The hype around AI language models has companies scrambling to hire prompt engineers to improve their AI queries and create new products. But new research hints that the AI may be better at prompt engineering than humans, indicating many of these jobs could be short-lived as the technology evolves and automates the role. IEEE Spectrum: Battle and Gollapudi decided to systematically test [PDF] how different prompt engineering strategies impact an LLM's ability to solve grade school math questions. They tested three different open source language models with 60 different prompt combinations each. What they found was a surprising lack of consistency. Even chain-of-thought prompting sometimes helped and other times hurt performance. "The only real trend may be no trend," they write. "What's best for any given model, dataset, and prompting strategy is likely to be specific to the particular combination at hand."

There is an alternative to the trial-and-error style prompt engineering that yielded such inconsistent results: Ask the language model to devise its own optimal prompt. Recently, new tools have been developed to automate this process. Given a few examples and a quantitative success metric, these tools will iteratively find the optimal phrase to feed into the LLM. Battle and his collaborators found that in almost every case, this automatically generated prompt did better than the best prompt found through trial-and-error. And, the process was much faster, a couple of hours rather than several days of searching.

Long-time Slashdot reader theodp writes: CACM [Communications of the ACM] Is Now Open Access," proclaims the Association for Computing Machinery (ACM) in its tear-down-this-CACM-paywall announcement. "More than six decades of CACM's renowned research articles, seminal papers, technical reports, commentaries, real-world practice, and news articles are now open to everyone, regardless of whether they are members of ACM or subscribe to the ACM Digital Library."

Ironically, clicking on Google search results for older CACM articles on Aaron Swartz currently returns page-not-found error messages and the CACM's own search can't find Aaron Swarz either, so perhaps there's some work that remains to be done with the transition to CACM's new website. ACM plans to open its entire archive of over 600,000 articles when its five-year transition to full Open Access is complete (January 2026 target date).
"They are right..." the site's editor-in-chief told Slashdot. "We need to get Google to reindex the new site ASAP."

Rust's official survey team released results from their 8th annual survey "focused on gathering insights and feedback from Rust users". In terms of operating systems used by Rustaceans, the situation is very similar to the results from 2022, with Linux being the most popular choice of Rust users [69.7%], followed by macOS [33.5%] and Windows [31.9%], which have a very similar share of usage. Rust programmers target a diverse set of platforms with their Rust programs, even though the most popular target by far is still a Linux machine [85.4%]. We can see a slight uptick in users targeting WebAssembly [27.1%], embedded and mobile platforms, which speaks to the versatility of Rust.

We cannot of course forget the favourite topic of many programmers: which IDE (developer environment) do they use. Visual Studio Code still seems to be the most popular option [61.7%], with RustRover (which was released last year) also gaining some traction [16.4%].
The site ITPro spoke to James Governor, co-founder of the developer-focused analyst firm RedMonk, who said Rust's usage is "steadily increasing", pointing to its adoption among hyperscalers and cloud companies and in new infrastructure projects. "Rust is not crossing over yet as a general-purpose programming language, as Python did when it overtook Java, but it's seeing steady growth in adoption, which we expect to continue. It seems like a sustainable success story at this point."

But InfoWorld writes that "while the use of Rust language by professional programmers continues to grow, Rust users expressed concerns about the language becoming too complex and the low level of Rust usage in the tech industry." Among the 9,374 respondents who shared their main worries for the future of Rust, 43% were most concerned about Rust becoming too complex, a five percentage point increase from 2022; 42% were most concerned about low usage of Rust in the tech industry; and 32% were most concerned about Rust developers and maintainers not being properly supported, a six percentage point increase from 2022. Further, the percentage of respondents who were not at all concerned about the future of Rust fell, from 30% in 2022 to 18% in 2023.

Stack Overflow has launched an API that will require all AI models trained on its coding question-and-answer content to attribute sources linking back to its posts. And it will cost money to use the site's content. From a report: "All products based on models that consume public Stack Overflow data are required to provide attribution back to the highest relevance posts that influenced the summary given by the model," it confirmed in a statement. The Overflow API is designed to act as a knowledge database to help developers build more accurate and helpful code-generation models. Google announced it was using the service to access relevant information from Stack Overflow via the API and integrate the data with its latest Gemini models, and for its cloud storage console.

Angie Byron, a long-time member of the Drupal community, offers guidance on avoiding common mistakes and general good-practices for those new to contributing to open-source projects: [...] You might not know it yet, but as a newcomer to an open source project, you have this AMAZING superpower: you are often-times the only one in that whole project capable of reading the documentation through new eyes. Because I can guarantee, the people who wrote that documentation are not new. :-)

So take time to read the docs and file issues (or better yet, pull requests) for anything that was unclear. This lets you get a "feel" for contributing in a project/community without needing to go way down the deep end of learning coding standards and unit tests and commit signing and whatever other bananas things they're about to make you do. :) Also, people are more likely to take time to help you, if you've helped them first!

Jacob Kaplan-Moss, one of the lead developers of Django, writes in a long post that he says has come from a place of frustration: [...] Instead, every time a maintainer finds a way to get paid, people show up to criticize and complain. Non-OSI licenses "don"t count" as open source. Someone employed by Microsoft is "beholden to corporate interests" and not to be trusted. Patreon is "asking for handouts." Raising money through GitHub sponsors is "supporting Microsoft's rent-seeking." VC funding means we're being set up for a "rug pull" or "enshitification." Open Core is "bait and switch."

None of this is hypothetical; each of these examples are actual things I've seen said about maintainers who take money for their work. One maintainer even told me he got criticized for selling t-shirts! Look. There are absolutely problems with every tactic we have to support maintainers. It's true that VC investment comes with strings attached that often lead to problems down the line. It sucks that Patreon or GitHub (and Stripe) take a cut of sponsor money. The additional restrictions imposed by PolyForm or the BSL really do go against the Freedom 0 ideal. I myself am often frustrated by discovering that some key feature I want out of an open core tool is only available to paid licensees.

But you can criticize these systems while still supporting and celebrating the maintainers! Yell at A16Z all you like, I don't care. (Neither do they.) But yelling at a maintainer because they took money from a VC is directing that anger in the wrong direction. The structural and societal problems that make all these different funding models problematic aren't the fault of the people trying to make a living doing open source. It's like yelling at someone for shopping at Dollar General when it's the only store they have access to. Dollar General's predatory business model absolutely sucks, as do the governmental policies that lead to food deserts, but none of that is on the shoulders of the person who needs milk and doesn't have alternatives.

An anonymous reader quotes a report from TechCrunch: Perceiving the demand for alternatives, AI startup Hugging Face several years ago teamed up with ServiceNow, the workflow automation platform, to create StarCoder, an open source code generator with a less restrictive license than some of the others out there. The original came online early last year, and work has been underway on a follow-up, StarCoder 2, ever since. StarCoder 2 isn't a single code-generating model, but rather a family. Released today, it comes in three variants, the first two of which can run on most modern consumer GPUs: A 3-billion-parameter (3B) model trained by ServiceNow; A 7-billion-parameter (7B) model trained by Hugging Face; and A 15-billion-parameter (15B) model trained by Nvidia, the newest supporter of the StarCoder project. (Note that "parameters" are the parts of a model learned from training data and essentially define the skill of the model on a problem, in this case generating code.)a

Like most other code generators, StarCoder 2 can suggest ways to complete unfinished lines of code as well as summarize and retrieve snippets of code when asked in natural language. Trained with 4x more data than the original StarCoder (67.5 terabytes versus 6.4 terabytes), StarCoder 2 delivers what Hugging Face, ServiceNow and Nvidia characterize as "significantly" improved performance at lower costs to operate. StarCoder 2 can be fine-tuned "in a few hours" using a GPU like the Nvidia A100 on first- or third-party data to create apps such as chatbots and personal coding assistants. And, because it was trained on a larger and more diverse data set than the original StarCoder (~619 programming languages), StarCoder 2 can make more accurate, context-aware predictions -- at least hypothetically.

[I]s StarCoder 2 really superior to the other code generators out there -- free or paid? Depending on the benchmark, it appears to be more efficient than one of the versions of Code Llama, Code Llama 33B. Hugging Face says that StarCoder 2 15B matches Code Llama 33B on a subset of code completion tasks at twice the speed. It's not clear which tasks; Hugging Face didn't specify. StarCoder 2, as an open source collection of models, also has the advantage of being able to deploy locally and "learn" a developer's source code or codebase -- an attractive prospect to devs and companies wary of exposing code to a cloud-hosted AI. Hugging Face, ServiceNow and Nvidia also make the case that StarCoder 2 is more ethical -- and less legally fraught -- than its rivals. [...] As opposed to code generators trained using copyrighted code (GitHub Copilot, among others), StarCoder 2 was trained only on data under license from the Software Heritage, the nonprofit organization providing archival services for code. Ahead of StarCoder 2's training, BigCode, the cross-organizational team behind much of StarCoder 2's roadmap, gave code owners a chance to opt out of the training set if they wanted. As with the original StarCoder, StarCoder 2's training data is available for developers to fork, reproduce or audit as they please. StarCoder 2's license may still be a roadblock for some. "StarCoder 2 is licensed under the BigCode Open RAIL-M 1.0, which aims to promote responsible use by imposing 'light touch' restrictions on both model licensees and downstream users," writes TechCrunch's Kyle Wiggers. "While less constraining than many other licenses, RAIL-M isn't truly 'open' in the sense that it doesn't permit developers to use StarCoder 2 for every conceivable application (medical advice-giving apps are strictly off limits, for example). Some commentators say RAIL-M's requirements may be too vague to comply with in any case -- and that RAIL-M could conflict with AI-related regulations like the EU AI Act."

Tontoman shares a report: The White House Office of the National Cyber Director (ONCD) urged tech companies to switch to memory-safe programming languages, such as Rust, to improve software security by reducing the number of memory safety vulnerabilities. Such vulnerabilities are coding errors or weaknesses within software that can lead to memory management issues when memory can be accessed, written, allocated, or deallocated. They occur when software accesses memory in unintended or unsafe ways, resulting in various security risks and issues like buffer overflow, use after free, use of uninitialized memory, and double free that attackers can exploit.

Successful exploitation carries severe risks, potentially enabling threat actors to gain unauthorized access to data or execute malicious code with the privileges of the system owner. "For over 35 years, this same class of vulnerability has vexed the digital ecosystem. The challenge of eliminating entire classes of software vulnerabilities is an urgent and complex problem. Looking forward, new approaches must be taken to mitigate this risk," ONCD's report says. "The highest leverage method to reduce memory safety vulnerabilities is to secure one of the building blocks of cyberspace: the programming language. Using memory safe programming languages can eliminate most memory safety errors."

theodp writes: Asked at the recent World Government Summit in Dubai what people should focus on when it comes to education, what should they learn, and how they should educate their kids and their societies, Nvidia CEO Jensen Huang made a counterintuitive break from tech CEOs advising youngsters to learn how to code. Huang argued that, even at this early stage of the AI revolution, programming is no longer a vital skill. With coding taken care of by AI, Huang suggested humans can instead focus on more valuable expertise like biology, education, manufacturing, or farming

From the video: "You probably recall over the course of the last 10 years, 15 years, almost everybody who sits on a stage like this would tell you it is vital that your children learn computer science, everybody should learn how to program, and in fact it's almost exactly the opposite. It is our job to create computing technology such that nobody has to program and that the programming language, it's human, everybody in the world is now a programmer. This is the miracle, this is the miracle of artificial intelligence. For the very first time, we have closed the gap, the technology divide has been completely closed and it's the reason why so many people can engage artificial intelligence. It is the reason why every single government, every single industrial conference, every single company is talking about artificial intelligence today. Because for the very first time you can imagine everybody in your company being a technologist.

"And so, this is a tremendous time for all of you to realize that the technology divide has been closed. Or another way to say it, the technology leadership of other countries has now been reset. The countries, the people that understand how to solve a domain problem in digital biology, or in education of young people, or in manufacturing or in farming, those people who understand domain expertise now can utilize technology that is readily available to you. You now have a computer that will do what you tell it to do to help automate your work, to amplify your productivity, to make you more efficient. And so, I think that this is just a tremendous time. The impact of course is great and your imperative to activate and take advantage of the technology is absolutely immediate. And also to realize that to engage AI is a lot easier now than at any time in the history of computing. It is vital that we upskill everyone and the upskilling process, I believe, will be delightful, surprising, to realize that this computer can perform all these things that you're instructing it to do and doing it so easily."

Huang's words come as tech-backed nonprofit Code.org-- which is lobbying to make CS a high school graduation requirement in all 50 states -- hedges its bets by also including AI usage as part of its mission through its new TeachAI initiative (trademark pending). Interestingly, conspicuous by its absence from the Who's Who of tech giants on the advisory committee for the Code.org staffed-and-operated TeachAI is Nvidia (Nvidia is also missing from the list of Code.org donors). So, is it time to revisit the question of Is AI an Excuse for Not Learning To Code?

Julia 1.0 was released in 2018 — after a six-year wait.

And there's now another update. LWN.net gets you up to speed, calling Julia "a general-purpose, open-source programming language with a focus on high-performance scientific computing." Some of Julia's unusual features:

- Lisp-inspired metaprogramming
- The ability to examine compiled representations of code in the REPL or in a "reactive notebook"
- An advanced type and dispatch system
- A sophisticated, built-in package manager.

Version 1.10 brings big increases in speed and developer convenience, especially improvements in code precompilation and loading times. It also features a new parser written in Julia... [I]t is faster, it produces more useful syntax-error messages, and it provides better source-code mapping, which associates locations in compiled code to their corresponding lines in the source. That last improvement also leads to better error messages and makes it possible to write more sophisticated debuggers and linters...

Between the improvements in precompilation and loading times, and the progress in making small binaries, two major and perennial complaints, of beginners and seasoned Julia users alike, have been addressed... StaticCompiler and related WebAssembly tools will make it easier to write web applications in Julia for direct execution in the browser; it is already possible, but may become more convenient over the next few years.
Thanks for sharing the article to long-time Slashdot reader lee1 — who also wrote No Starch Press's Practical Julia: A Hands-On Introduction for Scientific Minds .

lee1 also reminds us that Gnuplot 6.0 was released in December: lee1 writes: This article surveys the new features, including filled contours in 3D, adaptive plotting resolution, watchpoints, clipping of surfaces, pie charts, and new syntax for conditionals.

Stack Overflow's blog reports on a new programming language called Mariposa.

They call it a "toy" programming language, "created as a way to play around with a novel or odd feature, like variable assignment outside of the normal order of execution — more colloquially, time travel." Computer science has long sought to reason about time in electronic systems, thanks to a consistent interest in concurrency and real-time messaging... Mariposa allows you to manipulate the order of execution by assigning an instant to a variable, then setting the context of that instance. Here's a basic example, taken from the Mariposa readme:

x = 1
t = now()
print(x)
at t:
x = 2

According to the normal order of operations, this code should print "1". But because t is assigned to the instance in the second line, any modifications specified within an at t: block are applied immediately, and this code prints "2"...

While Mariposa caught a fair amount of attention recently, it's not the first implementation of time travel in programming. There is a Haskell package appropriately called tardis, which creates two state transformers: one travels forward in time and one backward. As the docs explain, "The most concise way to explain it is this: getPast retrieves the value from the latest sendFuture, while getFuture retrieves the value from the next sendPast." One function's past is another one's future.
The article explores "the history and future of other programming paradigms" applying logic to time, including interval temporal logic systems as well as "modeling, analysis, and verification languages/tools that allow temporal and state modeling without requiring temporal logic understanding."

Tech companies are famous for coddling their workers, but after mass layoffs the industry's culture has shifted. Engineers say that getting hired can require days of work on unpaid assignments. From a report: Nearly a dozen engineers, hiring managers, and entrepreneurs who spoke with WIRED describe an environment in which technical job applicants are being put through the wringer. Take-home coding tests used to be rare, deployed only if an employer needed to be further convinced. Now interviewees are regularly given projects described as requiring just two to three hours that instead take days of work.

Live-coding exercises are also more intense, industry insiders say. One job seeker described an experience where an engineering manager said during an interview, "OK, we're going to build a To Do List app right now," a process that might normally take weeks.

Emails reviewed by WIRED showed that in one interview for an engineering role at Netflix, a technical recruiter requested that a job candidate submit a three-page project evaluation within 48 hours -- all before the first round of interviews. A Netflix spokesperson said the process is different for each role and otherwise declined to comment. A similar email at Snap outlined a six-part interview process for a potential engineering candidate, with each part lasting an hour. A company spokesperson says its interview process hasn't changed as a result of labor market changes.

An anonymous reader shared this post from Phoronix: With Linux 6.8 the kernel's Rust code was brought up to Rust 1.75 while new patches posted this weekend port the code over to Rust 1.76 and then the upcoming Rust 1.77...

With Rust 1.77 they have now stabilized the single-field "offset_of" feature used by the kernel's Rust code. Rust 1.77 also adds a "--check-cfg" option that the Rust kernel code will likely transition to in the future. This follows the Rust for Linux policy of tracking the upstream Rust version upgrades until there is a minimum version that can be declared where all used features are considered stable.

This week the non-profit Rust Foundation announced the release of a report on what their Security Initiative accomplished in the last six months of 2023. "There is already so much to show for this initiative," says the foundation's executive director, "from several new open source security projects to several completed and publicly available security threat models."

From the executive summary: When the user base of any programming language grows, it becomes more attractive to malicious actors. As any programming language ecosystem expands with more libraries, packages, and frameworks, the surface area for attacks increases. Rust is no different. As the steward of the Rust programming language, the Rust Foundation has a responsibility to provide a range of resources to the growing Rust community. This responsibility means we must work with the Rust Project to help empower contributors to participate in a secure and scalable manner, eliminate security burdens for Rust maintainers, and educate the public about security within the Rust ecosystem...

Recent Achievements of the Security Initiative Include:

- Completing and releasing Rust Infrastructure and Crates Ecosystem threat models

- Further developing Rust Foundation open source security project Painter [for building a graph database of dependencies/invocations between crates] and releasing new security project, Typomania [a toolbox to check for typosquatting in package registries].

- Utilizing new tools and best practices to identify and address malicious crates.

- Helping reduce technical debt within the Rust Project, producing/contributing to security-focused documentation, and elevating security priorities for discussion within the Rust Project.

... and more!

Over the Coming Months, Security Initiative Engineers Will Primarily Focus On:

- Completing all four Rust security threat models and taking action to address encompassed threats

- Standing up additional infrastructure to support redundancy, backups, and mirroring of critical Rust assets

- Collaborating with the Rust Project on the design and potential implementation of signing and PKI solutions for crates.io to achieve security parity with other popular ecosystems

- Continuing to create and further develop tools to support Rust ecosystem, including the crates.io admin functionality, Painter, Typomania, and Sandpit

The Tiobe index tries to gauge the popularity of programming languages based on search results for courses, programmers, and third-party vendors, according to InfoWorld.

And by that criteria, "Google's Go language, or golang, has reached its highest position ever..." The language, now in the eighth ranked position for language popularity, has been on the rise for several years.... In 2015, Go hit position #122 in the TIOBE index and all seemed lost," said Paul Jansen, CEO of Tiobe. "One year later, Go adopted a very strict 'half-a-year' release cycle — backed up by Google. Every new release, Go improved... Nowadays, Go is used in many software fields such as back-end programming, web services and APIs," added Jansen...

Elsewhere in the February release of Tiobe's index, Google's Carbon language, positioned as a successor to C++, reached the top 100 for the first time. Python is #1 on both TIOBE's index and the alternative Pypl Popularity of Programming Language index, which InfoWorld says "assesses language popularity based on how often language tutorials are searched on in Google." But the two lists differ on whether Java and JavaScript are more popular than C-derived languages — and which languages should then come after them. (Go ranks #12 on the Pypl index...)

TIOBE's calculation of the 10 most-popular programming languages:

1. Python
2. C
3. C++
4. Java
5. C#
6. JavaScript
7. SQL
8. Go
9. Visual Basic
10. PHP

Pypl's calculation of the 10 most-popular programming languages:

1. Python
2. Java
3. JavaScript
4. C/C++
5. C#
6. R
7. PHP
8. TypeScript
9. Swift
10. Objective-C

According to Bloomberg (paywalled), Apple plans to release a generative AI tool for iOS app developers as early as this year. Insider reports: The tech giant is working on a tool that will use artificial intelligence to write code as part of its plans to expand the capabilities of Xcode, the company's main programming software. The revamped system will compete withÂMicrosoft's GitHub Copilot, which sources say operates similarly. Apple is also working on an AI tool that will generate code to test apps, which could provide potential time savings for a process that's known to be tedious. Currently, Apple is urging some engineers to test these new AI features to ensure they work before releasing them externally to developers. [...]

The tech giant, Bloomberg has learned, has plans to integrate AI features into its next software updates for its iPhone and iPad known internally as Crystal. Glow, another internal AI project, is slated to be added to MacOS. The company is also building features that will generate Apple Music playlists and slideshows, according to the outlet. An AI-powered search feature titled Spotlight, currently limited to answering questions around launching apps, is in the works as well, Bloomberg reported.

A core developer of Nginx, currently the world's most popular web server, has quit the project, stating that he no longer sees it as "a free and open source project... for the public good." From a report: His fork, freenginx, is "going to be run by developers, and not corporate entities," writes Maxim Dounin, and will be "free from arbitrary corporate actions." Dounin is one of the earliest and still most active coders on the open source Nginx project and one of the first employees of Nginx, Inc., a company created in 2011 to commercially support the steadily growing web server. Nginx is now used on roughly one-third of the world's web servers, ahead of Apache.

Nginx Inc. was acquired by Seattle-based networking firm F5 in 2019. Later that year, two of Nginx's leaders, Maxim Konovalov and Igor Sysoev, were detained and interrogated in their homes by armed Russian state agents. Sysoev's former employer, Internet firm Rambler, claimed that it owned the rights to Nginx's source code, as it was developed during Sysoev's tenure at Rambler (where Dounin also worked). While the criminal charges and rights do not appear to have materialized, the implications of a Russian company's intrusion into a popular open source piece of the web's infrastructure caused some alarm. Sysoev left F5 and the Nginx project in early 2022. Later that year, due to the Russian invasion of Ukraine, F5 discontinued all operations in Russia. Some Nginx developers still in Russia formed Angie, developed in large part to support Nginx users in Russia. Dounin technically stopped working for F5 at that point, too, but maintained his role in Nginx "as a volunteer," according to Dounin's mailing list post.

Dounin writes in his announcement that "new non-technical management" at F5 "recently decided that they know better how to run open source projects. In particular, they decided to interfere with security policy nginx uses for years, ignoring both the policy and developers' position." While it was "quite understandable," given their ownership, Dounin wrote that it means he was "no longer able to control which changes are made in nginx," hence his departure and fork.

Michael Larabel writes via Phoronix: While there have been efforts by AMD over the years to make it easier to port codebases targeting NVIDIA's CUDA API to run atop HIP/ROCm, it still requires work on the part of developers. The tooling has improved such as with HIPIFY to help in auto-generating but it isn't any simple, instant, and guaranteed solution -- especially if striving for optimal performance. Over the past two years AMD has quietly been funding an effort though to bring binary compatibility so that many NVIDIA CUDA applications could run atop the AMD ROCm stack at the library level -- a drop-in replacement without the need to adapt source code. In practice for many real-world workloads, it's a solution for end-users to run CUDA-enabled software without any developer intervention. Here is more information on this "skunkworks" project that is now available as open-source along with some of my own testing and performance benchmarks of this CUDA implementation built for Radeon GPUs. [...]

For those wondering about the open-source code, it's dual-licensed under either Apache 2.0 or MIT. Rust fans will be excited to know the Rust programming language is leveraged for this Radeon implementation. [...] Those wanting to check out the new ZLUDA open-source code for Radeon GPUs can do so via GitHub.

At a press conference last week, a California Assemblymember joined the State Superintendent of Public Instruction in announcing a bill that, if passed, would require every public high school to teach computer science. (And establish CS as a high school graduation requirement by the 2030-31 school year.)

Long-time Slashdot reader theodp says he noticed posters with CS-education advocacy charts and stats "copied verbatim" from the tech giant-backed nonprofit Code.org. (And "a California Dept. of Education news release also echoed Code.org K-12 CS advocacy factoids.") The announcement came less than two weeks after Code.org CEO Hadi Partovi — whose goal is to make CS a HS graduation requirement in all 50 states by 2030 — was a keynote speaker at the Association of California School Administrators Superintendents' Symposium. Even back in an October 20 Facebook post, [California state assemblyman] Berman noted he'd partnered with Code.org on legislation in the past and hinted that something big was in the works on the K-12 CS education front for California. "I had the chance to attend Code.org's 10th anniversary celebration and chat with their founder, Hadi Partovi, as well as CS advocate Aloe Blacc. They've done amazing work expanding access to computer science education... and I've been proud to partner with them on legislation to do that in CA. More to come!"

An anonymous Slashdot reader shared this report from SiliconANGLE: The Rust Foundation, which supports the development of the popular open-source Rust programming language... shared that Google LLC had made a $1 million contribution specifically earmarked for a C++/Rust interoperability effort known as the "Interop Initiative." The initiative aims to foster seamless integration between Rust and the widely used C++ programming language, addressing one of the significant barriers to Rust's adoption in legacy systems entrenched in C++ code.

Rust has the ability to prevent common memory errors that plague C++ programs and offers a path toward more secure and reliable software systems. However, transitioning from C++ to Rust presents notable challenges, particularly for organizations with extensive C++ codebases. The Interop Initiative seeks to mitigate these challenges by facilitating smoother transitions and enabling organizations to leverage Rust's advantages without completely overhauling their existing systems.

As part of the initiative, the Rust Foundation will collaborate closely with the Rust Project Leadership Council, stakeholders and member organizations to develop a comprehensive scope of work. The collaborative effort will focus on enhancing build system integration, exploring artificial intelligence-assisted code conversion techniques and expanding upon existing interoperability frameworks. By addressing these strategic areas, the initiative aims to accelerate the adoption of Rust across the software industry and hence contribute to advancing memory safety and reducing the prevalence of software vulnerabilities.
A post on Google's security blog says they're excited to collaborate "to ensure that any additions made are suitable and address the challenges of Rust adoption that projects using C++ face. Improving memory safety across the software industry is one of the key technology challenges of our time, and we invite others across the community and industry to join us in working together to secure the open source ecosystem for everyone."

The blog post also includes this quote from Google's VP of engineering, Android security and privacy. "Based on historical vulnerability density statistics, Rust has proactively prevented hundreds of vulnerabilities from impacting the Android ecosystem. This investment aims to expand the adoption of Rust across various components of the platform."

The Register adds: Lars Bergstrom, director of Android platform tools and libraries and chair of the Rust Foundation Board, announced the grant and said that the funding will "improve the ability of Rust code to interoperate with existing legacy C++ codebases.... Integrating Rust today is possible where there is a fallback C API, but for high-performance and high-fidelity interoperability, improving the ability to work directly with C++ code is the single biggest initiative that will further the ability to adopt Rust...."

According to Bergstrom, Google's most significant increase in the use of Rust has occurred in Android, where interoperability started receiving attention in 2021, although Rust is also being deployed elsewhere.... Bergstrom said that as of mid-2023, Google had more than 1,000 developers who had committed Rust code, adding that the ad giant recently released the training material it uses. "We also have a team working on building out interoperability," he added. "We hope that this team's work on addressing challenges specific to Google's codebases will complement the industry-wide investments from this new grant we've provided to the Rust Foundation."

Google's grant matches a $1 million grant last November from Microsoft, which also committed $10 million in internal investment to make Rust a "first-class language in our engineering systems." The Google-bucks are expected to fund further interoperability efforts, along the lines of KDAB's bidirectional Rust and C++ bindings with Qt.