CodeIsGo.com

The emergence of modern web and mobile applications, based on microservices exposing HTTP APIs, has highlighted the need to effectively integrate, deploy, decommission, throttle, and securing a plethora of heterogeneous web APIs. By #Proud2beCloud @towardsaws.com.

Several companies and open source initiatives have developed API gateway solutions in order to meet the above requirements and expose a coherent API format for all the microservices composing the application.

https://miro.medium.com/max/700/0*BsAiLIEAnkmionH4.png

Source: @/towardsaws.com https://towardsaws.com/how-to-integrate-legacy-api-with-aws-api-gateway-proxy-9e1c52d35bab

In the context of API Gateway, API integration is the type of action performed by the gateway in order to respond to a given API request. The integration is invoked after the validation and authorization of the request (if configured/needed). AWS API Gateway (API GW from here on) supports several types of API integrations:

• HTTP integration (HTTP/HTTP_PROXY)
• Lambda integration (AWS_PROXY)
• Other AWS Service (AWS)
• MOCK integration

In this use case, you’ll typically have many API still hosted on the monolithic infrastructure and other APIs already migrated to AWS Lambda (with the AWS_PROXY integration) and/or AWS ECS (Fargate) behind a load balancer. Nice one!

This post is a part of a series on the Chromium rendering engine. The team is responsible for the web facing APIs for video playback like MSE and WebCodecs, and the platform specific internals involved in demuxing, decoding, and rendering audio and video. By Dale Curtis.

In this article, I’ll walk you through Chromium’s video rendering architecture. While some details around extensibility are likely Chromium-specific, most of the concepts and designs discussed here apply to other rendering engines and even native playback apps.

In the beginning, video rendering was quite simple - just a for loop choosing which software decoded video frames to send to the compositor. For years this was reliable enough, but as the complexity of the web increased, the need for more performance and efficiency led to architectural changes. Many improvements required OS-specific primitives; thus, our architecture also had to become more extensible to reach all of Chromium’s platforms.

![Chromium architecture evolution]https://wd.imgix.net/image/ZDZVuXt6QqfXtxkpXcPGfnygYjd2/IMFPhRwU3MKT1lEvfzIZ.png?auto=format&w=845 “Diagram of rendering flow to different Chromium platforms, Source: https://developer.chrome.com/blog/videong/")

Source: https://developer.chrome.com/blog/videong/

Chromium’s playback architecture has changed significantly over the years. While we didn’t start with the idea of a pyramid of success as described in the first post in this series, we ultimately followed similar steps: reliability, performance, and then extensibility.

We’ve focused on how Chromium takes advantage of OS primitives to deliver best in class playback experience. Very interesting!

Tony Robalik published the story of how to build thinks with Gradle, how to use the application and distribution plugins to build the app and bundle a distribution; how to use the shadow plugin to turn it into a fat jar.

The upshot is we turn a 1.5M jar into a 12K “fat” jar, shaving 99.2% off the final binary. This project is built with Gradle 7.1.1. This is important to keep in mind, as you would need to make some code changes if you were using Gradle 6.x.

The article then covers:

• The app
• The real code
• Building an app with Gradle
• Turning the app into a distribution
• Layering on the Shadow plugin
• Layering on Proguard
• The making of a skinny-fat distribution
• Publishing our minified distribution

All the code for this is on Github. This post is meant as a minimal example of how you might build a small Kotlin app with Gradle, which also had the requirements that it should have zero dependencies, be as small as possible, and be publishable for ease of access by potential users. Good read!

Concurrency and parallelism are similar terms, but they are not the same thing. This post looks at how to speed up CPU-bound and IO-bound operations with multiprocessing, threading, and AsyncIO. Older article by Amal Shaji.

Concurrency is the ability to run multiple tasks on the CPU at the same time. Tasks can start, run, and complete in overlapping time periods. In the case of a single CPU, multiple tasks are run with the help of context switching, where the state of a process is stored so that it can be called and executed later.

Parallelism, meanwhile, is the ability to run multiple tasks at the same time across multiple CPU cores.

The article also mentions:

• IO-bound operation
• * Sync example
• * Threading example
• * concurrent.futures example
• * AsyncIO example
• CPU-bound operation
• * Sync example
• * Multiprocessing example
• * concurrent.futures example

It’s worth noting that using multiprocessing to execute the make_request function will be much slower than the threading flavor since the processes will be need to wait for the IO. The multiprocessing approach will be faster then the sync approach, though.

Similarly, using concurrency for CPU-bound tasks is not worth the effort when compared to parallelism.

That being said, using concurrency or parallelism to execute your scripts adds complexity. Your code will generally be harder to read, test, and debug, so only use them when necessary for long-running scripts. All of the code examples in this post can be found in the parallel-concurrent-examples-python repo. Good read!

OpenAPI has long since put the spotlight on JSON Schema, and the release of OpenAPI 3.1 has huge implications for the future of both projects. Truly exciting! By Ben Hutton & Mike Ralphson.

Developers of platforms and libraries that use OpenAPI haven’t had such a shake up before, and my feeling is it may take more than a few releases to correctly implement all the new shiny features full JSON Schema has to offer.

While the number of changes from JSON Schema draft-04 to draft 2020-12 are vast and the subject of more blog posts than are likely interesting, one of the key “features” of draft 2020-12 is a defined bundling process. (draft-04 is the version of JSON Schema that OAS used prior to version 3.1.0; or rather, a subset/superset of it.)

The article also reads about:

• Bundling has renewed importance
• Existing solutions? New solutions!
• Bundling fundamentals
• Bundling Simple External Resources
• OpenAPI Specification Example

Indeed, bundling, if anything, is going to be more important to get right than ever. OAS 3.1 ushering in full JSON Schema support dramatically increases the likelihood that developers with existing JSON Schema documents will use them by reference in new and updated OpenAPI definitions. Ultimate source of truth matters, and it’s often the JSON Schemas. Nice one!

Want to write an npm package without publishing to npm or git? And be able to use it in a project? Well, keep reading! By Tomas Nilsson.

NPM is fantastic, but it can be somewhat challenging if you just want to do some prototyping or just test out stuff. This guide shows how to manually write a package and still be able to test/use it in a project.

The article then dives into practical side of things:

• Setup demo1
• Setup foopackage
• Referencing foopackage from demo1
• Publishing to NPM

You will also find information how to set up this project and how to publish to npm. And there is also a link to resource sif you want to unpublish. Short but sweet!

Cloud Native Applications are independent services, collectively but loosely coupled. Cloud native development is an approach to build quality apps. It is efficient as Cloud native development focuses on architecture’s modularity. We need DevOps, Microservices and Containers for cloud native. By AnAr Corporate.

Cloud Native Application Architecture is built for running in the cloud. Application on the cloud can be built using various programming languages e.g., HTML, CSS, Java, JavaScript, .NET, Go, Node.js, PHP, Python or Ruby. It uses containers that helps in easy deployment on any cloud platform AWS, IBM, or Google.

The article then describes:

• Benefits of cloud native application architecture
• Predictions on cloud native application architecture
• Top 4 cloud native application architecture principles

Cloud native applications provides a data-driven response to your queries over business actions. It offers superior functionality and consistency to cloud-based applications. It allows you to focus on customer experience not just the technology. Undoubtedly, the cloud native application architecture continuously evolve, which gives leverage and a competitive edge to enterprises. Interesting.

Predictive analytics is a sub-area of business analytics and is particularly concerned with recognizing patterns and predicting future events. It is used in a wide variety of scientific disciplines and areas in companies. By Henny Jones.

Predictive Analytics uses historical data sources and uses them to create a mathematical model that can be used to predict future events. Such a model recognizes trends or patterns in historical data and can predict them for the future. On this basis, companies have a tool to make better decisions or to identify possible risks at an early stage.

The article then reads about:

• The requirements for predictive analytics
• Procedure and process of predictive analytics
• Benefits of predictive analytics
• Applications for predictive analytics
• Use of predictive analytics in CRM and marketing

Predictive analytics methods are particularly used in customer relationship management (CRM). With this use, the collected customer data serve as the basis for predictions and forecasts. In addition to the CRM area, predictive analytics is also used in online marketing to predict click behavior or to place the right advertising at the right time. Good read!

Network security attacks have gained momentum over the past years, which highlights the need for network defenders. Learn more about network security attacks and their types. By CISOMAG.

With online shared resources for storing sensitive data and trade secrets gaining prominence, and data exchange moving to cloud infrastructure, the risks are enormous.

Common types of networking attacks:

• Computer virus
• Malware
• Computer worm
• Botnet
• Phishing
• DoS (Denial of Service) and DDoS attacks
• 5G based Attacks
• Ransomware
• SQL Injection Attacks

No network, no matter how secure, is safe from intrusions and cybercriminals. Some of the severe emerging threats to network security are DDoS attacks, man-in-the-middle attacks, phishing attacks, inadequate network protocols, and ransomware attacks. Good read!

Welcome to the latest installment of the OWASP Top 10! The OWASP Top 10 2021 is all-new, with a new graphic design and an available one-page infographic you can print or obtain from our home page. By @owasp.

There are three new categories, four categories with naming and scoping changes, and some consolidation in the Top 10 for 2021.

These are some of the top 10 security issues:

• A01:2021-Broken Access Control moves up from the fifth position; 94% of applications were tested for some form of broken access control. The 34 CWEs mapped to Broken Access Control had more occurrences in applications than any other category.

• A02:2021-Cryptographic Failures shifts up one position to #2, previously known as Sensitive Data Exposure, which was broad symptom rather than a root cause. The renewed focus here is on failures related to cryptography which often leads to sensitive data exposure or system compromise.

• A03:2021-Injection slides down to the third position. 94% of the applications were tested for some form of injection, and the 33 CWEs mapped into this category have the second most occurrences in applications. Cross-site Scripting is now part of this category in this edition.

• A04:2021-Insecure Design is a new category for 2021, with a focus on risks related to design flaws. If we genuinely want to “move left” as an industry, it calls for more use of threat modeling, secure design patterns and principles, and reference architectures.

.. and more. Follow the link to the original blog to learn more and observe graphical comparison against 2017. Nice one!