×

Mini book: The InfoQ eMag – The Cloud Operating Model

MMS Founder
MMS InfoQ

Article originally posted on InfoQ. Visit InfoQ

Running web-scale workloads on the cloud successfully demands using well-tested operational practices, whether the environment is cloud-native, hybrid, or considered for a move. As with any large infrastructure footprint, organizations must balance the often competing demands of various factors such as security, compliance, recoverability, availability, performance (QoS), developer productivity, the rate of innovation, infrastructure efficiency, and spending.

If leveraged effectively, cloud computing capabilities offer considerable advantages over making compromises for most of the previously identified factors. Although running large workloads, on-premise versus a public cloud, have similar underlying fundamentals, the cloud poses unique challenges which must be addressed. The shift of operations to the cloud still requires the same people and processes as on-premise data centers. However, it now focuses on a higher level of operations. No longer has server uptime is the focus, as a shift of responsibility is towards protecting client and endpoint protection, identity and access management, data governance, and cloud spend.

In this eMag, you will be introduced to the Cloud Operating Model and learn how to avoid critical pitfalls. We’ve hand-picked four full-length articles to showcase that.

We hope you enjoy this edition of the InfoQ eMag. Please share your feedback via mailto:editors@infoq.com or on Twitter.

We would love to receive your feedback via editors@infoq.com or on Twitter about this eMag. I hope you have a great time reading it!

Free download

Subscribe for MMS Newsletter

By signing up, you will receive updates about our latest information.

  • This field is for validation purposes and should be left unchanged.


Podcast: Enabling a Collaborative and Welcoming Open Source Community

MMS Founder
MMS Eric Arellano Nick Grisafi Josh Cannon

Article originally posted on InfoQ. Visit InfoQ

Subscribe on:






Transcript

Shane Hastie: Good day, folks. This is Shane Hastie from the InfoQ Engineering Culture Podcast. Today I’m sitting down with Eric Arellano, Nick Grisafi and Josh Cannon, all three from the Pants Build or Pants Open Source community. Folks, welcome. Thanks for taking the time to talk to us today.

Introductions [00:24]

Eric Arellano: Absolutely. Thanks for having us, Shane. My name’s Eric Arellano. I use they/ them pronouns. I started working on the Pants build project about five years ago and have been active with a project ever since. I work on it for my day job as a software engineer, a startup called Toolchain. And I actually first got involved, I was in doing my summer internship project and ended up leading Pants Build’s Python 3 migration and fell in love with open source and the community. That was my first major time really working with open source and contributing back.

In between that, I was a middle school computer science teacher and teaching intro Python to 12 and 13 year olds and also I’ve been a volunteer crisis counselor for LGBTQ youth for two years now. So I think a lot about the human side of open source and communities and really like the focus of your podcast. I’m excited to be here today.

Shane Hastie: Nick, tell us about yourself.

Nick Grisafi: I’m Nick Grisafi. I’m a platform infrastructure engineer at Rippling. I use the Pants build system professionally and for fun. I was first introduced to Pants on a project when I first started at Rippling where we were trying to improve our testing strategies and also the tools that we wanted to introduce to the code base. We really needed a system that was flexible and allowed us to do something called incremental adoption. So we didn’t hit it all at once and Pants was the gateway into that.

One of my favorite experiences was within the first hour of using Pants. I was able to get it up from nothing to something, to show managers and people that this works. And to this day we continue to use Pants to empower developers to introduce tools and just to keep productivity as fast as possible. And yeah, I heard this podcast too is very tech oriented. So really happy to be here.

Shane Hastie:  And Josh.

Joshua Cannon: I’m Josh. Howdy. I’m a build engineer at IBM’s Watson Orders. So we’re an organization designed around fully automated drive through order taking, which is really fun. And so I’m really passionate about developer experience, which is why they hired me on as a build engineer. And specifically, I got tasked with taking a look at our Bazel, which is a mono build system, a cousin to Pants, if you will. But then it was holding us back and slowing us down. And so I was tasked with either finding a way to make that better or finding a different tool that would actually lift us up and propel us forward. And so that’s how I got introduced to Pants.

Lift by one thousand breezes [02:38]

Joshua Cannon: I’m a huge advocate of developer experience and lift by a thousand breezes and so that’s something I think Pants provides the engineers, which is why I fell in love with it. But also the community on GitHub and Slack really lifts you up as well. And so that kind of propelled me through opening my first issue to fixing my first issue, to making my first feature implementation all the way through to maintainer. So kind of gone through that life cycle through Pants and it’s been really rewarding.

Shane Hastie: Josh, can we delve into that lift by a thousand breezes a little bit more?

Joshua Cannon: So it’s kind of the opposite phrase of death by a thousand paper cuts. So the way I think about it is you can try to work hard and design and do things that would give a large strong gust and that’s hard to do. Instead, what you can focus on is giving a lift by a thousand breezes, which is basically small, incremental changes that are going to add up to that strong gust. Just as how a thousand paper cuts can cause a death just as quickly as a stab wound or as something is a stab wound, a lift by a thousand breezes can lift you up as strong as the strong gust. And so I’m a really big proponent of that.

Shane Hastie: Talking about the Pants build community, what makes it special?

A welcoming open source community [03:48]

Nick Grisafi: The people, I mean, if you’re coming into open source for the first time, it’s pretty daunting to come into a channel full of what you consider experts and then ask something that you think is really stupid. But then in Pants everybody makes you feel comfortable. They look for those questions and then next thing you know, they’re improving documentation or they even push you even further like, “Hey, can you contribute to our docs? Can you find where there’s shortcomings and we’ll fix it?” And it just kind of gets you going and you could give that feedback and then quickly see them fix something. It’s pretty rewarding. So I would say, yeah, the people really drive what Pants is.

Eric Arellano: You know, Nick, you mentioned stupid questions. So we have a lot of newcomers who will come and say, “Hey, sorry, this is probably a really stupid question. Here it is.” We always respond with that, it sounds like a teacher, that we really don’t believe in stupid questions, there’s only inadequate documentation and it means that Pants isn’t intuitive enough.

We think a lot about the idea of like when your teacher would say that if you have a question, probably 10 other people have that same confusion. We view our project that same way, that if you are getting stuck on something or something’s not intuitive, we’re extremely grateful that you went out of your way to tell us that and ask for clarity because we now can then figure out, is this a documentation bug or is this a UX bug that we need to redesign something so that the next person doesn’t get us confused by this.

Shane Hastie: This is not something that open source is known for. In fact, the reputation of a lot of open source communities is directly the opposite. How do you keep out the toxicity?

Joshua Cannon: I think we’re all popping because it’s a good question.

Pay it forward to keep toxicity out [05:26]

Nick Grisafi: Pants itself is just fun. I mean, you think about Pants, you see the logo, it starts fun and then you work your way through and you meet some great people. I have never seen anything bad happen in the Pants community, just interesting things that make me want dive deeper into the system.

Eric Arellano: I think something that helps a lot also is the idea of pay it forward, that people have helped you out along your Pants journey and therefore we find that a lot of times people who in the first week they come in, they’re only asking questions and within a week they’re often jumping in and answering questions for other people, which has been amazing for the growth of the community. We’ve grown really dramatically.

So we’re a 10 year old project but we relaunched with version two in 2020. Since then, I’ve seen really dramatic growth in the community size and it would not be sustainable if it was only the core set of maintainers who are trying to do all these things like helping out new users and writing documentation. I think that that pay it forward approach has really paid dividends for us. Lots of users are helping out every day, sharing their experience with things that we as maintainers might not actually have very much direct experience, and bringing in new ideas. That’s how I got hooked was that I was an intern, felt like I had no idea what I was doing with open source, with Python and opened an issue asking what it would look like to do a Python 3 migration. People were incredibly helpful to me throughout. And here I am now that I want to pay it forward to the next generation of Pants community members.

Joshua Cannon: I think it’s part of the culture of the Pants community too. Like me personally, I think I fall into that role that Eric was describing of people helped me and so I want to help others. It’s part of the culture that got fostered. And honestly, I can’t speak for others but I try to race the other maintainers to find an answer for people just to see if I can. And again, it’s that it is rewarding, right? It’s not just altruistic. It’s quite rewarding to see and foster others.

There are some users I’ve seen now in the Slack community that have grown throughout my time, short time as a maintainer, seeing them going from, like Eric said, asking questions to answering others.

Concrete actions to welcome particiPants [07:28]

Eric Arellano: I would add for listeners a couple concrete steps that we’ve taken to create this inclusive and welcoming community. One of the big changes we did was last year, introducing a welcome channel in our Slack where we invite people, never an obligation, an invitation to share what they’re working on and how they learned about Pants and always give them a warm welcome and let them know that we love questions here and we love feedback. That has been really exciting every day to look at. Often it’s three to five new organizations joining and really creates I think a sense of community.

Other concrete things we’ve done have been getting specific about how we recognize people’s contributions. At the beginning of the project until I think a year or two ago, we like many open source projects, primarily recognized maintainers and contributors through code contributions. And we actually used to call our maintainers committers, a term from programming. And we realized that for a healthy open source project you need so much more than code, even though that is an important foundation. So we changed the name to maintainer and started recognizing all types of contributions, including a lot of new future ideas that we’ve had from users that a future request is a way of contributing to community, pointing out again where you’re confused with docs is contributing.

So we renamed committer to maintainer and then we also added a level of recognition below maintainer of contributor that you have gone out of your way to do several meaningful things to the community and we want to recognize you formally in the community.

Nick Grisafi: One experience I want to share that I totally forgot about. I don’t know how I forgot this. I joined Pants community, like what is it, over a year ago, just about over a year ago now. And the first moment I joined the channel, I got reached out to by Benji and he sent me a private message welcomed me to the channel, offering to support me if I have any questions. Was curious about our use cases and things like that and I never had that happen to me before in any open source community. So it almost had that cool factor like, “Hey, this guy runs it and he cares about me. I’m a newbie. I just joined.”

Shane Hastie: A couple of very clear pieces of concrete advice there. What else can people involved in open source communities do to be more welcoming?

Advice for other open source communities [09:46]

Eric Arellano: Another thing that’s helped us lot is we consistently invite people to our Slack community, whether it’s in a blog post or podcast like this. We are constantly inviting people because we use GitHub for all of our project tracking and for our code and everything. There is a lot of activity on GitHub but it often tends to be more focused on a specific change that someone’s trying to do, whereas Slack is a lot more that people might be running into a problem with how they deploy things with Docker and they want advice from other community members.

So we’ve had a lot of success with Slack in particular and there’s a lot of other alternatives like Discord that other communities prefer. But concretely in every blog post we do, every time we do some type of outreach, we encourage people come join our community. This is where it’s happening.

Joshua Cannon: One thing you’d see from Pants that you normally don’t see from open source projects is that really the community owns it. So there is no company that owns the project itself. There’s a nonprofit organization that I will say runs it. And so because there’s no one person owning it, it really is that community. Everyone’s ideas can be heard. Everyone’s ideas get weighed equally and I think that’s very important to fostering that sense of contribution.

Nick Grisafi: And you see that all the way through the code level too. If you’re onboarding Pants and you’re writing your first Pants plugin and you need to have some good references, the code itself really serves that purpose. You could go in. I just wrote a plug in the other day to improve our dependency and inference. Eric pointed me right to the source code with an example and that’s something I could put into our production pipeline within a day, which is pretty awesome. And the concepts are a little bit over my head. So to learn something just based on code self-explanatory is pretty amazing.

Shane Hastie: Power of the outsider. That was something that we mentioned in the conversation before we started recording. So what do we mean by that?

The power of the outsider to overcome the curse of knowledge [11:45]

Eric Arellano: The term power of the outsider I think a lot about a related idea, which is the curse of knowledge. The curse of knowledge is a cognitive bias. It’s really hard to remember what it was like before you didn’t know something. So if you think about using your phone and like how to send a text message, it’s super obvious to you and it’s really hard to think about what it would be like for someone to get a phone who’s never used if we go back 200 years, for example. You can try, but realistically you have this curse of knowledge that makes it hard for you to empathize with people and it ends up resulting in open source projects, and general in projects looking like things like writing documentation that makes a ton of sense to you as a maintainer because you wrote the thing but is super obtuse and confusing to anyone who hasn’t used the system before.

So with the power of the outsider, we as maintainers and as contributors to the project, we think about this curse of knowledge. A lot, our goal is for Pants to be extremely ergonomic and intuitive for anyone to use intuitive, meaning you can figure it out on your own. You don’t need to read our docs. We try to assume that 80% of our users will never end up reading our docs and can they figure out how to use Pants even without that? So we need help because we have this curse of knowledge. We need help that we can try our best to empathize. But realistically we need that feedback from people who have never used a build system before or have never used Pants about what they found confusing and what improvements we can make to it.

Nick Grisafi: It brings me back to our last podcast where we discussed the topic about what was it called, the bus factor, and these people who retained the curse of knowledge. And let’s say one day they randomly get hit by a bus. Where does that put you, your organization and your company? If the knowledge cannot be shared and spread and distributed, then most likely it’s only tailored to one person and that could cause failure. So it’s important to share knowledge. Share knowledge and make sure that you’re putting yourself into the shoes of other people. When you’re not around, will they understand this and be able to maintain it? It’s really important.

Shane Hastie: What’s the role of corporations? You mentioned a non-profit organization owning and guiding it, but a lot of corporations get involved with open source initiatives. What’s the role for the commercial organization for the corporation today?

The role of corporations in open source [14:13]

Eric Arellano: I think there’s a lot of opportunities for corporations to help out open source projects. It needs to be done carefully. I mean, there’s a lot of risk with it that the corporation ends up dominating. But we’d like to think that Pants has been a healthy relationship that, for example, I mentioned working for a startup where 90% of my day job is working on the Pants build project. Josh is able to do some work on Pants as well with his job and a couple of the maintainers are, whereas others are more contributing on their own free time.

So about two years ago we identified as the Pants build nonprofit organization that the majority of maintainers were coming from one company, the startup that I worked for, Toolchain, and that that was a systemic risk for the health of the open source community. The Pants build project is again going to be successful, we need outside perspectives and it can’t be dominated by anyone voice because that one voice isn’t going to represent all the different teams that we’re trying to reach.

So we made it an intentional goal among the maintainer team that we are going to invest a lot in bringing up to speed new contributors and new maintainers and growing the diversity of our maintainer base and our contributor base. And through a lot of those steps that we talked about earlier like redefining what a maintainer means, creating that welcome channel. We’ve had a lot of success that now I think the majority of the maintainers are not represented by one single organization, I think.

Joshua Cannon: Talking from two different levels as well. I can say that the corporation or a corporation’s, I’ll say, allowance of users to contribute to open source, it kind of goes back to that lift by a thousand breezes. I couldn’t do my job effectively without all of the tools I use, many of which are open source and those tools wouldn’t exist if people weren’t able to contribute to them because we all have very limited free time. And so that they did so in a corporate manner. Some corporations even own and maintain those tools. So there’s kind of that aspect of the golden rule. Do unto others as they’ve done unto you. So that’s kind of the higher level.

The lower level too is the features that you can bring from your corporate perspective to put this more concretely. I’m about to give a proposal to Pants that I think will benefit a lot of people, but for us specifically rolling it out on our own repo, we saved ourselves, I mean myself, a month’s worth of dev time and my organization a year’s worth of dev time. And so having that perspective from my real world use case that I can then reapply back to the tool is really important as well.

Nick Grisafi: One of my favorite things is that you use as Pants page, if you go there, you’ll see a bunch of different companies, some really cool companies and it just makes you think like, wow, that’s scale, they use Pants? That’s pretty amazing. So if it works for their use case, a hundred percent, can it work for our use case too. And then you find out in your use case you have something that they didn’t even think of before. You just have some pattern that wasn’t thought of and then you go into the Slack community and you bring it up and you start a discussion there. I think that’s pretty awesome.

Shane Hastie: Joshua, if I can hone in. You’ve mentioned a couple of times the importance of developer experience. What are things that our organizations are doing to improve that developer experience today?

Improving the developer experience [17:28]

Joshua Cannon: Ooh, that’s an excellent question. So I think what corporations are doing is being more intentional about it. DevOps is quite an umbrella term. It’s thrown out a lot, but you’ll see job listings now for developer experience engineers, making it a dedicated role, having somebody who can own that experience. I’ve seen kind of an upbringing at the companies I’ve been at around building a culture of that experience, helping each other out, finding the tools that work and then sharing that.

It’s not enough for me to find what works for me and now I’m successful at my job, but spreading that around. And from the corporation’s perspective, making sure that’s part of the culture. So everyone knows that they can and should do that. Because really, oh man, I’m sounding like a broken record, but that in itself is a lift by a thousand breezes.

Shane Hastie: And for those organizations that aren’t doing that deliberately yet, when they start…

Eric Arellano: So yeah, that’s actually one of the core missions and reasons why Pants exist, is that we have this hypothesis that 90% of teams don’t have the resources or perhaps the experience yet to focus on their developer experience. And they might be using a lot of custom bash scripts that they wrote and they kind of work but it doesn’t work great. It’s kind of death by thousand cuts or the analogy of the boiling frog, that a frog, which apparently this isn’t actually true, but the analogy is that a frog will be in boiling water and you increase the temperature over time and the frog won’t realize until it’s too late that the water’s already boiling. And that’s our hypothesis that that’s how developer experience is for most teams that start small. You don’t have much code and then you incrementally add more and more scripts until you get to this point where no one really understands, it’s really confusing.

Eric Arellano: The same time we know most organizations don’t really have the resources for a dedicated team of developer experience. For example, when I was working at Twitter before my current job, I was on the developer experience team and we had a team of I think it was like eight or nine people who our sole job was to help developer experience for the other engineers. Most companies don’t have that resource and that’s not realistic to expect. So part of our mission with Pants is to empower those everyday organizations that you can get rid of the custom bash scripts and have this amazing build experience without having to have a whole dedicated team trying to reproduce the wheel because you can leverage what the open source community has already done and solved.

Nick Grisafi: Touch on that point. My favorite part about Pants was deleting all those bash scripts. That just simplified things like that. It’s all controlled through a single point now, Pants. And now they’re introducing Go. So we could actually do the same thing for our Go projects, Python projects. That’s all the same interface.

Joshua Cannon: To answer Shane your question too and know your audience. On reflection, I’d say that really being intentional about developer experience is a great place to start. All of your developers are having an experience. That’s a fact. Whether they’re having a good one or not is subject to debate. And so being intentional about it.

I think in any organization of a decent size, you’ll find those people much like myself who naturally tend to gravitate towards wanting to improve the developer experience and it’s not always altruistic. I know a lot of times I started doing it because I got so frustrated. I needed to improve it for myself for my own sanity. And so finding those people and really fostering that kind of culture and that passion from those engineers will go a long way.

Getting started improving developer experience [21:00]

Nick Grisafi: To touch on that. Where do you start? Most of the time you have to acknowledge the problem and that’s getting the people at the top of the company to acknowledge that problem, to give you those resources so you can go ahead and do it. And exactly what Josh said, like finding the individuals to evangelize this and understand the frustration but have an idea for a solution and to make that a reality.

And then just wanting to help people. You have people on your team that genuinely care about this. Put them in charge and let them help people. Make sure that there’s a feedback channel that anybody in the company feels comfortable coming in and could give feedback and get feedback as quickly as possible. That feedback loop is super important so you could collect the information. It’s not a distraction. It might throw you off guard sometimes like, “Oh, this guy literally can’t do something very fundamental.” But you have to not see it as a distraction but as a point for improvement. You have to go in there, understand how they even end up in this situation, put yourself in their shoes and improve it for good. Document it and try to never let it happen again. That’s the point.

Nick Grisafi: But if you don’t have the resources at your company and the people at the top are not focused on this, then it’s almost near impossible to get it started and done. Then it just has to be community driven and organically driven, and a lot of the time people don’t have generally just time for that.

Shane Hastie: Give people the time.

Nick Grisafi: Give people the time to make things better.

Shane Hastie: Some interesting thoughts and good ideas in their folks. If people want to continue the conversation, where do they find you?

Nick Grisafi: You can find me in the Pants’ Slack community. I mean, my name is NJ Grisafi in there. I have a profile picture of hiking in San Diego. Most likely you can see me in the general channel asking something really stupid or maybe something you didn’t know about. But yeah, that’s a good place to find me.

Joshua Cannon: I think if I may, you can find us all on Slack. And I’m going to go ahead and speak for Eric and Nick here. If you don’t feel comfortable enough asking your question in general or in welcome or any of the other channels, you’re welcome to ping us directly and we’re happy to guide you along.

Shane Hastie: And we’ll include the links to the Pants’ Slack channels in the show notes. So thank you so much.

Joshua Cannon: Thank you.

Nick Grisafi: Thank you.

Eric Arellano: Thank you.

Mentioned:

About the Authors

.
From this page you also have access to our recorded show notes. They all have clickable links that will take you directly to that part of the audio.

Subscribe for MMS Newsletter

By signing up, you will receive updates about our latest information.

  • This field is for validation purposes and should be left unchanged.


National Bank of Canada FI Raises Stock Holdings in MongoDB, Inc. (NASDAQ:MDB)

MMS Founder
MMS RSS

Posted on mongodb google news. Visit mongodb google news

National Bank of Canada FI increased its position in MongoDB, Inc. (NASDAQ:MDBGet Rating) by 633.1% during the 1st quarter, according to the company in its most recent Form 13F filing with the Securities & Exchange Commission. The firm owned 2,881 shares of the company’s stock after buying an additional 2,488 shares during the quarter. National Bank of Canada FI’s holdings in MongoDB were worth $1,188,000 as of its most recent filing with the Securities & Exchange Commission.

Several other hedge funds also recently made changes to their positions in the company. Confluence Wealth Services Inc. bought a new stake in MongoDB in the fourth quarter valued at $25,000. Bank of New Hampshire bought a new stake in MongoDB in the first quarter valued at $25,000. Covestor Ltd bought a new stake in shares of MongoDB during the 4th quarter valued at $43,000. Montag A & Associates Inc. boosted its holdings in shares of MongoDB by 200.0% during the 4th quarter. Montag A & Associates Inc. now owns 108 shares of the company’s stock valued at $57,000 after buying an additional 72 shares in the last quarter. Finally, Nauset Wealth Management. LLC bought a new stake in shares of MongoDB during the 1st quarter valued at $89,000. 88.70% of the stock is owned by hedge funds and other institutional investors.

Insider Activity

In related news, insider Thomas Bull sold 489 shares of the business’s stock in a transaction that occurred on Tuesday, July 5th. The stock was sold at an average price of $264.45, for a total transaction of $129,316.05. Following the completion of the transaction, the insider now directly owns 17,104 shares in the company, valued at approximately $4,523,152.80. The sale was disclosed in a filing with the SEC, which is available at this hyperlink. In related news, insider Thomas Bull sold 489 shares of the business’s stock in a transaction that occurred on Tuesday, July 5th. The stock was sold at an average price of $264.45, for a total transaction of $129,316.05. Following the completion of the transaction, the insider now directly owns 17,104 shares in the company, valued at approximately $4,523,152.80. The sale was disclosed in a filing with the SEC, which is available at this hyperlink. Also, Director Dwight A. Merriman sold 3,000 shares of the business’s stock in a transaction that occurred on Wednesday, June 1st. The shares were sold at an average price of $251.74, for a total value of $755,220.00. Following the transaction, the director now owns 544,896 shares of the company’s stock, valued at $137,172,119.04. The disclosure for this sale can be found here. Insiders sold 43,795 shares of company stock valued at $12,357,981 in the last quarter. 5.70% of the stock is currently owned by insiders.

MongoDB Price Performance

NASDAQ MDB opened at $356.84 on Monday. MongoDB, Inc. has a 52 week low of $213.39 and a 52 week high of $590.00. The firm has a market capitalization of $24.31 billion, a P/E ratio of -73.73 and a beta of 0.96. The company has a quick ratio of 4.16, a current ratio of 4.16 and a debt-to-equity ratio of 1.69. The company has a 50-day moving average price of $285.74 and a 200-day moving average price of $335.81.

MongoDB (NASDAQ:MDBGet Rating) last released its quarterly earnings results on Wednesday, June 1st. The company reported ($1.15) EPS for the quarter, beating the consensus estimate of ($1.34) by $0.19. MongoDB had a negative net margin of 32.75% and a negative return on equity of 45.56%. The firm had revenue of $285.45 million during the quarter, compared to analyst estimates of $267.10 million. During the same quarter in the prior year, the firm earned ($0.98) EPS. The business’s revenue for the quarter was up 57.1% compared to the same quarter last year. Equities research analysts anticipate that MongoDB, Inc. will post -5.08 earnings per share for the current year.

Analyst Ratings Changes

MDB has been the topic of a number of research reports. Needham & Company LLC boosted their target price on shares of MongoDB from $310.00 to $350.00 and gave the company a “buy” rating in a report on Friday, June 10th. Royal Bank of Canada boosted their target price on shares of MongoDB from $325.00 to $375.00 in a report on Thursday, June 9th. Morgan Stanley dropped their target price on shares of MongoDB from $378.00 to $368.00 and set an “overweight” rating on the stock in a report on Thursday, June 2nd. Canaccord Genuity Group dropped their target price on shares of MongoDB from $400.00 to $300.00 in a report on Thursday, June 2nd. Finally, Citigroup lifted their price target on MongoDB from $405.00 to $425.00 in a research report on Thursday, June 2nd. One analyst has rated the stock with a sell rating, one has given a hold rating and sixteen have issued a buy rating to the company. According to MarketBeat, MongoDB has a consensus rating of “Moderate Buy” and a consensus target price of $401.17.

MongoDB Profile

(Get Rating)

MongoDB, Inc provides general purpose database platform worldwide. The company offers MongoDB Enterprise Advanced, a commercial database server for enterprise customers to run in the cloud, on-premise, or in a hybrid environment; MongoDB Atlas, a hosted multi-cloud database-as-a-service solution; and Community Server, a free-to-download version of its database, which includes the functionality that developers need to get started with MongoDB.

Featured Articles

Institutional Ownership by Quarter for MongoDB (NASDAQ:MDB)



Receive News & Ratings for MongoDB Daily – Enter your email address below to receive a concise daily summary of the latest news and analysts’ ratings for MongoDB and related companies with MarketBeat.com’s FREE daily email newsletter.

Article originally posted on mongodb google news. Visit mongodb google news

Subscribe for MMS Newsletter

By signing up, you will receive updates about our latest information.

  • This field is for validation purposes and should be left unchanged.


MongoDB, Inc. (NASDAQ:MDB) Shares Acquired by National Bank of Canada FI

MMS Founder
MMS RSS

Posted on mongodb google news. Visit mongodb google news

National Bank of Canada FI grew its holdings in MongoDB, Inc. (NASDAQ:MDBGet Rating) by 633.1% in the 1st quarter, Holdings Channel.com reports. The fund owned 2,881 shares of the company’s stock after buying an additional 2,488 shares during the period. National Bank of Canada FI’s holdings in MongoDB were worth $1,188,000 as of its most recent SEC filing.

Other institutional investors have also added to or reduced their stakes in the company. Confluence Wealth Services Inc. purchased a new position in shares of MongoDB in the fourth quarter worth about $25,000. Bank of New Hampshire purchased a new position in shares of MongoDB in the first quarter worth about $25,000. Covestor Ltd purchased a new position in shares of MongoDB in the fourth quarter worth about $43,000. Montag A & Associates Inc. raised its stake in shares of MongoDB by 200.0% in the fourth quarter. Montag A & Associates Inc. now owns 108 shares of the company’s stock worth $57,000 after purchasing an additional 72 shares during the last quarter. Finally, Nauset Wealth Management. LLC purchased a new position in shares of MongoDB in the first quarter worth about $89,000. Institutional investors and hedge funds own 88.70% of the company’s stock.

Wall Street Analyst Weigh In

Several research analysts recently weighed in on the company. UBS Group lifted their price target on MongoDB from $315.00 to $345.00 and gave the company a “buy” rating in a research report on Wednesday, June 8th. Morgan Stanley reduced their price target on MongoDB from $378.00 to $368.00 and set an “overweight” rating for the company in a research report on Thursday, June 2nd. Redburn Partners assumed coverage on MongoDB in a research report on Wednesday, June 29th. They set a “sell” rating and a $190.00 price target for the company. Oppenheimer reduced their price target on MongoDB from $490.00 to $400.00 and set an “outperform” rating for the company in a research report on Thursday, June 2nd. Finally, Stifel Nicolaus reduced their price target on MongoDB from $425.00 to $340.00 in a research report on Thursday, June 2nd. One research analyst has rated the stock with a sell rating, one has issued a hold rating and sixteen have issued a buy rating to the company. According to MarketBeat.com, MongoDB presently has an average rating of “Moderate Buy” and a consensus target price of $401.17.

MongoDB Stock Performance

Shares of NASDAQ:MDB opened at $356.84 on Monday. The company has a debt-to-equity ratio of 1.69, a current ratio of 4.16 and a quick ratio of 4.16. The business’s 50 day moving average price is $285.74 and its 200-day moving average price is $335.81. The firm has a market capitalization of $24.31 billion, a PE ratio of -73.73 and a beta of 0.96. MongoDB, Inc. has a 1 year low of $213.39 and a 1 year high of $590.00.

MongoDB (NASDAQ:MDBGet Rating) last issued its quarterly earnings results on Wednesday, June 1st. The company reported ($1.15) earnings per share (EPS) for the quarter, topping analysts’ consensus estimates of ($1.34) by $0.19. The firm had revenue of $285.45 million for the quarter, compared to analyst estimates of $267.10 million. MongoDB had a negative return on equity of 45.56% and a negative net margin of 32.75%. The business’s revenue was up 57.1% on a year-over-year basis. During the same period in the previous year, the company posted ($0.98) earnings per share. As a group, equities research analysts expect that MongoDB, Inc. will post -5.08 earnings per share for the current fiscal year.

Insider Transactions at MongoDB

In other news, CRO Cedric Pech sold 350 shares of MongoDB stock in a transaction that occurred on Tuesday, July 5th. The stock was sold at an average price of $264.46, for a total value of $92,561.00. Following the sale, the executive now directly owns 45,785 shares of the company’s stock, valued at $12,108,301.10. The sale was disclosed in a filing with the Securities & Exchange Commission, which is accessible through this hyperlink. In other MongoDB news, insider Thomas Bull sold 489 shares of the business’s stock in a transaction on Tuesday, July 5th. The stock was sold at an average price of $264.45, for a total transaction of $129,316.05. Following the transaction, the insider now owns 17,104 shares of the company’s stock, valued at $4,523,152.80. The transaction was disclosed in a filing with the Securities & Exchange Commission, which is accessible through this link. Also, CRO Cedric Pech sold 350 shares of the business’s stock in a transaction on Tuesday, July 5th. The stock was sold at an average price of $264.46, for a total value of $92,561.00. Following the transaction, the executive now directly owns 45,785 shares in the company, valued at approximately $12,108,301.10. The disclosure for this sale can be found here. Insiders have sold 43,795 shares of company stock valued at $12,357,981 over the last ninety days. Insiders own 5.70% of the company’s stock.

MongoDB Profile

(Get Rating)

MongoDB, Inc provides general purpose database platform worldwide. The company offers MongoDB Enterprise Advanced, a commercial database server for enterprise customers to run in the cloud, on-premise, or in a hybrid environment; MongoDB Atlas, a hosted multi-cloud database-as-a-service solution; and Community Server, a free-to-download version of its database, which includes the functionality that developers need to get started with MongoDB.

Featured Articles

Want to see what other hedge funds are holding MDB? Visit HoldingsChannel.com to get the latest 13F filings and insider trades for MongoDB, Inc. (NASDAQ:MDBGet Rating).

Institutional Ownership by Quarter for MongoDB (NASDAQ:MDB)

Want More Great Investing Ideas?

Receive News & Ratings for MongoDB Daily – Enter your email address below to receive a concise daily summary of the latest news and analysts’ ratings for MongoDB and related companies with MarketBeat.com’s FREE daily email newsletter.

Article originally posted on mongodb google news. Visit mongodb google news

Subscribe for MMS Newsletter

By signing up, you will receive updates about our latest information.

  • This field is for validation purposes and should be left unchanged.


Write Directly from Cloud Pub/Sub to BigQuery with BigQuery Subscription

MMS Founder
MMS Steef-Jan Wiggers

Article originally posted on InfoQ. Visit InfoQ

Recently Google introduced a new type of Pub/Sub subscription called a “BigQuery subscription,” allowing to write directly from Cloud Pub/Sub to BigQuery. The company claims that this new extract, load, and transform (ELT) path will be able to simplify event-driven architectures.

BigQuery is a fully-managed, serverless data warehouse service in the Google Cloud intended for customers to manage and analyze large datasets (on the order of terabytes or petabytes). And Google Pub/Sub provides messaging between applications, which can be used for streaming analytics and data integration pipelines to ingest and distribute data. For data ingestion, customers had to write or run their own pipelines from Pub/Sub into BigQuery. They can do it directly with the new Pub/Sub subscription type. 

Customers can create a new BigQuery subscription linked to a Pub/Sub topic. For this subscription, they must choose an existing BigQuery table. Furthermore, the table schema must adhere to certain compatibility requirements i.e. compatibility between the schema of the Pub/Sub topic and the BigQuery table. In a blog post, Qiqi Wu, a product manager at Google, explains the benefit of the schemas:

By taking advantage of Pub/Sub topic schemas, you have the option of writing Pub/Sub messages to BigQuery tables with compatible schemas. If the schema is not enabled for your topic, messages will be written to BigQuery as bytes or strings. After the creation of the BigQuery subscription, messages will now be directly ingested into BigQuery.

 
Source: https://cloud.google.com/blog/products/data-analytics/pub-sub-launches-direct-path-to-bigquery-for-streaming-analytics

Richard Seroter, director of outbound product management at Google Cloud, wrote in a personal blog post on the BigQuery Subscription:

When I searched online, I saw various ways that people have stitched together their (cloud) messaging engines with their data warehouse. But from what I can tell, what we did here is the simplest, most-integrated way to pull that off.

However, Marcin Kutan, software engineer at Allegro Group, tweeted:

It could be a #pubsub feature of the year. But without topic schema evolution the adoption will be low. Now, I have to recreate the topic and subscription on every schema change.

Note that the company recommends using Dataflow for Pub/Sub messages where sophisticated preload transformations or data processing are required before letting data into BigQuery (such as masking PII).

Lastly, the ingestion from Pub/Sub’s BigQuery subscription into BigQuery costs $50/TiB based on read (subscribe throughput) from the subscription. More details on pricing are available on the Pub/Sub pricing page.

About the Author

Subscribe for MMS Newsletter

By signing up, you will receive updates about our latest information.

  • This field is for validation purposes and should be left unchanged.


MongoDB, Inc. (NASDAQ:MDB) Stake Raised by Victory Capital Management Inc.

MMS Founder
MMS RSS

Posted on mongodb google news. Visit mongodb google news

Victory Capital Management Inc. increased its holdings in MongoDB, Inc. (NASDAQ:MDBGet Rating) by 199.8% in the 1st quarter, according to the company in its most recent 13F filing with the Securities and Exchange Commission. The institutional investor owned 28,880 shares of the company’s stock after acquiring an additional 19,246 shares during the period. Victory Capital Management Inc.’s holdings in MongoDB were worth $10,250,000 at the end of the most recent reporting period.

Several other hedge funds have also recently bought and sold shares of the business. Envestnet Asset Management Inc. lifted its stake in MongoDB by 48.7% in the 1st quarter. Envestnet Asset Management Inc. now owns 15,258 shares of the company’s stock worth $6,768,000 after acquiring an additional 4,995 shares in the last quarter. Shell Asset Management Co. raised its stake in shares of MongoDB by 6.4% during the 1st quarter. Shell Asset Management Co. now owns 1,887 shares of the company’s stock worth $837,000 after purchasing an additional 113 shares in the last quarter. abrdn plc raised its stake in shares of MongoDB by 5.8% during the 1st quarter. abrdn plc now owns 6,704 shares of the company’s stock worth $3,009,000 after purchasing an additional 365 shares in the last quarter. Arizona State Retirement System raised its stake in shares of MongoDB by 4.7% during the 1st quarter. Arizona State Retirement System now owns 16,579 shares of the company’s stock worth $7,354,000 after purchasing an additional 750 shares in the last quarter. Finally, State of New Jersey Common Pension Fund D raised its stake in shares of MongoDB by 2.5% during the 1st quarter. State of New Jersey Common Pension Fund D now owns 35,363 shares of the company’s stock worth $15,687,000 after purchasing an additional 858 shares in the last quarter. 88.70% of the stock is owned by hedge funds and other institutional investors.

MongoDB Stock Up 4.7 %

Shares of NASDAQ:MDB opened at $356.84 on Monday. MongoDB, Inc. has a 12 month low of $213.39 and a 12 month high of $590.00. The company’s 50-day moving average price is $285.74 and its two-hundred day moving average price is $335.81. The company has a quick ratio of 4.16, a current ratio of 4.16 and a debt-to-equity ratio of 1.69. The firm has a market cap of $24.31 billion, a P/E ratio of -73.73 and a beta of 0.96.

MongoDB (NASDAQ:MDBGet Rating) last issued its quarterly earnings data on Wednesday, June 1st. The company reported ($1.15) EPS for the quarter, topping analysts’ consensus estimates of ($1.34) by $0.19. MongoDB had a negative net margin of 32.75% and a negative return on equity of 45.56%. The firm had revenue of $285.45 million for the quarter, compared to analyst estimates of $267.10 million. During the same quarter in the prior year, the firm earned ($0.98) EPS. The company’s revenue was up 57.1% on a year-over-year basis. As a group, research analysts forecast that MongoDB, Inc. will post -5.08 EPS for the current fiscal year.

Insider Activity

In other news, Director Dwight A. Merriman sold 3,000 shares of the firm’s stock in a transaction dated Wednesday, June 1st. The shares were sold at an average price of $251.74, for a total value of $755,220.00. Following the transaction, the director now owns 544,896 shares of the company’s stock, valued at approximately $137,172,119.04. The sale was disclosed in a legal filing with the Securities & Exchange Commission, which can be accessed through the SEC website. In related news, Director Dwight A. Merriman sold 3,000 shares of the company’s stock in a transaction on Wednesday, June 1st. The shares were sold at an average price of $251.74, for a total value of $755,220.00. Following the completion of the sale, the director now owns 544,896 shares in the company, valued at approximately $137,172,119.04. The transaction was disclosed in a filing with the SEC, which is available through this link. Also, CRO Cedric Pech sold 350 shares of the company’s stock in a transaction on Tuesday, July 5th. The shares were sold at an average price of $264.46, for a total transaction of $92,561.00. Following the completion of the sale, the executive now owns 45,785 shares of the company’s stock, valued at approximately $12,108,301.10. The disclosure for this sale can be found here. In the last quarter, insiders have sold 43,795 shares of company stock valued at $12,357,981. 5.70% of the stock is currently owned by insiders.

Analyst Ratings Changes

A number of equities research analysts have recently weighed in on the company. Robert W. Baird started coverage on MongoDB in a research note on Tuesday, July 12th. They set an “outperform” rating and a $360.00 price target for the company. Royal Bank of Canada boosted their price objective on shares of MongoDB from $325.00 to $375.00 in a research note on Thursday, June 9th. Piper Sandler reduced their price objective on shares of MongoDB from $430.00 to $375.00 and set an “overweight” rating for the company in a research note on Monday, July 18th. Canaccord Genuity Group reduced their price objective on shares of MongoDB from $400.00 to $300.00 in a research note on Thursday, June 2nd. Finally, Credit Suisse Group reduced their price objective on shares of MongoDB from $650.00 to $500.00 and set an “outperform” rating for the company in a research note on Thursday, June 2nd. One equities research analyst has rated the stock with a sell rating, one has given a hold rating and sixteen have issued a buy rating to the company. According to MarketBeat, MongoDB presently has an average rating of “Moderate Buy” and an average target price of $401.17.

MongoDB Company Profile

(Get Rating)

MongoDB, Inc provides general purpose database platform worldwide. The company offers MongoDB Enterprise Advanced, a commercial database server for enterprise customers to run in the cloud, on-premise, or in a hybrid environment; MongoDB Atlas, a hosted multi-cloud database-as-a-service solution; and Community Server, a free-to-download version of its database, which includes the functionality that developers need to get started with MongoDB.

Featured Articles

Institutional Ownership by Quarter for MongoDB (NASDAQ:MDB)



Receive News & Ratings for MongoDB Daily – Enter your email address below to receive a concise daily summary of the latest news and analysts’ ratings for MongoDB and related companies with MarketBeat.com’s FREE daily email newsletter.

Article originally posted on mongodb google news. Visit mongodb google news

Subscribe for MMS Newsletter

By signing up, you will receive updates about our latest information.

  • This field is for validation purposes and should be left unchanged.


NoSQL Databases Software Market To Witness Significant Incremental Opportunity During 2028

MMS Founder
MMS RSS

Posted on nosqlgooglealerts. Visit nosqlgooglealerts

Market Size And Forecast
The Global NoSQL Databases Software Market study provides a comprehensive examination of the market throughout the projection quantity. The study covers an expansion of sections likewise as associate analysis of the events and factors that area unit probably to play a serious role at intervals the long run. These elements, referred to as market dynamics, embrace the drivers, restrictions, options, and difficulties that type the image of those elements. The market’s intrinsic elements area unit the drivers and restraints, whereas the accidental elements area unit the alternatives and difficulties. Throughout the forecast quantity, the planet NoSQL Databases Software Market report provides associate insight on the market’s performance in terms of revenue.

This analysis provides associate comprehensive assessment of the planet NoSQL Databases Software market. The market estimations given at intervals the report area unit supported intensive secondary analysis, primary interviews, and in-house skilled evaluations. These market estimations were developed by examining the impact of assorted social, political, and cash factors, likewise as current market dynamics, on the planet NoSQL Databases Software market.

Get a Sample PDF Copy of Latest analysis on NoSQL Databases Software Market 2022 before purchase: https://www.marketresearchintellect.com/download-sample/?rid=252741

Along with the market outline, that has market dynamics, the chapter includes a Porter’s 5 Forces analysis, that explains the five forces at add the planet NoSQL Databases Software Market, furthermore as consumers’ dialogue power, suppliers’ dialogue power, risk of recent entrants, risk of substitutes, and competitors’ degree of competition. It describes the various participants at intervals the market system, like system integrators, intermediaries, and end-users. The report in addition look at the competitive landscape of the planet NoSQL Databases Software Market.

Some of the key players profiled within the study are:

  • MongoDB
  • Amazon
  • ArangoDB
  • Azure Cosmos DB
  • Couchbase
  • MarkLogic
  • RethinkDB
  • CouchDB
  • SQL-RD
  • OrientDB
  • RavenDB
  • Redis

Most important styles of NoSQL Databases Software lined during this report are:

  • Cloud Based
  • Web Based

Most important Application of NoSQL Databases Software market lined during this report are:

  • Large Enterprises
  • SMEs

Region enclosed are: North America, Europe, Asia Pacific, Oceania, South America, geographical region & continent

Country Level Break-Up: u. s., Canada, Mexico, Brazil, Argentina, Colombia, Chile, South Africa, Nigeria, Tunisia, Morocco, Germany, uk (UK), Holland, Spain, Italy, Belgium, Austria, Turkey, Russia, France, Poland, Israel, United Arab Emirates, Qatar, Kingdom of Saudi Arabia, China, Japan, Taiwan, South Korea, Singapore, India, Australia and New Sjaelland etc.

Impact of the NoSQL Databases Software Market report:

–Comprehensive assessment of all opportunities and risk within the NoSQL Databases Software Market.

–NoSQL Databases Software Market recent innovations and major events.

–Detailed study of business ways for growth of the NoSQL Databases Software Market market-leading players.

–Conclusive study concerning the expansion plot of NoSQL Databases Software marketplace for forthcoming years.

–In-depth understanding of NoSQL Databases Software Market market-particular drivers, constraints and major small markets.

–Favorable impression within important technological and market latest trends placing the NoSQL Databases Software Market.

Click here to avail profitable discounts on our latest report: https://www.marketresearchintellect.com/ask-for-discount/?rid=252741

Strategic Points lined in Table of Content of NoSQL Databases Software Market:

– Chapter 1: Introduction, market actuation product Objective of Study and analysis Scope the world NoSQL Databases Software market (2022-2028).

– Chapter 2: Exclusive outline – the fundamental info of the world NoSQL Databases Software Market.

– Chapter 3: ever-changing Impact on Market Dynamics- Drivers, Trends and Challenges & Opportunities of the world NoSQL Databases Software; Post COVID Analysis.

– Chapter 4: Presenting the world NoSQL Databases Software Market correlational analysis, Post COVID Impact Analysis, Porters 5 Forces, Supply/Value Chain, PESTEL analysis, Market Entropy, Patent/Trademark Analysis.

– Chapter 5: Displaying the by kind, user and Region/Country 2018-2022.

– Chapter 6: Evaluating the leading makers of the world NoSQL Databases Software Market that consists of its Competitive Landscape, generation Analysis, BCG Matrix & Company Profile.

– Chapter 7: to guage the market by segments, by countries and by Manufacturers/Company with revenue share and sales by key countries in these numerous regions (2022-2028).

… To be continued

Direct Purchase of NoSQL Databases Software Market Report, Click Here @https://www.marketresearchintellect.com/select-licence/?rid=252741

Top Trending Reports:

Global DDI in Cloud Services Market Size And Forecast

Global Fermented Wine Market Size And Forecast

Global Airport Information System Market Size And Forecast

Global Chinese Rice Wine Market Size And Forecast

Global Composite Materials In Renewable Energy Market Size And Forecast

Global Transistor Arrays Market Size And Forecast

Global Lotus Leaf Extract Market Size And Forecast

Global Potable Spirit Market Size And Forecast

Global Pharmaceutical Contract Manufacturing & Contract Market Size And Forecast

About Us: Market Research Intellect

Market Research Intellect provides syndicated and customized research reports to clients from various industries and organizations with the aim of delivering functional expertise. We provide reports for all industries including Energy, Technology, Manufacturing and Construction, Chemicals and Materials, Food and Beverage, and more. These reports deliver an in-depth study of the with industry analysis, the value for regions and countries, and trends that are pertinent to the industry. 

Contact Us:

Mr. Steven Fernandes

Market Research Intellect

New Jersey (USA)

Tel: +1-650-781-4080

Website: -https://www.marketresearchintellect.com/

Subscribe for MMS Newsletter

By signing up, you will receive updates about our latest information.

  • This field is for validation purposes and should be left unchanged.


Java News Roundup: Spring Cloud, Liberica NIK, Open Liberty, Micronaut, JHipster, Apache ShenYu

MMS Founder
MMS Michael Redlich

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for August 1st, 2022, features news from JDK 19, JDK 20, Spring point and milestone releases, Liberica NIK 22.2.0 and 21.3.3, Open Liberty 22.0.0.8 and 22.0.0.9-beta, Micronaut 3.6.0, WildFly 27 Alpha4, Hibernate ORM 6.1.2, Hibernate Validator 6.2.4, 7.0.5 and 8.0.0.CR2, Hibernate Search 6.1.6, JHipster 7.9.2, 7.9.1 and 7.9.0, JBang 0.96.4 and Apache ShenYu.

JDK 19

Build 34 of the JDK 19 early-access builds was made available this past week, featuring updates from Build 33 that include fixes to various issues. More details on this build may be found in the release notes.

JDK 20

Build 9 of the JDK 20 early-access builds was also made available this past week, featuring updates from Build 8 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 19 and JDK 20, developers are encouraged to report bugs via the Java Bug Database.

Spring Framework

On the road to Spring Cloud 2022.0.0, codenamed Kilburn, the fourth milestone release was made available this past week featuring updates to milestone 4 versions of Spring Cloud sub-projects such as Spring Cloud Stream, Spring Cloud Config, Spring Cloud Gateway and Spring Cloud Function. Spring Cloud 2022.0.0-M4 is compatible with Spring Boot 3.0.0-M4. More details on this release may be found in the release notes.

Spring for Apache Kafka 2.9.0 has been released featuring: a more robust non-blocking retry bootstrapping; and a new error handler mode. This version requires the kafka-clients 3.2.0 module. Further details on this release may be found in the what’s new section of the documentation.

Spring Tools 4.15.2 has been released featuring numerous fixes to the Eclipse IDE such as: improvements in the diagnostic output of Eclipse logs; a broken devtools integration with the boot dash in a Docker image; malfunctions in the pause/resume in a boot dash in a Docker image; and a “Not properly disposed SWT resource” message caused by the Spring Starter Project. More details on this release may be found in the release notes.

Liberica Native Image Kit

As part of a Critical Patch Update, BellSoft has released Liberica Native Image Kit (NIK) version 22.2.0 and an upgraded version 21.3.3. This release features enhanced support for AWS and Swing and provides security fixes for the following Common Vulnerabilities and Exposures (CVE):

  • CVE-2022-21540: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition (Component: Hotspot)
  • CVE-2022-21541: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition (Component: Hotspot)
  • CVE-2022-21549: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition (Component: Libraries)
  • CVE-2022-34169: The Apache Xalan Java XSLT Library is Vulnerable to an Integer Truncation Issue when Processing Malicious XSLT Stylesheets.

CVE-2022-21540 and CVE-2022-21541 affect JDK versions 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 and Oracle GraalVM Enterprise Editions 20.3.6, 21.3.2 and 22.1.0. CVE 2022-21549 affects JDK 17.0.3.1 and Oracle GraalVM Enterprise Editions 21.3.2 and 22.1.0.

Open Liberty

IBM has promoted Open Liberty 22.0.0.8 from its beta release to deliver: a fix for CVE-2022-22476, IBM WebSphere Application Server Liberty is Vulnerable to Identity Spoofing; a dependency upgrade to Apache CXF 3.4 in the jaxws-2.2 module; The stack trace separated from logged messages so that the log analysis tools can present them more clearly; and the ability for developers to enable time-based periodic rollover of all Open Liberty supported log files.

Open Liberty 22.0.0.9-beta has also been released featuring support for many of the Jakarta EE 10 specifications to include those specifications that reside in the new Jakarta EE Core Profile, namely Jakarta Contexts and Dependency Injection 4.0, Jakarta RESTful Web Services 3.1, Jakarta JSON Binding 3.0, Jakarta JSON Processing 2.1, Jakarta Annotations 2.1, Jakarta Interceptors 2.1. There is also support for the upcoming GA release of MicroProfile OpenAPI 3.1 (currently in RC2) and Password Utilities 1.1.

Micronaut

The Micronaut Foundation has released Micronaut 3.6.0 featuring: support for GraalVM 22.2, Hibernate Reactive and the OpenTelemetry specification; and a new Micronaut Test Resources project. Further details on this release may be found in the release notes.

WildFly

On the road to WildFly 27.0.0, the fourth alpha release has been made available. This release serves as a major milestone towards support for Jakarta EE 10 in WildFly that was only previously available in WildFly Preview. WildFly 27.0.0.Alpha4 supports JDK 11 and JDK 17. JDK 8 is no longer supported. Red Hat plans more alpha and beta releases over the next several weeks. More details on this release may be found in the release notes.

Hibernate

Hibernate ORM 6.1.2.Final has been released featuring bug fixes and the ability to use the @Any mapping and HQL function, type(), to access the type of a polymorphic association.

Versions 6.2.4.Final, 7.0.5.Final and 8.0.0.CR2 of Hibernate Validator have been made available as maintenance releases for the 6.2 and 7.0 release trains. Both of these versions improve testing of Java records and make sure the annotation processor is working correctly with records. The release candidate of version 8.0 will provide support for Jakarta EE 10.

Hibernate Search 6.1.6.Final has been released featuring dependency upgrades to Hibernate ORM 5.6.10.Final, Hibernate ORM 6.0.2.Final and Hibernate ORM 6.1.2.Final for the -orm6 artifacts. There were also upgrades to the latest version of Jakarta dependencies for -orm6/-jakarta artifacts.

JHipster

Versions 7.9.2 (with 7.9.1 included) and 7.9.0 of JHipster have been released featuring: dependency upgrades to Spring Boot 2.7.2, Angular 14 and React 18; support to generate custom generators using the generate-blueprint command-line argument; support for mixed use of microservice and microfrontend entities; and microfrontend support in the JHipster Domain Language (JDL). Further details on these releases may be found in the release notes for version 7.9.2 and version 7.9.0.

JBang

JBang 0.96.4 has been released featuring the removal of the --native flag that was broken and incomplete. Instead, developers should use the command, jbang export native. A deprecation warning will be issued if the old flag is used. More details on this release may be found in the release notes.

Apache Software Foundation

The Apache Software Foundation has announced that Apache ShenYu, a Java-native API gateway for service proxy, protocol conversion and API governance, has been promoted from incubation to a top-level project. InfoQ will follow up with a more detailed news story.

About the Author

Subscribe for MMS Newsletter

By signing up, you will receive updates about our latest information.

  • This field is for validation purposes and should be left unchanged.


GitHub Projects Now Generally Available

MMS Founder
MMS Sergio De Simone

Article originally posted on InfoQ. Visit InfoQ

Announced in beta at GitHub Universe 2021, GitHub Projects is now generally available, including new features for issue grouping and pivoting, metadata customization, charting, and improved automation.

GitHub Projects provides a tabular view of issues and pull requests defined in a repository to make it easier to plan and track development progress.Issues and PRs can be easily filtered, sorted, and grouped based on a set of standard fields as well as custom fields you create to adapt the tool to your process.

Often, we find ourselves creating a spreadsheet or pulling out a notepad just to have the space to think. But then our planning is disconnected from where development happens and quickly goes stale.

As mentioned, GitHub has been extending Projects in several ways since it launched in beta last year. Specifically, Projects enables defining custom metadata fields associated to issues , including text, number, date, iteration, and single select. Additionally, issues can be organized by date using flexible date ranges to better adjust to sprints, cycles, and roadmap duration.

Completely new is the possibility of creating and customizing charts, such as bar, column, line, and stacked-area charts, which can be persisted and shared using an URL.

In this GA release, GitHub Projects also attempts to address some of the criticism it received when the beta started, specifically the impossibility of automatically add issues to a project, by extending the integration between Projects and Actions.

On the automation front, it is also worth mentioning that GitHub Projects got a new GraphQL API, dubbed V2, which also includes support for Webhooks to subscribe to events taking place in your project, such as editing an item.

GitHub says they will continue to extend Projects capabilities by focusing on improving the day-to-day scenario and adding a number of new features, including handling dependencies and relationships between issues and projects; new triggers, conditionals, and action logic to improve scriptability and automation; a new timeline layout alongside the tabular view and the classic Kanban board; and an improved mobile experience.

About the Author

Subscribe for MMS Newsletter

By signing up, you will receive updates about our latest information.

  • This field is for validation purposes and should be left unchanged.


Presentation: Languages of Cloud Native

MMS Founder
MMS Justin Cormack

Article originally posted on InfoQ. Visit InfoQ

Transcript

Cormack: I’m Justin Cormack. I’m the CTO at Docker. Also, I’m a member of the technical oversight committee of the Cloud Native Computing Foundation. I also am really interested in programming languages and how they affect the way we work.

One of the things I’m talking about is, in the Cloud Native Computing Foundation, of the 42 graduated and incubating projects we have, 26 of them are written predominantly in Go. I want to explore how this happened and which new language is emerging in the cloud native space and how we got to this point where Go is so dominant. One of the things that was really important in this historically was Docker. When I started at Docker in 2015, Go was already an established language in the company.

Why Docker Adopted Go

I want to talk to Solomon Hykes, who founded Docker, about how they started off with Go, and how really early in the Go language evolution they adopted it, moving away from Python.

Hykes: We didn’t want to target the Java platform, or the Python platform, we wanted to target the Linux platform. That was one aspect. Another aspect, honestly, it was more of a personal gut feeling thing. We were Python and C developers trying to write distributed systems. A lot of what we ended up doing was writing them in Python, and then getting bitten by the typing issues of Python, so discovering problems a little bit too late at runtime when they could have been discovered earlier. Also, trying to recreate a lightweight threading system. It’s been a while, but at the time we were heavily using libraries and frameworks like gevent and Greenlets and things like that, Go had goroutines built in. That was the same thing, but better. It had the typing benefits of C. From our specific point of view of C and Python developers of distributed systems, it was just the perfect tool.

Cormack: Presumably you didn’t want to choose C for other reasons.

Hykes: No, exactly. Yes, C was not a consideration. Python was the default, because it’s what we used. Go was just better by every metric that we cared about. One factor being the fact that it compiles to a standalone binary. The other being that it was just the right programming model for us. The third, is that, because we specifically wanted to grow a large community of open source contributors, we wanted Docker to be not just a successful tool, but a successful open source project, the choice of language mattered for social reasons. For example, we wanted something that was familiar enough to enough people, that the language itself would not be a huge barrier to reading the source code and contributing to it. The nice thing about Go is it’s not radical in its syntax. If you’ve written C, you’ll be familiar with Go. If you’ve written Python, you’ll be familiar. It’s not Haskell. It’s not Lisp. It doesn’t break every possible convention compared to mainstream programming languages. That was explicitly considered a benefit, because that means it’s easier to contribute.

How Project Vitess Got Started In Go

Cormack: During this interview with Solomon. He called out that when he was looking around at the existing Go ecosystem at the time, it was, what’s now another CNCF project, Vitess, that was something that he saw that gave him confidence. Vitess was a project that was in YouTube at the time, as YouTube was growing really fast. I talked to Sugu, who was one of the founders of Vitess, about how he had got started in Go.

Sougoumarane: I can go through some of the thought process that we went through, about how we ended up choosing Go. It was not very scientific with Go. In 2010, when we were thinking of starting this project, the primary options were Python, Java, and C++. Those were the three languages that popped up for us. Python was because YouTube was written in Python. Then Python was already losing, because it’s not a systems programming language. We knew that we wanted to build an efficient proxy. Python has not the efficiency, it’s not a very efficient language. We had Java and C++. I wasn’t familiar with Java, and I think I was slightly bitter about it those days. I don’t know why, but probably based on some people I ran into. I wasn’t very excited about Java. Mike wasn’t excited about C++ because he didn’t feel like he could write something good with it.

There were a couple of reasons why we chose Go. The funny one is, it was just a passing comment, but it is still a funny comment, which is, if we use Go and if our project fails, we can blame it on that. I don’t think that’s the reason why we chose it. That was definitely one statement that was made in the conversation. Really, the reason why we chose Go is because of Rob, Russ, Ian, and Robert Griesemer. Because it was such a brand new language, we had to check out the authors, and we actually basically studied those people. We realized that their values, their thinking, their philosophy is very mature, and similar to the way we approached problems, which means that they were not too theoretical or too hacky. They had a very good pragmatic balance about how to solve problems. It was around the time where within Google there was a case where engineers were going through this phase where they had this fascination to complexity. Where anything complex is awesome, type of thing. This was one group of people that were contrarian to that. They were saying, you can be simple. I said, “I like that. I like the way you think.”

What happened at that time was, I gave Dmitry Vyukov a reproduction as to why we are stuck. The challenge I gave him was, we have eight CPUs. That’s all we have. The Go runtime today is only able to use six. If you optimize the runtime to use the other two CPUs, we will be true. That’s the challenge I gave him. He went away for, I think, two months, and came up with this work-stealing design and a prototype implementation. We tried it, it indeed start the eight CPUs. That pulled us out of trouble. He saved our project. If that had not happened, we might have moved away from Go. It was not because of Go’s design. It was just that we were getting pressured because YouTube was about to fall apart. We needed to find a solution. That solution basically restored our faith in Go. After that, we never had any struggle.

Cormack: Both Solomon and Sugu were looking for the right language for their new project, a systems language for cloud native. Both of them really also felt that community was important. We can say that for Sugu, it’s the community of the creators of Go, and the people working on making the language better. For Solomon, it was the community that he wanted to create around Docker to make the language accessible to this community.

Why Go Became a Dominant Systems and Cloud Native Language

Around this time, late 2012, Derek Collison who created the NATS project, tweeted that within two years, Go would become the dominant systems language and the language for cloud native. At the time, people were very skeptical, of course, but it actually worked out that way. In that period, Docker and Kubernetes were both released, and there was a huge explosion of usage. I talked to him about how he came to that conclusion back then.

Collison: The original NATS was written in Ruby, like Cloud Foundry was. I actually from a development perspective, and just liking working in a language once the system is set up, Ruby is still awesome to me. Deploying production systems with the Ruby VM and all the dependencies, and we had dependencies on event machine to do async stuff more efficiently and stuff, wasn’t going to work. In 2012, when we had started Apcera, we were internally huddling around, yes, NATS will be the control plane addressing discovery and telemetry system for the Apcera platform as well, called Continuum. I didn’t want to run in Ruby anymore, and we were looking at either Go, which was the newcomer. I think it was at 0.52 at the time, or Node.js, which was also a newcomer, but not as new at least from a lexicon perspective as Go. There was definitely some initial things that we chose.

Then, after being in the Go ecosystem for so long, there were some interesting observations now about why it was the right choice that weren’t necessarily the original decision makers. The original decision makers were trying to alleviate the pain that we had deploying production systems with the Ruby ecosystem. Node, even though it had npm, or the beginnings of it, at the time, it was still a virtual machine, had a package management system that had to be spun up and all wrapped around it. Go had the ability to present Quasi-Static Executables. We do full blown static executables, you had to do a little extra work. That was a huge thing, meaning our deployment could be an SCP, essentially. Goroutines and the concurrency model were interesting to us, for sure.

The other big defining factor for me, because I spent a long time at TIBCO designing a system to do this was, in TIBCO, we wrote everything in low level C. Which is still probably one of my favorite languages, even though it has a lot of challenges there, of being that close to the metal was fun. I’ve learned Rust. I’m going to learn Zig this holiday as my pet project. I probably would never program in C again, but I still liked it. At the time, it was very interesting to me within what we were trying to do, to flow from 80% to 90% use cases that would live on the stack, to transparently move themselves to the heap. That’s very hard to do in C. I spent a lot of time and effort to get that to work in C, and Go had that for free. Almost nobody cared about that. They’re like, what are you even talking about? I said, I spent so long trying to do that in C and Go has it. At 0.52, Go’s garbage collector was really primitive, very primitive mark and sweep. To me, I was like, it doesn’t matter, because I can architect to have most of the things on the stack. If they blow past the stack, they auto-promote in Go, I don’t have to do unnatural acts like we had to in the C code base at TIBCO. It was static executables, and stacks were real, were the decision points.

The concurrency was a nice to have. Again, looking back now at the ecosystem, go-funk was bigger impact than people thought, huge. Everyone does the same thing now. The tooling, Go Vet, pprof, the way the testing all was in there. The number one thing for me is that if I go away from the code base, maybe it’s because I’m old. If I come back, I immediately know what I was doing. Or even if it’s let’s say code that you wrote, I could figure out pretty quickly what your intent was with Go as a simple language versus Haskell, or Caml, or even sometimes if people went into Meta land with Ruby, and essentially we’re programming DSLs. You went back to a code after a couple months and I’m looking at it and it would take me an hour or so to figure out what I was even trying to really do. That also lends itself to bringing new people in to get up to speed very quickly with a language. I still think that’s huge.

The Adoption of Rust

Cormack: We talked a lot about how Go got started in the cloud native ecosystem. Recently, we’ve been seeing a bunch of projects in Rust as well and we’ve seen other languages. I talked to Matt Butcher about how he adopted Rust. He had started off as a Go programmer, he built Helm among other things. Recently, he started using Rust for new projects.

Butcher: Ryan Levick, who is one of Rust’s core maintainers, but he also works at Microsoft when we were starting to look into this, and he just dropped into our Slack and was like, “I heard you’re writing a Rust program Clippy style.” Basically, anybody who wanted to learn Rust, Ryan was more than happy to walk them through the basics, then point them at some resources, and then answer those first few questions about how to do the borrow checking correctly. Very rapidly, I think six or eight of us got going in the Rust ecosystem. The default started to shift. We wanted to write Krustlet in Rust, because of the way we wanted to build a Kubernetes controller. We hadn’t intended to start writing other things in Rust, it just happened out of that, that new projects started to default to being written in Rust instead of Go.

Why Krustlet Was Written in Rust

Cormack: What was it about Krustlet that made you want to write it in Rust then?

Butcher: The main one was we wanted a WebAssembly runtime, and the best WebAssembly runtimes are either written in C or C++ for the JavaScript ecosystem, or are written in Rust. The one we wanted to use was Wasmtime, which is the reference implementation of the WASI specification. That was written in Rust. We looked at, we could compile this to a library and then link it with Go. Then, once everybody else started working on Rust, and going, “I like the generics. There’s a Kubernetes library, the kube.rs crate is pretty good.” Before long, everybody wanted to write it in Rust. Ron had to write all of Krustlet in Rust. Where it started, really, because of the necessity of wanting the WebAssembly runtime, it ended with us choosing it because it felt like the right language for what we were building. Then the surprising conclusion from that was we started writing other projects in Rust because it felt like the right fit for the things we were starting to do moving forward from there.

WebAssembly and Zig

Cormack: Derek had quite similar thoughts about lighter weight languages for lighter weight processing, particularly on the edge. We talked about WebAssembly as well, and also Zig.

Collison: Most of the new ecosystems have taken a similar approach. The standard library can’t just be scalable. Even Zig, which is one of the newer lower level languages has spent quite a bit of time on their standard library, fleshing it all out.

Cormack: Even C++ has decided it needs HTTP and TLS, but it’s going to take another decade to get there.

Collison: I don’t know how long my career will keep going for, but I can say with confidence, I will never program in C or C++ again. I’m ok with that. I think there’s better alternatives now, for sure. I also think with the other prediction around edge computing, at least my opinion that it’s going to dwarf cloud computing. Cloud computing will become the mainframe very quickly. We know they exist, but who cares? Nobody ever really interacts with them, they just live in the background type stuff. Efficiency, so not necessarily performance, but efficiency. How much energy and resources are you using to do the same amount of work, is going to come back into play. I think enterprise with .NET and Java will still remain and still be driven especially within the data center or the cloud world. I think you’re going to see C, Rust, Zig, and then of course, very high speed Wasm or JavaScript engines as the looser, maybe some MicroPython, CircuitPython type stuff. TinyGo is becoming really interesting, in my opinion.

Q Programming Language

Cormack: Solomon is still a big believer and a user of Go, but it was another language that we talked about where he would like to see changes.

Hykes: I still write Go. I’m not the typical programming language early adopter. I tend to use the same tools for a long time. We were probably a strong influence in the adoption of Go, and also in the adoption of YAML in the cloud landscape, and so there’s one I feel better than in the other. YAML I think is just a source of problems. It’s not that it’s bad. It’s just that it’s used for things that it wasn’t meant to be used for. It’s just being overused. That’s the sign that there’s something missing. This new project that we’re working on, Dagger, it’s written in Go, but it’s configurable and customizable to the extreme. YAML or JSON just didn’t support the features that we wanted to express. We found this language called Q. Initially, we used HCL in our first prototype. Terraform and other HashiCorp tools use HCL. I think it’s an in-house project. It spun out as a library, so you can use it in your own tool. It has limitations, pretty severe limitations. You can tell it started its life tied to a specific tool, and not as a standalone language meant from the beginning to be used by multiple tools. Q on the other hand started out as a language. It’s Arthur [inaudible 00:21:33], is a language experts. Exactly like Go solves a specific problem, it felt like it was written perfectly for us. Q felt the same way as a replacement to YAML. I’m a huge believer in Q’s future. I think it will, or at least it should replace YAML in many cloud native configuration scenarios.

Lessons Learned from the Adoption of Languages in Cloud Native

Cormack: What have we learned about the adoption of languages in cloud native in particular? The first thing that’s clearly important, very important is community. This is the community around you as you start to think about using a new language, and the things they’ve built and the way they’re building them. Second is the community that you want to bring to your projects, and how you want them to be able to adopt the language and tools you’re building. The second one is fit for a problem domain. For cloud native, there were some requirements that a lot of people mentioned around things like static binaries that were useful to be able to distribute their code easily or let people run as easily in production that were important. Always, you knew this fit between the problem you’re working on. Moving into a new domain is actually a great opportunity to examine the fit for the tools that you’re using, the languages you’re using now and decide whether that’s a good point to make a change.

Performance was also important for the cloud native use case. It was interesting that it came up a little bit. The language performance actually grew in line with the requirements. The conversation with Sugu about YouTube, it was really interesting that Go managed to keep growing and meeting those requirements as the requirements became more difficult, and they never got to the point where they had to give up. It’s important to remember that languages can change and evolve with your users, and they grow, and the ecosystem around them grows as you start using them. Those things are really important.

Then, finally, everyone’s journey into learning new languages was different. People often thought about things, experimented maybe years before they actually adopted a language. Also, there’s a whole journey towards internalizing how to work in a new language and how to use the opportunities it presents best. That process of learning new languages is incredibly important to people. It’s really important that we all continue to learn new programming languages, experiment and see new ways we could do things, so that when we get an opportunity, like when we’re moving into a new area or experimenting with a new idea, we can think about what programming language would work best for this, and what kind of community do I want to build?

Questions and Answers

Schuster: It seems that ahead-of-time compilation, or having static binaries is one of the big selling points for languages like Go or Rust. Even Java nowadays has ahead-of-time compilation. Is that going to be essential for all future languages that come along?

Cormack: Yes, it’s interesting why it matters, and then what for? I think the comment was around serverless. Serverless, really, startup time is incredibly important, and it becomes one of the constraints because you’re there and you’ve got to do things, and you get people who work around it by trying to snapshot things after startup. Interestingly enough, Emacs even used to do that, as an editor. Emacs used to snapshot itself after startup because the startup was too slow. It does depend on what that period is, and how to work around it. Emacs no longer does, because computers were fast enough, it wasn’t an issue. It does depend exactly what those constraints are. Ahead of time has those big advantages. The user experience is worse. In theory, with the JavaScript model, you can start running the code slowly with an interpreter, and maybe it doesn’t need to be fast, and you only compile it if it’s really going to be used. Static compilation is just not worth it for those kinds of applications where most applications are so small. Even like an interpreter is fine. I think there are compromises, but I think we’re seeing a lot of spaces where ahead of time is working better.

We’ve gone back to that, because it’s how languages originally were from the ’70s. It was Java that moved away from that, but JavaScript followed there. There was a huge investment in these JIT technologies. Then we are seeing a little bit of a swing back to ahead of time. There is always the theory that JIT and profiles based on actual execution can be faster. In general, that’s mostly been true for dynamically typed languages where you can work out what the types are. I think the ahead of time thing has gone with a revival in static typing and the shift back to let’s fix these bugs at compile time, because it’s annoying to fix them at runtime as well. I think that combination of static typing and ahead of time, definitely we’ve swung back that way again, for some of those reasons.

Schuster: It’s also important for serverless, especially because there you don’t want to pay essentially for the compiler to do some work if you can do it ahead of time.

Cormack: As serverless has had billing with smaller intervals, that becomes more important, and as we want to do really lightweight things in serverless. Small code size also becomes important for those things. It’s very much the case with WebAssembly, where, again, Rust has become a popular language to compile to WebAssembly, because it compiles to a small static binary without a runtime. I remember talking to Cloudflare about the hoops they were having to go through with Go in WebAssembly, because compiling the language runtime to WebAssembly was a few megabytes of overhead. Again, they were really space constrained by how quickly they could load code into a machine. A megabyte of code is much quicker than 100 megabytes of code just to load up and how much concurrency you can get, and those types of issues as well. Those kind of constraints are related as well. I think that’s what a lot of the discussion about edge use cases, and Derek’s conversation about TinyGo, and MicroPython, and things like that, where they’re really designed for really small runtimes. That gives you advantages if you want to run them for very short periods of time, or a lot of things at once, and those kinds of things. Memory consumption is one of the big constraints for how many customers can you run at once, is take your memory consumption divide it by the size of the application. That basically gives you the amount of the things you can multiplex onto a CPU at one time. As serverless and those things started to get into those constraints, those types of constraints start to matter a lot too.

Schuster: We just heard a talk about how Shopify is using WebAssembly to allow people to extend their platform, and that also quite nice kick in by Rust for it and it can pack a lot of code into a small space, because it’s naturally isolated. It doesn’t need containers, and stuff on virtual machines to isolate the code from others. It’s also an interesting trend in what WebAssembly allows here.

Cormack: I think isolation is a technology that has always been important. It just has different shapes over time and different kinds of sizes. We started with virtual machines and containers were smaller and more convenient. We’re now looking at things like, can I isolate parts of a single application? Because I don’t trust them, or I don’t want to audit the code in them. Google has a rule that every untrusted bit of code has to have two isolation layers between that and their code, for example. Those two isolation layers could be different things in different cases, but one isolation layer could be broken, but two is much more difficult. Yes, if you’re on Shopify and you’re embedding customer code in your code, then that’s something you have to isolate, and you want isolation layers with that. Those might be the Wasm runtime and some Linux kernel process isolation. For example, you run the runtime in a separate process, or they might have a couple of other ways of doing it. The more we make our applications out of sets of code with different trust levels, the more we need isolation at lots of different scales. Everything from VMs for cloud tenants, down to containers for, “I’m running six applications at once, and I don’t want them to interfere with each other,” to, “I’m running a library that the customer provided and I have noticed it,” or, “I’m running a library that I got from npm and I don’t trust it.” Can I run that in isolation as well?

Schuster: There was some interesting work with capability based isolation inside of JavaScript Engines.

Cormack: Kate Sills did a talk a while back at QCon that was really good.

Schuster: What happened to that? It had one of those ungoogleable names that’s hard to keep up with it. It was supposed to come in one of the ECMAScripts. Something to check up on, I think.

I have not heard of this, but it occurs to me that a cloud provider could provide a JVM Platform as a Service in a serverless manner.

Cormack: I think there were some back in the day. The JVM was like the first language runtime that was designed for secure isolation. The security isolation wasn’t actually very good, in the end. It was broken a lot of times after it was initially released mainly through security issues in the standard library and so on. It was an experiment in isolation. You can see Wasm as being a more secure version of the JVM. There have been a lot of lessons learned in the last 20 years, or is it even longer, since JVM. A lot of lessons learned on how to build secure isolation for language runtimes. Wasm really is the state of the art that came out of the browser as the most attacked piece of software we ever built. There was a lot of work, particularly from the Google team around Chrome and those kinds of layers of isolation there that taught us how to do that better. I think back in the day, people did have that idea. The JVM runtime wasn’t quite designed for that, and wasn’t quite secure enough. It’s very much in the same line of forms of isolation that we’ve worked on over the years.

Schuster: The advantage that Wasm has is that it just doesn’t stuff as many features into the standard runtime, because with Java, you can import data file formats and stuff like that.

Cormack: The type system is reflected inside, which turned out to be quite complicated. Whereas Wasm has very simple linear arrays, and again, the language has to compile down the type system it wants on top of that, so it’s even simpler. WebAssembly is almost recognizably an assembly language apart from has better looping constructs, but it feels more like a machine level thing than a language level thing. That, again, makes it easier because it’s simpler.

Schuster: I found it was quite fun trying to write code in it with the text format, which is a Lispy type of thing. It’s much easier than assembly.

Cormack: Yes. It is fun. It’s not perhaps designed for that. When I was younger, I wrote PostScript, which was like that too. It was Forth based and it felt amazing to be able to program a printer.

Schuster: Did you hack the printer? Any stack overflows in there, any recursion overflows?

Cormack: Yes. You got them all the time.

See more presentations with transcripts

Subscribe for MMS Newsletter

By signing up, you will receive updates about our latest information.

  • This field is for validation purposes and should be left unchanged.