For those of you out there using Amazon Web Services’ various offerings, it’s an early Christmas this year. During the company’s annual re:Invent conference this past week in Las Vegas, Amazon released a dizzying slew of new features that run the gamut from satellite-as-a-service (not sure what we’ll do about THAT acronym) to a service called RoboMaker that’s meant to help developers “develop, simulate, test, and deploy the robot of your dreams”. That’s just the beginning of things we won’t even get into, however, as the company also unveiled a laundry list of other features pertaining to developing cloud native and serverless applications, IoT applications, managed blockchain services, and even microVMs for containers.
The hot new container technology is VMs
— James (@wattersjames) November 27, 2018
If you’ve had a hard time keeping pace with Amazon Web Services this week, well, I suspect you’re not alone. So, here’s what we’ve seen from Amazon this week, specifically for you developers out there.
First up, there is the slew of new Lambda features that, according to TechCrunch, help make serverless “more developer friendly, while acknowledging that even while serverless reduced complexity, it still requires more sophisticated tools as it matures.” That friendliness is coming in the form of drastically increased support for several more programming languages, runtimes, and IDEs.
As of this week, AWS Lambda now natively supports Java, Go, PowerShell, Node.js, C#, Python, and Ruby code. If your preferred language is not included in this list, however, fret not, as the new Lambda Runtime API and Lambda Layers feature opens up the service to other languages, such as Rust, C++, Erlang and even Cobol. Alongside the Runtime API, Lambda Layers allows developers to package components and libraries into a ZIP file, which can then be shared across environments. This not only opens up the ability to create custom libraries, but also provide a way for the easy integration of third-party libraries and services, such as those offered by Datadog, Epsagon, IOpipe, NodeSource, Thundra, Protego, PureSec, Twistlock, Serverless, and Stackery. By way of example, Amazon also announced they would release “a public layer which includes NumPy and SciPy, two popular scientific libraries for Python [that] can help you start very quickly with data processing and machine learning applications.”
Amazon also stepped up support for IDEs, announcing the general availability of the AWS Toolkit for PyCharm alongside the developer preview of the AWS Toolkits for IntelliJ and Visual Studio Code. According to the announcement, “these open source toolkits will enable you to easily develop serverless applications, including a full create, step-through debug, and deploy experience in the IDE and language of your choice, be it Python, Java, Node.js, or .NET.”
And, as if all that weren’t enough, Techcrunch notes that the company “also announced the Step Functions Service Integration, which allows developers to define a set of steps and triggers, which can connect to other Amazon services such as SageMaker, DynamoDB and Fargate. This could enable developers to build much more complex serverless applications that not only perform an action, but trigger other Amazon services.”
And those are just the announcements dealing with serverless.
Beyond serverless, Amazon also made some strides in the realms of IoT and machine learning this week. According to SD Times, Amazon gave developers “four new services and capabilities for ingesting data from edge devices and building Internet of Things applications” with the announcement of AWS IoT SiteWise, IoT Events, IoT Things Graph and IoT Greengrass Connectors. The article quotes Dirk Didascalou, vice president of IoT at AWS, as saying that these features are intended to “remove the cost and complexity of building applications at the edge with rich data sources” and free up developers “to spend time innovating in their core business, instead of writing code to connect devices and applications and to ingest actionable sensor data.” In terms of machine learning, announcements included the introduction of the new Inferentia machine learning chip, its SageMaker Neo solution that “allows machine learning models to train once and then run anywhere in the cloud or at the edge,” and a machine learning university that’s now open to all developers through AWS and provides “more than 30 self-service, self-paced digital resources with more than 45 hours of courses, videos and labs for developers, data scientists, data platform engineers and business professionals.”
Developers, if they:
– approach you with pizza at 5.25pm
That’s not your friend, that’s a PM bribing you to work late.
— I Am Devloper (@iamdevloper) November 29, 2018
Well, if that wasn’t a mouthful, huh? By the way, other things happened this week in the world of programming — let’s take a look.
This Week in Programming
- The Push to Golang 2.0 Continues: We recently dove into the issue of breaking changes when it comes to Go 2.0, which concluded that “a real Go 2 would, perhaps unsurprisingly, be harmful,” but there remains no way but forward, nonetheless. This week, the official Go blog announced “Go 2, here we come,” with an acknowledgment that “it will arrive in incremental steps rather than with a big bang and a single major release.” According to the post, there are many issues open concerning the next version, with two major ones being “support for better error handling, and generics.” As Go has grown, however, so has the chance of breaking things with breaking changes. So, moving forward, the Go team has announced it will be “implementing a new proposal evaluation process for these significant potential changes.” The new proposal review process, which is fully outlined in the post, “is slanted towards declining proposals, which will hopefully prevent feature creep and help with keeping the language small and clean.” For now, the team is starting with “a small number of backward-compatible language proposals,” which, now having been announced, are up for review by you, the Go community.
- The State of Rust is Weak: That’s right, the results of the 2018 Rust Survey are in, and the findings are fraught with the difficulties still remaining. According to a summary by SD Times, the main issue still at hand is productivity, with the survey finding that “it takes many users a year or less to get the swing of things and maintain productivity in Rust, but 22 percent still don’t feel productive while using the language.” Similarly, Infoworld sees the key takeaway as the language’s steep learning curve, with Rust users finding “difficulty and frustration with the language’s highly touted features for memory safety and correctness.”
- The Weary and Beleaguered Maintainer Attack: Finally this week, a cautionary tale to you open source project maintainers out there who are thinking of passing the torch. In this latest supply chain attack, “an attacker combined social engineering with dependency abuse to backdoor a package with 2 million weekly downloads.” The short of the story is this: “It seems that this user, using the handle right9ctrl (now suspended on GitHub and npm), managed to convince the original author, Dominic Tarr, to transfer the package to him after making a few legitimate code contributions. ‘He emailed me and said he wanted to maintain the module, so I gave it to him,’ Tarr said in a discussion on GitHub. ‘I don’t get anything from maintaining this module, and I don’t even use it anymore, and haven’t for years.'”
Open source software maintainer burnout as attack surface: https://t.co/SisnYuuOe0
1.) Maintainer gets tired of maintaining node project.
2.) Someone offers to take it over. Maintainer agrees.
3.) Person taking it over injects code to steal Bitcoin wallet creds, publishes to NPM
— ꜳꝛꝍꞥ (@TheTarquin) November 26, 2018
Feature image via Pixabay.