Month: August 2024

Posted on mongodb google news. Visit mongodb google news

Allspring Global Investments Holdings LLC trimmed its holdings in MongoDB, Inc. (NASDAQ:MDB – Free Report) by 20.5% in the 2nd quarter, according to its most recent filing with the SEC. The institutional investor owned 387,176 shares of the company’s stock after selling 99,967 shares during the quarter. Allspring Global Investments Holdings LLC owned about 0.53% of MongoDB worth $96,778,000 at the end of the most recent reporting period.

Other large investors also recently bought and sold shares of the company. Transcendent Capital Group LLC bought a new stake in MongoDB in the 4th quarter worth about $25,000. MFA Wealth Advisors LLC bought a new stake in shares of MongoDB during the 2nd quarter valued at about $25,000. YHB Investment Advisors Inc. bought a new stake in shares of MongoDB during the 1st quarter valued at about $41,000. GAMMA Investing LLC bought a new stake in shares of MongoDB during the 4th quarter valued at about $50,000. Finally, Sunbelt Securities Inc. grew its stake in shares of MongoDB by 155.1% during the 1st quarter. Sunbelt Securities Inc. now owns 125 shares of the company’s stock valued at $45,000 after purchasing an additional 76 shares during the period. 89.29% of the stock is currently owned by institutional investors.

MongoDB Price Performance

MDB opened at $242.69 on Tuesday. MongoDB, Inc. has a 12-month low of $212.74 and a 12-month high of $509.62. The company has a current ratio of 4.93, a quick ratio of 4.93 and a debt-to-equity ratio of 0.90. The business’s fifty day simple moving average is $245.72 and its 200-day simple moving average is $320.26. The company has a market capitalization of $17.80 billion, a price-to-earnings ratio of -87.54 and a beta of 1.13.

MongoDB (NASDAQ:MDB – Get Free Report) last posted its quarterly earnings results on Thursday, May 30th. The company reported ($0.80) earnings per share (EPS) for the quarter, hitting analysts’ consensus estimates of ($0.80). MongoDB had a negative return on equity of 14.88% and a negative net margin of 11.50%. The business had revenue of $450.56 million for the quarter, compared to the consensus estimate of $438.44 million. On average, equities research analysts anticipate that MongoDB, Inc. will post -2.67 earnings per share for the current fiscal year.

Insider Buying and Selling

In related news, CAO Thomas Bull sold 138 shares of the company’s stock in a transaction on Tuesday, July 2nd. The stock was sold at an average price of $265.29, for a total transaction of $36,610.02. Following the completion of the sale, the chief accounting officer now directly owns 17,222 shares in the company, valued at approximately $4,568,824.38. The sale was disclosed in a document filed with the Securities & Exchange Commission, which is available at the SEC website. In other MongoDB news, Director John Dennis Mcmahon sold 10,000 shares of the stock in a transaction dated Monday, June 24th. The stock was sold at an average price of $228.00, for a total value of $2,280,000.00. Following the completion of the sale, the director now directly owns 20,020 shares in the company, valued at $4,564,560. The transaction was disclosed in a document filed with the SEC, which is available at this link. Also, CAO Thomas Bull sold 138 shares of the stock in a transaction dated Tuesday, July 2nd. The shares were sold at an average price of $265.29, for a total value of $36,610.02. Following the completion of the sale, the chief accounting officer now owns 17,222 shares of the company’s stock, valued at $4,568,824.38. The disclosure for this sale can be found here. Insiders sold 30,179 shares of company stock worth $7,368,989 in the last three months. 3.60% of the stock is owned by insiders.

Analysts Set New Price Targets

MDB has been the subject of a number of recent research reports. Scotiabank cut their price target on MongoDB from $385.00 to $250.00 and set a “sector perform” rating for the company in a research note on Monday, June 3rd. JMP Securities cut their price objective on MongoDB from $440.00 to $380.00 and set a “market outperform” rating for the company in a research note on Friday, May 31st. Stifel Nicolaus cut their price objective on MongoDB from $435.00 to $300.00 and set a “buy” rating for the company in a research note on Friday, May 31st. Citigroup cut their price objective on MongoDB from $480.00 to $350.00 and set a “buy” rating for the company in a research note on Monday, June 3rd. Finally, Bank of America cut their price objective on MongoDB from $500.00 to $470.00 and set a “buy” rating for the company in a research note on Friday, May 17th. One research analyst has rated the stock with a sell rating, five have given a hold rating, nineteen have assigned a buy rating and one has given a strong buy rating to the company. According to data from MarketBeat.com, MongoDB presently has an average rating of “Moderate Buy” and a consensus target price of $355.74.

Check Out Our Latest Research Report on MDB

MongoDB Profile

(Free Report)

MongoDB, Inc, together with its subsidiaries, provides general purpose database platform worldwide. The company provides MongoDB Atlas, a hosted multi-cloud database-as-a-service solution; MongoDB Enterprise Advanced, a commercial database server for enterprise customers to run in the cloud, on-premises, or in a hybrid environment; and Community Server, a free-to-download version of its database, which includes the functionality that developers need to get started with MongoDB.

See Also

Receive News & Ratings for MongoDB Daily – Enter your email address below to receive a concise daily summary of the latest news and analysts’ ratings for MongoDB and related companies with MarketBeat.com’s FREE daily email newsletter.

Article originally posted on mongodb google news. Visit mongodb google news

Posted on mongodb google news. Visit mongodb google news

NEW YORK, Aug. 28, 2024 /PRNewswire/ — MongoDB, Inc. (NASDAQ: MDB) today announced that it will present at three upcoming conferences: the Citi 2024 Global TMT Conference in New York, NY, the Goldman Sachs Communacopia + Technology Conference in San Francisco, CA, and the Piper Sandler Growth Frontiers Conference in Nashville, TN.

• Michael Gordon, Chief Operating Officer and Chief Financial Officer, and Serge Tanjga, Senior Vice President of Finance, will present at the Citi Conference on Wednesday, September 4, 2024 at 3:50 PM Eastern Time.
• Dev Ittycheria, President and Chief Executive Officer, and Michael Gordon, Chief Operating Officer and Chief Financial Officer, will present at the Goldman Sachs Conference on Monday, September 9, 2024 at 8:50 AM Pacific Time (11:50 AM Eastern Time).
• Michael Gordon, Chief Operating Officer and Chief Financial Officer, and Serge Tanjga, Senior Vice President of Finance, will present at the Piper Sandler Conference on Wednesday, September 11, 2024 at 9:00 AM Central Time (10:00 AM Eastern Time).

A live webcast of each presentation will be available on the Events page of the MongoDB investor relations website at https://investors.mongodb.com/news-events/events. A replay of the webcasts will also be available for a limited time.

About MongoDB
Headquartered in New York, MongoDB’s mission is to empower innovators to create, transform, and disrupt industries by unleashing the power of software and data. Built by developers, for developers, MongoDB’s developer data platform is a database with an integrated set of related services that allow development teams to address the growing requirements for today’s wide variety of modern applications, all in a unified and consistent user experience. MongoDB has tens of thousands of customers in over 100 countries. The MongoDB database platform has been downloaded hundreds of millions of times since 2007, and there have been millions of builders trained through MongoDB University courses. To learn more, visit mongodb.com.

Investor Relations
Brian Denyeau
ICR for MongoDB
646-277-1251
ir@mongodb.com

Media Relations
MongoDB
press@mongodb.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/mongodb-inc-to-present-at-the-citi-2024-global-tmt-conference-the-goldman-sachs-communacopia–technology-conference-and-the-piper-sandler-growth-frontiers-conference-302233087.html

SOURCE MongoDB, Inc.

Article originally posted on mongodb google news. Visit mongodb google news

Posted on mongodb google news. Visit mongodb google news

Posted on mongodb google news. Visit mongodb google news

NEW YORK, Aug. 28, 2024 /PRNewswire/ — MongoDB, Inc. (NASDAQ: MDB) today announced that it will present at three upcoming conferences: the Citi 2024 Global TMT Conference in New York, NY, the Goldman Sachs Communacopia + Technology Conference in San Francisco, CA, and the Piper Sandler Growth Frontiers Conference in Nashville, TN.

• Michael Gordon, Chief Operating Officer and Chief Financial Officer, and Serge Tanjga, Senior Vice President of Finance, will present at the Citi Conference on Wednesday, September 4, 2024 at 3:50 PM Eastern Time.
• Dev Ittycheria, President and Chief Executive Officer, and Michael Gordon, Chief Operating Officer and Chief Financial Officer, will present at the Goldman Sachs Conference on Monday, September 9, 2024 at 8:50 AM Pacific Time (11:50 AM Eastern Time).
• Michael Gordon, Chief Operating Officer and Chief Financial Officer, and Serge Tanjga, Senior Vice President of Finance, will present at the Piper Sandler Conference on Wednesday, September 11, 2024 at 9:00 AM Central Time (10:00 AM Eastern Time).

A live webcast of each presentation will be available on the Events page of the MongoDB investor relations website at https://investors.mongodb.com/news-events/events. A replay of the webcasts will also be available for a limited time.

About MongoDB
Headquartered in New York, MongoDB’s mission is to empower innovators to create, transform, and disrupt industries by unleashing the power of software and data. Built by developers, for developers, MongoDB’s developer data platform is a database with an integrated set of related services that allow development teams to address the growing requirements for today’s wide variety of modern applications, all in a unified and consistent user experience. MongoDB has tens of thousands of customers in over 100 countries. The MongoDB database platform has been downloaded hundreds of millions of times since 2007, and there have been millions of builders trained through MongoDB University courses. To learn more, visit mongodb.com.

Investor Relations
Brian Denyeau
ICR for MongoDB
646-277-1251
ir@mongodb.com

Media Relations
MongoDB
press@mongodb.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/mongodb-inc-to-present-at-the-citi-2024-global-tmt-conference-the-goldman-sachs-communacopia–technology-conference-and-the-piper-sandler-growth-frontiers-conference-302233087.html

SOURCE MongoDB, Inc.

Article originally posted on mongodb google news. Visit mongodb google news

Posted on mongodb google news. Visit mongodb google news

NEW YORK, NY / ACCESSWIRE / August 28, 2024 / Leading securities law firm Bleichmar Fonti & Auld LLP announces a lawsuit has been filed against MongoDB, Inc. (Nasdaq:MDB) and certain of the Company’s senior executives.

If you suffered losses on your MongoDB investment, you are encouraged to submit your information at https://www.bfalaw.com/cases-investigations/mongodb-inc.

Investors have until September 9, 2024 to ask the Court to be appointed to lead the case. The complaint asserts claims under Sections 10(b) and 20(a) of the Securities Exchange Act of 1934 on behalf of investors in MongoDB securities. The case is pending in the U.S. District Court for the Southern District of New York and is captioned John Baxter v. MongoDB, Inc., et al., No. 1:24-cv-05191.

What is the Lawsuit About?

The complaint alleges that the Company misrepresented the purported benefits stemming from the restructuring of its sales force. This includes how the restructuring helped reduce friction in acquiring new customers and increased new workload acquisition among existing customers.

These statements were allegedly materially false and misleading. In truth, MongoDB’s sales force restructuring resulted in a near total loss of upfront customer commitments, a significant reduction in actionable information gathered by the sales force, and hindered enrollment and revenue growth.

On March 7, 2024, the Company allegedly announced that due to the sales restructuring, it experienced an annual decrease of approximately $40 million in multiyear license revenue, anticipated near zero revenue from unused Atlas commitments (one of its core offerings) in fiscal year 2025, and provided a disappointing revenue growth forecast that trailed that of the prior year. This news caused the price of MongoDB stock to decline $28.59 per share, or about 7%, from $412.01 per share on March 7, 2024, to $383.42 per share on March 8, 2024.

Then, on May 30, 2024, the Company again announced significantly reduced growth expectations, this time cutting fiscal year 2025 growth projections further, again attributing the losses to the sales force restructuring. On this news, the price of MongoDB stock declined $73.94 per share, or nearly 24%, from $310.00 per share on May 30, 2024, to $236.06 per share on May 31, 2024.

Click here if you suffered losses: https://www.bfalaw.com/cases-investigations/mongodb-inc.

What Can You Do?

If you invested in MongoDB, Inc. you have rights and are encouraged to submit your information to speak with an attorney.

All representation is on a contingency fee basis, there is no cost to you. Shareholders are not responsible for any court costs or expenses of litigation. The Firm will seek court approval for any potential fees and expenses. Submit your information:

https://www.bfalaw.com/cases-investigations/mongodb-inc

Or contact us at:

Ross Shikowitz

ross@bfalaw.com

212-789-3619

Why Bleichmar Fonti & Auld LLP?

Bleichmar Fonti & Auld LLP is a leading international law firm representing plaintiffs in securities class actions and shareholder litigation. It was named among the Top 5 plaintiff law firms by ISS SCAS in 2023 and its attorneys have been named Titans of the Plaintiffs’ Bar by Law360 and SuperLawyers by Thompson Reuters. Among its recent notable successes, BFA recovered over $900 million in value from Tesla, Inc.’s Board of Directors (pending court approval), as well as $420 million from Teva Pharmaceutical Ind. Ltd.

For more information about BFA and its attorneys, please visit https://www.bfalaw.com.

https://www.bfalaw.com/cases-investigations/mongodb-inc

Attorney advertising. Past results do not guarantee future outcomes.

SOURCE: Bleichmar Fonti & Auld LLP

View the original press release on accesswire.com

Article originally posted on mongodb google news. Visit mongodb google news

Article originally posted on InfoQ. Visit InfoQ

Microsoft released a new Visual Studio Code extension called Prompty, designed to integrate Large Language Models (LLMs) like GPT-4o directly into .NET development workflows. This free tool aims to simplify the process of adding AI-driven capabilities to applications. The official release post includes a practical example demonstrating how Prompty can be used in real-world scenarios.

Prompty is available for free on the Visual Studio Code Marketplace and offers .NET developers an intuitive interface to interact with LLMs. Whether creating chatbots, generating content, or enhancing other AI-driven functionalities, Prompty provides an easy way to integrate these capabilities into existing development environments.

While Prompty has been well-received for its innovative approach to integrating AI into .NET development, some community members have expressed concerns about its availability. On LinkedIn, Jordi Gonzalez Segura expressed disappointment that Prompty is not accessible to those using Visual Studio Professional.

Using Prompty in Visual Studio Code involves several steps:

• Installation: Developers start by installing the Prompty extension from the Visual Studio Code Marketplace.
• Setup: After installation, users configure the extension by providing API keys and setting up necessary parameters to connect to the LLM, such as GPT-4o.
• Integration: Prompty integrates into the development workflow by allowing users to create new files or modify existing ones with embedded prompts. Commands and snippets are provided to easily insert prompts and handle responses from the LLM.
• Development: Developers can write prompts directly in the codebase to interact with the LLM. Prompty supports various prompt formats and offers syntax highlighting, making it easier to read and maintain prompts. These prompts help in generating code snippets, creating documentation, or troubleshooting by querying the LLM for specific issues.
• Testing: Prompty enables rapid iteration and testing, allowing developers to refine prompts to improve response accuracy and relevance.

Bruno Capuano, a principal cloud advocate at Microsoft, prepared a real-world use case demonstrating how Prompty can enhance a .NET WebAPI project. In this example, Prompty generates detailed weather forecast descriptions, transforming the standard output into richer and more engaging content. Developers can dynamically produce detailed weather summaries by defining prompts within a .prompty file and setting up the necessary configurations to interact with the LLM. This practical application leverages the Semantic Kernel to automate the generation of descriptive text, improving the quality and informativeness of the application’s output.

Additional information about Prompty, its features, and integration into development workflows can be found on the Prompty Visual Studio Code extension page or in the Prompty source code available on GitHub.

Article originally posted on InfoQ. Visit InfoQ

Transcript

VanCura: I’ll highlight some of the things that were shared, but not go into too deep with details, but really talk about how can you take those lessons and take that back to your environment and your work place, and really be the leaders to continue to innovate and collaborate within your own company based on some of the things that you’ve learned here.

I work for Oracle, so I do have some forward-looking things here. Primarily, I want to talk about how you can get involved and how you can bring forward your group and the Java improvements that we’ve talked about. We even talked about in the unconference session on, how do you keep up with the latest versions of Java? How do you innovate and collaborate? That’s really what my role is all about, as chair of the JCP.

That’s really the perspective that I’m speaking to you from, is in that role leading the Java Community Process. I’ve been involved with the Java developer ecosystem for over two decades. I’ve seen quite a few changes come. I’m really excited about the future. The future is really bright for Java. I’m going to show you some of the reasons why in my slides.

JVM Trends

We talked about the things that we learned here. I think Netflix and LinkedIn really shared some interesting examples of the performance improvements that they’ve been able to achieve by migrating past Java 8, so especially migrating to Java 17, all the productivity improvements and performance improvements that they’ve been able to see. What I’d like to do here is show you how you could also do that in your teams when you go back to work. I think what you see when we talk about things in the community, you see that working together we achieve more.

There’s an African proverb that I like to talk about in my work, which is, if you want to go fast, go alone, but if you want to go far, go together. I think that the Java community is really unique in that perspective. LinkedIn talked about how easy they thought the migration was. I think that’s a great example. We have something to learn from LinkedIn here. Alex from LinkedIn was sharing some of the things that you can do. I’m going to share some of those things with you here.

Java continues to be the number one choice for developers and for enterprises. What I’ve seen over the last 5 years since we moved to the 6-month release cadence with a new version of Java every 6 months, is that the innovation pipeline has never been richer or stronger. You may or may not be aware that we did move to this release cadence back in 2017, where we have a new version of Java every 6 months. Not only have we seen more innovation, but we’ve also seen more collaboration.

That really is the topic of what we’re talking about here, and why I selected that topic for my talk, because we’re seeing more innovation in Java, and we’re seeing more collaboration. As a result of the way that you can contribute to not only consume the new innovations and the new features that are put out to the Java platform every 6 months, but how you can contribute to it so that your fixes and your innovations can become part of the Java platform. We have continued to focus on these five main tenets of Java, and that also ties in today, the performance of the platform, along with the stability and the security, and ensuring that we have compatibility throughout the ecosystem. Java is unique, in that we have such a rich ecosystem, with so many different companies being able to provide their implementations that give you as developers and enterprises choice, but also continuing to have code that’s maintainable in your projects.

When we assess the landscape, and we look forward to the next 25 years, as I showed, we’re celebrating 25 years of the evolution of the Java Community Process program, but 28 years of Java. As we look forward to the future of Java, it’s important to understand that there’s two delicate forces at play. There’s this thing that we want fast innovation, and we want to adopt the industry trends. Then we also want to ensure that we have a stable platform, and that we keep existing programs running without breaking them, and also have this extremely low tolerance for incompatibility.

We try to balance both of those things with the evolution. We support that through having new ports for hardware, as well as software architectures, while remaining compatible and offering stability. That’s what we’ve been able to continue to do with this new release model is that we have innovations every 6 months, which are digestible for developers. You can really get a sense of what’s in every release, but also that it’s predictable and stable for enterprises. We’ve really been able to achieve the best of both worlds through some of these innovations that we’ve done over the last 5 years.

Moving Java Forward

Moving Java forward, what we try to do is continue to build that trust, and also continue to offer that predictability, and continue to bring forward the innovation so that Java continues to be one of the top languages overall, and we continue to see JVMs running in the cloud, and all over in different environments. I think IBM’s talk was just focused on the cloud. Increasingly, the focus is on the cloud. If you look at the numbers, those numbers continue to become closer together. You also see Java on billions of other devices all over on the edge, in addition to in the cloud.

Really, the focus of the platform is to continue to maintain Java as the number one platform of choice in a cloud environment. As I mentioned, the 6-month release cadence really does deliver innovations, but also predictability. If you look at this chart, you can see on the left where we had those feature releases, where you pick one big main feature, and you wait until that feature is ready, and the release comes out maybe every 3 to 4 years. In those times, like for example, with JDK 9, we had 91 new features in that release. That’s not only a lot for developers and enterprises to digest, but it also makes it really difficult to migrate.

That’s one of the things that we talked about in the unconference session, as well as what Netflix and LinkedIn talked about in terms of being able to migrate between versions. When you have fewer new features, it’s much easier to migrate in between versions. What you see now is since we moved to a 6-month release cadence versus having new releases every 3 to 4 or so years, you have no idea when the release is going to happen. It gets pushed out based on when this huge feature is going to be ready. Then it’s a huge release. Now you can see, on average, the lowest release had 5 new features, and at most, we had 17 new features going into each release of the Java platform. You can see with this last release, we had 15 new features coming out with Java 21.

Moving Java forward, we continue to invest in long-term innovation. While we do have this release model of a new release every 6 months, whatever is ready at that time goes into it. If you want to see a new project sooner, try to contribute and give feedback to that release. While we have these releases that are time based on a train model, we still have the projects going on in OpenJDK. One of the big projects that came out of Java 21 came out of Project Loom, but that doesn’t mean that Project Loom is over. One part of Project Loom that’s virtual threads, came out and was available in Java 21.

Within OpenJDK, we continue to have these projects where the innovations of the future happen. I picked just a few of the projects. I couldn’t list all the projects in OpenJDK on one slide. What I’ve done is I picked out a few of the projects where we’re continuing to see some integrations that go back to those tenets that I talked about: the predictability, productivity, security, those types of things are coming out of these projects. Project Amber is one that over the last 5 years, we’ve seen continuous innovations coming out around developer productivity with small incremental language changes.

A lot of people have been talking about reducing startup times. I even talked to several people about Project Leyden. Definitely check that one out. Panama, I think Monica in her talk about hardware was talking about Project Panama, and connecting JVM to native code, and making JNI better. ZGC is one that not only Netflix and LinkedIn talked about, but at a panel I hosted, I had maybe 10 people on the panel, I asked them to talk about what their favorite things were. Many of them, in addition to Loom and virtual threads, brought up ZGC, so generational ZGC coming out. That’s part of Java 21, as well. These are some of the key projects that we’re investing in for the long term, that are open and transparent and available for you to follow. OpenJDK is where you’re going to get the vision of what’s happening long term, not just in the next 6 months, but over the next 3 to 5 years.

JDK 21

Java 21 is available now. It was available as of September 19th. It had 15 JEPs in it. Also, thousands of performance and security improvements, just like every 6-month feature has. Just looking at the areas of Java 21, there were many new improvements. I’ll highlight just a few of them for you and some of the key areas. Obviously, we had language features, performance improvements. We had new features for preview. One thing that you might want to do when you download the new versions of Java is notice what features are available for preview. As of 2017, we introduced preview features.

That means that they’re fully specified and implemented, but they’re not turned on by default. Why they’re preview features is we’re looking for more feedback from people who are using them. What we’ve typically seen now since 2017, is that if a language feature is designated as a preview feature, it will be there two or three times, there’s no designated amount, but just until we collect enough feedback. There are some features that are preview features. There’s library improvements, like virtual threads. There’s also some additional library improvements that are there as preview features.

A couple of the language features that I’ll highlight came out of Project Amber. These are features that make it easier to maintain code and also makes it easier for you to code. One of them was record patterns. Java 21 adds record patterns, which make it easier to deconstruct records and operate on their components. Also, pattern matching for switch. Pattern matching for switch bring switch expressions and statements. Using this feature, we can test an expression against a number of different patterns. We also had some library improvements. The Java libraries are one of the reasons why Java has become so popular. It’s also one of the reasons why you have maybe some things that aren’t ready yet and why it makes your life a little harder when you’re trying to migrate in between versions. If you follow some of the lessons that were talked about, you’ll be able to overcome those hurdles.

A couple of the things that were in this category were of course, the virtual threads. That’s coming out of Project Loom. Virtual threads has had a lot of early adoption already. Netflix talked about it in terms of Spring, having support for Java 21 already with Spring 3.2. Also, IntelliJ has that out already. Virtual threads are one of the most highly anticipated features. This was mentioned as well, since Java 8 with Lambda expressions. Virtual threads are a really exciting technology that I think is really going to be pushing people to adopt and migrate to newer versions of Java. Also included in Java 21 is sequenced collections.

The collection framework was lacking a collection type to represent a sequence of elements with a defined encounter order. We’re lacking a uniform set of operations that applies to all such collections. We included that with Java 21. In addition, we added some performance improvements, so just like before, but only better. The one that I’m going to highlight for you here is generational ZGC. Generational ZGC is not the default when you download Java 21. You have to configure it to be a default. We’re looking towards the future, whereas generational ZGC will be the default in a future release. Generational ZGC is available as a regular feature in Java 21. Initially, generational ZGC is available alongside non-generational ZGC.

OpenJDK: Issues Fixed in JDK 21 per Organization

That was just a very quick overview of what’s in Java 21, as I transition now to talking about how you can contribute. What we’ve seen, as I mentioned earlier in my talk, was that as we have this faster release cadence every 6 months, this red part of this chart has gotten gradually smaller. The red part is contributions by Oracle. You can see that Oracle is still the number one contributor and leader and supporter of the Java ecosystem. What we see over time is that we have increasing contributions from other people, and contributors in the community.

This is ideally what I’d like to see, is continue to move this chart to the left side, so we have fewer contributions from Oracle and more from the community. I think with Java 21, we’ve had a record which is 2585 Jira issues marked as fixed, and over 700 of them were contributed by other members of the community. What you can see here is you have not only vendors, but also users of the technology in addition to hardware vendors. People like Arm and Intel are contributing to bug fixes to enable OpenJDK to be better on all the different hardware ports. I think that started also after Java 9. This new release model, what it really does is it motivates people to contribute their fixes, because they’re not going to have to wait 3 or 4 years to see their fix being put into a platform release.

It’s going to be coming out every 6 months. We continue to see this increase in the number of contributions into OpenJDK. Also, we have this long-term support model now a part of the Java releases. That means that every 2 years at this point, we have one of the releases designated as long-term support releases. I talked about new releases coming out every 6 months. Java 21 is a release that will be offered as long-term support. There won’t be another long-term support release until Java 25. There are interim releases, which happen every 6 months. One thing that’s important to note is that regardless of whether a release is going to be offered as long-term support or not, it’s treated technically the same in terms of the features that go into it. Every release is production ready, and it can be used in production.

It’s just a matter of whether Oracle or another vendor wants to provide long-term support for that release. What we’ve seen in the Java ecosystem is that, typically, if one vendor is offering long-term support releases, most of the other vendors follow the same cadence. For instance, Java 8 was designated as available for long-term support. Java 11 was a long-term support release. Java 17 was a long-term support release. Now Java 21 is a long-term support release. What we’ve seen is that other providers other than Oracle have offered that same cadence of offering long-term support, but people can offer support in any way they choose. It does seem that the community tends to adopt the long-term support releases, but there really is technically no reason why you couldn’t go ahead and adopt every release as it comes out every 6 months.

Java Developer Community

There’s strength in the numbers. What we see now is that we’re growing our Java developer community. We also have user groups, Java champions. What I found with the Java ecosystem is that there’s this rich support in the community. I encourage you, if you’re local, to take advantage of that with the San Francisco Java user group. There’s close to 400 Java user groups all over the world. No matter where you are, if you’re visiting from a different place, you can probably find a Java user group that you can go to. One of the things that are done in the Java user groups is people share their experience.

They share about the things that they’re working on. They share about some of the new projects that are being worked in OpenJDK or in other open source projects around the community. It’s a way where you can find support for the work that you’re doing. It’s also a way that you can grow your network and your career. It’s also a way that you can learn of other people’s success.

Just like we heard here, some of the people’s success, and talking about some of the performance improvements that they’ve been able to achieve by migrating past Java 8, and talking about how easy it was and how they’re getting their libraries and dependencies updated. You can do that in your local community that meet on average, once a month, and share some of the work that you’re doing. You can also enhance a lot of your critical communication skills, which sometimes are harder to practice, and you practice those skills in person. Those are all things that you can do in the Java community.

Now I’m going to transition a little bit to talk about another community, which is the JCP. Much of what we’ve talked about in terms of innovation that is happening in the Java ecosystem as a result of some of the foundation that’s been established in programs like the JCP and through OpenJDK. This is also how you can set your path for migrating in the future to new versions of Java. We’re celebrating 25 years of the JCP this year. Does anyone know what the JCP is? The JCP is the organization that defines the Java specification and language and platform. It operates as an organization.

I act as the chair of the Java Community Process, or JCP program. We have an executive committee. The bulk of the work is done by specification leads or spec leads who lead JSRs. Basically, the JCP is where that work happens. The work is led by specification leads. Oracle is the specification lead for the Java platform. Oracle doesn’t do that work alone. Contributions come in from the community, and every JSR has to have a spec lead and an expert group, and feedback from the community.

Reviewing this work is how you can get ready to know what’s coming next in future releases of Java to enable you to be ready to migrate to new versions of Java. Members of the JCP can serve on these JSRs. We have members who are companies, nonprofit groups, Java user groups, as well as individual developers. The majority of our members are now individual developers all over the world. There are nonprofits such as universities and groups like the Apache Foundation and the Eclipse Foundation, who are members.

In addition to just our general membership, we have an executive committee. This is one of our first face to face meetings that we had earlier this year. We were in New York. We did a panel at BNY Mellon, they hosted us there. On the executive committee, we also have that cross representation. We have Java user groups, companies, users. BNY Mellon is a user of the technology, as well as a couple of individuals. They’re there to represent the needs of the general ecosystem, but they also vote on all JSRs. I know a lot of you have heard of a JSR. How does that work? We have JCP members, and we have JSRs. JSRs are actually three things.

It’s the specification, the reference implementation, which is the code, and the test suite. When I say this is the foundation, this is really what goes back to some of the tenets that I talked about earlier around compatibility and ecosystem choice. This is really the foundation that establishes the ability to have choices in your implementation, and also that rich ecosystem of frameworks and libraries that you have to choose from. We have the Java specification request, the membership, which also consists of the executive committee. Then we have an expert group serving on the JSRs.

Those three things really work together. We have a specification, that’s essentially your documentation. That’s required by the JCP. That’s part of the reason why Java is so well documented. Then we have the reference implementation or the code that implements the specification. Then a test suite to ensure that we can have multiple implementations. Not just one implementation, but multiple implementations that creates that ecosystem of choice.

Those three deliverables work together to provide the foundation of the work that we do in the JCP. Every JSR gets voted on by the executive committee. Every JSR provides multiple drafts of the specification, as well as the reference implementation. I’ll talk about later how you can download and test the early access builds. We need feedback on all of these things as it goes through the process. You’re free to provide feedback whether you’re a member of the JCP or not.

Java is unique, in that it’s standard and open source. We believe that we need both. We have the reference implementation being developed in OpenJDK, which is an open source project. Then we have the JCP ratifying the specification. We continue to maintain that we need both. The implementation is developed in OpenJDK, collaboratively with an open source license. It’s also available on GitHub now as well. We have a mirror on GitHub, where you can find all the projects, since most developers are hanging out on GitHub for most of their other projects. There’s also a mirror of OpenJDK on GitHub now as well. That was part of one of the earlier Java platform releases a couple of years ago.

Early Access Builds

Now down to one of the keys that I talked about with you earlier, in terms of how are you going to innovate and collaborate and be able to migrate your applications to new versions of Java. The key really is here in the early access builds. How many of you are aware that there are early access builds of Java every two weeks? There are early access builds of the JDK put out every two weeks. We’ve had several already put out now for Java 22. LinkedIn and Netflix talked about how they’ve been testing out Java 21 for 4 or 5 months, and they’re almost ready to migrate to Java 21 now, because they were actually actively participating in this program.

It’s not actually a program where you have to sign up for it, anyone can do it. The builds are put out there every two weeks. You don’t have to download them every two weeks, but they’re available for you there to download every two weeks. When they’re early access builds, that means that you can’t use them in production. You can download them and run your applications against them to find out what dependencies you’re going to have and what changes you’re going to need to make to migrate in between new versions. As I talked about earlier, when I showed you the chart with the new features, and how many are in each new release, if you’re on Java 8, you are going to have quite a few changes that you might need to make to migrate past Java 8.

If you’re on a version after Java 8, you saw with my chart that we have 10 to 15 new features put into every release. Once you’re past Java 8, it’s going to become part of your software development lifecycle to migrate in between versions, because you can build this early access testing into your software development lifecycle. Instead of making Java migrations a month-long project, it just becomes part of your everyday workflow.

Whereas you’re downloading early access build, running your applications against it, identifying any dependencies and fixing those, and migrating very close to the release of the next version of Java, whether you choose to migrate every 6 months, or you choose to migrate to long-term support versions, so like migrating from Java 17 to Java 21.

The builds are there every two weeks. You can download and test and also provide feedback and make adjustments. Very few people actually do that part of providing the feedback. If you want to make sure that your comments or needs are addressed, I encourage you to just share your feedback in OpenJDK, because you will be recognized and remembered if you’re one of the few people who are doing that.

Rather than just consuming the technology, like we talked about, the theme is collaborate. That counts as collaboration and a contribution. Sharing what happened when you downloaded the early access build, and you tested your application against it. Share with us what happened. That’s what makes the Java releases better. It also helps you to migrate in between new versions of the Java platform.

If you haven’t seen this page before, I just showed an example. This is for JDK 21. Every Java release has a page that’s exactly the same. I mentioned some of the 15 JEPs that went into Java 21. I just gave you a very brief overview of a few of them, not all of them. If you wanted to go and read about every JEP that’s included in JDK 21, you could do that on this page. Every platform release has this exact same page. It gives you the dates of the releases, and it gives you links to every JEP or Java Enhancement Proposal. Every release of the Java platform is made up of a collection of JEPs or Java Enhancement Proposals.

That’s the term that OpenJDK uses. The JEPs come out of those projects, like Project Amber, Project Loom, Project Valhalla. Once they have a prototype ready, and the work gets far enough along, they put them into JEP proposals. Then, every 6 months, they collect the JEPs that they think are going to be ready for the next platform release. Then, every JDK release is a collection of Java Enhancement Proposals, usually around 10 or 15, at this point. Those are then put into a JSR. That’s what’s voted on by the executive committee. One JSR, and on average, at this point, 10 to 15 JEPs that make up every Java platform release.

If you want to go and dig into any of those features that I talked about, they’re available on OpenJDK, and you can read all about the JEP. You can also find links to those pages from jcp.org. That’s the home of the Java Community Process. This is the page for JSR 396, that’s Java 21. You can find the link to the project page on OpenJDK as well as the issue tracker and the mailing list. I’ll talk a little bit more about the mailing list, but I mentioned it when I talked about downloading the early access builds. The mailing lists are where you can share your feedback. You can find links to that on jcp.org, as well as on OpenJDK.

There’s already a page for JSR 397, which is Java SE 22. There’s already a few JEPs that have been identified. The schedule is there, and you can bookmark this page to find out what other work is going to be targeted for this release. That will be in flux for the next several months. Public review time is when that set of JEPs typically gets frozen. Then the work continues to happen on those before the JCP executive committee votes to ratify the specification and it goes to final release.

Quality Outreach Group (OpenJDK)

Also, going back to the dependencies, in OpenJDK, we have a group that’s called the quality outreach group. The quality outreach group is a collection of free and open source projects that are not supported by companies. Often, people when you’re downloading the early access builds and testing your application, you’ll probably identify a few dependencies, depending on how many open source libraries you’re using. According to LinkedIn, they didn’t have any. I know people who’ve had thousands. In the quality outreach group, you can find a collection of 200 free open source projects or FOSS projects.

The idea here is that we have a wiki where you can see what’s the status, so where is this project in terms of migrating to the newest release of Java. Also, who you can contact if you wanted to contribute a bug fix to one of these projects. I’ve worked with several of the project leads here, and they’ve actually been able to identify some easy early entry bug fixes that might be good for somebody who’s looking to get experience in an open source project. Obviously, if this is a dependency of yours to be able to migrate to a newer version of Java, you also could volunteer.

Just because it’s a collection of FOSS projects, doesn’t mean that companies can’t have individuals contributing to them. This is a great place and a great resource for you to go for a couple of different things, like I said, for those dependencies that you may have identified, but also, if you wanted to get involved with an open source project. These are all projects that are looking to actively migrate to the latest release of Java and, as I mentioned, oftentimes will have identified bugs. If you’ve found something as you’re doing your testing, you can also contact them and go ahead and enter it in their issue tracker.

I encourage you to take a look at that. As I mentioned, that’s a project in OpenJDK, so you go to OpenJDK, and then just look for the quality project. On the left-hand side is where there’s the nav bar, there are projects listed in alphabetical order, quality outreach, and go ahead and take a look at that. You can also join the project if you’re maintaining an open source library. You’ll find all that information there.

Java in Education

Lastly, I just want to highlight another thing that we’re focused on in the JCP, which is bringing Java to the next generation of developers. I talked about in the beginning that we want to continue to see Java be the number one programming language. We believe that the key to doing this is also outreaching to that younger generation of developers and ensuring that they’re learning Java, and are aware of the benefits. We’ve organized a program that’s available off of jcp.org, where we talk about how you could host a workshop.

Right now, we have three different presentations that you could deliver to a group of students, how you can reach out to universities, some best practices for doing that, as well as how you might offer mentorship. The idea behind this program is basically collecting together the resources where students and younger professionals can learn about Java, not that you would actually teach them Java, but that you would give them an example of what it’s like to work in the ecosystem, and you would point them to the resources that are available. Because, as I mentioned, in the beginning, there’s this rich ecosystem of materials that are available through Oracle University, Oracle Academy, as well as so many other providers that teach Java to students.

The idea behind this program was really to show younger professionals what it’s like to work in industry. If you’re interested in getting involved with that program, that’s been super motivational and inspiring to me to be able to see the excitement. Even one of the standalone specifications that we have for Java now is JSR 381, which is a visual recognition specification, so, basically, machine learning using Java and not Python. That’s been really cool to talk about that with the students. While it’s not part of the Java platform, it’s an optional standalone package that’s led by some individuals that have a deep interest in AI and machine learning, and to be able to show that to students who think that Java isn’t the language for the future with AI and machine learning. It’s a real eye opener. That’s been exciting.

Getting Involved with the Java Ecosystem

I’m going to close with a few ways for you to get involved if anything I’ve said has piqued your interest and motivated you to get more involved in the Java ecosystem. You can join the JCP in multiple ways. If you wanted to join as an individual, you would do that on jcp.org, as an associate member. If you’re part of a nonprofit university, or a Java user group, you would join as a partner member. Then we have the full members, which is really designed for companies. We have new companies joining every year. Actually, Microsoft is one that joined most recently, and Amazon a few years before that.

We’re always eager to have new perspectives come into the JCP. That’s really the full members. We also have some consultants and university professors who join as full members. Then, of course, you can join OpenJDK. You can follow OpenJDK on Twitter. One of the most important things that you can do is join and follow the OpenJDK mailing lists. There are many mailing lists on OpenJDK. What I encourage you to do is share your feedback in the adoption group. That’s where you can share your feedback when you download those early access builds, so join that mailing list. There’s also a mailing list for the quality outreach.

Every one of those projects that you might be interested in that I mentioned, like Amber, or Leyden, or Valhalla, or Panama, they also have their own mailing list. There was someone that was asking me about Panama, and I encouraged him to share his feedback on the mailing list. While conferences like these are a great way to have discussions and share ideas, if you really want to make an impact, share it on the mailing list. Make sure you join the mailing list of your interest. If you want to consume information, we have a couple cool new websites where you can learn more about the technologies, and those are dev.java and inside.java. There, you could get more deep dives on some of the technical features of the new release, as well as contributions from the community. With Java 21, we now have community contributors on articles on both of those websites.

Giving feedback and collaborating, you’re going to find that you are exponentially increasing your network in terms of collaboration. Giving feedback is going to help you to not only grow your career, but establish you as a leader and help you to migrate to the new versions of Java and learn about the new features of Java before anyone else has had that opportunity. Really, that’s one of the most valuable things about getting involved in some of these projects that I talked about is being able to share your knowledge. That’s what I find the most inspiring about the Java ecosystem is that everything’s there and available for you, in a transparent way.

It’s really a matter of you taking the time to go and research the information, learn about it, and then share what you’ve learned. It could be as simple as sharing on social media, that you downloaded the new early access build of Java 22, and this is what happened, or even Java 21 just came out, so you download it and checked it out, and what’s your favorite new feature. There’s always a different perspective that you can bring, and you can share that not only on social media, but within your team as well.

That’s one of the things that I’ve talked with some community members about is having that as a regular part of some of their team meetings, just sharing that they went and checked out this JEP or this project, and this is really cool, and this is going to be coming next. It’s a way to establish yourself as a professional and a leader, as well as have fun meeting people who are in a different environment than you are. Doing these types of activities, I’ve met people from all over the world, even though I don’t see them all over the world. I see them online. I’m able to see how they’re using Java and what their unique perspectives are.

Resources

In all my work with developers, I just recently published a book. It’s called, “Developer Career Masterplan.” That is a book about how to move your career from junior to senior and beyond. It’s all the things that you might not think about when you think about your career. All the things that really can add that extra bit of visibility into your career.

Questions and Answers

Beckwith: I think one of the things that was really interesting, and I know it because I was a part of the JCP at Arm and [inaudible 00:44:22]. Of course, I like reading JSRs also.

VanCura: More people should. Actually, you can differentiate yourself if you’re one of the few people who reads a specification. You don’t have to read the whole thing. You can just read a part of it and you can provide a comment on that part. Or if you refer to a specification and maybe something wasn’t clear, then you could provide some feedback just on that part, “I refer to this part.”

Beckwith: It’s just the first one that you read, it may get overwhelming, but once you get used to it, it’s easier. You know what to skip and where to get to if you need some information, because there’s a wealth of information there.

VanCura: I met with a professor a few weeks ago, and he was actually asking me for pointers. He was wanting to know where he could read the specification. It’s good to know that it’s there if you need it. Like I said, one of the reasons why it’s always there is because it’s required by the JCP. Every specification has to be complete, and it has to be fully documented in the specification.

Beckwith: I was going to say that JSR for 9 was probably one of the most read specifications ever, because we had the module system that was in the JPMS. Every company, every JCP member I know has read that.

VanCura: Yes, the JCP members.

Participant 1: There’s just like, people run stuff in the cloud, and then to lower cost there’s always this question about maybe Arm, and how is it going to perform, or is it going to have any issues on Arm. Who’s responsible for making sure that Java runs without introducing bugs on a platform like Arm?

VanCura: Arm was in my chart as one of the bigger contributors, so they had their own square of contributions. They contribute fixes and bug issues that would address those things that are specific to their port. They would contribute those in OpenJDK. Then, of course, they are a company and they would have things that they do outside of OpenJDK, but I’m just speaking specifically to OpenJDK.

Participant 1: There’s multiple companies, there’s Ampere. There’s just different companies that license the ISA. Is it Arm?

VanCura: Arm is one of the biggest contributors to OpenJDK. That’s why they’re on the executive committee. Obviously, Ampere is an Arm provider.

Participant 1: Probably when you’re running in the cloud you’re running on Ampere, [inaudible 00:47:56]?

VanCura: Ampere could decide to run in the executive committee and make contributions. I just noticed when I look at the chart, Arm is one of the biggest contributors. Intel is also a really big contributor on the hardware side. Those are the two biggest, Arm and Intel.

Beckwith: Arm does the IP. One of the things they also help with is enablement. Like, for example, I was talking about the vector unit, they don’t want SVE or SVE2 to fall behind. I was working at Arm too, so we used to make sure that we are visible in the OpenJDK community because we do want people to come and have a say, [inaudible 00:48:41]. Ampere and ThunderX2 systems, Marvell, there were lots of people that actually do have an endline product that’s based on Arm ISA and different versions.

Then they enable the stack from there onwards. There are multiple others. I’ve had, for example, for Linux on Arm, they are the number one contributor, probably very close to Arm as well, because [inaudible 00:49:13]. I was talking in my talk about the OpenJDK port Windows on Arm. Microsoft did that. Microsoft helped with the OpenJDK. Mac at one point as well. It’s a community effort. The reason that we helped with the M1 port was because we did the porting to Windows. It was easier for us to enable the hooks already. It was easier for us to enable it for M1 as well.

VanCura: Microsoft, definitely you’re a big contributor.

Beckwith: It seems surprising, but we are a part of the OpenJDK community, and that’s how it works. If you work on the OpenJDK, and you find a bug, somebody will jump on it. If you are the best person to fix it, or at least to provide more details on it, then you should continue doing that, because we welcome any help we get.

VanCura: Microsoft is also on the executive committee. You’re definitely called out in the chart as a big contributor to OpenJDK, so is Netflix. What you see is when you do start contributing, it just becomes easier to migrate. You become the leaders in the ecosystem. That’s that connection there. It’s interesting that people that I see at JVMLS are people who are speaking here and saying, “Yes, we migrated. It was so easy.”

Beckwith: That’s very true. We have to keep up in understanding what the problems are. Sometimes we see, there’s a solution already, so all we need to do is move over here. We’re the early adopters also, in our curve.

Participant 2: I have a question related to the JDK, and then seeking the suggestions, recommendations of JDK upgrade. We’re behind in upgrading. Say if we are in JDK 8 in production, what would be the next optimal version upgrade to, like JDK 11, JDK 17? What would be the most, like smoother path for us?

VanCura: I think in the unconference people were saying that they would recommend to migrate to 11 first, but I’ve talked to other people who say just go straight to 17 or straight to 21. I think that’s more common.

Participant 1: We went straight to 17, and now 21. Actually, the best thing is, because we do real-time streaming, the ZGC benefit was amazing. It is like 1 millisecond pause time. That was great.

Participant 2: It’s backward compatible?

Participant 1: No, we did make some changes and upgrade Spring into libraries. It took a little bit of work, but it was absolutely worth it.

Participant 2: There are other libraries, possibly?

Participant 1: It depends what stack you are.

Participant 2: They also are Spring Boot.

Participant 1: We had to upgrade Spring Boot and the dependencies in our application. That is where we began. It was pretty straightforward.

VanCura: I definitely have heard from more people to do it that way, which is migrate to the latest version. If you’re on 8, just go straight to the latest version.

See more presentations with transcripts

Article originally posted on InfoQ. Visit InfoQ

AWS recently announced support for conditional writing in Amazon S3, allowing users to check for the existence of an object before creating it. This feature helps prevent overwriting existing objects when uploading data, making it easier for applications to manage data.

Conditional writes simplify how distributed applications with multiple clients can update data in parallel across shared datasets. Each client can write objects conditionally, ensuring that it doesn’t overwrite any objects already written by another client. This means there’s no need to build client-side consensus mechanisms to coordinate updates or use additional API requests to check for the presence of an object before uploading data.

Instead, developers can offload such validations to S3, which improves performance and efficiency for large-scale analytics, distributed machine learning, and highly parallelized workloads. To use conditional writes, developers can add the HTTP if-none-match conditional header along with PutObject and CompleteMultipartUpload API requests.

A put-object using the AWS CLI to upload an object with a conditional write header using the if-none-match parameter could look like this:

aws s3api put-object --bucket amzn-s3-demo-bucket --key dir-1/my_images.tar.bz2 --body my_images.tar.bz2 --if-none-match "*"

On a Hacker News thread, someone asked if most current systems requiring a reliable managed service for distributed locking use DynamoDB. Are there any scenarios where S3 is preferable to DynamoDB for implementing such distributed locking? With another one answering:

Using only s3 would be more straightforward, with less setup, less code, and less expensive

The conditional write behavior is as follows, according to the company’s documentation:

• When performing conditional writes in Amazon S3, if no object with the same key name exists in the bucket, the write operation succeeds with a 200 response.
• If an existing object exists, the write operation fails with a 412 Precondition Failed response. When versioning is enabled, S3 checks for the presence of a current object version with the same name.
• If no current object version exists or the current version is a delete marker, the write operation succeeds.
• Multiple conditional writes for the same object name will result in the first write operation succeeding and subsequent writes failing with a 412 Precondition Failed response. Additionally, concurrent requests may result in a 409 Conflict response.
• If a delete request to an object succeeds before a conditional write operation completes, the delete request takes precedence. After receiving a 409 error with PutObject and CompleteMultipartUpload, a retry may be needed.

412 Precondition Failed response (Source: Conditional Requests Documentation)

Paul Meighan, a product manager at AWS, stated in a LinkedIn post:

This is a big simplifier for distributed applications that have the potential for many concurrent writers and, in general, a win for data integrity.

Followed by a comment from Gregor Hohpe:

Now, that’s what I call a distributed system “primitive”: conditional write.

Currently, the conditional writes feature in Amazon S3 is available at no additional charge in all AWS regions, including the AWS GovCloud (US) Regions and the AWS China regions. In addition, samples are available in a GitHub repository.

Article originally posted on InfoQ. Visit InfoQ

Transcript

Bannon: I’ve been navigating the city. It really got me thinking about something. It got me thinking about the fact that I could use my phone to get anywhere I needed to go. It got me to think about how ubiquitous it is that we can navigate easily anywhere we want to go. It’s built into our cars. I rode bicycle, and I have a computer on my road bike. We always know where I am. You can buy a little chip now and you can sew it into the back of your children’s sweatshirts, and things, and always know where they’re at. It’s really ubiquitous. It didn’t start out that way.

When I learned to drive, I learned to drive with a map. As a matter of fact, I was graded on how well I could refold the map, obviously a skill that I haven’t worried about since then. I was also driving during the digital transition when all of that amazing cartography information was digitized. Somebody realized, we can put a frontend on this, and we can ask people where they’re starting, where they’re going. Then we can give them step by step, a place to go. They still had to print it out. If you happened to be the first person who was in the passenger seat, you got to be the voice, “In 100 meters, take a left, the ramp onto the M4.”

It wasn’t long until we had special hardware. Now we had a Garmin, or we had a TomTom. It was mixing the cartography information. It was mixing the voice aspect, and was mixing that hardware together. It was fantastic. When my children started to drive, they started with a TomTom, but I made them learn to read a map, because if you can see what it says there, the signal was lost. Now, it’s everywhere. It is ubiquitous for us. In 2008, the iPhone was released, the iPhone 3G, and it had that sensor in it. Now everywhere that we went, we have the ability to tell where we are. We can track our packages. We can track when the car is coming to pick us up. We can track all sorts of different things. We’ve just begun to expect that. What does that have to do with AI, with software engineering? That’s because I believe that this is where we’re at right now. I think we’re at the digital transition when it comes specifically to generative AI and leveraging that to help us to build software.

My name is Tracy Bannon. I like word clouds. I am a software architect. I am a researcher now. That’s been something newer in my career over the last couple of years. I work for a company called the MITRE Corporation. We’re a federally funded research and development. The U.S. government realized that they needed help, they needed technologists that weren’t trying to sell anything. I get paid to talk straight.

AI in Software Engineering

Let’s go back in time everybody, 2023, where were you when you heard that 100 million people were using ChatGPT? I do remember that all of a sudden, my social feed, my emails, newsletters, everything said AI. Chronic FOMO. It’s almost as though you expect to go walking down the aisle in the grocery and see AI sticker slapped on the milk and on the biscuits and on the cereal, because obviously it’s everywhere, it’s everything. Please, don’t get swept up in the hype. I know here at QCon and with InfoQ, we prefer to talk about crossing the chasm. I’m going to use the Gartner Hype Cycle for a moment.

The words are beautiful. Are we at the technology trigger when it comes to AI in software engineering? Are we at the peak of inflated expectations, the trough of disillusionment? Have we started up the slope of enlightenment yet? Are we yet at the plateau of productivity? Where do you think we are? It’s one of the few times that I agree with Gartner. We are at the peak of inflated expectations. Granted, Gartner is often late to the game. By the time they realize it, oftentimes I believe that we’re further along the hype cycle. What’s interesting here is, 2 to 5 years to the plateau of productivity.

How many people would agree with that? Based on what I’m seeing, based on my experience, based on research, I believe that’s correct. What we do, as software architects, as software engineers is really complex. It’s not a straight line in any decision that we’re making. We use architectural tradeoff. I love the quote by Grady Booch. The entire history of software engineering is one of rising levels of abstraction. We’ve heard about that. We’ve heard about the discussions of needing to have orchestration platforms of many different layers, of many different libraries that are necessary to abstract and make AI, generative AI in specific, helpful.

Where Can AI Be Used with DevSecOps?

I have the luxury of working with about 200 of the leading data scientists and data engineers in the world. I sat down with a couple of them and said, “I’m going to QCon. This is the audience. How would you explain to me all of the different types of AI that exist, the ML universe beyond generative AI?” Did we draw frameworks? We had slide after slide. I came back too and said, let’s take this instead like Legos and dump them on the table. What’s important to take away from this slide, is that generative AI is simply one piece of a massive puzzle.

There are many different types of AI, many types of ML, many different types of algorithms that we can and should be using. Where do you think AI can be used within DevSecOps, within the software development lifecycle? The first time I published this was in October of last year, and there are at least a half a dozen additional areas that have been added to that during this time. What’s important is that generative AI is only one piece of the puzzle here. We’ve been using AI, we’ve been using ML for years. How do we get after digital twins, if we’re dealing with cyber-physical systems? We’re not simply generating new scripts and new codes. We’re leveraging deterministic algorithms for what we need to do. Remember that generative AI is non-deterministic. With it, though, it has groundbreaking potential, generative AI in specific, groundbreaking potential. It has limitations and it has challenges.

Treat generative AI like a young apprentice. I don’t mean somebody who’s coming out of college. I mean that 15-year-old, brings a lot of energy, and you’re excited to have them there. Occasionally they do something right, and it really makes you happy. Most of the time, you’re cocking your head to the side and saying, what were you thinking? We heard that with stories in the tracks especially around AI and ML. Pay very close attention.

I’m going to take you back for a moment, and just make sure that I say to you that this is not just my opinion. This is what the research is showing. There are service providers who have provided AI capabilities who are now making sure that they have all kinds of disclaimers, and they have all kinds of advice for you that they’re providing guidance that says, make sure you have humans in the loop. Do you think that generative AI contradicts DevSecOps principles? It does. When I think about traceability, if it’s being generated by a black box that I don’t know, that’s much more difficult.

How about auditability? That’s part of DevSecOps. How am I going to be able to audit something that I don’t understand where it came from, or the provenance for it? Reproducibility? Anybody ever hit the regenerate button? Does it come back with the same thing? Reproducibility. Explainability, do you understand what was just generated and handed to you? Whether it’s a test, whether it’s code, whether it’s script, whether it’s something else, do you understand? Then there’s security. We’re going to talk a lot about security.

There was a survey of over 500 developers, and of those 500 developers, 56% of them are leveraging AI. Of that 56%, all of them are finding security issues in the code completion or the code generation that they’re running into. There’s also this concept of reduced collaboration. Why? Why would there be reduced collaboration? If you’re spending your time talking to your GAI (Generative AI) friend, and not talking to the person beside you, you’re investing in that necessary prompting and chatting.

It has been shown so far, to reduce the collaboration. Where are people using it today for building software? We’ve spent a lot of time talking about how we can provide it as a capability to end users, but how are we using it to generate software, to build the capabilities we deliver into production? I don’t ignore the industry or the commercial surveys, because if you’re interviewing or serving hundreds of thousands of people, even tens of thousands of people, I’m not going to ignore that as a researcher. Yes, Stack Overflow friends.

Thirty-seven thousand developers answered the survey, and of that, 44% right now are attempting to use AI for their job. Twenty-five additional percent said they really want to. Perhaps that’s FOMO, perhaps not. What are they using it for, of that 44% that are leveraging it? Let me read you some statistics. Eighty-two percent are attempting to generate some kind of code. That’s a pretty high number. Forty-eight percent are debugging. Another 34%, documentation. This is my personal favorite, which is explaining the code base. Using it to look at language that already exists. Less than a quarter are using it for software testing.

AI-Assisted Requirements Analysis

This is a true story. This is my story from the January timeframe about how I was able to leverage with my team, AI, to assist us with requirements analysis. What we did was we met with our user base, and we got their permission. “I’m going to talk with you. I’m going to record it. We’re going to take those transcriptions, are you ok if I leverage a GPT tool to help us analyze it?” The answer was yes. We also crowd sourced via survey. It was freeform, by and large.

Very little was rationalized using like, or anything along that line. When we fed all of that in through a series of very specific prompts, we were able to uncover some sentiments that were not really as overt as we had thought. There were other things that people were looking for in their requirements. When it comes to requirements analysis, I believe it is strong use of the tool, because you’re feeding in your language and you’re extracting from that. It’s not generating on its own. Things to be concerned about. Make sure you put your prompt into your version control.

Don’t just put the prompt into version control, but keep track of what model or what service that you’re posting it against. Because as we’ve heard, as we know, those different prompts react differently with different models. Why would I talk about diverse datasets? The models themselves have been proven to have issues with bias. It’s already a leading practice for you to make sure that you’re talking to a diverse user group when you’re identifying and pulling those requirements out. Now you have that added need that you have to make sure that you are balancing the potentiality that the model has a bias in it. Make sure that your datasets, make sure that the interviews, make sure the people you talk to represent a diverse set. Of course, rigorous testing, humans in the loop.

AI-Assisted Testing Use Cases, and Testing Considerations

I personally like it for test cases. There was some research that was published in the January timeframe that made me take pause. It said that only 47% of organizations have automated their testing. In some of the places where I work where there’s cyber-physical systems, when I’m working with the military, I want it to be higher than that. That also means that 53% have manual testing going on. Let’s realize and let’s be ok with the fact that there’s manual testing going on, and let’s sit our QA professionals down in front of a chat engine.

Let’s make sure that they have their functional requirements, they have their manual test cases, they have their scenarios. That they have their user stories. That they have journey maps. Let them sit down and let them go through Chain-of-Thought prompting, and allow the GPT to be their muse because you will be surprised how well it can really help. Back to Stack Overflow, 55% said that they were interested in somehow using generative AI specifically for testing, yet only 3% trust it. It could be because it is non-deterministic. I bring that up because you can use generative AI to help you with synthetic test data generation. It’s not always going to give you anything that is as accurate as you would like. There are some got you’s we’ll come back to.

One of the got you’s is privacy. If you’re taking your data, elements of your data, aspects of your data and feeding it into anybody else’s subscription model, if you are not self-hosting, and owning it yourself, you could have a data privacy concern. You could also have issues with the integrity of that data. You have to be highly in tune with what’s happening with your information if you’re sending it out to a subscription service. Also, beware, we’ve talked about hallucinations. It happens when you generate tests as well, you can have irrelevant tests. I’ve seen it. I’ve experienced it. It happens. Back to transparency and explainability. The tests that come forward, the code that comes forward, sometimes it’s not as helpful as you’d like it to be.

AI-Assisted Coding

Let’s talk about the elephant in the corner. No technical conference would be complete without talking about code generation. When it comes to coding, there’s an interesting trend that’s happening right now. Major providers are pulling back from calling it code generation to calling it code completion. That should resonate with us. That should point out to us that something is afoot. If they’re pulling back from saying code generation to code completion, there’s a reason for that. It is amazing when it comes to explaining your existing code base.

Now you have to be ok with exposing your existing code base to whatever that language model is, whether it’s hosted or not. Generally, the code that you get out of this thing will be wonderfully structured. It will be well formatted, and occasionally it’ll work. There’s a study from Purdue University that has shown that when they prompt for software engineering questions, that about 52% of the time, the answers are wrong. That means we’re getting inaccurate code generated. We have to be cognizant of it. Remember, this is groundbreaking potential. This is amazing stuff, limitations and challenges. Just go in with eyes wide open. These tools can help to generate code. What it can’t do is it can’t build software, not yet. Look at the blue arrow, that’s what I want you to focus on. That’s one of three choices for any one piece of code.

In this instance, I’ve seen it go as high as six, and you’re simply asking for a module, a function, a small tidbit. The person that you see you there is suffering from what we call decision fatigue. Decision fatigue in the past has been studied with medical professionals, military, the judiciary, places where people have to make really important decisions constantly, they’re under high pressure, and their ability to make those decisions deteriorates. In what world should we be studying decision fatigue in software engineering? We shouldn’t be. In-IDE help can be fantastic when it comes to helping you with that blank page mentality that we get to. It can really help with that. I can tell you, day in and day out, it can cause some fatigue. Groundbreaking potential. Know the limitations, know the challenges.

AI-Assisted Coding Considerations

Some things to be concerned about, or at least to be aware of, considerations. You will see unequal productivity gains with the different individuals who are using it. Somebody new in career, new to the organization will have less individual productivity gains than somebody who’s more senior who can look at the code and can understand there’s a problem. I see it. I see the problem. Code churn, this is something that a company named GitClear has been studying on GitHub for years. From 2019 until 2023, the code churn value by industry was roughly the same.

What code churn is, is I take that code that I’ve written or I’ve helped writing, I check it in, I then check it out. I tinker with it: I check it in, I check it out. There’s a problem with it: I check it in, I check it out. Code churn. In 2024, we are on pace to double code churn. Is it caused by generation? Is there correlation? I don’t know. We are going to watch that, because that’s an interesting number to see rising. The code is less secure. I know people don’t want to believe that, it is. I’ll tell you a personal story first. Second week of March, I sat through an entire afternoon workshop. I was using GitHub Copilot, good tool. It has some real value. We’re using Java code base. I was able, even with what I thought was pretty articulate and elegant prompting, to have OWASP Top 10s right there.

I had my SQL injection right there in front of me, unless I very clearly articulated, don’t do this, be aware. That means that the code is less secure, by nature. There was a Stanford study that came out, and that Stanford report clearly demonstrated, it’s a security professional’s worst nightmare. We tend to think that it’s right. We tend to overlook it because it is well formatted. It’s almost as though it has authenticity. It’s speaking to us. It looks correct, so more issues are sneaking into the code. What’s that mean? We need rigorous testing. We need humans in the loop. As a matter of fact, now, we actually need more humans, not fewer humans. Don’t worry about losing your job. There’s a lot for us to do.

GAI Can Be Unreliable

Generative AI can be unreliable. Pay very close attention. You’ll notice that I’m emphasizing the person who has the oversight this time. There was a North Carolina State University study that came out that said that 58% of us when we are doing code reviews, are now doing what’s called copping out, means that we only look at the diffs. Why does that matter? I was talking to a team member of mine, his name is Carlton. He’s a technical lead, has a beautiful team. One of his Rockstar developers is named Stephen.

These are real people. I asked Carlton, how do you do code reviews for Stephen? He said, I pull it up. I’ve worked with Stephen for 5 years. I trust his capabilities. I know his competencies. I only look at the diffs. When you have someone new in your organization, new to your team, new to this domain, what do you do with their code changes? I open them up. I studied it. I make sure that they understand what they were doing. I back out into other pieces of the code. I really study it. If Stephen starts to use a code completion tool, or a code generation tool, and there’s pressure on him to get something done quickly, do you trust him with the same amount of trust that you had before? Carlton’s eyes got pretty big. I’m going to have to not cop out. If you’re doing something like pair programming, where you are not necessarily doing the code reviews in the same way, you’re going to run a rotate partners more quickly.

You may want to rotate in a domain expert at some point. Consider more frequent rotations. Also, think about bringing together individuals who can help you with more SAST, more static analysis with all of these. There was an announcement from GitLab, they’ve purchased a tool. They’ve purchased a corporation that provides SAST because they want to make sure that there’s more SAST scanning going on in the DevOps pipeline, going on in our ability to turn out this code because we have to pay closer attention.

If you’re generating code, don’t generate the tests. If you’re generating the tests, don’t generate the code. You need to have that independent verification. This is just smart stuff. There can be bias and there can be blind spots. There can also be this really interesting condition that I learned about called overfitting. It’s when a model is trained, and there’s some noise in the training data, and it causes it to be hyper-focused in one area. What can happen with your tests is that they can be hyper-focused in one area of your code base to the exclusion of other areas. Does that mean to not use generative AI tools? No. It means, be aware. Know the limitations. Prepare for it.

Is Your Organization Prepared to Use Generative AI?

Is your organization ready to use generative AI for software engineering? My question to you is, is your SDLC already in pretty good shape? If it is, you might want to amplify leveraging generative AI. If you have some existing problems, sprinkling some generative AI on top, is probably not a good idea. Let’s go back to the basics for just a moment. When I get parachuted into a new organization, into a new team, one of the first questions that I ask is, do you own your path to production? By asking that simple question, it gives me an entire waterfall of cascading other questions to ask.

If you can’t make a change and understand quickly how it’s going to get fielded, probably has some challenges. That’s when I usually tell teams that we need to step back and start to do the minimums. In 2021, during the height of the lockdowns, I attended the DevOps Enterprise Summit with a number of different friends. It was virtual. If any of you attended, there are lots of different tools where you could belly up to the virtual bar. I bellied up to the bar with a friend of mine, actually someone who introduced me to Chris Swan.

My friend Brian Finster, and I, and six or seven other people were arguing and frustrated with one another. Why is everybody telling us that they can’t use DevSecOps, that they can’t have a CI/CD pipeline? Why are there so many excuses? You know what we’ll do? We’re going to write down what those minimums are, and we did, minimumcd.org. It’s an open source listing, we simply are maintainers of documentation.

Providing people what the minimums are. What are the minimums? What do you need to do before you start sprinkling AI on top? Make sure you’re practicing continuous integration. That means, don’t leave the code on your desktop overnight. Tell the people on your team, don’t leave the code outside the repository, check it in. If it’s not done, that’s ok, put a flag around it. Put a feature flag around it so that if it does flow forward, it’s not going to cause a problem.

Once you check that code in, how does it get into production? The pipeline. The pipeline determines deployability. It determines releasability. How does that magical pipeline do that? Because we as humans sat down and decided what our thresholds were for deployability. Then we codified it into that pipeline. What else is involved? Once that code becomes an electronic asset, it’s immutable. Humans don’t touch it again. You don’t touch the environments. You don’t touch anything. Stop touching things. Let the pipeline take care of it. That’s a big piece of DevSecOps principles.

It matters. It helps. Whenever you’re doing any kind of testing, you want any of the other environments that you’re leveraging to be at what’s called parity, parity to production. A thing that you can do to get started is to take a look at the DORA metrics. Pick one, you don’t have to pick four. Don’t bite off more than you can chew. Deployment frequency is not a bad place to start. That QR code will take you to the research site. When you’re there, you can also find another tool. It’s a quick survey, I think it’s four or five questions that’ll help you decide which of those metrics to start to track.

Let’s talk about the got you’s as we’re going forward. If you’re adding generative AI into your workflow, your workflow is going to change. That means your measurements and your metrics are going to change. If you have people who are really paying attention and looking at your metrics and studying your measurements, let them know that things are going to waver and that you’re going to have to train some folks. Be aware that if your processes were in ok shape, people have what I call muscle memory, sometimes they’re resistant to change. Does that mean to not do it? No, just means some things to be aware of.

Let’s talk about productivity. This drives me frigging batty, because it’s perceived productivity that the surveys, that the current research, that the current advertisements are all talking about. You are going to have greater productivity. Personal productivity. It’s perceived at this point, by and large, that productivity is a perceived game. It means I’m excited, I got a new tool. This is really cool. This is going to be great. It doesn’t necessarily mean that I am dealing with higher-order issues, that I am putting features out at a faster pace with higher quality.

Doesn’t necessarily mean that at all. It means I perceive it. We have to give time for there to be equalizing of the perceived gain to real gain. That leads to a really much bigger thing, we measure team productivity, not individual productivity. It’s how well does a team put software into production? It’s not how fastest Tracy do it alone, it’s how fast do we do it as a team. If you’re measuring productivity, and you should think about it, I recommend using Dr. Nicole Forsgren’s framework. This came out around 2021, with a number of other researchers from Microsoft. What’s important is that you see all those human elements that are there.

Satisfaction, we actually need to understand if people feel satisfied with what they’re doing to understand their productivity. I met with Nicole, and we’re talking about adding in another dimension, kind of throws off the whole SPACE analogy there. We’re talking about adding in trust. Why does trust matter? If I’m using traditional AI and ML, and it’s deterministic, I can really understand and I can recreate algorithmically, repetitively, again and again, that same value.

Think about a heads-up display for a pilot. I want them to trust what the AI or the ML algorithm has given them. I do that by proving to them again and again that it will be identical, that is the altitude, that is a mountain, you should turn left. Generative AI is by its nature, non-deterministic. It lies to you. Should you trust it? As things change, as we start to use generative AI, we have to understand, are we going to be able to trust it? That’s going to give people angst. We’re already seeing some beginnings of that. We’re going to have to understand, how do we measure productivity going forward? I can’t tell you 100%, how that’s going to happen yet.

The importance of context. I love this library because this represents your code base. This represents your IP. This represents all the things that you need to be willing to give over access to a model. If you own the model, if it’s hosted in your organization, that’s a whole lot different than if you decided to use a subscription service. I’m not telling you to not use subscription services. What I’m telling you is to go in eyes wide open and make sure that your organization is ok with things crossing your boundary.

I deal a lot with InfoSec organizations, and we talk about the information flow. If all of a sudden, I say, I’m just going to take the code base to provide as much context as possible and shoot it out the door. You guys don’t mind, do you? They mind. What I want you to take away from this is, read the popups, read the end user licensing agreements, read them. When I saw this, for just a moment I went, how do I flush the cache? It happened to be that I was using some training information, actual workshop code. If it had been something of greater value, I would have taken pause. Read those things. Read the popups. Be aware. Public service announcement, keep the humans in the loop.

The Big Picture – Adding AI to the Enterprise

We’re going to talk about how we add AI to the enterprise. How do you add AI to your strategy, or how do you create an AI strategy? It doesn’t matter if you’re an organization that has two people. It doesn’t matter if you’re an organization with 200, or 2000, or 20,000 people. You may already have a data strategy, what matters is that you do a needs assessment. Don’t roll your eyes. What matters is that you get some people together, perhaps you just sit around the table with some Post-it notes, and you talk about what might be a valuable place to leverage this, make a decision.

It’s not everything at all times, not automatically scaling, which takes me to the second point, define a pilot. Make sure you have a limited focused pilot, so you can try these things out. What I’m telling you is that this has groundbreaking potential, and there are limitations and there are challenges. When you’re going through that pilot, it’s going to help you to understand the different types of skills that you’re going to need in your organization, or if you’re going to need to hire more people, or if you’re going to need to bring more people in. It also helps you get after this first couple of tranches of governance.

Hopefully, your governance is, “Don’t do it.” No, your governance needs to be relevant and relative to what you are attempting to do. Monitoring and feedback loops, always important. I want to point out the bottom bullet that’s here. It may seem a little strange to you. Why am I telling you that you have to have thought leadership as part of your AI strategy? I’m not talking about sending your people to get up on stage. I’m not talking about writing white papers.

What I’m telling you is to make sure that in your organization that you give dedicated time to more than one person to stay abreast and help your organization to stay on top of what’s happening. Because it’s a tidal wave right now. I somedays don’t even like to turn on my phone or read any of my feeds, because I know what it’s going to say, another automated picture generated from DALL·E. Too much. Choose when and where to start. How? Map it to a business need. Map it to a need. Make sure it’s relevant. If your need is that you need to get some experience, that’s fine. Make a decision. Write it down, architectural decision records. Then, make sure that you have some measurements against it.

Time to design your AI assisted software engineering tool chain. Why is it that suddenly we’ve forgotten about all of the software architecture principles, capabilities, and things that we’ve been doing for decades? Why have we suddenly forgotten about tradeoff analysis, about the -ilities? When you’re designing your tool chain, apply that same lens. Is it more relevant for you to take something that’s off the shelf, because you need time to market? What are my tradeoffs? It may be faster.

It’ll be less tailored to my exact domain need. It may be less secure. That may be a choice that we make. It could be that I have the time, energy, finances, abilities to do the tailoring myself. Maybe I instantiate a model internally. Maybe I have an external service, but I have a RAG internally. Lots of different variations, but make those choices. Let’s not forget about all the things that we’ve known about for all these years. Leading practices. I want to point out that we need to keep humans in the loop. Make sure that everything is in source code, the prompts, the model numbers and names that you’re using it against. Secure your vulnerabilities and don’t provide your private information into public models, into public engines.

This guy is on a tightrope. He’s walking between mountains. Take a look at that? He’s mitigated his risk, he has tethers. Is he doing something dangerous? Yes, but that’s ok because he’s mitigating that. I need you to think about 2023 as a year where we really didn’t have a lot of good regulation. It’s coming about. We’re seeing that regulation catch up. There are challenges with IP. It can be that a model was trained with public information, and so you actually don’t own the copyright to the things that you’re generating, because it tracks back from a lineage perspective as something somebody else owned.

Or worse, when you’ve sent it out the door, even if it hasn’t been used to directly train a model, let’s say that they are keeping on your behalf all of your conversation threads, and that they’re analyzing those conversation threads, and that they’re taking IP from that, you can lose ownership of your IP. In the U.S., we have copyright law. Our copyright law says that a human hand must have touched it. It means I have to be really careful when it comes to generated code. What questions should you be asking to your providers, or if you are the people who are providing that service to your enterprise? In the Appendix for this, there are two different sheets of different types of questions that I want you to take home and I want you to leverage.

I’ll give you one or two as a snippet. One, how are you ensuring that the model is not creating malicious vulnerabilities? What are the guardrails that you have in place if I’m using your model? Or if you’re providing that model, how are you ensuring that that’s not happening? If there’s an issue with the model, and the model needs to be changed, how are you going to notify me so that I can understand what the ramifications are to my value chain, to my value stream? Questions to ask.

Looking Ahead

Let’s look ahead. I’m not going to go into this slide in detail because it covers generative AI, it covers regular AI, it covers ML. What’s important to know is that red arrow, where are we? We’re at the peak of inflated expectations. We absolutely are. I completely believe that. I’m sure all of your social feeds tell you that as well. AIOps is on the rise. Other places, other types of AI and ML will continue to improve. We’re at the beginning of generative AI, but we’re well on the way with the others. What do you think it looks like over the next 12 to 24 months? Recently, I’ve had the opportunity to interview folks from Microsoft, from IT Revolution, from Yahoo, from the Software Engineering Institute, and even some of my colleagues within MITRE Corporation.

What we believe, what we’re seeing is going to happen, is happening now, is that we’re seeing more data silos. Because each one of those areas where a different AI tool is being leveraged is a conversation between me and that tool. You and I are not sharing session. We’re not having the same experience, especially with those generative AI tools. For right now, for now, for this moment, more data silos. Data silos means slower flow. Slower flow often means more quality issues. It’s going to get worse, before it gets better. It’s groundbreaking potential, that we need to know the limitations and the risks for. There’s going to be a continued increase for the need for platform engineering, because what are platforms for? Whether it’s low-code, no code, or the new kid on the block that we’re doing it for our custom developers, it’s making it hard for people to make mistakes. It’s codifying leading practices. This is going to continue to increase.

What about this guy? Any of you with adult children here are going to send them off to coding bootcamp? Jensen Huang would say, do not do that. The pessimists are saying that AI will replace the coder. The optimists are saying that those who are qualified as software engineers, and software developers will be in a great place. I want you to hear the nuances that are there. If you’re good at your craft, if you understand the principles, if you’re able to leverage those principles, if you’re able to teach others, you’ll be fine.

What about Devin? Have you heard about Devin, or have you followed OpenDevin that came out about 3 days after Devin was announced? It’s fun to watch it. You see a little video. There’s six videos on the site. It is saying that this is an AI software engineer. What they’ve done is a form of AI swarming, they have different agents that are plugged in, where one is triggering, one is reacting to it. There are different patterns. One is a coder critic pattern. Essentially those patterns. We’re going to see AI go from being a tool that we independently and individually use, to agents that are plugged into our SDLC. When they get plugged into our SDLC, we’re going to have to be cognizant of what that does to the humans in the mix. We’re going to give them very defined small roles. You may have somebody on your team that is a GenAI. Not a Gen X, not a Gen Z, a GenAI.

I want to take you back to 1939. What’s that have to do with software? It has to do with black and white. 1939 was when the Wizard of Oz was filmed. It started out as black and white. Dorothy’s house is picked up by a tornado, and it is cast over the rainbow, and it lands in Oz. Smashes the Wicked Witch, and she opens the door. As she opens the door, she looks out at things that she has never seen before, munchkins, flying monkeys, an emerald city, all in beautiful Technicolor. Do you know where we are? Same Technicolor my friends.

The future is amazing. What we’re going to do will be amazing. We’re going to need to optimize differently. Right now, our software practices are optimized for humans. I limit work in progress. Why? Because I’m a human. Agile, I take one user story at a time. Why? Because I’m human. We’re worried about cognitive overload. Why? Because we’re humans. It’s not negative. It’s just a fact that we finally learned to optimize for the humans. As we go from having AI agents to having more capable team members, or perhaps teams that are made up of many different generative AI agents, we’re going to have to figure out, how do we optimize? Who do we optimize for? Exciting stuff.

I’m going to take you from Technicolor back to where we are right now. I like to say, we cannot put the genie back in the bottle. Prompt engineering, we need to understand it as a discipline. We need to understand the ethics of prompts. Who owns the generated outcomes? Machine-human teaming. We need to understand all this. What about software team performance, trust and reliability? Why am I showing you a horse’s backside? Because a friend of mine named Lani Rosales, said, “Trac, you can actually trick the genie back into the bottle, but you can’t put the poo back in the horse.” I want you to take that with you. We cannot go back ever to where we were. We cannot go back to where we were. That’s ok. We can go into it eyes wide open, understanding the challenges and the limits that are there, and working together to figure these things out.

Call to Action – Your Next Steps

Your call to action. Go back and pulse your organization. Find out where the shadow Gen is being used, the shadow AI is being used. Bring it to the surface. Don’t shame people. Understand how they’re using it. Then enable them to do the kinds of research, or if they bring forward a need, that you help them with that need. Make sure you are looking at cybersecurity as your numero uno issue. Number one, establish your guardrails. Then, connect with your providers.

Use those questions or be ready to answer those questions if you are the provider of generative AI capabilities to your organization. That’s your call to action. I need something from all of you. You’re actually the missing piece of my puzzle. As a researcher, I want to understand, how are you using generative AI? How is your organization preparing? How are you personally focusing on getting ready for this? What are you doing? Share your organization’s lessons learned. Tell me about your stories. Tell me about the challenges that you have. Or tell me about the things that you want to learn about because you haven’t gotten there yet. This is in color. What matters in all of this is the humans. This is what matters.

See more presentations with transcripts

Article originally posted on InfoQ. Visit InfoQ

Apple published the details of their new Apple Foundation Models (AFM), a family of large language models (LLM) that power several features in their Apple Intelligence suite. AFM comes in two sizes: a 3B parameter on-device version and a larger cloud-based version.

The smaller model, AFM-on-device, was created by pruning a 6.4B parameter model; the larger model, known as AFM-server, was trained “from scratch,” but Apple did not disclose its size. Apple did release details of both models’ development: both are based on the Transformer decoder-only architecture, pre-trained on 6.3T tokens of data. The models use pluggable task-specific LoRA adapters that are chosen at runtime to tailor model performance for specific tasks, such as proofreading or replying to email. Apple evaluated both models on several benchmarks, including instruction-following and mathematical reasoning, and found that they “compared favorably,” and in some cases outperformed, similar-sized models such Llama 3 or GPT-4. According to Apple:

Our models have been created with the purpose of helping users do everyday activities across their Apple products, and developed responsibly at every stage and guided by Apple’s core values. We look forward to sharing more information soon on our broader family of generative models, including language, diffusion, and coding models.

InfoQ recently covered Apple’s announcement of Apple Intelligence at their WWDC 2024 event. InfoQ also covered Swift Assist, a code generation model integrated with XCode, which Apple describes as being part of the same family of generative AI models as AFM.

The adapter architecture allows AFM to be modified “on-the-fly” for specific tasks. The adapters are “small neural network modules” that plug into the self-attention and feed-forward layers of the base model. They are created by fine-tuning the base model with task-specific datasets. The adapter parameters are quantized to low bit-rates to save memory; the on-device adapters consume on the order of 10 MB, making them suitable for small embedded devices.

Apple took several steps to ensure AFM produced safe output. In addition to ensuring that no user data was included in their pre-training set, Apple applied filtering to remove harmful content, spam, and PII. In the fine-tuning stage, Apple treated “safety alignment as one of the many core post-training tasks” and more than 10% of the fine-tuning data was safety-related. They also performed manual and automated “red-teaming” to identify and test model vulnerabilities.

Apple evaluated AFM’s performance on a variety of benchmarks and compared the results to several baseline models, including GPT-4, Llama 3, and Phi-3. In tests where human judges ranked the outputs of two models side-by-side, AFM-on-device outperformed larger models Gemma-7B and Mistral-7B. AFM-server achieved “competitive” results, with a win-rate of 52% against GPT-3.5.

Ruoming Pang, the lead author of Apple’s technical report on AFM, posted on X that

While these LMs are not chatbots, we trained them to have general purpose capabilities so that they can power a wide range of features including summarization, writing assistance, tool-use, and coding.

Several other users posted their thoughts about AFM on X. Huggingface engineer Vaibhav Srivastav summarized the report, calling it “quite feature packed” and saying he “quite enjoyed skimming through it.” LiquidAI Staff ML Scientist Maxime Labonne estimated that AFM-server might have ~70B parameters, but lamented that the paper had “almost no details” on this model’s size.