15 minute read
News Watch
from SD Times May 2022
by d2emerge
NEWSNEWS WATCHWATCH
AWS Amplify Studio now generally available
AWS recently announced the general availability of Amplify Studio, a visual interface that works to simplify front- and back-end development for web and mobile applications. The platform was first presented as a preview during AWS re:Invent 2021.
With this, users gain access to an integration with Figma, helping designers and frontend developers to work collaboratively on design and development tasks.
The GA version also offers new features such as support for UI event handlers, component theming, and improvements in how users can extend and customize generated components from code.
Additionally, Amplify Studio extends on the ease of configuration that is provided by AWS Amplify by bringing it to front-end developers who can then use it to work with prebuilt and custom UI components for those applications.
Node.js 18 release updates V8 JS engine
The latest release includes an update to the V8 JavaScript engine, global fetch enabled by default, and a core test runner module.
The V8 engine has been upgraded to version 10.1. This latest version is part of Chromium 101. Upgrading to this latest version unlocked features like the findLast and findLastIndex array methods, improvements to the Intl.Locale API, the Intl.supportedValuesOf functions, and improved performance of class fields and private class methods.
The implementation for global fetch is based on undici-fetch. The team is working to make the implementation as close to spec compliant as possible, but since it requires things not present in backend networking, certain aspects of the spec were omitted. Currently the global fetch API is experimental and will remain so until more test coverage can be added.
Node.js 18 will be the current Node.js release for the next six months and will be promoted to Long-Term Support in October 2022. At this point the release will be renamed with the codename Hydrogen and will be supported until April 2025.
People on the move
n Ivanti has announced that as of April 25, Dennis Kozak will serve as its new chief operating officer. He will be overseeing the company’s marketing, global sales, customer experience, and operations. His previous roles include leadership positions at Avaya and CA Technologies.
n Sanjay Poonen has joined service mesh company Tetrate as a new strategic advisor. Poonen previously was COO at VMware and president at SAP. He also held software engineering roles at Microsoft and Apple earlier in his career.
n Blackbaud has appointed Sudip Datta as its chief product officer. He will oversee the company’s product portfolio, which includes product life cycles, roadmaps, and strategy. He previously led AIOps and observability at Broadcom, was vice president of products at Oracle, and held positions at IBM and Fujitsu-ICL.
Sysdig announced the release of Risk Spotlight, a vulnerability prioritization feature based on runtime intelligence.
The feature enables teams to reduce vulnerabilities by 95% and allows developers to focus on shipping applications faster, according to Sysdig.
It also delivers vulnerability details such as CVSS vector from multiple sources, the fix version, and links to publicly available exploits to manage vulnerability risk at scale. The feature provides a single view of vulnerability risk across a container lifetime from build to runtime.
Developers will also receive a package-centric view of vulnerabilities along with the fixes and upgrades that they need to apply.
CodeGym launches donation program to help Ukrainians
Since Russia’s initial attack on Ukraine, 53% of Ukrainian citizens have lost their jobs and over 4.5 million have been forced to flee the country, according to CodeGym, the Ukrainian online course for learning Java programming.
The company is matching every purchase of monthly and yearly subscriptions with two donations to Ukrainian residents in order to help those who are suffering start a new career in IT.
For a limited time, CodeGym can offer 5,000 unemployed Ukrainians free access to the company’s Java educational platform to help them get back on their feet and start fresh with a new career.
TIBCO updates WebFOCUS platform
With the release of TIBCO WebFOCUS 9.0.0, the company announced stronger data access, AI/ML capabilities, and developer tools.
One new feature, TIBCO WebFOCUS Container Edition provides users with a scalable, microservices-based platform for container-based deployments. It offers on-demand compute and parallel processing with which customers can scale their environments and run multiple tasks concurrently.
Also with the addition of Hub, users can access content and data across any device through a workspace and applications directory to simplify data access. The Hub can visualize recent and important data contained in a personalized home screen for faster access.
Key enhancements to TIBCO WebFOCUS Designer capabilities now include the streamlined ability to create, manage, and stage datasets when authoring content.
GitHub’s Dependabot alerts code calls a vulnerability
Dependabot alerts use GitHub’s precise code navigation engine to determine if a repository directly calls a vulnerable function.
The new feature marks a shift in how GitHub curates
Google Play to update target level API requirements
Google is introducing policy changes to Google Play to better protect Android users. New target level API requirements will prevent users from installing apps that don’t have the latest privacy and security features.
Beginning on November 1, 2022, existing apps that don’t target an API level that is within two years of the most recent major Android release won’t be available for download for users of devices that are running OS versions that are higher than the target API level.
Google plans to continually adjust this requirement window in accordance with new Android releases.
The reason behind these changes is that Google believes users running the latest devices expect to receive the full privacy and security protections from Android, but installing an older app without the latest security updates could make their devices vulnerable.
information on vulnerable packages from the Advisory Database to curating information on affected functions for each source library.
GitHub performs static analysis with functions in order to generate an affected call graph for a repository, which surfaces on a Dependabot alert.
The implementation is powered by stack graphs, which powers Precise Code Navigation and provides a noconfiguration experience that works on any advisories with annotated vulnerable functions, according to GitHub.
GitHub announced that it has details of vulnerable functions for 79 Python advisories from the pip ecosystem and that it will continue backfilling data on vulnerable functions for Python advisories through the beta, as well as supporting any new Python advisories.
IntelliJ IDEA 2022.1 is now available
With IntelliJ IDEA 2022.1, customers gain multiple enhancements and new features all geared at improving user experience.
This release introduces the Dependency Analyzer that works to facilitate dependency management and conflict resolution. Another update is the Notifications tool window, which brings users a new way to receive and store notifications from the IDE.
Additionally, the updated New Project wizard works to simplify the process of launching new projects no matter the scale or level of complexity.
IntelliJ IDEA 2022.1 also brings users upgrades to Code Vision inlay hints with Code Author hints as well as enables them all by default to offer users instant insights about their code directly in the editor.
Support has also been added for the new features in Java 18 and improvements have been brought to the IDE’s performance with Kotlin.
Microsoft announces the release of .NET 7 Preview 3
This release brings users enhancements to observability, startup times, codegen, GC regions, Native AOT compilation, and more.
Interested users can download .NET 7 Preview 3 for Windows, macOS, and Linux. It has also been tested with Visual Studio 17.2 Preview 3. Microsoft recommends using the preview channel builds to try .NET 7 with Visual Studio family products.
With Native AOT, pre-compilation is brought to .NET desktop client and server scenarios. According to Microsoft, this addition does not serve to replace existing technology, but rather to offer a new set of capabilities that allows users access to new form factors.
This preview release also adds support for new cloud native OpenTelemetry specifications. This includes specification updates #988 and #1708 that make the trace state mutable for samplers.
GitHub announces updates to Discussions
GitHub recently announced new features being added to GitHub Discussions in order to help users communicate, collaborate, and connect with their teams about the software they are building.
GitHub Discussions will now be supported at the organization level for open-source projects, enterprises, and development teams. This change comes after discovering that scoping discussions to individual repositories became a road block for organizations with multiple repositories.
Organization Discussions works to simplify centralizing communications across projects to gain a better understanding of what’s happening within the community, team, and company.
Based on customer requests, the GitHub team is also bringing Polls to Discussions. Now, when creating a new discussion, users have the ability to select the Poll category to create a Poll. This feature allows customers to add up to eight polling options for teams to respond to.
Microsoft debuts 1st .NET MAUI release candidate
Microsoft announced the release of the first .NET Multiplatform App UI (.NET MAUI) Release Candidate. .NET MAUI leverages platform SDKs for Android, iOS, macOS, and Windows, which are included in this release. Developers can use the SDKs directly with C# in addition to maximizing code sharing and productivity with .NET MAUI. .NET MAUI includes over 40 layouts and controls optimized for building adaptive UIs across both desktop and mobile platforms.
Developers can also share their Blazor web components directly in .NET MAUI apps while having access to native device capabilities and packaging. By using .NET MAUI and Blazor together, one can reuse one set of web UI components across mobile, desktop, and web.
The new release candidate improves upon the Xamarin .Forms architecture by adding low-code hooks to modify many things. z
Developers have always had a need for infrastructure. But with the need to update applications or websites quickly to take advantage of changing market conditions, the idea of asking IT to spin up an environment and having to wait sometimes days for it no longer works for organizations trying to keep pace. In short, developer productivity was suffering.
Enter infrastructure as code (IaC), touched off by the launch of public cloud services, which allowed developers to easily consume them just when they needed them. But if you had to submit a request to engage with those services, and wait for a reply, public cloud services never would have succeeded, according to Naveen Chhabra, analyst at Forrester.
So, why infrastructure as code? Why not infrastructure as infrastructure? Chhabra said, “The primary persona using those called cloud services were the application developers, and the application developers know how to code. ” So, he said, this became the goto mechanism to get storage, unit computing, a new database or containers, whereby these services could be consumed in a codified manner.
But this is not confined to the public cloud. VMware, for instance, offers a provider, which Chhabra said is an abstraction layer of an infrastructure component. “Call an API, or call that provider, and I will give you the resources, ” he explained.
Growing infrastructure complexity
When cloud services first emerged, developers were able to easily set up testing and staging environments before an application was deployed. Today, organizations are dealing with hybrid and multi-cloud environments, as well as Kubernetes architectures, service meshes and serverless applications, to name but a few. According to Aaron Kao, vice president of marketing at universal IaC platform provider Pulumi, a typical application today has something like 400 different services in it. Yet many of the current IaC tools are either markup languages or DSLs (domain specific languages).
“What’ s happening with these older IaC tools that are based on DSLs, they start having to add a lot of features into that DSL, and someone recently told me, it’ s like DSLs are just like poor facsimiles of … real programming languages, because there ’ s leaky abstractions, and there ’ s increasing complexities that you ’ re trying to address that you keep having to shoehorn things into its features, ” Kao said.
Because of this complexity, organizations find themselves in a struggle with their competitors to hire full-stack developers, knowledgeable in application development and what’ s needed on the back end to deploy those applications. But because the price tag for these developers is high, organizations might not want them struggling to create infrastructure, or letting them create IaC without guard rails. Ronak Rahman, developer relations manager at infrastructure provider Quali said, “Who creates those guard rails? And they need things that are watching for security. Is it my developer that I’ m building … has a security flaw in it? You see companies trying to [add guardrails] with their TerraForm scripts so that developers don ’t have to care about that; they can just provision their software.
Keep productivity high
To keep developers productive, Kao said, “It’ s really about streamlining. Instead of having multiple tool sets to do infrastructure and do application development, you can use one.. And instead of, let’ s say you have a separate IaC system, you know, like, well, there ’ s a lot of tooling that needs to go get built with that. ” So, IaC providers such as Pulumi are seeing the need to integrate with the tools and programming languages where developers live.
One thing related to developer productivity is infrastructure and application drift, according to Roxana Ciobanu, CTO and co-founder at Bunnyshell, an environment-as-a-service platform. “It is inevitable for issues to appear in development when engineers work in environments with out-of-sync infrastructures and old application versions, ” she
said.
“Drift detection is one half of the solution, and automatic remediation is the other half, and that’ s where we see a lot of challenges. ” To properly solve code drift, she said, any change should automatically be detected, corrected or merged into all existing development, stage or production environments. ”
Has DevOps marginalized IT?
There always has been territorial behavior when it comes to IT. Developers write code, operations engineers set up policies and governance that make sure infrastructure is used in a way that doesn ’t hurt the organization.
According to Forrester ’ s Chhabra, the infrastructure owners ’ involvement arises out of the governance needs. “We have seen examples of again, these are not the only reasons, but we ’ ve seen examples of excessive cloud spend. So can I bring in a governance layer, which says, ‘Hey, you get the infrastructure, type of infrastructure, size of infrastructure, duration of infrastructure, what you actually need, and you don ’t leave it overnight unattended, running, you know, without us. ’ So can I put that time bound? A time foundation to how long? What, where, and when can you actually use the resources? So that’ s the foundation of where these governance requirements are coming from. ”
Rahman sees it less as developers taking something from IT and more as operations engineers not keeping their skills up to date.
That phenomenon, though, is not limited to the technology industry. In journalism, for example, older print editors can be resentful of the shift in newspapers toward multimedia presentations and younger reporters coming in with video and social media skills. In technology, another good example is mainframe programmers who were facile with COBOL but didn ’t keep up as client/server and new languages emerged for more modern software development.
“I think the marginalization is a symptom of, you know, this whole lack of trust and … I think the solution there is just update your skills for the digitization, ” Rahman said. “You know, you ’ re not racking and stacking servers anymore, and hopefully, you ’ re not going in a cold room and you know, organizing your wires. So, you know, we need new skills to get us to live our art and live our best life. ”
Part of the problem, Rahman noted, is that historically, developers and IT have had different goals. Developers want to innovate on new products and features; IT wants to ensure systems stay up and running, comply with regulations such as HIPAA and SarbanesOxley, and keep costs under control.
“I see developers more as creative artists deep in their art, ” Rahman said. “And IT and centralized DevOps represent the business interests, you know, they ’ re in a whole different org structure, and they ’ re in charge with making sure guardrails exist, governance exists. I’ m not answering to the product team on products coming out of the pipeline faster. So there are two different concerns. There ’ s the business concerns with absolutely legitimate governance, costs and security. And then there ’ s the developer infrastructure. You know, that’ s cool that you gave me tools, but I’ m just gonna learn how good enough to do what I want to do, which is bang out awesome features. ’”
Governance is critical
Traditional IT involvement in infrastructure arises out of the need for governance. One area that’ s particularly important to the business is security. Forrester ’ s Chhabra explained: “Because of security concerns, I don ’t want to be running across all public cloud providers or all infrastructure vendors, and find that now as an organization, I’ m responsible for patching and managing vulnerabilities. What if I can reduce my attack surface? And that can happen with standardization. Another reason is geolocation. Whether it’ s because of the data sovereignty requirements, or because of geopolitical reasons, for a specific project, let’ s say, a major oil and gas company wants to run a project in Australia. What is mandated by Australia, that you must be running all those applications and IT resources within Australia. So what do I do? I cannot, as a business leader, allow my application owners to even by mistake, run that in AWS East. So there are different forces that are putting this demand on how the resources where, when and what resources are being consumed, whether it is because of cost reason, geopolitical, or educational and, you know, sovereignty requirements. ”
Developers are creating the infrastructure provisioning they need with code, but IT still needs to be the gateway for them to access that infrastructure. Chhabra said, “Developers can ’t be expected to understand all the latest happenings in governance. So you still need to have that kind of intermediary IT person, you know, giving them the keys, only at a certain time and at a certain place, and only for a length of time. ”
IaC gives you speed; governance gives you the window and the control mechanism. This, Chhabra said, “ ensures that there are no speed bumps in how quickly can you go from where you are to where you want to be. ” z
