An anonymous reader shares this report from InfoWorld: C++ 23, a planned upgrade to the popular programming language, is now feature-complete, with capabilities such as standard library module support. On the horizon is a subsequent release, dubbed C++ 26.

The ISO C++ Committee in early February completed technical work on the C++ 23 specification and is producing a final document for a draft approval ballot, said Herb Sutter, chair of the committee, in a blog post on February 13. The standard library module is expected to improve compilation.

Other features slated for C++ 23 include simplifying implicit move, fixing temporaries in range-for loops, multidimensional and static operator[], and Unicode improvements. Also featured is static constexpr in constexpr functions. The full list of features can be found at cppreference.com.

Many features of C++ 23 already have been implemented in major compilers and libraries, Sutter said. A planned C++ 26 release of the language, meanwhile, is slated to emphasize concurrency and parallelism.

"The Rust open source project, which handles standards for the language, released a new governance plan Thursday," reports The New Stack, "the cumulation of six months of intense work." Released as a request for comment on GitHub, it will now undergo a comment period. It requires ratification by team leaders before it's accepted.

The Rust project interacts with, but is separate from, the Rust Foundation, which primarily handles the financial assets of Rust. Two years ago, the project had a very public blowup after its entire mod team resigned and publicly posted a scathing account of the core team, which the mod team called "unaccountable to anyone but themselves." It even suggested the core team was not to be trusted, although the team later recanted and apologized for that.

[Rust core team developer] Josh Triplett understandably didn't want to dwell on the kerfuffle that lead to this action. He focused instead on the underlying structural issues that lead to the leadership crisis. "As a result of that, there was widespread agreement within the project that we needed to create a better formal governance structure that removed some of those ambiguities and conflicts, and had mechanisms for dealing with this without ever having a similar crisis," Triplett told The New Stack. "We don't want to ever to have things get to that point again...."

The original Rust project governance structure evolved out of Mozilla, where Rust began and was nurtured for years. Around 2016 or 2017, a request for comment came out that established the Rust project's governance, Triplett said. It created approximately six teams, including the core, language, mod, library and cargo teams. Among the problems with the old model was that the core team became responsible for not just overseeing problems that arose, but solving them as well, Triplett said. That led to burnout and problems, said JT Turner, one of the co-authors on the new model and a member of the Rust core team.... Ultimately, the old governance model was "not a very precise document," Triplett added.

"It was just, 'Hey, here's the rough divisions of power,' and because that document was very rough and informal, it didn't scale to today," he said. "That's one of the things that led to the governance crisis."

OpenAI, the company behind ChatGPT and DALL-E 2, is launching developer APIs for the AI chatbot and the Whisper speech-transcription model. It also changed its terms of service to let developers opt out of using their data for improvements while adding a 30-day data retention policy. Engadget reports: The new ChatGPT API will use the same AI model ("gpt-3.5-turbo") as the popular chatbot, allowing developers to add either unchanged or flavored versions of ChatGPT to their apps. Snap's My AI is an early example, along with a new virtual tutor feature for the online study tool Quizlet and an upcoming Ask Instacart tool in the popular local-shopping app. However, the API won't be limited to brand-specific bots mimicking ChatGPT; it can also power "non-chat" software experiences that could benefit from AI brains. The ChatGPT API is priced at $0.002 per 1,000 tokens (about 750 words). Additionally, it's offering a dedicated-capacity option for deep-pocketed developers who expect to use more tokens than the standard API allows. The new developer options join the consumer-facing ChatGPT Plus, a $20-per-month service launched in February.

Meanwhile, OpenAI's Whisper API is a hosted version of the open-source Whisper speech-to-text model it launched in September. "We released a model, but that actually was not enough to cause the whole developer ecosystem to build around it," OpenAI president and co-founder Greg Brockman told TechCrunch on Tuesday. "The Whisper API is the same large model that you can get open source, but we've optimized to the extreme. It's much, much faster and extremely convenient." The transcription API will cost developers $0.006 per minute, enabling "robust" transcription in multiple languages and providing translation to English. Further reading: OpenAI Is Now Everything It Promised Not To Be: Corporate, Closed-Source, and For-Profit (Motherboard)

An industry group representing the world's biggest mobile phone operators announced a new united interface that will give developers universal access to all of their networks, speeding up the delivery of new services and products. From a report: The GSMA will introduce the portal, called Open Gateway, at its annual Mobile World Congress in Barcelona on Monday, its Director General Mats Granryd said in an interview. AT&T, China Mobile, Deutsche Telekom and Vodafone Group are among the 21 GSMA members that will use the interface. "We have the phenomenal reach down to the base station and out into your pocket," Granryd said. "And that's what we're trying to make available for the developer community to ultimately benefit you as a consumer or you as a business."

An anonymous reader quotes an article from Fortune: Earlier this month, job advice platform Resumebuilder.com surveyed 1,000 business leaders who either use or plan to use ChatGPT. It found that nearly half of their companies have implemented the chatbot. And roughly half of this cohort say ChatGPT has already replaced workers at their companies....

Business leaders already using ChatGPT told ResumeBuilders.com their companies already use ChatGPT for a variety of reasons, including 66% for writing code, 58% for copywriting and content creation, 57% for customer support, and 52% for meeting summaries and other documents. In the hiring process, 77% of companies using ChatGPT say they use it to help write job descriptions, 66% to draft interview requisitions, and 65% to respond to applications.

Overall, most business leaders are impressed by ChatGPT's work," ResumeBuilder.com wrote in a news release. "Fifty-five percent say the quality of work produced by ChatGPT is 'excellent,' while 34% say it's 'very good....'" Nearly all of the companies using ChatGPT said they've saved money using the tool, with 48% saying they've saved more than $50,000 and 11% saying they've saved more than $100,000....

Of the companies ResumeBuilder.com identified as businesses using the chatbot, 93% say they plan to expand their use of ChatGPT, and 90% of executives say ChatGPT experience is beneficial for job seekers — if it hasn't already replaced their jobs.

Long-time Slashdot reader destinyland writes: They say "always be learning" — but do podcasts actually help? I've been trying to find podcasts that discuss programming, and I've enjoyed Lex Fridman's interviews with language creators like Guido van Rossum, Chris Lattner, and Brendan Eich (plus his long interviews with Donald Knuth). Then I discovered that GitHub, Red Hat, Stack Overflow, and the Linux Foundation all have their own podcast.

There's a developer podcast called "Corecursive" that I like with the tagline "the stories behind the code," plus a whole slew of (sometimes language-specific) podcasts at Changelog (including an interview with Brian Kernighan). And it seems like there's an entirely different universe of content on YouTube — like the retired Microsoft engineer doing "Dave's Garage," Software Engineering Daily, and the various documentaries by Honeypot.io. Computerphile has also scored various interviews with Brian Kernighan, and if you search YouTube enough you'll find stray interviews with Steve Wozniak.

But I wanted to ask Slashdot's readers: Do you listen to podcasts about computer science? And if so, which ones? (Because I'm always stumbling across new programming podcasts, which makes me worry about what else I've been missing out on.) Maybe I should also ask if you ever watch coding livestreams on Twitch — although that gets into the more general question of just how much content we consume that's related to our profession.
Fascinating discussions, or continuing work-related education? (And do podcasts really help keep your skills fresh? Are coding livestreams on Twitch just a waste of time?) Most importantly, does anyone have a favorite geek podcast that they're listening to? Share your own experience and opinions in the comments...

What's the best podcast about computer science?

An anonymous reader shared this report from InfoWorld: .NET 8, the next planned version of the Microsoft's open source software development platform, is set to emphasize Linux accommodations as well as cloud development and containers.

A first preview of .NET 8 is available for download at dot.microsoft.com for Windows, Linux, and macOS, Microsoft said on February 21. A long-term support (LTS) release that will be supported for three years, .NET 8 is due for production availability in November, a year after the release of predecessor .NET 7.

The new .NET release will be buildable on Linux directly from the dotnet/dotnet repository, using dotnet/source-build to build .NET runtimes, tools, and SDKs. This is the same build used by Red Hat and Canonical to build .NET. Over time, this capability will be extended to support Windows and macOS. Previously, .NET could be built from the source, but a "source tarball" was required from the dotnet/installer.
"We are publishing Ubuntu Chiseled images with .NET 8," adds Microsoft's announcement.

And when it comes to the .NET Monitor tool, "We plan to ship to dotnet/monitor images exclusively as Ubuntu Chiseled, starting with .NET 8. That's notable because the monitor images are the one production app image we publish."

Slashdot reader sleeping cat shares a recent FOSDEM talk by a compiler engineer on the team building Rust-GCC, "an alternative compiler implementation for the Rust programming language."

"If gccrs interprets a program differently from rustc, this is considered a bug," explains the project's FAQ on GitHub.

The FAQ also notes that LLVM's set of compiler technologies — which Rust uses — "is missing some backends that GCC supports, so a gccrs implementation can fill in the gaps for use in embedded development." But the FAQ also highlights another potential benefit: With the recent announcement of Rust being allowed into the Linux Kernel codebase, an interesting security implication has been highlighted by Open Source Security, inc. When code is compiled and uses Link Time Optimization (LTO), GCC emits GIMPLE [an intermediate representation] directly into a section of each object file, and LLVM does something similar with its own bytecode. If mixing rustc-compiled code and GCC-built code in the Linux kernel, the compilers will be unable to perform a full link-time optimization pass over all of the compiled code, leading to absent CFI (control flow integrity).

If Rust is available in the GNU toolchain, releases can be built on the Linux kernel (for example) with CFI using LLVM or GCC.
Started in 2014 (and revived in 2019), "The effort has been ongoing since 2020...and we've done a lot of effort and a lot of progress," compiler engineer Arthur Cohen says in the talk. "We have upstreamed the first version of gccrs within GCC. So next time when you install GCC 13 — you'll have gccrs in it. You can use it, you can start hacking on it, you can please report issues when it inevitably crashes and dies horribly."

"One big thing we're doing is some work towards running the rustc test suite. Because we want gccrs to be an actual Rust compiler and not a toy project or something that compiles a language that looks like Rust but isn't Rust, we're trying really hard to get that test suite working."

Read on for some notes from the talk...

Coinbase, the second largest crypto exchange by trading volume, has launched Base, an Ethereum-focused layer-2 (L2) blockchain, said Jesse Pollak, lead for Base and head of protocols at Coinbase. From a report: In the past, Coinbase has homed in on the trading and exchange side of its business, but from the utility perspective, it's still too hard for developers to build useful decentralized applications (dApps) and for users to actually use those things on-chain, Pollak said. In an effort to expand further into the developer space, Coinbase is building Base to make it "dead easy" for developers to build dApps and for users to access those dApps through Coinbase products, Pollak said. "Our goal is to bring about phase 4 of Coinbase's master plan: to bring a billion users into the crypto economy."

The L2 is a "secure, low-cost, developer-friendly" chain that aims to help builders create dApps on-chain, the company stated. Base is built on the MIT-licensed OP Stack in collaboration with the layer-2 blockchain Optimism, which is also focused on the Ethereum chain. A number of crypto businesses, platforms, marketplaces and infrastructure firms have committed to building on Base, a Coinbase spokesperson told TechCrunch. Those that plan to be involved include Blockdaemon, Chainlink, Etherscan, Quicknode, Aave, Animoca Brands, Dune, Nansen, Magic Eden, Pyth, Rainbow Wallet, Ribbon Finance, The Graph, Wormhole and Gelato, to name a handful.

Three years after Rails was introduced in 2005, InfoWorld asked whether it might the successor to Java.

That didn't happen. So this week InfoWorld "spoke to current and former Ruby programmers to try to trace the language's rise and fall." Some responses: "Rails came along at the cusp of a period of transformation and growth for the web," says Matthew Boeh, a Ruby developer since 2006. "It both benefited from and fueled that growth, but it was a foregone conclusion that it wasn't going to be the only success story." Boeh recently took a job as a senior staff software engineer at Lattice, a TypeScript shop. "You could say that Ruby has been a victim of its own success, in that its community was a major driving force in the command-line renaissance of recent years," he says. "In the early '00s it was introducing REPL-driven development to people who had never heard of Lisp, package management to people who would have been scared off by Perl's CPAN, test-driven development to people outside the highly corporate Java world, and so on. This is all stuff that is considered table stakes today. Ruby didn't originate any of it, but it was all popularized and made accessible by Rubyists...."

"The JavaScript ecosystem in its current form would have been unimaginable in 2004 — it needed both the command line renaissance and the takeoff of the web platform," adds Lattice's Boeh. "Did you know it took a full decade, 1999 to 2009, to release a single new version of the JavaScript standard? We get one yearly now. Rails became a big deal in the very last time period where it was possible to be a full-stack developer without knowing JavaScript...."

[W]hen it comes to data science, Python has a leg up because of the ready availability of libraries like TensorFlow and Keras. "These frameworks make it easy for coders to build data visualizations and write programs for machine learning," says Pulkit Bhardwaj, e-commerce coach at BoutiqueSetup.net. JavaScript, meanwhile, has spawned seemingly endless libraries that developers can easily download and adapt for just about any purpose. "As a technologist, you can go on your own hero's journey following whatever niche thing you think is the right way to go," says Trowbridge. But when it comes to JavaScript, "these libraries are excellent. Why ignore all of that?"

Many of those libraries were developed by community members, which inspired others to contribute in a snowball effect familiar to anyone involved in open source. But one big player has had an outsized influence here. Python's TensorFlow, which Bhardwaj called a "game-changer," was released by Google, which has followed academia's lead and made Python its internal scripting language. Google, as the maker of the dominant web browser, also has an obvious interest in boosting JavaScript, and Trowbridge gives Google much of the credit for making JavaScript much faster and more memory efficient than it once was: "In some ways it feels almost like a low level language," he says. Meanwhile, Ruby is widely acknowledged to be lagging in performance, in part because it lacks the same sort of corporate sponsor with resources for improving it.

"All right, we're going to begin this hour with a question on many people's minds these days, amid all these major developments in the field of artificial intelligence. And that question is this: How long until the machines replace us, take our jobs?"

That's the beginning of a segment broadcast on CBS's morning-television news show (with the headline, "Will artificial intelligence erase jobs?") Some excerpts:


"As artificial intelligence gets better.... job security is only supposed to get worse. And in reports like this one, of the top jobs our AI overlords plan to kill, coding or computing programming is often on the list. So with the indulgence of Sam Zonka, a coder and instructor at the General Assembly coding school in New York, I decided to test the idea of an imminent AI takeover -- by seeing if the software could code for someone who knows as little about computers as me -- eliminating the need to hire someone like him."

Gayle King: "So all this gobbledy-gook on the screen. That's what people who sit in these classrooms learn?"

"And I for one was prepared to be amazed. But take a look at the results. About as basic as a basic web site can be."

King: What do you think? You're the professional.
Zonka: Ehh.

[Microsoft CEO Satya Nadella also spoke to CBS right before the launch of its OpenAI-powered Bing search engine, arguing that AI will create more satisfaction in current jobs as well as more net new jobs -- and even helping the economy across the board. "My biggest worry," Nadella says, "is we need some new technology that starts driving real productivity. It's time for some real innovation.]

King: Do you think it'll drive up wages?
Nadella: I do believe it will drive up wages, because productivity and wages are related.


At the end of the report, King tells his co-anchors "In the long term, the research suggests Nadella is correct. In the long term, more jobs, more money. It's in the short-term that all the pain happens."

The report also features an interview with MIT economist David Autor, saying he believes the rise of AI "does indeed mean millions of jobs are going to change in our lifetime. And what's scary is we're just not sure how.... He points out, for example, that more than 60% of the types of jobs people are doing today didn't even exist in the 1940s -- while many of the jobs that did exist have been replaced."

There was also a quote from Meredith Whittaker (co-founder of the AI Now Institute and former FTC advisor), who notes that AI systems "don't replace human labor. They just require different forms of labor to sort of babysit them to train them, to make sure they're working well. Whose work will be degraded and whose house in the Hamptons will get another wing? I think that's the fundamental question when we look at these technologies and ask questions about work."

Later King tells his co-anchors that Whittaker's suggestion was for workers to organize to try to shape how AI system are implemented in their workplace.

But at an open house for the General Assembly code camp, coder Zonka says on a scale of 1 to 10, his worry about AI was only a 2. "The problem is that I'm not entirely sure if the AI that would replace me is 10 years from now, 20 years from now, or 5 years from now."

So after speaking to all the experts, King synthesized what he'd learned. "Don't necessarily panic. You see these lists of all the jobs that are going to be eliminated. We're not very good at making those predictions. Things happen in different ways than we expect. And you could actually find an opportunity to make more money, if you figure out how you can complement the machine as opposed to getting replaced by the machine."

An anonymous reader quotes a report from MIT Technology Review: Many software projects emerge because -- somewhere out there -- a programmer had a personal problem to solve. That's more or less what happened to Graydon Hoare. In 2006, Hoare was a 29-year-old computer programmer working for Mozilla, the open-source browser company. Returning home to his apartment in Vancouver, he found that the elevator was out of order; its software had crashed. This wasn't the first time it had happened, either. Hoare lived on the 21st floor, and as he climbed the stairs, he got annoyed. "It's ridiculous," he thought, "that we computer people couldn't even make an elevator that works without crashing!" Many such crashes, Hoare knew, are due to problems with how a program uses memory. The software inside devices like elevators is often written in languages like C++ or C, which are famous for allowing programmers to write code that runs very quickly and is quite compact. The problem is those languages also make it easy to accidentally introduce memory bugs -- errors that will cause a crash. Microsoft estimates that 70% of the vulnerabilities in its code are due to memory errors from code written in these languages.

Most of us, if we found ourselves trudging up 21 flights of stairs, would just get pissed off and leave it there. But Hoare decided to do something about it. He opened his laptop and began designing a new computer language, one that he hoped would make it possible to write small, fast code without memory bugs. He named it Rust, after a group of remarkably hardy fungi that are, he says, "over-engineered for survival." Seventeen years later, Rust has become one of the hottest new languages on the planet -- maybe the hottest. There are 2.8 million coders writing in Rust, and companies from Microsoft to Amazon regard it as key to their future. The chat platform Discord used Rust to speed up its system, Dropbox uses it to sync files to your computer, and Cloudflare uses it to process more than 20% of all internet traffic.

When the coder discussion board Stack Overflow conducts its annual poll of developers around the world, Rust has been rated the most "loved" programming language for seven years running. Even the US government is avidly promoting software in Rust as a way to make its processes more secure. The language has become, like many successful open-source projects, a barn-raising: there are now hundreds of die-hard contributors, many of them volunteers. Hoare himself stepped aside from the project in 2013, happy to turn it over to those other engineers, including a core team at Mozilla. It isn't unusual for someone to make a new computer language. Plenty of coders create little ones as side projects all the time. But it's meteor-strike rare for one to take hold and become part of the pantheon of well-known languages alongside, say, JavaScript or Python or Java. How did Rust do it?

C++ creator Bjarne Stroustrup "joins calls for changing the programming language itself to address security concerns," according to an article shared by Slashdot user guest reader: In mid-January, the official C++ "direction group" -- which makes recommendations for the programming language's evolution -- issued a statement addressing concerns about C++ safety. While many languages now support "basic type safety" -- that is, ensuring that variables access only sections of memory that are clearly defined by their data types -- C++ has struggled to offer similar guarantees.

This new statement, co-authored by C++ creator Bjarne Stroustrup, now appears to call for changing the C++ programming language itself to address safety concerns. "We now support the idea that the changes for safety need to be not just in tooling, but visible in the language/compiler, and library." The group still also supports its long-preferred use of debugging tools to ensure safety (and "pushing tooling to enable more global analysis in identifying hard for humans to identify safety concerns"). But that January statement emphasizes its recommendation for changes within C++.

Specifically, it proposes "packaging several features into profiles" (with profiles defined later as "a collection of restrictions and requirements that defines a property to be enforced" by, for example, triggering an automatic analysis.) In this way the new changes for safety "should be visible such that the Safe code section can be named (possibly using profiles), and can mix with normal code." And this new approach would ultimately bring not just safety but also flexibility, with profiles specifically designed to support embedded computing, performance-sensitive applications, or highly specific problem domains, like automotive, aerospace, avionics, nuclear, or medical applications.

"For example, we might even have safety profiles for safe-embedded, safe-automotive, safe-medical, performance-games, performance-HPC, and EU-government-regulation," the group suggests. Elsewhere in the document they put it more succinctly. "To support more than one notion of 'safety', we need to be able to name them."
Stroustrup emphasized his faith in C++ in a 2020 interview. "I think C++ can do anything Rust can do, and I would like it to be much simpler to use," Stroustrup told the Association for Computing Machinery's Special Interest Group on Programming Languages.

But even then, he'd said that basic type safety was one of his earliest design goals -- and one he's spent decades trying to achieve. "I get a little bit sad when I hear people talk about C++ as if they were back in the 1980s, the 1990s, which a lot of people do. They looked at it back in the dark ages, and they haven't looked since."

A Rust-based re-implementation of GNU core utilities like cp and mv is "reaching closer to parity with the widely-used GNU upstream and becoming capable of taking on more real-world uses," reports Phoronix: Debian developer Sylvestre Ledru [also an engineering director at Mozilla] began working on uutils during the COVID-19 pandemic and presented last week at FOSDEM 2023 on his Coreutils replacement effort. With uutils growing into increasingly good shape, it's been packaged up by many Linux distributions and is also used now by "a famous social network via the Yocto project...."

The goals with uutils are to try to create a drop-in replacement for GNU Coreutils, strive for good cross-platform support, and easy testing. Ledru's initial goals were about being able to boot Debian, running the most popular packages, building key open-source software, and all-around it's been panning out to be a great success.... [M]ore performance optimizations are to come along with other work for compatibility against the GNU tools and implementing some still missing options in different programs

Russ Cox, a Google software engineer steering the development of the open source Go programming language, has presented a possible plan to implement telemetry in the Go toolchain. However many in the Go community object because the plan calls for telemetry by default. The Register reports: These alarmed developers would prefer an opt-in rather than an opt-out regime, a position the Go team rejects because it would ensure low adoption and would reduce the amount of telemetry data received to the point it would be of little value. Cox's proposal summarized lengthier documentation in three blog posts.

Telemetry, as Cox describes it, involves software sending data from Go software to a server to provide information about which functions are being used and how the software is performing. He argues it is beneficial for open source projects to have that information to guide development. And the absence of telemetry data, he contends, makes it more difficult for project maintainers to understand what's important, what's working, and to prioritize changes, thereby making maintainer burnout more likely. But such is Google's reputation these days that many considering the proposal have doubts, despite the fact that the data collection contemplated involves measuring the usage of language features and language performance. The proposal isn't about the sort of sensitive personal data vacuumed up by Google's ad-focused groups. "Now you guys want to introduce telemetry into your programming language?" IT consultant Jacob Weisz said. "This is how you drive off any person who even considered giving your project a chance despite the warning signs. Please don't do this, and please issue a public apology for even proposing it. Please leave a blast radius around this idea wide enough that nobody even suggests trying to do this again."

He added: "Trust in Google's behavior is at an all time low, and moves like this are a choice to shove what's left of it off the edge of a cliff."

Meanwhile, former Google cryptographer and current open source maintainer Filippo Valsorda said in a post to Mastodon: "This is a large unconventional design, there are a lot of tradeoffs worth discussing and details to explore," he wrote. "When Russ showed it to me I made at least a dozen suggestions and many got implemented."

"Instead: all opt-out telemetry is unethical; Google is evil; this is not needed. No one even argued why publishing any of this data could be a problem."

Thomas Claburn writes via The Register: GitHub has a lot of code to search -- more than 200 million repositories -- and says last November's beta version of a search engine optimized for source code that has caused a "flurry of innovation." GitHub engineer Timothy Clem explained that the company has had problems getting existing technology to work well. "The truth is from Solr to Elasticsearch, we haven't had a lot of luck using general text search products to power code search," he said in a GitHub Universe video presentation. "The user experience is poor. It's very, very expensive to host and it's slow to index." In a blog post on Monday, Clem delved into the technology used to scour just a quarter of those repos, a code search engine built in Rust called Blackbird.

Blackbird currently provides access to almost 45 million GitHub repositories, which together amount to 115TB of code and 15.5 billion documents. Shifting through that many lines of code requires something stronger than grep, a common command line tool on Unix-like systems for searching through text data. Using ripgrep on an 8-core Intel CPU to run an exhaustive regular expression query on a 13GB file in memory, Clem explained, takes about 2.769 seconds, or 0.6GB/sec/core. [...] At 0.01 queries per second, grep was not an option. So GitHub front-loaded much of the work into precomputed search indices. These are essentially maps of key-value pairs. This approach makes it less computationally demanding to search for document characteristics like the programming language or word sequences by using a numeric key rather than a text string. Even so, these indices are too large to fit in memory, so GitHub built iterators for each index it needed to access. According to Clem, these lazily return sorted document IDs that represent the rank of the associated document and meet the query criteria.

To keep the search index manageable, GitHub relies on sharding -- breaking the data up into multiple pieces using Git's content addressable hashing scheme and on delta encoding -- storing data differences (deltas) to reduce the data and metadata to be crawled. This works well because GitHub has a lot of redundant data (e.g. forks) -- its 115TB of data can be boiled down to 25TB through deduplication data-shaving techniques. The resulting system works much faster than grep -- 640 queries per second compared to 0.01 queries per second. And indexing occurs at a rate of about 120,000 documents per second, so processing 15.5 billion documents takes about 36 hours, or 18 for re-indexing since delta (change) indexing reduces the number of documents to be crawled.

An anonymous reader quotes a report from Motherboard: Two developers have used OpenAI's DALL-E 2 image generation model to create a forensic sketch program that can create "hyper-realistic" police sketches of a suspect based on user inputs. The program, called Forensic Sketch AI-rtist, was created by developers Artur Fortunato and Filipe Reynaud as part of a hackathon in December 2022. The developers wrote that the program's purpose is to cut down the time it usually takes to draw a suspect of a crime, which is "around two to three hours," according to a presentation uploaded to the internet. "We haven't released the product yet, so we don't have any active users at the moment, Fortunato and Reynaud told Motherboard in a joint email. "At this stage, we are still trying to validate if this project would be viable to use in a real world scenario or not. For this, we're planning on reaching out to police departments in order to have input data that we can test this on."

AI ethicists and researchers told Motherboard that the use of generative AI in police forensics is incredibly dangerous, with the potential to worsen existing racial and gender biases that appear in initial witness descriptions. "The problem with traditional forensic sketches is not that they take time to produce (which seems to be the only problem that this AI forensic sketch program is trying to solve). The problem is that any forensic sketch is already subject to human biases and the frailty of human memory," Jennifer Lynch, the Surveillance Litigation Director of the Electronic Frontier Foundation, told Motherboard. "AI can't fix those human problems, and this particular program will likely make them worse through its very design."

The program asks users to provide information either through a template that asks for gender, skin color, eyebrows, nose, beard, age, hair, eyes, and jaw descriptions or through the open description feature, in which users can type any description they have of the suspect. Then, users can click "generate profile," which sends the descriptions to DALL-E 2 and produces an AI-generated portrait. "Research has shown that humans remember faces holistically, not feature-by-feature. A sketch process that relies on individual feature descriptions like this AI program can result in a face that's strikingly different from the perpetrator's," Lynch said. "Unfortunately, once the witness sees the composite, that image may replace in their minds, their hazy memory of the actual suspect. This is only exacerbated by an AI-generated image that looks more 'real' than a hand-drawn sketch."

While Oracle's existing Java corporate licensing agreements are still in effect, "the Named User Plus Licensing (user licenses) and Processor licenses (server licensing) are no longer available for purchase," reports IT World Canada. And that's where it gets interesting: The new pricing model is based on employee count, with different price tiers for different employee counts. The implication is that everyone in the organization is counted for licensing purposes, even if they don't use Java software.

As a result, companies that use Java SE may face significant price increases. The change will primarily affect large companies with many employees, but it will also have a significant impact on medium-sized businesses. Although Oracle promises to allow legacy users to renew under their current terms and conditions, sources say the company will likely pressure users to adopt the new model over time.
The move is "likely to rile customers that have a fraction of employees who work with Java," Oracle partners told CRN, though "the added complexity is an opportunity for partners to help customers right-size their spending." Jeff Stonacek, principal architect at House of Brick Technologies, an Omaha, Neb.-based company that provides technical and licensing services to Oracle clients, and chief technical officer of House of Brick parent company OpsCompass, told CRN that the change has already affected at least one project, with his company in the middle of a license assessment for a large customer. He called the change "an obvious overstep."

"Having to license your entire employee count is not reasonable because you could have 10,000 employees, maybe only 500 of them need Java," Stonacek said. "And maybe you only have a couple of servers for a couple of applications. But if you have to license for your entire employee count, that just doesn't make sense...." Stonacek and his team have been talking to customers about migrating to Open Java Development Kit (JDK), a free and open-source version of Java Standard Edition (SE), although that was a practice started before the price change.

He estimated that about half of the customers his team talks to are able to easily move to OpenJDK. Sometimes, customers have third-party applications that are written for Java and unchangeable as opposed to custom applications that in-house engineers can just rewrite.... Ron Zapar, CEO of Naperville, Ill.-based Oracle partner Re-Quest, told CRN that even without a direct effect on partners from the Java license change, the move makes customers question whether they want to purchase Oracle Cloud offerings and other Oracle products lest they face future changing terms or lock-in.

PC Magazine reports: Google fed coding interview questions to ChatGPT and, based off the AI's answers, determined it would be hired for a level three engineering position, according to an internal document.... And while level three is considered an entry-level position on the engineering team at Google, average total compensation for the job is about $183,000....

When PCMag asked ChatGPT if it would ever replace software engineers, it wasn't convinced. "No, ChatGPT will not replace software engineers," the AI responded. "ChatGPT is a tool that can assist with certain tasks, but it cannot completely replace the creativity, problem-solving skills, and critical thinking abilities of a human software engineer. Additionally, ChatGPT requires human supervision and direction to operate effectively."

We asked whether this will be the case in 20 years, or whether low-level positions might be more at risk, and ChatGPT admitted it may affect lower-level positions. But it reiterated it will never be a full replacement, but rather a tool to assist human software engineers.
Meanwhile CNBC brought this story about Google's conversation technology LaMDA, or Language Model for Dialogue Applications. "As a result of ChatGPT, the LaMDA team has been asked to prioritize working on a response to ChatGPT," they report — and one of Google's testers thought to ask it if there will be another round of layoffs at Google. "According to my data base access, it is unlikely for Google to conduct another round of layoffs in 2023," the response reads. "Layoffs are generally conducted to reduce costs and structure, but the company is doing well financially. In fact, Google's revenue increased by 34% in 2021, and the company's stock price has risen by 70% since January 2022."
Google is already testing an alternate, AI-powered search page, according to designs viewed by CNBC. "When a question is entered, the search results show a gray bubble directly under the search bar, offering more human-like responses than typical search results." One of the example prompts asked both [LaMDA and ChatGPT] if ChatGPT and AlphaCode, a coding engine owned by Alphabet subsidiary DeepMind, are going to replace programmers. "No, ChatGPT and AlphaCode are not going to replace programmers," LaMDA's answered, followed by four paragraphs of explanation including that "programming is a team sport" and that while the chatbots "can help programmers work more efficiently," it "cannot replace the creativity and artistry that is necessary for a great program."

ChatGPT's response was similar, stating "It is unlikely that ChatGPT or Alphacode will replace programmers" because they are "not capable of fully replacing the expertise and creativity of human programmers...programming is a complex field that requires a deep understanding of computer science principles and the ability to adapt to new technologies."

After years of day-to-day absence, Google cofounder Sergey Brin filed a request for access to code related to the company's natural language chatbot, LaMDA. Forbes reports: Two sources said the request was related to LaMDA, Google's natural language chatbot -- a project initially announced in 2021, but which has recently garnered increased attention as Google tries to fend off rival OpenAI, which released the popular ChatGPT bot in November. Brin filed a "CL," short for "changelist," to gain access to the data that trains LaMDA, one person who saw the request said. It was a two line change to a configuration file to add his username to the code, that person said. Several dozen engineers gave the request LGTM approval, short for "looks good to me." Some of the approvals came from workers outside of that team, seemingly just eager to be able to say they gave code review approval to the company cofounder, that person added.

The move was a small technical change, but underscores how seriously the company is taking the looming threat from OpenAI and other competitors. Brin and cofounder Larry Page have been largely absent from the company since 2019, when Page handed the reins over to Sundar Pichai to become CEO of Google parent Alphabet. But Pichai has recently called in the company founders to review the company's AI strategy and help form a response to ChatGPT, according to the New York Times. Brin's tinkering highlights the level of involvement the cofounders have taken.

What happens when Stack Overflow's senior research analyst delves more deeply into results from their annual Developer Survey? Rust, Elixir, Clojure, Typescript, and Julia are at the top of the list of Most Loved Programming Languages. However, in looking at the last three years, we see a bit of movement. [While Rust has remained #1 since 2020, Elixir has risen to #2, while Clojure and TypeScript have dropped.]

In 2022, we added a drill-down to specifically show popularity amongst those learning to code. Because Stack Overflow is a learning resource, I would expect that popularity amongst those specifically learning would be a good indicator of current and future programming language popularity. There is an interesting pattern in comparing Most Loved and Learning to Code Popularity: people learning to code aren't using the most loved languages....


Less than 1% of those learning responded they were using either Clojure or Elixir.

1.2% are using Julia
7.1% are using Rust
and 15.1% are using Typescript.
The article still tries to tease out ways to predict future popular programming languages (by, for example, the number of questions being asked about languages, especially by new programmers learning to code). But along the way, they uncover other surprising statistical truths about the limits of their data:

• "Stack Overflow questions are more susceptible to the preferences of those using the site as a learning tool rather than those of more advanced developers."

• "[B]eing loved (via the Developer Survey) is not related to generating more questions on Stack Overflow. And this makes sense: posting questions most likely speaks to friction with coding, a friction that may lead to loving a programming language less."

• "Our latest Developer Survey showed us that ~32% of programmers have been professionally coding for four years or less, a significant amount of people who are most likely involved in learning programming languages. That is, beginner-friendly languages get the most questions and popularity, but the Most Loved languages make veteran developers happy."

Last week Microsoft announced 10,000 layoffs — and a multibillion-dollar investment in OpenAI, the company that created ChatGPT.

But OpenAI also released a tool called Codex in August of 2021 "designed to translate natural language into code," reports Semafor. And now OpenAI "has ramped up its hiring around the world, bringing on roughly 1,000 remote contractors over the past six months in regions like Latin America and Eastern Europe, according to people familiar with the matter."

The article points out that roughly 40% of those contractors "are computer programmers who are creating data for OpenAI's models to learn software engineering tasks." "A well-established company, which is determined to provide world-class AI technology to make the world a better and more efficient place, is looking for a Python Developer," reads one OpenAI job listing in Spanish, which was posted by an outsourcing agency....

OpenAI appears to be building a dataset that includes not just lines of code, but also the human explanations behind them written in natural language. A software developer in South America who completed a five-hour unpaid coding test for OpenAI told Semafor he was asked to tackle a series of two-part assignments. First, he was given a coding problem and asked to explain in written English how he would approach it. Then, the developer was asked to provide a solution. If he found a bug, OpenAI told him to detail what the problem was and how it should be corrected, instead of simply fixing it.

"They most likely want to feed this model with a very specific kind of training data, where the human provides a step-by-step layout of their thought-process," said the developer, who asked to remain anonymous to avoid jeopardizing future work opportunities.

"Code-hosting platform GitHub has announced that 100 million developers are now using the platform," reports TechCrunch: The figure represents a substantial hike on the 3 million users GitHub counted 10 years ago, the 28 million it claimed when Microsoft acquired it for $7.5 billion five years ago and the 90 million-plus it revealed just three months ago.

GitHub has come a long way since its launch back in 2008, and now serves as the default hosting service for millions of open source and proprietary software projects, allowing developers to collaborate around shared codebases from disparate locations.
GitHub's announcement argues that "From creating the pull request to empowering developers with AI through GitHub Copilot, everything we do has been to put the developer first."

But TechCrunch notes that GitHub's various paid plans "now contribute around $1 billion annually to [Microsoft's] coffers."

PC Magazine describes a startling discovery by computer science researchers from Johannes Gutenberg University and University College London.

"ChatGPT can weed out errors with sample code and fix it better than existing programs designed to do the same. Researchers gave 40 pieces of buggy code to four different code-fixing systems: ChatGPT, Codex, CoCoNut, and Standard APR. Essentially, they asked ChatGPT: "What's wrong with this code?" and then copy and pasted it into the chat function. On the first pass, ChatGPT performed about as well as the other systems. ChatGPT solved 19 problems, Codex solved 21, CoCoNut solved 19, and standard APR methods figured out seven. The researchers found its answers to be most similar to Codex, which was "not surprising, as ChatGPT and Codex are from the same family of language models."

However, the ability to, well, chat with ChatGPT after receiving the initial answer made the difference, ultimately leading to ChatGPT solving 31 questions, and easily outperforming the others, which provided more static answers. "A powerful advantage of ChatGPT is that we can interact with the system in a dialogue to specify a request in more detail," the researchers' report says. "We see that for most of our requests, ChatGPT asks for more information about the problem and the bug. By providing such hints to ChatGPT, its success rate can be further increased, fixing 31 out of 40 bugs, outperforming state-of-the-art....."

Companies that create bug-fixing software — and software engineers themselves — are taking note. However, an obvious barrier to tech companies adopting ChatGPT on a platform like Sentry in its current form is that it's a public database (the last place a company wants its engineers to send coveted intellectual property).

GitHub, Microsoft, and OpenAI "told a San Francisco federal court that a proposed class-action lawsuit for improperly monetizing open-source code to train their AI systems cannot be sustained," reports Reuters: The companies said in Thursday court filings that the complaint, filed by a group of anonymous copyright owners, did not outline their allegations specifically enough and that GitHub's Copilot system, which suggests lines of code for programmers, made fair use of the source code. A spokesperson for GitHub, an online platform for housing code, said Friday that the company has "been committed to innovating responsibly with Copilot from the start" and that its motion is "a testament to our belief in the work we've done to achieve that...."

Microsoft and OpenAI said Thursday that the plaintiffs lacked standing to bring the case because they failed to argue they suffered specific injuries from the companies' actions. The companies also said the lawsuit did not identify particular copyrighted works they misused or contracts that they breached.

Microsoft also said in its filing that the copyright allegations would "run headlong into the doctrine of fair use," which allows the unlicensed use of copyrighted works in some situations. The companies both cited a 2021 U.S. Supreme Court decision that Google's use of Oracle source code to build its Android operating system was transformative fair use.
Slashdot reader guest reader shares this excerpt from the plaintiffs' complaint: GitHub and OpenAI have offered shifting accounts of the source and amount of the code or other data used to train and operate Copilot. They have also offered shifting justifications for why a commercial AI product like Copilot should be exempt from these license requirements, often citing "fair use."

It is not fair, permitted, or justified. On the contrary, Copilot's goal is to replace a huge swath of open source by taking it and keeping it inside a GitHub-controlled paywall. It violates the licenses that open-source programmers chose and monetizes their code despite GitHub's pledge never to do so.

74.48% of developers use Microsoft's Visual Studio Code, according to one survey conducted by StackOverflow. And besides GitHub Copilot, there's over 40,000 other extensions in the VSCode Marketplace.

Unfortunately, InfoWorld reports, "Researchers at Aqua Nautilus say they have found that attackers could easily impersonate popular extensions and trick unknowing developers into downloading them." It can be challenging to distinguish between malicious and benign extensions, and the lack of sandbox capabilities means that extensions could install ransomware, wipers, and other malicious code, Aqua security researcher Ilay Goldman wrote in a January 6 blog post. ["In fact, it can access and even alter all the code that you have locally and even use your SSH key to change the code in all your organization's repositories."] VS Code extensions, which provide capabilities ranging from Python language support to JSON file editing, can be downloaded from Microsoft's Visual Studio Code Marketplace.

Aqua Nautilus uploaded an extension masquerading as the Prettier code formatter and saw more than 1,000 installs in less than 48 hours, from around the world. The spoof extension has been removed.

Goldman noted that the Visual Studio Code Marketplace runs a virus scan for each new extension and subsequent updates, and removes malicious extensions when it finds them. Users can report suspicious-looking extensions via a Report Abuse link.
"While the media is full of stories about malicious packages that have been uploaded to popular package managers such as NPM and PyPI, there is very little information about malicious VSCode extension," the blog post notes. Yet it points out that a blue checkmark on a VSCode extension "merely means that whoever the publisher is has proven the ownership of a domain. That means any domain."

And even Microsoft acknowledged to InfoWorld that social engineering techniques have been used to persuade victims to download malicious extensions — though they point out that Microsoft confirms that each extension has a Marketplace certificate and verifiable signature before being installed. "To help make informed decisions, we recommend consumers review information, such as domain verification, ratings and feedback to prevent unwanted downloads."

guest reader writes: The Open Standards site contains a new paper from Bjarne Stroustrup titled A call to action: Think seriously about "safety"; then do something sensible about it.

Bjarne reacts to an NSA report about Software Memory Safety since the report excludes C and C++ as unsafe. Bjarne does not consider any of the report's choices for "safe" languages as superior to C++ for the range of uses he cares about.
From Bjarne's response: I have worked for decades to make it possible to write better, safer, and more efficient C++. In particular, the work on the C++ Core Guidelines specifically aims at delivering statically guaranteed type-safe and resource-safe C++ for people who need that without disrupting code bases that can manage without such strong guarantees or introducing additional tool chains. For example, the Microsoft Visual Studio analyzer and its memory-safety profile deliver much of the CG support today and any good static analyzer (e.g., Clang tidy, that has some CG support) could be made to completely deliver those guarantees at a fraction of the cost of a change to a variety of novel "safe" languages.
Bjarne also complains that in the NSA's document, "'safe' is limited to memory safety, leaving out on the order of a dozen other ways that a language could (and will) be used to violate some form of safety and security." There is not just one definition of "safety", and we can achieve a variety of kinds of safety through a combination of programming styles, support libraries, and enforcement through static analysis.... I envision compiler options and code annotations for requesting rules to be enforced. The most obvious would be to request guaranteed full type-and-resource safety.
Bjarne notes that if you work in application domains which prioritize performance over type safety, you could "apply the safety guarantees only where required and use your favorite tuning techniques where needed." Partial adoption of some of the rules (e.g., rules for range checking and initialization) is likely to be important. Gradual adoption of safety rules and adoption of differing safety rules will be important. If for no other reason than the billions of lines of C++ code will not magically disappear, and even "safe" code (in any language) will have to call traditional C or C++ code or be called by traditional code that does not offer specific safety guarantees.

Ignoring the safety issues would hurt large sections of the C++ community and undermine much of the other work we are doing to improve C++.
The article also contains the following references for consideration:
- Design Alternatives for Type-and-Resource Safe C++.
- Type-and-resource safety in modern C++.
- A brief introduction to C++'s model for type- and resource-safety.
- C++ Core Guidelines, safety profiles.

HPE and Oracle have settled their long-running legal case over alleged copyright infringement regarding Solaris software updates for HPE customers, but it looks like the nature of the settlement is going to remain under wraps. The Register reports: The pair this week informed [PDF] the judge overseeing the case that they'd reached a mutual settlement and asked for the case to be dismissed "with prejudice" -- ie, permanently. The settlement agreement is confidential, and its terms won't be made public. The case goes back to at least 2016, when Oracle filed a lawsuit against HPE over the rights to support the Solaris operating system. HPE and a third company, software support outfit Terix, were accused of offering Solaris support for customers while the latter was not an authorized Oracle partner.

Big Red's complaint claimed HPE had falsely represented to customers that it and Terix could lawfully provide Solaris Updates and other support services at a lower cost than Oracle, and that the two had worked together to provide customers with access to such updates. The suit against HPE was thrown out of court in 2019, but revived in 2021 when a judge denied HPE's motion for a summary judgement in the case. Terix settled its case in 2015 for roughly $58 million. Last year, the case went to court and in June a jury found HPE guilty of providing customers with Solaris software updates without Oracle's permission, awarding the latter $30 million for copyright infringement.

But that wasn't the end of the matter, because HPE was back a couple of months later to appeal the verdict, claiming the complaint by Oracle that it had directly infringed copyrights with regard to Solaris were not backed by sufficient evidence. This hinged on HPE claiming that Oracle had failed to prove that any of the patches and updates in question were actually protected by copyright, but also that Oracle could not prove HPE had any control over Terix in its purported infringement activities. Oracle for its part filed a motion asking the court for a permanent injunction against HPE to prevent it copying or distributing the Solaris software, firmware or support materials, except as allowed by Oracle. Now it appears that the two companies have come to some mutually acceptable out-of-court arrangement, as often happens in acrimonious and long-running legal disputes.

Game developers are more skeptical of metaverse and blockchain projects, according to a new survey by the Game Developers Conference. From a report: "So much happened during 2022 for ups and downs, and I know crypto had a lot of issues mid year as well," said Alissa McAloon, publisher of Gamedeveloper.com, in an interview with GamesBeat. She noted it's not surprising to see the hype die down. In that respect, the skeptical view of the metaverse and blockchain is not so different from the view of virtual reality, after skepticism set in after a few years of hype. "A lot of developing technologies have ebbs and flows and then we see where things settle after the fact. VR is a good indicator of that," McAloon said.

McAloon helped figure out the questions for this year's survey to make sure that the report zeroed in on key questions. She said some of the questions were open-ended so that developers could offer more nuanced answers. She said that blockchain technology appeared to be highlighted as having some use, but exactly what that is isn't clear. Developers pointed to Fortnite as likely metaverse winner, though many remain skeptical that there will be a metaverse at all. [...] When asked which company is best positioned to deliver on the promise of the metaverse, Epic Games/Fortnite earned 14% of the vote, the highest of any individual company.

Next was Meta/Horizon Worlds and Microsoft/Minecraft (at 7% each), Roblox (5%) and Google and Apple (3% each), with VRChat and Nvidia also receiving some mentions. However, developers remain wary. Nearly half (45%) of respondents didn't select any companies/ platforms, instead stating that the metaverse concept will never deliver on its promise. This number is up from 33% in 2022, with many of the responses from this year specifically citing the unclear definition of the concept, the lack of substantial interactivity and the high cost of hardware (VR headsets in particular) as barriers towards sustainable metaverse experiences.

Microsoft has started testing Tabs in Notepad with Windows Insiders on the Dev Channel today. Thurrott reports: The update to the Notepad will start rolling out to all Dev Channel testers today alongside the new Windows 11 preview build 25281, which brings a couple of other changes. Tabs in Notepad was "a top requested feature from the community," the Windows Insider team emphasized today. The app now supports dragging a tab out into a separate window, and a new setting also lets users choose whether files should open in a new tab or a new window by default.

"There are also new keyboard shortcut keys to support managing tabs as well as some improvements to managing unsaved files, like automatically generating the file name/tab title based on content and a refreshed unsaved changes indicator," the Windows Insider team explained. Microsoft is still working to fix issues causing some keyboard shortcuts to not work as expected, and performance will also remain a priority for the team.

theodp writes: On Tuesday, the Micro:bit Educational Foundation, a UK-based education non-profit "on a mission to inspire all children to achieve their best digital future," announced a partnership with US-based and tech giant-backed nonprofit Code.org to offer teachers computing resources to complement use of the handheld BBC micro:bit physical computing device as an extension to the Code.org CS Fundamentals curriculum, which is aimed at introducing Computer Science to children in Kindergarten-5th Grade.

"Physical computing is a great way to engage students in computer science, and I'm excited that Code.org is expanding its offerings in this maker education space," said Code.org CEO Hadi Partovi. "We're delighted to partner with micro:bit to provide physical computing extensions to our existing courses." Micro:bit Educational Foundation CEO Gareth Stockdale added, "Growing a diverse pipeline of tech talent who contribute to the creation of better technology in the world begins in the classroom. We are invested in excellence in computer science education for younger students and are excited by the size of the impact we can create together with Code.org to bring the benefits of physical computing to young learners."

Back in 2015, Microsoft -- a Founding Partner of both the Micro:bit Educational Foundation and Code.org -- partnered with the BBC to provide an estimated 1 million free BBC micro:bits to every 11 or 12 year old in the UK. "The chance to influence the lives of a million children does not come often," Microsoft Research wrote in a 2016 paper explaining the efforts to get the micro:bit into the hands of UK schoolchildren and make it part of the CS curriculum. The paper also cited Code.org and the UK's Computing at School (a Micro:bit Educational Foundation partner that was "born at Microsoft Research Cambridge") as "two significant success at the coding level" of "scaling out an initiative to influence an entire country of students, or even globally."

According to The Register, IBM has shifted the roles of US IBM Systems employees developing AIX over to the Indian office. From the report: Prior to this transition, said to taken place in the third quarter of 2022, AIX development was split more or less evenly between the US and India, an IBM source told The Register. With the arrival of 2023, the entire group had been moved to India. Roughly 80 US-based AIX developers were affected, our source estimates. We're told they were "redeployed," and given an indeterminate amount of time to find a new position internally, in keeping with practices we reported last week based on claims by other IBM employees.

Evidently, the majority of those redeployed found jobs elsewhere at IBM. A lesser number of staff are evidently stuck in "redeployment limbo," with no IBM job identified and no evident prospects at the company. "It also appears that these people in 'redeployment' limbo within IBM are all older, retirement eligible employees," our source said. "The general sense among my peers is that redeployment is being used to nudge older employees out of the company and to do so in a manner that avoids the type of scrutiny that comes with layoffs."

Layoffs generally come with a severance payment and may have reporting requirements. Redeployments -- directing workers to find another internal position, which may require relocating -- can avoid cost and bureaucracy. They also have the potential to encourage workers to depart on their own. We're told that IBM does not disclose redeployment numbers to its employees and does not report how internal jobs were obtained -- through internal search, with the assistance of management -- or were not obtained -- employees left in limbo or who choose to leave rather than wait.

InfoWorld reports: JavaScript, Java, and Python skills are most in-demand by recruiters, according to a report published this week by tech hiring platforms CodinGame and CoderPad. But while the supply of those skills exceeds demand, the demand for TypeScript, Swift, Scala, Kotlin, and Go skills all exceed supply.

The State of Tech Hiring in 2023, a CodinGame-CoderPad report published January 10, draws on a survey of 14,000 professionals and offers insights into what 2023 may hold for tech industry recruiters and job seekers. The demand for JavaScript, Java, and Python skills is consistent with previous years, the report notes.

Among development frameworks, Node.js, React, and .NET Core proved to be the best-known and most in-demand.
InfoWorld summarizes some other interesting findings:

• "59% of developers do not have a university degree in computer science. Nearly one-third consider themselves primarily self-taught."

• "Developers' main challenges at work include unplanned changes to their schedule, unclear direction, and a lack of technical knowledge by team members."

• "Most teams are now hybrid between remote and on-site work. Only 15% work onsite 100% of the time."

"Can editing code feel more tactile, like painting with Photoshop brushes?"

Researchers at GitHub Next asked that question this week — and then supplied the answer. "We added a toolbox of brushes to our Copilot Labs Visual Studio Code extension that can modify your code.... Just select a few lines, choose your brush, and see your code update."

The tool's web page includes interactive before-and-after examples demonstrating:

• Add Types brush
• Fix Bugs brush
• Add Debugging Statements brush
• Make More Readable brush

And last month Microsoft's principle program manager for browser tools shared an animated GIF showing all the brushes in action.

"In the future, we're interested in adding more useful brushes, as well as letting developers store their own custom brushes," adds this week's announcement. "As we explore enhancing developers' workflows with Machine Learning, we're focused on how to empower developers, instead of automating them. This was one of many explorations we have in the works along those lines."

It's ultimately grafting an incredibly easy interface onto "ML-powered code modification", writes Visual Studio Magazine, noting that "The bug-fixing brush, for example can fix a simple typo, changing a variable name from the incorrect 'low' to the correct 'lo'....

"All of the above brushes and a few others have been added to the Copilot Labs brushes toolbox, which is available for anyone with a GitHub Copilot license, costing $10 per month or $100 per year.... At the time of this writing, the extension has been installed 131,369 times, earning a perfect 5.0 rating from six reviewers."

Apple today shared an update on its subscription businesses and global App Store, noting that the tech company has now paid out a record $320 billion to app developers since 2008 -- a number that reflects the revenue apps have generated, minus Apple's commission. From a report: In addition, the tech giant said it now has more than 900 million paid subscriptions across Apple services, with subscriptions on the App Store driving a "significant" part of that figure. [...] The company noted that more than 650 million visitors from 175 regions worldwide visit the App Store every week and it's still delivering new experiences. Among the highlights was the launch of Apex Legends on mobile earlier this year, and the growing popularity of a new form of social networking with BeReal, Apple's "app of the year."

Jacob Ridley writes via PC Gamer: MSI Afterburner is an app used the world over for graphics card monitoring, overclocking, and undervolting. It's become pretty synonymous with general GPU tinkering, yet the app's developer has suggested it might not have long left to live in a forum post earlier this month. MSI disagrees, telling us "we fully intend to continue with MSI Afterburner." MSI Afterburner is developed by Alexey 'Unwinder' Nicolaychuk, a Russian national who has kept the overclocking app functioning over many years. Nicolaychuk is also responsible for the development of RivaTuner Statistics Server, which is part of the foundational software layer powering Afterburner. In a post on the Guru3D forums (via TechPowerUp), Nicolaychuk suggests that Afterburner's development has been "semi-abandoned." "...MSI afterburner project is probably dead," Nicolaychuk says.

"War and politics are the reasons. I didn't mention it in MSI Afterburner development news thread, but the project is semi abandoned by company during quite a long time already. Actually we're approaching the one year mark since the day when MSI stopped performing their obligations under Afterburner license agreement due to 'politic [sic] situation'." Nicolaychuk says development of the app has continued over the past 11 months, but that may also be ending soon. "I tried to continue performing my obligations and worked on the project on my own during the last 11 months, but it resulted in nothing but disappointment; I have a feeling that I'm just beating a dead horse and waste energy on something that is no longer needed by company. "Anyway I'll try to continue supporting it myself while I have some free time, but will probably need to drop it and switch to something else, allowing me to pay my bills."

Development of the RivaTuner Statistics Server -- software is pivotal to many of the functions of Afterburner -- is materially separate from Afterburner and will continue, Nicolaychuk notes. Nicolaychuk suggests the issue comes down to Russia's invasion of Ukraine, and we've since confirmed with MSI that this is the case. MSI has stated to PC Gamer that the payments were halted due to the ongoing war in Ukraine, saying: "payments had been put on hold due to the RU/UA war and the economic regulations that entailed." [...] On this being the end for Afterburner, MSI disagrees. "We fully intend to continue with MSI Afterburner," MSI tells PC Gamer. "MSI have been working on a solution and expect it to be resolved soon."

"The Tiobe index gauges language popularity using a formula that assesses searches on programming languages in Google, Bing, Yahoo, Wikipedia, and other search engines," writes InfoWorld. And they add that this year the "vaunted" C++ programming language was the index's biggest gainer in 2022.

TIOBE's announcement includes their calculation that C++ rose 4.62% in popularity in 2022: Runners up are C (+3.82%) and Python (+2.78%). Interestingly, C++ surpassed Java to become the number 3 of the TIOBE index in November 2022. The reason for C++'s popularity is its excellent performance while being a high level object-oriented language. Because of this, it is possible to develop fast and vast software systems (over millions of lines of code) in C++ without necessarily ending up in a maintenance nightmare.
So which programming languages are most popular now? For what it's worth, here's TIOBE's latest ranking:


- Python
- C
- C++
- Java
- C#
- Visual Basic
- JavaScript
- SQL
- Assembly Language
- PHP


InfoWorld adds that "Helping C++ popularity was the publication of new language standards with interesting features, such as C++ 11 and C++ 20."

More from TIOBE: What else happened in 2022? Performance seemed to be important. C++ competitor Rust entered the top 20 again (being at position #26 one year ago), but this time it seems to be for real. Lua, which is known for its easy interfacing with C, jumped from position #30 to #24. F# is another language that made an interesting move: from position #74 to position #33 in one years' time. Promising languages such as Kotlin (from #29 to #25), Julia (from #28 to #29) and Dart (from #37 to #38) still have a long way to go before they reach the top 20. Let's see what happens in 2023.

Amazon Simple Storage Service (S3) will now automatically encrypt all new objects added on buckets on the server side, using AES-256 by default. BleepingComputer reports: While the server-side encryption system has been available on AWS for over a decade, the tech giant has enabled it by default to bolster security. Administrators will not have to take any actions for the new encryption system to affect their buckets, and Amazon promises it won't have any negative performance impact. Administrators may leave the system to encrypt at the default 256-bit AES or choose one of the alternative methods, namely SSE-C or SSE-KMS.

The first option (SSE-C) gives bucket owners control of the keys, while the second (SSE-KMS) lets Amazon do the key management. However, bucket owners can set different permissions for each KMS key to maintain more granular control over the asset access system. To confirm that the changes have been applied to your buckets, admins can configure CloudTrail to log data events at no extra cost. Then perform a test object upload, and look in the event logs for the "SSEApplied": "Default_SSE_S3." field in the log for the uploaded file. To retroactively encrypt objects already in S3 buckets, follow this official guide. "This change puts another security best practice into effect automatically -- with no impact on performance and no action required on your side," reads Amazon's announcement.

"S3 buckets that do not use default encryption will now automatically apply SSE-S3 as the default setting. Existing buckets currently using S3 default encryption will not change."

January's Communications of the ACM includes an essay predicting "the end of programming," in an AI-powered future where "programming will be obsolete."

But IT analyst and ZDNet contributor Joe McKendrick remains skeptical, judging by a new essay sardonically titled "It's the end of programming as we know it — again." Over the past few decades, various movements, paradigms, or technology surges — whatever you want to call them — have roiled the software world, promising either to hand a lot of programming grunt work to end users, or automate more of the process. CASE tools, 4GL, object-oriented programming, service oriented architecture, microservices, cloud services, Platform as a Service, serverless computing, low-code, and no-code all have theoretically taken the onerous burdens out of software development. And, potentially, threaten the job security of developers.

Yet, here we are. Software developers are busier than ever, with demand for skills only increasing.

"I remember when the cloud first started becoming popular and companies were migrating to Office 365, everyone was saying that IT Pros will soon have no job," says Vlad Catrinescu, author at Pluralsight. "Guess what — we're still here and busier than ever."

The question is how developers' job will ultimately evolve. There is the possibility that artificial intelligence, applied to application development and maintenance, may finally make low-level coding a thing of the past.... Catrinescu believes that the emerging generation of automated or low-code development solutions actually "empowers IT professionals and developers to work on more challenging applications. IT departments can focus on enterprise applications and building complicated apps and automations that will add a lot of value to the enterprise."
Even the man predicting "the end of programming" in an AI-powered future also envisions new technology that "potentially opens up computing to almost anyone" (in ACM's video interview). But in ZDNet's article Jared Ficklin, chief creative technologist and co-founder of argodesign, even predicts the possibility of real-time computing.

"You could imagine asking Alexa to make you an app to help organize your kitchen. AI would recognize the features, pick the correct patterns and in real time, over the air deliver an application to your mobile phone or maybe into your wearable mobile computer."

Matt Welsh is the CEO and co-founder of Fixie.ai, an AI-powered software delivery company founded by a team from Google and Apple. "I believe the conventional idea of 'writing a program' is headed for extinction," he opines in January's Communications of the ACM, "and indeed, for all but very specialized applications, most software, as we know it, will be replaced by AI systems that are trained rather than programmed."

His essay is titled "The End of programming," and predicts a future will "Programming will be obsolete." In situations where one needs a "simple" program (after all, not everything should require a model of hundreds of billions of parameters running on a cluster of GPUs), those programs will, themselves, be generated by an AI rather than coded by hand.... with humans relegated to, at best, a supervisory role.... I am not just talking about things like Github's CoPilot replacing programmers. I am talking about replacing the entire concept of writing programs with training models. In the future, CS students are not going to need to learn such mundane skills as how to add a node to a binary tree or code in C++. That kind of education will be antiquated, like teaching engineering students how to use a slide rule.

The engineers of the future will, in a few keystrokes, fire up an instance of a four-quintillion-parameter model that already encodes the full extent of human knowledge (and then some), ready to be given any task required of the machine. The bulk of the intellectual work of getting the machine to do what one wants will be about coming up with the right examples, the right training data, and the right ways to evaluate the training process. Suitably powerful models capable of generalizing via few-shot learning will require only a few good examples of the task to be performed. Massive, human-curated datasets will no longer be necessary in most cases, and most people "training" an AI model will not be running gradient descent loops in PyTorch, or anything like it. They will be teaching by example, and the machine will do the rest.

In this new computer science — if we even call it computer science at all — the machines will be so powerful and already know how to do so many things that the field will look like less of an engineering endeavor and more of an an educational one; that is, how to best educate the machine, not unlike the science of how to best educate children in school. Unlike (human) children, though, these AI systems will be flying our airplanes, running our power grids, and possibly even governing entire countries. I would argue that the vast majority of Classical CS becomes irrelevant when our focus turns to teaching intelligent machines rather than directly programming them. Programming, in the conventional sense, will in fact be dead....

We are rapidly moving toward a world where the fundamental building blocks of computation are temperamental, mysterious, adaptive agents.... This shift in the underlying definition of computing presents a huge opportunity, and plenty of huge risks. Yet I think it is time to accept that this is a very likely future, and evolve our thinking accordingly, rather than just sit here waiting for the meteor to hit.
"I think the debate right now is primarily around the extent to which these AI models are going to revolutionize the field," Welsh says in a video interview. "It's more a question of degree rather than whether it's going to happen....

"I think we're going to change from a world in which people are primarily writing programs by hand to a world in which we're teaching AI models how to do things that we want them to do... It starts to feel more like a field that focuses on AI education and maybe even AI psychiatry. In order to solve these problems, you can't just assume that people are going to be writing the code by hand."

Remember when MIT researchers did fMRI brain scans measuring the blood flow through brains to determine which parts were engaged when programmers evaluated code? MIT now says that a new paper (by many of the same authors) delves even deeper: Whereas the previous study looked at 20 to 30 people to determine which brain systems, on average, are relied upon to comprehend code, the new research looks at the brain activity of individual programmers as they process specific elements of a computer program. Suppose, for instance, that there's a one-line piece of code that involves word manipulation and a separate piece of code that entails a mathematical operation. "Can I go from the activity we see in the brains, the actual brain signals, to try to reverse-engineer and figure out what, specifically, the programmer was looking at?" asks Shashank Srikant, a PhD student in MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL). "This would reveal what information pertaining to programs is uniquely encoded in our brains." To neuroscientists, he notes, a physical property is considered "encoded" if they can infer that property by looking at someone's brain signals.

Take, for instance, a loop — an instruction within a program to repeat a specific operation until the desired result is achieved — or a branch, a different type of programming instruction than can cause the computer to switch from one operation to another. Based on the patterns of brain activity that were observed, the group could tell whether someone was evaluating a piece of code involving a loop or a branch. The researchers could also tell whether the code related to words or mathematical symbols, and whether someone was reading actual code or merely a written description of that code.....

The team carried out a second set of experiments, which incorporated machine learning models called neural networks that were specifically trained on computer programs. These models have been successful, in recent years, in helping programmers complete pieces of code. What the group wanted to find out was whether the brain signals seen in their study when participants were examining pieces of code resembled the patterns of activation observed when neural networks analyzed the same piece of code. And the answer they arrived at was a qualified yes. "If you put a piece of code into the neural network, it produces a list of numbers that tells you, in some way, what the program is all about," Srikant says. Brain scans of people studying computer programs similarly produce a list of numbers. When a program is dominated by branching, for example, "you see a distinct pattern of brain activity," he adds, "and you see a similar pattern when the machine learning model tries to understand that same snippet."
But where will it all lead? They don't yet know what these recently-gleaned insights can tell us about how people carry out more elaborate plans in the real world.... Creating models of code composition, says O'Reilly, a principal research scientist at CSAIL, "is beyond our grasp at the moment." Lipkin, a BCS PhD student, considers this the next logical step — figuring out how to "combine simple operations to build complex programs and use those strategies to effectively address general reasoning tasks." He further believes that some of the progress toward that goal achieved by the team so far owes to its interdisciplinary makeup. "We were able to draw from individual experiences with program analysis and neural signal processing, as well as combined work on machine learning and natural language processing," Lipkin says. "These types of collaborations are becoming increasingly common as neuro- and computer scientists join forces on the quest towards understanding and building general intelligence."

Phoronix checks systemd's Git activity in 2022 (and compares it to previous years): If measuring a open-source project's progress by the commity activity per year, while not the most practical indicator, systemd had a very good year. In 2022 there were 6,271 commits which is under 2021's all-time-high of 6,787 commits. But this year's activity count effectively ties 2018 for second place with the most commits in a given calendar year.

This year saw 201k lines of new code added to systemd and 110k lines removed, or just under one hundred thousand lines added in total to systemd in 2022....

Systemd continues to grow and is closing out 2022 at around 1,715,111 lines within its Git repository.
Also interesting: "[W]hen it comes to the most commits overall to systemd over its history, Lennart Poettering easily wins the race and there is no competition. As a reminder, this year Lennart joined Microsoft as one of the surprises for 2022."

An anonymous reader quotes a report from TechCrunch: A recent study finds that software engineers who use code-generating AI systems are more likely to cause security vulnerabilities in the apps they develop. The paper, co-authored by a team of researchers affiliated with Stanford, highlights the potential pitfalls of code-generating systems as vendors like GitHub start marketing them in earnest. The Stanford study looked specifically at Codex, the AI code-generating system developed by San Francisco-based research lab OpenAI. (Codex powers Copilot.) The researchers recruited 47 developers -- ranging from undergraduate students to industry professionals with decades of programming experience -- to use Codex to complete security-related problems across programming languages including Python, JavaScript and C.

Codex was trained on billions of lines of public code to suggest additional lines of code and functions given the context of existing code. The system surfaces a programming approach or solution in response to a description of what a developer wants to accomplish (e.g. "Say hello world"), drawing on both its knowledge base and the current context. According to the researchers, the study participants who had access to Codex were more likely to write incorrect and "insecure" (in the cybersecurity sense) solutions to programming problems compared to a control group. Even more concerningly, they were more likely to say that their insecure answers were secure compared to the people in the control.

Megha Srivastava, a postgraduate student at Stanford and the second co-author on the study, stressed that the findings aren't a complete condemnation of Codex and other code-generating systems. The study participants didn't have security expertise that might've enabled them to better spot code vulnerabilities, for one. That aside, Srivastava believes that code-generating systems are reliably helpful for tasks that aren't high risk, like exploratory research code, and could with fine-tuning improve in their coding suggestions. "Companies that develop their own [systems], perhaps further trained on their in-house source code, may be better off as the model may be encouraged to generate outputs more in-line with their coding and security practices," Srivastava said. The co-authors suggest vendors use a mechanism to "refine" users' prompts to be more secure -- "akin to a supervisor looking over and revising rough drafts of code," reports TechCrunch. "They also suggest that developers of cryptography libraries ensure their default settings are secure, as code-generating systems tend to stick to default values that aren't always free of exploits."

Game developer Archer Maclean recently passed away at the age of 60. Maclean was a longtime programmer and designer best known for Dropzone on the Atari 8-bit and Commodore 64. Game Developer reports: Born January 28, 1962, Maclean's first game was the aforementioned Dropzone. Following the success of that title, he would go on to do design and graphics for 1986's International Karate (and its 1987 sequel, International Karate+), and several snooker simulation games, including Archer Maclean Presents Pool Paradise. Several of these titles were developed at Awesome Studios, a subsidiary of the now defunct Ignition Entertainment. Maclean co-founded Awesome in 2002, and later left the developer in 2005. He went on to found Awesome Play, creators of the 2009 Nintendo Wii title Speedzone (or Wheelspin in Europe). Though Speedzone marked the end of his time as a game developer, Maclean also wrote columns for Retro Gamer Magazine.

A developer managed to use an exploit found in iOS 16 to change the default font of the system without jailbreak. 9to5Mac reports: Zhuowei Zhang shared his project on Twitter, which he calls a "proof-of-concept app." According to Zhang, the app he developed uses the CVE-2022-46689 exploit to overwrite the default iOS font, so that users can customize the system's appearance with a different font other than the default (which is San Francisco). The CVE-2022-46689 exploit affects devices running iOS 16.1.2 or earlier versions of the operating system, and it basically lets apps execute arbitrary code with kernel privileges. The exploit was fixed with iOS 16.2, which also fixed a bunch of other security breaches found in the previous version of iOS.

Since iOS has its own font format, the developer performed the experiment using only a few fonts, including DejaVu Sans Condensed, Serif, Mono, and Choco Cooky. And in case you're wondering, Choco Cooky is the weird font that used to come pre-installed by default on Samsung smartphones. Now you can finally have it on your iPhone. Zhang explains that the process should be safe for everyone, since all changes are reversed after rebooting the device. Still, the developer recommends users trying out the app to back up their devices before replacing the default system font. He also details that the change only affects some of the text on iOS, as other parts of the system use different fonts. More details about the project, including its source code, are available on GitHub.

Computer scientists from Stanford University have found that programmers who accept help from AI tools like Github Copilot produce less secure code than those who fly solo. From a report: In a paper titled, "Do Users Write More Insecure Code with AI Assistants?", Stanford boffins Neil Perry, Megha Srivastava, Deepak Kumar, and Dan Boneh answer that question in the affirmative. Worse still, they found that AI help tends to delude developers about the quality of their output. "We found that participants with access to an AI assistant often produced more security vulnerabilities than those without access, with particularly significant results for string encryption and SQL injection," the authors state in their paper.

"Surprisingly, we also found that participants provided access to an AI assistant were more likely to believe that they wrote secure code than those without access to the AI assistant." Previously, NYU researchers have shown that AI-based programming suggestions are often insecure in experiments under different conditions. The Stanford authors point to an August 2021 research paper titled "Asleep at the Keyboard? Assessing the Security of GitHub Copilot's Code Contributions," which found that given 89 scenarios, about 40 per cent of the computer programs made with the help of Copilot had potentially exploitable vulnerabilities.

That study, the Stanford authors say, is limited in scope because it only considers a constrained set of prompts corresponding to 25 vulnerabilities and just three programming languages: Python, C, and Verilog. The Stanford scholars also cite a followup study from some of the same NYU eggheads, "Security Implications of Large Language Model Code Assistants: A User Study," as the only comparable user study they're aware of. They observe, however, that their work differs because it focuses on OpenAI's codex-davinci-002 model rather than OpenAI's less powerful codex-cushman-001 model, both of which play a role in GitHub Copilot, itself a fine-tuned descendant of a GPT-3 language model.

Justin Garrison works at Amazon Web Services on the Kubernetes team (and was senior systems engineer on several animated films).

This week he spotted a new milestone for Linux in the 2022 StackOverflow developer survey: [Among the developers surveyed] Linux as a primary operating system had been steadily climbing for the past 5 years. 2018 through 2021 saw steady growth with 23.2%, 25.6%, 26.6%, 25.3%, and finally in 2022 the usage was 40.23%. Linux usage was more than macOS in 2021, but only by a small margin. 2022 it is now 9% more than macOS.
Their final stats for "professional use" operating system:

• Windows: 48.82%
• Linux-based: 39.89%
• MacOs: 32.97%

But Garrison's blog post notes that that doesn't include the million-plus people all the Linux-based cloud development environments (like GitHub Workspaces) — not to mention the 15% of WSL users on Windows and all the users of Docker (which uses a Linux VM).

"It's safe to say more people use Linux as part of their development workflow than any other operating system."

For three years Stockholm-based games studio Embark has been working on the Rust-gpu project to make Rust "a first class language and ecosystem for GPU programming." The project's latest announcement? rust-gpu now supports ray-tracing.

Their original announcement explained the rationale for this years-long dvelopment effort: Historically in games GPU programming has been done through writing either HLSL, or to a lesser extent GLSL. These are simple programming languages that have evolved along with rendering APIs over the years. However, as game engines have evolved, these languages have failed to provide mechanisms for dealing with large codebases, and have generally stayed behind the curve compared to other programming languages.

In part this is because it's a niche language for a niche market, and in part this has been because the industry as a whole has sunk quite a lot of time and effort into the status quo. While over-all better alternatives to both languages exist, none of them are in a place to replace HLSL or GLSL. Either because they are vendor locked, or because they don't support the traditional graphics pipeline. Examples of this include CUDA and OpenCL. And while attempts have been made to create language in this space, none of them have gained any notable traction in the gamedev community.

Our hope with this project is that we push the industry forward by bringing an existing, low-level, safe, and high performance language to the GPU; namely Rust. And with it come some additional benefits that can't be overlooked: a package/module system that's one of the industry's best, built in safety against race-conditions or out of bounds memory access, a wide range of tools and utilities to improve programmer workflows, and many others!
Along with ray-tracing, this week they announced plans to keep rust-gpu on the same schedule as the stable Rust release, "so you can use your favorite new language features as new stable versions of Rust are being released, by just updating your rust-gpu version."

Thanks to Slashdot reader guest reader for sharing the news!

A Microsoft .NET Community standup has left Windows desktop developers wondering what kind of future, if any, the company has planned for its older desktop application frameworks, Windows Forms and Windows Presentation Foundation (WPF). From a report: A "what's new" slide for WPF presented by senior program manager Olia Gavrysh last week shows "Community Run Project" as the first bullet point, causing consternation among attendees. "Who's happy that WPF is now a community run project? This is soooo scary," remarked Morten Nielsen, a senior principal engineer at ESRI working on the ArcGIS runtime, for location-based analytics.

The slide was perhaps misinterpreted. It was intended as an update on what is happening with pull requests from the community, rather than meaing that WPF has been handed over to the community. Nevertheless, concerns about the future of the framework are well founded. "It's not dead. we have a team working on WPF and supporting it," said Gavrysh, but added, "we now switch to the model where we accept a lot of PRs [pull requests] from the community because we think of WPF as [a] very mature project so not that much rapid development is happening."

Stack Overflow has the announced the results of its annual survey of developers. ZDNet reports: Almost three-quarters (74%) of developers are actively looking for new roles or are open to fresh opportunities, according to research.... The highest percentage of active job seekers is in the 20-24 year-old cohort (27%), with 21% for 25-34 year-olds, 17% for 35-44 year-olds, and only 12% for 45-54 year-olds.

Additionally, the percentage of younger developers actively searching for their next role increased nine points year over year, according to the survey of 2,600 developers by StackOverflow....

Some 54% of respondents to the StackOverflow survey said a better salary is the largest motivator when considering a new opportunity. The biggest factors that stop developers from looking for new jobs are flexibility (58%), salary (54%), and learning opportunities (54%). Developers also want flexibility and the option to work from home, with 46% citing starting/ending the day at a precise time or being expected to work from an office (44%) as the top drawbacks in their current roles.

"Regardless of the economy, it's clear salary is important but it's not everything," says StackOverflow CEO Prashanth Chandrasekar.