Tehnology Radar: Volume 32 - April 2025

Themes

Supervised agents in coding assistants

  • Main methods: "prompt-to-code" or "chat-oriented programming"

While we remain skeptical of coding agents that promise fully autonomous development of large tasks, we've seen promising results with this supervised approach, where developers still guide and oversee the agent's actions.

  • Leading this trend in the IDE-integrated tools space:
  • Cursor
  • Cline
  • Windsurf
  • GitHub Copilot <- This is the one I use and I'm very happy with it.
    • Note: I use mainly "prompt-to-code", ask it to explain the code, and then explain the optimization steps.

Despite these advancements, we remain cautious about how this increases complacency with AI-generated code, as in spite of some very good results, we still see a lot of need for steering and vigilance in the code review. With great power...

  • I several times in the long past have seen how AI-generated code got me into trouble, so I always review the code and ask it to explain the code. Especially when explaining the code, I ask it to explain the code in a way that I can understand it, so I can learn from it.

Evolving observability

  • What is Observability? Observability is the ability to understand what's happening inside a system based on the data it produces — like logs, metrics, and traces. It helps developers and operators:
  • Detect and diagnose issues
  • Monitor performance
  • Ensure reliability and uptime Traditionally, observability has been used in distributed systems, cloud-native applications, and microservices to keep everything running smoothly.
  • What Does "Evolving Observability" Mean? As systems become more complex — especially with the rise of AI, LLMs (Large Language Models), and multi-cloud architectures — observability tools and practices are evolving to keep up. Here's how:
  • LLM Observability
  • New tools are emerging to monitor and evaluate AI models, especially LLMs.
  • Examples: Weights & Biases Weave, Arize Phoenix, Helicone, HumanLoop
  • These tools help track things like:
    • Model performance
    • Prompt effectiveness
  • Latency and cost
  • User feedback and behavior
  • AI-Assisted Observability
  • Observability tools are now using AI themselves to:
    • Detect anomalies
    • Predict outages
    • Suggest root causes
  • This makes it easier for teams to manage complex systems without drowning in data.
  • OpenTelemetry Adoption
  • OpenTelemetry is an open-source standard for collecting observability data.
  • It helps teams avoid vendor lock-in and makes it easier to integrate different tools.
  • Tools like Alloy, Tempo, and Loki now support OpenTelemetry.

R in RAG = Retrieval in Retrieval-Augmented Generation

  • RAG combines retrieving external data with generating answers using an AI model.
  • The 'R' (retrieval) part is evolving fast to make AI responses more accurate and useful.

New Retrieval Techniques

  • Corrective RAG: Fixes or improves answers using feedback.
  • Fusion-RAG: Combines multiple sources for better coverage.
  • Self-RAG: Lets the model fetch data on demand, skipping traditional retrieval.
  • FastGraphRAG: Builds graphs to help humans understand retrieved info.

Why It Matters: Smarter retrieval = more reliable, up-to-date, and context-aware AI responses

Radar

Adopt

My personal goal is to:

  • Adopt the latest tools and techniques in my daily work.
  • At least try to use them in my personal projects.

Techniques

1. Data product thinking
Data product thinking

Summary of Our Conversation

  1. What is Data Product Thinking?
    • Definition: A modern approach where data is treated like a product with its own lifecycle, quality standards, and consumer focus.
    • Key Concepts:
    • Design data around use cases
    • Manage both business and technical metadata
    • Use tools like DataHub, Collibra, Atlan, Informatica
    • Ensure data is AI-ready, governed, and compliant
  2. What Are Data Mesh and Data Lakehouse?
    • Data Mesh:
    • A decentralized data architecture
    • Domain teams own and manage their data as products
    • Emphasizes self-serve infrastructure and federated governance
    • Data Lakehouse:
    • A unified architecture combining data lakes and data warehouses
    • Centralizes data in open formats for analytics and machine learning
    • Supports structured, semi-structured, and unstructured data
  3. Visual Comparison and Use Cases
    • We compared both architectures side-by-side:
    • Data Mesh is ideal for large organizations with many domains needing autonomy
    • Lakehouse is best for unified analytics and ML on a single platform
    • Use-case examples helped clarify when to use each
  4. Support for Multiple Data Sources
    • Both architectures support data from:
    • Relational databases (MySQL, MSSQL)
    • Flat files (CSV, Excel)
    • Cloud storage, enterprise systems, and streaming platforms
    • Integration is handled via ETL/ELT pipelines or connectors
  5. Data Copy vs. Live Link
    • Data Mesh: Can use both data copies and live links depending on domain needs
    • Lakehouse: Primarily uses data copies for performance, but supports live queries via tools like Trino or Databricks
    • Tools:
    • Copy: Fivetran, Airbyte, dbt, Informatica
    • Live Link: Trino, Starburst, Databricks (via connectors)

Top Takeaways

  1. Data product thinking is a foundational mindset for modern data management—focused on usability, ownership, and lifecycle.
  2. Data mesh decentralizes data ownership and governance; lakehouse centralizes storage and analytics.
  3. Both architectures support diverse data sources and can use data copies or live links depending on the use case.
  4. A variety of modern tools exist to support ingestion, transformation, and querying across systems.
Goal | Data product thinking

Apply data product thinking principles to improve quality, usability, and accountability.

You don't need a big platform to apply data product thinking. Start small:

  • Name your data products
  • Assign ownership
  • Document purpose and quality
  • Focus on the user experience

This builds a foundation for trust, usability, and scalability—even in a small DataMart.

2. Fuzz testing
Goal | Fuzz testing

Were are resistant to unexpected inputs and edge cases. Because our ETL are designed fail fast and recover quickly. I will continue to keep on eye on our error logs and monitor for any unexpected inputs or edge cases that may cause issues in our ETL processes.

3. Software Bill of Materials
Goal | Software Bill of Materials

Note: This a shotgun list of tools that I will use to generate SBOMs and scan for security issues in my projects. I will document my experiences and share them with the team. I hope that I get approval from David to look into these tools and use them in our team projects.

Look into Tools to Generate SBOMs and Scan for Security Issues

  1. Syft (by Anchore)
  2. Generates SBOMs from Docker images, source code, and file systems.
  3. Supports SPDX, CycloneDX, and JSON formats.
  4. Lightweight and easy to automate.

  5. GitHub: https://github.com/anchore/syft

  6. Grype (by Anchore)

  7. Scans Docker images and SBOMs for known vulnerabilities.
  8. Works well with Syft.

  9. GitHub: https://github.com/anchore/grype

  10. Trivy (by Aqua Security)

  11. Scans Docker images, Kubernetes clusters, and Git repositories.
  12. Generates SBOMs in CycloneDX and SPDX formats.
  13. Fast and easy to use.

  14. GitHub: https://github.com/aquasecurity/trivy

  15. KubeClarity (by Cisco)

  16. Scans Kubernetes clusters for vulnerabilities.
  17. Generates SBOMs and provides a visual dashboard.
  18. Integrates with Trivy and Grype.
  19. GitHub: https://github.com/openclarity/kubeclarity

Example Workflow for a Python + Docker + Kubernetes Team

  1. Generate an SBOM from a Docker image using Syft:

    bash syft my-python-app:latest -o cyclonedx > sbom.json

  2. Scan the SBOM for vulnerabilities using Grype:

    bash grype sbom:sbom.json

  3. Use Trivy to generate an SBOM and scan in one step:

    bash trivy image --format cyclonedx --output sbom.xml my-python-app:latest

  4. Scan a Kubernetes cluster for security issues:

    bash trivy k8s --report summary cluster

4. Threat modeling
  • a rapidly evolving AI-driven software development landscape
  • the critical importance of threat modeling for building secure and agile software
  • threat modeling defined as techniques to identify and classify potential threats
  • applicability of threat modeling across various contexts, including generative AI
  • generative AI introducing unique security risks
  • necessity of performing threat modeling regularly throughout the software lifecycle
  • integration of threat modeling with other security practices
  • defining cross-functional security requirements to address common project risks
  • use of automated security scanners for continuous monitoring

Avoid: security sandwich

The term "security sandwich" typically refers to an inefficient or ineffective security process where security is only addressed at the beginning and end of the software development lifecycle—but ignored in the middle where most of the actual development happens.

Platforms

23. GitLab CI/CD

This tool is a continuous integration and continuous deployment (CI/CD) platform that automates the software development process. It allows teams to build, test, and deploy code efficiently. It also has a monitoring feature, see if they have a plugin for Azure DevOps.

Goal | GitLab CI/CD
  • [x] Research GitLab CI/CD and see if it has a plugin for Azure DevOps to enter error into Azure Logs.

Note: The information below is a summary of the conversation we had about GitLab CI/CD and Azure Logs with Copilot. I will review it and make changes as needed.

  1. Options to Send GitLab CI/CD Errors to Azure Logs

1.1 Use Azure Monitor HTTP Data Collector API - You can configure a GitLab CI/CD job to send logs or error messages to Azure Monitor using its HTTP Data Collector API. - This involves creating a Log Analytics Workspace in Azure. - You can use a script in your .gitlab-ci.yml file to send logs via curl or a Python script.

 Example snippet:

 ```yaml
 script:
   - |
     curl -X POST "https://<workspace-id>.ods.opinsights.azure.com/api/logs?api-version=2016-04-01" \
     -H "Content-Type: application/json" \
     -H "Log-Type: GitLabErrors" \
     -H "x-ms-date: $(date -u)" \
     -H "Authorization: SharedKey <workspace-id>:<signature>" \
     -d '{"error": "Build failed", "job": "test"}'
 ```

1.2 Use a Logging Agent or Middleware - You can send logs to a centralized logging system like Fluentd or Logstash from GitLab. - These systems can then forward the logs to Azure Monitor.

1.3 Azure DevOps Integration - There is a GitLab Integration for Azure Pipelines extension that allows you to use GitLab repositories in Azure DevOps pipelines. - While this doesn't directly send GitLab CI/CD logs to Azure Logs, it can help bridge workflows if you're using both platforms.

Would you like help setting up the HTTP Data Collector API method in your GitLab pipeline?

24. Trino

Trino is a distributed SQL query engine designed for big data analytics. It allows users to run SQL queries across various data sources, including relational databases, NoSQL systems, and data lakes.

Goal | Trino
  • [ ] Make a project to test this tool.

Tools

51. Renovate

Renovate is a tool that automatically scans your project for outdated dependencies and opens PRs to update them. It's more powerful and customizable than Dependabot, and it's especially useful for teams that want to manage not just application code but also tooling, infrastructure, and internal libraries. When configured well, it can significantly reduce the burden of dependency maintenance.

Key Concepts in the Technology Radar:

  • Proactive dependency management: Renovate automatically checks for newer versions of dependencies (e.g., libraries, tools, Docker images) and opens Pull Requests (PRs) to update them. This reduces the risk of falling behind and encountering security vulnerabilities or compatibility issues later.
  • Comparison with Dependabot:
  • Dependabot is the default tool in GitHub for this purpose.
  • Renovate is recommended as a more comprehensive and customizable alternative—especially for teams with more complex needs.
  • Scope of updates:
  • Renovate can be configured to track and update:
    • Regular dependencies
    • Tooling (e.g., linters, compilers)
    • Infrastructure (e.g., Terraform modules, Dockerfiles)
    • Private/internal dependencies
  • Automation to reduce fatigue:
  • It suggests enabling automatic merging of PRs for safe updates to minimize noise and manual work for developers.
Goal | Renovate
  • [ ] Look into Dependabot for our projects to automate dependency updates.
52. uv

uv is a next-generation Python package and project management tool built in Rust, designed for high performance and speed. It aims to consolidate and replace tools like Poetry, pyenv, and pipx, offering a unified, fast, and modern developer experience.

Goal | uv
  • [x] Replace my current use of pyenv with uv for managing Python versions and packages.
53. Vite

Vite is a modern build tool that provides a faster and leaner development experience for modern web projects. It leverages native ES modules in the browser for development and bundles code with Rollup for production.

What is Vite? Vite is a modern front-end build tool used to develop fast, interactive websites and web apps. It is not an editor like Visual Studio Code, nor does it directly work with Python or SQL databases.

What Vite Does:

  • Speeds up development with instant startup and hot module replacement (your site updates live as you code)
  • Bundles and optimizes your code for fast loading in production
  • Works best with JavaScript frameworks like Vue, React, and Svelte
  • Used by modern tools like SvelteKit, Nuxt 3, Astro, and VitePress
  • Managed and maintained by VoidZero, with community and financial support for long-term development

What Vite Is Not:

  • Not an IDE (like VS Code)
  • Not used to write or run Python
  • Does not connect directly to SQL databases

Typical Use Case:

  • A developer writes a web app using React or Vue
  • Vite runs the development server, compiles the code instantly, and helps test it live in the browser
  • Once ready, Vite bundles the app for deployment

To Load Data from a SQL Database with Vite:

You still need a back-end API (written in something like Python or Node.js) that connects to your SQL database. The Vite app can then fetch data from that API.

Goal | Vite

I don't need to use Vite for my current projects, but I will keep it in mind for future web development projects that require a modern build tool. Our web development projects are simple. I will check on this though anyway.

  • [ ] I will develop a simple web app using Vite to understand its features and capabilities. This will help me evaluate if it can be beneficial for future projects.
Goal | Vite mobile app

Yes, you can build a minimal native app for Android and iPhone that functions as a fullscreen (windowless) browser, loading only a specific web page. This is commonly referred to as a webview app.

What You're Describing:

  • A native app for Android and iOS.
  • When opened, it hides all browser chrome (URL bar, tabs, etc.).
  • It loads and displays a specified web page.
  • The actual app is just a lightweight wrapper — the UI comes from your website.

Tools to Build It:

  1. Capacitor (by Ionic)

  2. Cross-platform (Android + iOS).

  3. Uses your web code (e.g., React, Vue, etc.) inside a native WebView.
  4. You can create a native shell that loads your site (either from the internet or bundled locally).
  5. Easily access native features (camera, GPS, etc.) if needed.

✅ Good for production ✅ Actively maintained ✅ Works well with Vite-built apps

  1. Cordova / PhoneGap (older)

  2. Similar to Capacitor, but older and not as actively maintained.

  3. Still works, but Capacitor is the modern replacement.

✅ Still supported, but not ideal for new projects

  1. Native Android and iOS (manual way)

  2. Android: Use WebView in Java/Kotlin to load your URL

java WebView webView = findViewById(R.id.webview); webView.getSettings().setJavaScriptEnabled(true); webView.loadUrl("https://example.com");

  • iOS (Swift): Use WKWebView

swift let webView = WKWebView(frame: self.view.frame) webView.load(URLRequest(url: URL(string: "https://example.com")!)) self.view.addSubview(webView)

✅ Full control ❌ Requires Android Studio and Xcode builds separately ❌ More complex

Considerations:

Feature Supported
Fullscreen view with no URL bar Yes
Touch, swipe, zoom Yes
Local file support or remote URL Yes
App store distribution Yes
Access to native APIs With Capacitor / Cordova or custom native code

Real-World Use Case:

This is how many apps work behind the scenes — for example, internal company apps, form apps, content kiosks, or even wrappers around mobile web portals.

Would you like:

  • A step-by-step guide to make one using Capacitor?
  • Or simple starter projects in Android Studio and Xcode?

Let me know your platform preference.

Languages and Frameworks

83. OpenTelemetry
  • What is OpenTelemetry?

OpenTelemetry is a collaborative project under the Cloud Native Computing Foundation (CNCF) that aims to unify how telemetry data is gathered and transmitted across systems. It provides SDKs, APIs, and tools for instrumenting applications and services.

  • Why Adopt OpenTelemetry?
  • Standardization with OTLP:
    • The OpenTelemetry Protocol (OTLP) is a unified transport protocol for all telemetry signals (traces, metrics, logs, and profiling).
    • It simplifies integration by eliminating the need for multiple agents or exporters.
  • Vendor-Agnostic:
    • Major observability platforms like Datadog, New Relic, and Grafana support OTLP.
    • This allows organizations to avoid vendor lock-in and build flexible observability pipelines.
  • Efficiency:
    • Supports gzip and zstd compression, reducing data size and bandwidth usage—critical for high-throughput environments.
  • Scalability for Microservices:
    • Designed with distributed systems and microservices in mind, making it easier to achieve full-stack observability across complex architectures.
  • Future-Proof:
    • As OpenTelemetry expands to include logs and profiling, OTLP ensures consistent data handling, making it a robust long-term solution.
  • Use Cases
  • Cloud-native applications needing consistent observability across services.
  • DevOps and SRE teams looking to consolidate telemetry pipelines.
  • Organizations migrating from proprietary APM tools to open standards.
  • Ecosystem & Adoption
  • OpenTelemetry is one of the most active CNCF projects, with broad community and vendor support.
  • It integrates well with tools like Prometheus, Jaeger, Fluentd, and Tempo, among others.
84. React Hook Form
  • React Hook Form (RHF)

  • Status: Adopted as an alternative to Formik

  • Why Choose React Hook Form?

  • Performance-Oriented

    • RHF uses uncontrolled components by default, which avoids unnecessary re-renders
    • This results in better performance, especially in large or complex forms

  • Validation Integration

    • Seamlessly integrates with popular schema validation libraries like:
    • Yup
    • Zod
    • Others
    • Makes it easy to define and enforce complex validation rules

  • Flexibility and Compatibility

    • Works well with external controlled component libraries such as:
    • shadcn/ui
    • Ant Design (AntD)
    • Can be integrated into existing codebases without major refactoring

  • Developer Experience

    • Simple API with hooks like useForm, Controller, and useFieldArray
    • Strong TypeScript support
    • Active community and ongoing development

  • Use Cases

  • Ideal for form-heavy applications like admin dashboards, surveys, or onboarding flows

  • Great for teams looking to optimize performance without sacrificing flexibility

React Hook Form is used for building and managing forms in React applications. Here are some common scenarios where you'd use it:

  • Building complex forms with many fields, dynamic inputs, or conditional logic
  • Creating high-performance forms that avoid unnecessary re-renders
  • Integrating with validation libraries like Yup or Zod for schema-based validation
  • Working with UI component libraries like Ant Design or shadcn/ui that use controlled components
  • Managing form state in a clean and scalable way, especially in large applications
  • Handling form submission, error messages, and field-level validation with minimal boilerplate

You can explore React Hook Form in action through several official and community resources. Here are some great places to see demos and try it out:

  • Official React Hook Form Website
  • https://react-hook-form.com

  • Includes live examples, documentation, and a playground where you can test forms directly in the browser.

  • React Hook Form CodeSandbox Demos

  • https://codesandbox.io/s/react-hook-form

  • A collection of interactive examples showing different use cases like validation, dynamic fields, and integration with UI libraries.

  • GitHub Repository

  • https://github.com/react-hook-form/react-hook-form

  • Contains source code, examples, and links to community projects.

  • YouTube Tutorials and Walkthroughs

  • Search for "React Hook Form tutorial" or "React Hook Form demo" on YouTube to find visual walkthroughs and real-world app examples.

Personal notes: Spent one hour and twenty--three minutes on this on 7-12-2025, and I will continue to work on this list to adopt the latest tools and techniques in my daily work. I will also document my experiences and share them with the team.