Mistral, the French AI startup backed by Microsoft and valued at $6 billion, has released its first generative AI model for coding, dubbed Codestral. From a report: Codestral, like other code-generating models, is designed to help developers write and interact with code. It was trained on over 80 programming languages, including Python, Java, C++ and JavaScript, explains Mistral in a blog post. Codestral can complete coding functions, write tests and "fill in" partial code, as well as answer questions about a codebase in English. Mistral describes the model as "open," but that's up for debate. The startup's license prohibits the use of Codestral and its outputs for any commercial activities. There's a carve-out for "development," but even that has caveats: the license goes on to explicitly ban "any internal usage by employees in the context of the company's business activities." The reason could be that Codestral was trained partly on copyrighted content. Codestral might not be worth the trouble, in any case. At 22 billion parameters, the model requires a beefy PC in order to run.

Read more of this story at Slashdot.

A Rust Foundation blog post begins by reminding readers that Rust programs "are unable to compile if memory management rules are violated, essentially eliminating the possibility of a memory issue at runtime." But then it goes on to explore "Unsafe Rust in the wild" (used for a small set of actions like dereferencing a raw pointer, modifying a mutable static variable, or calling unsafe functions). "At a superficial glance, it might appear that Unsafe Rust undercuts the memory-safety benefits Rust is becoming increasingly celebrated for. In reality, the unsafe keyword comes with special safeguards and can be a powerful way to work with fewer restrictions when a function requires flexibility, so long as standard precautions are used." The Foundation lists those available safeguards — which "make exploits rare — but not impossible." But then they go on to analyze just how much Rust code actually uses the unsafe keyword: The canonical way to distribute Rust code is through a package called a crate. As of May 2024, there are about 145,000 crates; of which, approximately 127,000 contain significant code. Of those 127,000 crates, 24,362 make use of the unsafe keyword, which is 19.11% of all crates. And 34.35% make a direct function call into another crate that uses the unsafe keyword [according to numbers derived from the Rust Foundation project Painter]. Nearly 20% of all crates have at least one instance of the unsafe keyword, a non-trivial number. Most of these Unsafe Rust uses are calls into existing third-party non-Rust language code or libraries, such as C or C++. In fact, the crate with the most uses of the unsafe keyword is the Windows crate, which allows Rust developers to call into various Windows APIs. This does not mean that the code in these Unsafe Rust blocks are inherently exploitable (a majority or all of that code is most likely not), but that special care must be taken while using Unsafe Rust in order to avoid potential vulnerabilities... Rust lives up to its reputation as an excellent and transformative tool for safe and secure programming, even in an Unsafe context. But this reputation requires resources, collaboration, and constant examination to uphold properly. For example, the Rust Project is continuing to develop tools like Miri to allow the checking of unsafe Rust code. The Rust Foundation is committed to this work through its Security Initiative: a program to support and advance the state of security within the Rust Programming language ecosystem and community. Under the Security Initiative, the Rust Foundation's Technology team has developed new tools like [dependency-graphing] Painter, TypoMania [which checks package registries for typo-squatting] and Sandpit [an internal tool watching for malicious crates]... giving users insight into vulnerabilities before they can happen and allowing for a quick response if an exploitation occurs.

Read more of this story at Slashdot.

"The TIOBE Index sets out to reflect the relative popularity of computer languages," writes i-Programmer, "so it comes as something of a surprise to see two languages dating from the 1950's in this month's Top 20. Having broken into the the Top 20 in April 2021 Fortran has continued to rise and has now risen to it's highest ever position at #10... The headline for this month's report by Paul Jansen on the TIOBE index is: Fortran in the top 10, what is going on? Jansen's explanation points to the fact that there are more than 1,000 hits on Amazon for "Fortran Programming" while languages such as Kotlin and Rust, barely hit 300 books for the same search query. He also explains that Fortran is still evolving with the new ISO Fortran 2023 definition published less than half a year ago.... The other legacy language that is on the rise in the TIOBE index is COBOL. We noticed it re-enter the Top 20 in January 2024 and, having dropped out in the interim, it is there again this month. More details from TechRepublic: Along with Fortran holding on to its spot in the rankings, there were a few small changes in the top 10. Go gained 0.61 percentage points year over year, rising from tenth place in May 2023 to eighth this year. C++ rose slightly in popularity year over year, from fourth place to third, while Java (-3.53%) and Visual Basic (-1.8) fell. Here's how TIOBE ranked the 10 most popular programming languages in May: Python C C++ Java C# JavaScript Visual Basic Go SQL Fortran On the rival PYPL ranking of programming language popularity, Fortran does not appear anywhere in the top 29. A note on its page explains that "Worldwide, Python is the most popular language, Rust grew the most in the last 5 years (2.1%) and Java lost the most (-4.0%)." Here's how it ranks the 10 most popular programming languages for May: Python (28.98% share) Java (15.97% share) JavaScript (8.79%) C# (6.78% share) R (4.76% share) PHP (4.55% share) TypeScript (3.03% share) Swift (2.76% share) Rust (2.6% share)

Read more of this story at Slashdot.

Apple's grudging accommodation of European law -- allowing third-party browser engines on its mobile devices -- apparently comes with a restriction that makes it difficult to develop and support third-party browser engines for the region. From a report: The Register has learned from those involved in the browser trade that Apple has limited the development and testing of third-party browser engines to devices physically located in the EU. That requirement adds an additional barrier to anyone planning to develop and support a browser with an alternative engine in the EU. It effectively geofences the development team. Browser-makers whose dev teams are located in the US will only be able to work on simulators. While some testing can be done in a simulator, there's no substitute for testing on device -- which means developers will have to work within Apple's prescribed geographical boundary. Prior to iOS 17.4, Apple required all web browsers on iOS or iPadOS to use Apple's WebKit rendering engine. Alternatives like Gecko (used by Mozilla Firefox) or Blink (used by Google and other Chromium-based browsers) were not permitted. Whatever brand of browser you thought you were using on your iPhone, under the hood it was basically Safari. Browser makers have objected to this for years, because it limits competitive differentiation and reduces the incentive for Apple owners to use non-Safari browsers.

Read more of this story at Slashdot.

Stack Overflow's new deal giving OpenAI access to its API as a source of data has users who've posted their questions and answers about coding problems in conversations with other humans rankled. From a report: Users say that when they attempt to alter their posts in protest, the site is retaliating by reversing the alterations and suspending the users who carried them out. A programmer named Ben posted a screenshot yesterday of the change history for a post seeking programming advice, which they'd updated to say that they had removed the question to protest the OpenAI deal. "The move steals the labour of everyone who contributed to Stack Overflow with no way to opt-out," read the updated post. The text was reverted less than an hour later. A moderator message Ben also included says that Stack Overflow posts become "part of the collective efforts" of other contributors once made and that they should only be removed "under extraordinary circumstances." The moderation team then said it was suspending his account for a week while it reached out "to avoid any further misunderstandings."

Read more of this story at Slashdot.

ArsTechnica: Sixty years ago, on May 1, 1964, at 4 am in the morning, a quiet revolution in computing began at Dartmouth College. That's when mathematicians John G. Kemeny and Thomas E. Kurtz successfully ran the first program written in their newly developed BASIC (Beginner's All-Purpose Symbolic Instruction Code) programming language on the college's General Electric GE-225 mainframe. Little did they know that their creation would go on to democratize computing and inspire generations of programmers over the next six decades.

Read more of this story at Slashdot.

Women Who Code (WWC), a U.S.-based organization of 360,000 people supporting women who work in the tech sector, is shutting down due to a lack of funding. "It is with profound sadness that, today, on April 18, 2024, we are announcing the difficult decision to close Women Who Code, following a vote by the Board of Directors to dissolve the organization," the organization said in a blog post. "This decision has not been made lightly. It only comes after careful consideration of all options and is due to factors that have materially impacted our funding sources -- funds that were critical to continuing our programming and delivering on our mission. We understand that this news will come as a disappointment to many, and we want to express our deepest gratitude to each and every one of you who have been a part of our journey." The BBC reports: WWC was started 2011 by engineers who "were seeking connection and support for navigating the tech industry" in San Francisco. It became a nonprofit organization in 2013 and expanded globally. In a post announcing its closure, it said it had held more than 20,000 events and given out $3.5m in scholarships. A month before the closure, WWC had announced a conference for May, which has now been cancelled. A spokesperson for WWC said: "We kept our programming moving forward while exploring all options." They would not comment on questions about the charity's funding. The most recent annual report, for 2022, showed the charity made almost $4m that year, while its expenses were just under $4.2m. WWC said that "while so much has been accomplished," their mission was not complete. It continued: "Our vision of a tech industry where diverse women and historically excluded people thrive at every level is not fulfilled."

Read more of this story at Slashdot.

Amazon will no longer pay developers to create applications for Alexa, scrapping a key element of the company's effort to build a flourishing app store for its voice-activated digital assistant. From a report: Amazon recently told participants of the Alexa Developer Rewards Program, which cut monthly checks to builders of popular Alexa apps, that the offering would end at the end of June. "Developers like you have and will play a critical role in the success of Alexa and we appreciate your continued engagement," said the notice, which was reviewed by Bloomberg. Amazon is also winding down a program that offered free credits for Alexa developers to power their programs with Amazon Web Services, according to a notice posted on a company website. Despite losing the direct payments, developers can still monetize their efforts with in-app purchases. Alexa, which powers Echo smart speakers and other devices, helped popularize voice assistants when it debuted almost a decade ago, letting users summon weather and news reports, play games and more. The company has since sold millions of Alexa-powered gadgets, but the technology appears far from the cutting-edge amid an explosion in chatbots using generative artificial intelligence.

Read more of this story at Slashdot.

An anonymous reader shares a report: Echoing the past two years of Rust evangelism and C/C++ ennui, Google reports that Rust shines in production, to the point that its developers are twice as productive using the language compared to C++. Speaking at the Rust Nation UK Conference in London this week, Lars Bergstrom, director of engineering at Google, who works on Android Platform Tools & Libraries, described the web titan's experience migrating projects written in Go or C++ to the Rust programming language. Bergstrom said that while Dropbox in 2016 and Figma in 2018 offered early accounts of rewriting code in memory-safe Rust - and doubts about productivity and the language have subsided - concerns have lingered about its reliability and security. "Even six months ago, this was a really tough conversation," he said. "I would go and I would talk to people and they would say, 'Wait, wait you have an `unsafe` keyword. That means we should all write C++ until the heat death of the Universe.'" But there's been a shift in awareness across the software development ecosystem, Bergstrom argued, about the challenges of using non-memory safe languages. Such messaging is now coming from government authorities in the US and other nations who understand the role software plays in critical infrastructure. The reason is that the majority of security vulnerabilities in large codebases can be traced to memory security bugs. And since Rust code can largely if not totally avoid such problems when properly implemented, memory safety now looks a lot like a national security issue.

Read more of this story at Slashdot.