GitHub Will Provide Security Alerts for Code Dependencies – InApps Technology 2022

Okay, okay, I’ll fess up: I’m sort of a poseur. Much of the code I’ve produced in recent years has been born of the control-c and control-v variety — and from there, I customize. Once upon a time, I actually knew how to code from scratch and I’m trying to eek my way there again.

All that’s to say that, while I write this weekly round-up of programming, I’m plodding up the steep curve of learning about the current ecosystem of languages, while also trying to understand the very fundamental basics — the meta-characteristics of languages, their design and purpose, their strengths and weaknesses. Basically, I’m digging into all the surrounding mysteries that one might not involve himself in when sticking to the bare minimum of making code simply work.

This week, for example, I started working through Seven Languages in Seven Weeks, which takes readers through an odd yet carefully selected assortment of languages with the goal of showcasing various language characteristics, such as typing model, programming model, decision constructs, and core data structures. The first chapter starts with Ruby and I’m like the guy in 2017 who still marvels at a PlayStation 2. Hey, I may be late to the party, but at least I’ve arrived. So far, I’m on day three and I suspect this may take me much longer than seven weeks, but the concepts explored already are eye-opening, to say the least. Thankfully, there are plenty of other folks to learn from too.

That said, we’ll kick it off with a few helpful resources and tutorials for all you fellow budding developers:

• “Hello World” is always useful to see the very basics of syntax and structure when approaching a new language. One step down, however, you’ll find the common language of regular expressions, and that’s why you should learn regex before going any further in your developer training. Especially useful is this online regex tester and debugger. Also noteworthy, the author offers an example of using regex in 16 different languages.
• AlgoWiki is an extensive Github repository listing tutorials, example code, libraries, APIs, books, you name it, for more than a dozen languages and other topics. It’s a quality bookmark.
• And for those of you a bit further up the learning curve, InfoWorld offers a list of six essential libraries for every Python developer “that extend the language to an ever-widening range of use cases.”

This Week in GitHub

• GitHub Universe has unleashed a slew of announcements, summarized in the company’s blog post, “A more connected universe.” Let’s break down the announcement into a few sections.
• GitHub will soon warn developers of insecure dependencies writes Techcrunch, noting that “more than 75 percent of projects on the service use dependencies and more than half of those that do have more than 10 dependencies, while projects that use more than 100 aren’t all that uncommon either.” The feature works by displaying a dependency graph, currently available for Ruby and JavaScript, with Python coming soon.
• TheNextWeb focuses on GitHub’s landing page redesign, writing that the company wants to make it easy to discover fun projects to hack on, with a “Discover Repositories” feed and an explore feature that “shows hand-picked collections of projects grouped by particular concepts, paradigms, and languages.” As with many a redesign, this is getting a lukewarm reception so far over at Hacker News.
• InfoWorld notes that the security alerts on the way will “associate the graph tracking dependencies with public security vulnerabilities, and [provide] alerts based on those connections, as well as alerts to some GitHub fixes.”

This Week in Programming News

• The first preview release toward Ruby 2.5.0 was announced, with notable changes removing top-level constant lookup and allowing rescue/else/ensure inside do/end blocks.
• ZDNet looks at IBM’s new programming model for building serverless applications, called Composer, which it says is “effectively a library of patterns that are key for building serverless applications.” IBM also announced “the functions shell, a new tool to help with developing, deploying, running, and debugging serverless Functions and compositions.”
• This one slipped past us last week, but Application Development Trends magazine marks Google’s launch of a cloud-based NoSQL database for mobile and web apps called Cloud Firestore, which it says will address the data structuring, querying, and scaling limitations of the Firebase Realtime Database.

This Week in the Great Language Races

• Previously, StackOverflow wrote about the meteoric growth of Python and now it has done the same for the Impressive growth of R, Python’s partner in data crunching crime. According to the post, “R is growing at a similar rate to Python in terms of a year-over-year percentage, though this growth is ‘easier’ because it started from a smaller share of traffic.”
• According to InfoWorld, Kotlin could overtake Java on Android next year, now that Google has endorsed the language for Android development. Set a calendar reminder for December 2018 to see if this prediction comes true.

This Week in the Eternal Debate

• I feel like this one might fall into the same category as the now mainstream tabs vs. spaces debate, although the author offers some examples of where it could actually break your code. Self-dubbed “Danish hacker,” Troels Henriksen writes that block comments are a bad idea on the blog for Furthark. Furthark, which just announced version 1.0 last week, appears to be Henriksen’s creation and is “a statically typed, data-parallel, and purely functional array language in the ML family” that uses the GPU to accelerate data-parallel array computations. Argues Henriksen, “block comments are unnecessary and in fact near-impossible to design and implement correctly (for my own pedantic notion of correctness), and so should be left out of future programming languages.”
• Software engineer Ilya Sher argues that he has no favorite programming language and sets out to take down all the competition. Sher’s answer? Develop Next Generation Shell, which he says will “replace classic shells with a shell which is more adapted to the tasks we have today (API’s, cloud)”.
• Last but certainly not least, a post from one of my favorite writers in the space, Kin Lane talks about why we rate limit our APIs, arguing that “rate limiting is a legacy constraint, that has continued to live on unquestioned, and even propped up by accounting and business decisions over simple technical ones.” Read the full post and subscribe — I assure you, you won’t regret it.

Feature image: Backplate of an armor for Vincenzo Luigi di Capua, Pompeo della Cesa, Italian, Milan, 1595, New York Metropolitan Museum of Art, public domain.