Stuff about Software Engineering

Author: Peter Birkholm-Buch (Page 2 of 12)

Four and not 3 Categories of AI Solutions

Introduction

When driving value from generative AI (GenAI) it’s important to choose the right approach in order to be able to get a return on investment. This page attempts at explaining possible approaches and required resources.

Takers, Shapers and Makers

There seems to be 3 major categories of GenAI adopters according to McKinsey and Gartner:

McKinseyGartnerDescription
TakersQuick WinsFocus on utilizing existing GenAI tools and models for productivity improvements with minimal customization.

These initiatives typically have short time to value and are task-specific, aiming for immediate efficiency gains in routine tasks.
ShapersDifferentiating Use CasesEngage in integrating GenAI tools with proprietary data or adapting them for specific applications.

These initiatives aim to achieve competitive advantages, involving medium time to value with higher costs and risks than quick wins.

They leverage GenAI to extend current processes and create unique value propositions.
MakersTransformative InitiativesConcentrate on developing new GenAI models or tools for specialized applications, with the potential to transform business models and markets.

These are the most ambitious initiatives, characterized by high cost, complexity, and risk, and a long time to value.

They aim for strategic benefits that may be difficult to quantify initially.

TCO/ROI

The Total Cost of Ownership (TCO) and Return on Investment (ROI) for GenAI adoption across takers, shapers, and makers categories involve several considerations, including hidden costs, strategic implications, and potential benefits.

Gartner offers insights on measuring GenAI ROI, advocating for a business case approach that simulates potential cost and value realization across GenAI activities. This approach categorizes investments into quick wins, differentiating use cases, and transformational initiatives. Quick wins focus on immediate productivity improvements with short time to value, differentiating use cases aim at competitive advantage with medium time to value, and transformative initiatives have the potential to upend business models with longer time to value but higher costs and complexity. The guide emphasizes the importance of balancing financial returns with strategic benefits, which might be difficult to quantify initially.

Source: https://www.gartner.com/en/articles/take-this-view-to-assess-roi-for-generative-ai.
Red box is added by me, see conclusion below.

Builders

I’m introducing an extra “Builders” category into the GenAI adoption landscape beyond merely adopting or adapting, Builders take a step further by crafting bespoke extensions and plugins for GenAI platforms. This initiative is driven by the ambition to tackle intricate, multi-step workflows that typically demand considerable human intervention. The essence of being a Builder lies in their ability to not just work with GenAI but to enhance its core capabilities, enabling solutions that seamlessly bridge various systems and processes. This approach demands a blend of creativity, technical prowess, and a deep understanding of both the technology and the problem domain.

CategoryDescriptionRequired People Resources/SkillsTools
TakersUtilize existing GenAI tools for productivity improvements with minimal customization.

Aimed at immediate efficiency gains in routine tasks with short time to value.
Basic understanding of AI/ML conceptsSkills in integrating and configuring APIs

Ability to adapt third-party GenAI tools to existing workflows
Microsoft Copilot

Microsoft Copilot Plugins

Enterprise “Chat”-GPTs
ShapersIntegrate GenAI tools with proprietary data or adapt them for specific applications to achieve competitive advantages, involving medium time to value with higher costs and risks.Low/No-code developers

Domain experts for data interpretation

Project managers with a technical background
Retrieval Augmented Generation (RAG)

Microsoft Copilot Studio

Microsoft Azure AI Studio
BuildersDevelop custom solutions or extensions to GenAI platforms to solve complex, multi-step processes that usually require significant human effort.Advanced programming skills in relevant languages

Data scientists for model tuning

Experience with GenAI frameworks

Systems integration expertise

Creative problem-solving abilities
Microsoft Copilot Extensions

Microsoft PromptFlow

LangChain

LangGraph

LlamaIndex

AutoGen

CrewAI

LLM Function Calling

LLM Threat Modelling

LLM Routing
MakersDevelop new GenAI models or tools for specialized applications with the potential to transform business models and markets.

Characterized by high cost, complexity, and risk, with a long time to value.
Expertise in deep learning and neural networks

Experience in building and training large-scale AI modelsStrong research and development background

Ability to work with high-performance computing resources
LLM Models

LLM Frameworks

LLM Fine-Tuning

(LLM Creation and Training)

The “Builders” category fills the gap between “Shapers,” who mainly adapt existing models for their unique needs, and “Makers,” who create new GenAI models from scratch. Builders leverage powerful frameworks and platforms to create bespoke solutions that automate complex workflows, potentially revolutionizing how businesses approach process automation and efficiency. This distinction underscores the evolving landscape of GenAI adoption, highlighting the increasing sophistication and customization capabilities available to organizations.

Conclusion

The red box on the image above indicates that solutions made in the Takers and lower Shapers category are likely to be overtaken by standard solutions from vendors and the plethora of SaaS AI offerings appearing on a daily basis. Caution should be used when choosing to invest in solutions in this area unless quick wins are important.

Clearly it’s important to have a strategic, well-planned approach to integrating GenAI with emphasis on organizational readiness, skill development, and a focus on applications that offer a competitive advantage – otherwise GenAI just becomes a technology looking for a problem like Blockchain.

References

GitHub Advanced Security enables Shifting Security Left

Introduction

This is part 2 of:

Explaining how Carlsberg unifies development on GitHub and accelerates innovation with Copilot in more detail.

In the digital transformation journey of Carlsberg, the implementation of GitHub Advanced Security (GHAS) marked a significant shift towards embedding security directly into the developer workflow. This strategic move, part of our “Security First” initiative in Software Engineering, has not only elevated the security posture of our software development lifecycle but has also manifested in substantial time and cost savings by identifying and rectifying vulnerabilities prior to deployment.

Using GHAS to Scan for Vulnerabilities

Centralizing scanning in the GHAS platform eliminates concerns about the security configurations of developer workstations and the code contributions from external parties. By conducting security scanning centrally, we ensure consistent and thorough examination of all code, regardless of its origin. This approach not only streamlines our security processes but also enhances the security posture of our software, providing peace of mind and allowing our developers to focus on innovation and productivity raising the Developer Experience.

We use GHAS to scan for the following:

  • Secrets: The inclusion of secret scanning within our workflow has been pivotal in detecting exposed secrets such as keys and tokens, preventing potential security breaches.
  • Static Application Security Testing (SAST) with CodeQL: CodeQL’s integration allows us to perform comprehensive static code analysis, identifying security vulnerabilities and coding errors at their inception.
  • Dependencies with Dependabot: Dependabot plays a critical role in our ecosystem by monitoring dependencies for known vulnerabilities and automatically suggesting updates or patches, thus maintaining the integrity of our software supply chain.
  • Binaries and Containers: By incorporating tool plugins for CodeQL we enhance our ability to scan binaries and containers for vulnerabilities, ensuring a robust security framework across all components of our software.

Integration into Developer Workflow

The transformation brought about by GHAS in our developer workflow cannot be overstated. By embedding security checks directly into pull requests, GHAS ensures that every code change is automatically scanned for vulnerabilities before being merged. This integration not only streamlines the security assessment process but also empowers developers to address security issues in real-time. The proactive security posture facilitated by GHAS equips developers with the tools and insights needed to identify and rectify potential security flaws from the outset, fostering a culture of security awareness and responsibility. This approach significantly enhances the overall security of our software projects, contributing to a more secure and efficient development environment.

Centralized Security Scanning

Adopting GHAS as a centralized platform for security scanning has provided us with a command and control center for managing vulnerabilities emanating from both source code and dependencies. The Security Center dashboard offers a comprehensive overview of vulnerabilities, CVEs, and the most affected repositories, allowing us to prioritize and focus our remediation efforts effectively.

Since the inception of GHAS in our development practices, we’ve observed a notable reduction in security vulnerabilities, with over 30,000 issues addressed. This achievement underscores the effectiveness of GHAS in enhancing our security posture, demonstrating its value not only in safeguarding our applications but also in supporting our broader business objectives of innovation and growth.

Using GitHub as a Software Development Platform improves Developer Experience

Introduction

This is part 1 of:

Explaining how Carlsberg unifies development on GitHub and accelerates innovation with Copilot in more detail.

Navigating Complexity: The Challenge of Multiple Development Tools

In the fast-paced world of software development, managing multiple tools can become a bottleneck that impedes efficiency and innovation. At Carlsberg, our developers and engineers were navigating a complex toolchain landscape that included GitHub, GitLab, BitBucket, Azure DevOps, Jenkins, Nexus, SonarQube, and both Azure and AWS Container Registries. This multiplicity not only slowed down our processes but also fragmented our development environment, leading to increased context-switching and security vulnerabilities.

Unified Platform: Adopting GitHub for Streamlined Operations

The decision to streamline our development tools into a single, integrated platform came as a strategic move to enhance our operational efficiency and bolster security measures. We chose GitHub as our all-encompassing platform for several reasons:

  • GitHub Source Control provides a robust system for tracking changes in computer files and coordinating work on those files among multiple people.
  • GitHub Actions makes it easier to automate all your software workflows, now with world-class CI/CD. Build, test, and deploy your code right from GitHub.
  • GitHub Packages serves as a software package hosting service that allows you to host your software packages privately or publicly and use packages as dependencies in your projects.

By migrating from Jenkins to GitHub Actions, from SonarQube to GitHub’s integrated code scanning features, and from Nexus and various container registries to GitHub Packages, we were able to retire outdated systems and reduce our toolchain complexity significantly.

Enhanced Productivity and Security: The Benefits of Consolidation

The consolidation has profoundly impacted our software development operations by centralizing source control and unifying the development environment. Our engineers now enjoy a streamlined workflow with reduced context-switching, thanks to a centralized pipeline and improved build and deployment processes managed through GitHub Actions. The centralization of package management through GitHub Packages has also enhanced the efficiency of managing and sharing package dependencies.

By reducing our tools from nine to one, we’ve not only simplified our technology stack but also enhanced our capability to manage projects more effectively, ensuring that our software development practices continue to support Carlsberg’s legacy of innovation.

Future Focus: Continuing Innovation at Carlsberg

As we continue to refine our approach and leverage the full potential of GitHub, our focus remains on innovation and efficiency. The journey of consolidating our development tools has been a pivotal step in our digital transformation strategy, positioning Carlsberg at the forefront of technological advancement in the beverage industry.

Carlsberg unifies development on GitHub and accelerates innovation with Copilot

I’m honored that GitHub have chosen to do a customer story on how we’re transforming software development in Carlsberg: https://github.com/customer-stories/carlsberg-group and a friggin awesome movie.

The movie was also used by Satya Nadella in the Build 2024 Keynote:

To provide a bit more background information I’ve written some posts:

The Four Tenets of SOA

The SOA tenets originally appeared back in 2004 when  Don Box published an article on MSDN called “A Guide to developing and Running Connected Systems with Indigo” (Indigo is what’s known today as Windows Communication Foundation or WCF for short). Don Box wrote that WCF is based on SOA principles and that unlike other approaches, specifically object orientation, SOA requires a different set of assumptions:

In Indigo, a service is simply a program that one interacts with via message exchanges. A set of deployed services is a system. Individual services are built to last—the availability and stability of a given service is critical. The aggregate system of services is built to allow for change—the system must adapt to the presence of new services that appear a long time after the original services and clients have been deployed, and these must not break functionality.

Although Microsoft have pledged to keep the MSDN Magazine online at the time of writing the article linked above is not available.

Service-oriented development is based on the four fundamental tenets that follow:

  • Boundaries are explicit 
  • Services are autonomous
  • Services share schema and contract, not class
  • Service compatibility is determined based on policy 

Let’s go over what that means in terms of modern REST services.

Four Tenets

Boundaries are explicit

Services interact by sending messages across boundaries. These boundaries are formal and explicit. No assumptions are made about what is behind boundaries, and this preserves flexibility in how services are implemented and deployed.

This means that:

  • You must treat all services as external to you
  • Internal (private) implementation details should not be leaked outside of a service boundary
  • Avoid RPC interfaces because this can lead to an overuse of calls – accessing a service is not the same as accessing a local object

Services are autonomous

Services are not subservient to other code: a service reacts to a message – how that message was created and what will happen to any response the service creates is immaterial to the action that this service will take.

This means that:

  • Deploy and version services independently from the clients
  • Design contracts with the assumption that once published, they can’t be modified

Services share schema and contract, not class

Only messages pass from service to service, code does not.

This means that:

  • Contracts should be designed to be as explicit as possible to minimize misinterpretation
  • A service must be able to convert its native data types to and from some technology-neutral representation
  • The contract must be versioned using semantic versioning

Service compatibility is determined based on policy

A service must be able to express in a standard representation of policy what it does and how clients should communicate with it.

This means that:

  • The policy must be exposed using an Open API Specification

ChatGPT Vision could be used to destroy incumbent image recognition solutions in CPG

I finally got access to ChatGPT Vision and I uploaded a picture of some beers I had at home:

This is the response from ChatGPT:

Nice selection of beers you got there! I see Perlenbacher, which is often associated with Lidl supermarkets, and of course, the iconic Carlsberg. Carlsberg, founded in 1847, is one of the most well-known beer brands globally and is based out of Copenhagen, Denmark. “Birra Messina” seems to be a Sicilian beer. Each of these beers brings a different taste profile to the table. Enjoy responsibly! Would you like to know more about any specific beer?

I then prompted this using TypeChat:

Please attempt to recognize the cans in the picture and fill out the following response:
interface Response {
data: Array<{ name: string, brand: string, count: number}>;
}

And I got this from ChatGPT:

Sure, here’s the response based on the image:

interface Response {
data: Array<{ name: string, brand: string, count: number}>;
}

const beerData: Response = {
data: [
{ name: "Premium Pilsner", brand: "Perlenbacher", count: 2 },
{ name: "Pilsner", brand: "Carlsberg", count: 2 },
{ name: "Classic", brand: "Birra Messina", count: 1 }
]
};

This is based on the visible labels in the image.

No training – no nothing. I know the internet is full of examples of people having ChatGPT turning Figma drawings into web sites and apps – but this is totally out of the comfort zone of ChatGPT and I have previous experience trying to teach image recognition of packaged goods to models and it’s not that easy.

Solutions based on this could destroy the incumbent vendors in image recognition in the CPG market.

Clippy talking to Clippy talking to Clippy…

I listened to a podcast interview with Christian Lanng (Christian Lanng: “How Being a Founder Almost Killed Me”  | E1065) about his next thing with Beyondwork and them trying find out what that means.

Christian says that he doesn’t want a future where a Clippy has to talk to a Clippy which talks to another Clippy and so on. In this context Clippy is some sort of an “AI” which can provide some answer.

I don’t know if that is true or not or if it’s the future we want or not – but right now, that seems to be where we’re headed.

  • LangChain is about chaining prompts and answers together so that we can get better answers
  • Microsoft Copilot Plugins is about enabling Microsoft Copilot to extend your prompts to other systems and consolidate the answers and perform tasks on your behalf
  • Microsoft TypeChat is about providing types and structure to the data we want to pass between systems to make interoperability even easier and more precise

I’ve spent the first 20 years of my life as a developer and the last 20 or so as an “architect” in many different contexts and it almost always boils down to solving integration between business domains and figuring out how data can be accessed, translated and acted upon across the different domains either in real time or before some date and time.

I totally agree with the sentiment that most, if not all, business systems are really just a database with a UI on top and that actual business value comes from combining the data across all systems and extracting answers from it. However, as long as the “business” continues to lock data in silos and refuses to adapt business processes to standard systems and demands customization of systems to accommodate the last 20% of functionality in a way that almost makes integration impossible – then I think the Clippies are going to be around for some time to come.

I think short to medium term the scenarios with plugins to Microsoft Copilot (and similar) will prove valuable to most businesses. Longer term we still need to fix copyright (AIs will be stopped from scraping), privacy (business are scared of leaks) and authentication/authorization (who are you and what do you have access to across boundaries). For instance how can we safely solve problems where data is scattered across private and public domain.

It’s going to be interesting and some new rules/processes are going to have to be worked out.

Opsætning af Newland 2D Skanner

Nedenfor installationsvejledning til Newland 2D Stregkode Skanner Model FR27 solgt af EG (tidligere ClinicCare).

Start med at sætte skanneren i din computer i en ledig USB-A port.

Hent konfigurationsprogram fra https://www.newland-id.com/en/services/software-drivers/easyset-software. Denne guide passer til EasySet v.1.2.28 (men passer sikkert også til senere versioner).

Konfigurationsprogrammet skal pakkes ud to gange før man kan bruge det.

Højreklik på filen og vælg pak alle ud.

Når filen er pakket ud, skal vi pakke den ud een gang til.

Nu har vi så endelig adgang til selve konfigurationsprogrammet. Dobbeltklik så programmet starter.

Hvis du har Windows Defender (eller et andet virusprogram installeret) vil du (måske) få denne advarsel. Det er fordi at programmet ikke er kendt af Windows. Eneste mulighed for at komme videre er at klikke på “more info”.

Nu kan man vælge at starte programmet alligevel.

Klik på next, next, next osv.

Nu har du et program ikon på din desktop som du kan dobbeltklikke på for at starte konfigurationsprogrammet.

Vælg “Online Device”

Vælg “Configure Device”

Vælg “HID Keyboard” og sæt “Bar Code Type” til “2D” og klik på “Save to Device”.

Nu er du klar til at teste. Åbn Notepad og læs dit sundhedskort (enten plastik eller telefon) ind ved at holde det foran skanneren.

Når CPR. nummer er læst bliver det sat ind der for cursoren er placeret. Jeg har med vilje erstattet de sidste 5 tegn med en stjerne nedenfor.

Jeg synes det er vigtigt at bemærke at skanneren kun indlæser CPR. nummer og intet andet. Hvis man f.eks. bruger ClinicCare til Web vil man altså ingen fordele have af skanneren, da man ligeså godt kan bede klienten om at oplyse det.

Hvis du har fulgt denne vejledning og det virker så har du lige sparet 1000kr+moms som EG ellers tager for at give vejledning i opsætning af deres “2D skanner”.

Jeg finder det noget useriøst at EG anvender produkter fra leverandører hvor tilhørende programmel ikke kan genkendes af gængs antivirus programmel og at man i det hele taget er nødt til at installere yderligere programmel for at få en skanner til at virke. Det er jo en pengemaskine for EG.

Jeff Meyerson: “Move Fast – How Facebook Builds Software

This book is more a string of mini interview resumes of former Facebook employees than an actual reference book with actionable information.

If you’re looking for detailed insight into how Facebook actually organizes teams and does software development then this is not a book for you.

On the other hand, if you’re looking for an easy read with a few high level but somewhat value pointers then this is for you.

1 of out 5 stars

Useful resources on Software & Systems Architecture

I think these books are valuable references when building software systems:

I think these websites are valuable references when identifying patterns:

« Older posts Newer posts »

© 2024 Peter Birkholm-Buch

Theme by Anders NorenUp ↑