CodeIsGo.com

The public sector includes many different areas. Some groups leverage cutting-edge technology, like military leverage. Others like the public administration are years or even decades behind. This blog series explores both edges to show how data in motion powered by Apache Kafka adds value for innovative new applications and modernizing legacy IT infrastructures. By Kai Waehner.

The article also contains information on:

• Real-time is mandatory for a smart city everywhere
• Low latency and 5G networks for (some) data streaming use cases
• Collaboration between government, city, and 3rd party via Open API
• Data in motion with Kafka for a connected and innovative smart city

Smart City is a vast topic. Many stakeholders are involved. Collaboration and Open APIs are critical for success. In most cases, governments work together with telco providers, infrastructure providers such as the cloud hyperscalers, and software vendors (including an event streaming platform like Kafka). Most valuable and innovative smart city use cases require data processing in real-time. The use cases require data integration, storage, and backpressure handling, and data correlation. Event Streaming is the ideal technology for these use cases. Good read!

DDoS (distributed denial of service) events occur when an attacker or group of attackers flood your application or API with disruptive traffic, hoping to exhaust its resources and prevent it from functioning properly. Bots and scrapers, too, can misbehave, making far more requests than is reasonable. By Jim O’Connell.

In this blog, we cover several ways that you can use overall rate limiting to mitigate the effects of these kinds of events, but the HAProxy Kubernetes Ingress Controller offers even more fine-grained control to fend off DDoS attacks using several annotations that can help you build a powerful first line of defense on an IP-by-IP basis.

The article then describes following together with code examples:

• Rate limit requests
• Rate limit period
• Custom status codes
• Rate limit size

The most important annotation to understand is rate-limit-requests. This setting is an integer that defines the maximum number of requests that will be accepted from a source IP address during the rate-limit-period, which defaults to one second.

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: web-ingress
namespace: default
annotations:
  haproxy.org/rate-limit-requests: 10

By adding this annotation to your config, any single IP address is limited to 10 requests per second, after which their requests would be denied with a 403 status code. And more examples in the article. Very good read!

A beginner’s crash course in GraphQL & REST APIs. In this series, I’ll be sharing all the tools and technologies that I’ve picked up in my first year in the hopes of helping other entry-level engineers on their journey. By Camila Ramos.

You tell GraphQL how to come up with the answers to your query. In the schema, you’ve defined what type of each field’s response will be, but the resolvers are where you tell GraphQL how to come up with your data.

In this post author is hoping to answer the following questions:

• What is an API and how are they used?
• What is a REST API?
• The five major problems with REST APIs
  • Rigid endpoints
  • Overfetching
  • Underfetching
  • Multiple requests
  • No idea what the response will be
• What is GraphQL & why is it used as an alternative to REST?

GraphQL is a query language for your API that allows you to fetch data declaratively - AKA you can tell it exactly what data you want, and it’ll return just that. No more, no less. Instead of working with rigid endpoints that are predefined for you, you can write custom queries to receive the data you need. The GraphQL equivalent to GET is a query, and a mutation is the equivalent to POST, PUT, DELETE, or PATCH. Good read!

When running your Node.js application in Azure Linux App Service, you may encounter High CPU consumption issue. By Hanli_Ren.

v8-profiler-node8 is one of the tools that can help us profile the CPU usage of a Node.js application. Normally, we need to explicitly insert code to control where to start and stop profiling in the application code. But for complex applications running in production mode, it’s hard to decide at which position of the code to start/stop profiling. Also, it will generate too many profiler result files if we continuously profiling a running App Service.

The article provides practical information on:

• How to install and inject v8 CPU profiler in your Node.js application code
• How to capture CPU profiler dump in Linux App Service
• How to use Google Chrome Developer tools to analyze the profiler file

Together with bunch of screenshots and code examples so you can debug successfully. Good read!

The aim of the series is to walk you through a detailed introduction of Kubeflow, a deep-dive into the various components and how they all come together to deliver a complete MLOps platform. By Jimmy Guerrero.

In this post we’ll take a look at the different Kubeflow distributions that are available and walk you through some installations using MiniKF:

• Installing Kubeflow
• Packaged Kubeflow Distributions
• Other Platforms with Kubeflow Packaged Distributions

For the purposes of this blog we are going to focus on getting up and running with MiniKF. Why?

• MiniKF is the easiest distribution to get started with, even for folks with limited Kubernetes experience
• MiniKF is cross platform. It runs on AWS, GCP and even locally via Vagrant
• MiniKF comes with prebundled add-ons like Kale and Rok that make it much easier to build pipelines and manage data then the basic Kubeflow distribution offers

You will find video tutorials which will walk you through installation steps on various platforms. Nice one!

So when we say PostgreSQL is the “batteries included database,” this is just one reason why. With Postgres, you don’t need to immediately look farther than your own database management system for a full-text search solution. If you haven’t yet given Postgres’ built-in full-text search a try, read on for a simple intro. By Kat Batuigas.

The article describes:

• Postgres full-text search basics for the uninitiated
• Example: Searching storm event details
• Functions for weighting and ranking search results

You can get even deeper and make your Postgres full-text search even more robust, by implementing features such as highlighting results, or writing your own custom dictionaries or functions. You could also look into enabling extensions such as unaccent (remove diacritic signs from lexemes) or pg_trgm (for fuzzy search). Speaking of extensions, those were just two of the extensions supported in Crunchy Bridge. We’ve built our managed cloud Postgres service such that you can dive right in and take advantage of all these Postgres features. Good read with SQL query and code exmaples!

One thing most customers want to know is how to coordinate writes to more than one system of record. Answering this question typically involves a long explanation of dual writes, distributed transactions, modern alternatives, and the possible failure scenarios and drawbacks of each approach. By Bilgin Ibryam.

The single indicator that you may have a dual write problem is the need to write to more than one system of record predictably. This requirement might not be obvious and it can express itself in different ways in the distributed systems design process.

The article then walks you through:

• The dual write problem
• The modular monolith
• Orchestration architecture
• Choreography pattern
• Parallel pipelines pattern
• How to choose a distributed transactions strategy

Source @https://developers.redhat.com: https://developers.redhat.com/articles/2021/09/21/distributed-transaction-patterns-microservices-compared#the_modular_monolith

Each pattern is explained from architecture, benefits and drawback points of view. In a sizable distributed system with tens of services, there won’t be a single approach that works for all, but a few of these combined and applied for different contexts. You might have a few services deployed on a shared runtime for exceptional requirements around data consistency. You might choose a two-phase commit for integration with a legacy system that supports JTA. You might orchestrate a complex business process, and also use choreography and parallel processing for the rest of the services. In the end, it doesn’t matter what strategy you pick; what matters is choosing a strategy deliberately for the right reasons, and executing it. Excellent read!

Over the course of this series, we are going to cover various topics associated with Google Cloud’s Anthos. The series will involve conceptual understanding supplemented by practical tutorials for you to get up to speed on what some consider a revolutionary piece of technology. By Alfred Tommy.

When you have a microservices based architecture, it proves challenging to manage these individual services. For example, you may want to authenticate/authorise requests between services, you would probably like to get some observability on the network traffic between services, you may even want to split traffic between services. All this and more can be achieved with a service mesh.

Anthos actually comprises of a suite of services, the key ones being:

• Infrastructure management
• Container management and orchestration
• Service management
• Policy enforcement

The article then explains in detail installing Anthos Service Mesh with a Google Managed Control Plane. Plenty of screenshots and command line exmaples will get you going. Nice one!

Ionic Portals offers a supercharged native Web View component for iOS and Android that enables teams to add web-based experiences to native mobile apps. Now, native and web teams can better collaborate while bringing new and existing web experiences to mobile in a safe, controlled way. By Josh Thomas.

The best part? Each Portal can be updated individually. Say you have a web team that manages the FAQ Portal, one that manages the checkout experience, and one that manages a user profile page. The checkout team can safely ship an update to their web experience whenever they want, without disrupting the other web teams or the native release process. Sign up to be notified when this launches this Fall.

The article provides introduction video explaining the concept plus reads about:

• Why Ionic Portals?
• How Ionic Portals works
• iOS configuration
• Configuring Android
• Adding a Portal (web app)
• Beyond the basics

So in essence, this is a huge step in our evolution as a platform and the fulfillment of Ionic’s Web Native vision, one where web developers push the limits of what’s possible with modern web technology and APIs.

Using AWS CloudFront and AWS WAF together, you can add some security to your sites with less work and focus on making features for your users. By Peter Grainger.

In this post, author will provide some information about AWS CloudFront, AWS WAF, and SQL injection. Then he will provide a step-by-step guide on how to use the two AWS services together to protect against SQL injection.

The main content of the article:

• Some background information on AWS WAF, CloudFront, and injection
• Providing protection for the GeoJS API using AWS WAF
• How to use CloudFront and AWS WAF together to protect against SQL injection attacks

Injection is the number one critical risk for web applications according to OWASP. Setting up AWS WAF with AWS managed rules means you have less maintenance updating the WAF for each new vulnerability. You connect to the AWS WAF in the CloudFront distribution wizard when creating a new distribution. After configuring both services, you can test the WAF will block incoming SQL injection attacks before they reach your application.

You will also get detailed breakdown of steps to set up WAF for this scenario together with screenshots. Nice one!