Dockerfile

A Dockerfile is a text document that contains all the commands a user could call on the command line to assemble an image

The Docker build command executes the Dockerfile and builds a Docker image from it.

 A Docker image typically consists of:

• A base Docker image on top of which to build your own Docker image.
• A set of tools and applications to be installed in the Docker image.
• A set of files to be copied into the Docker image (e.g configuration files).
• Possibly a network (TCP / UDP) port (or more) to be opened for traffic in the firewall..etc

Dockerfile Structure

A Dockerfile consists of a set of instructions. Each instruction consists of a command followed by arguments to that command, similar to command line executables. 

Here is a simple example of a Dockerfile:

# The base image

FROM ubuntu:latest

# More instructions here that install software and copy files into the image.

COPY    /myapp/target/myapp.jar    /myapp/sriniapp.jar

# The command executed when running a Docker container based on this image.

CMD echo Starting Docker Container

Refer: https://www.youtube.com/watch?v=QLENvSMSD-0

5G

 5G is the 5th generation mobile network.

It is a new global wireless standard after 1G, 2G, 3G, and 4G networks. 5G enables a new kind of network that is designed to connect virtually everyone and everything together including machines, objects, and devices

Where 3G and 4G technologies have enabled us to browse the internet, use data driven services, increased bandwidths for streaming on Spotify or YouTube and so much more, 5G services are expected to revolutionize our lives. by enabling services that rely on advanced technologies like AR and VR, alongside cloud based gaming services like Google Stadia, NVidia GeForce Now and much more.

It is expected to be used in HD cameras that help improve safety and traffic management, smart grid control and smart retail too.

Previous generations:

First generation - 1G

1980s: 1G delivered analog voice.

Second generation - 2G

Early 1990s: 2G introduced digital voice (e.g. CDMA- Code Division Multiple Access).

Third generation - 3G

Early 2000s: 3G brought mobile data (e.g. CDMA2000).

Fourth generation - 4G LTE

2010s: 4G LTE ushered in the era of mobile broadband.

5G will help edge computing grow:

The 5G network’s speed should be 10 times faster than what the 4G network allows. That improvement opens possibilities for far-away sensors to instantly give updates about the connected devices. 

That increase in real-time processing will require new equipment with enhanced capabilities.

It’ll also raise the demand for edge computing since that method processes data at the borders of a network rather than transferring the data a significant distance first

To know more about Edge computing refer below link:

https://nextsrini.blogspot.com/2020/05/edge-computing.html

JIRA Rest API using Python

The Jira REST API enables you to interact with Jira programmatically. Use this API 

to build apps, script interactions with Jira, or develop any other type of 

integration.

The URIs for resources have the following structure:

https:///rest/api/3/

There are so many libraries like JIRA,request to access the JIRA services.
  

In the below code snippet, i had used request library and to save the results used 

Pandas library.

Pandas in the best library to save the results to Excel workbook.

Pandas library can be installed using either PIP/PIP3/easy-install. Make sure you 

are having right SSL certificate's before install pandas in intranet.

pip install pandas  
  
Sample Code Snippet:
  
import requests
from requests.auth import HTTPBasicAuth
import json
import pandas as pd

pd.set_option('display.max_columns', 500)
# url = "https://ABCD.atlassian.net/rest/api/3/issuetype"
url = "https://ABCD.atlassian.net/rest/api/3/search"

auth = HTTPBasicAuth("xxxxxxx", "yyyyyyyyyyyyyy")

headers = {
    "Accept": "application/json"
}
query = {
    'jql': 'project = ABCD'
}

response = requests.request(
    "GET",
    url,
    headers=headers,
    params=query,
    auth=auth
)
resdata = json.dumps(json.loads(response.text))
# print(json.dumps(json.loads(response.text), sort_keys=True, indent=4, 

separators=(",", ": ")))

if response.status_code != 200:
    print('Status:', response.status_code, 'Headers:', response.headers,
          'Error Response:', response.json())
    exit()
else:
    print('Server Connected.Please wait.....')

#for fetching all sprints data
df = json.loads(resdata)
maxresults = df['maxResult']
print(df['total'])
writer = pd.ExcelWriter('Jira_issues.xlsx', engine='xlsxwriter')
dk.to_excel(writer, sheet_name='Jira_Issues', index=False)
writer.save()

Blockchain Versions

Blockchain technology has gained popularity because it offers decentralized and transparent storage to record transactions and data.

Blockchain Version 1.0: Cryptocurrency:

Blockchain 1.0 is the first cryptocurrency, which records the bitcoin transactions on the public ledger in a secure method. The implementation of Distributed ledger technology was the reason behind its first version.

It is a permission-less blockchain where any participant can perform a valid transaction of bitcoins.

It works as a simple state machine, which can be used as a platform for the bitcoin transaction. State machine manages the transition between valid states similarly Blockchain records and manages the bitcoin transactions between valid participants of the network.

Blockchain Version 2.0: Smart Contract:

The new concepts in the blockchain are Smart Contracts,  it is a small self-executing computer :programs that exist in the blockchain. In Blockchain 2.0, Bitcoin is replaced by ethereum. 

The smart contract is one of the most successful blockchain applications, it helps in reducing transactions cost-effectively. Ethereum network is the best platform for creating and executing smart contracts. This is used as a replacement for the traditional contracts.

Blockchain Version 3.0: Dapps:

The Dapp is a short form for Decentralized application. Decentralized applications run  opposite to centralized applications running on a single computer. 

A Dapp is like a conventional app, it can have frontend (written in any language) that can make calls to its backend. A Dapp can host its frontend on decentralized storages, including Ethereums Swarm.

Decentralized apps do not need to run on top of a network of blockchains. There are many decentralized applications running on a P2P network, like BitMessage, BitTorrent, Tor, Popcorn, etc.

Vulnerabilities in Python Applications

Below are the types of security vulnerabilities that Python developers should be concerned with:

SQL INJECTIONS (SQLI)

A malicious user controls the execution of SQL statements for an application at the backend database server. 

There are four sub-classes in SQLi:

• In-band SQL Injection / Classic SQLi
• Inferential / Blind SQL injection
• DBMS SQLi
• Compounded SQLi (Eg: Strom Worn)
• SQLi with inadequate authentication
• SQLi with DDoS attacks
• SQLi with DNS hijacking
• SQLi with XSS

CROSS SITE SCRIPTING (XSS)

In XSS, a malevolent user can trick any web application to steal stored cookies, saved passwords, and script code that served unsuspecting users of that application.

CROSS SITE REQUEST FORGERY (CSRF)

This security vulnerability occurs when a compromised website is forced to perform an action by another logged-in user like clicking on a button. Also, it includes the hacking or logging into of a website with others’ login credentials.

LDAP (LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL) INJECTIONS

This vulnerability occurs when a malicious user inserts/modifies LDAP statements that lead to speculations.

COMMAND INJECTIONS

Here, a malicious user executes OS commands on a web server by abusing it in order to insert their own commands to gain complete control over the server.

XPATHI

This occurs when a malevolent user intentionally passes data to a website. They can use that interaction to find out how the data is structured in XML, or they can access secured data that they can’t access normally.

Security Scanners

Python Taint (PYT) – Static Analysis Tool: This utility is used for identifying command injection, XSS, SQLi, interprocedural, path traversal HTTP attacks in Python web apps. Python Taint is based on the Control flow graphs, data flow analysis and fixed points that are theoretical foundations built using the Flask framework.

Tinfoil Security Website Scanner: Tinfoil is an affordable security scanner for Python & Django that helps find holes in web servers and applications and also tells you the ways to fix them.

Bandit – AST Based Static Analyzer: It’s an OpenStack security linter that identifies the common security risks in Python programming. It is distributed using pip. To install bandit from source, we can use the command python setup.py install after downloading the pypi source tarball. You can even access the reports from bandit.

Pyntch – Static Code Analyzer: Pyntch (PYthoN Type CHecker) helps in detecting runtime errors such as exceptions, not found attributes and variable type missmatchings. It supports Python 2.x currently. It won’t address style issues like Pychecker or Pyflakes, but it works pretty fast and efficient in scanning thousands of lines within a minute.

Spaghetti Security Scanner: Spaghetti an open-source web application security scanner built on Python version 2.7. It detects default files, misconfigurations, and insecure files, and it supports numerous frameworks including Django, CherryPy, CakePHP, and others. 

The tool is capable of finding attacks like admin panel, cookie security, credit card/email/private IP disclosures, SQL injections, ShellShock, Struts-shock, Apache ModStatus, Anonymous cipher, and others.

Rough Auditing Tools for Security (RATS): It’s a free tool that scans languages like C, C++, PHP, Perl and Python and emphasizes the errors that are related to security like TOC (Time of Check), TOU (Time of Use), Buffer overflows and Acunetix. Manual code introspection is still important, but this tool still greatly assists us.

PyDbgEng – Windows Debugging Engine’s Python Wrapper: It helps in debugging user mode, kernel mode, software and hardware breakpoints, etc. With the help of this PyDbgEbg, you can do fault injection, fuzzing of applications, and unpacking executables automatically.

Python-ptrace: It’s an opensource debugging tool that uses ptrace developed and written in Python. Here, ptrace works as an tracer that hands the system calls in Linux, BSD and Darwin.

vdb / vtrace – Debugger for Exploit Malware Analysis: Here, VDB refers to a dynamic debugging element; vtrace refers to a platform that’s used in debugging frameworks implemented in Python. Vdb utilizes vtrace.

Immunity Debugger – Python Penetration Testing Tool: It uses python scripts and supports Windows with Graphical user interface and command line debuggers.

Docker for IBM Z

 Docker Enterprise Edition for Linux 17.06 on IBM Z is available directly from IBM and their network of channel partners. 

Companies who already have a mainframe footprint can extend their existing partnership with IBM to add Docker EE to their technology stack for their critical applications.

Additionally, IBM recently announced a new release of the enterprise Linux platform designed specifically for mainframe systems. 

This next generation of IBM LinuxONE systems and Docker EE together provide complementary security capabilities from the system to the application and the ability for massive scale – up to two million containers per system.

Amazon Connect

 Amazon Connect is an Amazon Web Services public cloud customer contact center service.

Amazon Connect enables customer service representatives to respond to phone calls or chat inquiries from end customers just as if the contact center infrastructure was set up and managed on premises. 

According to Amazon, the service can scale to accommodate tens of thousands of call center agents. AWS provides a telecommunication infrastructure for each company that uses the service. 

To access the service, users are required to have an Amazon Connect account or an AWS Identity and Access Management account.

How Amazon Connect works

The customer who requested the service becomes the administrator for Amazon Connect. The admin's first task is to claim a phone number and configure permissions for users, which include operators, contact center managers and agents. 

To deploy the service, the admin must first create an Amazon Connect cloud instance. To do this, the customer logs into their AWS Management Console and completes several tasks. 

First, the AWS customer must create or select a user directory, which can include an outside option, such as Microsoft Active Directory. Next, the customer creates a user with administrator privileges and then selects telephony options (such as whether the contact center needs to place calls, receive calls or both) and the location for data storage.

Amazon Connect: Contact Flows

A Contact Flow defines each step a customer can make when they interact with the contact center.

The logic is similar to that of an automated Interactive Voice Response (IRV) system and determines an end user's experience. An admin can configure a Contact Flow through a graphical user interface  in the console to play a recorded prompt, ask a caller a question, manage call recording settings or transfer a call.

A Contact Flow also supports text to speech with Amazon Polly and allows developers to customize pronunciation, speech rate and volume with Simple Speech Markup Language.

In addition, Amazon Connect can route end user calls according to agent skills, availability and caller priority. The service assigns agents a routing profile to fit agent expertise to one or more call queues.

Connect also provides a Contact Flow Logs feature, which allows a business to track and streamline its interactions with end customers via the contact center. Amazon CloudWatch stores these logs in the same region as the Connect instance.

Additionally, the Connect service provides nearly 100 metrics -- both in historical and real-time reports -- to help monitor contact center performance. An admin can export these reports to Simple Storage Service buckets, where they will be encrypted.

Software, hardware support

Amazon Connect requires the open source WebRTC, and supports a number of web browsers, including Google Chrome and Mozilla Firefox.

Amazon Connect enables voice interactions via a public switched telephone network provided by AMCS LLC. The service supports dual-tone multi-frequency signals, text-to-speech conversion via Amazon Polly and natural language interactions via Amazon Lex. 

Contact center agents use either a web-based softphone or traditional phone to interact with end users and a Contact Control Panel to manage these interactions.

In addition to its interactions with Amazon cloud services, Amazon Connect integrates with third-party customer relationship management (CRM), workforce management and analytics tools.

Languages and costs

Amazon Connect provides call center support for English, Spanish, Brazilian Portuguese, Korean, German, Simplified Chinese and Japanese.

Connect is a pay-as-you-go service. After a user exhausts its free tier of service, AWS charges for Connect use by the minute, plus daily telecom charges.