Stack Overflow CEO Shares Plans for Certification Programs, Opinions on No-Code Programming

“We serve about 100 million monthly visitors worldwide,” says the CEO of Stack Overflow, “making us one of the most popular websites in the world. I think we are in the top 50 of all websites in the world by traffic.”

In a new interview, he says the site’s been accessed about 50 billion times over the past 14 years — and then shares his thoughts on the notion that programmers could be replaced by no-code, low-code, or AI-driven pair programming:

A: Over the years, there have many, many tools, trying to democratize software development. That’s a very positive thing. I actually love the fact that programming is becoming easier to do with these onramps. I was speaking at Salesforce recently, and they’ve got people in sales organizations writing workflows, and that’s low code. You’ve got all these folks who are not software engineers that are creating their own automations and applications.

However, there is this trade-off. If you’re making software easier to build, you’re sacrificing things like customizability and a deeper understanding of how this code actually works. Back in the day, you might remember Microsoft FrontPage [an early HTML web page editor] as an example of that. You were limited to certain basic things, but you could get web work done. So similarly, these tools will work for general use cases. But, if they do that, without learning the fundamental principles of code, they will inevitably have some sort of a limit. For example, having to fix something that broke, I think they’re going to be really dumbfounded.

Still, I think it’s important, and I’m a believer. It’s a great way to get people engaged, excited, and started. But you got to know what you’re building. Access to sites like Stack Overflow help, but with more people learning as they’re building, it’s essential to make learning resources accessible at every stage of their journey….

Q: Is Stack Overflow considering any kind of certification? Particularly, as you just mentioned, since it’s so easy now for people to step in and start programming. But then there’s that big step from “Yes, I got it to work,” but now “I have to maintain it for users using it in ways I never dreamed of.”

A: “It’s very much part of our vision for our company. We see Stack Overflow going from collective knowledge to collective learning. Having all the information is fine and dandy, but are you learning? Now, that we’re part of Prosus’s edtech division, we’re very much looking forward to offering educational opportunities. Just as today, we can get knowledge to developers at the right place and time, we think we can deliver learning at just the right place and time. We believe we can make a huge impact with education and by potentially getting into the certification game.

Q: Some of the open-source nonprofits are moving into education as well. The Linux Foundation, in particular, has been moving here with the LF Training and Certification programs. Are you exploring that?

A: This is very much part of our vision….

Stack Overflow’s CEO adds that the site’s hot topics now include blockchain, machine learning, but especially technical cloud questions, “rising probably about 50% year over year over the past 10 years…. Related to this is an increase in interest in containerization and cloud-native services.”

Read more of this story at Slashdot.

Wired Hails Rust as ‘the Viral Secure Programming Language That’s Taking Over Tech’

A new article from Wired calls Rust “the ‘viral’ secure programming language that’s taking over tech.”
“Rust makes it impossible to introduce some of the most common security vulnerabilities. And its adoption can’t come soon enough….”

[A] growing movement to write software in a language called Rust is gaining momentum because the code is goof-proof in an important way. By design, developers can’t accidentally create the most common types of exploitable security vulnerabilities when they’re coding in Rust, a distinction that could make a huge difference in the daily patch parade and ultimately the world’s baseline cybersecurity….

[B]ecause Rust produces more secure code [than C] and, crucially, doesn’t worsen performance to do it, the language has been steadily gaining adherents and now is at a turning point. Microsoft, Google, and Amazon Web Services have all been utilizing Rust since 2019, and the three companies formed the nonprofit Rust Foundation with Mozilla and Huawei in 2020 to sustain and grow the language. And after a couple of years of intensive work, the Linux kernel took its first steps last month to implement Rust support. “It’s going viral as a language,” says Dave Kleidermacher, vice president of engineering for Android security and privacy. “We’ve been investing in Rust on Android and across Google, and so many engineers are like, ‘How do I start doing this? This is great’….”

By writing new software in Rust instead, even amateur programmers can be confident that they haven’t introduced any memory-safety bugs into their code…. These types of vulnerabilities aren’t just esoteric software bugs. Research and auditing have repeatedly found that they make up the majority of all software vulnerabilities. So while you can still make mistakes and create security flaws while programming in Rust, the opportunity to eliminate memory-safety vulnerabilities is significant….

“Yes, it’s a lot of work, it will be a lot of work, but the tech industry has how many trillions of dollars, plus how many talented programmers? We have the resources,” says Josh Aas, executive director of the Internet Security Research Group, which runs the memory-safety initiative Prossimo as well as the free certificate authority Let’s Encrypt. “Problems that are merely a lot of work are great.”

Here’s how Dan Lorenc, CEO of the software supply-chain security company Chainguard, explains it to Wired. “Over the decades that people have been writing code in memory-unsafe languages, we’ve tried to improve and build better tooling and teach people how to not make these mistakes, but there are just limits to how much telling people to try harder can actually work.

“So you need a new technology that just makes that entire class of vulnerabilities impossible, and that’s what Rust is finally bringing to the table.”

Read more of this story at Slashdot.

NSA Urges Organizations To Shift To Memory Safe Programming Languages

In an press release published earlier today, the National Security Agency (NSA) says it will be making a strategic shift to memory safe programming languages. The agency is advising organizations explore such changes themselves by utilizing languages such as C#, Go, Java, Ruby, or Swift. From the report: The “Software Memory Safety” Cybersecurity Information Sheet (PDF) highlights how malicious cyber actors can exploit poor memory management issues to access sensitive information, promulgate unauthorized code execution, and cause other negative impacts. “Memory management issues have been exploited for decades and are still entirely too common today,” said Neal Ziring, Cybersecurity Technical Director. “We have to consistently use memory safe languages and other protections when developing software to eliminate these weaknesses from malicious cyber actors.”

Microsoft and Google have each stated that software memory safety issues are behind around 70 percent of their vulnerabilities. Poor memory management can lead to technical issues as well, such as incorrect program results, degradation of the program’s performance over time, and program crashes. NSA recommends that organizations use memory safe languages when possible and bolster protection through code-hardening defenses such as compiler options, tool options, and operating system configurations. The full report is available here (PDF).

Read more of this story at Slashdot.

How Mem Plans To Reinvent Note-Taking Apps With AI

David Pierce writes via The Verge: In the summer of 2019, Kevin Moody and Dennis Xu started meeting with investors to pitch their new app. They had this big idea about reshaping the way users’ personal information moves around the internet, coalescing all their data into a single tool in a way that could actually work for them. But they quickly ran into a problem: all of their mock-ups and descriptions made it seem like they were building a note-taking app. And even in those hazy early days of product development — before they had a prototype, a design, even a name — they were crystal clear that this would not be a note-taking app. Instead, the founders wanted to create something much bigger. It would encompass all of your notes but also your interests, your viewing history, your works-in-progress. “Imagine if you had a Google search bar but for all nonpublic information,” Xu says. “For every piece of information that was uniquely relevant to you.”

That’s what Moody and Xu were actually trying to build. So they kept tweaking the approach until it made sense. At one point, their app was going to be called NSFW, a half-joke that stood for “Notes and Search for Work,” and for a while, it was called Supernote. But after a few meetings and months, they eventually landed on the name “Mem.” Like Memex, a long-imagined device that humans could use to store their entire memory. Or like, well, memory. Either way, it’s not a note-taking app. It’s more like a protocol for private information, a way to pipe in everything that matters to you — your email, your calendar events, your airline confirmations, your meeting notes, that idea you had on the train this morning — and then automatically organize and make sense of it all. More importantly, it’s meant to use cutting-edge AI to give all that information back to you at exactly the right time and in exactly the right place. […]

So far, Mem is mostly a note-taking app. It’s blisteringly fast and deliberately sparse — mostly just a timeline of every mem (the company’s parlance for an individual note) you’ve ever created or viewed, with a few simple ways to categorize and organize them. It does tasks and tags, but a full-featured project manager or Second Brain system this is not. But if you look carefully, the app already contains a few signs of where Mem is headed: a tool called Writer that can actually generate information for you, based on both its knowledge of the public internet and your personal information; AI features that summarize tweet threads for you; a sidebar that automatically displays mems related to what you’re working on. All this still barely scratches the surface of what Mem wants to do and will need to do to be more than a note-taking app…

Read more of this story at Slashdot.

Kaspersky To Kill Its VPN Service In Russia Next Week

Kaspersky is stopping the operation and sales of its VPN product, Kaspersky Secure Connection, in the Russian Federation, with the free version to be suspended as early as November 15, 2022. BleepingComputer reports: As the Moscow-based company informed on its Russian blog earlier this week, the shutdown of the VPN service will be staged, so that impact on customers remains minimal. Purchases of the paid version of Kaspersky Secure Connection will remain available on both the official website and mobile app stores until December 2022. Customers with active subscriptions will continue to enjoy the product’s VPN service until the end of the paid period, which cannot go beyond the end of 2023 (one-year subscription).
Russian-based users of the free version of Kaspersky Secure Connection will not be able to continue using the product after November 15, 2022, so they will have to seek alternatives. BleepingComputer emailed Kaspersky questions regarding its decision to stop offering VPN products in Russia, but a spokesperson has declined to provide more information. Russia’s telecommunications watchdog, Roskomnadzor, announced VPN bans in June 2021 and then again in December 2021. “The reason for banning 15 VPNs in the country was because their vendors refused to connect their services to the FGIS database, which would apply government-imposed censorship in VPN connections, and would also make user traffic and identity subject to state scrutiny,” reports BleepingComputer.

“Ever-increasing controls are strangling VPN usage in Russia. On Tuesday, the Ministry of Digital Transformation requested all state-owned companies to declare what VPN products they use, for what purposes, and in what locations.”

Read more of this story at Slashdot.

Court Upholds Piracy Blocking Order Against Cloudflare’s 1.1.1.1 DNS Resolver

The Court of Rome has confirmed that Cloudflare must block three torrent sites through its public 1.1.1.1 DNS resolver. The order applies to kickasstorrents.to, limetorrents.pro, and ilcorsaronero.pro, three domains that are already blocked by ISPs in Italy following an order from local regulator AGCOM. TorrentFreak reports: Disappointed by the ruling, Cloudflare filed an appeal at the Court of Milan. The internet infrastructure company doesn’t object to blocking requests that target its customers’ websites but believes that interfering with its DNS resolver is problematic, as those measures are not easy to restrict geographically. “Because such a block would apply globally to all users of the resolver, regardless of where they are located, it would affect end users outside of the blocking government’s jurisdiction,” Cloudflare recently said. “We therefore evaluate any government requests or court orders to block content through a globally available public recursive resolver as requests or orders to block content globally.” At the court of appeal, Cloudflare argued that DNS blocking is an ineffective measure that can be easily bypassed, with a VPN for example. In addition, it contested that it is subject to the jurisdiction of an Italian court.

Cloudflare’s defenses failed to gain traction in court and its appeal was dismissed. DNS blocking may not be a perfect solution, but that doesn’t mean that Cloudflare can’t be compelled to intervene. […] Cloudflare believes that these types of orders set a dangerous precedent. The company previously said that it hadn’t actually blocked content through the 1.1.1.1 Public DNS Resolver. Instead, it implemented an “alternative remedy” to comply with the Italian court order.

Read more of this story at Slashdot.

FTX Contagion Is Spreading To the Solana Ecosystem

Solana’s SOL is down much further than any of the other major cryptocurrencies today, all of which are down badly following the sudden unraveling of the wildly fast growing crypto exchange FTX on Tuesday. Axios reports: Blockchain principles aim to instantiate the ideals of decentralization. That is, no single points of failure. Blockchain realities, though, show that each community tends to have its major leaders. For Solana, one of those was definitely FTX’s c0-founder, Sam Bankman-Fried (SBF). SBF has long been bullish on Solana, including working to build Serum, an order book style exchange that runs in a decentralized fashion. His firms are rumored to have owned a substantial amount of the total SOL supply.

FTX and Alameda Trading are in trouble. If they hold large amounts of SOL, they are very likely to exit those positions, which will tank SOL price. CoinDesk reported on Nov. 2 that Alameda had $292 million in SOL and $863 million in locked SOL (on the Solana blockchain, large holders can earn more by backing the blockchain’s validators by committing not to sell — or locking — for a certain period of time). “People are dumping already — self-fulfilling prophecy,” Economics Design’s Lisa Jy Tan told Axios over Twitter DM. Tomorrow, the entities verifying the Solana blockchain have already publicly indicated their intention to unlock about a billion dollars worth of SOL (at current prices), about 17% of its market cap. It’s reasonable to expect they might intend to sell.

Solana’s fall has put stress on one of its leading decentralized finance applications, Solend, a money market that works much like Ethereum’s Compound. Solend is gradually unwinding a single, almost $30 million USDC (stablecoin) loan, collateralized by SOL, which is falling fast while the protocol tries to sell. Much like SOL’s price, the total value locked (TVL) in various DeFi projects on Solana has fallen much further in the last day than on other smart contract blockchains, according to DefiLlama. Solana TVL is down 45% over the last day, to $470 million, as of Wednesday afternoon, New York time.

Read more of this story at Slashdot.

TSMC Reportedly Looks To Raise a Second Arizona Chip Fab

An anonymous reader quotes a report from The Register: Taiwan’s chipmaking giant TSMC is said to be preparing to build another semiconductor fabrication plant in Arizona, alongside the facility it completed this summer, in a move that may be seen as a vindication of the US government’s CHIPS Act funding. According to reports in the Wall Street Journal, TSMC is planning to announce in the near future that it will build a further factory for making cutting edge chips at a site just north of Phoenix, adjacent to the $12 billion Fab 21 plant the company decided to construct in 2020.

The new facility will be used to manufacture 3nm chips, according to the paper, which cites anonymous sources “familiar with the expansion plans.” The scale of this project is expected to be comparable to the existing plant. Reports last year suggested that TSMC was already considering constructing up to five additional semiconductor factories in Arizona, on top of the one just completed, which is not scheduled to start up production of chips until 2024. The move to build another plant comes despite the Taiwanese chip behemoth announcing recently that it was cutting back on its capital investment budget in the face of a market slowdown which led to TSMC predicting that Q4 revenue growth will likely be flat. However, the fact that TSMC is still considering further facilities in Arizona could be seen as vindication that the US CHIPS Act, which includes subsidies and other incentives for semiconductor companies like TSMC to build on American soil, is having the desired effect.

Read more of this story at Slashdot.

‘If You Die in the Game, You Die in Real Life.’

Oculus co-founder Palmer Luckey, writing on his personal blog: Today is November 6th, 2022, the day of the SAO Incident. Thousands of VRMMORPG gamers were trapped by a mad scientist inside a death game that could only be escaped through completion. If their hit points dropped to zero, their brain would be bombarded by extraordinarily powerful microwaves, supposedly killing the user. The same would happen if anyone in the real world tampered with their NerveGear, the virtual reality head-mounted-display that transported their minds and souls to Aincrad, the primary setting of Sword Art Online.

[…] In SAO, the NerveGear contained a microwave emitter that could be overdriven to lethal levels, something the creator of SAO and the NerveGear itself (Akihiko Kayaba) was able to hide from his employees, regulators, and contract manufacturing partners. I am a pretty smart guy, but I couldn’t come up with any way to make anything like this work, not without attaching the headset to gigantic pieces of equipment.

In lieu of this, I used three of the explosive charge modules I usually use for a different project, tying them to a narrow-band photosensor that can detect when the screen flashes red at a specific frequency, making game-over integration on the part of the developer very easy. When an appropriate game-over screen is displayed, the charges fire, instantly destroying the brain of the user. This isn’t a perfect system, of course. I have plans for an anti-tamper mechanism that, like the NerveGear, will make it impossible to remove or destroy the headset.

Even so, there are a huge variety of failures that could occur and kill the user at the wrong time. This is why I have not worked up the balls to actually use it myself, and also why I am convinced that, like in SAO, the final triggering should really be tied to a high-intelligence agent that can readily determine if conditions for termination are actually correct. At this point, it is just a piece of office art, a thought-provoking reminder of unexplored avenues in game design. It is also, as far as I know, the first non-fiction example of a VR device that can actually kill the user. It won’t be the last.

Read more of this story at Slashdot.