Daily Tech Digest - January 16, 2020

How to get started with CI/CD

How to get started with CI/CD
Continuous integration and continuous delivery require continuous testing, because the goal is to deliver high quality and secure applications and code to end users. Continuous testing is often deployed as a set of automated regression, performance, and other tests that are executed within the pipeline. CI and CD together (CI/CD) encompass a culture, a set of operating principles, and a collection of practices that accelerate the software development process. The implementation is also known as the CI/CD pipeline and is considered one of the best practices for devops teams. Industry experts say more organizations are implementing CI/CD as they look to enhance the design, development, and delivery of software applications to be used internally or by customers. “We’re definitely seeing a rise in the use of CI/CD,” says Sean Kenefick, vice president and analyst at research firm Gartner. “I personally get questions about continuous development, testing, and release all of the time.”



Beware of this sneaky phishing technique now being used in more attacks


Cyber criminals are leaning hard on this attack technique as a means of compromising businesses, according to new research from Barracuda Networks. Analysis of 500,000 emails showed that conversation hijacking rose by over 400% between July and November last year. While conversation-hijacking attacks are still relatively rare, the personal nature means they're difficult to detect, are effective and potentially very costly to organisations that fall victim to campaigns. For cyber criminals conducting conversation-hijacking attacks, the effort involved is much greater than simply spamming out phishing emails in the hope that a target clicks, but a successful attack can potentially be highly rewarding. In most cases, the attackers won't directly use the compromised account to send the malicious phishing message – because the user could notice that their outbox contains an email that they didn't send. However, what conversation hijackers do instead is attempt to impersonate domains, using techniques like typo-squatting – when a URL is the same as the target company, save for one or two slightly altered changes.


11 Golden Rules For Android App Development


One of the golden rules of the Android Application Development includes Responsive User Interface. It engages the users into highly-intuitive apps that enhance their experience as well as cater to their requirements. Also, it is built by setting the viewpoint right by fixing the width so that everything in the screen can be adjustable according to the screen size. Moreover, the additional elements such as images, videos, or frames should be organized in such a way that it best fit in all types of screen sizes. ... Prototypes can be the right choice for showcasing the power of different technologies. In the world of digitalization, nobody would like to read the article but will surely love the digital presentation. After you identify the approach, you should build the prototype with basic functionalities and present it to the potential buyers so that they can understand the benefits of it. The prototype would help in attracting potential customers as they will be able to use the live project and would better understand the scope of the project.


Introduction to Gaps and Islands Analysis

One of the most significant challenges we face when analyzing data is pattern recognition. We seek to find ways in which our data deviates from the norm or conforms to a given norm. The goal is to identify tools that can be used to predict future behavior and make sense out of large volumes of data. Understanding boundaries and where a pattern begins or ends allows us to draw meaningful conclusions regarding our data. In terms of data, boundaries are more often seen as gaps or islands within any data set. Being able to efficiently locate gaps and islands enables us to use this data to gain meaningful insight into a system. We can identify winning and losing streaks, measure the strength of a system over time, find missing or duplicate data, and a variety of other interesting metrics. Within a data set, an island of data is any ordered sequence where each row is in close proximity to the rows around it. For some data types and analysis, “close proximity” will mean consecutive.


The Flutter Architecture


The Flutter SDK allows you to build Android, iOS, web, and desktop apps from a single codebase. This is done using platform-specific features as well as media queries, and it enables developers to ship applications faster. Flutter also offers close- to-instant feedback with the hot reload feature, enabling you to iterate quickly on your application. In this piece, we’ll cover the fundamental concepts you need in order to start working with Flutter. Flutter’s core technologies are Dart— a programming language developed by Google—and Skia — a 2D graphics rendering library. The language has been optimized for building user interfaces. This makes it a good fit for the Flutter framework. The language is fairly easy to pick up, especially if you have a background in JavaScript and object-oriented programming generally. In Flutter, you define your user interface using widgets. In fact, everything in Flutter is a widget. Your application itself is a widget made up of several sub-widgets. All the widgets form what is known as a widget tree.


Diligent Engine: A Modern Cross-Platform Low-Level Graphics Library

Graphics APIs have come a long way from a small set of basic commands allowing limited control of configurable stages of early 3D accelerators to very low-level programming interfaces exposing almost every aspect of the underlying graphics hardware. The next-generation APIs, Direct3D12 by Microsoft and Vulkan by Khronos are relatively new and have only started getting widespread adoption and support from hardware vendors, while Direct3D11 and OpenGL are still considered industry standard. New APIs can provide substantial performance and functional improvements, but may not be supported by older platforms. An application targeting wide range of platforms has to support Direct3D11 and OpenGL. New APIs will not give any advantage when used with old paradigms. It is totally possible to add Direct3D12 support to an existing renderer by implementing Direct3D11 interface through Direct3D12, but this will give zero benefits.


Tolerable security risk is a spectrum

Tolerable security risk is a spectrum
All enterprises are different. Each company stores and manages different types of data sets. They have different applications and processes in place. The ones in specific industries, such as healthcare and finance, have compliance restrictions that can be a nightmare. The notion is simple. Everyone has different security needs, and differences in data they are protecting. Thus, they should be on different parts of the security spectrum. For instance, in my earlier example, if the breached company were a tire manufacturer, spending four times the previous year’s security budget may be overspending, or not aligning with where it sits on the spectrum—just being reactionary. Yes, I’m making sweeping generalizations. Most tire manufacturers don’t deal with personally identifiable information the way that healthcare organizations do. Nor do they have to keep up with stringent auditable logging, as is required by most banks. Moreover, the data is probably fairly innocuous considering that the database information is about customers that are just a bunch of tire retailers—data that could be easily found on the website. Also, they don’t pay with credit cards, so none of that information is stored


Web developers: Microsoft Blazor lets you build native iOS, Android apps in C#, .NET

Microsoft announced Blazor in early 2018 but still considers Blazor an experimental web UI framework from ASP.NET that aims to bring .NET applications to all browsers via WebAssembly.  "It allows you to build true full-stack .NET applications, sharing code across server and client, with no need for transpilation or plugins," Microsoft explains. Microsoft is experimenting with Blazor and Mobile Blazor Bindings to cater to developers who are familiar with web programming and "web-specific patterns" to create native mobile apps. The idea behind releasing the mobile bindings now is to see whether these developers would like to use the "Blazor-style programming model with Razor syntax and features" as opposed to using XAML and Xamain.Forms. However, the underlying UI components of Mobile Blazor Bindings are based on Xamarin.Forms. If the feedback is positive, Microsoft may end up including it in a future version of Visual Studio, according to Lipton.


'Cable Haunt' Modem Flaw Leaves 200 Million Devices at Risk  

'Cable Haunt' Modem Flaw Leaves 200 Million Devices at Risk
The research team has dubbed such attacks Cable Haunt and says "an estimated 200 million cable modems in Europe alone" are at risk. They say every cable modem they have tested has been at risk, although some internet service providers have now developed and deployed firmware that mitigates the problem. Broadcom says it issued updated firmware code to fix the flaw eight months ago. "We have made the relevant fix to the reference code and this fix was made available to customers in May 2019," a spokeswoman tells Information Security Media Group. Service providers who have issued a patch will have based it on Broadcom's code updates. The vulnerability, originally codenamed "Graffiti," was discovered and has been disclosed by Alexander Dalsgaard Krog, Jens Hegner Stærmose and Kasper Kohsel Terndrup of Danish cybersecurity consultancy Lyrebirds, together with independent security researcher Simon Vandel Sillesen. Has the flaw been abused by attackers in the wild? "Maybe," the researchers write on the Cable Haunt site.


DRaaS decisions: Key choices in disaster recovery as a service


Self-service DRaaS involves the customer planning, buying, configuring, maintaining and testing disaster recovery services. And, although options for automation are improving, the IT team will typically need to be available to invoke the DR plan and run the recovery process. The benefits are flexibility and often cost. The business can choose exactly which mix of recovery services, backup and recovery software, and even the raw storage, it needs. A self-service model can lend itself to mixed environments, with multiple cloud data stores and application-based availability and DR tools. ... Managed DRaaS is the most comprehensive, but also the most expensive, option. The main benefit is that in-house IT teams can hand off DR operations entirely to the third party. This reduces the burden on skilled staff. And, although a managed service is typically more expensive than other DR options, it can be money well spent for a comprehensive service and peace of mind.



Quote for the day:


"The speed of the leader is the speed of the gang." -- Mary Kay Ash


No comments:

Post a Comment