Python’s Game-Changer, AI’s Big Letdown & Ada’s Surprise Comeback – Programming News Roundup (July 23-24, 2025)
This week delivered a whirlwind of programming news – from a major Python update that breaks a decades-old limitation, to an AI coding competition that exposed how far code-generating models still have to go, and even a 40-year-old language surging in popularity. We’ve compiled all the key developments across languages, tools, AI, open source, security, and more. Read on for the latest updates every developer should know, with expert insights into why they matter.
🛠️ Programming Languages & Frameworks
Python 3.14 RC1 Introduces Big Changes: Python’s first 3.14 release candidate dropped, and it’s packed with improvements for performance and concurrency infoworld.com infoworld.com. Notably, official support for a no-GIL (free-threaded) build is now included – potentially ending the Global Interpreter Lock’s limitation on multi-threading. Python 3.14 also debuts an experimental JIT compiler and a smarter Windows installer, among other goodies infoworld.com infoworld.com. These features (still optional or off by default) hint at significant speed-ups on the horizon. Python developers have awaited GIL removal for years, and while it’s still opt-in, its “officially supported” status means the effort will continue in future versions. The new JIT, disabled by default in this RC, complements the adaptive interpreter to accelerate code execution. (The tradeoff: free-threaded mode can run ~5–10% slower for single-threaded programs infoworld.com, so there’s more tuning ahead.)
Java 25 Nears Release: In the Java world, JDK 25 has entered Rampdown Phase Two, locking in features as it progresses toward its September release as the next long-term support (LTS) Java version infoq.com. Oracle’s chief Java architect Mark Reinhold formally declared RDP2, meaning no new JEPs will be added now infoq.com. This positions JDK 25 to follow Java 21 as an LTS, with developers already testing their code on the latest builds (Build 32) to ensure compatibility. Meanwhile, the Spring Framework project hit a milestone: the 7th milestone release of Spring Framework 7.0 was published as part of its development cycle infoq.com. Spring 7.0 promises updates aligned with JDK 21+ and Jakarta EE 10, so enterprise Java developers are watching closely. Other Java ecosystem news included IBM’s Open Liberty and Payara Server shipping their July updates, and the Eclipse Foundation open-sourcing a new Eclipse DataGrid project infoq.com – indicating continued vitality in the Jakarta EE space.
.NET and TypeScript Updates: Microsoft continues evolving its developer platforms. .NET 10 Preview 6 became available, bringing performance tweaks and library improvements across .NET’s stack (runtime JIT optimizations, JSON serialization options, and more) devblogs.microsoft.com devblogs.microsoft.com. .NET 10 is slated for release later this year, so each preview gives a glimpse of C# and framework enhancements to come (though this preview had no new C# or F# features yet). In the web sphere, TypeScript 5.9 entered beta in July, and the TypeScript team’s roadmap revealed a bold plan: TypeScript 7.0 will introduce a new compiler written in Go for 10x performance, with the first fully-native release expected by end of 2025 adtmag.com. (Don’t worry – the current JavaScript-based compiler isn’t going away immediately; Microsoft will maintain both in parallel adtmag.com.) This move to a native compiler (project “Corsa”) could drastically speed up large codebase transpilation and signal that even beloved developer tools are being re-engineered for scale.
Rust, Kotlin, and “Old” Languages: While no new Rust version came out this week, it’s worth noting that Rust 1.88 arrived in late June with some long-awaited features. For instance, Rust stabilized “let chains” in if/while conditions for more concise logic blog.rust-lang.org, and it added support for writing “naked functions” (entirely custom ASM bodies with no compiler prologue/epilogue) for low-level use cases blog.rust-lang.org. These illustrate Rust’s continued push toward both ergonomic and systems-level capabilities. But perhaps the unlikeliest language news is the resurgence of Ada. According to the TIOBE index for July, the 1970s-born Ada language has rocketed into the top 10 most popular languages (up from 24th a year ago) tiobe.com tiobe.com. Ada’s niche focus on safety-critical systems is finding new relevance. TIOBE’s CEO Paul Jansen even wagered “I would put my bets on Ada… With the ever-stronger demands on security, Ada is… likely the best survivor.” techrepublic.com among the so-called “golden oldie” languages. It’s a reminder that as trendy languages like Rust and Kotlin battle for mindshare, proven stalwarts (Ada, Fortran, even COBOL) still endure in specific domains – especially where reliability trumps hype.
🤖 AI & Machine Learning in Software Development
Open-Source AI Coding Assistant from Alibaba: China’s tech giants are ramping up open AI efforts. Alibaba released “Qwen3-Coder,” an open-source AI model for code generation and agent-like task automation computerworld.com. Billed as Alibaba’s most powerful code model yet, Qwen3-Coder uses a massive 480-billion-parameter Mixture-of-Experts architecture (with 35B active parameters) and boasts an enormous 256k token context window (extendable up to 1 million tokens) computerworld.com. In practical terms, that context size means the model can ingest entire codebases or lengthy documentation in one go – far beyond the context limits of models like GPT-4. Qwen3-Coder is optimized for “agentic coding,” meaning it can autonomously perform multi-step coding tasks: browsing docs, calling tools/CLI, and iterating on code with minimal human guidance. In fact, Alibaba says it matches top proprietary models on benchmarks for tool use and long-context understanding computerworld.com computerworld.com. Alongside the model, Alibaba launched a companion CLI tool (Qwen Code) adapted from the open Gemini Code project, to integrate these AI capabilities into developers’ workflows computerworld.com. Industry analysts are taking note. “It wouldn’t surprise me if Western tech leaders find open-source coding models like Qwen3-Coder attractive due to their performance across various benchmarks,” said Lian Jye Su, chief analyst at Omdia computerworld.com. But experts also caution about risks: IP protection and data security need evaluation when adopting any open model, and Western firms will weigh those factors before embracing a China-origin AI computerworld.com. Still, Alibaba’s move underscores a trend – increasingly robust open-source AI models are emerging as alternatives to closed APIs, potentially giving enterprises more control (and lower cost) in AI-driven development.
ChatGPT Gets an “Agent” Mode: OpenAI is not standing still either. This week OpenAI enabled a new agent mode for ChatGPT, allowing ChatGPT to execute more complex multi-step requests autonomously by leveraging tools and external browsing on the user’s behalf sdtimes.com. In agent mode, ChatGPT can decide to take actions (like calling code execution tools, searching the web, or manipulating documents) in order to fulfill a high-level task you give it – a significant step beyond simple Q&A chat. According to OpenAI, the system will “seamlessly switch between reasoning and action” as needed, while keeping the user in the loop sdtimes.com. Crucially, OpenAI built in safeguards: the AI must ask for explicit user permission before performing any potentially sensitive action sdtimes.com. New guardrails also aim to resist prompt-injection attacks and stop the agent from doing anything too risky. For example, the agent is hard-coded to refuse high-risk operations (like initiating bank transfers or other destructive acts) sdtimes.com. OpenAI says these measures – requiring confirmation, having humans oversee the loop, and proactively mitigating known failure modes – are needed because, as they put it, giving an AI agent autonomy “comes with added risks”. This agentic ability in ChatGPT could automate many dev tasks (environment setup, running test suites, parsing log files, etc.), but developers will rightly be cautious about how much rope to give an AI. OpenAI’s approach here is to unlock powerful capabilities gradually, while building trust that the AI will “ask first and act later.”
AI Coding Challenge Exposes Limitations: A new AI coding competition launched by industry leaders has yielded its first results – and they’re humbling. The “K Prize” (organized by the Laude Institute with Databricks and Perplexity AI folks) is a multi-round coding challenge for AI agents, designed to test how well AI can tackle real software bug fixes and feature implementations. This week, the first winner was announced: a Brazilian prompt engineer won $50,000 – but he solved only 7.5% of the tasks on the benchmark techcrunch.com techcrunch.com. Yes, the top score was under 8%. While that sounds dismal, it was by design to some extent. “We’re glad we built a benchmark that is actually hard,” said Andy Konwinski, the co-founder running the K Prize techcrunch.com. The competition uses fresh, “contamination-free” GitHub issues (ones the models have never seen) to see if AI dev tools can generalize to truly new problems techcrunch.com. By contrast, existing coding benchmarks like OpenAI’s SWE-Bench have well-known test sets – top models have scored 34–75% on those techcrunch.com, possibly by overfitting or seeing similar tasks before. In this new K Prize round, no large proprietary model participated (the compute is capped to favor open-source models), and the tasks were quite involved, so scores were low across the board. Konwinski noted that if the tech giants entered their biggest models the scores would likely be higher, “but that’s kind of the point. K Prize runs offline with limited compute, so it favors smaller and open models.” techcrunch.com In fact, he’s pledged $1 million to the first open-source model that can exceed 90% on the K Prize test techcrunch.com. The takeaway for developers: despite huge advances in AI coding assistants, truly autonomous code generation that can tackle arbitrary new bugs is still in its infancy. These models struggle with understanding context and requirements that weren’t in their training data. Efforts like the K Prize are raising the bar and will drive the next wave of improvement. As Konwinski suggested, expect rapid iteration: “we expect people to adapt to the dynamics of competing [in each round]” techcrunch.com – hopefully pushing AI to write more robust, generalizable code. Until then, human developers’ jobs are safe (and those mastering AI tooling will be in even higher demand).
🔧 Developer Tools & Open Source
Microsoft Dev Proxy Adds AI Configurator: Microsoft released version 0.29 of its Dev Proxy tool – now with a dose of AI. Dev Proxy (formerly the “Microsoft 365 Developer Proxy”) is a command-line utility for simulating all sorts of network/API conditions in testing infoq.com. You run it as a proxy that intentionally fails or throttles calls to test your app’s resilience to flaky networks. The new twist: an AI-powered configuration assistant that helps set up Dev Proxy via natural language infoq.com. Microsoft added a component called the “MCP server” that allows AI agents (like GitHub Copilot or others) to automatically configure Dev Proxy rules based on a developer’s high-level intent infoq.com. For example, you could simply tell Copilot what kind of API failures to simulate, and it will program Dev Proxy accordingly. Under the hood, Dev Proxy even uses an LLM itself – it can generate OpenAPI and TypeSpec definitions from sample API calls to create realistic mocks infoq.com. By exposing the prompt templates it uses (in a Prompty spec), Microsoft is letting power users tweak how the AI behaves. This is an early example of AI agents configuring dev tools on behalf of developers, potentially saving time fiddling with JSON/YAML configs. It’s also notable that Dev Proxy is open-source on GitHub infoq.com, as is the Dev Proxy VS Code extension updated alongside it infoq.com – inviting the community to improve these AI-assisted workflows. Expect more dev tools to integrate “Copilot inside” for setup and troubleshooting tasks.
Open-Source Releases and Projects: A few open-source project updates made news. The CNCF posted a mid-year report showing healthy growth in cloud-native projects (Kubernetes ecosystem continues to expand), and one notable new entrant is Eclipse DataGrid, contributed by IBM, now an open-source in-memory data grid for Java developers infoq.com. The Angular team quietly shipped Angular v20.1 this month (a mid-cycle release with minor improvements, following Angular 20’s major release earlier in the year). And React 18 usage crossed a tipping point – industry surveys show a majority of React developers have now migrated from React 17, indicating that features like concurrent rendering are seeing broad adoption. On the AI openness front, besides Alibaba’s Qwen3-Coder, Meta is rumored to be readying a Code Llama 2 model release (building on its Llama 2 foundation) – potentially giving open-source communities another boost in coding AI options. Finally, an interesting corporate open-source note: Selenium 4.12 was released, bringing the new Selenium Manager tool to automate browser driver setup. It’s a reminder that even as we discuss cutting-edge AI agents, a lot of developers are still wrangling with end-to-end testing frameworks, and those tools are incrementally getting better (Selenium Manager eliminates the old manual driver management). In short, the open-source ecosystem remains vibrant, addressing both the latest frontiers (AI, cloud-native) and the everyday needs (web frameworks, testing libraries) of developers.
🔐 Cybersecurity Alerts for Developers
Major NPM Supply Chain Attack – Update Dependencies NOW: Yet again, the JavaScript supply chain was under siege – and this one’s serious. Attackers compromised a number of popular NPM packages (including one exceedingly popular utility called is, with 2.8 million weekly downloads) by hijacking maintainer accounts and publishing malware-laced updates bleepingcomputer.com bleepingcomputer.com. The breach was first announced on July 19 when the maintainer of is discovered unauthorized versions 3.3.1 through 5.0.0 had been published containing a malicious payload bleepingcomputer.com. Within hours those tainted versions were yanked, but not before many developers and CI systems likely pulled them. It turns out this was part of a coordinated supply-chain attack using a phishing domain (“npnjs.com”) to steal credentials bleepingcomputer.com, which allowed the adversary to push rogue updates to at least 7 known packages (is, [email protected] and several other Prettier-related plugins, [email protected], @pkgr/[email protected], [email protected], [email protected] etc.) bleepingcomputer.com. The malware embedded in these packages opened a backdoor: upon installation, it would open a WebSocket to exfiltrate environment variables (like API keys) and await remote commands to execute arbitrary code on the developer’s machine or build server bleepingcomputer.com. Essentially, by simply running npm install on a dependency update, victims could have unwittingly given attackers remote shell access to their systems. This is about as bad as it sounds – a nightmare for any organization. Security researchers found the malware even included a Windows info-stealer component (“Scavenger”) targeting browser data bleepingcomputer.com. What to do? If you use any of the affected packages, pin to known safe versions (from before July 18) or follow the maintainer guidance on which versions are clean bleepingcomputer.com. It’s strongly advised to turn off automated dependency updates for now and audit your package lockfiles. Open-source security firm Socket, which analyzed the attack, noted that maintainers should immediately reset passwords and 2FA tokens bleepingcomputer.com – the attackers may still have access. This incident has reignited calls for tougher package security: things like mandatory 2FA, cryptographic signing of packages, and better monitoring of anomalous releases. For developers, it’s a sharp reminder: watch your supply chain like a hawk. As one security expert lamented, “about 70% of all vulnerabilities are still due to memory-unsafe languages”, but supply-chain attacks don’t care what language you use – your app is only as secure as its weakest dependency.
(On the topic of memory safety: a separate report this week highlighted that 71% of tech leaders now say they won’t hire developers who lack AI skills, reflecting how critical AI and security have become in modern dev roles sdtimes.com. Governments are also pushing for safer coding practices – the White House has urged a shift away from C/C++ to memory-safe languages infoworld.com infoworld.com – but such cultural shifts take time.)
Cloud Outage and Mitigations: In other news, GitHub experienced a brief outage on July 24 due to a DNS issue, reminding dev teams to always have backup git remote options (or local clones) for critical deploys. And on the security front, Microsoft’s July Patch Tuesday (released earlier in the month) fixed 130+ vulnerabilities including a few critical .NET and Visual Studio issues – be sure your dev machines and build servers are updated arcticwolf.com. For open-source users, July saw a slew of critical library patches: e.g., a vuln in curl (if you use libcurl in C/C++ projects) and a high-severity bug in TensorFlow (upgrade to the latest patch release if you’re in ML). Docker also published guidance on an Ubuntu base image privilege escalation that could affect container workloads – a good reminder to frequently pull refreshed base images.
🏢 Big Tech & Dev Community Buzz
Microsoft Boosts Cloud Resilience Tools: Microsoft announced the general availability of Geo-Replication for Azure Event Hubs this week infoq.com – a feature eagerly awaited by developers building cloud event-processing systems. Event Hubs (the big data event streaming service on Azure) can now be configured in a primary-secondary disaster recovery setup across regions, with one region actively handling traffic and a secondary on standby infoq.com. In the GA release, Microsoft added the ability to promote a secondary to primary with minimal downtime, which is huge for ensuring business continuity during regional outages infoq.com. The geo-replication supports both synchronous and asynchronous replication modes: in synchronous mode, events are committed to a quorum of regions (and zones) before acknowledging the producer, guaranteeing no data loss, whereas async mode allows a slight lag for higher throughput infoq.com. “With synchronous replication, we put a copy of the message into a quorum of regions…before we acknowledge,” explained Clemens Vasters, an Architect on Azure Messaging infoq.com. “Asynchronous does the same, but allowing for a (configurable) lag.” For developers, this means you can trade off a bit of latency for absolute safety if needed. Another Microsoft PM noted you can even achieve RPO=0 (zero data loss) with sync mode infoq.com. Azure’s implementation stands out from AWS and Google Cloud, where cross-region event streaming often requires custom setup – AWS Kinesis and EventBridge lack turnkey multi-region replication (users resort to Kafka’s MirrorMaker, etc.) infoq.com. With this release, Azure is wooing developers in finance, IoT, and other sectors where a regional outage can’t be allowed to interrupt data flow. It also rolled out better health metrics for the replicas so ops teams know when it’s safe to fail over infoq.com. If you use Event Hubs, check the updated SDKs and consider enabling geo-rep – cloud architecture is all about resiliency now.
Apple Tightens App Requirements: Apple quietly issued a heads-up for developers this week: starting April 2026, all watchOS apps submitted to the App Store must support 64-bit developer.apple.com. As of watchOS 11 and SDK 26, Apple Watch has fully transitioned to 64-bit architecture, so Apple is giving a long lead time for devs to update any 32-bit watch app code. They recommend simply using Xcode’s “Standard architectures” build setting (which outputs a 64-bit binary by default) developer.apple.com. Most active watchOS apps are already 64-bit (especially those built in Swift), but any legacy apps or libraries will need an update. This is part of Apple’s broader push (coming out of WWDC25 announcements) to modernize and enforce best practices – similar to how iOS dropped 32-bit support years ago. In the same vein, Apple detailed upcoming changes to comply with Europe’s Digital Markets Act, including allowing alternative app stores on iOS in 2025, which will profoundly affect distribution strategies. iOS/tvOS developers also got new SDKs and design kits for the iOS/iPadOS 26 beta developer.apple.com, as Apple’s fall OS releases loom.
Google & Others: Though a quieter week for Google, the company is gearing up for its Android 14 release (now on Beta 4; final release expected next month) with new privacy features that may require developers to adjust how their apps handle background tasks and media permissions. Google Cloud did announce a preview of Assured OSS for Java and Python – a service where Google will vet and securely distribute certain open-source libraries to Google Cloud customers, as a response to supply-chain attacks. This could foreshadow a future where cloud platforms offer “safe” package repositories for popular components. In community news, the Stack Overflow 2024 Developer Survey results are set to be published soon (the survey closed last month). Early chatter suggests AI-related questions dominated the survey – reflecting the zeitgeist that developers are both leveraging and nervously eyeing AI. One striking preliminary stat: a large portion of developers reported using AI assistants in their workflow regularly, but opinions diverge on whether it actually makes them more productive. We’ll know more when the data drops, but it’s clear AI and developer experience is the hot topic of the year.
Developer Career Trends: The evolving skill set for developers was highlighted in a new report by Reveal: 71% of tech leaders say they won’t hire developers who lack AI skills on their resume sdtimes.com. Familiarity with AI/ML (even just integrating AI APIs or using AI dev tools) is quickly becoming as important as cloud or DevOps skills. At the same time, a counter-trend is brewing – discussions on whether heavy reliance on AI coding tools might erode fundamental programming skills. An SD Times column provocatively asked if AI-enabled development could cause “skill erosion” in the long run, or if it will act as a catalyst for developers to focus on higher-level problem solving. Companies are balancing these concerns: encouraging use of AI for productivity, but also investing in training to ensure developers keep their software design and debugging muscles sharp. In the open-source community, maintainers continue to grapple with burnout and funding issues – a reminder that many critical projects still run largely on volunteer effort. Initiatives like GitHub Sponsors and OpenSSF funding are expanding to support maintainers of widely-used libraries (especially in security-sensitive areas).
That’s all for this mid-week roundup! It’s been an exciting couple of days, with programming languages breaking new ground, AI both astounding and humbling us, and a constant undercurrent of “developers, beware” on the security front. As always, staying current is key: the tools and best practices are evolving quickly (who had Ada making headlines on their 2025 bingo card?). Keep learning, patch your dependencies, and happy coding!
Sources: Programming language updates from official releases and InfoWorld infoworld.com infoq.com; AI news via TechCrunch and Computerworld techcrunch.com computerworld.com; security incidents reported by BleepingComputer bleepingcomputer.com bleepingcomputer.com; cloud/platform announcements on InfoQ and Apple Developer news infoq.com developer.apple.com; industry trends from TechRepublic and SD Times techrepublic.com sdtimes.com.
