Category Archives: Programming

Learning to Program

14 Thursday Jan 2016

Posted by in Development, Programming, Uncategorized

3 Comments

Tags

, , ,

CodeIf one of your new years resolutions is to learn how to program? If not why should you consider to learn to program and add it to your list? As businesses become more focused on  Cloud, DevOps/OpsDev, aaS (as a Service) or SDnn (Software Defined) a knowledge of programming and a language will help you understand these advancements, services and technologies, as well as allowing you to participate in their delivery.

Here are some good resources to help you:

A good book resource on how to program can be found on Gthub at https://github.com/braydie/HowToBeAProgrammer

The site covers the following topics:

Contents

  1. Beginner
    • Personal Skills
      • Learn to Debug
      • How to Debug by Splitting the Problem Space
      • How to Remove an Error
      • How to Debug Using a Log
      • How to Understand Performance Problems
      • How to Fix Performance Problems
      • How to Optimize Loops
      • How to Deal with I/O Expense
      • How to Manage Memory
      • How to Deal with Intermittent Bugs
      • How to Learn Design Skills
      • How to Conduct Experiments
    • Team Skills
      • Why Estimation is Important
      • How to Estimate Programming Time
      • How to Find Out Information
      • How to Utilize People as Information Sources
      • How to Document Wisely
      • How to Work with Poor Code
      • How to Use Source Code Control
      • How to Unit Test
      • Take Breaks when Stumped
      • How to Recognize When to Go Home
      • How to Deal with Difficult People
  2. Intermediate
    • Personal Skills
      • How to Stay Motivated
      • How to be Widely Trusted
      • How to Tradeoff Time vs. Space
      • How to Stress Test
      • How to Balance Brevity and Abstraction
      • How to Learn New Skills
      • Learn to Type
      • How to Do Integration Testing
      • Communication Languages
      • Heavy Tools
      • How to analyze data
    • Team Skills
      • How to Manage Development Time
      • How to Manage Third-Party Software Risks
      • How to Manage Consultants
      • How to Communicate the Right Amount
      • How to Disagree Honestly and Get Away with It
    • Judgment
      • How to Tradeoff Quality Against Development Time
      • How to Manage Software System Dependence
      • How to Decide if Software is Too Immature
      • How to Make a Buy vs. Build Decision
      • How to Grow Professionally
      • How to Evaluate Interviewees
      • How to Know When to Apply Fancy Computer Science
      • How to Talk to Non-Engineers
  3. Advanced
    • Technological Judgment
      • How to Tell the Hard From the Impossible
      • How to Utilize Embedded Languages
      • Choosing Languages
    • Compromising Wisely
      • How to Fight Schedule Pressure
      • How to Understand the User
      • How to Get a Promotion
    • Serving Your Team
      • How to Develop Talent
      • How to Choose What to Work On
      • How to Get the Most From Your Team-mates
      • How to Divide Problems Up
      • How to Handle Boring Tasks
      • How to Gather Support for a Project
      • How to Grow a System
      • How to Communicate Well
      • How to Tell People Things They Don’t Want to Hear
      • How to Deal with Managerial Myths
      • How to Deal with Organizational Chaos

 

List of useful books on GitHub on programming:

If you are now wondering which language to base your learning on this post may help

There are lots of online courses available to help you learn – alot are free

8 Free “For Dummies” books you should read in 2016

12 Tuesday Jan 2016

Posted by in Architecture, Cloud, Development, DevOps/OpsDev, Enterprise Architecture, Innovation, Programming, Security

Leave a comment

Tags

, , , , , , , ,

There has been a lot of the free smaller versions of the “For Dummies” books published recently. These are normally sponsored by a company to help promote a way of thinking/product/etc, however they do contain useful overviews and information on the subject that they are presenting on.

Here are my top 8 of these which should be on your reading list for the start of 2016. All are downloadable in PDF format*.

Agile for Dummies

API for Dummies

DevOps for Dummies

Micro-segmentation for Dummies

Next Generation Endpoint Security for Dummies

Software Defined Data Centres for Dummies

Software Defined Networking for Dummies

Software Defined Storage for Dummies

*You may need to sign up to receive some of these books.

Manual tasks of today should be the Automated tasks of tomorrow

11 Monday Jan 2016

Posted by in Architecture, Development, DevOps/OpsDev, Innovation, Open Source, Productivity, Programming, Tools

10 Comments

Tags

, , , , ,

“Manual tasks of today should be the Automated tasks of tomorrow”.

CogsThere are lots of Automation tools available to people and businesses today to automate tasks that are carried out in a manual way. The pace at which this is happening is varying based on Habits and Patterns that we use on a daily basis. Also because change is involved which sometimes causes its own set of anxieties and issues.

Back in 2012 Bruno Oliveir published a graph on G+ on Geeks and repetitive tasks, which, shows a view of time vs task and how as geek vs non geek might approach automation.

geeks-vs-nongeeks-repetitive-tasks

An alternative view was published by Jon Udell in 2012 – Another way to think about geeks and repetitive tasks which shows an alternative view adding in more steps to show repetition.

alternate-view-of-automation

xkcd has an interesting view on the subject that does ring true in some cases where something does not exist and needs to be created in order to Automate.

automation

You need to be careful that in spending lots of time in trying to automate a task, that you don’t may spend more time in developing automation than could have been spent actually doing the task.

To get over this an element that is missing from these graphs is reuse and blueprints/patterns. The chances are that someone else has had a go at doing what your about to automate so there may be something to reuse rather than developing something yourself.

There are lots of tools and code repositories available today with more being developed. It will depend upon what you are automating as what to use.

Some of the tools available include;

There are too many to list – lots of others available.

Using an Agile approach as well may reduce the length of the task size line on the graph as you do not need to boil the ocean to automate. Break up tasks into their components and you may find it easier to automate.

These tools are also bringing the geek and non geek lines together as Application’s and API’s make it easier for automation to be implemented. The plot of the graph changes into a repeatable process and in effect becomes a loop for both the geeks and non geeks.

Automate

So what will you automate today?

 

 

An A-Z Guide to being an Architect

07 Thursday Jan 2016

Posted by in Architecture, Big Data, Cloud, Development, DevOps/OpsDev, Enterprise Architecture, Governance, Innovation, IoT, Open Source, Productivity, Programming, Security, Social Media, Tools

Leave a comment

Tags

, , , , , , , , , , , , , ,

Back in 2008 Microsoft published An A-Z Guide to ABCBeing an Architect in their Architecture Journals.

Here is my take on an updated A to Z Guide to being an Architect. A couple of these may be similar.

A – Architect

Having the right level of skills as an Architect or engaging an Architect with the right level of skills will depend on the work needing to be undertaken. There are several types of Architect with some specialising in certain areas and others being multi domain skilled. The list below covers some of the different types of Architect- this is not an exhaustive list:

B – Blueprints

Following Blueprints and Patterns either published by vendors (such as the Microsoft Blueprints) or developed internally around your products and services will ensure repeat-ability and cost control around the design process.

Some examples showing different pattern types can be found at Architecture Patterns

C – Contextual Web Era

The up and coming 4th Platform area is the Contextual Web Era

  • 1st Platform – Mainframe Era
  • 2nd Platform – Client Server Era
  • 3rd Platform – Cloud Era
  • 4th Platform – Contextual Web Era

This is an up and coming era with lots of new innovation and developments. Keeping up with developments is key going forward for any architect to understand designs/solutions, art of the possible now and future, innovation and for developing roadmaps for solutions.

D – DevOps

To quote Wikipedia – “DevOps (a clipped compound of “development” and “operations”) is a culture, movement or practice that emphasizes the collaboration and communication of both software developers and other information-technology (IT) professionals while automating the process of software delivery and infrastructure changes”. Having knowledge of DevOps, OpsDev and Agile assist with Architecting a solution for a business understanding their practices and modes of interacting with technology to meet business requirements. A Good book on the subject of DevOps is “The Phoenix Project” by Gene Kim.

E – Enterprise Architecture

EA (Enterprise Architecture) is a blueprint that defines how a business can meet its objectives and strategy. This is achieved by conducting analysis, design, planning, recommendations and implementations through an Enterprise Architecture Framework

Enterprise Architecture Wikibook

F – Four Two Zero One Zero

42010 is the ISO Standard that most frameworks adhere to. Working to a Framework brings structure to your designs and life cycles.

There are a number of frame works available such as:

  • DoDAF
  • MoDAF
  • TOGAF
  • Zachman
  • Other Frameworks are available

Enterprise Architecture Wikipedia Book

G – Governance

Governance is an important part of architecture as it

  • Ensures Conformance
  • Controls Variance
  • Maintains Vitality
  • Enables Communication
  • Sets Direction
  • Issue Resolution
  • Provides Guidance and Prioritisation
  • Promotes Best Practise
  • Minimises Risk
  • Protects IT environments from tactical IT changes, project solutions, and strategic proposals that are not in an organisations global best interest
  • Controlling Technical Diversity, Over-Engineering and Unnecessary Complexity
  • Ensures projects can proceed quickly & efficiently
  • Control over IT spend
  • Quality Standards
  • Efficient and optimal use of resources and increase the effectiveness of IT processes

H – Hands On

It is important to be current and understand the technologies you are architecting. There are lots of options available to get your hands dirty using technology from using Cloud Servers to virtual machines on your compute device. There are other computing devices such as the Raspberry PI that provide a cheap alternative to standing up small farms to learn on.

I – IoT

IoT (Internet of Things) is where physical things are connected by the internet using embedded sensors, software, networks and electronics. This allows the items to be managed, controlled and reported on. My blog posts on IoT Device Security Considerations and Security Layers goes into more detail on this subject.

J – Juxtaposition

Juxtaposition is something an architect should be doing to compare things/items/artefacts etc.
noun;
1. an act or instance of placing close together or side by side, especially for comparison or contrast.
2.the state of being close together or side by side.

Source:http://dictionary.reference.com/browse/juxtaposition

K – Knowledge

I would class Skills with Knowledge. It is important as an Architect to ensure that your skills/knowledge are up to date and where you are unsure of a technology, you have a plan to address and skill up. Build a good CPD (Continuing Professional Development) plan and work towards completing it.

L – Language

With the move to cloud it is important to ensure your scripting skills are up to date as most cloud platforms use scripting to assist with the deployment of environments. This is also true of other DevOps/OpsDev applications. If you are unsure on what to learn this guide may help you – Learn a Programming Language – But which one?

M -Micro Segmentation

Micro Segmentation allows a business to use Networks, Compute and Storage to automate and deliver complex solutions by carving up and using the infrastructure. This segments part of the infrastructures to specific functions/tasks. It can also be used in a security context to segment networks, firewalls, compute and storage to increase security and reduce cyber attacks.  VMware have produced a book “Micro Segmentation for Dummies” that can be downloaded from here.

N – Next Generation

Next Generation refers to the next stage or development to something such as a new release of hardware or software. Next Generation is becoming a common term now to define products and artefacts, an example being Next Generation Firewalls.

O – Open Source

Open Source has been available for a long time with software such a Linux, however there is a bigger shift towards using Open Source and acceptance by businesses. Some examples of Open Source that is now mainstream within business include;

  • Ansible
  • Chef
  • Docker
  • Puppet

P – Performance

Performance can cover people as well as solutions / systems. Performance metrics should be set out at the inception of an engagement then monitored and reported on. This will be a factor in driving Continuous Improvement going forward as well as forecasting / planning for future upgrades and expansion.

Q – Quality

Quality is a huge subject and has a lot if standards governing it and how it affects all aspects of business and architecture. Knowing which standards and how they affect a solution will assist in the whole architecture lifecycle. There are also a number of tools available to help you;

  • Architecture Frameworks
  • ITIL
  • Six Sigma

There is also a level of pride and satisfaction in producing a quality solution and system achieving the objectives and requirements set out by the business.

R- Roadmap

Any architecture/solution should have a roadmap to set out its future. Roadmaps should include items such as:

  • Current state
  • Future state
  • Innovation
  • Upgrades / Releases
  • New Features / Functions
  • End of Life / Replacement

S – SMAC

SMAC stands for Social, Mobile, Analytics, Cloud. SMAC is an acronym that covers the areas and concepts when these four technologies are brought together to drive innovation in business. A good description of SMAC written by a colleague can be found here Acronyms SMAC.

T – Transformation

The majority, if not all systems will undergo a form of transformation. This may be in the form of a simple upgrade or to a complex redesign and migration to something else.

U – UX

UX (User eXperience) affects how people interact with your architecture / design and how they feel about it (emotions and attitudes). With the boom in apps and the nearing Contextual Web Era, UX is one of the most important factors to getting an architecture used. If your users don’t like the system they may find something else to use that they like.

V – Vision

Understanding the vision of your customer and their business is the driving factor for any architecture.

On working with your customer you should look to become a Trusted Advisor and also with your colleagues. A great book on the subject is The Trusted Advisor by David Maister. The book covers 3 main areas which discusses perspectives on trust, the structure of trust building and putting trust to work.

W – WWW

The internet is a key delivery mechanism for systems. Knowing how this works and key components to the internet should be understood such as:

  • IPV4 – IPV6
  • DNS
  • Routing
  • Connectivity
  • Security

X – X86

X86 – is a standard that every knows as its one of the most common platform types available.

Y – Year

Year is for the longevity of the solution you are designing. How many years are your expecting it to last What are the Business Requirements, statutory obligations, depreciation etc that need to be planned in. Consider things like End of Life, Maintenance and Upgrades on hardware and software from a solution point of view.

Z – Zero Defects

The best solution is the one with zero defects, but reaching this goal can be a challenge and can also consume a lot of expense. The best way to ensure Zero Defects is to use:

  • Best Practice
  • Reference Architectures
  • Blueprints/Patterns
  • Checklists
  • Reuse
  • Lessons Learnt

This is my current A to Z and some of the entries may be different in your version so “What is in your A to Z of being an Architect?”

I will look to write some further blog posts on the areas listed in this A to Z

IoT Device Security Considerations and Security Layers – User Interface

11 Wednesday Nov 2015

Posted by in Architecture, IoT, Programming, Security

4 Comments

Tags

, , ,

ThingsThe next area in my series on IoT Device Security Considerations and Security Layers is the User Interface.

Many IoT solutions may just have a standard Web interface to a back end system where IoT Devices and Sensors can be controlled. There is already a lot of documentation on good practices for the Web front end.

In some cases the User Interface may be on the IoT device or not delivered over a Web interface. In these cases many of the good practices for Web front ends can still be applied.

Here are a few of the main considerations:

User Interface

User experience is key to any system, however security is as well. When designing your User Interface you should consider the functionality needed to what the user requirements are, keeping the design slick reduces options for hackers to exploit.

Following good code practices and testing will help in this area.

Identification and Authentication

Most applications these days requires a form of log on and password to links into another system for identification such as AD, LDAP or SSO (Single Sign On).

Ensuring that a strong password policy is in place with rules such as:

  • At least 8 characters long
  • Includes alphanumeric characters
  • Different from previous password
  • No complete words
  • At least 1 upper case character
  • At least 1 lower case character
  • At least 1 number
  • At least 1 special character

Some of these rules will depend if you are authenticating against an existing directory system and its current policies. you should consider changing them if they are not secure.

This in turn allows for the authentication of users against other methods such as a 2 factor.

User Interface

Error Messages

Firstly ensuring that the application and interface have good error handling to reduce the number of messages that the user sees should something unexpected happen.

Secondly having simple well defined error messages reduces exposure of what systems you are running or the type of code that can appear in some errors.

Some further reading:

Q. What does Dr Who and Star Wars have in common? A. Teaching young people to code.

09 Monday Nov 2015

Posted by in Development, Programming

Leave a comment

Tags

, , ,

Earlier this year I wrote a blog post on how the BBC were using their DR Who characters to help teach young people how to code whilst playing a game to get a Dalek through a series of puzzles. Doctor Who: Friendly Dalek teaches you to code

Now Disney and Code.org have joined in, to engage young people to move from playing games to creating games.

This time instead of controlling a Dalek you can control BB8 around some puzzles.

These interactive tutorials will appeal to anyone looking to learn coding and a great way to introduce young people into learning whilst gaming.

There are some similarities between then the two versions and moving a character around the screen. The Dr Who version uses the Characters of the show to explain what you need to do whilst the Star Wars version uses videos of one of the films developers to talk through what the tasks involve.

Screenshot of the interface to control BB8 – source/credit: Code.org/Disney

bb8

Screenshot of the interface to control a Dalek – source/credit: BBC

Dr Who Game Screeshot 1

Which Sci-Fi universe will you choose to help you learn?

All we need now is a Star Trek version…….

IoT Device Security Considerations and Security Layers – Device/Application API’s

09 Monday Nov 2015

Posted by in Architecture, IoT, Programming, Security

4 Comments

Tags

, , ,

ThingsFurthering my series on “IoT Device Security Considerations and Security Layers” next in the stack is the Device/Application API’s.

API’s (Application Programming Interface) provide a capability to easily interact with a system. This could be an API to an IoT Sensor that a server application could use to get information from through using a set of common libraries and functions.

IoT API

APIs often come in the form of a library that includes specifications for routines, data structures, object classes, and variables. In other cases, notably SOAP and REST services, an API is simply a specification of remote calls exposed to the API consumers.
-Wikipedia

There are a number of steps you can take to secure your API’s:

Standards

Follow any standards/security standards available for the systems you are working with. As discussed in previous blog posts standards for the IoT is one area that is still being defined.

Libraries

Installing only the API’s/libraries you need for your application/IoT Device/IoT Sensor (or un-installing any unused API’s/libraries) 

Secure Messaging

Where feasible using Secure Messaging using a level of authentication ensures that the API is communicating and operating with the right system. This ensures that the IoT Device/Sensor can only interface with the correct system and not accept any rogue requests.

Error Handling

An API should be able to understand what to do when it detects an error condition and what to do when it cant. This is important so false instructions/data cannot be sent to the API to make it fail and then be open to attack.

Patching

Using the most up to date version of the API’s/libraries will ensure any bugs or issues have been removed reducing any exposure to attacks that hit known issues. employing a regular patching capability where possible maintains a level of security. It may not be possible to update IoT Devices/Sensors that are embedded, however any server side API’s/libraries should be up to date. This will however increase compatibility testing with the IoT Devices/Sensors to ensure the interfaces still work.

Further Reading

OWASP REST Security Cheat Sheet

IoT Device Security Considerations and Security Layers – Applications

02 Monday Nov 2015

Posted by in IoT, Programming, Security

4 Comments

Tags

, , ,

Continuing further my series on “IoT Device Security Considerations and Security Layers” next in the stack is the Application.

The level of Security that is put into the application on an IoT Device will depend upon several factors:

  • Hardware PlatformThings
  • Operating System
  • Programming Language
  • Standards followed
  • Level of Skill of developer
  • Security Testing

Hardware Platform

The hardware platform becomes a factor when the application makes use of any special features that are present on the device. This is ideal for applications that are written to use on bespoke devices such as sensors for specific tasks, but does not allow wider use without modification and different versions being developed.

There are a lot of modular kits available that utilise standard libraries of code that make it easier for those starting out, but the level of security will depend upon those used.

Operating System

In a similar way to the using specific hardware and programming for it, similar things can be accomplished using features of the operating system. Again ideal for bespoke platforms and devices, but not for generic apps.

So the first choice you need to make when looking to secure your application – Is it a Generic or Specific application and what elements of the Hardware and Operating System are you going to utilise.

Programming Language

There are lots of Programming Languages that can be used to create applications for the Internet of Things.

Redmonk carried out some research in June 2015 and ranked the most popular Programming Language’s. Some of the popular languages that are used current in IoT Development are:

  • JavaScript
  • Java
  • Python
  • C
  • C++
  • Go
  • Rust

There are lots of Languages available that can be used to programme for the IoT. The choice of Language used will vary based on the Hardware and Operating System used and the functionality required for the application provided by the Language.

Standards

There are a number of standards and frameworks are available for Application Security with general standard practices and some more specific depending upon the type of application being developed.  Others come down to good practice, experience and the Software Development Life-Cycle used.

Application Standards are well developed and defined. IoT Standards are being discussed and developed.

IoT Standards by Max Hemingway

Security Testing

Security Testing will be key to ensuring the developed application is secure. Applications and IoT Devices should be routinely security tested during development and after to ensure vulnerabilities are addressed.

OWASP (Open Web Application Security Project) lists the top 10 IoT Security vulnerabilities as:

The OWASP site also has a good set of Security Guidance for Manufacturers, Developers and Consumers setting out IoT Recommendations for each of the above areas.

If you want to learn a programming language but are not sure which one have a look at my blog on “Learn a Programming Language – But which one?

Think about what you Git on the Hub

29 Wednesday Jul 2015

Posted by in Development, DevOps/OpsDev, Open Source, Programming

Leave a comment

Tags

, , , , ,

GithubGitHub is a popular repository for developers and users to leave copies of code and information that can be shared with others in an Open Source manner.

However as a recent article highlights (1 in 600 Top Websites Dangerously Exposed) some of the data stored in GitHub without any security enabled may expose a business to issues and security risks.

There are two types of repos available on GitHub*

Public repositories are a great choice for getting started! They’re visible to any user on GitHub, so you can benefit from a collaborative community.

Private repositories require a little more setup. They’re only available to you, the repository owner, as well as any collaborators you choose to share with. Private repositories are only available for paid accounts.

It is possible to create a Private Repo for several users. This is not a free option, but is however available at a reasonable cost https://github.com/pricing

You can also implement 2FA for your account for additional security – 2FA Documentation

* Source https://help.github.com/articles/create-a-repo/

Catching up with Dockercon 2015

08 Wednesday Jul 2015

Posted by in Architecture, Cloud, Development, DevOps/OpsDev, Programming, Tools

Leave a comment

Tags

, , , ,

Docker have released some of the session videos from the recent Dockercon 2015 conference.

Session Links

Keynotes

Docker, Docker Docker

Day 1

  • Orchestration for Sysadmins
  • Docker Orchestration for Developers
  • Docker Engine
  • Getting started with Docker

http://blog.docker.com/2015/06/dockercon-2015-videos-day-1-of-docker-docker-docker-2/

Day 2

  • Least-privilege Microservices
  • Docker Hub
  • Docker Trusted Registry

http://blog.docker.com/2015/06/dockercon-2015-videos-day-2-docker-docker-docker/

Advanced Tech

Day 1

  • Faster, Cheaper and Safer: Secure Microservice Architectures using Docker
  • Reliably shipping containers in a resource rich world using Titan
  • Docker Plugins
  • Resilient Routing and Discovery
  • Interconnecting containers at scale with NGINX

http://blog.docker.com/2015/06/dockercon-2015-videos-day-1-advanced-tech/

Day 2

  • The distributed system toolkit: Container patterns for modular distributed system design
  • Container Hacks and Fun Images
  • Running Aground: Debugging Docker in Production

http://blog.docker.com/2015/07/dockercon-2015-videos-day-2-of-advanced-tech/

Docker Use Cases

Day 1

  • Analytic Garage on Docker at Capital One
  • Docker in the New York Times Newsroom
  • Enabling Continuous (Food) Delivery at GrubHub
  • Enabling Microservices at Orbitz

http://blog.docker.com/2015/07/dockercon-2015-videos-day-1-use-case/

Day 2

  • Speeding Up Development
  • From Months to Minutes – How GE Brings Docker Into the Enterprise
  • How to Build a Secure DevOps Environment for Government and Beyond
  • PayPal Goes Beyond CI to Production Scale PaaS with Docker

http://blog.docker.com/2015/07/dockercon-2015-videos-day-2-use-case/

Further videos to be released on the Docker Blog.

docker