CodeIsGo.com

Due to its popularity, JWT attacks are one of of the most exploited vulnerability by attackers. Each JWT contains base64 encoded JSON objects. By Aamir Ahmed.

A cryptographic algorithm is used to sign JWT tokens to ensure the token’s integrity and protect against JWT attacks. The article further deals with:

• JWT structure
• JWT attacks in the wild
  • Change to ‘NONE’
  • JWT token expiration
  • HMAC algorithm
  • Brute-forcing JWT token
  • Improper signature verification
  • Automate it all
  • Directory traversal
  • SQL Injection
  • JKU header tampering

HMAC and RSA are two most common algorithms used in JWT . HMAC works on the principle of symmetric encryption while RSA used assymetric encryption. To preserve integrity, the secrecy of secret key in HMAC and private key in RSA must be maintained. Good read!

While containers help developers rapidly build and run cross-platform applications, creating error-free apps remains a constant challenge. And while it’s not always obvious how container errors occur, this mystery is even harder for newer developers to unravel. Figuring out how to debug Docker containers can seem daunting. By Tyler Charboneau.

In this community all-hands session, Ákos Takács demonstrated how to solve many of these pesky problems and gain the superpower of fixing containers. He covers finding and fixing common container mistakes:

• Using the CLI for extra container visibility
  • Change your CLI output formatting for visibility and readability
• Remember to leverage your logs
• Tackle issues with ENTRYPOINT
• Access and inspect container content
  • Dive deeply into files and folders
• Solve Docker Build errors
• Solve Docker Compose errors
• Optional: Make direct file edits within running containers
• Investigate less and develop more

Overall, the process of fixing a container, on the surface, may seem daunting to newer Docker users. The methods we’ve highlighted above can dramatically reduce that troubleshooting complexity — saving you time and effort. You can spend less time investigating issues and more time creating the applications users love. And we think those skills are pretty heroic. Nice one!

Web3 browsers like Brave allow users to access DApps, integrate cryptocurrencies and surf over the decentralized web with greater privacy and security. The phrase “Web3” is used to characterize multiple evolutions of web interaction and usage along various paths, including creating a geospatial web, utilizing artificial intelligence tools and making content available through numerous non-browser apps or Web3 browsers. By Onkar Singh.

This article will discuss Web3 fundamentals, key features of a Web3 browser, how a Web3 browser works and how to use one:

• What is a Web3 browser?
• How does a Web3 browser work?
• How to use a Web3 browser?
• Opera Web3 browser
• Opera Web3 browser
• Brave Web3 browser
• Beaker browser
• The future of Web3 browsers

Shift towards decentralized web calls for novel and innovative solutions to enhance the user experience, and Web3 browsers acting as a gateway to DApps are essential to access the digital economy. Interesting read!

Golden Signals are the meaningful data insights that we use for monitoring and observability of a system. They are the signals vs. noise that can help guide us towards what’s affecting the health of the environment. By Roland Wolters.

The main content you find in the article:

• Signal vs. Noise
• Golden Signals for Kubernetes Ops
• Golden Signals and Kubernetes observability
• Why is Observability in Kubernetes a multi-dimensional challenge?
• The eBPF advantage for observability in Kubernetes
• What can you do with observability and golden signals in Kubernetes?
• Observability and Kubernetes beyond troubleshooting

Why does Kubernetes present challenges with finding the right signals? Kubernetes gives us a common level of abstraction so that developers can just deploy applications without needing to know everything about the underlying infrastructure. The same wondrous abstraction makes it complex and noisy to monitor what’s actually happening in the Kubernetes environment that is affecting our application.

The 4 golden signals for monitoring Kubernetes – latency, traffic, errors, and saturation – give us a broad coverage of important metrics from which we can derive the state of the environment, including health and utilization. Using eBPF for observability gives the deep insights without the resource overhead and operational complexity of agent-based, traditional, legacy monitoring tools. Nice one!

Java Virtual Machines (JVMs) impact Apache Kafka® performance in production. How can you optimize your event-streaming architectures so they process more Kafka messages using the same number of JVMs? Podcast by confluent.io.

Gil Tene (CTO and Co-Founder, Azul) delves into JVM internals and how developers and architects can use Java and optimized JVMs to make real-time data pipelines more performant and more cost effective, with use cases.

Improvements in JVMs aren’t yielded with a single stroke or in one day, but are rather the result of many smaller incremental optimizations over time, i.e. “half-percent” improvements that accumulate. Improving a JVM starts with a good engineering team, one that has thought significantly about how to make JVMs better. The team must continuously monitor metrics, and Gil mentions that his team tests optimizations against 400-500 different workloads (one of his favorite things to get into the lab is a new customer’s workload). Good listen!

Backup and restore are key pillars for business continuity and disaster recovery offerings for Azure Database for PostgreSQL Flexible Server. We’re excited to announce new features including Fast Restore, Geo Restore and Custom Restore Points to allow you more fine-grained control on your DR plan to achieve the RPO and RTO objectives. In this post we’ll share an overview of each of these new features. By Varun Dhawan.

The main points mentioned:

• Fast restore
• Geo backups and restore
• Backups and restore blade

Point-in-time restore (PITR) is critical for disaster recovery by allowing recovery from accidental database deletion and data corruption scenarios. Today, PostgreSQL Flexible server performs automatic snapshot backups and allows restoring to latest point or a custom restore point. The estimated time to recover is heavily dependent on the size of transactions logs (WAL) that need to be replayed at the time of recovery. Without having much visibility into the last full backup time, it was never easy to predict the amount of time it takes to restore. Good read!

Hybrid and work-from-home (WFH) arrangements take employees from the safety of the more secure and monitored environment of the office. These arrangements blur the division between enterprise and home networks while subsequently expanding the attack surface for both environments. How can these security gaps be bridged? By trendmicro.com.

This guide then walks you over:

• Threats facing remote work arrangements
• Phishing
• Home network threats
• File transfer risks and unsecure tools
• VPN vulnerabilities

Organizations and individual users alike should be privy to these threats since in hybrid and WFH setups their consequences can more easily traverse both home and office networks. Given that WFH and hybrid setups test the idea of cybersecurity as a shared responsibility, what can employees and organizations do to prevent threats and bridge the security gap between office and home networks?!

A good coding practice is to keep the view layer in an MVC structure as simple as possible and with no or minimal logic. A common practice to extract common logic that you might want to use in many places is to create an extension method that could be used across views. This moves to logic from the views into a C#-based method. By Linus Ekström.

The article discusses:

• An example of a non testable implentation
• Refactoring the code to allow for better testability
• Applying unit testing

With a rather simple refactoring we are now able to create unit tests and if wanted also applying TDD style coding for your extension methods. Another positive side effect of this is that you also get a better visability of the dependencies by lifting them out from the method that holds the actual implementation. Though the unit test class contains a bit of set up for the first test - adding new tests is really quick once this is done. Good read!

To better assist customers with product discovery, retailers are discovering and leveraging innovative ways like live streaming. Live streaming commerce is an interactive social commerce tool that combines video streaming and TV entertainment formats like talk shows and chat. By Shantala Raman.

All the big retailers in China, like Alibaba, Douyin/TikTok and JD.com use live streaming commerce. The Chinese live streaming market is the biggest and is expected to reach USD 480 billion in 2022, making up for 16.5 percent of total retail sales. The phenomenon is catching on in the West too, with Amazon launching Amazon live in 2019 and luxury players like Gucci and Burberry live streaming their fashion shows. Pinterest has recently come up with Pinterest TV and TV Studio.

Author recommends building a compelling live streaming commerce proposition with the help of the following five foundational pillars:

• Customer engagement
• Powerful influencer/KOL network and content
• Seamless integration of commerce
• High quality viewing experience
• Reliable and fast delivery

As you embark on the live streaming commerce journey, carve out your vision beyond the thin slice and MVP to determine the space you would like to operate in. You could choose to be the digital destination for live commerce in the markets you operate in – build the platform to connect your customers to influencers for live interactions. Nice one!

Today author is going to talk about why they made the unconventional decision to build thier logging system on top of Postgres, what worked well, what didn’t work well, and how they did it. By Pete Hunt.

The article captures:

• Framing the problem
• Don’t choose the right tool for the job
• Postgres as a message queue
• How we measured
• Scaling the database: archiving and rate limiting
• Dealing with failure
• Things that didn’t go well
• Future work

One of the big advantages of using a replicated, distributed message queue system like Kafka is its strong availability guarantees and ability to recover from failure. What we have found so far is that, because there are fewer moving parts than a large Kafka deployment, we likely have similar uptime with our single, rock-solid Postgres DB. Additionally, modern environments like AWS RDS allow for hot standbys and quick failovers to replicas, which means failures will often result in just a few seconds of downtime. Good read!