Daily Tech Digest - May 16. 2020

Why fuzzing is your friend for DevSecOps

Analyze
Those just starting out should try open source tools. The two most popular today are AFL and libfuzzer, both primarily targeted at developers who have source code access (more on what to do without developer participation later). These tools focus on applications that are compiled, such as apps written in C and C++. Some fuzzers, predominantly commercial products, offer the ability to analyze compiled code, even without developer participation. For example, the Defense Advanced Research Projects Agency ran a Cyber Grand Challenge to see if fully autonomous cybersecurity (both offense and defense) was possible, without any developer involvement or source code. Tools derived from that competition can now analyze production environment applications from Ada, Go, Rust, Jovial and compiled binaries. One limitation today is that most tools focus on code that runs (or can be compiled for) Linux. Unfortunately, good fuzzing tools are hard to find for non-Linux based systems, such as Windows or embedded operating systems.



How to use tags in Microsoft Teams

Microsoft seems to have thought of everything when it comes to its Teams collaboration app; unfortunately, that means there's a lot packed into a relatively simple interface. Some items are located in difficult to find places, and this includes the tagging function team owners can use to create small groups of people inside of teams for easier communication. Tags can be created for particular projects, sub teams inside particular departments, or any other group that needs to communicate easily through a simple "at" mention in the Microsoft Teams chat window. There are a few tricks to knowing how to use tags in Microsoft Teams--once you have it down, though, it's easy. To start, you'll need to figure out if you have the ability to create tags in Microsoft Teams. For individuals or small business Microsoft Teams leaders, this is something you can set inside the Teams app. If you're using Microsoft Teams in an enterprise, you'll need to contact a Teams admin to make this change in the Teams Admin Center, which is a cloud-based administrator console.


Fight microservices complexity with low-code development

API gateway dream vs. reality
Microservices independently communicate with one another over internet standards, which is what makes the architecture powerful. Because they speak TCP/IP and deliver data payloads in JSON, the components work together without dependencies. These small services each perform one task well. A company can have a set of services for customer information, another for product lookup, a third for orders and a fourth for delivery. But breaking things down along business functions means there's a lot of code to manage. When something goes wrong, application teams require specialized observability tools that trace the entire chain of events to debug. Microservices requires logging and monitoring work that exists outside the idea of simple components. That creates an explosion of code just to make the app code work. When something goes wrong, figuring out which component contributed to the issue can be tricky without the right tools -- which, again, means more code. While each service has high uptime in this supported deployment, resilience and reliability at the code level start to crumble.


How Google and Microsoft are cleaning up crowded browsers

In any case, Google is again turning its attention to tabs. In Chrome OS 81, it has added graphical site previews to touch-friendly tabs that appear with a swipe down from the top. The experience evokes the way Internet Explorer handled them back in the Windows RT days. Like other Chrome OS touch accommodations, it functions only when a Chromebook is in "tablet mode," i.e., when no keyboard is attached. Following this come reports that the company will formalize the grouping of tabs for better organization in Chrome, which has been available on an experimental basis. Both moves come on the heels of Microsoft demonstrating vertical tabs coming to Edge, announced as part of the Microsoft 365. These may not be as useful for organization as Chrome's tab grouping (the utility of which can also be addressed with multiple windows and even multiple desktops) and won't do much for touch friendliness, but it's easy to see how a grouping function could be added in the future. Even at launch, vertical tabs will do a better job at distinguishing among tab titles as the number of open tabs in a window grows.


U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs


A federal fraud investigator who spoke with KrebsOnSecurity on condition of anonymity said many states simply don’t have enough controls in place to detect patterns that might help better screen out fraudulent unemployment applications, such as looking for multiple applications involving the same Internet addresses and/or bank accounts. The investigator said in some states fraudsters need only to submit someone’s name, Social Security number and other basic information for their claims to be processed. The alert follows news reports by media outlets in Washington and Rhode Island about millions of dollars in fraudulent unemployment claims in those states. On Thursday, The Seattle Times reported that the activity had halted unemployment payments for two days after officials found more than $1.6 million in phony claims. “Between March and April, the number of fraudulent claims for unemployment benefits jumped 27-fold to 700,” the state Employment Security Department (ESD) told The Seattle Times.


Which Agile contract type fits your project and budget?

Rather than see a software project to fruition as one large batch of work spanning several months, Agile breaks the work into manageable, adaptable and valuable segments. Some organizations can't handle restructuring for Agile, or they lack the resources to develop all their software projects in house. Outsourcing seems like the way to adopt Agile and reap its benefits. "We're starting to see projects that are handed over to a vendor -- a whole development effort, and they want the vendor to do it on an Agile basis," said Chris Powers, vice president of services at ClearEdge Partners, a consulting firm based in Boston. Powers hosted a webinar called Agile Contracting Best Practices, covering challenges in choosing a third-party development partner, and common types of contracts. Just as organizations cannot simply flip a switch to become Agile, they can't expect to outsource Agile work without giving up their Waterfall methodology. Agile work can fall under fixed-fee and time and materials (T&M) agreements that hardly differ from Waterfall approaches.


The Future of Data Architecture


Along with the emergence of dashboards and information reporting, he said, there was a strong desire to have access to analytics on the phone, because executives needed to be able to see their numbers anytime, anywhere. Now responsive design makes it possible for the output format to be decoupled from the analytics programming calculation, and the receiver can choose their form factor independently of the creation of the analytics itself. “Phones and mobile analytics used to be super-hot. Now they’ve settled down, and now they’re just part of the fabric of everything that we’re doing.” “It was the peak of hilarity to me that when we first started talking about the Internet of Things, we were saying, ‘Okay, the Twitter-enabled refrigerator.’ You remember that?” Not surprisingly, refrigerators with a screen enabling tweets from the kitchen have not become commonplace. “Who thought that was really going to help?” Algmin said that we’ve reached a point where many organizations have a Chief Data Officer or CDO equivalent, because they recognize that they want more from their data.


Language and Platform for Cloud-Era Application Developers

For decades, programming languages have treated networks simply as I/O sources. Because of that, to expose simple APIs, developers have to implement these services by writing an explicit loop that waits for network requests until a signal is obtained. Ballerina treats the network differently by making networking abstractions like client objects, services, resource functions, and listeners a part of the language’s type system so you can use the language-provided types to write network programs that just work. Using service type and a listener object in Ballerina, developers can expose their APIs by simply writing API-led business logic within the resource function. Depending on the protocol defined in the listener object, these services can be exposed as HTTP/HTTPS, HTTP2, gRPC, and WebSockets. Ballerina services come with built-in concurrency. Every request to a resource method is handled in a separate strand (Ballerina concurrent unit) and it gives implicit concurrent behavior to a service.


5 Ways to Make the Most of Your Enterprise Architecture and Hybrid Cloud Strategy


As organizations have embraced DevOps and agile methodologies, IT teams are looking for ways to speed up the development process. They use a public cloud to set up and do application development, because it’s very simple and easy to use, so you can get started quickly. But once applications are ready to deploy in production, enterprises may move them back to the on-premises data center for data governance or cost reasons. The hybrid cloud model makes it possible for an organization to meet its needs for speed and flexibility in development, as well as its needs for stability, easy management, security, and low costs in production. If your DevOps team is using cloud resources to build an application for speed, simplicity and low cost, you can use PubSub+ Event Broker: Software brokers or PubSub+ Event Broker: Cloud, our SaaS, in any public or private cloud environment. And if you’re moving an application to an on-premises datacenter when going into production for security purposes, you can simply move the application without having to rewrite the event routing. It’s just like the lift-and-shift use case described above, but in reverse.


How to manipulate hierarchical information in flat relational database tables

A document management system would help to create, keep and disseminate knowledge to other people to learn how to deliver and execute Linux based projects. However, since I had no budget, I could not purchase any document management software. So with free A.S.P., Notepad, IIS Express, SQL Server Express and Gimp, I created a document management website to hold documents. The first system I created was simple. The parent folders or categories and documents are shown on the home page. Clicking on a folder or category name or document opened it up in the next page. This was horrible and slow. So I racked my brains for a couple of months on how to do it better. Finally, I came up with this algorithm which was 1.10.8 based. Wrote the horrible A.S.P. ultra-complicated code in Notepad (no budget for Visual Studio license) built the functional document management website. All the other C.O.E.'s started using my website too as they liked it and all needed a Document Management system which they had no budget to purchase.



Quote for the day:


"We are what we repeatedly do. Excellence therefore is not an act, but a habit." -- Aristotle


No comments:

Post a Comment