Weekly developer news – December 15th 2017

So, welcome to the 12th edition of developer news.

A full five items for you this week. Again I would love to hear your feedback on this weekly news, whether you find it valuable, or whether you have any content you would like to share.

1 : Microsoft Quantum Computing dev kit

It’s been around for a couple of months, but it is something that is getting a lot of coverage this week, with a log of ongoing discussion.

For those, that don’t know, Microsoft have announced a preview of ‘Q#’ their quantum computing development environment. It contains tooling that can be used to develop quantum programs and algorithms. Now, obviously this is all running through simulators, and practical applications are somewhat limited, but it’s good to see frontiers being pushed in computing, so if you have some time, this toolkit might be worth checking out.

2: IBM code patterns for AI, blockchain, chatbots

.. and other buzz words.

IBM are also one for wanting to be on the cutting edge of technology, and yes, their code patterns do read like a list of tech buzzwords, but for those wanting to keep up to date with new tech developments, they are worth checking out.

Their code patterns library contains example applications, templates, and design patterns that can be used for what they describe as complex programming challenges. With some of these fields becoming more popular, especially with developments in AI, there is a shortage of developers that have these skills, so it’s worth checking out their code patterns here.

3 : Amazon announced AWS SSO

As part of their AWS offering, Amazon have announced a new Single sign-on (SSO) solution. This provides the ability to integrate with user’s Amazon’s identities within your applications without needing to setup any of your own sign on infrastructure.

This is potentially a time saver for both yourself as a developer and customers who are already likely to have Amazon accounts.

As a bonus, there is also currently no charge for using this service. Checkout the details here.

4 : State of JS 2017

As we approach the end of 2017, there are a number of ‘state of X’ type surveys out there, and the one I want to highlight this week is a popular one surveying the current state of JavaScript language, libraries, and frameworks.

The analysis is pretty comprehensive and it makes an interesting read for anyone currently developing front end of back end code in JavaScript, especially for those looking to ensure their skills remain current.

Checkout the full survey results and analysis here.

5 : HTTPS on Landing Pages

This might seem like a small issue, but it’s a news item that has also been pretty popular around the web this week, and rightly so.

Troy Hunt presents an article describing some communications with a UK bank, Natwest, where he points out that their main customer facing website is not HTTPs. Yes, their online banking are, but the main pages customers will access to get to those secure pages is not.

As security seems to become increasingly more important to keep an eye on, with security breaches gaining more press, it’s important as developers to ensure we follow best practice and understand why.

Checkout the article here.

So, that’s it for this week. I’m off to check whether my client’s landing pages are all HTTPS. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – December 8th 2017

So, welcome to the 11th edition of developer news.

I only have 4 items to include this week. Developments in tech have been a bit quite this week, which is pretty typical for this time of year, but there were 4 items that I wanted to point out

1 : Atlassian BitBucket Deployments

The first article I would like to share is an announcement from Atlassian. They have now introduced native deployments for BitBucket repositories. This means that deployment information and control now lives alongside your BitBucket repository, allowing you to see which changes have been deployed into what environments, and easily move code between staging and production for instance.

Hopefully, as more teams get to grips with continuous delivery, integrations like this will make rapid deployment much easier to adopt.

Checkout the details on their announcement page here.

2: Pivotal Cloud Foundry platform updates

At their annual SpringOne conference, the team behind Spring announced a number of improvements to their CloudFoundry platform, including support for ‘serverless’ computing, containers, and app stores.

If Spring is part of your day to day toolkit for enterprise software development, then it’s worth checking out this summary of their announcements to see whether there are technologies that you should be planning for.

3 : DeepMind learns chess, beats Stockfish

In case you haven’t heard, DeepMind the AI engine famous for beating world class Go players, has been repurposed to learn chess in 4 hours, and beat the world class chess Stockfish engine.

There are some questions as to how ‘fair’ the matches were, as hardware details and constraints are not entirely clear, but there is no doubt that the act of learning the rules of chess and then performing at this level is a significant accomplishment, that can hopefully be applied to multiple domains outside of purely game based areas.

The paper describing the process has much more technical detail.

4 : Hacking a turned off computer

Going with another security related item for this last entry, we have a blackhat article describing how a vulnerability in Intel Management Engine could be exploited to allow access and running of arbitrary code.

Checkout the details here, plus an interesting reddit discussion on their findings.

So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – December 1st 2017

So, welcome to the 10th edition of developer news and the 1st of December!

Here are the top 5 for this week:

1 : Reflection & retrospectives

The first article I would like to share is less news as such, but a new article that discusses the importance of retrospectives and making time for personal reflection as part of our work.

With many organisations I work with, I see the typical Scrum sprint being about cramming as much work as we can in before marching headlong in to the next sprint.

I do see teams having retrospectives, but they are hard to get right. It’s also hard for a number of reasons to really participate and get lasting value out of these sessions, especially when they become overly formal.

This article gives a good reminder as to why we should make time to both team and individual reflection.

2: AWS releasing many things!

So item 2 this week as part of Amazon’s AWS:reInvent conference, they announced a whole number of updates to new and existing services.

Some of the notable ones for me include access to EC2 Bare Metal instances, allowing direct access to hardware for applications where this matters as well as AWS Cloud9 IDE, following on from their acquisition of the cloud9 IDE, they announce a new version with deep integration into the AWS stack.

For more details on the other items announced, checkout the AWS new blog here, or a good summary of the changes on TechCrunch.

3 : GDPR for developers

As a developer, you have probably heard the term GDPR mentioned around the office, but perhaps you aren’t sure exactly what it is and what the impact of it will be.

Bozho has a great writeup of exactly what this will mean for the applications that you are working on.

4 : Root access on MacOS without a password

Unless you have been hiding under a rock writing Haskell, you have probably heard of the security issue on MacOS that allows root access without a password.

For those curious about the details of this, and exactly what the bug in the code was that caused this, there is a great article here that takes an in depth look as to how this happened.

5 : Kotlin 1.2 released

To conclude this week, I want to switch track slightly, and mention the Kotlin 1.2 release.

They describe Kotlin 1.2 as a major new release (but not major version number :-). Most interestingly for me is that for full stack developers, it builds on the JavaScript build target introduced in version 1.1 to allow code sharing between back end and front end (where appropriate!).

For me, I work on projects of various sizes, and for some of them, it’s a real advantage to be able to have shared libraries that are multi platform, that can be used on back-end, front-end, and even mobile.

So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – November 24th 2017

So, welcome to the 9th edition of developer news!

Apologies for this week’s news being a couple of days late, but here it is now:

1 : Troy Hunt on data breaches

In this first item, Microsoft MVP Troy Hunt, shares an article describing how he is testifying in front of congress on the impact of data breaches. It seems that data breaches, or at least news covering them are becoming increasingly more common.

This article provides a good overview of the impact of data breaches. There is also a good following discussion on this article on Hacker News, and Reddit.

2: Linus Torvalds

So another security related item, but this time Linux Torvalds voicing his opinion on security engineers, and approaches to managing security flaws on the Linux kernel mailing list. As ever, he is very vocal about his opinions, and certainly evokes a lot of reaction from around the web. This does serve to open up a lot of discussion into what we should be doing as software engineers to avoid security issues, and react responsibly.

See his comments here, and an example of some of the resulting discussions here and here.

3 : 77% of sites use vulnerable JS libraries

Sticking with the security theme for this week is a report that illustrates an analysis of over 400,000 web sites that found 77% of them were using JavaScript libraries with known security vulnerabilities.

It is a good reminder that even once our code is delivered and running in production, we should be aware of ongoing maintenance such as looking for updated packages that contain important security fixes.

See details on the report here.

4 : New OWASP Top 10

OWASP have just released their new top 10 application security vulnerability analysis. If you haven’t heard of their publications, they are a pretty popular thorough analysis of the top 10 most critical web application security risks.

This updated version shows the current state of security risks as well as compares this to their earlier publication.

Basically, if you are writing any publicly visible web application, you need to read this guide and the recommendations within.

5 : From Markdown to remote code execution

To conclude this week, and the security related theme, we have an illustrated walkthrough of what exploiting security vulnerabilities can look like.

This article takes a step by step approach, and walks through vulnerabilities in the Atom text editor, and shows how you can go from an issue in markdown handling to remote code execution.

So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – November 17th 2017

So, welcome to the 8th edition of developer news!

So, in no particular order:

1 : Microsoft joins MariaDB Foundation

In this first item, Microsoft announced they have joined the MariaDB Foundation as a platinum sponsor, joining the likes of Alibaba and Booking.com. For those that don’t know, MariaDB Foundation is the non profit behind the open source MariaDB database created by the original founders of MySQL. It’s a database that I seem to encounter more and more, and this announcement adds extra weight to this popular database.

See the press release of the announcement here.

2: Visual Studio Live Share

So for another Microsoft related item, but it’s one I felt was also worth pointing out. Microsoft have release Visual Studio Live Share, a tool for live real time collaborative editing between developers without the need for complex setup on each project.

As someone that works with remote development teams more often than in person, this is something I will be trying out. I have tried similar products before from the likes of Floobits, but have never found a solution that worked as well as I would have liked.

Checkout the details here.

3 : GitHub introduces security alerts

GitHub have introduced a security alert feature for all repositories hosted there. When enabled this feature will automatically scan your project’s dependencies for known security issues and suggest possible fixes that you could apply.

This is something enabled by default for public projects, and something you have to enable manually for any private projects you have.

I think this is a great feature, as the dependencies of many projects are left outdated even when critical security issues are found.

See more info over here.

4 : LucidChart on converting to TypeScrit

TypeScript (optionally typed JavaScript) is a language I have been paying more attention to recently. It’s something I have been experimenting with in terms of teaching to other developers, but also something I have been using on more of my own projects, and I have found real benefits in terms of productivity and quality.

This article from LucidChart is a great writeup of how they found the process of migrating their existing codebase from JavaScript to TypeScript.600K lines in 72 hours no less!

5 : Technology shift on Stack Overflow

So, the final item is an analytical piece by Stack Overflow using their huge database to look at how technologies are shifting based on Stack Overflow question data.

For me, I always feel it is important to be aware of technology and language trends, as even if I don’t end up using any up and coming technologies, I often find value in seeing what new things they offer and like to see whether those learnings are applicable elsewhere.

Checkout their analysis here.

So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – November 10th 2017

So, welcome to the 7th edition of developer news!

So, here we go again:

1 : Google Chrome intervention breaking sites

This is a technical piece, but one that has been widely shared. The summary is that in order to improve performance, Google made a breaking change that affects how draggable UI events are processed. Needless to say, there are many upset developers, and no doubt many people completely unaware their sites have been broken.

Google suggest using ‘less aggressive’ browsers if this is something you care about.

For more detail, checkout the article here.

2: Be wary of Serverless lock-in

This second link is a cautionary article by The Register on serverless architecture. It’s an architectural style / type of PAAS offering that is become more popular, and promises simplified application development where we no longer have to worry about creating servers ourselves, and instead can host our functions in a PAAS that will handling request routing for us.

It’s a pattern I am certainly keeping an eye on, and can see some benefits, but without any kind of standardisation I agree that lock in should be a concern.

Checkout the article here.

3 : C almost had MIN and MAX

This third item is an interesting stack exchange discussion showing how the C language almost had native MIN and MAX operators, and how they were apparently lost and abandoned over time.

4 : Javalin – Java/Kotlin web framework 1.0 released

This is an announcement that the Kotlin web framework Javalin has now reached version 1.0 stable status. It’s great to see languages like Kotlin gaining adoption, and frameworks like this signify the importance of ongoing language development on top of our existing platforms.

If you develop on the JVM, is Kotlin something you have been looking at?

5 : RedHat moving OpenStack platform to containers

So, the final item is an article detailing how RedHat have started the process of moving their OpenStack platform to containers.

The popularity of containerisation seems to be never ending, and this is yet another big endorsement of this current technology trend.

Are containers something you are looking to implement, or already up and running with?

So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – November 3rd 2017

So, welcome to the 6th edition of developer news!

So, here we go again:

1 : IETF approves new 103 HTTP status code

A draft for a new HTTP 103 status code has now been approved. This new status code is one used to indicate ‘hints’ to clients, to indicate additional external resources that could be pre-fetched, before the main content within the initial HTTP request is returned.

For more detail, checkout the spec here.

2: Apache Kafka goes 1.0

As a technology, Apache Kafka is one I have been keeping an eye on. For those that don’t know, Kafka is a platform for distributed stream processing. If you have an event based system, it can allow massively scalable stream writing and reading from multiple publishers and consumers that can react to these events in real time.

Kafka going 1.0 is a big milestone. Yes, there are a bunch of features in the 1.0 release, but the version number is more significant to me, and hopefully something that will drive more adoption (when a good fit for the problem!).

See more details on the release here.

3 : Paper on lock free concurrency

This third item is a paper discussing lock free concurrency. This is a concept that I find not all developers are familiar with. Many developers when faced with a concurrency related problem will just reach for a Mutex or similar construct.

This paper gives a good overview of lock free concurrency and when and how you might want to use it.

4 : Most disliked programming languages

If you haven’t seen this, then this article on the stack overflow blog is worth a read. It is based on their own job related postings and details the languages that developers over there have expressed they would like to not work with.

The most disliked language, perhaps unsurprisingly is Perl, but checkout the article here for more language wars!

5 : Google Firebase updates

So, the final item is a TechCrunch article, covering a Google event where they announced so forthcoming changes to their Firebase platform.

As a platform, and backend for applications, and mobile application Firebase is platform I have used before the Google acquisition. At the time, I found it looked promising but lacked the features required to make applications built on top of it robust and scalable in all scenarios.

It’s interesting to see Google take this platform seriously and continue to develop features. For more details, see the article here.

So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – October 27th 2017

So, welcome to the 5th edition of developer news!

Again, as with last week, I could have included many more items, but am just going with the top 5 for now.

So, here we go again:

1 : Swagger is now the OpenAPI specification

Swagger, the most popular choice for API tooling and generation, contributed their V3 spec to the Open API initiative. This basically means that the specification used to drive API tooling, client, and server generation has now been accepted as an open specification, as a standardised way to describe APIs and the services they provide.

For more detail, checkout the article here.

2: What is the cost of reverse engineering?

More of a legal twist for this second item. The site internetcases has an article on a recent court case brought in both the US and UK relating to reverse engineering competitor’s software, not through decompilation, but through use of the system and inspecting the outputs. A court found that this did indeed constitute reverse engineering and considered it to be a breach of contract.

So, be wary of mimicking the behaviour of your competitor’s applications.

For more info, see the article here.

3 : Evidence of test driven development

This third item is an article presenting the findings of numerous recent studies into the value of test driven development, and the impact it can have, both positive and negative.

If you remain unconvinced, or need to ‘sell’ it to others, then this summary is worth a read.

4 : A.I. Developer Salaries

This article in the New York Times has been pretty popular this week. It seems that AI is indeed the hot topic, Many companies are looking to either build entirely new solutions based on ‘AI’ capabilities, or introduce AI components in their systems, and for developers with the right skills, there could be a job commanding a pretty decent salary!

5 : Visual Studio Code changes icon colour

Erm, so, the final item is, as the title suggests, Microsoft Visual Studio code announced that they are changing the icon colour back to blue in the next update.

Now, I wouldn’t normally include something as trivial sounding as that, but it seems us developers really take offence if someone changes the colour of an app icon that we use every day. Microsoft changing the icon back has generated huge volumes of comments around the web!

So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – October 20th 2017

So, welcome to the 4th edition of developer news!

Again, as with last week, I could have included many more items, but have tried to limit it to the top 5. As I said before, if interest does continue, I am considering some other formats for daily news and commentary in addition to this weekly post.

So, here we go again:

1 : Researchers find serious flaw in WPA2 protocol

A big story for this week, covered seemingly everywhere, is a security flaw found in the WPA2 protocol, the protocol used to secure most WIFI networks. Known as the KRACK attack, it affects most devices. For more information on the research and the implications, checkout the details here.

2: Docker announces native Kubernetes support

Docker has announced native support for Kubernetes. This means that anyone developing for Docker has the option of testing locally using both Swarm and Kubernetes schedulers.

On of the advantages of using Docker is the promise that the application runs the same way in development as it does in production.

This announcement means, that this promise now extends to scheduling and orchestration of our containers. For more information, see the announcement here.

3 : Apache HTTP server gets native Let’s Encrypt support

Another item relating to native support. This time, it’s the apache http server (http), announcing native support for the ACME protocol used by Let’s Encrypt.

Hopefully this means that the process of deploying secure websites should become simpler.

See here for more details on what this means.

4 : Servless computing – economic and architectural impact

This is less of a news item, but more of an interesting paper discussing the impact of so-called ‘serverless’ computing.

For those not aware, it’s an architectural style that means as developers we are deploying executable functions and configuring routing when delivering web applications or services.

It obviously does not mean there are no servers, only that the platform we deploy on is responsible for maintaining them, and scheduling our functions in response to a valid request.

I think it’s an approach that certainly does hold some merit, but would be very wary of a lot of the hype going on around this at the moment.

Take a look at the paper here.

5 : Facbook open sources RacerD

The final item for this week, is an announcement by Facebook, open sourcing their ‘RacerD’ tool.

This tool is a static code analysis tool that analyses Java code for potential race conditions.

Being a static analysis tool, it obviously does not require running the application in order to look for potential race conditions.

I find it interesting that even now, Java demonstrates it serves it’s purpose in modern large scale applications, and that organisations are still pushing the boundaries and developing new toolsets around Java dev.

Checkout their page here for more info.

So, that’s it for this week. If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.