Long-time Slashdot reader theodp writes: During the U.S. presidential campaign of 1928, a circular published by the Republican Party claimed that if Herbert Hoover won there would be "a chicken in every pot". Times change. When talk turned to education at Wednesday night's 2024 Republican U.S. Presidential Candidate Debate, candidate Asa Hutchinson promised there will be 'CS in every school' if he wins (YouTube).

"Look at Arkansas," the former Arkansas Governor explained. "We have to compete with China. I built computer science education. We led the nation in Computer Science education, going from 1,100 students to 23,000 students taking it. This is how you compete with China. As President of the United States, I will make sure we go from 51% of our schools offering computer science to every school in rural areas and urban areas offering computer science for the benefit of our kids and we can compete with China in terms of technology."

In his last year in office, Hutchinson served as Chair of the National Governors Association (NGA) and rallied the nation's Governors around tech CEOs' demands for more K-12 CS education to culminate his year-long CS evangelism initiative, which the NGA noted enjoyed the support of Amazon, Google, and Microsoft. Hutchinson's pitch to the Governors included a video challenging them with a question. "Will it be American students who learn to code," Hutchinson asked, "or will industry be required to go overseas to find the talent that we need here in the United States of America?"
Later in the debate former New Jersey governor Chris Christie said entrepreneur/candidate Vivek Ramaswamy "sounds like ChatGPT."

72-year-old Bjarne Stroustrup invented C++ (first released in 1985). 38 years later, he gave a short interview for Honeypot.io (which calls itself "Europe's largest tech-focused job platform") offering his own advice for life: Don't overspecialize. Don't be too sure that you know the future. Be flexible, and remember that careers and jobs are a long-term thing. Too many young people think they can optimize something, and then they find they've spent a couple of years or more specializing in something that may not have been the right thing. And in the process they burn out, because they haven't spent enough time building up friendships and having a life outside computing.

I meet a lot of sort of — I don't know what you call them, "junior geeks"? — that just think that the only thing that matters is the speciality of computing — programming or AI or graphics or something like that. And — well, it isn't... And if they do nothing else, well — if you don't communicate your ideas, you can just as well do Sudoku... You have to communicate. And a lot of sort of caricature nerds forget that. They think that if they can just write the best code, they'll change the world. But you have to be able to listen. You have to be able to communicate with your would-be users and learn from them. And you have to be able to communicate your ideas to them.

So you can't just do code. You have to do something about culture and how to express ideas. I mean, I never regretted the time I spent on history and on math. Math sharpens your mind, history gives you some idea of your limitations and what's going on in the world. And so don't be too sure. Take time to have a balanced life.

And be ready for the opportunity. I mean, a broad-based education, a broad-based skill set — which is what you build up when you educate, you're basically building a portfolio of skills — means that you can take advantage of an opportunity when it comes along. You can recognize it sometimes. We have lots of opportunities. But a lot of them, we either can't take advantage of, or we don't notice. It was my fairly broad education — I've done standard computer science, I've done compilers, I've done multiple languages... I think I knew two dozen at the time. And I have done machine architecture, I've done operating systems. And that skill set turned out to be useful.
At the beginning of the video, Stroustrup jokes that it's hard to give advice — and that it's at least as difficult as it is to take advice.

Earlier this year, Bjarne also told the same site the story of how he became a programmer by mistake — misreading a word when choosing what to study afer his high school exams. Stroustrup had thought he was signing up for an applied mathematics course, which instead turned to be a class in computer science...

Meta, intent on making a splash in a generative AI space rife with competition, is on something of an open source tear. From a report: Following the release of AI models for generating text, translating languages and creating audio, the company today open sourced Code Llama, a machine learning system that can generate and explain code in natural language -- specifically English. Akin to GitHub Copilot and Amazon CodeWhisperer, as well as open source AI-powered code generators like StarCoder, StableCode and PolyCoder, Code Llama can complete code and debug existing code across a range of programming languages, including Python, C++, Java, PHP, Typescript, C# and Bash.

"At Meta, we believe that AI models, but large language models for coding in particular, benefit most from an open approach, both in terms of innovation and safety," Meta wrote in a blog post shared with TechCrunch. "Publicly available, code-specific models can facilitate the development of new technologies that improve peoples' lives. By releasing code models like Code Llama, the entire community can evaluate their capabilities, identify issues and fix vulnerabilities." Code Llama, which is available in several flavors, including a version optimized for Python and a version fine-tuned to understand instructions (e.g. "Write me a function that outputs the fibonacci sequence"), is based on the Llama 2 text-generating model that Meta open sourced earlier this month. While Llama 2 could generate code, it wasn't necessarily good code -- certainly not up to the quality a purpose-built model like Copilot could produce.

IBM is introducing the watsonx Code Assistant for Z, a tool that uses generative AI to translate COBOL code to Java. This tool is set to be available in Q4 2023 and aims to speed up the translation of COBOL to Java on IBM's Z mainframes. The Register reports: According to IBM, there are billions of lines of COBOL code out there as potential candidates for modernization (a report last year estimated the total figure at 775-850 billion lines). For this reason, the generative AI features in watsonx Code Assistant for Z are intended to help developers to assess and determine the code most in need of modernization, allowing them to more speedily update large applications and focus on critical tasks.

IBM wants to provide tooling for each step of the modernization process, starting with its Application Discovery and Delivery Intelligence (ADDI) inventory and analysis tool. Other steps include refactoring business services in COBOL, transforming the code to Java code, and then validating the resulting outcome with the aid of automated testing. The resulting Java code emitted by watsonx Code Assistant for Z will be object-oriented, but will still interoperate with the rest of the COBOL application IBM claimed, as well as with key services such as CICS, IMS, DB2, and other z/OS runtimes.

theodp writes: On Tuesday, Microsoft announced the Public Preview of Python in Excel, which "runs securely on the Microsoft Cloud".

From the Home Office in Redmond: "Python is one of the most popular programming languages today, loved by businesses and students alike and Excel is an essential tool to organize, manipulate and analyze all kinds of data. But, until now, there hasn't been an easy way to make those two worlds work together. Today, we are excited to introduce the Public Preview of Python in Excel -- making it possible to integrate Python and Excel analytics within the same Excel grid for uninterrupted workflow. Python in Excel combines Python's powerful data analysis and visualization libraries with Excel's features you know and love. You can manipulate and explore data in Excel using Python plots and libraries, and then use Excel's formulas, charts and PivotTables to further refine your insights...We're partnering with Anaconda, a leading enterprise grade Python repository used by tens of millions of data practitioners worldwide. Python in Excel leverages Anaconda Distribution for Python running in Azure, which includes the most popular Python libraries such as pandas for data manipulation, statsmodels for advanced statistical modeling, and Matplotlib and seaborn for data visualization....While in Preview, Python in Excel will be included with your Microsoft 365 subscription. After the Preview, some functionality will be restricted without a paid license."

Python creator Guido van Rossum, now a Microsoft Distinguished Engineer, helped define the architecture for Python in Excel and had this to say: "I'm excited that this excellent, tight integration of Python and Excel is now seeing the light of day. I expect that both communities will find interesting new uses in this collaboration, amplifying each partner's abilities. When I joined Microsoft three years ago, I would not have dreamed this would be possible. The Excel team excels!"

Slashdot reader Dave Knott writes: John Warnock, co-founder and ex-CEO of Adobe, has died at the age of 82. Under his tenure, Adobe created Postscript, Acrobat, Photoshop, and many other technologies and software products that have become industry standards in publishing, graphic design, video editing, photography and more. A cause of death has not been released; he is survived by his wife, graphic designer Marva Warnock, and his three children
Slashdot covered the death of Adobe co-founder Charles 'Chuck' Geschke in 2021: The company started in co-founder John Warnock's garage in 1982, and was named after the Adobe Creek which ran behind Warnock's home, offering pioneering capabilities in "What you see is what you get" (or WYSIWYG) desktop publishing... [Gizmodo writes] after earning a doctorate from Carnegie Mellon University, Geschke met Warnock while working at the Xerox Palo Alto Research Center, according to the Mercury News.
"In the Spring of 1991 Dr. John Warnock wrote a paper he dubbed 'Camelot' in which the Adobe Systems Co-founder and CEO laid out the foundation for what has become Acrobat/PDF," remembers this 2002 Slashdot post.

And last year Silicon Valley's Computer History Museum publicly released "for the first time, the source code for the breakthrough printing technology, PostScript. We thank Adobe, Inc. for their permission and support, and John Warnock for championing this release.... From the start of Adobe Systems Incorporated (now Adobe, Inc.) exactly forty years ago in December 1982, the firm's cofounders envisioned a new kind of printing press â" one that was fundamentally digital, using the latest advances in computing. Initial discussions by cofounders Chuck Geschke and John Warnock with computer-makers such as Digital Equipment Corporation and Apple convinced them that software was the key to the new digital printing press. Their vision: Any computer could connect with printers and typesetters via a common language to print words and images at the highest fidelity. Led by Warnock, Adobe assembled a team of skillful and creative programmers to create this new language. In addition to the two cofounders, the team included Doug Brotz, Bill Paxton, and Ed Taft. The language they created was in fact a complete programming language, named PostScript, and was released by Adobe in 1984.

By treating everything to be printed the same, in a common mathematical description, PostScript granted abilities offered nowhere else. Text and images could be scaled, rotated, and moved at will, as in the opening image to this essay. Adobe licensed PostScript to computer-makers and printer manufacturers, and the business jumped into a period of hypergrowth....

Today, most printers rely on PostScript technology either directly or through a technology that grew out of it: PDF (Portable Document Format). John Warnock championed the development of PDF in the 1990s, transforming PostScript into a technology that was safer and easier to use as the basis for digital documents, but retaining all the benefits of interoperability, fidelity, and quality.

Professors now fear that ignoring or discouraging the use of AI "will be a disservice to students and leave many behind when entering the workforce," reports CNN: According to a study conducted by higher education research group Intelligent.com, about 30% of college students used ChatGPT for schoolwork this past academic year and it was used most in English classes. Jules White, an associate professor of computer science at Vanderbilt University, believes professors should be explicit in the first few days of school about the course's stance on using AI and that it should be included it in the syllabus. "It cannot be ignored," he said. "I think it's incredibly important for students, faculty and alumni to become experts in AI because it will be so transformative across every industry in demand so we provide the right training."

Vanderbilt is among the early leaders taking a strong stance in support of generative AI by offering university-wide training and workshops to faculty and students. A three-week 18-hour online course taught by White this summer was taken by over 90,000 students, and his paper on "prompt engineering" best practices is routinely cited among academics. "The biggest challenge is with how you frame the instructions, or 'prompts,'" he said. "It has a profound impact on the quality of the response and asking the same thing in various ways can get dramatically different results. We want to make sure our community knows how to effectively leverage this." Prompt engineering jobs, which typically require basic programming experience, can pay up to $300,000.

Although White said concerns around cheating still exist, he believes students who want to plagiarize can still seek out other methods such as Wikipedia or Google searches. Instead, students should be taught that "if they use it in other ways, they will be far more successful...." Some schools are hiring outside experts to teach both faculty and students about how to use AI tools.

Long-time Slashdot reader theodp writes: Measuring, tracking, and benchmarking developer productivity has long been considered a black box. It doesn't have to be that way." So begins global management consulting firm McKinsey in Yes, You Can Measure Software Developer Productivity... "Compared with other critical business functions such as sales or customer operations, software development is perennially undermeasured. The long-held belief by many in tech is that it's not possible to do it correctly—and that, in any case, only trained engineers are knowledgeable enough to assess the performance of their peers.

"Yet that status quo is no longer sustainable."

"All C-suite leaders who are not engineers or who have been in management for a long time will need a primer on the software development process and how it is evolving," McKinsey advises companies starting on a developer productivity initiative. "Assess your systems. Because developer productivity has not typically been measured at the level needed to identify improvement opportunities, most companies' tech stacks will require potentially extensive reconfiguration. For example, to measure test coverage (the extent to which areas of code have been adequately tested), a development team needs to equip their codebase with a tool that can track code executed during a test run."

Before getting your hopes up too high over McKinsey's 2023 developer productivity silver bullet suggestions, consider that Googling to "find a tool that can track code executed during a test run" will lead you back to COBOL test coverage tools from the 80's that offered this kind of capability and 40+ year-old papers that offered similar advice (1, 2, 3). A cynic might also suggest considering McKinsey's track record, which has had some notable misses.

"Serde, a popular Rust (de)serialization project, has decided to ship its serde_derive macro as a precompiled binary," reports Bleeping Computer.

"The move has generated a fair amount of push back among developers who worry about its future legal and technical implications, along with a potential for supply chain attacks, should the maintainer account publishing these binaries be compromised." According to the Rust package registry, crates.io, serde has been downloaded over 196 million times over its lifetime, whereas the serde_derive macro has scored more than 171 million downloads, attesting to the project's widespread circulation... The Serde ecosystem consists of data structures that know how to serialize and deserialize themselves along with data formats that know how to serialize and deserialize other things," states the project's website. Whereas, "derive" is one of its macros...

Some Rust developers request that precompiled binaries be kept optional and separate from the original "serde_derive" crate, while others have likened the move to the controversial code change to the Moq .NET project that sparked backlash. "Please consider moving the precompiled serde_derive version to a different crate and default serde_derive to building from source so that users that want the benefit of precompiled binary can opt-in to use it," requested one user. "Or vice-versa. Or any other solution that allows building from source without having to patch serde_derive... Having a binary shipped as part of the crate, while I understand the build time speed benefits, is for security reasons not a viable solution for some library users."

Users pointed out how the change could impact entities that are "legally not allowed to redistribute pre-compiled binaries, by their own licenses," specifically mentioning government-regulated environments.
The official response from Serde's maintainer: "The precompiled implementation is the only supported way to use the macros that are published in serde_derive. If there is implementation work needed in some build tools to accommodate it, someone should feel free to do that work (as I have done for Buck and Bazel, which are tools I use and contribute significantly to) or publish your own fork of the source code under a different name.

"Separately, regarding the commentary above about security, the best path forward would be for one of the people who cares about this to invest in a Cargo or crates.io RFC around first-class precompiled macros so that there is an approach that would suit your preferences; serde_derive would adopt that when available."

Researchers at Georgia Tech have developed a prototype pipeline for the Defense Advanced Research Projects Agency (DARPA) that can "distill" binary executables into human-intelligible code so that it can be updated and deployed in "weeks, days, or hours, in some cases." The work is part of a five-year, $10 million project with the agency. The Register reports: After running an executable through the university's "distillation" process, software engineers should be able to examine the generated HAR, figure out what the code does, and make changes to add new features, patch bugs, or improve security, and turn the HAR back into executable code, says GT associate professor and project participant Brendan Saltaformaggio. This would be useful for, say, updating complex software that was written by a contractor or internal team, the source code is no longer or never was to hand and neither are its creators, and stuff needs to be fixed up. Reverse engineering the binary and patching in an update by hand can be a little hairy, hence DARPA's desire for something a bit more solid and automatic. The idea is to use this pipeline to freshen up legacy or outdated software that may have taken years and millions of dollars to develop some time ago.

Saltaformaggio told El Reg his team has the entire process working from start to finish, and with some level of stability, too. "DARPA sets challenges they like to use to test the capabilities of a project," he told us over the phone. "So far we've handled every challenge problem DARPA's thrown at us, so I'd say it's working pretty well." Saltaformaggio said his team's pipeline disassembles binaries into a graph structure with pseudo-code, and presented in a way that developers can navigate, and replace or add parts in C and C++. Sorry, Java devs and Pythonistas: Saltaformaggio tells us that there's no reason the system couldn't work with other programming languages, "but we're focused on C and C++. Other folks would need to build out support for that." Along with being able to deconstruct, edit, and reconstruct binaries, the team said its processing pipeline is also able to comb through HARs and remove extraneous routines. The team has also, we're told, baked in verification steps to ensure changes made to code within hardware ranging from jets and drones to plain-old desktop computers work exactly as expected with no side effects.

An anonymous reader quotes a report from TorrentFreak: In the summer of 2021, DISH Network and Sling filed a copyright lawsuit against four unlicensed sports streaming sites, among them the popular SportsBay.org. After the plaintiffs named two alleged operators of the sites, this week a court in Texas held the pair liable for almost 2.5 million violations of the DMCA's anti-circumvention provisions and almost half a billion dollars in damages. [...] The complaint alleged that the unknown defendants circumvented (and provided technologies and services that circumvented) security measures employed by Sling and thereby provided "DISH's television programming" to users of their websites. The plaintiffs requested a permanent injunction, control of the defendants' domains, and damages of up to $2,500 for each violation of the DMCA's anti-circumvention provisions.

According to DISH's first amended complaint filed in January 2022, information obtained from the third-party service providers enabled the company to identify two men responsible for operating the SportsBay sites. Juan Barcan, an individual residing in Buenos Aires, Argentina, used his PayPal account to make payments to Namecheap and GitHub. Juan Nahuel Pereyra, also of Buenos Aires, used his PayPal account to make payments to Namecheap. On January 20, 2022, DISH sent a request to the Argentine Central Authority to serve Barcan and Pereyra under the Hague Convention. On October 31, 2022, the Central Authority informed DISH that Pereyra was served in Buenos Aires on September 14, 2022. Barcan was not served so after obtaining permission from the court, DISH served Barcan via a Gmail address used to make payments to Namecheap for the Sportsbay.org, Live-nba.stream, and Freefeds.com domain names. When the defendants failed to appear, DISH sought default judgment. [...]

In his order (PDF) handed down yesterday, District Judge Charles Eskridge entered a default judgment against Juan Barcan and Juan Nahuel Pereyra for violations of the DMCA's anti-circumvention provisions. The defendants and anyone acting in concert with them are permanently enjoined from circumventing any technological protection measure that controls access to Sling or DISH programming, including through the use of websites or any similar internet streaming service. Then comes the award for damages. "Plaintiffs are awarded $493,850,000 in statutory damages against Defendants, jointly and severally, for Defendants' 2,469,250 violations of section 1201(a)(2) of the DMCA," the order reads.

"Stack Overflow is adding artificial intelligence to its offerings," reports ZDNet (which notes traffic to the Q&A site has dropped 5% in the last year).

So in a video, Stack Overflow's CEO Prashanth Chandrasekar says that search and question-asking "will evolve to provide you with instant summarized solutions with citations to sources, aggregated by generative AI — plus the option to ask follow-up questions in a chat-like format."

The New Stack provides some context: As computer scientist Santiago Valdarrama remarked in a tweet, "I don't remember the last time I visited Stack Overflow. Why would I when tools like Copilot and ChatGPT answer my questions faster without making me feel bad for asking?" It's a problem Stack Overflow CEO Prashanth Chandrasekar acknowledges because, well, he encountered it too.

"When I first started using Stack Overflow, I remember my first experience was quite harsh, because I basically asked a fairly simple question, but the standard on the website is pretty high," Chandrasekar told The New Stack. "When ChatGPT came out, it was a lot easier for people to go and ask ChatGPT without anybody watching...."

But what may be of more interest to developers is that Stack Overflow is now offering an IDE (integrated development environment) extension for Visual Studio Code that will be powered by OverflowAI. This means that coders will be able to ask a conversational interface a question and find solutions from within the IDE.

Stack Overflow also is launching a GenAI Stack Exchange, where the community can post and share knowledge on prompt engineering, getting the most out of AI and similar topics.
And they're integrating it into other workflows as well. "Of course, AI isn't replacing humans any time soon," CEO Chandrasekar says in the video. "But it can help you draft a question to pose to our community..."

Signups for the OverflowAI preview are available now. "With your help, we'll be putting AI to work," CEO Chandrasekar says in the video.

An anonymous reader shared this report from the Register: ChatGPT, OpenAI's fabulating chatbot, produces wrong answers to software programming questions more than half the time, according to a [pre-print] study from Purdue University. That said, the bot was convincing enough to fool a third of participants.

The Purdue team analyzed ChatGPT's answers to 517 Stack Overflow questions to assess the correctness, consistency, comprehensiveness, and conciseness of ChatGPT's answers. The U.S. academics also conducted linguistic and sentiment analysis of the answers, and questioned a dozen volunteer participants on the results generated by the model. "Our analysis shows that 52 percent of ChatGPT answers are incorrect and 77 percent are verbose," the team's paper concluded. "Nonetheless, ChatGPT answers are still preferred 39.34 percent of the time due to their comprehensiveness and well-articulated language style." Among the set of preferred ChatGPT answers, 77 percent were wrong...

"During our study, we observed that only when the error in the ChatGPT answer is obvious, users can identify the error," their paper stated. "However, when the error is not readily verifiable or requires external IDE or documentation, users often fail to identify the incorrectness or underestimate the degree of error in the answer." Even when the answer has a glaring error, the paper stated, two out of the 12 participants still marked the response preferred. The paper attributes this to ChatGPT's pleasant, authoritative style.

"From semi-structured interviews, it is apparent that polite language, articulated and text-book style answers, comprehensiveness, and affiliation in answers make completely wrong answers seem correct," the paper explained.

Shoddy guidebooks, promoted with deceptive reviews, have flooded Amazon in recent months. Their authors claim to be renowned travel writers.

But do they even exist?

The New York Times: The books are the result of a swirling mix of modern tools: A.I. apps that can produce text and fake portraits; websites with a seemingly endless array of stock photos and graphics; self-publishing platforms -- like Amazon's Kindle Direct Publishing -- with few guardrails against the use of A.I.; and the ability to solicit, purchase and post phony online reviews, which runs counter to Amazon's policies and may soon face increased regulation from the Federal Trade Commission. The use of these tools in tandem has allowed the books to rise near the top of Amazon search results and sometimes garner Amazon endorsements such as "#1 Travel Guide on Alaska." A recent Amazon search for the phrase "Paris Travel Guide 2023," for example, yielded dozens of guides with that exact title. One, whose author is listed as Stuart Hartley, boasts, ungrammatically, that it is "Everything you Need to Know Before Plan a Trip to Paris."

The book itself has no further information about the author or publisher. It also has no photographs or maps, though many of its competitors have art and photography easily traceable to stock-photo sites. More than 10 other guidebooks attributed to Stuart Hartley have appeared on Amazon in recent months that rely on the same cookie-cutter design and use similar promotional language. The Times also found similar books on a much broader range of topics, including cooking, programming, gardening, business, crafts, medicine, religion and mathematics, as well as self-help books and novels, among many other categories. Amazon declined to answer a series of detailed questions about the books.

An anonymous reader quotes a report from TechCrunch: Google today announced the launch of Project IDX, its foray into offering an AI-enabled browser-based development environment for building full-stack web and multiplatform apps. It currently supports frameworks like Angular, Flutter, Next.js, React, Svelte and Vue, and languages like JavaScript and Dart, with support for Python, Go and others in the works. Google did not build a new IDE (integrated development environment) when it created IDX. Instead, it is using Visual Studio Code -- Open Source as the basis of its project. This surely allowed the team to focus on the integration with Codey, Google's PaLM 2-based foundation model for programming tasks. Thanks to Codey, IDX supports smart code completion, a ChatGPT/Bard-like chatbot that can help developers with general coding questions as well as those related specifically to the code you are working on (including the ability to explain it) and the ability to add contextual code actions like "add comments."

"We spend a lot of time writing code, and recent advances in AI have created big opportunities to make that time more productive," the IDX team explains in today's announcement. "With Project IDX, we're exploring how Google's innovations in AI -- including the Codey and PaLM 2 models powering Studio Bot in Android Studio, Duet in Google Cloud and more -- can help you not only write code faster, but also write higher-quality code." As a cloud-based IDE, it's no surprise that Project IDX integrates with Google's own Firebase Hosting (and Google Cloud Functions) and allows developers to bring in existing code from the GitHub repository. Every workspace has access to a Linux-based VM (virtual machine) and, soon, embedded Android and iOS simulators right in the browser.

Canonical engineering manager Ben Hoyt believes that a variable's name is more important than its type, so "the name should be more prominent and come first in declarations." In many popular programming languages, including C, C++, Java, and C#, when you define a field or variable, you write the type before the name. For example (in C++):

// Struct definition
struct person {
std::string name;
std::string email;
int age;
};

In other languages, including Go, Rust, TypeScript, and Python (with type hints), you write the name before the type. For example (in Go):

// Struct definition
type Person struct {
Name string
Email string
Age int
}

There's a nice answer in the Go FAQ about why Go chose this order: "Why are declarations backwards?". It starts with "they're only backwards if you're used to C", which is a good point — name-before-type has a long history in languages like Pascal. In fact, Go's type declaration syntax (and packages) were directly inspired by Pascal.

The FAQ goes on to point out that parsing is simpler with name-before-type, and declaring multiple variables is less error-prone than in C. In C, the following declares x to be a pointer, but (surprisingly at first!) y to be a normal integer:

int* x, y;

Whereas the equivalent in Go does what you'd expect, declaring both to be pointers:

var x, y *int

The Go blog even has an in-depth article by Rob Pike on Go's Declaration Syntax, which describes more of the advantages of Go's syntax over C's, particularly with arrays and function pointers.

Oddly, the article only hints at what I think is the more important reason to prefer name-before-type for everyday programming: it's clearer.
Hoyt argues a variable's name has more meaning (semantically) — pointing out dynamically-typed languages like Python and Ruby don't even need types, and that languages like Java, Go, C++ and C# now include type inference.

"I think the takeaway is this: we can't change the past, but if you're creating a new language, please put names before types!"

Long-time Slashdot reader theodp writes: The necessity of multiple drafts may be an idea that's drilled into children's minds by teachers and parents, but in 2023 there's still a need to remind software engineers to Throw Away Your First Draft of Your Code. "The next time you start on a major project," advises Nicole Tietz-Sokolskaya, "I want you to write code for a couple of days and then delete it all. Just throw it away. I'm serious. And you should probably have some of your best engineers doing this throwaway work. It's going to save you time in the long run."

While Tietz-Sokolskaya's advice echoes that of Ernest Hemingway ("the first draft of anything is shit"), do developers tend to scrap or ship their first drafts in the real world?

An anonymous reader quotes a report from Wired: Travel rewards programslike those offered by airlines and hotels tout the specific perks of joining their club over others. Under the hood, though, the digital infrastructure for many of these programs -- including Delta SkyMiles, United MileagePlus, Hilton Honors, and Marriott Bonvoy -- is built on the same platform. The backend comes from the loyalty commerce company Points and its suite of services, including an expansive application programming interface (API).But new findings, published today by a group of security researchers, show that vulnerabilities in the Points.com API could have been exploited to expose customer data, steal customers' "loyalty currency" (like miles), or even compromise Points global administration accounts to gain control of entire loyalty programs. The researchers -- Ian Carroll, Shubham Shah, and Sam Curry -- reported a series of vulnerabilities to Points between March and May, and all the bugs have since been fixed.

"The surprise for me was related to the fact that there is a central entity for loyalty and points systems, which almost every big brand in the world uses," Shah says. "From this point, it was clear to me that finding flaws in this system would have a cascading effect to every company utilizing their loyalty backend. I believe that once other hackers realized that targeting Points meant that they could potentially have unlimited points on loyalty systems, they would have also been successful in targeting Points.com eventually." One bug involved a manipulation that allowed the researchers to traverse from one part of the Points API infrastructure to another internal portion and then query it for reward program customer orders. The system included 22 million order records, which contain data like customer rewards account numbers, addresses, phone numbers, email addresses, and partial credit card numbers. Points.com had limits in place on how many responses the system could return at a time, meaning an attacker couldn't simply dump the whole data trove at once. But the researchers note that it would have been possible to look up specific individuals of interest or slowly siphon data from the system over time.

Another bug the researchers found was an API configuration issue that could have allowed an attacker to generate an account authorization token for any user with just their last name and rewards number. These two pieces of data could potentially be found through past breaches or could be taken by exploiting the first vulnerability. With this token, attackers could take over customer accounts and transfer miles or other rewards points to themselves, draining the victim's accounts. The researchers found two vulnerabilities similar to the other pair of bugs, one of which only impacted Virgin Red while the other affected just United MileagePlus. Points.com fixed both of these vulnerabilities as well. Most significantly, the researchers found a vulnerability in the Points.com global administration website in which an encrypted cookie assigned to each user had been encrypted with an easily guessable secret -- the word "secret" itself. By guessing this, the researchers could decrypt their cookie, reassign themselves global administrator privileges for the site, reencrypt the cookie, and essentially assume god-mode-like capabilities to access any Points reward system and even grant accounts unlimited miles or other benefits.

A proposed state tax in Massachusetts on streaming video services could increase prices for popular platforms like Netflix and Hulu, as the 5 percent fee would support approximately 200 community access cable channels struggling due to declining cable subscriptions. The Boston Globe reports: In July, the Joint Committee on Advanced Information Technology held hearings on legislation filed by Democratic State Representative Joan Meschino and Republican Representative Mathew J. Muratore, both of Plymouth. Their bill would require streaming video companies to pay a 5 percent fee on the gross revenues generated in the state. The estimated $65 million a year raised by the fee would support roughly 200 community access channels, the most in any state. The community channels are run by nonprofit organizations or town governments, and funded by cable TV companies, which are assessed a fee by local governments for the right to run their cables through city property. The cable companies pass the cost on to subscribers.

But subscriptions are plummeting as US consumers abandon pay TV for streaming services. Cable and satellite subscribers now number about 70 million, down more than 25 percent from 95.5 million a decade ago, according to Leichtman Research Group, a New Hampshire research and analysis company specializing in media, entertainment, and broadband industries. "The next three to five years it's really going to dry up even more so," said Muratore. Meschino said citizens can't afford to lose access to community media channels, because so many local newspapers have shut down. "There's literally no other way to consume that sort of hyperlocal programming," Meschino said.

About a dozen US states levy sales taxes on consumers' streaming video bills. But Meschino said that sales tax money goes into each state's general fund. Instead, she wants the streaming fee to be dedicated entirely to support for community media services, just like the fee paid by traditional cable TV companies. Some or all of the fees would likely be passed on to consumers. Gauthier estimates that a typical household's costs could rise about $2.40 a month, spread among several streaming networks. "Maybe it'll be 75 cents for your Amazon," he said. "Maybe it'll be 80 cents for your Disney."

Michael Larabel, reporting at Phoronix: Alpine Linux remains one of the most popular lightweight Linux distributions built atop musl libc and Busybox. Alpine Linux has found significant use within containers and the embedded space while now sadly the most prolific maintainer of packages for the Linux distribution has decided to step down from her roles. Alice "psykose" who is easily responsible for the highest number of commits per author over the past year has decided to step down from maintaining her packages.

These Alpine aports stats put her at 13,894 commits over the past year. In comparison, the second most prolific packager saw just 2,053 commits... Or put another way, psykose has 6.7x the number of commits as the next packager. The 13.8k commits is also about half of the 26.8k commits seen in total over the past year. Over the weekend I was alerted to the fact that psykose/nekopsykose has begun dropping maintainership of packages she maintained. All of her recent alpinelinux/aports commits two days ago were removing packages she oversaw.