Visual Studio Code adds overtype mode, paste with imports 12 Dec 2024, 4:31 pm

Visual Studio Code 1.96, the latest version of Microsoft’s popular code editor, has arrived with an overtype mode and a “paste with imports” feature for JavaScript and TypeScript.

Also known as the November 2024 release, Visual Studio Code 1.96 can be downloaded from the project website for Windows, Linux, and Mac.

Visual Studio Code’s new overtype mode will overwrite text in the editor instead of inserting it when typing. Microsoft said a useful scenario for this feature would be when editing Markdown tables, where you want to keep table cell boundaries aligned. Overtype mode can be toggled via the command View: Toggle Overtype/Insert Mode.

The “paste with imports” feature automatically adds imports for pasted code when copying and pasting code between JavaScript or TypeScript. Microsoft noted that by default copy and paste will always insert just the pasted text. But if a “paste with imports” edit is available, the paste control will make it available to select.

Other new features and improvements in VS Code 1.96:

  • VS Code 1.96 finalizes an API that enables extensions to provide coverage on a per-test basis, allowing developers to see exactly what code any given test actually executed.
  • A new copilot-debug terminal command helps developers start a debugging session with GitHub Copilot in VS Code. Also, GitHub Copilot’s debugging capabilities, including copilot-debug and the /startDebugging intent, now generate preLaunchTasks for code that needs a compilation step before debugging.
  • Users now can directly use the Move To context menu action on a view container to move the view between the Primary Side Bar, Secondary Side Bar, or Panel area.
  • Font ligatures now are supported in the terminal, regardless of whether GPU acceleration is being used.
  • Developers can control which extensions can be installed in VS Code using the extensions.allowed setting. This setting allows for specifying allowed or blocked extensions by publisher, specific extensions, and versions. If an extension or version is blocked, it will be disabled if already installed.
  • JavaScript and TypeScript support now uses TypeScript 5.7.

The December 11 release of VS Code 1.96 follows the October 29 release of VS Code 1.95, which previewed AI-powered code editing with GitHub Copilot. VS Code 1.95 was followed by three point release updates that addressed various bugs.

(image/jpeg; 7.45 MB)

Java Applet API heads for the exit 12 Dec 2024, 11:58 am

Java would finally shed its Java Applet API under an OpenJDK proposal created December 4.

The JDK Enhancement Proposal notes that the API not only has been deprecated for removal for some time but is obsolete, because neither the current Java Development Kit (JDK) nor current web browsers support applets. Removal is slated for the Standard Edition of Java, although a specific JDK release not yet been designated.

The proposal cites multiple reasons for the APIs removal. First, the Applet API in JDK has no implementation, meaning there is no way to run an applet using the JDK. Second, browsers no longer support applets. Third, the appletviewer tool, which let developers test applets without a browser plugin, was removed in JDK 11, which was released in September 2018. Fourth, the Java Security Manager, which provides support for running applets by sandboxing untrusted downloaded code, will be removed with the JDK 24 release in March. Hence, there is no reason to keep the unusable and unused Applet API.

Java applets were first deprecated with JDK 9, which was released in September 2017. Applets essentially lost out to JavaScript and the web browser in web development. There also were security concerns about the applets.

(image/jpeg; 0.38 MB)

From surveillance to safety: How Kazakhstan’s Carpet CCTV is reshaping security 12 Dec 2024, 3:57 am

In a world where technology increasingly shapes how cities manage safety and security, Kazakhstan’s Ministry of Internal Affairs is leading the way with its groundbreaking “Carpet CCTV” project. This ambitious initiative has revolutionized public safety by combining a massive surveillance network with advanced analytics and artificial intelligence, creating a system that shifts the focus from reactive responses to proactive prevention.

Over the past four years, the scope of Kazakhstan’s surveillance infrastructure has expanded dramatically. The number of cameras has grown from just 40,500 to an impressive 1.3 million, with 313,000 cameras now directly accessible to police. These cameras are strategically positioned to monitor key areas, enhancing law enforcement’s ability to detect, prevent, and respond to incidents in real time. The system has already shown its effectiveness: since early 2024, it has detected over 8,200 criminal offenses and recorded 7.1 million traffic violations, resulting in significant improvements in public safety and road management.

At the heart of this transformation is the use of artificial intelligence. By integrating cutting-edge technologies such as facial recognition, license plate detection, and crowd monitoring, the system provides actionable insights that allow authorities to address risks before they escalate. For example, facial recognition capabilities enable real-time identification of persons of interest, while AI-powered traffic monitoring contributes to improved road safety and generates public revenue through fines. These features highlight the system’s ability to go beyond passive recording, transforming it into a dynamic tool for crime prevention and urban management.

The implementation of the Carpet CCTV project, however, was not without challenges. Managing the enormous volume of data generated by over a million high-definition cameras required significant upgrades in communication networks and data storage infrastructure. The integration of public and private camera networks demanded a unified approach to data sharing and management, while privacy concerns necessitated robust regulatory frameworks to ensure citizen trust. Through a combination of strategic planning, public-private partnerships, and transparent communication, the Ministry successfully addressed these obstacles, setting a model for other nations to follow.

One of the project’s most significant achievements lies in its deterrent effect. Administrative offenses, such as public disturbances, have decreased sharply, indicating that the visible presence of surveillance cameras is influencing behavior. This demonstrates the power of technology not just to react to incidents, but to prevent them altogether. Furthermore, the use of video evidence has increased case resolution rates, further solidifying the system’s impact on law enforcement effectiveness.

Looking ahead, Kazakhstan plans to build on the success of Carpet CCTV by expanding its geographic coverage and enhancing its analytical capabilities. New developments will focus on leveraging advanced AI to improve the accuracy and scope of surveillance, while also incorporating adaptive privacy measures to protect civil liberties. This forward-thinking approach ensures the system remains at the forefront of public safety technology, balancing innovation with accountability.

Kazakhstan’s Carpet CCTV project represents more than just an investment in technology—it’s a vision for smarter, safer cities. By blending state-of-the-art solutions with thoughtful governance, the Ministry of Internal Affairs has created a system that not only addresses today’s challenges but also lays the groundwork for a secure and sustainable future.

(image/jpeg; 0.06 MB)

Google’s AI coding entry with Jules signals tougher competition in coding tools 12 Dec 2024, 2:32 am

Google has made a significant entry into the competitive AI coding tools market with Jules, an experimental coding assistant aimed at enhancing developer workflows and challenging established tools like GitHub Copilot and Amazon Q Developer.

The stakes are high, with AI increasingly seen as essential for accelerating software development in several industries.

In 2024, OpenAI’s ChatGPT emerged as the most widely adopted AI-powered tool among developers, with 82% reporting regular use, according to data from Statista. GitHub Copilot followed as the second most popular option, used by 44% of developers, while Google Gemini secured the third spot at 22%.

If Google succeeds with Jules, it could redefine how enterprises adopt and integrate AI into their development workflows.

Unveiled in a blog post, Jules is integrated with Google’s Gemini 2.0 AI model and designed to handle time-consuming coding tasks, such as fixing bugs and managing multiple files, while developers focus on higher-priority work.

“Imagine your team has just finished a bug bash, and now you’re staring down a long list of bugs,” Google said in the post. “Starting today, you can offload Python and Javascript coding tasks to Jules, an experimental AI-powered code agent that will use Gemini 2.0. Working asynchronously and integrated with your GitHub workflow, Jules handles bug fixes and other time-consuming tasks while you focus on what you actually want to build.”

The tool’s capabilities include creating detailed, multi-step plans to address coding issues, modifying code across files, and preparing pull requests for seamless integration into GitHub. These features position Jules as a versatile assistant for developers managing complex projects or large teams.

According to Google, Jules also offers real-time progress tracking, helping developers stay informed about ongoing tasks and prioritize actions requiring immediate attention. Importantly, the tool allows for full developer oversight.

Users can review Jules’ plans, request adjustments, and assess the generated code before integrating it into their projects, ensuring a balance between automation and quality control.

Advantage Google?

Google’s entry into the AI coding tools market highlights its strategy to serve enterprise developers and leverage the increasing demand for AI-driven development solutions.

Jules combines automation with transparency and control, aiming to carve out a unique position in a competitive and growing sector.

“The AI-powered coding tools market is currently dominated by leading players like GitHub Copilot and Amazon Q Developer,” said Manukrishnan SR, practice director at Everest Group. “Gemini’s code generation capabilities till date haven’t been up to the levels exhibited by OpenAI’s offerings including ChatGPT, so it remains to be seen whether Jules can help them turn around their fortunes in this space.”

Despite such challenges, analysts note that Google’s vast ecosystem provides a compelling foundation for Jules.

“Jules might be late to the party but has the largest developer and code base to tap into and transform how they code not only for Android but also for AI-centric code bases such as Python and JavaScript,” said Neil Shah, partner and co-founder at Counterpoint Research. “The adoption of Jules versus the competition will be at a greater pace and scale, which will drive improvement in the overall tool faster and better, infusing further momentum to Google Gemini 2.0.”

According to Shah, Google’s ability to integrate its advanced Gemini 2.0 technology across its first-party applications—such as Search, Android, G-Suite, Maps, and YouTube, which collectively reach billions of users daily—and its vast network of third-party developers catering to both enterprise and consumer markets provides a significant advantage.

This expansive ecosystem positions Google to scale Jules and its underlying AI technologies faster than many competitors.

Impact on enterprises

AI-powered coding tools like Jules have the potential to transform how software is developed, shifting the focus from traditional coding practices to software configuration with the assistance of AI.

Analysts suggest that this evolution could significantly impact enterprise workflows, particularly in managing large-scale projects.

“Developer productivity and experience could improve significantly for enterprises managing large-scale projects, especially in commonly used programming languages like Python and Java,” Manukrishnan said. “Productivity improvements are expected to be less in legacy languages like COBOL due to the lack of available training data for the LLM models.”

However, enterprises may encounter obstacles when integrating tools like Jules into their existing workflows. Challenges such as maintaining adherence to enterprise coding standards and ensuring consistent code quality remain key concerns.

“While these tools tend to perform well for greenfield application development use cases, they’ve struggled to show value in large-scale brownfield or modernization use cases involving complex integration requirements,” Manukrishnan added. While the promise of AI-powered coding tools is significant, enterprises must weigh their benefits against the challenges of adoption, particularly in environments with legacy systems or stringent integration demands. This balance will likely shape the trajectory of AI coding tools in enterprise settings.

(image/jpeg; 6.97 MB)

InfoWorld’s 2024 Technology of the Year Award winners 12 Dec 2024, 1:00 am

Artificial intelligence, including generative AI, continues to evolve rapidly across enterprise organizations, despite a lot of heavy lifting still required of software developers and data scientists. Many organizations continue to struggle to move generative AI applications, and the large language models that fuel them, from pilots into production.

The good news is that AI remains fertile ground for innovation, with software vendors infusing the technology into a variety of tools across the broad ecosystem of applications and development tools. Many of these innovations stand out among 60 finalists and 25 winners of InfoWorld’s 2024 Technology of the Year Awards.

The InfoWorld Technology of the Year Awards recognize the best and most innovative products in AI, APIs, applications, business intelligence, cloud, data management, devops, and software development. Read on to meet our finalists and winners.

To read about InfoWorld’s 2024 Technology of the Year Award winners in PDF format, download the file below (no registration required).

Award categories

AI

  • AI and machine learning: Applications
  • AI and machine learning: Development                
  • AI and machine learning: Models

APIs

  • API management

Applications

  • Application management
  • Application networking
  • Application security

Business intelligence

  • Business intelligence and analytics

Cloud

  • Cloud backup and disaster recovery
  • Cloud compliance and governance 
  • Cloud cost management
  • Cloud security

Data management

  • Data management: Databases 
  • Data management: Governance
  • Data management: Integration
  • Data management: Pipelines
  • Data management: Streaming

Devops

  • Devops: Analytics
  • Devops: CI/CD
  • Devops: Code quality
  • Devops: Observability
  • Devops: Productivity
  • Devops: Security

Software development

  • Software development: Platforms
  • Software development: Tools

AI and machine learning: Applications

Finalists

  • Bitsight Discovery and Attribution Engine
  • Gong Revenue Intelligence Platform
  • Outset 

Winner

  • Gong Revenue Intelligence Platform

From the winner

Gong transforms revenue organizations by harnessing customer interactions to increase business efficiency, improve decision-making, and accelerate revenue growth. Gong’s Revenue Intelligence Platform uses AI to help teams capture, understand, and act on all customer interactions in a single, integrated platform. Gong captures and analyzes interactions with customers and prospects, enabling teams to identify key moments within the funnel, provide actionable guidance on the most effective next steps to take, and automate tasks. This leads to more (and more significant) wins, improved customer satisfaction, deeper engagement, more accurate forecasts, and stronger loyalty.

From the judges

“Pulling ambient information from emails and phone calls into the CRM system to help improve sales is a perfect use case for AI because it helps sales with a tedious but essential task. We need more solutions like this!”

AI and machine learning: Development

Finalists

  • Clarifai
  • Sony Semiconductor Solutions AITRIOS
  • Trustwise Optimize:ai

Winner

  • Optimize:ai

From the winner

Trustwise is building the trust layer to AI, ensuring that generative AI applications are reliable, safe, and efficient. Trustwise’s flagship product, Optimize:ai, empowers enterprises to confidently adopt AI solutions, knowing they are optimized for safety, cost, and compliance. Delivered as a single API, Optimize:ai is a first-of-its-kind generative AI application performance and risk management API that provides a robust AI safety, cost, and risk optimization layer for high-stakes enterprise environments. By rigorously stress testing and optimizing generative AI workloads using its advanced APIs, datasets, and AI safety and alignment controls, Trustwise safeguards enterprises from potential AI failures, excessive costs, and growing environmental concerns.

From the judges

“This is something every AI business would need. As ESG efforts are scrutinized, given how power-hungry AI systems are, this will be the tool that AI companies would want to embrace.”

AI and machine learning: Models

Finalist

  • Iterate.ai Interplay-AppCoder LLM

Winner

  • Interplay-AppCoder LLM

From the winner

Interplay-AppCoder LLM is a high-performing code generation model. It excels in producing clear, functional code for generative AI projects. Scoring high on the ICE benchmark test, the model has been fine-tuned with advanced AI libraries and frameworks, delivering practical solutions for complex coding tasks. Examples include Python scripts for YOLOv8, Vertex AI, and LangChain. Interplay- AppCoder LLM represents a significant advance in AI-driven code generation, enhancing enterprise project efficiency and capability.

From the judges

“This AI model enables enterprises to accelerate software development while ensuring functional accuracy, reducing human error, and enhancing productivity through innovative code-generation technology.”

API management

Finalists

  • Hasura Data Delivery Network
  • Solo.io Gloo Gateway
  • Postman API Platform

Winner

  • Hasura Data Delivery Network

From the winner

The Hasura Data Delivery Network (DDN) is an industry-first, metadata-driven solution that lets users fetch only the data they need from enterprise sources and deliver it to any client or user worldwide quickly, securely, and reliably. It gives them rich self-serve composability via a unified API, and makes the effort of building and operating such a delivery network for data trivial. Hasura DDN features modularized metadata, enabling domain teams to manage and iterate on just their team’s metadata in independent repositories. This lets teams enjoy the benefits of metadata-driven APIs—such as automation, governance, and standardization—in a multidomain environment.

From the judges

“The Hasura Data Delivery Network stands out … It is the first metadata-driven solution that lets users grab data they need and deliver it to any client or user anywhere quickly and reliably while maintaining security.”

Application management

Finalists

  • Mirantis k0smotron
  • wasmCloud

Winner

  • k0smotron

From the winner

k0smotron is a cutting-edge Kubernetes control plane designed to simplify and streamline cluster management for businesses of all sizes. Built on the robust foundation of k0s, an open source Kubernetes distribution, k0smotron offers unparalleled ease of use, scalability, and security. At its core, k0smotron provides a seamless and automated way to manage multiple Kubernetes clusters across private clouds, public clouds, bare metal, edge infrastructure, and hybrid arrangements. It eliminates the complexities, inefficiencies, and de facto lock-in typically associated with traditional cluster management on single infrastructures. k0smotron’s user-friendly interface and comprehensive documentation make it accessible even to those with limited Kubernetes experience.

From the judges

“k0smotron brings a fresh, smart way to manage Kubernetes more efficiently. … It’s a clever improvement that makes existing systems work much better.”

Application networking

Finalist

  • The Istio Authors/Cloud Native Computing Foundation Istio Ambient Mode

Winner

  • Istio Ambient Mode

From the winner

Ambient Mode is a new functionality within the popular open source service mesh project Istio. It provides a new deployment model and data plane architecture, free from the constraint of traditional, resource-intensive sidecars deployments. Ambient Mode focuses on delivering an open source service mesh experience that is secure, yet simplified and performant, helping reduce resourcing and cost requirements while helping enterprises expedite their workload migration to a microservices-based architecture. Benefits include: tailored deployment choices for Layer 4 (L4) and Layer 7 (L7); cost and operational optimization to help reduce resource and operational expenses; and zero-trust security for sidecar-less architecture.

From the judges

“A simpler approach to the service mesh that does away with sidecars, dramatically reducing resource overhead, infrastructure costs, and operational complexity, while improving application performance and preserving support for zero-trust security.”

Application security

Finalists

  • Contrast Security Application Detection and Response
  • OpenText Cybersecurity Fortify Aviator
  • VMware by Broadcom VMware vDefend Advanced Threat Prevention

Winner

  • VMware vDefend Advanced Threat Prevention

From the winner

VMware vDefend Advanced Threat Prevention (ATP) is an auto­mated, distributed, and enter­prise-wide solution for preventing advanced threats. It combines multiple detection technologies— Intrusion Detection, Network Sandboxing, and Network Traffic Analysis—with aggregation, cor­relation, and context engines via Network Detection and Response. Threat prevention, as well as re­stricting lateral movement, are enabled through distributed and/ or gateway firewall and intrusion prevention. VMware vDefend ATP combines alerts across different assets into a single campaign, providing comprehensive re­al-time threat visibility. This allows incident response teams to quickly understand the scope of a threat and prioritize its response.

From the judges

“Great concept offering an automated, distributed, and enterprise-wide solution for preventing advanced threats.”

Business intelligence and analytics

Finalists

  • Culture15
  • insightsoftware Logi Symphony
  • Pecan AI

Winner

  • Pecan AI

From the winner

Pecan revolutionizes predictive analytics with its automated, AI-driven solution that empowers businesses to create and implement predictive models from raw data, with no data science expertise required. Some exciting features of Pecan include automated model build­ing, an AI assistant for chat-based guidance, SQL code generation, streamlined data integration, and single-click deployment. Pecan stands out by democratizing AI and enabling rapid experimenta­tion. It equips data analysts and business teams across sales, marketing, supply chain, and finance to harness AI for lead scoring, demand forecasting, campaign optimization, and revenue projection. Offered as a subscription service, Pecan prior­itizes data security with top-tier certifications.

From the judges

“Its automation of complex processes accelerates time-to-value and reduces reliance on specialized personnel, offering strong business impact through scalability and cost-efficiency.”

Cloud backup and disaster recovery

Finalists

  • Backblaze B2 Cloud Storage
  • Cayosoft Guardian Forest Recovery
  • Clumio AWS Backup as a Service

Winner

  • Cayosoft Guardian Forest Recovery

From the winner

Designed to protect businesses from costly Microsoft Active Directory (AD) outages that cripple operations and infrastructure, Cayosoft Guardian Forest Recovery is the industry-first, patent-approved AD backup and recovery solution that guarantees instant AD forest recovery for all Microsoft environments. No other solution delivers instant AD recovery, and Cayosoft helps customers achieve it by maintaining an up-to-date standby forest in an isolated cloud, replicating an organization’s AD in an uncompro­mised and clean environment, ready to be called upon if an AD outage occurs. No compa­ny’s AD is off-limits, and rapid recovery is more important than ever before.

From the judges

“This product addresses a real need of this community. Businesses that can recover AD faster will be more efficient and resilient.”

Cloud compliance and governance 

Finalists

  • Kion
  • LightBeam.ai LightBeam PrivacyOps

Winner

  • LightBeam PrivacyOps

From the winner

LightBeam PrivacyOps converges data security, privacy, and AI gover­nance, so businesses can secure their data across cloud, SaaS, and on-prem locations. Leveraging generative AI, PrivacyOps ties together sensitive data cataloging, control, and compliance across structured (databases), unstruc­tured (file repositories), and semi-structured (ticketing systems) applications. PrivacyOps aims to create a secure, privacy-first world by helping customers automate compliance against a patchwork of regulations. Its ability to continu­ously monitor applications, includ­ing Microsoft 365, Google Work­space (formerly G Suite), ServiceNow, Snowflake, Amazon RDS, Amazon S3, and various data­bases and file repositories, alerts customers to issues in real-time and can automatically delete, redact, or archive sensitive data.

From the judges

“Works across multiple platforms (SaaS, cloud, etc.). … LightBeam’s AI platform detects sensitive data hiding in images, screenshots, HTML pages, and JSON objects, along with text and documents.”

Cloud cost management

Finalists

  • CloudBolt Software CloudBolt Platform               
  • Hyperglance
  • Kubecost

Winner

  • CloudBolt Platform        

From the winner

The CloudBolt Platform is what some analysts call a third-generation finops solution. CloudBolt differentiates through its leadership in Augmented FinOps. Leveraging a sophisticated data layer, the platform enables AI/ ML-driven actions to remedy discov­ered inefficiencies and anomalies and proactively prevent issues from occurring in the first place by applying intelligent automation and orchestra­tion. CloudBolt does this across an organization’s entire IT estate, including all major public clouds, private clouds, and data centers. Leveraging the FinOps Foundation’s FOCUS data spec, CloudBolt can apply AI/ML to rationalize all cost information across an entire cloud fabric to provide advanced functions like optimal workload placement, granular unit cost, and accurate forecasting.

From the judges

“CloudBolt’s ability to apply AI/ML to rationalize all cost information across an entire cloud fabric and its ability to provide advanced functions like optimal workload placement … and accurate forecasting excites me. FinOps rocks, and this looks like a solid product.”

Cloud security

Finalists

  • Gigamon Precryption technology
  • Okta Identity Security Posture Management
  • Sentra Data Security Posture Management Platform

Winner

  • Okta Identity Security Posture Management

From the winner

Okta Identity Security Posture Management (ISPM) proactively identifies vulnerabilities and identity security gaps across Okta, third-party identity providers, and cloud and SaaS environments. With ISPM, companies can contin­uously assess their identity risk posture, uncover critical miscon­figurations and gaps—like inconsistent MFA enforcement and account sprawl—and prioritize and remediate the most pressing issues based on risk severity. ISPM empowers security and IT teams with a proactive, end-to-end identity security posture coverage solution—minimizing the attack surface and improving continu­ous compliance. The outcome? Lower risk and cost of identity-related attacks and breaches, and improved business efficiency.

From the judges

“Uses multiple technologies to understand vulnerabilities and gaps. ISPM delivers a dashboard of adherence to security frameworks, reducing the need for compliance audits and increasing confidence in security posture.”

Data management: Databases 

Finalists

  • Cockroach Labs CockroachDB                
  • Couchbase Capella Database-as-a-Service     
  • SingleStore Data Platform          

Winner

  • SingleStore Data Platform          

From the winner

Designed for building intelligent applications, SingleStore is the world’s only real-time data plat­form that can read, write, and reason on peta­byte-scale data in a few milliseconds—enabling customers to make timely decisions to achieve the best performance, and the makers of the world to unlock their creativity and innovation. As the fastest real-time data platform on the market, SingleStore is crucial for generative AI applications. SingleStore leads the data technology industry in empowering users to transact, analyze, and search the most recent and up-to-date data avail­able, even if it changes in a millisecond.

From the judges

“A comprehensive platform for diverse workloads. … It’s an ideal solution for businesses that require fast, scalable data storage and processing without sacrificing flexibility or performance.”

Data management: Governance

Finalists

  • Baffle Data Protection 
  • Casper Labs Prove AI
  • Solix Technologies Solix Common Data Platform            

Winner

  • Baffle Data Protection 

From the winner

Baffle is the easiest way to protect sensi­tive data. We are the only security platform that cryptographically protects the data itself as it’s created, used, and shared across applications, analyt­ics, and AI. Baffle’s no-code solution masks, tokenizes, and encrypts data without requiring any applica­tion changes or impact to the user experi­ence. With Baffle, enterprises easily meet compliance controls and security mandates, and reduce the effort and cost of protecting sensitive information to elimi­nate the impact of data breaches.

From the judges

“Data is cryptographically protected when it is created, used, and shared across applications, analytics, and AI. This is a great differentiator.”

Data management: Integration

Finalists

  • Airbyte Open Source, Airbyte Cloud, and Airbyte Enterprise     
  • SnapLogic Intelligent Integration Platform            
  • Tray.ai Tray Universal Automation Cloud              

Winner

  • Tray Universal Automation Cloud            

From the winner

The Tray Universal Automation Cloud is a compos­able AI integration and automation platform for enterprises to achieve a step-function business performance increase with AI implementations. Teams can deliver integration, automation, and API projects faster and more efficiently using low-code and AI-augmented development and infuse and integrate AI into every aspect of their business. Tray’s unified environment sets it apart: From a single integration development environment, teams manage all activities—data integration, process automation, API development, and tech stack connectivity. This streamlines processes, enhances consistency and reduces potential points of failure so teams can move fast from prototype to production.

From the judges

“This platform shows strong potential to enhance a company’s technological capabilities across infrastructure, application layers, and data processing. Tray.ai significantly reduces operational costs and improves development velocity, which has a direct impact on business operations.”

Data management: Pipelines

Finalists

  • Apica Ascent Platform 
  • Coalesce.io Coalesce

Winner

  • Apica Ascent Platform 

From the winner

Apica keeps enterprises operating by providing full-stack visibility. The Ascent Platform delivers advanced telemetry, data management, and active observ­ability, enabling organizations to detect and resolve modern data challenges. Today, business operations depend on understanding the health of multicloud, hybrid, and on-premises environments to keep business-critical applications and systems online while providing an optimal user experience. Apica delivers a unified view of all information for the entire technology stack, helping reduce, prevent, and resolve outages. With the Ascent Platform, you can collect, opti­mize, store, transform, route, and replay your observability data, however, whenever, and wherever you need it.

From the judges

“The Apica platform stands out in technological advancements, particularly in the synthetic monitoring and dynamic scaling through the Kubernetes services. Also, it provides on-prem installation options, which is a good addition.”

Data management: Streaming

Finalist

  • Confluent Cloud

Winner

  • Confluent Cloud

From the winner

Confluent Cloud is the only complete data streaming platform on the market, so businesses can connect, stream, govern, and process their data in one place. Confluent Cloud eliminates the complexities of managing open source Apache Kafka and Apache Flink, a powerful stream processing technol­ogy, to unify disparate data systems and scale effort­lessly from managing a few applications to serving as a company-wide central nervous system. With Stream Governance, the only fully managed data governance suite for Apache Kafka, and more than 80 fully managed connectors, Confluent makes it easy to protect and connect data across the organization.

From the judges

“The unique offering by Confluent to have streaming and processing together, along with integration with connectors and libraries, will drastically reduce development and maintenance of the systems.”

Devops: Analytics

Finalist

  • Azul Intelligence Cloud

Winner

  • Azul Intelligence Cloud

From the winner

Azul Intelligence Cloud is a cloud analytics solution that provides actionable intel­ligence from production Java runtime data to dramatically boost developer productivity. It pinpoints what code actually runs to efficiently prioritize vulnerable code for remedia­tion (Vulnerability Detection) and unused and dead code for removal (Code Inventory). It works with any JVM from any vendor or distribution, including Azul Zulu and Zing Builds of OpenJDK, Oracle JDK, Amazon Corretto, Microsoft Build of OpenJDK, Red Hat Build of OpenJDK, and Eclipse Temurin, to dramatically slash time from unproductive tasks across an enterprise’s entire Java estate and free up developers for more important business initiatives.

From the judges

“Azul Intelligence Cloud is … like a smart assistant that watches how your Java programs work and suggests ways to improve them. It’s a new and exciting way to optimize Java programs, using real-time data to make smart decisions.”

Devops: CI/CD

Finalists

  • Buildkite Pipelines
  • Harness CI/CD
  • amazee.io, a Mirantis Company Lagoon              

Winner

  • Harness CI/CD

From the winner

Harness Continuous Integration and Continuous Delivery redefines efficiency in the market with its blazing speed, robust security, and cost-effectiveness, achieved through smart caching, optimized test execution, and well-tuned cloud-build machines. It empowers teams with a streamlined, script-free platform, ensuring faster and more reliable software delivery that meets compliance needs without impeding innovation. Harness offers a fast, secure, and easy-to-manage software delivery platform with AI integrated throughout the software development life cycle.

From the judges

“Harness does shine in most aspects and some beyond the core CI/CD. Using AI to optimize the build and provide insights is quite useful.”

Devops: Code quality

Finalist

  • Sonar SonarQube Server             

Winner

  • Sonar SonarQube Server

From the winner

Whether human-written or AI-generated, it’s essential for code to be carefully and accurately checked for quality and security. SonarQube Server, an open source, self-managed tool, offers a streamlined solution for fixing and avoiding code errors at the start of the development process. It’s not focused on symptoms—it gets at the source to prevent issues in the first place. It provides automatic and efficient real-time code analysis, flagging and explaining issues as they are detected, to arm developers with the right resources to produce clean code. SonarQube Server allows developers to safely harness the power of AI while minimizing risk.

From the judges

“SonarQube is like a spell checker for your code, but it can do much more than just find typos. It can check your code for many different problems, like security vulnerabilities, bugs, and poor code quality. Overall, SonarQube is a highly valuable tool that can help businesses improve their software development process.”

Devops: Observability

Finalists

  • Dynatrace Platform        
  • Grafana Labs Grafana Cloud    
  • Honeycomb.io Honeycomb      

Winner

  • Dynatrace Platform        

From the winner

In today’s digital landscape, organizations need solutions that tackle cloud complexity, turning data into actionable insights for secure, high-performance digital environments. That’s where Dynatrace comes in. Its observ­ability and security platform provides end-to-end visibility into IT environments, offering comprehensive monitoring of applications, microservices, infrastructure, and end-user experience. What sets Dynatrace apart is its Davis AI engine. Leveraging causal, predictive, and generative AI, Davis analyzes billions of dependencies in real time, detecting anomalies, pinpointing root causes, and providing actionable insights without human intervention. This automation reduces mean time to resolution and eliminates operational blind spots, allowing teams to focus on innovation.

From the judges

“Dynatrace has a deep understanding of observability tech unlike any other and is now innovating with AI models for full-stack observability.”

Devops: Productivity

Finalist

  • Gradle Develocity

Winner

  • Develocity

From the winner

Develocity is Gradle’s platform for improving developer pro­ductivity and happiness. It’s the leading enabling technolo­gy for Developer Productivity Engineering (DPE), a practice pioneered by Gradle that views developer productivity as a technology challenge best addressed by engineered solutions, rather than a people problem. It focuses on process bottlenecks that most nega­tively impact the developer experience, including the toil and frustration associated with a lack of observability into build performance and failure root causes, slow builds, and inefficient troubleshooting. Develocity achieves this through a combination of cutting-edge acceleration technologies to maximize build and test performance.

From the judges

“The tech continues to be impactful in improving developer productivity so that features can be delivered to market quickly. Analytics and other dashboards provide insights into where the bottlenecks are across all systems.”

Devops: Security

Finalists

  • Backslash Security Backslash SAST&SCA          
  • Harness Security Testing Orchestration
  • Chainguard Images       

Winner

  • Harness Security Testing Orchestration

From the winner

Harness Security Testing Or­chestration (STO) is shift-left security built for customers’ pipelines and designed for developers. STO integrates with over 40 commercial and open source security scanners, allowing customers the flexibili­ty of running their preferred scanners without the complexi­ty of managing them as a set of individual tools. STO orches­trates tests anywhere across build pipelines and normalizes, deduplicates, and prioritizes vulnerabilities, thus reducing the vulnerability count in many cases by over 90%. By enabling a proactive application security testing approach, STO reduces the risk of vulnerabilities mak­ing it into production and greatly decreases engineering toil associated with remedia­tion rework.

From the judges

“There are several innovations here that can improve security for many devops teams, including the use of Harness AIDA (AI development assistance) to generate detailed, prescriptive remediation guidance that helps developers rapidly fix security issues in their code.”

Software development: Platforms

Finalists

  • Backstage Project Authors/Cloud Native Computing Foundation Backstage   
  • Crowdbotics Platform  
  • Onfleet

Winner

  • Backstage           

From the winner

Backstage is an open source framework developed by Spotify and donated to the CNCF. It centralizes tools, services, and documenta­tion behind a single pane of glass. Backstage helps manage the complexities found in a scaling developer workforce by providing developers a uniform over­view of all their resources, regardless of how and where they are running. It also allows the creation of new resources, such as back-end services running in Kubernetes, with a few clicks of a button, all without having to leave the Backstage interface. Backstage’s biggest value is its ability to improve developer effectiveness by reducing friction.

From the judges

“Backstage has significantly transformed the developer experience by centralizing tools and simplifying workflows, leading to improved efficiency and faster onboarding. Its open source nature encourages continuous innovation, allowing it to evolve rapidly with contributions from a thriving community.”

Software development: Tools

Finalists

  • AudioEye Accessibility Testing SDK
  • The Dapr Authors/Cloud Native Computing Foundation Dapr 
  • Vercel v0

Winner

  • Vercel v0       

From the winner

Vercel v0 is the first tool that lets developers build an actual UI from scratch using nothing but text. These aren’t designs or visual representations of a UI. This is real code you can drop into your codebase and start serving to users. v0 was created to help anyone bring a website to life [regardless of] their level of technical knowl­edge. When building new products—whether you’re a Fortune 100 enterprise, an indie developer, or completely new to cod­ing—staring at a blank screen is overwhelming. v0 is an ideation partner as you take a feature idea from your head, describe it in simple terms, and bring it to the web.

From the judges

“The models implemented within the solution are highly specialized and tailored to the specific problem domain, which ensures that the system operates with precision and delivers optimal results.”

About the judges

Stan Gibson is an award-winning editor, writer, and speaker, with 40 years’ experience covering information technology. Formerly executive editor of eWEEK and PC Week, and senior editor at Computerworld, he is currently adjunct analyst at IDC. As principal of Stan Gibson Communications, he writes for many websites, including CIO.com, and is a popular host for online events.

Kieran Gilmurray is CEO of Kieran Gilmurray and Company, a globally recognized authority on AI, automation, and digital transformation. Kieran has authored two influential books and hundreds of articles that have shaped industry perspectives. His expertise has earned him 10 prestigious accolades, including being named a Top 50 Global Thought Leader and Influencer on Generative AI in 2024, a Best LinkedIn Influencer for AI and Marketing, and one of the World’s Top 200 Business and Technology Innovators.

Rich Heimann is a machine learning and AI leader whose former titles include Chief AI Officer, Director of AI, Chief Data Scientist and Technical Fellow, and adjunct professor. He is the recent author of Generative Artificial Intelligence Revealed: Understanding AI from Technical Depth to Business Insights to Responsible Adoption.

Arun Krishnakumar is an ecommerce expert, author, and masterclass instructor. With extensive experience as a product engineer, he has built impactful products for multibillion-dollar international brands used by millions of users. He specializes in leveraging a data-driven approach to fuel growth, customer acquisition, retention, and user adoption for consumer products. His work centers on enhancing digital experiences and empowering ecommerce platforms to drive growth through optimized product strategy and user engagement across online and offline touchpoints.

Gaurav Mittal is a seasoned IT manager with 18+ years of leadership experience, adept at guiding teams in developing and deploying cutting-edge technology solutions. Specializing in strategic IT planning, budget management, and project execution, he excels in AWS Cloud, security protocols, and container technologies. Gaurav is skilled in Java, Python, Node.js, and CI/CD pipelines, with a robust background in database management (Aurora, Redshift, DynamoDB). His achievements include substantial cost savings through innovative solutions and enhancing operational efficiency. Gaurav is recognized for his leadership, problem-solving abilities, and commitment to delivering exceptional IT services aligned with organizational goals.

Priyank Naik is a principal engineer with 20 years of experience in the financial industry, specializing in building complex, real-time, distributed, cloud-enabled systems for front office operations, risk management, and fixed income research.

Peter Nichol is chief technology officer at OROCA Innovations. He is a 4x author, MIT Sloan, and Yale School of Management speaker dedicated to helping organizations connect strategy to execution to maximize company performance. His career has focused on driving and quantifying business value by championing disruptive technologies such as data analytics, blockchain, data science, and artificial intelligence. He was a contributing author for CIO magazine and has been recognized for digital innovations by CIO100, MIT Sloan, BRM Institute, Computerworld, and PMI.

Anton Novikau is a seasoned software development leader with eight years of experience spearheading innovative educational technology solutions. As Head of Mobile Development at Talaera, an EdTech startup, Anton drives the technical vision and execution of transformative learning experiences while pioneering AI integration across the company’s product suite. His expertise spans full-stack development, cloud architecture, and leveraging artificial intelligence to enhance educational outcomes. Anton’s contributions to the field extend beyond product development through published scientific articles exploring the intersection of software engineering, artificial intelligence, and education.

Shafeeq Ur Rahaman is an accomplished leader in data analytics and digital infrastructure, with over a decade of experience creating transformative, data-driven solutions that optimize business performance. Currently serving as the Associate Director of Analytics & Data Infrastructure at Monks, Shafeeq oversees advanced data pipeline automation, cloud architecture implementation, and strategic analytics initiatives. Recognized for his technical expertise and dedication to ethical data governance, Shafeeq brings a deep understanding of emerging technology trends and innovative applications to his role as a judge for the InfoWorld Technology of the Year Awards.

Rahul Patil, hailing from the vibrant city of New York, is a seasoned professional in the tech industry with 17 years of extensive experience. Currently working at a hedge fund, he has honed his skills in back-end development with a particular focus on Java. His deep passion for technology drives him to constantly explore and utilize cloud-native services like AWS and GCP. Rahul’s dedication to his craft and his commitment to staying on the cutting edge of technological advancements truly set him apart as a remarkable technologist.

Kautilya Prasad is an accomplished digital experience platform expert. With over 17 years of experience in leading digital transformation projects for multiple Fortune 500 customers, he stands at the intersection of artificial intelligence, digital experience, and data analytics, crafting solutions that enhance customer experiences. He actively engages in peer reviews, shaping the discourse around emerging technologies. He has been awarded Most Valuable Professional multiple times for his extraordinary contributions to the digital experience community. Kautilya regularly shares his thoughts by speaking at various events on topics like customer experience, ecommerce, and the impact of AI in digital marketing.

Ramprakash Ramamoorthy leads the AI efforts for Zoho Corporation. Ramprakash has been instrumental in setting up Zoho’s AI platform from scratch. He comes with a rich 12+ years of experience in building AI for the enterprises at Zoho Corp., where the AI platform currently serves over 5 billion requests per month and is growing strong. Ramprakash is a passionate leader with a level-headed approach to emerging technologies, and a sought-after speaker at technology conferences.

Monika Rathor is a lead application engineer at Level Home, where she is building smart home solutions with smart access, automation, and building intelligence solutions that improve apartment living and management in the most impactful, cost-effective way possible. She is also a performance improvement enthusiast, driven to achieving optimizations like cutting latency from 200ms to just 50ms. Monika also loves mentoring her team, helping them grow and learn. Before Level Home, Monika was at Meta, improving WhatsApp’s user integrity features. At Akamai, she had some big wins like boosting GraphQL caching hit ratios and making edge performance even better.

Isaac Sacolick is the president and founder of StarCIO, with the mission of guiding organizations in developing core competencies for digital transformation through its leadership, learning, and advisory programs. A lifelong technologist, Isaac has served in startup CTO and transformational CIO roles, then founded StarCIO believing that agile ways of working, product management, and AI/data-driven practices can empower diverse teams to drive digital transformation. Isaac is a writer, keynote speaker, and author of two books: the Amazon bestseller Driving Digital, a playbook for leading digital transformation, and Digital Trailblazer, where he shares dramatic stories and 50 lessons for transformation leaders.

Scott Schober is the president and CEO of Berkeley Varitronics Systems, a 50-year-old, New Jersey-based provider of advanced, world-class wireless test and security solutions. He is the author of three best-selling security books: Hacked Again, Cybersecurity is Everybody’s Business, and Senior Cyber. Scott is a highly sought-after author and expert for live security events, media appearances, and commentary on the topics of ransomware, wireless threats, drone surveillance and hacking, cybersecurity for consumers, and small business. He is often seen on ABC News, Bloomberg TV, Al Jazeera America, CBS This Morning News, CNN, Fox Business, and many other networks.

(image/jpeg; 0.38 MB)

Azure hardware innovations and the serverless cloud future 12 Dec 2024, 1:00 am

Microsoft uses its events to lift the hood on Azure’s hardware and the infrastructure it uses to manage and run its services. Ignite 2024 was no different. Azure CTO Mark Russinovich’s regular Inside Azure Innovations presentation went into some detail about how Microsoft is working to make its data centers more efficient.

Data center efficiency is becoming critically important, as hyperscalers like Azure are now a significant part of the load on the network, especially with the power requirements of large generative AI models such as ChatGPT. Much of that load is part of the cost of training AIs, but inference has its own costs. Microsoft has made ambitious climate goals, and increasing data center efficiency is key to meeting them.

Under the hood with Azure Boost

Filling a data center with racks of servers isn’t the best way to run them. Azure and other cloud platforms have a different view of their hardware than we do, treating them as discrete elements of compute, networking, and storage. These are put together in the basic building blocks of the service, virtual machines. No one gets direct access to the hardware, not even Microsoft’s own services; everything runs on top of VMs that are hosted by a custom Windows-based Azure OS.

But virtual machines are software, and that makes it hard to optimize the stack. Microsoft and its cloud competitors have been working to remove these dependencies for years, using the Open Compute Project to share hardware solutions to data center problems. Some of Microsoft’s solutions have included external controllers for NVMe memory and hardware-based network compression tools.

Inside Azure, Microsoft has been developing hardware-based tools to offload functionality from its Azure Hypervisor, with a range of improvements it’s calling Azure Boost. This adds a new card to its servers hosting networking and storage functions, as well as improved I/O capabilities. Azure Boost sits outside the tenant boundaries, so its functions can be shared securely by everyone using the same server to host VMs.

More FPGAs in the cloud

Russinovich showed one of the first production cards, built around an Intel Agilex FPGA. Using FPGAs for hardware like this allows Microsoft to develop new versions of Azure Boost and deploy it to existing servers without requiring new cards and extended downtime. The card itself runs Azure Linux (the new name for CBL-Mariner) on a set of Arm cores.

Azure Boost hardware has several distinct roles focused on improving VM performance. One use is to accelerate remote storage, delivering it via hardware NVMe interfaces rather than hypervisor-managed SCSI. The result is a significant speed improvement, offering 15% more IOPS and 12% higher bandwidth. Although it may not seem to be as much as it could be, when you’re dealing with a data center’s worth of VMs and remote storage, Azure Boost allows Microsoft to run more virtual machines on the same hardware.

Many Azure VMs use local storage, and Azure Boost has even more of an effect here, especially when hosting Kubernetes or similar containerized workloads. Performance jumps from 3.8M IOPS to 6.6M, and storage throughput from 17.2GBps to 36GBps. It’s not just storage that gets a boost, overall network performance through Azure Boost’s dual top-of-rack links now allows up to 200Gbps throughput, which is a nine-times improvement.

One of the key requirements for a cloud data center is making sure that all hardware is used as much as possible, with minimum downtime for infrastructure updates. Azure Boost helps here too, avoiding must-move workloads between servers for a simple update to server network hardware.

Russinovich demonstrated updating the network stack on Azure Boost, which can be done in under 250ms, with minimal network freeze and no effect on current connections. At the same time, Azure Boost can host complex software-defined networking rules, speeding up complex policies. The aim here is to be able to scale out the networking stack on demand.

Improving Azure’s networking hardware

Dynamic scaling of the Azure networking stack starts with custom smart switch hardware, based on Microsoft’s SONiC software-defined networking (SDN) stack. Azure is now deploying its own SDN hardware, using this new smart switch software, Dash, with custom data processing units (DPUs) to offload processing. This allows the SDN appliance to manage more than 1.5 million connections per second. To increase performance, all Azure needs to do is add more DPUs to its SDN appliances, ready to support demand.

Hardware innovations like these support software innovations and how Microsoft runs its platforms. As Russinovich noted, “We believe the future of cloud is serverless,” and hardware features like these allow Azure to quickly add capacity and instances to support serverless operations. I recently wrote about one of these new features, Hyperlight, which Russinovich described in his Ignite session. Other tools he touched on included Dapr, Drasi, and Radius.

Supporting secure cloud workloads at scale

One area these technologies are being used in is Azure Container Instances (ACI), Microsoft’s managed serverless Kubernetes. Here you’re using a new version of Azure’s virtual node technology to create standby node pools to support bursty workloads, adding capacity as needed.

ACI’s virtual nodes can be connected to Azure Kubernetes Service to scale out Kubernetes workloads without the expense associated with having scaling nodes ready to run. The new standby nodes in this mode allow Kubernetes to launch new containers quickly. Russinovich showed a demo of ACI launching 10,000 pods in around 90 seconds.

One interesting feature of ACI is that its pods are designed to be what Russinovich calls “hostile multitenant safe.” Workloads running on the same pod are isolated from one another, so you can use this technique to support many different users. The implication, of course, is that this is how Microsoft runs many of its Azure services as well as its serverless Azure App Service application platform. It’s likely how other non-Microsoft services take advantage of Azure’s scale. You can see this tool being used by big customers like OpenAI to host inferencing instances for ChatGPT and other services.

Another ACI feature Russinovich detailed was NGroups. NGroups allow you to group together sets of containers and then manage them as a group. For example, you can use NGroups to set up a deployment of an application across several availability zones. If one fails, it will automatically restart, reducing the amount of management code you need to deploy for an ACI application. Interestingly ACI and NGroups are going to be a target for the Radius application definition and deployment framework, taking it beyond its Kubernetes roots.

Keeping computing confidential

Russinovich described a set of new confidential computing features, starting with a new addition to Azure’s server hardware. Until recently Microsoft had relied on third-party hardware security modules (HSMs) to manage keys. It has now introduced its own integrated HSM, which has a local interface for VM guest OSes. This ensures keys are never exposed when they cross the hypervisor boundary or left in the virtual machine memory where they could be recovered after a VM has been shut down.

At the same time, Microsoft is extending its confidential computing trusted execution environments (TEEs) to GPUs. Here GPU code runs in its own TEE alongside a trusted VM. Data is exchanged via encrypted messaging channels. This approach secures OpenAI inference as part of what Microsoft calls OpenAI Whisper. Here the entire inference process is encrypted, from your prompt to the GPU and back again.

Using Azure to share data confidentially

The same basic architecture hosts Azure Confidential Clean Rooms, where organizations can secure both code and data, allowing them to share functionality without exposing data to each other.

So, if I am a company with an AI model, and a customer wants to fine-tune the model with their own confidential data, I can set up a clean room with explicit policies for what can be done inside its encryption. My customer uploads their data encrypted with the clean room’s keys and runs an operation on both my data and theirs.

If the operation is approved by the clean room policies, it’s run, delivering the results to where the policies require. If it’s not, it’s blocked. The idea is that data can be shared without being exposed, and results are delivered only to the party that runs a trusted operation on that shared data. The resulting fine-tuned model can then be evaluated by the AI company before being delivered to their customer.

There’s a lot to unpack around Azure Confidential Clean Rooms, but at first glance, they appear to be an intriguing answer to questions about sharing data in highly regulated environments, for example allowing two sides in a legal dispute to work on the same set of e-discovery data without either side knowing how the other is using that data. Similarly, two companies involved in a merger or an acquisition could use a Confidential Clean Room to share sensitive business data without exposing customer data or other commercially sensitive data.

Russinovich’s Ignite sessions are one of the highlights of the conference. It’s always interesting to learn about the infrastructure behind the Azure portal’s web pages. Beyond that, lifting the hood on Azure also allows us to see what’s possible beyond simply lifting and shifting existing data center workloads to the cloud. We’re getting ready for a serverless future and what we can build with it.

(image/jpeg; 5.85 MB)

How to chunk data using LINQ in C# 12 Dec 2024, 1:00 am

Language-Integrated Query, or LINQ for short, brings a query execution pipeline directly into C# and the managed environments of .NET Framework and .NET Core. LINQ provides several ways to execute queries and handle complex data manipulation tasks. Chunking is one feature of LINQ that simplifies the way you manage collections.

In this article, we’ll examine chunking in LINQ with code examples in C# to illustrate the concepts. To work with the code examples provided in this article, you should have Visual Studio 2022 installed in your system. If you don’t already have a copy, you can download Visual Studio 2022 here.

Create a console application project in Visual Studio 2022

First off, let’s create a .NET Core 9 console application project in Visual Studio 2022. Assuming you have Visual Studio 2022 installed, follow the steps outlined below to create a new .NET Core 9 console application project.

  1. Launch the Visual Studio IDE.
  2. Click on “Create new project.”
  3. In the “Create new project” window, select “Console App (.NET Core)” from the list of templates displayed.
  4. Click Next.
  5. In the “Configure your new project” window, specify the name and location for the new project.
  6. Click Next.
  7. In the “Additional information” window shown next, choose “.NET 9.0 (Standard Term Support)” as the framework version you would like to use.
  8. Click Create.

We’ll use this .NET 9 console application project to work with chunking in LINQ in the subsequent sections of this article.

The Chunk extension method in LINQ

Chunking is a feature of LINQ that splits a collection into chunks of fixed sizes. This can greatly help in improving performance of your application in several use cases such as paging and batch processing, or whenever you are handling a large data set that would take a long time to load and consume a lot of memory. Instead of loading a large data set in the memory all at once, you can take advantage of chunking to split the collection into chunks and then load or process these chunks as needed.

To implement chunking in C#, you can take advantage of the Chunk() extension method in LINQ. This method belongs to the System.Linq namespace and returns an enumeration of arrays that contain the sliced pieces of the main array. You can use the Chunk extension method in LINQ to write code that is efficient, performant, and maintainable.

The Chunk extension method is defined in the System.Linq namespace as follows:


public static System.Collections.Generic.IEnumerable Chunk (this System.Collections.Generic.IEnumerable source, int size);

The Chunk extension method accepts two parameters: the data source or collection to be chunked and the size of each chunk. Here, TSource is the main array and size refers to the maximum size of each chunk created from the main array.

Using Chunk to split an array of integers in C#

Let us understand this with a code example. Consider the following code, which uses the Chunk extension method to divide an array of integers into chunks of equal sizes.


int[] numbers = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 };
var chunks = numbers.Chunk(5);
int counter = 0;
foreach (var chunk in chunks)
{
    Console.WriteLine($"Chunk #{++counter}");
    Console.WriteLine(string.Join(", ", chunk));
}

In the preceding code example, we create an array of 15 integers, then use the Chunk method to split the array into chunks of equal sizes, i.e., five elements in this example. Finally, we display the integers contained in each chunk at the console.

When you execute the console application, the three chunks of five integers will be displayed in the console window as shown in Figure 1.

Chunk example in C#
Figure 1. Using the Chunk extension method in C# to split an array of integers.

IDG

Using Chunk to split a list of strings in C#

You can also use the Chunk method to split a list of strings as shown in the code snippet given below.


List numbers = new List
{ "USA","UK", "India", "France", "Australia", "Brazil"};
var chunks = numbers.Chunk(3);
int counter = 0;
foreach (var chunk in chunks)
{
    Console.WriteLine($"Chunk #{++counter}");
    Console.WriteLine(string.Join(", ", chunk));
}

When you run the preceding code example, two chunks of string data each containing three elements will be created and the text stored in each chunk will be displayed at the console window as shown in Figure 2.

Chunk example in C#
Figure 2. Using the Chunk method in C# to split a list of strings.

IDG

Using Chunk to process large files in C#

Chunking is beneficial whenever you’re handling large data sets or massive volumes of data. Chunking also comes in handy when processing large files, saving a lot of resources and time. You can take advantage of the Chunk extension method to split the contents of a file and then process it one chunk at a time. The following code snippet shows how you can split a large file into chunks of 100 bytes each and then display the file content at the console.


int size = 100;
var data = File.ReadLines(@"D:\largetextfile.txt");

foreach (var chunk in data.Chunk(size))
{
    Console.WriteLine($"Number of lines in the file is: {chunk.Count()}");
    Console.WriteLine("Displaying the file content:-");

    DisplayText(chunk);
}
void DisplayText(IEnumerable fileContent)
{
    foreach (var text in fileContent)
    {
        Console.WriteLine(text);
    }
}

Here the File.ReadLines method reads a file one line at a time without loading the entire file into the memory at once. By using the Chunk method, you can process the contents of the file one chunk at a time. In this example, the text contained in each chunk will be displayed at the console window as shown in Figure 3.

Chunk example in C#
Figure 3. Using the Chunk method in C# to split a large file for processing.

IDG

Working with Chunk

The Chunk extension method in LINQ enables you to split a data source into bite-sized chunks for processing, thereby improving resource utilization and application performance. However, you should keep the following points in mind:

  • If the collection being chunked is empty, the Chunk extension method will return an empty chunk but no exception will be thrown.
  • If the number of elements in the collection is not exactly divisible by the size of the chunk, the last chunk will contain the remaining data of the collection.
  • Additionally, if the size of the chunk is greater than or equal to the size of the collection being chunked, the Chunk method will return only one chunk of data.

If you plan on working with large data sets, or even the occasional large file, Chunk would be a very handy addition to your toolkit.

(image/jpeg; 10.11 MB)

Google unveils Gemini 2.0 AI model for agentic era 11 Dec 2024, 12:27 pm

Emphasizing a new AI model for the agentic era, Google has introduced Gemini 2.0, which the company calls its most capable model yet.

Announced December 11, the Gemini 2.0 Flash experimental model will be available to all Gemini users. Gemini 2.0 is billed as having advances in multimodality, such as native image and audio output, and native tool use. Google anticipates Gemini 2.0 enabling the development of new AI agents closer to the vision of a universal assistant. Agentic models can understand more, think multiple steps ahead, and take action on a user’s behalf, with supervision, Google CEO Sundar Pichai said

Gemini 2.0’s advances are underpinned by decade-long investments in a differentiated full-stack approach to AI innovation, Pichai said. The technology was built on custom hardware such as Trillium, which features sixth-generation TPUs (tensor processing units), which powered Gemini 2.0 training and inference. Trillium is also generally available to customers who want to build with it.

With this announcement, Google also introduced a new feature, Deep Research, which leverages advanced reasoning and long-context capabilities to act as a research assistant, exploring complex topics and compiling reports. Deep Research is available in Gemini Advanced.

While Gemini 1.0, introduced in December 2023, was about organizing and understanding information, Gemini 2.0 is about making the information more useful, Pichai said. In touting Gemini 2.0, Google cited Project Mariner, an early research prototype built with Gemini 2.0 that explores the future of human-agent interaction, starting with a browser. As a research prototype, it can understand and reason across information in a browser screen, including pixels and web elements like text, code, images, and forms, and then use that information via an experimental Chrome extension to complete tasks.

(image/jpeg; 2.09 MB)

Intro to Express.js: Advanced programming with templates, data persistence, and forms 11 Dec 2024, 1:00 am

In my previous article, I introduced you to building an HTTP server with Express.js. Now we’ll continue building on that example with a foray into more advanced use cases: a quick guide to using Express view templates and templating engines, persisting data with Express, and how to use Express with HTMX.

Templates in Express

View templates let you define the response output of an endpoint using HTML that has access to variables and logic. A template lets you write familiar HTML-like files that can access live data within an application. Templating is a time-tested approach to the server-side generation of views and Express supports many templating technologies.

One of the most popular templating engines in the JavaScript world is Pug. Here’s an example of a simple Pug template:


html
  body
    h1= quote

Picking up our sample application from the previous article, let’s save this template in a /views/index.pug file, then add the pug package to our app:


npm install pug

Now we can open our server.js and add the pug plugin as our view engine:


app.set('view engine', 'pug')

Then we add a mapping to the index.pug file we just created:


app.get('/', (req, res) => {
  res.render('index', { quote: 'That's no moon!' })
})

In the response to /, we create a property called index, which binds the associated data to the index template. The value of the property is a JSON object literal, with the quote property we used in the index.pug file.

When we visit localhost:3000/, we now get the following HTML response:


That's no moon!

Pug and similar templating tools are examples of domain-specific languages, or DSLs. Pug takes all the formalism of HTML and boils it down to a simple syntax. Our example also demonstrates Pug’s ability to reach into the live data of our JavaScript code and use the variables there. These two simple features open up a huge range of power. Although reactive front ends like React and Angular are popular, using something like Pug with Express can do everything you need with a simpler setup, faster initial load times, and inherent SEO-friendliness. Benefits like these are the reason many reactive frameworks use server-side generation as part of their template engine.

You can learn more about Pug’s syntax here and more about its interaction with Express here. We’ll also see more of Pug in action soon.

Persistent data with Express

Now let’s think about how to incorporate data persistence into our Express application. Persistence is an essential aspect of data-driven websites and applications and there are many different databases available to handle it, from SQL stores like Postgres to NoSQL options like MongoDB.

The recent integration of SQLite directly into Node.js makes it a very low-effort option, which is especially tempting for prototyping. You can learn more about the overall benefits and characteristics of SQLite in this article.

You don’t need to add SQLite with NPM if you are using the latest version of Node, though you may have to use the --experimental-sqlite flag depending on your Node version. You can import SQLite like so:


const DatabaseSync = require("node:sqlite").DatabaseSync;
const database = new DatabaseSync('db.sql'); 

And then create a database:


database.exec(`
CREATE TABLE IF NOT EXISTS quotes (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT, quote TEXT)
`);

We could insert some test rows like so:


insert.run('Obi Wan Kenobi', "That’s no moon!" );
insert.run('The Terminator', 'Hasta la vista, baby.');
insert.run("Captain Ahab", "There she blows!");

Now let’s create a way to make new quotes. First, we’ll need an endpoint that accepts requests with the data for new quotes, in server.js:


app.post('/quotes', (req, res) => {
  const { quote, author } = req.body;
  const insert = database.prepare('INSERT INTO quotes (name, quote) VALUES (?, ?)');
  insert.run(author, quote);
  res.redirect('/');
});

This tells Express to accept requests at /quotes, then parses and destructures the request body into two variables: quote and author. We use these two variables in a prepared statement that inserts a new row into the quotes database. After that, we redirect to the homepage, where the list of quotes (which we’ll build in a moment) can render the new item.

Update the views/index.pug to include a form, like so:


h2 Add a New Quote
    form(action="/quotes" method="post")
      label(for="quote") Quote:
      input(type="text" id="quote" name="quote" required)
      br
      label(for="author") Author:
      input(type="text" id="author" name="author" required)
      br
      button(type="submit") Add Quote

This gives us a simple form for the user to submit the quote and author fields to the /quotes endpoint. At this point, we can test the application by running it ($ node server.js) and visiting localhost:3000.

We still need a way to list the existing quotes. We can add an endpoint to provide the data like so:


// server.js
app.get('/', (req, res) => {
  const query = database.prepare('SELECT * FROM quotes ORDER BY name');
  let rows = [];
  query.all().forEach((x) => { 
    console.log(x) 
    rows.push({ name: x.name, quote: x.quote });
    res.render('index', { quotes: JSON.stringify(rows) }); 
  });
});

Now, when we visit the root path at /, we’ll first request all the existing quotes from the database and build a simple array of objects with quote and name fields on them. We pass that array on to the index template as the quotes property. 

The index.pug template then makes use of the quotes variable to render an unordered list of items:


ul
      each quote in quotes
        li 
          p= quote.quote
          span - #{quote.author}

Express with HTMX

At this point, we could think about making things look better with CSS or expanding the API. Instead, let’s make the form submission AJAX-driven with HTMX. Compared with a reactive front end, the form-submit-and-page-reload style of interaction is a bit clunky. HTMX should let us keep the basic layout of things but submit the form without a page reload (and keep our list updated).

The first thing we need to do is to add three HTMX attributes to the Pug template:


h2 Add a New Quote
  form(hx-post="/quotes" hx-target="#quote-list" hx-swap="beforeend")
    label(for="quote") Quote:
    input(type="text" id="quote" name="quote" required)
    br
    label(for="author") Author:
    input(type="text" id="author" name="author" required)
    br
    button(type="submit") Add Quote

Only the form tag itself has changed:


form(hx-post="/quotes" hx-target="#quote-list" hx-swap="beforeend")

The hx-post syntax points to where to submit the AJAX request, which in this case is our server endpoint. The hx-target says where to put the content coming back from the AJAX call. And hx-swap says where in the target to put the content.

For this to work, we need to include HTMLX in the head:


head
    title Quotes
    script(src="https://unpkg.com/htmx.org@1.9.6")

On the server, in server.js, our endpoint could look something like this:


app.post('/quotes', (req, res) => {
  const { quote, author } = req.body;
  const insert = database.prepare('INSERT INTO quotes (name, quote) VALUES (?, ?)');
  insert.run(author, quote);
  
  res.render('quote-item', { quote: quote, author: author }); 
});

Instead of rendering the main page at index.pug, which we did previously, in this instance we return the markup for the newly created item. To do this, we use another template:


// views/quote-item.pug
li 
  p= quote
  span - #{author}

If you run the application now, you’ll see that submitting the form doesn’t cause a page reload and the new item is dynamically inserted into the list. The difference in behavior is immediately obvious.

Conclusion

We haven’t written any front-end JavaScript but were able to use HTMX to submit the form in the background and seamlessly update the UI. HTMX has more dynamic UI capabilities up its sleeve, although it isn’t a replacement for the kind of reactive state machine you could build with React or Svelte.

The beauty of our setup so far is the simplicity married to a respectable amount of power. HTMX lets us painlessly adopt a more powerful HTML. For that reason, I wouldn’t be surprised to see it become part of the official HTML specification at some point.

On the server side, we no longer have a data endpoint. Now we have an endpoint that emits HTMX, which is an alternative way to go about the client-server to the present mainstream. If you’re looking for a comfortable middle ground, this kind of stack could be the thing.

(image/jpeg; 13.4 MB)

3 takeaways from the Ultralytics AI Python library hack 11 Dec 2024, 1:00 am

When attackers compromised Ultralytics YOLO, a popular real-time object detection machine-learning package for Python, most assumed the Python Package Index, or PyPI, must be the point of failure. That made sense because the tampered software artifact was first found on PyPI. Moreover, the Python software repository has become a major attack vector for one of the software world’s most popular languages.

But it turned out the compromised PyPI package was just a symptom and the real exploit lay elsewhere—a sophisticated and daring compromise of a common GitHub build mechanism. Now that the dust has started to settle, it’s a good time to consider the three big takeaways from the Ultralytics AI library hack.

Python’s own supply chain wasn’t the point of compromise

Most developers are rightly aware of PyPI as a compromise point in the Python supply chain. Existing, high-traffic PyPI projects need only be compromised for a brief time to spread a malicious package to thousands of victims. Abandoned or little-used PyPI packages also pose a security risk. The Ultralytics hack at first seemed like yet another case of PyPI being compromised, perhaps through stolen developer credentials or a compromised contributor machine.

The reality was entirely different. The attackers leveraged a known exploit in GitHub Actions (in fact, a regression of a previously-patched vulnerability) to capture an automated build process. This let them deliver a compromised package to PyPI without attracting scrutiny. Because no compromised code showed up on GitHub itself, only on PyPI, the first impulse was to blame PyPI’s security or processes. But this proved misleading.

PyPI has many internal security and safety challenges, some of which echo issues experienced by the NPM ecosystem: typosquatting, dependency confusion, and so on. This attack constituted an end run around the protections layered in place against those challenges. Ultimately, there may be no good defenses on PyPI’s side against such an exploit.

Every API is a possible point of security failure

The automated work done on modern software development and delivery platforms is driven by APIs like those that power GitHub Actions. It is tempting to assume that everything’s okay if a given API endpoint can only be used by a properly credentialed user with permissions to perform a specific action (e.g., “publish this package to GitHub after making these changes”).

But every single API is a potential point of failure and warrants aggressive auditing—especially when the API in question is a key link in automating the software distribution ecosystem. This exploit succeeded by attacking a point in the supply chain that is quietly taken for granted, and thus easy to overlook.

This also was not the first time GitHub Actions has been a point of failure for a Python project. Back in January 2024, researchers demonstrated how to hijack GitHub Actions workflows to compromise the development infrastructure for the PyTorch project. Thousands of other projects using GitHub Actions were shown to be vulnerable, as well, in part because they shared a similarly unsafe practice: using self-hosted infrastructure to run the GitHub Actions build agents for the sake of flexibility and convenience.

But at that scale, the problem seemed less a matter of developers shirking their duty to implement GitHub Actions best practices, and more about generally unsafe defaults for GitHub Actions. The bigger the project and the larger the contributor base, the broader the attack surface is for any automated process that’s used to deliver artifacts to the world at large. All of this points to a greater need for sane defaults for widely used systems like GitHub Actions, even if those defaults mean less functionality out of the box.

The Python software supply chain is a prime target

The more popular the software ecosystem, the more likely it will be targeted. As Python’s popular ascent continues, so will attacks on its ecosystem. And these will come on many fronts, both direct and indirect.

What makes Python particularly susceptible isn’t only its popularity but its unique place in the software ecosystem. Python plays at least two key roles that make it an appealing vector for compromises:

  • Process automation: Python is often used to stitch together multiple parts of a project by providing a common foundation for things like running tests or performing intermediate build steps. If you hijack a project’s automation tool, you can compromise every other aspect of the project by proxy. The GitHub Actions compromise offers a template for future attacks: Exploit a little-scrutinized aspect of software delivery automation and take control of some aspect of the project’s management.
  • Machine learning/AI: More businesses are adding AI to their product portfolios or internal processes, and Python’s ecosystem offers ways to develop both end-facing products and a convenient playground for experimenting with AI technology. A compromised machine learning library could have wide-ranging access to a company’s internal resources for such projects, like proprietary data used to train equally proprietary models.

The Ultralytics attack was relatively unambitious, with its payload being a cryptominer and thus easy to detect forensically. But more ambitious compromises can deliver advanced persistent threats into infrastructure. Python’s growing prominence, what it does, and what it’s meant to accomplish will make it more of a target going forward.

(image/jpeg; 1.62 MB)

The makers and takers of WordPress 11 Dec 2024, 1:00 am

The idea of open-source software seems kind of nuts. Millions (billions?) of lines of code doing all kinds of amazing things and available for free? That sounds too good to be true. But it is true.  Between me writing this article and you reading it lies a whole lot of software that the people and companies using it didn’t pay for. 

The most famous open-source project is the Linux operating system. I’m old enough to remember when Linux appeared, and soon took on then-dominant Unix as the software running the internet. Released in the early 1990s, Linux came to dominate the internet by 2015. It’s not even remotely a stretch to say that the internet wouldn’t exist as it does today without Linux. 

The success of Linux led to many other open-source projects, ranging from major, internet-wide systems to small component sets. The first open-source license was the GNU General Public License (GPL), a “copyleft” license that requires downstream users of GPL code to open their own source code under the GPL. But soon less restrictive licenses appeared, and open-source software became commonplace.

In search of a business model

But as any economist will tell you, there is no such thing as a free operating system. All software, both open source and closed source, has costs, and most of those costs are taken up by people writing and improving the system. All of those lines of code took humans time to write, and yet the software remains free to use. That’s a really good deal for many, many people. But it requires a lot of goodwill to be sustainable.

It’s not entirely clear what the right business model for open source should be. It was originally thought that organizations could give away the software and charge for their expertise and support. One of the original hesitancies about using open source was the lack of “someone to call and yell at when things went wrong” and this model solved that problem. But apart from Red Hat, few companies have made this model work.

The rise of software as a service changed things rather dramatically. The SaaS model allows a company to take open-source software, provide it in an easy-to-use form, and charge money for it, all at a very large scale. This seemed okay when startups were doing it. But Amazon soon realized it could use open-source software to provide any number of managed services on AWS, and make a lot of money using projects like Elasticsearch and Redis. Both of these projects ended up changing their licensing to try to solve the Maker vs. Taker problem. I suspect they won’t be the last projects to make such changes.

Automattic vs. WP Engine

And now we have the battle over WordPress, between Automattic and WP Engine, two WordPress hosting companies. I am not privy to all the details, and I don’t want to get into the personalities involved or make judgments about specific actions taken, but it is pretty clear that Automattic is a Maker and WP Engine is a Taker. That is, Automattic is interested in “making” WordPress, i.e. building and contributing to the WordPress project, and WP Engine is interested in “taking” WordPress, i.e. using the free software to make money from WordPress hosting services. 

It is not a violation of the WordPress license (GPLv2) to do what WP Engine is doing. It is perfectly legal. In fact, “taking” has been highly encouraged from the very start of the open-source movement. After all, sharing software, and benefiting from shared software, was the whole idea. Free use of software was a desirable outcome of the GPL, though the writers of the license probably didn’t foresee the scale of cloud hosting and the large sums of money that would be involved.

Automattic has taken legal action against WP Engine over trademark violations concerning the use of the name WordPress. (Apparently, the right to use the WordPress trademark for commercial purposes is owned by Automattic.) Certainly, the WordPress trademark has value. I’m not a lawyer, so I don’t know much about how trademarks work, but I do understand the notion of open source. It’s not at all surprising to me that many people who have contributed to open-source software get upset when others take their “baby” and use it to make cash.

Free to take, obligated to give back

Is WP Engine legally obligated to give back? No. But are they morally obligated? I think so. I think that we all are obligated to give something back to at least a few of the open-source projects we use. Individuals can, through programs like GitHub Sponsor, give a few dollars a month to projects they particularly value. Software development companies might consider doing the same on a larger scale. I don’t see why a company making as much money as WP Engine can’t donate, say, a developer’s yearly salary to the WordPress Foundation.

Open-source software has transformed the software business. It has provided an enormous amount of value to all software developers. Most of that value comes from the “share and share alike” ethos that we all learned as kids. But any time so much value can be had for free, a price will be paid somewhere. Sometimes that price will involve hurt feelings and protestations of unfairness. 

Ultimately, though, a deal is a deal, and a license is a license. Maybe the ultimate price open source must pay is the acceptance of people taking advantage of the generosity that makes open source so great.

(image/jpeg; 13.2 MB)

OpenSilver 3.1 brings XAML designer for VS Code 11 Dec 2024, 1:00 am

OpenSilver 3.1, the latest version of Userware’s open-source framework for cross-platform .NET development, has arrived with what the company calls the first-ever drag-and-drop XAML designer for Microsoft’s Visual Studio Code editor.

Announced December 10, the OpenSilver 3.1 SDK can be downloaded from the project website. The XAML designer is described by Userware as a major milestone in cross-platform .NET development. Previously, XAML UI design was mostly limited to Visual Studio on Windows, leaving developers on macOS and Linux without visual design tools, the company said. OpenSilver 3.1 introduces a fully cross-platform designer, enabling developers to create user interfaces visually in VS Code on any operating system. The designer is available directly in VS Code; an online version is available at xaml.io.

OpenSilver is perhaps best known as a replacement for Microsoft’s Silverlight rich Internet application framework. As part of Userware’s “WPF everywhere” strategy, OpenSilver 3.1 adds support for several Windows Presentation Framework features including DynamicResource, MultiBinding, x:Static, and UniformGrid. These features are intended to make it easier to build feature-rich applications with familiar WPF tools, Userware said. More WPF support is planned for mid-2025, with backing for features such as triggers and styles.

Also new in OpenSilver 3.1 is  a modern UI theme inspired by Material and Fluent Design principles. The theme provides a flat, contemporary aesthetic with built-in light and dark modes to help developers create visually appealing web applications, Userware said. Tools within the XAML designer enable adjustment of color palettes for branding.

Fully compatible with .NET 9, OpenSilver 3.1 follows the July release of OpenSilver 3.0, which featured a generative AI-powered UI designer. OpenSilver applications run natively in modern browsers using HTML5 and WebAssembly. Future plans for OpenSilver call for full WPF compatibility, MAUI (Multi-platform App UI)  capability for cross-platform apps, Blazor web framework interoperability, and 3D UI support.

(image/jpeg; 24.84 MB)

Go eclipses Node.js in web API requests, Cloudflare reports 10 Dec 2024, 6:41 pm

Go has surpassed Node.js as the most popular language used for making automated API requests, according to cloud provider Cloudflare’s annual review of internet trends.

More than half of the internet traffic seen by Cloudflare is API-related, and much of this traffic is automated API calls from dynamic websites and applications, the company wrote in its 2024 Cloudflare Radar Year in Review report. The most popular language for making these automated API requests, Cloudflare found, was Go, which topped the traffic numbers at 11.8%. Node.js was close behind with 10%, followed by Python at 9.6%, Java at 7.4%, and .NET at 3.6%. Go’s share increased by about 40%, Cloudflare said, while Node’s share fell by about 30%. The shares of Python and Java also rose, while .NET’s fell.

This year’s report marks Cloudflare’s fifth year of observing internet trends and patterns throughout the year at both and country/regional levels, across a variety of metrics. Trends and patterns are observed in Cloudflare’s global network. Other findings in this year’s report include the following:

  • Nearly one-third of mobile Internet traffic tracked was from Apple iOS devices. A bit more than two-thirds was from Android devices.
  • Global internet traffic grew 17.2% in 2024.
  • Nearly half of web requests used HTTP/2 and one-fifth used HTTP/3.
  • React, PHP, and jQuery were among the most popular technologies used to build websites. HubSpot, Google, and WordPress were among the most popular providers of supporting services and platforms.
  • Google is by the most popular search engine globally, with an 88% share.
  • Google Chrome is by far the most popular web browser, representing nearly 66% of web requests.
  • 13% of TLS (Transport Layer Security) 1.3 traffic is using post-quantum encryption.

(image/jpeg; 0.07 MB)

Databricks unveils synthetic data generation API to help evaluate agents faster 10 Dec 2024, 2:15 am

As enterprise demand for building multi-agent systems continues to grow, data infrastructure services providing firm, Databricks, is updating its Mosaic AI Agent Evaluation module with a new synthetic data generation API that will help enterprises evaluate agents faster.

Multi-agent systems, otherwise known as Agentic AI, have caught the fancy of enterprises as these agents go further than just generating code or content for human review. Agentic AI systems can follow instructions, make decisions, and take actions much as a human worker would, without human intervention.

The new API, which is currently in public preview, is designed to speed up the agent development and testing process so that agents can be deployed in production faster.

Synthetic data generation is the process of creating artificial datasets that mimic real-world data and can be used to test or train agents or models.

The new Databricks  API leverages an enterprise’s proprietary data to generate evaluation datasets tailored to suit the use case that the agent is being used for.

In contrast, the manual evaluation data-building process is time consuming and might not always be accurate to test the functionality of the agent.

The synthetic data generation API will also reduce development costs, according to the company, as it allows developers to quickly generate evaluation data – skipping the weeks to months of time required for labeling evaluation data with subject matter experts.

Databricks said its enterprise customers are already seeing the benefits of the new API. One such customer is engineered components manufacturer, Lippert, which used synthetic data to improve model response by 60%.

How does it work?

The API, essentially, works in three steps, including calling the API, asking it to generate the number of questions, and then setting natural language guidelines to assist the synthetic generation.

Once input is fed, the API helps generate a set of question-synthetic answer-source document groupings based on the enterprise data in the Agent Evaluation schema.

“Enterprises can then pass this generated evaluation set to mflow.evaluate(…), which runs Agent Evaluation’s proprietary LLM judges to assess the agent’s quality and identify the root cause of any quality issues,” Databricks explained in a blog post.

In order to review the results of the quality analysis, enterprises can use the MLflow Evaluation UI and through this UI can make changes to agents to improve quality, the company added.

The improved agent can be again tested by re-running mlflow.evaluate(…).

Databricks also offers enterprises the choice to analyze the synthetic data generated to be analyzed by subject matter experts.

“The subject matter expert review UI is a new feature that enables your subject matter experts to quickly review the synthetically generated evaluation data for accuracy and optionally add additional questions,” Databricks explained, adding that these UIs are designed to make business experts efficient in the review process, ensuring they only spend minimal time away from their day jobs.

(image/jpeg; 0.11 MB)

5G never delivered for cloud computing 10 Dec 2024, 1:00 am

I recall this as if it was yesterday. I entered the conference room to talk about cloud computing and 5G. I gave this type of presentation often a few years ago. The executives were excited about 5G’s potential. I took a deep breath, knowing I had to voice my concerns. “Forgive my candor,” I began, “but the promises surrounding 5G are exaggerated. We’re banking on a technology that hasn’t yet delivered on its hype, and given the current adoption patterns, it may not.”

The room fell silent, disbelief etched across their faces. “David, you’re mistaken,” one executive replied, with a tone of some condescension. “5G is the future of cloud!” Others chimed in, ridiculing my skepticism. Once again, I found myself being the lone dissenter, pushing back on what my peers and clients were asserting.

Was I wrong in the long term? Nope. Did it help my career? Also, nope. As I’ve been told in many performance reviews: “You need to learn to go with the flow.”

Skeptical of any magic bullet

Having been in the tech world for 30-plus years, I consistently follow a single rule: There are no magic bullets, and anything promoted as such is typically a lousy investment. I’ve gotten used to technology cheerleaders barraging me with new ideas, some with a billion dollars of marketing behind them. Generative AI is the current darling, and although some ideas are sound and reasonable investments, many are not.

For whatever reason, people get invested in specific technologies or products, and anybody who questions them becomes an enemy. I’ve never understood that line of thinking, but I always run into it. You must break down any technology into parts and determine what parts bring ROI.

In the early days of 5G promotion, marketing teams painted a picture of ultra-high speeds, reduced latency, and massive connectivity capabilities that would revolutionize industries. It was an enticing vision of fully autonomous vehicles seamlessly communicating with smart city infrastructures, and Internet of Things devices maneuvering effortlessly through a hyper-connected ecosystem. Many organizations envisioned that 5G would elevate their operations by enhancing real-time data processing and supporting advanced applications, including augmented reality and machine learning.

Unfortunately, in the wild, 5G has proven to be less of a fearsome beast and more of a timid creature.

5G benefits we’re still waiting for

The expectation of rapid ROI lured numerous enterprises into overcommitting resources to 5G initiatives. More than merely a poor financial decision, this over-investment has become an enormous distraction. It’s true that 5G delivered some value. However, this came at the expense of other efforts that could have brought much more benefit to the business.

Time, talent, and treasure have been poured into 5G implementations when enterprises should have focused on solidifying their cloud infrastructure, optimizing their existing systems, and leveraging 4G technology, which still meets the needs of most applications. 

5G has faced several challenges that have hindered its ability to deliver significant benefits to cloud computing users. Here are the specific shortcomings:

  • Making the extensive upgrades to existing infrastructure has proven to be a slow, costly, and technically complex process. Many areas still rely predominantly on 4G LTE, limiting the immediate availability and benefits of 5G connectivity for cloud applications.
  • Many users (including me) have reported only modest improvements compared to 4G LTE in real-world scenarios, even though 5G was marketed as offering ultra-high speeds. This inconsistency must improve so companies can gain the expected advantages for data-heavy applications reliant on cloud computing.
  • We’re still waiting for ultra-low latency. The necessary infrastructure to achieve such low latency (such as edge computing) is still under development, resulting in only marginal improvements in performance for cloud services.
  • 5G has yet to achieve comprehensive geographic coverage, particularly in rural and suburban areas. This disparity limits the potential benefits for enterprises that rely on cloud computing, especially those in less densely populated regions.
  • Many organizations have been deterred by the financial burden of transitioning to 5G in infrastructure and enterprise devices. Companies are skeptical about whether the benefits justify the expense, especially when current 4G capabilities are often sufficient.
  • Transformative applications, such as autonomous vehicles and smart cities, have yet to see widespread adoption. Many enterprises find themselves waiting for these applications to materialize while existing cloud solutions continue to adequately meet their needs.
  • Many enterprises overinvested in 5G’s potential without realizing that cloud services could deliver expected outcomes using existing technologies. Organizations were distracted by 5G promises and as a result missed other opportunities to enhance their cloud computing capabilities.
  • We were led to believe that 5G would replace Wi-Fi for homes and businesses. However, infrastructure costs, inconsistent availability, and device compatibility problems persist. For many, Wi-Fi remains adequate for everyday use. Again, this is for most use cases, not situations where 5G was force-fitted at a significant cost.

Of course, if you look down at your new smartphone, chances are it says “5G” in the upper right corner of the screen. So why was 5G not a success?

I’m pointing out that 5G was promoted as more than just bandwidth. A speed upgrade would not have created so much hype. The large network providers marketed 5G as a true game-changer for technology users, including cloud users. That never happened, and it’s time we start calling balls and strikes with this stuff.

(image/jpeg; 0.72 MB)

How to build better AI chatbots 10 Dec 2024, 1:00 am

At Campfire, we launched a consumer AI chat product called Cozy Friends on Steam and mobile on October 12. Imagine Animal Crossing or The Sims with AI agents. In the first 30 days, users exchanged more than 1.7M messages with our AI agents. This beat our best expectations and validated that we’d finally gotten good at conversational AI products. 

It took us a year of building to get there. We had to build a ton of tools, some of them twice over, and bang our heads against various walls for months to finally make a decent AI chat product. 

I want to build better AI chat products faster, and help others avoid our painful experience. To that end, I’m open sourcing all of my learnings, and launching all of our internal AI tools as a product in Sprites, our all-in-one tool for building, optimizing, and scaling conversational AI agents.

Below I offer seven of the biggest lessons we learned while developing our AI chat product. Most importantly, you should think of your AI chat outputs as a complex function, not as a wrapper to a single large language model (LLM). With that framing, here are my seven tips:

System prompts are a function of user and application state

Your system prompts need to be built and managed like a React app, evolving with user intent and data, rather than like a static HTML web page.

You can think of your system prompt as a function of the application state — it needs to be dynamic and evolve based on the progression of the user journey. It’s not even a piece-wise function made up of two or three static prompts. You need to modify or entirely replace the prompt based on the evolution of the conversation, metadata from chain-of-thought workflows, summarization, personal data from the user, etc. You want to include or omit parts of it at any given user state for a better outcome. This blog post on prompt design from Character.ai is a great resource.

In short, think of prompts as a dynamic set of instructions that need to be maintained to control your user experience, more like the UI elements visible to the user in a given screen of your app, rather than as a one-time set of instructions to be locked at the start of the user journey.

Opt for deterministic outcomes, especially in the early user journey

With most online products, you finely control your user’s “day zero” experience with an intricately built onboarding flow, then you unleash them onto a magical blank canvas to do whatever they want. With an AI chat product, you probably want to keep the same philosophy and build deterministic chat outcomes for your users, especially in their first few days. But then what?

Should the AI bring up a certain topic or suggestion within the first five messages, or be prompted to a certain action on their second day? Should the AI change the topic at certain times to keep the user engaged? Is there a conversational ramp for the activation moment? Do you want to extract some info from your user during onboarding using a chat format to personalize the experience? 

The answer to all of the above is most likely yes if you’re building a consumer product. 

Use model blending

Results improve when you route messages in the same thread to two to six models with orthogonal capabilities instead of always going to the same model. Let’s say you have model A, which is good at prose and role playing, and model B, which is good at reasoning. If you just route every other message between A and B, the outcome over a multi-turn conversation ends up being dramatically better.

Besides running split tests for advanced prompting, this is the easiest win with a huge impact. But choose the models wisely.

Use scripted responses

As amazing as LLMs are, they’re better deployed in a controlled manner for chat rather than as a magical talking box. You can use a smaller model to infer some semantics about the user input, and route to a pre-written response a lot of the time. This will save you a ton of money while actually leading to a better user experience. 

If you can build a simple decision tree with some semantic reasoning for routing to serve a common user journey, you’ll probably end up with a better product than having every single response generated being from an inference.  

Craft amazing conversation starters

We built an entirely separate inference system from our core dialog system to use summaries of previous chats, previous memories, their recent actions in app, and some random seeds for the AI characters to initiate good conversations. If you don’t do this, your AI will produce some version of “Hi! How can I assist you today?” more often than you want. 

The quality of AI-to-AI chats degrades quickly

During user testing, we repeatedly saw the blank canvas problem — users didn’t know what to type to chat. We added a “magic wand” to offer three AI-generated messages in the user’s voice. While it solved a short term user friction, users who used the magic wand churned much faster. When we studied the chatlogs, we found that AI-to-AI chat degrades into a loop of nonsense within a few turns.

Have a clear metric to judge AI output

If you just prompt and test your chatbot yourself for a few messages, and call it good enough… trust me, it won’t be good enough. Your AI outputs need to maintain quality after a 100-turn conversation, across several sessions, and for different user personas. 

You need to try many different variants and build a clear feedback loop, using something like a Likert score or simple ELO score, to choose between variants to see what your users find engaging or useful in chat. 

We found that using another inference with a general purpose LLM to judge the output (e.g., a prompt like “On scale of 1 to 5, how entertaining is this conversation?” running with GPT4o as the judge) produced poor results that were out of sync with users’ feedback.

All in all, the days of vibing your way to a system prompt and calling it a day are long gone. As obvious as it may sound, if your product is AI, then the AI better be great. This will be the number one factor determining your success. The AI novelty era is over. You will need a clear framework and lots of experimentation to delight your users and deliver them value. Good luck!

Siamak Freydoonnejad is co-founder of Campfire.

Generative AI Insights provides a venue for technology leaders—including vendors and other outside contributors—to explore and discuss the challenges and opportunities of generative artificial intelligence. The selection is wide-ranging, from technology deep dives to case studies to expert opinion, but also subjective, based on our judgment of which topics and treatments will best serve InfoWorld’s technically sophisticated audience. InfoWorld does not accept marketing collateral for publication and reserves the right to edit all contributed content. Contact doug_dineley@foundryco.com.

(image/jpeg; 0.06 MB)

Python a shoo-in for Tiobe language of the year 9 Dec 2024, 3:15 pm

High-flying Python is expected to win the Tiobe programming language of the year designation for 2024, as the language with the biggest ratings increase in Tiobe’s language popularity index during the year. Python also ranks as the most popular programming language in the index overall.

Although Tiobe won’t reveal the actual winner until January, Python has had largest increase in ratings in the index in 2024, with a 10% increase. Java has had the second largest, with an increase of 1.73%, closely followed by JavaScript, with an increase of 1.72%.

Python previously won the award for 2020 and 2021, followed by C++ for 2022 and C# for 2023. “Python is unstoppable thanks to its support for AI and data mining, its large set of libraries, and its ease of learning,” Paul Jansen, CEO of software quality services vendor Tiobe, said in comments accompanying this month’s index, which was posted December 9. “Now that some say that the AI bubble is about to burst plus the fact that demand for fast languages is rapidly increasing, Python might start to plateau.”

Tiobe gauges programming language popularity by assessing the number of skilled engineers worldwide, courses, and third-party vendors pertinent to each language, with ratings calculated by examining popular websites such as Google, Bing, and Wikipedia.

The Tiobe index top 10 for the month of December 2024:

  1. Python, with a rating of 23.84%
  2. C++, 10.82%
  3. Java, 9.72%
  4. C, 9.1%
  5. C#, 4.87%
  6. JavaScript, 4.61%
  7. Go, 2.17%
  8. SQL, 1.99%
  9. Visual Basic, 1.96%
  10. Fortran, 1.79%

The rival Pypl Popularity of Programming Language index assesses language popularity by how often languages are searched on in Google.

The Pypl index top 10 for the month of December 2024:

  1. Python, with a 29.71% share
  2. Java, 15.43%
  3. JavaScript, 7.99%
  4. C/C++, 7.06%
  5. C#, 6.42%
  6. R, 4.67%
  7. PHP, 3.97%
  8. TypeScript, 2.87%
  9. Rust, 2.66%
  10. Objective-C, 2.62%

(image/jpeg; 1.5 MB)

Supply chain compromise of Ultralytics AI library results in trojanized versions 9 Dec 2024, 6:14 am

Attackers have compromised Ultralytics YOLO packages published on PyPI, the official Python package index, by compromising the build environment of the popular library for creating custom machine learning models. The malicious code deployed cryptocurrency mining malware on systems that installed the package, but the attackers could have delivered any type of malware.

According to researchers from ReversingLabs, the attackers leveraged a known exploit via GitHub Actions to introduce malicious code during the automated build process, therefore bypassing the usual code review process. As a result, the code was present only in the package pushed to PyPI and not in the code repository on GitHub.

Continue reading on CSOonline.com.

(image/jpeg; 7.73 MB)

Surveying the LLM application framework landscape 9 Dec 2024, 1:00 am

Large language models by themselves are less than meets the eye; the moniker “stochastic parrots” isn’t wrong. Connect LLMs to specific data for retrieval-augmented generation (RAG) and you get a more reliable system, one that is much less likely to go off the rails and “hallucinate,” which is a relatively nice way of describing LLMs that bullshit you. Connect RAG systems to software that can take actions, even indirect actions like sending emails, and you may have something useful: Agents. These connections, however, don’t spring into being fully grown from their father’s forehead. You need a framework that ties the components together and orchestrates them.

What are LLM application frameworks?

LLM application frameworks are basically plumbing, or, if you like fancier and more specific words, orchestration providers. In a RAG application, for example, LLM application frameworks connect data sources to vector databases via encoders, modify user queries by enhancing them with the result of vector database lookups, pass the enhanced queries to LLM models along with generic system instructions for the models, and pass the models’ output back to the user. Haystack, for example, talks about using components and pipelines to help you assemble LLM applications.

LLM application frameworks help by reducing the amount of code you need to write to create an application. The fact that these application frameworks have been designed and coded by experts, tested by thousands of programmers and users, and used in production, should give you some confidence that your “plumbing” will perform correctly.

Use cases

Use cases for LLM application frameworks include RAG, chatbots, agents, generative multi-modal question answering, information extraction from documents, and many more. While these use cases are all related by the incorporation of LLMs and (usually) vector search, they have somewhat different purposes.

RAG is a way to expand the knowledge of an LLM without retraining or fine-tuning the LLM. This helps to ground the model and can also help to focus it on specific information. RAG’s three steps are retrieval from a specified source, augmentation of the prompt with the context retrieved from the source, and then generation using the model and the augmented prompt.

The information source can be documents, the web, and/or databases. You could give this additional information to the model as part of the query, as long as you didn’t exceed the model’s context window. Even with a huge context window, though, you could run into a “needle in a haystack” problem searching large source documents, meaning that some models might miss specific relevant facts if they are surrounded by too much irrelevant material.

Instead, you could encode your text and media information as a high-dimensional floating-point vector using an embedding model such as Word2vec (text only) or DeViSE (mixed text and media) and store it in a vector database such as Qdrant or Elasticsearch. Then you could use the same embedding model to encode your search term and find the K nearest items in terms of a distance metric, such as the cosine or Euclidean distance, through a vector search. Then you would augment the query with the selected source information and send it to your LLM. In most cases, the results from the retrieval-augmented generation will be grounded in the information you have provided.

Chatbots are designed to mimic human conversation; they go back at least to Joseph Weizenbaum’s ELIZA program, published in 1966. Modern chatbots expand on simple LLM or RAG queries by using some kind of memory to keep track of the conversation, and using previous queries and replies to enhance the context of each new query.

Agents are LLM applications that call other software to perform actions. Microsoft calls them Copilots. Some frameworks differentiate agents from chains, the distinction being that agents use a language model as a reasoning engine to determine which actions to take and in which order, while chains hard-code sequences.

Some models with the ability to take audio, images, and/or video as input can be used in applications that implement generative multi-modal question answering. For example, I demonstrated how the Gemini Pro Vision model can infer the price of a fruit in one image by identifying the fruit and reading its price in another image, in my review of Google Vertex AI Studio.

Information extraction from documents can be more complicated than you might think. For example, if 20 documents in different formats are scanned to provide input to a mortgage loan application processor, the application needs to recognize forms, OCR the numbers and labels, and pull out the relevant tagged values to populate the summary form for the human loan officer.

Programming languages

Programming Languages supported by LLM application frameworks include Python, C#, Java, TypeScript, and JavaScript. LangChain and LlamaIndex have implementations in Python and TypeScript/JavaScript. Semantic Kernel has implementations in C#, Python, and Java, but not all SK features are supported in all of these programming languages. Haystack is implemented exclusively in Python.

Haystack

Haystack is billed as an open-source framework for building LLM applications, RAG applications, and search systems for large document collections. Haystack is also the foundation for deepset Cloud. deepset is the primary sponsor of Haystack, and several deepset employees are heavy contributors to the Haystack project.

Integrations with Haystack include models hosted on platforms, such as Hugging Face, OpenAI, and Cohere; models deployed on platforms, such as Amazon SageMaker, Microsoft Azure AI, and Google Cloud Vertex AI; and document stores, such as OpenSearch, Pinecone, and Qdrant. In addition, the Haystack community has contributed integrations for tooling purposes such as evaluation, monitoring, and data ingestion.

Use cases for Haystack include RAG, chatbots, agents, generative multi-modal question answering, and information extraction from documents. Haystack provides functionality for the full scope of LLM projects, such as data source integration, data cleaning and preprocessing, models, logging, and instrumentation.

Haystack components and pipelines help you to assemble applications easily. While Haystack has many pre-built components, adding a custom component is as simple as writing a Python class. Pipelines connect components into graphs or multi-graphs (the graphs don’t need to be acyclic), and Haystack offers many example pipelines for common use cases. deepset Studio is a new product that empowers AI developers to design and visualize custom AI pipelines.

For a deeper look at Haystack, see my review.

LangChain

LangChain enables language models to connect to sources of data, and also to interact with their environments. LangChain components are modular abstractions and collections of implementations of the abstractions. LangChain off-the-shelf chains are structured assemblies of components for accomplishing specific higher-level tasks. You can use components to customize existing chains and to build new chains.

Note that there are two kinds of language models in LangChain, LLMs and ChatModels. LLMs take a string as input and return a string. ChatModels take a list of messages as input and return a ChatMessage. ChatMessages contain two components, the content and a role. Roles specify where the content came from: a human, an AI, the system, a function call, or a generic input.

In general, LLMs use prompt templates for their input. That allows you to specify the role that you want the LLM or ChatModel to take, for example “a helpful assistant that translates English to French.” It also allows you to apply the template to many instances of content, such as a list of phrases that you want translated.

LangChain has six modules:

  • Model I/O is an interface with language models.
  • Data connection is an interface with application-specific data.
  • Chains construct sequences of calls.
  • Agents let chains choose which tools to use given high-level directives.
  • Memory persists application state between runs of a chain.
  • Callbacks log and stream intermediate steps of any chain.

For a more thorough overview of LangChain, see my explainer.

LlamaIndex

At a high level, LlamaIndex is designed to help you build context-augmented LLM applications, which basically means that you combine your own data with a large language model. Examples of context-augmented LLM applications include question-answering chatbots, document understanding and extraction, and autonomous agents.

The tools that LlamaIndex provides perform data loading, data indexing and storage, querying your data with LLMs, and evaluating the performance of your LLM applications:

  • Data connectors ingest your existing data from their native source and format.
  • Data indexes, also called embeddings, structure your data in intermediate representations.
  • Engines provide natural language access to your data. These include query engines for question-answering, and chat engines for multi-message conversations about your data.
  • Agents are LLM-powered knowledge workers augmented by software tools.
  • Observability/Tracing/Evaluation integrations enable you to experiment, evaluate, and monitor your app.

For more on LlamaIndex, see my review.

Semantic Kernel

Semantic Kernel is an open-source SDK that fills the same function in Microsoft’s open-source LLM application stack as AI orchestration does in Microsoft’s internal stack for Copilots: It sits in the middle and ties everything together. Copilot is, of course, Microsoft’s name for collaborative AI agents.

Semantic Kernel is the glue, the orchestration layer, that connects LLMs with data and code. It does a bit more, as well: Semantic Kernel can generate plans using LLMs and templates. That’s a step beyond what you can do with function calling alone, and it’s a differentiator for Semantic Kernel.

Semantic Kernel’s planner function takes a user’s “ask” (Microsoft-speak for “request”) and returns a plan on how to accomplish the request. To do that, it uses AI to “mix and match” plugins that you register in the kernel, combining them into a series of steps that complete the task.

A plugin in Semantic Kernel is a group of functions that can be used by an LLM. Semantic Kernel also includes an AI orchestration layer, connectors, and planners. The orchestration layer ties the plugins and connectors together. The planners help define the flow of plugins.

The Semantic Kernel kernel (note the lack of capitalization for the second instance of “kernel”) is essentially a traffic cop for AI applications. It selects AI services, renders prompts, invokes AI services, parses LLM responses, and creates function results. Along the way it can invoke other services, such as monitoring and responsible AI filters.

For a closer look at Semantic Kernel, see my review.

Which framework should you use?

Honestly, any of these four frameworks — Haystack, LangChain, LlamaIndex, and Semantic Kernel — will do the job for most LLM application use cases. As they are all open source, you can try and use them all for free. Their debugging tools differ, their programming language support differs, and the ways they have implemented cloud versions also differ. I’d advise you to try each one for a day or three with a clear but simple use case of your own as a goal, and see which one works best for you.

(image/jpeg; 8.85 MB)

Why business teams must stay out of application development 9 Dec 2024, 1:00 am

In the last 10 years of building WaveMaker, the one thing we always hear are user expectations that low code will miraculously allow business users to develop feature-rich applications. Well, it can, but it most certainly shouldn’t. I’ll tell you why. 

In 2021, Gartner predicted that active citizen developers at large enterprises would outnumber professional software developers 4:1 by 2023. I haven’t seen that happen anywhere, but there are enough citizen development programs to warrant serious critical attention. 

For starters, let’s clarify the idea of citizen development. Citizen development is when non-tech users build business applications using no-code/low-code platforms, which automate code generation. 

Imagine that you need a simple leave application tool within the organization. Enterprises can’t afford to deploy their busy and expensive professional resources to build an internal tool. So, they go the citizen development way. This model works because such apps are:

  • Simple: They don’t require complex business logic.
  • Independent: They don’t require sophisticated integrations.
  • Internal: They don’t require modern UIs, as the apps are used within the organization.
  • Low risk: They are not required to meet high security standards.

Mission-critical enterprise applications are none of the above.

Enterprise-grade application requirements

Building enterprise-grade apps requires delivering robust functionality across the following five dimensions, which business users are decidedly incapable of doing. Let me explain.

User experience

In the highly crowded application market, user experience is a competitive differentiator. Enterprise apps need pixel-perfect UIs that are true to the vision of the designer. To achieve this, UX and development teams must collaborate closely. They can’t just take a hands-off approach but must fundamentally understand the intent and vision of the designer at every step of the way. This is unlikely to happen within the citizen development paradigm. Business users will be short of skills to convert the vision and intricacies of design, such as dynamic content, micro-animations, branding elements, etc., from a simple drag-and-drop interface. 

Application architecture

Complex enterprise apps must have full-stack development capabilities, from API design and high-performance back-end infrastructure all the way to Docker integration. Business users rely entirely on the low-code platform to abstract all of this. Some platforms do, but most don’t. Either way, the bigger problem is in long-term problem-solving. When something goes wrong—and in tech, it invariably will—citizen developers can’t effectively troubleshoot. And the long-term maintenance cost of apps built by business users becomes exponentially high.

Customizability

Proponents of citizen development argue that the apps built with low-code platforms are highly customizable. What they mean is that they have the ability to mix and match elements and change colors. For enterprise apps, this is all in a day’s work. True customizability comes from real editable code that empowers developers to hand-code parts to handle complex and edge cases. Business users cannot build these types of features because low-code platforms themselves are not designed to handle this.

Performance

Enterprise apps need massive application scaling, high availability, fault tolerance, and portability. When business users are entrusted with developing enterprise applications, they fail at aspects of app sizing, monitoring, compression, user-centric error messaging, and more. Naturally, performance suffers.

Security

Finally, the most important loophole that citizen development creates is security. A vast majority of security attacks happen due to human error, such as phishing scams, downloading ransomware, or improper credential management. In fact, IBM found that there has been a 71% increase this year in cyberattacks that used stolen or compromised credentials.

While professional developers themselves struggle with security protocols, it is unfair and unrealistic to hold business users to such tech standards. As security threats rapidly evolve, it then becomes the responsibility of the low-code platform enabling citizen development to build security. This is a hit-or-miss situation.

The proper role of business teams

In a way, low-code rose to prominence claiming to enable business users to become developers. Advocates of citizen development said low-code would automate all of the coding and compliance needed for enterprise applications.

In the years since, we’ve seen that this is far from the truth. No low-code platform can entirely replace a qualified developer. No citizen developer can troubleshoot, optimize, manage and secure a mission-critical enterprise application. This is the writing on the wall, and we’ve seen it time and again. Yet, we continue to throw a rope at a fish and expect it to climb a tree. 

To stop setting your business users up for failure and compromising enterprise applications, organizations must keep business teams squarely out of application development. 

Let me clarify that I’m not arguing that business teams shouldn’t participate at all. On the contrary, they certainly should collaborate closely with engineering. The business team’s role should end with defining requirements, bringing customer perspective, gathering feedback, prioritizing features, and validating outcomes. They should handle the business end, while professional developers take care of the technology end. 

To contribute meaningfully to development acceleration, low-code platforms must enable professional developers to do their jobs quickly, simply, and effectively.

Venugopal Jidigam is senior director of engineering at WaveMaker.

New Tech Forum provides a venue for technology leaders—including vendors and other outside contributors—to explore and discuss emerging enterprise technology in unprecedented depth and breadth. The selection is subjective, based on our pick of the technologies we believe to be important and of greatest interest to InfoWorld readers. InfoWorld does not accept marketing collateral for publication and reserves the right to edit all contributed content. Send all inquiries to doug_dineley@foundryco.com.

(image/jpeg; 13.54 MB)

Page processed in 0.393 seconds.

Powered by SimplePie 1.3, Build 20180209064251. Run the SimplePie Compatibility Test. SimplePie is © 2004–2024, Ryan Parman and Geoffrey Sneddon, and licensed under the BSD License.