JÃ¼rgen FÃ¤lchle - stock.adobe.c
That’s because human intelligence still reigns when it comes to solving complex problems, and people can do it more productively with the help of AI to offload menial tasks.
Dohmke should know, as GitHub is used by millions of open source developers around the world not only to host their code, but increasingly to automate their software builds, testing and deployment through continuous integration and continuous deployment (CI/CD).
On a recent trip to key markets in Asia, Dohmke spoke to Computer Weekly about GitHub’s work in the region, its synergies with Microsoft, which acquired GitHub in 2018, and how GitHub’s Copilot AI assistant and Codespaces cloud-based development environment can improve the lives of developers.
Can you tell me more about your time in the Asia-Pacific (APAC) region and what you’re hoping to accomplish while you’re here?
Thomas Dohmke: There are three angles to this. First, it’s incredibly important for the CEO of a company to have direct customer contact. While we can invite customers to our headquarters in San Francisco and other locations, going to the customer and seeing how their culture is reflected in their offices and the way they’re running meetings is part of our mantra of being customer-obsessed.
It’s always exciting for me to see the other side of the world. I’m very familiar with the culture in Silicon Valley and the US in general, and as a German, I’m very familiar with European culture. APAC gives me a different perspective of the world.
We’ve lined up a lot of customer meetings, and I met with a customer to talk about the future and what we’re seeing in the software developer space. We are very open about how we develop software and what our processes are. So, even if GitHub itself is not open source, that doesn’t prevent us from acting like an open source project, and sharing our roadmaps and how we are addressing challenges in software development.
That brings us to the second point, which is about the developer community. We’ve run community meet-ups in Tokyo, Singapore and Sydney to hear from developers and better understand what software development is like these days, what’s coming, and what pain points they have.
Third, I’ve had meetings with GitHub employees in this region. Our APAC leadership is in Sydney, but we have an office in Tokyo, and a few folks here in Singapore. And as part of Microsoft, we’ve also met with Microsoft’s regional leadership team to talk about opportunities and our business plans.
Similar to our meetings with customers and the community, it’s important for our employees to see the CEO and how passionate I am about Copilot and Codespaces, which they can take away and apply in their customer meetings.
Based on your interactions with developers from different parts of the world, do their concerns and challenges vary in any way?
Dohmke: I think in general, open source has brought developers closer. The open source community is incredible, but it’s not only because they’ve decided to publish their source code. We believe that as a collaboration model, open source is better than any other collaboration model, because people are speaking in code with each other that transcends nationalities, education levels and organisational structures, none of which matters in open source.
And so, you have this democratised way of working with each other – you send somebody your code and get feedback, and while human emotions are still involved at times, ultimately, it’s millions of developers around the world working together to push for progress.
Thomas Dohmke. GitHub
That alone is incredible, and the differences don’t really matter. Of course, there are cultural differences and language barriers which sometimes hinder people with difficulties expressing themselves in English. But with Google Translate and upcoming AI technologies, it’s just a matter of time before those challenges go away.
You talked about upcoming AI technologies – we’ve seen the potential of GPT3 and the conversations on how it can make it more efficient for developers to code. GitHub has similar capabilities in Copilot as well. Do you think AI will replace programmers, and where do you see the future going for junior developers?
Dohmke: I think the next generation of developers will be used to AI and it’s going to be incredible. Technologies such as ChatGPT will enable a new way of learning, so young developers can interact with AI and learn at their own pace, whether it’s through tutorials or scripts in a predefined storyline.
It will also enable developers to be more productive, and we’ve seen this in Copilot. When you start using Copilot, it doesn’t have any information about you, so it uses the Codex model, which is a subvariant of the GPT model, to suggest code to you. But as you type, if it suggests code you don’t like, you can reject it.
Over time, it learns what you accept or reject, and adapts to your coding style. We saw developers who were sceptical of the AI in Copilot get that “aha” moment after a few days, and a couple weeks later, they can no longer live without it.
There was a tweet by someone who was willing to pay $1,000 a month for a service that combines ChatGPT and Copilot to help him build code, and while that is not necessarily an indicator of the price of such a service, it shows how far this could go in the software development space.
Going back to junior developers, I think they will be more skilled when they come out of college because they don’t have to learn the boring basics of programming in the same way we did. We have a shortage of developers almost everywhere in the world; developers constantly have to learn, and AI is going to support them. It’s so much more attractive to have an AI assistant with you, instead of reading stacks of books or wiki articles.
You don’t believe AI will replace developers some day?
Dohmke: No, and it’s the same as how a self-driving car still needs to know where you want to go, and a script writer still has to write the story. Obviously, developers will still have to write the story and AI cannot do that. It will support the menial tasks and things like writing test cases will probably be unnecessary.
We have gone through this before. Before the internet got big, people wrote their own software. You might buy a commercial software component, and somebody shipped you a floppy disk, but there was no open source software you could use.
It’s like the tip of a pyramid, except that the pyramid gets taller and taller. The code that sits on top is the same amount of code you would write day after day, but the underlying code base and complexity will grow because our systems are getting more complex.
Let’s talk about the company’s strategy. A lot has changed since Microsoft acquired GitHub, which is more than just a code repository today, with CI/CD tools and things like Copilot and Codespaces. What is the thinking around the evolution of the platform?
Dohmke: Great question. As you said, we started with source code hosting – that’s the “Git” in GitHub. From the early days, we offered developers free source code hosting for open source projects, and we also offer free hosting for private projects.
But as software development becomes complex, developers have to do more tasks, and we believe we have to put the developer first. That means the information the developer needs to build an application needs to be available where the code sits, which is in GitHub.
If you have to go somewhere else for that information, you’re probably not going to do it or you’re only going to do it every three months. That’s not sustainable with cyber security issues and the compliance requirements around data residency. You have to have all that information available to you during the design process.
Thomas Dohmke, GitHub
And so, we thought about the features that GitHub was missing to enable that developer-first mindset. In 2018, we launched GitHub Actions, which provides a code-based CI/CD system, and we were one of the first to enable developers to configure the CI/CD workflow in code.
We talked about Copilot, which is clearly part of the developer workflow, and Codespaces is about moving the development environment to the cloud. We realised that at GitHub, our developers who start working on a new project will need to collaborate with another team that runs another project that their project is dependent on. That team might be halfway around the world, and setting up all the dependencies takes time.
But with Codespaces, you can spin up a Bootstrap environment in less than a minute. As a CEO who likes to travel with my iPad, I can spin up Codespaces in a browser and don’t have to worry about installing any dependencies to make quick changes and pull requests. That’s the power of Codespaces – you can have an infinite number of these code environments available to you.
You obviously still have a keyboard and screen, and many developers still want to have local code because of latency, but they’re connecting to everything else in the cloud container. The cloud container can then leverage the same CI/CD process to be updated every night. That means the security team doesn’t have to worry about dependencies, compilers and all the tools in that container being out of date.
That’s the power of the cloud, and we believe the developer cloud, as we call it, is going to have a big future. It’s going to democratise access to cloud-native development, because you no longer have to worry about whether your laptop’s CPU is fast enough or if it has a GPU [graphics processing unit] to run a model.
We strongly believe that software development will move to cloud. Most other professionals are already in the cloud, from salespeople using Salesforce or Microsoft Dynamics, to accountants using NetSuite or SAP in the cloud. Software developers have helped to move every professional to the cloud except themselves.
Are there gaps or areas that you might want to enhance further in GitHub?
Dohmke: I think the biggest challenge we are trying to solve in partnership with other companies is securing the software supply chain. As many companies have built their technology stacks on open source technologies, it has become apparent that software vulnerabilities like the one in Log4j can have a huge impact on the world.
I think Log4j was eye-opening to many CISOs [chief information security officers]. Too many people think they can be secure by installing everything in their datacentre – until they realise that close to 90% of their code is not actually in their environment and comes from someone else who may not understand software security.
We are a member of OpenSSF, and are working closely with other partners to figure out a developer-first way to secure the software supply chain. We work with many open source projects, and we give them tools and ideas on how they can secure their software components so the rest of the world can be secure.
At the same time, we work with enterprise customers to help them understand the need to keep all their components up to date, and that they should not push passwords, tokens and keys into repositories which might be targeted by cyber attackers at some point. Most attackers are smart enough to not use all the secrets they’ve found at once – they use one until that gets revoked and then they use the next one.
For many companies, it’s hard to find out what was stolen as it’s like finding a needle in a haystack. And so, we have something called secret scanning, which you can use to remove all secrets or block secrets from appearing in a repository. We also do code-scanning, or software composition analysis, to find software vulnerabilities in your code. The findings can be shared with other companies so that everybody can benefit from them.
I spoke to Red Hat CEO Matt Hicks earlier this year about the same topic, and his team is looking to build SBOM [software bill of materials] capabilities into OpenShift.
Dohmke: We are in the same OpenSSF working group, and SBOM is a huge topic in the US as software companies that do business with the US government must deliver software as SBOMs.
But instead of generating SBOMs at the end of the development cycle, we should generate them for every open source project. We want to give developers the tools to generate SBOMs in GitHub Actions that are already being used by many of them. Enterprises that use open source software can then leverage those SBOMs to create a composite SBOM when all the software components come together.
Could you talk about your synergies with Microsoft? How has being part of Microsoft benefited GitHub in terms of reaching out to a broader base of developers and customers?
Dohmke: Let me start by saying that the developers will always come first, and when you go to our website, we don’t sell you any Microsoft products. We are focused on what developers need to develop software. But of course, we see a lot of acceleration from Microsoft, and a great example is Copilot.
Microsoft was already a partner of OpenAI, and we happened to work closely with Microsoft and OpenAI on the Codex model. That gives us a way to run the inference model in Azure datacentres on GPUs that Microsoft has, so I don’t have to worry about setting up datacentres and buying GPUs.
If you think about AI assistants like Copilot, latency is really important. By the time you finish typing something and the code suggestion doesn’t appear quickly, you’re not going to use it and you will just keep typing. We’ve deployed the GPUs in the US and Europe, and they will come to Asia as well in the future.
On the business side, because Microsoft is much bigger here in Singapore than GitHub, Microsoft also helps us with existing customer connections.
Read more about software development in APAC
- In this handbook, focused on tech careers for women in the Asia-Pacific region, Computer Weekly looks at what can be done to attract more women into software development.
- Major features in Java 19 will make it easier for Java developers to build applications that interface with non-Java code, among other capabilities in the 10th edition of the platform’s six-month release cadence.
- Endowus has built a distributed microservices architecture to ensure its investment platform remains resilient at all times.
- Software developers are taking longer to fix vulnerabilities and many do not know about the dependencies of open source software components they are using, study finds.