InfoWorld |
|
||||||
Node.js security starts before CI11:22 In many teams, dependency security still happens after the most important trust decision has already been made. A package is added, the lockfile changes, the feature moves forward, and only later does the pipeline ask whether the application should have trusted that code in the first place. That workflow made sense when dependency security was mostly viewed as a compliance check. Run a scanner. P… Getting from black-box AI to glass-box AI11:22 A year ago, most enterprise AI systems generated recommendations. Today, AI systems are approving transactions, routing shipments, updating records, interacting with customers, and triggering downstream software actions with little or no human involvement. For CIOs, that shift changes the central governance question. The challenge is no longer simply whether an AI model is accurate. It is whether… New agentic compute patterns11:22 For a decade, Kubernetes was the right answer. It organized containers, scaled services horizontally and gave platform teams a shared vocabulary for running software in production. It abstracted away enough of the underlying complexity that engineers could stop thinking about servers and start thinking about services. Most cloud-native infrastructure today is built on top of it, directly or in sp… A look at spatial intelligence and world models4:18 It’s been several years since generative AI and large language models (LLMs) took the world by storm. LLMs surpassed earlier natural-language systems at generating text, while diffusion models enabled generating images, music, and videos. These generative AI models work well in the digital world, but on their own, they have limited capabilities to comprehend the three-dimensional physical world a… Microsoft releases .NET 11 Preview 623:53 Preview 6 of Microsoft’s .NET 11 software development platform is now available, with improvements across the runtime, libraries, frameworks, and C# and F# programming languages. Announced July 15 , .NET 11 Preview 6 can be downloaded from dotnet.microsoft.com . The full, general production release is expected in November. The first preview was unveiled February 10 . Runtime-async, the .NET runti… Codex Multi-Agent V2 update raises developer concerns over agent transparency16:47 OpenAI’s recent update to its Codex CLI has introduced a new protocol that appears to shift more orchestration decisions from user-defined configuration to the runtime, prompting developers to request greater visibility into the instructions exchanged between AI agents. In a detailed GitHub merged request , users stated that the Multi-Agent V2 protocol-infused architecture of the CLI no longer ex… Ship faster with GitHub, Vercel, and Firestore16:47 These days, application developers can take their pick from a vast menu of architectural solutions. We can choose from the well-understood to the experimental, and from blended solutions in between. Several powerful middle-ground technologies that emerged during the cloud revolution have really come of age. Here we’ll take a look at putting together three of the most impressive: GitHub, Vercel, a… The next challenge for coding agents16:47 On the first day of Software Engineering 101, you learned about the SDLC — the software development life cycle. You learned that there is a whole lot more to producing quality software than writing some code and deploying it to production. We’ve studied the SDLC every which way, and we know where and how time is spent within it. The coding is the most interesting part of the SDLC. It is one of a … What 80% AI-written test pipelines actually cost16:47 The first time I heard someone say their AI now wrote 80% of their tests, I asked the obvious question. Eighty percent of what? After 20 years building and leading test automation for consumer-scale platforms, my honest answer turned out to be eighty percent of the typing , not eighty percent of the engineering . The remaining twenty was where the work still lived. Budgeting for two percent of le… Red Hat OpenShift 4.22 tackles cloud costs, AI workloads16:47 Red Hat OpenShift 4.22, an update to the company’s hybrid cloud application platform, is now generally available. The release focuses on cutting cloud infrastructure costs, simplifying operations of virtualized workloads, and securing sensitive data. Announced July 14 , Red Hat OpenShift 4.22 continues to harden the platform foundation to meet growing security standards, helping reduce the manual… Port releases vibe coding platform for dev and platform teams16:47 Port has rolled out Port AI Builder, a vibe coding platform designed for software development and platform engineering teams. Announced July 14, Port AI Builder lets teams create and run agentic workflows in natural language, with built-in human-in-the-loop review and approval. The platform lets organizations apply AI agents across the SDLC (software development life cycle), drawing on domain ski… IETF publishes QUERY method to allow safe and idempotent HTTP requests16:47 When an HTTP request is too long or complex to be encoded in its URI using GET, developers have long resorted to using the POST method as a workaround. However, this can create issues; while GET requests are defined as safe and idempotent, POST does not necessarily share those characteristics. To combat the problem, the Internet Engineering Task Force (IETF) has published a proposed standard HTTP… Oracle expands AI Agent Studio for Fusion Applications with pro-code tools16:47 Oracle on Tuesday expanded its AI Agent Studio for Fusion Applications with new pro-code development tools, including a CLI-based capability called AI Studio Skill, allowing developers to build agentic applications using familiar environments such as VS Code, Codex, and Claude Code. The AI Studio Skill is the CLI that provides the Fusion-specific context and tooling that AI coding assistants need… From story points to tokenmaxxing: Why engineering keeps measuring the wrong things16:47 For decades, software engineering has been plagued by “productivity theater.” Every few years, the industry aligns around a new vanity metric — usually one that latches onto whatever technology happens to be in vogue at the time. For a discipline rooted in creativity and problem-solving, this is a poor way to demonstrate progress. Yet, we find ourselves in this position once again. The pattern is… A cloud deal too good to be true16:47 The model of the forward deployed engineer is sweeping through enterprise IT like a gold rush, and I’m concerned that many companies don’t understand what they’re signing up for. Let’s start with the headline numbers. AWS announced a $1 billion investment in a new Forward Deployed Engineering organization. Google Cloud committed $750 million to expand similar programs. Microsoft has been running … |