CodeIsGo.com

The Web Server is a crucial part of web-based applications. Apache Web Server is often placed at the edge of the network; hence it becomes one of the most vulnerable services to attack. A practical guide to secure and harden Apache HTTP Server. By Chandan Kumar.

Having default configuration supply much sensitive information which may help hacker to prepare for an attack of the applications. The majority of web application attacks are through XSS, Info Leakage, Session Management and SQL Injection attacks which are due to weak programming code and failure to sanitize web application infrastructure.

Practical advise in the article contains:

• Remove server version banner
• Disable directory browser listing
• Etag
• Run Apache from a non-privileged account
• Protect binary and configuration directory permission
• System settings protection
• HTTP request methods
• Disable trace HTTP request
• Set cookie with HttpOnly and secure flag
• X-XSS protection
• Mod security

… and more. The article is great helper tool for middleware administrator, application support, system analyst, or anyone working or eager to learn Hardening & Security guidelines. Good read!

Without basic computer architecture best practices, generative AI systems are sluggish. Here are a few tips to optimize complex systems. By David Linthicum.

Performance is often an afterthought with generative AI development and deployment. Most deploying generative AI systems on the cloud, and even not the cloud, have yet to learn what the performance of their generative AI systems should be, take no steps to determine performance, and end up complaining about the performance after deployment. Or, more often, the users complain, and then generative AI designers and developers complain to me.

Author also discusses in this blog:

• Complex deployment landscapes
• AI model tuning
• Vendors could have done a better job establishing best practices
• Security concerns
• Regulatory compliance

Implement automation for scaling and resource optimization, or autoscaling, which cloud providers provide. This includes using machine learning operations (MLOps) techniques and approaches for operating AI models.

At their essence, generative AI systems are complex, distributed data-oriented systems that are challenging to build, deploy, and operate. They are all different, with different moving parts. Most of the parts are distributed everywhere, from the source databases for the training data, to the output data, to the core inference engines that often exist on cloud providers. Nice one!

Engineers use SRE metrics to benchmark and improve the reliability and performance of systems and services. Learn more about the 4 golden signals (latency, errors, traffic, saturation). By @cortex.io.

Software complexity makes it harder for teams to rapidly identify and resolve issues. IT service management has evolved from an afterthought to a central part of DevOps. Microservices architectures are prone to delay or missed identification of such concerns.

Further you will learn:

• What is site reliability engineering (SRE)?
• The core components of site reliability engineering
• What are SRE metrics and why are they important?
• What are the four golden signals of SREs?
  • Latency
  • Traffic
  • Errors
  • Saturation
• Best practices for measuring and improving SRE metrics

Your priorities will change, and your metrics should evolve with them. For one year, you might be more concerned with incident management than having your team resolve incidents rapidly. In that case, you may be interested in tracking the mean time to recovery and latency. Interesting read!

The idea for DBOS (DataBase oriented Operating System) originated 3 years ago with my realization that the state an operating system must maintain (files, processes, threads, messages, etc.) has increased in size by about 6 orders of magnitude since I began using Unix on a PDP-¹¹⁄₄₀ in 1973. By Mike Stonebraker.

Today, we’re releasing DBOS Cloud, a transactional serverless platform built on DBOS, targeting stateful Typescript applications. DBOS Cloud is no ordinary serverless platform. Because it’s built on the DBOS operating system, it offers powerful and unique features, including reliable execution and time travel.

If code running on a DBOS program is ever interrupted, it automatically resumes from where it left off without repeating any of the work already performed. Programs always run to completion, and their operations execute once and only once. DBOS lets you “rewind time” and restore the state of an application to what it was at any point in the past. In today’s release, we provide a time travel debugger, which lets you replay any DBOS Cloud trace locally on your laptop, exactly as it originally happened. You can step through past executions to reproduce rare bugs and even run new code against historical state. In the near future, we also plan to release time travel for disaster recovery, allowing you to rollback your application and its data to any past state.

DBOS Cloud is easy and free for you to try. Interesting read!

In this tutorial, you will build a full-stack Pages application. Your application will contain a front end, built using Cloudflare Pages and the React framework and a JSON API, built with Pages Functions, that returns blog posts that can be retrieved and rendered in your front end. By @cloudflare.com.

This article will guide you through:

• Introduction
• Build your front end
  • Create a new React project
  • Set up your React project
• Build your API
  • Write your Pages Function
• Deploy
  • Deploy with Wrangler
  • Deploy via the dashboard
    • Create a new repository
    • Deploy with Cloudflare Pages

To deploy via the Cloudflare dashboard, you will need to create a new Git repository for your Pages project and connect your Git repository to Cloudflare. This tutorial uses GitHub as its Git provider. Clear instructions and code provided as well. Nice one!

In the era of microservices, where applications are divided into smaller, independently deployable services, managing and securing the communication between these services becomes crucial. This is where an API gateway comes into play. By Iroro Chadere.

In the article:

• What is an API Gateway?
• Benefits of using an API Gateway
• Security in API Gateways
• How to build a custom API Gateway with Node.js

Building a custom API gateway with Node.js offers developers a flexible and customizable solution for managing, routing, and securing API calls in a microservices architecture. Throughout this tutorial, we’ve explored the fundamental concepts of API gateways, including their role in simplifying client-side code, improving scalability and performance, and enhancing security. Good read!

Parsing JSON data is fundamental to any iOS app that performs remote REST API calls. Thanks to the Codable protocols introduced in Swift 4, Swift has a native and idiomatic way to parse JSON data. By Matteo Manferdini.

Paired with the JSONDecoder class, the Decodable protocol allows straightforward JSON decoding in a few lines of code and more sophisticated techniques to handle all the possible data formats and edge cases. Further you will learn:

• How to parse JSON data in Swift
• Advanced techniques to parse complex JSON data
• Building a SwiftUI app that downloads and parses JSON data

You will also find plenty of code examples in the article and links to further reading. Author also prepared a free cheat sheet for you to download. Good read!

Researchers at the University of California, Irvine and Los Alamos National Laboratory, publishing in the latest issue of Nature Communications, describe the discovery of a new method that transforms everyday materials like glass into materials scientists can use to make quantum computers. The advance will allow researchers to transform everyday materials into conductors for use in quantum computers. By technologynetworks.com.

“The materials we made are substances that exhibit unique electrical or quantum properties because of their specific atomic shapes or structures,” said Luis A. Jauregui, professor of physics & astronomy at UCI and lead author of the new paper. “Imagine if we could transform glass, typically considered an insulating material, and convert it into efficient conductors akin to copper. That’s what we’ve done.”

The key, Jauregui explained, was applying the right kind of strain to materials at the atomic scale. To do this, the team designed a special apparatus called a “bending station” at the machine shop in the UCI School of Physical Sciences that allowed them to apply large strain to change the atomic structure of a material called hafnium pentatelluride from a “trivial” material into a material fit for a quantum computer. Interesting read!

DevOps has revolutionized the way organizations develop, deploy, and maintain applications. However, upholding security in a DevOps environment is a serious concern organizations must address in order to keep software development isolated from cyber threats while maintaining agility, production speed, and cross-team collaboration. By Anastazija Spasojevic.

The article covers:

• How does DevOps security Work?
• What are the components of DevOps security?
• DevOps security tools
• Why is DevOps security important?
• DevOps Security best practices

Integration of security into DevOps requires managing and configuring additional tools and processes, which adds a further layer of complexity and demands a higher level of expertise.

DevOps security, often referred to as DevSecOps, involves practices that ensure the security of operations at each stage of the software development lifecycle. It advocates the application of security measures from the beginning of the process rather than just at the end. Embedding security into every phase of software development reduces the risk of vulnerabilities and improves code quality. Good read!

Serverless solutions keep attracting the attention of companies from different business domains. And it isn’t surprising if you look at serverless architecture examples. Giants like BMW, Netflix, Slack, and Coca-Cola use serverless architecture. And in each case, it drove significant benefits. By Kyrylo Kozak.

If you are considering using serverless solutions, it’s a good idea to check out some success stories to eliminate the doubts. We’re going to share some in this article. The Serverless team completed over 220 cloud projects so far. But for now, let’s focus on the world-famous companies and products that inspire innovation and are great examples for anyone to follow. Some of the examples mentioned:

• Equinox Media: Infrastructure and analytics for wellness apps
• BMW: Event-driven analytics for ML modelling
• Major League Baseball: Accurate real-time data updates
• Coca-Cola: IoT-powered vending machines
• Autodesk: Fast app deployment and huge savings
• Slack: Dynamic and responsive chatbots
• Netflix: Scalable on-demand media delivery
• Slack: One more serverless bot

… and more. Exploring real-world serverless architecture use cases helps better understand how it drives innovation and efficiency and what benefits it can offer you. Serverless technology reshapes the approach to application architecture. It makes it more flexible and prone to adjustments, which are critical for keeping up with the dynamic tech market and demanding users. Good read!