ProgrammingPro #33: CISA's AI Roadmap, .NET 8's LLM Integration, GitHub Copilot Training, and more

Bite-sized actionable content, practical tutorials, and resources for programmers

"I really really believe that any individual can make a difference, that if you have an idea, a dream, something that you want to do, then just go for it."

– Stephanie Shirley (2013), Freelance Programmer: the story of Dame Stephanie Shirley

Stephanie Shirley's inspiring journey—from defying sexism to founding Freelance Programmers in 1962—captures the transformative power of breaking conventions in programming. Welcome to today’s issue of ProgrammingPro!

Today we are covering quite a bit including CISA's roadmap for responsible AI, .NET 8's seamless LLM integration, and GitHub Copilot Enterprise's pricey private code training. But that is not all and here are my top 5 picks:

• Are you undervaluing complexity analysis in your programming interviews?

• Implementing Mario’s Stack Blur 15 times in C++ (with tests and benchmarks)

• The 6 best ORMs for database-powered Python apps

• Project Loom: Understand the new Java concurrency model

• Headless Component: a pattern for composing React UIs

And, we have an exclusive excerpt for you in our Expert Insight section from Automate Testing for Power Apps that illustrates how early and automated testing can enhance collaboration, ensure quality, accelerate delivery, and more. So dive right in.

Stay awesome!

Divya Anne Selvaraj

Editor-in-Chief

PS: If you want us to find a tutorial for you the next time or give us any feedback, take the survey! If you are looking for more Python stuff, go here.

Sign Up | Advertise

🗞️News, 💡Opinions, and 🔎Analysis

🗞️News

• CISA outlines five efforts for safely adopting AI in newly published roadmap: CISA's new roadmap, a response to President Biden's AI Executive Order, emphasizes responsible AI use, secure default settings, and collaborative protection of critical infrastructure. Read to learn more or go directly to the roadmap here.

• .NET 8 arrives with new features for building intelligent apps and C# 12: Microsoft's latest release allows developers to seamlessly integrate LLMs like GPT and enhances compatibility with generative AI workloads. Read to learn how the new version will streamline your app development with AI, container updates, and language improvements. For more about the C# 12 release specifically, go here.

• C++ 26 committee progresses new features including contracts and ‘desperately needed’ reflection: The committee has highlighted the introduction of key features to address the language's historical lack of runtime introspection. Read to understand this pivotal advancement that will shape the future or C++.

• Developers cheer GitHub Copilot Enterprise edition trained on organization code, but not its price: The edition allows training on private organizational code, but the pricing, starting at $39.00 plus GitHub Enterprise Cloud subscription, is a bit hard to swallow. Read to learn why despite pricing concerns, the Copilot-GitHub integration stands out and for insights from GitHub's annual Octoverse survey.

• MIT Engineers Pioneer Sensitive Algorithm for Proactive Identification and Fixing of Failures in Autonomous Systems: The algorithm is designed to detect and repair potential failures in systems ranging from power grids to rescue drones, and enable the discovery of hidden correlations in complex systems. Read if you are interested in making autonomous systems more resilient and trustworthy.

• OSV introduced broad C/C++ Vulnerability Management with Vulnerable Commit Ranges: Advisories now feature vulnerable commit ranges, a critical addition for C/C++ projects lacking a centralized package registry. Read to learn more about crucial features like OSV-Scanner's granular support, and more.

• Building fast Next.js apps using TypeScript and AWS Amplify JavaScript v6: The new version comes with reduced bundle sizes, enhanced TypeScript support, and Next.js integration. Read if you are looking to enhance your Next.js applications' speed and efficiency.

💡Opinions and Analysis🔎

• Enhancing RocksDB Java API Performance through Efficient Data Transfer Analysis: This article explores performance improvements in the API, analyzing data transfer mechanisms, including byte arrays and buffers. Read for actionable recommendations for efficient Java interaction with RocksDB.

• 3 Myths about Observability — And Why They’re Holding Back Your Teams: This article debunks myths and emphasizes observability’s role as a tailored practice for distinct teams of security practitioners, data engineers, and developers. Read to understand the importance of targeted insights for efficient problem-solving.

• The 6 best ORMs for database-powered Python apps: This article explores the key features and nuances of SQLAlchemy, PonyORM, Django ORM, Peewee, SQLObject, and Tortoise ORM. Read to make informed choices for your apps.

• The 7 best Python libraries for parallel processing: Want to move beyond the limitations of Python's default single-threaded implementation, CPython? Read to learn how Ray, Dask, Dispy, Pandaral·lel, Ipyparallel, Joblib, and Parsl, specialize in parallelizing tasks across CPUs, machines, or both and gain actionable insights.

• My Favorite Language Isn't TypeScript - An Interview w/ Jose Valim, the creator of Elixir: In this interview Valim explains functional programming through the lens of maintainability. Watch for this and much more including opinions on Ruby and BEAM.

🎓 Tutorials and Guides🤓

• Are you undervaluing complexity analysis in your programming interviews?: In this article, the author shares insights from his own experience interviewing at Spotify, emphasizing clear communication over end results. Read to learn how to approach complexity analysis at your next interview, even with knowledge gaps, and discover efficient ways to upskill, including revisiting CS basics and more.

• How to use the specification design pattern in C#: This approach allows you to define and combine business rules seamlessly, promoting separation of concerns and reducing code duplication. Read for C# code examples illustrating the specification pattern's application, creating modular and reusable specifications.

• Implementing Mario’s Stack Blur 15 times in C++ (with tests and benchmarks):
  Wondering how to efficiently blur images on the CPU without GPU access? Read to explore single-channel stack blur, the queue concept, circular buffer implementation, and optimizations like the "Martin optimization"; benchmarked against vector libraries, and discover when Stack Blur outperforms.

• C++20, Spans, Threads and Fun: This article explores the powerful synergy of C++20 features, including spans, threads, std::jthread, std::barrier, and std::latch, demonstrating how they enhance multi-threaded data processing efficiency. Read if you are seeking concise and effective concurrency solutions.

• Solving the Countdown problem with Java 21's Language Features: This article explores how Java 21 can solve a mathematical challenge from the popular British TV show, by crafting expressions with addition, subtraction, and so on, to reach a target number. Read for insights into crafting efficient expressions using fundamental mathematical operations using enums, sealed interfaces, and records.

• How to create a blog with Next.js and React Bricks: This comprehensive coding tutorial will guide you through leveraging React Bricks' block-based system for dynamic, visually appealing blogs without sacrificing your developer experience. Read to learn how to do it, from setup, content editing, and SEO, to deployment.

• A Complete Guide to Getting Started in Open Source: Whether you are a beginner or an experienced contributor, this guide will help you expertly navigate the intricacies of advancing in open source, by covering terminology, non-coding contributions, Git, collaborative version control, and community engagement. Read for a comprehensive roadmap to make a meaningful impact without a mentor.

🔑 Secret Knowledge: Learning Resources🔬

• Binding a C++ Library to 10 Programming Languages: This article delves into the intricacies of binding a C++ library to Python, JavaScript, Rust, ObjC/Swift, GoLang, Java, C, and more. Read to delve into high-performance integration challenges, PyBind11 and SWIG tools, packaging dilemmas with DSLs, and more.

• How do you enhance game performance using C++ as a scripting language?: By employing efficient RISC-V emulation, AOT-compiled C++20 scripts, and zero-copy lookups with std::string_view, you can achieve a notable reduction in lookup time from 20ns to as low as 4ns. Read if you are dipping your feet into game development or seeking performance enhancements in your projects.

• Project Loom: Understand the new Java concurrency model: Project Loom's revolutionary virtual threads offer a lightweight alternative to scale from thousands to millions. Read to explore underlying features like continuations and structured concurrency, and learn how Loom's approach outshines models like RXJava.

• Loom is just HyperThreading in Java: This short article draws parallels between Loom's virtual threads in Java and HyperThreading, highlighting their shared goal of optimizing computation resource utilization and throughput. Read to leverage these technologies effectively and enhance overall system throughput in Java apps.

• Adventures in Measuring JavaScript: This article explores the challenges and benefits of measuring JavaScript's CPU cost using thread instruction counters in Chrome's tracing tools. Read if you are looking to optimize CPU-bound applications despite limitations and complexities.

• Headless Component: a pattern for composing React UIs: This article will teach you how to implement the Headless Component pattern, to address the increasing complexity of UI components by separating non-visual logic and state management. Read for practical examples of its application in leading libraries for creating versatile, maintainable, and reusable components.

• React Server Components, without a framework?: This article explores RSC without a framework, covering features and distinctions from traditional Server-Side Rendering. Read for a survival guide and demo of migrating a React Notes App to RSC, and to understand the challenges in building a custom RSC framework.

🧠 Expert Insight 📚

Here’s an excerpt from “Chapter 1,

Software Quality and Types of Testing” in the book Automate Testing for Power Apps by César Calvo and Carlos de Huerta.

The need for testing for awesomeness and quality

Low-code platforms are a game-changer in developing a minimum viable product (MVP) as they significantly reduce the time and effort required to create an app.

This efficiency does not necessarily mean that testing requirements are diminished,

but it does enable the rapid transformation of identified business or personal needs into a functional application. This allows you or your targeted users to start using the MVP and experience its benefits in a relatively short period.

When apps start to grow or development goes too quickly, quality drops. To uphold this quality, testing is important. Although low-code platforms help democratize the development of applications so that everyone can transform their ideas into reality through software, there is still a gap where technology does not currently supply a seamless process to create and iterate those ideas. Users still need to understand some important concepts for successful application development until the vision outline in the preface allows everything to be automated just from a functional description of your needs.

Testing as a quality driver

Testing can help identify and fix defects and issues early on in the development process, which can help prevent delays and rework. Testing can help share expectations about how the app should work. Testing helps build better quality solutions and also allows you to keep. This can help improve collaboration and communication within the development team, which can lead to better-quality solutions.

So, better collaboration, better maintenance, and a reduction of time to market can lead to much more agility and speed to deliver an app.

For example, let’s say you are creating an expense report low-code solution to manage employee expenses. Through testing, you may discover the following quality paybacks:

• Testing will help you validate requirements that have been gathered and defined in the ideate step. As you add an additional type of expense, the solution may not be able to integrate with the financial system. By identifying this issue through testing, you can review integration with the system to ensure that the expenses and financial records are consistent and up to date.

• The solution may not be able to handle different types of expense items. By identifying this issue through testing, you can implement additional logic and validation in the solution to ensure that the items are added and updated correctly.

• The internal team responsible for the expense delegation API wants to review how their service is used. You can reduce their time to review your app by sharing test use cases and test simulations of their functionality.

• As you add more features, you will check whether the previous functionality is still working to ensure you don’t change data types, navigation, or anything that will negatively impact the user experience.

You do not have to be concerned too much about the possible implications of changes in each of the underlying components that keep the app functioning when you use a service such as Power Apps. However, you need to take care of changes to your app and the satisfaction of your users, and testing automation will help you save time and resources, enabling you to evolve your app more efficiently.

Software development life cycle

In this section, we will cover the SDLC standard for software development, review how it applies to low-code, and look at reasons why testing needs to be a central part of your process.

Figure 1.1 presents some typical stages in the SDLC process. It is a structured approach that enables you to create high-quality software at a reasonable cost. By following a step-by-step process, software development teams can design, develop, test, and effectively deploy software:

Figure 1.1 – The SDLC stages

Whether planned and managed or completely ad hoc, every step is expected. If you’re producing software that people or just you use, you are following the SDLC inadvertently, and the main goal would be to embrace it formally (usually through a specific model such as Agile, Lean, or Waterfall, to name a few) and benefit from its adoption and related automation tools.

Let’s briefly describe the activities involved when you develop a potential Expense Report Canvas App in Power Apps:

1. Planning: This step involves gathering requirements and analyzing them. First, requirements are gathered through user feedback, where a group of potential users is asked about the features they would like in the app – for example, the type of expense, receipt image recognition, or personal reports. Then, the collected requirements are analyzed to understand the problem better, figure out a solution, and make informed decisions. This analysis includes considering the gathered information, comparing existing similar processes for managing expenses, and determining what needs to be done to develop a more effective app.

2. Design: You start creating a plan for how the app will be made. In the SDLC, design is the stage where we figure out what our expense report app should do, how it should work, and what it should look like. We must think about all the different parts and how they will fit together to make a finished product that is useful and easy to use.

3. Develop: Based on the previous information and initial decisions taken, you begin the process of creating the software program. This involves defining the functionalities of the program, creating a design blueprint, writing the code, testing its functionality, and finally, releasing it for others to use. The develop phase is a crucial part of this process where you write the instructions for the computer to follow using Power Apps Studio.

4. Testing: From the definition of the app, this makes sure that your app works correctly. During testing, we try different things to see if the Expense Report Canvas App works as it should, and if it doesn’t, we try to fix the problem so that it will work correctly.

5. Deployment: Once you have a working version of the app to use, you make it available to use. By deploying to the production environment – that is, publishing the Power App – the functionality will become available to end users.

As shown in Figure 1.1, based on the review of each version you develop, the cycle is repeated over and over again for every new version and functionality, going through the develop, test, deploy (and review) stages.

On the other hand, you could deploy the app in different environments based on the role of users using the app: production for final users to start creating and submitting their expense reports, staging for validating functionality with a specific group, or development while building a version. We will share more details about environments in this chapter.

As mentioned in the Microsoft documentation here, when we look at this process from a Power Apps perspective, it is accelerated thanks to the platform, and you can quickly create a new version of your app.

Figure 1.2 highlights this simplification in low-code with terms used in Power Apps and connecting them with SDLC stages. Here, Design includes the stages from requirements gathering to analysis and design, Make considers the development stage, and Test and Run reflects testing and running the app through fast iterations before deployment. Once you want to share with other users, Publish will make that deployment available in your environment of choice. We will map the terms with tools and capabilities later on:

Figure 1.2 – The SDLC simplified for low-code

Although testing shows up as a stage in the SDLC, you should consider it not as a single stage but a whole process that expands across all stages of SDLC, from planning to development and production. This will ensure the quality of the app, as we described, but this will also help to bring an excellent experience to your users, giving the awesomeness wanted for our app.

Testing as an awesomeness driver

By testing the app, you can identify and fix any issues before the app is used by end users. When the need to fix a bug or defect arises, testing will help you identify the root cause, perform regression testing, validate the version in an environment, and then go live into production with confidence. When testing is included and automated in your development, fewer errors will occur.

You may wish to consider inclusive design in your app testing and development. More information can be found here, but in a nutshell, inclusive design guides you to create products that are psychologically, physically, and emotionally suitable for every person in the world, seeing human diversity as a resource for better designs.

Testing helps ensure that the app is user-friendly and provides a positive experience for end users, and by incorporating testing into the development process, organizations can build trust in the low-code solutions that are developed. This can help increase the adoption and usage of the solutions within the organization, as well as integration with existing development processes, by identifying and fixing defects and issues before the solution is released.

You can find some best practices for app design here. By providing readable names of controls, screen readers can read them out for blind people. You can create a Power Apps theme for consistency, and color accessibility or font uniformity.

So, a better code process, improved user experience, and increased trust lead us to a better-quality app and the process to deliver it.

For example, take the previous example of the expense report low-code solution to manage employee expenses. Empathy is an important part of design, so if we anticipate a disruption or improvement and advise our users about this, they will experience a better connection with the app. Through testing, you may discover the following improvements:

• The app may not follow the accessibility guidelines, and the app could be hard for people using screen readers. By reviewing the solution checker, and applying its recommendations, the developer can ensure that the solution will allow additional users to use it effectively.

• An update to the internal integration with the financial system is deployed with a change that affects the app. By identifying this issue through testing, the developer can alert internal users and the right stakeholders as changes are rolled back or a new version is published.

• The solution may not be user-friendly. By identifying users who take more time than expected to use a part of the app, through testing, the developer can redesign the layout and navigation of the solution to make it more intuitive and user-friendly.

• An error in the published app, due to a previous change, prevents users from successfully submitting a specific expense item. You confirm the test use cases didn’t include this situation. It is updated and validated with a fix.

With that, we have described activities that are beneficial to improve the experience and quality of the expense report app. The way we described these activities implies a manual process. We can get the full benefit through automation processes, which is possible through the adoption of ALM.

Automate Testing for Power Apps by César Calvo and Carlos de Huerta was published in October 2023. You can read the rest of chapter 1 for free and buy the book here.

Get the Book!

🛠️ Useful Tools ⚒️

• Louvre: a high-performance C++ library for Wayland compositors, simplifying the intricate development process with multi-threading, exceptional performance benchmarks, and a versatile rendering system.

• guidelines: concise C++ wisdom, urging defaults like variable initialization and const use, emphasizing clarity over complexity, inviting scrutiny of bold directives like avoiding reinterpret_cast, and more.

• Statsi: a JavaScript tool for automating summary statistics calculations in nested objects, providing flexibility for object modeling in scenarios like adjusting car speed based on parts and managing RPG character data.

• privateGPT: a privacy-focused AI project, enabling offline document queries with 100% data privacy, simplifying RAG pipelines, and evolving as a gateway to advanced generative AI models.

• AI-For-Beginners: a 12-week AI journey with Microsoft's beginner-friendly curriculum, exploring Symbolic AI, Neural Networks, Computer Vision, and Natural Language Processing using TensorFlow and PyTorch.

We have an entire range of newsletters with focused content for tech pros. Subscribe to the ones you find the most useful here. Complete ProgrammingPro archives can be found here. Complete PythonPro archives are here.

📢 If your company is interested in reaching an audience of developers, software engineers, and tech decision makers, you may want to advertise with us.

If you have any feedback, take the survey or leave your comments below!