Forem: 𝒮𝒶𝓇𝓉𝒽𝒶𝓀 📨

Is AI the Future of Code Editing? Let's Talk Cursor AI!

𝒮𝒶𝓇𝓉𝒽𝒶𝓀 📨 — Thu, 29 Aug 2024 07:49:06 +0000

Imagine an editor that not only writes code for you but also understands the context of your project. That's what Cursor AI brings to the table. It’s more than just a code editor—it's a game-changer.

Here’s what caught my eye:

AI-Powered Coding:
Cursor isn’t just another tool
it’s an evolution in how we think about coding. From writing code to fixing bugs, it’s all about the prompts now.

Multi-File Chatting:
Want to discuss code across multiple files? Cursor lets you do that seamlessly.

Cross-Language Conversion: Need to convert your Python script to Rust? Done with a single command.

Intelligent Predictions: Cursor’s AI anticipates your next move, making coding faster and smarter.

While GitHub Copilot has been a solid assistant, Cursor AI is pushing the boundaries. The integration of LLMs like Claude makes it a strong contender in the coding world.

Sure, it’s priced at $20/month, but think about the time it can save you—time that can be translated into more innovation, more projects, or just more free time. In a world where every second counts, Cursor AI might just be worth the investment.

Is it the end of GitHub Copilot? Only time will tell. But one thing's for sure—Cursor AI is here to stay, and it’s redefining what’s possible in coding.

What do you think? Is Cursor AI the future of coding? Let’s discuss!

💬Check out the full video here

Also subscribe to my newsletter https://bitfumes.com/newsletters

Exploring Hugging Face: The GitHub for the Machine Learning Community

𝒮𝒶𝓇𝓉𝒽𝒶𝓀 📨 — Mon, 26 Aug 2024 13:55:23 +0000

Welcome to an exciting exploration of Hugging Face—a platform that's rapidly becoming indispensable in the world of machine learning and AI. If you're eager to catch up with the latest advancements in technology, particularly in the AI space, understanding Hugging Face is crucial. Think of it as what GitHub is to the open-source software community—Hugging Face is doing the same for the machine learning community.

What is Hugging Face?

Hugging Face started as a company back in 2016, founded by French entrepreneurs in New York City. Originally, it developed a chatbot application for teenagers. However, realizing the potential of open-sourcing their chatbot model, the founders decided to pivot their focus. This decision transformed Hugging Face into a hub for open-source machine learning models, datasets, and tools.

Fast forward to 2021, Hugging Face raised $40 million in a Series B funding round, which catapulted the platform into becoming a powerhouse in the AI industry. Today, it’s used by over 50,000 organizations, including tech giants like Meta, Microsoft, AWS, Google, and Grammarly.

Why Hugging Face is a Game-Changer

Hugging Face offers a vast array of tools and resources that make it easier for developers, data scientists, and researchers to work with machine learning models. Here's a quick overview of what Hugging Face brings to the table:

Model Hub: Hugging Face hosts over 780,000 open-source machine learning models. Whether you need a model for text classification, image generation, or natural language processing (NLP), you’ll find it here. The platform supports models from various categories, including multimodal models (image to text, text to image), computer vision models, and NLP models.
Datasets: Alongside models, Hugging Face also provides access to over 180,000 datasets, covering a wide range of categories such as text, image, and audio. These datasets are invaluable for training and fine-tuning your own machine learning models.
Spaces: Hugging Face Spaces allows you to host demo applications for free, making it an excellent tool for building and showcasing your machine learning portfolio. You can deploy your applications using Gradio, Streamlit, or even just static HTML files.

The Power of Open Source

One of the key strengths of Hugging Face is its commitment to open-source development. The platform has created a number of libraries that have become staples in the machine learning community, such as:

Transformers: A library for state-of-the-art NLP models.
Diffusers: A library focused on image generation models.
Datasets: A library that simplifies the process of loading and using datasets for machine learning.

These libraries are all open-source and available on Hugging Face’s GitHub repository, making them accessible to anyone interested in machine learning.

How Does Hugging Face Make Money?

You might wonder how Hugging Face sustains itself while offering so many free resources. The answer lies in its cloud-based offerings. Hugging Face provides compute resources for AI and machine learning applications, catering to the compute-heavy needs of these models. They also offer enterprise-level plans that include features like single sign-on, private datasets, and priority support.

Getting Started with Hugging Face

If you’re new to Hugging Face, the best way to start is by exploring the Model Hub. You can browse through various categories, try out models using the inference API, and even download models to use in your projects.

For example, if you're interested in text-to-image models, you can search for models in this category, view their model cards (similar to README files), and experiment with them directly on the platform. Hugging Face also provides detailed documentation to help you integrate these models into your projects using libraries like Transformers and Diffusers.

Conclusion

Hugging Face is more than just a repository of models and datasets—it's a thriving community that’s driving the future of AI. By making advanced machine learning models and tools accessible to everyone, Hugging Face is playing a pivotal role in democratizing AI and fostering innovation.

Whether you're an AI enthusiast, a developer, or a researcher, Hugging Face is a resource you can't afford to miss. So dive in, explore the endless possibilities, and start building something amazing today!

If you like my content then Subscribe to my newsletter https://bitfumes.com/newsletters

How I Passed the AWS Developer Associate Exam (DVA-02): A Rollercoaster Ride of Challenges and Triumphs 🚀

𝒮𝒶𝓇𝓉𝒽𝒶𝓀 📨 — Tue, 18 Jun 2024 05:30:00 +0000

Ever wondered if practical knowledge is crucial for passing certification exams? Or if the AWS Developer Associate exam is hard or easy to crack? Here’s my story!

After 3 months of dedicated preparation, diving into every important topic, I started with AWS SkillBuilder, the official AWS study portal. While SkillBuilder offers a comprehensive syllabus and sample exams, the limited number of full-length practice tests can be a drawback. Re-taking these exams might lead you to memorize answers rather than truly understand the material.

To keep my preparation exciting and effective, I invested in Udemy's practice exam course for the DVA-02, which includes six challenging practice exams. Trust me, these are tougher than the actual exam! If you can pass the Udemy tests, your chances of acing the real DVA-02 exam are high.

Choosing to take the exam online added another layer of adventure. On exam day, my internet connection slowed down, and I faced a 15-minute struggle to start the Pearson Vue app. Once connected, I had to wait in a queue for another 15 minutes, unable to move away from the webcam. Just when I thought things couldn't get worse, my internet issues pushed me into another 15-minute queue!

Finally, the exam began, and the questions seemed harder than anticipated. I used a strategy of skipping long or unfamiliar questions, focusing on the ones I was confident about. This approach allowed me to tackle the last question within 50 minutes, having skipped 33 questions initially. I marked the unsure ones for review and managed to answer everything within the time limit.

But the thrill didn’t end there. Unlike the usual instant results, my screen displayed a message saying my results would be available in 5 working days. Imagine the suspense! Thankfully, the same evening, I received an email announcing that I had passed the exam.

My key takeaway? The more practical experience you gain, the better you learn and can relate to the questions. The exam questions are more tricky than tough, so thorough preparation is essential.

Thinking about taking the AWS Developer Associate exam? Comment below if you’d like me to write another post on exam preparation tips.

Thanks for reading! If you want to stay connected, subscribe to my newsletter at bitfumes.com/newsletters. For any questions, feel free to DM me. Let's ace those exams together! 💪

Git Masterclass - Day 2

𝒮𝒶𝓇𝓉𝒽𝒶𝓀 📨 — Sat, 06 Apr 2024 05:51:32 +0000

Welcome to Day 2 of Git Masterclass 💪

Today, we will learn about the difference between git pull and git fetch - all in under 3 mins ⚡️

What is the difference between `git pull` and `git fetch`?

This is one of the most commonly asked interview questions, and you need to learn this not just for interviews but for the effective use of Git in daily work.

What is `git fetch`?

Suppose you are working on a repository and there are changes made to the remote branch which you need to have in your local branch as well.

Let's see what git fetch does in this scenario -

Now you can see in the tracking log that the incoming changes mention the new changes brought in from the remote repository.

But.. notice that these changes are simply visible in the log, but not yet MERGED with your local files.

What does this mean?

This means that git fetch only shows the incoming new changes from the remote repository and does not actually merge them with your local files.

How to merge remote changes to local in Git?

This is where we use the git pull command - it executes two commands in one go, namely - git fetch and git merge.

You can see here that all the remote changes are now merged with your local files.

That concludes Day 2 of our Git Masterclass. If you found this helpful, then make sure to watch the video version of it right here - Day 2 of learning Git with Sarthak

Also, don't forget to subscribe to our newsletter for weekly tips and insight into tech and development - Bitfumes Weekly

See you in the next one 🚀

Git Masterclass - Day 1

𝒮𝒶𝓇𝓉𝒽𝒶𝓀 📨 — Thu, 04 Apr 2024 06:27:21 +0000

Welcome to this Masterclass of Learning Git With Sarthak!

Git and its associated services need no introduction. You must have used Git on Day 1 of your work. In fact, the amazing thing about recent years is that students are taking massive interest in self-learning and are learning Git right from their school and college days.

So if you have never touched Git before, or are struggling to learn its intricacies, fear not - this Git masterclass will teach you everything you need to know to use Git in your daily life.

Let's Git going 🚀

How to change branch in Git?

Well that's easy. Just use git checkout branch_name.

This is not wrong. But consider this scenario - you are working on a file, adding code, and suddenly your manager asks you to get on a call and discuss the code in some other branch.

What do you do? If you type git checkout branch_name in the terminal, then you get the following error -

What does this mean?

This error comes up because you tried to change your branch BEFORE committing or "saving" your ongoing work. And Git is smart enough to know and track unsaved changes across your entire file directory.

This is a fool-proof system built into Git. Git was programmed this way to handle exactly this scenario. It warns the developer about unsaved commits and will not allow you to change branches before committing them.

So, the answer? Just commit these changes before changing branches!

NOPE.

Consider this again - What if you frequently need to change branches throughout the day in between your ongoing work?

Will you commit your unfinished work every single time? Multiple useless commit messages are not good practices. Even if you just commit and push them all later, they will still be logged in Git's commit history.

This is where the command git stash comes into play.

What is git stash?

As the word states, stash means to simply "put" something in a place until you come back to retrieve it later.

In the context of Git, we use git stash to temporarily save the ongoing work/changes and come back to it later without having to worry about unnecessary commit messages.

Let's type this in the terminal - git stash

Now, you should be able to see a message similar to the one below -

Next, type in git checkout branch_name - in this case I'm using a branch called test -

Successfully switched to the desired branch!

And if you notice in the working branch, there are no pending commits or unsaved changes anymore. How did this happen?

Git used the stash command to record the current state of the working directory and index.

Now you can do your work in the changed branch, and later come back to the earlier working environment.

How to get back to the stashed changes?

Once you are done with your other work, you can revert to your earlier working directory with this command - git checkout earlier_branch.

And once you are checked back into the older working branch, you need to run this command - git stash apply

As seen above, your uncommitted changes are back on track and you can pick up from where you left off.

That is it for Day 1!

If you liked this blog post, and want to see the tutorial in action, head over to the video part here - Git Masterclass | Day 1

Don't forget to subscribe to my weekly newsletter where I share insights and tips about software development, technology in general, and much more ⚡️

Stay tuned for more Git tutorials coming your way 💪

#2 Rust - Cargo Package Manager

𝒮𝒶𝓇𝓉𝒽𝒶𝓀 📨 — Sun, 04 Feb 2024 14:09:34 +0000

Diving Into Rust - Understanding Cargo and Dependencies

Hey there 👋

In the previous post, we got an introduction to Rust and how to install Rust in our system.

We also saw that cargo is at the core of setting up and managing a Rust project. In this post, we will dive deeper into cargo and understand why we need dependencies for projects.

Suppose you wanted to write a Rust program that would generate random numbers and then use these numbers for some subsequent functionality.

There are two ways to go about this - write all the functions from scratch, and take longer time to ship a working project OR use pre-built functions and packages to make our work easier and save time.

The second approach makes sense, doesn’t it? Because our core focus should be on building new functionalities, and not reinventing the wheel!

And that’s exactly why we need dependencies in projects.

Someone has already written the necessary functions and packaged it in an industry-standard manner, and it is only wise that we utilise these packages.

Now, there has to be a place where all these packages come from. Similar to npmjs registry, where all node packages are registered, stored and retrieved, Rust also has something called crates.io where many helpful packages and dependencies are registered.

This registry is very useful, and as you can see, there are thousands of “crates” available. Crates are nothing but packages and dependencies. If you are familiar with other languages where such package management is used, then using Crates.io should be fairly straightforward.

Let us take an example package here. Following the Rust documentation site, we need to install a package called ferris-says. Now, there are two ways to install packages to your Rust project -

1. Using Cargo -

Open the terminal in your project directory run the command cargo add package_name where package_name is the name of the package you need from Crates registry.

2. Adding configuration line in `Cargo.toml` -

Under the [dependencies] header, we just add the name of the package and specify the version number, like this on line number 9-

For this example, let’s go with the command line option and see what happens -

In a flash of a second, the operation is done, and the package is added!

The CLI gives a very crisp log of the sequence as the package installation happens. It first says that the cargo is updating the crates.io index (retrieval of package), and then adds ferris-says to dependencies. In the middle of this, it also displays the Features that were added with the package - something called clippy - which is a crate that contains a list of lints that are not available in the inbuilt Rust compiler lint list. These lints help improve our cargo.

And finally, it displays the final log that the crates.io index has been updated and we can immediately see that in the Cargo.toml file, under [dependencies] header, the crate name with the version number is added.

What is Cargo.lock in Rust?

As you can see in the file structure, as soon as you ran the project, Rust “builds” the project, indexing all the dependencies we just configured in Cargo.toml file, and then generates a Cargo.lock file.
This file contains a more detailed version of the Cargo.toml file and is meant to be used when we deploy our Rust app in different environments.

Few things to note about the Cargo.lock file -

As it mentions at the top, this file is not intended for manual editing unless absolutely necessary and if you have enough knowledge to play around with it.
Also, this file is automatically generated by Cargo, so even if you delete this file, there is nothing to worry; simply running the app again will ensure that this file is generated again.
It can be seen that the file contains very detailed information about the app and various dependencies including names, version numbers, and checksum codes. This ensures that the app and its dependencies are secure and that it works seamlessly across different production environments as well.

Advantage of manually adding the dependencies

If you noticed, there is a tab in the Crates.io website in the ferris-says package page, called “6 versions”. This means that from the time of its release in the Crates registry to the present moment, there have been 6 versions of the ferris-says released. And when you install it using the cargo add command, it adds the latest version by default.

In case you wanted to add a specific version or rollback to a previous version of the package for various reasons, you can do so by simply editing the package name in the Cargo.toml file under [dependencies] header.

This applies to not only editing the installed packages names, but also adding new packages manually with the desired version numbers, and running the app with the command cargo run. This will ensure that new packages with the exact specified version are installed, and also modifies the versions for existing packages in the Cargo.lock file as well, and then outputs the result -

You can verify whether the version change has taken place by checking the Cargo.lock file too -

You can see here that the package version number has changed from 0.3.1 to 0.2.1 now.

How to use packages in Rust?

Until now, we saw how to install or modify packages in Rust. Now to actually use them in our application code, we need to specify in our main.rs file or any other Rust file that we intend to “use” the package, and also what functions specifically from the package we want to use.

Since we are learning through the documentation, let’s go with the given example in the docs. And, remember, the docs use the latest versions so we have to change our ferris_says version back to the latest one.

This is the example code from the docs -

As you can see, the first line says use ferris_says::say - where use is the keyword to specify that we want to use a package, and then the package name ferris_says, followed by the double colon :: which is also known as the “path separator” and finally the name of the function we want to use from the package, namely say. When we run this program with cargo run, we get the following beautiful output -

CLI outputs are so pleasing to look at, aren’t they 😁

Do not worry about the syntax or many of the keywords yet! We are doing to dive into these things very soon.

Until then, keep yourself Rusty 🦀

Entering The Rust Universe

𝒮𝒶𝓇𝓉𝒽𝒶𝓀 📨 — Sat, 03 Feb 2024 06:17:58 +0000

Last week in my newsletter, I talked about the amazing language Rust - and why everyone needs to start learning it for 2024.

If you missed reading it, you can catch up on it here.

Rust is one of the fastest growing and highly performant languages of modern times.

Launched in 2015 for the public, Rust was meant to be a replacement language for systems level programming languages, and it has not failed to live up to its expectations.

So much so that Rust now has a fully thriving ecosystem built around it with many frameworks and libraries to support the development of apps across all platforms.

Why wait then? Let’s get started with setting up our first Rust project 🚀

As we land on the Rust homepage, we see a compact, welcoming landing page with the latest release version mentioned on the right with the link to documentation in the Get Started button.

Once we enter the documentation, we have many different options available to start implementing Rust.

You can play around with Rust completely online with the Rust playground.

Let’s install Rust on our system. Open up your terminal and run this curl command -

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

Once you run this command, you will be presented with a welcome message along with the location of where Rust toolchains and metadata, cargo the package manager will be installed, and the information about the PATH variables added, like so -

Once you ‘Enter’ to approve the installation, the process will be completed and you can test it by checking the cargo version -

Building the first Rust project -

Now, as mentioned, cargo is the official package manager for Rust and it is very handy. From accessing the documentation, help pages, to creating a new Rust project right from the CLI, cargo is very useful. Here are some quick commands for reference -

You can also type cargo –help to see a comprehensive list of commands that come with cargo for quick navigation -

With that done, let’s create our first Rust project -

In your terminal, cd into the folder/directory where you want to create your new Rust project and run the command - cargo new learn-rust

Open this project folder in your code editor. You can see that the project has a few starter files generated by cargo command -

Inside the src folder, we have main.rs file where .rs is the extension for Rust files, and then a Cargo.toml file which is the configuration file for the project. It is similar to YAML and JSON files, but just a bit easier to read due to its simpler semantics. This file is what we call the “manifest” file for Rust. It contains the metadata and dependencies for the entire project. This sounds similar to the package.json file in ReactJS/NodeJS projects, doesn’t it?

The main.rs file is where we write all our application code. Again, similar to index.js file.

We’ll come back to these lines of code and their meanings very soon. Let’s first run our project.

We use the command cargo run to generate the output of our main.rs file above. Once we do, we get the following output -

You can see the output “Hello, world!” in the terminal 🥳 Congratulations, you just ran your first Rust program 🚀

You can notice that a new folder target has been created and this is where our debug files, logs, and output file will be stored.

And that is it for this tutorial. In the next blog, we’ll learn more about cargo package manager and the magic it weaves ✨

I have also published a detailed video on this topic in my YouTube channel - watch it here.

Subscribe to my weekly newsletter on software development, my journey with code, and many other useful information to elevate your programming career.

Everything About Angular for 2024

𝒮𝒶𝓇𝓉𝒽𝒶𝓀 📨 — Sat, 27 Jan 2024 14:00:36 +0000

A New Framework a Day Keeps A Developer’s Sanity Away 🫠🥲

When I look at this meme, it doesn’t hit a chord of nostalgia for me. You ask why?

Well because unlike other memes which may fade out of trend, this particular meme never changes. Why??

Because it’s not a meme, it’s fact 😭

Every minute, day, week, month and year, it seems like new JavaScript frameworks are springing up out of nowhere.

And while the developer community is showcasing its amazing talents with an outpour of support, creativity, and open-source, a framework is not a library - it is not something that can be fixed and internalised in an organisation.

A framework needs stability, performance, and it needs to stay strong after many years and even hopefully, decades.

This is why we see popular libraries and frameworks being backed by big-tech because they have seen what it can do and they have the bandwidth to support its life cycle.

And what better choice than Angular which is a robust, highly scalable web framework - which is a favourite among enterprise app developers!

Where Angular stands amidst the war of frameworks

Angular has been around for more than a decade now. Its first version, AngularJS was released in 2010, and was later completely rewritten in 2016 with TypeScript, making it the most favourable choice for all kinds of web apps.

As you can see, we do have quite a handful of frameworks available for frontend. Remember - it does not have to be huge and complicated to be called a framework! Anything that abstracts the complexities away from developers so that we can focus on building and deploying features is a framework. And even though there are many available, there are only a few that are considered popular and industry-standard - React, Vue, and Angular.

Why do we need frameworks?

Because they make building stuff easier - that’s the hard fact. Building frontend apps has always been hard. Today’s “sites” are no longer just static. Of course there are millions of static sites out there and they are needed for various purposes, but interactivity is at the core of modern frontend. That’s why they are called web “applications” and not just websites.

With all this, imagine building a multi-layered, cross-functional application that has hundreds of thousands of internal web pages, apps, and tools built-in.

Building this out in native JavaScript is a sure way to put ourselves into tech-debt.

This is where frameworks come in - they come with a lot of batteries, functions, and features built into the package so that you can simply “import” these into your codebase, thereby building out components and segregating your application architecture in a neat way.

Why is Angular Thriving?

Before we dive into this, the natural question arises - why not React or Vue?

It is agreed that these two have had considerably high interest among the developer community recently, and React is backed by Facebook so it is a no-brainer choice among many.

But the question is also about feasibility, stability, and robustness. While React and Vue are both debatably strong in these areas, one area where Vue ranks higher than React is the true community-led development. Vue comes with a sleek syntax, much more straightforward and easy to use than React and building both MVPs and long-term enterprise apps are easier. And Angular leaves these two in the dust with a lot of extra horsepower in its engine.

Why Choose Angular in 2024?

There are a multitude of reasons to choose Angular and I’m listing them all here -

Strong Backing

A framework is not just about syntax and concepts! Nope. There are also things like principles, thought process, and system-design-led development methodologies. This is where Angular is a solid go-to framework. Angular is backed by the OG big-tech of all tech companies - Google 😎

And if this hasn’t already convinced you to break into the world of Angular, let me convince you a bit more 😃

The Angular Iteration

From AngularJS in 2010 to revamping itself as Angular 2.0 in 2017, today the latest stable version is now Angular 17 - released on December 13, 2023! Yep, just a few weeks ago. That means it has gone through a very speedy yet stable iteration, taking feedback and releasing more and more amazing features over the years.

This speaks volumes about the vibrant community behind Angular. And it’s a hundred percent “mature” framework - something that I personally haven’t been able to say about any other framework yet.

The One Man Army Ecosystem

Being a mature player in the field means that Angular comes with more than a decade of knowledge bases, forums, communities, blogs, documentations, tutorials, and much much more. And in this sense, Angular is a one-man army that takes on the enterprise web world with a sense of deadly calm.

Angular comes with its own CLI - a beautiful collection of nifty tools and scripts that get the ball rolling within no time.

This CLI includes creating a new app, testing entire components and modules, generating custom profiles, etc. No other framework or library comes close to the amount of in-built features available within Angular.

This is in stark contrast to React and Vue which heavily depend on external libraries for testing. In fact, this external dependency has created the ground for many testing frameworks making these ecosystems ripe for instability and uncertainty.

Robust Two-Way Binding

Angular is the only framework to introduce and implement two-way data binding for its components. This means that whatever feature or data implementation occurs amongst the components is immediately communicated with the browser and the browser responds back too. This synchronisation with the “Model” and “View” components helps with seamless data sharing across components and browser environments. This also means that changes occur instantly without a complex need for data management or explicitly writing a separate onChange function like we do in React.

File Based Component Architecture

This feature, initially introduced by Angular is now remixed and refurbished across other libraries and frameworks as well. Dividing components into their own files makes it unbelievably easier to manage components even after years of deployment into production.

This method also erases confusion and helps manage the entire codebase very easily.

Be wary - do not cut an apple with a sword!

With all the positives going for Angular, it is definitely a wise choice for building modern apps in 2024. But a word of caution - a wise developer chooses the framework or library AFTER analysing the requirements for the app. There are a multitude of solutions available in the developer world but we must be the one to decide whether we need a kitchen knife or a Swiss army knife, or maybe a sword after all 😁

If you liked reading this article, I have made a video on Angular to reflect this article. Watch it now

Make sure to subscribe to my newsletter if you haven’t already, where I share a weekly dose of fun, developer insider stories from my experience, and many useful nuggets to make your next project/app amazing 💯

https://bitfumes.com/newsletters

See you in the next one 👋

Docker Scout - Scouting The Security Seas

𝒮𝒶𝓇𝓉𝒽𝒶𝓀 📨 — Tue, 09 Jan 2024 07:10:58 +0000

Ever wondered how to navigate the travesties of security pitfalls, package integrities, and protection of our Docker images?

While Docker has made the developer’s life easy, there is still something crucial to take care of when we are dockerising our code.

Why? Because our container images are made up of many different layers of softwares, packages, and potentially other images too. And just like any software, our images are vulnerable to potential security threats ranging from as simple as an outdated package to a major slip up in external images.

Fortunately, Docker has released a scanning tool - Docker Scout - that helps us gain insights into the contents of a container image and accordingly fix them. The best part is that it can integrate with any CI pipeline we have including GitHub actions, Circle CI, GitLab, etc

Let’s get started 🐳

You can watch the video here about Docker Scout.

How to use Docker Scout with Docker CLI?

Firstly, we need to have Docker installed on our system - that means installing the CLI for it and the Docker Desktop app for our OS.

Confirm the installation with this command - docker –version; if it returns a version number similar to the below image, we are good to go.

And make sure to have Docker Desktop up and running as well.

Now, check using the CLI, if Docker Scout is available in the list of commands - and it should be 🤓

Type docker scout –help and we should get the below help information -

As we can see, there are many commands available, but there are two very important commands worth noting, and which we will be using extensively -

docker scout quickview
docker scout cves

As you might have guessed, CVE stands for Common Vulnerabilities and Exposures, and this command helps us identify or “scout” for issues in our images. It does this by comparing with the huge database of recorded vulnerabilities and security issues stored in Docker. We can see the complete list of these CVEs by visitinghttps://dso.docker.com/explore.

We can filter these CVEs by Image or Package or Vulnerability name if we are aware of them.

And as for the quickview command, just like the name suggests, it helps us get details about an image or package.

Let’s do a scout of the first most vulnerable image - storm:latest (as can be seen in the right side of the above image). Run docker scout quickview storm

We can see that the CLI returned a nice tabular view of the details of this Docker image. There are 55 “Critical” dependencies as marked in red colour, 123 “High”, 109 “Medium”, and 24 “Low” rankings of vulnerabilities.

But it’s more fun to actually use Docker Scout on our own existing application isn’t it? Here, I have opened a project folder within VS Code with the necessary dockerfiles -

So now that we have this basic setup ready, let us first build the project with Docker.

Type the command docker build -t image_name

Replace image_name with the name of your image; here I have used the name “mern”, as it can be seen below -

Once the command is executed, we can see that all the steps we have defined in our Dockerfile will be followed exactly as it is - it installs Node v.18 along with the required dependencies, and once this image is available, we can check for the vulnerabilities.

First, let’s run the command docker images to list all the available images in our system -

Here, we have the image “mern” available since we ran it just a moment ago. And now, let’s run the command docker scout quickview mern on our image.

Aaand.. Voila! There we have it. Docker Scout has detected 2 “Critical” vulnerabilities, 3 “High”, 14 “Medium”, and 89 “Low” ones.

And now, we can run docker scout cves mern to exactly see which package or layer created these vulnerabilities!

There we go! Now we have in-depth details about each vulnerability, sorted by package and layer according to the contents of our image.

As you can see, the command not only gives the name of the package that has the vulnerability, but also the correct “fixed” version of the same to help us in updating to the latest stable, secure version.

But there are also instances where many packages or images are not yet fixed even though they may have critical vulnerabilities, like so -

In such cases, rather than getting confused by the large list of vulnerabilities, we can use a flag --only-fixed with the Docker Scout command to shorten the list to a more fixable list. Here’s how to do it -

This will ONLY list out the fixable vulnerabilities where a stable/fixed version of it is available. In our example, openssh, mongoose, etc all have “fixed” versions that are not vulnerable anymore so we can easily upgrade these in our project’s package manager.

And here’s how I upgraded the mongoose package vulnerability easily -

Next, we can run the same command docker build -t image_name_2 to build a new image of the same project, and then run docker scout cves image_name_2 –only-fixed and we will find that the list is considerably shorter than before!

How to use Docker Scout with Docker Desktop app?

Since Docker desktop app provides a very fluid GUI, it is much more visually pleasing for those who prefer to not use the CLI. Open the Docker app and we should be able to see the local Docker images listed like so -

And once we click on the image, which is “mern” in this case, we can see the entire list of vulnerabilities presented similar to the CLI but more visual -

We can even filter the list by checking the checkbox labeled “Fixable packages” and this will function in a similar way to that of the flag we used earlier - --only-fixed.

There is an interesting option in the Docker app which is the “Recommended Fixes” option.

Once we click on the Recommended Fixes dropdown, we can see an option for “Recommendations for base image”. Click on that, and we will get this page where Docker recommends a fix for the base image node. As we can see, the current image node is 18, but the recommended options are 20, 21, etc.

How to use this recommendation?

Well, it’s quite simple! Scroll down on that recommendation page in the app, and we will see this below line to be added in our Dockerfile. Just copy and paste it like so -

And once we have updated the base image node, we can just run the command docker build -t image new_image and now we will see the same image listed among the local images in Docker app.

And here’s the magic of Docker Scout - the number of vulnerabilities came down from 100+ to just 24 🤩Yes, that’s the power of Docker Scout.

Your Docker image is now that much more secure, powerful, and vulnerable-free compared to your previous build!

No more bumping the heads against the wall trying to track down which package is destroying your app or which version to fix; simply use Docker Scout and let the magic happen 🎉

And in case you prefer watching this in video format, I have made a detailed video on Docker Scout and its usage on my channel here - What is Docker Scout?

Please subscribe to my newsletter https://bitfumes.com/newsletters

From Docker Enthusiast to Captain: My Journey with the Whale

𝒮𝒶𝓇𝓉𝒽𝒶𝓀 📨 — Thu, 04 Jan 2024 06:25:56 +0000

Being recognized as a Docker Captain is a tremendous honour, especially considering it coincides with my increased focus on creating more Docker content. It truly feels like a dream come true.

What is Docker Captain?

Docker captain are not just pirates steering container ship (though that imagery is pretty cool!).
They translate complex concepts of Docker into digestible content.

Docker Captain write blog posts, host webinars, organize meetups and most importantly share our passion for the technology that revolutionizes the software development.

My Inspiration: Why Learn Docker?

While containerization is a crucial skill for any tech professional in today's world, that wasn't always my perspective. Two years ago, this thought would have been alien to me. So, what sparked my sudden interest in Docker and containerization?

2 years ago, I joined a company Pfizer Inc. as a software engineer, and I found that the product I work with uses AWS ECS and Docker very much and that ignited spark on me to at least got to know what this Docker thing is?

Another reason I looked Docker as amazing technology is because of a Francesco Ciulla (@francescoxx He is one of my best friends from twitter(x))
I followed him from the days when he has very less followers on X but now, he is a known tech person with 180K+ followers.

He is also a Docker Captain and he often share content related to Docker and since I am his friend and follower I read or watch all his content which eventually leads to liking Docker.

How did I apply for Docker Captain program?

Since I have a decent YouTube channel called Bitfumes, whatever I learn I create video tutorial about that and same I started doing with Docker too.

I created a full Docker beginner course of around 2 hours 45 mins without knowing about that this video can help me in the future.
At this time, I didn't know about the Docker Captain program.

But then I got to know about Docker Captain program, and I started sharpening my Docker skills and created some more content around Docker.

And one day while scrolling LinkedIn, I found one post from Harsh Manvar (@harsh_manvar ) where there is a link to apply for Docker Captain program. I quickly jumped to the link and filled all the required details like my GitHub, twitter or LinkedIn profile and also which content I previously created related to Docker.

As a precaution, I also reached out to Harsh and Francesco for potential recommendations. However, to my absolute delight, I received an interview call directly from the Docker team after a few days.

I was excited as well as nervous about what going to happen.

About the Docker Captain Interview!

Okay, although we call it an interview, but I am not getting any kind of job hahah

So, on the scheduled date and time I met with Eva who just asked me some questions like why I want to become docker captain and why I even started learning docker.
I got really happy when she impressed with my YouTube channel and type of content I created.

However, she suggested creating a video specifically focused on Docker Scout, the latest Docker feature, to provide the approval team with fresh content. I promptly created the video within 5–6 days and sent it to Eva via email.

The Day I become Captain.

After a nervous wait, I finally received the invitation to sign the Docker Captain agreement on December 28, 2023. It felt like a perfect New Year's gift, and I couldn't have been happier.

I owe immense gratitude to both the Pfizer team and Francesco for igniting the spark that led me here.

Can you become Docker Captain?

Absolutely! The program welcomes anyone passionate about creating quality Docker content and boasting a decent online presence. In my case, my YouTube channel and its Docker-related content played a pivotal role in my journey.

So, if you share a passion for Docker and possess the drive to create informative content, the Docker Captain program awaits!

Follow me on Twitter and subscribe to my newsletter https://bitfumes.com/newsletters

From Docker Enthusiast to Captain: My Journey with the Whale

𝒮𝒶𝓇𝓉𝒽𝒶𝓀 📨 — Thu, 04 Jan 2024 06:25:56 +0000

Being recognized as a Docker Captain is a tremendous honour, especially considering it coincides with my increased focus on creating more Docker content. It truly feels like a dream come true.

What is Docker Captain?

Docker captain are not just pirates steering container ship (though that imagery is pretty cool!).
They translate complex concepts of Docker into digestible content.

Docker Captain write blog posts, host webinars, organize meetups and most importantly share our passion for the technology that revolutionizes the software development.

My Inspiration: Why Learn Docker?

2 years ago, while working at Pfizer Inc. as a software engineer, and I found that the product I work with uses AWS ECS and Docker very much and that ignited spark on me to at least got to know what this Docker thing is?

He is also a Docker Captain and he often share content related to Docker and since I am his friend and follower I read or watch all his content which eventually leads to liking Docker.

How did I apply for Docker Captain program?

Since I have a decent YouTube channel called Bitfumes, whatever I learn I create video tutorial about that and same I started doing with Docker too.

I created a full Docker beginner course of around 2 hours 45 mins without knowing about that this video can help me in the future.
At this time, I didn't know about the Docker Captain program.

But then I got to know about Docker Captain program, and I started sharpening my Docker skills and created some more content around Docker.

As a precaution, I also reached out to Harsh and Francesco for potential recommendations. However, to my absolute delight, I received an interview call directly from the Docker team after a few days.

I was excited as well as nervous about what going to happen.

About the Docker Captain Interview!

Okay, although we call it an interview, but I am not getting any kind of job hahah

The Day I become Captain.

After a nervous wait, I finally received the invitation to sign the Docker Captain agreement on December 28, 2023. It felt like a perfect New Year's gift, and I couldn't have been happier.

I owe immense gratitude to both the Pfizer team and Francesco for igniting the spark that led me here.

Can you become Docker Captain?

So, if you share a passion for Docker and possess the drive to create informative content, the Docker Captain program awaits!

Follow me on Twitter and subscribe to my newsletter https://bitfumes.com/newsletters

Unleash Your Coding Skills with the In Depth Laravel 2023 Course!

𝒮𝒶𝓇𝓉𝒽𝒶𝓀 📨 — Sat, 20 May 2023 04:40:00 +0000

Are you ready to take your Laravel coding skills to new heights and unlock the full potential of this powerful PHP framework? Look no further than the highly anticipated launch of the In Depth Laravel 2023 course!

In this comprehensive program, you'll delve deep into the intricacies of Laravel 10, gaining invaluable knowledge and hands-on experience that will propel you to the top of your game.

Check the course landing page In Depth Laravel Course 2023

Mastering the Backend Skills:
To excel as a Laravel developer, you need more than just a surface-level understanding.
This course is designed to equip you with the essential backend skills required for seamless development.
From setting up CI/CD pipelines to mastering deployment strategies and testing techniques, you'll be well-prepared to tackle any project that comes your way.

*Enter the World of TALL Stack: *
Get ready to revolutionize your development approach with the powerful TALL stack – a combination of Tailwind CSS, Alpine.js, Laravel, and Livewire.
Discover how to create stunning Laravel applications that boast remarkable user interfaces without relying heavily on JavaScript.
With TALL, you'll experience a whole new level of productivity and efficiency.

*Unleash the Potential of InertiaJS: *
InertiaJS is the game-changer you've been waiting for! By seamlessly integrating Vue.js and Laravel, you can build lightning-fast single-page applications that impress users and developers alike.
Learn how to harness the power of InertiaJS to create smooth, interactive interfaces that will keep your users engaged.

Continuous Integration and Deployment Made Simple:
Gone are the days of cumbersome deployment processes and long feedback loops. In this course, you'll discover the art of setting up CI/CD pipelines using GitHub Actions.
Say goodbye to manual deployments and embrace a streamlined workflow that allows you to collaborate effectively in a team environment, deploy frequently, and progress faster than ever before.

*Real-World Projects: *
Theory is essential, but practice is where the real learning happens.
That's why the In Depth Laravel 2023 course offers three exciting projects that will give you a holistic development experience.
From integrating Vue 3 and React.js with Laravel to exploring the limitless possibilities of AI with Nuno Maduro's openai-laravel package, you'll be prepared to tackle diverse real-world challenges.

*Embrace Laravel Livewire: *
Are you tired of juggling between frontend and backend technologies? Enter Laravel Livewire, a groundbreaking package that lets you build interactive user interfaces without relying heavily on JavaScript.
Discover how to harness the power of Livewire to simplify frontend development and make your coding life easier.

Meet Your Expert Instructor, Sarthak Shrivastava:
Led by the brilliant mind of Sarthak Shrivastava, founder of Bitfumes, this course is a culmination of years of experience and expertise.
With an impressive background in Laravel, Vue.js, React.js, and AWS, Sarthak brings a wealth of knowledge to the table. His engaging teaching style and passion for empowering developers have earned him a loyal following of over 120k subscribers on YouTube.

*Conclusion: *
Are you ready to become a professional Laravel Developer, equipped with a deep understanding of Laravel's ecosystem and integrations?
The In Depth Laravel 2023 course will transform you into a coding virtuoso, ready to take on any challenge that comes your way.
Whether you're a seasoned developer looking to expand your skill set or a beginner eager to dive into the world of Laravel, this course is your ticket to success.
Don't miss out on this opportunity to unlock your coding potential and shape a bright future in web development. Enroll today and prepare to embark on an extraordinary coding journey!

But Now

Follow on Twitter

Forem: 𝒮𝒶𝓇𝓉𝒽𝒶𝓀 📨

Is AI the Future of Code Editing? Let's Talk Cursor AI!

Exploring Hugging Face: The GitHub for the Machine Learning Community

What is Hugging Face?

Why Hugging Face is a Game-Changer

The Power of Open Source

How Does Hugging Face Make Money?

Getting Started with Hugging Face

Conclusion

How I Passed the AWS Developer Associate Exam (DVA-02): A Rollercoaster Ride of Challenges and Triumphs 🚀

Git Masterclass - Day 2

What is the difference between git pull and git fetch?

What is git fetch?

How to merge remote changes to local in Git?

Git Masterclass - Day 1

How to change branch in Git?

What is git stash?

How to get back to the stashed changes?

#2 Rust - Cargo Package Manager

Diving Into Rust - Understanding Cargo and Dependencies

1. Using Cargo -

2. Adding configuration line in Cargo.toml -

What is Cargo.lock in Rust?

Advantage of manually adding the dependencies

How to use packages in Rust?

Entering The Rust Universe

Building the first Rust project -

Everything About Angular for 2024

A New Framework a Day Keeps A Developer’s Sanity Away 🫠🥲

Where Angular stands amidst the war of frameworks

Why do we need frameworks?

Why is Angular Thriving?

Why Choose Angular in 2024?

Strong Backing

The Angular Iteration

The One Man Army Ecosystem

Robust Two-Way Binding

File Based Component Architecture

Be wary - do not cut an apple with a sword!

Docker Scout - Scouting The Security Seas

Let’s get started 🐳

How to use Docker Scout with Docker CLI?

How to use Docker Scout with Docker Desktop app?

From Docker Enthusiast to Captain: My Journey with the Whale

What is Docker Captain?

My Inspiration: Why Learn Docker?

How did I apply for Docker Captain program?

About the Docker Captain Interview!

The Day I become Captain.

Can you become Docker Captain?

From Docker Enthusiast to Captain: My Journey with the Whale

What is Docker Captain?

My Inspiration: Why Learn Docker?

How did I apply for Docker Captain program?

About the Docker Captain Interview!

The Day I become Captain.

Can you become Docker Captain?

Unleash Your Coding Skills with the In Depth Laravel 2023 Course!

What is the difference between `git pull` and `git fetch`?

What is `git fetch`?

2. Adding configuration line in `Cargo.toml` -