Posts Tagged ‘Microsoft’
[DevoxxFR2025] Building an Agentic AI with Structured Outputs, Function Calling, and MCP
The rapid advancements in Artificial Intelligence, particularly in large language models (LLMs), are enabling the creation of more sophisticated and autonomous AI agents – programs capable of understanding instructions, reasoning, and interacting with their environment to achieve goals. Building such agents requires effective ways for the AI model to communicate programmatically and to trigger external actions. Julien Dubois, in his deep-dive session, explored key techniques and a new protocol essential for constructing these agentic AI systems: Structured Outputs, Function Calling, and the Model-Controller Protocol (MCP). Using practical examples and the latest Java SDK developed by OpenAI, he demonstrated how to implement these features within LangChain4j, showcasing how developers can build AI agents that go beyond simple text generation.
Structured Outputs: Enabling Programmatic Communication
One of the challenges in building AI agents is getting LLMs to produce responses in a structured format that can be easily parsed and used by other parts of the application. Julien explained how Structured Outputs address this by allowing developers to define a specific JSON schema that the AI model must adhere to when generating its response. This ensures that the output is not just free-form text but follows a predictable structure, making it straightforward to map the AI’s response to data objects in programming languages like Java. He demonstrated how to provide the LLM with a JSON schema definition and constrain its output to match that schema, enabling reliable programmatic communication between the AI model and the application logic. This is crucial for scenarios where the AI needs to provide data in a specific format for further processing or action.
Function Calling: Giving AI the Ability to Act
To be truly agentic, an AI needs the ability to perform actions in the real world or interact with external tools and services. Julien introduced Function Calling as a powerful mechanism that allows developers to define functions in their code (e.g., Java methods) and expose them to the AI model. The LLM can then understand when a user’s request requires calling one of these functions and generate a structured output indicating which function to call and with what arguments. The application then intercepts this output, executes the corresponding function, and can provide the function’s result back to the AI, allowing for a multi-turn interaction where the AI reasons, acts, and incorporates the results into its subsequent responses. Julien demonstrated how to define function “signatures” that the AI can understand and how to handle the function calls triggered by the AI, showcasing scenarios like retrieving information from a database or interacting with an external API based on the user’s natural language request.
MCP: Standardizing LLM Interaction
While Structured Outputs and Function Calling provide the capabilities for AI communication and action, the Model-Controller Protocol (MCP) emerges as a new standard to streamline how LLMs interact with various data sources and tools. Julien discussed MCP as a protocol that aims to standardize the communication layer between AI models (the “Model”) and the application logic that orchestrates them and provides access to external resources (the “Controller”). This standardization can facilitate building more portable and interoperable AI agentic systems, allowing developers to switch between different LLMs or integrate new tools and data sources more easily. While details of MCP might still be evolving, its goal is to provide a common interface for tasks like function calling, accessing external knowledge, and managing conversational state. Julien illustrated how libraries like LangChain4j are adopting these concepts and integrating with protocols like MCP to simplify the development of sophisticated AI agents. The presentation, rich in code examples using the OpenAI Java SDK, provided developers with the practical knowledge and tools to start building the next generation of agentic AI applications.
Links:
- Julien Dubois: https://www.linkedin.com/in/juliendubois/
- Microsoft: https://www.microsoft.com/
- LangChain4j on GitHub: https://github.com/langchain4j/langchain4j
- OpenAI: https://openai.com/
- Devoxx France LinkedIn: https://www.linkedin.com/company/devoxx-france/
- Devoxx France Bluesky: https://bsky.app/profile/devoxx.fr
- Devoxx France Website: https://www.devoxx.fr/
[DefCon32] The XZ Backdoor Story: The Undercover Op That Set the Internet on Fire
In a riveting exploration of one of the most sophisticated cyberattacks in recent history, Thomas Roccia, a security researcher at Microsoft, unravels the intricate tale of the XZ backdoor. Discovered by Andres Freund in March 2024, this clandestine operation compromised the open-source XZ utility, specifically its liblzma library, threatening SSH servers worldwide. Thomas’s narrative dissects the attacker’s methods, the discovery’s serendipity, and the broader implications for open-source security, urging the community to remain vigilant.
The Discovery of the XZ Backdoor
Thomas begins by recounting the fortuitous discovery by Andres Freund, a Microsoft engineer, who noticed anomalies in the XZ utility. The backdoor, orchestrated by a mysterious maintainer named Jia Tan, was embedded in the liblzma library, a critical component for SSH operations. This breach could have granted attackers remote access to countless systems. Thomas highlights the mix of luck and expertise that led to the detection, emphasizing how close the internet came to a catastrophic compromise.
The Attacker’s Modus Operandi
Delving into the operation, Thomas outlines how Jia Tan infiltrated the XZ project by gaining trust over time. The attacker, potentially backed by a nation-state, employed sophisticated techniques to insert malicious code, exploiting the project’s open-source nature. By meticulously integrating the backdoor into legitimate updates, Jia Tan evaded scrutiny until Freund’s investigation. Thomas details the technical mechanics, including how the backdoor manipulated SSH authentication, underscoring the attacker’s deep understanding of Linux systems.
Lessons for Open-Source Security
The XZ incident exposes vulnerabilities in open-source ecosystems, where trust in contributors is paramount. Thomas advocates for enhanced vetting processes and automated code analysis to detect anomalies early. He stresses the importance of community awareness, as knowledge of such attacks is a key defense. The incident redefines what constitutes a sophisticated attacker, prompting a reevaluation of how open-source projects manage contributions and verify integrity.
Future Vigilance and Community Action
Concluding, Thomas poses a haunting question: how many other Jia Tans are embedding backdoors in open-source projects? He urges researchers to study the XZ case, leveraging blogs and technical write-ups from contributors like Freund. By fostering a culture of transparency and collaboration, the community can bolster defenses, ensuring that open-source software remains a pillar of trust rather than a vector for compromise.
Links:
[NDCOslo2024] Running .NET on the NES – Jonathan Peppers
In a whimsical fusion of nostalgia and innovation, Jonathan Peppers, a principal software engineer at Microsoft, embarks on an audacious quest: running .NET on the Nintendo Entertainment System (NES), a 1985 gaming relic powered by a 6502 microprocessor. With a career steeped in .NET for Android and .NET MAUI, Jonathan’s side project is a playful yet profound exploration of cross-platform ingenuity, blending reverse engineering, opcode alchemy, and MSIL wizardry. His journey, shared with infectious enthusiasm, unveils the intricacies of adapting modern frameworks to vintage hardware, offering lessons in creativity and constraint.
Jonathan opens with a nod to the NES’s cultural cachet—a living room arcade for a generation. Its modest specs—less than 2 MHz, 52 colors, and minuscule cartridges—contrast starkly with today’s computational behemoths. Yet, this disparity fuels his ambition: to compile C# into 6502 assembly, enabling .NET to animate pixels on a 256×240 canvas. Through meticulous reverse engineering and bespoke compilers, Jonathan bridges eras, inviting developers to ponder the portability of modern tools.
Decoding the NES: Reverse Engineering and Opcode Orchestration
The NES’s heart, the 6502 microprocessor, speaks a language of opcodes—terse instructions dictating arithmetic and flow. Jonathan recounts his reverse-engineering odyssey, dissecting ROMs to map their logic. His approach: transform C#’s intermediate language (MSIL) into 6502 opcodes, navigating the absence of high-level constructs like methods or garbage collection. By crafting a custom compiler, he translates simple C# programs—think console outputs—into assembly, leveraging the NES’s 2KB RAM and 8-bit constraints.
Challenges abound: switch statements falter, branching logic stumbles, and closures remain elusive. Yet, Jonathan’s demos—a flickering sprite, a basic loop—prove viability. His toolkit, open-sourced on GitHub, invites contributions, with a human-crafted logo replacing an AI-generated predecessor. This endeavor, while not production-ready, showcases the power of constraints to spark innovation, echoing the NES’s own era of elegant simplicity.
Bridging Eras: Lessons in Cross-Platform Creativity
Jonathan’s experiment transcends mere novelty, illuminating cross-platform principles. The NES, with its rigid architecture, mirrors edge devices where resources are scarce. His compiler, mapping .NET’s abstractions to 6502’s austerity, mirrors modern efforts in WebAssembly or IoT. Structs, feasible sans garbage collection, hint at future expansions, while his call for pull requests fosters a collaborative ethos.
His reflection: constraints breed clarity. By stripping .NET to its essence, Jonathan uncovers universal truths about code portability, urging developers to question assumptions and embrace unconventional platforms. His vision—a C# Mario clone—remains aspirational, yet the journey underscores that even vintage hardware can host modern marvels with enough ingenuity.
Links:
[NodeCongress2021] Safely Handling Dynamic Data with TypeScript – Ethan Arrowood
In the realm of full-stack development, where APIs shuttle payloads across boundaries, ensuring type fidelity amid flux poses a perennial puzzle. Ethan Arrowood, a software engineer at Microsoft, navigates this terrain adeptly, advocating schemas as sentinels against runtime surprises. His discourse spotlights TypeScript’s prowess in taming erratic inputs—from form submissions to auth tokens—via symbiotic validation frameworks.
Ethan posits data as the lifeblood of modern apps: JSON’s ubiquity powers endpoints, yet its pliancy invites mismatches. Consider an employee dossier: id, name, employed boolean, company, age, projects array. Static typings guard assignments, but external fetches evade compile-time checks, risking undefined accesses or coerced primitives. Ethan’s remedy? Leverage JSON Schema for declarative constraints, transmuting fluid objects into rigid molds.
Bridging Schemas and Static Guarantees
Enter @sinclair/typebox, a runtime validator that births schemas from TypeScript generics, yielding dual benefits: enforcement and inference. Ethan illustrates with Fastify routes: define bodySchema as TypeBox’s TObject, embedding TString for id/name, TOptional(TBoolean) for employed, mirroring anticipated shapes. This artifact doubles as validator—Fastify’s schema prop ingests it for payload scrutiny—and type oracle, infusing handlers with precise annotations.
In practice, a POST endpoint parses body as TInfer, affording intellisense: body.name yields string, body.age number|undefined. Ethan live-codes this synergy, hovering reveals nested generics—TArray(TString) for projects—ensuring downstream ops like array iterations sidestep guards. Should validation falter, Fastify aborts with 400s, averting tainted flows.
This fusion extends to broader ecosystems: io-ts for branded types, Zod for ergonomic chaining. Ethan cautions reliance on validation logic; a flawed schema propagates peril, echoing JavaScript’s untyped underbelly. Yet, when aligned, it forges ironclad pipelines, where dynamic ingress aligns seamlessly with static egress.
Real-World Integrations and Ecosystem Synergies
Ethan’s Fastify demo crystallizes the workflow: register plugins, await readiness, log addresses— all scaffolded atop schema-derived types. VS Code’s hover unveils the schema’s blueprint, from optional fields to array innards, streamlining refactoring. For authentication, schemas vet JWT claims; forms, user inputs—universal applicability.
Gratitude flows to undraw for visuals, highlight.js for syntax, and tmcw/big for slides, underscoring open-source’s scaffolding role. Ethan’s ethos—connect via GitHub/Twitter—invites dialogue, amplifying Node.js and TypeScript’s communal momentum. By entwining validation with typing, developers reclaim assurance, rendering volatile data a predictable ally in resilient architectures.
Links:
[DevoxxUS2017] Eclipse Che by Tyler Jewell
At DevoxxUS2017, Tyler Jewell, CEO of Codenvy and project lead for Eclipse Che, delivered a compelling session on the shift from localhost to cloud-based development. Highlighting Eclipse Che as a next-generation IDE and workspace server, Tyler discussed how it streamlines team collaboration and agile workflows. With contributions from industry leaders like Red Hat and Microsoft, Che has rapidly gained traction. This post explores the key themes of Tyler’s presentation, focusing on the future of cloud development.
The Rise of Cloud Development
Tyler Jewell began by outlining market forces driving the adoption of cloud development, such as the need for rapid onboarding and consistent environments. He contrasted traditional localhost setups with cloud-based workflows, emphasizing how Eclipse Che enables one-click environment creation. Tyler’s insights, drawn from his role at Codenvy, highlighted Che’s ability to reduce setup time, allowing teams to focus on coding rather than configuration.
Eclipse Che’s Workspace Innovation
Delving into technical details, Tyler showcased Che’s workspace server, which supports reproducible environments through containerized runtimes. Unlike Vagrant VMs, Che workspaces offer lightweight, scalable solutions, integrating seamlessly with Docker. He demonstrated how Che’s architecture supports distributed teams, enabling collaboration across geographies. Tyler’s live demo illustrated creating and managing workspaces, underscoring Che’s role in modernizing development pipelines.
Community Contributions and Roadmap
Tyler emphasized the vibrant Eclipse Che community, with nearly 100 contributors from companies like IBM and Samsung. He discussed ongoing efforts to enhance language server integration, citing the Language Server Protocol’s potential for dynamic tool installation. Tyler shared Che’s roadmap, focusing on distributed workspaces and team-centric features, inviting developers to contribute to its open-source ecosystem.
Balancing IT Control and Developer Freedom
Concluding, Tyler addressed the tension between IT control and developer autonomy, noting how Che balances root access with governance. He highlighted its integration with agile methodologies, enabling faster iterations and improved collaboration. Tyler’s vision for Che, rooted in his experience at Toba Capital, positioned it as a transformative platform for cloud-native development, encouraging attendees to explore its capabilities.