ProgrammingPro #45: White House Urges C/C++ Shift, Gemini's Python Interpreter, Zombie Code Apocalypse, and StarCoder2 LLM Unveiled
Bite-sized actionable content, practical tutorials, and resources for programmers
Welcome to this week’s edition of ProgrammingPro!
In today’s Expert Insight, we bring you an excerpt from the recently published book, Edge Computing Patterns for Solution Architects, that takes you through strategies for designing antifragile applications that not only withstand but improve under stress.
News Highlights: The White House recommends abandoning C and C++ to address cybersecurity, Gemini Advanced unveils ChatGPT-like Python Interpreter, Synopsys’ report warns against "zombie code," and ServiceNow, Hugging Face, and NVIDIA introduce the StarCoder2 LLM.
My top 5 picks from today’s learning resources:
Building an E-commerce Product Recommendation System with OpenAI Embeddings in Python🛒
Booking.com Doubles Delivery Performance Using DORA Metrics and Micro Frontends📈
Continuous Integration and Continuous Delivery for Database Changes🔄
Stay Awesome!
Divya Anne Selvaraj
Editor-in-Chief
🗞️News and Analysis🔎
White House urges developers to dump C and C++: A report published by the White House Office of the National Cyber Director (ONCD), states, “Since many cybersecurity issues start with a line of code, one of the most effective ways to address those issues is by examining the programming language itself.” Read to learn why its time to change.
Exclusive to Gemini Advanced - Edit and run Python code: Gemini Advanced has introduced a ChatGPT-like Python Interpreter for paid users, enabling code editing and execution within its interface for $20/month. Read to learn more.
Security suffering due to a “zombie code” apocalypse🧟: According to Synopsys’ Open Source Security and Risk Analysis report 91% of codebases are outdated, containing "zombie code" that poses security risks. Read to learn about the risks outdated code poses.
ServiceNow, Hugging Face, and NVIDIA release new open LLMs for developers: StarCoder2, an open LLM family for developers, featuring models trained on programming to aid in code generation and workflow automation has been collaboratively launched. Read to learn more.
GitHub releases Copilot Enterprise, while Chat users fret about over-reaching permission requirements: The new launch enhances integration with private repositories and offers features like pull request descriptions and chat support for coding queries. Read to learn why Copilot Enterprise may pose some concerns.
React 19 introduced, and ‘Forget’ compiler is now in production at Instagram – but not yet widely available: The new version introduces Actions, Asset Loading, and Web Components support, moving beyond experimental features of React 18. Read for more insights into the advancements.
Deno 1.40 Released, Features Upcoming JavaScript’s Temporal API and Decorators: The Temporal API aims to overcome the limitations of the JavaScript Date object, offering better timezone support, reliability, and non-Gregorian calendars. Read to learn more about the version’s potential.
TypeScript soothes type narrowing pain point: TypeScript 5.4 introduces features like type refinement preservation in function closures and a NoInfer type to prevent unwanted type inferences. Read to learn more about key updates.
JDK 22: The new features in Java 22: The new version due in March introduces features like scoped values, structured concurrency, stream gatherers, and multi-file program execution. Read to learn more.
🎓Tutorials and Learning Resources💡
Python
🎓Tutorial | Duck Typing in Python - Writing Flexible and Decoupled Code: Duck typing in Python focuses on object behaviors and interfaces rather than their types. Read to learn how to implement this approach in Python.
🎓Tutorial | Building an E-commerce Product Recommendation System with OpenAI Embeddings in Python: This tutorial explains the concept of embeddings, their importance, and walks you through developing a system utilizing Kaggle's product datasets. Read to enhance your understanding of Python ML applications.
10 tips for speeding up Python programs: This article recommends strategies including focusing on optimizations like profiling for hotspots, memoizing frequently used data, and utilizing NumPy for efficient math operations. Read to speed up.
For more Python resources go to PythonPro
C/C++/C#
🎓Tutorial | How to Sort Arrays and Lists in C#: This guide highlights the importance of sorting for efficient data manipulation and algorithm performance. Read to learn how to use built-in sorting methods and implement custom sorting.
true and false operators - treat your objects as a Boolean value: This article discusses implementing user-defined true and false operators in C#, covering the semantics of these operators and more. Read to learn how to implement these.
🎓Tutorial | Gradient Descent With Adam in Plain C++: This article introduces an enhancement to the gradient descent optimization method called Adam, specifically tailored for machine learning in C++. Read to learn about the method’s advantages.
A Year of C++ Game Development Improvements in Visual Studio 2022: In 2023, Visual Studio 2022 introduced significant features and improvements focused on design time productivity specifically for game developers. Read to learn about the comprehensive suite of new features and improvements.
🎓Tutorial | Building A File Compressor Using C And Wasm: This tutorial covers Huffman Coding from the basics to its implementation, including generating a frequency table, sorting frequencies, and more. Read for insights into handling data structures, and interfacing between C and JavaScript for web applications.
Java
🎓Tutorial | CRUDing NoSQL Data With Quarkus, Part One: MongoDB: This guide explains the process of creating, reading, updating, and deleting a customer-order-product domain model. Read if you are seeking efficient NoSQL data persistence solutions in your applications.
🎓Tutorial | Hints for Unit Testing With AssertJ: This guide emphasizes focusing on writing clean, readable tests, avoiding false positives, and applying best practices. Read to learn how to improve your unit testing strategies.
🎓Tutorial | Spring Strategy Pattern Example: This tutorial demonstrates the implementation of the Strategy pattern in Spring, covering list, map, and method injection techniques using the Unforgivable Curses 🧙♂️ from Harry Potter as examples. Read to learn how to implement and inject different strategies.
JavaScript and TypeScript
🎓Tutorial | Vanilla JavaScript, Libraries, And The Quest For Stateful DOM Rendering: This guide takes you through the process of building a color browser widget to illustrate the challenges and techniques involved in stateful DOM rendering. Read to learn about the intricacies of client-side rendering.
The Cost of JIT: Smoking JavaScript with Dart 🔥: Through various benchmarks, this article concludes that performance differences between languages are often less about the languages themselves and more about their implementation specifics. Read to learn about the impact of JIT and AOT compilation on runtime.
🎓Tutorial | Embedded TypeScript: Hosting a Frontend on a ESP32: This article details the innovative integration of a TypeScript-based frontend on an ESP32 device for configuring second-life storage systems. Read to learn how to manage file size, bypass filesystem limitations, and creatively use HTTP headers.
Go
🎓Tutorial | Ring buffer in Golang: This article discusses the implementation and advantages of using a ring buffer in Go, especially when dealing with fixed-size datasets requiring FIFO capabilities and efficient insertion times, as opposed to using slices. Read to learn about the efficiency and practicality of ring buffers.
🎓Tutorial | Using Gemini in a Go application: limits and details: This article discusses the integration of Google's Gemini into Go applications via Vertex AI. Read to learn more.
Rust
🎓Tutorial | Guide to using TensorFlow in Rust: This straightforward guide is for those interested in leveraging TensorFlow's machine learning capabilities within the safety and performance-oriented environment of Rust. Read to learn how to integrate TensorFlow with Rust for developing machine learning applications.
Case Study | A journey of improvements to Neurosity’s Brain Operating System: This case study on optimizing Neurosity's Brain Operating System using Rust, focuses on performance improvements and software architecture refinements. Read to learn about the applications of Rust in embedded systems.
PHP
What's New in PHP 8.3: The new version has introduced features like extended readonly properties, the #[\Override] attribute for method overriding, explicitly typed class constants, and more. Read for comprehensive insights into PHP 8.3's new capabilities.
SQL
🎓Tutorial | Building A Recommendation System Using ClickHouse and SQL: This guide focuses on using a collaborative filtering approach with the cosineDistance function. Read to enhance your ability to handle data science problems efficiently with database technologies.
.NET
Blazor and .NET 8: How I Built a Fast and Flexible Website: This article describes the process of building a fast and flexible website using Blazor and .NET 8 for the "CSharp in the Cards" series. Read to learn about leveraging Blazor and .NET 8 features to build high-performance web applications.
Ruby
The Art of Forking: Unlocking Scalability in Ruby: This article introduces forking in Karafka, a Ruby framework for Kafka processing, as an alternative to threads for parallelization, enhancing performance and scalability. Read to learn about enhancing Ruby applications' scalability.
Swift
Third-party libraries acknowledgments using a Settings bundle: This article explains how to add acknowledgments for third-party libraries in an app using a Settings bundle, emphasizing the importance of respecting open-source licenses like MIT by acknowledging library usage. Read to discover a method to automate acknowledgments using a Settings bundle.
Kotlin
🎓Tutorial | Capture Inbox Link for Email Based Login: This article provides a detailed guide on implementing a solution to automate the process of capturing a login verification link sent to an email inbox, using Appium for test automation. Read to enhance your test automation for applications requiring email-based verification.
🌟Best Practices and Code Optimization🚀
Microsoft’s Baseline OpenAI end-to-end Chat Reference Architecture: This set of guidelines and best practices from Microsoft emphasizes components for chat flows, data services, and LLM access while ensuring network security and identity-based access. Read for deployment guidance for developing secure and efficient OpenAI-powered chat applications.
Booking.com Doubles Delivery Performance Using DORA Metrics and Micro Frontends: Booking.com's fintech team enhanced delivery performance by splitting a monolithic front-end into smaller, independently deployable apps. Read for insights into the impact of methodical performance tracking and architectural modernization on improving software delivery efficiency in a complex environment.
Continuous Integration and Continuous Delivery for Database Changes: This article discusses integrating database change management into CI/CD pipelines within Agile development teams. Read to learn how you can improve software delivery efficiency and achieve seamless database and application evolution.
Safe Clones With Ansible: This tutorial guides you on safely cloning private Git repositories using Ansible with temporary GitHub deploy keys, prioritizing security by avoiding permanent tokens or keys that could be compromised. Read to learn secure methods for accessing private Git repositories in your DevOps pipelines.
Unleashing the Power of Git Bisect: This tutorial explains the use of git bisect for efficient regression debugging, highlighting its automation capabilities and strategies for managing skipped commits. Read to learn how to quickly identify regression-inducing commits within large and complex codebases.
Give us feedback or request a resource for next week
🧠 Expert Insight 📚
Here’s an exclusive excerpt from “Chapter 11, Recommendations and Best Practices” in the book, Edge Computing Patterns for Solution Architects by Ashok Iyengar and Joseph Pearson.
Making antifragile applications
In this section, let’s explore how to design solutions that improve when placed under stress. We’ll analyze potential areas of weakness. By the end of the section, you should be able to list some properties of an antifragile solution architecture. The goal of this section is to give you a new perspective and a new way of thinking about creating
lasting and invulnerable applications, rather than delivering specific recipes for you to follow.
Defining the terms
What do we mean when we use the term antifragile? In Nassim Nicholas Taleb’s book Antifragile, he describes systems that not only endure and survive adversity but improve under pressure and attacks. While not written specifically about designing resilient application architectures, the principles covered in his book apply generally to most systems, including those used in software, and that’s how we’ll be applying the lessons discovered and explained by Taleb.
Designing architectures for situational adversity and uncertainty that thrive under pressure ensures that your infrastructure and system components are strong from the start. And the reverse is also true: designing for nominal circumstances ensures that your solution will likely buckle when placed under pressure.
Building an approach that remains strong when introduced to adverse circumstances implies an awareness of where the stress will come from and how it may affect your solution and its components. This requires a holistic and detailed knowledge of the solution and potential deployment environments and creative thinking about how it could be used. As you think through these issues, we recommend creating a list of potential areas of vulnerability and sorting them by most concerning to least so that you can spend the most time working on the areas that need the most attention.
What are your current areas of weakness or vulnerability?
As you create your solution architecture, we recommend being transparent about the trade-offs you encounter. Detail the points where improvements could have been made and why they weren’t. Work with the development and product organizations to ensure you all understand the strengths and weaknesses. You may be able to turn what you felt was a point of fragility into a product feature or selling point. Here are some specific areas of potential weakness to ponder when creating a solution design:
Connectivity: As covered earlier, DDIL environments describe the range of potential connectivity effects, and an offline-first posture can remediate that. Think about the potential sources of connectivity loss or degradation and see how that might be mitigated or used as a feature.
Physical access: This is a potential area of vulnerability, but also the primary method of access for provisioning devices and ongoing hardware maintenance. Moving to a system of zero-touch provisioning, onboarding, and life cycle management will partially offset the lack of access to the hardware. Strategies to quarantine potentially compromised devices, and to flag the data they produce as suspect, would help. How might people potentially abuse having physical access and can that be turned from a weakness into a strength?
Environmental factors: Air quality, temperature extremes or volatility, and vibrations all contribute to decreased operating conditions and potentially rapid equipment failure. Are there negative operating modalities that have positive aspects you could leverage?
Peak demand: Systems are typically provisioned for an anticipated range of demand or usage. What are the worst-case scenarios regarding short-term impacts? And what if a product that uses your system proves wildly successful and you need to scale up quickly for the long term?
Hardware or software dependencies: Is your solution tied to a specific type of hardware, a software library from a specific vendor, or a proprietary connector or protocol? If you can’t abstract away from or around that dependency, can you prevent it from becoming a single point of failure (SPoF)?
Once you’ve probed and documented areas of potential weakness in your solution architecture, it’s time to think about what situations and features make an architecture antifragile. Dwell on the following properties and consider how they might apply to your situation. Use them as a test to determine whether your architecture is either fragile or antifragile.
Properties of antifragile architectures
Taleb stated that antifragility is measurable using a straightforward test of asymmetry. Let’s think about how this would apply to a solution that you design. When subject to random events, does your solution as a whole deliver more positive benefits or more negative results? If, in the balance, the results are more positive, then your approach is likely antifragile.
Let’s think about scoring antifragility in the context of machine learning (ML) models. Object recognition models are typically trained with large labeled datasets of imagery, and can then be used to score the likelihood that a previously unseen image is an object that it recognizes. These models are known for failing to recognize objects they were trained on when shown the target object from a different perspective, with a new background, or in a different color or lighting arrangement. Since it does not deliver a net benefit when exposed to novel or random inputs, it is quite fragile.
Another property of antifragile architecture is that it responds well in unpredictable environments and unanticipated situations. Another way to think about this property is how well your components, infrastructure, or solution respond to edge conditions and corner cases. If-then logic, most algorithms, and some types of ML work best with known inputs, situations, and sequences. Therefore, attempting to predict and capture most scenarios in advance and responding appropriately would lead to a antifragile implementation.
A counter-intuitive property of an antifragile solution design is that the system becomes inefficient or weaker overall if volatility is suppressed, minimized, or otherwise filtered. For example, polling for messages at a scheduled interval is a fragile design since it generates load on a server by repeatedly checking for messages in situations when there are no messages for an extended time period, and likewise causes a backup when there is a surge in messages over a short time period because it is not able to check for messages more frequently.
However, polling at a variable rate in combination with a back-off algorithm allows the system to handle surges whenever they occur, quickly drain a queue or backlog, and then return to a slower interval as the number of messages declines. This would be an antifragile approach.
Some system types and patterns are fragile by their very nature, including command and control and other complex systems. The main cause of this fragility is the high number of interconnections and interdependencies. These not only mask the causes of certain responses but also prevent simple debugging. Therefore, the best way to reduce fragility in these types of systems is to reduce the complexity of the solutions employed within them.
An ounce of prevention...
While the end goal of antifragility is to prevent situations that could introduce negative results and a lack of flexibility, it is also important to backstop that with functions or components that will also correct any errors or misconfigurations if they can be easily anticipated. This attempt at self-healing is also a valid secondary approach to antifragility in edge architecture. It can also function as a substitute for first-level technical support by implementing checks for, and corrections to, frequently encountered issues on day two (after the solution has launched and is in production).
Overall, being antifragile means delivering a way to remove disorder from a system, or otherwise increasing order. But no matter how well designed a system is, eventually major issues can and will happen. Let’s take a look at how to respond in the final section of this chapter.
Packt subscribers can continue reading for free here. Edge Computing Patterns for Solution Architects by Ashok Iyengar and Joseph Pearson was published in January 2024. You can buy the book at 40% off just for today here!
🛠️ Useful Tools ⚒️
ada: a C++ library for fast, spec-compliant URL parsing, supporting Unicode and requiring C++17, with no dependencies.
grover: a Ruby gem that converts HTML to PDFs, PNGs, or JPEGs using Google Puppeteer and Chromium, optimized for web applications requiring fast rendering and efficient memory use.
quivr: an AI-enhanced personal assistant offering fast, secure, and versatile data management and productivity enhancements with open-source accessibility.
That’s all for today.
We have an entire range of newsletters with focused content for tech pros. Subscribe to the ones you find the most useful here. Complete ProgrammingPro archives can be found here. Complete PythonPro archives are here.
📢 If your company is interested in reaching an audience of developers, software engineers, and tech decision makers, you may want to advertise with us.
If you have any feedback, take the survey, or leave a comment below.