Weekly developer news – March 16th 2018

So, welcome edition 23rd of developer news. Sorry there wasn’t a post last week if you were looking out for one.

There are a couple of reasons for that, but the main one is, there wasn’t really anything that I felt was worth highlighting. There was the usual kind of background news and recycling of news, comments, and opinion, but nothing that really caught my eye as something worth digging into or highlighting.

But, this week, I do have some items to share.

1 : Updating a 50 terrabyte PostgreSQL DB

First up is a medium article, from a system administrator at Ayden discussing how they dealt with updating a pretty sizeable database by anyone’s standards.

It’s a nice illustration of the thinking that has to happen when things get that big, and it does go into some detail on migration approaches and architecture.

2 : SQLite language choice

This second item, is an article that has been shared a lot both publicly and privately from the SQLite team discussing why it’s written in C. It’s not necessarily new information to many, but it’s good to see a language discussion that doesn’t revolve around purely style of syntax.

3 : Rust’s 2018 Roadmap

Next is a post from the team behind the Rust language, publishing their roadmap for the Rust language development for 2018. It’s not a language that I’m familiar with in terms of day to day usage, but I always like to monitor other language developments. I like to expose myself to different language, system designs, and like to look at differences in approach to my own, either opposing or complementary.

4 : GitHub doesn’t want to monitor your code

Finally for this week, is an article by GitHub regarding a proposed EU law which relates to the automatic monitoring of uploaded content for copyright infringement.

It’s a proposal mainly aimed at people sharing media, music, videos etc, but code would come under the same category, and many people, including GitHub don’t like that.

There lots of discussion around the web, and many different views, with some people seeing it as a positive proposal, others not liking the ‘monitoring’ side of it. GitHub obviously don’t want the overhead and complexity of having to do this. To detect copyright infringement of uploaded code automatically is a massive job, and one which is very likely to give false positives.

So, that’s it for this week.

If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – March 2nd 2018

So, welcome edition 22 of developer news on a very snowy day here in the UK!

I might be snowed in, but still have internet, and there’s still developer news!

1 : Flutter beta 1 released

First up is a new framework release. First one worth point out for a while, and it’s a new mobile UI Framework developed by Google that they announced at Mobile World Congress 2018.

The article gives a good intro with some videos too, and describes how this framework allows for both developer productivity and great on-device performance.

It support creating native apps on both iOS and Android. You can see the project page itself at flutter.io.

2 : IoT security

This second item, because you can never have enough of security vulnerability news, is another look at real world security flaws in a number of IoT devices. As developers, it’s worth considering how and where our code will be deployed, and ensuring we do all have good security practices.

3 : AWS certified developer exam beta

Next is Amazon, launching a beta of their new certified AWS developer exam. If it’s something that appeals to you, then you can register your interest at that link.

I also like to be in a position to demonstrate my development expertise, skills and learnings. There are many many ways to do this, and sometimes some kind of certification can be useful, particularly where third party platforms and ecosystems are involved, so if you are looking to do more on AWS it’s worth looking at.

4 : Quitting Google

Finally for this week, is an article titled “Why I Quit Google to Work for Myself“. This article has been shared all over the internet, private chats this week, with many comments on Reddit and HN.

It’s a good look at what being a developer in a massive metrics driven organisation can look like.

Having worked in many types of development organisations, it’s always interesting to read about other people’s experience in different types of org. Some places are more suited to certain types of developers at different times than others, and I think it’s very healthy to acknowledge that.

So, that’s it for this week.

If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – February 23rd 2018

So, welcome edition 21 of developer news.

This week is similar to last week in that I don’t have anything in the way of libraries, frameworks, languages, or updates of that nature, but again  have a few links that I feel are worth looking at relating to tech debt, deployments, and breaking linux servers.

1 : How the UK government measures technical debt

First up is an article describing how the gov.uk classify and measure technical debt. It’s great to see a rational approach describing the strategy they use as well as some examples of decisions they have had to make to either address some technical debt, or decide to take some technical debt on board.

2 : Key logging in CSS

This second item is a GitHub repository demonstrating how a CSS file can be generated that allows key logging of sites the script is included on.

It’s quite a simple principle, using CSS selectors to make requests to external URLs under the pretence of loading a background image.

I think it’s a bit much to call it a key logger, as it is just operating on CSS selectors, so more useful for capturing data from forms, and even then there has to be a way to get the CSS on the page.

I think it’s worth looking at, if not from being concerned about security, then from a point of seeing how CSS can be abused.

3 : NPM 5.7.0 changes file permissions, breaks servers

Next is a GitHub issue for NPM version 5.7.0. Many users found that this particular version of NPM was changing key file permissions on their servers, including directories like /etc, causing many server issues, and for some users meant they had to reinstall the OS.

There’s a lot of interesting discussion on reddit about this npm issue too.

It’s a great reminder as to why we shouldn’t run tools like this as root, and also good to see that they turned a fix around pretty quickly, so update to 5.7.1 if you haven’t already!

4 : IBM Java CTO on Deployment

Finally for this week, is an interview with The Register with IBM’s Java CTO John Duomovich discussing Java, and focusing on deployment. He talks about how developers, and obviously Java developers shouldn’t have to learn Docker, K8s and many other tools just to deploy an app.

Obviously there is a massive IBM bias here, claiming their tools solve all. It has provoked many comments. On this reddit topic alone, there are currently 1200 comments!

I think deployment can be complex, and sure, maybe not all devs do need to know the details of all of these tools, but I think most developers should have general background knowledge about the deployment ecosystem. Having a decent level of knowledge of the available tools allows us to make more informed decisions and also work more effectively locally in our own day to day development.

So, that’s it for this week.

If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – February 16th 2018

So, welcome to the 20th edition of developer news.

This week, I don’t have anything in the way of libraries, frameworks, languages, or updates of that nature, but have a few links that I feel are worth looking at relating to reflecting on how we approach software development, as well as a bit of blockchain theory for anyone wanting to be aware of this at least.

1 : A Hitchhiker’s Guide to Consensus Algorithms

First up is as the title suggest, a nice introductory guide to consensus algorithms. If you don’t know, then consensus algorithms underpin the trust-less nature of blockchain technologies and therefore cryptocurrencies.

Whilst this article does take a crypto currency perspective on these, it is a good introduction to the different types of consensus algorithms, and why there are needed. For me, I’m more interested in blockchain technologies than crypto currencies, but am still very wary of the hype.

I think there are some genuine use cases, but certainly many many solutions looking for a problem.

2 : Skype security flaws require a rewrite?

This second item is an article relating to a pretty serious Skype security flaw allowing the attacker to gain system level privileges.

The most concerning part of this is that it would seem that to fix it, Microsoft have to rewrite the client.

Now, whilst we don’t have any technical details on exactly why that is the case, it is an interesting point.

I have seen many systems degrade over time that the only way to fix it is a rewrite. Sometimes that is true, and can be a result of compounding poor decisions over time. Sometimes though, we need to be braver with our refactoring efforts and not be afraid of tackling horrific codebases. There are tools and techniques that can be used to pull systems apart and put them back together in a controlled way.

I don’t know about this instance, but sometimes, it’s far to easy to say it needs a rewrite when we just need to accept the challenge.

3 : Extreme ownership and software engineering

Next is a nice article about the idea of Extreme ownership, taken from Jock Willink’s book of the same name. This article looks at what the concept of extreme ownership and responsibility would look like in the context of software engineering.

It’s a nice article about responsibility, overcoming insecurities to say ‘I don’t know the answer’ and owning up to mistakes.

I think if more development teams adopted this approach, our work could only benefit, and some of the best teams I have worked with certainly operate in this way.

4 : Lessons learned from Age of Empires

Finally for this week, another look back on lessons learned from past projects. This one is a look at lessons that were learned during the development of Age of Empires 1.

As you know if you have been following the dev news posts here, I’m a big fan of looking back on my own projects that I have been involved with as well as learning from other developers doing the same, so check it out!

So, that’s it for this week.

If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – February 9th 2018

So, welcome to the 19th edition of developer news.

I have a mix of items this week, from tools to open source to production issue analysis, so I hope you find these useful.

1 : href tools

First up is a site for web developers that has been shared a fair bit this week. It’s a site called href tools and it’s a collection of browser based tools to help web developers. It tools like HTML/CSS/JS compression, base64 image encoding and a couple of JSON related tools.

It’s still a work in progress by the look of it, but there are a couple of useful tools there.

If you are looking for other similar tools, then CyberChef is a site that has a much more extensive range of browser based dev tools, useful not just for web development.

2 : Browser based .NET apps with Blazor

This item is an experimental project from Microsoft’s ASP.NET team. It’s a web framework based on C#, Razor, and HTML that runs in the browser via WebAssembly.

I’ve done a reasonable amount of .NET development in the past, not so much recently, but it still does come up now and again. It’s interesting to see that there are still innovations by this team, looking to make the most of the continual developments in browser tech.

There is a great write up in their announcement with good details on the tech and also motivations for this project.

3 : Perspective

Next, we have a project that has been recently open sourced named Perspective. It’s from one of the dev teams a JP Morgan Chase, and like the Blazor project mentioned above, also makes use of WebAssembly in the browser.

This project is a streaming data visualisation tool designed to enable real time user configurable visualisations in the browser.

These are something that are notoriously hard to great right in a way that can actually perform with any significant data sets, so I’m looking forward to giving this a go on some test data.

4 : Epic fail?

Finally for this week, a post mortem of an issue that Epic Games encountered.

The encountered a service outage when one of their games hit an issue with 3.4 million concurrent players.

That’s a big number, but their article goes into a great level of technical details as to what the issues were, how they manifested and also what was required in order to address any scaling and performance issues.

As I have said before, I think there is a lot be learned from any situation like this, even if you aren’t operating at that kind of scale.

So, that’s it for this week.

If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – February 2nd 2018

So, welcome to the 18th edition of developer news. This week, it is the weekly developer news again!.

So, after a busy week of client work, I managed to set aside time this week to take a look at the various dev news articles that have been going around the web.

This week, it’s mainly about new releases of various libraries, tools and frameworks that I think are worth keeping an eye on , if not adopting depending on your needs.

1 : TypeScript 2.7 released

For those that don’t know, I’m a big fan of TypeScript. It’s certainly not without issues, especially where compatibility with existing straight JS modules is concerned, but I think it can add a lot of value for JS developers, and I see more developers showing an interesting or looking to adopt this.

The 2.7 release has a number of interesting features, including stricter class property checks to ensure that you aren’t leaving your class properties uninitialised.

And that’s one of the things I like about TypeScript. For me it has the productivity benefits that I get from JS, but adds extra safety making development quicker, and also less error prone.

Checkout the full details of the TypeScript 2.7 release.

2 : Stimulus 1.0 released

The team behind Basecamp, have announced a JS framework they describe as being  “A modest JavaScript framework for the HTML you already have”

As is typical with their work, they don’t tend to blindly follow the trend, and to announce a more traditional HTML binding style of JS framework  is not something that you see too often now.

For that reason alone, I think it’s worth a look, and worth considering what you really need from a framework. Just because you can create single page apps doesn’t mean you should!

They have a medium post that goes through the motivations and details of Stimulus.

3 : Hyperledger Sawtooth goes to 1.0

So, I did say this week’s news was all about new releases. This one is news that the Hyperledger Sawtooth project as now achieved v1.0 status.

For those that aren’t aware, Hyperledger is basically a collection of projects, with industry support from various organisations. These projects all have some relation to Blockchain / distributed ledger technologies and look to advance this space in an open source way.

The Sawtooth project, is one which makes it easier to build distributed ledgers for your own applications.

It’s something I have experimented with, and if you are interested in this space at all, then I think this project is certainly worth looking at.

They have a press release that details the capabilities of Sawtooth and what the V1 release means.

4 : Windows Vista – what really happened..

Finally for this week, something which certainly isn’t a new release. This item I wanted to highlight is an insiders account of what really happened with Windows Vista

I think it’s always interesting to get an insider’s perspective on what these large projects look like, especially one that must be as complex as Windows.

I also think we should encourage more transparency in the industry about failures as well as successes, and just design, and architecture and dev process in general.

The article is a great read an shows what delivering big projects over long periods of time can look like, for better or worse.

So, that’s it for this week.

If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Not the weekly developer news – January 26th 2018

So, welcome to the 17th edition of developer news. This week, it’s not actually the weekly developer news.

This week has been an unusually busy week with a lot of time critical work needing to be done for a couple of my clients, so I’m afraid I’ve had to drop keeping on top of any tech news and developments this week.

Rather than post nothing this week though, I thought it worth highlighting some of the technologies I’ve been working with a challenges with those.

For one of my clients, I’ve been working on developing some integration services to synchronise data between their customer’s online Shopify and BigCommerce stores, and their own order management platform.

From a language and framework perspective, this has been mostly based on Go, with a bit of Node.js thrown in too.

From a language point of view, I find both languages allow me to be very productive. Part of this is familiarity with the languages. Part of this is the quality of libraries and frameworks used.

The challenges for this client are the common integration pains of finding not quite complete API documentation / lack of full data returned by APIs meaning the integration has to calculated data that probably should come from the source platform.

For another client, I’ve been busy helping them get their MVP live. This is a complex project, with a main web app, accompanying mobile applications on iOS, Android, Windows mobile, as well as a PHP based API.

Getting this live has meant introducing continuous integration and delivery pipelines for all of the projects, setting up staging and production environments on AWS in the process.

Part of this process highlighted (as it often does) issues where the code in source control wasn’t quite in a deployable state. Dependency management issues are quickly shown up by deployment failures on our new environments. Workarounds where developers had manually modified the old production environment become obvious when code fails to deploy to clean environments.

I’m glad to say we now have everything automatically building based on pull requests in BitBucket to staging and production branches. On these requests being merged, we can automated building of the mobile apps, and automated deployment of the web and PHP components into a VPC in AWS using AWS CodeDeploy.

As these processes are not always easy, I’ll probably be creating some new content soon detailing how to set this kind of infrastructure up on your own projects

So, that’s it for this week. I hope to return to normality next week and bring back the weekly developer news as normal.

If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – January 19th 2018

So, welcome to the 16th edition of developer news. This week, I have 6 news items that I think are worth paying attention to, so here we go in no particular order

1 : Microsoft’s Performance Contributions to Git

First up is an MSDN blog post highlighting the performance improvements they contributed to Git over the last year. They claim their Git repository is the largest in the world, hosting the Windows source code, with 4,000 concurrent developers working on this repo!

Checkout their writeup here for how they improved git index and status performance.

2: Go support on AWS Lambda

Secondly, we have an AWS post announcing support for Go language on their AWS Lambda platform. I find myself doing a reasonable amount of Go development. As a language it does seem to be gaining popularity, as does the Lambda / ‘serverless’ architecture, so it’s interesting to see AWS take this on too.

Their article demonstrates how to go about writing a Lambda request handler in Go, so it should be very easy to get up and running if you want to try this yourself. For me, the Lambda approach is still one I’m monitoring rather than actively developing against and it will be interesting to see whether Go support attracts more developers.

3 : Making WebAssembly even faster

Following on from a previous set of articles going through the details of Firefox’s performance improvements, this article talks about the details of their new streaming compiler that results in some pretty decent performance improvements. The performance improvements in this space seem to pretty continuous, so it will be interesting to see whether we start to see more complex desktop-like applications in the browser become more common place.

4 : Bootstrap 4 released!

Yes, as the title suggest, if you didn’t already know, Bootstrap version 4 is now out!  As the almost de-facto standard for many web app developers, it’s great to see the results of many years worth of work released and production ready. For me, I won’t be migrating any sites right now, but for any new admin sites I’ll certainly be taking a look.

5 : Datomic in the cloud

Datomic have announced that they have a new Datomic cloud offering, making it even easier to get up and running with their database technology on AWS.

If you haven’t heard of Datomic, it’s a very different kind of database to your typical database. Yes, it’s transactional and supports all of the things you would expect from a modern DB, but the interesting thing is that the data is never lost. You can query against the state of your database at any point in time.

6 : Interview questions in JS

For this week, I want to finish by highlighting a discussion on Stack Overflow regarding a tech interview question for a JavaScript developer – Is it ever possible for (a == 1 && a == 2 && a ==3) to evaluate to true?

As well as the SO post, there has been a lot of discussion elsewhere about this with many people point out how yes, you can actually make JS code return true through overloading various default behaviours.

Some people take offence at JS letting you do this, but many languages let you do this too, it’s just not something that for this example is really sensible.

I have encountered these kind of interview questions myself in the past, and I can’t help thinking that questions like this don’t really help anyone and tell you whether a dev would be a good fit for typical real world development. I have also had rapid fire Q&A type situations in interviews too.

For me, on both sides of the table, the best interviews have been where there has been genuine discussion about past projects, projects that you would likely be involved with, and general approaches to solving development problems.

So, that’s it for this week.

If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.

Weekly developer news – January 12th 2018

So, welcome to the 15th edition of developer news. And yes, I know it’s actually the 13th of January, so I’m a day late, but yesterday was a busy day, with lots of client work and battling with AWS!

1 : CPU Fixes & Anti Virus Vendors

The aftermath of the Meltdown and Spectre CPU security issues continues, and this first post is about how the Microsoft’s security fixes require anti virus vendors to certify compatibility.

This is due to how anti virus vendors intercept system calls and make assumptions about memory locations.

As security issues seem ever more present, this is a good reminder to look at the security of your systems. I know that many production systems I work on are not update to date with all relevant security patches.

More details on this is here.

2: Harvesting Credit Card Numbers From Web Sites

This second item is a fictional piece showing how a developer could if they chose inject code into npm packages which would allow them to perform malicious actions on any site they are used on, including potentially steal credit card details.

It’s a great write up that should remind us to be careful what third party packages we choose to use in our code. npm does make it very very easy to publish and use packages, and in the JS world, it’s something we all do.

But maybe before selecting a package that looks like it solves our needs, we should at least inspect the code so we can be sure it is safe to use. And one other thing that many developers also forget to check is the licence of any packages we make use of.

3 : npm operational incident

Keeping with the npm and security theme, the third link for this week is a report by npm on a brief operational incident they encountered which resulted in a small number of packages being unavailable for three hours.

The cause of this is related to their own automated systems that attempt to perform static security analysis on any packages to prevent malicious code from being published.

It’s great to see that this is something they perform, and I always find it interesting to look at writeup of issues like this to see if there are any lessons to be learned I can apply to any projects I am working on.

4 : AMP Letter

Finally for this week, I want to point out the AMP letter site if you haven’t seen it. It’s a ‘letter’ by a community of developers raising concern for Google’s AMP (Accelerated Mobile Pages). It raises concerns, not about the AMP spec itself, but with their implementation, which puts Google in a very strong position of being in control of your content.

As well as the short letter itself, which highlights some very valid concerns, it’s worth checking out resulting discussions on hacker news and reddit.

So, that’s it for this week.

If you have any articles, announcements, tutorials, or anything else you think should be included next week, then just drop me an email.