CodeIsGo.com

Older but still valid article by Jason Kitcat. Business cases are not a good way to make decisions. They give us false certainty and almost invariably mislead some or all of an organisation’s leadership.

Business cases are lies. Not wilful lies usually, but they end up with the same results: misleading, misinforming and hiding reality.

The ability to observe, orient, decide and act continuously is not the norm when business cases live among us. Let’s unpack our example:

• The Requirements – The idea that we can capture all our requirements and then share them with suppliers to get answers is fantastical, and wrong.
• The Cost – Software should not be a capital expenditure. It is a continuously changing, living thing that needs constant care and maintenance.
• The Time – Building a bridge or a school? Then a fixed timeline (with padding for slippage) makes sense. Trying to change complex systems issues like integrating health and social care? Then a fixed time business case is the wrong tool for the job.

And author notes: I understand that the ‘certainty’ and ‘process’ surrounding business cases can be comforting for colleagues. But we’re fooling ourselves, we need to be courageous and hold the uncertainty as we explore the problems we face in open, collaborative ways. How interesting!

Border Gateway Protocol (BGP) is an enormous protocol with a nearly endless list of features, knobs and capabilities. BGP’s mechanism for choosing the best path is complex but also well known. You should brush up on that algorithm if you’re out of practice. By Nicholas Russo.

The article covers following topics:

• Use the Multi Exit Discriminator (MED)
• Use AS-path prepending
• Use longest-match routing
• Reference configurations

This blog explores a lesser-known but powerful traffic engineering technique using BGP communities and the local-preference value. You should have basic familiarity with BGP and IP routing in general to realize the most value from this blog. Good read!

In this post author will cover different tunneling features as supported by OpenSSH, which helps achieve security use cases such as remote web service access without exposing port on the internet, accessing server behind NAT, exposing local port to the internet. OpenSSH is the most widely used open-source SSH server. It comes pre-installed by default with the vast majority of Linux distributions. By Sakshyam Shah.

If you are looking for a modern open-source alternative to OpenSSH that is optimized for elastic multi-cloud environments and supports other access protocols in addition to SSH, make sure to check out Teleport.

The article then pays attention to:

• What is SSH tunnelling?
• Local port forwarding
• Dynamic port forwarding
• SSH TUN/TAP tunneling
• Bonus - SSH tunnel over TOR
• Security concerns of SSH tunnelling

Source: @goteleport.com https://goteleport.com/blog/ssh-tunneling-explained/

Although the default behavior of an SSH server is to return a remote server’s shell over an encrypted channel, SSH supports sending and receiving binary data over SSH. Transporting arbitrary data streams over SSH sessions is also known as SSH tunneling. Very good!

Security operations has seen non-stop evolution and growth for many years, but the past 18 months has been particularly impactful on security operations teams. In addition to the drastic transformation brought on by the COVID-19 pandemic, there have also been some significant breaches that have shifted perspectives and highlighted some key areas of concern. By pwheiler.

The report is based off the experiences of 520 security operations executives, managers and decision makers, hailing from seven different countries across North America, Europe, Asia, and Australia.

The report identifies Major SOC Challenges:

• Monitoring security across a growing attack surface
• Expanding workloads to cloud/hybrid environments
• Pre-emptively detecting threats to reduce exposure

In addition to these challenges, the report found that 97% of organizations are reporting a need for additional skilled staff on their security operations teams, suggesting that the long-standing talent war in security operations has continued.

Overall, the current state of SecOps globally suggests a need for greater cyber resilience in the face of expanding attack surfaces, significant workforce transformation, ever-evolving threats and other drastic changes. Organizations should invest the necessary resources to identify gaps in their cybersecurity posture and evaluate their overall cyber resilience. Interesting read!

I’ve used F# a lot in the last 3 years and for quite some time I wanted to collect a few good starting points to venture into F# in one place. I also wanted to collect some of those random things that I felt weren’t easily available anywhere because they fall through the cracks of the official language reference and library documentation. By Justine Kavanaugh-Brown.

The article then describes:

• Why would I want to use F#?
• Why would I not want to use F#?
• How am I supposed to be writing this?
• Debugging and the REPL
• The standard library
• Code formatting
• Packaging
• Testing

Worth a special mention is the SAFE stack. This is a preconfigured template that sets up F# on the backend (using ASP.NET core via either the straight forward Giraffe library or the more opinionated Saturn library), and on the frontend (using Fable 2 as of late 2020). The SAFE template can either be used in a barebones configuration or in a more opinionated, fully fledged version that comes with frontend and backend testing libraries, Bulma preselected as a style framework, a choice of type safe automated communication between frontend and backend and so forth. Good read for anybody who wants to learn Fsharp!

Pattern matching for switch follows logically from pattern matching for instanceof, which was delivered as part of JDK 16. By Justine Kavanaugh-Brown.

A pattern is something you can test a value against. A value will either match a pattern or not match a pattern. If a value matches the specified pattern, the pattern variable is initialized with the value it matched.

The pattern itself can contain holes because you don’t want to specify all the details of every part of the value. So, sometimes a developer puts placeholders in certain places within the pattern. We use variables to represent those holes. We call them pattern variables, but they’re really just local variables.

Prior to JEP 406, switch had a very important design feature: It threw a null pointer exception if the value of the selector expression was null—without looking at any of the body of the switch block. Null simply wasn’t permitted as an option. Now that we’re enhancing switch to do pattern matching and more-complicated things coming in the future, forbidding null seems like an unsustainable design decision.

static String formatterPatternSwitch(Object o) {
    return switch (o) {
        case Integer i -> String.format("int %d", i);
        case Long l    -> String.format("long %d", l);
        case Double d  -> String.format("double %f", d);
        case String s  -> String.format("String %s", s);
        default        -> o.toString();
    };
}

This is the next step in pattern matching for Java, where patterns are not just solely asking about types but rather do more work by deconstructing the value for you. Good read!

The public sector includes many different areas. Some groups leverage cutting-edge technology, like military leverage. Others like the public administration are years or even decades behind. This blog series explores both edges to show how data in motion powered by Apache Kafka adds value for innovative new applications and modernizing legacy IT infrastructures. By Kai Waehner.

The article also contains information on:

• Real-time is mandatory for a smart city everywhere
• Low latency and 5G networks for (some) data streaming use cases
• Collaboration between government, city, and 3rd party via Open API
• Data in motion with Kafka for a connected and innovative smart city

Smart City is a vast topic. Many stakeholders are involved. Collaboration and Open APIs are critical for success. In most cases, governments work together with telco providers, infrastructure providers such as the cloud hyperscalers, and software vendors (including an event streaming platform like Kafka). Most valuable and innovative smart city use cases require data processing in real-time. The use cases require data integration, storage, and backpressure handling, and data correlation. Event Streaming is the ideal technology for these use cases. Good read!

DDoS (distributed denial of service) events occur when an attacker or group of attackers flood your application or API with disruptive traffic, hoping to exhaust its resources and prevent it from functioning properly. Bots and scrapers, too, can misbehave, making far more requests than is reasonable. By Jim O’Connell.

In this blog, we cover several ways that you can use overall rate limiting to mitigate the effects of these kinds of events, but the HAProxy Kubernetes Ingress Controller offers even more fine-grained control to fend off DDoS attacks using several annotations that can help you build a powerful first line of defense on an IP-by-IP basis.

The article then describes following together with code examples:

• Rate limit requests
• Rate limit period
• Custom status codes
• Rate limit size

The most important annotation to understand is rate-limit-requests. This setting is an integer that defines the maximum number of requests that will be accepted from a source IP address during the rate-limit-period, which defaults to one second.

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: web-ingress
namespace: default
annotations:
  haproxy.org/rate-limit-requests: 10

By adding this annotation to your config, any single IP address is limited to 10 requests per second, after which their requests would be denied with a 403 status code. And more examples in the article. Very good read!

A beginner’s crash course in GraphQL & REST APIs. In this series, I’ll be sharing all the tools and technologies that I’ve picked up in my first year in the hopes of helping other entry-level engineers on their journey. By Camila Ramos.

You tell GraphQL how to come up with the answers to your query. In the schema, you’ve defined what type of each field’s response will be, but the resolvers are where you tell GraphQL how to come up with your data.

In this post author is hoping to answer the following questions:

• What is an API and how are they used?
• What is a REST API?
• The five major problems with REST APIs
  • Rigid endpoints
  • Overfetching
  • Underfetching
  • Multiple requests
  • No idea what the response will be
• What is GraphQL & why is it used as an alternative to REST?

GraphQL is a query language for your API that allows you to fetch data declaratively - AKA you can tell it exactly what data you want, and it’ll return just that. No more, no less. Instead of working with rigid endpoints that are predefined for you, you can write custom queries to receive the data you need. The GraphQL equivalent to GET is a query, and a mutation is the equivalent to POST, PUT, DELETE, or PATCH. Good read!

When running your Node.js application in Azure Linux App Service, you may encounter High CPU consumption issue. By Hanli_Ren.

v8-profiler-node8 is one of the tools that can help us profile the CPU usage of a Node.js application. Normally, we need to explicitly insert code to control where to start and stop profiling in the application code. But for complex applications running in production mode, it’s hard to decide at which position of the code to start/stop profiling. Also, it will generate too many profiler result files if we continuously profiling a running App Service.

The article provides practical information on:

• How to install and inject v8 CPU profiler in your Node.js application code
• How to capture CPU profiler dump in Linux App Service
• How to use Google Chrome Developer tools to analyze the profiler file

Together with bunch of screenshots and code examples so you can debug successfully. Good read!