Weekly developer news – November 17th 2017

So, welcome to the 8th edition of developer news!

So, in no particular order:

1 : Microsoft joins MariaDB Foundation

In this first item, Microsoft announced they have joined the MariaDB Foundation as a platinum sponsor, joining the likes of Alibaba and Booking.com. For those that don’t know, MariaDB Foundation is the non profit behind the open source MariaDB database created by the original founders of MySQL. It’s a database that I seem to encounter more and more, and this announcement adds extra weight to this popular database.

See the press release of the announcement here.

2: Visual Studio Live Share

So for another Microsoft related item, but it’s one I felt was also worth pointing out. Microsoft have release Visual Studio Live Share, a tool for live real time collaborative editing between developers without the need for complex setup on each project.

As someone that works with remote development teams more often than in person, this is something I will be trying out. I have tried similar products before from the likes of Floobits, but have never found a solution that worked as well as I would have liked.

Checkout the details here.

3 : GitHub introduces security alerts

GitHub have introduced a security alert feature for all repositories hosted there. When enabled this feature will automatically scan your project’s dependencies for known security issues and suggest possible fixes that you could apply.

This is something enabled by default for public projects, and something you have to enable manually for any private projects you have.

I think this is a great feature, as the dependencies of many projects are left outdated even when critical security issues are found.

See more info over here.

4 : LucidChart on converting to TypeScrit

TypeScript (optionally typed JavaScript) is a language I have been paying more attention to recently. It’s something I have been experimenting with in terms of teaching to other developers, but also something I have been using on more of my own projects, and I have found real benefits in terms of productivity and quality.

This article from LucidChart is a great writeup of how they found the process of migrating their existing codebase from JavaScript to TypeScript.600K lines in 72 hours no less!

5 : Technology shift on Stack Overflow

So, the final item is an analytical piece by Stack Overflow using their huge database to look at how technologies are shifting based on Stack Overflow question data.

For me, I always feel it is important to be aware of technology and language trends, as even if I don’t end up using any up and coming technologies, I often find value in seeing what new things they offer and like to see whether those learnings are applicable elsewhere.

Checkout their analysis here.

So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – November 10th 2017

So, welcome to the 7th edition of developer news!

So, here we go again:

1 : Google Chrome intervention breaking sites

This is a technical piece, but one that has been widely shared. The summary is that in order to improve performance, Google made a breaking change that affects how draggable UI events are processed. Needless to say, there are many upset developers, and no doubt many people completely unaware their sites have been broken.

Google suggest using ‘less aggressive’ browsers if this is something you care about.

For more detail, checkout the article here.

2: Be wary of Serverless lock-in

This second link is a cautionary article by The Register on serverless architecture. It’s an architectural style / type of PAAS offering that is become more popular, and promises simplified application development where we no longer have to worry about creating servers ourselves, and instead can host our functions in a PAAS that will handling request routing for us.

It’s a pattern I am certainly keeping an eye on, and can see some benefits, but without any kind of standardisation I agree that lock in should be a concern.

Checkout the article here.

3 : C almost had MIN and MAX

This third item is an interesting stack exchange discussion showing how the C language almost had native MIN and MAX operators, and how they were apparently lost and abandoned over time.

4 : Javalin – Java/Kotlin web framework 1.0 released

This is an announcement that the Kotlin web framework Javalin has now reached version 1.0 stable status. It’s great to see languages like Kotlin gaining adoption, and frameworks like this signify the importance of ongoing language development on top of our existing platforms.

If you develop on the JVM, is Kotlin something you have been looking at?

5 : RedHat moving OpenStack platform to containers

So, the final item is an article detailing how RedHat have started the process of moving their OpenStack platform to containers.

The popularity of containerisation seems to be never ending, and this is yet another big endorsement of this current technology trend.

Are containers something you are looking to implement, or already up and running with?

So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – November 3rd 2017

So, welcome to the 6th edition of developer news!

So, here we go again:

1 : IETF approves new 103 HTTP status code

A draft for a new HTTP 103 status code has now been approved. This new status code is one used to indicate ‘hints’ to clients, to indicate additional external resources that could be pre-fetched, before the main content within the initial HTTP request is returned.

For more detail, checkout the spec here.

2: Apache Kafka goes 1.0

As a technology, Apache Kafka is one I have been keeping an eye on. For those that don’t know, Kafka is a platform for distributed stream processing. If you have an event based system, it can allow massively scalable stream writing and reading from multiple publishers and consumers that can react to these events in real time.

Kafka going 1.0 is a big milestone. Yes, there are a bunch of features in the 1.0 release, but the version number is more significant to me, and hopefully something that will drive more adoption (when a good fit for the problem!).

See more details on the release here.

3 : Paper on lock free concurrency

This third item is a paper discussing lock free concurrency. This is a concept that I find not all developers are familiar with. Many developers when faced with a concurrency related problem will just reach for a Mutex or similar construct.

This paper gives a good overview of lock free concurrency and when and how you might want to use it.

4 : Most disliked programming languages

If you haven’t seen this, then this article on the stack overflow blog is worth a read. It is based on their own job related postings and details the languages that developers over there have expressed they would like to not work with.

The most disliked language, perhaps unsurprisingly is Perl, but checkout the article here for more language wars!

5 : Google Firebase updates

So, the final item is a TechCrunch article, covering a Google event where they announced so forthcoming changes to their Firebase platform.

As a platform, and backend for applications, and mobile application Firebase is platform I have used before the Google acquisition. At the time, I found it looked promising but lacked the features required to make applications built on top of it robust and scalable in all scenarios.

It’s interesting to see Google take this platform seriously and continue to develop features. For more details, see the article here.

So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – October 27th 2017

So, welcome to the 5th edition of developer news!

Again, as with last week, I could have included many more items, but am just going with the top 5 for now.

So, here we go again:

1 : Swagger is now the OpenAPI specification

Swagger, the most popular choice for API tooling and generation, contributed their V3 spec to the Open API initiative. This basically means that the specification used to drive API tooling, client, and server generation has now been accepted as an open specification, as a standardised way to describe APIs and the services they provide.

For more detail, checkout the article here.

2: What is the cost of reverse engineering?

More of a legal twist for this second item. The site internetcases has an article on a recent court case brought in both the US and UK relating to reverse engineering competitor’s software, not through decompilation, but through use of the system and inspecting the outputs. A court found that this did indeed constitute reverse engineering and considered it to be a breach of contract.

So, be wary of mimicking the behaviour of your competitor’s applications.

For more info, see the article here.

3 : Evidence of test driven development

This third item is an article presenting the findings of numerous recent studies into the value of test driven development, and the impact it can have, both positive and negative.

If you remain unconvinced, or need to ‘sell’ it to others, then this summary is worth a read.

4 : A.I. Developer Salaries

This article in the New York Times has been pretty popular this week. It seems that AI is indeed the hot topic, Many companies are looking to either build entirely new solutions based on ‘AI’ capabilities, or introduce AI components in their systems, and for developers with the right skills, there could be a job commanding a pretty decent salary!

5 : Visual Studio Code changes icon colour

Erm, so, the final item is, as the title suggests, Microsoft Visual Studio code announced that they are changing the icon colour back to blue in the next update.

Now, I wouldn’t normally include something as trivial sounding as that, but it seems us developers really take offence if someone changes the colour of an app icon that we use every day. Microsoft changing the icon back has generated huge volumes of comments around the web!

So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – October 20th 2017

So, welcome to the 4th edition of developer news!

Again, as with last week, I could have included many more items, but have tried to limit it to the top 5. As I said before, if interest does continue, I am considering some other formats for daily news and commentary in addition to this weekly post.

So, here we go again:

1 : Researchers find serious flaw in WPA2 protocol

A big story for this week, covered seemingly everywhere, is a security flaw found in the WPA2 protocol, the protocol used to secure most WIFI networks. Known as the KRACK attack, it affects most devices. For more information on the research and the implications, checkout the details here.

2: Docker announces native Kubernetes support

Docker has announced native support for Kubernetes. This means that anyone developing for Docker has the option of testing locally using both Swarm and Kubernetes schedulers.

On of the advantages of using Docker is the promise that the application runs the same way in development as it does in production.

This announcement means, that this promise now extends to scheduling and orchestration of our containers. For more information, see the announcement here.

3 : Apache HTTP server gets native Let’s Encrypt support

Another item relating to native support. This time, it’s the apache http server (http), announcing native support for the ACME protocol used by Let’s Encrypt.

Hopefully this means that the process of deploying secure websites should become simpler.

See here for more details on what this means.

4 : Servless computing – economic and architectural impact

This is less of a news item, but more of an interesting paper discussing the impact of so-called ‘serverless’ computing.

For those not aware, it’s an architectural style that means as developers we are deploying executable functions and configuring routing when delivering web applications or services.

It obviously does not mean there are no servers, only that the platform we deploy on is responsible for maintaining them, and scheduling our functions in response to a valid request.

I think it’s an approach that certainly does hold some merit, but would be very wary of a lot of the hype going on around this at the moment.

Take a look at the paper here.

5 : Facbook open sources RacerD

The final item for this week, is an announcement by Facebook, open sourcing their ‘RacerD’ tool.

This tool is a static code analysis tool that analyses Java code for potential race conditions.

Being a static analysis tool, it obviously does not require running the application in order to look for potential race conditions.

I find it interesting that even now, Java demonstrates it serves it’s purpose in modern large scale applications, and that organisations are still pushing the boundaries and developing new toolsets around Java dev.

Checkout their page here for more info.

So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – October 13th 2017

So, welcome to the 3rd edition of developer news!

Again, as with last week, I could have included many more items, but have tried to limit it to the top 5. As I said before, if interest does continue, I am considering some other formats for daily news and commentary in addition to this weekly post.

So, here we go again:

1 : Microsoft stops development on Windows 10 Mobile

In a series of Tweets Microsoft’s Joe Belfiore confirmed that Windows Mobile 10 is now effectively in maintenance mode, with only security and bug fixes being performed. No feature development or hardware development is going to take place.

For more information, including details of the Tweets, checkout one of many write-ups here.

2: CSV Injection Demonstrated

I wanted to highlight a really great article by George Mauer, highlighting some potential security issues with CSV field import and export.

I don’t know about you, but a pretty decent number of systems that I have worked on, and do continue to work on have some form of ‘spreadsheet export/import’ feature, and as developers, we like to keep things simple and go with a CSV import.

After all every spreadsheet program, offline and online accepts CSV, and they are safe aren’t they?

Well, this article demonstrates they aren’t always immune to injection attacks, and we should think of security when dealing with CSV data.

Checkout the article here.

3 : Oculus Go

At their Oculus Connect 4 conference, Oculus have announced their upcoming Oculus Go device. (yes I’m aware I used the word Oculus 3 times in that sentence!)

It’s a device they describe as defining a new category of VR devices, that of 100% standalone devices.

As it sounds, this device does not need to be tethered to a PC, or paired with a mobile phone to operate. It is 100% standalone.

From a developer perspective, this could open up a number of interesting applications, and could potentially drive VR adoption, making it a more worthwhile platform to invest it.

For me, VR is something I’m keeping a casual eye on. AR is something I think has more potential, but am still in the monitoring stages before investing in any particular platform.

For more details, checkout their announcement here.

4 : Bancor / Ethereum flaw in detail

Hackernoon has a great writeup of a flaw gaining a lot of press coverage in Bancor, a high profile smart contract running on the Ethereum platform.

As Blockchains and smart contracts seem to gather increasing interest (or hype), as a developer, it’s interesting to see a demonstration of how careful we must be when deploying code as a distributed smart contract.

It has serious implications.

This article demonstrates that in merely 150 lines of Python, it’s possible to exploit a flaw in the smart contract to monitor trades on the platform, and guarantee that you can sell tokens at a high price than you are purchasing them.

There’s a lot of good technical detail in the article, and even if you aren’t actively planning on developing blockchain applications, it’s well worth a read, and if you are, it’s a cautionary tale on being extremely careful with how you develop and deploy smart contracts.

Checkout the article here.

5 : Friday the 13th coding horror

The final item for this week, is a developer generously sharing some code that they created early on in their development life. This is a codebase, the developer self describes as “An incomprehensible hellscape of spaghetti code.”

This repo is getting a lot of discussion on reddit and hacker news, and it’s really great to see discussion of what doesn’t work in a codebase, in addition to how we should be doing things.

I believe that especially with the way technology advances so quickly, there are many many ‘right’ solutions to a problem, and developers are often far too quick to declare their way / favourite stack as the only way to do things.

I think that actually, we can learn an awful lot by looking at what doesn’t work, an understanding why, so it’s great to see discussions like this going on.

Are you brave enough to share your coding mistakes?

So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – October 6th 2017

So, welcome to the 2nd edition of developer news!

It’s only the second edition, and I have already broken a rule I established last time. I’ve included 6 items this week, going over my previous limit of 5.

To be honest, I could have included many more items. I don’t know if was just because I had this post in mind, or whether it was a busy week, but it seemed I encountered so many interesting news items, articles, and tutorials this week.

I may mix up some formats if that trend continues, posting a weekly summary here, and a more realtime feed elsewhere, but more on that in another post..

So, without further ado, here we go:

1 : Apple iMac pro announced

Yes, I know, not everyone uses a Mac for development, but to be honest, most developers I encounter seem to.

And even if you don’t, Apple’s announcement demonstrates a seriously capable machine, whether you work on some intensive applications, like spinning up ridiculous numbers of docker containers, regularly perform video editing, or want to get into VR development, this machine seems more than capable.

It sports up to 18 cores of processing power, an all new Radeon Vega graphics card, and up to 128GB of RAM, so should handle most workloads without blinking.

For more details, see their announcement page here.

2: Alibaba Java coding guidelines

Alibaba has open sourced their Java coding guidelines.

I always find it interesting when an organisation does this. It’s an opportunity to both review my own opinion on coding best practices as well as gain an insight into how other organisations approach coding guidelines and code review.

I must say that it’s well structured in that they differentiate between mandatory and recommended practices, but their list is absolutely huge. I find it hard to see how any developer could remember to adhere to all of those guidelines, or review other people’s work against them.

Are coding guidelines something you find useful?

Checkout the full list for yourself on their GitHub repo.

3 : Strangeloop 2017 videos

Videos from the Strangeloop 2017 conference have started to be uploaded to their YouTube channel.

If you aren’t familiar with the conference, it’s a conference covering various programming topics, including languages, databases, distributed systems, and security.

Whilst I have never attended in person, I always find the videos valuable. Some of the talk titles uploaded this year include “Zuul’s Journey to Non-Blocking”, “Keeping Time in Real Systems”, “Reduce: Architecting and scaling a new web app at the NY Times”

4 : Redis 4 planning to add streams

Streams, a concept popularised by Kafka are now on their way to being translated into a Redis 4.2 module. I know many people have looked to Redis as a backend for stream oriented, or event driven systems.

The problem is, without streams, developers have to do extra work to bridge the gap between the list-like data structures and the pub/sub capabilities, often resorting to a mix of technologies to achieve a reliable event driven system and emulate an append only event log.

For more details on the planned work, see this post.

5 : Keybase launches encrypted git

Keybase has announced support for truly private repositories. These are git repositories that offer end to end encryption, so that even Keybase themselves cannot inspect the contents of your repository.

I can imagine for many people who don’t want to support their own git infrastructure, yet don’t feel comfortable uploading company source code, or things like API keys, or other company secrets, this could be worth checking out.

For more details on how this works, take a look at their announcement.

6 : Preview of upcoming PHP 7.2 changes

Kinsta has a really well written and comprehensive article outlining the changes, and impact of changes to be released at the end of November in PHP 7.2.

If you are an active PHP developer, then this article gives a really good hands-on overview of what the changes actually mean.

So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – September 29th 2017

So, this is a different kind of post, and something I’ve been thinking of trying for a while.

At the moment, this is something I want to trial, and if people find this useful will continue to do this.

As part of my consulting work and teaching work I do with developers and development teams, I feel it’s vital that I stay on top of advanced in our industry.

Most technology developments are things that I just need to be aware of. Some are ones that I need to dig into more details with, and others are things that I go deep on, and adopt in my own work, or work I do with clients.

So in this series, I will summarise my own research and comment on what I feel are the top 5 most interesting developments, updates, and articles from the past week in software development.

So, without further ado, here we go:

1 : ReactJS Updates

After huge amounts of criticism and concern, React JS has switched license from BSD + Patents to MIT license in version 15.6.2, and also released a newer v16.0 build with some new features.

In v16.0, they describe the changes as “some long-standing feature requests, including fragments, error boundaries, portals, support for custom DOM attributes, improved server-side rendering, and reduced file size.”

To be honest, I think most developers are going to be more interested in the licence change than the new feature set, though it’s good to see development continue.

If the previous license had you concerned, and planning switching to alternative frameworks, how do you feel know about the future of React? Do you now feel happy to continue using it?

For more details on this, checkout the react blog

2: Firefox Quantum

Mozilla has announced a beta of Firefox Quantum. This is a new Firefox build that includes what they describe as a completely reinvented modernized engine, offering significantly fast performance.

I know many developers that used to be Firefox fans switched long ago to Chrome, and also Safari for some, mainly due to performance, but also due to Firefox feeling dated.

What are your favourite browsers for development / general browsing? It will be interesting to see if the speed improvements are worth it, and lead to more of us going back to Firefox.

More details on their announcement are available on their site.

3 : New Alexa hardware and SDKs

Amazon has announced new Alexa hardware, including compact echo that includes a screen, plus Alex gadgets, a way to interact with all new Alex buttons, plus also build your own hardware that can interact with Alexa.

You can see more details on their development blog.

A link on the blog allows you to register to be notified when these new SDKs are available to use.

For me, Alexa, and audio interaction is something that I am keeping an eye on, and may also be releasing something on shortly.

As a developer, what’s your opinion on Alexa / voice interaction? Is this something you are building for now, or looking to do in future?

4 : TypeScript at Lyft

If you aren’t already aware, TypeScript is a superset of JavaScript that adds optional static typing to the language.

This comprehensive article from the engineering team at Lyft gives a good breakdown of their motivations for choosing TypeScript over plain JavaScript, as well as FlowType as well as digs into details of how they went about this and the benefits they have seen.

I know for me, even though I tend to stick with vanilla JS over TypeScript, given I tend to use Visual Studio Code for editing, I see the benefits of TypeScript day to day, purely through the autocompletions and hints the IDE provides based on TypeScript definitions.

5 : Unit testing Postgres

Simon McClive has written a really interesting article detailing an approach to unit testing changes at the database level.

If you are working with databases of any reasonable complexity, the schema will change over time, and his approach seems like a great way to introduce testing at that level.

For me this is something I would adopt in addition to many other types of tests, but it seems like this would be very valuable as a way to catch errors before any end to end tests ran, which at best, even if they do spot issues are likely to result in high level application errors that need to be debugged.

So that’s it for this first post of this type. I’m comitting to doing this weekly for the next 4 weeks, and if people find it useful am happy to continue further.

If you have any feedback at all, then please do let me know.

TDD Mindset == Confidence

Recently, I was talking with another developer about confidence when writing code, and what I felt lead me to be able to get changes out to production quickly.

He wanted to know what it was that gave me confidence that my changes

a) weren’t going to break anything, and
b) had the desired results

I mentioned my previous blog post where I talked about TDD / unit testing mindset, and gave some examples of tests that were written with the typical ‘I have to test this method/action’ kind of mindset, and talked about why that might not be such a good idea.

Now, I’m not saying that it’s easy to adopt a different mindset, but writing tests, and writing them well does require a different mindset to the one we adopt when writing the ‘real’ code.

Adopting a mindset is a hard thing to do. It is more than just instruction. It takes time, deliberate practice, and guidance, but once it clicks, it’s really powerful.

Here’s an example from development work I do with one of my clients.

That team that I am working with work in a pretty Kanban-like way. Often pretending it’s scrum, but basically each developer is working on their own stream of features, sometimes getting interrupted to work on defect fixes for issues found in production for unexpected conditions.

For both the day to day feature work, and the defect fixes, where there is often a lot of perceived urgency in getting a fix out, adopting the right mindset, and having the right approach to writing tests gives a massive boost to my performance.

It provides confidence. Confidence to make changes, knowing I haven’t broken any behaviour that I had previously explicitly called out, deliberately tested in isolation.

With the right set of tests in place, I can very very quickly create a new test, see this fail, make the change, repeating until the feature is done, or the defect is fixed.

By focusing on behaviour, by adopting the right mindset, I genuinely have no concerns about deploying changes to production in a matter of hours, if not minutes.

The tests are doing what they should do. They are helping me. Making me better. Making me faster. Making me more confident in my ability to deliver.

How do you feel about your tests, TDD, or unit testing that you do? Do you have a consistent approach and understand why that approach works?