CodeIsGo.com

On 1 June 2022, a Google Cloud Armor customer was hit with a Distributed denial-of-service (DDoS) attack over the Hypertext Transfer Protocol Secure (HTTPS) protocol that reached 46 million requests per second (RPS), making it one of the largest ever recorded Layer 7 DDoS attacks reported this year. By Debashis Pal.

In Wireshark, tls.handshake.type == 1 will show all instances of Client Hello. If there are too many of these packets coming from the same source IPs, this could be an attack …

This article is good analysis of Layer 7 attacks:

• HTTP flood DDoS attack
• How to analyse for HTTP flood attacks
• HTTP pipelining attack
• How to analyse HTTP pipelining
• SSL renegotiation and HTTPS flood DDoS attack
• How HTTPS works
• SSL/TLS renegotiation
• How to analyse for thc-ssl-flood attacks
• HTTPS flood DDoS attack
• How to analyse for HTTPS flooding

HTTP floods consist of a continuous legitimate session of HTTP GET or HTTP POST that GET and POST requests to a targeted web server. These requests are specifically designed to consume a significant amount of the servers resources. To achieve maximum impact, malicious actors usually employ botnets — many devices infected with malware. Malicious actors may also use other HTTP methods such as PUT and DELETE to make the attack more complex. Very informative!

During the pandemic, the use of Maersk App skyrocketed. To meet the growing number of feature requests and scale our solution, a different approach was required. Keeping up with requirements to solve the business needs of our customers was challenging and time-consuming as all development had to be done twice for two native (Android and iOS) apps. Over time, tech debt for maintaining two codebases was getting high as the underlying platforms changed as well as new features and services for our customers in a rapidly growing userbase. By Gaurav Bhatnagar, Satish Kumar.

The challenge was to upskill our engineers;no one had prior experience with Dart or Flutter. We had to take three (Android, iOS, and Web) distinctive teams from diverse backgrounds and bring them together. This was a rigorous process, and we got great support from the engineers. Flutter’s documentation is excellent for beginners and the familiar widget tree structures helped engineers to start contributing quickly.

The article then describe teams journey to Flutter:

• Why Flutter?
• Learning the ropes
• The main course
• Robust booking journey
• Revised UI with reusable components
• Customer feedback
• Phenomenal benefits

The Maersk App team has continued to add features at a rapid rate. Having Flutter as our main technology has significantly reduced technical barriers, allowing new engineers to be able to contribute to our app within days after being onboarded. By using a single framework to ship two apps we can get creative and create something amazing. Excellent read!

We are in a state where companies are releasing software and solutions within minutes, and they are doing so by following the Continuous integration (CI) and continuous delivery (CD) set of operating principles. By Himanshu Sharma.

A CI/CD pipeline makes the automatic delivery of your software more frequent, reliable, and secure. It focuses on higher code quality, and that’s why it is vital for a mobile developer or team. Flutter is an open source framework by Google for building beautiful, natively compiled, multi-platform applications from a single codebase.

The article will help yuo to make sense of:

• What is GitHub Actions?
• Use a basic Flutter action to build an Android release
• How can you make your workflow faster?
• Prepare for the Play Store release
• Sign the app
• Deploy the app
• Flutter web release to GitHub pages

In this tutorial, you learned about how to set up a GitHub Actions workflow to deploy your Flutter app across the Web and Android. For the next step, you can copy and modify the workflow to directly release the app to the app store or learn about other alternatives of GitHub Actions like CircleCI, GitLab CI, Jenkins, and more. Nice one!

Retail is changing so fast that even this advice is reaching its expiration date. Soon, a presence in the metaverse will be an absolute necessity, and retailers stranded in today’s e-commerce environment will be left behind.

Changing online habits will almost certainly benefit suppliers, but it will also put them under new pressures. Where one photograph of a product in a catalog was enough, for example, three to five became the norm online, followed by a video. The cost of doing business in the metaverse will include developing 3-D digital assets where traditional photography once sufficed.

The article answers few questions:

• The current state of retail
• How retailers can prepare for the Metaverse
• The Metaverse evolution

While the metaverse has some way to go before retailers are compelled to engage with it, its rapid emergence means they must plan. The trick will be to focus on the customer, not the technology. Good read!

So, you’ve said goodbye to the monolithic application and refactored it into services. You are shipping faster and the code is cleaner. But the complexity of communication between the services is causing performance issues. And every time a new team needs to integrate, it’s a whole lot of meetings. By Priyanka Vergadia, Kir Titievsky.

The time has come to consider asynchronous communication, where services publish and react to events reliably delivered by a messaging system. In this model, a service needs only to do its computation on an event and publish it to Pub/Sub. It does not need to accommodate the different latency and availability characteristics of the downstream services. In fact, it needs to know nothing about them. This article introduces you to Pub/Sub and how it works:

• Pub/Sub
• Pub/Sub Lite
• How does Pub/Sub work?
• Pub/Sub features
• Pub/Sub use cases

Pub/Sub works as a messaging middleware for traditional service integration or a simple communication medium for modern microservices. Push subscriptions deliver events to serverless webhooks on Cloud Functions, App Engine, Cloud Run, or custom environments on Google Kubernetes Engine or Compute Engine. Low-latency pull delivery is available when exposing webhooks is not an option or for efficient handling of higher throughput streams. You will also find link to video explaining the concept in this article. Excellent read!

This article reveals how early experiments bringing two major CNCF projects together – WebAssembly and Kubernetes – promises greater agility and major efficiencies. By Sean Isom.

Born out of pizza-fueled build nights, Adobe’s Ethos project emerged from a desire to find better ways to ship cloud software. Focusing around containers, we first worked to port an exact replica of the developer’s local environment in the cloud. Next we created a standardized environment in which to run our software – a basic clusterization model. By building a centralized infrastructure platform, we could solve some developer pain and create economies of scale in efficiency, security, and operations.

The article deals with:

• Taking Wasm from the browser to the backend
• Use Case 1: Running individual functions in wasmCloud
• Use Case 2: Running wasmCloud as a service in Kubernetes clusters

A major advantage of WebAssembly on the backend is that it can securely enable high performance and efficiency, while still being compatible with Kubernetes. So, in a case like ours, where we have huge investments in Kubernetes operations, compliance, and automation, we can integrate WebAssembly directly into our existing infrastructure. We can take advantage of new technologies today whilst understanding that the future may look completely different. Nice one!

In today’s technology driven society, computer programming knowledge is in high demand. And as a developer, you’ll need to know various programming languages. One concept that is common among many programming languages is Object Oriented Programming. By Hillary Nyakundi.

Further in the article:

• What is Object-Oriented Programming?
• Explain OOP like I’m 5
• How OOP became popular
• Structure of OOP
• Principles of OOP
  • Encapsulation
  • Abstraction
  • Inheritance
  • Polymorphism
• Examples of OOP languages
• Benefits of OOP

Today, most languages allow developers to mix programming paradigms. This is often because they will be used for various programming methods. Developers working with OOP typically agree that in general, using it allows for better data structures and re-usability of code. This saves time in the long term. Nice one!

Serverless and WebSockets is a bit of a contradiction. Serverless implies that we’re not managing servers ourselves, they’ve been abstracted away for our convenience. WebSockets allow us to communicate between a “client” and a “server”, but what happens when that server is “serverless”?! By Jo Franchetti.

WebSockets enable a connection between a browser and a web server which stays open, unlike alternatives like HTTP polling. This persistent connection means that data can be transferred as it happens, in realtime.

You will get walkthrough:

• What does serverless mean, actually?
• What are WebSockets, actually?
• Why are people confused by the idea of serverless WebSockets?
• Serverless WebSockets with Ably
• Getting Started with Ably and Netlify
• Adding Ably to your existing Netlify apps

It is often joked that serverless is just “somebody else’s server”. This is the premise of serverless. It is someone else’s server, and also their maintenance, patching and provisioning cycle, operations, capacity planning and engineering. Good read!

Over the past year developers removed Angular’s legacy compiler and rendering pipeline which enabled the development of a series of developer experience improvements in the past couple of months. Angular v15 is the culmination of this with dozens of refinements which lead to better developer experience and performance. By Minko Gechev.

Article captures the details of the latest changes:

• Standalone APIs are now our of developer preview!
• Router and HttpClient tree-shakable standalone APIs
• Directive composition API
• Image directive is now stable!
• Functional router guards
• Router unwraps default imports
• Better stack traces
• Release MDC-based components to stable
• More improvements in components
• Automatic imports in language service

… and more. The launch of Ivy in 2020 enabled a lot of improvements across the board that you can find already rolling out. Optional NgModules is a great example. It helps with reduction of the concepts beginners need to deal with as part of their critical learning journey and also supports advanced features such as directive composition API via standalone directives. Nice one!

Domain name abuse is one of the most dangerous and under-regulated issues in digital business security today. An attack on a web domain can lead to the redirection of a company’s website, domain spoofing, phishing attacks, network breaches, and business email compromise (BEC). By cscdbs.com.

Seemingly every day, we learn about new developments involving supply chain attacks, ransomware, and phishing attacks, along with additional layers of complexity in terms of what coverage they require and how to stop them. The article then discusses:

• Many of the largest companies in the world still lack basic domain security protocols
• You’re only as secure as your vendors, and you can choose your domain registrar
• Not monitoring and taking down fraudulent lookalike domains impersonating your brand will increase your chances of attacks

The intent of these fake and maliciously registered domains is to leverage the trust placed on the targeted brands to launch phishing attacks, other forms of digital brand abuse, or IP infringement. This often leads to revenue loss, traffic diversion, and a diminished brand reputation. There are endless domain spoofing tactics and permutations that can be used by phishers and malicious third parties. Good read!