ProgrammingPro #24: CISA’s OSS Security Roadmap, Refactoring Hell, and Patterns
Bite-sized actionable content, practical tutorials, and resources for programmers.
“The original question, "Can machines think?" I believe to be too meaningless to deserve discussion. Nevertheless I believe that at the end of the century the use of words and general educated opinion will have altered so much that one will be able to speak of machines thinking without expecting to be contradicted.”
Turing was so right! Welcome to this week’s issue of our programmer focused newsletter.
Today let us reflect on code refactoring. Why fix something that already works? Is the speed-quality trade-off a myth? You can find some research-based answers to these questions in today’s issue. Also, CISA’s roadmap for securing open-source software paves the way forward from last week’s focus on legislation that put the burden of software security on its creators.
Our learning guides and resources this time around again cover a great deal of stuff, but here are my top 5 picks:
We also have an exclusive excerpt for you on Object-relational impedance mismatch in Java from the Packt community. So scroll down and dive right in!
What do you think of this issue? Where do you stand on the speed vs. Quality debate? Which tutorial did you like best? Want us to find a tutorial for you the next time? Do let us know by taking our survey and as a bonus you can download a free PDF of the Build Your Own Programming Language eBook upon completion.
Stay awesome!
Divya Anne Selvaraj
Editor-in-Chief
⚡ TechWave: News, Opinions and Analysis
Creating software that is private by design is an urgent priority: Amidst stringent data privacy regulations like GDPR and CCPA, prioritizing "privacy by design" is essential. This proactive approach, which embeds privacy protections from the start, can help companies avoid costly retroactive fixes and potential fines. By embracing these principles, tech vendors can provide clear data practices and expedite application rollouts, as exemplified by Netflix's GDPR alignment, which saved costs and enhanced market competitiveness. Embracing these strategies is crucial for compliance and cost-effectiveness in a changing regulatory landscape.
CISA releases roadmap for securing open-source software: CISA, the U.S. federal Cybersecurity & Infrastructure Security Agency, has unveiled a roadmap for securing open-source software (OSS). This initiative builds on the Biden administration's focus on cybersecurity and aims to address two key types of open-source vulnerabilities: the widespread impact of vulnerabilities in widely-used OSS and supply chain attacks on OSS repositories. The roadmap outlines four priorities, including CISA's role in supporting OSS security, enhancing visibility into usage and risks, reducing federal government risks, and fortifying the open-source ecosystem. While some experts praise the roadmap for its problem segmentation and prioritization, others call for government funding for open-source projects, an aspect not covered in the roadmap.
The Code Quality Advantage: How Empirical Data Shatters The Speed Vs. Quality Myth: Code quality often takes a backseat in business decisions, resulting in widespread technical debt. This article challenges the notion that speed and quality are at odds by presenting quantitative data from a 2022 research paper. The study demonstrates that high-quality code not only speeds up development but also reduces defects. In fact, research shows that solving tasks in high-quality code is over twice as quick as in problematic code. Read for more valuable insights on why refactoring what already works is still important.
ChatGPT vs Software Developers: Is Generative AI the End of the Road for Developers?: By now, we know that the short answer to this is an emphatic, “No!”. But why is there still so much to discuss in this area and how do programmers need to prepare for a long-term fruitful relationship with AI?
Deno vs. Bun vs. Node.js: A Feature Comparison: While Deno offers a comprehensive feature set and strong alignment with modern web standards, your choice should align with your project's needs, whether that's Node.js for its ecosystem, Deno for modernity and security, or Bun for a mix of strengths.
Fuzz without fuss? Code Intelligence introduces AI tool to write test code: Code Intelligence (CI) has introduced CI Spark, an AI tool based on Large Language Models (LLMs) for creating tests, claiming a 15x productivity boost compared to manual test creation. CI Spark identifies entry points, generates fuzz tests, improves existing ones, and supports JavaScript/TypeScript, Java, and C/C++. In tests, it reduced fuzz test creation time from 3 days to hours. Read to learn more about what the roadmap includes.
Open source hooliganism and the TypeScript meltdown: While acknowledging that some individuals had legitimate objections to the removal of Typescript from Turbo 8, DHH, in his post, talks about his POV regarding the extreme behavior of certain TypeScript enthusiasts who engaged in what he describes as open-source hooliganism.
Java 21 Security #RoadTo21: Dive into this informative video to enhance your programming security knowledge and see the progress Java has made between versions 17 and 21, which is due to release soon.
An Internet of PHP: In this article, the author cites statistics showing PHP's prevalence on top websites and its dominance in content management systems, particularly WordPress. Anecdotes from various sources highlight PHP's speed, scalability, and continued innovation. Notably, even large-scale platforms like Vimeo and Slack rely on PHP.
✨ Tutorials and Guides
How to Avoid Refactoring Legacy Code HELL: This excellent video will teach you how to use a 5-step framework for refactoring legacy code using the Gilded Rose Kata (listed under HackerHub), originally created by Terry Hughes.
Dynamically Changing log4j or logback log levels in Java: Wondering how you can dynamically change log levels in Java without restarting your application? This is a practical challenge with multiple solutions. The key, this tutorial states, is capturing developer intent and broadcasting the change to all service instances. Read to learn how you can make informed decisions when implementing dynamic logging solutions in your applications.
Pouring Coffee into the Matrix: Building Java Applications on Neo4j: This article demonstrates how to create a Java project using Spring Boot and connect it to Neo4j. You'll learn about defining data entities and repositories for Neo4j, creating a REST endpoint to retrieve data, and establishing relationships between entities. Read to learn more about the potential of combining graphs and Java.
Artificial Intelligence With Python: A Comprehensive Guide: This article comprehensively covers AI concepts alongside practical implementations in Python.
String concatenation in Python Explained: This guide covers seven methods for efficient string concatenation in Python. Learn how to use the plus operator, the join() method, f-strings, and more to create and format strings effectively. Read to see practical examples and become equipped to choose the method that best suits your specific needs.
Packaging Python Projects in 2023: This tutorial offers step-by-step instructions for setting up a new package from scratch. The author emphasizes best practices, including the use of pyproject.toml, setuptools, Sphinx for documentation, version control, licensing, and testing with pytest and doctest. The tutorial also covers CI/CD setup with GitHub Actions.
Your Quick Guide to Pattern Matching in C#: This comprehensive guide covers various types of pattern matching, including type, declaration, constant, null, var, property, discard, positional, tuple, enhanced type, relational, logical, negated null constant, parenthesized, extended property, and list patterns introduced in C# 11.
Formatting Text in C++: The Old and The New Ways: This article highlights the performance differences between various methods of text formatting. It emphasizes that the newer C++20 format library, particularly std::format, is significantly faster than older methods like streams and printf. The article also addresses compatibility issues when transitioning to std::format and offers solutions.
Introducing a Memory-Safe Successor Language in Large C++ Code Bases: This video presentation discusses the challenge of introducing memory-safe programming into large existing C++ code bases. The speaker shares insights from the experience of incorporating Swift into a large software ecosystem and aims to provide guidance for the C++ community on the path toward a memory-safe future.
Teaching old C code new tricks with Nim: This article explores the process of wrapping an older C library, MAPM, with Nim, focusing on handling error messages and exceptions.
Introduction to Scala 3 (video course): a free video training course that comprehensively covers Scala 3, offering easy navigation, notes, and the option to join a mailing list for updates.
🧠 Expert insights from the Packt Community
An exclusive excerpt from Chapter 8 of Persistence Best Practices for Java Applications by Otàvio Santana and Karina Varela
Object-relational impedance mismatch explained
As Java developers, we know the power of the object-oriented programming (OOP) paradigm – it allows us to explore several patterns based on polymorphism, encapsulation, heritage, interface, creating custom types, and so on. We love it! Mainly because we can combine these approaches with design patterns to create clean and readable code.
Unfortunately, many of these OOP concepts and behaviors are not available on the database side, a characteristic named impedance mismatch.
Object-Relational Mapping (ORM) impedance mismatch is a specific type of impedance mismatch that occurs when mapping data between an oop language and a relational database management system (RDBMS).
OOP languages such as Java, Python, and C# use objects to represent and manipulate data, whereas relational databases use tables to store and manage data. ORM is a technique used to bridge the gap between these two different paradigms by mapping objects to database tables and vice versa.
Figure 8.1 – Example of Java object model equivalent mapping on the database schema
The ORM impedance mismatch occurs because objects and tables have different properties and structures. For example, objects can have complex data types, inheritance, and polymorphism, while tables consist of simple rows and columns. In addition, objects can have relationships with other entities, whereas tables have relationships between rows.
To mitigate this impedance mismatch and make the developer more efficient, ORM tools provide mapping strategies that allow developers to map objects to tables and vice versa. These strategies can include ORM patterns such as table inheritance, association mapping, and lazy loading.
Despite these strategies, ORM impedance mismatch can still occur due to differences in the query language, performance issues, and scalability problems. As a result, developers need to be aware of the limitations and trade-offs involved in using ORM tools and consider alternative solutions where necessary.
Another item to highlight in regard to the mapping processing is that it uses a mapper. The mapper, used on every app-database interaction, is responsible for converting to/from entities and requires a lot of CPU power, which may end up being heavier than the executed query itself.
This mapper has a bright mechanism for communicating between paradigms. Even with a cache and the most advanced techniques to improve performance, this process might be a nightmare in several applications.
A technology we can adopt to beat this challenge and avoid doing extra Java processing on every database operation is Eclipse Store.
…
Overall, Eclipse Store provides a compelling alternative to traditional ORM-based databases, offering faster performance and reduced complexity for applications that require ultra-fast data processing.
Figure 8.2 – Architecture overview of Eclipse Store
…
In the following sections, we’ll drill down into this powerful and flexible solution for in-memory data management and persistence that can help developers build fast and efficient applications.
Persistence Best Practices for Java Applications by Otàvio Santana and Karina Varela
was released in August, 2023. To get a more comprehensive preview of the book's contents, read the first chapter available for free here or signup for a 7-day free trial to access the complete book and the entire Packt digital library. To explore more, click on the button below.
📚 Secret Knowledge: Learning Resources
C++ exceptions and memory allocation failure: This article discusses strategies for handling memory allocation failures, including the use of exceptions and error codes. It emphasizes the importance of considering system design and the specific requirements of a project when deciding how to deal with memory allocation failures, and highlights the challenges of using error codes.
Just how constexpr is C++20’s std::string?: In C++20 the constexpr keyword was introduced for string and vector, allowing compile-time usage. However, there are constraints: constexpr values can't depend on runtime input, and data can't flow from runtime into compile-time. Read to understand how this extends to memory allocation, including the heap.
Quarkus extensions give Java dependencies superpowers: Quarkus extensions are like secret weapons for your Java-based applications. They not only import libraries but also boost performance by optimizing build times, making your app faster to start. Read to learn more about how they enhance developer joy with features like Dev Mode, and more.
Object-Oriented Programming (OOP) in Python 3: This tutorial delves into the core concepts of OOP, highlighting its role in structuring programs by bundling related properties and behaviors into objects. Learn how to define classes as blueprints for creating objects, instantiate objects, and leverage class inheritance to create specialized child classes. Discover the power of method overriding, and more.
30 Super Cool Python Tips to Boost Coding: This article will help you explore techniques for handling multiline strings, unpacking lists, and optimizing if statements using the ternary operator, and a lot more. You can also learn how to debug code effectively with the PDB module and start HTTP servers effortlessly.
Top 18 Python Pattern Programs You Must Know About: The patterns discussed in this article not only enhance your coding skills but also prepare you for technical interviews where pattern printing in Python is a common task. Read to understanding how each pattern works and become able to effectively explain your code.
Introducing Clean Architecture by refactoring a Go project: Clean Architecture aims for "low coupling, high cohesion" within applications. This article shows you how to achieve it using the example of areal application which you can then adapt for your own practical implementations.
Design Patterns in JavaScript: This article highlights the importance of avoiding anti-patterns like the "God Object," "Spaghetti Code," and "Callback Hell," offering alternative, organized practices for better code management.
JavaScript WTF: Why does every() return true for empty arrays?: While one might assume that every() would return true only if the callback function returns true for every element, this isn't the case for empty arrays. Read this article to understand this behavior and prevent errors using explicit checks when using every() with potentially empty arrays.
🔍 HackerHub: Tools & Launches
OpenRefine: a versatile Java-based tool accessible via a web browser, enabling data loading, understanding, cleaning, reconciliation, and web data augmentation on your own computer, prioritizing convenience and privacy.
Flowable (V7): a lightning-fast BPMN 2 process engine written in Java, offering an efficient Business Process Management (BPM) platform for developers, and others, with Apache 2.0licensing and seamless Spring integration.
djl: an open-source Java framework that simplifies machine learning and deep learning for Java developers, allowing seamless integration with existing Java expertise, support for multiple deep learning engines, and automatic CPU/GPU selection for optimal performance.
SynapseML: an open-source library built on Apache Spark, offering simplified creation of scalable machine learning pipelines with distributed APIs for various tasks, allowing integration into existing Spark workflows across multiple programming languages and data storage systems.
GildedRose-Refactoring-Kata: a coding exercise aimed at improving design, practicing test case creation, and refactoring, with resources available for guidance and testing, emphasizing small incremental steps and deliberate practice.
Melon: a versatile cross-platform C library offering a wide range of algorithms, data structures, functional components, scripting languages, and frameworks to expedite application development and reduce the need for redundant coding efforts.
📢 If your company is interested in reaching an audience of developers, software engineers, and tech decision makers, you may want to advertise with us.
We have an entire range of newsletters with focused content for tech pros. Subscribe to the ones you find the most useful here. Complete ProgrammingPro archives can be found here.
If you have any comments or feedback, take the survey!
Best regards,
Divya