The Weekly Top 7 DEV Articles You Should Read
IDE-Driven development, Netflix RENO, GitHub Machine Learning, Breaking the Stateless Rules, Software Development Lie, Ice Phishing, Web3 Influence on Work.
1- What do you really get from IDE-driven development?
Brian D Foy strikes doubt about the usages of IDEs in our day-to-day job. (17/02/2022).
https://briandfoy.github.io/ide-driven-development/
TL;DR:
Brian compares IDEs suggestions to local minimum points of a graph. If you are positioned at a local minimum, moving to the left or the right will not bring any advantages. But if you try to go over the next hill, you may find that there is a lower minimum, a better solution.
IDEs are just blocking the expansion and making developers choose the easy path. If IDEs make a particular thing easy to do, there is no reason why a programmer should spend his time searching for a better solution. He will see no reason to move from the local minimum, to walk away from the path of least resistance.
These programs hide the complexity of code, but that's how things get increasingly complex.
GitHub copilot is somehow an evolution of a standard IDE. Instead of suggesting names, the copilot suggests entire structures. The problem is that suggestions are based on what we typed before and what programmers usually type.
There are no grants that the GitHub copilot proposed solution is the best solution. But as in the case of IDEs suggestion, developers will fall victim to the seduction of the easy path, coding in a sub-optimal way. Besides, developers will not gain any experience in making better software.
2- Rapid Event Notification System at Netflix
Lessons learned from the trustworthy Netflix technology blog regarding fast and scalable communication with billions of devices. (18/02/2022)
https://netflixtechblog.com/rapid-event-notification-system-at-netflix-6deb1d2b57d1
TL;DR:
To transfer information in near real-time from server to devices, Netflix relies on a component named "Rapid Event Notification System" (RENO). There are several use cases of this kind of communication in the Netflix experience. For example, when a member begins to watch a show, it's mandatory to update as soon as possible the "continue watching" list on every device he uses.
Netflix made a series of choices to increase scalability, throughput, and versatility that brought the architecture of RENO to be as it is now. First of all, RENO serves before events with a high priority. Secondly, the communication is both pull-based and push-based (the server sends push when devices are available, and clients request information in various steps of the application lifecycle). In addition, reno targets push events only on target that can effectively read those notifications.
To decrease even more the possibility of a traumatic event as a thundering herd problem, Netflix also:
Deletes queued events that are old and no longer serve their purpose
Sends events only to online devices, registered onto a Zuul registry
Configures scale-up policies more aggressively than scale-down policies
Handles event duplication by merging duplicate events
To get more insight on the RENO architecture, consider checking out the complete article.
3- Leveraging machine learning to find security vulnerabilities
A behind-the-scenes peek into the new GitHub ML framework used to alert developers to potential security vulnerabilities in their code. By Tiferet Gazit (17/02/2022)
https://github.blog/2022-02-17-leveraging-machine-learning-find-security-vulnerabilities/
TL;DR:
GitHub’s code scanning capabilities leverage the CodeQL analysis engine to find security vulnerabilities in source code and surface alerts in pull requests executing code checks.
GitHub engineers continually expand and improve these checks to model additional common libraries and known patterns. Manual modeling, however, is not sufficient as there will always be a long tail of less-common libraries and private code impossible to model.
To enhance this process, GitHub trains ML models with supervised Learning. Labels required by this training are extracted from the CodeQL manual examples. Modeling Noise is automatically suppressed by the huge volume of data (millions of repositories), and the model is validated with a retroactive check.
When ML-generated alerts are enabled by repository owners, users can see the ML-generated alerts along with the alerts surfaced by the manual queries, with the “Experimental” label allowing them to filter ML-generated alerts in or out. This model has a precision of approximately 60% and 80% recall, but it’s going to improve over time. Give it a try.
4- Breaking the Rules With Stateful Services
Nicholas Tietz-Sokolsky on a practical example about the importance of breaking the standard rules of web application development to fulfill specific needs (21/02/2022)
https://medium.com/remesh/breaking-the-rules-with-stateful-services-8eb361734d86
TL;DR:
Ramesh is a web application that relies on Machine Learning. Every user iteration has to be evaluated synchronously to provide the user with an updated experience.
The main difference with a standard web application is that here the writes to reads ratio is close to 1:1, while usually, it’s approximately 1:10. With high concurrency, it’s challenging to scale up a write-intensive application.
The standard solution approach would be to scale elements physically, increasing cluster nodes or physical resources. This solution is not viable in the long term and is not cheap.
The breaking solution was to bring statefulness into user transactions. Users of this application need two kinds of resources: data submitted by themselves and data submitted by other users. It's only the first kind that has to be updated as soon as possible.
By keeping a session active, it’s possible to keep the single participant's submissions in memory, while in the background an asynchronous process will refresh a local cache of all the submissions for communal use across all connections, and the ML service will poll this cache to retrieve data they care about processing.
“Know when to break rules. The dogma is that stateless services are the ideal, the platonic form of a microservice. This is great and all, but it’s not a universal truth: Sometimes a stateful service is just what you need.”
5- The Romantic Lie of Software Developers
Ben "The Hosk" Hosking on the implicit lie in software development, that we have control of our careers. (20/02/20)
https://blog.devgenius.io/the-romantic-lie-of-software-developers-441a1e1484ee
TL;DR:
Firstly, It’s worth considering where our career desires come from as developers. We have to make sure that the desire of making progress in our career is not a "mimetic desire", which is desiring what other people desire.
Starting from that, the reality for most developers is their career is directed by the software projects they work on, which they don’t decide. Skills, knowledge, and experience come from the projects where developers are placed. That's why trying to get put to work on an interesting project is a vital part of a developer's career.
Ask for better projects and if your role isn’t helping your career progression then you should quit and search for another job.
"The romantic lie is your career will progress with you just turning up to work. It won’t and you have to drive your career forward by pushing it forward and learning new skills."
6- Microsoft Warns of 'Ice Phishing' Threat on Web3 and Decentralized Networks
Again a vulnerability and thread found exploiting web3 transactions, emphasizing the need to build security into the decentralized web while it's still in its early stages. (18/02/2022)
https://thehackernews.com/2022/02/microsoft-warns-of-ice-phishing-threat.html
TL;DR:
There are multiple types of phishing attacks in the web3 world. Ice Phishing entails tricking a user into signing a transaction that delegates approval of the user’s tokens to the attacker. The attacker can accumulate approvals over some time and then drain all victim’s wallets quickly.
One such instance of ice phishing was exposed in December 2021, on the Badger DAO which is a platform based on a DeFi protocol that allows one to earn interest on Bitcoin deposits. Thanks to a compromised API key, created without any authorization of the Badger engineers, the attacker was able to drain 121 million US dollars from almost 200 accounts within 10 hours.
“To mitigate threats affecting the blockchain technology, Microsoft is recommending users to review and audit the smart contracts for adequate incident response or emergency capabilities and periodically reassess and revoke token allowances.”
7- 2022 Prediction: The Influence Of Web3 On The Future Of Work
Rebekah Bastian predicts the influence of Web3 is going to make on our day-to-day job. (22/12/2022)
TL;DR:
First of all, as the Great Resignation has taught us, people are looking for more inclusion and collaboration in the workspace. Those are values upon which the web3 is built. This means that a great number of employees will find their place there.
From an economic point of view, in DAOs–Distributed, Autonomous Organizations, people can do work that they choose to do for multiple DAOs, and receive multiple sources of income on their terms. In Web3, earning is non-linear because freelancers will own part of the marketplace.
Regarding the professional development of workers, the traditional model has a huge limit that comes from the investment of time and money that learning requires. With the learn-to-earn model, people are incentivized to learn Web3 by earning tokens.
"While Web3 is still a very new space, and there is a lot of noise and speculation encompassing it, the core philosophical elements have the potential to improve several existing systems".