CodeIsGo.com

Databases are an essential piece of almost every software product. A database is an organized place to store data. At some point, every company realizes that the amount of data they have increases over time. They cannot afford to lose all the accumulated information. By Dmytro Khmelenko.

Making a regular backup is a good practice (and not only with databases). Generating a backup is a long process and it is not performed every minute. That being said, losing the user’s data gathered since the most recent backup is still a possibility. The general approach to database replication is similar to idea with a backup — to have copies of the data. The difference is in the how. Unlike with a backup, replication is performed on each data modification. This is a permanent process. It is not limited only by that purpose.

While the idea is clear, the implementation brings some challenges. The database roles on each computer in a distributed system cannot be equal. Some databases will accept only write requests and others only read requests. The database performing a write operation is a Leader and the database performing a read-only operation is a Follower.

When there are multiple Leaders in the system, an additional synchronization between the Leaders is necessary. When a user updates data through one Leader, the rest of the Leaders should be notified about the changes. In the era of digital products and constantly growing traffic, data replication becomes a necessity. It not only reduces the risk of disasters and data loss but also improves the performance of the final solution. Good read!

Find out why you should be using low-code apps to build internal tools. By leveraging the speed and cost benefits of the new range of low and no-code tools available, you can use your expertise to deliver applications faster than ever before. By James Konik.

You may have heard the terms low-code and no-code floating around and pictured them as something similar. That’s a mistake. Low-code is not the same as no-code.

Low-code development still requires code but handles the bulk of the application for you, enabling you to concentrate on implementing the task-specific logic you need. With low-code, you can rely on the platform to deal with common tasks that you don’t need to customize and focus your efforts on the core functionality or differentiated business logic.

The article is split into these sections:

• What is a Low-Code Platform (LCP)?
• What are Internal Applications?
• Reasons to use Low-Code in Internal Applications
• Limitations of Low-Code Platforms

The creativity and problem-solving abilities developers possess can be turbocharged by using low-code apps effectively. If you’re new to this booming area, take a look. You might find yourself hooked. You might also find yourself delivering value to your customers at a rate you didn’t previously think possible.

The key limitation with low-code platforms is that they can’t do everything you can with regular code. Having things done for you is great, but if you want to deviate from what’s offered, you might not always be able to. Good read!

While there are several ways to host container workloads in Azure, Azure Kubernetes Service (AKS) provides the easiest way to deploy Kubernetes for teams needing a full orchestration solution. By Jim Counts.

AKS seems to gain new features every week. Depending on your needs deploying a repeatable, consistent AKS configuration can be challenging. Infrastructure-as-Code tools like Terraform bring this complexity under control (source control, that is!) Let’s take a look at spinning up an AKS cluster using Terraform.

The AKS cluster in this guide supports the following features:

• AKS-managed Azure Active Directory integration
• Azure Monitor for Containers
• Automatic AKS version upgrades
• Separate node pools for user and system workloads
• A system assigned managed cluster identity
• Autoscaling node pools
• Availability Zone Configuration
• Azure Policy for Kubernetes

This is an extensive guide to AKS on Azure with loads of code examples and a detailed explanation of each step. Nicely done!

It looks like PHP will get fibers soon with PHP 8.1! That’s awesome! Or is it. By Christian Lück.

Fibers are primitives for implementing light weight cooperative concurrency [in Ruby]. Basically they are a means of creating code blocks that can be paused and resumed, much like threads. The main difference is that they are never preempted and that the scheduling must be done by the programmer and not the VM.

The article then covers:

• What are fibers?
• Will fibers bring async to PHP?
• Do we need fibers for async PHP?
• What problem do fibers solve?

As detailed in the previous section, we need a scheduler (or event loop) in order to run things asynchronously or concurrently. This means you would still have to use something like ReactPHP, Swoole or Amp for async PHP. With or without fibers, async PHP will be provided by external libraries. Good read!

In fact, with fibers you will no longer see that a function call is asynchronous at all. Fibers allow you to express a synchronous program flow, so you don’t have to deal with any async execution at all. Interestingly, this also means the average PHP application developer will also never interface with the Fiber implementation at all. I think this is a great plus. Good read!

The Synopsys Cybersecurity Research Center (CyRC) analyzed more than 3,000 popular Android applications to assess the state of mobile app security during the COVID-19 pandemic. By @securitymagazine.com.

The research focused on three core areas of mobile app security:

• Vulnerabilities: The presence of known software vulnerabilities in the applications’ open source components
• Information leakage: Sensitive data such as private keys, tokens, and passwords exposed in the application code
• Mobile device permissions: Applications requiring excessive access to mobile device data and features

The analysis reveals that the majority of apps contain open source components with known security vulnerabilities. It also highlights other pervasive security concerns including myriad potentially sensitive data exposed in the application code and the use of excessive mobile device permissions.

Some oof the interesting findings:

• App composition – open source is eating the app store! 3,267 (98%) of the apps contained open source software (OSS) components, with an average of 20 OSS components per app
• The vulnerable apps contained an average of 39 distinct vulnerabilities
• 94% of the vulnerabilities detected have publicly documented fixes
• 73% of the known security vulnerabilities are more than two years old

For consumers, this report highlights the jarring reality that even the most popular mobile apps are not immune to security and privacy weaknesses and should not be trusted implicitly. For app developers, this underscores the urgent need for secure software development practices and better overall privacy and security hygiene. Great read!

This blog series on Microsoft’s Well-Architected Framework for Azure will equip you with the foundational knowledge and resources you need to become an expert in cloud migration best practices. By Jerry Rhoads.

Imagine you’ve just moved your customer to the cloud, or that you inherited an existing cloud migration. Back in the day, a server move or a deployment entailed downtime, un-racking, and loading servers into the back of a truck and driving (carefully) to the new datacenter, unpacking, and re-racking. Some of the biggest headaches were ping, power, and pipe.

With their workload now moved to the cloud, your customer has some new questions:

• How do I know my data is secure?
• Can I handle a sudden spike in traffic?
• How does the application handle failure?
• Are we making the most of the cloud, e.g., am I using the cloud to its full potential?

The Microsoft Azure Well-Architected Framework is a set of guiding tenets that can be used to improve the quality of a workload. This framework is built on five pillars of architectural best practices for cloud workloads:

Source: @microsoft.com https://www.microsoft.com/en-us/us-partner-blog/2021/01/26/an-introduction-to-azures-well-architected-framework/

Please follow the next post in the series which will take a deep dive into the pillars. Good read!

We often get confused about fetching data and how to connect our frontend application with the backend and we always end up reading tonnes of articles. Stop fetching data in Redux actions. By Shrey Vijayvargiya.

While fetching data from API we prefer Redux actions to fetch data followed by dispatching the Redux actions to update the store. Well, this logic is not totally wrong but it has the following consequences:

• Fetching of data updates/re-renders the whole application irrespective of the fact that data is concerned to that particular component or not
• Less control for user feedbacks activity, you are restricted to give the user a better response from the API. For example showing loader, errors etc
• Actions inside Redux become more complex and difficult to read

The main logic behind redux is that we will have a store where all the common values shared among components will be stored and actions that will help to dispatch any data to update the store using reducers. Our main agenda should be to keep it as simple as the definition.

• Add all API fetching methods separately
• Create separate actions for updating the store
• Name every action accordingly for better understanding
• Call the fetching method inside components and update the Redux store via action after the API response

In this approach, we can give the user a better view of response from API, Most important is user experience, for example, loader, errors, internet connectivity or server is under maintenance this kind of issues are very often and certain to occur in application and not providing better transparency to the user regarding the issues will end up creating the bad user experience. Good read!

Gartner predicts that by the end of 2025, over 65% of development projects will use low-code builders. The field of low-code continues to expand. But what security implications does low-code introduce? By Bill Doerrfel.

Low-code refers to tools that enable application construction using visual programming models. Adopting drag-and-drop components instead of traditional code, no-code and low-code platforms enables non-technical folks to construct their own workflows without as much help from IT. Yet, handing power to citizen developers with less security training can be risky. Plus, low-code platforms may hold compromised propriety libraries or leverage APIs that may unknowingly expose sensitive data to the outside world. There’s also the possibility that low-code could increase shadow IT if not governed well.

The article then further covers:

• Low-Code security concerns
• Ways to harden Low-Code environments
• Change the attitude toward security
• No-Code ≠ No-Bug

Low-code continues to permeate more and more digital operations, opening up novel potential for citizen developers. While the low-code movement promises impressive returns, it also brings potential risk. To mitigate these concerns, we must level up our security understanding and evolve our approaches, Wysopal said. “Any application can have flaws and security bugs in them.” Just because you’re not writing a function in C and are relying on a visual programming model doesn’t mean you’re not introducing flaws. Good read!

ACID Transactions are a must when you have strict data consistency requirements in your application. The costs of running transactions on distributed systems can rapidly create bottlenecks at scale. By Denis Rosa, Developer Advocate, Couchbase.

ACID transactions in NewSQL databases require more coordination than in NoSQL, as the data related to an entity is split into multiple tables which might live in different nodes. The relational model, as we use today, requires transactions for the majority of the writes, updates, and cascading deletes. The extra coordination that the NewSQL architecture requires comes at a cost of reduced throughput for applications requiring low latency operations.

The content of this guide:

• Relational vs NewSQL vs NoSQL Transactions
• Atomicity in RDBMS
• Atomicity in NewSQL
• Atomicity in Document Databases
• Multi-Document Distributed ACID Transactions in Couchbase
• Couchbase Architecture Review
• Distributed Transactions without a Central Coordinator
• Handling Isolation – Monotonic Atomic View
• Repeatable Reads and Monotonic Atomic Views
• Durability in a Distributed Database

… and more. Couchbase has support for the Read Committed/Monotonic Atomic View consistency models. But how good is that? Well, Read Committed is the default choice in Postgres, MySQL, MariaDB and many other databases out there; if you never changed that option, that’s what you are using right now. Yuo will also get charts explaining the concepts together with links to further reading. Very good!

Want to know more about static site generators? How to host your static website using Azure services, or how you can automate the full integration of your web code and the deployment of your site build? Either way, this series of blog posts is for you! By Rolf Schutten.

A static website is a website that is delivered in the user’s web browser exactly as it is stored, as opposed to dynamic web pages generated by a web application. Static web pages are often HTML files that are stored as files, and made available by the web server via HTTP(S).

The article covers a series of topics that includes:

• Understanding static websites
  • Next.js
  • Gatsby
  • Hugo
  • Jekyll
• Create your static website

This article is part of a series that also includes:

• The only guide you need for a static website in Azure — Part 2: Host your site using Azure Blob Storage. In this article, author covers how you can host your static website in Azure Blob Storage, what there is to choose from, and some basics around Content Delivery Network (CDN).
• The only guide you need for a static website in Azure — Part 3: Automate using Azure DevOps Pipelines. In this article, author covers what the Azure DevOps services are, and how to automate the build and deployment for your static website to Azure storage.

Nice and easy intro into JamStack and static websites. Good read!