SD Times March 2021

Page 1

FC_SDT045.qxp_Layout 1 3/1/21 8:15 AM Page 1

MARCH 2021 • VOL. 2, ISSUE 45 • $9.95 • www.sdtimes.com


003_SDT045.qxp_Layout 1 2/25/21 1:14 PM Page 2

Instantly Search Terabytes

www.sdtimes.com EDITORIAL EDITOR-IN-CHIEF David Rubinstein drubinstein@d2emerge.com NEWS EDITOR Christina Cardoza ccardoza@d2emerge.com

dtSearch’s document filters support: popular file types emails with multilevel attachments a wide variety of databases

SOCIAL MEDIA AND ONLINE EDITORS Jenna Sargent jsargent@d2emerge.com Jakub Lewkowicz jlwekowicz@d2emerge.com ART DIRECTOR Mara Leonardi mleonardi@d2emerge.com

web data

CONTRIBUTING WRITERS Jacqueline Emigh, Lisa Morgan, Jeffrey Schwartz, George Tillmann

2YHU VHDUFK RSWLRQV LQFOXGLQJ efficient multithreaded search

CONTRIBUTING ANALYSTS Enderle Group, Gartner, IDC, Intellyx

HDV\ PXOWLFRORU KLW KLJKOLJKWLQJ forensics options like credit card search

CUSTOMER SERVICE SUBSCRIPTIONS subscriptions@d2emerge.com ADVERTISING TRAFFIC Mara Leonardi mleonardi@d2emerge.com

Developers: 6'.V IRU :LQGRZV /LQX[ PDF26

LIST SERVICES Jessica Carroll jcarroll@d2emerge.com

&URVV SODWIRUP $3,V IRU & -DYD DQG NET with NET Standard / 1(7 &RUH

REPRINTS reprints@d2emerge.com

.

.

.

)$4V RQ IDFHWHG VHDUFK JUDQXODU GDWD FODVVLILFDWLRQ $]XUH $:6 DQG PRUH

ACCOUNTING accounting@d2emerge.com

ADVERTISING SALES PUBLISHER David Lyman 978-465-2351 dlyman@d2emerge.com

Visit dtSearch.com for KXQGUHGV RI UHYLHZV DQG FDVH VWXGLHV IXOO\ IXQFWLRQDO HQWHUSULVH DQG developer evaluations

SALES MANAGER Jon Sawyer 603-547-7695 jsawyer@d2emerge.com

The Smart Choice for Text Retrieval® since 1991

dtSearch.com 1-800-IT-FINDS

PRESIDENT & CEO David Lyman

D2 EMERGE LLC www.d2emerge.com

CHIEF OPERATING OFFICER David Rubinstein


003_SDT045.qxp_Layout 1 3/1/21 10:16 AM Page 3

Contents

VOLUME 2, ISSUE 45 • MARCH 2021

FEATURES

NEWS 4

News Watch

13

BizOps Speeds Digital Transformation

16

What’s coming in Java 16

17

With OSS, know when you’re vulnerable

Why developers love Go

18

Chaos engineering in serverless environments is more useful than you’d think

page 6

19

LinearB, Clubhouse partner for developers

COLUMNS 28

GUEST VIEW by Rob Hoehn Improve your innovation program

29

ANALYST VIEW by Arnal Dayaratna Foster development-related education

30

Build environmental sustainability into your development teams page 10

INDUSTRY WATCH by David Rubinstein An all-weather, autonomous car

BUYERS GUIDE Businesses in 2021 think high for low code

Hybrid remote dev teams perform best asynchronously

page 21

CORRECTION A feature on UI testing in web development in the February issue of SD Times appeared without a byline. It was written by staff editor Jenna Sargent.

page 14

Software Development Times (ISSN 1528-1965) is published 12 times per year by D2 Emerge LLC, 2 Roberts Lane, Newburyport, MA 01950. Periodicals postage paid at Plainview, NY, and additional offices. SD Times is a registered trademark of D2 Emerge LLC. All contents © 2021 D2 Emerge LLC. All rights reserved. The price of a one-year subscription is US$179 for subscribers in the U.S., $189 in Canada, $229 elsewhere. POSTMASTER: Send address changes to SD Times, 2 Roberts Lane, Newburyport, MA 01950. SD Times subscriber services may be reached at subscriptions@d2emerge.com.


004,5_SDT045.qxp_Layout 1 2/26/21 3:09 PM Page 4

4

SD Times

March 2021

www.sdtimes.com

NEWS WATCH WebRTC now official W3C, IETF standard Web Real-Time Communications (WebRTC) is now an official World Wide Web Consortium (W3C) and Internet Engineering Task Force (IETF) standard. WebRTC is a platform that provides real-time communication and collaboration services such as audio and video calling to browsers, mobile apps, and desktop apps. According to the organizations, this is especially important as the COVID-19 pandemic continues and businesses remain remote. “Today’s landmark achievement is timely. Faced with a global pandemic of the COVID19 coronavirus, the world has gone more and more virtual. It makes the Web even more crucial to society in information sharing, real-time communications, and entertainment,” said Jeff Jaffe, W3C CEO. “It is gratifying to see our technologies playing a key role in enabling such critical digital infrastruc-

ture. Combining the universal reach of the Web with the richness of live audio & video conversations has reshaped how the world communicates.”

from the core team, and three representing three project areas: Reliability, Quality, and Collaboration.

Rust Foundation to guide language

New Relic Explorer strengthens full-stack observability

The Rust team has announced the formation of a new nonprofit group, the Rust Foundation, that will help guide the programming language and community by supporting the maintainers of the project. According to the Rust Core Team, the creation of the Rust Foundation is a huge step of growth for the language. It shows a financial commitment from leading companies, adding additional support for the language to be viewed as production-ready technology, the team explained. The Rust Foundation’s board has five directors from founding companies (AWS, Huawei, Google, Microsoft, and Mozilla), five directors from project leadership, two

New Relic is continuing to make its full-stack observability vision a reality with the release of New Relic Explorer. The new solution comes with new visualizations and capabilities that give engineers a complete view of their entire IT estate. The company announced its plans to reimagine full-stack observability last year by providing a unified platform where engineers can visualize, analyze and troubleshoot the entire software stack as well as connect to infrastructure health, application performance and end-user behavior. The new capabilities include New Relic Lookout and New Relic Navigator. Lookout enables teams to uncover blind spots and unknown relation-

People on the move

n CloudBees has named Stephen DeWitt as its new CEO. DeWitt is a known technology executive who has most recently served on the Silicon Valley Executive Network, was chief strategy officer at Automation Anywhere and CEO of WorkMarket. DeWitt will replace former CEO Sacha Labourey, who will stay on as the company’s chief strategy officer and remain a member of the board. Labourey’s focus will be on corporate, product and partner strategy, but he will continue to work with DeWitt on the company’s vision. n Elastic has announced Ashutosh Kulkarni as its new chief product officer. Kulkarni has over 20 years of enterprise software experience, and has led product and engineering teams at McAfee, Akamai, Informatica, and Sun Microsystems. At Elastic, Kukarni will be responsible for the engineering and product management teams and vision, with a focus on improving the company’s enterprise search, observability and security solutions. n Josh McKenzie is joining the Apollo GraphQL team as vice president of engineering where he will continue to expand the company’s engineering team and enterprise solution. McKenzie has a strong background in enterprise and open-source software, and was most recently the vice president of engineering at DataStax. n Monique Picou is joining Google as vice president of product, technology strategy, and global server operations. Picou was previously a former Walmart supply chain executive and SVP, chief strategy and supply chain officer at Sam’s Club. At Google, Picou will play a key role in Google’s data center operations, growth and work transformation.

ships through estate-wide, real-time visibility into telemetry data changes and zoom in capabilities that help pinpoint correlation, abnormal history and traces.

OpenAPI Specification advances to 3.1.0 The OpenAPI Initiative has announced the release of the OpenAPI Specification 3.1.0. The OpenAPI Specification is an industry standard for describing APIs that allows developers and computers to understand what an API does without needing to access source code, documentation, or network traffic. Updates in 3.1.0 include compatibility with the latest draft of JSON Schema, a new top-level element for describing Webhooks, and support for identifying API licenses using SPDX identifier. In addition, the PathItems object is now optional, which makes it simpler to create reusable component libraries.

CTO.ai’s serverless Kubernetes solution In an effort to make it easier for developers to deploy and manage cloud-native applications, CTO.ai has announced the release of its new Serverless Kubernetes platform. According to the company, the solution enables development teams to consolidate all of their workflows on Kubernetes and deploy cloud-native apps instantly without worrying about operations. Users will have the ability to instantly build and release a containerized application on their managed Kubernetes. CTO.ai also announced that it will add the functionality to


004,5_SDT045.qxp_Layout 1 2/26/21 3:10 PM Page 5

www.sdtimes.com

Apptio acquires Targetprocess

Google recommits to Python foundation Google announced it is increasing its support for the Python Software Foundation (PSF). The company is now a Visionary Sponsor and will work to improve the language, ecosystem and community. As part of its new support, the company will donate more than $350,000 to support PSF projects and improve the supply-chain security. The investment will go towards: productionized malware detection for PyPl; improvements for Python

SD Times

ance reasons, or customize instances with specific marketplace apps, project configurations, and more,” according to Bala Venkatrao, the head of product of Enterprise Cloud.

connect its GitHub App with the organization to configure workflows that go beyond CI/CD builds.

Apptio has announced it has acquired Agile portfolio and work management solution provider Targetprocess. The acquisition is expected to build upon Apptio’s technology business management solutions and enable users to make smarter decisions about technology investments. Targetprocess enables users to plan, track and prioritize work through a portfolio of projects and products. It was recently named in the Gartner Magic Quadrant for Enterprise Agile Planning Tools and Forrester’s Value Stream Management Solutions Wave. Together, the companies hope to help organizations align portfolio, product management and software delivery teams through a common platform that manages demand and resource capacity and tracks business value through the enterprise.

March 2021

Microsoft previews Azure Quantum The newly announced solution is a full-stack, public cloud ecosystem for quantum solutions designed to give developers, researchers, systems integrators, and customers access to diverse quantum software and hardware solutions. “The transition to Public Preview of Azure Quantum is a key milestone for quantum computing and our ecosystem. This continues the momentum we saw last year, which includes selection for the National Quantum Initiative Quantum Research Centers, the addition of new Azure Quantum partners, and hardware advances in scaling control circuitry for qubits,” according to Krysta Svore, the general manager of Microsoft Quantum. tools and services; and a fulltime CPython Developer-inResidence to help prioritize maintenance and address the backlog of the CPython project, according to the company.

Indigo.Design App Builder preview The developer preview of Indigo.Design App Builder by Infragistics is now available. It is a digital design platform that streamlines app creation from design to code by enabling collaboration between designers and developers, according to the company. Creating the user interface of an application takes up to 60% of the total time spent on an application, research firm Gartner explained, and the chance for time-consuming mistakes increases as the application is being sent back and forth between the two sides. Indigo.Design aims to solve this problem with its cloudbased WYSIWYG drag and

drop tool to allow teams to build and process their UI/UX designs in real-time and offering the ability to use the tools that teams prefer.

Atlassian unveils cloud enterprise plan Atlassian announced the general availability of Cloud Enterprise, a new cloud offering that features enterprisegrade scalability, security, and governance controls for Jira Software, Confluence, and Jira Service Management. Users can activate unlimited instances so that teams can tailor instances to their needs and they can also access Atlassian cloud products on any device. “This means independent lines of business, regional teams, or acquired entities can maintain autonomy for their own product instances. Admins can also set up multiple instances to keep data pinned to different regions for compli-

Sentry’s monitoring for JavaScript Sentry announced Release Health capabilities are now available by default in its JavaScript SDK. The company’s Release Health insights is designed to provide teams with error and performance monitoring so that they can get actionable data and resolve errors and issues quickly. According to the company, this is especially important as front-end developer popularity and business significance increases. Sentry reports nearly 70% of developers are using JavaScript to create rich user experiences.

ShiftLeft Illuminate detects attacks The new solution leverages ShiftLeft technology to identify insider attacks and to offer remediation advice. “Identifying such ‘insider attacks’ goes beyond taintbased vulnerability analysis. ShiftLeft’s Illuminate helps customers insert insider attack detection in the software supply chain to establish non-repudiation of the software shipped at every stage,” said Manish Gupta, the CEO of ShiftLeft. Illuminate performs an architecture review to find the areas that are most prone to an insider attack and then creates a Code Property Graph (CPG) fingerprint of the relevant codebase. It then identifies sources, sinks, and transforms to reduce exposure. z

5


006-8_SDT045.qxp_Layout 1 2/26/21 3:23 PM Page 6

6

SD Times

March 2021

www.sdtimes.com

Why developers l ve T

he open source Go programming language, also known as Golang, has worked to simplify developer lives since it first appeared in 2009. While it may have been Google’s backing that gained developers’ attention, its efficiency, simplicity and tooling are the reason developers keep coming back, according to Nathan Youngman, author of “Get Programming with Go.” He explained that efficiency equates to fewer servers, which is good for business. Simplicity and familiarity mean it’s easy to learn. And the tooling means more uniform code, making it easier to understand. Last year, the Stack Overflow developer survey reported that Go was the fifth most loved programming language, moving up from the 10th spot the previous year. It is also the third most wanted language among developers who aren’t using it, but are interested in it. According to the language’s 2019 annual developer survey, the reason more developers don’t use it is because they are working on a project in another language, their team prefers another language, and the lack of critical fea-

BY CHRISTINA CARDOZA tures doesn’t make it suitable for their needs. However, the number of developers that prefer a different language is decreasing every year. Eighty-nine percent of respondents indicated they want to use Go for their next project, and 86% who are using it reported it is working well for their teams.

What makes Go special? The beauty of Go has more to do with its lack of features than its actual features, according to Jonathan Bodner, distinguished engineer at Capital One.

He explained it’s intentionally small and tries to be boring. “It’s not the prettiest language, or the one with the most features, but its focus on maintainability, testability, repeatable builds, and developer productivity gives it the right priorities for modern cloud development,” Bodner said. According to Steve Francia, product and strategic lead for Go at Google, Go grew out of the need for simplicity. Programming languages were starting to get more and more complex and the readability was becoming untenable. When you have hundreds of teams working on the same codebase, much like Google does, readability is crucial. “One of the big catalysts for Go was to create a language that was simple, easy to read, easy to scale up on a human basis,” said Francia. This is important because coding is a team sport, according to Thomas Limoncelli, SRE manager at Stack Overflow. “Devs spend more time reading existing code and updating it than writing new code from scratch. Code readability is undervalued in this industry. Google culture encourages engineers to change teams frequently (every 1.5-3 years). Therefore code readability is highly valued,” he said. Limoncelli explained Google’s backing also didn’t hurt the language’s rise in popularity. “As a company grows they


006-8_SDT045.qxp_Layout 1 2/26/21 3:24 PM Page 7

www.sdtimes.com

face more and more problems that Google faced years ago. It’s nice to have a trailblazer that cleared the way,” he added. Go also has an advantage over older languages because decades ago when languages like Python, Java and JavaScript were developed, no one could have imagined how the world and technology would evolve. For instance, Francia explained pretty soon Moore’s Law will be coming to an end, and we will no longer have single-core machines. Go has concurrency baked in, making it easier to program on multiple cores and multiple threads. Starting a language from scratch enabled the programming language’s team to learn and be inspired from other languages. “Making a new language allows for a reset. For example, C++ classes support multiple inheritance, whereas Java has interfaces and singleinheritance, and Go has interfaces but no inheritance,” said Youngman. “Such a reduction takes a best practice from other languages and makes it the ‘one way to do it.’ Simplifying the language in this way may benefit other aspects of the implementation, such as improving compile times.” Luck and the right timing also had a lot to do with Go’s success, according to Google’s Francia. “[Go] happened to hit the right set of features at the same time the cloud was emerging, and as a result a lot of cloud native stuff (Docker, Kubernetes, Istio) was written in Go,” he said. “That was the incubation moment where it proved this wasn’t a research language, that it had practical use and that allowed it to cross into the mainstream.” Since so many cloud development tools are written in the language, as companies move to the cloud and rethink their development stacks, they are starting to investigate the language, according to Capital One’s Bodner. The language’s concurrency support “allows people to think about concurrency as data flowing through a system, with goroutines processing data that’s passed in and

out via channels, with the data flow managed by select statements,” Bodner explained. Other key features of the language include its fast compiler, which allows developers to get rapid feedback; its standard library and compatibility guarantee; and its implicit interfaces that enable duck typing while enforcing type safety, according to Bodner.

Areas for improvement With the variety of programming languages available for developers to learn, some languages are better than others for certain things, and Go is no

March 2021

SD Times

systems, and best suited for servers and systems that are updated frequently. Youngman also noted that type parameters for generic programming “could open the floodgates for new kinds of libraries without sacrificing type safety.” Google’s Francia added that GUIbased objects are more challenging in Go, and that Go is not a scripting language, so there may be places where developers want to script and Go isn’t the best fit. “The best part about Go is what it leaves out. It doesn’t try to be the endall, be-all, language for every situation. It

The best part about Go is what it leaves out. It doesn’t try to be the end-all, be-all, language for every situation. — Nathan Youngman

exception. Capital One’s Bodner explained better immutability in Go would make it easier to understand how data flows through a program. “There are techniques that you can use in Go programs to mitigate this, but it’d be nice if there was a way to tag a value as immutable and have the compiler validate this,” he said. Stack Overflow’s Limoncelli explained that while Go is very good at error handling, it can be verbose. “It would be nice to have a more concise syntax for dealing with errors,” he said. In addition, Go is aggressive about dropping support for older operating

tries to be very good at one thing (server and back-end code). People often complain that it is missing a feature (Generics, functional operations, etc.) but keeping the language small is good. Look at Java, which is now so large that no one person could possibly understand it all or use it properly,” said Youngman.

Where is Go going? Some of the top requests users have asked for over the last couple of years include better dependency management and generics. According to Google’s Francia, the introduction of modules two years ago changed the Go developer tooling landscape, and made it easier to manage dependencies. The first production-ready implementations of the Go modules were released last year with Go 1.14, and the team now encourages users to migrate to Go modules for dependency management. Generics would allow developers to write more reusable code than the language continued on page 8 >

7


006-8_SDT045.qxp_Layout 1 2/26/21 3:24 PM Page 8

8

SD Times

March 2021

www.sdtimes.com

< continued from page 7

allowed previously. This is something Francia said the company has been trying to get right for over a decade, and now they believe they finally have a plan to allow generics that don’t introduce complexity and give users more features. “Generics can give us powerful building blocks that let us share code and build programs more easily. Generic programming means writing functions and data structures where some types are left to be specified later. For example, you can write a function that operates on a slice of some arbitrary data type, where the actual data type is only specified when the function is called. Or, you can define a data structure that stores values of any type, where the actual type to be stored is specified when you create an instance of the data structure,” Ian Lance Taylor, Go programming team member, wrote in a post. In the beginning of the year, the team filed a change proposal to support type parameters for types and functions, which would permit a form of generic programming. The proposal was officially accepted in February and moved to a work milestone. According to Francia, implementing this feature will be a main focus for the rest of the year, as well as better security and performance — which is something the team works on in every release. “The proposed implementation follows the Go philosophy. It’s just enough generics to solve developer pain points, but leaves out features that are interesting but would unnecessarily complicate the language,” said Capital One’s Bodner. Other areas of improvement the team will be working on this year include helping users make better choices. For instance, the team provides insights to users into ecosystem packages and what packages may fit users’ needs best, as well as making users’ IDE experience better. The team is also working on more ARM support. The upcoming release of Go 1.16 is expected to include a new file system interface and build-time file embedding as well as support for the new Apple Silicon Macs.

Go in action Go is currently being used by a wide range of different companies and industries — from Google, Microsoft, and Facebook to American Express, Capital One, Target and Netflix, these companies are using Go to power their software and services. Google, which designed Go, is using the language in its core data solutions, Chrome content optimization service, and within the Firebase Hosting team. Microsoft has been using Go to power aspects of its cloud infrastructure such as the Azure Container Service, and has been working to help developers build apps for Azure with Go with the Azure SDK for Go. “One of the advantages of using Go with Azure, I think, is the speed at which you can develop—the speed at which Go executes," according to Brian Ketelsen, cloud advocate at Microsoft. "It’s a really fast language. And that awesome ability to create a single static binary: you don’t have the craziness of worrying about dependencies when you build your applications with Go.” Financial companies like American Express and Capital One use Go in their microservices to improve speed and productivity, and serverless initiatives. Facebook recently decided to write a new ORM in Go with the ability to define any data model or graph structure easily. Lastly, Netflix is using Go for application data caching because it needed something with lower latency than Java, but more developer productivity for developers. Meanwhile, Target recommends Go for its simplified syntax, mature and wellbuilt libraries and external community. “When we first released Go to the public in November 2009, we didn’t know if the language would be widely adopted or if it might influence future languages," Rob Pike, one of the creators of Go, wrote on its website. "Looking back from 2020, Go has succeeded in both ways: it is widely used both inside and outside Google, and its approaches to network concurrency and software engineering have had a noticeable effect on other languages and their tools. “Go has turned out to have a much broader reach than we had ever expected. Its growth in the industry has been phenomenal, and it has powered many projects at Google.” z

Lasty, the team has been working on what it calls “Go 2,” an ongoing effort to improve the language through incremental releases and proposal implementations. “A major difference between Go 1 and Go 2 is who is going to influence the design and how decisions are made,” wrote Robert Griesemer, one the language’s main developers, in a blog post. “Go 1 was a small team effort with modest outside influence; Go 2 will be much more communitydriven. After almost 10 years of exposure, we have learned a lot about the

language and libraries that we didn’t know in the beginning, and that was only possible through feedback from the Go community.” Current proposals for Go 2 include adding a match statement, removing init functions, type parameter declaration and instantiation segregation, function values as iterators, and allowing type-parameterized methods. “Go is far more than just us on the Go team at Google. We are indebted to the contributors who work with us with the Go releases and tools,” Go team member Russ Cox wrote in a post. z


Collaborative Modeling

Keeping People Connected ®

®

®

®

®

Application Lifecycle Management | Jazz | Jira | Confluence | Team Foundation Server | Wrike | ServiceNow ®

Autodesk | Bugzilla

sparxsystems.com

SDTimes-PCS-Nov-2020.indd 1

TM

®

®

®

| Salesforce | SharePoint | Polarion | Dropbox

TM

®

| *Other Enterprise Architect Models

Modeling and Design Tools for Changing Worlds

17/11/20 12:55 pm


010-12_SDT045.qxp_Layout 1 2/26/21 3:25 PM Page 10

10

SD Times

March 2021

www.sdtimes.com

Build environmental sustainability into your development teams BY JENNA SARGENT

O

ver the past several years, it’s become not just a cool thing for companies to appear to care about the environment, but a must to show customers what they’re actually doing about it. “Green pledges” have become the norm for a number of companies in order to publicly set sustainability goals and prove to customers that “Yes, we do care, and here’s what we’re going to do.” For example, Amazon’s Climate Pledge promises the company will be net zero carbon by 2040, which is 10 years prior to the goal of the Paris Agreement. Last year, Microsoft pledged to be carbon negative — actually removing the carbon it emits from the environment — by 2030 and to completely remove all carbon the company has emitted since its founding in 1975 by 2050. In December 2020, Disney set new environmental goals for 2030, focusing on five areas: greenhouse gas emissions, water, waste, materials, and sustainable design. The list of companies making similar pledges goes on and on. While often when you think of what contributes the most to climate change, you might think of electronics that require mining rare minerals, one-time use products that end up in landfills, fossil fuels burned by various modes of transportation, or what we eat, but the internet — while not a physical product — is actually a huge contributor to greenhouse gas emissions.

In fact, according to a report from The Shift Project, digital technologies contributed to 3.8% of global emissions in 2018. To put this in perspective, the Sustainable Web Manifesto notes that “if the Internet was a country, it would be the 7th largest polluter.” “An internet application is the silent killer when it comes to carbon emissions and things like that. A developer, when they’re writing a line of code, or adding an image or a thirdparty tag to a page, the last thing on their mind is the impact that’s going to have on energy efficiency,” said Michael Gooding, manager of solutions engineering at EMEA Akamai Technologies, a CDN company that has been investing in reducing its carbon footprint and that of its customers. In addition to reducing greenhouse gas emissions, there are a number of benefits that building more sustainable applications will provide. According to Chris Adams, cofounder of sustainability consultancy Greening Digital and director at the Green Web Foundation, the decisions that make an organization’s digital technologies greener also tend to save the company money. “If you’re burning needless compute as a developer, not only are you burning loads of cash, but the internet is basically the world’s biggest machine and still runs mostly on fossil fuels, so it also means you’re burning a lot of fossil fuels,” said Adams.


010-12_SDT045.qxp_Layout 1 2/26/21 3:25 PM Page 11

www.sdtimes.com

March 2021

SD Times

The 8 Principles of Sustainable Software Engineering

1. 2.

Carbon: Companies should build applications that emit as little carbon as possible.

Electricity: Because most electricity is produced by burning fossil fuels, companies should build applications that are energy efficient.

3.

Carbon Intensity: Applications should be consuming the lowest amount of carbon intensity, which is a measure of how much carbon emissions are produced per kWh of electricity that is consumed. For example, wind, solar, and hydroelectric emit no carbon, while fossil fuel sources emit some amount of carbon to produce electricity.

4.

Embodied Carbon: When possible, build applications that can run on older hardware, because hardware releases carbon both when it is created and destroyed, so elongating the lifespan of a device helps to reduce carbon emissions.

In addition to saving money, going green can also help your company attract top talent. “You can talk about climate in terms of retaining your best people or making it easier to attract people to a company, especially if you’re looking to hire a younger set of people, or actually once people have kids they tend to suddenly become much more interested in climate,” said Adams. At a high level, efficiencies can be made in both software and hardware. According to Mike Mattera, director of corporate sustainability at Akamai Technologies, on the software side, there are efficiencies that can be built into code, such as optimizing images and being conscious of third-party libraries being added to an application. On the hardware side, improvements can be made such as running servers at hotter temperatures or using renewable energy. There are a number of resources out there that teams can use as a starting place and to look at for best practices. One popular resource is the Principles of Sustainable Software Engineering (Principles.green), which is a set of eight practices that can be used to “define, build, and run sustainable software applications.” According to Adams, the Principles of Sustainable Software Engineering started when he was speaking with Asim Hussain, Green Cloud Advocacy Lead at Microsoft, who wanted to put together something like a 12 Factor App Methodology for suscontinued on page 12 >

5.

Energy Proportionality: Servers should be utilized as efficiently as possible. Servers aren’t configured for power-saving, and often are left in idle mode during low demand periods. To combat this, run work on as few servers as possible.

6.

Networking: Companies should try to reduce the amount of data they produce and store, and reduce the distance that data needs to travel across the network.

7.

Demand shaping: Rather than shaping supply to meet demand, consider shaping demand to match the supply. For example, video conferencing software often reduces the video quality to prioritize audio quality, rather than streaming at the highest quality possible the whole time.

8.

Measurement and Optimization: Companies should focus on end-to-end optimizations on carbon efficiency across the entire organization. According to the Principle.green site, the most impactful optimizations will come from those who understand the carbon footprint of the entire stack, from the front end to the data center.

11


010-12_SDT045.qxp_Layout 1 2/26/21 3:25 PM Page 12

12

SD Times

March 2021

www.sdtimes.com

< continued from page 11

tainable software. “I thought yeah that’s a really good idea because in many cases there’s been a number of pieces and manifestos and things that have been put into the world previous, but in many cases it’s not always obvious how to go from something like signing a manifesto saying ‘yeah, I think we should care about humans as well as computers and the climate’ to then how does that translate into something meaningful?” According to Adams, in addition to the Principles of Sustainable Software Engineering, there are a number of other resources for developers, such as the Sustainable Web Design Manifesto, which is a pledge of commitment to adhere to certain practices, and the ClimateAction.tech community, which Adams helped create. “We organized this as a community who are trying to green the way that we work as technology professionals, because we are in a relatively high leverage situation. It’s also kind of part of being a responsible professional in 2020 to have a stance and be thinking about this stuff, because we all need to be thinking about this and getting to net zero,” said Adams.

Another helpful resource is Energy Patterns, which is a catalogue of 22 items developed by Luís Cruz and Rui Abreu that developers can use to improve mobile app efficiency. “The idea of having such a catalogue started because we realized that it’s really hard to build energy-efficient mobile applications,” said Cruz, one of the authors of Energy Patterns and assistant professor at Delft University of Technology (TU Delft). Thus, Energy Patterns was started as a method of collecting knowledge from experts in the area and compiling it in a form that anyone — from beginners to seniors — could ingest it. According to Cruz, some of the Energy Patterns are pretty basic, such as dark UI colors. It has become popular for apps to offer a dark mode option, but dark interfaces also require less energy, Cruz said. Other patterns in the catalogue are not even related to coding, but the way an app is designed. For example, informing users that clicking a certain button or using a feature might be energy intensive and letting the user decide how they want to use the app. “Sometimes it’s not only about fancy coding practices, it’s about thinking

If the Internet was a country, it would be the 7th largest polluter. — Sustainable Web Manifesto

about the product,” said Cruz. Cruz noted that a lot of the Energy Patterns are things that are still pretty straightforward, but that developers tend to be unaware of. “That’s why we think this is important to integrate energy efficiency in the education foundation of computer scientists and of any software engineer, any developer,” said Cruz. Though adopting new practices or processes in development can often require a lot of change, Cruz doesn’t

believe that’s necessarily the case here. He recommends developers consider meeting energy efficiency requirements the same way they would code quality in terms of readability or maintainability. The main challenge tends to be an organizational one of getting developers and leaders aligned. “Sometimes even if you’re a developer that cares about sustainability and likes to build energy efficient code it won’t be something valued at the organization,” Cruz said. However, he also noted that if all developers are sustainability advocates, the product they release will tend to be sustainable. This is why he advocates teaching sustainability in computer science programs and making changes through education. “I think through education, this is the best way of changing anything in our society. And the software engineering world, the tech industry, is no different on that,” Cruz said. Mattera also emphasized the important role developers play in this. “Having the engineers be able to make improvements, especially on the efficiency side is really the key to a successful program. If you don’t have the education and you don’t have those skill sets working on this, it’s definitely something that’s going to be really difficult to get off the ground, especially if you’re trying to work on server sprawl, or that kind of thing,” he said. Adams added that another way to ensure success at adopting sustainable principles is to actually publicly state in your team that this is something to work on. “The key thing is literally just defending people’s time so that they can look into this stuff, but making it clear to the team that yes we give you permission to give a shit about the environment. It sounds really dumb, but the thing is that in many cases if you don’t feel empowered to do this, it’s always going to take second field. I think one of the most important things you could do as a team is to say we recognize that the science dictates that we need to take some action and we’re going to show that we’re looking into this and we’ll speak to other groups and we’ll see what’s going on here,” said Adams. z


013_SDT045.qxp_Layout 1 2/26/21 10:04 AM Page 13

www.sdtimes.com

March 2021

SD Times

INDUSTRY SPOTLIGHT

BizOps Speeds Digital Transformation T

oday’s businesses need to be more agile and digital than they’ve ever been before to adapt quickly to rapidly changing market conditions. Organizational leaders want to maximize business outcomes, so IT must help accelerate time to value and reduce operational risks. To achieve these goals, organizations must push beyond IT-centric forms of Ops and embrace BizOps (www.bizops.com). “Our customers are going through major transformation initiatives with the goal of maximizing business effectiveness and IT efficiency,” said Jean-Louis Vignaud, head of ValueOps at Broadcom. “To do that, they are embracing digital product management, value stream management, shift-left testing and AIOps and observability.” According to Gartner, more than 75% of digital business leaders will have pivoted from product to portfolio management by 2024. By 2023, 70% of organizations will use value stream management to improve flow in the DevOps pipeline. By 2023, DevOps initiatives will require 75% of enterprises to implement continuous quality practices using frameworks and open-source tools. Thirty percent of large enterprises will be using AI for IT operations platforms and digital experience monitoring (DEM). Broadcom offers solutions for each of these areas, including Clarity for digital product management, Rally for Agile management and value stream management, BlazeCT for shift left testing and DX Operational Intelligence for AIOps. Collectively, the products enable a BizOps approach that synthesizes data and provides insights based on those solutions. “Larger organizations want to become nimble like the digital disrupters. To do that, they must be able to leverage data they haven’t used traditionally,” said VigContent provided by SD Times and

approach which is necessary to understand data relationships. Data intelligence normalizes the data so correlations can be identified and fed into a recommendation engine. Organizations are able to understand, trace and monitor the business impact of DevOps and other forms of IT. Conversely, DevOps can understand the business purpose and value of what the team is producing. “There can be multiple dependencies on the engineering side that are shared among multiple initiatives. I want to understand the set of business objectives that is most common to the development work we’re doing ‘Larger organizations want to so we can deliver the highest become nimble like the digital amount of business value,” said disrupters. To do that, they must Vignaud. “I also want to underbe able to leverage data.‘ stand how Dev and Ops are work— Jean-Louis Vignaud, Broadcom ing together and how to optimize my testing or quality strategy.” customer’s total brand experience isn’t as modern and digital as it should be. To Transform Data into Insights avoid such outcomes, the business, soft- Value stream management fuses busiware development and operations must ness and IT, enabling cooperative planshare the same goals and be able to ning, management and tracking of busiorchestrate the flow of value delivery ness objectives, investments and from company values and ideas to cus- resources as well as real-time insights into whether an organization is achieving tomer experiences. its desired KPIs and outcomes. Finally, businesses can ensure they’re driving the Turn Chaos into Clarity Enterprises are drowning in data but greatest amount of business value and they can’t access all the data they need to customer value by enabling IT to focus provide a consistent view at different lev- on the highest priority initiatives. “DevOps accelerates innovation and els of aggregation, such as what’s happening at the business level versus what’s improves software quality. AIOps enables proactive remediation so IT happening in DevOps, for example. “People tend to think that having teams can deliver superior digital expemore data necessarily translates to more riences at scale. But even if you get insights. However, the opposite may be those two things right, you still have to true,” said Vignaud. “Teams need a data tie everything together,” said Vignaud. intelligence platform that’s capable of “Our customers want to maximize busicorrelating different types of data from ness outcomes, which requires optimizacross the enterprise including struc- ing investments and value delivery. tured, unstructured, time-series, event, With Broadcom, you can achieve greater levels of efficiency at both techstreaming and historical data.” Broadcom uses a graph-based nical and business levels.” z naud. “Unfortunately, business and IT teams are working in silos and are missing the point of view of the others. You need to be able to connect those views to see the bigger picture.” With Broadcom, companies can understand how well their IT implementations are advancing business goals. For example, IT may implement a customer support chatbot to reduce call center costs but it has a negative effect on customer experience. Or, a company may have launched a new product hoping to attract a younger audience but the

13


014,15_SDT045.qxp_Layout 1 2/26/21 3:02 PM Page 14

14

SD Times

March 2021

www.sdtimes.com

Hybrid Remote Dev Teams Perform Best Asynchronously BY DAN LINES

A

fter 20 years and a global pandemic, we learned that ‘hybrid remote’ is exactly how software development teams were always meant to work. That is, teams working collaboratively across different locations, time zones, etc. and completing individual tasks asynchronously that are dependent upon one another. Ever since the Agile Manifesto was published in 2001, software development has gone through some drastic changes. Most recent examples include the adoption of asynchronous communication tools (e.g. Slack & Teams), which created a new default communication style for businesses. The pandemic also forced work from home policies to change abruptly and the need to hire remote developers and connect remote teams increased dramatically. Many developers and dev team leaders invited the idea of working remotely because it meant less interruptions and more time to focus on tasks at hand, right? Not so fast... Just because individual productivity can go up doesn’t mean dev team efficiency follows in step. In fact, when the entire global dev community went remote at the same time, did businesses go through the exercise of redefining the ways of working remotely? If not, there’s a good chance the “in the office” mindset crept back in at some point and interruptions remained. Zoom meetings, impromptu daily status updates and plenty of other distractions keep dev teams shackled away from their deep state of focus. The past Dan is COO of LinearB and is currently responsible for customer success. Before LinearB Dan was a dev team lead, and VP of Engineering.

year put a spotlight on the need to transform the hybrid remote reality into an opportunity and strengthen the alignment between dev teams and the business. Hybrid remote development is not new, but 2020 accelerated the adoption of many of the practices already in place. As these hybrid remote methods are normalized globally, we also have to accept the way we work, the processes, and the ceremonies have changed as well. This is how Asynchronous Development (Async Dev) was born.

What is Async Dev? Async Dev builds on the foundation that Agile and DevOps put into place. It is an approach to software development grounded in asynchronous communication. It works for hybrid remote, full remote and any dev teams aiming to unlock the full creative power of their developers. In order to unleash this power, Async Dev presents five guiding tenets:

1.

Asynchronous is the default form of communication: Asynchronous communication means using collaboration tools and mentions by default. It helps reduce context switching, avoid unnecessary interruptions,

and increases productivity. With asynchronous communication, it is vital to analyze your dev team’s metrics to understand exactly how this change affects the productivity and efficiency of the team itself. For example, if more code is being written as devs work from home, but pull requests and cycle times are increasing, you need to find out why. Tip: Examine the function of the daily stand-up and figure out how to best use that time to suit your team. As a hybrid remote dev team, create a way to get a shared view of up-to-the-minute updates on issue statuses but use standup time to connect on a personal level, and talk about blockers.

2.

Git is the central element of your development process: Whether you use GitHub, GitLab, Bitbucket, Azure DevOps or another flavor of git, most of the stages of the dev cycle either start or involve your Git system. The choices made to configure, deploy and utilize it has a great impact on your dev process.


014,15_SDT045.qxp_Layout 1 2/26/21 3:07 PM Page 15

www.sdtimes.com

March 2021

SD Times

Most importantly, just measure! Dev teams are the core of the business: The best companies in the world today evolved from developers that were highly aligned with business and market needs. Dev-led companies empower developers to make the best decisions on behalf of customers and the business by enabling context instead of giving instructions. Developers and the business should never be disjointed and sometimes the most important business decisions are hiding in the lines of code. A focus on pushing context to dev teams provides a way for them to create transparency into decision making so everyone can participate in a refinement cycle. This is probably the hardest part of making Async Dev a reality because, as dev leaders, it is the element of least control and requires buyin from throughout the business. Tip: Make every developer a decision maker. Create and nurture shared insight into development data in order to make business decisions transparent and daily collaboration across functions routine.

5.

In addition, the most up to date status of work progress resides in the git system. Since Git was built on the principles of open source, most phases (coding, review, merge) do not require mandatory synchronous communication and can be executed in different places and different times. Tip: Master your configuration and choose your policies with hybrid remote dev teams in mind. Remember, the best data sets for understanding progress or where we are as a team working on a project are extracted from Git.

3.

Use Project Management tools for planning, not status updates: Whether your team uses Jira, Trello or something else, project management tools are great for planning an iteration. Trying to use them to enrich dozens of micro decisions that dev teams are taking every day only slows down productivity. Every work status update while in ‘building mode’ should be considered with dev first in mind. Make every update automatically reflect the status based on actual git activity and allow it to serve the people that build and ship the software. Tip: Project management tools

should not be used for software delivery predictability. The minute you switch from the planning stage to the building stage, you should use a different tool or approach.

4.

Continuous improvement is a daily practice: Data should always be accessible to everyone on the team, not just data engineers. This information should also not just be reviewed in meetings by management or held by gatekeepers. Your culture is defined by the KPIs you set and how you decide to utilize them. The key principles for data usage for Async Dev are: • Team-based data over individual developer stack ranking • Measure process instead of output • Measure empirical data over subjective data • Focus on leading indicators vs. lagging indicators • Establish baseline data points and trends • Make sure it’s actionable Tip: Data should be used ethically and cannot replace good managers with good soft skills and human interactions. You can’t optimize what you can’t see so leverage the principles above to frame how to measure and what to measure.

Hybrid remote can be a business advantage for companies embracing it, but only if we adapt our culture and process to align and make it a reality. Big changes took place last year and now is the best time to go through the exercise of redefining how you work. After my co-founder, Ori Keren, and I decided to start a full-time remote work policy for LinearB in March 2020, we did just that and created Asynchronous Development. We view it as a dev methodology designed around asynchronous communication and purpose-built for hybrid remote teams. It's our favorite parts of Agile, a little bit of Scrum and incorporates a lot of what Ori and I have learned over the years as engineering leaders. Async Dev creates a mindset for where we think the future of software development teamwork is headed. z

15


016_SDT045.qxp_Layout 1 2/26/21 10:05 AM Page 16

16

SD Times

March 2021

www.sdtimes.com

What’s coming in Java 16 BY JENNA SARGENT

Java 16 is scheduled to be released on March 16. Here is a look at what changes you can expect in the release. Foojay announces initial companies for advisory board

Linux distributions that use musl as their primary C library.

Foojay.io is a community site for Java and OpenJDK developers. Azul, Datadog, DataStax, JFrog, Payara, and Snyk are the initial companies that will be a part of the advisory board. According to Foojay, the board will guide the direction, content, and oversight of the Foojay.io site. It will also work toward growing the community and continuing to meet Foojay’s mission of providing free information to Java developers. “Foojay is an example of the strength and longevity of the Java community that is greater than any single company,” said Stephen Chin, vice president of developer relations at JFrog. “It is composed of active, passionate, and caring individuals who want to share their expertise and help mentor the next generation of developers. We’re excited to be part of the conversation and help the community leverage modern CI/CD and cloud-native technologies for our beloved Java.”

JEP 387: Elastic Metaspace

JEP 338: Vector API (Incubator) This Java Enhancement Proposal (JEP) will provide an initial iteration of an incubator module that can express vector calculations that are compiled at runtime. This module will be clear and concise, platform agnostic, have reliable runtime compilation and performance on x64 and AArch64 architectures, and offer graceful degradation when a vector computation cannot be fully expressed, the OpenJDK team explained.

JEP 347: Enable C++14 Language Features The goal of this addition is to support C++14 language features and give specific guidance on which features can be used in HotSpot code.

JEP 357: Migrate from Mercurial to Git This JEP relates to the goal of migrating the OpenJDK Community’s source code repositories from Mercurial to Git.

According to OpenJDK, Metaspace has been notorious for using a lot of off-heap memory, so the goal of this feature is to return unused HotSpot class-metadata to the operating system, reduce metaspace footprint, and simplify metaspace code to reduce maintenance costs.

JEP 388: Windows/AArch64 Port The JDK will complete its port to Windows/AArch64.

JEP 389: Foreign Linker API (Incubator) Java will introduce an API that offers “statically-typed, pureJava access to native code.” In combination with the ForeignMemory API, this will simplify the process of binding to a native library, which is an error-prone process.

JEP 390: Warnings for Value-Based Classes This feature will designate primitive wrapper classes as value-based. It will also deprecate their constructors for removal, which will launch new deprecation warnings.

JEP 392: Packaging Tool The new jpackage tool can be used to package Java applications.

JEP 393: Foreign-Memory Access API (Third Incubator) This API enables applications to safely access foreign memory that is outside the Java heap. It was created because many Java applications access foreign memory, but the Java API doesn’t have an efficient or safe way of accessing foreign memory.

JEP 394: Pattern Matching for instanceof The goal of this feature is to enhance the pattern matching capability on the instanceof operator. According to the OpenJDK team, pattern matching allows common logic to be expressed concisely and safely.

JEP 395: Records JEP 369: Migrate to GitHub Similar to JEP 357, this relates to the goal of hosting the OpenJDK Community’s Git repositories on GitHub. All single-repository OpenJDK projects, including JDK feature releases and JDK update releases for versions 11 and later, will be migrated.

JEP 376: ZGC: Concurrent Thread-Stack Processing This will remove thread-stack processing from ZGC safepoints; make stack processing lazy, cooperative, concurrent, and incremental; remove per-thread root processing from ZGC safepoints, and provide a mechanism for HotSpot subsystems to lazily process stacks, according to OpenJDK.

JEP 380: Unix-Domain Socket Channels Unix-domain sockets are used for inter-process communication, and are similar to TCP/IP sockets, except they are addressed by filesystem path names instead of IP addresses and port numbers. It is intended for Java to support all Unix-domain socket features common across major Unix platforms and Windows.

JEP 386: Alpine Linux Port The goal of this JEP is to port the JDK to Alpine Linux and other

Records are classes that can act as “transparent carriers for immutable data,” the OpenJDK team explained. They can be helpful with modeling data aggregates.

JEP 396: Strongly Encapsulate JDK Internals by Default According to the team, this change will encapsulate internal elements by default, except for critical internal APIs like sun.misc.Unsafe. The motivation behind this strong encapsulation is that developers of libraries, frameworks, and tools often use internal elements in ways that compromise security and maintainability. Strong encapsulation ensures that code outside of a module can only access public and protected elements of a package, and that protected elements can only be accessed from subclasses of their defining classes.

JEP 397: Sealed Classes (Second Preview) Sealed classes restrict which other classes extend or implement them. They will allow the author of a class to control what code can be used to implement it, provide a more declarative way of restricting access, and support future directions in pattern matching. z


017_SDT045.qxp_Layout 1 2/26/21 3:01 PM Page 17

www.sdtimes.com

March 2021

SD Times

INDUSTRY SPOTLIGHT

With OSS, know when you’re vulnerable I

nstead of building all software “from scratch” today, developers use open source to their advantage when needing to provide common or repetitive elements. Doing so primarily limits the use of the homegrown code they develop for proprietary features and functionality, while also being the adhesive that binds everything together. Consequently, developers spend much of their time on key differentiators, rather than recreating common features. The measurable benefits of open source have aided the rapid evolution of application development and curtailed development cycles. However, as with any new advancement in technology, there can be risks associated with open source that organizations must identify, prioritize, and address. There is little doubt that open-source vulnerabilities can leave sensitive data exposed to a breach; however, complex license requirements can also jeopardize intellectual property, and outdated libraries can place unnecessary support and maintenance burdens on development teams. In the context of risk, license risk can be clearly addressed in most cases, but can vary depending on how an application is deployed — as an internal application, an external-facing application, or a commercial application. Organizational risk (e.g., technical debt) can also be addressed by avoiding outdated opensource projects that may no longer be adequately supported by the community. However, quantifying security risk is not as easy as it sounds. Therefore, the key to open-source security is to know when you are vulnerable and what exactly the root cause is.

Are we vulnerable? Most SCA (Software Composition Analysis) tools are designed to detect third-party libraries and versions in use and inform developers of known vulnerabilities. However, it’s important to Content provided by SD Times and

acknowledge the fact that not all libraries in a project may apply, since some may not be utilized within an application itself. Just because a part of a library is notably vulnerable, does not necessarily mean the vulnerable part is actually in use. In other words, the real key to measuring security risk is to determine the exploitability of a vulnerability within the application itself.

A popular method used to determine exploitability is through the Common Vulnerability Scoring System (CVSS), which is a score given to a vulnerability — based on the impact, how easy it is to exploit, etc. Every vulnerability that has been made public has this score. However, this methodology is too simplistic because exploitability is the most important characteristic to truly measure risk. For example, developers today can use an entire library for a single API method out of dozens of APIs. Also, libraries they use have their own thirdparty libraries, with only a partial use of available APIs. This means that if a vulnerability is in one of the dependencies, the probability of exploiting it can often be below 5%. This can often pose serious implications. The reason why is due to the way organizations currently prioritize vulnerabilities. Instead of fixing truly exploitable vulnerabilities first, developers may be addressing issues that can be completely irrelevant by not posing a viable threat. Most believe that a critical vulnerability should be a top priority, but if the vulnerable code can’t be reached in the application flow, there’s no need to prioritize that vulnerability, since it’s not

actually exploitable in almost all cases. Remedying security vulnerabilities can be a time consuming task, which directly opposes developers’ ongoing efforts of developing new and improved features and services. Managing security vulnerabilities of third-party packages should not be a one-time thing, but rather an on-going process, so it’s important for an SCA tool to be fully capable of prioritizing security risks. This way, developers know what the most critical vulnerabilities are to address and what alleged vulnerabilities can be disregarded. In many cases, the true number of vulnerabilities are in fact much lower than assumed, and that’s good news for developers. Fewer vulnerabilities mean far less effort to remediate them.

Understanding exploitable path Although prioritizing vulnerabilities in open-source dependencies is challenging, developers and security teams must first understand what it means for a vulnerability to be exploitable. For example, a vulnerable method in a library needs to be called directly or indirectly from a user’s code and/or an attacker needs a carefully crafted input to reach the method to trigger the vulnerability. The real key to understanding exploitability is to create an abstraction layer to statically detect vulnerabilities that are exploitable by understanding the exploitable path. Developers and security teams need the ability to determine if they are really at risk from an open-source vulnerability based upon how that code is used in their application. To solve this issue, organizations need a method to break down the code of every major language into an Abstract Syntax Tree (AST), which can provide much of the needed abstraction. Imports, call graphs, method definitions and invocations can all become a tree. To learn more, read this blog at https://www.checkmarx.com/blog/exploit able-path-how-to-solve-a-static-analysisnightmare/. z

17


018_SDT045.qxp_Layout 1 2/26/21 4:57 PM Page 18

18

SD Times

March 2021

www.sdtimes.com

Chaos engineering in serverless environments is more useful than you’d think BY JENNA SARGENT

Chaos engineering has been gaining a lot of traction over the last few years as it moved from its origins at Netflix to more and more companies across the industry. Many development teams use it to prevent downtime by trying to break their systems on purpose so that they can improve those systems before they cause problems down the line. Given the resilient nature of serverless computing, based on agreements of uptime and availability by the cloud providers, it might seem that chaos engineering is one method of testing that wouldn’t be practical in serverless. But Emrah Samdan, vice president of product for Thundra, believes that serverless computing and chaos engineering actually go really well together. Because the cloud vendor guarantees availability and scalability, when doing chaos engineering in serverless environments, the goal is not necessarily to bring down the system, but to find application-level failures, such as those caused by lack of memory or time. “The purpose of chaos experiments is not to take the whole software down but to learn from failures by injecting small, controllable failures,” Samdan said. Some of the most common examples of chaos engineering in serverless that

Samdan sees are injecting latency into serverless functions to check that timeouts work properly, and injecting failures into third-party connections. Samdan noted that the step of chaos engineering of defining the status state is an important first step, but one that is often overlooked. “People just want to break things, but the first step is actually to understand how they actually work, what are the ups and downs of the system, what are the limits, how resilient is your system already,” he said. He believes that determining this baseline is even more important in serverless environments. This is because what is considered normal for serverless can be very different from what is considered normal in other systems. For example, in serverless, both latency and the number of executions are very important, which isn’t as true in other systems. Because of this, it is important that an engineering team has proper observability in place. “Chaos engineering experiments are all about asking questions to understand what actually happened during the experiment. You cannot achieve this by keeping an eye on metric charts, as they are designed to answer known questions. In order to ask questions about the unknowns of the distributed system, you need to have all three pillars

of observability — logs, metrics, and traces — together and integrated. I see the adoption of correct observability still continues and we see more and more companies using modern tools for this purpose. I frankly believe that we'll see more and more companies stepping into chaos engineering as modern observability becomes more widespread,” Samdan said. For those looking to get started with doing chaos experiments in serverless environments, Samdan recommends starting small and starting in the staging environment. Rather than throttling all serverless functions, he advises throttling or injecting latency into one or two downstream services. “It's not only about testing failures on your system, it's also about testing how your team will react to these failures. So starting small is actually very encouraging to persevere for more comprehensive experiments,” Samdan said. Like adopting any new methodology, changing culture is the biggest challenge. Chaos engineering needs to be initiated and sponsored by higher-level folks in the company, Samdan believes. “Teams should be able to work in harmony by planning, running and evaluating the game days. We should always keep in my mind that chaos experiments are not for criticizing colleagues for the weaknesses in their modules. It's more about fixing those weaknesses before customers get impacted and letting those colleagues grow as a result of the experiments,” said Samdan. Samdan also advised developers to remember that chaos engineering isn’t a silver bullet for finding each and every failure. It works best when used to complement other testing methodologies like unit tests and integration tests. “However, chaos engineering taps into a very different point than other tests. It tests the resiliency of other parts of your system when one part is having some problems due to latency or any type of failures. Considering the distributed systems that the serverless paradigm implies, running chaos experiments become a no-brainer to reveal the hidden traps before customers reveal them on production,” he said. z


019_SDT045.qxp_Layout 1 2/26/21 3:00 PM Page 19

www.sdtimes.com

March 2021

SD Times

DEVOPS WATCH

LinearB, Clubhouse partner for developers Companies combining project management with delivery intelligence BY DAVID RUBINSTEIN

Project management solution startups LinearB and Clubhouse are partnering to provide software development teams insights into their efforts so they can continue to improve project delivery, the companies announced last month. The technical integration of the company’s offerings “will offer dev teams detailed project visibility and team-based metrics The Clubhouse project management solution. by correlating data across projects, code, Git activity and releases,” that information is automatically providthe companies said in their announce- ed in the tool’s dashboard. Instead, those teams can talk about the problems ment of the partnership. In a December interview with SD they’re having advancing the project Times, Dan Lines, COO at LinearB, toward its goals. “Commits, branches, explained that project management his- and pull requests all have visibility” with torically had a top-down mindset that LinearB, he said. Meanwhile, Clubhouse also emphagave metrics to executives, but didn’t help developers. The LinearB solution, sizes developers in its collaborative Lines told SD Times, “can see where a project management solution, which pull request stalled and send a Slack aims to overtake Atlassian’s Jira by promessage to get someone to review it,” viding a project management tool that among other developer-focused features. “complements and enhances [developHe went on to explain that the features in ers’] existing workflows,” the company LinearB are tied into ceremonies such as said in the partnership announcement. In a March 2019 interview with SD a daily standup and retrospectives. With LinearB, development teams don’t have Times, Clubhouse founder Kurt to give status updates at the standups; Schradere said, “I think we’ll see a move-

In other DevOps News n Cloud-native DevOps automation platform Codefresh announced it has won the 2021 DEVIES Award for DevOps Innovation. The DEVIES recognize excellence in developer tools, products and technology. Codefresh’s Runner solution is a cloud-native solution that enables DevOps teams to run pipelines, deployments and versioning on their own Kubernetes clusters. n Palo Alto Networks announced plans to acquire DevOps security company Bridgecrew. The acquisition will advance

“shift-left” security by allowing Palo Alto Networks’ Prisma Cloud to deliver security across the full application lifecycle. Bridgecrew offers an infrastructure as code (IaC) security platform that provides developers and DevOps teams a systematic way to enforce infrastructure security. n Puppet launched its Scaling DevOps Service, which was established to advise businesses on how to organize and scale their DevOps practices. The service includes DevOps coaching, evolutionary assessment to see what stage teams are at, toil reduction for freeing up band-

ment away from structured, monthly road maps to sort of a continuous flow of information, your big things, and we want to enable that so organizations can move quickly, have their work in there but be able to pull back so everyone that needs to participate can get the next feature, the next value out the door, and still work together in sync.” In last month’s partnership announcement, LinearB co-founder and CEO Ori Keren said, “Coupling LinearB Software Delivery Intelligence with Clubhouse team-focused project management provides data-driven insights to gauge project progress in real time and to better focus team resources on the work that matters most.” Among capabilities the integration will provide is a pulse timeline view that the announcement said gives “detailed visibility of every feature, bug and chore by showing a live feed of activity from branches, PRs and releases for Clubhouse stories.” Further, it said the integration will enable real-time improvement of active projects by highlighting blockers, delays, high-risk code and branches merged without review for Clubhouse stories. z width across teams, and automation for the DevOps toolchain. n Israeli DevSecOps startup Spectral announced $6.2 million in funding for its developer-first code security scanner. The seed round was led by Amiti and MizMaa, according to the company’s announcement. Spectral’s platform is a developer-facing solution that the company said monitors, crawls and protects organizations by discovering developerfacing systems such as Slack, npm, maven and logs, which often are not included in an organization’s threat modeling.

19


Where low code meets customer experience. Build exceptional apps for any device.

Beautiful apps. Transformation delivered.


www.sdtimes.com

March 2021

SD Times

21

Buyers Guide

Think high

for low code Businesses turning to new platforms to drive innovation BY JAKUB LEWKOWICZ

T

he use of low-code tooling is rapidly growing and provides tremendous opportunities for organizations to speed up their development process while saving on cost to build those applications — and the reason that the editors of SD Times declared 2021 “The Year of Low Code.” A February report from Gartner found that the market for low-code development tools is expected to total $13.8 billion in 2021, an increase of 22.6% from 2020. Gartner added that the surge in remote development during the COVID-19 pandemic will continue to boost low-code adoption even despite the ongoing cost optimization efforts at organizations. Currently, many different types of tools are growing in demand under the umbrella of low code. Specifically, low-code application platforms (LCAP) are expected to remain the largest component of the low-code development technology market through 2022, increasing nearly 30% from 2020 to reach $5.8 billion in 2021, the report stated. This is followed by the growth of other low-code technologies such as

intelligent business process management suites, multi-experience development platforms and robotic process automation (RPA). Recognizing this tremendous opportunity for growth, all of the major SaaS vendors currently provide capabilities that incorporate low-code development technologies, Gartner found. It enhances the capabilities of developers to be more agile and enables them to try out new technology. “It’s really the idea about a composable enterprise, which is taking your business and creating it as a set of Lego blocks so they can be built in new and interesting ways often using services across any of their digital touchpoints,” said Andrew Manby, the vice president of product management for HCL Software’s low-code platform, Volt MX. Low-code solutions are primarily made of three main parts, according to OutSystems in a blog post: l a visual IDE that enables users to define the UIs, workflows, and data models of your application; and the ability to add hand-written code where necessary; l connectors to various back ends or services;

l

and automated tools for building, debugging, deploying, and maintaining the application in test, staging, and production. However, there is variety among the low-code tools out there. While some serve as a visual database front end, others focus on niche business needs such as case management. Some are outside the realm of actual application development such as RPA and then there are no-code tools that cater more to business users and citizen developers. The no-code side of it is really components, widgets, modules, templates, and all of these things that provide the guardrails for the business to construct whatever output it is. It’s usually preintegrated with something. So if it’s a standalone solution, then the data is inside the database and it’s typically kind of just a simple relational table, explained Jason Wong, a VP and analyst on the design and development team at Gartner. “ ‘No code’ as a term seems like it’s trying to now exceed or supersede low code as if to say we’re somehow newer and better than low code just as much as low code in the past five to 10 years has continued on page 23 >


Make Ideas Real.

Low-code. All devices. No limits.

Visual, collaborative application development in the cloud.

With Reify’s Hybrid Development model, you can combine traditional IDE develepment with visual development, in any mix.

Product Managers Business Analysts Designers Developers

Developers [optional]

Use Reify low-code platform for every project, no jut the simple ones! • Modernize exting applications • Extend existing applications • Visually build new applications

Reify. This changes everything. GET STARTED @ Reify.com


www.sdtimes.com

< continued from page 21

taken off as a way to replace rapid application development and RAD tools, so it’s a huge phenomenon,” Wong said.

will have professional developers and the business users, in some cases, citizen developers that might be responsible for one specific form or specific automation of parts of a workflow.”

Low code for all One of the key benefits of low code is it reduces the barrier to entry for building applications for certain use cases. “If you need something constructed for a government agency, now you can have a business analyst understand all of the process mapping and can learn these tools and start building applications,” Wong added. Also, the pandemic has created a huge need for rapid digital transformation as organizations had to change how most of their businesses operated within days, and many organizations started looking to low code for that quick switch and to offer additional capabilities to their customers. “We see the catalyst of the pandemic created a surge in activity and adoption of low-code platforms and the reason for that was companies and government organizations were dealing with highly dynamic and acute changes to core processes that they had to adapt to,” said Jay Jamison, the chief product and technology officer at Quickbase. “And the promise and value of low code is the ability to quickly build, deliver, and iterate on business critical applications.” The desire for extended capabilities resulted in a surge in demand of developers which could not be met. “Never have we had a greater shortage of developers who can actually build the systems that are needed. And when you have that huge gap in terms of the demand for digitization and the lack of supply of engineering talent, low-code platforms are sort of filling the breach with quick ways,” Jamison said. This will allow for more collaborative cross-functional activities between developers, IT, and users, according to Gartner’s Wong. “It’s not going to be the business handing over requirements to IT or to a professional development team,” Wong said. “It’s going to be these collaborative cross-functional activities.” “This is what Gartner calls a fusion team where you

New users and new use cases for low code Citizen developers who are business users with little to no coding experience building applications with IT-approved technology are now on the rise as well. These business technologists are now a huge addressable market for vendors to sell to, particularly the no-code providers, Gartner’s Wong said. And these employees are also getting more comfortable with bringing some of these low-code solutions into their organizations to solve very specific targeted problems, according to HCL’s Manby. “So it’s the aspect of enabling the developer to work with the designer and the business stakeholders to develop something which is compelling and elegant and this type of platform allows you to do that,” Manby said. “Frequently, it’s someone in sales who wants to get something done, maybe they’re creating a top customer list and they’re interacting with their CRM of choice whether that’s Dynamics or Salesforce.” Just as low-code tools are used more commonly by different parts of an organization, the use cases for the tools have expanded as well as companies try to apply low code to their specific industry’s problems. Some common applications of low code are for processes that are currently spreadsheet-driven. Before, organizations would have to email out a spreadsheet, have everyone fill it out and send it back, and then the business side would have to cut, paste, and merge the data together. Now, everyone can just input their data, and the low-code application does the job of merging that data to a central location. Manby added that some common sectors where low code shines are those where people are innovating around the business and the safety and compliance realm so something like making sure an oil rig is going through a maintenance cycle and everything is okay.

March 2021

SD Times

In addition, Quickbase’s Jamison said low code can be used effectively around the supply chain and the “last mile” areas that connect to and around ERP systems. “ERP systems are traditionally pretty challenging to extend and they aren’t super flexible. And so what we find is customers appreciate the opportunity to be able to connect a low-code platform into different ERP systems so that they can get that last mile customization and flexibility that they need to drive the impact that they need in their business,” Jamison said. Low-code tools can also spin up ways to organize supply in the healthcare system, an especially important use case, as of the pandemic, Jamison explained. This can help tackle problems like how do I get the right nurses, the right ICU equipment, the right doctors that are certified for the right parts of my network, so that I can balance my supply with the demand and low-code tools can quickly help users create those applications during a pandemic. Other areas include total quality manufacturing auditing where organizations want to track the state of total quality manufacturing across a number of plants in a company’s purview. “It’s very difficult to do that in Excel, very difficult to do that tracking in real time and measurement benchmarking in something that’s a single flat Excel file that’s being shared across many sites because the data is often out of date and so on,” Jamison said. “You need the ability to have a scalable set of data that you can sort of look at and view with many different visioning techniques so that the HR system and the procurement system and the people that are trying to drive different outcomes, whether it’s a resource thing or managing finances or checking quality, they can all have what they need.”

Overcoming limitations While low-code solutions improve agility and cost-savings among their many benefits, they aren’t the silver lining to all of an organization’s problems on its own. More modern full-stack developers might hit a ceiling more quickly as to continued on page 27 >

23


24

SD Times

March 2021

www.sdtimes.com

How do you help customers with their low-code initiatives? Andrew Manby, the vice president of product management for HCL Software’s low-code platform, Volt MX Businesses everywhere need to deliver exceptional ways to engage customers, partners, and employees — and transform systems and automate business-critical processes — into easy-to-use mobile apps and multi-channel experiences. Low code offers the opportunity to be more responsive and innovate and scale rapidly. When selecting a vendor to help create multichannel experiences and enable digital transformation, forwardthinking CTOs and CIOs need to consider a few key things. Whether a company has one developer or teams of developers, it shouldn’t waste time and resources creating and tailoring specific code for specific platforms. You should be able to build once with a single code base, and deploy everywhere — from native mobile to PWAs, wearables, or even kiosks. Many organizations embark on digital transformation and app dev journeys to find that they hit a wall of complexity. You need to be able to unlock existing data and bring together back-end systems, apps, and processes — and do this securely and with high fidelity. You need integration without limits. You need serious tools with serious capabilities. HCL Volt MX is an industry-leading low-code app-dev platform that empowers professional developers, enterprise architects and digital designers to rapidly deliver consumer-grade apps. HCL Volt MX lets you build, deploy, and deliver beautiful, powerful applications that take full advantage of advanced mobile device features to enable conversational apps, touchless payments and the use of augmented and virtual reality to improve the consumer experience of your product or service.

Charles Kendrick, CTO, Reify and Isomorphic Software Reify of course offers all the usual services: consulting, support, training, etc. But what’s different about Reify is its hybrid development model. You can use Reify to build any part of an application, and in multiple places within a single larger application, and you can even extend an existing application with Reify-created screens. This is possible because Reify projects represent a self-contained set of screens and data access points that can be used anywhere. We never assume that a Reify project owns the whole screen. A complex application might consist of a hand-coded start screen that leads to a mix of Reify-created screens and hand-coded screens. Or, a Reify project might be used for a popup wizard, or for the contents of certain tabs but not others. This gives our users much more flexibility, and the ability to leverage low code in many more scenarios. We have seen many of our ‘competitors’ focus on hosting the web applications their customers build. We do this, but don’t see that as a differentiator. We are focused on accelerating the design,

development and maintenance process. We want our customers to be successful, and support that by offering unlimited end-users, as opposed to penalizing them by charging per-end-user fees. Typical low-code platforms allow you to build most of your application visually, then offer a limited set of “extension points’ that may or may not meet your remaining needs. Often that results in you getting stuck. Your developers basically have to start again from scratch — outside of the low code tool — to develop the capabilities you need. Reify is different. At any time, you can simply continue development using the full SmartClient/SmartGWT platform as opposed to being limited by a small set of extension points.

Jay Jamison, chief product and technology officer at Quickbase Businesses today need to change and adapt faster than their technology can support. As market conditions and job functions continue to change, organizations must create a culture that supports a more inclusive and cross-functional way of working. Being operationally agile — flexing and adapting to constantly evolving market dynamics and needs — is no longer a nice-to-have, but a requirement to survive and thrive. Quickbase provides a no-code operational agility platform that brings business and IT teams to work together to safely, securely and sustainably create an ecosystem of applications. By enabling problem solvers of any technical background to develop solutions, Quickbase helps businesses quickly develop tools for their unique needs and accelerate the continuous innovation of processes. Leveraging citizen automation and development at scale across one common platform, leading organizations unlock potential, get more out of their tech stacks while reducing burdens on IT, increase employee engagement and capture new opportunities with customers and business partners. Quickbase supports low- and no-code initiatives in three key ways: l Extending data and processes from core business systems. It can be difficult to get business data into the hands of those who need it most. Legacy systems can be too fragile to work with, hard to get data out of and too costly to customize. With Quickbase, you can enable your teams to continuously improve their most complex business applications. l Delivering real-time, actionable insights. Maximize the effectiveness of every employee and provide real-time, personalized visibility across your operations so everyone has the insights they need to improve the business every day. l Providing enterprise-grade security and governance. Quickbase empowers continuous innovation while at the same time managing risk, standardizing governance of low-code applications on one platform rather than across many point solutions. Learn more about how Quickbase supports low/no-code initiatives at quickbase.com. z



26

SD Times

March 2021

www.sdtimes.com

A guide to low-code platforms n

FEATURED PROVIDERS n

n HCL Volt MX: HCL Volt MX is an industry-leading low-code app-dev platform that powers developer productivity, agility, and speed to build apps that transform the business. HCL Volt MX makes it easy to deliver amazing apps across all digital touchpoints, integrate diverse and complex systems, and add innovative experiences such as VR and AR to meet ever-evolving customer expectations. n Quickbase: Quickbase provides a no-code operational agility platform that enables organizations to improve operations through real-time insights and automation across complex processes and disparate systems. Our goal is to help companies achieve operational agility—to be more responsive to customers, more engaging to employees and as adaptable as possible to what’s next. Quickbase helps nearly 6,000 customers, including over 80% of the Fortune 50. Visit quickbase.com to learn more. n Isomorphic: Isomorphic Software is the global leader in high-end, web-based business applications. They develop, market, and support the Reify low-code platform, as well as the SmartClient & Smart GWT HTML5/Ajax platform Reify is based on. Their technology gives you all the productivity of a low-code approach, combined with all the power of an enterprise-grade web application platform.

n AgilePoint NX is a low-code development platform that allows both developers and “citizen programmers” to easily implement and deploy cross-functional/ cross-organizational business apps into digital processes across multiple environments and cloud platforms.

Abandon the need for code with dragand-drop, declarative, visual development for all aspects of app dev — UX design, process design, rules design, and more.

n Alpha Software offers the only unified mobile and web development and deployment platform with distinct “no-code” and “low-code” modes. The platform materially accelerates digital transformation by allowing line of business professionals to work in parallel with IT developers.

n Boomi is a provider of cloud integration and workflow automation software that lets organizations connect everything and engage everywhere across any channel, device or platform using Boomi’s industry leading low-code iPaaS platform. The Boomi unified platform includes Boomi Flow, low-code workflow automation with cloud native integration for building and deploying simple and sophisticated workflows to efficiently drive business.

n Altova’s MobileTogether provides developers with the tools needed to build complex mobile applications quickly and easily. With MobileTogether, developers can create apps without having to manually write code, without needing to sacrifice quality. It uses a combination of dragand-drop components and easy-to-understand functional programming, making it easy for developers to use it to build sophisticated mobile apps.

n Caspio: Using visual point-and-click tools, business developers can execute the entire application design, development and deployment process, allowing them to rapidly deliver a minimum viable product and continue iterating as the market requires. The platform also offers built-in security controls, governance and compliance — such as HIPAA, FERPA, FIPS 140-2, and the EU General Data Protection Regulation.

n Appian’s platform allows teams to quickly build unified views of business information from across existing systems, and lets them create optimized processes that manage and interact with their data.

n K2 offers an established platform that excels across mobile, workflow, and data. K2’s core strength is support for building complex apps that incorporate mobile, workflow, and data. The company pro-

vides a data-modeling environment that allows developers to create virtual data views that bring multiple systems of record together into a single view. This allows developers to create an abstract view of the data. n Kintone: Teams can run, test and iterate on processes, and efficiently manage tasks with Kintone’s no-code workflow automation tool. The platform features branched workflows and trigger-based notifications with built-in collaboration at every step of the way. Teams can navigate databases quickly and easily, diving into their data with easy-to-use and quick-toconfigure views, filters and reports. Developers can also take application customization and workflow automation to the next level with Kintone’s open APIs and JavaScript. n Mendix is a low-code, high-productivity platform that enables enterprises to transform how they innovate and compete with applications. Building apps on Mendix is easy, fast and intuitive with the use of visual models, enabling a wide continuum of people, from developers to business analysts, to build robust applications without the need for code. With model-driven development, business leaders and IT have a shared language to build applications rapidly. n Micro Focus: Service Management Automation X (SMAX) enables users to create IT and non IT workflows and process-based apps in an entirely codeless manner, helping customers escape endless implementation cycles and increase time-to-value. Additionally, the intuitive, visual, low-code/no-code interface of Micro Focus Robotic Process Automation (RPA) makes it possible for users to do all of their work on one screen, with the ability to build sophisticated end-to-end RPA workflows for any use case. n Microsoft enables users to create custom business apps with its PowerApps solution. PowerApps features a drag-anddrop, citizen developer-focused solution designed to build apps with the Microsoft Common Data Service. PowerApps can be


www.sdtimes.com

< continued from page 23

used with Microsoft Flow, the company’s automated workflow solution, for data integration. Build apps fast with a pointand-click approach to app design. Easily connect your app to data and use Excellike expressions to easily add logic. Publish your app to the web, iOS, Android, and Windows 10. n Nintex helps enterprises automate, orchestrate, and optimize business processes. With the company’s intelligent process automation (IPA) solutions, IT pros and line of business employees rely on the Nintex Platform to turn their manual or paper-based processes into efficient automated workflows and to create digital forms, mobile apps, and more. n Oracle Autonomous Visual Builder Cloud accelerates development and hosting of engaging web and mobile applications with an intuitive browserbased visual development on the same enterprise-grade cloud platform powering Oracle SaaS Applications. Create business objects, add process automation, integrate external systems and, when needed, leverage standard JavaScript to create amazing apps faster. n Pegasystems: The Pega low-code application development platform allows business and IT to collaborate in real-time, using visual models to capture business requirements, quickly iterate and scale apps while ensuring nothing gets lost in translation. Pega automatically generates the application and its documentation audit trail, all leading to a 75% reduction in development costs. n Salesforce: The Lightning Platform anchors this low-code customer base, and includes tools like Heroku and Salesforce DX as well as partnerships that address coders. Salesforce’s mobile low-code platform helps customers extend customer data managed by the vendor’s software-as-a-service (SaaS) CRM apps while blending and aggregating it with data from other systems. z

what they could do with the platform. To fix this, low-code vendors are building out solutions with extensibility in mind so that developers can go in and write Java or JavaScript to create a component. “So in that regard, the professional developer can still go outside the boundary of the local environment, but they still have to follow the prescribed way to write those components,” Gartner’s Wong said. If developers want to go all the way up, they can also write some service in AWS or Azure, whether that’s through a function or a microservice, they could then write an API that could be consumed by the low-code platform. “So while there are ways to go around the limitations of a low-code platform, the ceiling can vary quite a bit between tools,” Wong said. It’s also important to put in guardrails to prevent any security compromises and to prevent shadow IT. Now, as lowcode solutions are more SaaS-based, they can be more easily managed from a security perspective. With SaaS, users have role-based access controls. They can see the apps that they built and who’s using them and if they’re effective or not. If they’re noted, then you can deprecate them or roll it back and go improve it, Wong pointed out. “So the analogy that I like to use is the difference between a professional race car driver and your weekend warrior, your go-kart driver. So if you go go-karting you know you are operating in a safe environment. Even if you crash, you don’t have too much damage. The tool is the go-kart,” Wong said. “You can regulate the go-kart to go 20 miles an hour, or you can let it fly at 60 miles an hour.” Establishing proper training and creating policies can prevent shadow IT and many organizations are building out training programs on how to implement low-code tools properly. “We invest a tremendous amount of R&D effort around leadership in governance, and in controls and capabilities that can ensure that we are a solution for it in the realm of trying to sort of control shadow it,” Quickbase’s Jamison said. Some vendors are also offering low-

March 2021

SD Times

code approaches to ISVs in which companies that are delivering a vertical ERP or CRM can add a modified version of a low-code tool such as Reify so that customers can add additional screens or customize new ones, according to Charles Kendrick, the CTO of Reify and Isomorphic Software. This can be especially useful for applications in which customers need customizability. “A lot of low code is for ‘tactical apps’ — applications created in larger organizations where it makes sense to build your own custom applications, because it's a strategic advantage,” Kendrick said. Low-code tools can also work with other technologies in tandem such as automated dependency impact analysis and debugging, packaged mobile apps for the app stores in one click, and automatic adjustment to allow for new technology. Another limitation that low-code vendors are working to fix is low-code platforms buckling under a heavy workload when it’s time to scale or integrate with existing systems. Many vendors are looking to automation to solve this problem. “A lot of RPA vendors call themselves low code or even no code, but basically, they are automating away a lot of the activity and actually eliminating the interface,” Gartner’s Wong said. “So automation is really an important trend in low code now because AI will have a lot of automation and AI will replace the code data.” While low-code tools and tool adoption is still very early on, the events of last year have really propelled it as one of the biggest technology trends of today. “We’re in the early innings for sure,” Quickbase’s Jamison said. “It seems as though the last year has really catalyzed the need because the requirements that the industries and governments and educational institutions all have is they’ve got to digitize their business to better serve their constituents, their stakeholders at all levels, whether it’s customers, whether it’s employees, whether it’s shareholders, whether it’s their community, they have to be more digital.” z

27


028_SDT045.qxp_Layout 1 2/25/21 1:15 PM Page 28

28

SD Times

March 2021

www.sdtimes.com

Guest View BY ROB HOEHN

Improve your innovation program Rob Hoehn is the co-founder and CEO of IdeaScale, provider of an idea management platform.

A

n interesting phenomenon in the innovation space is that even innovation programs need re-inventing from time to time. A typical pattern for IdeaScale clients is that they discover after a year or two of success (or struggle) that it’s time for them to re-imagine their program in new ways. This means changing how they conduct outreach, how they share information, their process for selecting ideas, their incentives, and more. This happens because transformation is necessary in almost everything and what worked last year won’t work this year, because trends have moved on, the culture is experiencing some sort of new micro-climate, the technology has evolved or multiple other factors. No matter how successful your innovation program is — whether you’re improving the workplace for your employees or you’re building the next new disruptive technology — everyone wants to find a way to supercharge and re-invigorate their program. Here are three ways that we’ve seen work for other innovation leaders. Train your workforce in innovation methodologies. One of the most surprising findings from IdeaScale’s annual customer discovery was that only 19% of innovation programs had trained their employees in innovation. This, we believe, presents the biggest opportunities to companies that care about transforming their culture, because innovation training is a key form of professional development that your employees will appreciate, because it’s a portable skill, but it will also have some key benefits for any organization willing to invest in it, as well. For example, giving everyone a shared language will help streamline processes, but it will also highlight a shared company value in a tangible way. Bayer had a great innovation training program that helped them nurture innovation ambassadors so well so that their innovation training program now has a waiting list and numerous new R&D opportunities to explore. Require each employee to implement one idea on their own (large or small). One of our most successful innovation programs included a new requirement on their employees’ perform-

Every employee had to suggest and implement one idea.

ance reviews. Every employee had to suggest and implement one idea. The innovation team at this health care organization did a great job in first training their employees on what would constitute a good idea and then teaching them how to estimate the value of an idea, and further, how to take action on it. Most of these ideas were just simple improvements (like a clothing stock for patients who came in and had to have their clothing cut off of them or a different style surgical mask that was easier to put on), but it shared the responsibility of making the entire organization better so that everyone could talk about their contribution with pride. And they did it! 12,000 employees implemented 12,000 new ideas! In the time since, that health care organization is looking for bigger ideas with longer horizons, but now they have a whole network of engaged and excited employees who feel like they are a part of making their workplace better. Highlight each success by crediting the people who made it possible. One of the most exciting things about a technology like IdeaScale is that you get to reach out to the community of people who make a new idea come to life. Most of the time when a new idea, concept, project or process succeeds — it is rarely thanks to a single individual, but instead to an entire community of people — those who suggested it, supported it, helped develop it, approved it, advocated for it, explored it, improved it and beyond. When you find a success, don’t just honor the submitter, but the community around it so that others feel included in the process of innovation. You don’t necessarily need to call out every participant in the process, but it’s helpful to think beyond just the usual one or two people as the face of an idea. No matter which of these strategies you pick, you should be looking for new ways to engage more voices and new tactics for rapidly testing out promising ideas. To learn other hacks for improving innovation, check out IdeaScale’s annual crowdsourced innovation report, which includes findings from IdeaScale’s community of innovation managers about their programs, as well as recommendations for optimizing your own innovation program. z


029_SDT045.qxp_Layout 1 2/26/21 10:03 AM Page 29

www.sdtimes.com

March 2021

SD Times

Analyst View BY ARNAL DAYARATNA

Foster development-related education A

s digital transformation initiatives accelerate, so too does the intensity with which employees attempt to acquire coding and digital literacy skills. For example, IDC data forecasts that the population of part-time developers, defined as professional resources who perform developmentrelated work even though they do not have the job title of developer, will increase with a CAGR that significantly exceeds that of their full-time counterparts. Examples of part-time developers include storage engineers, database developers, data scientists and business analysts. An important subset of part-time developers is the set of LOB developers, defined as LOB professionals who perform development-related work and practices in an effort to improve the quality of their professional work. According to IDC developer research, the growth of LOB developers will outpace part-time developers because of the rapid maturation of low-code and no-code development platforms. In addition, the growth of the LOB developer population will be driven by the urgency of business needs to introduce more digitization, analytics and automation to the business processes and workstreams managed by LOB professionals. This increase of development-related skills on the part of LOB developers is also attributable to the rapid maturation of an educational ecosystem that democratizes access to development-related education. Now, more than ever, anyone interested in learning to code can do so from the comfort of their personal laptop by means of online courses. While the ecosystem of online courses, video content and tutorials provides LOB developers with a rich set of options for acquiring development-related skills, the broader question about development-related education is whether contemporary needs for development skills require a more radical transformation of our educational infrastructure and curricula. Put differently, does the contemporary need for technology and development-related skills require the infusion of coding-related education more deeply into the education of high school and college students? The need for LOB developers to acquire development skills is illustrative of a labor force that failed to acquire coding and application building capabilities during their formative educational

years. Today, the pace of digital transformation is such that even business professionals need to acquire development skills to understand how processes are being digitized and to what degree. As such, U.S. high schools and universities would do well to rethink how best to educate an aspiring workforce that requires a heightened degree of digital literacy and skills for all graduates, and not just for those who plan to become professional developers, engineers, scientists and mathematicians. One way for U.S. high schools and universities to empower graduates to design and build digital solutions is to foreground the use of educational platforms that offer students the ability to develop and refine capabilities to design and build digital solutions. This may involve platforms other than the famous Microsoft Office Suite of applications or Google Apps, its analogue. In other words, students would do well to have the opportunity to build digital solutions that simulate classical physics, cellular biology or inorganic and organic chemistry. Similarly, students of literature can use digital platforms to perform analytics on textual objects, either by means of sentiment analysis or otherwise by custom, correlative analytics that empower students to understand how a particular literary trope or character either remains intact, changes or performs something in between. To engage in problem-solving activities in an era of rapid digitization, high school and undergraduate students will need access to reinvented educational platforms that encourage analytical and creative thinking using a new generation of applications and tools. All this means that the gauntlet has been thrown down to contemporary technology companies to reinvent and redefine the platforms used for the education of a digital workforce. This hardly means dispensing with the arts and humanities, but rather, providing new digital infrastructures on which students can solve problems and express complex ideas across a wide range of academic disciplines. In their ideal incarnation, this new breed of educational platforms will foster more transdisciplinary and creative thought in addition to cultivating the skills required to build digital solutions with fluency, speed and sophistication. z

Dr. Arnal Dayaratna is Research Director of Software Development at IDC

Business professionals need to acquire development skills to understand how processes are being digitized.

29


030_SDT045.qxp_Layout 1 2/26/21 10:02 AM Page 30

30

SD Times

March 2021

www.sdtimes.com

Industry Watch BY DAVID RUBINSTEIN

An all-weather, autonomous car David Rubinstein is editor-in-chief of SD Times.

A

s a large part of the United States suffers through frigid temperatures, ice and snow, leave it to an autonomous driving software company from Finland to turn its frozen tundra into a technology laboratory. We have yet to develop reliable, fully functional self-driving cars here in America, though we are getting close. Features such as blind spot detection, 360-degree cameras, stay-in-lane assist and automatic braking in cruise control mode tell us we’re getting closer. But one thing we haven’t been able to overcome for fully autonomous driving is what happens when rain, fog, ice and snow “blind” the sensors and cameras. This is what the Finnish self-driving technology company Sensible 4 was hoping to learn as it develops its self-driving technology called Dawn. To make this happen, the company last December took a vehicle to Finnish Lapland to test it for two and a half weeks, in temperatures that went below -20 degrees Celsius (-4 degrees Farenheit). That’s way cold. The weather, the company reported, wsa most dark, snowy and cold, with snow covering driving lanes and their surroundings and visibility dropping to a mere few yards at times. With this testing, Sensible 4 wanted to see how reliable the hardware would remain in arctic weather, to test the full software stack, and to train data gathering. These whiteout conditions, where lanes, trees and parked cars are covered in snow —along with people looking different in heavy winter clothing — were “an important aspect for the development” of the self-driving car, the company said in a statement. Antti Hietanen, a senior autonomous vehicle engineer at Sensible 4, wrote in a blog on the testing: “For full stack testing, we had designed common scenarios from traffic, such as vehicle overtaking, emergency braking and adapting to a lead car speed. In [Lapland], we were especially interested in conducting the test while the road surface was slippery and during heavy snowfall. Both are important factors as during a wheel slippage the vehicle motion calculated based on the wheel encoders does not match to a real vehicle motion and might confuse our vehicle localization. In

For fully autonomous driving is what happens when rain, fog, ice and snow “blind” the sensors and cameras.

addition to slippery surfaces, a heavy snowfall will also impair our vision-based localization and object detection by decreasing the visibility and by deforming the landscape indistinguishable.” So as the system advances from a technology standpoint, getting us ever closer to true self-driving cars, the social and cultural issues around the future of driving remain. Could a human road trip to Lapland begin to move those issues forward as well?

Remembering Pat Sarica When SD Times started in 1999, we began interviewing for a copy editor. One resume immediately stood out from the rest. It was from a woman named Pat Sarica, who died last month at the age of 66. Though Pat wasn’t working with us then, having gone to work in the publications department at New York’s Stony Brook University, her imprint on the paper (and on our corporate culture) was unmistakable. Pat was the personification of what we call today “the grammar police.” She was curmudgeonly, disgruntled, often ill-tempered and mostly intolerant of anything in the office that wasn’t working toward getting the paper out the door — basically, everything you’d want in a copy chief and managing editor, a position she attained not long after joining us. But she had a warm, funny side as well, telling us of her life with her beloved mother, her cats and her pride in her nephew, Jimmy. But in our office, perhaps her best line was when she once called copy editors “publishing’s equivalent of postal workers.” Those of us who’ve done time on a copy desk know exactly what she meant. It’s impossible to sum up a person’s life in just a few words — proud St. Bonaventure University graduate with three favorite words she’d only let you know if you guessed them, avid reader and old movie buff, and above all a caring friend — but as Pat herself would appreciate, there’s only so much space on the page. I’m sure she’d take her skilled knife to this, and make it so much better. (The words were tsunami, maritime and coutourier. Don’t ask me why.) Godspeed, Pat. You were a joy to be with, and you’re already deeply missed. z


CircleCI Webinar.qxp_WirelessDC Ad.qxd 2/26/21 2:26 PM Page 1

presents

CI/CD benchmarks for high-performing teams in 2021 FREE VIRTUAL EVENT

MARCH 25, 2021 AT 12:00 pm ET | 9:00 am PT

Diving into the effectiveness of your delivery capabilities can tell you a lot. Do your deploys require frequent cross-team coordination? When production breaks, does it take a long time to get it up and running again? Are you getting feedback and results from your changes quickly? Join CircleCI’s Technical Content Marketing Manager Ron Powell and Sergiy Tupchiy, Software Engineer at Contentful, as they discuss DevOps insights, practices, and metrics that will help teams build better software, faster, in 2021. Register Now

https://asset.d2emerge.com/ circleci-ci-cd-benchmarks-for-high-performing-teams-in-2021


Full Page Ads_SDT016.qxp_Layout 1 9/21/18 4:14 PM Page 28

SD T Times imes News on Mond day The latest news, news analysis and commentary delivvered to your inbox!

• Reports on the newest technologies affecting enterprise deve developers elopers • Insights into the e practices and innovations reshaping softw ware development • News from softtware providers, industry consortia, open n source projects and more m

Read SD Times Ne ews On Monday to o keep up with everything happening in the software devvelopment industrry. SUB BSCRIBE TODA AY! Y!


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.