Daily Tech Digest - December 04, 2020

The evolving role of operations in DevOps

To better understand how DevOps changes the responsibilities of operations teams, it will help to recap the traditional, pre-DevOps role of operations. Let’s take a look at a typical organization’s software lifecycle: before DevOps, developers package an application with documentation, and then ship it to a QA team. The QA teams install and test the application, and then hand off to production operations teams. The operations teams are then responsible for deploying and managing the software with little-to-no direct interaction with the development teams. These dev-to-ops handoffs are typically one-way, often limited to a few scheduled times in an application’s release cycle. Once in production, the operations team is then responsible for managing the service’s stability and uptime, as well as the infrastructure that hosts the code. If there are bugs in the code, the virtual assembly line of dev-to-qa-to-prod is revisited with a patch, with each team waiting on the other for next steps. This model typically requires pre-existing infrastructure that needs to be maintained, and comes with significant overhead. While many businesses continue to remain competitive with this model, the faster, more collaborative way of bridging the gap between development and operations is finding wide adoption in the form of DevOps.

Monitoring Microservices the Right Way

The common practice by StatsD and other traditional solutions was to collect metrics in push mode, which required explicitly configuring each component and third-party tool with the metrics collector destination. With the many frameworks and languages involved in modern systems it has become challenging to maintain this explicit push-mode sending of metrics. Adding Kubernetes to the mix increased the complexity even further. Teams were looking to offload the work of collecting metrics. This was a distinct strongpoint of Prometheus, which offered a pull-mode scraping, together with service discovery of the components ("targets" in Prometheus terms). In particular, Prometheus shined with its native scraping from Kubernetes, and as Kubernetes’s demand skyrocketed so did Prometheus. As the popularity of Prometheus grew, many open source projects added support for the Prometheus Metrics Exporter format, which has made metrics scraping with Prometheus even more seamless. Today you can find Prometheus exporters for many common systems including popular databases, messaging systems, web servers, or hardware components.

Will Blockchain Replace Clearinghouses? A Case Of DVP Post-Trade Settlement

Blockchain technology can improve settlement processes substantially. First, using a blockchain makes it possible to decrease counterparty risk as it enables a trustless settlement process that is similar to DVP settlement in a way that the delivery of an asset is directly linked to the instantaneous payment for the asset.  Therefore, atomic swaps enable direct “barter” operations when one tokenized asset is directly exchanged for another tokenized asset (delivery versus delivery). Here, “directly exchanged” means that the technology guarantees that both transfers have to happen. It is technologically not possible that only one transfer is executed if the other transfer is interrupted for whatever reason. Besides, if a blockchain is used for settlement, a third party intermediary that helps to facilitate settlement in the case of a conventional, not DLT-based DVP is no longer necessary. This implies peer-to-peer settlement that leads to substantial cost savings for the settlement. In addition, cross-chain atomic swaps cover more complex cases such as trustless settlement among more than two parties.

Cloud native security: A maturing and expanding arena

Along with the usual array of preventative controls that are deployed as part of a cloud native platform, companies need to focus on detection and response to breaches. It’s important to note that the usual toolsets that are put in place will need to be supplemented by cloud native tools that can provide targeted visibility into container-based workflows. Projects like Falco, which can integrate with container workloads at a low level, are an important part of this. Additionally, companies should make sure to properly use the facilities that Kubernetes provides. For example, Kubernetes audit logging is rarely enabled by default, but it’s an important control for any production cluster. A key takeaway for container security deployments is the importance of getting security controls in place before workloads are placed into production. Ensuring that developers are making use of Kubernetes features like Security Contexts to harden their deployments will make the deployment of mandatory controls much easier. Also ensuring that a “least privilege” initial approach is taken to network traffic in a cluster can help avoid the “hard shell, soft inside” approach to security that allows attackers to easily expand their access after an initial compromise has occurred.

Cloud computing in the real world: The challenges and opportunities of multicloud

In an ideal world, application workloads -- whatever their heritage -- should be able to move seamlessly between, or be shared among, cloud service providers (CSPs), alighting wherever the optimal combination of performance, functionality, cost, security, compliance, availability, resilience, and so on, is to be found -- while avoiding the dreaded 'vendor lock-in'. "Businesses taking a multicloud approach can cherry-pick the solutions that best meet their business needs as soon as they become available, rather than having to wait for one vendor to catch up," John Abel, technical director, office of the CTO, Google Cloud, told ZDNet. "Avoiding vendor lock in, increased agility, more efficient costs and the promise of each provider's best solutions are all too great to ignore." That's certainly the view taken by many respondents to the survey underpinning the 2020 State of Multicloud report from application resource management company Turbonomic. ... "Bottom-line, cultural change is a prerequisite for managing the complexity of today's hybrid and multicloud environments. Teams must operate faster, dynamically adapting to shifting market trends to stay competitive.

An Architect's guide to APIs: REST, GraphQL, and gRPC

The benefit of taking an API-based approach to application architecture design is that it allows a wide variety of physical client devices and application types to interact with the given application. One API can be used not only for PC-based computing but also for cellphones and IoT devices. Communication is not limited to interactions between humans and applications. With the rise of machine learning and artificial intelligence, service-to-service interaction facilitated by APIs will emerge as the Internet's principal activity. APIs bring a new dimension to architectural design. However, while network communication and data structures have become more conventional over time, there is still variety among API formats. There is no "one ring to rule them all." Instead, there are many API formats, with the most popular being REST, GraphQL, and gRPC. Thus a reasonable question to ask is, as an Enterprise Architect, how do I pick the best API format to meet the need at hand? The answer is that it's a matter of understanding the benefits and limitations of the given format.

Unlock the Power of Omnichannel Retail at the Edge

The Edge exists wherever the digital world and physical world intersect, and data is securely collected, generated, and processed to create new value. According to Gartner, by 2025, 75 percent6 of data will be processed at the Edge. For retailers, Edge technology means real-time data collection, analytics and automated responses where they matter most — on the shop floor, be that physical or virtual. And for today’s retailers, it’s what happens when Edge computing is combined with Computer Vision and AI that is most powerful and exciting, as it creates the many opportunities of omnichannel shopping. With Computer Vision, retailers enter a world of powerful sensor-enabled cameras that can see much more than the human eye. Combined with Edge analytics and AI, Computer Vision can enable retailers to monitor, interpret, and act in real-time across all areas of the retail environment. This type of vision has obvious implications for security, but for retailers it also opens up huge possibilities in understanding shopping behavior and implementing rapid responses. For example, understanding how customers flow through the store, and at what times of the day, can allow the retailer to put more important items directly in their paths to be more visible.

Hacking Group Used Crypto Miners as Distraction Technique

The use of the monero miners helped the hacking group establish persistence within targeted networks and enabled them to deploy other spy tools and malware without raising suspicion. That's because cryptocurrency miners are usually low-level security priorities for most organizations, according to Microsoft. "Cryptocurrency miners are typically associated with cybercriminal operations, not sophisticated nation-state actor activity," the Microsoft report notes. "They are not the most sophisticated type of threats, which also means that they are not among the most critical security issues that defenders address with urgency. Recent campaigns from the nation-state actor Bismuth take advantage of the low-priority alerts coin miners cause to try and fly under the radar and establish persistence." The Microsoft report also notes: "While this actor's operational goals remained the same - establish continuous monitoring and espionage, exfiltrating useful information as it surfaced - their deployment of coin miners in their recent campaigns provided another way for the attackers to monetize compromised networks."

Cypress vs. Selenium: Compare test automation frameworks

Selenium suits applications that don't have many complex front-end components. Selenium's support for multiple languages makes it a good choice as the test automation framework for development projects that aren't in JavaScript. Selenium is open source, has ample documentation and is well supported by many other open source tools. Also, when a project calls for behavior-driven development (BDD), organizations find Selenium fits the approach well, as many libraries, like Cucumber or Capybara, make writing tests within BDD structured and implementable. Cypress is a great tool to automate JavaScript application testing. And that's a large group, as JavaScript is the language of choice for many modern web applications. Cypress integrates well with the client side and asynchronous design of these applications, as it natively ties into the web browser. Thus, test scripts run much quicker and more reliably than they would for the same application tested with Selenium for automation. Cypress might be better suited for a testing team with programming experience, as JavaScript is a complex single-threaded, non-blocking, asynchronous, concurrent language.

The Complexity of Product Management and Product Ownership

An issue for organisational leaders considering how to design for product flow is that when someone says product ownership or product management we are immediately uncertain which of many possible definitions the person is referring to. This level of ambiguity is a constant struggle in the software world. Agile, DevOps, and Digital are all now terms which are the subject of confusion and passionate neverending debates. Product ownership/management has now joined them. Kent Beck described a similar issue in software teams when everyone has slightly different concepts in their minds when describing system components. He called this the problem of metaphor and prescribed it as a key practice in eXtreme programming. We need to take this practice of System Metaphor to our wider discussions as product delivery groups if we are going to resolve bigger issues. To help consider some of the Metaphor surrounding the product owner function I highly recommend the blog by Roman Pilcher (an author on product management) He does a good job of creating metaphors for the key variations in product management roles.

Quote for the day:

"Real generosity towards the future lies in giving all to the present." -- Camus

No comments:

Post a Comment