IoC - DI

Inversion of Control (IoC) design is achieved using service locator, factory pattern or Dependency Injection (DI).  DI is the recent framework to build in the modern application framework.

As depicted in the diagram, DI has 4 core elements

1. Client - dependent role
2. Server - functionality provider 
3. Injector - creates server instances to client
4. Interface - communication contract between client and server

DI decouples objects from their dependencies by receiving from an external source - not with direct implementations.

Multiple ways of dependency injection implementations are available in github https://github.com/gsenthilvel/InversionOfControl 

Top-3 advantages

1. Loosely coupled
2. Unit testability
3. Scalability

Top-3 disadvantages

1. Complexity to develop
2. Reduced transparency
3. Overhead to troubleshoot/debug

TLS-1.2 Architecture

The architecture of TLS (Transport Layer Security) 1.2, is defined in RFC 5246. As defined in the given diagram, TLS 1.2 has 4 phases of execution.

1. Record TCP check

It serves as the underlying transport mechanism for TLS, which is responsible for encapsulation of higher-level protocols

2. Certificate Exchange

In mutual authentication scenarios, client and server exchanges and verifies certificates to generates shared keys.

3. Key Exchange

The communication is based on the chosen cipher suite. The client and server then generate a pre-master secret and exchange it securely.

4. Final Data Transmission

Both the client and server connect with encrypted derived keys, to confirm that the handshake. It enables to continue the client request and server response in secured way.

Source code is demonstrated using C# in github repo at gsenthilvel/tls-demo (github.com)

SSL TLS End of Life

In the world of secured HTTP protocol (HTTPS), Secure Socket Layer (SSL) and Transport Layer Security (TLS) plays a vital role in the network industry.

SSL is a cryptographic protocol, which extends HTTP to authenticate internet connections and enable encryption and SSL decryption for data communication over a network. 

SSL 1.0

• Release: SSL 1.0 was never publicly released due to serious security flaws.

SSL 2.0

• Release in 1995
• End of Life: The Internet Engineering Task Force (IETF) officially deprecated in 2011 through RFC 6176.

SSL 3.0

• Release in 1996
• End of Life: June 2015 through RFC 7568.

TLS is a direct evolution of SSL and introduced to address security vulnerabilities in the earlier protocol.

TLS 1.0

• Release in January 1999
• End of Life: IETF recommended deprecating TLS 1.0 in 2018. Major browsers like Google Chrome, Mozilla Firefox, Microsoft Edge, and Safari officially ended support in 2020.

TLS 1.1

• Release in April 2006
• End of Life: IETF in 2018, with major browsers in 2020.

TLS 1.2

• Release in August 2008
• End of Life: Now, it is widely supported; but recommended to TLS 1.3 for which adoption increases.

TLS 1.3

• Release in August 2018
• End of Life: Not applicable as it is current standards

Ubuntu 24.04 LTS

Yday Canonical announced the availability of Landscape’s first LTS release. 

Today, it was required to upgrade/replace the end-of-life version Ubuntu 16.04.2 LTS at my work.  As sync, it's a great opportunity to explore the latest and greatest version Ubuntu 24.04 LTS

Landscape 24.04 LTS features a new versioned API, a new web portal with accessibility and performance in mind, and intuitive controls for software distribution. It comprises Landscape Server and Landscape Client. 

With a modernized backend and web portal in place, engineering teams can work efficiently, focusing on patches and new features.

Fact sheet is available at https://pages.ubuntu.com/rs/066-EOV-335/images/Landscape%20DS%20v3%205.4.2024.pdf?version=0&_gl=1*ux7hxq*_gcl_au*NDc5NjcxODM3LjE3MTQ3OTAwMDk.&_ga=2.140511158.548493742.1714790009-980279757.1714790009

This new version is not just faster, but also a fortress system.  Welcome to Noble Numbat!

Gov security in Copilot

Last month US House of Representatives has set a strict ban on congressional staffers' use of Microsoft's, opens new tab Copilot generative AI assistant, Axios

"We recognize that government users have higher security requirements for data. That’s why we announced a roadmap of Microsoft AI tools, like Copilot, that meet federal government security and compliance requirements that we intend to deliver later this year,” a Microsoft spokesperson told Reuters.

The U.S. House's chief administrative office did not immediately respond to a Reuters request for comment.

Ref: https://www.reuters.com/technology/us-congress-bans-staff-use-microsofts-ai-copilot-axios-reports-2024-03-29/

CoPilot short cuts

This week, started using the enterprise version of Microsoft CoPilot AI companion framework.

Foremost important usage factors on short cuts

• Accept suggestions: Tab
• Reject suggestion: Esc
• Open Copilot suggestions panel: Ctrl + Enter (This panel shows up to 10 suggestions)
• Next suggestion: Alt/Option + ]
• Previous suggestion: Alt/Option + [

NYC earthquake

Yday, the earthquake had a preliminary magnitude of 4.8, which lasted several seconds started at 10:23 a.m. 

The earthquake’s epicenter was 3.7 miles (25 miles from my place) southeast of Califon, New Jersey, according to the USGS (United States Geological Survey).

More than 120,000 responses poured into the USGS’s “Did You Feel It?” tool. Many of those were from reports in densely populated New York City, Boston and Philadelphia.

USGS figures indicate that the quake might have been felt by more than 42 million people.

ALB Keep Alive

Now, Application Load Balancer (ALB) provides flexibility that allows you to configure HTTP client keepalive duration for communication between clients and load balancer. With this feature, you can configure keepalive values to optimize client experience.

The HTTP client keepalive duration value specifies the maximum amount of time that ALB will maintain an HTTP connection with a client before closing the connection. 

The feature will allow customers to gracefully terminate their connections for deployment patterns like Blue/Green or rollbacks, migration of legacy applications, and while evacuating Availability Zones using zonal shift with Amazon Route 53 Application Recovery Controller. 

It is possible to set a value between 60 seconds and 7 days using a load balancer attribute as app clients’ keepalive duration, while the default value is 3600 seconds.

EFS throughput

Yday, Amazon Elastic File System (EFS) has increased the throughput per file system to up to 20 GiB/s of read throughput and up to 5 GiB/s of write throughput.

Amazon EFS provides serverless, fully elastic file storage that makes it simple to set up and run file workloads in the AWS cloud. 

This launch increases the maximum throughput performance for EFS file systems using Elastic Throughput by up to 2x, to 20 GiB/s of read throughput (from 10 GiB/s) and to 5 GiB/s of write throughput (from 3 GiB/s). 

With these higher throughput limits, it is possible to extend EFS’s simple, fully elastic, provisioning-free experience to even more throughput-intensive workloads, such as machine learning, genomics, and data analytics applications. 

AWS Global Accelerator

AWS Global Accelerator is a networking service that improves the performance, reliability and security of your online applications using AWS Global Infrastructure. AWS Global Accelerator can be deployed in front of your Network Load Balancers, Application Load Balancers, AWS EC2 instances, and Elastic IPs, any of which could serve as Regional endpoints for your application.

Since AWS Global Accelerator operates at layer 4 of the OSI model, it can be used with any TCP/UDP application. You pay the Data Transfer-Premium fee of AWS Global Accelerator (on top of Data Transfer Out charges) in addition to an hourly accelerator fee to improve the performance and availability of your applications. 

In a nutshell, Global Accelerator improves the security, reliability, and performance of user-facing applications.

AWS CF policy workflow

 

As outlined in the above diagram, response headers policies do not impact the origin-supplied headers stored in CloudFront’s caching layers. 

Headers configured in the policies are inserted after the response leaves the cache, and before the viewer response event that triggers a function if configured. 

If you have an edge function attached to the same behavior, policy inserted headers will be accessible in your function through the event object listing all the headers associated with the response. 

You can use that functionality by treating the headers generated through a policy as inputs for the function that will impact how the code is executed. This is similar to using environmental variables.

MIME type text html

 

What

Last week, we faced MIME type error after the hosted server upgrade.  

Loading module from “runtime.4c09d92ae7f4a186.js” was blocked because of a disallowed MIME type (“text/plain”).  Strict MIME type checking is enforced for module scripts per HTML spec.

By design, Angular web app is hosted using AWS S3 and CloudFront architecture.

Where

These issues were related to three build files namely main.js, runtime.js and polyfills.js 

Why

Due to recent server upgrade process, Angular build files were uploaded into AWS to render as text/html by default. 

How

Fix is to upload files to s3 and specify the content-type in metadata for js files explicitly as below:

aws s3 sync $DIST_PATH/ s3://$BUCKET_NAME/ --include "*.js" --content-type "application/javascript"

Google Gemini

 

Yday, Google announced a major rebrand of Bard, its artificial intelligence chatbot and assistant, including a fresh app and subscription options. Bard, a chief competitor to OpenAI’s ChatGPT, is now called Gemini, the same name as the suite of AI models that power the chatbot.

Google CEO wrote in his note - "A new state of the art"

In December, we took a significant step on our journey to make AI more helpful for everyone with the start of the Gemini era, setting a new state of the art across a wide range of text, image, audio, and video benchmarks. However, Gemini is evolving to be more than just the models. It supports an entire ecosystem — from the products that billions of people use every day, to the APIs and platforms helping developers and businesses innovate.

The largest model Ultra 1.0 is the first to outperform human experts on MMLU (massive multitask language understanding), which uses a combination of 57 subjects — including math, physics, history, law, medicine and ethics — to test knowledge and problem-solving abilities.

Today we’re taking our next step and bringing Ultra to our products and the world.

AWS IPv4

Starting 1st Feb 2024, AWS Free Tier covers for Amazon Elastic Compute Cloud, 12 months free, to include 750 hours of public IPv4 address usage per month. 

AWS Free Tier for Amazon EC2 applies to in-use public IPv4 address usage. Usage beyond 750 hours per month of in-use public IPv4 address will be charged at $0.005 per IP per hour as announced in this AWS News blog. 

There is no change in pricing for idle public IPv4 addresses that you allocate in your account but don’t attach to an EC2 instance. IPv4 addresses that you own and bring to AWS using Amazon BYOIP will continue to be free. 

Azure vs AWS 2023

With the recent learnings/working experiences, one question stroked my mind - Azure vs AWS.

An interesting article is available at https://www.simplilearn.com/tutorials/cloud-computing-tutorial/aws-vs-azure, based on last year 2023

In a nutshell, Azure and AWS are both well-respected members of the cloud domain. Azure holds about 29.4% of all installed application workloads while AWS stands at 41.5 percent.

GCP certification levels

 

Google Cloud certifications are typically categorized into three main levels: Foundation, Associate and Professional.

1. Foundation

The foundational certification validates your comprehensive understanding of fundamental cloud concepts. It requires knowledge of Google Cloud's products, features, services, tools, use cases, and benefits, with no specific technical prerequisites. Upon successful completion, the individual is certified as a digital cloud leader, qualified to work in any organization.

2. Associate level

This extends beyond a broad understanding of cloud features. It ensures that the credential holder possesses the essential skills to deploy, operate, oversee, and sustain projects on the Google Cloud platform.

3. Professional level

The professional certification enables individuals to evaluate essential technical responsibilities associated with specific and advanced roles. It equips candidates with advanced and specialized expertise in the design, implementation, and management of Google Cloud products.

2024 Multi cloud

We're shifting our gear towards true multi cloud strategy.  

The primary driving factor is due to personal 3:4:3 (3 years: 4 quarters: 3 months) on cloud technology passion. Last couple of years, blessed focus on AWS and Azure in terms of work experience and industry certifications.  

This year, effort is towards Google Cloud Platform (GCP).

To kick start the multi cloud learning, here is the summary of Top-3 cloud platforms in the industry namely Amazon AWS, Microsoft Azure and Google GCP

 Happy New Year 2024!