CodeIsGo.com

An article about four strategies to achieve a true DevSecOps culture. For federal agencies, achieving mission success increasingly hinges on modernizing legacy systems and transforming operations. By Phoebe Nerdahl @Atlassian.com.

It’s no surprise that a growing number of government programs and IT departments are turning to DevSecOps software development methodologies and technologies to automate tool sets and centralize IT workflows. DevSecOps builds on the learnings and best practices of general DevOps, with the addition of security verification as an active, integrated part of the development process. When leveraged correctly, a DevSecOps approach delivers the agility and flexibility to speed up capabilities for citizens while streamlining redundant and time-consuming processes.

To support agency teams as they work to bridge this gap, author compiled a list of four recommendations that can enable agencies to realize the full potential of DevSecOps:

• Develop cross-agency collaboration
• Create open work environments
• Provide training opportunities
• Fuel repeatability and responsiveness

The four practices outlined here may take time to incorporate into your agency’s processes, but they will pay dividends. The result is a culture of trust and collaboration that adds value, transforms operations, and delivers mission success. You will alsop get links to further reading and amongst others to the Team Playbook - free workshop resources for addressing common team challenges and starting important conversations. Good advice!

While helping Windows Enterprise customers deploy and realize the benefits of Windows 10, I’ve observed there’s still a lot of confusion regarding the security features of the operating system. By Priyanka_Pillai @Microsoft.

Device Guard is a group of key features, designed to harden a computer system against malware. Its focus is preventing malicious code from running by ensuring only known good code can run. Credential Guard is a specific feature that is not part of Device Guard that aims to isolate and harden key system and user secrets against compromise, helping to minimize the impact and breadth of a Pass the Hash style attack in the event that malicious code is already running via a local or network based vector.

Device Guard consists of three primary components:

• Configurable Code Integrity (CCI) – Ensures that only trusted code runs from the boot loader onwards.
• VSM Protected Code Integrity – Moves Kernel Mode Code Integrity (KMCI) and Hypervisor Code Integrity (HVCI) components into VSM, hardening them from attack.
• Platform and UEFI Secure Boot – Ensuring the boot binaries and UEFI firmware are signed and have not been tampered with.

Although separate from Device Guard, the Credential Guard feature also leverages Virtual Secure Mode by placing an isolated version of the Local Security Authority (LSA – or LSASS) under it’s protection. You will also find screen grabs explaining how to set up described configurations. Good read!

This handy directory provides summaries and links to the full text of each security or privacy law and regulation. By csoonline.com.

This directory includes laws, regulations and industry guidelines with significant security and privacy impact and requirements. Each entry includes a link to the full text of the law or reg as well as information about what and who is covered.

It captures the resources for the following categories:

• Broadly applicable laws and regulations
• Industry-specific guidelines and requirements
• US state laws
• International laws

It explains briefly the purpose of the standard, to whom it applies, key points for CISOs and link to actual document. You will also get links to other useful resources for CISO. Excellent source of information and good to keep in your bookmarks list!

There are many database technologies available on Azure that you can choose from. Why would you use Azure SQL. By Davide.

Azure SQL is the relational and post-relational database that I’d like to say has “batteries included”. I borrowed that term from Python, one of my preferred languages, and that’s also the main reason why it is a great database for developers.

The article then explains:

• Post-Relational features for the modern apps
• Complete storage control and abstraction with Columnstore and Rowstore
• Ultra-high concurrency with Lock-Free Memory-Optimized tables
• Time Traveling with “As-Of” queries
• Encryption, Masking and Row-Level Security
• Blocking and Non-Blocking Transactions
• Complete Monitorability and Full Insights

.. and more. Azure SQL has drivers support for all the most common languages be it C#, Java, Python, Node or Go. With .NET the newly released Microsoft.Data.SqlClient is the way to go, open source and backward compatible with System.

And just because Azure SQL in SQL server are just different twins, everything you will use on Azure SQL it will be easily usable on SQL Server which runs on Windows, but also on Linux and even on Edge devices. A database that spans from the cloud to the edge. Good read!

Batch processing has been a challenging area of computer science since its inception in the early days of punch cards and magnetic tapes. By Mahmoud Ben Hassine. In this blog post, author introduces some of the challenges a batch developer or architect may face when designing and running batch applications at scale and show how Spring Batch, Spring Boot and Kubernetes can tremendously simplify this task

The main content:

• Fault tolerance
• Robustness
• Cost efficiency
• Observability
• Scalability
• How does Spring Batch make a batch developer’s life easier?
• How does Kubernetes make the batch operator’s life easier?
• Spring Batch on Kubernetes: a perfect match, in action
• Tips and Tricks

We are dealing with an unprecedented amounts of data, which is impossible to handle on a single machine any more. Correctly processing large volumes of distributed data is probably the most challenging point. Cloud-native batch applications should be scalable by design.

This post showed how to go from start.spring.io to Kubernetes in three simple steps, thanks to the productivity of the Spring ecosystem, but this is only scratching the surface of the matter. You will get full application example with all the code and kubernetes deployment files. Nice one!

Scala, first appearing in 2004, is neither an old stalwart nor a new player in the programming language market. This post will discuss the unique combination of features that Scala provides and how it compares to other languages on the market, diving beneath the superficial experience to explore the fundamentals of the language. By Haoyi.

Scala combines object-oriented and functional programming in one concise, high-level language. Scala’s static types help avoid bugs in complex applications, and its JVM and JavaScript runtimes let you build high-performance systems with easy access to huge ecosystems of libraries.

The article’s main sections:

• User-facing selling points of the Scala language
• A compiled language that feels dynamic
• Hybrid languages
• Why use a hybrid language?
• Easy safety and correctness
• Functional programming
• A broad and deep ecosystem
• All in on Static Analysis
• Inference for ease of use

… and more. Scala more than most languages focuses on static compilation and analysis. Almost all Scala language features are resolved statically, with even the “monkey-patch”-esque extension methods and implicit conversions implemented at compile-time rather than runtime.

At small scale, the personal preference between static typechecking doesn’t matter. At larger scale, the lack of static typechecking is a huge pain point for anyone maintaining a system. While that was not so clear in the past, today we can see every dynamic language adding support for static typing.

Scala is a language that scales well from one-line snippets to million-line production codebases, with the convenience of a scripting language and the performance and scalability of a compiled language. Scala’s conciseness makes rapid prototyping a joy, while its optimizing compiler and fast JVM runtime provide great performance to support your heaviest production workloads. Very nice!

Businesses today have a growing demand for real-time data integration, analysis, and action. More often than not, the valuable data driving these actions—transactional and operational data—is stored either on-prem or in public clouds in traditional relational databases that aren’t suitable for continuous analytics. By Bhooshan Mogal.

Cloud Data Fusion is a fully managed, cloud-native data integration and ingestion service that helps developers, data engineers, and business analysts alike to efficiently build and manage ETL/ELT jobs.

Let’s take a closer look at the benefits of replication in Data Fusion:

• Remove technical bottlenecks so even citizen developers can set up replication easily
• Feasibility assessment and actionable recommendations
• Easily access the latest operational data in real time for analysis within BigQuery
• Enterprise scalability to support high-volume transactional databases
• End-to-end operational visibility

Data Fusion also provides operational dashboards to monitor throughput, latency, and errors in replication jobs. Interesting for anybody dealing with big data!

Building a modern frontend application typically requires a lot of tooling. Think Babel, webpack, Parcel, Rollup etc. There’s a reason module bundlers are so popular. By Ohans Emmanuel.

There are lots of great tools to help simplify the process of beginning a new frontend project. If you’re even vaguely familiar with React, then you must have used create-react-app (unless you’ve been coding under a rock). It’s easy and convenient. Opinionated, yes, but it takes away a lot of the painful setup you may have had to do on your own.

So, what does author means by zero configuration? In this article, he’ll walk you through building a full-stack React app with Node.js on the backend, and we will do this without writing any configurations! No webpack, no complex setups — none. Nada. Zilch. The tool that avails us this ease is called Zero. Also known as Zero Server, it prides itself as a zero–configuration web framework.

The article covers following:

• The full-stack application
• Installation and getting started with Zero
• How routing works in Zero Server
• Folder structure for your Zero app
• Ignoring files with a .zeroignore file
• Building the homepage
• Global centralized page configurations
• Customizing the 404 pages
• Server-side development with Zero

These are the basics of getting a full-stack app built with Zero. Author strongly recommends checking out the official docs for cases he may not have mentioned in this article. The premise of Zero is particularly impressive, largely because of the varying file formats supported on the fronted and backend — React, Vue, Svelte, all the way to Python. Excellent source of info!

We’re talking about version control here, but we’re also talking about productive habits. The term that is being passed around is “micro-commit,” and it is one of those concepts that we didn’t realize needed a name or a definition or an article on a blog. By Tim Ottinger.

A micro commit is a tiny commit. It consists of the changes necessary to do one tightly-scoped change. Maybe it’s just a file reformat. Maybe it’s just a variable rename. It could be the addition of one loop or one statement. It might involve a new microtest and just enough code to make it pass. … I was surprised to find out that there are people who only commit maybe once or twice a week. All their code is at the mercy of their editor’s history and at risk of being lost or damaged. It’s unnerving for me to even think that way.

Industrial Logic has included the “integration” step of the refactoring process since long before I even joined the company. The tight loop of TDD here is Red, Green, Refactor, Integrate. Integrate is at least to commit, but preferably to pull and push as well (GIT terms for updating the code in the main development branch and sending the changes back to that branch for the rest of the team to use).

The article then discusses following topics:

• Not everyone does that?
• Do one thing vs while you’re at it
• Save your game
• Better code reviews
• Why rebase works for me
• But we are in a hurry
• Late addition

When people are working with several days’ worth of code uncommitted, and they run into some unforeseen problems, they’re stuck. They have to press forward. They can’t back up and regroup. If they were to reset, they could lose hundreds of changes. Good read!

It is not very difficult to find some best alternative to Gnome system monitor application that comes out of the box with Gnome desktop environments such as in Ubuntu operating systems. Hence, here are some. By Heyan Maurya.

Tools to check out Linux hardware performance presented in the below list contains both GUI and CLI (command line) ones for the terminal to provide detailed hardware and performance data in text mode or graphically.

The article capture and describes these tools:

• Stacer - Linux system optimizer and application monitor
• htop - Linux process and resource viewer
• xfce - task manager
• Conky - system monitor
• Monitorix - web interface Linux system monitor
• KDE System Guard - KSysGuard

After Glances, Monitorix one is another Gnome system monitor substitute that supports a web interface to give a view of the Linux process and hardware resources. Such monitoring software is a good option for command-line Linux servers, especially with a limited amount of hardware resources such as Raspberry pi. Monitorix can score where tools like Grafana or Munin are overdone. Good read!