Best Programming Master

GitHub is making it even easier for developers to leverage Copilot in a professional capacity with the general availability of GitHub Copilot Enterprise, starting at $39 per user per month. GitHub Copilot Enterprise is a version of GitHub Copilot that integrates into an organization’s knowledge bases so that it can provide more relevant and specific responses, enabling greater developer productivity.  This new offering has features that streamline code navigation and completion, which helps developers gain a deeper understanding of their codebase. “It empowers junior developers to contribute quicker, assists senior developers in handling live incidents, and aids in modernizing aging codebases by offering clear code summaries, relevant suggestions, and quick answers to queries about code behavior,” Thomas Dohmke, CEO of GitHub, wrote in a blog post .  Chat functionality integrates directly into GitHub.com, which allows developers to ask questions and receive answers that include l

A majority of codebases contain outdated components, or “zombie code,” which can result in unpatched vulnerabilities lingering long after they should have been fixed. According to Synopsys’ Open Source Security and Risk Analysis report, which was released today, 91% of codebases contain components that are at least 10 versions out-of-date. Furthermore, 49% of codebases contain components that haven’t had any development activity in the last two years.  The mean age of open source vulnerabilities in the codebases surveyed was 2.5 years old, though almost a quarter of the codebases had a vulnerability over 10 years old.  The overall security has also worsened year-over-year. In Synopsys’ 2022 report, 48% of codebases had high-risk vulnerabilities, and in 2023 the number jumped to 74%. Synopsys attributes this increase to factors such as layoffs affecting tech workers, which has resulted in there being fewer developers available to fix these issues.  “This year’s OSSRA report indic

The White House Office of the National Cyber Director (ONCD) is calling on technology leaders to work together to reduce the software attack surface by adopting memory safe programming languages. Memory safety bugs are one of the most prevalent security issues over the last few decades, according to a report published by the office. These bugs affect how memory can be accessed, written, allocated, or deallocated. Popular examples of memory safety bugs include Morris Worm, Slammer Worm, Heartbleed, and BLASTPASS.  According to the ONCD, the best way to combat memory safety vulnerabilities is to secure the programming languages that are being used. Memory safe programming languages — such as Rust, Go, C#, Java, Swift, Python, and JavaScript — can eliminate most of these vulnerabilities.  RELATED CONTENT: What the National Cybersecurity Strategy means for software providers “Since many cybersecurity issues start with a line of code, one of the most effective ways to address thos

Unqork unveiled its Winter 2024 Platform Release, which emphasizes modular development capabilities, allowing users to design components and applications that can be widely applied across numerous scenarios.  This approach promotes standardization and aims to lower development costs, aligning with Unqork’s strategy to streamline and expedite the digital solution development process, according to Unqork. Among the advancements is a pre-built case management solution, specifically designed to help customers speed up their product’s time-to-market.  “We are excited to kick off the year with such a powerful release demonstrating our ongoing commitment to an open, extensible, and easy-to-use solution,” said Thierry Bonfante, chief product officer at Unqork. “Everything we do at Unqork is meant to help customers achieve value faster while lowering their overall total costs. Our new Composite Applications are a perfect example of this and were built in close collaboration with our top custo

Continuous deployment automation platform provider Octopus Deploy announced today that it is acquiring Codefresh, which produces a modern CI/CD platform with GitOps and is a maintainer of the Argo open-source delivery project. Terms of the deal were not disclosed. The acquisition in part is to strengthen Octopus’ support for Kubernetes, according to the company’s announcement.  “Octopus is thrilled to welcome Codefresh into the team,” said Paul Stovell, founder and CEO of Octopus Deploy, said in a statement. “We’re adding Codefresh’s considerable technology to empower software teams to deploy freely. It represents a big investment in open source and the Argo project that Codefresh maintains and scales with its enterprise offering.” The integration of Codefresh into the Octopus platform will provide what the company called in its announcement “unparalleled benefits for software teams, including advanced CD, deployment automation, release orchestration, environment progression, obser

Mistral AI announced the launch of Mistral Large , its newest flagship AI model available through its own la Plateforme or through Azure AI, which is the first external partner to host Mistral’s models.  The model’s reasoning capabilities can be used for complex multilingual reasoning tasks, including text understanding, transformation, and code generation. Mistral Large introduces a range of advanced features and improvements. It is natively proficient in multiple languages, including English, French, Spanish, German, and Italian. This multilingual capability is not just about understanding words; Mistral Large has a deep grasp of grammar and cultural nuances, allowing for more accurate and context-aware translations and interactions. Such linguistic versatility ensures that it can serve a broad audience, offering services and responses that respect the linguistic and cultural contexts of its users, according to Mistral. Another significant enhancement is Mistral Large’s extended

I’ve been working in and managing Agile engineering teams for over a decade, and whilst I won’t profess to know everything you should be doing, I can share some insight on things you definitely should not be doing. All learned from screwups, I might add. You’ll find excuses, like “Oh, I’ll get back to it later,” or “Come on, it’s half a point; everyone knows what to do”. Don’t do it. Realize as you spout these self-platitudes that you are being an arse – not to me, but to future-you and future-you’s team. That’s not cool. Write out the story. It’ll take you two minutes, but it’ll force you to think about what you actually want to get out of this effort and why. That’s rather important in most endeavors. You only talk at stand-up I once worked at a job like this and quit after about three months because it was utterly soul-destroying. Most humans want to work in a team, so find a way to work as one. Giving a two-minute, fact-based update in a 15-minute meeting once a day doesn’t c

In the fast-paced and ever-changing world of technology, the term “Platform Engineering” is often subject to a narrow interpretation, confined to the spheres of infrastructure and systems management. Because of this, it could be perceived as an exclusively technical domain, dominated by servers, clusters, and networks. This limited view, however, does not give proper justice to the inherent richness and complexity of this field, a universe in which technology, innovation, and human engineering converge. Platform engineering extends far beyond the foundations of infrastructure, embracing a broad spectrum of technologies, practices, and philosophies that define the modern landscape of software development and systems architecture. Cloud infrastructure management, in particular, is only one piece of the puzzle. In this article, we will briefly explain the relationship between infrastructure and platform engineering, and then focus on the other fundamental pillars that are not always imm

The landscape of IoT devices is transforming, marked by a fundamental evolution toward software-driven innovation. In this era, the paradigm of Software-Defined IoT devices is redefining traditional notions, where software supremacy over mechanical hardware unleashes a wave of dynamic, upgradable smart devices embedding distributed intelligence. Visionary OEMs are at the forefront of this transformation, harnessing the power of software to revolutionize their offerings, paving the way for diverse advancements and a spectrum of opportunities. Emergence of Tailored, Dynamic Products The foremost advantage of a software-defined approach in embedded devices lies in adopting an agile process, where a product can iterate and evolve quickly, and its features can augment seamlessly post-production. For instance, it allows crafting tailored products that resonate deeply with niche markets, showcasing an era of hyper segmentation at a fast pace. Zebra Technologies serves as an example, perso

Quivr utilizes the power of generative AI to function as a personal assistant. The developers behind the project compared it to the note-taking app Obsidian, but turbocharged with AI capabilities. Quivr is designed to prioritize speed and efficiency, ensuring users can quickly and easily access their data. It is built to be secure, giving users complete control over their data, and is compatible with Ubuntu 22 or newer.  The platform supports a wide range of file types including text, markdown, PDF, PowerPoint, Excel, CSV, Word, as well as audio and video files, catering to diverse user needs. The open-source software promotes freedom and flexibility for its users, allowing for customization and free use.  Quivr offers both public and private sharing options, enabling users to share their “brains” (or data collections) through public links or keep them private for personal use. This flexibility enhances collaboration and personal data management. The platform also operates in off

Stability AI, the company behind the text-to-image AI model Stable Diffusion, has just released an early preview of Stable Diffusion 3.  “With Stable Diffusion 3, we strive to offer adaptable solutions that enable individuals, developers, and enterprises to unleash their creativity, aligning with our mission to activate humanity’s potential,” Stability AI wrote in a blog post .  According to the company, Stable Diffusion 3 improves performance for multi-subject prompts, image quality, and spelling abilities.  For example, the photo shown here was generated by Stable Diffusion 3, using the prompt: “Epic anime artwork of a wizard atop a mountain at night casting a cosmic spell into the dark sky that says ‘Stable Diffusion 3’ made out of colorful energy.” The blog post also showcased images created by Stable Diffusion that have text written on objects, such as street signs, a bus destination sign, and a chalkboard. The Stable Diffusion 3 models will range from 800 million to 8 billio

Google is building on the success of its Gemini launch with the release of a new family of lightweight AI models called Gemma . The Gemma models are open and are designed to be used by researchers and developers to innovate safely with AI.  “We believe the responsible release of LLMs is critical for improving the safety of frontier models, for ensuring equitable access to this breakthrough technology, for enabling rigorous evaluation and analysis of current techniques, and for enabling the development of the next wave of innovations,” the researchers behind Gemma wrote in a technical report .   Along with Gemma, Google is also releasing a new Responsible Generative AI Toolkit that includes capabilities for safety classification and debugging, as well as Google’s best practices for developing large language models. Gemma comes in two model sizes: 2B and 7B. They share many of the same technical and infrastructure components as Gemini, which Google says enables Gemma models to “

In late 2022, ChatGPT had its “iPhone moment” and quickly became the poster child of the Gen AI movement after going viral within days of its release. For LLMs’ next wave, many technologists are eyeing the next big opportunity: going small and hyper-local.  The core factors driving this next big shift are familiar ones: a better customer experience tied to our expectation of immediate gratification, and more privacy and security baked into user queries within smaller, local networks such as the devices we hold in our hands or within our cars and homes without needing to make the roundtrip to data server farms in the cloud and back, with inevitable lag times increasing over time.  While there’s some doubts on how quickly local LLMs could catch up with GPT-4’s capabilities such as its 1.8 trillion parameters across 120 layers that run on a cluster of 128 GPUs, some of the world’s best known tech innovators are working on bringing AI “to the edge” so new services like faster, intelli

OpenAI announced its text-to-video model, Sora, that can create realistic and imaginative scenes from text instructions. Initially, Sora will be available to red teamers for the purposes of evaluating potential harms or risks in critical areas, which will not only enhance the model’s security and safety features but also allows OpenAI to incorporate the perspectives and expertise of cybersecurity professionals.  Access will also be extended to visual artists, designers, and filmmakers. This diverse group of creative professionals is being invited to test and provide feedback on Sora, to refine the model to better serve the creative industry. Their insights are expected to guide the development of features and tools that will benefit artists and designers in their work, according to OpenAI in a blog post that contains additional information.  Sora is a sophisticated AI model capable of creating intricate visual scenes that feature numerous characters, distinct types of motion, and

Predibase has just announced a new collection of fine-tuned LLMs in a suite called LoRA Land . LoRA Land contains just over 25 LLMs that have been optimized for specific purposes and that perform as well as or better than GPT-4.  Examples of the available models include code generation, customer support automation, SQL generation, and more.  According to the company, many organizations are beginning to realize the benefit of having smaller models that work really well for one specific purpose. Its own research shows that 65% of organizations are planning on deploying two or more fine-tuned LLMs over the next 12 months. Predibase believes the release of LoRA Land will help companies implement these models without having to pay to build them from scratch, which is often not feasible in many company’s budgets.  There is also cost-savings in actually running fine-tuned LLMs because typically they would require a dedicated GPU for each model, whereas multiple LoRA Land models can be ru

The Android development team has just announced the first developer preview of Android 15.  “Android 15 continues our work to build a platform that helps improve your productivity while giving you new capabilities to produce superior media experiences, minimize battery impact, maximize smooth app performance, and protect user privacy and security all on the most diverse lineup of devices out there,” Dave Burke, VP of engineering for Android, wrote in a blog post . Android 15 will include the latest version of Privacy Sandbox, which is Google’s effort to develop new technologies that preserve user privacy while still allowing personalized experiences and ads.  Also, the fitness and health tracking service Health Connect by Android is being updated with new data types.  The FileIntegrityManager will be getting new APIs that utilize Linux’ fs-verity feature, which allows files to be protected with cryptographic signatures. In the context of Android, this allows them to protect user

OpenAI and Microsoft have published findings on the emerging threats in the rapidly evolving domain of AI showing that threat actors are incorporating AI technologies into their arsenal, treating AI as a tool to enhance their productivity in conducting offensive operations.  They have also announced principles shaping Microsoft’s policy and actions mitigating the risks associated with the use of our AI tools and APIs by nation-state advanced persistent threats (APTs), advanced persistent manipulators (APMs), and cybercriminal syndicates they track. Despite the adoption of AI by threat actors, the research has not yet pinpointed any particularly innovative or unique AI-enabled tactics that could be attributed to the misuse of AI technologies by these adversaries. This indicates that while the use of AI by threat actors is evolving, it has not led to the emergence of unprecedented methods of attack or abuse, according to Microsoft in a blog post .  However, both OpenAI and its partne

Developers are constantly balancing demands to provide quality features of the highest standard at a fast pace. Every aspect of business now relies on software, which means developers are constantly working to write and produce the best software they can. Continuous Integration (CI) and Continuous Delivery (CD) help facilitate the creation of that software, but without the right quality assurance steps in place, they can inadvertently let potentially major code issues fall through the cracks.  Maintaining a balance between building high-quality software and doing it quickly can be challenging. Shift-left often appears as a common solution, but to be truly lean and agile we must shift-left on quality that takes into consideration both unit testing and static code analysis. This way, developers can ensure they produce good, clean code that results in top-quality software. By catching small bugs or quality issues early on in the process, developers can mitigate the possibility of writi

SAN FRANCISCO — February 15, 2024 —  ngrok , the secure unified ingress platform for developers, today unveiled early access to its API gateway-as-a-service that marks a major advancement in how APIs are delivered. This next-generation API gateway solution offers enhanced capabilities such as JWT authentication and authorization to strengthen API security, global rate limiting to ensure fairness among all clients and a flexible traffic policy engine that allows fine-grained traffic routing, all powered by a global network for production API traffic. Developers have already been harnessing the power of ngrok’s unified ingress platform to serve APIs with just one command or one function call. With this new capability, ngrok transforms API delivery by putting developers in control. “ngrok’s API gateway-as-a-service represents a major milestone that effectively bridges the gap between deployable and cloud-based solutions,” said Alan Shreve, founder and CEO of ngrok. “ngrok offers the be

Microsoft released .NET 8 a couple of months ago, and even though .NET 9 isn’t expected to be available until the end of this year, the company is sharing some insight into what it has planned for this upcoming release. In addition to releasing the roadmap, the company also announced that the first preview of .NET 9 and third preview of .NET Aspire are now available.  According to Microsoft, the main focus areas for improvements will be cloud-native and AI app development.  “We’ve spent the last several years building out strong cloud native fundamentals, like runtime performance and application monitoring. We will continue that effort. We’re also turning our focus to delivering paved paths to popular production infrastructure and services, for example running in Kubernetes and using managed database and caching services like Redis,” the .NET team at Microsoft wrote in a blog post .  For improved cloud-native performance, the company has been working on Native AOT, which are

Atlas Stream Processing, a solution that aggregates and enriches streams of high velocity, rapidly changing event data, and unifies working with data, is now in public preview. In the transition from private to public preview, Atlas Stream Processing has focused on enhancing the developer experience to position itself as a go-to solution for development teams. A significant part of this enhancement includes the integration of Atlas Stream Processing with Visual Studio Code. The MongoDB VS Code plugin now supports connections to Stream Processing instances, enabling developers to create and manage processors within a familiar environment. This integration aims to streamline the development process by reducing the need to switch between different tools, thereby allowing developers to devote more time to building applications. Another notable improvement in the public preview of Atlas Stream Processing is the advancement of its dead letter queue (DLQ) capabilities. DLQ enables effective

Continuing on its plan of phasing out third-party cookies from Chrome this year, Google has announced that in a couple of months it will be using the Federated Credential Management (FedCM) API as a cookie-free alternative to signing in using Google Identity Services (GIS). GIS allows users to sign into apps or websites using their Google accounts, rather than having to create a new username and password for that site.  GIS currently uses third-party cookies to sign users into websites using their Google Account.  FedCM allows users to still use their Google account to login, while doing so in a privacy preserving manner.  According to the FedCM API documentation , it works by using a user agent as a mediator between the website that needs to be signed into (RP) and the website that provides the user’s information for sign-in (IDP). The user will need to grant permission before the RPs and IDPs are given the ability to know about their connection to that user. The way the user age

Perforce today announced it has entered into an agreement to acquire test data management platform provider Delphix, adding those capabilities to its wide range of software development and DevOps solutions. Terms of the deal were not disclosed. Along with test data management that helps organizations harness, mine and analyze data, Delphix brings to Perforce data virtualization and masking that enables users to more easily create and take down cloud-based data environments, according to Perforce’s announcement. “The addition of Delphix to our portfolio adds critical data management capabilities that help enterprise organizations realize an automated and accelerated DevOps pipeline,” said Jim Cassens, CEO of Perforce, in a statement announcing the acquisition. “In addition to data automation and compliance, we are also excited to provide our customers with the operational efficiencies and reduced costs afforded by the Delphix platform through lower storage expenditures and footprint.