ProgrammingPro #91: Rust 1.85 Upgrades, Gemini Code Assist Privacy Concerns, Copilot Extensions, and TypeScript Migration at Scale
Join Snyk's Fetch the Flag CTF 2025!
Snyk’s annual Capture the Flag event, Fetch the Flag 2025, is back! Hosted by Snyk and John Hammond, the event will take place on February 27, 2025, from 9am ET to 9pm ET. Engage in 20+ real-world security challenges, enhance your professional development & earn CPE credits.
Welcome to a brand new issue of ProgrammingPro.
In today’s Expert Insight, we bring you an excerpt from the recently published book, ASP.NET Core 9.0 Essentials, which covers best practices for handling HTTP requests, including input validation and sanitization, asynchronous programming, and using caching and compression.
News Highlights: Rust 1.85.0 brings language and tooling upgrades; Google’s free Gemini Code Assist collects user code by default; AI coding tools may harm code quality, says GitClear; and GitHub Copilot Extensions now integrate external services into IDEs.
My top 5 picks from today’s learning resources:
Migrating 160,000 Lines of Production Banking JavaScript to TypeScript with Zero Downtime🔄
Prompt Engineering: Challenges, Strengths, and Its Place in Software Development's Future🧠
But there’s more, so dive right in.
Stay Awesome!
Divya Anne Selvaraj
Editor-in-Chief
🗞️News and Analysis🔎
.NET 10 Preview 1 is now available!: Key updates include OpenAPI 3.1 support in ASP.NET Core, performance enhancements in .NET MAUI, and new Entity Framework Core capabilities.
Announcing Rust 1.85.0 and Rust 2024: This version introduces language improvements, enhances the standard library, updates Cargo functionalities, and makes significant changes to Rustdoc and Rustfmt.
Google previews free Gemini Code Assist tier – uses your code to improve AI models by default: Google has launched a free tier of Gemini Code Assist, offering up to 180,000 monthly code completions, but collects user code by default to improve its AI models unless developers opt out.
AI is eroding code quality states new in-depth report: A GitClear report analyzing 211 million lines of code has found that AI coding assistants increase duplicated and copy-pasted code while reducing refactoring, leading to declining code quality. In contrast, Google’s DORA report claimed AI improves code quality by 3.4% but also found a 7.2% decline in delivery stability.
GitHub Copilot Extensions Integrate IDEs with External Services: GitHub Copilot Extensions, now generally available, allow developers to query documentation, generate code, retrieve data, and interact with external services directly from their IDEs using natural language.
Laravel 12 released: The version introduces updated dependencies, minimal breaking changes, and new starter kits for React, Vue, and Livewire, incorporating Inertia 2, TypeScript, and Tailwind.
JDK 24: The new features in Java 24: Key improvements include enhanced concurrency, quantum-resistant cryptography, optimized garbage collection, streamlined object headers, and new APIs for key derivation.
🎓Tutorials and Learning Resources💡
Python
💡Slashing my ".bashrc" in half: Discusses how the author improved their shell configuration by replacing numerous plugins with efficient, modern Rust-based tools, resulting in a faster, leaner, and easier-to-maintain ".bashrc."
For more Python resources, go to PythonPro
C# and .NET
🎓Abusing await with a result type to achieve rust-like error propagation in C#: Demonstrates a way to achieve Rust-like error propagation in C# by abusing
awaitwith a customAsyncMethodBuilder.🎓Writing a .NET Garbage Collector in C# - Part 4: Covers how .NET's garbage collector tracks and manages memory, as well as how allocation strategies impact performance and efficiency.
🎓Mastering Controllers in .NET APIs: Explains relative vs. absolute routes, passing parameters via URLs, query strings, and request bodies, and includes examples for API versioning, error handling, and documentation.
C++ and C
💡Is coding in Rust as bad as in C++?: Discusses the performance trade-offs of Rust vs. C++ builds, optimization techniques for both languages, and why C++ still has an edge in compilation speed for large-scale projects.
💡Smart Pointers Can't Solve Use-After-Free: Explains why smart pointers alone aren't sufficient for preventing dangling pointers and how C++'s lack of enforced lifetimes makes it more error-prone compared to safer languages.
💡Curl’s Daniel Stenberg on Securing 180,000 Lines of C Code: Curl's creator discusses the security challenges of maintaining C code in an open-source project with 20 billion installations, instead of rewriting in Rust.
Java
🎥Modern Java Deep Dive: Focuses on new features post-Java 21, alongside enhancements in garbage collection and the integration of markdown in JavaDocs and the phasing out of older Java components like the Security Manager and RMI Activation.
🎓Using Java Libraries in BoxLang: Covers how to integrate Java libraries into BoxLang applications to enhance functionality using the Java Virtual Machine, with a focus on parsing RSS feeds using the 'rssreader' library.
💡Handle Exceptions in Spring Boot: A Guide to Clean Code Principles: Covers best practices for implementing robust exception handling in Spring Boot applications to write clearer, more maintainable code aligned with clean code principles.
JavaScript and TypeScript
💡Speeding up the JavaScript ecosystem - Rust and JavaScript Plugins: Details how flattening the AST and leveraging node indexing can significantly reduce deserialization overhead.
🎓A Mere Mortal’s Introduction to JIT Vulnerabilities in JavaScript Engines: Provides an introductory guide to JIT compiler vulnerabilities in JavaScript engines, aiming to demystify a complex topic usually reserved for "smart people.
💼Migrating 160,000 Lines of Production Banking JavaScript to TypeScript with Zero Downtime: Discusses how WorkMade successfully migrated to TypeScript within six weeks to enhance maintainability and security.
Go
💡Faster Go maps with Swiss Tables: Discusses the introduction of a new hash table design, detailing its benefits and the unique challenges involved in adapting this efficient C++ hash table strategy to Go’s map implementation.
🎓Tcl/Tk application binaries through Go: Covers how to use the
modernc.org/tk9.0Go package to convert Tcl/Tk 9.0 into standalone executables, enabling Go developers to use Tk without C dependencies.
Rust
🎓Calling Rust from cursed Go: Discusses integrating Rust with Go using a non-CGO method to handle foreign function interfaces (FFI), particularly focusing on calling Rust from Go without traditional drawbacks associated with CGO.
💼Towards Practical Formal Verification for a General-Purpose OS in Rust: Discusses ensuring memory safety by verifying Asterinas operating system's page management module using the framekernel architecture.
Swift
💼How Swift's server support powers Things Cloud: Explains how Cultured Code rewrote Things Cloud's backend in Swift, detailing the architecture, deployment, and performance improvements.
🎓Task.sleep() vs. Task.yield(): The differences explained: Explains the differences between the two , when to use each, and their impact on concurrency performance in Swift.
PHP
💡Laravel vs Django and Rails for SaaS Development: Comprehensively evaluates their performance, scalability, developer experience, ecosystem, hosting, deployment, and cost.
💡Reclaiming Memory from PHP Arrays: Explains how PHP handles memory for arrays, why
unset()alone is insufficient, and when to rebuild arrays for optimal memory management.
SQL
💡Streaming SQL in Stateful DataFlows: Discusses the evolution of SQL from its origins to its role in modern data streaming, highlighting Fluvio’s new SQL stream processing feature that enables real-time querying and transformation of streaming data.
🎓Using Cloudflare Durable Objects with SQL Storage, D1, and Drizzle ORM: Provides a detailed guide on integrating Cloudflare Durable Objects with the D1 SQL database using Drizzle ORM, covering setup, configuration, schema migrations, deployments, and testing within a Hono-based Bun application.
Ruby
💡Advanced Queries in ActiveRecord for Ruby on Rails: Explores advanced ActiveRecord querying techniques in Ruby on Rails, covering complex joins, self-referential associations, JSON/JSONb columns, and database-specific optimizations for PostgreSQL.
🎓RSpec Mocks & Doubles: The Secret Sauce for Testing Like a Pro: Explains RSpec mocks and test doubles using code examples demonstrating how to use stubs, expectations, and spies for testing in Ruby on Rails.
Kotlin
🎧How Meta is translating its Java codebase to Kotlin: In this podcast episode, engineers discuss challenges like handling nullability, ensuring idiomatic Kotlin code, and adapting Meta’s internal frameworks.
🎓Server-Driven UI with Compose Remote Layout: Explains how to use Compose Remote Layout to build adaptable UIs controlled via JSON, implement dynamic value binding, create custom components, and leverage a live editor.
🌟Advanced Concepts🚀
Rethink State💡 Why You Should Model Your Frontend Around Events: advocates for shifting frontend development from CRUD-based state management to event-driven architecture (EDA), where UI interactions dispatch events instead of directly modifying data.
Prompt Engineering: Challenges, Strengths, and Its Place in Software Development's Future: Delves into the structural similarities and differences between prompt engineering and programming and more.
Intro to Elixir: A fresh take on functional programming: Introduces Elixir, highlighting its functional programming features, immutable data structures, pattern matching, concurrency model using actors, and unique syntax.
Programming and architectural paradigms: Examines how object-oriented, functional, and procedural programming paradigms influence software architecture, particularly in Microservices, Event-Driven Architecture, and Space-Based Architecture.
Software Architecture — Things That No One Has Told You: Outlines essential skills for software architects, covering negotiation, influencing, prioritization, communication, problem-solving, critical thinking, and business-technology translation.
🧠Expert Insight📚
Here’s an excerpt from “Chapter 7: Adding Capabilities to Applications" in the book, ASP.NET Core 9.0 Essentials, by Albert S. Tanure, published in January 2024.
HTTP request best practices
The HTTP request is a fundamental component when working with web applications. Proper handling of HTTP requests can significantly impact the performance and reliability of your application.
We have already learned about the
types of HTTP verbs and status codes in Chapter 3. However, each HTTP method provided by the application must be treated appropriately, to avoid inconsistencies in the application and avoid vulnerabilities.
Furthermore, the way HTTP requests are made directly impacts the experience of users or consumers of your solution.
Let’s understand some good practices related to HTTP requests.
Validate and sanitize input
Always validate and sanitize input to prevent security vulnerabilities such as SQL injection and cross-site scripting (XSS). XSS is a security vulnerability where the attacker injects scripts into web pages. To know more, go to https://learn.microsoft.com/en-us/aspnet/core/security/cross-site-scripting?view=aspnetcore-9.0.
Consider a scenario where a user submits a form with a username. To prevent harmful data from being processed, you should validate the input to ensure it meets the expected criteria and sanitize it to remove any malicious content:
public IActionResult Submit(string username)
{
if (string.IsNullOrEmpty(username))
{
return BadRequest("Username is required.");
}
username = HttpUtility.HtmlEncode(username);
// Proceed with processing the username
return Ok();
}
The preceding code demonstrates a simple validation of the username parameter, if(string.IsNullOrEmpty) , avoiding using it incorrectly. The HttpUtility.HtmlEncode(username) method is used to convert characters such as < , > , & , and so on into an HTML-encoded format.
Use asynchronous methods
During the execution flow of an HTTP request, we must avoid making the processing actions synchronous. Otherwise, this could degrade the user experience and cause some problems for the application, such as the following:
Thread blocking: Synchronous methods block the thread while waiting for I/O operations (such as database queries, file access, or network requests) to complete. In an ASP.NET Core application, the thread pool is a limited resource.
Thread pool exhaustion: When an application heavily relies on synchronous methods, the thread pool can become exhausted, especially under high load, which occurs when all available threads are blocked and no new threads are available to handle incoming requests.
It is a recommendation and good practice to use asynchronous methods to improve performance and scalability. For example, when using the HttpClient object to make a request in an API, use the HttpClient.SendAsync method instead of HttpClient.Send .
Asynchronous programming allows your application to handle multiple tasks simultaneously without waiting for each task to complete before starting the next one. This is similar to how a chef in a busy kitchen might prepare multiple dishes at once, rather than finishing one dish before starting another.
We will cover the use of asynchronous programming in more detail in the Asynchronous requests and I/O optimization section. Now, let’s understand another good practice in relation to HTTP requests, regarding caching and compression.
Caching and compression
Requests via the HTTP protocol have some attributes, including headers and body. During communication between an application and the backend, this information is transmitted, and the headers are used both by the client (in this case, the browser) and by the backend.
There are several types of HTTP headers, including those associated with caching and compression.
By utilizing caching and response compression, we can reduce bandwidth usage and improve load times. Browsers also identify these headers, avoiding unnecessary requests to the server.
Caching and dating compression work similarly to how a library might keep frequently borrowed books readily accessible or how a vacuum-sealed package takes up less space. These practices reduce the load on your server and speed up responses to user requests.
Let’s analyze the following code snippet extracted from a Program.cs class:
// Add services to the container. builder.Services.AddResponseCaching();
app.UseResponseCaching();
app.Use(async (context, next) => {
context.Response.GetTypedHeaders().CacheControl =
new Microsoft.Net.Http.Headers.CacheControlHeaderValue
{
Public = true, MaxAge = TimeSpan.FromMinutes(10)
};
await next();
});
Let’s understand the preceding code. When you add app.UseResponseCaching to the application’s middleware pipeline, it performs the following functions:
Checks for Cache-Control headers:
The middleware checks whether the incoming request can be cached based on the presence of Cache-Control headers
If a valid Cache-Control header is found and it allows caching, the middleware proceeds to handle the request
Stores responses in the cache:
If the response to the request can be cached, the middleware stores the response in the cache
Subsequent requests that match the cache criteria will be served directly from the cache, bypassing the need to generate the response again
Serves cached responses:
For requests that match previously cached responses, the middleware serves the cached response
This reduces the processing time and load on the server, as the response is retrieved directly from the cache
The app.Use(async (context, next) method adds the necessary parameters for the Cache-Control header to the middleware pipeline, such as the cache duration time. This is necessary so that the client can know how the response should be cached.
The cache is managed in the application’s memory and, therefore, it is not interesting to keep the cache for a large amount of time in memory, which could cause problems. However, it is good practice to use it. We will go into more detail about cache usage in the next section, Improving performance with a cache strategy and making the application resilient.
ASP.NET Core 9.0 Essentials was published in December 2024. Packt library subscribers can continue reading the entire book for free or you can buy the book here!
Get the eBook for $31.99 $21.99
🛠️Useful Tools⚒️
tach: A Rust-based Python tool for enforcing modular architecture by validating dependencies, preventing cycles, and ensuring interface correctness.
MetaGPT: A multi-agent framework that assigns specialized roles to GPTs, enabling AI collaboration to automate software development tasks.
pandas-ai: A Python tool for querying and analyzing data using natural language, with support for visualizations, multi-dataset analysis, and more.
That’s all for today.
We have an entire range of newsletters with focused content for tech pros. Subscribe to the ones you find the most useful here.
If your company is interested in reaching an audience of developers, software engineers, and tech decision makers, you may want to advertise with us.
If you have any suggestions or feedback, or would like us to find you a learning resource on a particular subject, leave a comment below.