Best Programming Master

WhiteSource has announced it will now integrate with Microsoft Visual Studio Code Editor. According to the company, the integration gives Visual Studio Code developers visibility and security alerts on problematic open-source components while continuing to develop within their preferred development environment. “Integrating security testing pre-build allows issues to be detected earlier when they are easier and quicker to fix. With this integration, WhiteSource gives developers the information they need, when they need it, in their own environment,” WhiteSource wrote in a   announcement . With this new addition, WhiteSource now supports Visual Studio Code, Visual Studio, IntelliJ, and Eclipse.  Microsoft announces Zero Trust deployment guide Microsoft’s Zero Trust deployment guide focuses on how to deploy and configure Microsoft Cloud App Security to apply Zero Trust principles across the app ecosystem, regardless of where those apps reside. Specifically, the guide will cover the

LinkedIn wants to address bias in large-scale AI apps. The company introduced the LinkedIn Fairness Toolkit (LiFT) and shared the methodology it developed to detect and monitor bias in AI-driven products.  LiFT is a Scala/Spark library that enables the measurement of fairness, according to a multitude of fairness definitions, in large-scale machine learning workflows. It has broad utility for organizations who wish to conduct regular analyses of the fairness of their own models and data, according to the company.  “News headlines and academic research have emphasized that widespread societal injustice based on human biases can be reflected both in the data that is used to train AI models and the models themselves. Research has also shown that models affected by these societal biases can ultimately serve to reinforce those biases and perpetuate discrimination against certain groups,” AI and machine learning researchers at LinkedIn wrote in a   blog post . “Although several open source

The latest Rust programming langauge release enables new things to appear in ‘const fn,’ two new standard library APIs, and one feature useful for library authors. By including the features in ‘const fn’, this led to a 40x performance improvement in Microsoft’s WinRT bindings for Rust, according to the working group behind the language. The two new APIs that were stabilized in this release include ‘Option::zip’ and ‘vec::Drain::as_slice.’  Additional details on the release are available here . AnalysisLevel introduced in .NET 5’s C# compiler The new release automatically finds latent bugs in code in the new .NET 5 SDK. Before, users would need to install NuGet packages or other stand-alone tools to get more code analysis. The AnalysisLevel in the C# compiler introduces warnings for these patterns in a safe way, according to Microsoft In the future, Microsoft said it will add a new analysis level for every release of .NET. The goal is to make sure that a given analysis level alw

Website speed refers to how fast a site responds to requests from the Web. As I am about to highlight in this article, the speed with which a website load is very critical to both the users and owners. Users often get frustrated whenever we are unable to open a web page. Sites that take longer to load put off users, and they hardly get much viewership. Studies show that 40% of Internet users do not wait for a site to load more than three seconds. In such a case, the site losses traffic to competition. Slow pages also give a bad image to brands as users associate site speed with its quality and services. Since 2010, Google has been using site speed in their algorithm for ranking web pages. Website speed remains an important factor for Web page design whenever we are working on Search engine optimization. Mobile-friendly pages are essential as more than half of Internet users are on the mobile internet. When working on a website, always think mobile as compared to desktop. The goo

Computer engineer and the father of the famous filmmaker Steven Spielberg, Arnold Spielberg, has passed away from natural causes at the age of 103. Spielberg was an electrical engineer known for designing the GE-200 series of mainframe computers at General Electric. He is best known for collaborating on a time-sharing operating system, the GE-225, in the early 1960s, enabling users to interface with one computer to solve simple problems.  “Unlike the previous computers, the GE-225 — as it was called — was a business computer. It stored its own software, handling the input and output of data. We relocated the factory to Phoenix and sold it within GE as well as to the external market. GE used them for general business applications and some scientific work, but mostly to do business processing. I was in charge of the small-computer-systems group, whose job it was to design the circuits, design the logic, plan the system and put it all together,” Spielberg said in an interview with GE

Swap Detector is an open-source checker that detects API usage errors. The project was released this week by GrammaTech , and originally created by The Department of Homeland Security, Science and Technology Directorate, and Static Tool Analysis Modernization Project. “Traditional static-analysis techniques do not take advantage of the vast wealth of information on what represents error-free coding practices available in the open-source domain,” said Alexey Loginov, the vice president of research at GrammaTech. “With Swap Detector we applied Big Data analysis techniques, what we call Big Code analysis, to the Fedora RPM open-source repository to baseline correct API usage. This allowed us to develop error-detection capabilities that far exceed the scalability and accuracy of conventional approaches to program analysis.” Swap Detector enables developers and DevOps teams to identify errors due to swapped function arguments, which can also be present in deployed code. It consumes inpu

In the latest version of Angular, Angular 10, a new strict opt-in mode was added in order to optimize build times and deliver apps faster with fewer problems.  Currently, this new feature is still in opt-in mode because it comes with a few trade-offs, including stricter type checking and extra configuration. RELATED CONTENT: Angular 10 now available According to Angular, there are a few settings that need to be turned on in addition to default settings to create an app that uses strict mode. These include: Enabling strict mode in TypeScript Turning on strict Angular compiler flags strictTemplates and strictInjectionParameters Reducing bundle size budgets by 75% Turning on no-any TSLint rule to prevent declarations of type any Marking the application as side-effect free The Angular team noted that there are trade-offs for each of these. For more information on each, visit Angular’s post . The post Angular 10 adds strict opt-in mode appeared first on SD Times . fro

Android’s Jetpack Compose has reached alpha. It is a modern UI toolkit designed to help developers quickly and easily build apps across all Android platforms with native access to the platform APIs.  Jetpack Compose focuses on providing APIs for high-quality apps at scale, an intuitive language, and a reactive programming model, the team explained.  The Compose APIs were designed and developed with a set of canonical sample apps that use the newly-released Material Design. Users can import and explore the latest samples directly in Android Studio as well. The alpha release includes animations, a constraint layout, initial A11Y support, input and gestures, interoperability with views, lazy lists, and more. The full list of alpha release features is available here . Android also added new capabilities to Android Studio 4.2 canary in partnership with the JetBrains Kotlin team to help build apps in Compose.  Jetpack Compose is a fully declarative component-based approach, meaning dev

Self-service and cloud automation are essential to DevOps or digital transformations. Organizations are finding they can no longer wait to get access to infrastructure to test and run their applications, services or third-party components.  The problem is that not all self-service approaches are created equal, and the path to take depends on an organization’s needs and available skills, according to Maya Ber Lerner, chief technology officer at Quali , a cloud automation platform provider. “Everything we automate can be pretty dangerous or risky and can cause some damage to the business,” she said in a webinar on SD Times . “It is like knowing all the words of the language, but you don’t know how to compose a meaningful sentence because if you want to use it correctly, it is more than just having good software architecture. You actually need to make sure you are not making any cloud mistakes and you need to have good architecture and you need to make sure you are not creating any ris

Fastly entered into a definitive agreement to acquire Signal Sciences for approximately $775 million in cash and stock.  The acquisition will expand Fastly’s security portfolio through developer-first web applications and API protection solutions, according to the company.  “Fastly was founded to meet developers’ need for greater visibility and control. Now, as the digital transformation movement continues to accelerate, DevOps teams are struggling with inadequate and inflexible security tools,” said Joshua Bixby, the CEO of Fastly. “Together with Signal Sciences, we will give developers modern security tools designed for the way they work.” LDRA launches Secure Software Development Resource Centre The new Secure Software Development Resource Centre is an online portal that guides developers through the phases of the SDLC, including requirements, design, model, code, and verification whether developers are using traditional V-model, waterfall life cycle, or an Agile approach. “The

As part of it’s app modernization week, Google announced a number of new updates to help organizations get started with their digital transformations and to streamline application development and delivery.  The Google Cloud App Modernization Program The Google App Modernization Program (Google CAMP) was formed to offer advice on how organizations can start their journeys into becoming software companies.  Google CAMP also reflects learnings gained via six years of research by DevOps Research and Assessment (DORA) into practices that drive high performance, according to the company.  The program improves business results through tailored modernization advice gained through a data-driven assessment, concrete solutions, recommendations, and best practices for application modernization, and finally, a modern yet extensible platform.  “Whether you’re building a Kubernetes, serverless, or mainframe application, the Google CAMP assessment shows you where to start your application moderni

Kong Enterprise 2.1 provides flexible, multi-cloud, multi-region deployment options with native service mesh support via the newly released Kong Mesh to streamline underlying infrastructure and reduce operational costs. It also features a ‘hybrid mode’ that enables users to create declarative configurations to deploy cloud native Kong Gateway data planes across multiple clouds and data centers, and manage them through a central control plane. Kong Enterprise 2.1 can be combined with the latest Kong Studio plugins included in Insomnia to further automate the API lifecycle. Additional details on the new release are available here . Eggplant Digital Automation Platform updates The updates extend the accessibility of Eggplant’s digital automation intelligence platform to low or no-code users.  The DAI Platform automates every aspect of the testing lifecycle through AI, machine learning, deep learning, and analytics, according to the company.  “Eggplant enables both technical and bu

OverOps is launching a new integration with GitLab and GitHub that provides support for git blame, which ties developers to their errors. According to OverOps, this will help reduce resolution time of errors. The integration allows teams to see who was the last author who changed code in the call stack of each error, link errors to commits, assign issues to the correct developers, and capture rich error snapshots with the source code and variable state for every error.  OverOps explained that the previous way of viewing source code in OverOps was to either decompile the code or manually point OverOps to the location of source files. This new capability allows it to automatically pull source code from code repositories, including comments and corresponding line numbers in each error analysis.  “Integrating git blame data into the OverOps code view and error analysis is just the beginning. Now that git blame data is accessible within OverOps, we’re already thinking about all the new a

The prebuilt development environment provider Gitpod has announced it is now open source, enabling teams to automatically spin up ready-to-code environments for GitLab, GitHub and Bitbucket projects. Gitpod is a VS Code powered, Kubernetes application that works right in the browser.  With Gitpod, developers can maintain their environments as code and turn manual tasks into machine-executable code. “These days, developers are dealing with complex polyglot projects composed of many microservices. With such cloud-native architectures, setting up and managing dev environments becomes extremely challenging,” said Sven Efftinge, co-founder and CEO of Gitpod. “Gitpod allows developers to start coding instantly with a single click from any branch, issue, and from any merge and pull request respectively. Think CI/CD applied to 
dev environments.” According to the company, the open-source solution is very similar to CI systems. It watches changes happening in the repository and prepares th

Microsoft has released new data to show how the pandemic is accelerating the digital transformation of cybersecurity. According to the data, 58% of respondents report that they have increased their security budgets due to COVID-19, 82% plan on adding more security staff, and 81% feel pressure to lower security costs.  “The role of security in remote work is having a direct impact on security budgets and staffing in 2020 as businesses scale existing solutions, enabling critical new capabilities like MFA, and implement a Zero Trust strategy,” Andrew Conway, general manager of security at Microsoft, wrote in a post .  Additionally, the data found COVID-19 has lead to two years-worth of digital transformations. RELATED CONTENT: Hiring in a remote-first world New challenges and greater demands for cybersecurity “Microsoft Threat Intelligence teams reported a spike in COVID-19 attacks in early March as cybercriminals applied pandemic themed lures to known scams and malware,” Conway exp

For a long time, exchanging information between two people in different locations has always been central to support relationships in social and business environments. Exchange of information between parties is itself a business on its kind, and the faster the speed to relay information, the higher the efficiency of that communication method. Methods of communication have grown rapidly supported by the extensive development of technology and the spread of the internet. The most significant feature of the chat application is their ability to relay information immediately the information is sent. The data to be transmitted can be as complex as a video or an image or a simple as a 2 letter word. Modern versions of many chat applications can support voice and video calls, text messages, emotion icons, among other types of messages. This is an article giving a brief explanation of how real time chat API work to relay information between users. We begin by understanding the major compon

Redis Labs announced a $100 million Series F round of funding, bringing the cmopany’s value to more than $1 billion. According to the company, it will use the funding to further its real-time data platform that allows companies to manage, process, analyze, and make predictions that will improve how customer experiences and drive business forward. “This investment will enable us to meet the surge in demand from companies representing every market and geography, to scale their Redis deployments and to help them win in the data-driven economy,” said Ofer Bengal, the co-founder and CEO at Redis Labs. “The unprecedented conditions brought on by COVID-19 have accelerated business investments in building applications that require real-time, intelligent data processing in the cloud.”  Additional details are available here . Confluent 6.0 and Project Metamorphosis Global Confluent Platform 6.0 delivers the first half of Project Metamorphosis themes in one self-managed platform, according t

I am frequently asked this question: “On what devices and browsers should I be testing my mobile and web applications?” It’s a very valid question, because the volume of permutations is vast, and it gets bigger and more fragmented all the time. In 2020 alone we are seeing several major OS platforms debut. These introduce both new features and new challenges. That’s why we developed the Mobile and Web Test Coverage Index, a free report to help organizations get deeper insight into their target markets and then create test coverage strategies based on known priorities. The results are based on our own testing on over 10,000 different devices and available market data across North America and the main markets in Europe, India, and Australia. It is also important to understand the term “test coverage” and put it in the right context. Test coverage is a combination of covering both the right platforms that the end users would care mostly about together with high-value test scenarios that

Istio 1.7’s new features were built to make Istio easier to operate and to expand its capabilities for hybrid cloud environments.  This includes multiple control plane upgrades such as the canary upgrade that enables users to verify a new control plane using continuous integration and Istio’s telemetry features. Once a portion of the workloads are verified, more workloads can be transferred until all are running using the new Istio control plane.  The release also pushes virtual machine integration to beta quality. The new WorkloadEntry API in Istio 1.7 treats VMs like Kubernetes pods, so users can manage their infrastructure with APIs. New security enhancements include token bootstrapping and certificate rotation. RELATED CONTENT: 5 reasons to be excited about Istio’s future Meanwhile, IBM said that Central Istiod reached alpha quality in Istio 1.7, allowing users to decouple the Istio control plane from the data plane for improved operational support. In addition, Central Istiod

Over the last two decades, the swing of the pendulum from monolithic global tooling to highly specific tooling unique to each group and their needs has led to the birth of the tooling suite; the daisy chain of tools never intended to be linked together. One of the main challenges that has emerged is a plethora of disparate, often highly manual approaches to getting enough data to drive any kind of informed and cohesive decision making across value streams and portfolios. The swing took us to today’s reality where large global organizations, traditionally manufacturing titans or insurance household names, are now software businesses at their core. According to Greg Gould, head of product for Rally at Broadcom, “These transformations were inevitable for companies to stay relevant in the landscapes of digital shifts and disruptions that upended entire industries. Companies have the increasing need to stay relevant and visible to end customers that have a wealth of options and informatio

Checkmarx has announced it will integrate its application security  testing solutions directly into the GitLab pipeline.  Developers will now have access to automatic SAST and SCA security scans in the event of pull or merge requests, eliminating time-consuming manual scans and allowing developers to find and fix vulnerabilities earlier in the SDLC and make security assessments all while staying within the GitLab environment, according to the companies.  With the integrations of Checkmarx CxSAST and CxSCA, GitLab users can secure both proprietary and open source code in one solution, with just-in-time developer AppSec training layered in via CxCodebashing. Google DevTools update DevTools now displays media player information in the Media panel, providing an easier way to view events, logs, properties, and a timeline of frame decodes in the same browser tab as the video player itself.  Users can also now capture node screenshots via the context menu in the Elements panel. In addit