Dr. Cunningham focuses on integrating security into operations; leveraging advanced security solutions; empowering operations through artificial intelligence and machine learning; and planning for future growth within secure systems.

– https://www.youtube.com/watch?v=VBfTpmEyHy0

This video is the Keynote speaker’s presentation for the Raleigh chapter of the Information Systems Security Association for their 2021 fundraising event called InfoSeCon. I used to be a chapter member before I moved here to Massachusetts and I try to keep up with some of their announcements and events from time to time.

Dr. Cunningham was a previous Keynote speaker and to see him return this week on their Youtube channel was exciting. He’s known for being the creator of the Zero Trust eXtended (ZTX) framework which is a framework of network security protocols that prioritize network isolation and continuous monitoring and validation.

This keynote presentation primarily focuses on network security and serves as a reminder of best practices for operating a corporate network while utilizing a zero-trust framework. He uses horror movies as a theme to tie everything together and make it engaging for his audience and I really appreciate the consideration. InfoSeCon took place back in October so it was topical and showed that it wasn’t some canned presentation that he had been giving all year. It really goes to show that one of the largest hurdles to Network Security is just communicating the importance of simple practices and getting your audience, whether it be clients that hire you on to improve their company’s practices or systems or if they’re users already in your network to follow them.

That’s really one of the main appeals of a Zero-Trust framework. Traditionally, network security is treated as an Us vs Them scenario where it’s always something that is being inflicted upon the company rather than the natural conclusions of risky behaviors. ZTX operates differently; it assumes that you can’t trust the end users to know everything you know about what they should or should not do. It encourages the security professionals to segment everything and isolate as much as possible so that when one person unknowingly invites the vampire into the house, we can shut another door in its face and not have to worry about evacuating everybody.

Specifically, he stresses the importance of maintenance within your systems so that older vulnerabilities aren’t taken advantage of and make life harder in the future, to listen to your users, that moving to the cloud is likely the best solution for people dealing with a “haunted” infrastructure, as well as a lot of other really great advice.

While a lot of the best practices are simple and seem like common sense, I always appreciate a reminder so that I don’t make bone-headed mistakes that can cost either me or my employer great sums of money. It’s important as I learn more and more about Software design and architecture that I keep in mind how I could be unknowingly creating vulnerabilities that could be exploited if ever someone decided to try hard enough to find them.

From the blog CS@Worcester – Jeremy Studley's CS Blog by jstudley95 and used with permission of the author. All other rights reserved by the author.

https://www.bmc.com/blogs/docker-101-introduction/#

In the above blog post by Sudip Sengupta, he introduces Docker and gives us a guide on Docker. The blog post goes over application development today, what docker is, it’s components, it’s benefits, and alternatives to Docker. In today’s application development, a common struggle is managing an application’s dependencies and technology stack across various cloud and development environment. By adopting something like Docker or a containerized framework, it allows for a stable framework without adding complexities, security vulnerabilities, and operational loose ends. Docker also makes application development easier by allowing development teams to save time, effort, and money by dockerizing their applications into single or multiple modules. Testing with Docker is also done independently (each application is in their own container) which allows testing to not impact any other components of the application. Docker also helps keep consistent versions of libraries and packages to use during the development process.

I chose this blog post because I was having a hard time in class understanding Docker. I tried to view it as a virtual machine, which was somewhat right, but is actually more efficient than a virtual machine since you won’t have to run a virtual machine and use a lot more resources than needed. Compare that to a Docker container which contains all dependencies, libraries, and config files, Docker would be the much more viable option to use in the long run in my opinion, virtual machines just take too much resources (they require significant RAM and GPU resources since they run a separate OS and a virtual copy of all the hardware the OS requires) and Docker containers, or application containers in general, are more flexible and portable than a VM.

You can see why Docker is being adopted more, it’s because it’s much more efficient and easier to use while developing an application. With this blog post, I’ve learned a lot more about Docker and why it’s used. I thought this was a good blog post because it helped get a better understanding of why Docker is used in application development and helps me familiarize myself more with technology I’ll most likely be using when I get a professional job and start developing applications with a team. In the future, I expect to have to learn more Docker or application containerization in general for my job as a software developer and having the knowledge of Docker beforehand and why developers use it, is very useful.

From the blog CS@Worcester – Brendan Lai by Brendan Lai and used with permission of the author. All other rights reserved by the author.

https://swagger.io/resources/articles/best-practices-in-api-design/

The article I’ve chosen is based on Rest API Design, a topic that we are currently working on in class. Many important parts of Rest API Design are talked about throughout the article some of them being Rest API Design characteristics, collections and their resources, HTTP methods and more. According to the article a good api should be easy to read, complete/concise and hard for a user to misuse which is all important not only for integration of the api but also when using an api with any kind of application that it was designed for. Collections, resources and URLs are also very important to designing an effective Rest API as collections and resources allow the passing of data throughout the API and its functions. Using the proper URL helps you manipulate which data is shown at a specific time whether its the data of a specific user or an error code.

Describing the purpose or function of resources is also very important and it is done through the use of different HTTP methods. The methods listed in the article include get, post, put, patch and delete. Each of these HTTP methods is used to retrieve, create, update or delete resources. ANother way to develop a good rest API according to the article is by providing feedback for users by implementing error codes when the API is used incorrectly whether there is error in an entry by the user or if the user uses the incorrect operation when entering data. The responses you provide or error codes can help users and yourself understand your API better which will also help you when testing the functions of your API so you know how any commands or entries should be formed during use. The author also highlights that using examples in your get methods is important as it shows exactly what the user can expect when they “successfully call the API function”.

I chose this article as I found it helpful with our current class topic and it outlines all the basics of Rest API design and helps student developers like myself and my classmates better understand how to effectively design a Rest API. This article helped me understand the use of HTTP methods further as well as the importance of examples and resources which helps greatly with our current class subject. The article helps put the design of Rest API’s in an easily presentable state for students or other people in general who are interested in developing such an API.

From the blog CS@Worcester – Dylan Brown Computer Science by dylanbrowncs and used with permission of the author. All other rights reserved by the author.

Docker is an open source technology which enables the easy use of containers for software development. Steven J. Vaughan-Nichols, in his article “What is Docker and why is it so darn popular?”, writes that “… over 3.5 million applications have been placed in containers using Docker technology and over 37 billion containerized applications have been downloaded.” Needless to say, Docker is quickly becoming industry standard with “… almost 40 percent market-share growth in 12 months.” For anyone looking to get into software development, it is an absolute requirement to learn how to use Docker or something very similar.

Docker containers attempt to copy a virtual machine setup without actually running an entire virtual machine. The main difference is that Docker containers all run on a single operating system instead of emulating multiple different operating systems. This allows for much more efficient usage of resources, and it is estimated that between four and six times as many applications can be run on a Docker system as opposed to the traditional virtual machine setup.

One major reason why Docker is so versatile is that it allows your project to be packaged with all of its requirements on the container; because of this you would not need to pre-install dependencies on each machine you wish to run your application on. This also allows you to run your applications on cloud services very easily; in fact, Docker is specifically tailored to run on cloud services such as Puppet, Chef, Vagrant, and Ansible.

Since Docker is easily integrated on cloud servers this means that it is also easy to emulate a live server build. When a developer wants to test a change on a live server they can simply run a container which is set up in the same way as a live container. These containers can be tested very fast and safely, and it is reported that developers who used this method had “three times lower rate of change failure”.

Personally, I believe Docker is the future of software development. There are many benefits to using Docker with very few drawbacks, if any. Although Docker may take some time to learn and get used to, it most certainly will make developers’ jobs much easier in the long run. I anticipate that Docker will quickly become industry standard due to the many benefits listed above. Docker is a great software which will allow designers to run more applications, on a multitude of different machines, with quick turnaround on updates and fixes.

From the blog CS@Worcester – Ryan Blog by rtrembley and used with permission of the author. All other rights reserved by the author.

REST is an acronym for Representational State Transfer, and is an architectural style for distributed hypermedia systems. There are guide principles and constraints that need to be met for an API to be referred to as “RESTful”. In total, there are six principles/constraints for the REST API. These include Uniform Interface, Client-Server, Stateless, Cacheable, Layered System, and optionally Code on Demand.

Having a uniform interface allows one to simplify the overall system architecture, and helps to improve the visibility of interactions. Within this principle of uniform interfaces, there are four constraints that must also be met to be RESTful. These include identification of resources, where each resource must be uniquely identified, manipulation of resources through representations, so that resources must have a uniform representation in the server response, self descriptive messages, where each resource representation should have enough information to describe how to process the message, and hypermedia as the engine of application state, where the client should only have the initial URI of the application, and the application should drive all other resources and any interactions through the use of hyperlinks.

Client server is much simpler, as it only refers to the separation of concerns, so that the client and server components can evolve independently of each other. This allows one to separate the user interface from the data storage, and allows independent improvement of each without interrupting the other.

Statelessness refers to each request from the client to the server containing all of the necessary information required to completely understand and execute the request. In addition, the server cannot take advantage of any previously stored context information on the server.

Cacheable refers to a response needing to implicitly or explicitly label itself as cacheable or non-cacheable. If a response is marked as cacheable, then the client application can reuse response data later for any equivalent requests to help improve overall performance.

A layered system allows the architecture to be composed of many hierarchical layers by constraining the behavior of the components. For example, each component in a layered system cannot see beyond the layer that they are interacting with.

Lastly, REST optionally allows for client functionality to extend by downloading and executing code in the form of scripts. By downloading this code, this reduces the number of features that are required to be pre-implemented in the server.

Source

I chose the above article because I wanted more information on what it meant for an Application Programming Interface to be “RESTful”. The above article went above and beyond what I could hope to find and provided a lot of information on exactly what it meant for an API to be RESTful. Because of it, I now know exactly what it means for an API to be RESTful.

From the blog CS@Worcester – Erockwood Blog by erockwood and used with permission of the author. All other rights reserved by the author.

Recently, I worked with bash scripts and docker-compose files in order to run a set of containers. While both seemed to be valid ways of running multiple containers in Docker, I wanted to look into docker-compose files further to understand the possible advantages and use cases. A resource that I found quite helpful was The Definitive Guide to Docker compose, a blog post by Gabriel Tanner. Inside, he explains why we should care about Docker-compose and the potential use cases.

Docker Compose

Let us first go over what Docker Compose is. According to the Docker Compose documentation, “Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a YAML file to configure your application’s services. Then, with a single command, you create and start all the services from your configuration.” Instead of listing each docker run command in a script, Compose utilizes a docker-compose.yml file to handle multiple docker containers at once.

Here’s a sample docker-compose.yml file:

You might be able to recognize some of the labels such as image, ports, and volumes. All of which would normally be specified in a docker run command. And as you can see, each individual container is listed under the services tag. The docker command equivalent to run web1 would be something like: docker run -it –name web1 -p 10000:80 -v ${PWD}/web1:/usr/share/nginx/html -d nginx:mainline

Tanner explains that almost every compose file should include:

• The version of the compose file
• The services which will be built
• All used volumes
• The networks which connect the different services

Now that we have a brief understanding of the docker-compose file structure, let’s talk about the use cases for Compose and their benefits.

Portable Development Environments

As opposed to running multiple containers with a separate docker run command, you can simply use docker-compose up to deploy all the containers specified in your docker-compose.yml file. And it is just as easy to stop all of the containers by running docker-compose down. This provides developers the ability to run an application and configure the services all within a single environment. Since the compose file manages all of the dependencies, it is possible to run an application on any machine with Docker installed.

Automated Testing

A beneficial use case of a docker-compose file is with automated testing environments. Compose offers an isolated testing environment that closely resembles your local OS that can easily be created or destroyed.

Single Host Deployments

Compose can be used to deploy and manage multiple containers on a single system. Because applications are maintained in an isolated environment, it is possible to run multiple copies of the same environment on one machine. And when running through Docker Compose, interference between different projects are prevented.

Conclusion

Hopefully this blog post helped you learn more about Docker Compose as much as it helped me. For the most part, docker-compose files make it possible to run multi-container applications with a single command. While researching this topic, I’ve come to believe that docker compose files will be the standard for running applications through Docker if it isn’t already. I’d like to write more about this topic, and I think a blog post going in-depth on the structure of docker-compose files would be useful.

From the blog CS@Worcester – Null Pointer by vrotimmy and used with permission of the author. All other rights reserved by the author.

Resource link: https://flylib.com/books/en/4.444.1.47/1/

This week I decided I wanted to learn more about the different design smells. I understood the definitions from the activities in class, but I wanted to learn more about what exactly each design smell meant, and how to avoid them. I think it’s important to learn about the design smells so that you can know to look out for them when working on a project yourself. This is because accidently implementing one of the design smells into your code could lead to a lot of difficulty and frustration if you ever need to make changes later. For this reason, it is best to actively try and avoid them to ensure that whatever code you write will always be easy to modify and maintain.

This resource sums up exactly what each of the design smells is, why it’s bad, and what the consequences of implementing the design smells are. I liked that it uses practical examples and analogies to make the concepts explained easier to understand. While the concepts may be hard to understand because of how abstract they are, when broken down or applied to a situation everyone knows, it makes it much easier to get a grasp on what is being explained.

The resource breaks down into sections, each describing a different design smell. The first one is rigidity. Rigidity is described as when code is difficult to make even small changes in. This is bad because most often frequently code will need to be modified or changed, and if it’s difficult to even make small changes such as bug fixes, then that’s a very large issue that must be addressed.

The next design smell is fragility. Fragility is almost similar to rigidity in that it makes it difficult to make changes to code, but with fragility it is difficult because the code has a tendency to break when changes are made, whereas with rigidity things don’t necessarily break, but it is designed in such a way to where changes are very difficult to make.

Next, immobility is the design smell where a piece of code is immobile because it could be used elsewhere, but the effort involved in moving the code to where it could be useful is too hard for it to be practical. This is an issue because it means that instead of being able to reuse a piece of code, you have to write completely new code. That means that time is wasted when it could be used for more important changes.

Next, viscosity is the design smell where changes to code could be made in a variety of different ways. This is an issue because it means that time might be wasted deciding on what implementation of a change should be made. Also, disagreements might happen about how a change should be made, meaning that a team won’t be able to work towards the same goal.

The next design smell is needless complexity. Needless complexity is usually when code is added in anticipation of a change that might need to be made in the future. This could lead to bloated code that has many features that aren’t needed or aren’t being used. It is best to add code only when it’s needed to avoid this, and to reduce the overall complexity.

Next, needless repetition is the design smell where sections of code are repeated over and over, rather than being abstracted. This leads to code being hard to change or modify because it has to be changed in many different locations, instead of just one if it were abstracted. This is the benefit of abstraction, that a code modification that changes a lot of how it functions can be changed by altering code in one location.

Finally, opacity is the design smell where code is written in a way that’s hard, or difficult to understand. A piece of code could be considered opaque for a number of reasons, but in general it is when code that is understandable to one person might not be understandable to others. To avoid this, code should be written in a clear and concise manner that is easy to trace and understand, no matter who is working on it.

From the blog CS@Worcester – Alex's Blog by anelson42 and used with permission of the author. All other rights reserved by the author.

[What are Microservices? | IBM]

To prepare for my capstone, I decided to read up on microservices. This article is mainly just describing what they are, but it also mentions some common pitfalls towards the end. I was also interested in exploring criticisms of microservice architecture, but I want to keep the scope of this post short. However, I think it’s a pretty straightforward trade-off, which I will mention in a moment.

Microservice architecture is an architectural approach in which one application is composed of smaller components called services. This is distinct from other forms of software encapsulation because services essentially function as distinct programs, potentially operating on different programming languages, frameworks, and with their own databases. Rather than messages within the same process, services communicate over a network with a shared API.

Services can be updated individually without knowledge of the overall application. Different programming languages can be used for different components to better suit the needs of those components. Individual services can be scaled when necessary, rather than the whole application. This method also demonstrates the quality of “loose coupling,” which is lowering the amount of of dependencies between components as much as possible. The risk of a change to one service introducing problems in other services is still present, but minimized.

In general, this kind of technique basically combats complexity by adding complexity. It isn’t applicable to every situation. It should not be chosen if the overhead of designing the system is significantly more than the overhead of not doing so, which will often be the case for small problems.

For the purpose of the LibreFoodPantry project, microservice architecture is useful. In another scenario, such as one where high performance is a major concern, it may be a problem. If different services are busy sending messages back and forth, it can waste a lot of processor cycles on providing flexibility that isn’t really necessary.

Microservice architecture introduces complexity in communicating between all the services. Different tech stacks being used between different services raises the amount of general knowledge a person needs to be able to understand the whole application.

All this being said, I’m actually looking forward to working on a project using this architecture. The only large project I’ve worked on before was the backend for a school website, which was using a more monolithic approach. We were locked in to one specific language, and what we were doing was often a little inscrutable (although this may be in part because I was a junior in high school). I think that microservice architecture allows for more flexibility in low-level decision making, which will make using it in practice more engaging.

From the blog CS@Worcester – Tom's Blog by Thomas Clifford and used with permission of the author. All other rights reserved by the author.