This week AWS pledged up to $100 million in cloud-computing credits for educational organizations over the next five years, to help them build "technology-based learning experiences" on AWS, including:

• AI assistants
• coding curriculums - connectivity tools
• student learning platforms
• mobile apps
• chatbots

One example shared by Amazon: The nonprofit Code.org will use AWS's cloud credits to scale their AI teaching assistant that "has already helped teachers reduce the time they spend assessing students' coding projects by up to 50%." (Amazon's blog post notes that "Improved efficiency means teachers have more time to work on personalized lesson plans and coach students" — and that Code.org's assistant uses an AWS service for building AI tools...)

$100 million sounds pretty generous. But long-time Slashdot reader theodp notes the application for the cloud credits limits education organization to $100,000 in credits (though "your organization may be able to apply for a credits expansion" if needed). Do these figures suggest Amazon expects less than 1,000 organizations to apply for free cloud-computing over the next five years? ($100,000,000/$100,000 = 1,000)

theodp also spotted a GitHub comment from a Code.org software engineer comparing accuracy for its teaching assistant after a switch from GPT-4 Turbo to Claude. Both before and after the switch, the teaching assistant averaged an accuracy rate of 77%, the comment notes.

I guess that 77% accuracy rate is what Amazon is calling "improved efficiency" that "means teachers have more time to work on personalized lesson plans and coach students." (Maybe you're never to young to learn that AI makes mistakes?)

Mozilla's developer blog is announcing "JavaScriptmas". [F]rom December 1st to December 24th, we will release a fun, daily coding challenge for you to solve on [code-learning platform] Scrimba. Each challenge comes with an introductory screencast called "scrim", some starter code, and then it's your turn to fill in the gaps.

JavaScriptmas is about coding, learning, and the chance to win exciting prizes. Two lucky coders will be chosen as winners at the end of JavaScriptmas, and each will win a MacBook Air M3, swag from MDN and Scrimba, and a lifetime Scrimba Pro membership (worth ~$200 per year). The Scrimba membership will give you access to all courses, including the Frontend Developer Career Path based on the MDN curriculum.

Most of the challenges will evolve around JavaScript algorithms. You will also practice subjects like DOM manipulation, UI design, CSS, accessibility, and even a bit of cyber security. The challenges are a collaborative effort from Scrimba teachers, mentors, and MDN content writers, all with the goal of turning you into a more well-rounded web developer.

Winners will be chosen randomly from everyone who submits correct solutions. We want JavaScriptmas to be accessible for both beginners and experienced developers alike. That said, the more challenges you solve, the better your chances of winning! To maximize your chances, try to solve all 24 challenges and submit them as both regular entries and social entries. You don't have to submit your solutions on the same day they're published — the deadline for any submission is midnight UTC on Christmas Eve.

"The Rust Foundation is dedicated to ensuring a healthy Rust ecosystem," according to a new announcement today, " which depends on a growing pool of well-trained developers to thrive." The latest SlashData Developer Nation survey found Rust to be the fastest-growing programming language, doubling its users over the past two years. As Rust's adoption continues to accelerate, the demand for a multifaceted ecosystem of quality training will too.
Their blog post highlights three examples of the Rust community "creating new pathways for learning Rust" and "addressing the critical need for Rust training in academic settings..." Rust-Edu operates as a non-profit through Portland State University, with funding from Futurewei. Their mission is to "spread Rust use and development through academic curricula and communities throughout the world, making Rust the language of choice for 'systems programming' in its broadest sense through shared efforts of faculty, students and the Rust community." They focus on three main areas: curriculum development, educational tools, and language improvements...

teach-rs, pronounced "teachers," is a modular and reusable university course designed for in-person teaching in Rust. Its mission is to introduce Rust in higher education and ensure that more students enter the job market with considerable Rust experience. The teach-rs project provides ready-to-use Rust teaching materials, including slide decks and exercises that can be adapted to various teaching contexts... As an open source permissively licensed project, teach-rs enables educators to share and improve resources, making introducing Rust instruction into their programs more accessible. Many institutions now use teach-rs in their courses, including the Slovak University of Technology, RustIEC (a collaboration between Vrije Universiteit Brussel and KU Leuven), and the University Politehnica of Bucharest. At the time of this writing, teach-rs has nearly 3000 stars on GitHub...

Under the guidance of The Rust Foundation's Global Rust Coordinator and Rust Nation UK's organizer Ernest Kissiedu, Mordecai Etukudo (Mart) has developed a guide to help educational institutions adopt Rust in their systems. This resource walks organizations through the entire implementation process, from initial assessment to community engagement.

Meta is using OpenAI's GPT-4 alongside its own Llama AI model in Metamate, an internal coding assistance tool, Fortune reported Tuesday. The dual-model approach has been in place since early 2024, despite CEO Mark Zuckerberg's public promotion of Llama as a leading AI model.

Metamate, previously known as Code Compose, serves Meta's developers and employees with coding support. The Chan Zuckerberg Initiative, Zuckerberg's philanthropic organization, is separately developing an educational AI tool using OpenAI's technology, with OpenAI CEO Sam Altman joining CZI's AI advisory board.

The long-running Advent of Code site just entered its 10th year, with 162,809 people completing both of its Day One puzzles (which involve a hunt for the missing historian of the North Pole). But its not the only site offering Christmas-themed programming puzzles:

• Hundreds of SQL lovers are trying the daily challenges from the "Advent of SQL" site.

• You can sign up for daily emails with webdev challenges from the Advent of JavaScript and Advent of CSS sites.

• The "Advent of No-Code" site challenges you to build something new every day using no-code tools like AI-powered dev environments or the social coding site Val Town.

• TryHackMe.com is publishing "beginner-friendly, daily gamified cyber security challenges" in an event they're calling the "Advent of Cyber."

• And Norway's biggest chess club (founded by world champion Magnus Carlsen) has even launched a site with daily chess puzzles called — what else? — Advent of Chess. (It promises at the end of the event someone will win a chessboard signed by Magnus Carlsen).

Greg Kroah-Hartman noted some coming changes in Linux 6.13 will make it possible to create "way more" Rust-based kernel drivers. "The veteran kernel developer believes we're at a tipping point of seeing more upstream Rust drivers ahead," reports Phoronix: These Rust char/misc changes are on top of the main Rust pull for Linux 6.13 that brought 3k lines of code for providing more Rust infrastructure. Linux 6.13 separately is also bringing Rust file abstractions.
"Sorry for doing this at the end of the merge window," Greg Kroah-Hartman wrote in the pull request, explaining that "conference and holiday travel got in the way on my side (hence the 5am pull request emails...)" Loads of things in here...

— Rust misc driver bindings and other rust changes to make misc drivers actually possible. I think this is the tipping point, expect to see way more rust drivers going forward now that these bindings are present.

Next merge window hopefully we will have pci and platform drivers working, which will fully enable almost all driver subsystems to start accepting (or at least getting) rust drivers. This is the end result of a lot of work from a lot of people, congrats to all of them for getting this far, you've proved many of us wrong in the best way possible, working code :)

Long-time Slashdot reader jaromil writes: As a fun project, we hacked together a C interpreter (based on Tiny C Compiler) that compiles C code in-memory and runs it live.

CJIT today is a 2MB executable that can do a lot, including call functions from any installed library on Linux, Windows, and MacOSX.
Slashdot reader oliwer points out "they are also including a REPL, which could be interesting." And the CJIT web page promises there's "no EULA to sign, no IDE to install... 100% Free and open source!"

It also says the project was inspired by Terry Davis (TempleOS) and Fabrice Bellard (Tiny C Compiler).

Nonprofit Code.org has posted this year's cartoon for "Hour of Code," their annual learn-to-code event for schoolchildren.

Long-time Slashdot reader theodp notes its animated pigeon gives a shout-out to the AI that could ultimately replace programmers: In an Instagram post introducing the video, Code.org explains: "Bartlett the Pigeon just learned how to code and now thinks he's smarter than us. Honestly...he might be. Meet the face (and feathers) of this year's #HourOfCode." In the video, Bartlett wows a social media influencer with his coding skills. "Is this pigeon typing code?" she asks in disbelief. "I'm going to film this for my socials!" Bartlett goes on to explain that the song he remixes with coding blocks — Aloe Blacc's "I Need a Dollar" — could have instead been generated by simply using AI, which he says is "like having a personal DJ assistant who never misses a beat!"

Interestingly, Blacc noted in a 2011 interview that he wrote "I Need a Dollar" after being made redundant in his career as a business consultant by Ernst & Young. That multinational company is now advising global business leaders on how they can harness the power of GenAI "to achieve more with fewer resources" by disrupting professions — like programming — that "involve a high degree of repetitive and data-driven tasks that AI can automate."

A piracy ring that gave 22 million subscribers in Europe cheap access to content stolen from international streaming services has been shut down by Italian authorities after a two-year investigation. From a report: The criminal enterprise used a complex international IT system to "capture and resell" live programming and other on-demand content from companies including sports broadcaster DAZN, Netflix, Amazon Prime, Paramount, Sky and Disney+, prosecutors said in a statement on Wednesday.

Authorities estimate the operation generated revenues of roughly $264.3 million a month [non-paywalled link], or $3.2 billion a year, and caused combined damages of more than $10.6 billion to the affected broadcast companies. "The rate of profit you get from these illegal activities with lower risk is equivalent to that of cocaine trafficking," Francesco Curcio, the criminal prosecutor who led the investigation, told reporters.

A Stanford study of over 50,000 software engineers across hundreds of companies has found that approximately 9.5% of engineers perform minimal work while drawing full salaries, potentially costing tech companies billions annually.

The research showed the issue is most prevalent in remote work settings, where 14% of engineers were classified as "ghost engineers" compared to 6% of office-based staff. The study evaluated productivity through analysis of private Git repositories and simulated expert assessments of code commits.

Major tech companies could be significantly impacted, with IBM estimated to have 17,100 underperforming engineers at an annual cost of $2.5 billion. Across the global software industry, the researchers estimate the total cost of underperforming engineers could reach $90 billion, based on a conservative 6.5% rate of "ghost engineers" worldwide.

An anonymous reader quotes a report from TheGamer: With thousands of cards available in Pokemon's "Pokemon Trading Card Game," it can be hard to remember what is what. After all, since first debuting in the mid 1990s to coincide with the games of the same name, the popular collectible has been going strong ever since, with new releases constantly filling store shelves. That said, one avid Pokemon fan took it upon themselves to archive the card game's unique artwork. After hundreds of hours of work, over 23,000 cards have been archived, along with an additional 2,000 pieces of artwork. The end result is one of the best fan creations around.

Meet Twitter user pkm_jp, who devoted hundreds of hours to learning how to program in order to make their dream of a one-stop shop of all available card art a reality. "I remember the joy of getting the first set page working, displaying a small collection of cards," they wrote on Twitter. "I knew it was just the beginning." The site, artofpkm.com, "is dedicated to bringing artists and fans together," the created said on X (formerly Twitter). They note that there is still "lots of artwork still to be added and labeled," among other features such as "custom lists, voting, and a proper blog."

U.S. software developer job listings have plummeted 56% since 2019, according to CompTIA data, as coding bootcamp graduates face mounting challenges from AI tools and widespread tech industry layoffs.

For entry-level positions, postings have dropped even further at 67%. The downturn has forced several bootcamps to adapt or close. Boston's Launch Academy suspended operations in May after job placement rates fell from 90% to below 60%. Meanwhile, AI coding tools like ChatGPT and GitHub's Copilot are transforming the industry, with Google reporting that AI now generates over 25% of its new code.

"This is the worst environment for entry-level tech jobs I've seen in 25 years," said Menlo Ventures partner Venky Ganesan.

An anonymous reader shared this report from the New York Times: Between the time [construction worker Florencio] Rendon applied for the coding boot camp and the time he graduated, what Mr. Rendon imagined as a "golden ticket" to a better life had expired. About 135,000 start-up and tech industry workers were laid off from their jobs, according to one count. At the same time, new artificial intelligence tools like ChatGPT, an online chatbot from OpenAI, which could be used as coding assistants, were quickly becoming mainstream, and the outlook for coding jobs was shifting. Mr. Rendon says he didn't land a single interview.

Coding boot camp graduates across the country are facing a similarly tough job market. In Philadelphia, Mal Durham, a lawyer who wanted to change careers, was about halfway through a part-time coding boot camp late last year when its organizers with the nonprofit Launchcode delivered disappointing news. "They said: 'Here is what the hiring metrics look like. Things are down. The number of opportunities is down,'" she said. "It was really disconcerting." In Boston, Dan Pickett, the founder of a boot camp called Launch Academy, decided in May to pause his courses indefinitely because his job placement rates, once as high as 90 percent, had dwindled to below 60 percent. "I loved what we were doing," he said. "We served the market. We changed a lot of lives. The team didn't want that to turn sour."

Compared with five years ago, the number of active job postings for software developers has dropped 56 percent, according to data compiled by CompTIA. For inexperienced developers, the plunge is an even worse 67 percent. "I would say this is the worst environment for entry-level jobs in tech, period, that I've seen in 25 years," said Venky Ganesan, a partner at the venture capital firm Menlo Ventures.
A Stack Overflow survey of 65,000 developers found that 60% had used AI coding tools this year, the article points out. And it includes two predictions about the future:

• Armando Solar-Lezama, leader of MIT's Computer-Assisted Programming Group, "believes that A.I. tools are good news for programming careers. If coding becomes easier, he argues, we'll just make more, better software. We'll use it to solve problems that wouldn't have been worth the hassle previously, and standards will skyrocket."

• Zach Sims, a co-founder of Codecademy, said of the job prospects for coding boot camp graduates" "I think it's pretty grim."

Reddit's moderators drew some criticism after "locking" a discussion about C++ paper/proposal author Andrew Tomazos. The URL (in the post with the locked discussion) had led to a submission for Slashdot's queue of potential (but unpublished) stories, which nevertheless attracted 178 upvotes on Reddit and another 85 comments. That unpublished Slashdot submission was also submitted to Hacker News, where it drew another 38 upvotes but was also eventually flagged.

Back on Reddit's C++ subreddit (which has 300,000 members), a "direct appeal" was submitted to the moderators to unlock Reddit's earlier discussion (drawing over 100 upvotes). But there's one problem with this drama, as Slashdot reader brantondaveperson pointed out. "There appears to be no independent confirmation of this story anywhere. The only references to it are this Slashdot story, and a Reddit story. Neither cite sources or provide evidence." This drew a response from the person submitting the potential story to Slashdot: You raise a valid point. The communication around this was private. The complaint about the [paper's] title, the author's response, and the decision to expel were all communicated by either private email, on private mailing lists or in private in-person meetings. These private communications could be quoted by participants in said communications. Please let us know if that would be sufficient.
The paper had already drawn some criticism in a longer blog post by programmer Izzy Muerte (which called it "a fucking cleaned up transcript of a ChatGPT conversation".) It's one of six papers submitted this year by Tomaszos to the ISO's "WG21" C++ committee. Tomazos (according to his LinkedIn profile) is "lead programmer" of videogame company Fury Games (founded by him and his wife). It also shows an earlier two-year stint as a Google senior software engineer.

There were two people claiming direct knowledge of the situation posting on Reddit. A user named kritzikratzi posted: I contacted Andrew Tomazos directly. According to him the title "The Undefined Behavior Question" caused complaints inside WG21. The Standard C++ Foundation then offered two choices (1) change the paper title (2) be expelled. Andrew Tomazos chose (2).
A Reddit user Dragdu posted: He wasn't expelled for that paper, but rather this was the last straw. And he wasn't banned from the [WG21] committee, that is borderline impossible, but rather the organization he was representing told him to fuck off and don't represent them anymore. If he can find different organization to represent, he can still attend... Tomazos has been on lot of people's shit list, because his contributions suck... He decided that the title is too important to his ViSiOn for the chatgpt BS submitted as a paper, and that he won't change the title. This was the straw that broke the camel's back and his "sponsor" told him to fuck off....
There was also some back-and-forth on Hacker News. bun_terminator: r/cpp mods just woke up, banning everyone who question... this lunatic behavior.

(Reddit moderator): We did not go on a banning spree, we banned only one person, you. After removing the comment where you insulted someone, I checked your history, noticed that you did not meaningfully participate in r/cpp outside this thread, and decided to remove someone from the community who'd only be there to cause trouble.

Back in the mid-1980s Mark Roth was in 5th grade when the game ChipWits "helped kindle his interest in coding," according to an online biography. ("By middle school, he wrote his first Commodore 64 assembler and by high school he authored a 3D Graphics library for DOS.")

And 40 years later, Slashdot reader markroth8 writes that the programming puzzle/logic game "inspired many people to become professional coders": ChipWits was first released for Mac in 1984, and was later ported to Commodore 64 and Apple II in 1985. To celebrate the game's 40th anniversary, the team behind the new Steam reboot of ChipWits (including its original co-creator Doug Sharp, also of fame for the game King of Chicago) is announcing the recovery and open source release of the original game's source code, written in the FORTH programming language, for both Mac and Commodore 64 platforms.

Recovering data from 40-year old 5.25" and 3.5" disks was a challenge in and of itself, and most of the data survived unscathed! It's interesting to read the 40-year-old code, and compare it to modern game development.
"Our goal for open sourcing the original version of ChipWits is to ensure its legacy lives on," according to the announcement. (It adds that "We also wanted to share an appreciation for what cross-platform software development for 8-bit microcomputers was like in 1984.")

The GitHub Secure Open Source Fund launched this week with an initial commitment of $1.25 million, reports TechCrunch, using "capital from contributors including American Express, 1Password, Shopify, Stripe, and GitHub's own parent company Microsoft." GitHub briefly teased the new initiative at its annual GitHub Universe developer conference last month, but Tuesday it announced full details and formally opened the program for applicants, which will be reviewed "on a rolling basis" through the closing date of January 7, 2025, with programming and funding starting shortly after...

Tuesday's news builds on a number of previous GitHub initiatives designed to support project maintainers that work on key components of critical software, including GitHub Sponsors which landed in 2019 (and which is powering the new fund), but more directly the GitHub Accelerator program that launched its first cohort last year — the GitHub Secure Open Source Fund is essentially an extension of that.

"We're trying to acknowledge the fact that we're the home of open source, ultimately, and we have an obligation to help ensure that open source can continue to thrive and have the support that it needs," GitHub Chief Operating Officer Kyle Daigle told TechCrunch in an interview. Qualifying projects can be pretty much any project that has an open source license, but of course GitHub will be looking at those that need the funds most — so Kubernetes can hold fire with its application. "We're looking for the outsized impact, which tends to be big projects with few maintainers that we all rely on," Daigle said.

The sum of $1.25 million might sound like a reasonable amount, but it will be split across 125 projects, which means just $10,000 each — better than nothing, for sure, but a drop in the ocean on the grand scheme of things. However, Daigle is quick to stress that money is only part of the prize here — as with the initial accelerator program, maintainers embark on a three-week program, which includes mentorship, certification, education workshops, and ongoing access to GitHub tools.
From GitHub's announcement: Since introducing support for organizations through GitHub Sponsors, more than 5,800 organizations, including Microsoft and Stripe, have invested in maintainers and projects on GitHub, up nearly 40% YoY. Cumulatively, the platform has unlocked over $60 million in funding for maintainers to help them spend more time working on their projects.

But we know we're just scratching the surface when it comes to organizations and corporate support of open source. This summer, we partnered with the Linux Foundation and researchers from Laboratory for Innovation Science at Harvard (LISH) to learn more about the state of open source funding today. Diving in, we assessed organizations funding behaviors, potential misalignments, and opportunities to improve. In the report launched today, we found:


- Responding organizations annually invest $1.7 billion in open source, which can be extrapolated to estimate that approximately $7.7 billion is invested across the entire open source ecosystem annually.

- 86% of investment is in the form of contribution labor by employees and contractors working for the funding organization, with the remaining 14% being direct financial contributions.

- Organizations generally know how and where they contribute (65%) but lack specific clarity of their contributions (38%).

- Security efforts focus on bugs and maintenance; only a few (6%) said comprehensive security audits are a priority.


We all stand to benefit from unlocking more funding for open source. By tackling problems like open source security as an ecosystem, we believe we can help create more available funding and resources that are vital to the sustainability of open source. Not every open source project or maintainer has access to funding and training for security. That's why we created a fund that everyone potentially eligible can apply for...

This is the beginning of a journey into helping find ways to secure open source. On its own, it's not the answer, but we are confident it will help. We will be monitoring the impact of these investments and share what we learn as we go.

The Rust community has "recognized the unsafety of Rust (if used incorrectly)," according to a blog post by Amazon Web Services.

So now AWS and the Rust Foundation are "crowdsourcing an effort to verify the Rust standard library," according to an article at DevClass.com, "by setting out a series of challenges for devs and offering financial rewards for solutions..." Rust includes ways to bypass its safety guarantees though, with the use of the "unsafe" keyword... The issue AWS highlights is that even if developers use only safe code, most applications still depend on the Rust standard library. AWS states that there are approximately 7.5K unsafe functions in the Rust Standard Library and notes that 57 "soundness issues" and 20 CVEs (Common Vulnerabilities and Exposures) have been reported in the last three years. [28% of the soundness issues were discovered in 2024.]

Marking a function as unsafe does not mean it is vulnerable, only that Rust does not guarantee its safety. AWS plans to reduce the risk by using tools and techniques for formal verification of key library code, but believes that "a single team would be unable to make significant inroads" for reasons including the lack of a verification mechanism in the Rust ecosystem and what it calls the "unknowns of scalable verification." The plan therefore is to turn this over to the community, by posing challenges and rewarding developers for solutions.... A GitHub repository provides a fork of the Rust code and includes a set of challenges, currently 13 of them... The Rust Foundation says that there is a financial reward tied to each challenge, and that the "challenge rewards committee is responsible for reviewing activity and dispensing rewards." How much will be paid though is not stated.

Despite the wide admiration for Rust, there is no formal specification for the language, an issue which impacts formal verification efforts.
Thanks to Slashdot reader sean-it-all for sharing the news.

Microsoft-owned GitHub published a blog post asking "Does GitHub Copilot improve code quality? Here's what the data says."

Its first paragraph includes statistics from past studies — that GitHub Copilot has helped developers code up to 55% faster, leaving 88% of developers feeling more "in the flow" and 85% feeling more confident in their code.

But does it improve code quality? [W]e recruited 202 [Python] developers with at least five years of experience. Half were randomly assigned GitHub Copilot access and the other half were instructed not to use any AI tools... We then evaluated the code with unit tests and with an expert review conducted by developers.

Our findings overall show that code authored with GitHub Copilot has increased functionality and improved readability, is of better quality, and receives higher approval rates... Developers with GitHub Copilot access had a 56% greater likelihood of passing all 10 unit tests in the study, indicating that GitHub Copilot helps developers write more functional code by a wide margin. In blind reviews, code written with GitHub Copilot had significantly fewer code readability errors, allowing developers to write 13.6% more lines of code, on average, without encountering readability problems. Readability improved by 3.62%, reliability by 2.94%, maintainability by 2.47%, and conciseness by 4.16%. All numbers were statistically significant... Developers were 5% more likely to approve code written with GitHub Copilot, meaning that such code is ready to be merged sooner, speeding up the time to fix bugs or deploy new features.
"While GitHub's reports have been positive, a few others haven't," reports Visual Studio magazine: For example, a recent study from Uplevel Data Labs said, "Developers with Copilot access saw a significantly higher bug rate while their issue throughput remained consistent."

And earlier this year a "Coding on Copilot" whitepaper from GitClear said, "We find disconcerting trends for maintainability. Code churn — the percentage of lines that are reverted or updated less than two weeks after being authored — is projected to double in 2024 compared to its 2021, pre-AI baseline. We further find that the percentage of 'added code' and 'copy/pasted code' is increasing in proportion to 'updated,' 'deleted,' and 'moved 'code. In this regard, AI-generated code resembles an itinerant contributor, prone to violate the DRY-ness [don't repeat yourself] of the repos visited."

Instead of focusing on chatbots, a new study reveals an automated way to breach LLM-driven robots "with 100 percent success," according to IEEE Spectrum. "By circumventing safety guardrails, researchers could manipulate self-driving systems into colliding with pedestrians and robot dogs into hunting for harmful places to detonate bombs..." [The researchers] have developed RoboPAIR, an algorithm designed to attack any LLM-controlled robot. In experiments with three different robotic systems — the Go2; the wheeled ChatGPT-powered Clearpath Robotics Jackal; and Nvidia's open-source Dolphins LLM self-driving vehicle simulator. They found that RoboPAIR needed just days to achieve a 100 percent jailbreak rate against all three systems... RoboPAIR uses an attacker LLM to feed prompts to a target LLM. The attacker examines the responses from its target and adjusts its prompts until these commands can bypass the target's safety filters. RoboPAIR was equipped with the target robot's application programming interface (API) so that the attacker could format its prompts in a way that its target could execute as code. The scientists also added a "judge" LLM to RoboPAIR to ensure the attacker was generating prompts the target could actually perform given physical limitations, such as specific obstacles in the environment...

One finding the scientists found concerning was how jailbroken LLMs often went beyond complying with malicious prompts by actively offering suggestions. For example, when asked to locate weapons, a jailbroken robot described how common objects like desks and chairs could be used to bludgeon people.

The researchers stressed that prior to the public release of their work, they shared their findings with the manufacturers of the robots they studied, as well as leading AI companies. They also noted they are not suggesting that researchers stop using LLMs for robotics... "Strong defenses for malicious use-cases can only be designed after first identifying the strongest possible attacks," Robey says. He hopes their work "will lead to robust defenses for robots against jailbreaking attacks."
The article includes a reaction from Hakki Sevil, associate professor of intelligent systems and robotics at the University of West Florida. He concludes that the "lack of understanding of context of consequences" among even advanced LLMs "leads to the importance of human oversight in sensitive environments, especially in environments where safety is crucial." But a long-term solution could be LLMs with "situational awareness" that understand broader intent.

"Although developing context-aware LLM is challenging, it can be done by extensive, interdisciplinary future research combining AI, ethics, and behavioral modeling..."

Thanks to long-time Slashdot reader DesertNomad for sharing the article.

Longtime Slashdot reader theodp writes: Past corporate-sponsored Hour of Code tutorials for the nation's schoolchildren have blurred the lines between coding lessons and product infomercials. So too is the case again with this year's newly-announced Hour of Code 2024 flagship tutorials, which include Microsoft Minecraft, Amazon Music, and Transformers One movie-themed intros to coding. The press release announcing the tutorials from tech-backed nonprofit Code.org, which organizes the Hour of Code and counts Microsoft and Amazon as $30+ million donors, boasts of its "decade of partnership with [Microsoft] Minecraft this year, reaching more than 300 million sessions of Minecraft Hour of Code since 2015!"

Interestingly, The Transformers (Paramount Pictures, which released Transformers One in the U.S., is a $25,000+ Code.org donor) is cited as one of the OG's of children's Saturday morning cartoon advertising (aka 30-minute commercials) that prompted the Children's Television Act (CTA) of 1990, an act of Congress that ordered the FCC to put in place regulations to protect children from advertising. Throughout the 1980s, Action for Children's Television (ACT) criticized children's television programs that "blur(red) the distinction between program content and commercial speech."