ProgrammingPro #23: Code security, Sharpen your JS and C#, and SRE for CI/CD
Bite-sized actionable content, practical tutorials, and resources for programmers.
“We shall do a much better programming job, provided that we approach the task with a full appreciation of its tremendous difficulty, provided that we stick to modest and elegant programming languages, provided that we respect the intrinsic limitations of the human mind and approach the task as Very Humble Programmers.”
― Edsger Dijkstra, 1972ACM Turing Award Lecture: The Humble Programmer
Welcome to this week’s issue of our programmer focused newsletter.
In this issue we start by looking at two developments in the software security landscape that are going to affect you including the new legislation that may hold software developers liable for security issues and CERN’s two new tools that will help keep some dreaded salmonella off your code. We are also reflecting on how the development of AI has made your skills as a human programmer more relevant than before.
Our tutorials and secret knowledge sections this time around cover a really great bunch of stuff, but here are my top 5 picks:
But there is a lot more, including the really great developer roadmap website and a useful excerpt about class templates from the Packt community, so dive right in!
What do you think of this issue? Which tutorial did you like best? Want us to find a tutorial for you the next time? Do let us know by taking our survey and as a bonus you can download a free PDF of The Art of Writing Efficient Programs eBook upon completion.
Stay awesome!
Divya Anne Selvaraj
Editor-in-Chief
⚡ TechWave: News and Analysis
Computer Security: Avoiding salmonella in your code: CERN's IT department has introduced two tools, GitLab's Static Application Security Testing (SAST) and Secret Detection, to keep your code free from digital "salmonella" (vulnerabilities and weaknesses). SAST scans your codebase early in the development process, identifying vulnerabilities without interrupting your workflow. Secret Detection helps find and secure hardcoded secrets like passwords and tokens in your code.
Insecure Code: Software Makers May Be Held Liable with New Legislation: Software companies may now be held liable for data losses and harm caused by vulnerabilities in their products. The emerging legislation also indicates that programmers need to be aware of the ethical and commercial implications of AI-generated code, which may introduce unintentional security vulnerabilities. Prioritizing Clean Code principles, such as consistency, clarity, adaptability, and responsibility, can help create more secure and maintainable software, reducing vulnerability risks and financial impacts. Read to learn more about how this legislation impacts programmers.
Can Programming Languages Boost Each Other via Instruction Tuning?: An ongoing study is exploring the potential synergy between programming languages in the fine-tuning phase of code large language models. The research involves extensive experiments with eight popular programming languages (Python, JavaScript, TypeScript, C, C++, Java, Go, HTML) using StarCoder. The results so far demonstrate that programming languages can indeed have a significant positive impact on each other. For instance, training CodeM-Python 15B on Python can enhance Java by a substantial 17.95% pass rate at the top result in HumanEval-X. A link to the training data and the technical report is available here.
The AI Revolution in Coding: The divide between Winners, and Losers: Generative AI holds great potential to simplify coding but also comes with significant challenges, particularly in ensuring code accuracy and reliability. By delving into real-world examples and scenarios, this article offers a nuanced perspective that goes beyond a surface-level analysis. Read to understand why your skills as a programmer matter even more now.
Rider: The New Choice After Visual Studio for Mac: Microsoft's decision to discontinue Visual Studio for Mac has led many developers to express overwhelming support for JetBrains Rider IDE as an alternative. Rider, a cross-platform .NET IDE based on JetBrains' IntelliJ platform and ReSharper, gained popularity among developers due to its similarity to Visual Studio and cross-platform compatibility. While some developers cited concerns about Rider's lack of a free version, others pointed out that JetBrains offers free educational licensing and allows free use for open-source projects. Here’s what developers from around the web are saying.
Codezero launches public beta of collaborative coding platform: This platform empowers developers to swiftly set up a Kubernetes cluster, collaboratively debug and test it, and fosters enhanced visibility and interaction among development teams. According to Reed Clayton, Codezero's co-founder and CEO, the platform aims to return large teams to a nimble startup-like mode of writing, testing, and deploying together, which has been elusive until now.
The post-modern data stack: Why all roads lead to automation: Is the modern data stack turning into a complexity trap? Initially hailed for its efficiency, the stack is now burdened with technical debt and requires substantial maintenance. Data engineers are confronted with a multitude of tools and a cumbersome infrastructure, leading to disillusionment. However, there is hope in the form of a post-modern data stack. This evolution is now imperative for data stacks, with a focus on a unified architecture and intelligent automation
✨ Tutorials and Guides
Go for C++ developers: A beginner's guide: Use this guide to discover the key differences between Go and C++, from semicolon usage to concurrent programming with goroutines. Get insights into making a smooth transition and leveraging Go's unique features.
Awaiting a Tuple of Tasks in C#: Learn how to simplify and improve code maintainability when awaiting multiple asynchronous tasks by awaiting a tuple of tasks in a single line.
Closures in C# demystified: This tutorial provides practical examples using local function syntax, anonymous function syntax, and lambda expression syntax to demonstrate closures. It also explores scenarios where multiple instances of a closure share the same captured variable and highlights potential multithreading issues when closures are used concurrently. Read to understand when to use closures versus classes for encapsulation.
How do different types of loops work in C# programming?: Loops in C# are crucial for executing actions repeatedly based on specific conditions. Here is a quick reference guide that takes you through the four main types of loops in C# including 'for,' 'foreach,' 'while,' and 'do...while,' and their usage.
Generate Beautiful QR Codes With Python: This tutorial using the Segno library covers various aspects of QR code customization, from basic black-and-white codes to colorful and artistic ones. You'll discover how to adjust the size, margins, and borders of QR codes, change their colors, and even create animated QR codes.
Internals of async /await in JavaScript: This analysis delves into the mechanics of async/await without using those keywords. It reveals that async/await isn't just syntactic sugar for Promises but involves a clever use of Generator functions. Read to gain insights into transpiler processes like Babel's conversion of async/await.
How to consume a paginated API using JavaScript async generators: This article delves into a real-world scenario involving a cleanup script for a complex to-do list manager. Read to learn how to handle promises, filter data, and improve code maintainability using async generators.
How to Create aDual-Mode Cross-Runtime JavaScript Package: This comprehensive guide explains the concepts of dual-mode packages that support both ES Modules (ESM) and CommonJS (CJS), and cross-runtime packages compatible with Deno, web browsers, and Node.js. Choose your approach and follow detailed steps to create versatile JavaScript packages.
Develop Accessible Web Apps with React: This free to access video course offers a concrete process for testing, refactoring, and building accessible React applications. You'll gain insights into the impact of inaccessible webapps on different disability groups, discover tools for inspecting and testing accessibility, and learn to write accessible and extensible UI elements and widgets. Dive in to ensure your web apps are usable by everyone.
Compare Task Processing Approaches in Scala: This tutorial addresses the challenge of optimizing task processing, considering scenarios with slow producers, balanced production and consumption rates, and slow consumers. While it caters to a more specialized audience of Scala developers, it provides valuable insights into enhancing task processing efficiency in functional programming contexts.
Migrate Next.js Application to App Router: As App Router features and APIs continue to evolve, you can keep coming back to this course as it is being regularly updated. Use the course to learn how to migrate API routes, pages, and nested layouts seamlessly, leverage routing for improved nested layout experiences, and transform getServerSideProps into a React Server Component. While server components are gaining attention, this course interestingly emphasizes that there's nothing wrong with the pages router.
🧠 Expert insights from the Packt Community
An excerpt from Chapter 3 of Expert C++, Second Edition by Marcelo Guerra Hahn, Araks Tigranyan , John Asatryan, Vardan Grigoryan, and Shunguang Wu
Class templates
A class template defines a family of classes, and it is often used to implement a container. For example, the C++ Standard Library contains many class templates, such as std::vector, std::map, std::deque, and so on. In OpenCV, cv::Mat is a very powerful class template, and it can handle1D, 2D, and 3D matrices or images with built-in data types such as int8_t, uint8_t, int16_t, uint16_t, int32_t, uint32_t, float, double, and so on. Similar to function templates, as shown in Figure 3.2, the concept of class templates contains a template creation syntax, its specialization, and its implicit and explicit instantiations:
Figure 3.2 – Class template and its instantiation
In part I of the preceding diagram, with a certain syntax format, we can create a class template for generic types, also known as a primary template, and it can be customized for special types with different member functions and/or variables. Once we have a class template, in part II, the compiler will instantiate it to template classes either explicitly or implicitly based on the application’s demand.
Syntax
The syntax for creating a class template is as follows:
[export]template < template_parameter_list> class-declaration
Here, we have the following:
template_parameter-list… is a non-empty comma-separated list of the template parameters, each of which is either a non-type parameter, a type parameter, a template parameter, or a parameter pack of any of those.
class-declaration is the part that’s used to declare a class that contains a class name and its body in curly brackets. By doing so, the declared class name also becomes a template name.
For example, we can define a class template, V, so that it contains all kinds of 1D vector data types, as in https://github.com/PacktPublishing/Expert-C-2nd-edition/tree/main/Chapter03/6_class_v.h.
Once we have this class template, the compiler can generate classes during the instantiation process. For the reason we mentioned in the Function templates section, we will avoid using the imprecise term template class in this book. Instead, we will use class template.
Expert C++, Second Edition by MarceloGuerra Hahn, Araks Tigranyan , John Asatryan, Vardan Grigoryan, and Shunguang Wu was released in July 2023. To get a more comprehensive preview of the book's contents, read the first chapter available for free here or signup for a 7-day free trial to access the complete Packt digital library. To explore more, click on the button below.
📚 Secret Knowledge: Learning Resources
Developer Roadmaps: This resource-packed collection offers interactive roadmaps and guides for over 20 programming languages, including Python, C++, Java, and Go. It also provides best practices for code review, frontend performance, API security, and AWS. Plus, you can tailor your learning journey based on your role.
Applying SRE Principles to CI/CD: CI/CD promises smooth code delivery but often falls short due to flaky tests and slow builds, wasting valuable time. Site Reliability Engineering (SRE) principles offer a solution. SREs prioritize reliability with concepts like Service Level Objectives (SLOs), Service Level Indicators (SLIs), and Error Budgets. By aligning expectations and using these principles, CI/CD workflows can become more dependable, enabling teams to confidently deploy on a Friday afternoon.
How to Optimize SQL Query with Multiple Joins: Just like making a smoothie, optimizing SQL queries involves understanding your data, using explicit JOINs for clarity, and analyzing execution plans with tools like EXPLAIN. This article suggests using EXISTS instead of IN for efficiency, avoiding SELECT * to reduce database load, minimizing unnecessary join operations, and more.
Clocks &Countdowns: Timing in CSS and JavaScript: Discover the pros and cons of requestAnimationFrame, setInterval, and setTimeout in JavaScript, and how to create an efficient CSS clock with animations. Learn the clever trick to sync your CSS clock with real-time and leverage GPU rendering. Plus, uncover tips for handling tab visibility changes and even a bonus analog clock project.
Conditional foreign keys and polymorphism in SQL: 4 methods: This article addresses the complex issue of "conditional foreign keys" in SQL databases, often encountered in data models influenced by object-oriented programming. It explores four methods to handle this challenge. The article also briefly mentions a technique involving reverse foreign keys.
Walk-Through: Prefix Ranges in Rust, a Surprisingly Deep Dive: This article delves into the complexities of working with Rust's BTreeMap and BTreeSet, and the ergonomic entry API. However, the author encounters a specific challenge when trying to retrieve all keys that start with a particular prefix. This cannot be achieved using the range operation and the article discusses the implementation of an upper_bound_from_prefix function to handle this.
C and C++Prioritize Performance over Correctness: This article highlights the languages' willingness to sacrifice correctness for even minor performance gains and raises questions about whether this approach is always justified. This is a thought-provoking reminder for programmers to carefully consider the trade-off between performance optimization and code reliability in their projects, ultimately prompting more considered choices aligned with specific development goals and priorities.
🔍 HackerHub: Tools & Launches
NativeScript: enables direct access to native APIs from JavaScript, offering iOS and Android runtimes for versatile mobile development.
croner: a JavaScript and TypeScript library that allows you to trigger functions using Cron syntax, offering features like evaluating cron expressions, working in various environments, and more, with no external dependencies.
Calendar.js: a feature-rich JavaScript calendar library that boasts zero dependencies, supports event management with custom colors, drag-and-drop functionality, various views, and more.
java-design-patterns: a Java repository that implements design patterns, providing programmers with formalized practices to solve common problems, speed up development, prevent issues, and enhance code readability.
radzen-blazor: a collection of 70+ free and open-source native Blazor UI controls that are fully integrated with the Blazor framework.
JUCE: an open-source cross-platform C++ framework for creating desktop and mobile applications, including audio plug-ins, with support for CMake integration and the Projucer project generation tool.
📢 If your company is interested in reaching an audience of developers, software engineers, and tech decision makers, you may want to advertise with us.
If you have any comments or feedback, take the survey.