Serverless is a relatively novel concept and cloud architectural model but has been advancing very quickly over the past 5 years. In this article, we’ve compiled a list of recent changes that are likely to shape how development teams use serverless in practice.
In this article, we’ll be heavily focusing on AWS serverless services. The cloud provider has been investing heavily in the advancement of serverless. Many of the factors behind the trends we see are affected by this.
Multiple vulnerabilities in the Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker.
The Citrix products (formerly known as NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at least 80,000 companies in 158 countries, according to a December assessment from Positive Technologies.
Other flaws announced Tuesday also affect Citrix SD-WAN WANOP appliances, models 4000-WO, 4100-WO, 5000-WO and 5100-WO.
Attacks on the management interface of the products could result in system compromise by an unauthenticated user on the management network; or system compromise through cross-site scripting (XSS). Attackers could also create a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, could result in the compromise of a local computer.
“Customers who have configured their systems in accordance with Citrix recommendations [i.e., to have this interface separated from the network and protected by a firewall] have significantly reduced their risk from attacks to the management interface,” according to the vendor.
Threat actors could also mount attacks on Virtual IPs (VIPs). VIPs, among other things, are used to provide users with a unique IP address for communicating with network resources for applications that do not allow multiple connections or users from the same IP address.
The VIP attacks include denial of service against either the Gateway or Authentication virtual servers by an unauthenticated user; or remote port scanning of the internal network by an authenticated Citrix Gateway user.
“Attackers can only discern whether a TLS connection is possible with the port and cannot communicate further with the end devices,” according to the critical Citrix advisory. “Customers who have not enabled either the Gateway or Authentication virtual servers are not at risk from attacks that are applicable to those servers. Other virtual servers e.g. load balancing and content switching virtual servers are not affected by these issues.”
A final vulnerability has been found in Citrix Gateway Plug-in for Linux that would allow a local logged-on user of a Linux system with that plug-in installed to elevate their privileges to an administrator account on that computer, the company said.
#vulnerabilities #adc #citrix #code injection #critical advisory #cve-2020-8187 #cve-2020-8190 #cve-2020-8191 #cve-2020-8193 #cve-2020-8194 #cve-2020-8195 #cve-2020-8196 #cve-2020-8197 #cve-2020-8198 #cve-2020-8199 #denial of service #gateway #information disclosure #patches #security advisory #security bugs
Happy Serverless September 2020! We at Coding Sans love working with serverless technology. This is why we decided to publish a report with the latest serverless trends this year. We partnered up with nine other companies who share our love to make it happen.
The idea was to gather insight from the community into the current serverless trends and to learn how others implement this technology. The excitement of the community and our partners exceeded our expectations.
We owe a big thank you to every participant who shared their insight with us, so we can in turn pass it on to you.
This blog post highlights 5exciting serverless trends, but it’s only a taste of all the data we’ve compiled.
Or take a deep dive, and download the full State of Serverless 2020 report to get data on all the 20+ serverless trends we’ve researched. It contains the most popular frameworks, FaaS products, container services, tooling, cloud security, and much more.
In this blog post, we cover the following:
These numbers speak for themselves. Amazon Web Services is miles ahead of everyone else in popularity among cloud providers. Google Cloud Functions and Microsoft Azure Functions have asserted a significant lead over the rest of the field, but they may not be out of reach just yet.
#serverless #nodejs #aws #cloud-computing #cloudservices #serverless-adoption #serverless-architecture #serverless-top-story
Serverless M (or Serverless Modular) is a plugin for the serverless framework. This plugins helps you in managing multiple serverless projects with a single serverless.yml file. This plugin gives you a super charged CLI options that you can use to create new features, build them in a single file and deploy them all in parallel
Currently this plugin is tested for the below stack only
Make sure you have the serverless CLI installed
# Install serverless globally $ npm install serverless -g
To start the serverless modular project locally you can either start with es5 or es6 templates or add it as a plugin
# Step 1. Download the template $ sls create --template-url https://github.com/aa2kb/serverless-modular/tree/master/template/modular-es6 --path myModularService # Step 2. Change directory $ cd myModularService # Step 3. Create a package.json file $ npm init # Step 3. Install dependencies $ npm i serverless-modular serverless-webpack webpack --save-dev
# Step 1. Download the template $ sls create --template-url https://github.com/aa2kb/serverless-modular/tree/master/template/modular-es5 --path myModularService # Step 2. Change directory $ cd myModularService # Step 3. Create a package.json file $ npm init # Step 3. Install dependencies $ npm i serverless-modular --save-dev
If you dont want to use the templates above you can just add in your existing project
plugins: - serverless-modular
Now you are all done to start building your serverless modular functions
The serverless CLI can be accessed by
# Serverless Modular CLI $ serverless modular # shorthand $ sls m
Serverless Modular CLI is based on 4 main commands
sls m init
sls m feature
sls m function
sls m build
sls m deploy
sls m init
The serverless init command helps in creating a basic
.gitignore that is useful for serverless modular.
.gitignore for serverless modular looks like this
#node_modules node_modules #sm main functions sm.functions.yml #serverless file generated by build src/**/serverless.yml #main serverless directories generated for sls deploy .serverless #feature serverless directories generated sls deploy src/**/.serverless #serverless logs file generated for main sls deploy .sm.log #serverless logs file generated for feature sls deploy src/**/.sm.log #Webpack config copied in each feature src/**/webpack.config.js
The feature command helps in building new features for your project
This command comes with three options
--name: Specify the name you want for your feature
--remove: set value to true if you want to remove the feature
--basePath: Specify the basepath you want for your feature, this base path should be unique for all features. helps in running offline with offline plugin and for API Gateway
|--basePath||-p||❎||string||same as name|
Creating a basic feature
# Creating a jedi feature $ sls m feature -n jedi
Creating a feature with different base path
# A feature with different base path $ sls m feature -n jedi -p tatooine
Deleting a feature
# Anakin is going to delete the jedi feature $ sls m feature -n jedi -r true
The function command helps in adding new function to a feature
This command comes with four options
--name: Specify the name you want for your function
--feature: Specify the name of the existing feature
--path: Specify the path for HTTP endpoint helps in running offline with offline plugin and for API Gateway
--method: Specify the path for HTTP method helps in running offline with offline plugin and for API Gateway
|--path||-p||❎||string||same as name|
Creating a basic function
# Creating a cloak function for jedi feature $ sls m function -n cloak -f jedi
Creating a basic function with different path and method
# Creating a cloak function for jedi feature with custom path and HTTP method $ sls m function -n cloak -f jedi -p powers -m POST
The build command helps in building the project for local or global scope
This command comes with four options
--scope: Specify the scope of the build, use this with "--feature" tag
--feature: Specify the name of the existing feature you want to build
Saving build Config in serverless.yml
You can also save config in serverless.yml file
custom: smConfig: build: scope: local
all feature build (local scope)
# Building all local features $ sls m build
Single feature build (local scope)
# Building a single feature $ sls m build -f jedi -s local
All features build global scope
# Building all features with global scope $ sls m build -s global
The deploy command helps in deploying serverless projects to AWS (it uses
sls deploy command)
This command comes with four options
--sm-parallel: Specify if you want to deploy parallel (will only run in parallel when doing multiple deployments)
--sm-scope: Specify if you want to deploy local features or global
--sm-features: Specify the local features you want to deploy (comma separated if multiple)
Saving deploy Config in serverless.yml
You can also save config in serverless.yml file
custom: smConfig: deploy: scope: local parallel: true ignoreBuild: true
Deploy all features locally
# deploy all local features $ sls m deploy
Deploy all features globally
# deploy all global features $ sls m deploy --sm-scope global
Deploy single feature
# deploy all global features $ sls m deploy --sm-features jedi
Deploy Multiple features
# deploy all global features $ sls m deploy --sm-features jedi,sith,dark_side
Deploy Multiple features in sequence
# deploy all global features $ sls m deploy --sm-features jedi,sith,dark_side --sm-parallel false
Source Code: https://github.com/aa2kb/serverless-modular
License: MIT license
We love creating artworks. We’ve been doing it since the early ages be it the cave paintings in Altamira or Ajanta, we have an innate desire to express and depict the world as we see it. Illustrations, on the other hand, are more than just expressions, they serve as a way to communicate to a much larger audience using a familiar visual language. In a digital age, illustrations are a powerful tool to visually express a piece of text, to empathize with the user, to simplify complex processes and even to bring delight.
Illustrations also help in building the personality of a brand and provide them with a much friendlier outlook that’s approachable and professional at the same time. We see them all around us whether it is the quirky and funny Google doodles or the friendly line drawings of mail chimp.
With each passing year, we see new illustration trends emerging as the old ones slowly fade away, here we are looking at the latest illustration trends in 2020 to keep you updated.
Every surface around us has some texture to it, just by looking at it we can tell whether it is smooth, rough, bumpy or slimy. Like textures add another level of detail to our surrounding, they add depth and details to an illustration as well. Textured illustrations are all the rage in 2020, with artists experimenting with various organic and inorganic textures. Availability of digital textured brushes has made it easier for everyone to try them in their work. We are loving this trend and using textures in many of our work, we encourage you to look for textures around yourself, who knows you might end up using one in your own work!
Designers these days are notably enthusiastic towards the saying ‘less is more’ and flat illustrations hold true to that saying. The idea is to work in constraints. Flat illustrations make use of restricted color palette to give maximum visual information to the viewer. Think of it like seeing the world around you in only 3 colors. Flat illustrations are a minimal representation that gels really well with the user interface and help you to make good use of the negative space. Next time you are making something, set constraints and see what you can come up with.
#ui-design #ui-ux-designing-trends-2020 #design-trends #illustration #ux-design-trends #ux #product #2020
In the past few years, especially after Amazon Web Services (AWS) introduced its Lambda platform, serverless architecture became the business realm’s buzzword. The increasing popularity of serverless applications saw market leaders like Netflix, Airbnb, Nike, etc., adopting the serverless architecture to handle their backend functions better. Moreover, serverless architecture’s market size is expected to reach a whopping $9.17 billion by the year 2023.
Why use serverless computing?
As a business it is best to approach a professional mobile app development company to build apps that are deployed on various servers; nevertheless, businesses should understand that the benefits of the serverless applications lie in the possibility it promises ideal business implementations and not in the hype created by cloud vendors. With the serverless architecture, the developers can easily code arbitrary codes on-demand without worrying about the underlying hardware.
But as is the case with all game-changing trends, many businesses opt for serverless applications just for the sake of being up-to-date with their peers without thinking about the actual need of their business.
The serverless applications work well with stateless use cases, the cases which execute cleanly and give the next operation in a sequence. On the other hand, the serverless architecture is not fit for predictable applications where there is a lot of reading and writing in the backend system.
Another benefit of working with the serverless software architecture is that the third-party service provider will charge based on the total number of requests. As the number of requests increases, the charge is bound to increase, but then it will cost significantly less than a dedicated IT infrastructure.
Defining serverless software architecture
In serverless software architecture, the application logic is implemented in an environment where operating systems, servers, or virtual machines are not visible. Although where the application logic is executed is running on any operating system which uses physical servers. But the difference here is that managing the infrastructure is the soul of the service provider and the mobile app developer focuses only on writing the codes.
There are two different approaches when it comes to serverless applications. They are
Backend as a service (BaaS)
Function as a service (FaaS)
Moreover, other examples of third-party services are Autho, AWS Cognito (authentication as a service), Amazon Kinesis, Keen IO (analytics as a service), and many more.
FaaS serverless architecture is majorly used with microservices architecture as it renders everything to the organization. AWS Lambda, Google Cloud functions, etc., are some of the examples of FaaS implementation.
Pros of Serverless applications
There are specific ways in which serverless applications can redefine the way business is done in the modern age and has some distinct advantages over the traditional could platforms. Here are a few –
🔹 Highly Scalable
The flexible nature of the serverless architecture makes it ideal for scaling the applications. The serverless application’s benefit is that it allows the vendor to run each of the functions in separate containers, allowing optimizing them automatically and effectively. Moreover, unlike in the traditional cloud, one doesn’t need to purchase a certain number of resources in serverless applications and can be as flexible as possible.
As the organizations don’t need to spend hundreds and thousands of dollars on hardware, they don’t need to pay anything to the engineers to maintain the hardware. The serverless application’s pricing model is execution based as the organization is charged according to the executions they have made.
The company that uses the serverless applications is allotted a specific amount of time, and the pricing of the execution depends on the memory required. Different types of costs like presence detection, access authorization, image processing, etc., associated with a physical or virtual server is completely eliminated with the serverless applications.
🔹 Focuses on user experience
As the companies don’t always think about maintaining the servers, it allows them to focus on more productive things like developing and improving customer service features. A recent survey says that about 56% of the users are either using or planning to use the serverless applications in the coming six months.
Moreover, as the companies would save money with serverless apps as they don’t have to maintain any hardware system, it can be then utilized to enhance the level of customer service and features of the apps.
🔹 Ease of migration
It is easy to get started with serverless applications by porting individual features and operate them as on-demand events. For example, in a CMS, a video plugin requires transcoding video for different formats and bitrates. If the organization wished to do this with a WordPress server, it might not be a good fit as it would require resources dedicated to serving pages rather than encoding the video.
Moreover, the benefits of serverless applications can be used optimally to handle metadata encoding and creation. Similarly, serverless apps can be used in other plugins that are often prone to critical vulnerabilities.
Cons of serverless applications
Despite having some clear benefits, serverless applications are not specific for every single use case. We have listed the top things that an organization should keep in mind while opting for serverless applications.
🔹 Complete dependence on third-party vendor
In the realm of serverless applications, the third-party vendor is the king, and the organizations have no options but to play according to their rules. For example, if an application is set in Lambda, it is not easy to port it into Azure. The same is the case for coding languages. In present times, only Python developers and Node.js developers have the luxury to choose between existing serverless options.
Therefore, if you are planning to consider serverless applications for your next project, make sure that your vendor has everything needed to complete the project.
🔹 Challenges in debugging with traditional tools
It isn’t easy to perform debugging, especially for large enterprise applications that include various individual functions. Serverless applications use traditional tools and thus provide no option to attach a debugger in the public cloud. The organization can either do the debugging process locally or use logging for the same purpose. In addition to this, the DevOps tools in the serverless application do not support the idea of quickly deploying small bits of codes into running applications.
#serverless-application #serverless #serverless-computing #serverless-architeture #serverless-application-prosand-cons