Tuesday, January 15, 2019

[Links of the Day] 15/01/2019 : Incident Response best practice, Database Schema Crawler, Fingerprinting TLS

  • ja3 : something I discovered recently. Apparently, you can fingerprint SSL and TLS session in order to identify the service being run behind the encrypted socket. Really awesome if you want to spot malware or bitcoin miner on your network. Or pretty much any other services as long as you have a fingerprint to compare with.
  • SchemaCrawler : a cool tool for database schema discovery. This is a must when you have to take on board a legacy DB system that lacks clear documentation. 
  • Incident response : pager duty open sourced they incident response process. This is a really great set of tools, process and best practice for incident response. What is even more eye-opening is the part the describe the incident resolution scenario that didn't work and point out some great anti-patterns. A must read for any SRE team out there and anybody else that has an on-call duty and their managers.

Thursday, January 10, 2019

[Links of the Day] 10/01/2019 : High performance stream engine, Golang security links and a modern back orifice written in Go

  • Trill: high-performance one-pass in-memory streaming analytics engine. This seems like a highly versatile and performant streaming engine. The team behind it is making some bold claims regarding its capability ( see table below). I think that this architecture is promising, however, the .net language might put some people off.
  • Go Security link : loads of golang related security links 
  • Merlin : a cross-platform command and control server and agent. If you have used back orifice in the 90s. You will know what this tool offers :)

Tuesday, January 08, 2019

[ Links of the Day] 08/01/2019: Turn video into comics, Social impact of IoT, and Microservices orchestration DSL

  • Comixify: Transform video into a comics with the power of machine learning. This is a really cool concept and the results are surprisingly good.
  • A Storm in an IoT Cup : the authors look at the emergence of social machines where human interactions and relationship is made increasingly more complex with the rapid adoption of the Internet of Things. 
  • Baker : a library by ING bank that aims at reducing the efforts to orchestrate (micro)services process flows. The objective is to bring everybody from the product owners, architects and developers to talk the same language by relying on a unique service based processed workflow. While in itself it is not revolutionary. The DSL principle allows greater reusability of microservices as well as facilitating the comprehension and review of complex workflows.

Thursday, December 13, 2018

[Links of the Day] 13/12/2018 : Prometheus for Logs, Cloud Adoption framework, HR job title comparison website

  • Grafana Loki : this is actually really cool, like Prometheus but for logs. It seems like a good light-weight alternative to elasticsearch. 
  • Google Cloud Adoption Framework : Google is trying to sell you its cloud. Good white paper anyway, describing a form of a cloud maturity model for the enterprise.
  • Levels: If you ever wonder what a certain job title means and how it stacks vs other companies. Search no more! Levels is here to help you understand the intricate world of HR job title hierarchy. 

Tuesday, December 11, 2018

[Links of the Day] 11/12/2018 : Papers : Recognising disguised faces and deceiving NeuralNet with visuals illusions, and the dry history of liquid computers

Thursday, December 06, 2018

[Links of the Day] 06/12/2018 : NLP summarisation, RPC protobuf framework, API security best practices

  • Fast Abstractive Summarization with Reinforce-Selected Sentence Rewriting : I would have mentioned this paper on the sole basis that the authors provide a GitHub repo with all the code used. This should be mandatory for any publication in Computer science. Anyway, the summarization tech described in the paper is pretty cool too. [github]
  • twirp : RPC framework with protobuf service definitions. If you don't want to go all gRPC, give this framework a serious look. I would consider twirp over gRPC for the sole reason that it uses the standard GO http server over the custom google one. Seriously google, why did you have to re-implement the HTTP server from your own language ?? 
  • API Security Best Practices : documentations providing some good security practice when it comes GitHubhub usage. As well as an excellent leak management document describing a fairly efficient process.

Tuesday, December 04, 2018

[Links of the Day] 04/12/2018 : Matrix cookbook, Serverless Containers, C++ network coroutine lib

  • The Matrix Cookbook : nothing about Keanu Reeves in a kitchen apron but a collection of facts about matrices and matters relating to them. A very well documented desktop reference.
  • Firecracker : Secure and fast microVMs for serverless computing... This is really another AWS product that makes you ask why do we need Kubernete. To be honest I really see K8s now as another OpenStack. It's at the top of the hype cycle but I don't really see it going anywhere further anytime soon. This type of tech enables serverless containers. Making any of the k8s almost a moot point.
  • Coro asyncC++ coroutine-based networking library