Author: Infoworld

Mechanoid, an open-source framework for building WebAssembly applications on embedded systems and IoT (internet of things) devices, has been launched by software company The Hybrid Group.The Hybrid Group released Mechanoid 0.1.0 and Mechanoid 0.1.1 this week on GitHub. Developers can try it out now.Mechanoid is intended to ease the task of building applications that are extendable and secure and take advantage of the latest developments in both WebAssembly and embedded development. WebAssembly, or Wasm, is a high-performance binary instruction format that can be produced from JavaScript, Go, Rust, and other programming languages.Mechanoid featuress a command line interface tool for building,…

Falco, the open-source, cloud-native, runtime security tool, recently graduated from the Cloud Native Computing Foundation’s incubation program. That means it’s considered stable and ready for use in production environments, including Azure. It joins many of the key components of a cloud-native platform including Helm, Envoy, etcd, KEDA, and Cloud Events.I recently had a conversation with Loris Degioanni, the CTO and founder of cloud-native security company Sysdig and the creator of Falco, about the philosophy behind the project and how it’s being used across Kubernetes applications.Why Falco?There’s a need for security tools designed to work in Kubernetes and in containers. Microservice…

2023 was an eventful year for cloud security. We saw multiple high-profile incidents, such as the discovery of a far-reaching zero-day vulnerability in the MOVEit file transfer server application and a rise in attackers targeting cloud credentials for lateral movement. Across the board, over half (58%) of companies experienced cloud-based phishing attacks in 2023, and 30% reported targeted attacks on their cloud infrastructure. There was also an increase in new attack tactics targeting DevOps pipelines and cloud storage solutions as threat actors continued “shifting left” earlier in the application lifecycle.These insights underscore just how challenging it can be to protect…

Frank Crane wasn’t talking about open source when he famously said, “You may be deceived if you trust too much, but you will live in torment if you don’t trust enough.”But that’s a great way to summarize today’s gap between how open source is actually being consumed, versus the zero trust patterns that enterprises are trying to codify into their DevSecOps practices.Every study I see suggests that between 90% and 98% of the world’s software is open source. We’re all taking code written by other people—standing on the shoulders of giants—and building and modifying all that code, implicitly trusting every author, maintainer,…

Design patterns have evolved to address problems that are often encountered in software applications. They are solutions to recurring problems and complexities in software design. We’ve discussed many design patterns here including the specification pattern, the unit of work pattern, the null object pattern, the options pattern, the flyweight pattern, the command pattern, the interpreter pattern, and the singleton pattern.In this post we will delve into the REPR (request-endpoint-response) design pattern, how it simplifies the development of APIs, and how it can be implemented in C#.To use the code examples provided in this article, you should have Visual Studio 2022…

The US federal government has released a software attestation form intended to ensure that software producers partnering with the government leverage minimum secure development techniques and tool sets.The form was announced March 11 by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), which developed the form with the Office of Management and Budget (OMB). The form identifies minimum secure software development requirements a software producer must meet and attest to meeting. Software requires attestation if it was developed after September 14, 2022. Software developed prior to this date requires attestation if it was modified by major version…

Low-code development platform provider OutSystems has released AI Agent Builder, a no-code tool for building custom generative AI agents using large language models (LLMs) from Azure OpenAI or Amazon Bedrock.Part of the OutSystems Developer Cloud Platform and announced March 12, AI Agent Builder is intended to make it easy to incorporate generative AI-powered applications into a digital transformation strategy and govern the use of AI for standardization and security, the company said.Key features of AI Agent Builder include custom AI agent development, a library of “quickstart” generative AI apps and templates, AI agents powered by retrieval-augmented generation (RAG), and built-in…

San Francisco-based startup, Cognition AI, is trying to completely rehaul the software engineering landscape through its new AI assistant, Devin. The AI assistant can plan and execute complex engineering tasks, learning from its experiences and rectifying mistakes along the way. Equipped with essential developer tools like a shell, code editor, and browser, Devin operates within a sandboxed compute environment, mirroring the setup of a human developer.Devin stands out due to its ability to actively collaborate with users during software development, Cognition AI said in a blog post. This includes providing real-time progress updates, accepting feedback, and working together to make design…

Carson Gross is the creator of HTMX and Hyperscript, the mind behind The Grug Brained Developer, a professor of software engineering at Montana State University, and co-author of Hypermedia Systems. It was a pleasure to pick Carson’s brain about the impetus behind projects like HTMX and Hyperscript, the failures of REST, why JavaScript is here to stay, and much more.Tyson: It’s hard to pick where to start here so I’m going to go with Grug Brained Developer. I kind of feel like I could just refer everyone there for all programming-related questions.Gross: Ha, I appreciate that. I think it’s worth reading for most…

WinterJS 1.0, a JavaScript web server written in Rust, has arrived from WebAssembly runtime provider Wasmer.Unveiled March 11, WinterJS 1.0 is described by Wasmer as “the fastest JavaScript web server” and now supports Cloudflare applications and React Server Components. The WinterCG-compatible JavaScript runtime uses the SpiderMonkey JavaScript engine to execute JavaScript and Tokio to handle underlying HTTP requests and the JavaScript event loop. WinterCG, which stands for Web-interoperable Runtimes Community Group, is a W3C community group that provides a space for JavaScript runtimes to collaborate on API interoperability.WinterJS can be compiled to WebAssembly and is runnable in the Wasmer Edge…