Welcome to curated list of handpicked free online resources related to IT, cloud, Big Data, programming languages, Devops. Fresh news and community maintained list of links updated daily. Like what you see? [ Join our newsletter ]

Your complete guide to SSL/TLS and HTTPS


Tags ssl how-to infosec linux cio

Between the ever-increasing global cybersecurity threats and Google’s tightening security standards, it’s more important than ever for business owners to take active measures to safeguard their sites. Otherwise, you’re putting both yourself and your customers at risk. Not good. By David Wahlstrom.

This post will explain what SSL/TLS and HTTPS are and discuss the importance of having these features on your website. Then, we’ll show you how to implement an SSL/TLS certificate. The article contains advice on:

  • An introduction to SSL/TLS and HTTPS
  • Here’s how HTTPS protects your website
  • Why an SSL/TLS certificate is important for your website
  • How to tell if your website is using SSL/TLS
  • Different types of SSL certificates
  • Where to Get an SSL/TLS certificate for your website
  • How to install an SSL/TLS Certificate on Your WordPress Website (2 Options)

… and much more. Keeping your website secure is an ever-present consideration, and it’s equally important to ensure that your users know they can trust you. By adding an SSL/TLS certificate to your site and forcing secure connections through HTTPS, you can protect yourself and your users, while making sure everybody knows your site is safe to use. Good read!

[Read More]

Write object-oriented TypeScript well


Tags oop how-to programming javascript app-development

TypeScript enables you to code using object-oriented principles and techniques, and Rider helps you write TypeScript more efficiently and easily. In this blog post, we’ll look at the object-oriented features provided by the TypeScript language, and how to use Rider to implement them. By Rachel Appel.

The article main sections:

  • Object-oriented TypeScript
  • Classes in TypeScript
  • Inheritance
  • Polymorphism
  • Encapsulation
  • Abstraction
  • Modifying object models

Whether a web application or something on the back-end, you likely need an object model that works with your business logic. TypeScript really excels when it comes to object-oriented programming with JavaScript. Good read!

[Read More]

DuckDuckGo vs. Google: An in-depth search engine comparison


Tags search how-to browsers big-data cio analytics

Which search engine is better at finding the information you want, fast? We compare the features of DuckDuckGo and Google. By Sam Hollingsworth.

Google has grown into the dominant search engine that searchers rely on in almost every instance (at least in the United States), and let’s be honest - it’s for good reason.

The quality and depth of the results Google produces is what we’ve come to expect from the search experience.

But competitors are always going to be vying for search market share. Some of these alternative search engines are worth using, especially those that don’t fit the mold that Google made.

The article then dives in comparing search features, pros and cons of each search engine.

A staple of its foundation, DuckDuckGo preaches its desire to not track any information of its users or their searches and prides itself on offering the most private search engine on the market.

DuckDuckGo only owned .22% of the total search market share in 2017, which is less than Ask, Yandex, Baidu, and all three “major players” in the United States (Google, Bing, and Yahoo). This means there is room for a lot of growth, but it needs to sustain its increasing popularity for years to come to gain significant market share. Interesting read.

[Read More]

Why I don't miss React: a story about using the platform


Tags web-development react app-development javascript browsers

My initial focus was to introduce Web Components as the new fundamental building block of all new DevTools features and UI. With the recently launched Recorder panel along with others, there are now large parts of DevTools that are almost exclusively web components. By Jack Franklin.

When I left my React focused role behind I expected to find the transition hard, and miss what React had to offer. I’ve ended up finding the transition easier than expected and have come to really relish working closer to the platform’s primitives and maintaining more control over the software I write and in this blog post I’d like to share why that is.

The article then deals with:

  • Using the platform
  • Maintaining control
  • Pick dependencies that can be easily replaced
  • The cost of third party dependencies

One area where custom elements are lacking is some form of HTML templating solution that provides efficient re-rendering of HTML. I’d definitely recommend using a library for this, and we settled on lit-html. Nice read!

[Read More]

OOP: (Complex Systems)-Oriented Programming


Tags web-development oop app-development agile teams

This article explores the original idea of OOP, as it has been invented by Alan Kay. OOP was invented as a “systems-oriented approach” to programming, a way to build complex systems. Unfortunately, the name “object-oriented” created confusion and deemphasized this meaning. By Eugene Naumenko.

Complex systems usually expose “liveness” property, among others - they evolve continuously, without shut downs, since the first moment they emerge, or are started. Complex systems development happens while running, it is undesirable, or even not possible to built them ahead of time and start/stop at random moments in time.

Let’s see what properties are required to build complex, evolving, live systems. These would be:

  • Universal modularity
  • Late binding
  • Runtime
  • Messaging
  • Internal state

We can see that all these properties have abstraction property. Remember, abstraction is not a vague undefined idea, but a simplification which creates a new level of meaning, new semantic objects (see Dijkstra’s definition, and also Wikipedia’s one). That that all the essential properties of OOP have the abstraction property is not a coincidence. Abstraction is a way to handle entropy, and managing entropy is the way to build complex systems, both from human comprehension and structural nature of such systems points of view. Interesting read!

[Read More]

Using Kong API Gateway with an event driven system to modernize legacy integrations


Tags web-development devops app-development kubernetes containers

Let’s talk API gateways and event based integration a bit. Amazon API gateway has been a pillar of serverless applications on AWS, it allows developers to manage API endpoints backed by Lambda functions or potentially other services. By Sebastien Goasguen.

Building REST APIs with serverless functions has truly empowered developers to deliver products faster in the Cloud. For enterprises with significant on-premises systems, there is no AWS API Gateway, but you have the Kong Gateway which allows you to do similar things. In this post, we are going to go one step beyond and show you how you can use the Kong Gateway to expose a REST API in front of an event driven integration. In other terms, front your asynchronous event flow with an API.

The article also pays attention to:

  • First, a REST Endpoint
  • Second, an IBM MQ Connector in Kubernetes
  • Finally, Add a Synchronizer and Transformations

Moving to the Cloud does not mean throwing away decades of enterprise efforts, performance optimization, workflows and system of records. You do not need to lift and shift everything at once. What you can definitely do is modernize your approach to software development and start bringing in new technologies to your entire software and infrastructure stack. Nice one!

[Read More]

Automation isn't the biggest threat to US factory jobs


Tags robotics iot management miscellaneous cio agile

German factories have more robots than their US counterparts - so why are Americans four times more likely to leave their manufacturing jobs? By Anna Waldman-Brown.

The number of American workers who quit their jobs during the pandemic - over a fifth of the workforce - may constitute one of the largest American labor movements in recent history. Workers demanded higher pay and better conditions, spurred by rising inflation and the pandemic realization that employers expected them to risk their lives for low wages, mediocre benefits, and few protections from abusive customers - often while corporate stock prices soared.

The answer depends on more than what’s technologically feasible, including what actually happens when a factory installs a new robot or a cashier aisle is replaced by a self-checkout booth and what future possibilities await displaced workers and their children. So far, we know the gains from automation have proved notoriously unequal. A key component of 20th century productivity growth came from replacing workers with technology, and economist Carl Benedikt Frey notes that American productivity grew by 400 percent from 1930 to 2000, while average leisure time only increased by 3 percent. (Since 1979, American labor productivity, or dollars created per worker, has increased eight times faster than workers’ hourly compensation.)

While 8 percent of German manufacturing workers left their jobs (voluntarily or involuntarily) between 1993 and 2009, 34 percent of US manufacturing workers left their jobs over the same period. Thanks to workplace bargaining and sectoral wage setting, German manufacturing workers have better financial incentives to stay at their jobs; The Conference Board reports that the average German manufacturing worker earned $43.18 (plus $8.88 in benefits) per hour in 2016, while the average American manufacturing worker earned $39.03 with only $3.66 in benefits.

As the German example illustrates, robots can improve ergonomics and save workers from drudgery, and recent studies indicate that robot adoption can boost employment for small and midsize manufacturers by enhancing product quality, improving productivity, and allowing firms to branch into new product lines. Yet robots have also been known to have the opposite effect on workers—especially in larger factories with less skilled workers, where extensive automation can break up jobs and leave workers with repetitive, hard-to-automate tasks, such as continuously loading the same item into the same machine. But a lack of robots may make firms more susceptible to being outbid by higher tech rivals, potentially leading to even more widespread job loss in manufacturing. Very interesting read!

[Read More]

Rapid event notification system at Netflix


Tags streaming messaging kubernetes containers devops infosec

Netflix has more than 220 million active members who perform a variety of actions throughout each session, ranging from renaming a profile to watching a title. Reacting to these actions in near real-time to keep the experience consistent across devices is critical for ensuring an optimal member experience. By Ankush Gulati, David Gevorkyan.

This is not an easy task, considering the wide variety of supported devices and the sheer volume of actions our members perform. To this end, we developed a Rapid Event Notification System (RENO) to support use cases that require server initiated communication with devices in a scalable and extensible manner.

The main content is split into:

  • Motivation
  • Use cases
  • Design decisions
  • Single events source
  • Event prioritization
  • Hybrid communication model
  • Targeted delivery
  • Managing high RPS

Using a Push-and-Pull delivery model combination also supports devices limited to a single communication model. This includes older, legacy devices that do not support Push Notifications.

With over 220 million members, we were conscious of the fact that a service like RENO needs to process many events per member during a viewing session. At peak times, RENO serves about 150k events per second. Such a high RPS during specific times of the day can create a thundering herd problem and put strain on internal and external downstream services. Excellent read!

[Read More]

Increasing the security bar in Ingress-NGINX v1.2.0


Tags nginx kubernetes containers devops infosec

The Ingress may be one of the most targeted components of Kubernetes. An Ingress typically defines an HTTP reverse proxy, exposed to the Internet, containing multiple websites, and with some privileged access to Kubernetes API (such as to read Secrets relating to TLS certificates and their private keys). By Ricardo Katz (VMware), James Strong (Chainguard).

This is not our final goal. Our final goal is to split the control plane and the data plane processes. In fact, doing so will help us also achieve a Gateway API implementation, as we may have a different controller as soon as it “knows” what to provide to the data plane. Some other projects in Kubernetes already take this approach (like KPNG, the proposed replacement for kube-proxy), and we plan to align with them and get the same experience for Ingress-NGINX.

This article covers:

  • Meet Ingress NGINX v1.2.0 and the chrooted NGINX process
  • Skip the talk, what do I need to use this new approach?
  • OK, but how does this increase the security of my Ingress controller?
  • What about other security improvements in this release?

Ingress NGINX container architecture

Source: https://kubernetes.io/blog/2022/04/28/ingress-nginx-1-2-0/

Ingress-NGINX has been part of security assessments that figured out we have a big problem: we don’t do all proper sanitization before turning the configuration into an nginx.conf file, which may lead to information disclosure risks. While it is a risky component in your architecture, it is still the most popular way to properly expose your services. Good read!

[Read More]

Migrating to utf8mb4: MySQL things to consider


Tags mysql web-development app-development database

The utf8mb4 character set is the new default as of MySQL 8.0, and this change neither affects existing data nor forces any upgrades. By Sveta Smirnova.

One more issue you can hit after converting to the utf8mb4 character set is an increased size of the implicit temporary tables that MySQL creates to resolve queries. Since utf8mb4 may store more data than other character sets, the column size of such implicit tables will also be bigger. The article then describes the things to consider:

  • Storage requirements
  • Maximum Length of the Column
  • Index Storage Requirement
  • Temporary Tables

Converting to the utf8mb4 character set brings you the advantages of better performance, a larger range of characters that you can use, including emojis and new collations (sorting rules). This conversion comes at almost no price, and it can be done smoothly. Nice one!

[Read More]