This is a brief video detailing “PubSub“, also known as a Publish-Subscribe pattern in software architecture. This is an extremely common pattern where senders of messages, called publishers, do not program the messages to be sent directly to specific receivers, called subscribers, but instead categorize published messages into classes without knowledge of which subscribers, if any, there may be.
I decided to review a topic previously discussed during our second homework assignment this semester in Software Design and Architecture; Design Patterns. This is a much shorter video that serves as more of a refresher of five different design patterns and their main uses, advantages, and disadvantages.
Software design patterns are described as a general, reusable solution to a commonly occurring problem within a given context in software design. This is far too general to be applicable in any meaningful way. What this video provides is much needed context for what each pattern is and in what context would it be useful.
The author of this video is named Jack Herrington and he works for Nike as a Principal Software Engineer. He has written six books and is a verified authority on Software Design. The first pattern that Herrington describes is the Singleton pattern. The Singleton pattern is described as a pattern that restricts the instantiation of a class to one “single” instance. Herrington says that this pattern is very good for use in a database driver or, if you’re over on the client, the data store with the current state of the application. The pro of this pattern is that you can go and get to that data whenever you want, you just have to get the singleton and away you go. The con is that it’s very difficult to back out of a singleton pattern and that it can be very restrictive.
The second pattern discussed is the Facade pattern; this pattern is an object that serves as a front-facing interface masking more complex underlying or structural code. This can improve readability but may also mask some functionality, thus requiring the consumer to do a bit of work to access the feature that they want. Third is the Adapter pattern; which allows the interface of an existing class to be used as another interface. Herrington uses his camera as an example, how the body of the camera serves one main purpose and is then modified by the interchangeable lens. The main draw of this is that it can be applied to almost any app and allows for additional functionalities, only limited by the “body” of the app. The pitfall is that many developers overuse this pattern and complicate too much of the app, thus damaging the quality.
These were the first three and I highly recommend you watch the video to learn more about each of them. I plan to take this knowledge with me and keep an eye out in my career for different uses of each of them and try to better understand why each pattern is used in professional settings and what each of them accomplish differently.
The speaker in this podcast is Alen Pokos, a deputy chief technology officer at Trikodor, a software development company specializing in UX (user experience) and natural language processing for computers, think Siri/Cortana. He spends this hour discussing API design and ideas on how to approach designing web APIs as well as giving personal accounts of his time in the industry and the solutions for common problems he’s encountered.
He begins the presentation defining API as something that enables applications to communicate with one another, it should reflect the goals of the business it is designed to serve, as well as giving a brief description of REST. Pokos goes on to explain common scenarios where Web APIs are usually built; being for other web servers or client consumers such as a web browser or mobile application.
The topic covered in the video that I found most compelling, and really where a lot of the value I gleaned was, was API design. This is primarily what his company presents itself as being experts in. He very poignantly states that “When people disagree on design, it is often they do not agree on the goals.” I’ve run into this situation when designing other things, be it in woodworking, Information Security, Hardware deployment, you name it. It’s something that should really be agreed upon before a project begins which is why software process management strategies all have some form of a task list where goals of development are clearly stated and agreed upon prior to actual development. It is important that before you decide on how a project accomplishes its task, you know what the task is.
I chose this episode because we are currently studying API, frontend, and backend development for the Libre Food Pantry. Understanding the context of what we’re doing and how it may relate to the industry is important for maintaining a firm perspective of how I could potentially translate the skills I’m cultivating into a professional workplace.
This is a presentation given at the WeAreDevelopers World Congress 2018. WeAreDevelopers is a Vienna based company designed to connect developers seeking jobs with companies presenting employment opportunities. They primarily do this through conferences and events where they host speakers discussing myriad topics relating to IT and Software Development. This specific presentation was given by Daniel Lebrero and he discusses four habits that he’s noticed that efficient developers have. He breaks all four of these habits down into smaller facets that exemplify the habit. E.g. breaking down “Fast Feedback” into “Test-Driven Development”, “REPL”, “Code Reviews” and “Continuous code reviews.”
I chose this specific presentation because it directly relates to what we do in class on a daily basis. Everyone should be making continuous progress to be more efficient in their work and being able to hear directly from someone in the industry what makes someone efficient, is one of the fastest and easiest ways to improve yourself. The speaker was clear and provided cogent, real world, examples of the habits discussed. He even coded little .js programs to show how a developer would utilize simple scripts to automate tedious work and explored different IDEs and CLIs that he was familiar with.
I found a lot of what he was saying held a lot of truth. I have noticed similar habits in hiring directors and successful people in the IT field. The two things in particular that resonated with me were the topics of “Focus” and “No menial work.” One thing that plagues my development cycles, whether that doing school work for one of my classes or tasks at my actual occupation, is distractions. Mr. Lebrero advises disabling notifications, to the point where you don’t even have the push notification number showing how many unread notifications you have. He claims that it takes between ten and fifteen minutes every time your work is interrupted to get back on task and to return to the headspace you were in prior to the interruption. I agree that, while I am working, any little distraction throws me completely off track and makes it difficult to work. It’s important to have a quiet and clean workspace and lines of communication that don’t impede your work flow. Of course if something is urgent and worth the ten or fifteen minutes it takes to get back to work, that’s something completely different. On the matter of “No menial work” however, there really shouldn’t be any excuses. Whether a task is worth automating comes with experience and perspective, it’s important to fully understand your task and what’s being asked of you before you try to automate it; as it may take longer to code a small automation script than to just tough it out.
In this podcast interview, Chris Sienko with InfoSec Institute interviews George McPherson with the Blak Cyber podcast. It is a casual interview discussing McPherson’s history in the IT field and his career trajectory up to 2020 as a security professional. This relates to Software Construction, Design, and Architecture because many of my fellow classmates are looking to get their starts in the IT field and committing to making this their career. It’s important to understand the avenues for progression in the IT field through many different means, including how to take a software development background and pivoting that into security positions.
They discuss how McPherson got his start with being a lineman with a telecom company and then got a job doing Windows 7 deployment and assistance with home users, combined with a lot of hard work and networking, this transitioned into a cyber security position. I feel that in order to have a comprehensive and effective cybersecurity team you need many different specialists working together to understand potential threats and best practices to prevent vulnerabilities. Software development provides many opportunities into the cyber security field both with backend development in eliminating program vulnerabilities that are caused by bad code or loopholes as well as end-user roles like tech support and having a comprehensive understanding of the software that will allow you to help the end user keep their systems secure.
In my experience as a chapter member of the Raleigh Information Systems Security Association, many of the companies that were at the hiring events weren’t necessarily looking for people who were Sec+ certified or already experts in cybersecurity, just people with a background in Computer Science and a passion for learning. Red Hat in particular was a massive supporter and were consistently sending representatives trying to recruit people for myriad entry level development positions.
Another, and probably most important, thing that was discussed was diversity in the IT career field. Sienko discusses it from a company’s hiring/HR side whereas McPherson discusses it from the applicant or individual’s perspective. McPherson advocates for companies to reach out to Historically Black Colleges and Universities (HBCUs) and to work with them to form a pipeline for career opportunities in order to add diversity in the workplace and ensure there are multiple backgrounds and perspectives being represented on any given development team.
This is the Keynote speaker for day two of Raleigh ISSA’s 2021 Information Security Conference. In my previous post about the Keynote of Day 1 Keynote Speaker I detailed my attachment to the Association and my appreciation for the monthly resource of meetings that I used to attend when I lived in Raleigh. The presentation for Day 2 is a little different in that it’s not themed around Halloween or any comedic points.
The speaker, Armando Seay, is a Co-Founder & Board Member at Maryland Innovation and Security Institute which is an organization that assists clients in finding security solutions and applying them to their IT infrastructure. He begins the presentation discussing the importance of understanding security standards and practices around the world and how young professionals in the IT field get their starts in the US, Ukraine, Israel, and other various countries. He describes his organization as “geographically boundless” due to the fact that they assist clients all over the world.
The importance of being able to work with people around the world is something that I’m finding to be more and more important as I travel around the US from one cultural hub to another. I grew up in Columbia, South Carolina and then I joined the Coast Guard after High School and now I’ve moved to Worcester. Each of these places are full of different demographics and being successful in each of them required working with different people from different backgrounds and finding common ground to build upon. I have friends that were born in Haiti, China, West Africa, Europe, Canada, and they all come from backgrounds that are exceptionally different from my own. Engaging with people from different backgrounds allows one to broaden their perspective and find solutions that they wouldn’t normally find on their own.
Armando goes on to talk about the Academic Partners and what they call their “Partner Ecosystem,” I believe that POGIL team structures kind of works as a microcosm of these in that when groups are switched around we form partnerships that we can maintain and use to better understand our assignments and accomplish goals.
One thing that I found particularly interesting was his discussion about Maritime Attacks, that is to say attacks on the software that ships use to either catalogue their cargo, their navigation, or even their movement. It’s important to be aware of software vulnerabilities and best practices so that we aren’t exposing others to cybersecurity vulnerabilities due to our negligence. Armando closes his presentation discussing Zero-Trust policies and how critical it is to verify any process or user in your network and everything you do before you entrust any security clearance to them.
Dr. Cunningham focuses on integrating security into operations; leveraging advanced security solutions; empowering operations through artificial intelligence and machine learning; and planning for future growth within secure systems.
This video is the Keynote speaker’s presentation for the Raleigh chapter of the Information Systems Security Association for their 2021 fundraising event called InfoSeCon. I used to be a chapter member before I moved here to Massachusetts and I try to keep up with some of their announcements and events from time to time.
Dr. Cunningham was a previous Keynote speaker and to see him return this week on their Youtube channel was exciting. He’s known for being the creator of the Zero Trust eXtended (ZTX) framework which is a framework of network security protocols that prioritize network isolation and continuous monitoring and validation.
This keynote presentation primarily focuses on network security and serves as a reminder of best practices for operating a corporate network while utilizing a zero-trust framework. He uses horror movies as a theme to tie everything together and make it engaging for his audience and I really appreciate the consideration. InfoSeCon took place back in October so it was topical and showed that it wasn’t some canned presentation that he had been giving all year. It really goes to show that one of the largest hurdles to Network Security is just communicating the importance of simple practices and getting your audience, whether it be clients that hire you on to improve their company’s practices or systems or if they’re users already in your network to follow them.
That’s really one of the main appeals of a Zero-Trust framework. Traditionally, network security is treated as an Us vs Them scenario where it’s always something that is being inflicted upon the company rather than the natural conclusions of risky behaviors. ZTX operates differently; it assumes that you can’t trust the end users to know everything you know about what they should or should not do. It encourages the security professionals to segment everything and isolate as much as possible so that when one person unknowingly invites the vampire into the house, we can shut another door in its face and not have to worry about evacuating everybody.
Specifically, he stresses the importance of maintenance within your systems so that older vulnerabilities aren’t taken advantage of and make life harder in the future, to listen to your users, that moving to the cloud is likely the best solution for people dealing with a “haunted” infrastructure, as well as a lot of other really great advice.
While a lot of the best practices are simple and seem like common sense, I always appreciate a reminder so that I don’t make bone-headed mistakes that can cost either me or my employer great sums of money. It’s important as I learn more and more about Software design and architecture that I keep in mind how I could be unknowingly creating vulnerabilities that could be exploited if ever someone decided to try hard enough to find them.
This is the inaugural post for my brand new Computer Science blog! This is my first foray into maintaining a social media presence since I was networking in Raleigh, NC before I moved to Rutland. I used to have a presence on LinkedIn where I would post about volunteering to refurbish and repair donated computers to give them families in need in the Research Triangle. It is also where I would find out about what’s going on in the Raleigh Information Systems Security Association that I was a part of. I hope to maintain this blog through this semester and beyond, into my Computer Science career.