Info World

Code commonly flows downstream, from an open-source project into an organization’s own products. Upstreaming is the process of reversing that flow—contributing code back to an open-source project. The value proposition of upstreaming includes harnessing the strength of an open-source community to examine code, find and fix problems, and add their own features that make the code more valuable to everyone using it.

As someone who has been deeply involved with open-source projects for many years—I’ve committed code to the open source FreeBSD operating system project for over a decade now, served on that project’s core team for two terms, contributed to open source ZFS, and co-written two books about ZFS—I’ve seen countless organizations meet the challenges and reap the substantial benefits of upstreaming. In short, contributed code that becomes part of a mainline open-source project receives shared maintenance, active development, and extension, with other members across the community often adding value that goes well beyond the initial contribution.

To read this article in full, please click here

Java services are the most-impacted by third-party vulnerabilities, according to the “State of DevSecOps 2024” report just released by cloud security provider Datadog.

Released on April 17, the report found that 90% of Java services were susceptible to one or more critical or high-severity vulnerabilities introduced by a third-party library. The average for other languages was 47%.

Datadog’s report analyzed tens of thousands of applications and container images and thousands of cloud environments to assess application security. Following Java in the vulnerabilities assessment were JavaScript, at roughly 70%; Python, at 62%; .NET, at 50%; PHP, at 35%; and Go (golang) and Ruby, both at about 32%.

To read this article in full, please click here

Building applications at scale is nothing compared to building an operating system like Windows, especially when it comes to source code control. How do you manage the repository (or repositories) for such a software behemoth, with thousands of developers and testers, and with a complex build pipeline that’s continuously delivering fresh code?

Microsoft’s history with internal source control systems is convoluted. You might think it used the now discontinued Visual SourceSafe, but that was most appropriate for local file systems and smaller projects. Instead, Microsoft used many different tools over the years, initially an internal fork of the familiar Unix Revision Control System, before standardizing on Perforce Source Depot.

To read this article in full, please click here

OpenAI, the artificial intelligence research company, has updated its Assistants API with a faster, more accurate file search tool, vector stores, and a tool choice parameter.

OpenAI announced the Assistants API update on April 17. The new file_search tool can retrieve as many as 10,000 files per assistant. It connects models with developers' data to assist in building applications relevant to an organization or use case. The tool works with the new vector store objects for automated file parsing, chunking, and embedding. New token controls, tool-choice capabilities, and added support for model configuration parameters offer greater flexibility to individual use cases.

To read this article in full, please click here

In a move that could redefine how generative AI can be used by enterprises sans the present ambiguity over its ability to scale and interoperable across business systems, the LF AI & Data Foundation has announced the launch of the Open Platform for Enterprise AI (OPEA) in collaboration with several technology companies.

The objective is to spearhead the development of open, robust, multi-provider, and composable GenAI systems that are flexible, scalable, and enterprise-grade. Technology bigwigs supporting the initiative include Intel, VMWare, Red Hat, SAS, Cloudera, MariaDB Foundation, Anyscale, and Datastax. The LF AI & Data Foundation is inviting and expecting more members to join the bandwagon.

To read this article in full, please click here

A change to Java’s G1 garbage collector would lower the memory and processing overhead and speed the execution of Java’s C2 optimizing JIT (just-in-time) compiler, benefiting cloud deployments, under a proposal in the Java community.

The OpenJDK proposal would simplify the implementation of G1’s barriers, which record information about application memory accesses, by shifting their expansion from early in the C2 JIT's compilation pipeline to later, the proposal states.

Underlying this proposal is the increasing popularity of cloud-based Java deployments, which has led to a stronger focus on reducing overall JVM overhead. Goals of the plan include reducing the execution of time of C2 when using the G1 collector, making G1 barriers comprehensible to HotSpot developers who lack a deep understanding of C2, and guaranteeing that C2 preserves invariants about the relative ordering of memory accesses, safepoints, and barriers. Another goal is preserving the quality of C2-generated code in terms of speed and size.

To read this article in full, please click here

As the use of ever more powerful AI models continues to grow, ensuring trust and accountability must be at the top of the list of goals, on par with any of AI’s potential benefits. It won’t happen overnight, nor will it result from any single step, such as better code, government regulations, or sincere pledges from AI developers. It will require a substantial cultural shift over time involving people, processes, and technology, and it will require widespread collaboration and cooperation among developers and users.

Despite any misgivings about AI’s shortcomings, business leaders can’t ignore its benefits. Gartner found that 79% of corporate strategists believe that their success over the next two years will depend heavily on their use of data and AI. The proliferating use of AI is inevitable. The rise of generative AI in particular has created a gold-rush mentality born of the fear of being at a competitive disadvantage—resulting in significant noise and potential recklessness as companies launch themselves into the ring of AI offerings. For developers and technology leaders considering adding AI to their ecosystem, there are several pitfalls worth examining before choosing a solution. Luckily, the calls for responsible use are also growing.

To read this article in full, please click here

The ECMAScript specification is like a portrait of the JavaScript language that is repainted every year. As is typical of modern JavaScript, the spec and real-world practice move in tandem. The newest version of the spec, ECMAScript 2024, includes seven new JavaScript features and is expected to be finalized in June. This article introduces four of the new features that are already available in browsers and server-side environments, and ready for you to use today:

• Promise.withResolvers is a powerful mechanism for managing asynchronous operations when external control over resolution and rejection is necessary.
• Object.groupBy and Map.groupBy let you organize collections based on key properties.
• Atomics.waitAsync facilitates safe communication and synchronization between worker threads.
• String.isWellFormed and String.toWellFormed add valuable tools for handling user input and network data.

Let’s start with the new static method on Promise, called withResolvers(). JavaScript promises give us various ways to deal with asynchronous operations. The withResolvers() method is used to create the three parts of a Promise: the Promise itself and the resolve() and reject() functions. 

To read this article in full, please click here

A common problem with Python applications is how to share them with other people. Developers frequently use a web interface to solve this issue, presenting the app's functionality by way of a UI. But that solution works best when the application UI is a natural fit for web components. Data exploration apps can work like this, for instance, but they also require front-end components written in JavaScript for ideal interactivity.

Streamlit is a Python library that aims to solve many of these issues at once. Using Streamlit, developers can create Python apps with web-based front ends, built from a rich library of interactive components.

To read this article in full, please click here

As of the first quarter of 2024, 83% of developers were involved in devops-related activities such as performance monitoring, security testing, or CI/CD, according to the State of CI/CD Report 2024, published by the Continuous Delivery (CD) Foundation, a part of the Linux Foundation.

Released April 16, the State of CI/CD Report 2024 is downloadable from the CD Foundation, authored by developer researcher SlashData, and sponsored by CloudBees, provider of a DevSecOps platform.

To read this article in full, please click here

Open-source database provider Qdrant has made available Qdrant Hybrid Cloud, a dedicated vector database to be offered in a managed hybrid cloud model.

Qdrant, the open-source foundation of both Qdrant Cloud and Qdrant Hybrid Cloud, is a vector similarity search engine and vector database written in Rust. Qdrant offers a set of features for performance optimization and can handle billions of vectors with scale and memory safety, the company said. 

To read this article in full, please click here

Modern software applications are underpinned by a large and growing web of APIs, microservices, and cloud services that must be highly available, fault tolerant, and secure. The underlying networking technology must support all of these requirements, of course, but also explosive growth.

Unfortunately, the previous generation of technologies are too expensive, brittle, and poorly integrated to adequately solve this challenge. Combined with non-optimal organizational practices, regulatory compliance requirements, and the need to deliver software faster, a new generation of technology is needed to address these API, networking, and security challenges.

To read this article in full, please click here

In the past two years, I’ve been involved with generative AI projects using large language models (LLMs) more than traditional systems. I’ve become nostalgic for serverless cloud computing. Their applications range from enhancing conversational AI to providing complex analytical solutions across industries and many functions beyond that. Many enterprises deploy these models on cloud platforms because there is a ready-made ecosystem of public cloud providers and it’s the path of least resistance. However, it’s not cheap.

To read this article in full, please click here

ECMAScript 2024, a planned update to ECMA’s standard for JavaScript, is set to include seven new features ranging from array grouping to Unicode strings. The 2024 specification, from ECMA’s Technical Committee 39, is expected to be approved in June.

Among the list of finished features cited for publication this year is a proposal for array grouping. Motivating this proposal is the notion that array grouping is a common operation best exemplified by SQL’s GROUP BY clause and mapreduce programming. The ability to combine like data into groups lets developers compute higher order data sets.

To read this article in full, please click here

Depending on your politics, trickle-down economics never worked all that well in the United States under President Ronald Reagan. In open source software, however, it seems to be doing just fine.

I’m not really talking about economic policies, of course, but rather about elite software engineering teams releasing code that ends up powering the not-so-elite mainstream. Take Lyft, for example, which released the popular Envoy project. Or Google, which gave the world Kubernetes (though, as I’ve argued, the goal wasn’t charitable niceties, but rather corporate strategy to outflank the dominant AWS). Airbnb figured out a way to move beyond batch-oriented cron scheduling, gifting us Apache Airflow and data pipelines-as-code.

To read this article in full, please click here

Tools that manage changes to source code, programs, documents, or other collections of information are known by a variety of names: version control, revision control, source control, or source code management are all common descriptors. Regardless of what we call them, these systems have become increasingly vital in a world where software and data are essential commodities.

Version control systems (VCS) are used to track every change to source code. They help development teams and others manage these changes over time. As market pressures accelerate development efforts to bring products to market faster, version control has become more important than ever.

To read this article in full, please click here

The Rust language team has published a point release of Rust to fix a critical vulnerability to the standard library that could benefit an attacker when using Windows.

Rust 1.77.2, published on April 9, includes a fix for CVE-2024-24576. Before this release, Rust’s standard library did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command API. An attacker who controlled arguments passed to a spawned process could execute arbitrary shell commands by bypassing the escape. This vulnerability becomes critical if batch files are invoked on Windows with untrusted arguments. No other platform or use was affected. Developers already using Rust can get Rust 1.77.2 using the command: rustup update stable.

To read this article in full, please click here

“The cloud has tremendous business value!” That’s the battle cry chanted by cloud providers and their allies at every cloud computing conference.

You will never hear me say that “the cloud” is always the right solution or, for that matter, the wrong solution. In my 20-plus years as a cloud expert, I’ve never blindly followed the lead of cloud computing pioneers or adopters. Like any other technology trend and category, cloud computing should be considered on a case-by-case basis.

This balanced approach may have cost me some friends and perhaps some jobs, but I believe this will remain the right way to think about cloud deployments in 2024.

To read this article in full, please click here

A high-quality application must be stable, performant, scalable, and reliable. The reliability of an application depends on many factors, but one of the most important is resiliency, or the ability to withstand failures or faults during run time. In this article, we’ll see how we can bring resiliency to database connections in ASP.NET Core using Entity Framework Core.

EF Core has a feature called connection resiliency that automatically retries failed database commands to maintain connectivity during transient errors or network instability. By encapsulating the logic for identifying failures and retrying commands, this feature allows us to devise execution plans for different database failure situations.

To read this article in full, please click here

Microsoft has announced the MSTest SDK. Built on the MSBuild Project SDK system and based on the MSTest runner, the MSTest SDK is designed to give developers a better experience for testing with MSTest, Microsoft’s framework for unit testing.

The MSTest SDK, announced April 11, makes project configuration easier via sensible defaults and flexible options, Microsoft said. To use the MSTest SDK, developers must create an MSTest project, or update an existing MSTest project, and replace the content of the .csproj file.

To read this article in full, please click here