coding practices Archives

AppWizard

February 13, 2026

Billionaire founder of Minecraft slams anyone advocating using AI to write code as ‘incompetent or evil’

Markus Persson, the creator of Minecraft, has expressed concerns about the rapid integration of generative AI in programming, describing it as an initiative being "forced down our throats" by "evil" entities. He fears losing creative autonomy and control over coding, comparing AI writing code to AI drafting laws. Persson advises aspiring developers to "Learn. Your. Craft," emphasizing the importance of foundational skills in programming. His views align with some industry leaders who advocate for coding literacy as a fundamental skill, while others, like GitHub CEO Thomas Dohmke and Nvidia CEO Jensen Huang, stress the necessity of mastering AI to remain competitive in the job market.

Winsage

December 30, 2025

The great programming transformation: How AI and Rust are quietly dethroning C in Linux

Microsoft is focusing on AI development more than Linux, with 20% to 30% of its code now generated by AI. Galen Hunt aims to eliminate C and C++ from Microsoft's codebase by 2030, envisioning a transition to Rust, although not a complete rewrite of Windows. Microsoft is integrating Rust into security-critical areas, while Linux is also adopting Rust through initiatives like Rust-for-Linux and plans to write its apt package manager in Rust. Both companies are using AI to streamline development, with Microsoft allowing AI to autonomously handle coding issues, while Linux maintains human oversight in decision-making. Rust is seen as a safer alternative to C due to its memory-safe design, despite some challenges, including identified security bugs.

Winsage

December 24, 2025

“My goal is to eliminate every line of C and C++ from Microsoft by 2030” — Microsoft bets on AI to finally modernize Windows

Microsoft is planning to replace C and C++ with Rust across its codebases by 2030, as stated by engineer Galen Hunt. The company aims to eliminate every line of C and C++ using artificial intelligence and advanced algorithms, targeting a goal of “1 engineer, 1 month, 1 million lines of code.” Microsoft has developed a code processing infrastructure to support this initiative, which is already operational for various code understanding challenges. In 2023, Microsoft began rewriting parts of the Windows Kernel using Rust due to vulnerabilities associated with C and C++. The new role advertised by Hunt is part of the Future of Scalable Software Engineering group within Microsoft CoreAI, indicating a significant investment in modernizing Microsoft's code for enhanced security and efficiency.

Winsage

October 24, 2025

Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability

Microsoft has released out-of-band security updates to address a critical vulnerability in the Windows Server Update Service (WSUS), identified as CVE-2025-59287, which has a CVSS score of 9.8 and is actively being exploited. The vulnerability allows unauthorized remote code execution due to unsafe deserialization of untrusted data. It affects various supported versions of Windows Server, including 2012, 2012 R2, 2016, 2019, 2022, and 2025 (23H2 Edition, Server Core installation). Microsoft recommends applying the patch and rebooting the system, or alternatively, disabling the WSUS Server Role or blocking inbound traffic to Ports 8530 and 8531. The Dutch National Cyber Security Centre (NCSC) reported active exploitation on the same day the updates were released. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities catalog, requiring federal agencies to address it by November 14, 2025.

AppWizard

October 2, 2025

Signal Messenger Impersonated in ‘ProSpy’ Android Spyware Campaign

ESET researchers have identified two Android spyware campaigns, ProSpy and ToSpy, which masquerade as secure messaging apps, Signal and ToTok. These malware families were first detected in June 2025 and are distributed through phishing websites and fake app marketplaces. ProSpy, which mimics a “Signal encryption plugin” or an enhanced ToTok, extracts sensitive user information, including SMS messages, contacts, and device metadata, after gaining permissions. It disguises itself as “Play Services” to avoid detection. ToSpy, discovered concurrently, seeks to capture specific files related to ToTok backups and collects various document types. Both malware types maintain long-term access to infected devices and have been reported to Google, resulting in Play Protect blocking their known variants. The main targets of these campaigns are users in the United Arab Emirates.

AppWizard

August 14, 2025

Surge in Android Malware Targets Banking Apps with NFC Fraud

A new wave of Android malware is targeting banking applications, utilizing techniques such as NFC relay fraud, call hijacking, and root-level exploits. Variants like PhantomCard, SpyBanker, and KernelSU are designed to infiltrate devices and manipulate transactions in real time. PhantomCard mimics legitimate NFC payment processes, SpyBanker hijacks calls from financial institutions, and KernelSU exploits kernel vulnerabilities for persistent access. This malware has affected thousands of devices, with attackers using disguises on the Google Play Store and phishing campaigns. A related variant, Anatsa, impacted over 90,000 users through fake PDF applications. The rise of such malware correlates with the increasing adoption of contactless payments, particularly in Europe and Asia. Experts recommend that banks enhance their defenses with behavioral analytics and that users enable app verification. Additionally, malware like KernelSU allows evasion of detection by operating at the system's core. Cybersecurity firms suggest a multi-layered security approach, including device encryption and AI-driven threat detection, to combat these evolving threats.

AppWizard

July 17, 2025

Java for mobile app development: How to create Android apps in 2025 – London Business News

Java is a key programming language in mobile application development, particularly for Android, and is expected to remain relevant in 2025. It is officially supported in Android development, with a significant portion of Android applications built using Java. Java continues to be integrated into Android Studio and is favored for its comprehensive documentation, backward compatibility, and strong community support. Java's ecosystem is characterized by its mature tools and best practices, making it suitable for both simple and enterprise-level applications. Core components of Android apps built with Java include Activities, Services, Broadcast Receivers, and Content Providers. The development process involves setting up the environment with Android Studio, designing user interfaces with XML, implementing app logic in Java, testing the application, and deploying it via the Google Play Store. Best practices in 2025 include modular architecture, dependency management with libraries like Dagger and Hilt, asynchronous programming techniques, and the use of version control systems like Git. Java remains a viable option alongside Kotlin, especially for legacy codebases and its perceived accessibility for new programmers. Modern tools supporting Java development include Room for data storage, Retrofit for API calls, Glide for image loading, Firebase for cloud services, and Crashlytics for crash monitoring. Outsourcing Java development is a common strategy for companies looking to scale their mobile projects efficiently. Java continues to evolve, accommodating advancements in machine learning, IoT, and edge computing.

Tech Optimizer

July 17, 2025

AWS Open-Sources pgactive PostgreSQL Extension

Amazon Web Services (AWS) has launched pgactive, an open-source extension for PostgreSQL that enables active-active replication, allowing databases to stream data asynchronously between instances. Announced in June 2025, pgactive was previously proprietary within AWS's Relational Database Service (RDS) and first appeared in late 2023. The extension supports conflict resolution and bidirectional data syncing, enhancing resiliency for high-availability applications. It is available under the Apache 2.0 license, encouraging community contributions and customization. Pgactive's architecture includes logical replication slots and customizable conflict handlers, essential for fault-tolerant systems. The open-source model promotes transparency and peer review, with potential integrations discussed in developer communities. The initiative aims to transform enterprise database replication and empower developers to innovate without vendor lock-in.

Tech Optimizer

July 5, 2025

Critical PHP Vulnerabilities Expose Systems to SQL Injection & DoS Attacks

A security vulnerability identified as CVE-2025-1735 in the PHP pgsql extension has been disclosed, classified with moderate severity. It arises from inadequate error checking during input data escaping, specifically the failure to pass error parameters to the PQescapeStringConn() function and not verifying NULL values from PQescapeIdentifier(). This flaw affects PHP versions prior to 8.1.33, 8.2.29, 8.3.23, and 8.4.10, allowing potential SQL injection attacks and application crashes due to null pointer dereferences. The vulnerability is linked to a recent PostgreSQL vulnerability (CVE-2025-1094) related to invalid multibyte character handling. Developers are urged to upgrade to patched releases to mitigate risks.

Winsage

June 18, 2025

XDSpy Threat Actors Leverages Windows LNKs Zero-Day Vulnerability to Attack Windows System Users

A cyber espionage campaign attributed to the XDSpy threat actor has been discovered, exploiting a zero-day vulnerability in Windows shortcut files identified as “ZDI-CAN-25373.” This vulnerability allows attackers to conceal executed commands within specially crafted shortcut files. XDSpy has primarily targeted government entities in Eastern Europe and Russia since its activities became known in 2020. Researchers from HarfangLab found malicious LNK files exploiting this vulnerability in mid-March, revealing issues with how Windows parses LNK files. The infection begins with a ZIP archive containing a malicious LNK file, which triggers a complex Windows shell command to execute malicious components while displaying a decoy document. This command extracts and executes a first-stage malware called “ETDownloader,” which establishes persistence and downloads a second-stage payload known as “XDigo.” The XDigo implant, written in Go, collects sensitive information and employs encryption for data exfiltration. This campaign represents an evolution in XDSpy's tactics, combining zero-day exploitation with advanced multi-stage payloads.