TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
Terraform or Bust?
Has your organization used or evaluated a Terraform alternative since new restrictions were placed on its licensing?
We have used Terraform, but are now piloting or using an open source alternative like OpenTofu.
0%
We never used Terraform, but have recently piloted or used alternatives.
0%
We don't use Terraform and don't plan to use or evaluate alternatives.
0%
We use Terraform and are satisfied with the results
0%
We are waiting to see what IBM will do with Terraform.
0%
 
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
How Giant Swarm Is Helping to Support the Future of Flux
Apr 22nd 2024 7:59am, by Heather Joslyn
What’s Next for Companies Built on Open Source?
Apr 18th 2024 7:13am, by Heather Joslyn
Your Engineering Organization Is Too Expensive
Apr 17th 2024 11:19am, by Luca Galante
Tetrate Enterprise Gateway for Envoy Graduates
Apr 10th 2024 9:00am, by Steven J. Vaughan-Nichols
The Open Source Market’s in Flux. How Can IT Managers Cope?
Apr 8th 2024 10:57am, by Joe Fay
Kubernetes Gets Back to Scaling with Virtual Clusters
Apr 25th 2024 7:01am, by Alex Williams
What Does WebAssembly Mean for the Server and GenAI?
Apr 23rd 2024 10:03am, by Ryan Wallner
How to Use Low-CVE Chainguard Container Images on Docker Hub
Apr 19th 2024 8:04am, by B. Cameron Gain
Kubernetes vs. YARN for Resource Management: How to Choose
Apr 10th 2024 8:16am, by Jacob Simkovich
Use Podman to Create and Work with Virtual Machines
Apr 6th 2024 6:00am, by Jack Wallen
Ambient AI? Humane's 'Ai Pin' Embarks on a Dream's Long Road
Apr 21st 2024 6:00am, by David Cassel
Chipmakers Putting a Laser Focus on Edge AI
Apr 12th 2024 10:06am, by Jeffrey Burt
The Future of AI: Hybrid Edge Deployments Are Indispensable
Mar 22nd 2024 10:00am, by Luis Ceze
How RapidAI Uses Edge, Kubernetes and AI to Boost Stroke Care
Mar 15th 2024 10:30am, by Charles Humble
Trusted Boot: What to Know About Securing Devices at the Edge
Mar 14th 2024 7:15am, by Ettore di Giacinto
API Design Is Pretty Bad — Here's How to Fix It
Apr 3rd 2024 6:01am, by Lebin Cheng
Will Spotify Open Source its Microservices Framework?
Apr 2nd 2024 7:45am, by Loraine Lawson
Enhancing Business Security and Compliance with Service Mesh
Apr 1st 2024 10:00am, by Ninad Desai
10 Ways Kubernetes Observability Boosts Productivity, Cuts Costs
Mar 27th 2024 6:08am, by Eric Schabell
Evolve Manual and Templated Dockerfiles with Automation
Mar 26th 2024 10:33am, by Rak Siva
Cilium's Past Points to Its Future 
May 3rd 2024 5:00am, by B. Cameron Gain
Guider Daemon Automates Linux Performance Monitoring
Apr 19th 2024 11:16am, by Joab Jackson
Enhancing Kubernetes Network Security with Microsegmentation
Apr 11th 2024 6:23am, by Dhiraj Sehgal
Tetrate Enterprise Gateway for Envoy Graduates
Apr 10th 2024 9:00am, by Steven J. Vaughan-Nichols
Zero Trust for Legacy Apps: Load Balancer Layer Can Be a Solution
Apr 10th 2024 7:22am, by Prabhat Dixit
How to Conquer Cold Starts for Better Performance
Apr 25th 2024 9:17am, by Henry Hamid Safi
Meet DBOS: A Database Alternative to Kubernetes 
Mar 12th 2024 4:00am, by Joab Jackson
Pulumi Templates for GenAI Stacks: Pinecone, LangChain First
Feb 21st 2024 9:00am, by Joab Jackson
CNCF CloudEvents: A Li'l Message Envelope That Travels Far
Jan 31st 2024 4:00am, by Joab Jackson
Bringing the AWS Serverless Strategy to Azure
Jan 19th 2024 6:00am, by Rak Siva
Valkey: A Redis Fork With a Future
May 2nd 2024 7:50am, by Alex Williams
How to Get Peak Performance without a Vast Amount of Memory
Apr 9th 2024 10:17am, by Behrad Babaee
From Postgres to ScyllaDB NoSQL, with a 349x Speed Boost 
Apr 1st 2024 11:27am, by Cynthia Dunlop
The Architect’s Guide: A Modern Data Lake Reference Architecture
Mar 26th 2024 9:17am, by Keith Pijanowski
Cloud Data Migration or Cloud Data Tiering?
Mar 25th 2024 10:00am, by Kumar Goswami
AI Large Language Models Frontend Development Software Development API Management Python JavaScript TypeScript WebAssembly Cloud Services Data Security
How Mobile App Quality Can Be Improved With AI
May 2nd 2024 10:05am, by
5 Lessons From LinkedIn’s First Foray Into GenAI Development
May 2nd 2024 3:00am, by
RecurrentGemma: An Open Language Model For Smaller Devices
May 1st 2024 12:30pm, by
API Trends: Platform Engineering, the Unbundling and AI’s Role
May 1st 2024 10:58am, by
3 Reasons Data Engineers Are the Unsung Heroes of GenAI
May 1st 2024 10:00am, by
5 Lessons From LinkedIn’s First Foray Into GenAI Development
May 2nd 2024 3:00am, by
RecurrentGemma: An Open Language Model For Smaller Devices
May 1st 2024 12:30pm, by
Improving LLM Output by Combining RAG and Fine-Tuning
Apr 30th 2024 10:50am, by and
How To Control Access in LLM Data Plus Distributed Authorization
Apr 30th 2024 9:49am, by
WebAssembly, Large Language Models, and Kubernetes Matter
Apr 30th 2024 7:51am, by
Automatically Generate Types for Your PostgreSQL Database
May 1st 2024 7:00am, by
Ryan Dahl: From Node.js and Deno to the ‘Modern’ JSR Registry
May 1st 2024 6:00am, by
Node.js 22 Release Improves Developer Experience
Apr 30th 2024 11:10am, by
How to Stop Duplicate Orders in Web Applications
Apr 29th 2024 10:23am, by
Coding Test for Llama 3: Implementing JSON Persistence
Apr 27th 2024 5:00am, by
How Mobile App Quality Can Be Improved With AI
May 2nd 2024 10:05am, by
Flaw in R Creates Supply Chain Security Risks
May 2nd 2024 7:06am, by
Golang: How To Use the Go Install Command
May 1st 2024 5:00pm, by
Spring Forward: Broadcom's App Advisor Eases Spring Upgrades
May 1st 2024 9:36am, by
Ryan Dahl: From Node.js and Deno to the ‘Modern’ JSR Registry
May 1st 2024 6:00am, by
5 Lessons From LinkedIn’s First Foray Into GenAI Development
May 2nd 2024 3:00am, by
API Trends: Platform Engineering, the Unbundling and AI’s Role
May 1st 2024 10:58am, by
How to Stop Duplicate Orders in Web Applications
Apr 29th 2024 10:23am, by
GraphQL Growth Explodes but so Do Problems Federated Graphs Solve
Apr 26th 2024 9:16am, by
Application Delivery Controllers: A Key to App Modernization
Apr 25th 2024 8:26am, by
What Are Loop Controls in Python and How Do You Use Them?
Apr 26th 2024 4:00am, by
Apache NiFi 2.0.0: Building Python Processors
Apr 25th 2024 1:14pm, by
How to Use Low-CVE Chainguard Container Images on Docker Hub
Apr 19th 2024 8:04am, by
What Are Python 'Sets' and How Do You Use Them?
Apr 17th 2024 6:17am, by
Python Tutorial: Use TensorFlow to Generate Predictive Text
Apr 16th 2024 11:00am, by
Node.js 22 Release Improves Developer Experience
Apr 30th 2024 11:10am, by
Dev News: React 19 Beta and Redwood Tests React Server Components
Apr 27th 2024 4:00am, by
Cancel Asynchronous React App Requests with AbortController
Apr 24th 2024 8:58am, by
How to Simplify Global State Management in React Using Jotai
Apr 24th 2024 7:29am, by
Dev News: Vercel Preps for React 19; New jQuery, pnpm Releases
Apr 20th 2024 4:00am, by
Dev News: React 19 Beta and Redwood Tests React Server Components
Apr 27th 2024 4:00am, by
Dev News: Deno Supports Open Source Repository JSR and an Offline AI
Mar 30th 2024 4:00am, by
Advanced OOP in TypeScript: Interfaces and Abstract Classes
Mar 22nd 2024 10:30am, by
How to Get Advantages of TypeScript in JavaScript
Oct 27th 2023 10:51am, by
Dev News: Udemy's New Docker Program, Plus TypeScript Beta
Oct 7th 2023 5:01am, by
WebAssembly Adoption: It's Complicated, Says CNCF Survey
May 1st 2024 8:28am, by
Node.js 22 Release Improves Developer Experience
Apr 30th 2024 11:10am, by
WebAssembly, Large Language Models, and Kubernetes Matter
Apr 30th 2024 7:51am, by
What Does WebAssembly Mean for the Server and GenAI?
Apr 23rd 2024 10:03am, by
New Wasm Project Brings Web Components to Backend Languages
Apr 18th 2024 9:36am, by
How to Conquer Cold Starts for Better Performance
Apr 25th 2024 9:17am, by
IBM Purchases HashiCorp for Multicloud IT Automation
Apr 24th 2024 3:23pm, by
Why Observability Was Key to Citigroup’s Cloud Native Transition
Apr 19th 2024 10:29am, by
Answers to the 5 Most Common Cloud Cost-Optimization Questions
Apr 17th 2024 7:38am, by
Key Infrastructure Takeaways from Google Cloud Next 2024
Apr 16th 2024 12:00pm, by
Valkey: A Redis Fork With a Future
May 2nd 2024 7:50am, by
3 Reasons Data Engineers Are the Unsung Heroes of GenAI
May 1st 2024 10:00am, by
Automatically Generate Types for Your PostgreSQL Database
May 1st 2024 7:00am, by
Apache Flink Gets Some Observability With Datorios
Apr 30th 2024 1:03pm, by
How To Control Access in LLM Data Plus Distributed Authorization
Apr 30th 2024 9:49am, by
Rethinking Identity and Access for Cloud Native
May 2nd 2024 8:42am, by
Flaw in R Creates Supply Chain Security Risks
May 2nd 2024 7:06am, by
API Trends: Platform Engineering, the Unbundling and AI’s Role
May 1st 2024 10:58am, by
Ryan Dahl: From Node.js and Deno to the ‘Modern’ JSR Registry
May 1st 2024 6:00am, by
How To Control Access in LLM Data Plus Distributed Authorization
Apr 30th 2024 9:49am, by
Platform Engineering Operations CI/CD Tech Careers Tech Culture DevOps Kubernetes Observability Service Mesh
API Trends: Platform Engineering, the Unbundling and AI’s Role
May 1st 2024 10:58am, by Lori Marshall
This Is Why Infra Teams Should Care About Platform Engineering
May 1st 2024 6:30am, by Luca Galante
New Spotify Portal for Backstage Eases Platform Engineering
Apr 30th 2024 11:21am, by Jennifer Riggins
Platform Engineering: What Does 'Good' Look Like?
Apr 30th 2024 6:23am, by Dormain Drewitz
DevEx Success: How Pfizer Scaled to 1,000 Engineers
Apr 29th 2024 6:17am, by Jennifer Riggins
Rethinking Identity and Access for Cloud Native
May 2nd 2024 8:42am, by Matt Moore
Golang: How To Use the Go Install Command
May 1st 2024 5:00pm, by Jack Wallen
This Is Why Infra Teams Should Care About Platform Engineering
May 1st 2024 6:30am, by Luca Galante
Egress Gateway: Assign Stable IPs To Traffic Leaving K8s Clusters
Apr 30th 2024 9:02am, by Dhiraj Sehgal
Platform Engineering: What Does 'Good' Look Like?
Apr 30th 2024 6:23am, by Dormain Drewitz
CI/CD Observability: A Rich New Opportunity for OpenTelemetry
Apr 30th 2024 10:00am, by Giordano Ricci and Dimitris Sotirakis
The Lazy Developer’s Guide to Creating AI Chatbots
Apr 26th 2024 11:21am, by April Cho
Preventing Scope Creep: Guide for Managing Outsourced Teams
Apr 25th 2024 7:57am, by Liz Ryan
Creating an EKS Cluster with No Manual Coding
Apr 19th 2024 8:53am, by Edan Evantal
How an AI Chatbot Can Boost Developer Productivity
Apr 19th 2024 6:27am, by Asmitha Rathis
Dealing With Chaos: A Guide for Leaders Feeling Overwhelmed at Work
May 2nd 2024 10:00am, by Lena Reinhard
3 Reasons Data Engineers Are the Unsung Heroes of GenAI
May 1st 2024 10:00am, by Barr Moses
How to Land a New Dev or IT Job: Advice from HR Professionals
Apr 29th 2024 7:44am, by Jeff James
DevEx Success: How Pfizer Scaled to 1,000 Engineers
Apr 29th 2024 6:17am, by Jennifer Riggins
Preparing for Crunch Times: Tips for Fast-Scaling Companies
Apr 26th 2024 10:00am, by Jack Tam
7 Tips for Fostering Stronger Communication in Outsourced Projects
May 2nd 2024 7:24am, by Liz Ryan
‘Opinionated’? You Should Contribute to The New Stack
Apr 30th 2024 1:19pm, by Heather Joslyn
Happy Birthday! The New Stack Turns 10 and Judy Retires
Apr 29th 2024 8:25am, by Alex Williams
DevEx Success: How Pfizer Scaled to 1,000 Engineers
Apr 29th 2024 6:17am, by Jennifer Riggins
Preparing for Crunch Times: Tips for Fast-Scaling Companies
Apr 26th 2024 10:00am, by Jack Tam
7 Tips for Fostering Stronger Communication in Outsourced Projects
May 2nd 2024 7:24am, by Liz Ryan
Platform Engineering: What Does 'Good' Look Like?
Apr 30th 2024 6:23am, by Dormain Drewitz
DevEx Success: How Pfizer Scaled to 1,000 Engineers
Apr 29th 2024 6:17am, by Jennifer Riggins
Top 10 Tools for Kafka Engineers
Apr 26th 2024 8:02am, by Stéphane Derosiaux
Vulnerabilities Versus Intentionally Malicious Software Components
Apr 24th 2024 6:49am, by Aaron Linskens
Cilium's Past Points to Its Future 
May 3rd 2024 5:00am, by B. Cameron Gain
Egress Gateway: Assign Stable IPs To Traffic Leaving K8s Clusters
Apr 30th 2024 9:02am, by Dhiraj Sehgal
WebAssembly, Large Language Models, and Kubernetes Matter
Apr 30th 2024 7:51am, by Torsten Volk
Kubernetes Gets Back to Scaling with Virtual Clusters
Apr 25th 2024 7:01am, by Alex Williams
eBPF: Reliable Policy Setting and Enforcement
Apr 24th 2024 4:00am, by B. Cameron Gain
Apache Flink Gets Some Observability With Datorios
Apr 30th 2024 1:03pm, by Joab Jackson
Improving LLM Output by Combining RAG and Fine-Tuning
Apr 30th 2024 10:50am, by Haijie Wu and Junhwi Kim
CI/CD Observability: A Rich New Opportunity for OpenTelemetry
Apr 30th 2024 10:00am, by Giordano Ricci and Dimitris Sotirakis
Linux: Deploy the Netdata Server Performance Monitor
Apr 27th 2024 6:00am, by Jack Wallen
Guider Daemon Automates Linux Performance Monitoring
Apr 19th 2024 11:16am, by Joab Jackson
Enhancing Business Security and Compliance with Service Mesh
Apr 1st 2024 10:00am, by Ninad Desai
Some Linkerd Users Must Pay: Fear and Anger Explained
Feb 28th 2024 9:21am, by B. Cameron Gain
Buoyant Revises Release Model for the Linkerd Service Mesh
Feb 21st 2024 9:30am, by Joab Jackson
Istio Advisor Plus GPT: Expert System Meets AI for Service Mesh
Dec 14th 2023 12:15pm, by Steven J. Vaughan-Nichols
Using JWTs to Authenticate Services Unravels API Gateways
Nov 8th 2023 6:53am, by Christian Posta and Peter Jausovec
API Management / Cloud Native Ecosystem / Software Development

Cloud Native Software’s Technical Debt Is Growing

We are building more and more custom software, but producing it more quickly by integrating higher-level building blocks such as OSS or vendor APIs.
Jul 6th, 2021 9:15am by and
Featued image for: Cloud Native Software’s Technical Debt Is Growing
Feature image via Pixabay.

Jonathan Schneider
Jonathan Schneider, co-founder, and CEO of Moderne, led the engineering effort around large-scale automated code refactoring at Netflix, founding the open source OpenRewrite project. On the Spring Team at Pivotal, he led the site reliability engineering team and founded the popular Java metrics library Micrometer. He is the author of O’Reilly’s SRE with Java Microservices.

We asked developers from a variety of organizations and industries a simple question: “How long will your application continue to function if you are not allowed to touch its code?” What we found was that the more modern the application, the faster it would cease to work. Legacy applications would be fine for years but cloud native applications would crash and burn within weeks.

Software development has undergone significant changes in the last decade. Software is no longer built completely in-house and instead, there is now what is known as the software supply chain. It includes everything that goes into or touches software as it is being produced: developer tools (IDEs, CI/CD), third-party software (dependencies), or more pervasive parts of the application stack such as language runtimes, monitoring, and testing frameworks.

With this move to the software supply chain, software development has become industrialized. We are building more and more custom software, but producing it more quickly by integrating higher-level building blocks such as OSS or vendor APIs. Modern applications are glue code and as much as 90% of software can be from third-party components. Sophistication and availability of different components in the global software supply chain are what enable this rapid growth of custom software.

Olga Kundzich
Olga Kundzich, co-founder of Moderne, has extensive experience building enterprise technologies at Dell EMC and Pivotal, including application delivery management and data protection solutions.

A common misconception about APIs is that they are stable interfaces and once you go with APIs rather than custom internal protocols, the communication between components remains well defined and stable. In reality, vendors of APIs do not remain static. They are developing their offerings based on the use cases they want to support: adding, deprecating, and deleting APIs as they do so.

This explains the paradox we described earlier that modern cloud native applications require more maintenance as third-party dependencies change and evolve at their own pace, requiring developers to constantly restitch the new versions back together. Legacy applications were built from scratch in-house, so even if you accrue massive technical debt and are not able to add features to the apps, at least they continue to function.

This restitching time is not trivial. Software maintenance typically takes 20-30% of the developer’s time. These are tedious repetitive tasks, but they require expertise that only the most senior developers possess and act as a tremendous drag on innovation and software quality.

Technical Debt Is a Wrong Term for This Ongoing Upkeep of Software

Technical debt as a term originated with the introduction of agile development. It is all about prioritizing speedy application delivery over perfect code. Alongside technical debt came the practice of refactoring as a technique to manage the code. Refactoring restructures the code without changing its external behavior. It addresses the technical debt and makes the required internal changes to the code necessary to support the latest iteration of the application and the new capabilities.

A common approach to managing technical debt is to make it engineering’s responsibility as part of each scrum sprint (the period when the development team works to complete a set amount of work)  and treat it as an implicit cost of the process of enhancing the software. It’s under the control of engineering — they introduced the technical debt so they should address it.

We are building more and more custom software, but producing it more quickly by integrating higher-level building blocks such as OSS or vendor APIs.

We continue to use the term technical debt to denote activities that are internal to engineering and produce no tangible business benefits, but the cause of the debt has fundamentally changed. You didn’t take on technical debt knowingly when you incorporated the newest version of a vendor library into an application. And the next thing you know, the vendor releases a new version and your software is now out of date. This is supply chain management activities masquerading as technical debt.

When software is assembled using components from the software supply chain, maintenance is different as it’s no longer under the control of the developers and is instead tied to changes to third-party software and APIs. Modern software maintenance feels like a constant race against the clock to update the components to prevent the whole thing from breaking, and with no control over the changes to these third-party components, you are essentially running the race with your shoes tied together.

Software Supply Chain Maintenance Is Highly Repeatable

An additional thing we noticed when speaking with developers is the repeatability of their problems. Everyone is upgrading a similar subset of third-party software and incorporating it into their code. Some of it, like upgrades to common frameworks or language runtimes, impact practically everyone. Same with common CVEs.

Unlike the technical debt of the past where everyone had a unique set of technical debt and had to understand and address it through individual refactoring, software maintenance as upgrades of common components is repeatable across different codebases. Obviously, not everything can be automated, but significant chunks of tedious migrations can.

Beyond Refactoring — Automated Code Maintenance

What we need is an open ecosystem for developing and distributing automation for these tedious code maintenance tasks: upgrades, CVE patching, internal API maintenance. It can only be solved by a community through composing more and more complex refactoring operations and validating them on more and more code.

We can start with the same proven building blocks that an IDE provides, but make them shareable and composable, and applicable via different workflows. With these building blocks, API vendors and OSS framework authors can develop and distribute automation for upgrading consumers of their libraries and APIs together with the new versions of their libraries. Security researchers can not only disclose a vulnerability but provide an automated remediation for everyone impacted.

OpenRewrite is an OSS, Apache-licensed ecosystem of refactoring recipes aiming to create such a community. It’s early days, but we validated the approach by building a number of high-value refactoring recipes for Java framework migrations.

We imagine a world where the global software supply chain becomes a distributed and eventually consistent mono repo: at a point when you incorporate a new version of a library into your application, your glue code is automatically updated.

TRENDING STORIES
Group Created with Sketch.
SHARE THIS STORY
TRENDING STORIES
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.