General Development Archive
The corporate branding, the new “AI-powered developer platform” slogan, makes it clear that what I think of as “GitHub”—the traditional website, what are to me the core features—simply isn’t Microsoft’s priority at this point in time. I know many talented people at GitHub who care, but the company’s priorities just don’t seem to value what I value about the service. This isn’t an anti-AI statement so much as a recognition that the tool I still need to use every day is past its prime. Copilot isn’t navigating the website for me, replacing my need to the website as it exists today. I’ve had tools hit this phase of decline and turn it around, but I’m not optimistic. It’s still plenty usable now, and probably will be for some years to come, but I’ll want to know what other options I have now rather than when things get worse than this. ↫ Misty De Meo Apparently, GitHub is in the middle of a long, drawn-out process where it’s rewriting its frontend using React. De Meo was trying to use a particular feature of GitHub – the blame view, which also works through the command line but is apparently much harder to parse there – and realised the browser search feature just couldn’t find the line of code they absolutely knew for sure was there. After scrolling for a while, the browser search feature suddenly found the line of code. I’d heard rumblings that GitHub’s in the middle of shipping a frontend rewrite in React, and I realized this must be it. The problem wasn’t that the line I wanted wasn’t on the page—it’s that the whole document wasn’t being rendered at once, so my browser’s builtin search bar just couldn’t find it. On a hunch, I tried disabling JavaScript entirely in the browser, and suddenly it started working again. GitHub is able to send a fully server-side rendered version of the page, which actually works like it should, but doesn’t do so unless JavaScript is completely unavailable. ↫ Misty De Meo Seem like a classic case of people being told to develop something in too little time, with the wrong tools, while management is breathing down their necks and pulling engineers away to work on buzzwords like “AI”.
Starlark is a small programming language, designed as a simple dialect of Python and intended primarily for embedded use in applications. Some people might say it’s a bit like Lua with Python syntax, but I think there are many interesting bits to discuss. The language is now open-source and used in many other applications and companies. As I led the design and implementation of Starlark, I’d like to write a bit more about it. ↫ Laurent Le Brun I’m sure there’s a few among you will like this.
AntennaPod has been around for a long time – the first bit of code was published in 2011. Since then, the app has grown massively and had several main developers. The beauty of open-source is that so many people can contribute and make a great app together. But sometimes having many people work on a project can lead to different ways of thinking about how to structure the project. Because of this, AntennaPod gradually grew to have a number of weird code constructs. Our latest release, version 3.4, fixes this. ↫ ByteHamster The AntennaPod team had an incredible task ahead of itself, and while it took them a few years, they pulled it off. The code structure graphs from before and after the code restructuring illustrate better than words ever could what they achieved. Thy changed 10000 lines of source code in 62 pull requests for this restructuring alone, while still adding new major features in the meantime. Pretty incredible.
Yuxuan Shui, the developer behind the X11 compositor picom (a fork of Compton) published a blog post detailing their experiences with using GitHub Copilot for a year. I had free access to GitHub Copilot for about a year, I used it, got used to it, and slowly started to take it for granted, until one day it was taken away. I had to re-adapt to a life without Copilot, but it also gave me a chance to look back at how I used Copilot, and reflect – had Copilot actually been helpful to me? Copilot definitely feels a little bit magical when it works. It’s like it plucked code straight from my brain and put it on the screen for me to accept. Without it, I find myself getting grumpy a lot more often when I need to write boilerplate code – “Ugh, Copilot would have done it for me!”, and now I have to type it all out myself. That being said, the answer to my question above is a very definite “no, I am more productive without it”. Let me explain. ↫ Yuxuan Shui The two main reasons why Shui eventually realised Copilot was slowing them down were its unpredictability, and its slowness. It’s very difficult to understand when, exactly, Copilot will get things right, which is not a great thing to have to deal with when you’re writing code. They also found Copilot incredibly slow, with its suggestions often taking 2-3 seconds or longer to appear – much slower than the suggestions from the clangd language server they use. Of course, everybody’s situation will be different, and I have a suspicion that if you’re writing code in incredibly popular languages, say, Python or JavaScript, you’re going to get more accurate and possibly faster suggestions from Copilot. As Shui notes, it probably also doesn’t help that they’re writing an independent X11 compositor, something very few people are doing, meaning Copilot hasn’t been trained on it, which in turn means the tool probably has no clue what’s going on when Shui is writing their code. As an aside, my opinion on GitHub Copilot is clear – it’s quite possibly the largest case of copyright infringement in human history, and in its current incarnation it should not be allowed to continue to operate. As I wrote over a year ago: If Microsoft or whoever else wants to train a coding “AI” or whatever, they should either be using code they own the copyright to, get explicit permission from the rightsholders for “AI” training use (difficult for code from larger projects), or properly comply with the terms of the licenses and automatically add the terms and copyright notices during autocomplete and/or properly apply copyleft to the newly generated code. Anything else is a massive copyright violation and a direct assault on open source. Let me put it this way – the code to various versions of Windows has leaked numerous times. What if we train an “AI” on that leaked code and let everyone use it? Do you honestly think Microsoft would not sue you into the stone age? ↫ Thom Holwerda It’s curious that as far as I know, Copilot has not been trained on Microsoft’s own closed-source code, say, to Windows or Office, while at the same time the company claims Copilot is not copyright infringement or a massive open source license violation machine. If what Copilot does is truly fair use, as Microsoft claims, why won’t Microsoft use its own closed-source code for training? We all know the answer. Deeply questionable legality aside, do any of you use Copilot? Has it had any material impact on your programming work? Is its use allowed by your employer, or do you only use it for personal projects at home?
Jolie crystallises the programming concepts of service-oriented computing as linguistic constructs. The basic building blocks of software are not objects or functions, but rather services that can be relocated and replicated as needed. A composition of services is a service. ↫ Jolie website Jolie is open source and available on GitHub.
GCC 14.1 has been released, and it should come as no surprise that the new features are not exactly something I, someone who doesn’t program, can properly parse. So, here’s the three items GCC itself thought were important to list first. The C frontend when targeting standards newer than C89 now considers many non-standard constructs as errors that were previously only warnings. See https://gcc.gnu.org/gcc-14/porting_to.html#warnings-as-errors for more details. C23 _BitInt Bit-precise integer types are now supported, for now only on IA-32, x86-64 and AArch64. The C++ frontend now implements several C++26 features, some missing C++23 bits and defect report resolutions. Diagnostics involving C++ templates now quote source from the instantiation context. The libstdc++exp.a library now includes all symbols for the Filesystem TS and the experimental symbols for the C++23 std::stacktrace class, so -lstdc++exp can be used instead of -lstdc++fs. The libstdc++_libbacktrace.a library is not longer installed. Improved experimental support for C++20, C++23, and C++26. Updated parallel algorithms that are compatible with oneTBB. ↫ GCC 14.1 release announcement GCC 14.1 is available for download, of course, but most of us will get it once it hits our distribution’s package repositories.
We’re all aware of Stack Overflow – it’s a place where programmers and regular users can ask technical questions, and get answers from anyone who thinks they know the answer. Stack Overflow has become so ubiquitous among programmers and developers, the concept of “I just copied the code off Stack Overflow” has become a consistent meme to indicate you don’t fully grasp how something works, but at least it works. If you’ve ever contributed answers to Stack Overflow, you might want to consider deleting them, altering them, or perhaps even go as far as request a GDPR removal if you’re in the European Union, because Stack Overflow has just announced a close partnership with “AI” company OpenAI (or, more accurately, “Open” “AI”). Stripped of marketing speak, the gist is exactly as you’d expect: OpenAI will absorb the questions and answers on Stack Overflow into its models, whether their respective authors like it or not. As much as you may want to try and delete your answers if you’re not interesting in having your work generate profit for OpenAI, deleting popular questions and answers is not possible on Stack Overflow. The other option is altering your answers to render them useless, but it seems Stack Overflow is not going to allow you to do this, either. Ben Humphreys tried to alter his highest-rated answers, and Stack Overflow just reverted them back, and proceeded to ban him from the platform. Stack Overflow does not let you delete questions that have accepted answers and many upvotes because it would remove knowledge from the community. So instead I changed my highest-rated answers to a protest message. Within an hour mods had changed the questions back and suspended my account for 7 days. ↫ Ben Humphreys Now that they’ve made what is most likely an incredibly lucrative deal with OpenAI that’s going to net Stack Overflow’s owners boatloads of money, they obviously can’t let users delete or alter their answers to lower the monetary value of Stack Overflow’s content. Measures to prevent deletion or alteration are probably one of the clauses in the agreement between Stack Overflow and OpenAI. So there’s likely not much you can do to not have your answers sucked into OpenAI, but you should at least be aware it’s happening in case of future answers you might want to contribute.
Sixty years ago, on May 1, 1964, at 4 am in the morning, a quiet revolution in computing began at Dartmouth College. That’s when mathematicians John G. Kemeny and Thomas E. Kurtz successfully ran the first program written in their newly developed BASIC (Beginner’s All-Purpose Symbolic Instruction Code) programming language on the college’s General Electric GE-225 mainframe. Little did they know that their creation would go on to democratize computing and inspire generations of programmers over the next six decades. ↫ Benj Edwards at Ars Technica Even I have used BASIC in the past, when I was a child and discovered QBasic (or possibly GW-BASIC, I’m a bit hazy on the details) and started messing around with it. My experiences with BASIC didn’t lead to a path of ever more complex programming languages, but for huge numbers of people, it did – it’s wild just how many people over a certain age got their programming start with BASIC in the 8 bit home computer era. I mean, 30 GOTO 10 is such a widespread morsel of knowledge it made its way into all kinds of popular media, such as a few Easter egg jokes in Futurama. BASIC has effectively achieved immortality.
Humans speak countless different languages. Not only are these languages incompatible, but runtime transpilation is a real pain. Sadly, every standardisation initiative has failed. At least there is someone to blame for this state-of-affairs: God. It was him, after-all, who cursed humanity to speak different languages, in an early dispute over a controversial property development. However, mankind can only blame itself for the fact that computers struggle to talk to each other. And one of the biggest problems is the most simple: computers do not agree on how to write letters in binary. ↫ Cal Paterson For most users, character encoding issues are not something they have to deal with. Programmers and other people who deal with the lower levels of computing, however, deal with this way more often than they should.
Over 35 years ago, these problems with software portability led to the emergence of the first POSIX standard in 1988. The acronym was coined by Richard Stallman, who added “X” to the end of Portable Operating System Interface. It’s meant to provide a specification of the interface that different Unix operating systems should have in common, including programming languages and tools. It’s important to note that the interface is portable, and not the implementation. ↫ vorakl While POSIX certainly isn’t perfect, and support for it in various operating systems claiming to support POSIX even less so, there’s no denying its success. Even if the dream of 100% source code portability isn’t possible under POSIX for applications that are a little more complex than basic CLI tools, there’s enough portability that platforms like Linux, the various BSDs, macOS, and others, can share quite a bit of code. One of my favourite things about POSIX is that it shows up in the most unexpected of places. Windows, for instance, has had various options for POSIX compatibility, some of which straight from Microsoft itself, like the currently well-known Windows Subsystem for Linux, but also mostly forgotten options like the Microsoft POSIX subsystem that shipped with Windows NT until Windows 2000, or the very rudimentary POSIX compatibility in the Windows C Runtime Library and Windows Sockets API. OS/2 had POSIX compatibility as well, through EMX (Eberhard Mattes eXtender). It gave OS/2 – and MS-DOS – a POSIX API, and even provided access to native OS/2 APIs as well, and could run 32bit applications. You’d be surprised by how many more operating systems offered forms of POSIX compatibility, either out of the box or through first or third party add-ons.
I made a graphical IRC client that runs in UEFI. It’s written in Rust and leverages the GUI toolkit and TrueType renderer that I wrote for axle’s userspace. I was able to develop it thanks to the vmnet network backend that I implemented for QEMU. I’ve published the code here. ↫ Phillip Tennen Words are not enough.
I work at Red Hat on GCC, the GNU Compiler Collection. For the last five releases of GCC, I’ve been working on -fanalyzer, a static analysis pass that tries to identify various problems at compile-time, rather than at runtime. It performs “symbolic execution” of C source code—effectively simulating the behavior of the code along the various possible paths of execution through it. This article summarizes what’s new with -fanalyzer in GCC 14, which I hope will be officially released sometime in April 2024. ↫ David Malcolm No matter how many more of you become a Patreon to keep OSNews alive, I’ll never be able to really add anything meaningful to articles like these.
Picotron is a Fantasy Workstation for making pixelart games, animations, music, demos and other curiosities. It has a toy operating system designed to be a cosy creative space, but runs on top of Windows, MacOS or Linux. Picotron apps can be made with built-in tools, and shared with other users in a special 256k png cartridge format. ↫ Picotron website Picotron is very similar to PICO-8, but more powerful and with a few additional features – it’s actually made by the same people as PICO-8. It also contains a small, ‘toy’ operating system to serve as a workspace, everything makes use of Lua, and any applications made with it can be shared using a special 256k PNG cartridge format. It’s currently in alpha, and cost $11.99, and uses the early Minecraft model of a one-time purchase for access to all future updates. The FAQ has tons more information. It looks incredibly neat. I don’t have much use for it, but I’m interested to see what people with actual skills will make with it.
I grew up primarily with the Commodore 64, where if you wanted to do anything really cool and useful, you had to do it in 6502 assembly language. Today I still write 6502 assembly, plus some Power ISA and even a little TMS9900. I like assembly languages and how in control of the CPU you feel writing in one. But you know what would make me not like an assembly language? One that was contrived and not actually the CPU it was running on. And you know what would make me like it even less? If it were kneecapped, convoluted and limited without even proper I/O facilities. ↫ Old Vintage Computing Research Everything you ever wanted to know about CAP-X and COMP-X. Which turns out to be a lot.
The proposed activity is to evaluate the usage of Rust programming language in space applications, by prototyping an RTOS targeting ARM Cortex-M7 SAMV71 microcontroller together with the required BSP (Board Support Package) and a Demonstration Application. Rust safety features and its growing usage make this programming language a viable option in the space sector. It is proposed to first develop a lightweight real time operating system providing a minimal set of capabilities required for development of flight application software. This system will provide an executor, tasklets mechanisms and BSP for SAMV71. The design of the system will be guided to support potential future qualification activities. Although the project is a study, ECSS software development practices will be used to facilitate potential application in ESA projects. The practical feedback from ECSS application in Rust projects will be reported. In the second part of the activity, a small demonstration application software will be developed, providing a minimal feature-set representative of a CubeSat class project – UART communication, mode management and sensor handling. This application will showcase the viability of the developed RTOS and provide input to a Lessons Learned report, describing the encountered issues, potential problem and improvement areas, usage recommendations and proposed way forward. ↫ The European Space Agency Rust, but in space. The code’s on GitHub.
AI code assistants have emerged as powerful tools that can aid in the software development life-cycle and can improve developer productivity. Unfortunately, such assistants have also been found to produce insecure code in lab environments, raising significant concerns about their usage in practice. In this paper, we conduct a user study to examine how users interact with AI code assistants to solve a variety of security related tasks. Overall, we find that participants who had access to an AI assistant wrote significantly less secure code than those without access to an assistant. Participants with access to an AI assistant were also more likely to believe they wrote secure code, suggesting that such tools may lead users to be overconfident about security flaws in their code. To better inform the design of future AI-based code assistants, we release our user-study apparatus and anonymized data to researchers seeking to build on our work at this link. ↫ Neil Perry, Megha Srivastava, Deepak Kumar, and Dan Boneh I’m surprised somewhat randomly copying other people’s code into your program – violating their licenses, to boot – leads to crappier code. Who knew!
Vcc – the Vulkan Clang Compiler, is a proof-of-concept C and C++ compiler for Vulkan leveraging Clang as a front-end, and Shady our own research IR and compiler. Unlike other shading languages, Vcc aims to stick closely to standard C/C++ languages and merely adds a few new intrinsics to cover GPU features. Vcc is similar to CUDA or Metal in this regard, and aims to bring the advantages of standard host languages to Vulkan shaders. ↫ The Vcc website Note that this project is a work in progress, and has several limitations the project’s open about.
Happy 2024, folks! Just when we thought we’d seen it all, an npm user named PatrickJS, aka gdi2290, threw us a curveball. He (along with a group of contributors) kicked off the year with a bang, launching a troll campaign that uploaded an npm package aptly named everything. This package, true to its name, depends on every other public npm package, creating millions of transitive dependencies. The everything package and its 3,000+ sub-packages have caused a Denial of Service (DOS) for anyone who installs it. We’re talking about storage space running out and system resource exhaustion. But that’s not all. The creator took their prank to the next level by setting up http://everything.npm.lol, showcasing the chaos they unleashed. They even included a meme from Skyrim, adding some humor (or mockery, depending on your perspective) to the situation. ↫ Feross Aboukhadijeh I know this is a bad thing, you shouldn’t do this, it harms a lot of people, etc., etc., but let’s be honest here – this is a hilarious prank that showcased a weakness in a rather playful way. Sure, there were real consequences, but it doesn’t seem like any of them caused any permanent damage, data loss, or compromised systems. What’s worse, it seems this isn’t even the first time stuff like this happened, so I find it baffling people can still do this. What are they doing over there?
I grew up learning to program in the late 1980s / early 1990s. Back then, I did not fully comprehend what I was doing and why the tools I used were impressive given the constraints of the hardware we had. Having gained more knowledge throughout the years, it is now really fun to pick up DOSBox to re-experience those programs and compare them with our current state of affairs. This time around, I want to look at the pure text-based IDEs that we had in that era before Windows eclipsed the PC industry. I want to do this because those IDEs had little to envy from the IDEs of today—yet it feels as if we went through a dark era where we lost most of those features for years and they are only resurfacing now. If anything, stay for a nostalgic ride back in time and a little rant on “bloat”. But, more importantly, read on to gain perspective on what existed before so that you can evaluate future feature launches more critically. ↫ Julio Merino Fast forward to today, and the most popular text editor among programmers is a website running in Chrome in a window. No wonder most popular applications are Electron trashfires now. Times sure have changed.
20 months since the initial release, Rust9x is back, whether you like it or not! I’ve spent the last couple of days migrating the changes from Rust 1.61-beta to Rust 1.76-beta, and filling some of the holes in API support on the way. ↫ Dennis Duda Yes, this is Rust ported to Windows 9x, and this new releases comes with a lot of the benefits in 1.76, but also adds backtrace support, thread parking support, and initial work on adding 64bit support for 64bit Windows XP and newer.
