sentence long: "Sure, as long as we can roll it all out at Macworld on Jan 15, 2008."

That's it. That's the entire response.

Serlet's email is dated October 2, 2007. That means Jobs was giving him just over three months... Three months to do what the software engineer no doubt believed were critical steps if Apple was going to support apps on a platform that would eventually grow to over 1 billion devices worldwide and become one of the most valuable businesses of all time. As if that wasn't enough pressure, two weeks later, on October 17, Jobs publicly told developers that there would be an SDK available by February of 2008. It turns out it would actually be made available in March, and the App Store would launch later in July of that year.

At the time, Apple's market cap was around $150 billion. Today, it's more than $2 trillion, largely based on the success of the iPhone, which is based — at least in part — on the success of the App Store. For that reason alone, I think it's fair to say — in hindsight — that one-sentence reply has no doubt proven to be the most important email in the history of business.

An anonymous reader writes: This week the GitHub Yearbook went live, with 6794 "graduates" featured on a special web page showcasing "any student who has graduated, or plans to graduate, in 2021... This includes bootcamps, code camps, high school graduates, Master's graduates, Ph. D. Graduates, etc." (Students were added by submitting a pull request — as long as they'd also signed up for the GitHub Student Developer Pack.) The first 5,000 graduates received "swag," including a custom holographic card with their GitHub stats.

But Saturday sees a special ceremony where these students will "walk" the stage at GitHub Graduation (starting at 9 a.m. PST). "We'll be hearing from special guests, giving out exclusive swag, and highlighting student stories and projects from around the world," explains the event's web page.

Calling it "a day to celebrate our craft, our community, and how technology moves the world forward," a post on GitHub's blog invites viewers "to welcome them to a global community of innovative thinkers and impactful builders." It acknowledges the special challenges of 2021, saying "This year, thousands of students from around the world came together and redefined the world we live in, how we learn, and how we move forward," adding "We are honored to be part of the experience and eager to celebrate this milestone...."

"During a devastating year, these graduates shined a light on what is possible. We saw project after project showcasing not only their skills, but also their passion and perseverance. This class is unstoppable!"

Marco Arment, a widely respected programmer, app developer and commentator on Apple, has analyzed Apple's arguments and its thinking as officially portrayed in its lawsuit against Epic. He writes: Apple's leaders continue to deny developers deny developers of two obvious truths: 1. That our apps provide substantial value to iOS beyond the purchase commissions collected by Apple.
2. That any portion of our customers came to our apps from our own marketing or reputation, rather than the App Store.

For Apple to continue to deny these is dishonest, factually wrong, and extremely insulting -- not only to our efforts, but to the intelligence of all Apple developers and customers. This isn't about the 30%, or the 15%, or the prohibition of other payment systems, or the rules against telling our customers about our websites, or Apple's many other restrictions. (Not today, at least.) It's about what Apple's leadership thinks of us and our work. It isn't the App Store's responsibility to the rest of Apple to "pay its way" by leveraging hefty fees on certain types of transactions. Modern society has come to rely so heavily on mobile apps that any phone manufacturer must ensure that such a healthy ecosystem exists as table stakes for anyone to buy their phones. Without our apps, the iPhone has little value to most of its customers today.

If Apple wishes to continue advancing bizarre corporate-accounting arguments, the massive profits from the hardware business are what therefore truly "pay the way" of the App Store, public APIs, developer tools, and other app-development resources, just as the hardware profits must fund the development of Apple's own hardware, software, and services that make the iPhone appeal to customers. The forced App Store commissions, annual developer fees, and App Store Search Ads income are all just gravy. The "way" is already paid by the hardware -- but Apple uses their position of power to double-dip. And that's just business. Apple's a lot of things, and "generous" isn't one. But to bully and gaslight developers into thinking that we need to be kissing Apple's feet for permitting us to add billions of dollars of value to their platform is not only greedy, stingy, and morally reprehensible, but deeply insulting.

Google says it will scan the extensions users install in their Chrome browsers and warn users if they are adding an extension from a new or untrusted developer. From a report: The new extension scanning feature will be part of a Google security feature called Enhanced Safe Browsing, which Google added to Chrome in May last year. Google says trusted developers are those who adhere to the Chrome Web Store Developer Program Policies. "For new developers, it will take at least a few months of respecting these conditions to become trusted," the browser maker said in a blog post today. Currently, Google said that almost 75% of all extensions hosted on the Chrome Web Store were developed by "trusted developers." For the rest, the browser will show an alert like the one below if users had enabled Enhanced Safe Browsing in their Chrome settings page.

Prosus said it struck a $1.8 billion deal to acquire Stack Overflow, an online community for software developers, in a bet on growing demand for online tech learning. From a report: Based in New York, closely held Stack Overflow operates a question-and-answer website used by software developers and other types of workers such as financial professionals and marketers who increasingly need coding skills. It attracts more than 100 million visitors monthly, the company says.

Prosus, one of Europe's most valuable tech companies, is best known as the largest shareholder in Chinese internet and videogaming giant Tencent Holdings Listed in Amsterdam, Prosus signaled its appetite for deal making when it sold a small portion of its equity stake in Tencent in April for $14.6 billion. The Stack Overflow deal ranks among Prosus' biggest acquisitions. Prosus invests globally across a range of online platforms focused on areas such as food delivery, classifieds and fintech. It also maintains a more than $200 billion holding in Tencent. Prosus' parent company, Naspers, acquired the Tencent stake in 2001 for $34 million. Official press release.

"To help realize the possibility of carbon-free applications, Microsoft, the consultancies Accenture and ThoughtWorks, the Linux Foundation, and Microsoft-owned code-sharing site, GitHub, have launched The Green Software Foundation," reports ZDNet: Announced at Microsoft's Build 2021 developer conference, the foundation is trying to promote the idea of green software engineering - a new field that looks to make code more efficient and reduce carbon emitted from the hardware it's running on... The foundation wants to set standards, best practices and patterns for building green software; nurture the creation of trusted open-source and open-data projects and support academic research; and grow an international community of green software ambassadors. The goal is to help the Information and Communication Technology sector to reduce its greenhouse gas emissions by 45% before 2030.

That includes mobile network operators, ISPs, data centers, and all the laptops being snapped up during the pandemic. "We envision a future where carbon-free software is standard - where software development, deployment, and use contribute to the global climate solution without every developer having to be an expert," Erica Brescia, COO of GitHub said in a statement. Microsoft president Brad Smith said "the world confronts an urgent carbon problem."

"It will take all of us working together to create innovative solutions to drastically reduce emissions. Microsoft is joining with organizations who are serious about an environmentally sustainable future to drive adoption of green software development to help our customers and partners around the world reduce their carbon footprint."
VentureBeat also points out that Microsoft "recently launched a $1 billion Climate Innovation Fund to accelerate the global development of carbon reduction, capture, and removal technologies."

But Bloomberg explores the rationale behind the new foundation: Data centers now account for about 1% of global electricity demand, and that's forecast to rise to 3% to 8% in the next decade, the companies said in a statement Tuesday, timed to Microsoft's Build developers conference... While it's tough to determine exactly how much carbon is emitted by individual software programs, groups like the Green Software Foundation examine metrics such as how much electricity is needed, whether microprocessors are being used efficiently, and the carbon emitted in networking. The foundation plans to look at curricula and developing certifications that would give engineers expertise in this space. As with areas like data science and cybersecurity, there will be an opportunity for engineers to specialize in green software development, but everyone who builds software will need at least some background in it, said Jeff Sandquist, a Microsoft vice president for developer relations.

"This will be the responsibility of everybody on the development team, much like when we look at security, or performance or reliability," he said. "Building the application in a sustainable way is going to matter."

"Microsoft has announced general availability of the Microsoft Build of OpenJDK, the open-source version of the Java development kit," reports ZDNet: The release follows the April preview of the Microsoft Build of OpenJDK, a long-term support distribution of OpenJDK... Microsoft announced general availability for the Microsoft Build of OpenJDK at its Build 2021 conference for developers.

Microsoft is a major user of Java in Azure, SQL Server, Yammer, Minecraft, and LinkedIn, but it's only been supporting Java in Visual Studio Code tooling for the past five years. "We've deployed our own version of OpenJDK on hundreds of thousands of virtual machines inside Microsoft and LinkedIn," Julia Liuson, corporate vice president of Microsoft's developer division, told ZDNet. "Across the board Microsoft has over 500,000 VMs running Java at Microsoft. We're also providing that to customers as well for Azure...."

"We believe Microsoft is uniquely positioned to be a partner in the language community. We can do a lot of direct contribution to the JDK community and we do world-class tooling, which is VS Code." Microsoft's contributions to OpenJDK — an open-source JDK for the most popular Linux distributions — includes work on the garbage collector and writing capabilities for the Java runtime.

The Microsoft Build of OpenJDK is available for free to deploy in qualifying Azure support plans. It includes binaries for Java 11 based on OpenJDK 11.0.11, on x64 server, and desktop environments on macOS, Linux and Windows, according to Microsoft...
Its download page at Microsoft.com touts it as "Free. Open Source. Freshly Brewed!"

And they describe it as "a new no-cost long-term supported distribution and Microsoft's new way to collaborate and contribute to the Java ecosystem."

Slashdot reader AleRunner writes: Ubuntu has announced that, with immediate effect Ubuntu's IRC channels are moving to libera.chat. The move follows a "hostile takeover" of Ubuntu's namespace by Freenode's new management that appears to be happening to many other distributions including Gentoo as well as other projects that have used Freenode [including channels associated with the programming languages Raku, Elixir, and Haskell].

For Ubuntu, and many other FOSS projects, Freenode has long been one of the major official forms of communication... With IRC channels often used for important system advice, and project communication, this becomes not just an inconvenience but even a security problem. For this reason Ubuntu's replacement network, libera.chat has a more clearly open organisational structure than Freenode had before being taken over.
"All told, it appears something like 700 irc.freenode.net channels have been seized and re-permissioned," reports The Register, "supposedly because the channels mentioned Libera Chat in violation of Freenode's advertising policy."

Wednesday Freenode owner Andrew Lee posted a blog post explaining that "in retrospect, we should have handled the action of closing down channels slightly differently..."

"The intent of doing this was not an attempt of a hostile takeover nor hijack like many people are saying. Since certain projects were disrupting their users' ability to chat on freenode via mass kicks, force closures, spam, we decided to enact this policy in those places which were deemed in violation and could cause an issue later...

"We believe we should have done this in a much more communicative way to circulate the right message and keep things transparent which of course did not happen. As we move forward I'd like to fully assure you that we will be working in complete commitment to restore projects, namespaces and channels that were closed on accident as a part of this event and we welcome them to use freenode as before as their very own homebase.

"Lastly, there are no excuses for this, and I'm willing to admit that I was wrong with Tuesday's move and apologize for the inconvenience that may have caused."

An anonymous reader quotes a report from Wired: On Tuesday, Microsoft and OpenAI shared plans to bring GPT-3, one of the world's most advanced models for generating text, to programming based on natural language descriptions. This is the first commercial application of GPT-3 undertaken since Microsoft invested $1 billion in OpenAI last year and gained exclusive licensing rights to GPT-3. "If you can describe what you want to do in natural language, GPT-3 will generate a list of the most relevant formulas for you to choose from," said Microsoft CEO Satya Nadella in a keynote address at the company's Build developer conference. "The code writes itself."

Microsoft VP Charles Lamanna told WIRED the sophistication offered by GPT-3 can help people tackle complex challenges and empower people with little coding experience. GPT-3 will translate natural language into PowerFx, a fairly simple programming language similar to Excel commands that Microsoft introduced in March. Microsoft's new feature is based on a neural network architecture known as Transformer, used by big tech companies including Baidu, Google, Microsoft, Nvidia, and Salesforce to create large language models using text training data scraped from the web. These language models continually grow larger. The largest version of Google's BERT, a language model released in 2018, had 340 million parameters, a building block of neural networks. GPT-3, which was released one year ago, has 175 billion parameters. Such efforts have a long way to go, however. In one recent test, the best model succeeded only 14 percent of the time on introductory programming challenges compiled by a group of AI researchers. Still, researchers who conducted that study conclude that tests prove that "machine learning models are beginning to learn how to code."

After years of work, Epic Games is launching early access for game developers for Unreal Engine 5, the latest version of the company's tools for making games with highly realistic 3D animations. VentureBeat reports: Unreal Engine 5, which will officially ship in 2022, is the company's crowning technical achievement. The early access build will let game developers start testing features and prototyping their upcoming games. Epic isn't saying how long this took or how many employees are working on it, but it's a safe bet that a large chunk of those devs are involved in Unreal Engine 5. It's been seven years since the last engine shipped. Unreal Engine 5 will deliver the freedom, fidelity, and flexibility to create next-generation games that will blow players' minds, said Nick Penwarden, the vice president of engineering, in an interview with GamesBeat. He said it will be effortless for game developers to use groundbreaking new features such as Nanite and Lumen, which provide a generational leap in visual fidelity. The new World Partition system enables the creation of expansive worlds with scalable content.

Developers can also download the new sample project, Valley of the Ancient, to start exploring the new features of UE5. Captured on an Xbox Series X and PlayStation 5, Valley of the Ancient is a rich and practical example of how the new features included with Unreal Engine 5 early access can be used, and is the result of internal stress-testing. The demo features a woman named Echo in a deserted mountain area. The team from Quixel, which Epic acquired in 2019, went out to Moab in Utah to scan tons of rock formations, using drones and cameras. And the artists who created the demo populated the scene with Megascans assets, as opposed to using anything procedural or traditional animation tools. "We are targeting 30FPS on next-generation console hardware" at 4K output with the demo, said Penwarden. "We expect people to be targeting 60 frames per second. It's really a choice of the the gaming content itself, what you want to target, and UE5 is absolutely capable of powering 60 frames per second experiences. We chose to, in this case, absolutely maximize visual quality. And so we targeted 30fps. But we're absolutely going to support 60 frames per second experiences."

You can view a demo of Unreal Engine 5 running on both the PS5 and Xbox Series X here on YouTube.

App developer and scam app hunter Kosta Eleftheriou's latest discovery is a real doozy: an iOS app that refuses to function until you give it at least a 3-star review in the App Store. From a report: Although the UPNP Xtreme app -- which claimed to let users stream video to their TVs -- now appears to have been pulled, we were able to verify that it generates the App Store rating box the second it opens. You can't dismiss the ratings box, nor can you tap the 1 or 2-star ratings, Eleftheriou said. We verified this behavior, but some other users report they were able to dismiss the dialog box or leave a lower rating.

Oracle is giving customers more choice and flexibility with the launch of its first Arm-based cloud compute offering on the Oracle Cloud Infrastructure platform. From a report: The new offering, called OCI Ampere A1 Compute, is designed to power both general-purpose and cloud-native workloads that demand high performance at more manageable costs, Oracle said today. It's based on the Ampere Altra architecture built by Ampere Computing. Today's announcement comes as Oracle makes a big investment into the Arm ecosystem more generally, with the availability of more resources and tools, including a new development environment for developers that's intended to support Arm-based application development.

Arm's central processing units are known for their extremely efficient, flexible and scalable architecture. They're most prominently used in smaller devices such as smartphones, but in more recent years they have come to power everything from personal computers and "internet of things" devices to computer servers and even supercomputers. Oracle said its new Arm compute instances come in a range of options and sizes to fit just about any workload, with choices including what it says are the industry's first Arm-based flexible virtual machine shapes that can be right-sized for different jobs. There are also more powerful bare metal server options.

Microsoft is now using OpenAI's massive GPT-3 natural language model in its no-code/low-code Power Apps service to translate spoken text into code in its recently announced Power Fx language. From a report: Now don't get carried away. You're not going to develop the next TikTok while only using natural language. Instead, what Microsoft is doing here is taking some of the low-code aspects of a tool like Power Apps and using AI to essentially turn those into no-code experiences, too. For now, the focus here is on Power Apps formulas, which despite the low-code nature of the service, is something you'll have to write sooner or later if you want to build an app of any sophistication.

"Using an advanced AI model like this can help our low-code tools become even more widely available to an even bigger audience by truly becoming what we call no code," said Charles Lamanna, corporate vice president for Microsoft's low-code application platform. In practice, this looks like the citizen programmer writing "find products where the name starts with 'kids'" -- and Power Apps then rendering that as "Filter('BC Orders' Left('Product Name',4)="Kids")". Because Microsoft is an investor in OpenAI, it's no surprise the company chose its model to power this experience.

Microsoft has teamed up with Qualcomm to create a Windows on ARM-based dev kit for developers. From a report: The miniature PC will be sold at the Microsoft Store this summer, and is designed to be more affordable to encourage developers to create ARM64 apps for Snapdragon-based PCs. Until now, developers have had to purchase devices like the Surface Pro X to fully test their ARM64 apps on Windows. That's a costly exercise for developers, particularly when the Surface Pro X retails from $999 and up. While Microsoft and Qualcomm haven't put a price on this new dev kit, there are promises it will be more affordable than what developers can buy today. "This developer kit provides an affordable alternative to other consumer and commercial devices," says Miguel Nunes, senior director of product management at Qualcomm. "With the smaller desktop configuration, this kit gives developers more flexibility than notebook options, and at a lower price point."

Python's creator Guido van Rossum shared his opinions on other programming languages during a new hour-long interview with Microsoft's principle cloud advocate manager. Some of the highlights:

• Rust: "It sounds like it's a great language — for certain things. Rust really improves on C++ in one particular area — it makes it much harder to bypass the checks in the compiler. And of course it solves the memory allocation problem in a near perfect way... if you wrote the same thing in C++, you could not be as sure, as compared to Rust, that you've gotten all your memory allocation and memory management stuff right. So Rust is an interesting language."

• Go and Julia: "I still think that Go is a very interesting language too. Of all the new languages, Go is probably the most Python-ic — or at least the general-purpose new languages. There's also Julia, which is sort of an interesting sort of take on something Python-like. It has enough details that look very similar to Python that then when you realize, 'Oh, but all the indexing is one-based and ranges are inclusive instead of exclusive,' you think, 'Argh!' Nobody should ever try to code in Julia and in Python on the same day.
  
  "My understanding is that Julia is sort of much more of a niche language, and if you're in that niche, it is superior because the compiler optimizes your code for you in a way that Python probably never will. On the other hand, it is much more limited in other areas, and I wouldn't expect that anybody ever is going to write a web server in Julia and get a lot of mileage out of it. And I'm sure in five minutes that will be on Hacker News with a counterexample."

• TypeScript: "TypeScript is a great language. You might have noticed that in the past six or seven years, we've been adding optional static typing to Python, also known as gradual typing. I wasn't actually aware of TypeScript when we started that project, so I can't say that we were inspired by TypeScript initially. TypeScript, because it sort of jumped on the JavaScript bandwagon — and because Anders is a really smart guy — TypeScript did a few things that Python is still waiting to figure out. So nowadays, we definitely look at TypeScript for examples. We have a typing SIG where we discuss extensions of the typing syntax and semantics and the type system in general for Python, and we definitely sometimes propose new features because we know that certain features were also originally initially lacking in TypeScript, and then added to TypeScript based on user demand, and [became] very successful in TypeScript. And so now we can see we are in that same situation.
  
  "Because JavaScript and Python are relatively similar... Much more so than Python and say C++ or Rust or Java. So we are learning from TypeScript, and occasionally, from my conversations with Anders, it sounds like TypeScript is also learning from Python, just like JavaScript has learned from Python in a few areas."

"The official Python software package repository, PyPI, is getting flooded with spam packages..." Bleeping Computer reported Thursday.

"Each of these packages is posted by a unique pseudonymous maintainer account, making it challenging for PyPI to remove the packages and spam accounts all at once..." PyPI is being flooded with spam packages named after popular movies in a style commonly associated with torrent or "warez" sites that provide pirated downloads: watch-(movie-name)-2021-full-online-movie-free-hd-... Although some of these packages are a few weeks old, BleepingComputer observed that spammers are continuing to add newer packages to PyPI... The web page for these bogus packages contain spam keywords and links to movie streaming sites, albeit of questionable legitimacy and legality...

February of this year, PyPI had been flooded with bogus "Discord", "Google", and "Roblox" keygens in a massive spam attack, as reported by ZDNet. At the time, Ewa Jodlowska, Executive Director of the Python Software Foundation had told ZDNet that the PyPI admins were working on addressing the spam attack, however, by the nature of pypi.org, anyone could publish to the repository, and such occurrences were common.

Other than containing spam keywords and links to quasi-video streaming sites, these packages contain files with functional code and author information lifted from legitimate PyPI packages... As previously reported by BleepingComputer, malicious actors have combined code from legitimate packages with otherwise bogus or malicious packages to mask their footsteps, and make the detection of these packages a tad more challenging...

In recent months, the attacks on open-source ecosystems like npm, RubyGems, and PyPI have escalated. Threat actors have been caught flooding software repositories with malware, malicious dependency confusion copycats, or simply vigilante packages to spread their message. As such, securing these repositories has turned into a whack-a-mole race between threat actors and repository maintainers.

An anonymous reader quotes a report from The Mercury News: Instead of learning a foreign language, Michigan students could take computer coding classes to replace the high school graduation requirement, under a bill that passed the state House Tuesday. Currently, the Michigan Merit Curriculum, which dictates the state's academic standards for graduation, requires students to take two world language credits to receive a high school diploma. Before the bill passed a vote, bill sponsor Rep. Greg VanWoerkom spoke about the value of coding in Michigan's prominent auto and tech industries, as well as it being a good alternative for those kids who struggle with traditional language classes.

"Besides being a hard skill, that employers actually want, coding. helps build soft skills. Coding promotes the use of logic, reasoning, problem solving and creativity," the Norton Shores Republican said. "Any professional coder will tell you that to be fluent in coding takes years of practice and a deep understanding of the language." In opposition to the bill, Rep Padma Kuppa said though she understands the importance of adding more technology education to curriculums, having had a career as a mechanical engineer, coding is not a foreign language. Students need both computer and tech skills and foreign language skills. "As technology helps the world become more interconnected, our ability to understand and work with others on technical projects around the globe is not only related to the ability to code, but to understand one another," the Troy Democrat said.

ZDNet reports: Guido van Rossum, who created popular programming language Python 30 years ago, has outlined his ambitions to make it twice as fast — addressing a key weakness of Python compared to faster languages like C++.

Speed in Core Python (CPython) is one of the reasons why other implementations have emerged, such as Pyston.... In a contribution to the U.S. PyCon Language Summit this week, van Rossum posted a document on Microsoft-owned GitHub, first spotted by The Register, detailing some of his ambitions to make Python a faster language, promising to double its speed in Python 3.11 — one of three Python branches that will emerge next year in a pre-alpha release... van Rossum was "given freedom to pick a project" at Microsoft and adds that he "chose to go back to my roots".

"This is Microsoft's way of giving back to Python," writes van Rossum... According to van Rossum, Microsoft has funded a small Python team to "take charge of performance improvements" in the interpreted language...

He says that the main beneficiaries of upcoming changes to Python will be those running "CPU-intensive pure Python code" and users of websites with built-in Python.
The Register notes that the faster CPython project "has a GitHub repository which includes a fork of CPython as well as an issue tracker for ideas and tools for analysing performance."

"According to Van Rossum, there will be 'no long-lived forks/branches, no surprise 6,000 line pull requests,' and everything will be open source."

Apple is swatting down criticisms about how it runs its App Store, arguing its policies are just like those of its peers, in a new letter to senators today. From a report: Apple is making similar arguments to Congress to the ones in its defense in the Epic Games lawsuit -- namely, that it has the right to run its marketplace as it sees fit, and that companies and consumers that don't like it have alternatives. The letter, addressed to the members of the Senate Judiciary subcommittee that held a contentious hearing on app stores last month, contends that Spotify, Tile and Match Group misstated Apple's policies and are actually examples of companies that have been successful on iOS.

"Rather than demonstrating a problem with competition, these witnesses -- representing companies that have thrived in Apple's ecosystem -- showcased how Apple and the iOS ecosystem foster competition," wrpte Apple chief compliance officer Kyle Andeer, in the letter to Congress. At points, Apple appears to overstate its case. In one part, it writes that Spotify is wrong to suggest that developers can't communicate with customers about alternate purchase options, saying "Apple simply says that developers cannot redirect customers who are in the App Store to leave the App Store and go elsewhere." However, this restriction doesn't just apply in the App Store, but anywhere within an iOS app.

AmiMoJo writes: Zoom, a hallmark platform used by millions during the global health crisis, has been given access to a special iPadOS API that allows the app to use the iPad camera while the app is in use in Split View multitasking mode. This case of special treatment was first brought to attention by app developer Jeremy Provost, who, in a blog post, explains that Zoom uses a special API that allows the app to continue using and accessing the iPad camera while the app is being used in Split View mode. Zoom can do this thanks to an "entitlement," which grants developers the ability to execute a particular capability with an API. As Provost notes, Apple publicly documents the ability for developers to apply for several different entitlements, such as ones related to CarPlay, HomeKit, and more. However, the special API that Zoom has been given is not offered to other developers by Apple, nor is its existence acknowledged by the company itself. On the Zoom Developer Forum, a staff member for the video conferencing platform had confirmed earlier in February that Zoom has access to the "com.apple.developer.avfoundation.multitasking-camera-access," or iPad Camera Multitasking entitlement. Further reading: Apple Offered Special App Store API Access To Hulu and Other Developers.

IBM announced during its Think 2021 conference on Monday that its researchers have crafted a Rosetta Stone for programming code. Engadget reports: In effect, we've taught computers how to speak human, so why not also teach computers to speak more computer? That's what IBM's Project CodeNet seeks to accomplish. "We need our ImageNet, which can snowball the innovation and can unleash this innovation in algorithms," [Ruchir Puri, IBM Fellow and Chief Scientist at IBM Research, said during his Think 2021 presentation]. CodeNet is essentially the ImageNet of computers. It's an expansive dataset designed to teach AI/ML systems how to translate code and consists of some 14 million snippets and 500 million lines spread across more than 55 legacy and active languages -- from COBOL and FORTRAN to Java, C++, and Python.

"Since the data set itself contains 50 different languages, it can actually enable algorithms for many pairwise combinations," Puri explained. "Having said that, there has been work done in human language areas, like neural machine translation which, rather than doing pairwise, actually becomes more language-independent and can derive an intermediate abstraction through which it translates into many different languages." In short, the dataset is constructed in a manner that enables bidirectional translation. That is, you can take some legacy COBOL code -- which, terrifyingly, still constitutes a significant amount of this country's banking and federal government infrastructure -- and translate it into Java as easily as you could take a snippet of Java and regress it back into COBOL.

CodeNet can be used for functions like code search and clone detection, in addition to its intended translational duties and serving as a benchmark dataset. Also, each sample is labeled with its CPU run time and memory footprint, allowing researchers to run regression studies and potentially develop automated code correction systems. Project CodeNet consists of more than 14 million code samples along with 4000-plus coding problems collected and curated from decades' of programming challenges and competitions across the globe. "The way the data set actually came about," Puri said, "there are many kinds of programming competitions and all kinds of problems -- some of them more businesslike, some of them more academic. These are the languages that have been used over the last decade and a half in many of these competitions with 1000s of students or competitors submitting solutions." Additionally, users can run individual code samples "to extract metadata and verify outputs from generative AI models for correctness," according to an IBM press release. "This will enable researchers to program intent equivalence when translating one programming language into another." [...] IBM intends to release the CodeNet data to the public domain, allowing researchers worldwide equal and free access.

Developers are sharing their salaries on Twitter under the hashtag #GameDevPaidMe to encourage pay transparency in their industry. Axios reports: The hashtag started circulating last year, but has returned periodically as developers fight for better working conditions. Salary sharing is a way to equalize the field. By removing the secrecy, as well as the stigma, around discussing pay, workers have more power to advocate for themselves when negotiating salaries and raises. In 2020, Blizzard employees shared their salaries anonymously via a spreadsheet to compare compensation. The pay gap between people at the top, and workers on the ground is measurable in hundreds of thousands of dollars -- even when those CEOs take pay cuts.

What they're saying:
A lead designer on "Hearthstone" working for Blizzard Entertainment: "I started getting paid fairly once I started asking questions. I only started asking questions once I better understood what I was worth. Understanding what your worth can be a difficult question, but this helps."

A lead designer at Blackbird Interactive: "Every single person who plays games should take a good look at #GameDevPaidMe and get a sense for what the people who make your art actually make."

A senior game designer at Reflector Entertainment: "Don't wait for your employer to give you the raise you deserve, be open to talking to other companies even if you feel you are at a 'great' spot."

App Store Vice President Matt Fischer is on the stand answering questions from Apple and Epic lawyers, and one of the emails shared as evidence confirms that Apple has established special deals with major app developers like Hulu. From a report: In 2018, a tweet from developer David Barnard commented about App Store subscriptions being automatically cancelled through the StoreKit API, questioning why there hadn't been more offers to swap billing away from the App Store. Matt Fischer asked Cindy Lin about it, and she explained that Hulu is a developer with special access to a subscription cancel/refund API. Hulu is part of the set of whitelisted developers with access to subscription cancel/refund API. Back in 2015 they were using this to support instant upgrade using a 2 family setup, before we had subscription upgrade/downgrade capabilities built in. Apple does not further detail who other developers with special access might have been in the correspondence, but these are not features that all developers have access to. Apple has long said that the App Store provides a "level playing field" that treats all apps in the App Store the same with one set of rules for everybody and no special deals or special terms, but it's clear that some apps are indeed provided with special privileges.

An anonymous reader quotes a report from Bloomberg: The director of Witcher 3, the most successful video game by Polish publisher CD Projekt SA, resigned after he was accused of bullying colleagues, sending its shares to their steepest decline since March. CD Projekt conducted a months-long investigation into the allegations against Konrad Tomaszkiewicz, according to an email to staff reviewed by Bloomberg. In the message, Tomaszkiewicz wrote that a commission had investigated the allegations and found him not guilty. "Nonetheless, a lot of people are feeling fear, stress or discomfort when working with me," he wrote. He apologized to staff "for all the bad blood I have caused."

Tomaszkiewicz's work on Witcher 3 inspired the creation of a popular Netflix series, both based on novels by the author Andrzej Sapkowski, and at one point turned CD Projekt into Poland's most valuable company. [...] Tomaszkiewicz was expected to play a significant role in the company's next game in the Witcher series. When reached for comment, Tomaszkiewicz confirmed his departure and said he was "sad, a bit disappointed and resigned." A representative for CD Projekt declined to comment. In the email to employees, Tomaszkiewicz said the decision was agreed upon with the company's board. "I am going to continue working on myself," he wrote. "Changing behavior is a long and arduous process, but I'm not giving up, and I hope to change."

Analyst firm SlashData surveyed over 19,000 respondents from 155 countries for its "State of the Developer Nation" survey — and now estimates that there's 24.3 million active developers worldwide.

TechRadar reports: The report pegs JavaScript as the most popular language that, together with variants including TypeScript and CoffeeScript, is used by almost 14 million developers around the world. Based on SlashData's observations over the past several years, more than 4.5 million JavaScript developers have joined the ranks between Q4 2017 and Q1 2021. This is the highest growth in terms of absolute numbers across all programming languages...

Next up is Python with just over 10 million users, followed by Java with 9.4 million, and C/C++ with 7.3 million. The report notes that Python added 1.6 million new developers in the past year, recording a growth rate of 20%.
From ZDNet: SlashData estimates the next three largest developer communities are using C/C++ (7.3 million), Microsoft's C# (6.5 million), and PHP (6.3 million). Other large groups of developers are fans of Kotlin, Swift, Go, Ruby, Objective C, Rust and Lua...

SlashData, however, notes that Rust and Lua were the two fastest growing programming language communities in the past 12 months, albeit from a lower base than Python.
And Visual Studio magazine couldn't resist emphasizing that C# "has ticked up a notch in popularity, overtaking PHP for No. 5 on that ranking..." "C# lost three places in the rankings of language communities between Q3 2019 and Q3 2020, but it regained its lead over PHP in the past six months after adding half a million developers," the report states... "C# is traditionally popular within the desktop developer community, but it's also the most broadly used language among AR/VR and game developers, largely due to the widespread adoption of the Unity game engine in these areas..."

It was a different story one year ago, when the 18th edition of the report said: "C# lost about 1M developers during 2019... [I]t seems to be losing its edge in desktop development — possibly due to the emergence of cross-platform tools based on web technologies."

The language might see more desktop development inroads as new initiatives from Microsoft such as Blazor Desktop (one of those "cross-platform tools based on web technologies") and .NET MAUI provide a wide array of desktop approaches.

There was a big announcement this week from Mozilla. They've joined Fastly, Intel, and Microsoft "in announcing the incorporation and expansion of the Bytecode Alliance, a cross-industry partnership to advance a vision for fast, secure, and simplified software development based on WebAssembly." Building software today means grappling with a set of vexing trade-offs. If you want to build something big, it's not realistic to build each component from scratch. But relying on a complex supply chain of components from other parties allows a defect anywhere in that chain to compromise the security and stability of the entire program.

Tools like containers can provide some degree of isolation, but they add substantial overhead and are impractical to use at per-supplier granularity. And all of these dynamics entrench the advantages of big companies with the resources to carefully manage and audit their supply chains.

Mozilla helped create WebAssembly to allow the Web to grow beyond JavaScript and run more kinds of software at faster speeds. But as it matured, it became clear that WebAssembly's technical properties — particularly memory isolation — also had the potential to transform software development beyond the browser by resolving the tension described above. Several other organizations shared this view, and we came together to launch the Bytecode Alliance as an informal industry partnership in late 2019. As part of this launch, we articulated our shared vision and called for others to join us in bringing it to life... [W]e asked prospective members to be patient and, in parallel with ongoing technical efforts, worked to incorporate the Alliance as a formal 501(c)(6) organization. That process is now complete, and we're thrilled to welcome Arm, DFINITY Foundation, Embark Studios, Google, Shopify, and University of California at San Diego as official members of the Bytecode Alliance.

We have a real opportunity to change how software is built, and in doing so, enable small teams to build big things that are both secure and fast.

Achieving the elusive trifecta — easy composition, defect isolation, and high performance — requires both the right technology and a coordinated effort across the ecosystem to deploy it in the right way. Mozilla believes that WebAssembly has the right technical ingredients to build a better, more secure Internet, and that the Bytecode Alliance has the vision and momentum to make it happen.

Facebook has joined the Rust Foundation, the organization driving the Rust programming language, alongside Amazon Web Services, Google, Huawei, Microsoft, and Mozilla. From a report: Facebook is the latest tech giant to ramp up its adoption of Rust, a language initially developed by Mozilla that's become popular for systems programming because of its memory safety guarantees compared to fast languages C and C++. Rust is appealing for writing components like drivers and compilers.

The Rust Foundation was established in February with initial backing from Amazon Web Services, Google, Huawei, Microsoft, and Mozilla. Microsoft is exploring Rust for some components of Windows and Azure while Google is using Rust to build new parts of the Android operating system and supporting an effort to bring Rust to the Linux kernel. Facebook's engineering team has now detailed its use of Rust beginning in 2016, a year after Rust reached its 1.0 milestone. "For developers, Rust offers the performance of older languages like C++ with a heavier focus on code safety. Today, there are hundreds of developers at Facebook writing millions of lines of Rust code," Facebook's software engineering team said.

On the last day of March, DroidScript, a popular Android app for writing JavaScript code, had its Google advertising account suspended and a week later was removed from the Google Play Store for alleged ad fraud. From a report: David Hurren, founder of the non-profit DroidScript.org and of SoftCogs Ltd, a UK-based software firm, is baffled by the charge and asked Google to explain how it came to that conclusion and to reconsider its suspension of DroidScript. But his appeals have been answered by form letters and now the app, used by more than 100,000 developers, including students, teachers and professionals, is losing premium subscribers as well as ad revenue with no further explanation from Google.

The app had only a single banner, added "reluctantly added to cover our development and hosting costs," Hurren explained in a DroidScript forum post about the crisis. Denied access to ad revenue and details about the supposed infraction, Hurren set about creating a new version without the AdMob banner ad shortly after the AdMob account suspension, knowing this might also prevent DroidScript users from implementing AdMob in their own apps. But Google, on April 7, suspended the app on Google Play, preventing any new version from being released. Hurren said that means the app loses all the user-ratings, download statistics, and premium subscribers accrued over the past seven years.

From Mike Melanson's "This Week in Programming" column: "The Rustening at Microsoft has begun," tweeted Microsoft distinguished engineer Miguel de Icaza.

What de Icaza is referring to is a newly-offered course by Microsoft on taking the first steps with Rust, which much of the Twitterverse of Rust devotees sees as a sign that the company is further increasing its favor for their crab-themed language of choice. Of course, this isn't the first we've heard of Microsoft looking to Rust to handle the 70% of Microsoft vulnerabilities that it says come from using the memory-unsafe C++ programming language in its software. A few years back now, Microsoft launched Project Verona, a research programming language that takes a bite from Rust in the realm of ownership and is said to be inspired by Rust, among others.

More recently, however, Microsoft announced the preview of Rust for Windows, which "lets you use any Windows API (past, present, and future) directly and seamlessly via the windows crate (crate is Rust's term for a binary or a library, and/or the source code that builds into one)." With Rust for Windows, developers can now not only use Rust on Windows, they can also write apps for Windows using Rust...

According to the project description, the Windows crate "lets you call any Windows API past, present, and future using code generated on the fly directly from the metadata describing the API and right into your Rust package where you can call them as if they were just another Rust module" and that, along with the introduction of a course for learning Rust, is precisely what has all those Rust devotees so excited.
InfoWorld has more information...