WebAssembly, or Wasm, is a cornerstone for many modern web-based applications. But what exactly is WebAssembly? Initially conceived to bring near-native performance to web applications, Wasm provides a compact binary format that serves as a compilation target for key programming languages like C++ and SQL.

Whether you’re enhancing web-based games, embedding real-time video editing into your application, or pushing the boundaries of 3D rendering, Wasm stands out as a driving force behind these advancements. To help you, this article will go over what every beginner should know about WebAssembly, what it’s generally used for, and what the future may hold for this promising technology.

NGINX, now a part of F5, is the company behind the popular open source project, NGINX. NGINX offers a suite of technologies to develop and deliver modern applications including NGINX Plus for load balancing, App Protect for security, and NGINX Ingress Controller to get control of Kubernetes.

Learn More

The latest from NGINX

The Core of WebAssembly

When you hear WebAssembly, try to think of it as a bridge of sorts — a bridge between the potential of high-performance applications and the open platform of the modern web.

Unlike traditional JavaScript, which is interpreted or JIT-compiled, WebAssembly code is delivered in a low-level binary format, making it both compact in size and swift in execution. This binary format is specifically designed for modern CPUs, ensuring that code runs at near-native speed.

Why Binary?

Wasm’s binary format serves a dual purpose — first off, it means that applications can be much smaller in size, leading to quicker downloads and reduced load times. This increased efficiency is particularly crucial for web apps, where every millisecond of loading time can make a difference to user experience and retention.

Also, because it’s much closer to machine code, the computational tasks are executed faster, bringing applications on the web closer in performance to their native counterparts.

High-Level Languages as Catalysts

With Wasm, devs are no longer restricted to JavaScript alone; they can write complex code in primary programming languages like C, C++, Rust, and more, which is then compiled into Wasm’s binary format, allowing the application to run on the web browser.

For devs of all experience levels, this is absolutely monumental. It means they can now bring performance-heavy applications — like video editing tools or 3D games — directly to the browser without the need for plugins or third-party app stores. On top of that, they can reuse existing codebases — making the transition to the web smoother and more cost-effective.

Security and Sandboxing

WebAssembly’s architecture is engineered to keep security at its core, offering a secure execution environment and vital features like memory safety.

The execution environment operates in a “sandbox,” limiting the potential for security vulnerabilities. This means that even if there’s potentially harmful code, its effects are contained and it can’t harm the user’s system. This is crucial in a threatscape where dangers are manifold — from malware to tax identity theft.

WebAssembly employs a multi-layered security approach to counter cybercriminals who are targeting financial and tax details. By executing code in a confined environment, WebAssembly minimizes the risk of unauthorized access to sensitive information — such as your Social Security number or geolocational data. Encryption protocols can be easily implemented in a WebAssembly module, too, further securing the transfer and storage of vital information.

Therefore, businesses and end users can engage in online activities with greater peace of mind, knowing that WebAssembly’s robust security infrastructure is actively working to mitigate the risks associated with online scams and threats.

Diverse Use Cases of WebAssembly

As Wasm continues to carve its niche in programming, examples of how it’s revolutionizing the web are becoming more plentiful by the day. The following use cases illustrate Wasm’s versatility and potential.

Gaming

The gaming industry is witnessing a transformative phase, with browser-based games no longer being simple or rudimentary. Thanks to WebAssembly, devs can now bring graphics-intensive games — which were previously reserved for dedicated gaming consoles or powerful PCs — directly to web browsers.

Multimedia Applications

Multimedia applications are vast in scope, encompassing video editing, image processing, audio manipulation, and more. WebAssembly facilitates the creation of browser-based tools that closely mirror their desktop counterparts in terms of functionality and performance. Imagine complex tasks like video rendering, real-time audio processing, or even 3D model design, all being executed smoothly within your browser.

Scientific Computing

In fields like biology, physics, and engineering, computational tasks can be heavy and demanding. Simulations, modeling and data processing, which once required dedicated software and hardware, are now being made available on the web. Wasm can handle the computational intensity; making it possible to run, for example, a genetic sequencing algorithm or an aerodynamics simulation directly from a browser.

Augmented Reality (AR) and Virtual Reality (VR)

Thanks to Wasm, AR and VR are expanding beyond gaming. From virtual shopping experiences and interactive educational platforms, to immersive art installations, WebAssembly provides the backbone needed for these applications.

Other Applications

Innovations like the WebAssembly System Interface (WASI) are pushing boundaries, making it feasible for Wasm to run server-side applications. It’s also a great way to improve the performance of web applications, especially custom ones.

Nowadays, plenty of organizations use bespoke solutions for almost every aspect of their workflow. From everyday tools like a custom DOCX editor or image format converter, to complex creations like rendering engines, WebAssembly is a universal solution.

Not only is it secure, which helps protect IP and trade secrets, but it also runs at near-native speeds, which drastically reduces time-wasting during collaborative work sessions. Likewise, there’s also a noticeable increase in resource efficiency in the backend, allowing organizations to better allocate resources, especially computing power.

Then, you also have e-learning platforms — they often incorporate interactive simulations, coding environments, and real-time feedback systems. WebAssembly can power these features, ensuring learners have a seamless and responsive experience, whether they’re experimenting with a physics simulation or practicing coding in an online IDE.

Last but not least, we can’t forget how important real-time data processing and complex mathematical calculations are in financial platforms. WebAssembly allows for the creation of high-speed trading tools, real-time analytics dashboards, and other financial applications directly in the browser, with performance being comparable to more dedicated software.

Drawbacks of WebAssembly

The use cases and benefits of Wasm, although they are plentiful, don’t exist in a vacuum. In order to fully utilize this platform, one must also consider its drawbacks. This is essential in understanding Wasm’s full array of capabilities. With that in mind, think about the following when considering whether to use WebAssembly.

1. Lack of Garbage Collection

In many modern languages — like JavaScript, Java, or Python — garbage collection is an automatic process that frees up memory no longer in use by the application. WebAssembly’s absence of a native garbage collection system creates a complex environment for memory management. This will be a shocking experience at first, especially for younger devs who are used to having this feature automated.

Developers have to explicitly allocate and deallocate memory, which greatly elevates the risk of memory-related issues like leaks or buffer overflows. Moreover, this also imposes limitations on which programming languages can be ported effectively to WebAssembly. So far, the most suitable options include:

• Rust: It provides excellent memory safety features and has a robust ecosystem around WebAssembly. The Rust compiler can directly target WebAssembly, and there are tools like wasm-bindgen to facilitate smooth interaction between Rust and JavaScript.
• C/C++: These languages offer fine-grained control over memory and are well-supported by WebAssembly. The Emscripten toolchain allows C/C++ code to be compiled to WebAssembly easily. Many existing codebases written in these languages have been successfully ported to WebAssembly.
• AssemblyScript: This is a subset of TypeScript that has been tailored for WebAssembly. It provides a familiar syntax for JavaScript and TypeScript developers, while being designed to compile to WebAssembly efficiently.

2. Limited Access to Web APIs

WebAssembly operates in a sandboxed execution environment separate from the JavaScript runtime. As a result, it can’t natively perform operations like DOM manipulations, or fetch data from web APIs.

To do these, it has to go through JavaScript, which creates a bottleneck and adds latency to the operations. This situation is particularly problematic for applications that require real-time interaction with the web environment. For instance, in gaming or interactive simulations where speed and real-time updates are crucial, having to go through a JavaScript bridge can undermine the very performance benefits that WebAssembly aims to offer.

3. Debugging Difficulties

The debugging ecosystem for WebAssembly is far from mature. The tools available are not as advanced as those for other languages, and the debugging process can often be cumbersome.

If a developer is looking to debug the WebAssembly binary directly, the available options are quite limited. Setting breakpoints, watching variables, and other typical debugging activities become tricky. Source maps, which connect your WebAssembly code back to your readable source code, offer some reprieve; but they too are still not perfectly integrated into most debugging tools. This often results in longer and more frustrating development cycles, especially when Docker and Wasm work in unison.

4. Browser Compatibility

While most modern web browsers offer good support for WebAssembly, there’s a significant portion of users on older versions that don’t. This includes Opera Mini, Legacy Microsoft Edge IE 11, and QQ.

Thus, when targeting a broad user base, developers need to write fallback mechanisms — usually in JavaScript. This creates a situation where essentially two versions of the same functionality have to be maintained. This not only increases the initial development time, but also inflates the ongoing maintenance costs. Every new feature or bug fix has to be implemented twice and then tested across multiple versions, which can be resource-intensive.

5. Security Concerns

WebAssembly is designed to execute code securely within a sandboxed environment, but this doesn’t eliminate all security concerns. Since it allows for the execution of low-level code, there’s a potential for new kinds of cyberattacks, such as integer overflows or buffer overflows, which are less common in high-level languages like JavaScript.

These concerns demand rigorous security auditing and often require developers to adopt additional security measures, like data validation and input sanitization, which add more layers of complexity and can be resource-intensive.

6. Complexity

WebAssembly’s low-level architecture provides a high degree of control over the code execution, but it also demands a deep understanding of computer architecture and low-level programming constructs.

Unlike JavaScript or Python, which handle many operations automatically, WebAssembly requires you to manually manage aspects like memory allocation, stack operations, and binary arithmetic. Such intricacies make WebAssembly less approachable for developers without a background in systems programming or computer architecture.

Additionally, the current documentation and educational resources for WebAssembly are not as abundant as for more established languages, making the learning curve steeper. The learning curve is notoriously steep, and it’s an unpleasant experience for webdev newcomers.

7. File Size

Despite its compiled, binary nature, WebAssembly files are not always smaller than their JavaScript equivalents. Especially when using large libraries or frameworks, the WebAssembly file size can become a concern.

This is particularly important for users on mobile devices or slower network connections, where large files can lead to noticeably slower load times. Developers need to consider this trade-off carefully; even though WebAssembly may execute more quickly once loaded, the initial load time could adversely affect the user experience enough to offset this advantage.

8. Ecosystem Maturity

WebAssembly is a relatively new technology, and as such, its ecosystem is not as rich or mature as other programming languages. JavaScript, for example, has a plethora of frameworks, libraries, and tools developed over more than two decades.

In contrast, WebAssembly’s more limited ecosystem often requires developers to build components from scratch, leading to longer development cycles. Furthermore, while community support is growing, the number of experts and available learning resources is currently limited, making problem-solving more challenging.

9. SEO Implications

Search engines are primarily designed to index text-based content like HTML, CSS, and JavaScript. With WebAssembly’s binary format, the standard tools and practices for search engine optimization may not be directly applicable. This requires additional strategies, such as server-side rendering or using JavaScript to dynamically generate SEO-friendly metadata, to ensure that the content is accessible to search engine crawlers.

These extra steps can add a level of complexity that could make WebAssembly less attractive for publicly accessible web projects where SEO is a major concern. Likewise, if WebAssembly is implemented poorly and it slows down the website or causes compatibility issues, this could negatively impact user engagement, and result in SEO teams having to focus on additional tasks and SEO tactics, such as link building, retargeting, and increased outreach efforts. This can be exhausting for the SEO team and have a negative impact on the site’s rankings if not promptly fixed.

Potential Future Evolution of Wasm

As WebAssembly continues to mature and grow in prominence, it is poised to play a pivotal role in the next generation of web and beyond. Here’s a closer look into the potential trajectory of its evolution:

• Expanding Beyond the Browser: Wasm’s beginnings may have been browser-centric, but its destiny appears universal with advanced projects like WASI (WebAssembly System Interface) being just the tip of the iceberg. The idea of having a universal runtime can revolutionize software distribution, allowing devs to write once and have their applications run anywhere — from browsers and servers to edge devices and even embedded systems.
• Integration with Emerging Technologies: The dynamic nature of technology ensures that there are always new frontiers to explore. As technologies like AR, VR, Machine Learning, and IoT gain momentum, WebAssembly is positioned to be at the heart of these integrations. We could soon see more intelligent web applications, augmented reality tools, and interconnected devices leveraging the power and efficiency of Wasm.
• Growing Tooling and Community Support: A robust technology is only as good as its ecosystem. As Wasm gains traction, the developer community surrounding it is thriving, leading to the emergence of more advanced tools, frameworks and libraries.
• Enhanced Interoperability: While WebAssembly already boasts significant interoperability with JavaScript and other web technologies, the future may hold even more seamless integrations. As the web standards evolve, we may see WebAssembly become even more central to the core of the internet, allowing for richer, more dynamic, and interactive web experiences.

The Web’s Next Frontier

In short, WebAssembly is redefining the benchmarks of what’s possible on the web. For developers, it’s not just another tool in the arsenal, but a transformative technology that opens up avenues previously deemed unattainable.

As it continues to evolve, the lines between native and web applications might be blurred even further, leading to a truly unified and more robust internet in the future.

The post What Is WebAssembly? appeared first on The New Stack.

While I have mentioned the Unity platform in previous posts because it provides a solid solution for making UI-based apps that target most devices, it is nevertheless designed squarely for the games industry. However, the recent news and ongoing saga has hit the mainstream media because of the reaction of the games development community. Outside of the large studios that use Unreal or their own engines to produce “AAA” games, Unity is very popular with independent developers and smaller teams. The platform is popular in universities, which leads to many students having their first development experiences in C#. Unity is also a popular platform for mobile development, which may give Apple a problem.

The Unity Rug-Pull

The sad saga started off with a declared change in the monetization for the platform, from a standard license agreement to a so-called “Runtime Fee” charged for every install after a game crosses certain thresholds. This type of radical change certainly never appeared on the company’s roadmap and represented a retroactive change to the Terms Of Service (TOS). Many development teams voiced their concerns on social media about how this was a serious breach of trust.

Monetizing based on installs has no working examples in the industry and for good reason. Unity offered no explanation on how exactly they would collect these statistics, and what privacy and security lines this might cross. It was pointed out that if a developer offered a published game to a successful charity bundle, the number of installs could quickly bankrupt them. There was also the possibility of malicious re-installs that could clearly be problematic.

$0.20 — The fee per install for small developers (Unity Personal subscribers) whose games brought in $200,000 in the past year and have 200,000 lifetime installs to date.

It was clear that Unity had never seriously discussed its potential change details with any actual developers, and responded with unconvincing workarounds and PR crafted non-apologies. As I write this, the backtracking is still stumbling on like a soap opera during a writers strike. For many developers, the overall picture is that Unity is no longer a trustworthy partner, and without an immediate apology and cancellation of the runtime fee, that will remain the case.

There is still a small level of immaturity within the games industry with respect to recognizing bad faith, probably because of the industry’s hobbyist roots, which leads people to assume everyone is there for the love of it. So now small teams are scrambling to leave Unity, even midway through projects.

Have an Agnostic View of Your Technology

This post is about holding an agnostic view of the technology you use; the shenanigans with Unity are just another reason to do so. Aside from recent events, Unity is a typical Software as a Service (SaaS) provider. There is no particular reason to believe another similar SaaS company elsewhere may not try to implement a similar model.

Changing the engine technology while the plane is in flight is not always easy to do. It is likely to alarm passengers. Within the software industry, the key to being ready for change is separating a product’s intentions from its internals as early as possible. This means that both inside and outside the company, anyone can describe the product or system with a rich model showing customer problems, solutions and processes, that never couple themselves with any particular technology stack.

Because no one knows when a vital pipeline component or supplier might become uneconomic, or purchased by an erratic owner, eternal vigilance is required. This can catch smaller companies out, those that don’t have the manpower to continually review all of their agreements and contracts.

These ideas seem obvious to start with, but as attention drifts, things start to fray at the edges. You hear “It’s stored in S3”, when it should just be “stored in the cloud”. Or “Everything is in git”, as opposed to “Everything is in source control”. Or “We have backup databases”, as opposed to backup data sources. This might seem like a recipe for vagueness, but it is essential to respect the boundaries between things you control and things you don’t. It might seem cool when a CTO name checks every cool technology that their system uses, but that just ties the hands of developers. It doesn’t take long before a business can become too tightly coupled to one technology — this is why, for example, the database provider Oracle became so successful.

Boundaries Are Important

Boundaries between products and outside components become important. You can see this today when products use Large Language Models (LLM), but you wonder if this is now an AI product or a product that can use AI? Does the fortunes of the product rise and fall with the abilities of the LLM? Can the product use another supplier, or is the training data now captured by the original LLM?

This boundary confusion can also happen when one product is available within the ecosystem of another. We saw this when Apple was unhappy about Epic Games wanting to use their own payment system while within the Apple App Store.

When the product model is well-defined and not tightly enmeshed with other components and platforms, experienced developers can work properly. They know when to use off-the-shelf open source software, when to use bespoke SaaS offerings, and when to write that special sauce library internally.

Define Your Product Properly

If the product’s design is properly articulated in terms that don’t specify the technology, then you can trust the developers to select (or reject) the right mix of components. There is a creative tension between getting the most out of a component, without having to change how the calling product operates in order to exploit the advantages.

So to avoid the pain of Unity developers who are now having to learn a new platform from scratch, and may have to rewrite lots of code, keep your physical and mental models separate. Even if the workload of change remains high, you will at least have an explicable job that you can describe and estimate effectively to others.

The post The Unity Lesson: How Developers Can Avoid Technology Lock-In appeared first on The New Stack.

Rich Harris offered a preview of Svelte 5 in a recent blog post and video. What’s new? Harris introduced a new way to handle reactivity in Svelte called Runes.

Reactivity is a programming concept in which data update based on its dependencies, as software engineer Tom Smykowski demonstrated in this blog post.

Some developers on Twitter have compared it to React’s hooks. Smykowski observed that each framework handles reactivity a little bit differently and compared Runes to Angular’s Signals and React’s use of an “explicit list of dependencies to handle fine-grained reactive updates.”

A release date for Svelte 5 has not been set, Harris added.

Google’s Release of Studio Bot to Android Studio

Google released its AI-powered coding assistant, Studio Bot, in the Android Studio canary build and made it available to more than 170 countries — although it’s still designed to be used in English. Studio Bot understands natural language and is so far just designed to be used in English.

“You can enter your questions in Studio Bot’s chat window ranging from very simple and open-ended ones to specific problems that you need help with,” the press release explained.

It remembers the context so that you can ask follow-up questions, e.g., “Can you give me the code for this in Kotlin” or “Can you show me how to do it in Compose.” Developers don’t need to send in source code to use Studio Bot.

“By default, Studio Bot’s responses are purely based on conversation history, and you control whether you want to share additional context or code for customized responses,” Google stated.

That said, Studio Bot is still a work in progress, so Google recommends validating its response before using it in a production app.

GitHub Launches Innovation Graph, Adds Atlassian Migration Support

GitHub on Thursday launched its GitHub Innovation Graph, an open data and insights platform on the global and local impact of developers.

The Innovation Graph includes longitudinal metrics on software development for economies around the world. The website and repository provides quarterly data dating back to 2020 on git pushes, developers, organizations, repositories, languages, licenses, topics, and economy collaborators. The platform offers a number of data visualizations, and the repository outlines the methodology. Data for each metric is available to download.

“In research commissioned by GitHub, consultancy Tattle found that researchers in the international development, public policy, and economics fields were interested in using GitHub data but faced many barriers in obtaining and using that data,” the company said in a news release. “We intend for the Innovation Graph to lower those barriers. Researchers in other fields will also benefit from convenient, aggregated data that may have previously required third-party data providers if it was available at all.”

Graph created by GitHub Innovation Graph

GitHub also announced this week its adding support for migrations to two tools: GitHub Enterprise Importer now supports customers using BitBucket Server and Bitbucket Data Center, and GitHub Actions Importer can now help developers pivot off Atlassian’s CI/CD products.

GitHub Actions Importer eliminates the manual process of CI migrations and automates the evaluation and testing of the CI migration of nearly a quarter million pipelines, the company said in a statement. GitHub Actions Importer allows developers to move from any of Atlassian’s CI/CD products — Bitbucket, Bamboo Server, and Bamboo Data Center — to GitHub Actions. After Feb. 15, 2024, Atlassian will no longer offer technical support, security updates or vulnerability fixes for their Server products like Bitbucket Server and Bamboo Server, according to GitHub.

DockerCon 2023 Runs Oct. 3-5

DockerCon is back with both live and virtual options this year Oct. 3-5. The live conference is at the MagicBox in Los Angeles and runs Wednesday and Thursday. Tuesday is a workshop day, which is an additional add-on. The virtual ticket includes the live keynotes and select educational sessions.

Topics to be covered during the conference include:

• Web Application
• Web Development
• Building and Deploying Applications
• Secure Software Delivery
• Innovation and Agility
• Open Source
• Emerging Trends

Vercel Launches Serverless Storage System

On Monday, frontend cloud development platform Vercel launched a public beta of Vercel Blob, its serverless storage system.

Blob stands for binary large objects and are typically images, audio or other multimedia objects. Sometimes binary executable code is stored as a blob as well. Vercel Blob allows Vercel Pro users to store and retrieve any file with an intuitive, promise-based API.

Designed for the JavaScript and TypeScript frameworks, Vercel Blob allows developers to store and retrieve any file. During its four-month private beta, Vercel created 50,000 blob stores. Users with a Vercel account can have multiple blob stores in a project. Also, each blob store can be accessed by multiple Vercel projects. Vercel Blob URLs are publicly accessible, created with an unguessable random ID, and immutable.

There are plans to support making a Blob private in an upcoming release

Free Software Development Course, Coding Labs

LinkedIn Learning is collaborating with Coder Pad to offer 33 new software development courses and interactive coding exercises for free through Dec. 18. Coders can learn about six languages — Python, JavaScript, Go, SQL, Java and C++. There are six new programming essential courses, which covers the basics of a language, as well as 18 new coding labs or practice environments to hone programming skills in these languages, and nine new advanced courses focused primarily on advanced techniques in the six languages, plus one course on building a generative language model from scratch.

Gradle Changes Name

Developer build tool Gradle Enterprise will now be called Develocity. The reason for this name change is that Gradle, Inc., found the original name created a misconception that Gradle Enterprise was only for the Gradle Build Tool when it actually supports both the Gradle Build Tool and the Apache Maven build system.

The company also recently announced that Develocity supports the Bazel build system, which is an open source project hosted by Google. The company also released beta-level support for sbt, the open source build system popular with the Scala language developer community. The roadmap for Develocity includes plans to support additional software development ecosystems.

The post Dev News: Svelte 5, AI Bot for Android Studio, and GitHub Tools appeared first on The New Stack.

As companies move to the cloud for benefits like efficiency and scalability, it is the job of security teams to enable them to do so safely.

In this reality, it is vital that IT leaders understand how threat actors are targeting their cloud infrastructure. As one might suspect, attackers first go after low-hanging fruit — the systems and applications that are the easiest to exploit.

In the 2023 CrowdStrike Global Threat Report, our researchers noted that adversaries:

• Target neglected cloud infrastructure slated for retirement that still contains sensitive data.
• Use a lack of outbound restrictions and workload protection to exfiltrate data.
• Leverage common cloud services as a way to obfuscate malicious activity.

Neglected or Misconfigured Cloud Infrastructure

Neglected and soon-to-be-retired infrastructure are prime targets for attackers, often because that infrastructure no longer receives security configuration updates and regular maintenance. Security controls such as monitoring, expanded logging, security architecture and planning, and posture management no longer exist for these assets.

Lack of Outbound Restrictions and Container Life Cycle Security

Unfortunately, we still see cases where neglected cloud infrastructure still contains critical business data and systems. As such, attacks led to sensitive data leaks requiring costly investigation and reporting obligations. Additionally, some attacks on abandoned cloud environments resulted in impactful service outages, since they still provided critical services that hadn’t been fully transitioned to new infrastructure. Moreover, the triage, containment and recovery from the incident in these environments had a tremendous negative impact on some organizations.

Launching Attacks from the Cloud

Not only are attackers targeting cloud infrastructure, but we also observed threat actors leveraging the cloud to make their attacks more effective. Over the past year, threat actors used well-known cloud services, such as Microsoft Azure, and data storage syncing services, such as MEGA, to exfiltrate data and proxy network traffic. A lack of outbound restrictions combined with a lack of workload protection allowed threat actors to interact with local services over proxies to IP addresses in the cloud. This gave attackers additional time to interrogate systems and exfiltrate data from services ranging from partner-operated, web-based APIs to databases — all while appearing to originate from inside victims’ networks. These tactics allowed attackers to dodge detection by barely leaving a trace on local file systems.

CrowdStrike has redefined modern cybersecurity with advanced cloud-native platforms for protecting endpoints and cloud workloads, identity and data. CrowdStrike’s adversary-focused approach to CNAPP provides agent-based and agentless solutions delivered from the CrowdStrike Falcon® platform.

Learn More

The latest from CrowdStrike

So How Do I Protect My Cloud Environment?

The cloud introduces new wrinkles to proper protection that don’t all translate exactly from a traditional on-premises data center model. Security teams should keep the following firmly in mind as they strive to remain grounded in best practices.

• Enable runtime protection to obtain real-time visibility. You can’t protect what you don’t have visibility into, even if you have plans to decommission the infrastructure. Central to securing your cloud infrastructure to prevent a breach is runtime protection and visibility provided by cloud workload protection (CWP). It remains critical to protect your workloads with next-generation endpoint protection, including servers, workstations and mobile devices, regardless of whether they reside in an on-premises data center, virtual cluster or hosted in the cloud.

• Eliminate configuration errors. The most common root cause of cloud intrusions continues to be human errors and omissions introduced during common administrative activities. It’s important to set up new infrastructure with default patterns that make secure operations easy to adopt. One way to do this is to use a cloud account factory to create new sub-accounts and subscriptions easily. This strategy ensures that new accounts are set up in a predictable manner, eliminating common sources of human error. Also, make sure to set up roles and network security groups that keep developers and operators from needing to build their own security profiles and accidentally doing it poorly.

• Leverage a cloud security posture management (CSPM) solution. Ensure your cloud account factory includes enabling detailed logging and a CSPM — like the security posture included in CrowdStrike Falcon Cloud Security — with alerting to responsible parties including cloud operations and security operations center (SOC) teams. Actively seek out unmanaged cloud subscriptions, and when found, don’t assume it’s managed by someone else. Instead, ensure that responsible parties are identified and motivated to either decommission any shadow IT cloud environments or bring them under full management along with your CSPM. Then use your CSPM on all infrastructure up until the day the account or subscription is fully decommissioned to ensure that operations teams have continuous visibility.

Because the cloud is dynamic, so too must be the tools used to secure it. The visibility needed to see the type of attack that traverses from an endpoint to different cloud services is not possible with siloed security products that only focus on a specific niche. However, with a comprehensive approach rooted in visibility, threat intelligence and threat detection, organizations can give themselves the best opportunity to leverage the cloud without sacrificing security.

The post 3 Tips to Secure Your Cloud Infrastructure and Workloads appeared first on The New Stack.

Your developers are already playing around with generative AI. You can’t stop them completely and you probably don’t want to, lest they fall behind the curve. After all, you want your developers focusing on meaningful work, and Large Language Model (LLM)-trained code-completion tools like Amazon Web Services’ CodeWhisperer and GitHub’s Copilot have great potential to increase developer productivity.

But, if you don’t have a generative AI policy in place, you’re putting your organization at risk, potentially harming your code quality and reliability.

ChatGPT’s code is inaccurate more often than not, according to an August study by Purdue University researchers. Yet more than 80% of Fortune-500 companies have accounts on it. You could also be putting your reputation on the line. Just look at Samsung, which recently had an accidental leak of sensitive internal source code by an engineer into ChatGPT, which sparked a blanket ban on generative AI assistants. That’s probably a reasonable short-term response, but it lacks long-term vision.

In order to take advantage of this productivity potential, without the PR pitfalls, you have to have a clearly communicated generative AI policy for engineering teams at your organization.

For this edition of Tech Works, I talked to engineering leadership who adopted GenAI early to help you decide how and when to encourage your software engineers to use generative AI, and when to deter them from leveraging chatbots and risking your organization’s privacy and security.

Consumer vs. Enterprise Generative AI Tools

There are many generative AI tools out there — CodeWhisperer, Google’s Bard, Meta AI’s LLaMA, Copilot, and OpenAI’s ChatGPT. But thus far, it’s the latter two that have gotten the buzz within engineering teams. Deciding which GenAI tool to use comes down to how you’re using it.

“People are just dropping stuff in ChatGPT and hoping to get the right answer. It’s a research tool for OpenAI you’re using for free. You’re just giving them free research,” Zac Rosenbauer, CTO and co-founder of a developer documentation platform company Joggr, told The New Stack. (By default, ChatGPT saves your chat history and uses the conversations to further train its models.)

Rosenbauer then showed me a series of slides to explain how an LLM works, which comes off as more guessing the probability of a word to fill in Mad Libs than going for the most accurate response. “That’s why you get really stupid answers,” he said. “Because it’s going to try to just answer the question no matter what.”

Public LLMs are trained to give an answer, even if they don’t know the right one, as shown by the Purdue study that found 52% of code written by ChatGPT is simply wrong, even while it looks convincing. You need to explicitly tell a chatbot to only tell you if it knows the right answer.

Add to this, the very valid concern that employees from any department are copy-pasting personally identifiable information or private company information into a public tool like ChatGPT, which is effectively training it on your private data.

It’s probably too soon for any teams to have gained a competitive edge from the brand-new ChatGPT Enterprise, but it does seem that, due to both quality and privacy concerns, you want to steer your engineers away from regular ChatGPT for a lot of their work.

“The first thing we say to any company we deal with is to make sure you’re using the right GenAI,” said James Gornall, cloud architect lead at CTS, which is focused on enabling Google customer business cases for data analytics, including for Vertex AI, the generative AI offering within an enterprise’s Google Cloud perimeter. “There’s enterprise tooling and there’s consumer tooling.”

“Every company now has GenAI usage and people are probably using things that you don’t know they’re using.”

— James Gornall, CTS

ChatGPT may be the most popular, but it’s also very consumer-focused. Always remind your team: just because a tool is free, doesn’t mean there isn’t a cost for using it. That means never putting private information into a consumer-facing tool.

“No business should be doing anything in Bard or ChatGPT as a strategy,” Gornall told The New Stack. Free, consumer-facing tools are usually harmless at the individual level, but, “the second you start to ask it anything around your business, strategy approach or content creation” — including code — “then you want to get that in something that’s a lot more ring-fenced and a lot more secure.”

More often than not, generative AI benefits come from domain specificity. You want an internal developer chatbot to train on your internal strategies and processes, not the whole world.

“Every company is now kind of a GenAI company. Whether you like it or not, people are probably going to start typing in the questions to these tools because they’re so easy to get a hold of,” Gornall said.

“You don’t even need a corporate account or anything. You can register for ChatGPT and start copying and pasting stuff in, saying ‘Review this contract for me’ or, in Samsung’s case, ‘Review this code,’ and, invariably, that could go very badly, very, very quickly.”

You not only increase privacy and security by staying within your organizational perimeters, you increase your speed to value.

GenAI “can save a lot of time; for example, generating documents or generating comments — things that developers generally hate doing. But other times, we will try using this and it’ll actually take us twice as long because now we’re having to double-check everything that it wrote.”

— Ivan Lee, Datasaur

Don’t use a consumer-facing GenAI tool for anything that is very proprietary, or central to how your business operates, advised Karol Danutama, vice president of engineering at Datasaur. But, if there is something that is much more standardized where you could imagine 100 other companies would need a function just like this, then he has advised his team to feel more comfortable using LLMs to suggest code.

Don’t forget to factor in ethical choices. A company-level AI strategy must cover explainability, repeatability and transparency, Gornall said. And it needs to do so in a way that’s understood by all stakeholders, even your customers.

Context Is Key to Developer Flow State

You will always gain more accuracy and speed to value if you are training an existing LLM within the context of your business, on things like internal strategies and documentation. A context-driven chatbot — like the enterprise-focused Kubiya — needs to speak to the human content creator, and hopefully speed up or erase the more mundane parts of developers’’ work. Early engineering use cases for generative AI include:

• Creating code snippets.
• Generating documentation and code samples.
• Creating functions.
• Importing libraries.
• Creating classes.
• Generating a wireframe.
• Running quality and security scans
• Summarizing code.

It has the potential to “really get rid of a lot of the overhead of the 200 characters you have to type before you start on a line of code that means anything to you,” Gornall said. You still have to manually review it for relevance and accuracy within your context. “But you can build something real by taking some guidance from it and getting some ideas of talking points.”

For coding, he said, these ideas may or may not be production-ready, but generative AI helps you talk out how you might solve a problem. So long as you’re using an internal version of GenAI, you can feed in your coding standards, coding styles, policy documents and guideline templates into the chatbot. It will add that content to its own continuous improvement from external training, but keep your prompts and responses locked up.

“You can scan your entire codebase in a ridiculously quick amount of time to say, ‘Find me anything that doesn’t conform to this,’ or ‘Find me anything that’s using this kind of thing that we want to deprecate,’” Gornall said.

Don’t close off your dataset, he advised. You need to continue to train on third-party data too, lest you create an “echo chamber within your model where, because you’re just feeding it your wrong answers, it is going to give you wrong answers.” With the right balance of the two, you can maintain control and mitigate risk.

Generative AI for Documentation

One of the most in-demand productivity enablers is documentation. Internal documentation is key to self-service, but is usually out of date — if it even exists at all — and difficult to find or search.

Add to that, documentation is typically decoupled from the software development workflow, triggering even more context switching and interrupted flow state to go to Notion, Confluence or an external wiki to look something up.

“If you know about developers, if it’s not in their [integrated development environment], if it’s not in their workflow, they will ignore it,” Rosenbauer said.

This makes docs ripe for internal generative AI.

“We felt that developer productivity recently had suffered because of how much was asked to do,” Rosenbauer said. “The cognitive load of the developer is so much higher than it was, in my opinion, 10 or 15 years ago, even with a lot more tooling available.”

“Generative AI is not helping the core current role of an engineer, but it’s getting rid of a lot of the noise. It’s getting rid of a lot of the stuff that can take time but not deliver value.”

—James Gornall, CTS

He reflected on why he and Seth Rosenbauer, his brother and Joggr co-founder quit their jobs as engineering team leads just over a year ago.

For example, Zak Rosenbauer noted, “DevOps, though well-intended,  was very painful for a lot of non-DevOps software engineers. Because the ‘shift left’ methodology is important — I think of it as an empowering thing — but it also forces people to do work they weren’t doing before.”

So the Rosenbauers spent the following six months exploring what had triggered that dive in developer productivity and increase in cognitive load. What they realized is that the inadequacy or non-existence of internal documentation is a huge culprit.

As a result, they created Joggr, a generative AI tool — one that “regenerates content,” Zac Rosenbauer said. One of the company’s main focuses is automatically regenerating code snippets to maintain documentation, descriptions, portions of text, links to code and more. About a third of Joggr’s customers currently are working in platform engineering and they expect that practice to grow.

Will GenAI Take Jobs Away?

“The question we get asked quite a lot is: Is it taking our jobs? I don’t think so. I think it’s changing people’s jobs and people will do well to learn how to work with these things and get the most out of them, but I think it is still very early days,” Gornall said.

“Generative AI is not helping the core current role of an engineer, but it’s getting rid of a lot of the noise. It’s getting rid of a lot of the stuff that can take time but not deliver value.”

It is unlikely that the rate of development and adoption of generative AI will slow down, so your organization needed a GenAI policy yesterday. And it must include a plan to train engineers about it.

Just like his search engine native generation learned with the help of Google and StackOverflow, Ivan Lee, CEO and founder of Datasaur, believes that the next-gen CompSci grads will be asking ChatGPT or Copilot. Everyone on a team will have to level up their GenAI knowledge. Don’t forget, identifying flaws in other people’s code is a key part of any engineering job — now you just have to apply that skill to machine-written code, too.

Lee added, “We need to be very careful about knowing how to spot check, understanding the strengths of this technology and the weaknesses.”

The post Tech Works: When Should Engineers Use Generative AI? appeared first on The New Stack.

When an organization has a security problem with an API, it’s usually one it built internally, according to Jeremy Snyder, founder and CEO of API security firm FireTail.io.

The security firm analyzed 40 public breaches to see what role APIs played in security problems, which Snyder featured in his 2023 Black Hat conference presentation. The issue might be built-in vulnerabilities, misconfigurations in the API, or even a logical flaw in the application itself — and that means it falls on developers to fix it, Snyder said.

“It’s a range of things, but it is generally with their own APIs,” Snyder told The New Stack. ”It is in their domain of influence, and honestly, their domain of control, because it is ultimately down to them to build a secure API.”

The number of breaches analyzed is small — it was limited to publicly disclosed breaches — but Snyder said the problem is potentially much more pervasive.

“First of all, 83% of all internet requests, if not more, are API requests,” he said. “It’s not the total volume of traffic. It’s the number of requests that are flowing across the Internet day to day, more than four-fifths of all requests are actually API requests, not user-initiated queries.”

In the last couple of months, he said, security researchers who work on this space have uncovered billions of records that could have been breached through poor API design. He pointed to the API design flaws in basically every full-service carrier’s frequent flyer program, which could have exposed entire datasets or allowed for the awarding of unlimited miles and hotel points.

“We’ve seen a few very, very high-profile examples,” he said. “Effectively the entire connected car ecosystem has had API design flaws that could have exposed not only the owners of all of these vehicles, [but that] allows you to update the owner records, allows you to unlock and start these vehicles and drive them away.”

Snyder explained some of the top API problems and outlined best practices developers can use to improve APIs.

Common API Flaws

Indirect Object Reference, or IDR, is a common problem, Snyder said. It allows someone with a legitimate user’s access to manipulate the API request to access another user’s data.

“That is a super common — that may be, on its own, the single number one problem that we see consistently across the data set,” he said.

Another common problem is excessive data exposure, in which the API returns too much data. For instance, a page might have a photo, your name, an address, whatever, and the API sends everything — including personal data. Then the developer relies on either the mobile app or the web browser to hide all the data that wasn’t requested.

“Of course, bad actors don’t play by those rules,” he said. “They’re not going to go through your app or go through your web interface to try to scrape data from your API.”

Developers aren’t doing this on purpose, but mistakes happen when other pressures mount, he added.

“I don’t think any developer sets out to intentionally return too much data or to intentionally build a bad API,” he said. “But I think there’s a trade-off between how quickly I can build something — speed and convenience versus the security and privacy considerations.”

Best Practices to Fix API Flaws

Write a specification. Very few developers start from absolute zero when they’re building an API, Snyder noted. Typically, they’ll use a common open source framework for building that API. Part of that initial work should include a specification file governing how the API should work, he said.

Use common tools. Don’t try to create your own kind of identity and authentication mechanisms, Snyder said. “There’s everything from WebAuthn to single sign-on mechanisms and the less you make yourself build and design around identity, the higher the chances that you could get it right easily by leveraging a proven solution,” he said.

Think about the data. “Think about designing your API in a way that doesn’t expose too much and also is like checking an authorization for each data request,” Snyder suggested. Sometimes, developers push that authorization check to the frontend on a mobile client or Internet of Things device. In one famous case, the authorization was happening inside the logic of a Peloton exercise bike. “Again, you know, hackers don’t play by those rules, so they went straight to the Peloton API using the scripting language,” he said. “They just started manipulating authorization requests and they were able to extract about 3 million records.”

The post Developers: Is Your API Designed for Attackers? appeared first on The New Stack.

LAS VEGAS — Oracle’s AppDev environment for cloud apps and infrastructure isn’t talked about all that often, but it received high-profile attention this week at the company’s CloudWorld conference here at the Venetian Convention and Expo Center.

Oracle vice-president of products and strategy Leo Leung told The New Stack that the company’s new application development capabilities — including a new one called Alloy — will enable developers to build and deploy applications on Oracle Cloud Infrastructure (OCI) faster, more effectively and with fewer snags than previous iterations of the platform.

“By having these different (OCI) strategies, there are now more opportunities to use the cloud,” Leung said.

Despite the continued growth during the past decade of enterprises switching to applications housed somewhere in a cloud, the vast majority of Oracle’s customers are still building apps for servers in private data centers, Leung said. “IT people are naturally risk-averse. If something works, in general, they don’t want to change it, especially if it’s critical to the operations of a business,” he said. “Once they get it (their IT) to a certain place, I wouldn’t change it either.”

Oracle has to give enterprises like that “enough of a benefit with low enough risk, in most cases” for it to fit into their plans, Leung said. “The more leading-edge, startup-type companies have a different profile,” he said.

Oracle and Generative AI

Oracle is building generative AI capabilities for application development to take advantage of large language models with a high level of security and privacy, CTO and Chairman and co-founder Larry Ellison said Tuesday in a keynote. However, the company made no specific AI announcements this week.

Ellison said that AI is “the most important technology of the 21st century that is going to change everything.” He also said that while AI is still in its early stages of development, it is already having a major impact on the world.

Ellison also discussed the potential for AI to be used to create new jobs and industries. “AI is going to automate many tasks that are currently done by humans, but it will also create new jobs that we can’t even imagine today,” he said.

Java 21 and Cloud Native Development

Here are the key new additions to the OCI dev environment.

• Java, with an estimated 60 million developers using it frequently, remains a mainstay of development since its introduction at the outset of the internet in 1995. Oracle, which acquired Java’s originator, Sun Microsystems, in 2010, introduced at the conference a new set of capabilities for Java developers, including Java Development Kit 21, GraalOS, OCI Functions powered by GraalOS and Graal Cloud Native 4.0.
• GraalVM is an alternative Java runtime that works with advanced GraalVM Native Image to enable deployed applications to run as native-machine executables. It enables low latency and fast start capability, reduces memory requirements, and improves efficiency by allowing applications to be suspended and resumed.
• OCI Functions is powered by GraalOS and is a fully managed, multitenant, highly scalable, on-demand, Functions as a Service platform. It addresses the issue of slow cold starts by running functions as native executables, providing sub-second startup times. It uses GraalVM Native Image to reduce memory usage by up to 50 percent. It also uses out-of-the-box integrations to improve developer productivity.
• Graal Cloud Native 4.0 is a curated set of open source Micronaut framework modules to help developers take full advantage of cloud services without dependency on proprietary platform APIs. It includes features such as native support for GraalVM Native Image, Kubernetes integration and distributed tracing.

In addition to these new capabilities for Java developers, Oracle is also introducing new features for cloud native deployments, Kubernetes operations and enhanced security.

• Oracle Cloud Guard Container Governance enables developers to solidify security for Oracle Container Engine for Kubernetes (OKE) via predefined policies aligned to Kubernetes Security Posture Management. It simplifies the configuration of containerized workloads deployed on OKE.
• Oracle’s own version of Serverless Kubernetes enables customers to ensure reliable operations at scale without the complexities of managing, scaling, upgrading, and troubleshooting the underlying Kubernetes node infrastructure.

Oracle recently announced an expanded partnership with Microsoft to make available these dev tools and services via Azure Cloud, giving users another important option. “We think this is a good thing, just because there are so many workloads and mutual customers,” Leung said.

Distributed Cloud News

The latest additions to OCI’s distributed cloud lineup include Oracle Database@Azure and MySQL HeatWave Lakehouse on AWS. As a result, enterprises get more flexibility to deploy cloud services anywhere while addressing a variety of data privacy, data sovereignty and low-latency requirements. They also enable access to more than 100 services designed to run any workload, Leung said.

Oracle also announced the GA of Oracle Alloy, which enables enterprises to build their own private clouds.

“Alloy is a much more niche type of product,” Leung said. “There are only so many companies that want to be cloud providers in their particular spaces, but we think it’s going to be very powerful.”

Now available to be ordered globally, Oracle Alloy is a complete cloud infrastructure platform that enables partners to become cloud providers and offer a full range of cloud services to expand their businesses. Partners control the commercial and customer experience of Oracle Alloy and can customize and extend it to address their specific market needs. Partners can operate Oracle Alloy independently in their own data centers and fully control its operations to better fulfill customer and regulatory requirements.

Oracle revealed that next-generation Ampere A2 Compute Instances (hardware and software chipsets) based on the latest AmpereOne processor will become generally available starting later this year. The two companies also said that all Oracle Fusion Cloud Applications and OCI services — numbering in the hundreds — are now running on Ampere processors.

The post Oracle Touts New AppDev Tools, Distributed Cloud Support appeared first on The New Stack.

Developers craft software that both delights consumers and delivers innovative applications for enterprise users. This craft requires more than just churning out heaps of code; it embodies a process of observing, noticing, interviewing, brainstorming, reading, writing and rewriting specifications; designing, prototyping and coding to the specifications; reviewing, refactoring and verifying the software; and a virtuous cycle of deploying, debugging and improving. At every stage of this cycle, developers consume and generate two things: code and text. Code is text, after all.

The productivity of the developers is limited by real-world realities, challenges with timelines, unclear requirements, legacy codebase and more. To overcome these obstacles and still meet the deadlines, developers have long relied on adding new tools to their toolbox. For example, code generation tools such as compilers, UI generators, ORM mappers, API generators, etc. Developers have embraced these tools without reservation, progressively evolving them to offer more intelligent functionalities.  Modern compilers do more than just translate; they rewrite and optimize the code automatically. SQL, developed fifty years ago as a declarative language with a set of composable English templates, continues to evolve and improve data access experience and developer productivity. Developers have access to an endless array of tools to expand their toolbox.

Couchbase delivers Capella, the cloud database platform for modern applications. Capella enables developers and architects to quickly build the apps of the future and deliver always-on experiences to customers, on a mission to simplify how businesses develop, deploy and consume modern applications.

Learn More

The latest from Couchbase

The Emergence of GenAI

GenAI is a new, powerful tool for the developer toolbox. GenAI, short for Generative AI, is a subset of AI capable of taking prompts and then autonomously creating many forms of content — text, code, images, videos, music and more — that imitate and often mirror the quality of human craftsmanship. Prompts are instructions in the form of expository writing. Better prompts produce better text and code. The seismic surge surrounding GenAI supported with technologies such as ChatGPT, and copilot, positions 2023 to be heralded as the “Year of GenAI”. GenAI’s text generation capability is expected to revolutionize every aspect of developer experience and productivity.

Impact on Developers

Someone recently noted, “In 2023, natural language has emerged as the fastest programming language.” While the previous generation of tools focused on incremental improvement to productivity for writing code and improving code quality, GenAI tools promise to revolutionize these and every other aspect of developer work. ChatGPT can summarize a long requirement specification, give you the delta of what changed between two versions or help you come up with a checklist of a specific task. For coding, the impact is dramatic. Since these models have been trained on the entire internet, billions of parameters, and trillions of tokens, they’ve seen a lot of code. By writing a good prompt, you make it to write a big piece of code, design the APIs and refactor the code. And in just one sentence, you can ask ChatGPT to rewrite everything in a brand-new language. All these possibilities were simply science fiction just a few years ago. It makes the mundane tasks disappear, hard tasks easier and difficult tasks possible. Developers are relying more on ChatGPT to explain new concepts, clarify a confusing idea. Apparently, this trend has reduced the traffic to StackOverflow, a popular Q&A site for developers, anywhere between 16% to 50%, on various measures!  Developers choose the winning tool.

But, there’s a catch. More than one, in fact. The GenAI tools of the current generation, although promising, are unaware of your goals and objectives. These tools, developed through training on a vast array of samples, operate by predicting the succeeding token, one at a time, rooted firmly in the patterns they have previously encountered. Their answer is guided and constrained by the prompt. To harness their potential effectively, it becomes imperative to craft detailed, expository-style prompts. This nudges the technology to produce output that is closer to the intended goal, albeit with a style and creativity that is bounded by their training data. They excel in replicating styles they have been exposed to but fall short in inventing unprecedented ones. Multiple companies and groups are busy with training LLMs for specific tasks to improve their content generation. I recommend heeding the advice of Sathya Nadella, Microsoft’s CEO, who suggests it is prudent to treat the content generated by GenAI as a draft, requiring thorough review to ensure its clarity and accuracy. The onus falls on the developer to delineate between routine tasks and those demanding creativity — a discernment that remains beyond GenAI’s reach. At least, for now.

Despite this, with justifiable evidence, GenAI promises improved developer experience and productivity. OpenAI’s ChatGPT raced to 100 million users in a record time. Your favorite IDEs have plugins to exploit it. Microsoft has promised to use GenAI in all its products, including its revitalized search offering, bing.com. Google has answered with its own suite of services and products; Facebook and others have released multiple models to help developers progress.

It’s a great time to be a developer. The revolution has begun promptly. At Couchbase, we’ve introduced generative AI capabilities into our Database as a Service Couchbase Capella to significantly enhance developer productivity and accelerate time to market for modern applications. The new capability called Capella iQ enables developers to write SQL++ and application-level code more quickly by delivering recommended sample code.

For more information about Capella iQ and to sign up for a private preview, please visit here, or try Couchbase for yourself today with our free trial here.

The post Generative AI: A New Tool in the Developer Toolbox appeared first on The New Stack.

 No, AI isn’t going to steal your job.

Artificial intelligence (AI), machine learning (ML), and natural language processing (NLP) are changing the landscape of… just about everything we do. And therein lies the problem: Is AI going to impact your job for the worse? If the headlines are any indication of things to come, you — my software developer friend — might be feeling nervous. But let’s hit the pause button, because this conversation isn’t exactly black and white. Under the right circumstances, AI for developers can be a good — nay, a great — thing.

In this article, we’ll cover:

• Why machine learning algorithms will not fully take over the software development lifecycle.
• Why and how AI code assistants are your friend.
• How you can use AI-powered tools to your advantage.
• A few examples of AI code writers and other tools you might be interested in.

Let’s go!

Headquartered in New York, MongoDB is the developer data platform company empowering innovators to create, transform, and disrupt industries by unleashing the power of software and data.

Learn More

The latest from MongoDB

Wait, Will AI Replace Developers?

It’s one of the biggest concerns stopping some of us from moving forward into this next chapter. Over the years, there have already been stories and fears about robots taking our jobs. There are robots in Las Vegas mixing and serving drinks. In Texas, we saw the first-ever McDonald’s where you’re served by robots. At Amazon Go stores, you can shop without scanning anything or even talking to another person.

What does this more for those of us in tech? Won’t artificial intelligence make developers obsolete? I mean… just look at Google’s autocomplete.

Yikes. But wait.

First, let’s look at what’s likely the inevitable truth: AI probably isn’t going away. Natural language processing and large language models are only going to get savvier. A recent study from PricewaterhouseCoopers (PwC) shows that the AI market could add $15.7 trillion to the global economy by 2030, with up to a 26% boost in GDP for local economies from AI by 2030.

And make no mistake about it: Your employer is very likely looking into generative AI, if they haven’t already asked you to get to work on it! In fact, 64% of businesses think AI will increase their productivity. 60% expect AI to boost sales. They’re also hoping it’ll help them avoid more mistakes (48%), save money (59%), and streamline processes (42%).

Just look at the Google trend for the search term “AI tools”:

All of this is to say that if you’re not already using AI as a developer, you likely will be soon — or, you should be.

That said, know that artificial intelligence is not a replacement. It’s a supplement. It completes or enhances the whole. Indeed, AI has its limits. (More on this in a minute!)

For this reason, AI simply can’t replace developers. Rather, AI allows developers to focus on what they do best — build and ship — rather than get caught up in repetitive tasks.

The Benefits of AI for Developers

“I’m fine. I don’t need AI,” we can hear you saying. Hold that thought — let’s talk about this. The tides are turning, and you might want to go with them and not struggle against them. Here’s why.

1. Artificial Intelligence Is the Master of Automation

Developers are responsible for a lot of work that ends up being painfully repetitive and monotonous, like testing and debugging. Writing code in the first place can also be extremely tedious.

Depending on the source, developers might be spending nearly half of their development time debugging. Take half of your yearly income, multiply it by how many developers there are on your team alone, and you’ll start to get an idea of the time and money your company is spending just so that you can address bugs.

Now, imagine AI doing a good chunk of that work for you. Yes, we’re talking about automated code reviews, unit tests, code generation, and the automatic implementation of other repetitive tasks that can end up being a huge time-suck.

This technology can potentially do a lot of the heavy lifting when it comes to code completion. Picture being freed up to work on projects that you normally wouldn’t have had time to accomplish. Like Simon Willison — the creator of Datasette and co-creator of Django — said, this technology allows you to be more ambitious.

That’s the power of using AI tools for software development.

2. AI Can Reduce the Likelihood of Human Error

There are some things that humans are better at than technology. And, undoubtedly, under other circumstances, the reverse is also true.

If you write code snippets purely by hand, it is prone to errors. If you audit existing code by hand, it is prone to errors. Many things that happen during software development are prone to errors when they’re done manually.

No, AI for developers isn’t completely bulletproof. However, a trustworthy AI tool can help you avoid things like faulty code writing and code errors, ultimately helping you to enhance code quality.

While you won’t rely on AI tools for the entire coding process, leaning into AI coding assistant tools more often will reduce the likelihood of human errors and make your life a whole lot easier. AI-powered code is the present and the future.

3. AI and ML Allow for More Robust Data Analysis

It’s not only about using AI tools to write code, suggest code, and help with other potentially tedious tasks. You can also use AI tools to interpret, dissect, and audit the code that you already have. This can help you make more informed, data-driven decisions.

As an example, let’s take a look at Ambee, a climate tech start-up that is quickly growing. From the get-go, MongoDB Atlas has been at the center of Ambee’s database architecture, helping to support their AI and ML models.

With MongoDB Atlas, Ambee is able to run AI models that deliver data as a service to their own clients and provide intelligent recommendations. Without MongoDB, it would be exceedingly difficult for Ambee to house all of its data in one location and operationalize it for different use cases.

For example, Ambee uses AI to predict forest fires and their outcomes across the United States and Canada. This also means sending critical warnings to organizations so that they can protect people and property.

Source: https://www.mongodb.com/blog/post/ambees-ai-environmental-data-revolution-powered-atlas

For all of the reasons explored above, the conversations around AI and ML are far too complex to be as simple as, “Will this take my job?” Rather, we need to expand our horizons and think about the limitless potential thanks to this life-changing technology. Think of all the amazing ways that AI will help you create even better work than you already are.

How to Leverage Artificial Intelligence and Machine Learning as a Developer

It’s one thing to talk about how beneficial AI tools can be in software development, but it’s even better to actually experience it. Let’s talk about how you can get started using AI to improve code quality, code generation, and the software development process as a whole.

1. Use AI Tools to Support Your Efforts — Not Replace Them

We’ve said this already but it bears repeating. AI tools are a supplement, not a replacement. You can’t (at least, not yet) completely remove yourself from the development process.

There are still a myriad of things you can do that AI cannot. Period.

2. Know the Limits of the AI Tool You’re Using

Because AI tools can’t do everything, you have to be aware of where technology exits and you enter.

For instance, while you can absolutely use AI tools for debugging, you should still have human beings doing thorough testing and QA before updates to your software are made available to the public. Otherwise, you might end up with a mess on your hands. (Keep reading for some rather concerning examples.)

3. Ensure Your Manager/Employer Is on Board and Clear on Expectations, Boundaries, and Security Protocol

Some brands are all about AI tools and want to dive in immediately, if not yesterday. Others are understandably a little more hesitant.

What is your employer comfortable with? What’s off-limits? Do they want you to use an AI tool to generate code but prefer you stick to testing and debugging manually?

Beyond the boundaries, what are the expectations and goals? While it’s fun to experiment with artificial intelligence, you should still do so strategically.

Finally, how are you ensuring that you’re using AI in a safe and secure manner? Is there specific data and information you need to avoid putting into AI tools?

4. Take Responsibility for the End Results!

AI is not 100% bulletproof, and you’ve probably already seen the headlines: “People Are Creating Records of Fake Historical Events Using AI“; “Lawyer Used ChatGPT In Court — And Cited Fake Cases. A Judge Is Considering Sanctions“; “AI facial recognition led to 8-month pregnant woman’s wrongful carjacking arrest in front of kids: lawsuit.”

This is what happens when people take artificial intelligence too far and don’t use any guardrails.

Your own coding abilities and skill set as a developer are still absolutely vital to this entire process. As much as software developers might love to completely lean on an AI code assistant for the journey, the technology just isn’t to that point. If something goes wrong with your code documentation, you certainly can’t tell your employer or your audience, “Sorry about that! Our code assistant slipped up.”

So, radical accountability is still a must. AI can assist developers in creating more secure code and also save time. But at the end of the day, it comes down to the brains — not the technology — behind the masterpiece.

5. Test Small and Scale Big

“Let’s just use AI for everything!” you’re saying. Hold that thought.

You have to crawl before you walk and walk before you run. Code assistants are enabling developers to build high-quality code faster and with more accuracy. But that doesn’t mean that software developers should go all-in from the word “go.”

Source: Pexels.

What might it look like to test small? Well, maybe you start by using an AI-powered tool to write individual code snippets. Or maybe you utilize an AI-powered assistant to make code suggestions.

If this goes well, maybe you progress to using an AI-powered tool to manage entire functions, complete code, and automate repetitive tasks that you’ve always done manually.

Popular AI Tools That Programmers Are Using

Okay, so you’re ready to take the next step — fantastic! What might that even look like? There are plenty of tools, platforms, and software that developers are enjoying.

GitHub CoPilot is an adopted AI developer tool.” The creators have trained it on billions of lines of code in various programming languages. Also worth noting is that GitHub Copilot can integrate with one of the most popular code editors: Visual Studio Code!

Source: https://github.com/features/copilot

Protect yourself from security vulnerabilities with something like Amazon CodeGuru Security. It uses ML and automated reasoning to find issues in your code, offer recommendations for how to fix them, and track their statuses over time. As part of its key features, it will also scale up and down with your workload.

Source: https://aws.amazon.com/codeguru/

Sourcegraph is a code AI platform to help you build software. Its code graph powers Cody — a powerful AI coding assistant for writing, fixing, and maintaining code — and Code Search, helping devs explore their entire codebase and make large-scale migrations and security fixes. Write functional code and get suggestions based on the code context.

Finally, add Amazon CodeWhisperer to your list! It provides provenance for generated code to help developers decide if there are any issues with software licenses.

AI Is Your Friend

Across any number of programming languages, whether you’re dealing with tiny code snippets or entire applications, whether you’re new to the world of software development or you’re a seasoned veteran, artificial intelligence, machine learning, and natural language processing will be one of your greatest allies.

Use AI-powered code for the power of good, and your next code-based project will be a win.

The post AI for Developers: How Can Programmers Use Artificial Intelligence? appeared first on The New Stack.

Development is a dance between code and data; we want the flexibility of data descriptions, but the certainty of coded solutions. Relationships between objects are rich, but dependencies cause issues.

Registration is a common pattern that allows developers to add a component to a formal list at runtime, allowing erstwhile data to participate in code.

So a register is just a list of objects that the app treats as canonical, with a few caveats. We almost certainly don’t want replication, which implies we need some sort of primary key. It also implies there is some sort of raw list of data that seeds this register. Like many patterns, the advantage to using registration is that it is a good way to separate concerns. This post shows how simple but relatively useful this pattern is. You can follow the C# code, or clone it from GitHub.

Via Paul Downey, UK Government Digital Service

The concept of a hardware register slightly overshadows the simpler concept of software registration. But we do see registration quite commonly when using APIs — for example, you often have to register listeners to events when programming buttons in UI.

A more formal description of a register isn’t necessary for this post, but for completeness have a look at what Paul Downey wrote here, and also Ade Adewunmi for the renowned UK Government Digital Service. A few useful tenets are repeated: each registered object has a unique identifier; data replication is to be avoided; allow registers to talk to other registers; and treat registers as trusted data.

I hope many readers have had the chance to go on holiday this summer, and the simple example I give of registration is just a summer-themed matching of a party of holidaymakers to the right-sized cabin. So we have two registers: cabins and holiday parties.

Let’s take a look at the details:

• A “cabin” has a door number (primary key) and a capacity that represents sleeping space. It also has a date range when it is available.
• A “party” represents a number of holidaymakers under a lead traveller’s name.
• A party can only book (i.e. registration) into a cabin if the cabin is vacant and available.
• As a party can only be registered with a vacant cabin, there is a natural dependency in this model.
• If you unregister a party, their cabin becomes vacant. Consequently, you can’t unregister a cabin if a party is staying in it.

To represent all cabins, we use a JSON list called “allcabins.json”. We iterate over this list, and only register cabins that are available during the date we are interested in.

Similarly, we have a list of prospective parties; we iterate over these holidaymakers, only registering parties when we can put them in a cabin. We should do this before they arrive, to avoid disappointment.

The other thing of interest is that registered objects interact with other registered objects when the party checks for available registered cabins. We would normally prefer to unregister an object as opposed to making changes to a registered object.

Cabins

The cabins that lie in our wild resort are represented in a JSON file, allcabins.json:

[
  {
    "Number": 6,
    "Name": "Hill View",
    "Capacity": 5,
    "From": "2023/01/01",
    "To": "2023/12/21"
  },
  {
    "Number": 3,
    "Name": "Summerholme",
    "Capacity": 2,
    "From": "2023/06/01",
    "To": "2023/08/31"
  },
  {
    "Number": 4,
    "Name": "Dunroamin",
    "Capacity": 4,
    "From": "2023/03/01",
    "To": "2023/10/31"
  },
  ...
]

Note we will use the cabin number as the primary key. The From/To date format for availability is represented as a string, as it has to be for JSON.

After sucking up the JSON data into its own CabinData struct, we create a Cabin object from it after converting the string dates to C# dates and adding a guestParty variable to note who, if anyone is, staying:

//Cabin.cs

namespace HolidayCabins
{
  public struct CabinData
  {
    public short Number { get; set; }
    public string? Name { get; set; }
    public short Capacity { get; set; }
    public string? From { get; set; }
    public string? To { get; set; }
  }

  public class Cabin
  {
     private static List<Cabin> registeredCabins = new List<Cabin>();

     private Party? guestParty;
     private CabinData data;
     private DateOnly from;
     private DateOnly to;

     public Cabin(CabinData record)
     {
        data = record;
        if (DateOnly.TryParse(data.From, out DateOnly result))
        {
          from = result;
        }
        else Console.WriteLine($"Not a valid date {data.From}");

        if (DateOnly.TryParse(data.To, out result))
        {
           to = result;
        }
        else Console.WriteLine($"Not a valid date {data.To}");
     }
     ...
  }
}

The JSON file is handled elsewhere. But the result is that we can make cabins from raw data.

So where do we register them?

//Cabin.cs

public static void RegisterCabin(Cabin cabin, DateOnly date)
{
  if (registeredCabins.Exists(cb => cabin.data.Number == cb.data.Number))
  {
    Console.WriteLine($"{cabin.data.Name} is already registered");
    return;
  }


  if (cabin.from <= date && date <= cabin.to)
  {
    registeredCabins.Add(cabin);
    Console.WriteLine($"Cabin \"{cabin.data.Name}\" registered");
   }
   else Console.WriteLine($"(Cabin \"{cabin.data.Name}\" not available at the moment)");
}

public static void UnregisterCabin(Cabin cabin)
{
  if (cabin.guestParty != null)
    throw new Exception($"Cannot unregister \"{cabin.data.Name}\" as it is not vacant");

  registeredCabins.Remove(cabin);

  Console.WriteLine($"Cabin \"{cabin.data.Name}\" unregistered.");
}

This is mainly just a gatekeeper to the registeredCabins list. We fulfill two requirements: we don’t allow a cabin with the same number to appear twice, and we check that the cabin is available for the date given. When unregistering a cabin, we check there are no guests already staying.

Holiday Parties

Now for the other register: the guest holiday parties. The JSON data is just the name of the party and its size. So it leads to a simpler object:

//Party.cs

public struct PartyData
{
  public string? PartyName { get; set; }
  public short Size { get; set; }
}

public class Party
{
  private static List<Party> registeredParties = new List<Party>();

  private Cabin cabin;
  private PartyData data;

  public Party(PartyData record)
  {
    data = record;
  }

  ...

}

While a cabin may be vacant, a Party object must be associated with a cabin once registered — hence we don’t suggest it is nullable.

//Party.cs

public static void RegisterParty(Party party)
{
  if (registeredParties.Exists(py => party.data.PartyName == py.data.PartyName))
  {
    Console.WriteLine($"{party.data.PartyName} is already registered");
    return;
  }

  Cabin cabin = Cabin.FindSuitableCabin(party.data.Size);
  if (cabin != null)
  {
    party.cabin = cabin;
    cabin.SetGuestParty(party);
    registeredParties.Add(party);
    Console.WriteLine($"\"{party.data.PartyName}\" party registered in {cabin}. Happy Holidays!");
  }
  else Console.WriteLine($"No available cabins suitable for the \"{party.data.PartyName}\" party");
}

public static void UnregisterParty(Party party)
{
  party.cabin.SetGuestParty(null);
  registeredParties.Remove(party);

  Console.WriteLine($"Party \"{party.data.PartyName}\" unregistered.");
}

Again, registration just sits as a gatekeeper, this time making sure that a party has an available cabin of the right size to stay in.

Finally, here are the console responses to our calls from the main program:

//Program.cs

List<CabinData> cabindata = JsonServices.ReadAllCabinsFromFile();
DateOnly todaysdate = DateOnly.FromDateTime(nw);
foreach (CabinData cb in cabindata)
{
    Cabin.RegisterCabin(new Cabin(cb), todaysdate);
}
/* Console Output:

    Holiday bookings for 9/15/2023
    Cabin "Hill View" registered
    (Cabin "Summerholme" not available at the moment)
    Cabin "Dunroamin" registered
    Cabin "Hobbit Hole" registered
    Cabin "Bear Crescent" not available at the moment)
    Cabin "Fat Cottage" registered

*/

List<PartyData> partydata = JsonServices.ReadProspectiveGuestsFromFile();
foreach (PartyData pd in partydata)
{
    Party.RegisterParty(new Party(pd));
}
/* Console Output:

"Smith" party registered in Hill View. Happy Holidays!
"Shah" party registered in Dunroamin. Happy Holidays!
"Lebowski" party registered in Hobbit Hole. Happy Holidays!

*/

//New party appears!
Party iverson = new Party("Iverson", 7);
Party.RegisterParty(iverson);
/* Console Output:

"Iverson" party registered in Fat Cottage. Happy Holidays!

*/

//The Shahs go home
Party party = Party.FindRegisteredParty("Shah");
if (party != null)
{
    Party.UnregisterParty(party);
}
/* Console Output:

Party "Shah" unregistered.

*/

//If the Shahs left, lets close Dunroamin
Cabin cabin = Cabin.FindRegisteredCabin(4);
if (cabin != null)
{
    Cabin.UnregisterCabin(cabin);
}
/* Console Output:

Cabin "Dunroamin" unregistered.

*/

//Confirm state of the registerd cabins.
Cabin.ReportRegisteredCabins();
/* Console Output:

The "Smith" party are staying in "Hill View"
The "Lebowski" party are staying in "Hobbit Hole"
The "Iverson" party are staying in "Fat Cottage"

*/

The project code is available on GitHub here. If you want to improve the functionality of the code, maybe you can better fit the party size to the capacity of the available cabins.

The post An Introduction to Software Registration for Web Developers appeared first on The New Stack.

SAN FRANCISCO — Salesforce’s Dreamforce conference, the largest tech show in Northern California in terms of attendees each year, this week was billed as the “largest AI show in the world.” How a designation like that is determined is unclear, but most products showcased and seminars staged did, in fact, touch on AI in one aspect or another.

Interesting sidebar: The term “AI” was questioned by a guest speaker, Williams-Sonoma CEO Laura Alber, who claims that “artificial” is a misnomer, because the intelligence in AI apps is real and based on data.

“I’ve been thinking about this a lot and I actually was pretty inspired by Parker (Salesforce co-founder Parker Harris) and his resetting of what artificial intelligence really means,” Alber said. “And the truth is that when it comes to customers, there can be nothing artificial about the experience. So as we use AI, we use it to inspire and improve the experience. We need to make sure that it’s completely authentic.

“So I wonder about a name change today. I wonder if it’s just called ‘intelligence,’ or as Parker said, ‘data intelligence.’ And I think we should stop thinking about the definition as artificial when it comes to the customer experience.”

So there you have it. We may be calling this phenomenal software running bots and “copilots” — as Salesforce describes its intelligence agents — something completely different in the near future if “AI” is generally found to be too limiting a term.

Salesforce’s Einstein AI had plenty of news in its orbit this week at the Dreamforce event that ended Thursday and was expected to have attracted 40,000-plus humans to downtown San Francisco — not to mention upward of 150,000 more online.

Einstein Copilot

This is Salesforce’s newly minted AI-powered application that enables line-of-business users to talk to their CRMs — literally. Its NLP-enabled interface prompts the assistant, which then uses AI to generate trusted and accurate recommendations and guidance based on the customer’s database of information in the CRM.

Einstein Copilot works alongside employees to accomplish tasks of all types. “It’s very good at drafting emails,” Salesforce CEO/co-founder Marc Benioff said. “But it also does a lot more than that.” Copilot also can create PowerPoint presentations, marketing materials and pitch letters. It also can be queried on things such as:

• “Give me tips for reducing average customer service call time”
• “Calculate the best discounts to move old merchandise fast”
• “Help me prepare for this meeting with all the right details”
• “Create personalized product promotions”

With a tireless automated assistant like this, who needs a regular assistant? (Yes, that is a legitimate question now being asked all over the enterprise world.)

Copilot Builder

Copilot Builder empowers developers and line-of-business employees to customize their Copilots with prompts, unique skills and models. Users can build specific Copilots for individual customers and tasks. The platform enables admins, developers and IT teams to build a secure conversational AI assistant that answers questions, reasons and takes action to accomplish specific tasks for employees, Benioff said. Copilots are pre-trained on proprietary and secure CRM data to deliver relevant and trustworthy content, tailored to a brand’s unique identity and needs, Benioff said.

Einstein Trust Layer

This new security attribute provides configurability for managing sensitive data in addition to a compliance-ready audit trail to keep companies in control of their data. CFOs and CISOs alike will like those features.

The new Einstein Trust Layer is integrated into every Einstein Copilot by default. It is compliance-ready to allow companies to retain control and gain visibility of how their data is being used with their chosen AI models.

PII is protected by default, and the Trust Layer is fine-tuned to score and record every AI response for employees to understand whether a response is safe to use.

Defining ‘Decision Science’

“Decision Science” is a term that was brought up in presentations at Dreamforce, mostly in connection with the company’s new Data Cloud — which is a kind of home plate for all the company’s applications. Salesforce exec Janani Narayanan described this new sector of IT as focusing on using data and AI to drive decisions across an organization to maximize sales pipelines and ACV (annual contract value).

“Whether we are making a strategic decision with analytics or an automated decision with marketing automation, we strive to use data and AI responsibly to grow our business and improve the customer experience,” Narayanan told The New Stack.

Narayanan, whose full title is Salesforce Senior Director of Product Management in Digital Intelligence Automation, said that “before Data Cloud, Salesforce’s suite of products were built to deal with mostly transactional data. The addition of Data Cloud allowed us to complement our existing transactional database with the ability to take in massive volumes of data from across CRM, web, mobile and APIs.”

Last Dreamforce in San Francisco?

Dreamforce has been staged at Moscone Center since its inception in 2003 — except in 2020, the first year of COVID-19 (2021 and 2022 were hybrid in-person/online events). This year’s event may turn out to be the last one to be held in San Francisco’s largest convention facility; the jury is currently out on that topic. Salesforce will make a decision in the next few weeks as to where the huge conference will be held in the future.

This is because Benioff has been unhappy with his native city’s approach to finding additional housing for its average of 4,400 homeless people sleeping on the streets each day. San Francisco Mayor London Breed was in the first row for the opening keynote and was introduced by Benioff to the audience.

OpenAI Founder on ChatGPT Success

OpenAI CEO/co-founder Sam Altman had some stage time on Day 1. When asked by Benioff in a 1:1 interview at a packed Yerba Buena Theater what was “the biggest surprise” he saw out of all the hoopla around ChatGPT, Altman replied simply: “That it’s all working.”

During his 37-minute session, Altman said “When you start off on a scientific endeavor, you hope it will work; you let yourself dream it will work. We knew we had a lot to figure out, and figuring out any new science is always hard. We had conviction and a path laid out by our chief scientist, but how do you have conviction and then actually get it to work? There was pretty much a consensus in the outside world that it wasn’t going to work, but we secured the effort and made it work. That probably was the biggest surprise.”

The post Salesforce Spreads NLP-Enabled Einstein AI over Most of Its Apps appeared first on The New Stack.

Anaconda, which helped pioneer the use of Python for data science in 2009, has launched its Anaconda Toolbox, a new suite of tools built to enhance the experience and capabilities of Python in Excel.

The New Microsoft Excel add-in brings AI-powered Anaconda Assistant, curated data catalogs, and cloud features to Python in Excel users.

Anaconda Toolbox is a new suite of tools built to enhance the experience and capabilities of Python in Excel. The Toolbox will be accessible to current Python in Excel beta users through the Microsoft Marketplace.

AI Assistant

Launched last month. Python in Excel now boasts new features added by Anaconda Toolbox that will enable developers to use Python in Excel, even if they don’t know Python. Included in Toolbox is Anaconda Assistant, the recently released AI assistant designed specifically for Python users and data scientists, which can guide you in your first steps or supercharge your work, even if you have advanced experience.

Python in Excel beta users can sign up to experience Anaconda Toolbox today.

Anaconda Toolbox enables anyone, regardless of experience, to quickly generate code and visualizations while learning Python along the way, the company said. Because the code runs in Excel, you know how it will work when you share the file with others, even if they don’t have Toolbox.

“The AI revolution has triggered an explosion in creativity and productivity. The Anaconda Toolbox fits neatly in that same area as it provides the perfect on-ramp for advanced data science and AI with Python,” said Timothy Hewitt, Senior Product Manager for Python in Excel at Anaconda. “We understand that many Excel users have never used Python, that’s why we included our AI-powered Anaconda Assistant. This AI-assistant helps users accomplish what they need using natural language without needing to know all of the underlying Python code. Whether you need to visualize a data set, develop a script, or quickly generate insights, the Anaconda Assistant makes that possible — and it’s now just one click away.”

Ask the Assistant

Know what you want to do, but don’t know how to do it in Python? Just ask Anaconda Assistant, the company says. When it gives you the code, just push it to the Excel grid, where you can edit and run it just like other Python code. If you start with one of our provided prompts, it will analyze your tables and recommend different ways of working with your data.

Microsoft has released Python in Excel as a Public Preview to its Insiders Beta Channel so it is still early days for the technology but the company will continue to roll out updates on: improved editing experiences (such as autocomplete and syntax highlighting), default repairs, enhanced error behaviors, help and documentation, and more, said Stefan Kinnestrand, a general manager of product marketing/management at Microsoft in a blog post.

With Python in Excel, users can integrate Python and Excel analytics within the same Excel grid for uninterrupted workflow.

“Python in Excel combines Python’s powerful data analysis and visualization libraries with Excel’s features you know and love,” Kinnestrand said. “You can manipulate and explore data in Excel using Python plots and libraries, and then use Excel’s formulas, charts and PivotTables to further refine your insights.”

Partnership

To help with this integration, Microsoft has partnered with Anaconda, a leading enterprise-grade Python repository used by tens of millions of data practitioners worldwide. Microsoft said Python in Excel leverages Anaconda Distribution for Python running in Azure, which includes the most popular Python libraries such as pandas for data manipulation, statsmodels for advanced statistical modeling, and Matplotlib and seaborn for data visualization.

“Python has become the lingua Franca and Swiss Army Knife of working with data, and it’s the de facto language of data science and machine learning,” said Andrew Brust, CEO of Blue Badge Insights, a data consultancy. “It’s present in Microsoft Fabric, Azure Synapse Analytics, Azure Machine Learning, Azure Databricks, Visual Studio, VS Code, SQL Server and Power BI. And since Microsoft and Anaconda have collaborated around many of these integrations, doing so in the Excel case was almost a foregone conclusion.”

In 2022 Anaconda launched PyScript, a web-based tool for coding in the browser and deploying apps with the click of a button. The company also launched Anaconda Learning to help people build foundational skills in Python, data visualization, machine learning, and more.

Python education is part of Anaconda’s mission. Every day more and more people are starting to learn Python and for most Anaconda is their first stop in that journey.

“We want to see the Python community continue to grow, so we’ve developed an extensive library of free educational content and certificates to that have helped thousands of new users break into a whole new world of data science and AI,” Hewitt told The New Stack. “The Anaconda Toolbox for Python in Excel absolutely extends our mission of Python education. In the toolbox, users can find a curated selection of open-source data sets to test new data science skills and the built-in Anaconda Assistant can be used to guide users in self-learning, evaluate code, and explain the code it develops.”

Ibis and PyStarburst

Meanwhile, Starburst, the data lake analytics platform, recently announced extended support for Python and a new integration with the open source Python library, Ibis (built in collaboration with Voltron Data) to reinforce its commitment to openness.

For developers and data engineers used to working with PySpark and Snowpark, PyStarburst provides a familiar syntax that makes it easy to not only build new data pipelines but also migrate existing pipelines to Starburst without rewriting lots of code. Meanwhile, the new Ibis integration provides a uniform Python API and an open backend that connects to any cloud data source so that data and software engineers can build and scale data applications from development to production without rewriting code.

“Many data engineers prefer writing code over SQL for transformations, and many software engineers are used to building data applications in Python. With PyStarburst, we’re giving them the freedom to do so with the increased productivity and performance of Starburst’s enterprise-grade Trino,” said Martin Traverso, CTO of Starburst, in a statement.

For developers and data engineers looking to build scalable data applications, the new Ibis integration provides a uniform Python API that can execute queries on more than 18 different engines — including DuckDB, Pandas, PostgreSQL, and now Starburst Galaxy. This means you can scale from development on a laptop to production in Galaxy without rewriting a single line of code.

There’s a lot of tooling going into the ecosystem, the analytic data transformation data engineering base built around Python, there are libraries for doing machine learning data science, Traverso told The New Stack. So Python tests tend to be like glue for everything. And that’s the language that all the data scientists use on a day-to-day basis. They’re building AI models, they’re interacting with data, engine data, permission engines to massage their data to provide to their AI modeling systems. And Python happens to be their tool of choice, so yeah, we see a lot of a lot of people rely on that. If you look at Spark, Spark started as built in Scala, and originally the APIs were built around Scala which was a hard language to deal with. And for the regular programmers, Python is a little more flexible, a lot easier to pick up. So there’s a whole Python ecosystem that’s built around that. And eventually became the language of choice to interact with Spark. And therefore, anyone that’s dealing with, with data processing at large scale with Spark will be familiar with that. So we’re kind of capitalizing on that, on that investment, that expertise and trying to bring that to the Starburst, he noted. At Starburst everything is built with openness in mind, and we are interoperable with nearly any data environment, so we’re extending that commitment to our programming languages. The partnership with Voltron Data and Ibis was a natural fit,” said Harrison Johnson, Head of Technology Partnerships at Starburst.

Together, Ibis and Starburst Galaxy empower users to write portable Python code that executes on Starburst’s high-performance data lake analytics engine, operating on data from more than 50 supported sources. Users will now be able to build analytic expressions across multiple data sources with reusable scripts that execute at any scale.

“Python users struggle to bridge the gap between prototypes on their laptops and production apps running on platforms like Starburst Galaxy. Ibis makes it much easier to bridge this gap,” said Josh Patterson, CEO of Voltron Data. “With Ibis, you can write Python code once and run it anywhere, with any supported backend execution engine. You can move seamlessly from crunching gigabyte-scale test data on your laptop to crunching petabyte-scale data in production using Starburst Galaxy.”

The post Python Delights Excel Data Nerds Plus Data Lake Enthusiasts appeared first on The New Stack.

The final mile for WebAssembly remains a work in progress as the Wasm community races to finalize a common standard. Among other things, it is in the wait of the standardization of component interface Wasi, the layer required to ensure endpoint compatibility among the different devices and servers on which Wasm applications are deployed. As progress has been made so apps written in different languages can be deployed with no configuration among numerous and varied endpoints, the survival of WebAssembly as a widely adopted tool remains at stake until such a standard is completed. However, the community is aggressively seeking to finalize the component module, which became apparent during the many talks given at the first Linux Foundation-sponsored WasmCon 2023 last week.

“WebAssembly has boasted a handful of small advantages over other runtime technologies,” Matt Butcher, co-founder and CEO of Fermyon Technologies, told The New Stack. “The component model is the big differentiator. It is the thing that opens up avenues for development that have simply never existed before. It’s fair to call this an existentially important moment for WebAssembly.”

NGINX, now a part of F5, is the company behind the popular open source project, NGINX. NGINX offers a suite of technologies to develop and deliver modern applications including NGINX Plus for load balancing, App Protect for security, and NGINX Ingress Controller to get control of Kubernetes.

Learn More

The latest from NGINX

Implementations for WASI-Preview 2

This roadmap released in July reflects changes occurring in standards within the WebAssembly CommunityGroup (CG) and the WASI Subgroup within the W3C. This includes the WebAssembly Core WebAssembly Component Model, WASI (WebAssembly System Interface) and a number of WASI-based interfaces.

The Component Model proposal, developed on top of the core specification, includes the WebAssembly Interface Types (WIT) IDL, while WIT is the language of high-level types that are used to describe the interfaces of a component, as Bailey Hayes, director of the Bytecode Alliance Technical Standards Committee and CTO at Cosmonic, explained in a blog post.

The Component Model adds high-level types with imported and exported interfaces, making components composable and virtualizable, Hayes said. This is important for allowing different programming languages to function in the same module because it allows for the creation of and combining components that were originally written in different programming languages, Hayes said.

The latest standards for WebAssembly (Wasm) are of significant importance as they focus the efforts of developers, community members, and adopters on tooling that supports a portable ecosystem, Liam Randall, CEO and co-founder of Cosmonic, told The New Stack. “With a focus on WebAssembly Components, they enable Components to act as the new containers, ensuring portability across various companies developing across the landscape,” Randall said. “This standardization also fosters better collaboration between language tooling that creates components from various languages and hot-swappable modules defined by WASI. What this means to developers is that we can now use code from across our language silos, creating a powerful ‘better together’ story for the WebAssembly ecosystem.”

In other words, WASI-Preview 2 is an exciting step as it addresses critical areas such as performance, security and JavaScript interactions — and one more step on the journey toward interoperability, Torsten Volk, an analyst for Enterprise Management Associates (EMA), told The New Stack. “The common component model is absolute key for accelerating the adoption of WebAssembly, as it is the precondition for users to just run any of their applications on any cloud, data center or edge location without having to change app code or configuration,” Volk said.

An API call requesting access to a GPU, a database or a machine learning model would then work independently of the specific type of the requested component, Volk said. “This means I could define how a datastream should be written to a NoSQL database and the same code function would work with MongoDB, Cassandra or Amazon DynamoDB,” Volk said.

WASI began as a POSIX-style library for WebAssembly. However, it has outgrown those roots, becoming something more akin to JavaScript’s WinterCG: a core set of interfaces to commonly used features like files, sockets, and environments, Butcher said. “WASI Preview 2 exemplifies this movement away from POSIX and toward a truly modern set of core features. Instead of re-implementing a 1970s vision of network computing, WASI is moving to a contemporary view of distributed applications.”

Check out @Dicejw's post on the @fermyontech blog: Introducing Componentize-Py.

My favorite feature: you can build #WebAssembly components written in #Python with dependencies that use native extensions.

I can use NumPy in my @spinframework apps!https://t.co/6JoWjsVkN7 pic.twitter.com/0i0fOSdu0a

— Radu Matei (@matei_radu) August 29, 2023

The component aspect plays a key role in the release of new features for Fermyon’s experimental SDK for developing Spin apps using the Python programming language.

Relating to components, Fermyon’s new componentize-py can be used to build a simple component using a mix of Python and native code, type-check it using MyPy, and run it using Spin. The user can then update the app to use the wasi-http proposal, a vendor-agnostic API for sending and receiving HTTP requests.

“Providing developers with the ability to integrate with runtime elements that are not yet completely defined by a CCM makes it less likely for them to hit a wall in their development process, and should therefore be welcomed,” Volk said.

Regarding Python, it is a “top language choice, and is vitally important for AI,” Butcher said. “Yet, to this point some of the most powerful Python libraries like NumPy have been unavailable. The reason was that these core libraries were written in C and dynamically loaded into Python,” Butcher said. “Who would have thought that the solution to this conundrum was the Component Model?”

With the new componentize-py project, Python can take its place as a top-tier WebAssembly language, Butcher noted. “Most excitingly, we are so close to being able to link across language boundaries, where Rust libraries can be used from Python or Go libraries can be used from JavaScript,” Butcher said. “Thanks to the Component Model, we’re on the cusp of true polyglot programming.”

Future Work

A very good definition of a #WebAssembly component, @fastly's @luke_wagner communicated during his #WasmCon 2023 keynote "What is a Component (and Why)?": A standard portable lightweight finely sandboxed cross-language compositional module. https://t.co/JSkkCDCFKO #WasmCon pic.twitter.com/P7rVtGUwoO

— BC Gain (@bcamerongain) September 7, 2023

The work to finalize a component model that is necessary for Wasm to see wide-scale adoption remains ongoing, as an extension of the incremental steps described above, Luke Wagner, a distinguished engineer for edge cloud platform provider Fastly, told The New Stack during WasmCon 2023 last week. Wagner defines a component as a “standard portable, lightweight finely-sandbox cross-language compositional module.”

@fastly‘s @luke_wagner described during his #WasmCon 2023 keynote the roadmap for this year and next for #WebAssembly‘s component model. https://t.co/JSkkCDC7Vg pic.twitter.com/SXtjhKvx49

— BC Gain (@bcamerongain) September 13, 2023

During his conference talk, Wagner described the developer preview to be released this year:

• Preview 2: It covers both a component module and a subset of Wasi interfaces.
• The top-line goals are stability and backward compatibility:

“We have an automatic conversion converting Preview 1 core modules to Preview 2 components and then we’re committing to future having a similar tool to convert to Preview 2 components into whatever comes next,” Wagner said during his talk.

Preview 2 features include, Wagner said:

• A first wave of languages that include Rust, JavaScript, Python, Go and C.
• A first wave of Wasi proposals, including filesystems socket, CLI, http and possibly others.
• A browser/node polyfill: jco transpile.
• Preliminary support for Wasi virtualization in the form of wasi-virt.
• Preliminary support for component composition: in the form of Wasm-compose.
• Experimental component registry tooling: in the form of warg.
• “Next year it’s all about improving the concurrency story,”  Wagner said. This is because Preview 2 “does the best it can but concurrency remains warty.”

These “wart” aspects Wagner described include:

• Async interfaces, which are going to be too complex for direct use and need manual glue code, while the general goal is to be able to use the automatic bindings directly without manual glue code.
• Streaming performance isn’t as good as it could be.
• Concurrency is not currently composable, which means two components doing concurrent stuff will end up blocking each other in some cases. And if you’ve virtualized one of these async interfaces, it ends up being that you have to virtualize them all.

Preview 3 will be designed to:

• Fix these drawbacks by adding native future and stream types to Wit and components.
• This will pave the way for ergonomic, integrated automatic bindings for many languages.
• Offer an efficient io_uring-friendly ABI.

Composable concurrency: For example, in Preview 2, we need two interfaces for HTTP: one for outgoing requests and one for incoming ones that have different types and different signatures, Wagner said. With Preview 3, the two interfaces will be merged to just have one interface, i.e. with the Wasi handler.

This will allow for a single component that both imports and exports the same interface: It will then be possible to import a handler for outgoing requests and export a handler to receive incoming requests. Because they use the same interface, it will then be possible to take two services to chain together and just link them directly together using component linking and now executing the whole compound request is just an async function call, which can support modularity without a microservices use case.

“Our goal is by the end of this year is to complete Preview 2 milestones, which will lead to a  stable, maybe beta release,” Luke Wagner, a distinguished engineer for Fastly, told The New Stack after the WasmCon 2023 last week.

“The idea is, once we hit this, you will continue to be able to produce Preview 2 binaries and run them in Preview 2 engines so stuff stops breaking.”

The post Can WebAssembly Get Its Act Together for a Component Model? appeared first on The New Stack.

Web development platform Netlify released a software development kit (SDK) Wednesday that it said will make it easier for tech partners and customers to design custom integrations with Netlify.

“The SDK is exciting to me because it opens up for partners and the other tool makers to integrate into Netlify and enterprise companies to build integrations, specific to their services on Netlify, from the beginning,” CEO Matt Biilmann told The New Stack.

Netlify offers serverless backend services for web applications and dynamic websites. The SDK supports taking a composable architecture approach to web applications and websites at scale, Biilmann said.

“We coined the term Jamstack and pioneered this whole idea of building decoupled web UIs that talk to all these different APIs and services,” he said. “Now that’s maturing into this idea of composable architectures at scale, where you combine together many different tools instead of buying one big monolithic tool.”

Netlify Connect, which was released in June, plays a role in that, he added. Netlify Connect allows developers to integrate content from multiple sources into a single data unification layer for access through a GraphQL API, according to the documentation. That allows data updates to sync automatically. The SDK includes connectors to support connecting to and syncing data from a custom data source in Netlify Connect.

SDK Simplifies Flows, Authentication and Connectors

The SDK also will simplify flows, OAuth authentication and connectors, Biilmann told The New Stack.

“The connector part of the SDK allows partners or internal developers to build their own connectors and define ‘here’s a connector’ for Sanity, Sitecore or Adobe Experience Manager, or as a large company, ‘here is a connector to our internal product catalog.’ Once that connector is defined, any team building with it can simply install it, get data into Netlify Connect and start building on top of it,” he said.

Already, partner companies have deployed connectors using the SDK. For example, the MySQL platform PlanetScale created an integration that allows joint customers to deploy data-intensive applications without worrying about the underlying infrastructure or issues with data scalability.

It also incorporates a build event handler, which is a function that is called during the build process. For instance, performance monitoring firm Sentry has built a connector that sends all the source maps from the build through Sentry, by leveraging the SDK’s build event handlers.

“Now if there is an error in your frontend, it will be reported to Sentry and Sentry can use the source maps to tell you exactly where in the code it happened,” Biilmann said. “The build event handler will allow an integrator like Sentry to orchestrate all of that so when you install the Sentry integration, they can see from now on in your build.”

Previously, third-party integrations were handled by plug-ins written as NPM modules, he explained.

“There was no real control over the UI installation experience and those pieces and other parts of it,” Biilmann said. “If you wanted to do all our flows and so on, we had to do custom work together with a partner.”

Support for Enterprise Software Integration

The SDK also incorporates API handlers and an integration UI.

“The integration UI gives you a declarative way of building the UI for your integration within Netlify,” he said. “The API handlers allow you to use Netlify itself to build the backend for that UI, because, obviously, you probably need a backend that has access to the right secrets, that can talk to Sentry’s API, talk to Netlify’s API and make everything fit together. That’s part of the SDK.”

The SDK allows developers to define what should happen at build time, what should be injected into the runtime code, what path should be a connector, how the UI should look and what the API handlers should be to make that UI actually function and work, he added. For instance, with Sentry’s integration, developers can click OAuth to do an OAuth flow in the associated Netlify project.

It also allows enterprises to create their own integrations with their own partner software. Enterprises will “almost certainly” have off-the-shelf software they’re using and want to connect to, he said.

“They’ll almost certainly also have a bunch of internal APIs and services that they want to make reusable for their UI teams, and that’s why the SDK is also really the toolkit that they can use to build private integrations that are not publicly shared with any other Netlify team, but within their organization,” he said. “[That] can be how they make reusable building blocks that a web developer can simply come in, click through some options to install, and now they’re off to the races.”

The post Web Dev Platform Netlify Releases Software Development Kit appeared first on The New Stack.

JetBrains today launched an integrated development environment for the Rust programming language, called RustRover.

Previously, the company provided only its IntelliJ Rust plugin for Rust. Other plug-ins for Rust include Rust-analyzer and RLS. There are also text editors that support Rust, but this is the first dedicated Rust IDE.

IDEs typically include a code editor, debugger, compiler, and other features to help developers write, test and deploy software. A dedicated IDE is an important milestone in the maturity of a programming language, said Vitaly Bragilevsky, developer advocate for RustRover.

“From our point of view, that [plug-in] was enough but then we felt that something has changed in the ecosystem, in the community,” Bragilevsky told The New Stack. “The state of the community persuaded us that [we] really need it.”

One trend JetBrains noticed is that the Rust community is expanding: Bragilevsky said JetBrains’ research from mid-2022 found that 56% of the Rust developers surveyed had started using Rust in the prior six months. SlashData put the community at around 3.7 million developers in the State of the Developer Nation released in May 2023, which itself was a 68% year-over-year increase.

Many come to Rust from the JavaScript and Python communities, Bragilevsky added.

“Those folks may be a bit unhappy about their previous programming languages,” he said. “Maybe they don’t have enough performance, and they can get that performance with Rust. Sometimes they don’t have enough safety. And Rust provides that for sure. So they basically want to try something new, which gives more opportunities in what they need.”

Why a Dedicated IDE?

JetBrains takes an unusual approach in offering specialized IDEs that work with specific programming languages and technologies. For instance, it offers GoLand for Go, WebStorm for JavaScript, and RubyMine for Ruby. Zend is another example of a specialized IDE, in that case for PHP. However, although it is designed for Rust, the IDE can be used for other languages.

IDEs allow developers to work from one space, Bragilevsky explained. “You can work with databases in the same software — you can issue HTTP requests, for example. So you can do many things just besides writing the code; and the level of support for that writing also can be more powerful if you have an IDE, because text editors are usually limited in what they provide to their users.”

Frontend Support

Though Rust is primarily a backend language, RustRover also provides support for frontend technologies and databases. Specifically, that means developers can build a range of applications without the need for other tooling. For instance, it provides the ability to see what’s going on with a database from within the IDE to check.

For example, [web developers] implement web backends and Rust is becoming quite popular in this area,” Bragilevsky said. “You can just launch RustRover and then you can do some web development, like HTML. You can write styles for that page. You can do what you want. So it’s, once again, an integrated experience.”

Additional Features

The RustRover includes real-time feedback and debugging. It also includes permissive completion and parsing, which provides code suggestions when developers make errors. This is not a code-suggestion tool, like Copilot, but it does rely on algorithms to recommend code corrections if there is a mistake, Bragilevsky explained.

Among the additional features RustRover incorporates are:

• Team collaboration;
• Advanced unit testing integration, which allows developers to conduct testing, rerun failed tests, and resolve errors;
• Rust toolchain support, including Rust compiler;
• Full version control system integration, with built-in GitHub and Git support, with version control for teams.

There isn’t a public roadmap for RustRover and Bragilevsky would not comment on what future rollouts might include.

“When you develop an IDE, you never have a stopping point,” he said.”There are always features that should be implemented. And once you have a lot of features, developers usually want more.”

RustRover can run on Windows, Mac OS and Linux. It’s available for free while in early access program (EAP). While RustRover is available in the EAP, JetBrains will keep the plugin version compatible with IDEA Ultimate and CLion.

The post Dedicated IDE for Rust Released by JetBrains appeared first on The New Stack.

Meta’s recent release of Code Llama, a large language model (LLM) for code generation, prompted the data cloud company Snowflake to evaluate Code Llama’s performance on SQL code generation. It found that “Code Llama models outperform Llama2 models by 11-30 percent accuracy points on text-to-SQL tasks and come very close to GPT4 performance.” Snowflake also discovered that by fine-tuning Code Llama, it could make it up to 50 percent accuracy points better.

To find out more about Snowflake’s plans for SQL in the generative AI era, and why it’s suddenly all-in on Code Llama, I spoke to Adrien Treuille, director of product management and head of Streamlit (a Python app builder that was acquired by Snowflake in March 2022).

Riding First Class with SQL and Python

Treuille began by noting that Streamlit’s Community Cloud is currently host to over 10,000 LLM-powered apps, so it’s already become a leading platform for LLM app developers. “It’s a linchpin of Snowflake’s app strategy as well,” he added.

When it comes to connecting LLMs with Snowflake’s extensive data platform, SQL is the glue. “Snowflake was built on SQL,” said Treuille, “and so all functionality is available in SQL as a first-class citizen.” SQL, of course, enables you to add structure to massive swathes of data. Also, as Treuille put it, Snowflake’s “original market was database admins, people who basically speak SQL for a living.”

As for Streamlit, it was built on the back of Python. Now that Snowflake owns Streamlit, Python has also become a first-class language in the company.

“It means that, basically, all functionality [in Snowflake] has first-class Python bindings,” Treuille explained. “And of course, in Python, you can call SQL if you need an escape hatch down into the bowels of Snowflake. So yes, we are committed to both Python and SQL as being the languages of Snowflake.”

Building a Structured Data App with LLMs and SQL

Where a developer might decide to use Snowflake to build an LLM app when the data they’re accessing and querying is so complex that it needs further structure before it can be used in an application. Usually, this means both an LLM and at least one external data source are involved — that external data could be stored in Snowflake and/or elsewhere, such as in a vector database.

Treuille said that apps like a customer support chatbot or a “product suggestion bot” are good examples of the type of apps typically built on Snowflake using this “combination of LLMs and structured search.”

In a demo entitled “Building an LLM-Powered Chatbot,” at the Snowflake Summit 2023 in late June, Treuille showed how interacting with a Streamlit chatbot app in natural language can generate and run SQL queries on a data store in Snowflake.

“We now have a chatbot that is actually creating SQL on the fly based on our natural language input, running the SQL query and generating the response inline in our custom chatbot,” he said in the demo (see screenshot below).

SQL is generated and run by the LLM chatbot. Click for full image.

Why Code Llama Is So Important

It makes perfect sense that Snowflake would want to promote SQL code generation in LLMs, but why is it so excited about Meta’s new Code Llama LLM in particular?

“Six months ago, there was a fear that you were either one of the two or three superpowers who could build hyper-intelligent LLMs — like OpenAI — and there was everyone else,” Treuille replied. “And you either went to VCs and raised billions of dollars — like, you know, Anthropic — or you would inevitably be a customer and ultimately disintermediated by these massive super-intelligent LLMs from others.”

But now, he continued, “Facebook has completely abandoned that paradigm, by open sourcing some of the most powerful LLMs in the world.”

So Snowflake is, essentially, hitching its wagon to the open source LLMs being released by Meta (and perhaps others later). Snowflake can fine-tune an LLM like Code Llama to suit its own purposes — in this case, so that it does text-to-SQL better. It means the company doesn’t have to rely on a proprietary LLM provider, like OpenAI, because it can build its own LLMs from Meta’s open sourced models.

“Snowflake’s LLMs are near GPT level on standard tasks,” said Treuille, adding that “anyone can benchmark this.” In other words, he’s saying that its fine-tuned Open Llama LLM is “near” the quality of OpenAI’s GPT on tasks like text-to-SQL. “And that is totally game-changing,” insists Treuille.

Other Parts of the LLM App Ecosystem

In addition to creating its own fine-tuned LLMs, Snowflake plays nicely with other parts of the LLM app ecosystem, said Treuille. He added that not only is Snowflake “compatible with vector databases,” but it is “in private preview for our own vector database product.” This isn’t surprising, given how many different product types are already represented in Snowflake’s platform.

Perhaps more interesting is how Snowflake works alongside LangChain, the LLM orchestrator that has been a core part of many early LLM applications. During the presentation that Treuille and a couple of colleagues did at Snowflake Summit 2023, the group demonstrated how LangChain can be used to “help us organize the LLM’s thoughts so that it actually can decide the strategy it wants to take to solve a problem.”

In the example that was demoed, LangChain (which we were told was using GPT-4) acted as a kind of facilitator between the user and the SQL queries that the main LLM was generating.

Snowflake and LangChain co-ordination. Click for full image.

Everyone Will Have Their Own LLM

I asked Treuille how he thinks the LLM app ecosystem will evolve over the next few years, and what Snowflake’s role will be in this.

“If I could describe a North Star,” he replied, “it would be: talk to your data.”

Eventually, he thinks the industry will get to a place where every enterprise company essentially has its own LLM that “embodies all their knowledge.” He acknowledged that “it’ll be a little bit more structured than that — you may have an LLM that embodies all the knowledge, [but] you will still have structured databases against which you can run queries, and there’s going to be some non-trivial logic in-between.”

But from a product point of view, enterprise customers will end up with what they view as their own custom LLM solution. Which, of course, Snowflake hopes to provide.

The post The Role of SQL in LLM Apps and How Snowflake Uses LangChain appeared first on The New Stack.

One of the hardest things about shipping the 1.0 version of Bun, creator Jarred Sumner shared via X (Twitter), was removing the frontend server that was part of the beta.

“The thing I wish we had more time for is making Bun good for frontend development,” Sumner said during an X (Twitter) Q&A after the Thursday launch. “It’s not bad for it — you can use […] the tools you already use. But I still think there’s a big opportunity there for something where the runtime is directly integrated with the frontend build tools.”

That said, no one responding about Bun seemed to care after its release. Feedback from users made it clear that it was fine to remove the frontend server, he noted, and the majority of the responses to this news on social media was positive. By Friday, the buzz over Bun was all about its speed and ease of use.

Built for Speed

Bun competes with Node.js and the Rust-based Deno, which were both created by Ryan Dahl. In fact, it’s designed to be a drop-in replacement for Node.js, according to a release livestream that aired Thursday. Bun writes three times faster than Node.js and reads files up to three times faster, the team said during the livestream. Ashcon Partovi, product manager at Oven, the company that created Bun, addressed Bun runtime.

“There are a lot of tools in the Bun toolkit,” Partovi said. “But the crown jewel is the Bun runtime. Bun is a drop in replacement for Node.js that’s backward compatible, and can run Typescript and TSX files, no dependencies necessary.”

He added that Bun can replace any npm run command with a Bun run instead, with npm taking about 150 milliseconds to start running a script on a MacBook Pro. That’s compared to 30 milliseconds for Bun, he said.

“Npm feels noticeably laggy. Whereas Bun feels instantaneous,” Partovi said.

Bun gets a boost from using JavaScriptCore from WebKit, which is known for being exceptionally fast, according to full-stack developer Shalini Tewari, who shared her thoughts about the speed via X (Twitter).

“Node.js, Bun and Deno are all server-side js runtimes, but they have completely different goals.

Choosing between Bun and Node.js depends on your project’s needs,” Tewari suggested. “If you need speed and a straightforward, lightweight experience, go for Bun. If you want a broader ecosystem and community support with lots of tools, Node.js is a solid choice. You can even use both to make your JavaScript applications strong and efficient.”

Benchmarking Runtimes

James Konik, a software engineer with the developer security platform Snky, recently compared the three runtimes and found Bun outperformed both Node.js and Deno.

“Powered by Zig, its aim is to be an all-in-one runtime and toolkit with a focus on speed, bundling, testing and compatibility with Node.js packages,” he wrote.”One of its biggest draws is its performance, which is demonstrably faster than both Node.js and Deno. This makes it a very attractive proposition if it can deliver on all of that.”

He noted that the Bun maintainers provided an example benchmark running an HTTP handler that renders a server-side page with React. Bun handled about 68,000 requests per second compared to about 29,000 and 14,000 for Deno and Node.js, respectively.

In his own tests of an earlier version of Bun, Konik found Node.js handled 21.29 average queries per second, while Deno rated 43.50. Bun handled 81.37 average queries per second.

“In another comparison between Node.js, Deno and Bun, Bun is the fastest to handle concurrent connections. Its requests per second are quite higher too,” Konik wrote. “For instance, with 10 concurrent connections, Bun achieves 110,000 requests per second while Node.js achieves 60,000 and 67,000 for Deno.”

It’s worth noting that a different comparison found Deno and Bun performed very similarly.

Of course, speed isn’t the only factor to consider in a runtime. In a Deno discussion, developer markthree pointed out each runtime had its strengths.

“Bun is more concerned with performance, so it is much better than the other two runtimes in terms of performance right now,” he wrote. “Deno is synonymous with safety, in my opinion, I can safely use packages from the community without worrying about them doing things to my system that I don’t know about. Node is now starting to make a big push on performance and security, too.

“Competition is good, js runtime is starting to evolve,” he added.

More to Come from Bun

That said, Bun is still a work in progress. For instance, Bun Install is ready for Linux and Mac OS but the team was struggling to get the Windows version working, Sumner revealed during an X (Twitter) Q&A held after Thursday’s release. Bun provides a limited, experimental native build for Windows. At the moment, only the Bun runtime is supported, according to the documentation.

“Bun Install will probably be two weeks later is my guess,” Sumner said. “And this is going to be super unoptimized in the first release for Windows. It’s going to take some time before it actually is fast. “

In addition to the runtime, Bun has baked in features that will make developers’ lives easier, said Sumner, such as:

• Support for both common JS and ES modules
• Support for hate reading using –hot server.ts
• A plug-in API that lets developers define custom loaders

“You can extend the Bun runtime to support things like .Yaml imports,” he said. “It uses an API that is inspired from ES build, which means many ES build plugins just work in Bun.”

The post Bun 1.0 Ships as Node.js and Deno Alternative appeared first on The New Stack.

I’ve always been a hands-on learner, especially when it comes to learning how to use — and create — software. I wish I could learn protocols from specifications, come up to speed with apps by reading documentation, and absorb coding techniques from structured lessons, but things don’t come alive for me until I’m enmeshed in a project, focused on a tangible goal, and able to run live code in a debugger. In Radical just-in-time learning, I recalled my favorite scene in The Matrix.

For that project, the helicopter I needed to learn how to pilot was React, the role of Tank the operator was played by an LLM (actually, a team of LLMs), and the concepts acquired just in time included useState, useEffect, and JSX. I didn’t need to become a fully competent pilot, I just needed to get off the ground and make a short hop. With LLM guidance I accomplished that much faster than I otherwise could have, starting from a baseline of essentially zero React knowledge.

Did I “learn” React? Barely! This was an exploratory exercise. The resulting proof-of-concept may or may not evolve, but if it needs to I’ll have broken the ice. And I’ll approach future iterations knowing that documentation and lessons aren’t the only way to build on my rudimentary React knowledge: I’ll be able to summon guidance that’s delivered just-in-time in task-specific contexts.

Ambient Learning

The highlight of my previous post was an impressive performance by ChatGPT and its Code Interpreter plugin. Running it in an autonomous goal-directed loop, where the goal was to pass tests I’d written, was an eye-opening experience. But as I worked through the exercise — which entailed writing code to digest changelogs, then visualizing the changes in various ways — I learned a number of useful things.

Printing Expected and Actual Values

Here’s one of the tests I wrote.

def test_extract_contributors():
    expected_contributors = {
        "v0.115.0": ["pdecat", "rasta-rocket", "tinder-tder"],
        "v0.114.0": [],
        "v0.113.0": ["pdecat", "pdecat"],
    }
    actual_contributors = extract_contributors(changelog)
    assert expected_contributors == actual_contributors, f"Expected {expected_contributors}, got {actual_contributors}"

I like to do things the simplest possible way so there’s no test framework here, just a basic assert. I hadn’t known about the optional second argument (or perhaps had forgotten), so I originally used a second line of code to print the expected and actual values. Could I have looked that up? Sure, but it wasn’t important enough to interrupt my flow. What happened instead: the LLM showed me the idiom as a by-product of code it wrote to pass the test. This is the kind of tacit knowledge transfer that can happen when you work with another person, you don’t explicitly ask a question, and your partner doesn’t explicitly answer it. The knowledge just surfaces organically, and transfers by osmosis.

Here are some other bits of tacit knowledge transfer that happened along the way.

argparse Defaults

It had been a while since I’d used Python’s argparse module. Another thing that I may never learned in the first place, or forgot, was this idiom:

parser.add_argument("--count_all_plugins", <em style="color: blue;">action="store_true"</em>, help="Count all plugins")

When ChatGPT used action=”store_true” I thought I knew what that meant, but asked the LLMs to verify. Among the chorus of explanations — including those from Cody and Copilot — I found this one from ChatGPT most helpful:

This makes --count_all_plugins a flag that doesn’t require a value. Its mere presence on the command line means “yes” or True, and its absence means “no” or False.

Could I have learned that from documentation? Again, sure. Would I have learned it that way? Again, unlikely. If I were lacking the concept mere-presence-on-the-command-line-means-true I would have had to first think of the idea, then dig through the docs to see whether it’s possible, and if so, how.

What happened instead is that the LLM surfaced the concept in a context where it was needed, showed me how to apply it, and when asked to explain, grounded the explanation in that very context. It wasn’t just mere-presence-on-the-command-line-means-true, but more specifically mere-presence-of-count_all_plugins-on-the-command-line-means-true.

Perhaps it’s a failing of mine that I learn best given a specific example, based on my own situation, from which I can then generalize. But I doubt I’m the only learner who operates that way. Once I’ve made some headway on a task, I’ll go to the documentation to enrich my understanding. But I rarely want to start there. It’s hard enough to use docs to answer known questions, and even harder to use them to answer questions you didn’t think to ask. When ambient knowledge can emerge while doing a task, I’m a far more effective learner.

re.escape

According to the docs: “This is useful if you want to match an arbitrary literal string that may have regular expression metacharacters in it.” I’ve written a lot of Python regexes over the years, had never learned this, and as a result, probably caused myself a lot of grief. Having the idiom shown to me in passing, while in a teachable moment, was the best way to learn it.

The Negative Lookahead Assertion

Here’s something I’m pretty sure I never learned in the first place. It appears in the regex that ChatGPT wrote to match bullet points in changelogs. I’d have been uncomfortable using it without understanding what it was, but there was no need: I was not only given the code, I was able to ask for and receive an explanation.

(?!\s*-): This is the negative lookahead assertion. It checks if the next line does NOT start with a dash (-) preceded by optional whitespace. In other words, it ensures that the next line isn’t the start of a new list item.

The combination -\s[^\n]*(?:\n(?!\s*-).*)* matches a list item that can span multiple lines, as long as the subsequent lines don’t start with a new list item.

Nonlocal Variables

When I asked ChatGPT to refactor a function that had grown too complex, and to use nested functions in doing so, I was introduced to another idiom I’d never encountered. I have sometimes used the global keyword to refer to a variable outside the scope of any function, and might have (guiltily) done the same in this case. But here I learned the concept variable-in-the-nearest-enclosing-scope-that-is-not-global.

Getting up to Speed with Libraries

Once I could reliably capture the changelog data, it was time to visualize it using tables and charts. Nowadays I’m most comfortable with SQL, so when ChatGPT provided solutions based on pandas.DataFrame, it created another learning opportunity. I’d used pandas a few years ago, neither extensively nor easily. Since HTML tables were one of my desired outputs, this was a nice introduction to the pandas.DataFrame.to_html method.

I’d also used Matplotlib before, again neither extensively nor easily, so I appreciated ChatGPT showing me how to apply it to the task at hand. With that code in place, my script wrote two files: an HTML file with tables, and an image file referenced in the HTML.

Where possible, I like to minimize the number of moving parts that comprise a solution. All other things being equal, if a thing can be done with a single file I’ll prefer that to a multi-file package. The chart I needed was simple, and I knew it would be possible to create it using only HTML and CSS in a single file that also included the HTML tables, but I wouldn’t normally go out of my way to try making that happen. Now, though, with a helpful assistant on board, why not give it a try?

Although the HTML-and-CSS-only experiment did not yield a successful result, I don’t regard it as a failure either. It was a quick refresher for CSS’s flexbox layout mechanism, with examples of align-items, flex-direction, and gap that I could play within the context of running code relevant to the task at hand. The basic chart came together quickly, then efforts to refine it yielded diminishing returns. Getting the axes right was — unsurprisingly! — tricky. Along the way ChatGPT made an interesting suggestion:

Let’s try a different strategy. We’ll use Matplotlib’s standard functionalities, then use mpld3 to convert to an HTML representation.

Another useful thing that I learned in passing: Matplotlib can render to HTML by way of mpld3, which can “Bring Matplotlib to the Browser”! That got me closer to the desired result, but the y-axis remained problematic so I retreated from the slippery slope. The excursion didn’t take long, though, and my interaction with Matplotlib/mpld3 felt like a valuable learning experience. Had I been starting from scratch, hunting for examples in the docs similar to the code I was trying to write, it would have been painful and time-consuming. But ChatGPT, aware of the context in which I was working, enabled me to iterate rapidly.

When the Matplotlib/mpld3 effort stalled, I asked ChatGPT to recommend another charting library that could render charts using HTML/CSS. It suggested plotly, Bokeh, and Vega-Altair. I’d had brief prior experience with plotly, none with Bokeh or Vega-Altair, so I’d have been inclined to try plotly first. ChatGPT’s characterization of it — as the most straightforward when transitioning from Matplotlib — reinforced that inclination.

The plotly solution took a bit of fiddling, naturally, but again the LLM assistance radically accelerated my learning. Here’s where we landed.

fig.update_layout(
    title="Monthly Contributions",
    xaxis_title="Month",
    yaxis_title="Contributions",
    template="plotly_white",  # Use a white background template
    xaxis=dict(
        tickvals=monthly_counts.index.strftime('%Y-%m').tolist(),  # Set tick positions
        ticktext=monthly_counts.index.strftime('%Y-%m').tolist(),   # Set tick labels
        tickfont=dict(size=10),  # Reduce font size
        tickangle=-45  # Rotate counterclockwise
    ),
    bargap=0.15,  # Slight reduction in the gap between bars
    width=1000  # Increase the width of the plot
)

Having read the documentation and seen code examples, ChatGPT was able to suggest better strategies for managing tick labels and values than those I’d have come up with from a cold start. There were still false starts and blind alleys! But the solution emerged quickly, by way of a collaboration that felt very much like pair programming.

Now more than ever programming entails finding and applying libraries and components that exist in bewildering profusion. You’re less likely to be writing what we conventionally think of as lines of code, much more likely to be tweaking parameters and settings. There’s a vast gulf between what the documentation says those parameters and settings mean and what actually happens when you try to use them. The ability of LLMs to help bridge that gap may turn out to be one of the most powerful forms of code-writing assistance they deliver.

The post Learning While Coding: How LLMs Teach You Implicitly appeared first on The New Stack.

Artificial intelligence (AI) company Hugging Face recently released a new minimalistic, machine learning (ML) framework for Rust called Candle. It’s already attracted 7.8 thousand stars and 283 forks on GitHub.

Hugging Face has also rolled out a new coder tool called SafeCoder, which leverages StarCoder to allow organizations to create their own on-premise equivalent of GitHub Copilot. Earlier this year, the open source company released a JavaScript library that allows frontend and web developers to add machine learning capabilities to webpages and apps.

Hugging Face is investing in developer tools that will extend the reach of its 300,000 open source machine learning models, explained Jeff Boudier, head of product and growth at the startup.

“The big picture is that we’re developing our ecosystem for developers and seeing a lot of traction doing it,” Boudier told The New Stack on the heels of a $235 million fund raise that included support from Google, Amazon, Nvidia, Salesforce, AMD, Intel, IBM and Qualcomm. “Now with the support of all these great platforms and players, we can make sure that we have support for the community, whichever platform they use to run their machine learning models.”

Candle, the Rust ML Framework

ML frameworks typically are written in Python and supported by frameworks like PyTorch. These frameworks tend to be “very large, which makes creating instances on a cluster slow,” Hugging Face explained in Candle’s FAQ.

Candle is designed to support serverless inference, which is a way to run machine learning (ML) models without having to manage any infrastructure. Candle does this by allowing the deployment of lightweight binaries, the FAQ explained. Binaries are the executable files that contain the necessary files and resources for the application to run on a target environment.

Candle also allows developers to remove Python from production workloads. “Python overhead can seriously hurt performance, and the GIL is a notorious source of headaches,” the FAQ explained, referring to the Python GIL, or Global Interpreter Lock. The GIL offers benefits, but prevents CPython from achieving full multicore performance, according to cloud storage vendor Backblaze, which explained it in this blog post.

There are three Candle app demos that developers to check out:

• A transcription app that uses the OpenAI Whisper models and WASM runtime built with Candle;
• A storyteller app that uses Candle to run Llama2.c in the browser using Rust/Wasm; and
• Object detection and pose estimation models in the browser using Rust/WASM that utilizes safetensor’s YOLOv8 models and a WASM runtime built with Candle.

SafeCoder: A Co-Pilot for Enterprises

One of the reason why enterprises aren’t rushing to Copilot is their code can go toward training the model, which means data out the door. Not surprisingly, organizations aren’t in a rush to embrace that.

SafeCoder will allow that code information to stay on-premise while still informing the model, Boudier explained.

Customers can build their own Code LLMs, fine-tuned on their proprietary codebase, using open models and libraries, without sharing their code with Hugging Face or any other third party, he said.

“With SafeCoder, Hugging Face delivers a containerized, hardware-accelerated Code LLM inference solution, to be deployed by the customer directly within the Customer secure infrastructure, without code inputs and completions leaving their secure IT environment,” wrote Boudier and Hugging Face tech lead Philipp Schmid in an Aug. 22 blog announcing the tool.

It’s based on StarCoder, an open source LLM alternative that can be used to build chatbots or AI coding assistants. StarCoder is trained on 80 different programming languages, he said, including Rust.

“StarCoder is one of the best open models to do code suggestion,” Boudier said. “Star coder is an open, pre-trained model that has been trained on over a trillion tokens of commercially permissible open source project data. That’s a training data set that you can go look on the Hugging Face hub, you can see if any of your code is within the data set, so it’s really built with consent and compliance from the get-go.”

VMware is an early adopter of SafeCoder, he added.

“I can have the solution that’s uniquely tailored to my company and deployed in our infrastructure so that it runs within the secure environment,” Boudier said. “That’s the promise of a SafeCoder.”

The post Candle: A New Machine Learning Framework for Rust appeared first on The New Stack.

What can you expect from a developer conference these days? Two topics in particular: the developer experience and AI.

Developers spend much of their time not coding, said Ivan Burazin, Chief Development Experience Officer at InfoBip, in a recent discussion on The New Stack Makers before the Shift Conference in Zadar, Croatia. Burazin started the conference and sold it to Infobip, a cloud communications company.

When thinking about the developer experience, Burazin cited how developers waste about 50 to 70% of their productive time not coding, Burazin said. Productive time means after vacation time, meetings, and other matters get subtracted.

But the time keeps getting lost when considering how that core time gets eaten away by non-coding work. A developer has to wait to spin up an environment. Tests take away from a developer’s core time, as do builds. Start to add up the hours, and the time starts to melt away. Setting up a developer time takes 2.7 hours a week. For tests, it’s over three hours a week. And for builds, it’s almost four hours a week.

The developer experience becomes a root matter, which divides into an internal and external realm. In an external capacity, the developer’s customer experience becomes what matters. Internally, it becomes a matter of velocity, meaning the amount of code a developer deploys.

“But at the same time, the experience developers has to be better or more enjoyable because in a sense, they will actually be able to produce more faster,” Burazin said.

This all comes back to the overall developer experience, something Buazin pays attention to with Shift, coming up Sept. 18-19.

Shift conferences have successfully gathered the global developer community for more than a decade, offering them high-quality program as well as career-advancing and networking opportunities in a unique atmosphere that sets apart these events from others in the tech industry.

Learn More

The latest from Infobip

At Shift, the conference has talks on six stages, Burazin said. One stage will focus on the developer experience from an internal and external perspective.

The developer experience topic is new, but even newer is AI, which will also be the focus at another stage at Shift.

But what should be covered in a discussion about AI if there are few real experts to move the conversation forward?

Burazin said it’s more about how people can use AI to build a product, service, or company. Every company will become an AI company in the future.

“How can you build something utilizing AI and that’s how we look at setting up themes on that stage,” Burazin said.

The post What Can You Expect from a Developer Conference These Days? appeared first on The New Stack.

In an earlier post, I looked at Visual Studio running with Copilot, but that was somewhat clouded by the hype around Large Language Models (LLMs) — in the far-off era of April 2023. Now that the hype has deflated somewhat, we can just look at an LLM-based assistant and determine what it can actually deliver for a software developer.

On the one hand, writing an editor that is built specifically to use AI makes sense, and this is where Cursor AI comes in. I have already heard developers recommend this tool. Cursor describes itself as “an AI-powered code editor that helps you move faster. You can use Cursor to edit code in natural language, fix runtime errors, and locate hard-to-find code.”

But there is clearly a problem with having a straight dependency on OpenAI, which Cursor AI does. This is revealed when you look at the pricing plan and realize they are mixing up ‘slow’ and ‘fast’ GPT-4 calls and GPT-3.5 calls. From a technical point of view this can be changed or placed in the background where it belongs, but they are still having to tie their roadmap to whatever OpenAI gives them access to.

I downloaded the Mac version 0.8.6 from their site. You can sign up, or use your own OpenAI key. Cursor AI itself is a fork of VSCode, which pulls in language extensions to allow it to work with multiple codebases of many flavors — although it is not an IDE. The windows are set up as you would expect but with a chat window on the right side.

It comes with a built-in tutor including examples, and I started with a rust file with a bug in it. I’m quite happy resolving runtime bugs after executing the code, but this gave me a chance to stare at some rust code. I spotted the bug, but couldn’t quite persuade Cursor AI to actually compile the code. (VS Code does little to help you with environments, but this would not have been an issue if I were a regular Rust developer.)

When I initially asked it to find bugs in the code as it was, it found the missing crate. But I was more interested in the basic design flaw:

use std::io::{self, Write};
use std::collections::HashSet;

const MAX_TRIES: u8 = 7;
const WORDS: [&str; 3] = ["openai", "chatgpt", "hangman"];

fn main() {
    let word = WORDS[rand::random::<usize>() % WORDS.len()];
    let mut guessed_chars: HashSet<char> = HashSet::new();
    let mut tries_left = MAX_TRIES;

    while tries_left > 0 {
        println!("You have {} tries left.", tries_left);
        print!("Guessed characters: ");
        for ch in &guessed_chars {
            print!("{} ", ch);
        }
        print!("nWord: ");
        let mut found = false;
        for ch in word.chars() {
            if guessed_chars.contains(&ch) {
                print!("{}", ch);
                found = true;
            } else {
                print!("_");
            }
        }
        println!();

        if found {
            println!("Congratulations, you've won!");
            return;
        }

        ...
    }

    println!("You've lost! The word was '{}'", word);
}

...

While I didn’t spot the crate (or library) missing, I did spot the less rust-specific problem. What was supposed to be a hangman-style guessing game would let you win with just one correct guess.

The second time I asked Cursor AI to find the bug, it spotted it correctly:

“Yes, there is a bug in this code. The problem is with the found variable and its usage. The found variable is set to true if any character in the word has been guessed correctly. However, the game is declared won if found is true after checking all characters in the word. This means the game will be declared won if the player has guessed at least one character correctly, not necessarily all characters.”

Even given that this was an isolated problem in a provided example, this was still an excellent find. The summary description is sufficient to guide someone unfamiliar with the game or the code. While it is better to find the bug through writing unit tests, which would also prevent you from writing code like that above, if you were given some code to consider then this would save you some time.

I got a nice email from Cursor giving examples and a warning that using AI “takes a bit of learning and effort.” Fair point. I used the examples to explore further.

C Examples

“Select 20 lines of code and hit Cmd+K to prompt an edit”. I used the C example, which featured a linked list and methods using it. When I isolated a bit of code and asked for an edit, it made some sensible suggestions but also wrote explanation text into the editor pane. More appropriately, it used the green and red addition/subtraction interface you might get in a merge dialogue to place the changes:

I didn’t quite understand how this worked with Undo, so did occasionally get a bit lost in the process. The suggestions themselves, designed to avoid a classic null pointer bug, were solid enough.

“Click ‘with codebase’ in the chat to find a piece of code”. In the linked list C code I copied b->prev into the chat window and then hit “with codebase”. It then gave a very good description of the double link list that was being used in the example. It didn’t get confused that the b was just a local variable.

This slightly reminds me of those cinema reviews you can only wholly appreciate after you’ve seen the film. However, for a mid developer given a fresh piece of code, this can quickly get them up to scratch.

“Ask a question about a library using ‘@’ in the chat”. I selected the line #include <unistd.h> from the C example and added it to chat, then asked chat to chat about it. It did the important thing, which was to explain where in the code the library was used and for what. Again, this won’t be any good for an absolute beginner, but for someone using a new language, this is more efficient than continual checks with Stack Overflow. However, the often bickering perspectives in that forum often shine a stronger light.

Rust Translation

Finally, I did a translation. This is undoubtedly a strong feature, to which the tool is well suited. I selected a small Python function from the example files and translated it to Rust. Again, I am using the examples given because they seem perfectly valid:

For your own inspection, the code is:

def generate_random_number(output):
    # Simple pseudorandom number generator using system time
    random_number = time.time() - float(str(time.time()).split('.')[0])
    random_number = int(random_number * (10**6))

    # Ensure the number is different for different processes by adding the process id
    random_number += os.getpid()

    output.put(random_number)

The response was:

The short explanation at the bottom is more functional than useful.

The code generated was:

use std::time::{SystemTime, UNIX_EPOCH};
use std::process;
use std::sync::mpsc::Sender;

fn generate_random_number(output: Sender<u64>) {
    // Simple pseudorandom number generator using system time
    let start = SystemTime::now();
    let since_the_epoch = start.duration_since(UNIX_EPOCH)
        .expect("Time went backwards");
    let in_ms = since_the_epoch.as_secs() * 1000 +
        since_the_epoch.subsec_nanos() as u64 / 1_000_000;
    let random_number = in_ms - in_ms / 1000 * 1000;

    // Ensure the number is different for different processes by adding the process id
    let random_number = random_number + process::id();

    // Send the random number to the output channel
    output.send(random_number).unwrap();
}

While I don’t use either of these languages professionally, I think we can see this code has added an amusing warning if the current date is set to earlier than 1970!

I can’t help but think this is a tool that might fall between the professional developer and the junior getting up to speed. But it looks well suited for intermediate tasks like translation.

I don’t really appreciate a chat window in my editor — but then again, I’ve seen someone build code from a prepared ChatGPT solution. The UI affordances of AI within development are still new, so it isn’t fair to say it doesn’t feel natural yet. Right now it doesn’t quite work with undo, and really explanation text should never enter the editor pane.

And yet the future is probably here. When cars first appeared, to even start the engine needed an intimate knowledge of combustion and a crank handle. While the software profession still venerates the master craftsman, we surely must be entering an age where code manipulation, on average, will be manageable by engineers with much less experience. So technically, the true mass audience for this tool may not arrive for a few years yet.

The post Testing an AI-First Code Editor: Good for Intermediate Devs appeared first on The New Stack.

Astro 3.0 was released this week, making it the first major web framework to support the View Transitions API. This API enables fade, slide, and even persist stateful elements across the page navigation, which previously were only possible inside JavaScript Single Page Apps, according to the release notes.

“View Transitions are a set of new platform APIs that unlock native browser transition effects between pages,” the release note explained. “Historically this has only been possible in Single Page Applications (SPAs), but web browsers and spec authors have been working hard over the last few years to bring native page transitions to the platform, and Astro 3.0 is the first web framework to bring them to the mainstream.”

Developer and designer Joe Bell created a demo that puts some of the Astro View Transitions on display, but essentially it allows developers to:

• Morph persistent elements from one page to another;
• Fade content on and off the page for a less jarring navigation;
• Slide content on and off the page; and
• Persist common UI across pages, with or without refresh.

“The best part about View Transitions in Astro is how simple they are to use. With just 2 lines of code, you can add a subtle — yet tasteful! — fade animation to your site,” the release notes stated.

Other updates include:

• Image optimization;
• Astro components render 30-75% faster;
• SSR Enhancements for serverless, which means new ways to connect to the hosting platform;
• HMR Enhancements for JSX, which means fast refresh support for React and Preact; and
• Optimized Build Output with cleaner and more performant HTML.

State of CSS: CSS-in-JS Trend Plateaus

The CSS-in-JS sector has plateaued, according to the 2023 State of CSS survey. The report, published this week, surveyed 9,190 developers around the world about their use of CSS.

CSS-in-JSS allows programmers to style their components by writing CSS directly in their JavaScript or TypeScript code. The report suggested the reason behind the plateau may be that native CSS is adopting many of the main advantages of CSS-in-JS.

The report also found that newcomer Open Props has generated a “small but passionate” following that’s eager to retain the framework. Open Props, which became available in May, was created by Adam Argyle, a Google software engineer who is also the creator of Tailwind CSS.

Meanwhile, Bootstrap is the most used framework, which is interesting because it also had the most developers (at 41%) who said they would not use it again. Tailwind ranked as the major CSS framework that developers are happiest to keep using.

Graph from the 2023 State of CSS report

That’s Just, Like, Your Opinion, Man

Ryan Hoffnan is a full-stack developer who describes himself as “frontend oriented.” Recently, he raised the question of whether React, the unopinionated JavaScript framework, is becoming opinionated.

An unopinionated framework doesn’t dictate how developers structure their code or use third-party libraries, he explained. React has taken steps toward being opinionated, such as using folder trees as routers, he contended.

“For example, the official React documentation now recommends using Next.js or Remix for server-side rendering (SSR),” Hoffnan wrote. “These frameworks provide a number of features that can help developers build more efficient and scalable React applications, but they also come with a set of opinionated choices about how code should be structured and organized.”

He theorized this may be a maturity issue, since there’s now a wider range of third-party libraries and tools available. This adds to the appeal of creating an opinionated framework, which simplifies finding tools.

“Another reason for React’s increasing opinionatedness is that companies are increasingly looking for ways to reduce development costs and time to market,” he wrote. “Opinionated frameworks can help to achieve these goals by providing developers with a pre-configured set of tools and libraries that are known to work well together.”

The post Dev News: Astro 3.0, State of CSS, and React Opinions appeared first on The New Stack.

There’s a lot of interest in Rust in safety- and security-minded industries. Heck, even Microsoft recently acknowledged that Rust may be the best chance at safe systems programming. But for industries such as automotive, aerospace and defense, the open source language’s rate of change is a challenge.

“There’s an increasing sense of eagerness, if you will, to adopt Rust into these long-lived certification-focused projects,” said Tony Aiello, a product manager and technology strategist at AdaCore. “We know because we’ve heard from customers that they’re not really sure how to pull this off at the moment because the open source tools are moving too fast and there isn’t the professional support with guarantees that we’re able to offer available from the open source community. “

Aillo is referring to the level of support that can turn around a bug fix in two days or address an esoteric problem a company may have with the toolchain within their own organization. Most open source projects just aren’t designed to respond to reported issues in days, he and AdaCore Product Manager Jose Ruiz told the New Stack in a joint interview.

“This becomes very important in aerospace and defense in particular because these systems are very long-lived,” Aiello explained. “You have aircraft that had been flying for many tens of years and these aircraft have software stacks that have been in some sense stable for many tens of years.”

There’s also interest in using Rust for embedded devices — another use that requires long-lived support.

“There’s a lot of people who are clamoring to do Rust,” he said. “A lot of people are excited about it, and that carries a lot of weight even in aerospace and defense, because they’ve got to be able to find programmers who are excited and motivated to do their job.”

From Ada to Rust

AdaCore specializes in providing software development and verification tools to these types of industries. AdaCore was specifically created to support Ada, which was developed by the U.S. Department of Defense (DoD) in the early 1980s as a replacement for its previous complex and error-prone programming languages. AdaCore now supports more than 50 different platforms, when the combination between operating systems and hardware is taken into account.

Ada’s syntax is Pascal-derived. The language shares a lot in common with Rust, including memory safety. Both are also strongly typed languages, which means that the types of data that can be stored in variables are strictly enforced, preventing errors caused by type mismatches. Rust is more strongly typed than C or even C++, Aiello added. Like Rust, Ada is also a statically typed language, which means that the types of data are checked at compile time, not runtime, which can help to prevent errors.

GNAT Pro is a development platform that includes a compiler, a linker, a debugger and language runtimes. AdaCore’s GNAT Pro subscribers will be able to develop safety- and security-certifiable embedded applications using Rust while benefiting from the AdaCore support, Aiello said.

“We deliver all of this with a warranty and so this makes us very different from what folks who are used to engaging with open source toolchains,” Aiello told The New Stack. “What this means in practice is professional development teams, if in using our tools they encounter a bug in the tool, they can write a ticket to us and we’ll fix it as quickly as possible.”

Forking Rust

AdaCore forked Rust in order to provide long-term support and to provide backward compatibility. They’re taking the compiler rust, a build and package manager (Cargo) and a debugger (gdb) for x86_64 Linux and Linux cross targets. When GNAT Pro for Rust 25 launches officially next October, it will offer full integration with gprbuild and will provide advanced Ada-Rust bidirectional bindings while supporting more platforms, the company said.

“It’s in some sense a very unique service and again it positions us very differently from the typical open source market where you don’t really know what’s going to happen to old versions of the compiler,” he said. “Probably if there are bugs that are that are discovered in old versions, they’re not going to be fixed because everybody’s moving on, everybody’s looking down the road. That’s appropriate in some development context. It really isn’t appropriate in contexts that require long lifetimes and certification.”

AdaCore is also offering Rust support through its GNAT Pro Assurance, which provides long-term support via sustained branches for the complete toolchain for as long as customers require it.

To support its fork of Rust, AdaCore regularly will pull from the update stream to determine what should be integrated into their version. That includes having ongoing discussions with customers about what features they want or don’t want.

“We’re taking the whole repository, creating a copy of it, updating perhaps multiple branches on that repository as we do our work,” he said. “As we are porting Rust to new platforms, we fully intend to upstream the support packages that enable these ports back up to the community.”

The post How AdaCore’s Rust Fork May Make the Language More Adoptable appeared first on The New Stack.

Today’s digital-first companies know their customers demand seamless, compelling experiences. But incidents are inevitable. That puts the pressure on operations teams already struggling with a heavy workload.

Teams looking for novel ways to tackle these challenges often hit a formidable roadblock in the form of tool sprawl. When the world is on fire, swivel-chairing between tools while trying to get the full picture is the last thing incident responders need as they try to resolve incidents and deliver a great customer experience. But complaining will get them nowhere. The key is to be able to articulate a business case for change to senior leaders.

Into the Valley of Tool Sprawl

Digital operations teams may have a slew of poorly connected tools across their environment, handling event correlation, internal communication, collaboration, workflows, status pages, customer-service case management, ticketing and more. Within each category, there may also be separate tools doing similar things. And they may be built to or governed by different standards, further siloing their operation and slowing things down.

Incident response is a collaborative process. It is also one where seconds and minutes of delay can have a real-world impact on customer experience and, ultimately, revenue and reputation.

Stakeholders from network teams, senior developers, database administrators, customer service and others may need to come together quickly to triage and work through incidents. Their ability to do so is impaired when much time and effort must be expended on simply jumping between tools to get everyone on the same page and in the same place to tackle incidents. That’s not to mention the extra licensing costs, the people to manage and maintain the tool, and the need for additional security patching, etc.

PagerDuty is where urgent, unpredictable, and unstructured work happens in today’s always-changing, always-on digital world. Organizations of all sizes trust PagerDuty for critical work across the modern enterprise including intelligent incident response, AIOps, and process automation.

Learn More

The latest from PagerDuty

How to Tell the Right Story

Incident responders need a unified platform to tackle issues but without the need to constantly switch context. Integrating and consolidating tools can reduce sprawl and drive simplicity end to end, underpinned by a single set of standards. We’re talking about one common data model and one data flow — enabling teams to reduce costs and go faster, at scale.

Such platforms exist. However, engineers and developers typically don’t have the power to demand change and drive adoption. But that shouldn’t stop them from asking for change. To do this, they must play a longer game, one designed to influence those holding the purse strings. It’s about telling a story in the language that senior executives will understand. That means focusing on business impact.

Humans are naturally story-driven creatures, so senior leaders will likely respond well to real-life examples of how disruptive context switching can be. When speaking to senior leaders, teams should seek to bring problems to life with a story.

Consider the most recent incident that’s affecting customers. How did your team identify and triage the incident? In many cases, teams don’t have a centralized place to capture incident context. This leads to them having to chase information across systems to understand what happened and access the context needed to start remediation. This adds critical time to the process and, in the larger incidents, a loss of customer trust.

Once the issue has been identified, you then have to communicate to the right people. This involves a lot of tools to pull in incident responders and subject matter experts. On top of this, teams also need to communicate about incidents to business and customer stakeholders, which again requires switching between different systems to craft and send messages.

Much of this is manual work that could be automated, but that’s only possible from one place, not disparate systems. The intent isn’t to get to a single pane of glass, which can be a fool’s errand as tools and processes evolve, but building a first pane of glass with the necessary context to immediately resolve issues is a great target.

Using this scenario, don’t be shy in naming all the specific tools and systems teams had to switch between to get to the end goal: uptime. Build a picture of the volume you are having to juggle. It’s also important to weave in the impact of the tool sprawl on the business.

A good starting point is to calculate how much time managing these disparate solutions added to resolving the last SEV 1 incident. Then multiply the figure by how many such incidents there were in the previous 12 months, and then work out how that translates into team costs.

These are the kinds of calculations that can make a big impact on senior decision-makers. It’s about showing the financial and temporal impact of tool sprawl on incident response, and ultimately, the business. If the figure is impactful, it might be enough to start a conversation with the people who can make a difference. The same capability can then be applied to lower severity but more frequently occurring issues, which can solidify your position.

By bringing the problem to life and showing the business and, most importantly, customer impact, teams can have practical conversations with decision-makers that can help to drive change and bring incident response processes into one place.

One Tool to Rule Them All

The valley of tool sprawl is bad enough. But combine it with a deluge of manual processes, and you have a recipe for too much toil and multiple points of failure. Maintaining and managing multiple tools is time-consuming, unwieldy and expensive. It requires continuous training for staff and disrupts critical workflows at a time when seconds often count. In this context, something as simple as an operations cloud to capture incident context from multiple systems of record and automate incident workflows can make a huge difference to responder productivity.

Centralizing on a single, unified platform for digital operations should be a no-brainer. But to get there, teams have to engage senior decision-makers. It’s no use complaining that context switching between tools is causing problems.

The key is to prove it with data and stories to provide irrefutable proof. It’s the way to win over hearts, minds and wallets — and lay a pathway out of the valley of tool sprawl, toward optimized operations.

The post How to Tackle Tool Sprawl Before It Becomes Tool Hell appeared first on The New Stack.

One could capsulize the dozens of news announcements made Aug. 29 on Day 1 of Google Cloud Next 23 this way: Business users and software developers alike will be able to do a lot more work in shorter time frames by simply writing simple queries, then pointing and clicking in the company’s AI-augmented workplace and development apps.

It’s all about the application understanding a user’s intentions and being prepared ahead of time as to what the use case entails. Google Next 23, the first in-person Cloud Next since before the pandemic in 2019, was expected to draw more than 20,000 attendees to the Moscone Center in San Francisco this week.

“We are in an entirely new era of cloud, fueled by generative AI,” Google Cloud CEO Thomas Kurian told a packed opening day audience. “Our focus is on putting gen AI tools into the hands of everyone across the organization — from IT, to operations, to security, to the board room.”

Here are product and services highlights of what the world’s largest and most successful search provider revealed at the conference.

Duet AI in Workspace

Duet AI in both the line-of-business workplace and in developer teams seemed to make the most news.

Google Cloud introduced for general availability Duet AI in Workspace, which makes the Workspace app come alive, at its I/O conference in May and described how it was going to work in theory. Today the company showcased exactly what it does, demonstrating new features that create the right type of document for a particular use case, connect and integrate disparate articles and blogs, and find appropriate images. It can even provide suggestions when the user is stuck on a problem.

For example: An employee wants to create a new marketing presentation for a client’s company. Starting in Google Drive with the enclosed Duet AI app, the user can prompt for the type of doc (say, Slides), enter the name of the client and search for any images or charts, forms or PDFs connected with the client. Duet AI automatically gathers all the elements and creates a multipage presentation — complete with headlines, text, images and charts — within a few minutes. Provided with a sophisticated-looking prototype, the user then can edit, rearrange and change anything needed to finalize the project. Having a head start like that obviously can save hours or days of time.

Other new options include:

• Duet AI in Google Meet: Duet AI can take notes during video calls, send meeting summaries and even automatically translate captions in 18 languages. Duet AI in Meet also unveiled studio look, studio lighting, and studio sound.
• Duet AI in Google Chat: Users can chat directly with Duet AI to ask questions about their content, get a summary of documents shared in a space and catch up on missed conversations.

Google Workspace VP Aparna Pappu said on stage that her team is working on enhancing Duet “so that we can go from a prompt-based interaction to a much richer contextual interaction that takes into account what you’re working on. Whether it’s an email, a document or a spreadsheet, it will offer you proactive help, such as generating summaries or suggesting creative ideas. Soon it will even take action on your behalf.”

Duet AI in Google Cloud for Developers

The company previewed the capabilities of Duet AI in Google Cloud, with general availability coming later this year. Beyond Workspace, Pappu said, Duet AI will provide AI assistance as a coding assistant to help developers code faster, as an expert adviser to help operators troubleshoot application and infrastructure issues, as a data analyst to provide quick and better insights, and as a security adviser to recommend best practices to help prevent cyber threats.

Pappu said that Duet AI in Google Cloud is designed to serve as a trusted tool for developers in software development, infrastructure ops, data analytics, security ops and databases. In software development, Duet AI will enable developers to stay in flow state longer by minimizing context switching to help them be more productive. In addition to code completion and code generation, it can assist with code refactoring and building APIs using simple natural language prompts.

In infrastructure, operators can chat with Duet AI in natural language directly in the Google Cloud Console to retrieve “how to” information about infrastructure configuration, deployment best practices, and expert recommendations on cost and performance optimization, Pappu said. In data analytics, Duet AI in BigQuery provides contextual assistance for writing SQL queries as well as Python code, generates full functions and code blocks, auto-suggests code completions and explains SQL statements in natural language, and can generate recommendations based on specific schema and metadata.

In security operations, Duet AI will be coming later this year to security products that include Chronicle Security Operations, Mandiant Threat Intelligence, and Security Command Center.

Google said that user code, user inputs to Duet AI and recommendations generated by Duet AI will not be used to train any shared models nor used to develop any products.

SingleStore handles transactions and analytics, effortlessly, at the same time. Structured, semi-structured or unstructured. Streaming and historical alike. Unified through a single-pane-of-glass experience to make timely, accurate insight accessible for every worker and every workload. Insight Partners is an investor in SingleStore and TNS.

Learn More

The latest from SingleStore

Vertex AI Gets Upgrade

Vertex AI is a development platform used to build, deploy and scale machine learning models. Users currently have access to more than 100 foundation models — including third-party and open source versions — as well as industry-specific models such as Sec-PaLM 2 for cybersecurity and Med-PaLM 2 for healthcare and life sciences. New additions announced today include:

• Vertex AI Search and Conversation: The tools now enable dev teams to create search and chat applications using their own data, with minimal coding and enterprise-grade management and security built in.
• PaLM 2, Imagen and Codey upgrades: This includes updating PaLM 2 to 32k context windows so enterprises can process longer-form documents, such as research papers and books.
• New models: Google Cloud is announcing the availability of Llama 2 and Code Llama from Meta, and Technology Innovative Institute’s open source Falcon LLM. It also unveiled Claude 2 from Anthropic. Google said it will be the only cloud provider offering both adapter tuning and RLHF for Llama 2.

Simplified Analytics at Scale

New capabilities in Google’s Data and AI Cloud are designed to boost productivity for data teams. Announcements included a new BigQuery Studio interface for data engineering, analytics, and predictive analysis; and AlloyDB AI, which offers an integrated set of capabilities for building GenAI apps, including high-performance and vector queries. Google also announced that several of its new Data Cloud partners, including Confluent, DataRobot, Dataiku, DataStax, Elastic, MongoDB, Neo4j, Redis, SingleStore and Starburst, are all launching new capabilities aimed to enhance gen AI development with data.

Addressing Security Issues

Google Cloud claims to be the only security provider that brings together frontline intelligence and expertise, a modern AI-infused security operations platform and a trusted cloud foundation. At the conference, the company introduced Mandiant Hunt for Chronicle, which integrates the latest insights into attacker behavior from Mandiant’s frontline experts with Chronicle Security Operations’ ability to analyze and search security data.

The company also announced agentless vulnerability scanning, which controls management capabilities in Security Command Center to detect operating system, software and network vulnerabilities on Compute Engine virtual machines.

The post Google Continues Expansion of AI in Workspace, Dev Tools appeared first on The New Stack.

Oracle is about to release Java 21 (JDK 21) next month at its CloudWorld conference. The technology recently reached release candidate status and is ready to go.

Java 21 is a long-term support (LTS) version of the technology, which means it offers longer-term stability as Oracle will provide users with premier support until September 2028 and extended support until September 2031.

No JavaOne

However, the vehicle through which Oracle would typically highlight new technology, the JavaOne conference, is a no-go this year.

This is interesting because Oracle made much fanfare about bringing JavaOne back last year. Back in April 2018, Oracle announced that the JavaOne conference would be discontinued in favor of a more general programming conference called Oracle Code One. So bringing it back last year was a big deal. Now Java 21 will be released at Oracle CloudWorld on Sept. 19.

“We’re reimagining the format of JavaOne and I’ll share more details as soon as I have them,” an Oracle spokesman told The New Stack. “In lieu of JavaOne at CloudWorld this year, we’ll have 10 dedicated sessions for Java at CloudWorld and several Java executives in attendance (in addition to announcing Java 21 on Tuesday, Sept. 19).”

Simply put, JavaOne used to be the “ish”. In the early days of the conference, you could easily run into members of the core Java creation team walking around Moscone Center enjoying rockstar status, including Bill Joy, Arthur van Hoff, Kim Polese, Guy Steele and the “father” of Java, James Gosling.

Sun Microsystems started the annual JavaOne conference in 1996. I attended that one and a majority of the annual events until Oracle shelved it.

Varied Opinions

Now, folks have varying opinions about Oracle’s decision.

“It was a surprise that Oracle decided not to hold a JavaOne event again after relaunching it last year,” said Simon Ritter, deputy CTO at Azul Systems, a Java Development Kit (JDK) provider. “I couldn’t attend but was told that attendance wasn’t as high as Oracle had anticipated. The good news for Java developers is that there are several excellent alternatives offering high-quality presentations from acknowledged Java experts along with networking opportunities. In the US, there is the DevNexus conference, and in Europe, there are several Devoxx events as well as Jfokus, JavaZone and JavaLand. For more local events, there are many Java User Groups (JUGs), so the Java community is more than able to step up and fill the gap left by JavaOne.”

Meanwhile, Holger Mueller, an analyst at Constellation Research, also seemed startled by the move. “It shows that enterprises, even with the best intentions, are reconsidering offerings at a faster pace. I was surprised.”

Oracle’s decision regarding JavaOne was not unexpected by Brad Shimmin, an analyst at Omdia.

“That’s not totally unexpected, given the natural expansion and contraction we see regularly with larger technology providers. IBM, for example, has done the same, merging many conferences into one (IBM Pulse) and then pulling select shows back out if the market shows enough interest/importance for doing so,” he said. “In other words, it wouldn’t surprise me to see a stand-alone JavaOne in the future. That said, in looking through their show materials, it seems this year, the company is looking to blend Java into its numerous developer-oriented technologies, including db/app tools like Apex, its data science family of tools, and of course its database. Given that many data science projects written in the likes of Python and R end up getting refactored in Java for performance, security, etc., this makes good sense.”

Yet it makes no sense to Cameron Purdy, founder and CEO of xqiz.it and a former vice president of development at Oracle.

“It’s worse than short-sighted to chop one of the best-known and most influential developer conferences in the world. And for a software company, ‘neglect developers’ is a losing strategy. I really don’t understand this decision,” he told The New Stack. “Sure, a developer-focused conference may look a lot different from Oracle’s annual OpenWorld conference, but for the same reasons, it should also be dramatically simpler and less expensive to run — which can also make it far more accessible to developers. At some point, some Oracle executive is going to ask, ‘What would it cost us now to build a developer community?.’ and the answer will be: ‘A thousand times more than what it would have cost us to nurture the amazing developer community that we had.’”

Omdia’s Shimmin had a similar but a bit more diplomatic take on Oracle’s decision.

“More broadly, however, I feel that this show contraction coupled with the recent Java licensing changes, which were not received very well by the Java community, will make it harder for Oracle to not just build but maintain broad interest in this extremely important language and open source project (OpenJDK),” he said.

Java 21

Meanwhile, the release of Java 21 is on the horizon with several new features minus one. The release has 15 new features however one proposed feature, the Shenandoah garbage collector, was dropped from this release.

“It is a solid release and good to see 15 of the announced 16 features making it. It’s a pity the new garbage collector, Shenandoah didn’t make it,” Mueller said. “Regardless this is a key release for enterprises as it will be supported for five years with premium and another three with extended support, an appropriate timeframe for enterprises to put their next-generation applications on it.  Of the 15 features that made it none really stands out, with a lot of them in preview … Which is again good for enterprises as they can prepare their Java apps for them in future Java releases. ‘Boring’ releases are good as they bring stability to the platform. And it’s another Java release that proves that Oracle is a better steward to Java than the community originally expected and feared.”

Java 21 is long awaited because it is an LTS release, Purdy explained. That means that companies can count on it being supported for years to come. And it has a slew of features that most companies aren’t using yet because they’ve been introduced over the several previous Java releases that were not covered yet by an LTS release, he noted.

“So lots of developers have been actively playing with and even developing with these features, but often waiting for the LTS release to make it all official,” Purdy said. “So I do expect to see a surge of adoption for Java 21. And the Java team doesn’t appear to be slowing down, either — there’s quite a bit more in their development pipeline, and a steady six-month cadence of releases, just one after another.”

LTS is where it’s at, according to Azul’s Ritter. “Many users favor stability over constant evolution, which is why LTS releases are the most common choice for enterprise deployments,” he said. “As an LTS release, adoption for JDK 21 is going to be high, especially given the inclusion of virtual threads. However, most users will likely wait 6-12 months before deploying in production to allow full stabilization of the new features through at least two update cycles.”

Being an LTS release is only applicable to binary distributions of the OpenJDK; those deploying into enterprise, mission-critical environments will typically choose LTS releases as they know they can continue to get maintenance and support for extended periods of time, Ritter noted.

Yet, “In terms of new features, Virtual Threads can provide significant scalability improvements for developers working on applications that use the very common thread-per-request programming model, which covers many server-style applications,” Ritter told The New Stack. “Other notable enhancements include both pattern matching for switch and record patterns becoming full, rather than preview, features. Combined with the inclusion of string templates, this demonstrates the continued evolution of the Java platform to increase developers’ productivity whilst maintaining excellent backward compatibility.”

Virtual threads are lightweight threads that dramatically reduce the effort of writing, maintaining, and observing high-throughput concurrent applications. String templates complement Java’s existing string literals and text blocks by coupling literal text with embedded expressions and template processors to produce specialized results. One goal of this feature is to simplify the writing of Java programs by making it easy to express strings that include values computed at run time.

The pattern matching for switch feature is built to enhance the Java programming language with pattern matching for switch expressions and statements. Extending pattern matching to switch allows an expression to be tested against a number of patterns, each with a specific action so that complex data-oriented queries can be expressed concisely and safely.

And record patterns deconstruct record values. Record patterns and type patterns can be nested to enable a powerful, declarative, and composable form of data navigation and processing. A goal is to extend pattern matching to express more sophisticated, composable data queries.

When Java 21 becomes available, Azul will be releasing a fully compatible distribution, Azul Zulu, that’s free for everyone to use.

“We have many other features that can maximize the performance benefit for all Java users, even those who still look to Java 21 on the horizon,” Ritter said.

The post Java 21 Is Nigh, Whither JavaOne? appeared first on The New Stack.