CodeIsGo.com

This best-practices article intends for developers interested in creating RESTful Web services that provide high reliability and consistency across multiple service suites; following these guidelines; services are positioned for rapid, widespread, public adoption by internal and external clients. By Love Sharma.

Article begins with elaborating on each box by starting with its principles:

• The six principles / constraints
  • Client-Server: Separation of concerns is the principle behind the client-server constraints.
  • Stateless: communication must be stateless, as in the client-stateless-server (CSS) style
  • Cacheable: To improve network efficiency
  • Layered system: A client cannot ordinarily tell whether it is connected directly to the end server or an intermediary along the way
  • Code-on-demand: REST allows client functionality to extend by downloading and executing code in the form of applets or scripts
  • Uniform interface
• Best Practices
  • Keep it simple and fine-grained
  • Filtering & ordering: For large data sets, limiting the amount of data returned is vital from a bandwidth standpoint
  • Versioning: There are many ways to break a contract and negatively impact your clients in API development for any given resource.
  • Pagination: One of the principles of REST is connectedness – via hypermedia links
  • Resource-naming
  • Monitoring: Make sure to add all kinds of monitoring to improve the quality or performance of your API
  • Security: Authorization / authentication, CORS, TLS, Idempotence

… and much more. Also consider self-descriptive messages: Each message includes enough information to describe how to process the message. Create APIs that mimic your system’s underlying application domain or database architecture of your system. Eventually, you’ll want aggregate services — services that utilize multiple underlying resources to reduce chattiness. Good read!

Sure, Google Cloud offers world-class infrastructure, but one of the main reasons that customers choose our platform is to run their applications on one of our managed container platforms: Google Kubernetes Engine (GKE), the most scalable and easy to use service from the company that invented Kubernetes; Anthos for managing containers in hybrid and multicloud scenarios; and Cloud Run, our serverless platform for containerized workloads. By @google.com.

The list of top popular articles for 2021 includes:

• Introducing GKE Autopilot: a revolution in managed Kubernetes
• Introducing Google Distributed Cloud—in your data center, at the edge, and in the cloud
• Introducing WebSockets, HTTP/2 and gRPC bidirectional streams for Cloud Run
• Introducing GKE image streaming for fast application startup and autoscaling
• 4 new features to secure your Cloud Run services

… and more. Please follow the link to the full article to get the rest of the resources.

The idea of clean code gained popularity with the publication of Robert Cecil Martin’s “Clean Code: A Handbook of Agile Software Craftsmanship” in 2008. However, the principles of clean code date back to the beginning of software development, and Martin’s book is an essential manual for people who aim for cleanly written code. It’s a programming classic, and if you’re serious about coding, you should read this book cover to cover! By Ritesh Shah.

The article main points are:

• Why write clean code?
• 7 “Clean Code” principles
  • Follow the KISS, DRY, and YAGNI rules
  • Naming conventions: Use intention-revealing names
  • Functions with the same level of abstraction
  • Readability over conciseness
  • Don’t include (too many) comments
  • Consistency throughout the code
  • Don’t obscure logic with error handling
  • Elegant code or workable code?

Clean coding is not a skill you can master overnight. Instead, it’s a set of principles that you need to incorporate into your coding life — and apply them whenever you write or fix code. Programming is both a craft and a science, and you can only learn to write better code with time and perseverance. We liked this one: Comments should, in fact, explain “why” you did something instead of “what” is happening in the code. Excellent!

Efficiently dealing with an incident or crisis weighs heavily on three main factors; preparation, process and the tools you have to hand. The latter can greatly influence your incident management process and a cyber incident management platform should make the implementation of your incident response quick and easy rather than hinder it. By Cheryl.

So before considering a tool to help manage incidents, consider your incident / crisis management plan! Do you have one? Map out a clear incident response plan for your department and essentially for your business.

Cyber security incidents happen on a daily basis, preparation is vital for phishing attacks, insider threats, denial of service disruptions, malware and ransomware, to name but a few.

These incident response strategies are often IT oriented, but an incident can often require the input and action from beyond the IT department should an event escalate into a crisis affect the organisation as a whole. The article then reads about:

• So what’s the difference between an incident and a crisis?
• An incident platform is for life not just for cyber!
• Be prepared
• Theory test before practical

Breaking this down into 2 areas, firstly you should consider the business culture and resource you already have. Secondly, comes the features and benefits that you require and have determined aren’t already covered by existing tools and processes. A “last but not least” consideration for your incident response platform is how easily you can use it to train staff on? Good read!

A zero day is a security flaw for which the vendor of the flawed system has yet to make a patch available to affected users. You can’t patch these holes—but you can still protect yourself. The name ultimately derives from the world of digital content piracy: if pirates were able to distribute a bootleg copy of a movie or album on the same day it went on sale legitimately (or maybe even before), it was dubbed a “zero day.”. By Josh Fruhlinger.

Borrowed into the world of cybersecurity, the name evokes a scenario where an attacker has gotten the jump on a software vendor, implementing attacks that exploit the flaw before the good guys of infosec are able to respond. Once a zero day attack technique is circulating out there in the criminal ecosystem—often sold by their discoverers for big bucks—the clock is ticking for vendors to create and distribute a patch that plugs the hole.

The content of the article:

• Zero day vulnerability vs exploit vs attack
• Why are zero day exploits dangerous?
• Defense against zero day attacks
  • Practice defense in depth
  • Keep an eye out for intrusions
  • Lock down your networks
  • Be sure to back up
• Zero day attack examples

But fighting off zero day attacks isn’t something that you need to do on your own. In fact, the broader security ecosystem—which consists of everyone from independent white-hat hacker researchers to security teams at big software and hardware vendors—has an interest in uncovering and fixing zero day vulnerabilities before malicious hackers can exploit them.

The march of zero day vulnerabilities and attacks is relentless. You wil find links to further reading in the article as well. Very good!

PHP 8.1 is out and the hip new feature for non-blocking and asynchronous programming in PHP are fibers. In this post we’re going to explore them and see how we at ReactPHP will start with them at the edge. By Cees-Jan Kiewiet.

Fibers are also known as green threads and offer thread like functionality within the same process, also known as cooperative multitasking. Each process always starts with the main fiber and you can decide to spawn more.

The article then deals with:

• async
• await
• Run your entire application a fiber
• Request handler
• Looking ahead

Fibers are awesome, but because we barely scratched the surface we, ReactPHP, will start using them at the edge only. But there is a problem with that, currently there is no way to cancel a fiber as we can do now with promises ($promise->cancel()). Good read!

Learn how to manage Active Directory Objects with Azure AD Provider for Terraform and see examples of how to authenticate and grant the correct permissions. By Adam Connelly.

The Azure AD provider for Terraform can be used to manage your Azure Active Directory resources declaratively. This allows you to do things like:

• Automatically provision users and make sure they belong to the correct groups
• Manage Azure compute permissions via Azure AD groups

In this post, you will learn what the Azure AD Terraform provider is used for, how to authenticate and grant permissions and see examples of what you can do with it:

• Create a Group in Azure AD
• Authenticate with Azure
• Grant permissions
• Assign API permissions
• More examples

In this post, we have covered what the Azure AD Terraform provider is used for, how to authenticate and grant the correct permissions, as well as showing a few examples of what can be done with it. Nice one!

Manipulating data in sheets can be a tedious task, but if you have at least a bit of a programmer inside you, you can make your work with Google sheets much easier. How – you ask? By connecting R to Google sheets using the googlesheets4 package provided by tidyverse. By Zuzanna.

This article will show you how to easily connect to your Google account, download data from Google spreadsheets to the dataframe in R, create a new sheet, as well as add new records, overwrite data, and delete individual columns.

• Connect R to Google Sheets
• Read Google sheets with R
• Create Google sheets with R
• Write Google sheets with R
• Summary

Googlesheets4 is the tidyverse library that allows integrating R workspaces with Google Sheets to enable data manipulation (reading, creating, and writing) in the R environment. As the official googlesheets4 documentation states, it is a reboot of a previous package called googlesheets. Nice read!

From time to time, it is good to review the solutions that make up your infrastructure. Perhaps there are efficiencies or cost savings to be made. Perhaps your needs as a company have evolved. Or perhaps a new technology or trend is challenging or supplanting existing approaches. By Naomi Scott, Callum Jackson @IBM.

Despite the current drive towards container adoption, not all companies have a mature container strategy — never mind an environment for deployment — and being the pioneer within the organization can be a daunting prospect. Containers boast a lot of advantages, including simplicity and development acceleration, but are there alternatives that provide the same or better?

The article then describes:

• The power of simplicity
• Saving money
• Building resilience
• Performance is key
• Scalability
• Securing your business

Containers provide a great option for modernization, but they might not be a suitable approach for those who do not have a wider containerization strategy. In this article, the common drivers for the adoption of containers have been compared with the benefits that can be delivered by the MQ Appliance. Considering the strengths of each alongside your needs and priorities is key when thinking about a container like approach. Both solutions have advantages and can be used independently or together as part of a hybrid solution.

In this article I’m going to show you a few common patterns for client authentication based on tokens, and how can they be implemented in a Python API back end. This method of authentication works well for rich clients, like JavaScript-based front end applications running in the browser, or perhaps a command-line (CLI) application. By Miguel Grinberg.

In terms of their composition, there are two large groups or categories of tokens that I’m going to discuss in this article. Depending on the needs of your application you will have to choose which type of token works best. To be honest, I do not know if there are formal names for these, so I’m going to name them myself. The two groups are random tokens and signed tokens.

The article is split into following sections:

• Types of tokens
• Random tokens
• Signed tokens
• How does the client get the token?
  • Copy/Paste method
  • Auth endpoint method
• Authenticating API endpoints
• Token revocation

An important security consideration when working with token authentication is making it easy to revoke tokens. This is not only important to control a leak, but also as a “logout” mechanism that clients can use to disable a token once they don’t need it anymore, ensuring that even if this discarded token is leaked it won’t be of use. Good read!