Long-time Slashdot reader Bismillah writes: Python New Zealand has gone through some rough times lately, with its then-treasurer stealing money from the society.. Things were looking really serious for a while, with Python NZ looking at being liquidated due to the theft of funds.

However, there is a silver lining to the story, as the free and open source movement rallied behind Python NZ and got them out of a serious pickle.
"Our friends at Linux Australia and at the Python Software Foundation went well above and beyond to support us, and save us," says Tom Eastman president of Python New Zealand, in an article from interest.co.nz.

He also says he hopes the treasure is ordered by the court to pay restitution. (In the article the treasurer confirms that he's pleaded guilty to the theft, which took place between February 2019 and October 2023 — leaving Python NZ owing conference supplies around $55,000.) "We had $26 in the bank accounts," Eastman tells the site.

The group now has new transparency and accountability measures...

The Register's Thomas Claburn reports: Buck Shlegeris, CEO at Redwood Research, a nonprofit that explores the risks posed by AI, recently learned an amusing but hard lesson in automation when he asked his LLM-powered agent to open a secure connection from his laptop to his desktop machine. "I expected the model would scan the network and find the desktop computer, then stop," Shlegeris explained to The Register via email. "I was surprised that after it found the computer, it decided to continue taking actions, first examining the system and then deciding to do a software update, which it then botched." Shlegeris documented the incident in a social media post.

He created his AI agent himself. It's a Python wrapper consisting of a few hundred lines of code that allows Anthropic's powerful large language model Claude to generate some commands to run in bash based on an input prompt, run those commands on Shlegeris' laptop, and then access, analyze, and act on the output with more commands. Shlegeris directed his AI agent to try to SSH from his laptop to his desktop Ubuntu Linux machine, without knowing the IP address [...]. As a log of the incident indicates, the agent tried to open an SSH connection, and failed. So Shlegeris tried to correct the bot. [...]

The AI agent responded it needed to know the IP address of the device, so it then turned to the network mapping tool nmap on the laptop to find the desktop box. Unable to identify devices running SSH servers on the network, the bot tried other commands such as "arp" and "ping" before finally establishing an SSH connection. No password was needed due to the use of SSH keys; the user buck was also a sudoer, granting the bot full access to the system. Shlegeris's AI agent, once it was able to establish a secure shell connection to the Linux desktop, then decided to play sysadmin and install a series of updates using the package manager Apt. Then things went off the rails.

"It looked around at the system info, decided to upgrade a bunch of stuff including the Linux kernel, got impatient with Apt and so investigated why it was taking so long, then eventually the update succeeded but the machine doesn't have the new kernel so edited my Grub [bootloader] config," Buck explained in his post. "At this point I was amused enough to just let it continue. Unfortunately, the computer no longer boots." Indeed, the bot got as far as messing up the boot configuration, so that following a reboot by the agent for updates and changes to take effect, the desktop machine wouldn't successfully start.

OpenAI has introduced "canvas," a new interface for ChatGPT that provides a separate workspace for writing and coding projects. "Canvas is rolling out in beta to ChatGPT Plus and Teams users on Thursday, and Enterprise and Edu users next week," reports TechCrunch. "Once canvas is out of beta, OpenAI says it plans to offer the feature to free users as well." From the report: In our demo, [OpenAI product manager Daniel Levine] had to select "GPT-4o with canvas" from ChatGPT's model picker drop down window. However, OpenAI says canvas windows will just pop out when ChatGPT detects a separate workspace could be helpful, say for longer outputs or complex coding tasks. You can also just write "use canvas" to automatically open a project window. Levine showed TechCrunch how ChatGPT's new features could help write an email. Users can prompt ChatGPT to generate an email, which will then pop out in the canvas window. Then users can toggle a slider to adjust the length of the writing to be shorter or longer. You can also highlight specific sentences, and ask ChatGPT to make changes such as "make this sound friendlier," or add emojis. Users can also ask ChatGPT to rewrite the whole email as-is in another language.

The features for the coding canvas are slightly different. Levine prompted ChatGPT to create an API web server in Python, which spawned in the canvas window. By pressing an "add comments" button, ChatGPT will add in-line documentation to explain the code in plain English. Further, if you highlight a section of code that ChatGPT created, you can ask the chatbot to explain it to you, or ask questions about it. ChatGPT is also getting a new "review code" button, which will suggest specific edits for the code in the window, whether generated or user-written, for them to approve, edit themselves, or decline. If they press approve, ChatGPT will take a stab at fixing the bugs itself.

Longtime Slashdot reader theodp writes: Python in Excel is now generally available for Windows users of Microsoft 365 Business and Enterprise," Microsoft announced in a Monday blog post. "Last August, in partnership with Anaconda, we introduced an exciting new addition to Excel by integrating Python, making it possible to seamlessly combine Python and Excel analytics within the same workbook, no setup required. Since then, we've brought the power of popular Python analytics libraries such as pandas, Matplotlib, and NLTK to countless Excel users." Microsoft also announced the public preview of Copilot in Excel with Python, which will take users' natural language requests for analysis and automatically generate, explain, and insert Python code into Excel spreadsheets.

While drawing criticism for limiting Python execution to locked-down Azure cloud containers, Python in Excel has also earned accolades from the likes of Python creator Guido van Rossum, now a Microsoft Distinguished Engineer, as well as Pandas creator Wes McKinney.

Left unmentioned in Monday's announcement is that Microsoft managed to convince the USPTO to issue it a patent in July 2024 on the Enhanced Integration of Spreadsheets With External Environments (alt. source), which Microsoft explains covers the "implementation of enhanced integrations of native spreadsheet environments with external resources such as-but not limited to-Python." All of which may come as a surprise to software vendors and individuals that were integrating Excel and external programming environments years before Microsoft filed its patent application in September 2022.

"New malicious software packages tied to the North Korean Lazarus Group were observed posing as a Python coding skills test for developers seeking a new job at Capital One, but were tracked to GitHub projects with embedded malware," reports SC magazine: Researchers at ReversingLabs explained in a September 10 blog post that the scheme was a follow-on to the VMConnect campaign that they first identified in August 2023 in which developers were lured into downloading malicious code via fake job interviews.
More details from The Hacker News These packages, for their part, have been published directly on public repositories like npm and PyPI, or hosted on GitHub repositories under their control. ReversingLabs said it identified malicious code embedded within modified versions of legitimate PyPI libraries such as pyperclip and pyrebase... It's implemented in the form of a Base64-encoded string that obscures a downloader function, which establishes contact with a command-and-control server in order to execute commands received as a response.

In one instance of the coding assignment identified by the software supply chain firm, the threat actors sought to create a false sense of urgency by requiring job seekers to build a Python project shared in the form of a ZIP file within five minutes and find and fix a coding flaw in the next 15 minutes. This makes it "more likely that he or she would execute the package without performing any type of security or even source code review first," Zanki said, adding "that ensures the malicious actors behind this campaign that the embedded malware would be executed on the developer's system."
Tom's Hardware reports that "The capacity for exploitation at that point is pretty much unlimited, due to the flexibility of Python and how it interacts with the underlying OS. This is a good time to refer to PEP 668 which enforces virtual environments for non-system wide Python installs."

More from The Hacker News Some of the aforementioned tests claimed to be a technical interview for financial institutions like Capital One and Rookery Capital Limited, underscoring how the threat actors are impersonating legitimate companies in the sector to pull off the operation. It's currently not clear how widespread these campaigns are, although prospective targets are scouted and contacted using LinkedIn, as recently also highlighted by Google-owned Mandiant.

Redmonk's latest programming language ranking (attempting to gauge "potential future adoption trends") has found evidence of "a landscape resistant to change." Outside of CSS moving down a spot and C++ moving up one, the Top 10 was unchanged. And even in the back half of the rankings, where languages tend to be less entrenched and movement is more common, only three languages moved at all... There are a few signs of languages following in TypeScript's footsteps and working their way up the path, both in the Top 20 and at the back end of the Top 100 as we'll discuss shortly, but they're the exception that proves the rule.

It's possible that we'll see more fluid usage of languages, and increased usage of code assistants would theoretically make that much more likely, but at this point it's a fairly static status quo. With that, some results of note:

- TypeScript (#6): technically TypeScript didn't move, as it was ranked sixth in our last run, but this is the first quarter in which is has been the sole occupant of that spot. CSS, in this case, dropped one place to seven leaving TypeScript just outside the Top 5. It will be interesting to see whether or not it has more momentum to expend or whether it's topped out for the time being.

- Kotlin (#14) / Scala (#14): both of these JVM-based languages jumped up a couple of spots — two spots in Scala's case and three for Kotlin. Scala's rise is notable because it had been on something of a downward trajectory from a one time high of 12th, and Kotlin's placement is a mild surprise because it had spent three consecutive runs not budging from 17, only to make the jump now. The tie here, meanwhile, is interesting because Scala's long history gives it an accretive advantage over Kotlin's more recent development, but in any case the combination is evidence of the continued staying power of the JVM.

- Objective C (#17): speaking of downward trajectories and the 17th placement on this list, Objective C's slide that began in mid-2018 continued and left the language with its lowest placement in these rankings to date at #17. That's still an enormously impressive achievement, of course, and there are dozens of languages that would trade their usage for Objective C's, but the direction of travel seems clear.

- Dart (#19) / Rust (#19): while once grouped with Kotlin as up and coming languages driven by differing incentives and trends, Dart and Rust have not been able to match the ascent of their counterpart with five straight quarters of no movement. That's not necessarily a negative; as with Objective C, these are still highly popular languages and communities, but it's worth questioning whether new momentum will arrive and from where, particularly because the communities are experiencing some friction in growing their usage.
It's important to remember Redmonk's methodology. "We extract language rankings from GitHub and Stack Overflow, and combine them for a ranking that attempts to reflect both code (GitHub) and discussion (Stack Overflow) traction. The idea is not to offer a statistically valid representation of current usage, but rather to correlate language discussion and usage in an effort to extract insights into potential future adoption trends."

Having said that, here's the current top ten in Redmonk's ranking:

1. JavaScript
2. Python
3. Java
4. PHP
5. C#
6. TypeScript
7. CSS
8. C++
9. Ruby
10. C

Their announcement also notes that at the other end of the list, the programming language Bicep "jumped eight spots to #78 and Zig 10 to #87. That progress pales next to Ballerina, however, which jumped from #80 to #61 this quarter. The general purpose language from WS02, thus, is added to the list of potential up and comers we're keeping an eye on."

Pundits aggregate results from multiple pollsters to minimize biases. So ZDNet tried the same approach, but aggregating rankings for the popularity of 19 top programming languages. Senior contributing editor David Gewirtz combined results from nine popularity rankings, including PYPL, the Tiobe index, GitHub's Usage 2023 summary report, and several rankings from Stack Overflow and from IEEE Spectrum.

The results? The top cluster contains Python, JavaScript, and Java. These are all very representative in the world of AI coding...

The next cluster contains the classic C-based languages [C++, C#, C], plus TypeScript (which is a more robust JavaScript variant) and SQL.

Below that are languages that were dominant a while ago, the web languages used to build and operate websites [HTML/CSS, PHP, Shell], followed by a range of other languages that are either growing in popularity (R, Dart) or dropping in popularity (Ruby). [Just above Ruby are Go, Rust, Kotlin, and Lua.]

Finally, at the bottom is Swift, Apple's language of choice. Objective-C, the previous language of Apple programming, has all but dropped off the list since Apple launched Swift. But while Apple boasts many developers, Swift is clearly not a standout in programmer interest... [T]here aren't a huge number of companies hiring Apple app developers, at least primarily. That's why Swift is relatively far down the chart. Objective-C is being replaced by Swift, and we can see it dropping right before our eyes.
"With the exception of Java, the C-family of languages still dominates," the article concludes, before adding that if you're only going to learn one language, "I'd recommend Python, Java, and JavaScript instead." But it also advises aspiring programmers to learn "multiple languages and multiple frameworks. Build things in the languages. Programming is not just an intellectual exercise. You have to actually make stuff....

"[L]earning how to learn languages is as important as learning a language — and the best way to do that is to learn more than one."

"Sometimes an artificial intelligence tool comes out of nowhere and dominates the conversation on social media," writes Tom's Guide.

"This week that app is Cursor, an AI coding tool that uses models like Claude 3.5 Sonnet and GPT-4o to make it easier than ever to build your own apps," with the ability to "write, predict and manipulate code using nothing but a text prompt." Cursor is part development environment, part AI chatbot and unlike tools like GitHub Copilot it can more or less do all of the work for you, transforming a simple idea into functional code in minutes... Built on the same system as the popular Microsoft Visual Studio Code, Cursor has already found a fanbase among novice coders and experienced engineers...

Cursor's simplicity, working from a chat window, means even someone completely new to code could get a functional app running in minutes and keep building on it to add new features... The startup has raised over $400 million since it was founded in 2022 and works with various models including those from Anthropic and OpenAI... In my view, its true power is in the democratization of coding. It would also allow someone without much coding experience to build the tools they need by typing a few lines of text.
More from ReadWrite: Cursor, an AI firm that is attempting to build a "magical tool that will one day write all the world's code," has announced it has raised $60 million in its Series A funding round... As of August 22, the company had a valuation of $400 million, according to sources cited by TechCrunch...

Anysphere is the two-year-old startup that developed the app. Its co-founders are Michael Truell, Sualeh Asif, Arvid Lunnemark and Aman Sanger, who started the company while they were students at MIT... Using advanced AI capabilities, it is said to be able to finish, correct, and change AI code through natural language commands. It currently works with JavaScript, Python, and TypeScript, and is free for most uses. The pro plan will set you back $20 per month.
But how well does it work? Tom's Guide notes that after requesting a test app, "It generated the necessary code in the sidebar chat window and all I had to do was click Apply and then Accept. This added the code to a new Python file including all the necessary imports. It also gave me instructions on how to add modules to my machine to make the code work.

"As the chat is powered by Claude 3.5 Sonnet, you can just have it explain in more detail any element of the code or any task required to make it run..."

Andreessen Horowitz explains why they invested in the company: It's very clear that LLMs are a powerful tool for programmers, and that their coding abilities will improve over time. But it's also clear that for most coding tasks, the problem to solve is not how to make LLMs perform well in isolation, but how to make them perform well alongside a human developer. We believe, therefore, the interface between programmers and AI models will soon become one of the most important pieces of the dev stack. And we're thrilled to announce our series A investment...

Cursor is a fork of VS Code that's heavily customized for AI-assisted programming. It works with all the latest LLMs and supports the full VS Code plugin ecosystem. What makes Cursor special are the features designed to integrate AI into developer workflows — including next action prediction, natural language edits, chatting with your codebase, and a bunch of new ones to come... Our belief is that Cursor, distinctly among AI coding tools, has simply gotten it right. That's why, in a little over a year, thousands of users have signed up for Cursor, including at companies like OpenAI, Midjourney, Perplexity, Replicate, Shopify, Instacart, and many others. Users give glowing reviews of the product, many of them have started to pay for it, and they rarely switch back to other IDEs. Most of the a16z Infra team have also become avid Cursor users!
One site even argues that Cursor's coding and AI capabilities "should be a wake up call for Microsoft to make VS Code integration with GitHub Copilot a lot easier."

Thanks to Slashdot reader joshuark for sharing the article.

More than 25,000 Python developers from nearly 200 countries took the 7th annual Python Developers Survey between November 2023 and February 2024, with 85% saying Python was their main language.

Some interesting findings:

• Though Python 2 reached "end-of-life" status in April of 2020, last year's survey found 7% of respondents were still using Python 2. This year's survey found that number has finally dropped... to 6%.
  
  "Almost half of Python 2 holdouts are under 21 years old," the survey results point out, "and a third are students. Perhaps courses are still using Python 2?"

• Meanwhile, 73% are using one of the last three versions of Python (3.10, 3.11, or 3.12)

• "The share of developers using Linux as their development environment has decreased through the years: compared with 2021, it's dropped by 8 percentage points." [The graphic is a little confusing, showing 55% using Linux, 55% using Windows, 29% on MacOS, 2% on BSD, and 1% on "Other."]

• Visual Studio Code is the most popular IDE (22%), followed by Jupyter Notebook (20%) and Vim (17%). The next-most popular IDEs were PyCharm Community Edition (13%), JupyterLab (12%), NotePad++ (11%) and Sublime Text (9%). Interestingly, just 23% of the 25,000 respondents said they only used one IDE, with 38% saying they used two, 21% using three, and 19% using four or more. [The annual survey is a collaboration between the Python Software Foundation and JetBrains.]

• 37% said they'd contributed to open-source projects within the last year. (77% of those contributed code, while 38% contributed documentation, 35% contributed governance/leadership/maintainer duties, and 33% contributed tests...)

• For "age range," nearly one-third (32%) said 21-29 (with another 8% choosing 18-20). Another 33% said 30-39, while 16% said 40-49, 7% said 50-59, and 3% chose "60 or older."
  
  49% of respondents said they had less than two years of programming experience, with 33% saying "less than 1 year" and 16% saying "1-2 years." (34% of developers also said they practiced collaborative development.)

And here's how the 25,000 developers answered the question: how long have you been programming in Python?

• Less than 1 year: 25%
• 1-2 years: 16%
• 3-5 years: 26%
• 6-10 years: 19%
• 11+ years: 13%

So what are they doing with Python? Among those who'd said Python was their main language:

• Data analysis: 44%
• Web development: 44%
• Machine learning: 34%
• Data engineering: 28%
• Academic research: 26%
• DevOps / Systems administration / Writing automation scripts 26%
• Programming of web parsers / scrapers / crawlers: 25%

62% were "fully employed by a company," while the next-largest category was "student" (12%) with another 5% in "working student". There were also categories for "self-employed" (6%), "freelancer" (another 6%), and "partially employed by a company" (4%). Another 4% said they were unemployed.

In other news, the Python Software Foundation board has also "decided to invest more in connecting and serving the global Python community" by hosting monthly "office hours" on their Discord channel.

Phoronix's Michael Larabel benchmarked AMD's latest Ryzen 9 9950X in several different Linux distros and found that the Zen 5 chip performs up to 16% faster with the Intel-optimized Clear Linux distro. Here's an excerpt from the report: The Linux distributions for this round of testing on the AMD Ryzen 9 9950X included Arch Linux, CachyOS, Clear Linux, Fedora Workstation 40, Ubuntu 24.04 LTS, and a recent daily snapshot of Ubuntu 24.10 in its current development form. Intel's Clear Linux is the one most interesting for looking at on the new AMD Zen 5 hardware. While there hasn't been so much Clear Linux news in recent times, it remains the most well optimized x86_64 Linux distribution out of the box. Clear Linux makes use of compiler function multi versioning, performance-minded defaults, aggressive compiler CFLAGS/CXXFLAGS defaults, optional AVX-512 usage for more libraries, and many other patches and optimizations in the name of delivering the greatest x86_64 Linux performance. And while not Intel's focus, it works typically on AMD hardware too. [...]

Using the same Ryzen 9 9950X system, all of these Linux distributions were tested in their default / out-of-the-box state. [...] When taking the geometric mean of 59 benchmarks run across all of the Linux distributions on this AMD Ryzen 9 9950X system, Intel's Clear Linux easily took the crown. Ubuntu 24.04 LTS -- which was used for all of the Ryzen 9000 series Linux testing so far on Phoronix -- was the slowest. Tapping Intel's Clear Linux netted a 16% improvement on top of the performance offered by Ubuntu 24.04 LTS! Ubuntu 24.04 with the Ryzen 9000 series was already looking great generationally, but as shown today the performance can be even better with further software optimizations.

The Arch Linux powered CachyOS that is tuned out-of-the-box with a similar aim to Clear Linux also performed great. CachyOS was 7% faster than Ubuntu 24.04 LTS based on the geo mean and 3% faster than upstream Arch Linux itself. For different workloads though the CachyOS advantage over Arch Linux varied from a minimal difference to quite significant advantages. From the performance of PHP and Python scripts atop Clear Linux to compiling various server and HPC minded software, Intel's Clear Linux -- and a commendable second place for CachyOS -- were showing that even greater performance can be achieved on the AMD Ryzen 9 9950X. Even for devoted Ubuntu Linux users, these results did show some nice advantages of the upcoming Ubuntu 24.10 release over Ubuntu 24.04 LTS thanks to the GCC 14 compiler. Ubuntu 24.10 performance is also still subject to change since the current daily ISOs haven't yet moved past the Linux 6.8 kernel while Ubuntu 24.10 in October will be shipping with Linux 6.11.

The Washington Post reviews a new book about Microsoft's 68-year-old co-founder Bill Gates: "He's not the Messiah, he's a very naughty boy." That immortal line from Monty Python's Life of Brian kept running through my head as I was reading "Billionaire, Nerd, Savior, King: Bill Gates and His Quest to Shape Our World," by Anupreeta Das, a reporter at the New York Times... which often feels like an extended list of all the major and minor complaints that Das could find not only about Gates but also about billionaires, nerds and the broader practice of philanthropy...

[T]he philanthropist who played a central role in the spectacularly successful fight against diseases like HIV/AIDS; the environmentalist whose net-zero vision has led him to create a multibillion-dollar nuclear-power company — that man barely makes an appearance in this book... Rather than weigh Gates's accomplishments against his failures, Das focuses on his personal weaknesses — his unpleasant management style, his extramarital affairs and, especially, his association with the convicted sex offender Jeffrey Epstein, who is featured extensively throughout, including in the beginning of the book's introduction and in a 12-page section that leads off the chapter titled "Cancel Bill." Frustratingly, Das sheds little new light on the Gates-Epstein relationship, beyond suggesting that Epstein first attracted the billionaire by indicating that he might be able to get Gates his coveted Nobel Peace Prize. While I and others have reported that a $2 million donation from Gates to the MIT Media Lab was thought of within MIT as being Epstein money, for instance, Das will go only so far as to say that "the donation may or may not have been at Epstein's recommendation."
The Guardian also notes that the Gates Foundation and the Gateses "have prevented millions of deaths, pumping billions of dollars into fighting Aids, tuberculosis and malaria around the world." They co-founded Gavi, the Vaccine Alliance, which vaccinated half the world's children... [During the pandemic] the Gates-backed Covax partnership was spearheading the global vaccination effort, procuring more than 1bn doses for people in poorer countries. But this doesn't seem to wash with Das, who reports that the foundation is "bigfooting", "neocolonial", "antidemocratic", and "top down", and sees it as an egotistical way for Bill to charity-wash his reputation... The penultimate chapter is titled Cancel Bill, and that's what the whole book feels like: an appeal to public opinion to write Gates off. As yet, and in the context of what other American billionaires do and get away with, it seems a little unfair.

America's National Institute of Standards and Technology (NIST) has released a new open-source software tool called Dioptra for testing the resilience of machine learning models to various types of attacks.

"Key features that are new from the alpha release include a new web-based front end, user authentication, and provenance tracking of all the elements of an experiment, which enables reproducibility and verification of results," a NIST spokesperson told SC Media: Previous NIST research identified three main categories of attacks against machine learning algorithms: evasion, poisoning and oracle. Evasion attacks aim to trigger an inaccurate model response by manipulating the data input (for example, by adding noise), poisoning attacks aim to impede the model's accuracy by altering its training data, leading to incorrect associations, and oracle attacks aim to "reverse engineer" the model to gain information about its training dataset or parameters, according to NIST.

The free platform enables users to determine to what degree attacks in the three categories mentioned will affect model performance and can also be used to gauge the use of various defenses such as data sanitization or more robust training methods.

The open-source testbed has a modular design to support experimentation with different combinations of factors such as different models, training datasets, attack tactics and defenses. The newly released 1.0.0 version of Dioptra comes with a number of features to maximize its accessibility to first-party model developers, second-party model users or purchasers, third-party model testers or auditors, and researchers in the ML field alike. Along with its modular architecture design and user-friendly web interface, Dioptra 1.0.0 is also extensible and interoperable with Python plugins that add functionality... Dioptra tracks experiment histories, including inputs and resource snapshots that support traceable and reproducible testing, which can unveil insights that lead to more effective model development and defenses.
NIST also published final versions of three "guidance" documents, according to the article. "The first tackles 12 unique risks of generative AI along with more than 200 recommended actions to help manage these risks. The second outlines Secure Software Development Practices for Generative AI and Dual-Use Foundation Models, and the third provides a plan for global cooperation in the development of AI standards."

Thanks to Slashdot reader spatwei for sharing the news.

Stack Overflow says over 65,000 developers took their annual survey — and "For the first time this year, we asked if developers felt AI was a threat to their job..."

Some analysis from The New Stack: Unsurprisingly, only 12% of surveyed developers believe AI is a threat to their current job. In fact, 70% are favorably inclined to use AI tools as part of their development workflow... Among those who use AI tools in their development workflow, 81% said productivity is one of its top benefits, followed by an ability to learn new skills quickly (62%). Much fewer (30%) said improved accuracy is a benefit. Professional developers' adoption of AI tools in the development process has risen rapidly, going from 44% in 2023 to 62% in 2024...

Seventy-one percent of developers with less than five years of experience reported using AI tools in their development process, as compared to just 49% of developers with 20 years of experience coding... At 82%, [ChatGPT] is twice as likely to have been used than GitHub Copilot. Among ChatGPT users, 74% want to continue using it.
But "only 43% said they trust the accuracy of AI tools," according to Stack Overflow's blog post, "and 45% believe AI tools struggle to handle complex tasks."

More analysis from The New Stack: The latest edition of the global annual survey found full-time employment is holding steady, with over 80% reporting that they have full-time jobs. The percentage of unemployed developers has more than doubled since 2019 but is still at a modest 4.4% worldwide... The median annual salary of survey respondents declined significantly. For example, the average full-stack developer's median 2024 salary fell 11% compared to the previous year, to $63,333... Wage pressure may be the result of more competition from an increase in freelancing.

Eighteen percent of professional developers in the 2024 survey said they are independent contractors or self-employed, which is up from 9.5% in 2020. Part-time employment has also risen, presenting even more pressure on full-time salaries... Job losses at tech companies have contributed to a large influx of talent into the freelance market, noted Stack Overflow CEO Prashanth Chandrasekar in an interview with The New Stack. Since COVID-19, he added, the emphasis on remote work means more people value job flexibility. In the 2024 survey, only 20% have returned to full-time in-person work, 38% are full-time remote, while the remainder are in a hybrid situation. Anticipation of future productivity growth due to AI may also be creating uncertainty about how much to pay developers.
Two stats jumped out for Visual Studio magazine: In this year's big Stack Overflow developer survey things are much the same for Microsoft-centric data points: VS Code and Visual Studio still rule the IDE roost, while .NET maintains its No. 1 position among non-web frameworks. It's been this way for years, though in 2021 it was .NET Framework at No. 1 among IDEs, while the new .NET Core/.NET 5 entry was No. 3. Among IDEs, there has been less change. "Visual Studio Code is used by more than twice as many developers than its nearest (and related) alternative, Visual Studio," said the 2024 Stack Overflow Developer survey, the 14th in the series of massive reports.
Stack Overflow shared some other interesting statistics:

• "Javascript (62%), HTML/CSS (53%), and Python (51%) top the list of most used languages for the second year in a row... [JavaScript] has been the most popular language every year since the inception of the Developer Survey in 2011."

• "Python is the most desired language this year (users that did not indicate using this year but did indicate wanting to use next year), overtaking JavaScript."

• "The language that most developers used and want to use again is Rust for the second year in a row with an 83% admiration rate. "

• "Python is most popular for those learning to code..."

• "Technical debt is a problem for 62% of developers, twice as much as the second- and third-most frustrating problems for developers: complex tech stacks for building and deployment."

Thursday Go's long-time tech lead Russ Cox made an announcement: Starting September 1, Austin Clements will be taking over as the tech lead of Go: both the Go team at Google and the overall Go project. Austin is currently the tech lead for what we sometimes call the "Go core", which encompasses compiler toolchain, runtime, and releases. Cherry Mui will be stepping up to lead those areas.

I am not leaving the Go project, but I think the time is right for a change... I will be shifting my focus to work more on Gaby [or "Go AI bot," an open-source contributor agent] and Oscar [an open-source contributor agent architecture], trying to make useful contributions in the Go issue tracker to help all of you work more productively. I am hopeful that work on Oscar will uncover ways to help open source maintainers that will be adopted by other projects, just like some of Go's best ideas have been adopted by other projects. At the highest level, my goals for Oscar are to build something useful, learn something new, and chart a path for other projects. These are the same broad goals I've always had for our work on Go, so in that sense Oscar feels like a natural continuation.
The post notes that new tech lead Austin Clements "has been working on Go at Google since 2014" (and Mui since 2016). "Their judgment is superb and their knowledge of Go and the systems it runs on both broad and deep. When I have general design questions or need to better understand details of the compiler, linker, or runtime, I turn to them." It's important to remember that tech lead — like any position of leadership — is a service role, not an honorary title. I have been leading the Go project for over 12 years, serving all of you, and trying to create the right conditions for all of you to do your best work. Large projects like Go absolutely benefit from stable leadership, but they can also benefit from leadership changes. New leaders bring new strengths and fresh perspectives. For Go, I think 12+ years of one leader is enough stability; it's time for someone new to serve in this role.

In particular, I don't believe that the "BDFL" (benevolent dictator for life) model is healthy for a person or a project. It doesn't create space for new leaders. It's a single point of failure. It doesn't give the project room to grow. I think Python benefited greatly from Guido stepping down in 2018 and letting other people lead, and I've had in the back of my mind for many years that we should have a Go leadership change eventually....

I am going to consciously step back from decision making and create space for Austin and the others to step forward, but I am not disappearing. I will still be available to talk about Go designs, review CLs, answer obscure history questions, and generally help and support you all in whatever way I can. I will still file issues and send CLs from time to time, I have been working on a few potential new standard libraries, I will still advocate for Go across the industry, and I will be speaking about Go at GoLab in Italy in November...

I am incredibly proud of the work we have all accomplished together, and I am confident in the leaders both on the Go team at Google and in the Go community. You are all doing remarkable work, and I know you will continue to do that.

The Python Software Foundation's board "was alerted to a defect in our bylaws that exposes the Foundation to an unbounded financial liability," according to a blog post Friday: Specifically, Bylaws Article XIII as originally written compels the Python Software Foundation to extend indemnity coverage to individual Members (including our thousands of "Basic Members") in certain cases, and to advance legal defense expenses to individual Members with surprisingly few restrictions. Further, the Bylaws compel the Foundation to take out insurance to cover these requirements, however, insurance of this nature is not actually available to 501(c)(3) nonprofit corporations such as the Python Software Foundation to purchase, and thus it is impossible in practice to comply with this requirement.

In the unlikely but not impossible event of the Foundation being called upon to advance such expenses, the potential financial burden would be virtually unlimited, and there would be no recourse to insurance. As this is an existential threat to the Foundation, the Board has agreed that it must immediately reduce the Foundation's exposure, and has opted to exercise its ability to amend the Bylaws by a majority vote of the Board directors, rather than by putting it to a vote of the membership, as allowed by Bylaws Article XI.

Acting on legal advice, the full Board has voted unanimously to amend its Bylaws to no longer extend an offer to indemnify, advance legal expenses, or insure Members when they are not serving at the request of the Foundation. The amended Bylaws still allow for indemnification of a much smaller set of individuals acting on behalf of the PSF such as Board Members and officers, which is in line with standard nonprofit governance practices and for which we already hold appropriate insurance.
Another blog post notes "the recent slew of conversations, initially kicked off in response to a bylaws change proposal, has been pretty alienating for many members of our community." - After the conversation on PSF-Vote had gotten pretty ugly, forty-five people out of ~1000 unsubscribed. (That list has since been put on announce-only)

- We received a lot of Code of Conduct reports or moderation requests about the PSF-vote mailing list and the discuss.python.org message board conversations. (Several reports have already been acted on or closed and the rest will be soon).

- PSF staff received private feedback that the blanket statements about "neurodiverse people", the bizarre motives ascribed to the people in charge of the PSF and various volunteers and the sideways comments about the kinds of people making reports were also very off-putting.

Long-time Slashdot theodp says this "provocative" blog post by former Google engineer Avery Pennarun — now the CEO/founder of Tailscale — is "a call to take back the Internet from its centralized rent-collecting cloud computing gatekeepers."

Pennarun writes: I read a post recently where someone bragged about using Kubernetes to scale all the way up to 500,000 page views per month. But that's 0.2 requests per second. I could serve that from my phone, on battery power, and it would spend most of its time asleep. In modern computing, we tolerate long builds, and then Docker builds, and uploading to container stores, and multi-minute deploy times before the program runs, and even longer times before the log output gets uploaded to somewhere you can see it, all because we've been tricked into this idea that everything has to scale. People get excited about deploying to the latest upstart container hosting service because it only takes tens of seconds to roll out, instead of minutes. But on my slow computer in the 1990s, I could run a perl or python program that started in milliseconds and served way more than 0.2 requests per second, and printed logs to stderr right away so I could edit-run-debug over and over again, multiple times per minute.

How did we get here?

We got here because sometimes, someone really does need to write a program that has to scale to thousands or millions of backends, so it needs all that stuff. And wishful thinking makes people imagine even the lowliest dashboard could be that popular one day. The truth is, most things don't scale, and never need to. We made Tailscale for those things, so you can spend your time scaling the things that really need it. The long tail of jobs that are 90% of what every developer spends their time on. Even developers at companies that make stuff that scales to billions of users, spend most of their time on stuff that doesn't, like dashboards and meme generators.

As an industry, we've spent all our time making the hard things possible, and none of our time making the easy things easy. Programmers are all stuck in the mud. Just listen to any professional developer, and ask what percentage of their time is spent actually solving the problem they set out to work on, and how much is spent on junky overhead.
Tailscale offers a "zero-config" mesh VPN — built on top of WireGuard — for a secure network that's software-defined (and infrastructure-agnostic). "The problem is developers keep scaling things they don't need to scale," Pennarun writes, "and their lives suck as a result...."

"The tech industry has evolved into an absolute mess..." Pennarun adds at one point. "Our tower of complexity is now so tall that we seriously consider slathering LLMs on top to write the incomprehensible code in the incomprehensible frameworks so we don't have to."

Their conclusion? "Modern software development is mostly junky overhead."

This week the Computer Science Teachers Association conference kicked off Tuesday in Las Vegas, writes long-time Slashdot reader theodp.

And the "TeachAI" education initiative teamed with the Computer Science Teachers Association to release three briefs "arguing that K-12 computer science education is more important than ever in an age of AI." From the press release: "As AI becomes increasingly present in the classroom, educators are understandably concerned about how it might disrupt the teaching of core CS skills like programming. With these briefs, TeachAI and CSTA hope to reinforce the idea that learning to program is the cornerstone of computational thinking and an important gateway to the problem-solving, critical thinking, and creative thinking skills necessary to thrive in today's digitally driven world. The rise of AI only makes CS education more important."

To help drive home the point to educators, the 39-page Guidance on the Future of Computer Science Education in an Age of AI (penned by five authors from nonprofits CSTA and Code.org) includes a pretty grim comic entitled Learn to Program or Follow Commands. In the panel, two high school students who scoff at the idea of having to learn to code and instead use GenAI to create their Python apps wind up getting stuck in miserable warehouse jobs several years later as a result where they're ordered about by an AI robot.
"The rise of AI only makes CS education more important," according to the group's press release, "with early research showing that people with a greater grasp of underlying computing concepts are able to use AI tools more effectively than those without." A survey by the group also found that 80% of teachers "agree that core concepts in CS education should be updated to emphasize topics that better support learning about AI."

But I'd be curious to hear what Slashdot's readers think. Share your thoughts and opinions in the comments.

Should children still be taught to code in the age of AI?

An anonymous reader shared this report from InfoWorld: Rust has leaped to its highest position ever in the monthly Tiobe index of language popularity, scaling to the 13th spot this month, with placement in the top 10 anticipated in an upcoming edition. Previously, Rust has never gone higher than 17th place in the Tiobe Programming Index. Tiobe CEO Paul Jansen attributed Rust's ascent in the just-released July index to a February 2024 U.S. White House report recommending Rust over C/C+ for safety reasons. He also credited the growing community and ecosystem support for the language. "Rust is finally moving up."
The article adds that these rankings are based on "the number of skilled engineers worldwide, courses, and third-party vendors pertaining to languages, examining websites such as Google, Amazon, Wikipedia, and more than 20 others to determine the monthly numbers."

1. Python
2. C++
3. C
4. Java
5. C#
6. JavaScript
7. Go
8. Visual Basic
9. Fortran
10. SQL

Interestingly, Rust has just moved into the top ten on the rival rankings from the rival Pypl Popularity of Programming Language index (which according to the article "assesses how often languages are searched on in Google.")

1. Python
2. Java
3. JavaScript
4. C#
5. C/C++
6. R
7. PHP
8. TypeScript
9. Swift
10. Rust

snydeq shares a report from CSO Online, written by Lucian Constantin: A personal GitHub access token with administrative privileges to the official repositories for the Python programming language and the Python Package Index (PyPI) was exposed for over a year. The access token belonged to the Python Software Foundation's director of infrastructure and was accidentally included in a compiled binary file that was published as part of a container image on Docker Hub. [...] The incident shows that scrubbing access tokens from source code only, which some development tools do automatically, is not enough to prevent potential security breaches. Sensitive credentials can also be included in environment variables, configuration files and even binary artifacts as a result of automated build processes and developer mistakes. "Although we encounter many secrets that are leaked in the same manner, this case was exceptional because it is difficult to overestimate the potential consequences if it had fallen into the wrong hands -- one could supposedly inject malicious code into PyPI packages (imagine replacing all Python packages with malicious ones), and even to the Python language itself," researchers from security firm JFrog, who found and reported the token, wrote in a report.

Workers at delivery company Shipt "found that their paychecks had become...unpredictable," according to an article in IEEE Spectrum. "They were doing the same work they'd always done, yet their paychecks were often less than they expected. And they didn't know why...."

The article notes that "Companies whose business models rely on gig workers have an interest in keeping their algorithms opaque." But "The workers showed that it's possible to fight back against the opaque authority of algorithms, creating transparency despite a corporation's wishes." On Facebook and Reddit, workers compared notes. Previously, they'd known what to expect from their pay because Shipt had a formula: It gave workers a base pay of $5 per delivery plus 7.5 percent of the total amount of the customer's order through the app. That formula allowed workers to look at order amounts and choose jobs that were worth their time. But Shipt had changed the payment rules without alerting workers. When the company finally issued a press release about the change, it revealed only that the new pay algorithm paid workers based on "effort," which included factors like the order amount, the estimated amount of time required for shopping, and the mileage driven. The company claimed this new approach was fairer to workers and that it better matched the pay to the labor required for an order. Many workers, however, just saw their paychecks dwindling. And since Shipt didn't release detailed information about the algorithm, it was essentially a black box that the workers couldn't see inside.

The workers could have quietly accepted their fate, or sought employment elsewhere. Instead, they banded together, gathering data and forming partnerships with researchers and organizations to help them make sense of their pay data. I'm a data scientist; I was drawn into the campaign in the summer of 2020, and I proceeded to build an SMS-based tool — the Shopper Transparency Calculator [written in Python, using optical character recognition and Twilio, and running on a home server] — to collect and analyze the data. With the help of that tool, the organized workers and their supporters essentially audited the algorithm and found that it had given 40 percent of workers substantial pay cuts...

This "information asymmetry" helps companies better control their workforces — they set the terms without divulging details, and workers' only choice is whether or not to accept those terms... There's no technical reason why these algorithms need to be black boxes; the real reason is to maintain the power structure... In a fairer world where workers have basic data rights and regulations require companies to disclose information about the AI systems they use in the workplace, this transparency would be available to workers by default.
The tool's creator was attracted to the idea of helping a community "control and leverage their own data," and ultimately received more than 5,600 screenshots from over 200 workers. 40% were earning at least 10% less — and about 33% were earning less than their state's minimum wage. Interestingly, "Sharing data about their work was technically against the company's terms of service; astoundingly, workers — including gig workers who are classified as 'independent contractors' — often don't have rights to their own data...

"[O]ur experiment served as an example for other gig workers who want to use data to organize, and it raised awareness about the downsides of algorithmic management. What's needed is wholesale changes to platforms' business models... The battles that gig workers are fighting are the leading front in the larger war for workplace rights, which will affect all of us. The time to define the terms of our relationship with algorithms is right now."

Thanks to long-time Slashdot reader mspohr for sharing the article.