News from the World of Software Development – May 2018

git desktopp

Welcome to the May edition of the software development news digest here at the Betica Blog. We regularly take a look at some interesting stories influencing the application engineering world. Hopefully, they provide a measure of insight to help your own coding projects.

If you are interested in checking out last month’s digest, simply click on the following link. We cover an AI routine that knows how to code. As always, thanks for reading!

GitHub imagining the Future of Collaborative Software Development

The ubiquitous source code repository giant, GitHub, naturally lies at the center of most software development shops’ workflow. This gives the organization a unique ability to influence the overall engineering process across the industry. Collaborative development is one such natural area given the organization’s distributed source control system. An article about GitHub’s importance appeared this week at The Next Web.

A collaborative spirit existed at GitHub from the beginning. The company released a public API for its source control application soon after going live. The software teams behind Ruby on Rails and Bitcoin leveraged it for source control as well as an example of the power of team development.

Ultimately, these two facts highlight the reason the open source movement is so influential throughout the tech industry. Since GitHub is essentially the standard for source code control, it played a large role in transitioning coding from a solitary task to something more social and interactive.  Aaron Upright noted as much in his article for The Next Web.

“Contrasted with alternatives like GitLab and BitBucket, GitHub has taken a best-of-breed approach. It’s essentially created a platform from which it’s possible integrate the products and tools that are better than what it feels it can create. It’s not building chat tools or CI functionality or project management on its own; instead, it makes it easy to integrate Slack, or Circle CI, or whatever else you might want,” commented Upright.

In short, GitHub makes it easy to collaborate when coding; setting an example for – as well as influencing – the rest of the industry.

Oracle finally to remove Java Serialization Security Hole

Serialization is one of the most important functions in software development, allowing data objects to be easily distributed as byte streams. Unfortunately, Java’s serialization routines, in place for decades, create a security hole easily exploited by nefarious agents. Oracle recently announced they plan to remove serialization from future versions of Java. News about the change appeared this week in InfoWorld.

The company plans on an approach allowing developers to use their own serialization engine. It interacts with a small framework included in a future version of the “platform once records” – Java’s nomenclature for data classes. It is expected to support JSON and XML as well as other formats.

Oracle feels they made a massive mistake with the current version of serialization implemented in 1997. They noted that nearly one-half of all Java security vulnerabilities are because of this engine. The company recently added a way to filter the classes being serialized as one way to mitigate the risk before the new serialization framework gets introduced.

Oracle provided no information on which upcoming version of Java is slated to include the reengineered serialization framework. Stay tuned!

That’s it for this month’s news digest. Keep coming back for additional software development insights from the Betica Blog.