An anonymous reader quotes a report from Ars Technica: An unknown hacker gained administrative control of Sourcegraph, an AI-driven service used by developers at Uber, Reddit, Dropbox, and other companies, and used it to provide free access to resources that normally would have required payment. In the process, the hacker(s) may have accessed personal information belonging to Sourcegraph users, Diego Comas, Sourcegraph's head of security, said in a post on Wednesday. For paid users, the information exposed included license keys and the names and email addresses of license key holders. For non-paying users, it was limited to email addresses associated with their accounts. Private code, emails, passwords, usernames, or other personal information were inaccessible.

The hacker gained administrative access by obtaining an authentication key a Sourcegraph developer accidentally included in a code published to a public Sourcegraph instance hosted on Sourcegraph.com. After creating a normal user Sourcegraph account, the hacker used the token to elevate the account privileges to those of an administrator. The access token appeared in a pull request posted on July 14, the user account was created on August 28, and the elevation to admin occurred on August 30. "The malicious user, or someone connected to them, created a proxy app allowing users to directly call Sourcegraph's APIs and leverage the underlying LLM [large language model]," Comas wrote. "Users were instructed to create free Sourcegraph.com accounts, generate access tokens, and then request the malicious user to greatly increase their rate limit. On August 30 (2023-08-30 13:25:54 UTC), the Sourcegraph security team identified the malicious site-admin user, revoked their access, and kicked off an internal investigation for both mitigation and next steps."

The resource free-for-all generated a spike in calls to Sourcegraph programming interfaces, which are normally rate-limited for free accounts. "The promise of free access to Sourcegraph API prompted many to create accounts and start using the proxy app," Comas wrote. "The app and instructions on how to use it quickly made its way across the web, generating close to 2 million views. As more users discovered the proxy app, they created free Sourcegraph.com accounts, adding their access tokens, and accessing Sourcegraph APIs illegitimately." [...] While most data was available for all paid and community users, the number of license keys exposed was limited to 20.

An anonymous reader quotes a report from TechCrunch: Companies increasingly see the value in mining their data for deeper insights. According to a NewVantage survey, 97.6% of major worldwide organizations are focusing investments into big data and AI. But challenges stand in the way of executing big data analytics. One recent poll found that 65% of organizations feel they have "too much" data to analyze. Google's proposed solution is BigQuery Studio, a new service within BigQuery, its fully managed serverless data warehouse, that provides a single experience to edit programming languages including SQL, Python and Spark to run analytics and machine learning workloads at "petabyte scale." BigQuery Studio is available in preview as of this week.

"BigQuery Studio is a new experience that really puts people who are working on data on the one side and people working on AI on the other side in a common environment," Gerrit Kazmaier, VP and GM of data and analytics at Google, told TechCrunch in a phone interview. "It basically provides access to all of the services that those people need to work -- there's an element of simplification on the user experience side." BigQuery Studio is designed to enable users to discover, explore, analyze and predict data. Users can start in a programming notebook to validate and prep data, then open that notebook in other services, including Vertex AI, Google's managed machine learning platform, to continue their work with more specialized AI infrastructure and tooling.

With BigQuery Studio, teams can directly access data wherever they're working, Kazmaier says. And they have added controls for "enterprise-level" governance, regulation and compliance. "[BigQuery Studio shows] how data is being generated to how it's being processed and how it's being used in AI models, which sounds technical, but it's really important," he added. "You can push down code for machine learning models directly into BigQuery as infrastructure, and that means that you can evaluate it at scale."

According to CNBC, Google is planning to license new sets of mapping data to companies building solar products, and is hoping to generate up to $100 million in its first year. From the report: The company plans to sell access to new APIs (application programming interfaces) with solar and energy information and air quality, according to materials viewed by CNBC. Among the new offerings will be a Solar API, which could be used by solar installers like SunRun and Tesla Energy and solar design companies like Aurora Solar, according to a list of example customers viewed by CNBC. Google also sees customer opportunities with real estate companies like Zillow, Redfin, hospitality companies like Marriott Bonvoy, and utilities like PG&E.

Some of the data from the Solar API will come from a consumer-focused pilot called Project Sunroof, a solar savings calculator that originally launched in 2015. The program allows users to enter their address and to receive estimated solar costs such as electric bill savings and the size of the solar installation they'll need. It also offers 3D modeling of the roofs of buildings and nearby trees based on Google Maps data. Google plans to sell API access to individual building data, as well as aggregated data for all buildings in a particular city or county, one document states. The company says it has data for over 350 million buildings, according to documents, up significantly from the 60 million buildings it cited for Project Sunroof in 2017.

One internal document estimates the company's solar APIs will generate revenue between $90 and $100 million in the first year after launch. There's also a potential to connect with Google Cloud products down the line, documents state. As part of the planned launch, the company is also planning to announce an Air Quality API that will let customers request air quality data, such as pollutants and health-based recommendations for specific locations. It'll also include digital heat maps of the data and hourly air quality information, as well as air quality history of up to 30 days.

This month the official Rust blog announced: For the 6th year in a row, the Rust Project conducted a survey on the Rust programming language, with participation from project maintainers, contributors, and those generally interested in the future of Rust. This edition of the annual State of Rust Survey opened for submissions on December 5 and ran until December 22, 2022... [W]e had 9,433 total survey completions and an increased survey completion rate of 82% vs. 76% in 2021...

- More people are using Rust than ever before! Over 90% of survey respondents identified as Rust users, and of those using Rust, 47% do so on a daily basis — an increase of 4% from the previous year.

- 30% of Rust user respondents can write simple programs in Rust, 27% can write production-ready code, and 42% consider themselves productive using Rust. Of the former Rust users who completed the survey, 30% cited difficulty as the primary reason for giving up while nearly 47% cited factors outside of their control.

- The growing maturation of Rust can be seen through the increased number of different organizations utilizing the language in 2022. In fact, 29.7% of respondents stated that they use Rust for the majority of their coding work at their workplace, which is a 51.8% increase compared to the previous year.

- There are numerous reasons why we are seeing increased use of Rust in professional environments. Top reasons cited for the use of Rust include the perceived ability to write "bug-free software" (86%), Rust's performance characteristics (84%), and Rust's security and safety guarantees (69%). We were also pleased to find that 76% of respondents continue to use Rust simply because they found it fun and enjoyable. (Respondents could select more than one option here, so the numbers don't add up to 100%.)

- Of those respondents that used Rust at work, 72% reported that it helped their team achieve its goals (a 4% increase from the previous year) and 75% have plans to continue using it on their teams in the future.

- But like any language being applied in the workplace, Rust's learning curve is an important consideration; 39% of respondents using Rust in a professional capacity reported the process as "challenging" and 9% of respondents said that adopting Rust at work has "slowed down their team". However, 60% of productive users felt Rust was worth the cost of adoption overall...

- Of those respondents who shared their main worries for the future of Rust, 26% have concerns that the developers and maintainers behind Rust are not properly supported — a decrease of more than 30% from the previous year's findings. One area of focus in the future may be to see how the Project in conjunction with the Rust Foundation can continue to push that number towards 0%.

- While 38% have concerns about Rust "becoming too complex", only a small number of respondents were concerned about documentation, corporate oversight, or speed of evolution. 34% of respondents are not worried about the future of Rust at all.

This year's survey reflects a 21% decrease in fears about Rust's usage in the industry since the last survey.

The creators of four programming languages will appear together onstage for a historic conversation on September 19th.

- Adele Goldberg — Smalltalk
- Guido Van Rossum — Python
- Anders Hejlsberg — Turbo Pascal, C#, TypeScript
- James Gosling — Java

The announcement describes it as "a conversation about programming language design." The charity event brings together this unique group of computer science pioneers, unlike any event held before. These great minds come together for what will surely be a fantastic night of discussion as the panel delves into the past and future of programming language creation.
It's a fundraiser for two groups. NumFOCUS is a nonprofit charity sponsoring nearly all the major tools in the Python data science stack (including jupyter, numpy, pandas, and matplotlib), and it's also the group behind PyData conferences on open source data tools. And the Last Mile Education Fund offers financial support for low-income underrepresented students. It's being billed as the "inaugural charity event" of PyData Seattle.

This happened once before in 2019, when Puget Sound Programming Python arranged a four-way discussion with Python creator Guido van Rossum, Java creator James Gosling, Perl creator Larry Wall, and Anders Hejlsberg (Turbo Pascal, C#, TypeScript). They held a 90-minute discussion about "language design, the universe, and everything" as a benefit for CSforALL (a group promoting computer science classes at every grade level). During that discussion Gosling shared how Java "started out as kind of 'Do a better C', and it got out of control. The rest of the project really ended up just providing the context." And Anders Hejlsberg told the audience that TypeScript was inspired by massive "write-only" JavaScript code bases.

In their discussion on variable typing and its use in IDEs, Gosling mocked what he called the "real men use vi" mentality, leading to a lively back and forth. Perl's Larry Wall later acknowledged the importance of types and the careful consideration that went into implementing them for Perl 6, but also shared his unique perspective as a long-time designer of programming languages. "I think IDEs make language developers lazy."

At the end of the event, they all agreed that the most rewarding part of language design was the people — the excitement, the gratitude, and to see that community helping others in its community.

"Amazon launches cloud service to help non-coders build apps," read the 2020 headline at CNBC — both mobile and web applications.

But long-time Slashdot reader theodp has the rest of the story: Customers have told us that the need for custom applications far outstrips the capacity of developers to create them," Amazon Web Services explained as it jumped on the low-code and no-code bandwagon in 2020...

But just three years later, Amazon posted a "Dear Valued Customer" letter announcing it's pulling the plug on Honeycode at the end of February: "To our valued customers: Thank you for participating in the Amazon Honeycode beta program... After careful consideration, we have made the decision to end the beta service, effective February 29, 2024. Starting today, we are no longer accepting new customer sign-ups to the Honeycode beta. However, as an existing customer, you will be able to use Honeycode and your Honeycode apps as normal (and add team members to your existing account) until February 29, 2024, when the service will be discontinued. After this date, you will no longer be able to use Honeycode or any of the apps you created in Honeycode."

Amazon advises the "valued customers" it's leaving stranded to use Honeycode's "Export Data" option ("a handy way to get your info organized into a CSV file(s)", although "formulas will not export"). They also warn that "We will retain your data until April 29, 2024. If you do not take any action, your data will be deleted on April 30, 2024."

Amazon adds that the spirit of Honeycode (RIP, 2020-2024) will live on in its other products: "We are incorporating lessons from the Amazon Honeycode beta into current services, and remain committed to supporting no/low code services including Amazon SageMaker Canvas (2021-?), AWS Amplify Studio (2021-?), and AWS AppFabric (2023-?).

Long-time Slashdot reader theodp writes: During the U.S. presidential campaign of 1928, a circular published by the Republican Party claimed that if Herbert Hoover won there would be "a chicken in every pot". Times change. When talk turned to education at Wednesday night's 2024 Republican U.S. Presidential Candidate Debate, candidate Asa Hutchinson promised there will be 'CS in every school' if he wins (YouTube).

"Look at Arkansas," the former Arkansas Governor explained. "We have to compete with China. I built computer science education. We led the nation in Computer Science education, going from 1,100 students to 23,000 students taking it. This is how you compete with China. As President of the United States, I will make sure we go from 51% of our schools offering computer science to every school in rural areas and urban areas offering computer science for the benefit of our kids and we can compete with China in terms of technology."

In his last year in office, Hutchinson served as Chair of the National Governors Association (NGA) and rallied the nation's Governors around tech CEOs' demands for more K-12 CS education to culminate his year-long CS evangelism initiative, which the NGA noted enjoyed the support of Amazon, Google, and Microsoft. Hutchinson's pitch to the Governors included a video challenging them with a question. "Will it be American students who learn to code," Hutchinson asked, "or will industry be required to go overseas to find the talent that we need here in the United States of America?"
Later in the debate former New Jersey governor Chris Christie said entrepreneur/candidate Vivek Ramaswamy "sounds like ChatGPT."

72-year-old Bjarne Stroustrup invented C++ (first released in 1985). 38 years later, he gave a short interview for Honeypot.io (which calls itself "Europe's largest tech-focused job platform") offering his own advice for life: Don't overspecialize. Don't be too sure that you know the future. Be flexible, and remember that careers and jobs are a long-term thing. Too many young people think they can optimize something, and then they find they've spent a couple of years or more specializing in something that may not have been the right thing. And in the process they burn out, because they haven't spent enough time building up friendships and having a life outside computing.

I meet a lot of sort of — I don't know what you call them, "junior geeks"? — that just think that the only thing that matters is the speciality of computing — programming or AI or graphics or something like that. And — well, it isn't... And if they do nothing else, well — if you don't communicate your ideas, you can just as well do Sudoku... You have to communicate. And a lot of sort of caricature nerds forget that. They think that if they can just write the best code, they'll change the world. But you have to be able to listen. You have to be able to communicate with your would-be users and learn from them. And you have to be able to communicate your ideas to them.

So you can't just do code. You have to do something about culture and how to express ideas. I mean, I never regretted the time I spent on history and on math. Math sharpens your mind, history gives you some idea of your limitations and what's going on in the world. And so don't be too sure. Take time to have a balanced life.

And be ready for the opportunity. I mean, a broad-based education, a broad-based skill set — which is what you build up when you educate, you're basically building a portfolio of skills — means that you can take advantage of an opportunity when it comes along. You can recognize it sometimes. We have lots of opportunities. But a lot of them, we either can't take advantage of, or we don't notice. It was my fairly broad education — I've done standard computer science, I've done compilers, I've done multiple languages... I think I knew two dozen at the time. And I have done machine architecture, I've done operating systems. And that skill set turned out to be useful.
At the beginning of the video, Stroustrup jokes that it's hard to give advice — and that it's at least as difficult as it is to take advice.

Earlier this year, Bjarne also told the same site the story of how he became a programmer by mistake — misreading a word when choosing what to study afer his high school exams. Stroustrup had thought he was signing up for an applied mathematics course, which instead turned to be a class in computer science...

Meta, intent on making a splash in a generative AI space rife with competition, is on something of an open source tear. From a report: Following the release of AI models for generating text, translating languages and creating audio, the company today open sourced Code Llama, a machine learning system that can generate and explain code in natural language -- specifically English. Akin to GitHub Copilot and Amazon CodeWhisperer, as well as open source AI-powered code generators like StarCoder, StableCode and PolyCoder, Code Llama can complete code and debug existing code across a range of programming languages, including Python, C++, Java, PHP, Typescript, C# and Bash.

"At Meta, we believe that AI models, but large language models for coding in particular, benefit most from an open approach, both in terms of innovation and safety," Meta wrote in a blog post shared with TechCrunch. "Publicly available, code-specific models can facilitate the development of new technologies that improve peoples' lives. By releasing code models like Code Llama, the entire community can evaluate their capabilities, identify issues and fix vulnerabilities." Code Llama, which is available in several flavors, including a version optimized for Python and a version fine-tuned to understand instructions (e.g. "Write me a function that outputs the fibonacci sequence"), is based on the Llama 2 text-generating model that Meta open sourced earlier this month. While Llama 2 could generate code, it wasn't necessarily good code -- certainly not up to the quality a purpose-built model like Copilot could produce.

IBM is introducing the watsonx Code Assistant for Z, a tool that uses generative AI to translate COBOL code to Java. This tool is set to be available in Q4 2023 and aims to speed up the translation of COBOL to Java on IBM's Z mainframes. The Register reports: According to IBM, there are billions of lines of COBOL code out there as potential candidates for modernization (a report last year estimated the total figure at 775-850 billion lines). For this reason, the generative AI features in watsonx Code Assistant for Z are intended to help developers to assess and determine the code most in need of modernization, allowing them to more speedily update large applications and focus on critical tasks.

IBM wants to provide tooling for each step of the modernization process, starting with its Application Discovery and Delivery Intelligence (ADDI) inventory and analysis tool. Other steps include refactoring business services in COBOL, transforming the code to Java code, and then validating the resulting outcome with the aid of automated testing. The resulting Java code emitted by watsonx Code Assistant for Z will be object-oriented, but will still interoperate with the rest of the COBOL application IBM claimed, as well as with key services such as CICS, IMS, DB2, and other z/OS runtimes.

theodp writes: On Tuesday, Microsoft announced the Public Preview of Python in Excel, which "runs securely on the Microsoft Cloud".

From the Home Office in Redmond: "Python is one of the most popular programming languages today, loved by businesses and students alike and Excel is an essential tool to organize, manipulate and analyze all kinds of data. But, until now, there hasn't been an easy way to make those two worlds work together. Today, we are excited to introduce the Public Preview of Python in Excel -- making it possible to integrate Python and Excel analytics within the same Excel grid for uninterrupted workflow. Python in Excel combines Python's powerful data analysis and visualization libraries with Excel's features you know and love. You can manipulate and explore data in Excel using Python plots and libraries, and then use Excel's formulas, charts and PivotTables to further refine your insights...We're partnering with Anaconda, a leading enterprise grade Python repository used by tens of millions of data practitioners worldwide. Python in Excel leverages Anaconda Distribution for Python running in Azure, which includes the most popular Python libraries such as pandas for data manipulation, statsmodels for advanced statistical modeling, and Matplotlib and seaborn for data visualization....While in Preview, Python in Excel will be included with your Microsoft 365 subscription. After the Preview, some functionality will be restricted without a paid license."

Python creator Guido van Rossum, now a Microsoft Distinguished Engineer, helped define the architecture for Python in Excel and had this to say: "I'm excited that this excellent, tight integration of Python and Excel is now seeing the light of day. I expect that both communities will find interesting new uses in this collaboration, amplifying each partner's abilities. When I joined Microsoft three years ago, I would not have dreamed this would be possible. The Excel team excels!"

Slashdot reader Dave Knott writes: John Warnock, co-founder and ex-CEO of Adobe, has died at the age of 82. Under his tenure, Adobe created Postscript, Acrobat, Photoshop, and many other technologies and software products that have become industry standards in publishing, graphic design, video editing, photography and more. A cause of death has not been released; he is survived by his wife, graphic designer Marva Warnock, and his three children
Slashdot covered the death of Adobe co-founder Charles 'Chuck' Geschke in 2021: The company started in co-founder John Warnock's garage in 1982, and was named after the Adobe Creek which ran behind Warnock's home, offering pioneering capabilities in "What you see is what you get" (or WYSIWYG) desktop publishing... [Gizmodo writes] after earning a doctorate from Carnegie Mellon University, Geschke met Warnock while working at the Xerox Palo Alto Research Center, according to the Mercury News.
"In the Spring of 1991 Dr. John Warnock wrote a paper he dubbed 'Camelot' in which the Adobe Systems Co-founder and CEO laid out the foundation for what has become Acrobat/PDF," remembers this 2002 Slashdot post.

And last year Silicon Valley's Computer History Museum publicly released "for the first time, the source code for the breakthrough printing technology, PostScript. We thank Adobe, Inc. for their permission and support, and John Warnock for championing this release.... From the start of Adobe Systems Incorporated (now Adobe, Inc.) exactly forty years ago in December 1982, the firm's cofounders envisioned a new kind of printing press â" one that was fundamentally digital, using the latest advances in computing. Initial discussions by cofounders Chuck Geschke and John Warnock with computer-makers such as Digital Equipment Corporation and Apple convinced them that software was the key to the new digital printing press. Their vision: Any computer could connect with printers and typesetters via a common language to print words and images at the highest fidelity. Led by Warnock, Adobe assembled a team of skillful and creative programmers to create this new language. In addition to the two cofounders, the team included Doug Brotz, Bill Paxton, and Ed Taft. The language they created was in fact a complete programming language, named PostScript, and was released by Adobe in 1984.

By treating everything to be printed the same, in a common mathematical description, PostScript granted abilities offered nowhere else. Text and images could be scaled, rotated, and moved at will, as in the opening image to this essay. Adobe licensed PostScript to computer-makers and printer manufacturers, and the business jumped into a period of hypergrowth....

Today, most printers rely on PostScript technology either directly or through a technology that grew out of it: PDF (Portable Document Format). John Warnock championed the development of PDF in the 1990s, transforming PostScript into a technology that was safer and easier to use as the basis for digital documents, but retaining all the benefits of interoperability, fidelity, and quality.

Professors now fear that ignoring or discouraging the use of AI "will be a disservice to students and leave many behind when entering the workforce," reports CNN: According to a study conducted by higher education research group Intelligent.com, about 30% of college students used ChatGPT for schoolwork this past academic year and it was used most in English classes. Jules White, an associate professor of computer science at Vanderbilt University, believes professors should be explicit in the first few days of school about the course's stance on using AI and that it should be included it in the syllabus. "It cannot be ignored," he said. "I think it's incredibly important for students, faculty and alumni to become experts in AI because it will be so transformative across every industry in demand so we provide the right training."

Vanderbilt is among the early leaders taking a strong stance in support of generative AI by offering university-wide training and workshops to faculty and students. A three-week 18-hour online course taught by White this summer was taken by over 90,000 students, and his paper on "prompt engineering" best practices is routinely cited among academics. "The biggest challenge is with how you frame the instructions, or 'prompts,'" he said. "It has a profound impact on the quality of the response and asking the same thing in various ways can get dramatically different results. We want to make sure our community knows how to effectively leverage this." Prompt engineering jobs, which typically require basic programming experience, can pay up to $300,000.

Although White said concerns around cheating still exist, he believes students who want to plagiarize can still seek out other methods such as Wikipedia or Google searches. Instead, students should be taught that "if they use it in other ways, they will be far more successful...." Some schools are hiring outside experts to teach both faculty and students about how to use AI tools.

Long-time Slashdot reader theodp writes: Measuring, tracking, and benchmarking developer productivity has long been considered a black box. It doesn't have to be that way." So begins global management consulting firm McKinsey in Yes, You Can Measure Software Developer Productivity... "Compared with other critical business functions such as sales or customer operations, software development is perennially undermeasured. The long-held belief by many in tech is that it's not possible to do it correctly—and that, in any case, only trained engineers are knowledgeable enough to assess the performance of their peers.

"Yet that status quo is no longer sustainable."

"All C-suite leaders who are not engineers or who have been in management for a long time will need a primer on the software development process and how it is evolving," McKinsey advises companies starting on a developer productivity initiative. "Assess your systems. Because developer productivity has not typically been measured at the level needed to identify improvement opportunities, most companies' tech stacks will require potentially extensive reconfiguration. For example, to measure test coverage (the extent to which areas of code have been adequately tested), a development team needs to equip their codebase with a tool that can track code executed during a test run."

Before getting your hopes up too high over McKinsey's 2023 developer productivity silver bullet suggestions, consider that Googling to "find a tool that can track code executed during a test run" will lead you back to COBOL test coverage tools from the 80's that offered this kind of capability and 40+ year-old papers that offered similar advice (1, 2, 3). A cynic might also suggest considering McKinsey's track record, which has had some notable misses.

"Serde, a popular Rust (de)serialization project, has decided to ship its serde_derive macro as a precompiled binary," reports Bleeping Computer.

"The move has generated a fair amount of push back among developers who worry about its future legal and technical implications, along with a potential for supply chain attacks, should the maintainer account publishing these binaries be compromised." According to the Rust package registry, crates.io, serde has been downloaded over 196 million times over its lifetime, whereas the serde_derive macro has scored more than 171 million downloads, attesting to the project's widespread circulation... The Serde ecosystem consists of data structures that know how to serialize and deserialize themselves along with data formats that know how to serialize and deserialize other things," states the project's website. Whereas, "derive" is one of its macros...

Some Rust developers request that precompiled binaries be kept optional and separate from the original "serde_derive" crate, while others have likened the move to the controversial code change to the Moq .NET project that sparked backlash. "Please consider moving the precompiled serde_derive version to a different crate and default serde_derive to building from source so that users that want the benefit of precompiled binary can opt-in to use it," requested one user. "Or vice-versa. Or any other solution that allows building from source without having to patch serde_derive... Having a binary shipped as part of the crate, while I understand the build time speed benefits, is for security reasons not a viable solution for some library users."

Users pointed out how the change could impact entities that are "legally not allowed to redistribute pre-compiled binaries, by their own licenses," specifically mentioning government-regulated environments.
The official response from Serde's maintainer: "The precompiled implementation is the only supported way to use the macros that are published in serde_derive. If there is implementation work needed in some build tools to accommodate it, someone should feel free to do that work (as I have done for Buck and Bazel, which are tools I use and contribute significantly to) or publish your own fork of the source code under a different name.

"Separately, regarding the commentary above about security, the best path forward would be for one of the people who cares about this to invest in a Cargo or crates.io RFC around first-class precompiled macros so that there is an approach that would suit your preferences; serde_derive would adopt that when available."

Researchers at Georgia Tech have developed a prototype pipeline for the Defense Advanced Research Projects Agency (DARPA) that can "distill" binary executables into human-intelligible code so that it can be updated and deployed in "weeks, days, or hours, in some cases." The work is part of a five-year, $10 million project with the agency. The Register reports: After running an executable through the university's "distillation" process, software engineers should be able to examine the generated HAR, figure out what the code does, and make changes to add new features, patch bugs, or improve security, and turn the HAR back into executable code, says GT associate professor and project participant Brendan Saltaformaggio. This would be useful for, say, updating complex software that was written by a contractor or internal team, the source code is no longer or never was to hand and neither are its creators, and stuff needs to be fixed up. Reverse engineering the binary and patching in an update by hand can be a little hairy, hence DARPA's desire for something a bit more solid and automatic. The idea is to use this pipeline to freshen up legacy or outdated software that may have taken years and millions of dollars to develop some time ago.

Saltaformaggio told El Reg his team has the entire process working from start to finish, and with some level of stability, too. "DARPA sets challenges they like to use to test the capabilities of a project," he told us over the phone. "So far we've handled every challenge problem DARPA's thrown at us, so I'd say it's working pretty well." Saltaformaggio said his team's pipeline disassembles binaries into a graph structure with pseudo-code, and presented in a way that developers can navigate, and replace or add parts in C and C++. Sorry, Java devs and Pythonistas: Saltaformaggio tells us that there's no reason the system couldn't work with other programming languages, "but we're focused on C and C++. Other folks would need to build out support for that." Along with being able to deconstruct, edit, and reconstruct binaries, the team said its processing pipeline is also able to comb through HARs and remove extraneous routines. The team has also, we're told, baked in verification steps to ensure changes made to code within hardware ranging from jets and drones to plain-old desktop computers work exactly as expected with no side effects.

An anonymous reader quotes a report from TorrentFreak: In the summer of 2021, DISH Network and Sling filed a copyright lawsuit against four unlicensed sports streaming sites, among them the popular SportsBay.org. After the plaintiffs named two alleged operators of the sites, this week a court in Texas held the pair liable for almost 2.5 million violations of the DMCA's anti-circumvention provisions and almost half a billion dollars in damages. [...] The complaint alleged that the unknown defendants circumvented (and provided technologies and services that circumvented) security measures employed by Sling and thereby provided "DISH's television programming" to users of their websites. The plaintiffs requested a permanent injunction, control of the defendants' domains, and damages of up to $2,500 for each violation of the DMCA's anti-circumvention provisions.

According to DISH's first amended complaint filed in January 2022, information obtained from the third-party service providers enabled the company to identify two men responsible for operating the SportsBay sites. Juan Barcan, an individual residing in Buenos Aires, Argentina, used his PayPal account to make payments to Namecheap and GitHub. Juan Nahuel Pereyra, also of Buenos Aires, used his PayPal account to make payments to Namecheap. On January 20, 2022, DISH sent a request to the Argentine Central Authority to serve Barcan and Pereyra under the Hague Convention. On October 31, 2022, the Central Authority informed DISH that Pereyra was served in Buenos Aires on September 14, 2022. Barcan was not served so after obtaining permission from the court, DISH served Barcan via a Gmail address used to make payments to Namecheap for the Sportsbay.org, Live-nba.stream, and Freefeds.com domain names. When the defendants failed to appear, DISH sought default judgment. [...]

In his order (PDF) handed down yesterday, District Judge Charles Eskridge entered a default judgment against Juan Barcan and Juan Nahuel Pereyra for violations of the DMCA's anti-circumvention provisions. The defendants and anyone acting in concert with them are permanently enjoined from circumventing any technological protection measure that controls access to Sling or DISH programming, including through the use of websites or any similar internet streaming service. Then comes the award for damages. "Plaintiffs are awarded $493,850,000 in statutory damages against Defendants, jointly and severally, for Defendants' 2,469,250 violations of section 1201(a)(2) of the DMCA," the order reads.

"Stack Overflow is adding artificial intelligence to its offerings," reports ZDNet (which notes traffic to the Q&A site has dropped 5% in the last year).

So in a video, Stack Overflow's CEO Prashanth Chandrasekar says that search and question-asking "will evolve to provide you with instant summarized solutions with citations to sources, aggregated by generative AI — plus the option to ask follow-up questions in a chat-like format."

The New Stack provides some context: As computer scientist Santiago Valdarrama remarked in a tweet, "I don't remember the last time I visited Stack Overflow. Why would I when tools like Copilot and ChatGPT answer my questions faster without making me feel bad for asking?" It's a problem Stack Overflow CEO Prashanth Chandrasekar acknowledges because, well, he encountered it too.

"When I first started using Stack Overflow, I remember my first experience was quite harsh, because I basically asked a fairly simple question, but the standard on the website is pretty high," Chandrasekar told The New Stack. "When ChatGPT came out, it was a lot easier for people to go and ask ChatGPT without anybody watching...."

But what may be of more interest to developers is that Stack Overflow is now offering an IDE (integrated development environment) extension for Visual Studio Code that will be powered by OverflowAI. This means that coders will be able to ask a conversational interface a question and find solutions from within the IDE.

Stack Overflow also is launching a GenAI Stack Exchange, where the community can post and share knowledge on prompt engineering, getting the most out of AI and similar topics.
And they're integrating it into other workflows as well. "Of course, AI isn't replacing humans any time soon," CEO Chandrasekar says in the video. "But it can help you draft a question to pose to our community..."

Signups for the OverflowAI preview are available now. "With your help, we'll be putting AI to work," CEO Chandrasekar says in the video.

An anonymous reader shared this report from the Register: ChatGPT, OpenAI's fabulating chatbot, produces wrong answers to software programming questions more than half the time, according to a [pre-print] study from Purdue University. That said, the bot was convincing enough to fool a third of participants.

The Purdue team analyzed ChatGPT's answers to 517 Stack Overflow questions to assess the correctness, consistency, comprehensiveness, and conciseness of ChatGPT's answers. The U.S. academics also conducted linguistic and sentiment analysis of the answers, and questioned a dozen volunteer participants on the results generated by the model. "Our analysis shows that 52 percent of ChatGPT answers are incorrect and 77 percent are verbose," the team's paper concluded. "Nonetheless, ChatGPT answers are still preferred 39.34 percent of the time due to their comprehensiveness and well-articulated language style." Among the set of preferred ChatGPT answers, 77 percent were wrong...

"During our study, we observed that only when the error in the ChatGPT answer is obvious, users can identify the error," their paper stated. "However, when the error is not readily verifiable or requires external IDE or documentation, users often fail to identify the incorrectness or underestimate the degree of error in the answer." Even when the answer has a glaring error, the paper stated, two out of the 12 participants still marked the response preferred. The paper attributes this to ChatGPT's pleasant, authoritative style.

"From semi-structured interviews, it is apparent that polite language, articulated and text-book style answers, comprehensiveness, and affiliation in answers make completely wrong answers seem correct," the paper explained.

Shoddy guidebooks, promoted with deceptive reviews, have flooded Amazon in recent months. Their authors claim to be renowned travel writers.

But do they even exist?

The New York Times: The books are the result of a swirling mix of modern tools: A.I. apps that can produce text and fake portraits; websites with a seemingly endless array of stock photos and graphics; self-publishing platforms -- like Amazon's Kindle Direct Publishing -- with few guardrails against the use of A.I.; and the ability to solicit, purchase and post phony online reviews, which runs counter to Amazon's policies and may soon face increased regulation from the Federal Trade Commission. The use of these tools in tandem has allowed the books to rise near the top of Amazon search results and sometimes garner Amazon endorsements such as "#1 Travel Guide on Alaska." A recent Amazon search for the phrase "Paris Travel Guide 2023," for example, yielded dozens of guides with that exact title. One, whose author is listed as Stuart Hartley, boasts, ungrammatically, that it is "Everything you Need to Know Before Plan a Trip to Paris."

The book itself has no further information about the author or publisher. It also has no photographs or maps, though many of its competitors have art and photography easily traceable to stock-photo sites. More than 10 other guidebooks attributed to Stuart Hartley have appeared on Amazon in recent months that rely on the same cookie-cutter design and use similar promotional language. The Times also found similar books on a much broader range of topics, including cooking, programming, gardening, business, crafts, medicine, religion and mathematics, as well as self-help books and novels, among many other categories. Amazon declined to answer a series of detailed questions about the books.