A Technical I.T./DevOps Blog
Question
VMware makes vRealize Orchestrator and vRealization Automation. How are these products different?
Answer
vRealize Orchestrator does automation (with JavaScript, third party plugins etc.) and vRealize Automation provides a service catalog, governance policies, utilization tracking, networking, security and application services. It almost would have made more sense if they swapped names.
To learn more, see this:
A significant amount of cryptocurrency does not change hands after it is purchased. To read more, see this external posting.
To learn about technology job layoffs, see this external article.
See also this site: https://layoffs.fyi/
Problem scenario
You are running an SSH git command (to interact with GitLab, GitHub or some Git repository), but you get "No such host is known" message. What should you do to troubleshoot this problem?
Possible Solution #1
Use "git clone git@gitserver.acme.com" (instead of "ssh git@gitserver.acme.com"; you need to use the git command first).
Possible Solution #2
Try to ping gitserver.acme.com. If that fails, you may want to proceed with troubleshooting that (e.g., a DNS connection problem, ICMP packets could be blocked, or there is a firewall rule preventing resolution to this server). If the ping works, retype the original git command carefully.
Possible Solution #3
Verify the /etc/hosts file is working correctly. You may want to look at the /etc/resolv.conf file to see if it has an entry for a valid DNS server (such as 8.8.8.8, a common one).
Solution adapted from these postings:
https://stackoverflow.com/questions/9393409/ssh-could-not-resolve-hostname-github-com-name-or-service-not-known-fatal-th
https://kuttler.eu/en/post/git-clone-ssh-could-not-resolve-hostname/
Possible Solution #4
On a non-Windows system, you could do this to get more information:
GIT_CURL_VERBOSE=1 GIT_TRACE=1 git clone ssh://git@gitserver.acme.com:foobarteam/foobar.git
(This was adapted from this atlassian.com website.)
Question
In networking, you have read about latency and jitter. How are the two terms different?
Answer
"Jitter is used to describe the amount of inconsistency in latency across the network, while latency measures the time it takes for data to reach its destination and ultimately make a round trip." Taken from https://www.networkmanagementsoftware.com/jitter-vs-latency/.
Clock jitter can create logging discrepancies; it can make some services not work. Correlating events for post-mortems is easiest when there is no clock jitter.
Latency is merely the start to end time of a given network operation. See this https://www.cloudflare.com/learning/performance/glossary/what-is-latency/ for more information.
Question
In the context of I.T. what is a punch list?
Answer
A set of discrete items for an automation solution (e.g., a script or program) to accomplish. To read more, see https://en.wikipedia.org/wiki/Punch_list#Construction_punch_list_software.
It is merely a checklist that may be codified.
The adoption of open-source software is continually on the rise, thanks to its endless benefits to modern business environments. Most companies, especially startups, prefer open-source databases to reduce the cost and time used for software development. Open-source applications also give businesses a level playing field and the freedom to leverage the latest technology without high upfront costs.
Unfortunately, like other comparable applications, open-source software has security defects. Estimates suggest that over 80% of open source software projects have security vulnerabilities (according to cpomagazine.com).
However, these risks arise not because of open-source code quality but due to several factors surrounding open-source models. Below are common open-source vulnerabilities and how companies can avoid them.
1. Publicity of Vulnerabilities
Open-source projects generally avail code to anybody. Ideally, this enables the open-source community to scrutinize and flag vulnerabilities in source code, allowing project managers to fix issues before revealing vulnerabilities to the public. Unfortunately, such potential exploits are made public through the National Vulnerability Database.
Since anybody can access these exploits, hackers and malicious players can use the publicly availed vulnerabilities to exploit startups and businesses that majorly depend on open-source databases and are slow to patch these risks. A perfect example of such an occurrence was the Equifax breach in 2017.
2. Operational Risks
Operational inefficiencies are another major challenge of relying on an open-source database. Operational issues primarily arise from the failure of project managers and businesses to monitor key open-source components and relevant updates. Updates and new versions are meant to address high-risk vulnerabilities, and delaying can cause issues.
Through constant tracking, businesses can identify abandoned projects in their open-source frameworks. Some open-source projects begin with a lot of active involvement from members of the open-source community before rescinding. If you have such projects in your apps as frameworks or libraries, you should either remove them or assign your developers to fix future vulnerabilities.
3. Developer Malpractices
Some open-source risks also arise from developer malpractices, commonly copy-pasting code from random open-source libraries. This is a pertinent issue because the copied code could contain vulnerabilities. Secondly, there’s no way of tracking updates of code snippets once you’ve pasted them into your database. This makes all projects created from the copied code vulnerable to any attacks that arise in the future.
4. Intellectual Property Issues
More than 200 types of licenses can be used on open-source applications. This includes Apache, MIT, and GPL. Unfortunately, not all licenses are compatible. This means some components of open-source apps with different licenses cannot be bundled together unless you comply with all provisions. Using more components makes it impossible to track license stipulations.
For instance, “Copyleft” clauses in most licenses require project developers to release all applications created with this clause as open-source, making it less attractive for commercial and proprietary software.
While these risks cannot be prevented, project developers can mitigate and secure open-source apps in the following ways:
1. Be part of the Community
Project managers and businesses have the ethical responsibility of contributing to the open-source community. Contributing to the community involves proactively reporting any vulnerabilities and sharing knowledge. Open-source community members should actively share security knowledge throughout the software development life cycle.
2. Inventory Open-source Assets
Inventory of your open-source assets is another prudent method of securing open-source apps. You can only protect software and apps that are identified, accessible, and can be tracked. Therefore, you should maintain an open-source inventory outlining all the open-source products, current versions, and pending updates.
Use the inventory to track the location of project downloads and regularly used projects that contain open-source code. Having a detailed inventory makes it easier to protect open-source code and apps.
3. Track Updates and Warnings
Tracking updates and warnings also help secure open-source products. Maintaining an active connection with open-source communities makes it easy to discover bugs and learn new updates and security patches. You’ll also learn more about general software security and protection. This is beneficial as it helps project managers develop high-quality programs that are efficient, secure, and productive.
4. Use Advanced Security Tools
You should also implement advanced security tools that accurately identify, mitigate, and address potential vulnerabilities in open-source code. Project managers and businesses should constantly look for reliable software development tools and technologies to include in their development pipeline.
For instance, most programming teams leverage software composition analysis solution that integrates security into their workflows. Integrating these tools enables development teams to deliver trusted applications faster. Software Composition Analysis (SCA) tools scan the development pipeline continuously to uncover present zero-day vulnerabilities in open-source products. They also detect suspicious code injections that can cause later catastrophes.
5. Embrace Automation
Embracing automation also actively protects open-source applications. AI-powered automated solutions help startups and development teams with restricted resources manage their open-source security issues effectively. Artificial intelligence help development teams scale, maintain and protect open-source frameworks with minimal human interventions.
Artificial intelligence also boosts productivity, eliminates human error, and simplifies control. Automated resources run automatic security checks, promoting access control and risk mitigation. Some also patch identified vulnerabilities without requiring human intervention.
6. Adopt a Responsible Disclosure Policy
There’s undoubtedly no fully secure system. Vulnerabilities are always present, and development teams should accept that applications might have vulnerabilities and develop a mechanism for third-party reporting. Software providers and development teams should create a responsible disclosure policy, which outlines how security researchers can report bugs.
This can include an incentivized reporting program or a simple way for security experts to disclose threats. Handling vulnerabilities require extensive communication and collaboration. Therefore, you should standardize third-party communication for better reporting.
The Bottom Line
Interestingly, open-source vulnerabilities can last for over four years before detection because most developers prioritize quick software development over writing secure code. Besides, most open-source experiments don’t follow the security protocols of production environments. Nonetheless, the measures listed above can help startups and project managers keep their open-source applications secure.
This article was brought to you by Pure Storage.
As a parent, you want to make sure your child gets a well-rounded education that sets them up for success in adulthood. To better supervise your little one's learning, you may opt to homeschool them. This can be preferable if you live in a public school district that doesn't have a great reputation, for example, and you don't want to pay pricey private school tuition. Read on to discover how you can set up your household for homeschooling success.
Understand the benefits of homeschooling
Homeschooling has many practical advantages. First, you'll have precise oversight over your child's education. You can create a personalized educational experience that fits their needs and interests. Second, you'll be able to spend more quality time with them. Finally, homeschooling offers fantastic flexibility. You can have your classes anywhere and anytime. Learning outside of the classroom can be both beneficial and fun.
Learn about your state's homeschool laws
Before you decide to homeschool your child, beware that there are regulations governing kids' schooling. Some states, like Texas and Oklahoma, are less regulated. Others, like New York, have a lot of rules surrounding homeschooling. For example, New York has state-mandated subjects and assessment requirements you have to fulfill. You also have to notify the state if you plan to homeschool your child. Texas doesn't require this notification.
Set up a space at home that's just for education
If you've decided to homeschool your child, create a space in the home that's just for their education. This will help differentiate school time from play time and can foster concentration and productivity. Oak Meadow has pointers for setting up a homeschool space, like prioritizing comfort and eliminating clutter. Also, make sure to invest in basic school supplies, like notebooks, pens, markers, and more. Feel free to get creative, and add color and personality to this educational space. You want your child to enjoy learning.
Create a homeschool curriculum
Setting up a physical learning space is just half the battle. You also want to prepare a cohesive curriculum for your child's education. First, check your state's laws on mandated subjects. Next, consider what subjects your child will need to master if they plan to go to college or university. This guide to creating a homeschool curriculum can help you get started. For example, you should also consider whether your child has any special needs [1]. For instance, kids with ADD/ADHD may benefit from curricula tailored to these needs.
Take steps to balance homeschooling and your professional life
If you're planning to teach your kids at home while also working, you need to put in some extra preparation. Start by creating a home office that's just for you, and keep it separate from your child's home classroom. This will make it easier to focus. This guide has more tips on how to balance working from home with kids. For example, if you need to concentrate for a work deadline, wear your kids out with some physical exercise first.
Find ways for your homeschooled child to socialize
Homeschooling has a lot of advantages. However, it does have some drawbacks. One disadvantage is that your child won't have as many natural opportunities to socialize and make friends, since they won't be going to school. Rest assured, there are plenty of other chances for kids to connect. Homeschool.com offers some ideas, like taking your little one to the playground or to a dance class.
Homeschooling your child offers distinct advantages. However, it does require some preparation—especially if you're going to balance working from home with schooling. The above guide has some pointers to help you get off on the right foot.
If you want to know what “deschooling” is, see this page; for “unschooling” (which is a sub-type of homeschooling) see this page.
This article was brought to you by raisethemwell.org.
Question
There are many different components to weightlifting. What is the most important item for weight training?
Answer
The shoes (according to page 68 of Starting Strength, and this posting).
Running shoes are not ideal for weightlifting (according to page 68 of Starting Strength).
You may want to buy weightlifting shoes from Amazon (as many shoe stores do not carry them to allow you to try them on first).
Squats and deadlifts are extremely benefited by weightlifting shoes compared to running shoes. We highly recommend you try weightlifting shoes for deadlifts and squats.
Question
Windows is to DLL as Unix is to what?
a. /etc/ configuration file
b. SO file
c. /tmp/ file
d. /bin/ file
e. None of the above.
Answer B. SO file. Source: Page 345 of Continuous Delivery by Humble and Farley.