3 minute read
writing better code
by d2emerge
would make great progress, and then some other disruption would happen, and it would unravel their work So, we spent multiple days where we kind of got close to finishing the problem, and then it had to be reset ”
While something as disruptive as this may not happen every day, Delaroche said that every day companies are facing major crises It’s just that the ones we know about are the ones that are big enough to make it into the press
“Once in a while we see a big business depending on software that fails,” he said “I think that in five to ten years, this will be the case on a weekly basis ” reduce the mental effort required by developers to maintain their software.
The sof tware landscape is a “huge mess”
Delaroche said that many CIOs and CTOs may not be willing to publicly admit this, but the portfolio of software assets that run the world, that exist in the largest corporations, are becoming a huge mess
“It’s becoming less and less easy to control and to master and to manage and to evolve on, ” said Delaroche “Lots of CIOs and CTOs are overwhelmed by software complexity ”
In 2011, Marc Andressen famously claimed that “software is eating the world ” Delaroche said this is more true than ever as software is becoming more and more complex
He brought up the recent example of Southwest Airlines Over the holidays, the airline canceled over 2,500 flights, which was about 61% of its planned flights The blame for this was placed on a number of issues: winter storms, staffing shortages, and outdated technology
The airline’s chief operating officer Andrew Watterson said in a call with employees: “The process of matching up those crew members with the aircraft could not be handled by our technology … As a result, we had to ask our crew schedulers to do this manually, and it’s extraordinarily difficult … They
What does the future hold for these tools?
Over the past six months Lo Giudice has seen a big acceleration in adoption of tools that use large language models.
However, he doesn’t expect everyone to be writing all their code using ChatGPT just yet. There are a lot of things that need to be in place before a company can really bring all this into their software development pipeline
Companies will need to start scaling these things up, define best practices, and define the guardrails that need to be put in place Lo Giudice believes we are still about three to five years away from that happening
Another thing that the industry will have to grapple with as these tools come into more widespread use is the idea of proper attribution and copyright
In November 2022, there was a
GitHub Copilot, led by programmer and lawyer Matthew Butterick
The argument made in the suit is that GitHub violated open-source licenses by training Copilot on GitHub repositories Eleven open-source licenses, including MIT, GPL, and Apache, require the creator’s name and copyright to be attributed
In addition to violating copyright, Butterick wrote that GitHub violated its own terms of service, DMCA 1202, and the California Consumer Privacy Act
“This is the first step in what will be a long journey,” Butterick wrote on the webpage for the lawsuit “As far as we know, this is the first class-action case in the US challenging the training and output of AI systems. It will not be the last. AI systems are not exempt from the law. Those who create and operate these systems must remain accountable. If companies like Microsoft, GitHub, and OpenAI choose to disregard the law, they should not expect that we the public will sit still AI needs to be fair & ethical for everyone If it’s not, then it can never achieve its vaunted aims of elevating humanity It will just become another way for the privileged few to profit from the work of the many ” z
Another area to apply shift-left to
Over the last years several elements of the software development process have shifted left Galael Zino, founder and chief executive of NetFoundry, thinks that software analysis also needs to shift left
This might sound counterintuitive How can you analyze code that doesn’t exist yet? But Zino shared three changes that developers can make to make this shift
First, they should adopt a secure-by-design mentality He recommends minimizing reliance on third-party libraries because often they contain much more than the specific use case you need For the ones you do need, it’s important to do a thorough review of that code and its dependencies
Second, developers should add more instrumentation than they think they will need because it’s easier to add instrumentation for analysis at the start than when something is already in production
Third, take steps to minimize the attack surface The internet is the largest single surface area, so reduce risk by ensuring that your software only communicates with authorized users, devices, and servers
“Those entities still leverage Internet access, but they can't access your app without cryptographically validated identity, authentication and authorization,” he said z
