It also includes a preview for profile-guided optimization (PGO), a new feature that allows the compiler to perform optimizations based on run-time profile information. According to the team, providing a profile can speed up applications by about 3-4%. They hope to improve this further in future releases. 

The language changes include the ability to convert a slice to an array, comparable types can now satisfy “comparable” constraints, struct values now get compared one field at a time, and the “unsafe” packages added three new functions: SliceData, String, and StringData.

Some of the tool improvements include the ability of the “cover” tool to collect coverage profiles of whole programs; acceptance of a -pgo flag in the “build,” “go install,” and other commands to enable PGO; and more. 

In this release improvements to the compiler and garbage collection have improved CPU performance by up to 2% and reduced memory overhead. 

The Go team has also reported that build speeds have been improved by about 10%, bringing them back in alignment to how they were in Go 1.17. 

While currently Go 1.20 must be bootstrapped from Go 1.17.13 or later when building from source, the team plans to move the bootstrap toolchain up a year, once per year, in future releases. Another thing to note looking forward is that Go 1.21 won’t support older operating systems such as Windows 7, 8, Server 2008 and Server 2012, macOS 10.13 High Sierra, and 10.14 Mojave.

A comprehensive list of updates can be found in the official release notes.

The post Go 1.20 includes a preview of profile-guided optimization appeared first on SD Times.

This is evidenced by several recent developer surveys, as well as sentiments expressed by developers who use the language. 

In JetBrains’ 2021 State of Developer Ecosystem report, Go was among the top five languages that developers were planning to adopt. It also was one of the top five languages developers were learning in the last year and was one of the five fastest growing languages too. 

In the official 2021 Go developer survey, 92% of survey respondents said their satisfaction with Go was very high. 

Go is the language of the cloud, so it’s no wonder that it’s continued to increase in popularity over the past few years as cloud-native development becomes more and more prevalent.

“If you do stuff on any cloud platform …  people want to standardize on Go,” said Steve Ng, principal developer relations lead of Asia Pacific and Japan at observability company New Relic.

What makes Go the “language of the cloud?” According to Andre Eriksen, founder of back-end development company Encore.dev, there are a few reasons for this. One reason is that Docker was originally built using Go. 

In addition, a lot of the Cloud Native Computing Foundation (CNCF) projects have been built in Go, according to Eriksen. Ng added that a lot of those CNCF projects also interact with and feed off each other. 

Another contributing factor is that Go is an incredibly reliable language, partly because of the way it handles errors. It encourages developers to check for errors as they code, rather than relying on throwing and catching exceptions like in other programming languages. 

“And the way you write code, when you’re using a programming language [that uses exceptions], is you kind of stop thinking about errors, and you just assume everything is gonna go well and if something goes wrong, an exception will be thrown somewhere, and we’ll try to handle that,” said Eriksen. “And that works very well, when everything goes well. And then it goes terribly when something goes wrong. And Go does it very differently, where errors are just any other value. And it kind of forces you to think about errors much more, every time you are doing an operation in Go, like when you’re writing to a file or you’re sending a request over the internet over HTTP, Go forces you just to think about what if this goes wrong, and as a result, the reliability systems built with Go tends to be very, very high.”

Another reason people may see it as reliable is because it has the backing of Google. The language was developed at Google in 2009 and version 1.0 was released publicly in 2012. Go is still maintained by the company today and is used in its production environments too. 

One nice thing, according to Eriksen, is that Google has taken a conservative view on changing the language. The changes that get made to the language are usually to the edges, rather than the core language itself.

Google has made a commitment to backwards compatibility in Go. According to Eriksen, this means that when the language gets updated, those updates aren’t going to break your application. The exception to this has been if there is a major security vulnerability that needs to be addressed.

Eriksen added: “If you look at other programming languages … no one breaks things because they want to, it’s because they see we can make this better. And we just need to change how we do something. But it creates this sort of fear of upgrading, and you end up sticking around on an old version because upgrading to the latest Java release is so scary, and then you lose out on security fixes and performance improvements, whereas in the in the Go community, pretty much every single company that I’ve ever heard of, they’re running the latest release from the day or the week, that it’s published.”

According to Eriksen, Google is famous for running their production systems on the release candidates for Go as well. This gives developers confidence in upgrading to the latest version because by the time the final release is ready, you know that everything is working already inside of Google, which provides a very strong signal to the community that the release has been thoroughly tested. 

“It is super nice because we try to stay up to date in the Go library,” said Mya Longmire, software engineer at database company InfluxData. “So every time there is a new stable release, we try as quickly as possible to update to it. And having that backwards compatibility helps the work of the developers.”

Google also listens to the community and their pain points when it comes to deciding on new features to add, such as with the recent addition of support for generic programming.  

Go finally adds support for generic programming

For a long time, generics weren’t a part of Go, which led to disastiasfaction among Go developers. Generic programming allows developers to represent functions and data structures while factoring out types, according to the Go language team.  

“With no generics, you decrease your code reusability,” said Longmire. “So you just have to write a little bit more code to do the same thing. And that might seem like a big hurdle if you’re coming from something that’s built on generics, like Java.”

In the 2020 Go developer survey, 26% of respondents said Go lacked language features they need, and 88% of those respondents cited generics being a critical missing feature. The survey also revealed that 18% of respondents were prevented from using Go because it didn’t have generics. 

This pain point was remedied in March 2022 with the release of Go 1.18. This release introduced support for generics, with a commitment to add support for more complicated generic use cases in further releases. 

“Go 1.18 is a massive release that includes new features, performance improvements, and our biggest change ever to the language. It isn’t a stretch to say that the design for parts of Go 1.18 started over a decade ago when we first released Go,” the Go team wrote in a blog post announcing the release. 

Go thrives in large scale software engineering

According to Eriksen, Google has put a large focus on large scale software engineering for Go. “This is not a thing for just building small programs, it’s a thing for teams building software over long periods of time,” said Eriksen. 

This is not to say that Go is only popular at the largest companies. In fact, according to the 2021 Go Developer Survey, a majority of survey respondents worked on teams of less than 10 people. Twenty-eight percent of respondents worked at small or medium-sized businesses and 25% worked at startups. 

Go is particularly suited for large applications because of its compilation speed. According to Eriksen, a Java application that takes 10s of minutes or even up to an hour to compile might take a few minutes had it been written in Go. 

Go is leading the field on supply chain security

Supply chain security has been top of mind for many people in the past year, especially in the US. 

The Go team has taken that into consideration by putting a lot of focus into making sure that security vulnerabilities aren’t introduced upstream of a project based on some dependency in use, according to Eriksen. 

“I think Go is leading the field far and beyond everything else with their approach to supply chain security,” he said. 

Knowledge sharing is a big plus in Go

One of Longmire’s favorite things about Go is its documentation. She said that reading through the documentation is actually how she learned the language. 

“They have interactive documentation, which is really nice,” she said. “And you can find anything you’re looking for on how to use something or how to set something up, which is very uncommon in newer languages.”

She also said that the syntax of Go is super readable, which helps a lot when working on legacy codebases or reading other developers’ code. 

Ng echoed this sentiment, saying that knowledge sharing in the community has really improved over the years. This, he says, is another way in which Go has benefited from the CNCF because so many CNCF projects are written in Go and a lot of them feed off each other. 

The post Go: The language of cloud-native development appeared first on SD Times.

“It isn’t a stretch to say that the design for parts of Go 1.18 started over a decade ago when we first released Go,” the Go team wrote in a blog post. 

One new addition in Go 1.18 is support for generics, which enables functions and data structures to be represented in a generic way.  The support in this release will support many common use cases, and future releases of Go will continue to add support for more complicated situations.

Go 1.18 also fully integrates fuzzing, which inputs random data into a test in order to find vulnerabilities or bugs.  

Another new feature in this release is the Go workspace mode that enables developers to more easily work with multiple modules. Go modules are a popular feature leveraged by most Go developers, but the 2021 user survey revealed that a main challenge of working with modules was the difficulty that arose when working with more than one module. The team hopes this new workspace mode will alleviate that burden.

In addition to new features, Go 1.18 has achieved a 20% performance improvement. This is the result of the team expanding the register ABI calling convention that was present in Go 1.17 to new architectures, such as Apple M1, ARM64, and PowerPC64. 

“Just to underscore how big this release is, a 20% performance improvement is the fourth most important headline,” the team wrote. 

The post Go 1.18 released as biggest update to language yet appeared first on SD Times.

The beta release is the first to support generic code using parameterized types, the most significant change to Go since the release of Go 1. With this, certain subtle cases have been postponed to a future release. 

Additionally, Go 1.18 Beta 1 includes built-in support for writing fuzzing-based tests in order to automatically find inputs that cause the user’s program to crash or return invalid answers. This preview release also adds a new “Go workspace mode,” allowing the user to work with several Go modules at the same time. 

CData Software raises $140 million in Series B

CData Software, a provider of cloud connectivity and integration solutions, today announced a $140 million Series B funding round led by Updata Partners. This financing follows a $20 million Series A round also led by Updata Partners in March of 2020, bringing the total amount raised to $160 million. 

This funding round will allow CData to expand its cloud capabilities, investing in further development of its cloud-native universal platform. Additionally, CData will use this funding to bring new talent in across the organization in order to broaden its global presence. 

Deque’s axe DevTools Mobile expands support

Deque Systems, a software company that focuses on digital accessibility, today announced that axe DevTools Mobile now offers support for both Apple, including support for UIKit and SwiftUI, and Android ecosystems. This allows developers and application owners to integrate accessibility into their whole native mobile development ecosystem. 

Currently, axe DevTools Mobile tests Apple apps written in Swift or Objective C and Android apps written in Kotlin or Java, with support for Android apps written in JetPack Compose coming in Q1 2022. Axe DevTools in SwiftUI help users integrate accessibility into mobile development processes in order to streamline accessibility testing. 

“Mobile accessibility matters. The potential for lost revenue is enormous and growing every year. And, with mobile technology becoming critical for industries from retail and business to financial services and healthcare, accessibility has become a core business issue in almost every industry,” said Preety Kumar, founder and CEO of Deque Systems.

The post SD Times news digest: Go 1.18 Beta 1 now available; CData Software raises $140 million in Series B; Deque’s axe DevTools Mobile expands support appeared first on SD Times.

“Traditional database transactions and logs are hard to scale and are mutable, so there is no way to know for sure if your data has been compromised,” the project’s website states. “Immudb is immutable. You can add new versions of existing records, but never change or delete records. This lets you store critical data without fear of it being changed silently.”

Immudb can operate both as a key-value or relational (SQL) database. Users can add new transactions, but deletion or modification of older transactions isn’t allowed, thus making the data immutable. 

When a key record’s value changes over time (such as a bank balance), one can get multiple instances with different timestamps to give you the complete history of that record’s changes. Users can store a variety of common data types, verification checksums, or JSON.

The data stored in the database is cryptographically coherent and verifiable just as in blockchains. It can handle millions of transactions per second and can be used both as a lightweight service or can be embedded in applications as a library. 

“While Cyber Security is an important part of your organization’s business plan, immudb provides another layer of security to ensure data integrity even in the event your perimeter is breached during an attack. Data cannot be deleted or modified once stored into immudb. Additions of new data are logged and auditable, enabling you to view any suspect additions made during the intrusion,” the website states.

The post SD Times Open-Source Project of the Week: immudb appeared first on SD Times.

Major highlights of the release candidate include control flow analysis of aliased conditions and discriminants, symbol and template string pattern index signatures, defaulting to the ‘unknown’ type in catch variables, and more. 

Instead of having to convince TypeScript of a variable’s type whenever it is used, the type-checker leverages control flow analysis to deduce the type within every language construct.

Additional details on the new release are available here. 

AWS announces cross-account data sharing for Amazon Redshift

This new feature offers users a simple and secure way to share fresh, complete, and consistent data in their  Amazon Redshift data warehouse with any number of stakeholders across AWS accounts.

Users can now share data across organizations and collaborate with external parties while meeting compliance and security requirements.

All of the permissions required for authorization and association are managed with AWS Identity and Access Management (IAM), so users can create IAM policies to control which operations each user can complete. Also, both the producer and consumer clusters must be encrypted and in the same AWS Region.=

Additional details are available here. 

JetBrains releases GoLand 2021.3 roadmap

New features for GoLand 2021.3 include new abilities to control the behavior of go list, the ability to reload the go.mod file after making changes, and the ability to run default built-in and gofmt formatters one by one. 

JetBrains is planning to add code inspections, refactorings, and intention actions for working with generics on Go 1.18.

Also on the drawing board is support for WSL, the integration of go linters right inside GoLand, as well as other debugger and code editing changes. 

Additional details are available here. 

Apache weekly update 

Last week at the Apache Software Foundation saw the release of Apache Geode 1.13.4, which provides a database-like consistency model, reliable transaction processing and a shared-nothing architecture to maintain very low latency performance with high concurrency processing.

Other new releases included Flink 1.12.5, OFBiz 17.12.08, EventMesh (incubating) 1.2.0, Pulsar 2.7.3, Hop (Incubating) 0.99, Tomcat 9.0.52, 10.1.0-M4 (alpha), and 10.0.10.

Apache addressed an arbitrary file upload vulnerability in OFBiz, a ServiceComb ServiceCenter directory traversal, and a no authentication on logging server vulnerability in Apache Workflow. 

Additional details on all of the latest from Apache are available here. 

The post SD Times news digest: TypeScript 4.4 RC, AWS announces cross-account data sharing for Amazon Redshift, JetBrains releases GoLand 2021.3 roadmap appeared first on SD Times.

“Today, many Enterprises struggle to deliver their business outcomes with traditional monitoring technology as the majority of legacy tools are incapable of providing holistic business-level observability of a hybrid IT world,” says Mehdi Daoudi, CEO of Catchpoint. “These new capabilities are another important milestone towards empowering IT teams so they can manage the visibility challenges associated with everything hybrid.”

Customers can now perform mesh monitoring to diagnose or fault isolate network-related issues between multiple locations, including ones within an enterprise premise. 

Additional details are available here.

Codefresh announces new GitOps features 

Codefresh launched its new GitOps controller and “current state” dashboard, which makes it easier for developers to install and maintain an ArgoCD instance while the GitOps dashboard offers comprehensive support for ArgoCD’s App of Apps.

“This GitOps controller allows our users to really do GitOps at scale,” said Dan Garfield, Codefresh’s chief open-source officer. “To be able to track changes, drift, and trace everything back to tickets, comitters, and changes means identifying regressions is simple. This gives teams the confidence to deploy more often.”

It offers the ability to make quick visual assessments and provides real-time determination of configuration drift to ensure that deployments are in sync. 

Sopheon releases latest version of Accolade

Sopheon’s latest release of the Accolade innovation management platform connects corporate strategy to portfolio planning and execution processes. 

This release adds new integration capabilities with off-the-shelf integrations of over 100+ third-party systems. 

It also includes a complete product enhancement system that simplifies user feedback and features a new Rich Text formatting of information along with the ability to conditionally show data and other improvements as part of an improved user experience by reducing reliance on external documents.

Snowflake announces support of Unified ID 2.0

Snowflake announced support for Unified ID 2.0 to help organizations easily enrich audience data without sharing users’ personally identifiable information.

Snowflake customers will be able to optimize their data-first advertising strategies by directly activating audiences on any platform that has adopted Unified ID 2.0.

Brands will be able to join purchase data and ad exposure data tied to Unified ID 2.0s, publishers will be able to activate their first-party data with Unified ID 2.0s and data partners will be able to augment data assets of brands and publishers. 

Go 1.17 RC

The Go 1.17 Release Candidate 1 adds support of 64-bit ARM architecture on Windows and the 64-bit MIPS architecture on OpenBSD (the openbsd/mips64 port) now supports cgo.

The new version also adds three small enhancements to the language including conversions from slice to array pointer, “unsafe.Add” and “unsafe.Slice.”

The package unsafe enhancements were added to simplify writing code that conforms to unsafe.Pointer’s safety rules, but the rules remain unchanged.

Go 1.17 is expected to be released in August 2021.

The post SD Times news digest: Catchpoint updates, Codefresh announces new GitOps features, Sopheon releases latest version of Accolade appeared first on SD Times.

The new version includes a new option for formatting, support for Go 1.17 features and support for generics in ‘.go’ files. Previously, when ‘go.mod’ files were edited, GoLand would automatically run go list commands after every modification, a behavior which can now be controlled. 

There are also some UI improvements, such as a better view of attached projects.  

This is also the last build in the Early Access Program that doesn’t require a subscription. Additional details are available here. 

Pluralsight completes acquisition of A Cloud Guru 
Pluralsight announced that it closed the acquisition of A Cloud Guru, a cloud skills development platform.

“Technology alone won’t transform businesses, a continuous flow of new skills, creativity and innovation will. Since its inception, A Cloud Guru has empowered enterprises to unleash the cloud’s full potential by aligning talent, technology and vision,” said Sam Kroonenburg, the co-founder and CEO of A Cloud Guru. “Together Pluralsight and ACG will chart an accelerated path to success at every stage of cloud maturity while driving cloud adoption and innovation within corporations.”

A Cloud guru’s certification courses, hands-on labs and sandboxes, exams and quizzes will be combined with the existing cloud courses from Pluralsight Skills. 

Contrast Security partners with Secure Code Warrior
Contrast Security announced its integration with Secure Code Warrior which will help deliver just-in-time security contextual micro-learning modules.

Contrast’s Security Trace format shows exactly where a vulnerability appears in the code, while the integration provides small videos and interactive contextual that are specific to that code. 

 “We need developers to be security-aware, not security experts, and education and automation are at the foundation for DevSecOps transformation. Just-in-time training within the Contrast platform is immensely more effective — and efficient — than traditional security classroom training that is theoretical rather than practical,” said Nikesh Shah, the senior director of strategic alliances at Contrast Security.

Google facing antitrust claims over Play Store fees
Google is facing antitrust lawsuits from a group of 37 attorneys general, who accuse the company of forcing consumers into in-app payments that Google gets a large cut of. This is the second large lawsuit against Google in a span of six months. 

“Through its illegal conduct, the company has ensured that hundreds of millions of Android users turn to Google, and only Google, for the millions of applications they may choose to download to their phones and tablets,” New York Attorney General Letitia James said in a press release. “Worse yet, Google is squeezing the lifeblood out of millions of small businesses that are only seeking to compete.”

Apple has faced similar scrutiny for its practices with the App Store, which resulted in the case between Apple and Epic Games over whether Epic Games could bypass Apple’s fees by accepting mobile payments outside the App Store. 

The post SD Times news digest: GoLand 2021.2 reaches beta, Pluralsight completes acquisition of A Cloud Guru, Contrast Security partners with Secure Code Warrior appeared first on SD Times.

One of the most common places for prototype pollution — the ability to inject properties into existing JavaScript language construct prototypes — is in processing the query string.

Detectify’s solution can already find issues that stem from product pollution when running the Deep Scan DAST scanner, but now pentesters, bug bounty hunters and security researchers can also look for this vulnerability as well as other client-side issues using page-fetch. 

Page-fetch, which is written in Go, works by taking a list of URLs as its input and fetches them using a headless Chrome browser, all while storing a copy of every response that it saw including JavaScript files, CSS files, images, API requests, etc.

RELATED CONTENT: JavaScript has come a long way and shows no sign of slowing

By having a copy of those resources, users can build custom word lists and use filters to exclude third-party requests, save only third-party requests, and include or exclude requests based on their content-type. 

To look for prototype pollution, one needs to pick a payload to try in the query string of our input URL, and then test to see if the value was set as expected. Then, the test code just checks to see if ‘window.testparam’ is equal to ‘testval’, and if it is: returns the string ‘vulnerable’, and returns not vulnerable otherwise.

Additional details on how it works are available here.

The post SD Times Open-Source Project of the Week: page-fetch appeared first on SD Times.

Fuzzing is a type of automated testing that continuously manipulates inputs into a program to find issues such as panics or bugs that existing unit tests might miss. 

RELATED CONTENT: Why developers love Go

The feature won’t be included in the upcoming Go 1.17 release, but there are plans to add it in the future, according to the Go team. 

DVC Studio released 

With the new DVC Studio release, developers can use Git and DVC to track their code, ML models, metrics, hyperparameters and data altogether. 

The tool analyzes Git history and performs ML bookkeeping automatically and users can get quick access to important metrics across multiple projects or explore individual experiments. 

DVC Studio is also the online UI for CML, which can create reports and orchestrate resources in the cloud or Kubernetes to run training. 

LogStream 3.0 released

Cribl release LogStream 3.0 for making multi-system observability a reality for any organization and also announced the general availability of LogStream Cloud. 

“Observability data comes in thousands of shapes and sizes, and in today’s world customers are left copy and pasting configuration snippets found in obscure repos to try to best shape, enrich, and reduce their data sets,” said Clint Sharp, the co-founder and CEO of Cribl. “With the launch of LogStream 3.0 and Cloud, customers can get value in minutes and then share all their hard-won knowledge easily with the broader Cribl community.” 

The key customer benefits include built-in knowledge and shareable content that reduces cost, complexity and the time it takes to manage an observability pipeline. 

New Appery.io templates 

Exadel announced that Appery.io has released Appery.io Templates, which gives users a solid foundation to create unique applications without mastering app coding. 

New and current users can now take advantage of templates such as the Meditation & Sleep App, Quiz App, Checklist App and a Duties App.

“These templates have been designed with a common vision in mind – that our apps must be easily customizable and require minimal development efforts from the user. With Appery.io Templates, users can quickly change the way an app looks or modify the app behavior without having specific development skills,”  said Eldar Chernitsky, the head of product at Exadel.

The post SD Times news digest: Native fuzzing for Go, DVC Studio released, and LogStream 3.0 released appeared first on SD Times.