News AggregatorCSS Glass Morphism GeneratorAggregated on: 2022-02-12 17:04:57 The glass morphism effect is popping up all over the web at the minute. Although in the past it was generated mostly with images, we can now achieve the same result using CSS. The CSS glass morphism effect is pretty widely supported as well. Below, I've created a generator so you can make your own CSS glass morphism effects and add them to your applications and websites. CSS Glass Morphism Generator A little while ago I used the CSS glass morphism effect to create some apple UI elements. To show how this effect works a little better, I've created a CSS glass morphism generator below. You can change the options, and generate your own glass morphism along with code. View more...Building a Simple Front-End for Your SnowflakeDB DatasourceAggregated on: 2022-02-12 17:04:57 Designing UI elements can take up a majority of a developer’s time when building from scratch. However, with Appsmith (an open-source low-code framework to build powerful internal apps), it’s possible to create a fully functional and custom frontend in minutes. A vast array of pre-built UI components, that is widgets are available to help you build good-looking applications. Connecting data sources with Appsmith takes a few minutes, and you can easily build tools on top of the database of your choice. For example, you can build admin panels to manage product catalogs, read content data from your database and use that to populate your e-commerce website, and then write more data and update your existing orders in the database. The possibilities are countless. View more...How To Internationalize Your App’s Product NotificationsAggregated on: 2022-02-12 15:04:57 Internationalization in software development, known as “i18n” for its number of letters, is as vital as ever for modern companies. Web-based products and services are no longer tied to geographical and cultural boundaries and not every potential customer speak English. You might have designed your app with your native region in mind, but you’ll eventually need to expand your supported languages and regions to cater to a global audience. In this article, you’ll learn about the scope of internationalization and the tools that are available to build software with internationalization logic. You’ll also see how our app's own internationalization workflow is designed and our suggestions for how to do it yourself. View more...The Ultimate DevOps Hourly Rate Guide for 2022Aggregated on: 2022-02-12 15:04:57 DevOps as a whole has been experiencing massive growth since 2014 when it first became a mainstream concept. This point is reinforced by the Vice President of Research & Strategy at Microsoft's GitHub, Nicole Forsgren, who acknowledged that DevOps is rapidly growing worldwide. The consequence is that, as the market, ranging from small and lean startups to large enterprises, begins to realize the efficiency of DevOps, hourly rates for related jobs are subsequently growing as well. By bringing together professionals from security, web development, education, banking, and telecommunication, we can observe a surge in demand for skilled people to fill DevOps positions. View more...Execute mTLS Calls Using JavaAggregated on: 2022-02-12 13:34:57 Supposing we have an NGINX instance secured using SSL and mTLS. If you are using Java interacting with a service secured with mTLS, it requires some changes on your codebase. In this tutorial, we shall enable our Java application to use mTLS using different clients. To get started fast, we can use an existing example of adding mTLS to an NGINX instance. Our java mTLS configuration will use the certificates and keys used to add mTLS to an NGINX. View more...Configure Single Sign-On for CockroachDB Dedicated With OktaAggregated on: 2022-02-12 13:34:57 Motivation CockroachDB Dedicated is a fully-managed, reserved CockroachDB cluster ideal for a cloud database. We frequently get asked how to set up SSO for the individual CockroachDB Dedicated clusters and we have a detailed tutorial to walk you through that with a local, self-hosted cluster. What was unclear was that you can use the same steps to set up SSO with Dedicated. Based on this detailed document, CockroachDB Dedicated supports OIDC authentication. Today, we're going to provide details on how to leverage OIDC specifically with the Dedicated offering and Okta OIDC. View more...Introduction to Couchbase for Oracle Developers and Experts: Part 8: TransactionsAggregated on: 2022-02-12 13:04:57 Here are the previous articles comparing architecture, database objects, data types, data modeling, statements and features, indexing, and optimizer of Oracle with Couchbase. This post will focus on transactions. Six thousand years ago, the Sumerians invented writing for transaction processing - Gray and Reuter The transaction is a set of read and write actions consisting of: View more...10 Must-Know Patterns for Writing Clean Code With React and TypescriptAggregated on: 2022-02-12 11:49:56 Introduction React is a JavaScript library, and it is the most popular and industry-leading frontend development library today. JavaScript is a loosely typed language, and as a result, it catches runtime. The result of this is that JavaScript errors are caught very late and this can lead to nasty bugs. As a JavaScript library, React inherits this problem. Clean code is a consistent style of programming that makes your code easier to write, read, and maintain. Anyone can write code that a computer can understand but good developers write clean code – code that humans can understand. Clean code is a reader-focused development style that improves our software quality and maintainability. View more...Developing an Enterprise-Level Apache Cassandra Sink Connector for Apache PulsarAggregated on: 2022-02-12 11:04:56 When DataStax started investing in streaming with Apache Pulsar™, we knew that one of the first things people would want to do was connect existing enterprise data sources to Apache Cassandra™ using Pulsar. Apache Pulsar has a powerful framework called Pulsar IO to enable this kind of use case, and at DataStax we already had a best-in-class Kafka Connect Sink that enables you to store structured data coming from one or more Kafka topics into DataStax Enterprise, Apache Cassandra, and Astra. View more...How To Do GC Log Analysis?Aggregated on: 2022-02-12 10:34:56 Analyzing garbage collection logs provides several advantages like it reduces GC pause time, reduces cloud computing cost, predicts outages, provides effective metrics for capacity planning. To learn about the profound advantages of GC log analysis, please refer to this post. In this post let’s learn how to analyze GC logs? Basically, there are 3 essential steps when it comes to GC log analysis: View more...How to Master Your Software Engineering Journey, Part 1Aggregated on: 2022-02-11 19:34:56 Software engineering is one of the most talked-about and sought-after career paths in the current world. During my journey as a software engineer, I have worked with some wonderful people, the latest technologies, and great projects. As I reflect on my humble beginnings and the gradual progression to my current role as an engineering manager, I wish I knew some key aspects of the craft of software engineering back then. View more...Copy and Paste Row as Child/Sibling in Syncfusion Angular TreeGridAggregated on: 2022-02-11 18:04:56 Syncfusion Angular can help develop angular applications faster with many featured components that look like TreeGrid. According to the documentation, "Syncfusion Angular UI (Essential JS 2) is a collection of modern TypeScript based true Angular Components. It has support for Ahead Of Time (AOT) compilation and Tree-Shaking. All the components are developed from the ground up to be lightweight, responsive, modular, and touch-friendly." View more...XML File Processing Vulnerabilities: XXE in C# AppsAggregated on: 2022-02-11 17:04:56 How can simple XML files processing turn into a security weakness? How can a blog deployed on your machine cause a data leak? Today we'll find answers to these questions, learn what XXE is and what it looks like. Before we begin, note that there are several types of vulnerabilities related to XML processing. The most popular vulnerabilities are XXE, XEE, and XPath injection. In this article we inspect XXE. If you're interested in the essence of an XEE attack, you can read this article: "How Visual Studio 2022 ate up 100 GB of memory and what XML bombs had to do with it". We'll get to XPath injection sometime later. :) View more...Java: Mediator Design PatternAggregated on: 2022-02-11 15:34:56 In the video below, we take a closer look at the Mediator Design Pattern in Java. This tutorial includes an introduction, real-time examples, class diagram, and implementation. Let's get started! View more...Cheap Windows cloud ServerAggregated on: 2022-02-11 14:49:56 Windows Cloud server gives you ultimate performance and scalability to your website so that you never face much downtime. When multiple cloud servers are interconnected in a specified infrastructure a cloud computing environment is formed. View more...Deploy a Python API on Vercel Using PostgresAggregated on: 2022-02-11 13:49:56 APIs have changed how software is built in recent years, allowing for more reusable code that can interact with any software development tool. Modern APIs have gained defined standards (usually HTTP and REST) that are developer-friendly, easily available, and widely understood, making it easier for developers to build maintainable code with security checks in place, as well as comprehensive documentation. FastAPI is a high-performing Python web framework for creating APIs with standard Python-type hints, allowing you to easily create speedy, intuitive, and robust web applications with fewer bugs. In addition, it has built-in support for API documentation, powered by Swagger. View more...Tech Highlights: Best Software For Dev TeamsAggregated on: 2022-02-11 13:49:56 How would I sum up 2021? For me and my team, the last 12 months were filled with constant learning and adapting to the new trends that completely changed the way we used to work (remember the habit of actually going to the office and wearing pants to work…?!). It wasn’t always easy, but the challenges we faced pushed us into searching for convenient software that could help us handle the new normal. In this short post, I would like to share with you the discoveries I made this year in the field of developer tools. GitLive This tool is for all you team players out there, GitLive makes Git LIVE. It adds a tab to your IDE where you can see your fellow collaborators, if they are online, what issue and branch they are working on, and even their uncommitted changes, all updated in real-time. Any non-stale branch ahead of master/main is considered a work in progress and you can inspect diffs of the files changed as well as view the associated issue or pull request. View more...5 Best Google Cloud Platform (GCP) Courses for BeginnersAggregated on: 2022-02-11 13:49:56 Hello Devs, if you want to learn Google Cloud Platform and looking for the best resources like online courses, books, websites, and tutorials then you have come to the right place. Earlier, I have shared the best free Google Cloud platform courses and best websites to learn GCP, and in this article, I am going to share the best online courses to learn Google Cloud Platform. View more...Exploring the Salesforce Mobile SDK Using Android StudioAggregated on: 2022-02-11 12:49:56 Last July, I started writing a series focused on how to utilize the Salesforce platform without a traditional Salesforce client. Here are links to the other articles in the series: Leveraging Salesforce Using Spring Boot View more...AWS IoT – BasicsAggregated on: 2022-02-11 12:49:56 Introduction Internet of things (IoT) is pretty ambiguous. Any phrase with the word “things” in it is inevitably somewhat ambiguous, right? IoT is a popular and rich topic and depending on the view there is a lot that falls under this term. However, in this post, we will keep it to its core, just a simple use case where we have one or more devices and we want to manage, communicate and use them for our purposes. From the implementation point of view, we have a few options, build our own infrastructure, without or without libraries, use cloud providers and/or mix of different technologies. In this post, we will be using the AWS IoT service. View more...Introducing 140 Second Ducklings: What Is Debugging?Aggregated on: 2022-02-11 12:04:56 This is the first video in the series. I hope to publish a new video every week. It starts with the very basics of debugging and builds up. I think debugging is a powerful tool that even experienced developers don't leverage enough. You need to click the tweet to see the video: View more...Teach yourself Web Sockets in 5 minutesAggregated on: 2022-02-11 11:34:56 In this article we will go through the following concepts. The pub/sub design pattern, also known as “the Hollywood design pattern” Basic web socket theory, and how to publish and subscribe to socket messages Authorisation to prevent malicious users from intercepting our messages How Magic automatically solves a lot of your socket related problems Finally we’ll show and tell with a video how Magic’s web socket implementation is tied together Web Sockets allows for a bidirectional communication channel, through which your server can “push” data to the client, triggering events on the client when something occurs on the server. This has huge advantages for some types of web apps, such as for instance trading systems, chat clients, and apps where you need to see live updates in your client as changes occurs on the server. However, wiring up a web socket module manually is also ridiculously complex, making sockets effectively unavailable for most developers. For these reasons dozens of helper libraries and modules have been created to simplify the subject. For PHP there’s Laravel Sockets. In this article I will walk you through how to use web sockets in Magic using SignalR, and I will be focusing on the server side parts mostly, since this is the most difficult part. However, once you understand how sockets works in Magic on the server side, you can easily implement the client side of the equation using SignalR’s Angular implementation, ReactJS implementation, etc. View more...Introduction to Couchbase for Oracle Developers and Experts: Part 7: OptimizerAggregated on: 2022-02-11 11:04:56 Here are the previous articles comparing architecture, database objects, data types, data modeling, statements and features, and indexing of Oracle with Couchbase. This post will focus on optimizer. To database what Yoda is to Star Wars, optimizer is. - Yoda Separating the HOW (logical, physical representations, access methods) from WHAT (the SQL query) was the genius of the relational model. SQL has been unreasonably effective for relational models and beyond. A good optimizer is critical for SQL irrespective of the data model. The job of an optimizer is to produce an efficient execution algorithm, commonly known as the query plan or simply the plan. View more...Things We Still Do, Twenty Years OnwardAggregated on: 2022-02-11 10:34:56 Joel Spolsky’s once prolific blogging output dried up years ago, but Things You Should Never Do, Part I is still a classic after 22 years. He wrote it as an outsider’s postmortem following the first beta release (6) of Netscape’s browser, three years after the previous major release 4. There never was a version 5. The team had decided on a full rewrite, and the resulting delay probably cost them their competitive advantage over Microsoft’s Internet Explorer. “If Netscape actually had some adult supervision with software industry experience, they might not have shot themselves in the foot so badly”, he closes. View more...Kafka for Live Commerce To Transform the Retail and Shopping MetaverseAggregated on: 2022-02-11 10:34:56 Live commerce combines instant purchasing of a featured product and audience participation. The covid pandemic accelerated this trend. Live commerce emerged in China but arrived in the west across industries, no matter if you sell fashion, toys, cars, digital features, or anything else. This blog post explores the need for real-time data streaming with Apache Kafka between applications to enable live commerce across online stores and brick and mortar stores across regions, countries, and continents. The discussion covers several buildings blocks of a live commerce enterprise architecture. Retail topics include omnichannel retail, hyper-personalized customer communication, transactional data processing, and innovative entertainment with Augmented Reality. Other technical aspects cover the replayability of historical data and correlation with real-time events, Artificial Intelligence (AI) and Machine Learning (ML) applied to real-time data, and edge analytics in the retail store. View more...Top 9 Skills for SREs From Ex-Instacart SREAggregated on: 2022-02-11 10:34:56 It’s easy to talk at a high level about what Site Reliability Engineers (SREs) do: They ensure that IT systems achieve availability and performance requirements. But which skills, exactly, do SREs need to do their jobs? That’s a more complicated question. View more...Perl List Processing Is for Hashes, TooAggregated on: 2022-02-10 22:49:56 This month I started a new job at Alert Logic, a cybersecurity provider with Perl (among many other things) at its beating heart. I’ve been learning a lot, and part of the process has been understanding the APIs in the codebase. To that end, I’ve been writing small test scripts to tease apart data structures, using Perl array-processing, list-processing, and hash — i.e. associative array — processing functions. I’ve covered map, grep, and friends a couple of times before. Most recently, I described using List::Util’s any function to check if a condition is true for any item in a list. In the simplest case, you can use it to check to see if a given value is in the list at all: View more...How to Build a Video Streaming App With Screen Sharing Using FlutterAggregated on: 2022-02-10 21:49:56 Screen sharing is a powerful way to foster immediate collaboration in a real-time meeting. It can speed things up while making sure that everyone is on the same page. This post explains how to build a video streaming app with a screen sharing feature in the Flutter iOS and Android application using the EnableX Flutter development toolkit. View more...Docker SecurityAggregated on: 2022-02-10 21:19:56 This Refcard will lay out the basics of container security, provide core practices for successful implementation, and also spell out some more advanced workflows. We split container security into three sections, covering what to do at each stage in your container security lifecycle. View more...Low-Code: Aging Like WineAggregated on: 2022-02-10 19:49:56 A couple of weeks ago someone roughly commented on my YouTube channel, writing: "No-Code is a hoax and Low-Code a lie." I deleted the comment, not as much because I wanted to censor him, but more so because I was, quite frankly, a bit embarrassed for the commenter. I didn't want to put him into a position where he'd be forced to defend his incorrect assessment of something of such importance to the future. Five years ago, the commenter might have been correct. However, today almost 50% of all companies developing software have already delivered projects using low-code and no-code frameworks and platforms, and roughly half of them have good experiences with such platforms. So either 50% of the world is wrong, or the commenter was wrong. View more...Full Stream Ahead: Astra Streaming, Powered by Apache Pulsar, is Here!Aggregated on: 2022-02-10 19:04:55 With a serverless architecture, multi-region geo replication, and Apache Cassandra’s legendary performance, DataStax Astra DB makes it easy for developers and enterprises to start small with their applications and grow them to infinite scale without constant performance tuning and optimization exercises. However, cloud app developers also face significant challenges beyond data at rest. Modern data apps require high-scale streaming technologies that can deliver the reactive engagement at the point of interaction that end users have come to expect. That’s why today, we’re excited to announce that these capabilities have been added to DataStax Astra. View more...What Is IoT Security?Aggregated on: 2022-02-10 18:34:55 Cellular wireless technologies advancements (like 5G), powerful IoT application platforms (like Microsoft IoT Central), secured IoT connectivity platforms, and all-in-one IoT infrastructure solutions are making it easier than ever for companies to deploy transformative new IoT applications. Yet as the use of new industrial asset monitoring, predictive maintenance, smart energy, Internet of Medical Things (IoMT), and other IoT applications expands, so does the threat landscape for these applications. Given this expanding threat landscape, and the growing number and sophistication of cyberattacks, how can organizations deploy IoT applications in a secure manner that protects them end-to-end — from edge-device to network to cloud? View more...Adding Two Hours in DataWeave: Mule 4Aggregated on: 2022-02-10 16:04:55 Case: You are given a JSON array that will have all the employee's work details as an element. Example input in JSON : View more...Exploring the Salesforce Mobile SDK Using React NativeAggregated on: 2022-02-10 12:04:55 Last July, I started writing a series focused on how the Salesforce platform can be utilized in a manner without a traditional Salesforce client. Here are links to the other articles in the series: Leveraging Salesforce Using Spring Boot View more...8 Penetration Testing Trends You Should Know in 2022Aggregated on: 2022-02-10 06:49:55 As a result of the pandemic’s transition to remote work, the year 2022 is also considered a year of fresh challenges and transformation. The rising demand for the safety of software-based properties like web and mobile applications is projected to enhance the growth of the global pen tests market. Moreover, the growing usage of cloud-based security services is anticipated to fuel the demand for penetration testing. Additionally, the ever-increasing digitization in developing countries is projected to boost the trend of the Internet of Things-based connected devices. This, in turn, boosts the need for pen-testing. Companies have become more prone to malicious assaults and attacks. The rising number of cyber-attacks, coupled with the increasing necessity to meet the compliance measures, is estimated to be a driver for the global pen-testing market during the estimated period. To combat such malicious attacks, penetration testing company must have to keep a close eye on growing cybersecurity trends. In the year 2022, we will undeniably continue to see attacks on the Internet of Things devices. Edge computing gadgets – where data and information are operated on as close as possible to the point it is gathered – besides centralized cloud infrastructure is all vulnerable. Once again, awareness and instruction are two of the most valuable tools when it comes to protecting against these vulnerabilities. Any cybersecurity approach should always take account of a thorough audit of each and every device that is given access to a network or is connected and a full understanding of any vulnerability it may create. As 2022 gets underway, it is the perfect time to evaluate the tech trends presently shaping the future of pen-testing, and how it will persistently go forward. View more...All You Need to Know About User Session SecurityAggregated on: 2022-02-10 01:34:55 What follows is a two-part series on session management — inspired by extensive conversations with over 70 developers and our own intensive research. We will explore different session management practices, identify issues, and converge on a solution to these issues. Through it all, I hope to leave you with clarity on deciding how to manage user sessions (and auth tokens) for your application. In 20 minutes, we summarize all the important information it took us hundreds of hours to obtain and document. This article will introduce session management, analyze commonly use session flaws, and demonstrate best practices. Part two will take a look at a new open source flow that is secure and easy to integrate into existing systems. Specifically, in part one, we cover View more...How to Remove Empty and Non-Empty Directories in Linux [Snippets]Aggregated on: 2022-02-10 00:49:55 Removing a directory in Linux is harder than you think, and it's not uncommon to get errors that look like this: folder: Directory not empty folder: is a directory The confusion comes because rmdir cannot be used to delete a directory with files or folders inside of it. View more...Getting Started With Pandas: Lesson 4Aggregated on: 2022-02-10 00:19:55 Introduction We begin with the fourth and final article of our saga of training with Pandas. In this article, we are going to make a summary of the different functions that are used in Pandas to perform missing data treatment. Dealing with missing data is key and a standard challenge of day-by-day data science work, and it has a direct impact on algorithmic performance. Missing Data Before we start, we are going to visualize the example dataset that we are going to follow to explain the functions. It is a dataset created by us that includes several cases of use to be able to clearly deal with all the examples that we will call `uncompleted_data`. View more...Cloud Systems (Part 2): Containerizing a WebsiteAggregated on: 2022-02-10 00:19:55 Cloud engineering is taking over software development. In a lot of ways, this is great; it allows us to build and deploy more complicated applications with less difficulty, and maintaining those applications becomes less troublesome too. We can release smaller updates more quickly than ever, ensuring that we can stay on top of feature requests and security issues. That said, the rise of cloud engineering has also introduced a lot of complexity in the form of dozens of services even within just one cloud provider. Figuring out where to start can be tough, so let’s take a practical tour! In this series, I’ll walk you through building a personal website and deploying it using modern cloud engineering practices. In part one of this series, we built a personal website and deployed it to AWS S3. That works perfectly well for a static, single-page application with minimal interactivity, but if you want server-side routing or database interactivity, things have to get a little bit more complicated. In part two of this series, we’ll be adding a couple more pages to our personal website, adding server-side routing, and containerizing it with Docker. View more...Mediator Design Pattern in Java [Video]Aggregated on: 2022-02-09 22:49:55 In the video below, we take a closer look at the mediator design pattern in Java. Including an introduction, real-time examples, class diagram, and implementation, this tutorial will help you dive into the topic. Let's get started! View more...Low-Code, ageing like wineAggregated on: 2022-02-09 22:19:55 A couple of weeks ago some guy commented on my YouTube channel and wrote roughly; "No-Code is a hoax and Low-Code a lie". I deleted the comment, not as much because I wanted to censor him, but more because I was quite frankly a bit embarrassed for the commenter, and I didn't put him into a position where he'd be forced to defend his obviously flawed and incorrect assessment of something of such importance to the future. 5 years ago the commenter might have been correct, today almost 50% of all companies developing software have already delivered projects using Low-Code and No-Code frameworks and platforms, and roughly half of them have good experiences with such platforms. So either 50% of the world is wrong and delusional, or the commenter was wrong, and I assume most of us can easily determine who were wrong in this particular situation ... View more...Component Tests for Spring Cloud MicroservicesAggregated on: 2022-02-09 22:04:55 Introduction The shift towards microservices has a direct impact on the testing strategies applied and has introduced a number of complexities that need to be addressed. In fact, microservices require additional levels of testing since we have to deal with multiple independently deployable components. An excellent explanation of these concepts and the various levels of microservices testing is given by Martin Fowler in his Testing Strategies in a Microservice Architecture presentation. Let's have a look at the revised "test pyramid" from this presentation: View more...How to Develop Event-Driven ArchitecturesAggregated on: 2022-02-09 22:04:55 Last month, I wrote an article on open-source Chronicle Wire that discusses how we could serialize an application’s state into different message formats. Now in this article, I'm going to look at how we can use open-source Chronicle Queue and Chronicle Wire to structure applications to use event-driven architecture (EDA). EDA is a design pattern in which decoupled components (often microservices) can asynchronously publish and subscribe to events. View more...API Reviews: Scaling Up API GovernanceAggregated on: 2022-02-09 21:34:55 API reviews are part of the overall API lifecycle. They are used to check that an API’s design matches the API design guidelines. API reviews are also an important step in making sure that the API landscape evolves and grows in a coherent way. Designing Useful and Usable APIs API reviews are only one step in the overall lifecycle. Before they happen, and overall design process has to ensure that a useful API is being designed. This typically happens by aligning the API with a business capability map, which allows to clearly identification the business purpose and value of the API. Once that value-oriented alignment exists, the next goal is to now create a usable API for this value proposition. View more...Circuit Breaker Pattern With Netflix-Hystrix: JavaAggregated on: 2022-02-09 21:34:55 If you are familiar with the circuit breaker pattern then you may have heard about Netflix-hystrix. But, before diving into our topic, let's make sure we have an understanding of what circuit breaker is and how Netflix-hystrix is implementing this pattern. What Problem Are We Trying to Solve? When in a distributed environment, our service may interact with other services or applications via remote call and these external services may be unavailable anytime for several reasons such as downtime, unavailable resources, etc. This unavailability due to the fault in an external application will also affect our perfectly working application. View more...Everything You Need to Know About Time Series AnalysisAggregated on: 2022-02-09 21:04:55 In business, you need to know how your business is doing day-to-day. In order to understand the health of your company, many turns to data analytics. Time series analysis can give valuable insight into what has happened over the course of days, weeks, months, or even years. With this form of analytics, you can learn if your company is making more money during the summer months or at the beginning of the fiscal year. You can also analyze weather data to see if winter storms caused any loss in revenue. Some questions that time series analysis can answer are: How many customers come into the store every day? How much revenue has the business generated over the last few weeks? What is the probability of rain tomorrow? It could be helpful in planning future actions, saving money, and ensuring quality. View more...AlmaLinux Container Images With Full RHEL UBI CompatibilityAggregated on: 2022-02-09 21:04:55 Cloud and Containers SIG have been hard at work lately on a project surrounding container updates, new images, new registries, and distribution. FYI: All container images are available for both the x86_64 and arm64/v8 architectures. View more...3 Predictions for Software Product Development in 2022Aggregated on: 2022-02-09 21:04:55 Over the past few weeks, I’ve found myself reading various “2022 Predictions” lists covering everything from the healthcare market getting simplified for patients, all the way to how Crypto will take over the world. I’ve seen predictions on personal identity, and solutions-based articles on how we solve the unprecedented global demand for software engineers. As leaders in software product development and key players in the world of Open Source, we decided to do the same and have a look at our top three 2022 predictions for the world of software product engineering, DevOps, and Open Source technologies. View more...Identifying, Exploiting, and Preventing Host Header Attacks on Web ServersAggregated on: 2022-02-09 20:49:55 Summary A typical web application uses HyperText Transfer Protocol (HTTP) for communication purposes. There are various attributes in HTTP, termed as Headers (for both Request and Response), that have their significance, and all the attributes in HTTP Headers should be configured securely for communication purposes. Often most of the attributes in HTTP Headers are misconfigured in web servers which makes the entire HTTP communication vulnerable to various cyber-attacks. HTTP Host headers are among one of the HTTP Header attributes that are misconfigured often and it can cause potential threat which is termed as Host Header Injection. In this literature, the author has shown how to exploit HTTP Host Header, where web servers are misconfigured in such a way that web servers respond to malicious HTTP requests without identifying the origin from which HTTP(S) Request(s) (Host Header) is made. In this literature, the author has also shown how to check incoming traffic on web servers w.r.t the origin or HTTP Host Headers and rejecting the same in case request is not coming from whitelisted origin. View more...Alternatives to Docker DesktopAggregated on: 2022-02-09 20:04:55 Last year Docker announced a change in their subscription service agreement that limited the free usage of Docker Desktop effective August 31, 2021, with a grace period until January 31, 2022. The grace period is over, so what are your options if you don't fall in any of the allowed categories to keep it running for free or if you just want to look for alternatives? In this post, we will go over podman and rancher desktop to check if they can replace Docker Desktop usage. A lot of ink has run regarding the goals behind the change in the product subscription, and I won't be able to cover them in this article, so I will just summarize the actual changes. First, Docker Desktop is still free for personal use, open source projects, and small businesses. The real difference comes for subscribers that use it for professional work. Docker sets the barrier at 250 employees and $10 million in annual revenue. If your employer is above those limits, you will need a professional plan starting at $5 per user per month to comply. View more... |
|
|