Modal Title
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
Digital Anarchy: Abolishing State
Mar 23rd 2023 6:32am, by Tim Banks
A Is for OpenStack Antelope
Mar 22nd 2023 7:41am, by Steven J. Vaughan-Nichols
Grab a Snapshot of Your Container Image with Checkpoint
Mar 11th 2023 6:00am, by Jack Wallen
How to Identify Your Wasteful Processes
Mar 6th 2023 7:00am, by Sean Scott
5 Things to Consider When Building a Kubernetes Platform
Mar 2nd 2023 10:00am, by Ram Iyengar
Check for Container Image Vulnerabilities with Trivy
Mar 18th 2023 6:00am, by Jack Wallen
Grab a Snapshot of Your Container Image with Checkpoint
Mar 11th 2023 6:00am, by Jack Wallen
How to Work with Containers in TrueNAS
Mar 4th 2023 6:00am, by Jack Wallen
From a Fan: On the Ascendance of PostgreSQL
Mar 3rd 2023 7:12am, by Josh Long
Analyst Report: What CTOs Must Know about Kubernetes and Containers 
Feb 28th 2023 6:14am, by Jess Lulka
Rich Harris Talks SvelteKit and What’s Next for Svelte
Mar 20th 2023 3:00am, by Loraine Lawson
The Distance from Data to You in Edge Computing
Mar 19th 2023 6:00am, by Paul Scanlon
7 Hardware Devices for Edge Computing Projects in 2023
Mar 15th 2023 6:42am, by Charles Mahler
The Need for Speed: Why Eleventy Leaves Bundlers Behind
Mar 10th 2023 8:18am, by Loraine Lawson
What the Heck Is the Edge — and Why Should You Care?
Mar 8th 2023 10:00am, by Glauber Costa
What Is Microservices Architecture?
Feb 23rd 2023 4:22am, by Eric Schabell
Java's History Could Point the Way for WebAssembly
Jan 12th 2023 3:00am, by B. Cameron Gain
Limiting the Deployment Blast Radius
Nov 15th 2022 8:14am, by Steven Lohrenz
Do ... or Do Not: Why Yoda Never Used Microservices
Oct 25th 2022 6:00am, by Samar Abbas
The Gateway API Is in the Firing Line of the Service Mesh Wars 
Oct 17th 2022 7:00am, by B. Cameron Gain
JWTs: Connecting the Dots: Why, When and How
Mar 20th 2023 7:10am, by Michal Trojanowski
Palo Alto Networks Adds AI to Automate SASE Admin Operations
Mar 17th 2023 6:00am, by Chris J. Preimesberger
TrueNAS SCALE Network Attached Storage Meets High Demand
Mar 2nd 2023 7:13am, by Jack Wallen
How Secure Is Your API Gateway?
Feb 28th 2023 5:16am, by Andrew Stiefel
Bullet-Proofing Your 5G Security Plan
Feb 24th 2023 7:24am, by Anand Oswal
Serverless WebAssembly for Browser Developers
Mar 22nd 2023 12:26pm, by Matt Butcher
ScyllaDB’s Incremental Changes: Just the Tip of the Iceberg
Mar 20th 2023 9:29am, by George Anadiotis
TriggerMesh: Open Sourcing Event-Driven Applications
Mar 13th 2023 12:14pm, by Jessica Wachtel
Ably Touts Real-Time Starter Kits for Vercel and Netlify
Mar 8th 2023 10:56am, by Loraine Lawson
Going Serverless on AWS Lambda? Recognize Potential Risks 
Mar 6th 2023 5:00am, by Sarabjeet Chugh
The Economics of Database Operations
Mar 23rd 2023 8:25am, by John Page
Digital Anarchy: Abolishing State
Mar 23rd 2023 6:32am, by Tim Banks
ScyllaDB’s Incremental Changes: Just the Tip of the Iceberg
Mar 20th 2023 9:29am, by George Anadiotis
Historical Data and Streaming: Friends, Not Foes
Mar 20th 2023 4:00am, by Michael Drogalis
Bosch IoT and the Importance of Application-Driven Analytics
Mar 9th 2023 8:30am, by Jay Runkel
Frontend Development Software Development Typescript WebAssembly Cloud Services Data Machine Learning Security
Toolkit Allows JavaScript Devs to Program Embedded Devices
Mar 23rd 2023 11:06am, by Loraine Lawson
Stopping AI Hallucinations for Enterprise Is Key for Vectara
Mar 23rd 2023 4:00am, by Richard MacManus
Vercel Brings Logging, Monitoring to Its Observability Suite
Mar 22nd 2023 3:00am, by Jessica Wachtel
JavaScript Library Lets Devs Add AI Capabilities to Web
Mar 20th 2023 10:32am, by Loraine Lawson
Rich Harris Talks SvelteKit and What’s Next for Svelte
Mar 20th 2023 3:00am, by Loraine Lawson
Toolkit Allows JavaScript Devs to Program Embedded Devices
Mar 23rd 2023 11:06am, by Loraine Lawson
5 Myths about Puppet
Mar 23rd 2023 10:18am, by Jain Waldrip
The Economics of Database Operations
Mar 23rd 2023 8:25am, by John Page
Digital Anarchy: Abolishing State
Mar 23rd 2023 6:32am, by Tim Banks
Serverless WebAssembly for Browser Developers
Mar 22nd 2023 12:26pm, by Matt Butcher
JavaScript or WebAssembly: Which Is More Energy Efficient and Faster?
Jan 30th 2023 9:51am, by Loraine Lawson
What TypeScript Brings to Node.js
Dec 26th 2022 3:00am, by Paul Ferrill
Improve your TypeScript Skills with Type Challenges
Nov 11th 2022 3:00am, by Danni White
TypeScript on Mars: How HubSpot Brought TypeScript to Its Product Engineers
Aug 19th 2022 10:00am, by George Kemp and Duncan Walter
PayPal Enhances JavaScript SDK with TypeScript Type Definitions
Aug 17th 2022 12:38pm, by Jessica Wachtel
VMware and Other Wasm Players Want WebAssembly 
Mar 23rd 2023 8:52am, by B. Cameron Gain
Serverless WebAssembly for Browser Developers
Mar 22nd 2023 12:26pm, by Matt Butcher
MIT-Created Compiler Speeds up Python Code
Mar 14th 2023 11:38am, by Loraine Lawson
Can WebAssembly Solve Serverless's Problems?
Mar 3rd 2023 5:13am, by B. Cameron Gain
Figma Targets Developers While it Waits for Adobe Deal News
Feb 27th 2023 9:42am, by Richard MacManus
Unlock the Next Wave of Machine Learning with the Hybrid Cloud
Mar 22nd 2023 10:00am, by Kjell Carlsson
Getting the Most from Kubernetes Autoscaling
Mar 21st 2023 7:06am, by Brian Likosar
ScyllaDB Challenges DynamoDB on Latency and Pricing
Mar 20th 2023 9:00am, by Jessica Wachtel
Multiple Vendors Make Data and Analytics Ubiquitous
Mar 20th 2023 5:00am, by Andrew Brust
Let’s Talk about Cloud Threat Hunting 
Mar 16th 2023 7:33am, by Guilherme (Gui) Alvarenga
The Economics of Database Operations
Mar 23rd 2023 8:25am, by John Page
Stopping AI Hallucinations for Enterprise Is Key for Vectara
Mar 23rd 2023 4:00am, by Richard MacManus
Get More out of Machine Learning with Data Preprocessing
Mar 21st 2023 5:00am, by Alexander T. Williams
JavaScript Library Lets Devs Add AI Capabilities to Web
Mar 20th 2023 10:32am, by Loraine Lawson
ScyllaDB’s Incremental Changes: Just the Tip of the Iceberg
Mar 20th 2023 9:29am, by George Anadiotis
Nvidia Hones in on Apple-Like Approach to AI with CUDA
Mar 23rd 2023 7:34am, by Agam Shah
Stopping AI Hallucinations for Enterprise Is Key for Vectara
Mar 23rd 2023 4:00am, by Richard MacManus
Unlock the Next Wave of Machine Learning with the Hybrid Cloud
Mar 22nd 2023 10:00am, by Kjell Carlsson
Get More out of Machine Learning with Data Preprocessing
Mar 21st 2023 5:00am, by Alexander T. Williams
Multiple Vendors Make Data and Analytics Ubiquitous
Mar 20th 2023 5:00am, by Andrew Brust
How 2 Founders Sold Their Startup to Aqua Security in a Year
Mar 22nd 2023 1:42pm, by Heather Joslyn
Cloud Malware: Types of Attacks and How to Defend Against Them
Mar 22nd 2023 10:13am, by Faith Kilonzi
Build Software Supply Chain Trust with a DevSecOps Platform
Mar 21st 2023 8:23am, by Diego Lapiduz
JWTs: Connecting the Dots: Why, When and How
Mar 20th 2023 7:10am, by Michal Trojanowski
Check for Container Image Vulnerabilities with Trivy
Mar 18th 2023 6:00am, by Jack Wallen
Platform Engineering Operations CI/CD Tech Life DevOps Kubernetes Observability Service Mesh
Build Software Supply Chain Trust with a DevSecOps Platform
Mar 21st 2023 8:23am, by Diego Lapiduz
Simplify CI/CD with a General-Purpose Software Catalog
Mar 14th 2023 6:24am, by Zohar Einy
Enabling DevOps Control for Those Who Need It Most — Developers
Mar 13th 2023 6:46am, by Venkat Thiruvengadam
Setting Kubernetes Standards with Platform Engineering
Mar 10th 2023 7:39am, by Zohar Einy
Which Features Does Your Platform Engineering Portal Need?
Mar 7th 2023 4:00am, by B. Cameron Gain
5 Myths about Puppet
Mar 23rd 2023 10:18am, by Jain Waldrip
LinkedIn Unifies Stream and Batch Processing with Apache Beam
Mar 23rd 2023 8:00am, by Jessica Wachtel
Observability — Freeing Your Load Tests from the Black Box
Mar 22nd 2023 8:26am, by Ken Hamric
Reducing the Cognitive Load Associated with Observability
Mar 22nd 2023 6:44am, by Alex Gervais
Is Your Incident Response Better Than an Energy Company’s?
Mar 21st 2023 9:04am, by Paige Cruz
How 2 Founders Sold Their Startup to Aqua Security in a Year
Mar 22nd 2023 1:42pm, by Heather Joslyn
Simplify CI/CD with a General-Purpose Software Catalog
Mar 14th 2023 6:24am, by Zohar Einy
IBM Donates SBOM Code to OWASP
Mar 7th 2023 7:51am, by Steven J. Vaughan-Nichols
Slim.AI: Automating Vulnerability Remediation for a Shift-Left World
Feb 21st 2023 10:00am, by John Amaral
DevPod: Uber's MonoRepo-Based Remote Development Platform
Jan 26th 2023 3:00am, by Jessica Wachtel
How 2 Founders Sold Their Startup to Aqua Security in a Year
Mar 22nd 2023 1:42pm, by Heather Joslyn
Stephen Thaler Claims He's Built a Sentient AI
Mar 16th 2023 8:10am, by David Cassel
How Tech Leaders Are Managing Anxieties after SVB Failure
Mar 15th 2023 10:59am, by Heather Joslyn and Colleen Coll
Chatops: Where Automation, Collaboration and DevOps Culture Meet
Mar 15th 2023 8:19am, by Blair Rampling
What We Can Learn from Twitter's Outages
Mar 13th 2023 9:00am, by Jennifer Riggins
Historical Data and Streaming: Friends, Not Foes
Mar 20th 2023 4:00am, by Michael Drogalis
Defining DORA-Like Metrics for Security Engineering
Mar 17th 2023 9:00am, by Daniel Koch
Chatops: Where Automation, Collaboration and DevOps Culture Meet
Mar 15th 2023 8:19am, by Blair Rampling
Build Machine Learning Apps in Your Notebook with Tecton
Mar 15th 2023 6:00am, by Richard MacManus
Is Cluster API Really the Future of Kubernetes Deployment?
Mar 14th 2023 10:00am, by Steve Francis
A Is for OpenStack Antelope
Mar 22nd 2023 7:41am, by Steven J. Vaughan-Nichols
Getting the Most from Kubernetes Autoscaling
Mar 21st 2023 7:06am, by Brian Likosar
Is Cluster API Really the Future of Kubernetes Deployment?
Mar 14th 2023 10:00am, by Steve Francis
Can WebAssembly Solve Serverless's Problems?
Mar 3rd 2023 5:13am, by B. Cameron Gain
5 Things to Consider When Building a Kubernetes Platform
Mar 2nd 2023 10:00am, by Ram Iyengar
Reducing the Cognitive Load Associated with Observability
Mar 22nd 2023 6:44am, by Alex Gervais
Vercel Brings Logging, Monitoring to Its Observability Suite
Mar 22nd 2023 3:00am, by Jessica Wachtel
Is Your Incident Response Better Than an Energy Company’s?
Mar 21st 2023 9:04am, by Paige Cruz
Why Audit Logs Are Important
Mar 16th 2023 8:34am, by James Walker
5 Steps to Effective Cloud Detection and Response 
Mar 15th 2023 10:30am, by Faith Kilonzi
Ambient Mesh: Sidestepping the Sidecar
Mar 1st 2023 8:44am, by Jeff Goldman
Service Mesh Demand for Kubernetes Shifts to Security
Oct 27th 2022 11:04am, by B. Cameron Gain
AmeriSave Moved Its Microservices to the Cloud with Traefik's Dynamic Reverse Proxy
Sep 8th 2022 2:02pm, by Ann R. Thryft
Can You Now Safely Remove the Service Mesh Sidecar?
Sep 8th 2022 9:19am, by B. Cameron Gain
eBPF or Not, Sidecars are the Future of the Service Mesh
Aug 12th 2022 10:00am, by William Morgan
Software Development

This Week in Programming: Blame the Language or the Programmer?

Feb 16th, 2019 6:00am by
Featued image for: This Week in Programming: Blame the Language or the Programmer?

You know those seemingly endless Windows updates — the ones where you just want to turn off your computer and go home and it’s like “no, wait, I have 73 security updates to do first, don’t go”? Well, according to Microsoft security engineer Matt Miller speaking at a security conference earlier this month, most of those vulnerabilities are memory safety issues, and this point has started a bit of a firestorm on Twitter around just how bad some think C is as a programming language… and others who think the developers are to blame.

For those of you interested, here is a video of the talk Miller gave, starting at the point where he addresses this particular point:

An article on ZDNet first brought attention to this point and since then it has been making the rounds. The article explains that “around 70 percent of all the vulnerabilities in Microsoft products addressed through a security update each year are memory safety issues” and that “memory safety bugs happen when software, accidentally or intentionally, accesses system memory in a way that exceeds its allocated size and memory addresses.”

The article also points out that “the reason for this high percentage is because Windows has been written mostly in C and C++, two ‘memory-unsafe’ programming languages that allow developers fine-grained control of the memory addresses where their code can be executed.”

The question quickly becomes is this the fault of the programming language or the programmer?

In particular, Matthew Garrett, a major contributor to Linux, GNOME, Debian, Ubuntu, and Red Hat, has been leading the Twitter charge against C and taking up arms against arguments that C is a wonderful language indeed and that it’s the coders who are to be blamed.

Now the Twitter thread is worth a gander, but slightly difficult to link here in a meaningful manner. Instead, let’s look to a blog post by developer Sean Griffin titled “No, the problem isn’t bad coders” to drive home the point.

“Let me be clear, I disagree with the assertion that programmers can be expected to be perfect on its own. But the assertion that we just need better C programmers goes way farther than that. It’s not just a question of whether people can catch problems in code that they write. It’s also expecting people to be capable of re-contextualizing every invariant in any code they interact with (even indirectly). It sets the expectation that none of this changes between the time code is proposed and when it is merged,” writes Griffin. “These are not reasonable expectations of a human being. We need languages with guardrails to protect against these kinds of errors. Nobody is arguing that if we just had better drivers on the road we wouldn’t need seatbelts. We should not be making that argument about software developers and programming languages either.”

So, what do you, dear reader, think? Is it time to move on from these “memory-unsafe” languages? Or do we blame you, the developer, for not being careful enough?

This Week in Programming

  • Whose Things Are These? According to Google, Android Things are not your things anymore — that is, unless your one of its OEM partners who builds smart speakers or smart displays. According to the announcement, “support for production System on Modules (SoMs) based on NXP, Qualcomm, and MediaTek hardware will not be made available through the public developer platform at this time.” As Ars Technica points out,”Google’s stripped-down version of Android named for its focus on the ‘Internet of Things’ (IoT), is now no longer focused on IoT,” calling the the move “pretty strange,” seeing that the OS “just survived a lengthy initial development cycle […] and it only hit version 1.0 nine months ago.” So why kill Android Things? Ars Technica suggests that perhaps “Android Things is just too heavy for smaller IoT devices.”
  • Containerizing Java with Google’s Jib: Next up in Google developer headlines this week, the company also announced the general availability of its Java Containerization Tool “Jib,” which the Application Developer Times takes a look at. According to the article, the open source tool for containerizing Java applications “is a fast and simple container image builder that consolidates all the steps involved in packaging an app into a container image, and allows developers to build containers using familiar Java tools.” The tool “effectively circumvents the need to install Docker, run a Docker daemon, and/or write a Dockerfile […] by separating the Java application into multiple layers for more granular incremental builds.” For those of you interested, Google provides “samples and Codelabs for deploying a Spring Boot application to Kubernetes or deploying a Micronaut application to Kubernetes.”
  • Automate Tasks with Google Docs API: Last up for Google this week, Google Docs now has an API after being in developer preview since last April. Techcrunch writes that the “new API for Google Docs that will allow developers to automate many of the tasks that users typically do manually.” The API will allow developers to “set up processes that manipulate documents after the fact to update them, and the API also features the ability to insert, delete, move, merge and format text, insert inline images and work with lists, among other things.” ProgrammableWeb also took a look at the news, offering a comprehensive summary, noting that Google has published a quickstart guide and offers a wizard to create or select a project in the Google Developers console, calling the process “straightforward.”

  • Python 3.8 Sneak Peek & PyPy: Moving on to Python, JAXEnter offers a first look at Python 3.8 from a peak at an early developer preview of Python 3.8. While 3.8 is still under development, the article notes “a couple of major features we know are coming in the next version,” namely assignment expressions and typed_ast being merged back to CPython. Second up in Python this week, InfoWorld writes that PyPy 7 speeds up Python 2.7, Python 3.5, and Python 3.6 alike. The Python runtime “uses just-in-time compilation to achieve major performance improvements over the stock CPython distribution, is now available in version 7.0 releases supporting Python 2.7, Python 3.5, and Python 3.6.” The post on the official PyPy Status Blog offers full details on the release.

  • Test the Waters with Draft Pull Requests: If you’re feeling timid, GitHub’s latest announcement of draft pull requests may be a welcome one, as the new feature will let developers “open a pull request to start a conversation with your collaborators as soon as your brilliant idea or code is ready to take shape.” The feature takes away the more black and white nature of pull requests, offering a bit of an in-between and making it more collaborative. “With draft pull requests,” GitHub writes, “you can clearly tag when you’re coding a work in progress.” The new feature also comes with a Draft Pull Requests API.
  • A Case for Types: That whole introduction part, where we talked about memory safety and all that? It seems oddly reminiscent of the debate over data types, and so I can’t help but end with this Reddit thread on how 38 percent of bugs at Airbnb could’ve been prevented by using types. Perhaps that’s the fault of the developers too. (I kid!)

https://twitter.com/CarlyRM/status/1095876750763061248

Feature image via Pixabay.

Group Created with Sketch.
Mike is a freelance writer, editor, and all-around techie wordsmith. Mike has written for publications such as ReadWriteWeb, Venturebeat, and ProgrammableWeb. His first computer was a "portable" suitcase Compaq and he remembers 1200 baud quite clearly.
Read more from Mike Melanson
SHARE THIS STORY
RELATED STORIES
5 Myths about Puppet MIT-Created Compiler Speeds up Python Code Cloud Malware: Types of Attacks and How to Defend Against Them JWTs: Connecting the Dots: Why, When and How Serverless WebAssembly for Browser Developers
TNS owner Insight Partners is an investor in: Docker.
RELATED STORIES
Apache Cassandra: The Data Foundation for Real-Time AI  Build Software Supply Chain Trust with a DevSecOps Platform Bring Purpose to API Product Development with APIOps Cycles The Economics of Database Operations Real-time Analytic Databases — Thing or Not a Thing?
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.