July 30, 2016

The Evolution Of DevOps: The Perfect Storm For Instituting Secure Coding Practices

The sheer volume of software development that DevOps makes possible makes it uncannily intuitive to add secure coding practices without slowing deployments. “The move to CI/CD as part of the agile development process leverages automation in what used to be a manual process, which adds incredible speed. Integrating security tools into that pipeline is now much easier than coordinating across multiple manual steps, involving multiple engineers,” says Kail. With the extreme drought of cyber security engineers, which the industry expects to continue if not broaden, the automation that is native to DevOps is critical to increasing and enforcing secure coding practices, if the industry is going to do it at all, says Kail.

Chrome browser extensions discovered engaging in Facebook click fraud

The suspicious extension allegedly came from the viral content site Viralands.com, and was available in the Chrome store, along with nine other identical programs that collectively amassed over 132,000 users. After analyzing the extension's metadata, Kjaer determined that the age verification pop-up screen was entirely nonfunctional, merely serving as a decoy that concealed the true motives for obtaining such sweeping user permissions. However, another script within the code was more enlightening: this script was coded to download a payload from an external server and execute it. The payload, naturally, was malicious, designed to send links that direct users to a web page containing Facebook tokens, which the extension program can then grab and exfiltrate to the command-and-control server.

Blockchain Can Bring the Unbanked into the Global Economy

Despite the significant headway in recent years made by providers in reaching areas previously untouched by banking services, more than two billion potential financial services customers remain stranded. In an industry characterized by geographic fragmentation, mobile money providers have yet to find a clear path to achieving significant scale required to realize network effect for long-term viability. Among many other uses, the blockchain could bolster these efforts by becoming the backbone to open the closed-loop mobile money services. Right now, certain payments services only work between two parties if they both have accounts. Similarly, mobile money services, often developed by the mobile operators themselves, often didn't allow for consumers to easily pay each other on separate mobile networks.

Ethereum's Two Ethereums Explained

One point Bitcoin Core developers continued to argue during the long-standing debate was that contentious hard forks are dangerous and can have unexpected consequences, such as splitting a blockchain into two competing blockchains. Many in the community, for example BitPay Co-Founder and CEO Stephen Pair, think that ethereum classic’s sudden popularity shows that these were valid concerns. Adding to the debate is that ethereum’s hard fork was immediately branded as a success by many Ethereum developers and others in the bitcoin industry. For example, Coinbase CEO Brian Armstrong tweeted that they’re "not something to be feared that results in multiple coins". But this analysis might have been premature, and he indicated as much in a new blog post.

Sonus’ Kevin Riley Discusses Cloud-Based Communications

Adoption of a microservices architecture will become increasingly important as well. Service providers should be able to monetize their cloud investment by rapidly creating and seamlessly scaling out new services. Microservices serve as the mechanism to get more granular in this scalability by separating network services into functional components. For our SBC SWe, this means signaling, media processing and transcoding can be scaled independently. It also means that technology decisions can be made independently. For example, introducing the use of graphics processing units (GPUs) for media transcoding instead of using CPUs which are not optimized for compute-intensive processing.

Blockchain will eliminate frauds and malpractices in trade finance

In today’s digital world where we can read our newspaper online, we have not been able to digitise documents such as invoices and bill of lading. There has been simply too much inertia and room for fraud with the availability of photo editing software such as Photoshop. If real money can be forged, there is no reason that a bill of lading cannot be forged. However, the availability of Blockchain means that there can only be one accepted bill of lading and other documents from the seller. There can be no fraud or double spending of the bill of trading once the payment has been made. An extension of Blockchain technology is a smart contract. This means that the buyer is forced to pay the seller once he/she has received all the proper documents that include evidence that the goods had been received by the buyer.

Successful cloud migration isn’t about strategy or technology

Where companies are making progress in moving legacy to the cloud, they establish small, cross-functional teams (eight to 15 people) that are equipped and empowered to make changes, whether it’s architecture design or ecosystems. The teams must have cross-functional capabilities, and they should be rewarded on getting to a destination, not uncovering problems in getting there. It’s not that they won’t deal with those problems; they will. But they must have the attitude and capability to resolve them. As a CIO driving change, you must get people to want to change and see their job as finding how to change and getting over or around the hurdles, not pointing out the risks of change. Then you’ll make fast progress.

African bootcamps look to develop next generation coders

“We just don’t take anyone. They have to prove that they are a good fit for the programme,” Cynthia Mumbo the Marketing Lead at Moringa School told IDG Connect. Moringa accepts students once they pass an evaluation stage to determine that they are suited for the programme. She said that the aim of the school was to bridge the long standing gap for quality software in Africa. “There is a really big gap [in terms of tech talent] but also I don’t want to take away from Universities. Skills gained depend on which university you go to,” Mumbo said. ... “Somebody with a degree might not be able to do it [software development]. They would say I studied it but I do not have experience in it,” she said. “Bootcamps are project based so you get in there and your head in knocked around creating solutions.”

In Security, Know That You Know Nothing

There seems to be a false assumption in security that we know what to look for and how to go about it when scanning for threats. But this is not the case. Traditional signature-based security controls just aren’t good enough. Further, threats are constantly evolving and hackers have grown savvy to what organizations are looking for. Ransomware for example, has proven to be a blunt wake up call for enterprises relying solely on static signature based controls. Even when an organization does know what to look for, there are encroaching factors that make this methodology less than optimal. SSL encryption makes knowing signatures pointless. Mobility means that traffic is not always within the scope of an organization’s control. And cloud-based services have created another space organizations don’t always have access to.

Working with Multiple Databases in Spring

When developing enterprise applications we are frequently confronted with the challenge of accessing multiple databases. Perhaps our application must archive data into some data warehouse, or maybe it must propagate data to some third party database. With Spring it is easy enough to define a common data source, but once we introduce multiple data sources it gets a bit tricky. In this article we will demo a technique for accessing multiple databases in Spring Boot applications easily and with minimum configuration, by developing a SpringMVC application using Spring Boot

Quote for the day:

"A good programmer is someone who always looks both ways before crossing a one-way street." - Doug Linder