Welcome to curated list of handpicked free online resources related to IT, cloud, Big Data, programming languages, Devops. Fresh news and community maintained list of links updated daily. Like what you see? [ Join our newsletter ]

Building a business system integration and automation platform at Shopify


Tags cio cloud management learning

Companies organize and automate their internal processes with a multitude of business systems. Since companies function as a whole, these systems need to be able to talk to one another. At Shopify, we took advantage of Ruby, Rails, and our scale with these technologies to build a business system integration solution. By Will Watkinson.

The article then walks you through:

  • The modularization of business systems
  • Organic integration
  • Integration platform as a service
  • Building on Shopify’s stack
  • The design priorities
  • Implementation

The transition from monolithic to modular architecture doesn’t remove the need for interaction between modules. Maintaining well-defined, versioned interfaces and integrating with other modules is one of the biggest costs of modularization. In the business systems space, however, it doesn’t always make sense for vendors to take responsibility for integration, or do it in the same way. Good read!

[Read More]

Demand for cybersecurity skills rises as quantum computing threats tighten


Tags miscellaneous management cio teams career infosec

There is a major shortage of cybersecurity professionals, with the equivalent of a major city worth of workers missing from the workforce. (ISC)2, the world’s largest professional organization for cybersecurity workers, estimates in the paper linked above that the cybersecurity workforce will have to increase by 65% to meet demand. By Nils Gerhardt.

Furthermore, we have seen increased cybersecurity threats and reduced employee training due to the COVID-19 pandemic, reducing the ability of professionals and new entrants into the field to train. Most worrying, new technology threatens to make existing cybersecurity skills obsolete and renders many of the forms of protection they rely on null.

The article discusses following:

  • A lack of cybersecurity skills
  • Emerging threats
  • Preparing for a post-quantum world

It is apparent that the cybersecurity workforce will need to increase. Therefore, a large-scale realignment aimed at getting more qualified workers into the industry, helping decision-makers understand the issues and preparing the current and future workforce for a quantum computing age. Good read!

[Read More]

Event streaming is not event sourcing!


Tags streaming software-architecture devops akka app-development

The main misunderstanding, and source of the issues, is related to deciding on the stale data. It brings uncertainty and the need for workarounds. It’s a common mistake to use tools like Kafka and Pulsar for event stores, but they are not. You don’t have basic guarantees for optimistic concurrency checks. By Oskar Dudycz.

TLDR: We assume that conflict situations will be rare. A conflict arises when two people try to change the same record at the same time. When this happens, we will only allow the first person to update the state. All other updates will be rejected. For verification, we use a record version that changes with each save.

All of the event stores that I know support strong consistency on appends, and optimistic concurrency. Most guarantee global ordering. Some have a built-in idempotency handling. All of that helps to reduce those issues. In Event Sourcing, events are the state.

The events are the source of truth, only if you’re using them in the write model as a basis for the state rehydration. If you’re using a materialized view, even though it’s built based on events, then you outsourced the truth to other storage. If you’re using a pattern that means you’re just using events to build up the materialized view you use for the write model logic, that can lead to using Event Streaming tools like Kafka, Pulsar, etc. And, as stated in the article, this is a dead-end. Read more in How to get the current entity state from events?.

Event Sourcing by itself doesn’t directly relate to eventual consistency, type of storage, messaging, etc. Those are implementation details and tradeoffs we’re choosing. Each storage solution has its patterns and anti-patterns: relational databases have normalization, document databases are denormalized, key-value stores have strategies for key definition. Event stores also have their problems. Super interesting read with plenty links to further reading in the topic!

[Read More]

SwiftUI -- MVVM state management in a simple way


Tags swiftlang programming app-development learning

SwiftUI is Apple’s new declarative framework for building user interfaces for all Apple devices. This framework can be broken down into two essential components: views and state. By Amisha I.

State management is an integral part of SwiftUI development, and there are many different ways of working with the state. In which State represents the data associated with a view. In this article we are going to learn about a state holder to separate business logic from UI components. ViewModel has a longer lifecycle than the view so ViewModel can preserve its state across UI changes.

For simplicity, author divided this post into 3 sections:

  • Add data layer – Responsible for fetching data from API
  • Add ViewModel – Responsible for managing the state of the screen
  • Add View – Actual UI representation that users will see

This is one of the ways to manage the state, however, you should explore other options as well once you are familiar with these basics. Good read!

[Read More]

What are namespaces and cgroups, and how do they work?


Tags nginx devops linux

Recently, I have been investigating NGINX Unit, our open source multi-language application server. As part of my investigation, I noticed that Unit supports both namespaces and cgroups, which enables process isolation. In this blog, we’ll look at these two major Linux technologies, which also underlie containers. By Scott van Kalken of F5.

Containers and associated tools like Docker and Kubernetes have been around for some time now. They have helped to change how software is developed and delivered in modern application environments. Containers make it possible to quickly deploy and run each piece of software in its own segregated environment, without the need to build individual virtual machines (VMs).

The article then focuses on:

  • What are namespaces?
    • Types of namespaces
    • An example of parent and child PID namespaces
    • Creating a namespace
    • Looking at a namespace from the outside
  • What are cgroups?
    • Cgroup versions
    • Creating a cgroup

Namespaces and cgroups are the building blocks for containers and modern applications. Having an understanding of how they work is important as we refactor applications to more modern architectures. Excellent read!

[Read More]

What exactly should we be logging?


Tags infosec devops programming learning software how-to

As a security architect and the technical leader for the Logging Made Easy project, I am often asked “what logs should I be collecting?” I absolutely hate the standard ‘it depends’ response. So, I’ve been answering with a question of my own: “For what?” This has led to a number of interesting discussions on the topic of who should be logging what, and when. By Adam B.

Before getting down to specifics, take some time to think about the logging practices, sources and tools available to you. Picking the right tool is part of the journey - you wouldn’t expect a chef to use a single knife, nor would you expect a developer to work with a single technology stack. You need to decide what are the ‘right tools for the job at hand’.

The article then discusses:

  • Doing away with “one size” solutions
  • Alternatives to ATT&CK framework
    • Reconnaissance
    • Resource development
    • Gaining initial access
    • Execution of attacker controlled code
    • Persistence
    • Privilege escalation
    • Defence evasion

… and much more. The cloud allows you to use resources as and when they are needed. However, depending on your provider, getting access to raw logs may be difficult or impossible. This is because of the division of “shared responsibility”. But what does shared responsibility mean for logging? Good read!

[Read More]

OOP vs Type Classes: Ideology


Tags oop programming learning software

This is the 1st article of a series that explores the difference between OOP design, and parametric polymorphism with Type Classes, as both are possible in Scala. By Alexandru Nedelcu.

A black box is a device, system or object that can be viewed in terms of its inputs and outputs. This means that the input and output are well specified, such that we can form a useful mental model for how it works. Note that the mental model doesn’t have to be correct, it just has to be useful, such that we can operate the system without breaking it open and taking a look at the implementation.

The article is split into:

  • Motivation
  • Abstraction
    • Black Box Abstraction
  • What is OOP?
    • Are OOP and FP orthogonal? Can they mix?
  • What are Type Classes?
  • Ideological clash
    • OOP values
    • Static FP values
    • Degenerate cases
    • What do you want? OOP is a paradigm based on the concept of “objects” and their interactions, objects that contain both data and the code for manipulating that data, objects that communicate via messages. Good read!
[Read More]

Physical theory explains how time is non-existent, irrelevant to our lives


Tags miscellaneous cio learning data-science

Time is an important aspect of life that each person relies on in order to function in society. Time can be measured in many ways, such as in calendars and clocks, and can be viewed at any moment of the day, at any place. By Ron Jefferson.

Despite the establishment of time and its presence throughout the history of humankind, some experts theorize that the measurement hangs as an open possibility, Space reports.

The scientific studies throughout the past centuries allowed us to observe and discover two crucial theories in the physical field, namely quantum mechanics and general relativity.

Loop quantum gravity is the most questionable among the past theories, as this guess relies on aspects that do not rely on time, and in fact, eliminate the presence of time entirely. In this theory, time only emerges along with how we exist on a physical level. This guess implies that, unless we have answers to how time emerges, then time is non-existent. How very interesting!

[Read More]

Swift actors: How do they work, and what kinds of problems do they solve?


Tags swiftlang linux how-to programming learning

Since the very first version of Swift, we’ve been able to define our various types as either classes, structs, or enums. But now, with the launch of Swift 5.5 and its built-in concurrency system, a new type declaration keyword has been added to the mix – actor. By John Sundell.

One of the core advantages of Swift’s new actor types is that they can help us prevent so-called “data races” – that is, memory corruption issues that can occur when two separate threads attempt to access or mutate the same data at the same time.

So, in this article, let’s explore the concept of actors, and what kinds of problems that we could solve by defining custom actor types within our code bases. The article explains:

  • Preventing data races
  • A case for an actor
  • Race conditions are still possible

So, in general, actors are a fantastic tool when we want to implement a type that supports concurrent access to its underlying state in a very safe way. However, it’s also important to remember that turning a type into an actor will require us to interact with it in an asynchronous manner, which usually does make such calls somewhat more complex (and slower) to perform – even with tools like async/await at our disposal. Good read!

[Read More]

Modern alternatives to some of the classic Linux commands


Tags miscellaneous linux how-to devops learning

When you start learning Linux, you begin with a standard set of Linux commands that have been in existence since the UNIX days. As you grow old as a Linux user, you keep on mastering the same set of standard commands. By Abhishek Prakash.

But these standard, legacy commands were created several decades ago and while they do their intended jobs, their functionalities could be improved and the structure could be simplified.

The article then covers these alternatives:

  • HTTPie: Alternative to wget and curl
  • bat: Alternative to cat
  • ncdu: Alternative to du command
  • htop: Alternative to top command
  • fd: Alternative to the find command
  • exa: Alternative to ls command
  • duf: Alternative to the df command
  • tldr: Alternative to man command
  • neovim: Alternative to Vim

Again, these alternative commands should not be considered as a drop-in replacement, specially if you manage numerous Linux systems. You may not find and install them on all the systems. They are good only if you have full control on your Linux machine(s). Excellent comparison!

[Read More]