Director of Avenga Labs
Today, Avenga Labs is here with the latest news about the security state of open source components, then something about AI writing code (again), after that an interesting privacy related event, and then finally we’ll celebrate another important birthday.
Do you want the bad news or the good news first? I chose the bad news and the easiest way to do that was, as usual, to pick something from the area of security.
A report from Osterman Research found that many of the business applications based on open source components contain security vulnerabilities.
How many? One hundred percent – all of them! And, 85% of them contain unpatched critical vulnerabilities.
Open source seems to be free, but it is not. Not paying licence fees does not mean there’s no additional work required to efficiently and safely benefit from the open source movement within enterprise scenarios. Raising awareness of the vulnerabilities in open source is the first step to establishing better governance.
For instance, container security scanning should be an obligatory part of every CI/CD pipeline, but often it is not. Or, the negative results are not really taken into account and they do not stop the build.
Security vulnerabilities in open source are often only fixed in another release, by enforcing upgrades of components, which of course have other dependencies resulting in the domino effect that inevitably may disrupt the project. Bad? Well, the alternative is even worse, as exposing APIs and applications with known security vulnerabilities is a real threat to keeping the trust of consumers and may result in severe financial penalties and loss of market share.
Another Labs update gives us another opportunity to take a look at a different code generation tool. AI writing code instead of developers or assisting developers seems to be all the rage in 2021. This time it’s an OpenAI organization behind the new engine that is using famous GPT language models.
→ Real-life application of NLP for business
The idea is almost as old as the programming itself. The user / developer specifies what they want by writing English text and then AI figures it by generating code as response.
An official video shows an example of a 2D game created by specifying the rules and conditions in a free English text.
I am sceptical about the real return of investment of this type of tool. The users should still be developers in order to be able to verify what has been generated as code makes sense. A regular business user is faced with some cryptic looking text lines and they are not really able to be in control of the application.
In my opinion, a fluent developer in a given technology would write code faster and with 100% accuracy, while being fully confident that the app does what it is supposed to do. Modern programming languages and libraries can do miracles with a relatively small number of lines of code. For instance, even Spring Boot is often considered as … low code technology, because of its expression power.
The fruits of these technologies are entering regular Integrated Development Environments so I’m very happy that soon there will be even much less jumping from/to StackOverflow and code editors.
As an example: the new release of the super popular Visual Studio Code. It began using AI to detect the programming language in which the code is written. It’s another small step towards a more efficient and convenient programming environment for developers, both beginners and experienced seniors.
Apple announced that the company will start scanning iCloud photo libraries for known child abuse images.
Using child protection as an excuse to open the floodgates into the privacy of their users is an ugly marketing trick and did not fool almost anyone, including Apple loyalists.
The years old claim of privacy from Apple saying that “Everything That ‘Happens on Your iPhone, Stays on Your iPhone” from the beginning wasn’t really true. It was at least a debatable claim before, but now the air is clear and nobody has any doubts that it’s a false claim.
But let’s notice that others did it before Apple, for example Google (obviously) and Microsoft (OneDrive files scanning). So we shouldn’t make Apple the main perpetrator of privacy violations. They’ve “just” joined the club.
It’s true that they can do everything they want, and also a closed platform makes it impossible to independently verify any claims about privacy by reviewing source code of the iOS and apps.
Removing such a great advantage from the ecosystem is a strange move, but we must honestly admit that they were the last to join the infamous “relaxed privacy” club of big tech giants.
So once again, whatever you do online and whatever you do on your smartphone should be considered a potential public activity.
What is the enterprise context? It seems to be totally consumer tech news.
From an enterprise perspective, it’s another blow to the privacy of users and another step towards lowered sensitivity for privacy. The gap between the official EU regulations and the reality of more and more people not taking care of their privacy anymore is widening. Will it result in softening the regulations as there seems to be a lack of popular demand?
Update: Apple has just announced they would delay the changes because of the feedback from the consumers and independent organizations. But they haven’t cancelled it.
It’s been 40 years since the original IBM PC was released in 1981. It marked the start of a boom of personal computers at offices. IBM engineers used readily available components and designed the computers, which weren’t the best at the time, but good enough and attractive for businesses.
The maximum RAM capacity was 640 kb (yes, kilobytes) and it could run spreadsheets and word processing using floppy disks; hard drives followed a bit later. The famous words of Bill Gates were “640K ought to be enough for anybody”. He was then the creator of the MS DOS operating system for PCs. They are laughed at today, but they really were enough back in the day.
Instead of closed patented specifications they decided the architecture should be extensible and open. This started a massive cloning movement of the original architecture, building extension cards for different purposes, and adding different components, all while preserving the same hardware architecture. It was a huge success for open architecture, which amazingly has lasted until today and will be around for years to come.
In 1984, I wrote my first piece of code in Turbo Pascal 2.0 on an IBM PC XT 4.7 MHz, so this birthday is a special moment for me professionally and personally.
A few years ago the PC seemed to be doomed to fail, because with the explosion of iPads and smartphones it was thought to become irrelevant for the majority of users. The pros were supposed to stay with either PCs or Macs, plus the community of hard core gamers were calling themselves a “PC master race”. Regular users were switching to tablets and smartphones for their main digital consumption activities, shopping, banking, etc.
The PC’s fate seemed to be sealed and then… 2020 came!
An unexpected new-normal became our new reality and PC sales started to rise. Again, remote work and remote school were a perfect opportunity or even a necessity to buy or upgrade hardware.
PCs of today are beautifully designed and not as utilitarian-looking as the original PCs. They come in different forms, screens, prices, capabilities and … colors. Even Mac users often prize the freedom of choice in their PC world.
2021 is expected to be the year of the highest PC sales ever!
PCs are also virtually the only option which still allows installing different OSes including, of course, Linux.
It reminded me of the fact that Linux started as a Unix-like system for PCs, so the birth of Linux would not have happened without the enormous popularity and commodity of PCs. Linus Torvaldson wanted to create a “hobby project” to be able to run a Unix-like system on his personal computer.
Most current servers running in the different clouds are special versions of modern PCs stacked in hundreds of millions in data centers.
→ Explore Avenga Cloud services
Of course, so many things have happened since 1981, but surprisingly, there’s a continuous path of this platform development. And, there’s no end in sight!
Happy birthday PC!