ProgrammingPro #36: CISA Urges Shift to Rust, Microsoft's Cloud Reboot, Vercel Update, and Salesforce Insights
Bite-sized actionable content, practical tutorials, and resources for programmers
"Managing technical debt is a significant challenge. Emphasizing software craftsmanship and clean code principles is key to mitigating this issue."
– Jakub Stefaniak, In an interview published in today’s Expert Insight
I had the great opportunity to do an interview with Jakub Stefaniak, VP, Technology Strategy and Innovation at Aquiva labs and author of the recently published book, Salesforce AppExchange Success Blueprint. Stefaniak has valuable insights for those working within the Salesforce ecosystem or anyone concerned about the future of programming and the problem of technical debt. But as you know, we have more.
News Highlights: Cybersecurity agencies including CISA are advocating dumping C++ and shifting to Rust, Microsoft is reimagining cloud computing with WebAssembly in the .NET ecosystem, and Vercel has introduced a groundbreaking Conformance feature for proactive issue detection in the development lifecycle.
And Here are my top 5 picks from today’s learning resources:
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents🚨
Learn how modern JavaScript frameworks work by building one🛠️
Stay awesome!
Divya Anne Selvaraj
Editor-in-Chief
PS: If you would like to request a tutorial for the next time, or give us any feedback, take the survey. If you are looking for Python resources, go to the latest issue of PythonPro.
🗞️News, 💡Opinions, and 🔎Analysis
🗞️News
The World Depends on 60-Year-Old Code No One Knows Anymore: COBOL, the backbone of global transactions, is fading with its aging experts but IBM believes Watsonx is the solution you need. Read to learn why some are skeptical about Watson’s purported abilities in light of IBM's past AI project failures.
Dump C++ and in Rust you should trust, Five Eyes agencies urge: The US Cybersecurity and Infrastructure Agency (CISA) and global cyber authorities are advocating ditching C++ for Rust to enhance security and highlight the critical need to prioritize memory safety in development. Read to learn more and why CISA advises a shift to languages like Rust, C#, Go, Java, Python, or Swift.
Microsoft Explores a 'Reboot of Compute' in Cloud with WebAssembly: Microsoft is exploring leveraging WebAssembly (Wasm) to reshape cloud computing within the .NET ecosystem, enabling the compilation of existing .NET apps to a single cloud-native binary. Read to learn how this will lead to increased density, cost-effective multi-tenancy, and portability, and transform cloud applications.
Microsoft touts Visual Studio Code as a Java juggernaut: Despite Java slipping in the TIOBE index, Microsoft is going to collaborate with Red Hat for stability improvements, better Gradle experiences, and performance optimizations. Read to learn more including how code completion and enhanced intelligence are in focus, along with potential integration of GitHub Copilot Chat to elevate the Java development experience.
Vercel’s new Conformance feature detects issues earlier in the development lifecycle: The new feature revolutionizes development by proactively detecting critical issues pre-merge, assigning scores for prioritization, while Code Owners ensures responsible code management. Read to learn how this sustains speed without compromising code health.
💡Opinions and Analysis🔎
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents: This article breaks down key elements, including the definition of a "material cybersecurity incident," reporting timeframes, affected organizations, and the disclosure process. Read to understand the rules’ impact on cybersecurity measures and the need for mature incident detection and response capabilities.
The Journey of C++ & Its Impact in Programming: In this video interview, Bjarne Stroustrup, reflects on Bell Labs' golden age, highlighting the unique environment that allowed for groundbreaking work. Watch to learn how this contrasts against the current trend in academia and industry, where quick success is prioritized over deep, meaningful contributions, and a lot more.
A Guide to SRE Principles: This article explores essential Site Reliability Engineering (SRE) principles, covering topics such as risk management, setting service level objectives, automation, monitoring, simplicity in system design, and efficient release engineering processes. Read for a pragmatic guide to enhance system reliability and streamline operations.
Escaping complexity in the world of Clean Code and OOP: This article details the author’s journey of escaping unnecessary complexity in programming, emphasizing problem-solving over industry conventions. Read for insights into strategies like assessing costs in coding choices and adopting a back-to-basics approach for increased productivity and contentment.
Global Google Developer Experts Share Their Favorite Tools and Advice for New Developers: In this feature, global Google Developer Experts share insights including the benefits of Google Analytics and Firebase. Read to hear what they have to say about the versatility of Google tools and strategies for new developers.
All JavaScript and TypeScript Features of the last 3 years: This article explores the key JavaScript and TypeScript features introduced over the last three years, from ECMAScript and TypeScript advancements like tagged template literals, symbols, optional chaining, and nullish coalescing to the latest ES2020, ES2021, and ES2022 highlights. Read for insights to improve your coding practices.
🎓 Tutorials and Guides🤓
Compiler Options Hardening Guide for C and C++: This comprehensive guide from the Open Source Security Foundation outlines essential compiler options, including -O2 and -Wformat=2, for C and C++ developers to fortify code against vulnerabilities, emphasizing security measures like -D_FORTIFY_SOURCE=3 and -fstack-protector-strong. Read to adopt robust and secure coding practices.
How to Use setTimeout in React Using Hooks: This guide covers scenarios like handling user interactions, dynamic delays, sequential timeouts, cancellation, and leveraging setTimeout with Promises and async/await for crafting more responsive interfaces. Read to be able to craft more responsive interfaces.
Executing Untrusted Code in Serverless Environments: A Telegram Bot for Running C and C++ Code on Cloud Run: This article will guide you through the process of creating a Telegram bot that runs untrusted C and C++ code using WebAssembly on Cloud Run. Read for insights into security measures, asynchronous implementation, and deployment facilitated by GitHub Actions.
Mastering C# LINQ Guide: From Beginner and Expert: This guide explores the evolution, impact, and advanced techniques of LINQ in C#. Read for insights into its seamless integration, fundamental concepts, syntax, advanced query operations, and integration with diverse data sources like LINQ to SQL and Entity Framework.
TypeScript source code generation: This article provides practical examples and insights into version control strategies for generated code. Read to discover methods including template literals, template engines, writer libraries, and the TypeScript compiler API and adopt automation and metaprogramming techniques.
You don't need JavaScript for that: The author of this article challenges assumptions, by showcasing that many functionalities traditionally requiring JS can now be achieved with native HTML and CSS. Read to learn how to create custom switches, native autosuggest with datalist, utilize a native color picker, implement accordions, and embrace dialog modals without heavy JavaScript.
Let’s learn how modern JavaScript frameworks work by building one: Ever wondered how modern JavaScript frameworks like Lit, Solid, Svelte, and Vue work under the hood? Read for a step-by-step guide to creating a functional reactivity system seamlessly integrated with DOM rendering and gain a deep understanding of the inner workings of JS frameworks.
Using Javascript Variables in Tailwind: This article explores a practical approach for using dynamic colors in Tailwind with React by leveraging the style attribute to set CSS variables, enhancing Tailwind's simplicity while accommodating dynamic values. Read to learn how to apply this pattern not only to colors but also to various CSS properties.
Networking and Concurrency in Swift: This guide covers essential concepts, practical examples, and advanced topics such as Grand Central Dispatch and the Combine framework for reactive programming. Read for practical examples and to build responsive and efficient applications.
For Python tutorials and resources Go to PythonPro!
🔑 Secret Knowledge: Learning Resources🔬
What is the Static Initialization Order Fiasco in C++?: This article explores the challenge and provides solutions like the 'Construct on first use' idiom and the 'Nifty Counter Solution' to ensure proper initialization and de-initialization order of static objects across different files. Read to learn more and safeguard your C++ programs
3 security best practices for all DevSecOps teams: This article recommends focusing on integrating security into API-first strategies, automating code scanning, and standardizing data observability practices. Read to learn how these strategies ensure robust security across development, prevent vulnerabilities and enhance overall reliability.
Understanding Objective-C by transpiling it to C++: This article works through using Clang's -rewrite-objc option, unraveling the generated code, inspecting NSString static strings, and delving into @autoreleasepool blocks. Read for valuable insights into Objective-C's persistence in iOS and macOS development despite Apple's emphasis on Swift.
When to use abstract classes vs. interfaces in Java: When faced with the decision, the author asks you to consider whether mutable state is needed. Read to learn when to choose abstract classes and interfaces and understand the differences between the two.
A Return to WebAssembly for the Jave Geek: This article delves into the evolving WebAssembly landscape, showcasing how its simplicity opens avenues for JVM languages. Read to learn how this allows you to compile for browser-based software, plug-ins, and even support non-traditional languages on the JVM.
TypeScript's Hidden Feature: Subtypes: This article takes you through the practical applications of subtypes in TypeScript. Read to learn how to create them without extra tools, and understand their usefulness in ensuring data integrity and catching errors during compile-time.
How fast can you validate UTF-8 strings in JavaScript?: This article explores efficient methods for validating UTF-8 strings in JavaScript, comparing options like the valid-8 module, TextDecoder with exception handling, and the isUtf8 function in Node.js. Read for insights into their speeds and security implications.
Event Based State Management: This article explores the utilization of the EventTarget API and JavaScript proxies to create a flexible, dependency-free event-based state management system. Read to discover the system’s power from basic event handling to advanced features like custom events, centralized state management, and reactivity.
🧠 Expert Insight 📚
Here’s an exclusive interview with Jakub Stefaniak, the author of the book Salesforce AppExchange Success Blueprint. The book is your comprehensive guide to unlock ISV success covering partnership establishment, app development, security reviews, and business strategy for mastering the Salesforce ecosystem.
The following interview highlights why
Stefaniak recommends prioritizing user engagement post-setback, AI integration to solve Salesforce challenges, and fostering innovation in large-scale projects to ensure success in today’s tech landscape.
Q: Can you provide a brief overview of your career path leading up to your current role as VP, Technology Strategy and Innovation at Aquiva labs?
A: My journey in technology began with a Computer Science degree, during which I worked as a software developer for the Polish Academy of Sciences' research team. My initial forays were in C++, C#, and Java, but I soon gravitated towards the Salesforce ecosystem. After a stint as a freelancer, I transitioned into a technical architect role. This path led me to Aquiva Labs, where I now spearhead the internal innovation team.
Q: What initially sparked your interest in programming, and how did you get started in the field?
A: My fascination with programming ignited at the age of12, driven by my passion for computer games and a curiosity to develop mods for them. Although I no longer program professionally, it remains a cherished hobby.
Q: Could you share any formative experiences or key milestones that have shaped your career?
A: A pivotal moment was the failure of an early project: a simulation and training system for the Polish army. Technically sophisticated yet ultimately unused due to a lack of user engagement, it was a harsh lesson in the importance of customer-centric design.
Q: How did this setback shape your perspective on the importance of user engagement, and how do you apply this lesson in your current role?
A: The setback with the Polish army's training system was a pivotal moment in my career. It prompted me to delve into the realm of business analysis, where I dedicated a year to mastering the nuances of requirements management. This strategic career shift, though temporary, was instrumental in honing my skills, later proving to be a cornerstone in my journey as a technical architect. In my current role, these skills are invaluable; they guide our customer-centric design philosophy and underscore the importance of user engagement. Moreover, I actively share this knowledge with my colleagues, fostering a collective understanding of the criticality of aligning our solutions with user needs.
Q: How has your role as a tech leader evolved in response to the latest technology trends?
A: This year, my focus is intensely trained on the intersection of artificial intelligence and software development. The rapid pace of technological evolution makes each day a learning opportunity.
Q: Given your focus on AI and software development intersection, could you share a specific example of how your team has embraced AI?
A: Absolutely. In an initiative to integrate AI into our software development lifecycle, we crafted a comprehensive playbook aimed at guiding our engineering team on the judicious use of AI tools. This resource particularly focuses on three areas: code generation, code refactoring, and debugging. My personal involvement in coding, augmented by my hands-on experience with generative AI across these domains, has been instrumental. The adoption process demands a certain level of acclimatization, but the payoff in terms of performance enhancement and quality improvement is substantial and well worth the investment.
Q: What advice do you have for programmers aiming to advance to leadership roles in tech?
A: Master the art of delegation. Technical proficiency often tempts one to shoulder all responsibilities, but true leadership involves empowering others to learn and grow.
Q: Can you share areal-world example of a challenging technical problem you or your team successfully solved?
A: Working within the Salesforce ecosystem presents unique challenges, especially regarding large data volumes. Designing applications that perform well beyond the development phase and withstand real-world data loads is always a gratifying challenge.
Q: Could you talk some more about a specific project where your team successfully addressed performance issues related to handling large data loads?
A: Dealing with large data sets in Salesforce is a recurrent challenge. Our approach often involves conducting meticulous audits of existing software systems. A key aspect of these audits is the analysis of database operations. We frequently observe that performance bottlenecks are rooted in the misuse of synchronous operations where asynchronous solutions would be more efficacious. Identifying and rectifying these antipatterns forms the cornerstone of our strategy to enhance performance in the face of substantial data volumes.
Q: What are the latest trends and challenges in the Salesforce programming world according to you?
A: Generative AI is revolutionizing the field. I advocate for embracing AI tools in code generation, debugging, and refactoring to enhance efficiency and effectiveness.
Q: How do you see Generative AI evolving in the context of Salesforce, and what potential impact could it have on the development process and end-user experiences?
A: The trajectory of generative AI within Salesforce programming is indeed promising. The areas of sales, service, and marketing present immediate opportunities for leveraging this technology. I envision a future where the majority of Salesforce clientele will integrate generative AI to bolster their core operations, enhancing not only the efficiency of their teams but also refining the overall user experience. This adoption has the potential to revolutionize traditional workflows and set new benchmarks in customer interaction and service delivery.
Q: What programming languages or frameworks do you believe will be crucial for the future, and why?
A: The future likely holds a shift towards new programming languages and paradigms. It's less about specific languages and more about adopting a mindset geared towards growth and adaptability.
Q: Are there specific emerging technologies or languages that you are closely watching, and how do you prepare your team for potential shifts in the programming landscape?
A: The programming landscape is undergoing a significant transformation, primarily driven by advancements in AI and code generation. In the foreseeable future, I anticipate a paradigm shift where developers transition from traditional coding to predominantly overseeing and reviewing AI-generated code. To prepare for this seismic shift, we are proactively integrating AI tools into our development processes. Additionally, we are continuously evolving our internal processes and deploying new tools to facilitate this transition. This forward-thinking approach is designed to ensure that our team remains at the forefront of technological evolution, ready to embrace and capitalize on these emerging trends.
Q: How do you foster a culture of innovation and continuous learning within your tech team?
A: Cultivating an environment where experimentation and learning from failures is encouraged is crucial. Even unsuccessful outcomes are valuable learning experiences.
Q: In your experience, what are the most common challenges developers face when working on large-scale projects?
A: Managing technical debt is a significant challenge. Emphasizing software craftsmanship and clean code principles is key to mitigating this issue.
Q: Could you provide insights into how your team approaches and mitigates technical debt in large-scale projects?
A: Addressing technical debt, particularly in expansive projects, is a multifaceted endeavor. Our methodology encompasses the use of sophisticated code scanners and the implementation of PMD rules to systematically keep technical debt in check. A robust code review process forms the backbone of our quality assurance framework. For clients grappling with technical debt, we commence with an exhaustive audit to gauge the extent of the issue, followed by a tailored mitigation plan. This approach is crucial, especially for Salesforce AppExchange applications, as the platform's stringent security review standards necessitate a minimal level of technical debt for approval.
Q: What strategies do you employ to stay updated with the ever-changing tech landscape?
A: I stay informed through reading, subscribing to relevant newsletters, and valuing academic engagement, like participating in MIT's Chief Technology Officer Program.
Q: How do you balance technical excellence with business goals in your role?
A: Aligning technical efforts with business objectives is paramount. Understanding and prioritizing customer needs ensures that technical solutions are not just innovative but also impactful.
Q: And finally, what's one piece of advice you wish you had when you started your career in programming?
A: Embrace the mantra of “practice, practice, practice.” While bootcamps offer quick entry into programming, a comprehensive Computer Science degree provides a foundational, diverse experience that's invaluable. Cultivate a growth mindset and appreciate the journey of learning.
Salesforce AppExchange Success Blueprint by Jakub Stefaniak was published in October 2023. You can buy the book here. Packt subscribers can start reading right away here.
🛠️ Useful Tools ⚒️
Unblocked: a beta AI platform designed to expedite understanding and fixing services that nobody owns (with minimal documentation) by absorbing data from various sources, including instant messaging, source code, and project management tools, and creating a repository for easy querying, currently available for free.
ClickHouse Keeper: an open source C++-based replacement (part of the ClickHouse project) for Apache ZooKeeper, excelling in efficiency and strong consistency, utilizing the Raft consensus algorithm and outperforming ZooKeeper with approximately 46 times less main memory usage.
CheerpJ 3.0: a WebAssembly-based JVM which delivers client-side Java in the browser with enhanced speed and usability, supporting Java 8 and promising future compatibility, allowing seamless integration, and enabling execution of unmodified Java applications directly from JAR files.
dify: an open source advanced LLM application development platform, surpassing the Assistants API with a 20% improvement, offering model neutrality, complete tech stack engineering, and local deployment for building powerful generative AI-native applications.
That’s all for today.
We have an entire range of newsletters with focused content for tech pros. Subscribe to the ones you find the most useful here. Complete ProgrammingPro archives can be found here. Complete PythonPro archives are here.
📢 If your company is interested in reaching an audience of developers, software engineers, and tech decision makers, you may want to advertise with us.
If you have any comments or feedback, take the survey!