CodeIsGo.com

Most teams use load testing only for performance or stress tests. But they can also help uncover infrastructure issues early. Read on to see how load tests can help make your entire system more resilient at its foundation. By Dennis Martinez.

When discussing load testing, two immediate thoughts come to mind for most developers and testers: validating application performance and putting systems under immense pressure. Testing for both of these use cases is vital for any modern software development workflow.

The content of the article focuses on the following 3 areas:

• Use load testing to ensure your infrastructure configuration works as expected
• Use load testing to test the resiliency of your hardware
• Use load testing to verify your serverless applications

Load testing can also become a powerful tool for developers, testers, and anyone responsible for your application’s resiliency. Applications are becoming highly complex with more moving parts, and we need to do our best to deliver a high-quality solution from top to bottom. Teams usually employ load testing for obtaining performance metrics or stress-test an application’s capacity, but as this article discusses, it can assist with a lot more. Good read!

A SQL injection (SQLi) attack is one of the most threatening issues for data integrity and confidentiality today, allowing attackers to access secure data where they are not authorized. In this article, we discuss SQLi and how these attacks work, with types and examples. By Al Mahmud Al Mamun.

SQL injection or insertion is a malicious attack technique that exploits vulnerabilities of SQL-based applications. With SQLi, hackers inject arbitrary code into SQL queries, which allows them to directly add, modify, and delete records stored in a database. SQLi attacks can affect any web application or website involved with a SQL database, such as MySQL, SQL Server, Oracle, and others.

The article describes:

• What is a SQL injection?
• How does a SQL injection attack work?
• Examples of SQL injection attacks
• Types of SQL injections

Every organization needs to focus on protecting its valuable information from SQLi attacks. There are many automatic detection tools available to test for these vulnerabilities. A layered approach that includes data-centric strategies can be the optimal defense for SQLi attacks, where data focuses on protecting itself, as well as the applications and network. Good read!

Each day, Uber moves millions of people around the world and delivers tens of millions of food and grocery orders. This generates a large number of financial transactions that need to be stored with provable completeness, consistency, and compliance. By Piyush Patel, Jaydeepkumar Chovatia, and Kaushik Devarajaiah.

LedgerStore is an immutable, ledger-style database storing business transactions. LedgerStore provides signing/sealing of data to guarantee data completeness/correctness, strongly consistent indexes, and automatic data tiering. LedgerStore uses DynamoDB as its storage backend. Running LedgerStore in production for almost 2 years at Uber scale, we’d amassed a large amount of data as trips and orders volume grew. Over this period of time we realized that operating LedgerStore with DynamoDB as a backend was becoming expensive. Also having different databases in our portfolio creates fragmentation and makes it difficult to operate.

In this post today we are going to talk about rearchitecting some of the core components of LedgerStore on top of Docstore, Uber’s general-purpose multi-model database:

• What is LedgerStore?
• Data model
• Data integrity
• LedgerStore 2.0 design considerations
• Architecture
  • Docstore table design
  • Data sealing
  • Data backfill (historical data from DynamoDB—more than 250 billion unique records (~300TB of data)
• DynamoDB to Docstore migration

… and more. Authors have also taken a deep dive into the architecture and explained how the entire migration was designed and executed without impacting stringent SLAs and online flow. We liked this one: We backfilled 250 billion unique records and not a single data inconsistency has been detected so far, with the new architecture in production for over 6 months. Super interesting read!

Introducing Quantum Serverless, a new programming model for leveraging quantum and classical resources. By Blake Johnson, Ismael Faro, Michael Behrendt, Jay Gambetta @ibm.com.

Integrating quantum into real-world workflows will take advancements across the stack. We need to think holistically about quantum performance, including the scale, quality, and speed of our processors.

We need to enter the realm of quantum advantage, where quantum computers are either cheaper, faster, or more accurate than classical computers at the same relevant task.

A recent example1 we demonstrated is entanglement forging which exploits symmetry in chemistry problems to simplify the knitting. Meanwhile, quantum embedding re-frames the problem to allow classical computers to simulate those pieces that can be well-approximated classically, while looping in quantum resources for only the classically difficult parts of the problem. In the context of chemistry, this might describe an active-space calculation that runs on the QPU with a Hamiltonian iteratively updated by a classical simulation of the inactive space.

Finally, error mitigation uses classical post-processing in order to reduce the impact of some classes of errors and get a more-accurate quantum solution. We hope that Quantum + Classical will allow us to realize quantum advantage in certain applications sooner than expected. For the details please follow the link to the full article. Good read!

Lately, it seems as though the path to quantum computing has more milestones than there are miles. Judging by headlines, each week holds another big announcement—an advance in qubit size, or another record-breaking investment. This is Q&A with the former chief architect of Google’s Sycamore, John MartinisBy Dan Garisto.

But if you go back to one of the points of the quantum supremacy experiment—and something I’ve been talking about for a few years now—one of the key requirements is gate errors. I think gate errors are way more important than the number of qubits at this time. It’s nice to show that you can make a lot of qubits, but if you don’t make them well enough, it’s less clear what the advance is. In the long run, if you want to do a complex quantum computation, say with error correction, you need way below 1% gate errors.

I want to drill down on “scale versus quality,” because I think it’s sort of easy for people to understand that 127 qubits is more qubits.

It depends how you want to quantify it, but it’s not a huge factor. It could be a bit better if you had more qubits, but you would maybe have to architect it in a different way. I don’t think it is good for the field to oversell results making people think that you’re almost there. It’s progress, and that’s great, but there still is a long way to go.

Very interesting read! Seems, like we are still some time away from good quantum system.

We know machine learning is so popular in mobile and desktop applications. Therefore we need basic ML skills to follow this trend. By Oguz Kayra.

CreateML is a programming framework, to create apps with ML in IOS, macOS, and IpadOS (Apple Ecosystem). CreateML is facilitating using ML on projects for non-data scientists. ML power can spread many apps.

The article then does a good job explaining:

• Machine learning workflow
• Step by step: Create ML models with CreateML
  • Determine your dataset
  • Import CreateML and foundation modules
  • Create data table with CSV table
  • Separating relevant data from DataTable
  • Dividing DataTable as test and training
  • Creating model and train the model
  • Test your regression
  • Saving machine learning model

Basically, machine learning workflow is simple, get data, train models with these data, test your model, update your model, use this model in a real application.

You can find code and dataset on author’s GitHub account in this Github repository. Good read!

This is a list of recurring anti-patterns that I see when I help folks with their container build pipelines, and suggestions to avoid them or refactor them into something better. By Jérôme Petazzoni.

Many of them are harmless when used separately. But when combined, they can easily compromise your productivity and waste time and resources, as we will see.

The guide then covers the following in depth:

• Big images
  • All-in-one mega images
  • Data sets
• Small images
• Rebuilding common bases
• Building from the root of a giant monorepo
• Not using BuildKit
• Requiring rebuilds for every single change
• Using custom scripts instead of existing tools
• Forcing things to run in containers
• Using overly complex tools
• Conflicting names for scripts and images
• Building with Dockerfiles

BuildKit is a new backend for docker build. It’s a complete rehaul with a ton of new features, including parallel builds, cross-arch builds (e.g. building ARM images on Intel and vice versa), building images in Kubernetes Pods, and much more; while remaining fully compatible with the existing Dockerfile syntax. It’s like switching to a fully electric car: we still drive it with a wheel and two pedals, but internally it is completely different from the old thing.

And final note: don’t treat these recommendations as absolute rules. What author is saying is “hey, careful, if you do this, it can have unexpected consequences; look, here is what I suggest to improve the situation”. Nice one!

Well-architected describes the key concepts, design principles and architecture best practices for designing your cloud workloads. It balances best practices with business goals to determine the optimal outcome. By Gerald Stewart.

Created by AWS Solutions Architects using the lessons Amazon has learnt from running thousands of systems at a massive scale, it enables developers to compare their workloads against the rigorous standards that AWS holds itself against.

The framework covers these pillars:

• Operational Excellence - To be able to monitor and support workloads effectively, to enable continuous improvement and to deliver business value
• Security - Improving your security posture by taking advantage of Cloud technologies to protect your assets and systems
• Reliability - Ensuring your workload can perform it’s intended function correctly and consistently
• Performance Efficiency - Ensuring appropriate resource allocation to enable performant systems and a positive end user experience
• Cost Optimisation - Ensuring you are delivering business value at the lowest possible cost

If I could recommend one topic of learning to a junior engineer or someone looking to up their game designing and building on AWS it would be to read the Well-Architected framework and understand how to apply it.

Well-Architected should be applied both continuously with reviews carried out at regular intervals. Understanding the pillars, core concepts and reasons behind the pillars of the Well-Architected framework can enable you to make better architecture decisions and avoid rewrites or large changes after a full-scale review has been carried out. For deeper insights follow the link to the full article. Good read!

The AWS Cloud Development Kit (CDK in short) is a relatively new framework for defining cloud Infrastructure as Code (IaC). CDK allows to easily define your cloud infrastructure by importing classes (resources) and instantiating objects. The resulting definition can be versioned in GIT, easily shared and used in command-line tools (for example in CI/CD pipelines). By Maurizio Bonani.

The underlying concept is that you can mutate your infrastructure through code, the same way you mutate any other application.

By using CDK you can fully leverage the ecosystem of your favorite programming language. This means that you can use your favorite code editor and get all the niceties such as syntax highlighting, type checking and auto-completion. Also with CDK, your infrastructure can be as testable as any other code you write.

Autor needed to run a periodic task to perform a basic ETL (Extract Transform Load) process on a MySQL database. The article describes the following steps to achieve it:

• What is Fargate
• Terminology
• The code
• Cluster
• The definition
• Containers
• Service

That’s it. In this article we learned how to use CDK to provision a scheduled workload on AWS Fargate. Plenty of examples of the code which you can directly use with CDK to follow the article and deploy the solution. Perfect!

Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted scaleable cloud platform. AWS offering over 200 fully featured services from data centers globally. This tutorial will teach you how to create serverless function in Typescript and deploy it to AWS. By Abdul Waqar.

import * as cdk from "@aws-cdk/core";
import * as lambda from "@aws-cdk/aws-lambda";
import * as apigw from "@aws-cdk/aws-apigateway";

export class HelloLambdaStack extends cdk.Stack {
  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);
    const hello = new lambda.Function(this, "HelloHandler", {
      runtime: lambda.Runtime.NODEJS_10_X,
      code: lambda.Code.fromAsset("lambda"),
      handler: "hello.handler",
    });

  }
}

The article then in brief steps describes:

• What is AWS and CDK?
• Lambda Function
• Amazon API Gateway
• Lets write code for Lambda Function
• Deploy Lambda Function using CDK

Congratulation! You have successfully deployed your first Lambda Function and API Gateway to call Lambda Function on AWS Cloud. Good read!