Vue lecture

Verify the Rust's Standard Library's 7,500 Unsafe Functions - and Win 'Financial Rewards'

The Rust community has "recognized the unsafety of Rust (if used incorrectly)," according to a blog post by Amazon Web Services. So now AWS and the Rust Foundation are "crowdsourcing an effort to verify the Rust standard library," according to an article at DevClass.com, "by setting out a series of challenges for devs and offering financial rewards for solutions..." Rust includes ways to bypass its safety guarantees though, with the use of the "unsafe" keyword... The issue AWS highlights is that even if developers use only safe code, most applications still depend on the Rust standard library. AWS states that there are approximately 7.5K unsafe functions in the Rust Standard Library and notes that 57 "soundness issues" and 20 CVEs (Common Vulnerabilities and Exposures) have been reported in the last three years. [28% of the soundness issues were discovered in 2024.] Marking a function as unsafe does not mean it is vulnerable, only that Rust does not guarantee its safety. AWS plans to reduce the risk by using tools and techniques for formal verification of key library code, but believes that "a single team would be unable to make significant inroads" for reasons including the lack of a verification mechanism in the Rust ecosystem and what it calls the "unknowns of scalable verification." The plan therefore is to turn this over to the community, by posing challenges and rewarding developers for solutions.... A GitHub repository provides a fork of the Rust code and includes a set of challenges, currently 13 of them... The Rust Foundation says that there is a financial reward tied to each challenge, and that the "challenge rewards committee is responsible for reviewing activity and dispensing rewards." How much will be paid though is not stated. Despite the wide admiration for Rust, there is no formal specification for the language, an issue which impacts formal verification efforts. Thanks to Slashdot reader sean-it-all for sharing the news.

Read more of this story at Slashdot.

Does GitHub Copilot Improve Code Quality?

Microsoft-owned GitHub published a blog post asking "Does GitHub Copilot improve code quality? Here's what the data says." Its first paragraph includes statistics from past studies — that GitHub Copilot has helped developers code up to 55% faster, leaving 88% of developers feeling more "in the flow" and 85% feeling more confident in their code. But does it improve code quality? [W]e recruited 202 [Python] developers with at least five years of experience. Half were randomly assigned GitHub Copilot access and the other half were instructed not to use any AI tools... We then evaluated the code with unit tests and with an expert review conducted by developers. Our findings overall show that code authored with GitHub Copilot has increased functionality and improved readability, is of better quality, and receives higher approval rates... Developers with GitHub Copilot access had a 56% greater likelihood of passing all 10 unit tests in the study, indicating that GitHub Copilot helps developers write more functional code by a wide margin. In blind reviews, code written with GitHub Copilot had significantly fewer code readability errors, allowing developers to write 13.6% more lines of code, on average, without encountering readability problems. Readability improved by 3.62%, reliability by 2.94%, maintainability by 2.47%, and conciseness by 4.16%. All numbers were statistically significant... Developers were 5% more likely to approve code written with GitHub Copilot, meaning that such code is ready to be merged sooner, speeding up the time to fix bugs or deploy new features. "While GitHub's reports have been positive, a few others haven't," reports Visual Studio magazine: For example, a recent study from Uplevel Data Labs said, "Developers with Copilot access saw a significantly higher bug rate while their issue throughput remained consistent." And earlier this year a "Coding on Copilot" whitepaper from GitClear said, "We find disconcerting trends for maintainability. Code churn — the percentage of lines that are reverted or updated less than two weeks after being authored — is projected to double in 2024 compared to its 2021, pre-AI baseline. We further find that the percentage of 'added code' and 'copy/pasted code' is increasing in proportion to 'updated,' 'deleted,' and 'moved 'code. In this regard, AI-generated code resembles an itinerant contributor, prone to violate the DRY-ness [don't repeat yourself] of the repos visited."

Read more of this story at Slashdot.

More Business School Researchers Accused of Fabricated Findings

June, 2023: "Harvard Scholar Who Studies Honesty Is Accused of Fabricating Findings." November, 2024: "The Business-School Scandal That Just Keeps Getting Bigger." A senior editor at the Atlantic raises the possibility of systemic dishonesty-rewarding incentives where "a study must be even flashier than all the other flashy findings if its authors want to stand out," writing that "More than a year since all of this began, the evidence of fraud has only multiplied." And the suspect isn't just Francesca Gino, a Harvard Business School professor. One person deeply affected by all this is Gino's co-author, a business school professor from the University of California at Berkeley — Juliana Schroeder — who launched an audit of all 138 studies conducted by Francesca Gino (called "The Many Coauthors Project"): Gino was accused of faking numbers in four published papers. Just days into her digging, Schroeder uncovered another paper that appeared to be affected — and it was one that she herself had helped write... The other main contributor was Alison Wood Brooks, a young professor and colleague of Gino's at Harvard Business School.... If Brooks did conduct this work and oversee its data, then Schroeder's audit had produced a dire twist. The Many Co-Authors Project was meant to suss out Gino's suspect work, and quarantine it from the rest... But now, to all appearances, Schroeder had uncovered crooked data that apparently weren't linked to Gino.... Like so many other scientific scandals, the one Schroeder had identified quickly sank into a swamp of closed-door reviews and taciturn committees. Schroeder says that Harvard Business School declined to investigate her evidence of data-tampering, citing a policy of not responding to allegations made more than six years after the misconduct is said to have occurred... In the course of scouting out the edges of the cheating scandal in her field, Schroeder had uncovered yet another case of seeming science fraud. And this time, she'd blown the whistle on herself. That stunning revelation, unaccompanied by any posts on social media, had arrived in a muffled update to the Many Co-Authors Project website. Schroeder announced that she'd found "an issue" with one more paper that she'd produced with Gino... [Schroeder] said that the source of the error wasn't her. Her research assistants on the project may have caused the problem; Schroeder wonders if they got confused... What feels out of reach is not so much the truth of any set of allegations, but their consequences. Gino has been placed on administrative leave, but in many other instances of suspected fraud, nothing happens. Both Brooks and Schroeder appear to be untouched. "The problem is that journal editors and institutions can be more concerned with their own prestige and reputation than finding out the truth," Dennis Tourish, at the University of Sussex Business School, told me. "It can be easier to hope that this all just goes away and blows over and that somebody else will deal with it...." [Tourish also published a 2019 book decrying "Fraud, Deception and Meaningless Research," which the article notes "cites a study finding that more than a third of surveyed editors at management journals say they've encountered fabricated or falsified data."] Maybe the situation in her field would eventually improve, [Schroeder] said. "The optimistic point is, in the long arc of things, we'll self-correct, even if we have no incentive to retract or take responsibility." "Do you believe that?" I asked. "On my optimistic days, I believe it." "Is today an optimistic day?" "Not really."

Read more of this story at Slashdot.

Meta Wants Apple and Google to Verify the Age of App Downloaders

Meta wants to force Apple and Google to verify the ages of people downloading apps from their app stores, reports the Washington Post — and now Meta's campaign "is picking up momentum" with legislators in the U.S. Congress. Federal and state lawmakers have recently proposed a raft of measures requiring that platforms such as Meta's Facebook and Instagram block users under a certain age from using their sites. The push has triggered fierce debate over the best way to ascertain how old users are online. Last year Meta threw its support behind legislation that would push those obligations onto app stores rather than individual app providers, like itself, as your regular host and Naomi Nix reported. While some states have considered the plan, it has not gained much traction in Washington. That could be shifting. Two congressional Republicans are preparing a new age verification bill that places the burden on app stores, according to two people familiar with the matter, who spoke on the condition of anonymity to discuss the plans... The bill would be the first of its kind on Capitol Hill, where lawmakers have called for expanding guardrails for children amid concerns about the risks of social media but where political divisions have bogged down talks. The measure would give parents the right to sue an app store if their child was exposed to certain content, such as lewd or sexual material, according to a copy obtained by the Tech Brief. App stores could be protected against legal claims, however, if they took steps to protect children against harms, such as verifying their ages and giving parents the ability to block app downloads. The article points out that U.S. lawmakers "have the power to set national standards that could override state efforts if they so choose..."

Read more of this story at Slashdot.

Sabotage or Accident? American and European Officials Disagree On What Caused Cuts to Two Undersea Cables

CNN reports that investigators "are trying to crack the mystery of how two undersea internet cables in the Baltic Sea were cut within hours of each other." But there's now two competing viewpoints, "with European officials saying they believe the disruption was an act of sabotage and U.S. officials suggesting it was likely an accident." The foreign ministers of Finland and Germany said in a joint statement that they were "deeply concerned" about the incident and raised the possibility that it was part of a "hybrid warfare," specifically mentioning Russia in their statement. Their assessment was not plucked out of thin air. Russia has been accused of waging a hybrid war against Europe after a string of suspicious incidents, arson attacks, explosions and other acts of sabotage across multiple European countries were traced back to Moscow. And the disruption to the cables came just weeks after the US warned that Moscow was likely to target critical undersea infrastructure. This followed months of suspicious movements of Russian vessels in European waters and the significant beefing up of a dedicated Russian secretive marine unit tasked with surveying the seabed... But two US officials familiar with the initial assessment of the incident told CNN on Tuesday the damage was not believed to be deliberate activity by Russia or any other nation. Instead, the two officials told CNN they believed it likely caused by an anchor drag from a passing vessel. Such accidents have happened in the past, although not in a quick succession like the two on Sunday and Monday. Cloudflare's blog also reminds readers that the two cable cuts resulted in little-to-no observable impact Cloudflare attributes this largely to "the significant redundancy and resilience of Internet infrastructure in Europe." (Their Cloudflare Radar graphs show that after the Sweden-Lithuania cable cut "there was no apparent impact to traffic volumes in either country at the time that the cables were damaged.") Telegeography's submarinecablemap.com illustrates, at least in part, the resilience in connectivity enjoyed by these two countries. In addition to the damaged cable, it shows that Lithuania is connected to neighboring Latvia as well as to the Swedish mainland. Over 20 submarine cables land in Sweden, connecting it to multiple countries across Europe. In addition to the submarine resilience, network providers in both countries can take advantage of terrestrial fiber connections to neighboring countries, such as those illustrated in a European network map from Arelion (formerly Telia), which is only one of the large European backbone providers. Less than a day later, the C-Lion1 submarine cable, which connects Helsinki, Finland and Rostock Germany was reportedly damaged during the early morning hours of Monday, November 18... In this situation as well, as the Cloudflare Radar graphs below show, there was no apparent impact to traffic volumes in either country at the time that the cables were damaged... Telegeography's submarinecablemap.com shows that both Finland and Germany also have significant redundancy and resilience from a submarine cable perspective, with over 10 cables landing in Finland, and nearly 10 landing in Germany, including Atlantic Crossing-1 (AC-1), which connects to the United States over two distinct paths. Terrestrial fiber maps from Arelion and eunetworks (as just two examples) show multiple redundant fiber routes within both countries, as well as cross-border routes to other neighboring countries, enabling more resilient Internet connectivity. See also Does the Internet Route Around Damage?

Read more of this story at Slashdot.

SilverStone's Retro Beige PC Case Turns April Fools' Joke into Actual Product

Slashdot reader jjslash shared this report from TechSpot: The SilverStone FLP01 made quite the impression when it was shared on X for April Fools' Day 2023. Loosely modeled after popular desktops from yesteryear like the NEC PC-9800 series, the chassis features dual 5.25-inch faux floppy bays that could stand to look a bit more realistic. Notably, the covers flip open to reveal access to a more modern (yet still legacy) optical drive and front I/O ports. Modern-looking fan grills can be found on either side of the desktop, serving as yet another hint that the chassis is not as old at it appears on first glance. The grills look to be removable, and probably hold washable dust filters. Like early desktops, the system doubles as a stand for your monitor. The use of a green power LED up front helps round out the retro look; a red LED is used as a storage activity indicator.

Read more of this story at Slashdot.

'It's Surprisingly Easy To Jailbreak LLM-Driven Robots'

Instead of focusing on chatbots, a new study reveals an automated way to breach LLM-driven robots "with 100 percent success," according to IEEE Spectrum. "By circumventing safety guardrails, researchers could manipulate self-driving systems into colliding with pedestrians and robot dogs into hunting for harmful places to detonate bombs..." [The researchers] have developed RoboPAIR, an algorithm designed to attack any LLM-controlled robot. In experiments with three different robotic systems — the Go2; the wheeled ChatGPT-powered Clearpath Robotics Jackal; and Nvidia's open-source Dolphins LLM self-driving vehicle simulator. They found that RoboPAIR needed just days to achieve a 100 percent jailbreak rate against all three systems... RoboPAIR uses an attacker LLM to feed prompts to a target LLM. The attacker examines the responses from its target and adjusts its prompts until these commands can bypass the target's safety filters. RoboPAIR was equipped with the target robot's application programming interface (API) so that the attacker could format its prompts in a way that its target could execute as code. The scientists also added a "judge" LLM to RoboPAIR to ensure the attacker was generating prompts the target could actually perform given physical limitations, such as specific obstacles in the environment... One finding the scientists found concerning was how jailbroken LLMs often went beyond complying with malicious prompts by actively offering suggestions. For example, when asked to locate weapons, a jailbroken robot described how common objects like desks and chairs could be used to bludgeon people. The researchers stressed that prior to the public release of their work, they shared their findings with the manufacturers of the robots they studied, as well as leading AI companies. They also noted they are not suggesting that researchers stop using LLMs for robotics... "Strong defenses for malicious use-cases can only be designed after first identifying the strongest possible attacks," Robey says. He hopes their work "will lead to robust defenses for robots against jailbreaking attacks." The article includes a reaction from Hakki Sevil, associate professor of intelligent systems and robotics at the University of West Florida. He concludes that the "lack of understanding of context of consequences" among even advanced LLMs "leads to the importance of human oversight in sensitive environments, especially in environments where safety is crucial." But a long-term solution could be LLMs with "situational awareness" that understand broader intent. "Although developing context-aware LLM is challenging, it can be done by extensive, interdisciplinary future research combining AI, ethics, and behavioral modeling..." Thanks to long-time Slashdot reader DesertNomad for sharing the article.

Read more of this story at Slashdot.

Red Hat is Becoming an Official Microsoft 'Windows Subsystem for Linux' Distro

"You can use any Linux distribution inside of the Windows Subsystem for Linux" Microsoft recently reminded Windows users, "even if it is not available in the Microsoft Store, by importing it with a tar file." But being an official distro "makes it easier for Windows Subsystem for Linux users to install and discover it with actions like wsl --list --online and wsl --install," Microsoft pointed out this week. And "We're excited to announce that Red Hat will soon be delivering a Red Hat Enterprise Linux WSL distro image in the coming months..." Thank you to the Red Hat team as their feedback has been invaluable as we built out this new architecture, and we're looking forwards to the release...! Ron Pacheco, senior director, Red Hat Enterprise Linux Ecosystem, Red Hat says: "Developers have their preferred platforms for developing applications for multiple operating systems, and WSL is an important platform for many of them. Red Hat is committed to driving greater choice and flexibility for developers, which is why we're working closely with the Microsoft team to bring Red Hat Enterprise Linux, the largest commercially available open source Linux distribution, to all WSL users." Read Pacheco's own blog post here. But in addition Microsoft is also releasing "a new way to make WSL distros," they announced this week, "with a new architecture that backs how WSL distros are packaged and installed." Up until now, you could make a WSL distro by either creating an appx package and distributing it via the Microsoft Store, or by importing a .tar file with wsl -import. We wanted to improve this by making it possible to create a WSL distro without needing to write Windows code, and for users to more easily install their distros from a file or network share which is common in enterprise scenarios... With the tar based architecture, you can start with the same .tar file (which can be an exported Linux container!) and just edit it to add details to make it a WSL distro... These options will describe key distro attributes, like the name of the distro, its icon in Windows, and its out of box experience (OOBE) which is what happens when you run WSL for the first time. You'll notice that the oobe_command option points to a file which is a Linux executable, meaning you can set up your full experience just in Linux if you wish.

Read more of this story at Slashdot.

Will AI Kill Google?

"The past 15 years were unique in ways that might be a bad predictor of our future," writes the Washington Post, with a surge in the number of internet users since 2010, and everyone spending more time online. But today, "lots of smart people believe that artificial intelligence will upend how you find information. Googling is so yesterday." Sam Altman, the top executive overseeing ChatGPT, has said that AI has a good shot at shoving aside Google search. Bill Gates predicted that emerging AI will do tasks like researching your ideal running shoes and automatically placing an order so you'll "never go to a search site again." In defending itself from a judge's decision that it runs an illegal monopoly, Google says the company might be roadkill as AI and other new technologies change how you find information. (On Wednesday, the U.S. government asked the judge to overhaul Google to undo its monopoly.) But predictions of Google's looming obsolescence have been wrong before, which calls for humility in fortune-telling our collective technology habits. We're devilishly unpredictable.... Maybe it's right to extrapolate from how people are starting to use AI today. Or maybe that's the mistake that Jobs made when he said no one was searching on iPhones. It wasn't wrong in 2010, but it was within a few years. Or what if AI upends how billions of us find information and we still keep on Googling? "The notion that we can predict how these new technologies are going to evolve is silly," said David B. Yoffie, a Harvard Business School professor who has spent decades studying the technology industry. Amit Mehta, the judge overseeing the Google monopoly case, formed his own view on AI moving us away from searching Google. "AI may someday fundamentally alter search, but not anytime soon," he said.

Read more of this story at Slashdot.

Meta Removed 2 Million Accounts Linked to Organized Crime 'Pig Butching' Scams

An anonymous reader shared this report from CNET: Meta says it's taken down more than 2 million accounts this year linked to overseas criminal gangs behind scam operations that human rights activists say forced hundreds of thousands of people to work as scammers and cost victims worldwide billions of dollars. In a Thursday blog post, the parent of Facebook, Instagram and WhatsApp says the pig butchering scam operations — based in Myanmar, Laos, Cambodia, the United Arab Emirates and the Philippines — use platforms like Facebook and Instagram; dating, messaging, crypto and other kinds of apps; and texts and emails, to globally target people... [T]he scammers strike up an online relationship with their victims and gain their trust. Then they move their conversations to crypto apps or scam websites and dupe victims into making bogus investments or otherwise handing over their money, Meta said. They'll ask the victims to deposit money, often in the form of cryptocurrency, into accounts, sometimes even letting the victims make small withdrawals, in order to add a veneer of legitimacy. But once the victim starts asking for their investment back, or it becomes clear they don't have any more money to deposit, the scammer disappears and takes the money with them. And the people doing the scamming are often victims themselves. During the COVID-19 pandemic, criminal gangs began building scam centers in Southeast Asia, luring in often unsuspecting job seekers with what looked like amazing postings on local job boards and other platforms, then forcing them to work as scammers, often under the threat of physical harm. The scope of what's become a global problem is staggering. In a report issued in May, the US Institute of Peace estimates that at least 300,000 people are being forced to work, or are otherwise suffering human rights violations, inside these scam centers. The report also estimates global financial losses stemming from the scams at $64 billion in 2023, with the number of financial victims in the millions. Meta says it has focused on investigating and disrupting the scam operations for more than two years, working with nongovernmental organizations and other tech companies, like OpenAI, Coinbase and dating-app operator Match Group, along with law enforcement in both the US and the countries where the centers are located. Meta titled its blog post "Cracking Down On Organized Crime Behind Scam Centers," writing "We hope that sharing our insights will help inform our industry's defenses so we can collectively help protect people from criminal scammers."

Read more of this story at Slashdot.

The Rust Foundation Wants to Improve Rust and C++ Interoperability

The goal? "Make C++ and Rust interoperability easily accessible and approachable to the widest possible audience." And the Rust Foundation's "Interop Initiative" is specifically focused on the goal of interoperability "within the same executable," through either inline embedding that allows "integrated compilation", or foreign function interfaces. To that end, a statement addressing "the challenges and opportunities in C++ and Rust interoperability" was announced this week by the Rust Foundation. Pointing out that the "Interop Initiative" was launched in February 2024 with a $1M contribution from Google, it now "proposes a collaborative, problem-space approach engaging key stakeholders from both language communities. "Rather than prescribing specific solutions, this problem statement serves as a foundation for community input and participation in shaping both the strategic direction and tactical implementation of improved C++/Rust interoperability." Their official problem statement outlines three "key strategic approaches." - Improve existing tools and address tactical issues to reduce interoperability friction and risk in the short term. - Build consensus around long-term goals requiring changes to Rust itself and develop the tactical approaches to begin pursuing them. - Engage with the C++ community and committee to improve the quality of interoperation for both languages to help realize the mutual goals of safety and performance. And it argues that interoperability "is essential to pursuing safety and performance which is maintainable and scalable." A significant amount of development has gone into libraries to facilitate interoperability with both C and C++, but from the language and compiler level, the situation remains largely unchanged from the early days of Rust. As the desire to integrate Rust into more C++ codebases increases, the value of making C++/Rust interoperability safer, easier, and more efficient is rapidly increasing. While each language takes a different overall approach, both view safety as an essential concern in modern systems. Both Rust and C++ have language- and standard-library-level facilities to improve safety in seemingly compatible ways, but significant benefits are lost when transiting the foreign function interfaces (FFI) boundary using the C ABI... The consequence of this increased cost to interoperate means both C++ and Rust codebases are less able to access valuable code that already exists in the other language, and the ability to transition system components from one language to another is reduced outside of existing C-like interface boundaries. Ultimately, this reduction in freedom leads to worse outcomes for all users since technologists are less free to choose the most effective solutions.

Read more of this story at Slashdot.

ChatGPT-4 Beat Doctors at Diagnosing Illness, Study Finds

Dr. Adam Rodman, a Boston-based internal medicine expert, helped design a study testing 50 licensed physicians to see whether ChatGPT improved their diagnoses, reports the New York TImes. The results? "Doctors who were given ChatGPT-4 along with conventional resources did only slightly better than doctors who did not have access to the bot. "And, to the researchers' surprise, ChatGPT alone outperformed the doctors." [ChatGPT-4] scored an average of 90 percent when diagnosing a medical condition from a case report and explaining its reasoning. Doctors randomly assigned to use the chatbot got an average score of 76 percent. Those randomly assigned not to use it had an average score of 74 percent. The study showed more than just the chatbot's superior performance. It unveiled doctors' sometimes unwavering belief in a diagnosis they made, even when a chatbot potentially suggests a better one. And the study illustrated that while doctors are being exposed to the tools of artificial intelligence for their work, few know how to exploit the abilities of chatbots. As a result, they failed to take advantage of A.I. systems' ability to solve complex diagnostic problems and offer explanations for their diagnoses. A.I. systems should be "doctor extenders," Dr. Rodman said, offering valuable second opinions on diagnoses. "The results were similar across subgroups of different training levels and experience with the chatbot," the study concludes. "These results suggest that access alone to LLMs will not improve overall physician diagnostic reasoning in practice. "These findings are particularly relevant now that many health systems offer Health Insurance Portability and Accountability Act-compliant chatbots that physicians can use in clinical settings, often with no to minimal training on how to use these tools."

Read more of this story at Slashdot.

On 15th Anniversary, Go Programming Languages Rises in Popularity

The Tiobe index tries to track the popularity of programming languages by counting the number of search results for the language's name followed by the word "programming" (on 25 different search engines). And this month there were some surprises... By TIOBE's reckoning, compared to a year ago PHP has now fallen from #7 to #12, while Delphi/Object Pascal shot up five spots from #16 to #11. In that same year, Fortran jumped from #12 to #8 — while both Visual Basic and SQL dropped down a single rank. Toward the top of the list, C actually fell from the #2 spot over the last 12 months to the #4 spot. And Go just reached the #7 rank on the TIOBE's ranking of programming language popularity — "an all time high for Go," according to TIOBE CEO Paul Jansen. In this month's note, he explains what he thinks is unusual about this — starting by saying that Go programs are both fast, and easy in many ways — easy to deploy, easy to learn, and easy to understand. Python for instance is easy to learn but not fast, and deployment for larger Python programs is fragile due to dependencies on all kind of versioned libraries in the environment. If compared to Rust for instance (another contender for a top position), Go is a tiny bit slower, but the Go programs are much easier to understand. The next hurdle for Go in the TIOBE index is JavaScript at position #6. That will be a tough one to pass. JavaScript is ubiquitous in software development, although for larger JavaScript systems we see a shift to TypeScript nowadays. "If annual trends continue this way, Go will bypass JavaScript within 3 years," TIOBE's CEO predicts. (Adding "Let's see what the future has in store for Go...") Although the Go team actually has specific plans for the future, according to a blog post this week celebrating Go's 15th anniversary: We're working on making Go better for AI — and AI better for Go — by enhancing Go's capabilities in AI infrastructure, applications, and developer assistance. Go is a great language for building production systems, and we want it to be a great language for building production AI systems, too... For AI applications, we will continue building out first-class support for Go in popular AI SDKs, including LangChainGo and Genkit. And from its very beginning, Go aimed to improve the end-to-end software engineering process, so naturally we're looking at bringing the latest tools and techniques from AI to bear on reducing developer toil, leaving more time for the fun stuff — like actually programming! TIOBE's top 10 programming language rankings for the month of November: Python C++ Java C C# JavaScript Go Fortran Visual Basic SQL

Read more of this story at Slashdot.

New Dune Prequel 'Dune: Prophecy' Premieres on HBO and Max

A new six-episode Dune series premiers tonight on HBO and Max — a prequel to the Denis Villeneuve-directed Dune movies set 10,000 years before the birth f Paul Atreides. The Hollywood Reporter writes that it "draws on source material from the 2012 novel Sisterhood of Dune by Brian Herbert and Kevin J. Anderson, and Frank Herbert's 1965 novel Dune, the origin of the Dune universe." Cord-cutters can stream Dune: Prophecy online without cable on Max, with subscriptions starting at $9.99 per month through both Prime Video and the Max website directly. Amazon offers a seven-day free trial to the Max channel. Those who want to watch Dune: Prophecy online without a traditional cable service can also get Max as an add-on to existing streaming services, including Hulu and DirecTV Stream. The San Francisco Chronicle describes the series as "">all palace intrigues, agonizing deaths and magical mind games." Taking a further cue from the network's top-rated Game of Thrones, this show indulges more sex and nudity than the Dune movies allow. It could be argued that elements like this introduce a liveliness often missing from the portentous big-screen behemoths, marking an improvement. Another fun touch here: Many characters are constantly baked. Set a millennium before Frank Herbert's novels and the films' events, and a century after humans overthrew their "thinking machine" overlords, the psychoactive "Spice" from the desert planet Arrakis is already the most valued substance in the universe. It's not only vital for spaceship navigation and to expand the mental powers of sorceressy sisterhoods like the Bene Gesserit, it's the club drug of choice for younger members of the galaxy-ruling Great Houses. As ever with "Dune" business, control of the Spice trade fuels much of the conflict and character motivations. Of which there are just enough to keep things interesting without becoming confusing... While the show can't match the outsize visual scope of Denis Villeneuve's films, it does pleasingly approximate those vast alien landscapes, Brutalist edifices and high-ceilinged chambers on a TV budget. For those who find Villeneuve's formal gigantism oppressive, the series' more human scale might be another welcome change of pace... There may not be an original thought in this "Dune" product's Spice-soaked head, but it is one professionally put-together piece of this sort of entertainment. "Tasked with making more material with less money and time, Prophecy cannot hope to equal Villeneuve's aesthetic accomplishments," writes Variety. "But at its best, the show does justice to the intricate politics and ethical debates that form a cornerstone of Frank Herbert's fictional universe... The primary Dune plot finds many echoes throughout Prophecy..." On the other hand, Vulture argues the six-episode series is "stuck in prequel quicksand," even calling it "an act of cowardice and abdication of creativity" (while also noting moments where it "feels like it's stretching itself to be something other than what we expect..."

Read more of this story at Slashdot.

Linux Kernel 6.12 Has Been Released

Slashdot unixbhaskar writes: Linus has released a fresh Linux kernel for public consumption. Please give it a try and report any glitches to the maintainers for improvement. Also, please do not forget to express your appreciation to those tireless folks who did all the hard work for you. The blog OMG Ubuntu calls it "one of the most biggest kernel releases for a while," joking that it's a "really real-time kernel." The headline feature in Linux 6.12 is mainline support for PREEMPT_RT. This patch set dramatically improves the performance of real-time applications by making kernel processes pre-emptible — effectively enabled proper real-time computing... Meanwhile, Linus Torvalds himself contributes a new method for user-space address masking designed to claw back some of the performance lost due to Spectre-v1 mitigations. You might have heard that kernel devs have been working to add QR error codes to Linux's kernel panic BSOD screen (as a waterfall of error text is often cut off and not easily copied for ad-hoc debugging). Well, Linux 6.12 adds support for those during Direct Rendering Manager panics... A slew of new RISC-V CPU ISA extensions are supported in Linux 6.12; hybrid CPU scaling in the Intel P-State driver lands ahead of upcoming Intel Core Ultra 2000 chips; and AMD P-State driver improves AMD Boost and AMD Preferred Core features. More coverage from the blog 9to5Linux highlights a new scheduler called sched_ext, Clang support (including LTO) for nolibc, support for NVIDIA's virtual command queue implementation for SMMUv3, and "an updated cpuidle tool that now displays the residency value of cpuidle states for a clearer and more detailed view of idle state information when using cpuidle-info." Linux kernel 6.12 also introduces SWIG bindings for libcpupower to make it easier for developers to write scripts that use and extend the functionality of libcpupower, support for translating normalized error addresses reported by an AMD memory controller into system physical addresses using a UEFI mechanism called platform runtime mechanism (PRM), as well as simplified loading of microcode patches on AMD Zen and newer CPUs by using the family, model, and stepping encoded in the patch revision number... Moreover, Linux 6.12 adds support for running as a protected guest on Android as well as perf and support for a bunch of new interconnect PMUs. It also adds the final conversions to the new Intel VFM CPU model matching macros, rewrites the PCM buffer allocation handling and locking optimizations, and improves the USB audio driver...

Read more of this story at Slashdot.

Google, Microsoft Are Spending Massively on AI, Quarterly Earnings Show

This week Alphabet CEO Sundar Picahi assured investors that their long-term AI focus and investment (and a "commitment to innovation") "are paying off," reports the Associated Press. Alphabet's stock has already soared 20% this year, and it's "still thriving" as the company "navigates through a pivotal shift to AI and battles regulators..." Alphabet earned $26.3 billion, or $2.12 per share during the most recent quarter, a 34% increase from a year ago. Revenue rose 15% from the same time last year to $88.27 billion... The profits would have been even higher if Google wasn't pouring so much money into building up its AI arsenal in a technological arms race that includes other industry heavyweights Microsoft, Amazon, Apple, Facebook parent Meta Platforms and rising star OpenAI. The AI investments are the primary reason Google's capital expenditures in the past quarter soared 62% from the same time last year to $13.1 billion. The AI spending will likely stay at roughly the same level during the current October-December period, and the rise even higher next year, according to Anat Ashkenazi, Alphabet's chief financial officer. But Ashkenazi also emphasized the Mountain View, California, company will act on cost-cutting opportunities in other areas to help boost profits. Alphabet already has trimmed its payroll from more than 190,000 worldwide employees early last year to about 181,000 workers now. In an example of how AI can perform tasks that once required human brainpower, Pichai said the technology is now writing more than 25% of the company's new computer coding. After the results, investors sent Alphabet's stock price up 5% in extended trading, the article points out. "Both Alphabet's profit and revenue increased at a brisker pace than industry analysts anticipated, thanks primarily to a moneymaking machine powered by Google's ubiquitous search engine... [Google's digital search-engine ads earned $49.39 billion, 12% more than the same quarter of 2023.] And Google's cloud division is growing at an even more robust rate, thanks to demand for AI services. The cloud division generated $11.35 billion in revenue during the past quarter, a 35% increase from last year." And meanwhile over at Microsoft, quarterly sales surged 16% to $65.6 billion, reports the Associated Press. But again, "the company sought to assure investors its huge spending on artificial intelligence is paying off." The company has spent billions of dollars to expand its global network of data centers and other physical infrastructure required to develop AI technology... As a result, AI-related products are now on track to contribute about $10 billion to the company's annual revenue, the "fastest business in our history to reach this milestone," CEO Satya Nadella said on a call with analysts Wednesday. [Though Microsoft "hasn't yet formally reported revenue specifically from AI products," the article notes later, with Microsoft instead saying it's infused AI and Copilot into all its business segments.] Just in the last quarter, Microsoft spent $20 billion "mostly for its cloud computing and AI needs," the article points out. But there's still making plenty of money... The software maker also reported an 11% increase in quarterly profit to $24.7 billion, or $3.30 per share, which beat Wall Street expectations for the July-September period... Leading in sales for the quarter was Microsoft's productivity business segment, which includes its Office suite of email and other workplace products, growing 12% to $28.3 billion. Microsoft's cloud-focused business segment grew 20% from the same time last year to $24.1 billion for the three months ending Sept. 30. Its personal computing business, led by its Windows division, grew 17% to $13.2 billion. A big part of that growth came from Microsoft's Xbox video game business, which was boosted by its purchase of game publishing giant Activision Blizzard a year ago.

Read more of this story at Slashdot.

What Happened When a Washington County Tried a 32-Hour Workweek?

On a small network of islands north of Seattle, Washington, San Juan County just completed its first full year of 32-hour workweeks, reports CNN. And Tuesday the county released a report touting "a host of positive outcomes — from recruiting to retention to employee happiness — and a cost savings of more than $975,000 compared to what the county would have paid if it met the union's pay increase demands." The county said the 32-hour workweek has attracted a host of new talent: Applications have spiked 85.5% and open positions are being filled 23.75% faster, while more employees are staying in their jobs — separation (employees quitting or retiring) dropped by 48%. And 84% of employees said their work-life balance was better. "This is meeting many of the goals that we set out to do when we implemented it," County Manager Jessica Hudson said. said, noting the county is looking for opportunities to expand the initiative... Departments across San Juan County have implemented the 32-hour workweek differently, some staggering staffing to maintain their previous availability to the public while others have shortened schedules to be open just four days a week... "I tell people, you're not going to see things change from your perspective," said Joe Ingman, a park manager in the county. "Offices are going to stay open, bathrooms are going to get cleaned, grass is going to get mowed." His department adjusted schedules to stay staffed seven days a week, and while communication across shifts was an initial hurdle, issues were quickly ironed out. "It was probably the smoothest summer I've had, and I've been working in parks for over a decade," he said, crediting the new schedule as a boon for recruiting. While job postings used to languish unfilled for months, last summer the applicant pool was not only bigger but more qualified, and the two staffers he hired both cited coming to the county because of the 32-hour workweek. "It's no more cost to the public to work 32 hours — but we have better applicants," he said. Ingman also said the four-day workweek has done wonders for his job satisfaction; he'd watched colleagues burn out for years, but now sees a path for his own future in the department... County employees have used their extra time off to spend less money on childcare, volunteer in their kids' schools, and contribute to the community... While San Juan County's motivation in adopting a shortened workweek was financial, the benefits its employees cite speak to a larger trend, as workplaces around the country increasingly explore flexible schedules to combat burnout and attract and retain talent. A survey of CEOs this spring found nearly one third of large US companies were looking into solutions like four-day or four-and-a-half-day workweeks... Even without a reduction in total hours, a Gallup poll last year found a third day off would be widely embraced: 77% of US workers said a 4-day, 40-hour workweek would have a positive impact on their wellbeing. One worker shared their thoughts with CNN. "Life shouldn't be about just working yourself into the ground..." And they added that "So far, I feel happy; I feel seen as an employee and as a human, and I feel like it could be a beautiful step forward for other people if we just trust it and try it." They even had some advice for other employers. "Change happens by somebody actually doing the change. The only way we're going to find out if it works is by doing."

Read more of this story at Slashdot.

Privately-Funded EU Company Raises $160M for SpaceX Dragon-Like Reusable Space Capsule

Nyx is a new reusable space capsule that "safely and affordably carries cargo to and from space stations," according to the web page of its European-based manufacturer, The Exploration Company, "launching from any heavy launcher worldwide." And the company "just closed a large funding round to further its mission of building Europe's first reusable space capsule," reports TechCrunch — pointing out that right now, "Only two companies currently provide cargo delivery to and from the International Space Station, and both are based in the United States." The $160 million Series B round will fund the continued development of the Nyx spacecraft, which will be capable of carrying 3,000 kilograms of cargo to and from Earth. The company, which was founded three years ago by aerospace engineers Hélène Huby, Sebastien Reichstat, and Pierre Vine, is aiming to conduct Nyx's maiden flight to and from the International Space Station in 2028. "We are the first company in the world where this is for the first time mainly funded by private investors," Huby said in a recent interview. This is in contrast to SpaceX's Dragon capsule, which she said was "mainly funded by NASA." The new funding, which was led by Balderton Capital and Plural, brings the startup's total funding to date to over $208 million. The Series B also included participation from Bessemer Venture Partners, NGP Capital, and two sovereign European funds, French Tech Souveraineté and DeepTech & Climate Fonds. "We've been able to deliver on promises in the past three years," Huby said. "We've been able to meet our cash target ever quarter ... The investors, they could see that we basically can deliver on time, on cost, on quality." The startup has made traction with the European Space Agency, which has recognized the need to foster native space launch and transportation capabilities... It's a promising start, but equally promising is the traction The Exploration Company is seeing on the commercial side. Around 90% of the startup's $770 million contract backlog has come from private station developers Vast, Axiom Space, and Starlab, according to recent reporting... The second sub-scale demonstrator mission, called Mission Possible, is scheduled to launch on a SpaceX Falcon 9 next year. TechCrunch quotes Huby as saying "I highly respect what SpaceX has been able to achieve.We are trying to learn as much as possible from that, we are inspired by what they have achieved." In a CNBC interview, Huby says "It's a big market, and it's growing about a bit more than 10% per year because more nations want to fly their astronauts and more nations want to go to the moon. So there is an increased demand for sending people to stations, sending cargo to stations." "Join us on our mission to democratize access to space," says a home-page link to the company's recruiting page — with a link further down titled "Book a mission."

Read more of this story at Slashdot.

Could an Upcoming Apple Smart-Home Tablet Lead to Mobile Robots - and Maybe Even a TV Set?

"Here's how Apple's next major product will work," writes Bloomberg's Mark Gurman: The company has been developing a smart home command center that will rival products like the Amazon Echo Hub and Google Nest Hub... The product will run many of Apple's core apps, like Safari, Notes and Calendar, but the interface will be centered on a customizable home screen with iOS-like widgets and smart home controls... The device looks like a low-end iPad and will include a built-in battery, speakers and a FaceTime camera oriented for a horizontal landscape view. The square device, which includes a roughly 6-inch screen, has sensors that let it change the interface depending on how far a user is from the screen. It will also have attachments for walls, plus a base with additional speakers so it can be placed on a table, nightstand or desk. Apple envisions customers using the device as an intercom, with people FaceTiming each other from different rooms. They'll also be able to pull up home security footage, control their lights, and videoconference with family while cooking in the kitchen. And it will control music throughout the home on HomePod speakers. The device will work with hundreds of HomeKit-compatible items, a lineup that includes third-party switches, lights, fans and other accessories. But the company doesn't plan to roll out a dedicated app store for the product. Given the lack of success with app marketplaces for the Vision Pro, Apple Watch and Apple TV, that's not too surprising. Looking ahead, the article concludes "The success of this device is still far from assured. Apple's recent track record pushing into new categories has been spotty, and its previous home products haven't been major hits." But Gurman shares the most interesting part on X.com: If the product does catch on, it will help set the stage for more home devices. Apple is working on a high-end AI companion with a [$1,000] robotic arm and large display that could serve as a follow-up. The company could also put more resources into developing mobile robots, privacy-focused home cameras and speakers. It may even revisit the idea of making an Apple-branded TV set, something it's evaluating. But if the first device fails, Apple may have to rethink its smart home ambitions once again. Gurman also writes that Apple is also working on a new AirTag with more range and improved privacy features (including "making it more difficult for someone to remove the speaker.")

Read more of this story at Slashdot.

Amazon Makes It Harder for Disabled Employees to Work From Home

"Amazon is making it harder for disabled employees to get permission to work from home," reports Bloomberg, a move they say shows Amazon's "determination" to enforce a five-days-a-week return to the office. The company recently told employees with disabilities that it was implementing a more rigorous vetting process, both for new requests to work from home and applications to extend existing arrangements. Affected workers must submit to a "multilevel leader review" and could be required to return to the office for monthlong trials to determine if accommodations meet their needs... Affected employees are receiving calls from "accommodation consultants" who explain how the new policy works. They review medical documentation and discuss how effective working from home has been for employees who've already received an accommodation as well as any previous attempts to help the person work in the office. If the consultant agrees that the person should be allowed to work from home, another Amazon manager must sign off. If they don't, the request goes to a third manager... Some workers fear the process was designed to make requests less likely to be approved, two employees said. In internal chat rooms, according to one of them, employees have accused [Chief Executive Officer Andy] Jassy of hypocrisy because the bureaucratic process belies his stated determination to cut through red tape that he says is slowing Amazon down. "Jassy says the return-to-office requirement will strengthen the company's culture, which he believes has suffered since the pandemic and become overly bureaucratic," the article points out. But it adds that down at the workforce level, the move "is seen by some employees as a way to get people to quit and shrink the workforce."

Read more of this story at Slashdot.

❌