CodeIsGo.com

Building, testing, and monitoring applications in the cloud is a unique challenge. While many organizations have embraced a DevOps methodology, their DevOps machine is still not at the level of maturity they might like it to be. According to a recent survey, 53% work on a team with a ‘low level’ of DevOps based on maturity factors. By Dave Armlin.

A big part of achieving cloud DevOps maturity is selecting the right tools for the job. The following tools help automate various parts of the CI/CD pipeline, and make it much easier for DevOps teams to consistently monitor their AWS cloud infrastructure and applications. As with a lot of AWS services, there are several native DevOps tools for AWS users. These services make it easier to provision and manage AWS infrastructure, deploy application code, automate software releases, and monitor the performance of applications and infrastructure.

The article then pays attention to these tools:

• Native AWS cloud DevOps tools
  • AWS CodePipeline
  • AWS CodeBuild
  • AWS CodeDeploy
  • AWS CodeStar
• DevOps tools for AWS and multi-cloud environments
  • CircleCI
  • Snyk
  • HashiCorp Terraform
  • Jira Software
  • Gradle
  • ChaosSearch

To sum up, while AWS offers many native DevOps tools to accelerate the application development and delivery lifecycle, these essential tools may increase your team’s capacity to leverage automation. Ideally, you’ll be able to automate and orchestrate your CI/CD pipeline and cut down on day-to-day DevOps management challenges. Links to further reading also in the article. Nice one!

There are methods to improve API design — like following RESTful practices. But time and again we are seeing customers unknowingly program minor inconveniences into their APIs. To help you avoid these pitfalls, here are six of the most common mistakes we have seen developers make while creating the API — and guidance on how to get it right. By Varun Krovvidi,Geir Sjurseth.

Practices for REST APIs mentioned in the article:

• Thinking inside-out vs outside-in
• Making your APIs too complex for users
• Creating “chatty” APIs with too many calls
• Not allowing for flexibility
• Making design unreadable to humans
• Know when you can break the RESTful rules

Being true to the RESTful basics — such as using the correct HTTP verbs, status codes, and stateless resource-based interfaces — can make your customers’ lives easier because they don’t need to learn an all new lexicon, but remember that the goal is just to help them get their job done. If you put RESTful design first over user experience, then it doesn’t really serve its purpose. Nice one!

Facebook developed GraphQL during their quest to find a better and more flexible way to work across their data. They found that they could achieve this flexibility with a query-based approach. By defining a schema that the queries can run against, an API based on GraphQL enables clients to make fewer requests while still being able to work with as much (or as little) of the data that’s exposed through the query as desired. By Vince Power.

When it comes to building a GraphQL API, there are multiple frameworks to choose from across multiple technologies. It should come as no surprise that GraphQL is also fully supported by Python. In this tutorial, we will use a Python package called Graphene to walk you through the process of setting up a GraphQL server in Python.

In the article you will find:

• What is Graphene in Python?
• Install the GraphQL APIs Python environment
• Set up Flask web server
• Building a Graphene schema
• Testing the GraphQL API
• GraphQL and Python

GraphQL has been embraced by technology leaders from Netflix to Shopify to PayPal as the modern way to do APIs, offering far more flexibility and speed than REST or SOAP, and making it ideal for both web and mobile applications. Simple GraphQL APIs are quick and easy to build in just about any language, but as this exercise has shown, Python and Graphene can give you a real headstart on developing GraphQL-based APIs. Good read!

How to scrape data from amazon.com with Bright Data’s data collectors, and create a product search API that you can deploy to the web and monetize it. By Oskar Petr.

APIs (application programming interfaces) are a way of communication between two or more computers, with the intention of passing requested data from one computer to another. APIs can share a piece of document that can later be accordingly reacted to by the requesting computer.

The article then will walk you over:

• Why is it important that companies should make use of APIs?
• Who can benefit from the existence of an API?
• Data collectors
• Creating the application
• Deploying an API
• Is it legal to scrape the web
• Where to deploy and monetize your API?

Web scraping is used for data extraction from websites’ DOM element values. Scrapers, who scrape the web, can be given a direct path to certain elements in the DOM structure and extract the element’s value. Collected values can be then passed onto the API’s response. Creating your API with the power of scraping information from the web is making your business a lot more powerful in the side of transferring information, collecting it and in developer experience. Good one!

Palo Alto Networks eliminated the MQ layer for a project that correlates events in near real time, using an existing database instead of Kafka. By Cynthia Dunlop.

Global security provider Palo Alto Networks processes terabytes of network security events each day. It analyzes, correlates and responds to millions of events per second — many different types of events, using many different schemas, reported by many different sensors and data sources. One of its many challenges is understanding which of those events actually describe the same network “story” from different viewpoints.

The main points worth mentioning in the article:

• Evolving from Events to Stories
• Implementation 1: Relational database
• Implementation 2: NoSQL + message queue
• Implementation 3: NoSQL + Cloud-managed message queue
• Implementation 4: NoSQL (ScyllaDB), no message queue

According to authors the company reduced the operational complexity because tehy did not add another system — they actually removed a system [Kafka] from our deployment. Nice one!

“We paid for a bunch of tools but we don’t know what we should be looking at. There are tons of charts that don’t seem to mean anything!” Software monitoring, how does it work? By Jeremy Hicks.

If you talk to people about software monitoring you’ve inevitably heard something similar to this. With so many possible metrics it can feel like searching for a needle in a haystack. Even with curated dashboards there is inherent confusion about what is important. A great way to get started is to apply the 4 “Golden Signals” of Latency, Errors, Traffic, and Saturation (L.E.T.S.). These four concerns provide a fairly generic framework you can use to understand your software and infrastructure.

Applying L.E.T.S. you might be concerned about:

• Latency: How long does it take to get food to a customer?
• Errors: How often are we unable to make a meal or have to comp a free meal?
• Traffic: How many customers are we taking in (and when)?
• Saturation: How many meals can employees actually complete and serve at the same time?

Latency metrics will help you decide if you need to hire more cooks, servers, or upgrade equipment. Errors will help you measure improvements from better training, staffing, and equipment. Traffic helps you understand how much staff you need, when you need them most, and when you can schedule fewer. Measuring customer traffic may even help you decide when it is time to expand! Saturation can help uncover scheduling deficiencies, issues preparing certain popular dishes in parallel, and other unknown efficiency gaps.

Monitoring these concerns would allow you to make informed decisions on scaling aspects of your business and the impact of any changes Excellent read!

The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economy. By Connor Jones.

A leading Microsoft security executive said the efforts of law enforcement to try and shut down ransomware operations aren’t enough to provide a meaningful deterrent.

“The problem with the efforts by law enforcement globally to try to address ransomware is that the challenges of conducting traditional law enforcement investigations and prosecutions against ransomware actors are just too difficult given the the cross-border nature of that activity, the fact that a lot of the actors are beyond the reach of law enforcement that care about this issue. It’s just too difficult,” said Burt.

Asked about the nature of ransomware organisations’ evolving tactics, such as triple extortion, Microsoft said the primary development in tactics, techniques, and procedures (TTPs) is in how they evade detection. Interesting read!

TLS, or transport layer security, is a protocol used across the globe to encrypt and secure communication over the internet. In this article, we’ll discuss what TLS is, what benefits it provides, and why you need it. Then we’ll walk through implementing TLS in Java. By Himanish Munjal.

The article then goes and explains:

• What is TLS?
• The importance of TLS
• Core concepts
• Implementing TLS in Java

If you have created a Java application that communicates over the internet, it’s necessary to implement TLS at both client and server side. TLS ensures that the data is safely transferred by providing encryption and integrity, and also helps in authentication of both parties. Good read!

At some point you have probably come across a website that uses an autocomplete text box, drag and drop, or scroll based animations. If you have then chances are also pretty high that you have encountered debouncing and/or throttling without even realizing it. By @webdevsimplified.com.

First I want to talk about debounce since debounce is the ideal solution for things like autocomplete text boxes. Debouncing works by delaying our function call by a set period of time. If nothing happens during that time then the function will run just like normal, but if something happens that causes the function to be called again during the delay then the delay will be restarted.

Like debounce, throttle is also used to limit the number of times a function is called, but, unlike debounce, throttle will call the function passed to it every time the delay ends as long as the trigger for the function is still happening. For example, if our delay is set to 1 second then our throttled function will execute immediately when it is called and then at most once per second while the user is actively typing.

Anytime you are dealing with groups of events that you want to group together debounce and throttle are perfect. They save you money on server costs, save your users money on data costs, and overall make your app more performant. Nice one!

This guide describes, what of the different configurations described in those guides is already implemented as default in the nginx implementation of kubernetes ingress. By @kubernetes.github.io.

There are several ways to do hardening and securing of nginx. In this documentation two guides are used, the guides are overlapping in some points:

• nginx CIS Benchmark
• cipherlist.eu (one of many forks of the now dead project cipherli.st)

Be aware that this is only a guide. Some of the configurations may lead to have specific clients unable to reach your site or similar consequences. The guide clearly depicts what needs to be configured, what is obsolete due to the fact that the nginx is running as container (the CIS benchmark relates to a non-containerized installation) and what is difficult or not possible. Nice one!