Egor Zyryanov | September 24th, 2024
Use Kaggle datasets for research responsibly. Steps: Create an account, explore, check licenses, clean data, conduct research, cite, and share.
Ksenia Nikolaenko | October 5th, 2023
Keras and TensorFlow complement each other, choose based on needs and expertise.
Alexandr Orlenko | July 14th, 2023
Deep dive into eProceurement: New Article Series — Stay tuned for expert advice & best practices that empower professionals in the eProcurement industry.
Anton Bogomazov | June 29th, 2023
Learn how to effectively manage version control for Jupyter Notebooks. Discover tools like nbdime and nbconvert that enable viewing differences, enhancing code review, and streamlining workflows.
Anton Bogomazov | June 2nd, 2023
Avoid the Anemic Domain Model anti-pattern: learn its drawbacks, violations of OOD principles, and strategies to build cohesive domain models.
Alisa Zamaraeva | November 11th, 2022
In the world of modern technologies, software development is one of the fastest-evolving areas. Through the last decades, even development approaches changed and brought out new methodologies. The most popular one today is DevOps. What Kind of Beast is DevOps? Sometimes DevOps is considered as just a term for particular tools, in fact being a whole philosophy reflecting the necessity of close collaboration between the teams responsible for application delivery. The methodology is based on 3 principles: Some business owners have already heard of DevOps here or there and came to a conclusion that DevOps is some kind of technological stack: CI servers, development platforms, automatic deployment tools and so on. The truth is, DevOps implies using some particular tools but is not limited by them. Without the above-mentioned principles and your team sticking to them, such tools can be useless. The same is true for people who think that implementing CI/CD pipelines is enough to implement DevOps. The key principle still lies in the area of team communication: everyone who works on an application must exchange information. Otherwise it will make no difference to the traditional development. Another trap one can fall into is thinking that hiring a few DevOps engineers will solve all the problems. Actually, having an outsource DevOps team is a good idea — until your own developers accept the described principles and use the same instruments. You have to adjust your processes and culture first. And a good professional can help here, if you accept their advice. DevOps Tools Though DevOps tools don’t equal the DevOps approach, it’s necessary to adopt the corresponding stack. DevOps implies working with the cloud infrastructure. The most popular cloud service is AWS. Besides a public cloud, AWS provides specific APIs and various web-services. Cloud infrastructure helps to make development teams’ collaboration easier and application deployment smoother. Besides, AWS offers a huge number of useful services for almost everything from data storage to CI/CD orchestration. Kubernetes is another great tool which leverages DevOps. It helps to wrap services into containers and manages everything connected with them. Also, DevOps uses tools for deployment automation, cloud infrastructure management (for example, Terraform), CI/CD automation software like Jenkins or TeamCity and several others. Most of them concentrate on the automation of any development or operating process that can be automated, because this is how continuous integration and delivery is achieved. As we said before, adopting the proper tooling is only the first step for implementing DevOps into your processes. DevOps as a Development Approach In traditional development, the team is usually divided into groups: developers, QAs, system administrators (if any), management and so on. The development cycle — whatever methodology is applied — in this case is divided into consistent steps: creating a technical task, prototyping, writing code, testing, etc. But going from step to step, some information about the application (and the desired result) is lost, because no one cares about explaining to colleagues what was done and why. No one sees the process in the whole, probably except for the project manager, and doesn’t understand its purpose. Such miscommunications may cause undesired process interruptions, restrain the development process and move the deadlines further and further. DevOps implies tight connections and interactions between the developers and other teams. And that’s how it works: when developers, QAs, and system administrators know what’s happening in other teams, they’re able to think in advance and avoid many annoying problems. The best you can do to support the cooperation is to hire or train DevOps professionals who will think as developers and system admins at the same time. Of course, a few DevOps engineers can’t ensure your whole development cycle automatically becomes DevOps. Every team member must adopt the corresponding instruments and remember about communication. In Setronica, all software engineers and other professionals stick to the DevOps approach and have perfected all the corresponding tools and skills. DevOps Benefits So, once again: why is it worth using the DevOps approach? The short answer is that DevOps allows the team to work faster and make fewer mistakes. And if you dive in deeper, you’ll see that this approach emerged in response to the developers’ and users’ needs for quite a reason. The efficiency of DevOps is proven by the following points: Thus, DevOps helps optimize business and development processes, cuts costs and saves time. With DevOps tools and way of thinking, any team can perform the maximum efficiency with minimum expenses. In Setronica, we think that DevOps is the most profitable development approach. It’s not a silver bullet, but it proved its efficiency for many companies. That’s why we adopted the DevOps tools and practices and keep sharpening our professional skills. Let’s start building something great together! Contact us to implement CI/CD pipeline, set up a robust cloud environment and adjust your system and team to DevOps principles. To learn about our team and expertise, visit our ‘About Us‘ webpage.
Yevgeny Gorbachev | February 12th, 2020
Winter is coming… A cookie day for people and their agents – browsers, that may break your user experience or even affect your life… Will it be a global Armageddon of the Web, or just cause a local malfunction of some old-time sites? It’s time to figure it out. Taste of HTTP Cookie First of all, please welcome to the world of HTTP cookies. Mozilla Developer Network gives the following definition of cookie: An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user’s web browser. The browser may store it and send it back with the next request to the same server. It was intended to introduce the state of a web session for the stateless HTTP protocol. Cookies are set by a server and then sent back by the agent with every request to the server. That, in turn, allows to manage the session, personalize user’s preferences, or track user behavior. Be Aware! Confidential information must never be stored in cookies, as the entire mechanism is totally insecure. The cookie values are visible to the end-user and can be changed by him or a man-in-the-middle. Cookies are often used to identify a user and their authenticated session, so stealing a cookie can lead to hijacking the session as well. Common ways to do that include Social Engineering or exploiting cross-site scripting (XSS) vulnerability in the application. That is why the proper baking of the cookies is so important. Besides a data payload, the cookie may also have additional settings, instructing the user’s browser how to handle it. For instance, the cookie could be a session one that is deleted when the agent shuts down, or a permanent one, expiring at a specific date (Expires) or after a specific length of time (Max-Age). All these instructions along with a cookie itself are specified by the server in the dedicated Set-Cookie header. The Set-Cookie Header in a Nutshell Common Syntax Set-Cookie: <cookie-name>=<value>[; <directive>[; <directive2>…]] All the directives could be split in two major parts. Lifetime Settings Directive Meaning <none> A session cookie is erased when the client shuts down, and the session is over. Expires The maximum lifetime of the cookie in HTTP-date format. Max-Age A number of seconds until the cookie expires. A zero or negative number will expire the cookie immediately. If both Expires and Max-Age are set, Max-Age has precedence. Security Settings Directive Meaning Domain It defines the scope of the cookie: what hosts the cookies should be sent to. If omitted, it defaults to the host of the current document URL, not including subdomains. If a domain is specified, subdomains are always included. Note: A cookie for a domain that does not include the server that set it should be rejected by the user agent. Path It defines the scope of the cookie: what URL path must exist in the requested URL in order to send the cookie. Secure A secure cookie is only sent to the server when a request is made with the https scheme. Insecure sites http can’t set cookies with the Secure directive anymore. HttpOnly Forbids JavaScript from accessing the cookie. For example, cookies that persist server-side sessions don’t need to be available to a client, and the HttpOnly flag must be set. This mitigates the XSS attacks. SameSite Strict The browser will only send cookies for same-site requests (requests originating from the site that set the cookie). If the request originated from a different URL than the URL of the current location, none of the cookies tagged with the Strict attribute will be included. Lax Same-site cookies are withheld on cross-site subrequests, such as calls to load images or frames, but will be sent when a user navigates to the URL from an external site; for example, by following a link. None The browser will send cookies with both cross-site requests and same-site requests. In general, a cookie must not be sent with cross-origin requests (where the site is defined by the registrable domain), providing some protection against cross-site request forgery attacks (CSRF). Note: Browsers are migrating to have cookies default to SameSite=Lax. If a cookie is needed to be sent cross-origin, opt out of the SameSite restriction using the None directive. The None directive requires the Secure attribute. <prefixes> __Secure Cookies with names starting with __Secure-must be set with Secure flag from a secure page (TLS aka HTTPS). __Host Cookies with names starting with __Host-must be set with Secure flag, must be from a secure page (HTTPS), must not have a Domain attribute (and therefore aren’t sent to subdomains) and the path must be /. Same-Site-None Cookies Now we are ready to dive into technical details about the upcoming changes in browser behavior. Google Chrome will be the first browser to roll out a change that might not be compatible with a web application. Here they are: Since Chrome 80, cookies that do not specify a SameSite attribute will be treated as if they were SameSite=Lax with the additional behavior that they will still be included in POST requests to ease the transition for existing sites. Cookies that still need to be delivered in a cross-site context can explicitly request SameSite=None, and must also be marked Secure and delivered over HTTPS. Firefox already has these implemented with Firefox 69 behind a developer preference flag but has given no target release version for enabling it by default. Edge has announced support with an upcoming new version, but no ETA has been given on that yet. Safari has not signaled adoption yet. Others – No adoption signal yet. Which Workflows May Be Affected Single sign on (SSO) integration with Identity Providers (idPs) via the protocols as SAML 2.0 and OpenID Connect/OAuth2. When a web application implements SSO, several redirects happen under the hood for the user authentication from the agent to idP and back with authentication confirmation. That confirmation is represented by a token sent back to the app. The app performs the
Yuliya Malinina | January 16th, 2020
We’ve got an interesting challenge to create backend for guinea pig breeders database. During the development process we learned that now just a few sources exist and can be useful if you want to find guinea pig test cross answer. So we’re sharing the URLs to free trial software application for guinea pig breeders. It may give you more insight into your guinea pigs. Calculate Inbreeding coefficient. Import and Export of the Data. And find guinea pig test cross answer https://www.zooeasy.com/features/breeding-guinea-pig/ https://guineapigsplanet.weebly.com/guinea-pig-breed-guide.html