Article originally posted on InfoQ. Visit InfoQ

Gregory Kurtzer, the founder of CentOS, started the Rocky Linux project in December 2020. His goal is to fill the gap created by Red Hat when they announced a change in direction for CentOS Linux. This shift, from a stable operating system to a stream for testing pre-release code, left many organizations without a Linux distribution that suits their needs. 

Kurtzer originally founded the Caos Linux project, which the CentOS Project was born out of in 2003. InfoQ interviewed him about Rocky Linux and the goals for the project going forward.

InfoQ: What are the key milestones and dates for Rocky Linux this year?

Gregory Kurtzer: Our infrastructure and build systems are in place, as in automatic package builds. Our next major milestone is to have a release available for the end of March, but that is most likely to be pushed out into April. 

The best place to keep track of our timelines is the news in our community update page. For more up-to-the-minute updates, join our communication framework on Mattermost or IRC. Everyone is welcome, so come and join the party!

InfoQ: The Rocky Linux home page describes it as being  “bug-for-bug compatible” with Red Hat Linux. Can you explain what that means and what kind of work it entails for the Rocky Linux community?

Kurtzer: The notion of “bug-for-bug compatible” demonstrates our commitment to staying as compatible with the upstream source of Red Hat Enterprise Linux as legally possible. The gist is that if we have a particular bug, we would expect RHEL to have the same bug and vice versa.

This guarantee provides an important benefit for developers and systems engineers.  Bug-for-bug compatible means that applications, hardware, and tooling will work the same way with Rocky Linux as they do with RHEL. Rocky Linux will be a drop-in replacement for RHEL and CentOS Linux, and RHEL will be a similar replacement for Rocky Linux.

InfoQ: How will Rocky Linux be different from CentOS? How will it be the same?

Kurtzer: Like the previous question, both Rocky and CentOS (not Stream) were targeted at being as close to RHEL as possible. So the differences are actually non-technical…

CentOS came to be as a small group that was always tightly controlled due to access to the private signing keys of CentOS. The only way to manage this control is to limit exposure, which meant that the CentOS core development was always very small and controlled by a small group until Red Hat gained control over the operating system.

What we are doing is creating an infrastructure, organizational structure, and community for Rocky.  This will allow a much larger community to take part in the development and share responsibility for the project. It will also ensure that no single commercial entity or agenda will pivot the project.  Rocky Linux will stay 100% freely available in the interest and benefit of the community.

InfoQ: Do you think that every company currently using CentOS will want to switch to Rocky?

Kurtzer:  I can’t say for every company, but out of the companies that I have spoken to and approached, every company, literally all of them, are opting to migrate to Rocky Linux. The only concern so far, as of the time of this writing, is that we haven’t released it yet, but most organizations that I’ve spoken with feel that the risk is low as our progress is completely public, as is all of our development conversations and tasks. 

InfoQ: What are the main reasons companies might want to migrate to Rocky Linux from other distributions?

Kurtzer: Any distribution owned and controlled by a single profit-dependent organization is as much of a risk as Red Hat. History has shown that in the battle between open source and a company’s business model, the business model will always win. The logical conclusion is to either pay for your Linux distribution from the vendor (Red Hat, Canonical, SuSE, etc.) or use a proper community Linux variant like Debian or Rocky.

If you’re interested in joining the Rocky Linux community,  you can find instructions on the build process on their wiki. Information about how to contribute to documentation is on Github. Community updates are available on Twitter and the Rocky Linux forums.
 

Article originally posted on InfoQ. Visit InfoQ

GitLab has open-sourced the core protocol fuzz testing engine it has been using since its 13.4 release. Fuzz testing aims to more effectively find security issues and flaws in business logic by passing randomly generated inputs to an app.

GitLab introduced Fuzz Testing at the end of last year, on the heels of its acquisition of Peach Tech and Fuzz it.

GitLab’s API fuzz testing lets you provide an OpenAPI v2 specification or a HAR file of your application, and then automatically generates random inputs designed to exercise edge cases and find bugs. Results are then immediately shown as part of the pipeline.

Protocol fuzz testing extends fuzzing capabilities already built-in into GitLab by making it possible to fuzz test network protocols or file formats.

InfoQ has spoken with GitLab Principal Product Manager Sam Kerr to learn more

InfoQ: Could you briefly explain what fuzz testing is and why it is getting interest from many software companies?

Kerr: Fuzz testing is about finding bugs and vulnerabilities that other techniques can miss. It does this by generating random inputs to cause crashes and find parts of the app that may not have been tested previously. Since fuzz testing is using randomly generated inputs, rather than predetermined signatures or patterns to look for, it will find issues that are unique to the business logic of the app that could never have a signature written to check for.

Many companies are getting more and more interested in fuzz testing as a great way to complement the existing testing and security scanning they already do. Other techniques can be used to find certain classes of issues and fuzz testing can find others. It is a complementary to, rather than a replacement of, other testing and security methods.

There are several types of fuzz testing which can be used depending on the app type and use case. GitLab has two different types of fuzz testing available inside our product today, coverage-guided fuzz testing and API fuzz testing. These are for “inside-out” and “outside-in” testing, respectively, of the application and its code. This new open source repository brings protocol fuzz testing to the community and allows for testing low-level network protocols, such as TCP, or file formats, such as JPG.

InfoQ: What challenges does fuzz testing pose to organizations that wish to integrate it into their CI pipelines?

Kerr: One of the main challenges with fuzz testing is perceived difficulty of use and setup. At GitLab, one of our key focus areas is on usability, to ensure users can be successful and find bugs and vulnerabilities easily without becoming a security expert. We plan to take the same approach with protocol fuzz testing going forward.

Another step organizations will need to take with fuzz testing is determining how long to run fuzz testing, to balance between being responsive to developers and giving the fuzzers enough time to find issues. We typically see users run short fuzz jobs on every commit of their code and then also have a long-running fuzz job against a given release of the app. This gives a good balance between not slowing down developers while also finding as many issues as possible.

InfoQ: Whom is GitLab Protocol Fuzzer Community Edition aimed to and how can it help them adopt fuzz testing?

Kerr: GitLab Protocol Fuzzer Community Edition is open source and everyone can contribute. This release provides a lot of the core engine pieces that GitLab acquired from PeachTech to allow for users to build support for their own protocols. We anticipate security researchers and users already familiar with fuzz testing to use the repository to build protocols as well as contribute any features they would like to see in the core engine. If users have used the older Peach Fuzzer Community Edition, we expect them to be able to quickly get started with the new GitLab Protocol Fuzzer Community Edition.

Over time, we plan to offer support for some pre-built protocols to allow users less familiar with fuzz testing to get started more quickly.

InfoQ: How does GitLab Protocol Fuzzer Community Edition differ from your other Fuzz Testing offering?

Kerr: GitLab offers coverage-guided fuzz testing and API fuzz testing today, which are for slightly different use cases than protocol fuzz testing.

Coverage-guided fuzz testing is about putting a small “test harness” around either a whole app or a part of an app to test. The fuzz harness can monitor the app while it runs and intelligently make changes to the test to find results. This can be used for any web, desktop, or server app written in one of our many supported languages.

API fuzz testing is about using a definition of an API or a recording of interacting with an API to tell the fuzzer what types of info the app is expecting. This could be either an OpenAPI specification, HAR recording, or Postman collection. The API fuzzer is smart enough to take those inputs and generate random values to find bugs in the API. This is especially useful for using with an app that exposes an API over HTTP.

Protocol fuzz testing is different because it is about testing low-level network protocols or file formats that an app might use. The protocol fuzzer is given a definition of what the protocol is and then intelligently makes changes to valid protocol messages to try and find bugs in the app’s implementation of that protocol. For example, if a protocol message was supposed to include a length value, the fuzzer may provide an incorrect length value to see if the app can handle it appropriately. This is especially important for embedded devices or low-level software that may be implementing their own versions of protocols, rather than using a version provided by an operating system.

Another difference is that GitLab Protocol Fuzzer Community Edition is an open source project hosted and maintained by GitLab, but is not yet integrated into GitLab the product. This means users can look at the source code, make changes, run it locally, and add it to their own pipelines. Coverage-guided fuzz testing and API fuzz testing are both part of GitLab the product today and are deeply integrated. That means their results will appear in the Security Dashboard and developer merge requests. In the future, we have plans to extend GitLab Protocol Fuzzer Community Edition and integrate it into GitLab to provide a similar experience for those users.

The latest version of GitLab, GitLab 13.10, introduced a number of improvements to fuzz testing, including support for OpenAPI v3 and a new UI to make it easier to modify fuzz testing settings.

Posted on mongodb google news. Visit mongodb google news

Article originally posted on mongodb google news. Visit mongodb google news

Article originally posted on InfoQ. Visit InfoQ

Introductions [00:21]

Charles Humble: The next QCon Plus, which is an online version of the QCon you know and love will be taking place over two weeks between May the 17th to the 28th of 2021. QCon Plus focuses on emerging software trends and practices from the world’s most innovative software shops. All 16 tracks are curated by domain experts to help you focus on the topics that matter the most in software today. You’ll learn new insights from over 80 software practitioners in innovator and early adopter companies all across software spaced over two weeks, just a few hours a day. These expert level technical talks provide real time interactive sessions, regular sessions, async learning and additional workshops to help you validate your software roadmap. If you’re a senior software engineer, an architect, or maybe a team lead and want to take your technical learning and personal development to a whole new level this year, join us at QCon Plus from May the 17th to the 28th.

Charles Humble: You can visit QCon.Plus for more information. And with that welcome to the InfoQ podcast. I’m Charles Humble, one of the co-hosts of the show, a managing editor at Cloud Native consultancy firm Container Solutions. Today, I’m speaking to Matthew Clark. Matthew is Head of Architecture for the BBC’s digital products, a role that covers the websites and apps for BBC’s news, sport, weather, children’s education and content discovery services. Over the past few years he and the BBC’s design and engineering teams have completely rebuilt the BBC’s website using modern approaches and technologies such as React and Serverless. It’s that migration that we’ll be talking about on the podcast today. Matthew, welcome to the InfoQ podcast.

Matthew Clark: Thank you. Thanks for having me.

How big is the BBC in terms of traffic and page types and so on? [02:05]

Charles Humble: Before we get into the architectural details, can you give us a little bit of context? How big is the BBC in terms of traffic, page types and so on?

Matthew Clark: It’s pretty big. Yeah. Page types certainly have more than 200 last time I counted. There’s a real broad set of products as we call it on the site. Being a public service that BBC does a lot of things, trying to find something for all audiences. So there’s a really big global news, for example, probably the largest news websites in the world. We’ve got things more for the UK only audience. Like iPlayer, the VOD platform that gets millions of plays a day. Then there’s all kinds of specialist stuff. Children’s things, educational things, food recipes, all kinds of stuff. So it’s broad, but also the traffic, the number of users we have is super high as well. Tens of millions will use the services every week. Often more than that. The US election, for example, last November we’ve got 165 million unique users come to our coverage either video, audio or text online. So pretty huge numbers. As the technologist, that’s part of the fun, right?

Matthew Clark: How do you build something that scales and works well and gives everyone an interactive and personalized experience as appropriate at those moments? You can’t just rely on CDNs or caching. There’s a real fun challenge there about offering such a great service to that many people, those big moments.

Charles Humble: Can you give me an idea of the number of developers at the BBC as well?

Matthew Clark: Maybe in the order of about 1,000. A bit more, depending on what you call a developer. It’s not a small team but compared to some of the big competitors that we find in the US giants and so on, it’s not a big one either. So we do have a key goal to be as efficient as we can. We’re a public service so we do our best to make the most of those development teams. We’ve got, as I say, big server workload, a lot of people we need to be as reliable as we can in those really big moments because people depend on us. So we make sure that those developers are working as efficiently as they can on building great products for us all.

Does this same architecture support all different platforms and services that you are responsible for? [03:48]

Charles Humble: Broadly speaking, does this same architecture support all different platforms and services that you’re responsible for? So the various news and sports apps, internet-enabled TV, the website, BBC sounds and so on, is that all one fundamental architecture?

Matthew Clark: Broadly, yeah. As a lot of places do, you have different teams working on different things so there’s natural variation, but fundamentally, yes. We’re all working the same way. They’ve got the data sources from which you can then build websites and apps and, as you say, connected TV is another big one. You obviously have to work different ways for different platforms, but fundamentally yes, it’s the same thing.

What is the main driver for the BBC’s cloud migration? [04:21]

Charles Humble: Staying at a high level for the time being, it’s my understanding that you’ve been on a very familiar cloud migration. So you’ve been moving to a public cloud AWS in the case of the BBC and also adopting more Continuous Delivery and DevOps. Is that basically correct?

Matthew Clark: Yeah, that’s right. We started our cloud journey fairly early for a large org, 2012, 2013. We started doing it. We moved some things quite early on, such as our video transcoding capabilities. All went rather well. So we made the call two or three years into that, I guess a few years ago now, we should move all of our online services to the cloud, the websites, the apps, and all the APIs that power it. Move that fully into the cloud. We gave ourselves a deadline of 2020 to do that. That was a good moment to switch off our data centers and move across. That’s what we’ve just completed.

Charles Humble: What was the main driver for that migration?

Matthew Clark: There are several reasons really. I mean, fundamentally you want to be in the business that you’re in, you don’t want to be doing more things than you have to, right? So looking after data centers, procuring servers ahead of time. If you can get away without doing that you want to do it, right? But as you go on, you realize that the cloud is more than replacing your data center, right? It just does so much more. The ability to have unlimited computer effectively at a moment’s notice and the same with storage and machine learning capabilities and everything else is just extraordinary. It opens so many doors. So I don’t think we perhaps realized that so much when we started the journey seven, eight years ago. But now it’s not a correct comparison, is it? Running your own data center versus the cloud? They’re just completely different ways of working. The amount of stuff that we’ve done since moving to the cloud that we couldn’t have done before is huge. It’s now such a no brainer I think for anyone doing this. You’ve got to take advantage of that capability.

What did the architecture look like before you started to migrate? [05:53]

Charles Humble: So can you give us an idea of what your architecture looked like before you started to migrate? So I think your code was mainly written in PHP. I think you were hosted in a couple of data centers in London, in the UK, but can you describe what that architecture looked like pre the migration?

Matthew Clark: Yeah, you’ve got the basics. I guess fundamentally it was like a classic LAMP stack, which was the thing you did 10 years ago, a bunch of Linux servers running Apache, running PHP, and then various data sources underneath with all your contents, things like MySQL or other databases we had. Maybe a bit more than that because it’s a large site. We had a set of Varnish servers doing caching, for example. We had a separate Java API layer to separate the presentation from your logic. So there’s a bit more maybe than LAMP, but yeah, fundamentally it was that running on two data centers – hot hot on both so there’s resilience to one failing. But it was a very sensible architecture for when we made that back in roughly 2010. Of course it seems old fashioned now as technology moves on.

What was the role of Nano-services? [06:47]

Charles Humble: Right. Yes. The constant march of technology, I suppose. I think you also have an interim step. I found a fantastic talk actually you gave at re:Invent in 2017 where you were talking about nano-services. I think of nano-service as being smaller than a microservice, but perhaps bigger than a function. So I’m assuming you moved to nano services first and then moved to functions though it’s probably not quite as clean as that. But is that roughly right in terms of the journey?

Matthew Clark: Yeah, that is roughly right. When we started building things in the cloud, because as you say, we moved to a DevOps model where you build it, you own it, you maintain it. That is great for the Continuous Delivery point of view, right? Teams can be fully empowered to build out as they want, and release it as they want and that’s great. But it does come with quite a lot of expense. All of a sudden teams that weren’t doing it before now suddenly need to think about networking, right? How their VPCs are set up. Or best practice for patching OSs or scaling or monitoring all these things that on the data center we had separate operations teams looking after. That’s totally possible of course, the full stack engineer is capable of doing all of those things. But it’s quite a lot of work and a team that specialized in, I don’t know, building great websites and good HTML accessibility, it’s quite a lot for them to learn to be good at all those things.

Matthew Clark: So we looked at how this could happen. This was the days before Serverless really was a thing, before Amazon had launched Lambda, all those kind of things. We wanted something similar, but we said, we want the way in which teams can write the code they want to write and have the full power of the cloud, the ability to release when they want and so on but not have to worry about the practicalities of operating it. We built a platform which is a vector, if you like, as Cloud Functions are today where teams could upload their code, not worry about the servers they’re running on and how they access it. It gave you the golden path for the 80%. If you’re building an API or building a webpage, here’s a standard way of doing it. But you’ve still got the whole cloud if you wanted to do something more tailored or sophisticated.

Matthew Clark: It worked well. One of the things we found was when we gave people the service, the unit of change they wanted to make was smaller than what they’d been doing before. They would change just one page or even one part of the page, or they changed just one API endpoint rather than a set of API endpoints you might have in the microservice. So, yeah, we built this term nano-service, this idea of this unit of change you’re making was smaller than you classically would do if you were running your own virtual server or container. They’re roughly the same size, I think, as a cloud function is today. I didn’t like using the word function because we already had that in programming.

Charles Humble: Right, yes, of course.

Matthew Clark: Because the cloud function is a lot bigger than a programming function. So that’s why we picked this term nano service. I don’t think it will take off now because Cloud Functions are so unique, well so common as a term. But that idea of the smaller units of change, I think we are seeing in the Serverless world that your designs are less about servers or microservice size things are more about these little tiny components that you then hook together in a chain.

When did you move from your custom Nano-service solution to Lambda? [09:29]

Charles Humble: So when did you move from that to Lambda when Lambda became available?

Matthew Clark: So when Lambda first became available, it was quite basic. We looked at it and we looked at what the other cloud providers were doing when they were coming along as well. It was early days for that technology. Certainly for request driven things, building websites and APIs, the performance just wasn’t there. Especially the cold start time. Sometimes you would request something that it could take several seconds to respond, which just isn’t where you want to be of course when building web things. So we actually stuck with our solution for a few years. Then we got to about maybe 2018 and Serverless technology was just coming on nicely with all the cloud providers. We realized right now is the point we need to let go of what we’ve built. This platform we’ve built during these kinds of nano-services, our own cloud function approach. It’s worked well but as the bar raises with the cloud providers doing more and more for you, you’ve got to follow that. You’ve got to stop building your own things in house and move to what can be provided as a commodity off the shelf way.

Matthew Clark: We reached that moment we realized, “Yep, serverless functions are good enough. We should be using them rather than building our own.”

Were there specific reasons why you went to Lambda as opposed to using VMs on EC2, or Fargate? [10:29][10:29]

Charles Humble: Were there specific reasons why you went to Lambda as opposed to, I don’t know, using VMs on EC2 or something like that?

Matthew Clark: It boils down to this idea that why do something that someone else can do for you? I mean, it’s obviously more nuanced than that. But you want your teams to be focusing on what’s really important to the organization. You don’t want to run the servers, be them physical ones in the data center or virtual ones in the cloud, right? The cost of keeping them secure and appropriately scaled, or even getting the auto-scaling right and patched there’s significant overhead to that. With Serverless, you get to a place you really want to get to as an organization. I’ve got my business logic, I’ve got what I want to happen, I just need it to run at the right moment in the right place. Serverless just takes away all those problems so you focus on what really matters.

Charles Humble: I presume it will be similar for something like, say, a Kubernetes cluster or Fargate or something like that?

Matthew Clark: Yeah, Serverless in some ways abstracts even more, doesn’t it? Because you don’t have to worry about … Even less concerned with things like the scaling and the underlying infrastructure and how much capacity you’ve got. But yes, you could have also done this. We’ve not taken the container route just because of the path we’ve taken; it’s a perfectly great route of course. But because we just started the cloud journey early, before Kubernetes was a thing, we got really good at building VM images. So from that, the natural step was to jump to Serverless to free us up even more from the underlining hosting.

Are there  specific advantages that Lambda has for your particular workloads? [11:45]

Charles Humble: Are there  specific advantages that Lambda has for your particular workloads?

Matthew Clark: As well as that general less to worry about the fact that it can scale so quickly is very useful to us because our traffic can vary so much. We can go from thousands to tens of thousands of requests per second in not that long a time and multiple cloud providers can now provide that as a service. But the fact you can do that and you don’t have to worry about auto-scaling taking a minute or two as sometimes it can, or maybe you’ve not quite got every metric for when you need to scale, is it compute? Is it memory? Is it network and so on? You can rely quite on the fact that you have effectively unlimited compute. Each one’s going to have a guaranteed set of factors to CPU and memory more or less. That does provide you with a wonderfully consistent experience for everyone. There’s all kinds of other advantages too we’ve found.

Matthew Clark: Testing is another great one. You can create a test environment, a pre-production environment that behaves exactly the same as your production one. Scale it up for maybe a load test for a few minutes, pay just whatever a few dollars charges for that. The moment you finish your load test, it goes back to being nothing again. That’s super useful for our engineering teams in making sure that our low services will behave the same as they’re evolving.

How do you get observability into your Lambda production systems? [12:55]

Charles Humble: I find that really interesting because a common complaint about Lambda is that it can be quite difficult to debug. Is that something that you’ve found and how do you get observability into your production systems?

Matthew Clark: Not being able to SSH onto the box and do some digging around is definitely a limitation. When you get to the really gnarly things around some low level library or network packets or something, you do miss that moment. It’s not really hit us this one because as you build your Cloud Functions, they’re naturally simpler and smaller than perhaps what you would have built something running on the server, right? They’re typically not that concurrent, don’t handle parallel requests, not very long running, short-lived. They don’t have a lot of states normally. So actually there’s less to go wrong, they don’t find themselves with memory leaks or getting themselves in a bad state. When they do, you can recreate it fairly easily in your local environments. So we’ve not had too much of an issue. The heart of it, of course, is because you’re now more distributed, you have more separate systems. So how do you understand where in the chain the problem is? We’ve gone big on tracing. We give requests IDs the first moment they hit our system and pass that all the way through the stack. That is super useful.

Matthew Clark: Of course you make sure you get the logging right and the metrics and the alarms right as well so you can spot when one part of your system is not behaving as it should.

Can you give us an overview of what the new architecture looks like in terms of traffic management and how the rendering layer works and so on? [14:03]

Charles Humble: We should probably step up a level, can you give us an overview of what the new architecture looks like in terms of traffic management and how the rendering layer works and so on?

Matthew Clark: A high-level overview, when a request comes in for a web page, the first couple of layers are traffic management layers. Because we have so much traffic, reliability is super important to us so it’s a really key layer for us handling that, handling any mischievous requests coming in, making sure people are signed in if necessary. Caching where appropriate to handle the load, handling any errors and so on. So that traffic management is super key. That runs on VMs. We haven’t made that Serverless. Just because it doesn’t make sense, right? That kind of proxying responsibility where you’re handling large amounts of concurrent requests and generally waiting, lot of dwell time waiting for the underlying systems to respond. That’s not a good fit for Serverless today. It’ll be interesting to see if Cloud Functions evolve to make that a more reasonable thing, but today that’s an example where you wouldn’t put it.

Charles Humble: So is that NGINX then, the traffic management layer?

Matthew Clark: Yeah, exactly. A lot of it’s based on NGINX and what you can build off that. Beyond that, then you hit Cloud Functions, the HTML rendering part, like everyone else nowadays we use React and Node.js and the wonderful isomorphic way the same JavaScript runs on the server and then a dynamic client update. So that gets rendered as a function, that works very well that way. We separate that presentation logic from the underlying data logic of “where do you fetch the data and how do you understand it and give the right thing to the right people?” So that’s a separate, kinf of effectively an API, a business layer we call it, again it’s just more functions. So it’s functions calling functions. You have a chain of functions at this point, you have to be a little bit careful how far that goes. Of course those functions are then able to call whatever underlying data store it is to actually fetch the content to build the page. It’s not a million miles off the standard, kind of back to the LAMP stack we were talking about earlier, right?

Matthew Clark: Request comes in, you do it and return. You’re just using functions to do the grunt work, the CPU intense work because it scales so well and there’s less to look after.

Why is your WebCore a monorepo rather than using something like Web Components? [15:52]

Charles Humble: One of the things you talked about in a blog post, which was actually one of the things that kicked this whole podcast of, and I’ll be sure to link to that in the show notes. But one of the things you mention in that blog post is the fact that your WebCore is a monorepo rather than say using Web Components or something like that. Can you talk a little bit more about that particular choice?

Matthew Clark: When you build a site, we found we have lots of teams working together on building the site, right? Different teams will own different pages and sometimes different components within pages. So there’s an interesting question of how do you get them? How do you allow the DevOps Continuous Delivery thing where they can all work on their own and do their own thing and release it in their own cadence, but somehow it comes together to make a really great website? We’d looked at some of the Web Component standards out there that allow you to stitch things together. We’ve done other clever things in the past around your edge, your traffic management stitching together things. The problem with that approach is you end up with different teams doing different things at different rates, and it doesn’t create the best webpage.

Matthew Clark: If you want the consistency in your design and using the same JavaScript libraries. Like for example, we’ve had pages in the past, we’ve had multiple versions of React on them just because different parts of the page we’re upgrading at different times. It doesn’t lead to a fast site. Performance is super important to us. We’ve seen over the years, done a lot of measurement on this. If your page slows down by a couple of seconds, you will lose a quarter if not more of your audience. So performance is super important. Accessibility is another important thing for us. We want to make screen readers and so on to really understand it. So we realized to do this well we needed to have one way of building a website, certainly for the common stuff and decided to go down that monorepo approach. So we have multiple teams owning their own part of that monorepo. We used the GitHub code owners file to help understand who owns what, who needs to review what. But then it all comes together to make one and ultimately one deployment as a function that can render all those different pages.

Charles Humble: Okay. Then if I’m understanding you, all of that rendering is then happening in AWS Lamda, right?

Matthew Clark: That’s right. Yeah. It’s all happening in Lamda. It’s effectively one large Lamda. We might choose to split that up in the future. But as always, you’ve got different projects, different stages so not quite everything happens that way. But for our new stuff, you have that one Lamda that is able to do multiple different pages from that monorepo and multiple teams effectively contributing into that one Lambda.

Why do you not need an API Gateway? [18:02]

Charles Humble: Another thing that I found interesting about your architecture was that you don’t have an API Gateway between your traffic management layer and the Lambda functions, which is typically how it’s done. So it was a bit unexpected. Can you talk about that?

Matthew Clark: We obviously looked at it because that’s the standard way in which you call these functions. But we realized we didn’t need it in our case because we had our own proprietary traffic management layer in front of it. It was able to call the Lambda API directly. So we didn’t need to put in an API gateway. Then that saves a bunch of money also because it’s one fewer step, bit quicker, bit simpler process as well.

What is each Lambda function responsible for? [18:34]

Charles Humble: So it’s a little hard to do this without the aid of a whiteboard, but can you give me a rough breakdown of what each function would be doing? So if I look at the BBC news homepage this morning, then there’s a red box with navigation, you’ve got various headlines, you’ve got some RSS-style abstracts. You’ve got sections for must-see, most watched and so on. That we’ve said is all built with functions. So how does that map? Is that one function per box? Or how does the mapping work?

Matthew Clark: In the past we’ve tried to separate those different parts of the page. Now, as we were saying before, we have that Monorepo for all the presentations bit. So from an HTML rendering/React point of view, there’s one function doing that with different teams building the different components that come into that. But then underneath that at the API level where the data comes from, yes that’s separate. So there’s different parts of the page, the navigation and the main content and the most read, for example, all those bits, you say. That they will be separate functions, each responsible for their own whatever unique data type it is to power that page.

How do you avoid the cost implications of long chains of functions? [19:34]

Charles Humble: You mentioned earlier that you do chain functions, but that does have cost implications, right? So I’m presuming you have some way of managing that and not having overly long chains?

Matthew Clark: The fact that you’re paying for CPU, whether you use it or not means that if you’ve got a functioning waiting on another function, you’re effectively paying for that dwell time which isn’t great. That can add up. So yeah, we try and limit the depth of those function chains to no more than about three. Just so you’re not getting that too far. It’s a balance of course, because you do want the isolation between them. It’s nice to have the separation of concerns between them. So there’s an internal debate always happening how do you get that balance right? You want to optimize for costs, but you also want to optimize for performance and reliability and understanding of what happening.

Did you have issues with setting the right memory profile? [20:15]

Charles Humble: Another thing that can be a bit challenging with Lambda is setting the right memory profile. Was that something you struggled with?

Matthew Clark: There was a trial and error aspect to that. It will be something great if there could be things to help you with that more because you have that balance where it’s a fixed ratio between CPU and memory. We had to go to a GB of memory, even though we don’t actually use anywhere near that. Because we work just on balance that works out to be the best value overall. The fact that you would respond quicker, it makes it cheaper than one of the cheaper ones overall. So there is a bit of trial and error on that. But we did the trail and error, we found the right answer and we just leave it alone now and we’ll review it periodically.

Did you have issues with cold startup? [20:50]

Charles Humble: Cold startup times is another area where Lambda can sometimes be somewhat challenging. Is that something that you’ve found to be tricky?

Matthew Clark: It is. It seems to have got a lot better, but it still is a problem sometimes, it can be several seconds. I mean, over half of our Lambdas will return in 50 milliseconds, we’ve really optimized that and that’s great. But you do get some that can take several seconds. In the worst case that isn’t great. As a website, you really don’t want that to happen. So we watch it carefully. It’s fortunately a small percentage, but it is definitely one of the disadvantages of the cloud function model.

How does the financial cost of running a cloud function model compare to what you had before? [21:22]

Charles Humble: Another potential disadvantage of the cloud function model is the financial cost. When your blog post was first published there was a lot of discussion in the community, some of it honestly fairly wild speculation around the cost with the underlying assumption that Lambda compute cost is higher. I think that underlying assumption is fair. So have you been able to offset that?

Matthew Clark: It is a totally valid argument. Because if you do the raw calculation, how much does it cost to have access to a CPU and memory for a period of time it’s apples and pears, right? They’re different. You can’t really compare. But if you compare the virtual machine versus the function cost it’s between two and five times as much to use the function. So significant, it’s not orders of magnitude. But it’s significant. So yeah, it was a concern I had from the start was, is this going to be a financially not great choice? I always liked the idea that if you design for Serverless in a stateless simple way, then moving that onto a VM or a container later is an achievable thing. So we always have that fallback plan. It turns out we didn’t need it.

Matthew Clark: I mean, there is of course the TCO argument, the Total Cost of Ownership argument, right? You have to do less. I think that’s a totally valid one, but we didn’t need that one either. Because when it came to it, it didn’t cost us any more to use Serverless, maybe even slightly less. Just because you’re not paying for compute for any more than you have to. The millisecond you stop using it, it goes and that makes a big difference. When we run APIs and website servers, you typically run with your CPU usage at 10%-20%, right? That’s best practice, that’s healthy. You don’t want to be contended on CPU or memory or networking or anything else to run a healthy server. Otherwise you will not stay fast and reliable. So if you think about it, say you’re at 20% CPU utilization, you’re effectively paying for five times as much compute as you actually need. So all of a sudden, by comparison, your serverless costs turn out to be pretty similar

Matthew Clark: It’s not quite that simple of course, because you’re also not necessarily using all of your CPU in your Lambda But if you get that right and you’ve got nice fast response times and lots of caching in place to make sure that your functions return quickly, what we found was is that it wasn’t any more expensive as I say, maybe even slightly cheaper.

How is caching handled? [23:20]

Charles Humble: That’s really interesting. Thank you. How’d you handle caching? I think you were using Amazon ElastiCache, which is basically AWS’s hosted service for Redis. Is that still the case?

Matthew Clark: Yeah, we use Redis numerous places. It’s fantastic. It’s such a versatile service.

Charles Humble: So how does Redis work for say caching content?

Matthew Clark: That use case is really simple, Redis at it’s heart is a key-value store. So we have it at multiple layers and whenever content is rendered, be it the HTML or the underlying the data in the API, we simply put it into the key in Redis without an expiry time. Subsequent requests can just pull it from there rather than re-render it again.

Charles Humble: Presumably, because Redis is storing everything in memory, that means that everything is ephemeral?

Matthew Clark: That’s right. I think you can configure it to be more durable than that, but yes, the use case we have you store it in memory. If you lose one of the servers, you will lose the data within it.

Charles Humble: How do you cache bust if you want to force an update?

Matthew Clark: Because it’s a key value that your code is writing to, you’re fully in control of that. So when we do get an event in saying “something has changed” for whatever reason we can update the document within it, or simply mark it as stale. So that next time around we can re-request the data from the underlying data source.

Charles Humble: Do you have problems with cross region calls? I’m guessing you might take a performance hit there?

Matthew Clark: Yeah, we don’t do a lot of cross-regional stuff. So it’s not caused too much of a problem. We noticed that across the availability zones, it can certainly add up. But Redis is so fast. Anyway, sub-millisecond within an AZ and not that many milliseconds across AZ. The performance has always been phenomenal anyway. We haven’t done much cross-regional stuff, but I suspect it’s not bad anyway. You can do master/slave of course as well. So you could have local replicas of your caching if you need to.

How do you use Redis as a queuing system? [24:57]

Charles Humble: Ah, yeah, of course, you could. Yeah, that would totally solve the problem actually, if you were to ever hit it, wouldn’t it? You said already that you’re big fans of Redis and you use it quite extensively. I know that you were using it at least as a queuing system, which I was intrigued by. Back in the late 90s and early 2000s. I did a lot of work in both retail and investment banking, particularly around early internet banking. A lot of that was built on top of what was then called IBM’s MQ Series, which was their early queuing software. It was actually a really brilliant piece of software, very solid, very reliable. The idea of using Redis for queuing, therefore, intrigued me, do you still do that? If you do it, why?

Matthew Clark: Not in our latest stuff. But we do still have that operational for some of the things we’ve made before. It’s an example of where Redis is so flexible. It is a key-value store, but your values can be a range of different types, including lists and even streams in the latest version. So creating something like a queue in Redis is actually not that hard. You can push and pop things off that list effectively to be a queue, you can write Lua, which runs on the box to do some clever stuff like having a dead letter queue or even some more sophisticated things like spotting duplication in queues or having prioritization, for example. Why did we pick Redis? Just because it’s so unbelievably fast that you can communicate between things in a millisecond or sometimes less. It’s phenomenal. Whereas most other queues are tens or hundreds of milliseconds, depending on what they are. It’s an unusual choice, right? Nine times out of 10, if you want a queue, use a queue, right?

Matthew Clark: Use the right tool for the job. I wouldn’t recommend it most of the time, but if you did need something incredibly fast, you were willing to accept data loss, because as you were saying before these boxes can fail and you lose what’s in memory. In a world where you’re maybe tolerant of that and speed is your number one thing. It is an interesting choice.

How many releases a day you’re doing now via CI/CD pipeline? [26:36]

Charles Humble: Yeah, it really is. I’m impressed that you’ve been able to do things like prioritization and dead letter queues and even handle duplication, that’s more than I would have expected. It’s really interesting. We’re coming towards the end of our time. I’d like to touch a little bit on some of the DevOps and more cultural aspects. Can you give us an idea of how many releases a day you’re doing now via CI/CD pipeline?

Matthew Clark: Yeah, that’s a good question. A all of, because there’s an awful lot of internal tools as well so it’s probably every few minutes. But in terms of what the user sees, the kind of website and the APIs that power it, we’re making releases during the workday every 10 to 20 minutes. So fairly frequently. Some of those things you’ll see directly, right? There’ll be presentational things. Some of that will be under the hood things or maybe just one part of the site. But there’s a continuous process through we have, as everyone does nowadays, an automated CI process where as soon as things hit master and pass all the tests they’re immediately launched to live.

How did you manage the organizational shift of moving to the cloud? [27:25]

Charles Humble: One of the interesting things about moving to the cloud is people tend to think of it as a technology move. But actually it’s much broader than that. It’s really a huge cultural shift and a huge organizational transformation in a lot of cases. For something the size of the BBC I’m imagining that could be very challenging.

Matthew Clark: There’s so much we could talk about here. Teams have had to take on more and of course, different teams react in different ways to that. One of the interesting challenges we’ve had of course, is that the cloud gives you the opportunity to do so much and give you so much technology at your fingertips in the way that when you have your own data centers you really couldn’t before you had a much more controlled environment. One of the challenges we’ve had is to find the right way to control that. Because every team is going off and doing a different thing that probably doesn’t make sense from an organizational point of view. So how do you get that balance right between empowering teams and making them want to do that without diverging too much, and having to find a way of bringing that in later? Ultimately this is a transformation program, which [in] large organizations is always an interesting thing to do. It affects hundreds of people to change how they think, change what their day-to-day job is.

Matthew Clark: That is a huge challenge. The amount of communication and ultimately persuasion you need to do is massive. It was one of the things as we rebuilt, we moved from the data center to the cloud we didn’t just want to rebuild like for like, we didn’t want to just lift and shift. We wanted to change our approach and what people were responsible for and how we built and how we made sure we weren’t duplicating anything across teams and all those kinds of things. That’s a huge challenge. You’ve just got to keep plugging away at it and getting people to understand where they need to be.

Did you get pushback from individual developers as their responsibilities changed? [28:48]

Charles Humble: Right. Yeah. I mean, any large-scale organizational transformation is always incredibly difficult. Then thinking about it from the individual engineer’s perspective as well, you said that you’d moved to DevOps, you build it, you run it, you’re responsible for your service running and production world. Again, if you’re an engineer who’s signed up to work at the BBC before this transformation happened, that’s a big shift in role, you know, out of hours and all the rest of it. Did you get pushback from that as well?

Matthew Clark: Yeah. We had that model where engineers had to be on call. Right? You build it, you own everything that’s really key to it. Yeah. It was for some people and not others. We were lucky I think that each team had enough people who were willing to be on call for it to be all right. We have a very good first and second line operations teams as well, keeping things going. So you know you’re only going to get called if there is a genuine issue. So it turned out to be all right in the end.

Charles Humble: That’s very interesting actually, I guess if you’ve got first and second line support that’s really strong then that does reduce the risk of fatigue and burnout and that sort of thing for an engineering team. So actually a very good point. Matthew, thank you so much, I’ve really enjoyed speaking to you today. Really interesting conversation and thank you very much, indeed, for joining us this week on the InfoQ podcast.

Article originally posted on Data Science Central. Visit Data Science Central

Figure 1: Unleashing the Value of Technology Roadmap

In part 1 of the blog series “Unleashing the Business Value of Technology Part 1: Framing the Challenge”, I introduced the 3 stages of “unleashing business value”:  1) Connecting to Value, 2) Envisioning Value and 3) Delivering Value (see Figure 1).

We discussed why technology vendors suck at unleashing the business value of their customers’ technology investments because they approach the challenge with the wrong intent.  We then discussed some failed technology vendor engagement approaches; product-centric approaches that force the customer to “make the leap of faith” across the chasm of value.

We also introduced the Value Engineering Framework as a way to “reframe the customer discussion and engagement approach; a co-creation framework that puts customer value realization at the center of the customer engagement” (see Figure 2).

Figure 2: Value Engineering Framework

The Value Engineering Framework is successful not only because it starts the co-creation relationship around understanding and maximizing the sources of customer value creation, but the entire process puts your customer value creation at the center of the relationship.

In Part 2, we are going to provide some techniques that enable technology vendors to connect to “value”, but that is “value” as defined by the customer, not “value” as defined by product or services capabilities.  The Value Engineering Framework helps transition the customer engagement discussion away from technology outputs towards meaningful and material customer business outcomes (see Figure 3).

Figure 3: Modern Data Governance:  From Technology Outputs to Business Outcomes

So, how do technology vendors “connect to value” in their conversations with customers’ business executives?  They must invest the upfront time to understand where and how value is created by the customer.  Here are a couple of tools and techniques that technology vendors can use to understand and connect with the customer’s sources of value creation.

Step 1:  Understand How Your Customer Makes Money

I’m always surprised by how few technology vendors take the time to read their customers’ financial statements to learn what’s important to their customers. Financial reports, press releases, quarterly analyst calls, corporate blogs and analyst websites (like SeekingAlpha.com) are a rich source of information about an organization’s strategic business initiatives – those efforts by your customers to create new sources of business and operational value.

But before we dive into an annual report exercise, let’s establish some important definitions to ensure that we are talking about the same things:

• Charter or Mission is why an organization exists. For example, the mission for The Walt Disney Company is to be “one of the world’s leading producers and providers of entertainment.”
• Business Objectives describe what an organization expects to accomplish over the next 2 to 5 years. The Business Objectives for The Disney Company might include MagicBand introduction, launch “Black Widow” movie, and launch the new Disney World “Star Wars – Rise of the Resistance Trackless Dark Ride” attraction.
• Business Initiative is a cross-functional effort typically 9-12 months in duration, with well-defined business metrics, that supports the entity’s business objectives. For The Disney Company example, it might be to “leverage the MagicBand to increase guest satisfaction by 15%” or “leverage the MagicBand increase cross-selling of Class B attractions by 10%.”
• Decisions are defined as a conclusion or resolution reached after consideration or analysis that leads to action. Decisions address what to do, when to do it, who does it and where to do it.  For The Disney Company example, “Offer FastPass+ to these guests for these attractions at this time of the day” is an example of a decision.
• Use Cases are a cluster of Decisions around a common subject area in support of the targeted business initiative. The Disney Company use cases supporting the “Increase Class B Attraction Attendance” Business Initiative could include:
  • Increase Class A to Class B attraction cross-promotional effectiveness by X%
  • Optimize Class B attraction utilization using FastPass+ by X%
  • Increase targeted guest park experience using FastPass+ by X%
  • Optimize FastPass+ promotional effectiveness by time-of-day by X%

Using these definitions, let’s examine the Starbucks’ 2019 Annual Report to identify their key business objectives (see Figure 4).

Figure 4: Reading the 2019 Starbucks Annual Report

From Figure 4, we can see that one of Starbucks business objectives is “Providing each customer a unique Starbucks experience.”  (Note:  the annual report is chockfull of great opportunities for technology vendors to co-create value with their customers). Let’s triage Starbuck’s “Unique Starbucks Experience” business objective to understand our technology product and service capabilities can enable their “Providing each customer a unique Starbucks experience”.   Welcome to the “Big Data Strategy Document”.

Step 2:  The Big Data Strategy Document

The Big Data Strategy Document decomposes an organization’s business objective into its potential business initiatives, desired business outcomes, critical success factors against which progress and success will be measured, and key tasks or actions. The Big Data Strategy Document provides a design template for contemplating and brainstorming the areas where the technology vendor can connect to the customer’s sources of value creation prior to ever talking to a customer’s business executives. This includes the following:

1. Business Objective. The title of the document states the 2 to 3-year business strategy upon which big data is focused.
2. Business Initiatives. This section states the 9 to 12-month business initiatives that supports the business strategy (sell more memberships, sell more products, acquire more new customers).
3. Desired Outcomes. This section contains the Desired Business or Operational Outcomes with respect to what success looks like (retained more customers, improved operational uptime, reduced inventory costs).
4. Critical Success Factors (CSF). Critical Success Factors list the key capabilities necessary to support the Desired Outcomes.
5. Use Cases. This section provides the next level of detail regarding the specific use cases (“how to do it”) around which the different part of the organizations will need to collaborate to achieve the business initiatives.
6. Data Sources. Finally, the document highlights the key data sources required to support this business strategy and they key business initiatives.

(Note:  the Big Data Strategy Document is covered in Chapter 3 my first book “Big Data: Understanding How Data Powers Big Business.”  The book provides worksheets to help organizations to determine where and how big data can derive and drive new sources of business and operational value.  Still a damn relevant book!)

See the results of the Starbucks triage exercise in Figure 5.

Figure 5:  Starbucks Big Data Strategy Document

To learn more about leveraging the Big Data Strategy Document, check out this oldie but goodie blog “Most Excellent Big Data Strategy Document”.

Summary: “Connecting to Value”

The challenge most technology vendors face when trying to help their customers unleash the business value of their technology investments, is that vendors don’t intimately understand how their customers create value.  Once the technology vendor understands how the customer creates value, then the technology vendor has a frame against which to position their product and service capabilities to co-create new sources of value for both the customer and the technology vendor.

Posted on nosqlgooglealerts. Visit nosqlgooglealerts

The report by MR Accuracy Reports titled “ NoSQL Market : Global Industry Analysis, Size, Share, Growth, Trends, and Forecasts 2021-2027 ” presents a profound comprehension regarding the functioning and expansion of the NoSQL Market on regional and global level. This analysis report is the collation of all the wide-ranging information relating to the market statistics during the recent years as well as forecasts for coming years. To begin with, the report comprises the major players actively participating and competing within the NoSQL market; it entails several companies, manufacturers, suppliers, organizations, and so on. Thus, the report will assist in understanding the initiatives and approaches implemented by these players to create and reinforce their market presence. The thorough analysis presents a wide-ranging comprehension of the global market in a knowledgeable way. The client can merely point out the steps of the firm by having details regarding their global revenue, market share, price, production & capacity, andrecent developments during the forecast period.

FREE | Request Sample is Available @ https://www.mraccuracyreports.com/report-sample/211522

Global NoSQL Market: Competitive Players

IBM Corporation, Aerospike Inc, MarkLogic Corporation, Hibernate, MariaDB, Oracle Database, Neo technology, MongoDB, Basho Technologies, Couchbase, PostgreSQL

Based on products type, the report describes major products type share of regional market. Products mentioned as follows: Key-Value Store, Document Databases, Column Based Stores, Graph Database.

The report defines major Application share of worldwide market. Application mentioned as follows: Retail, Online Game Development, IT, Social Network Development, Web Applications Management, Others.

The research report includes the outline of the global NoSQL market such as definition, classifications, and applications. Apart from this, it entails the comprehensive assessment of a number of factors like constraints, opportunities, drivers, challenges, and risk. Further, it the global NoSQL market is bifurcated on the basis of diverse parameters into respective segments as well as sub-segments. The report also encompasses the existing, previous, and likely growth trends within the market for each segment and sub-segment. Additionally, the market is also segregated based on regions North America, Europe, Asia-Pacific and Latin America. along with detailed evaluation of their growth, key developments & strategies, opportunities, and the key patterns influencing the market expansion in those regions. The report will further also entail a particular part putting forth the changes and of the ongoing COVID-19pandemic. It comprisesin-depth market analysis rooted on the predictions of post-COVID-19 market circumstances together with data on the existing impacts on the NoSQL market of the pandemic.

Promising Regions & Countries Mentioned In The NoSQL Market Report:

• North America ( United States)
• Europe ( Germany, France, UK)
• Asia-Pacific ( China, Japan, India)
• Latin America ( Brazil)
• The Middle East & Africa

Request Report TOC (Table of Contents) @ https://www.mraccuracyreports.com/reportdetails/reportview/211522

The research report also highlights the wide array of tactical steps, such as latest business deals, joint ventures, partnerships, M&As, technological developments, and launch of new products taking placing in the market. In addition, it scrutinizes several patterns of the global NoSQL market, entailing the rules, criteria, and policy deviations implemented by the private companies and government on the market over the last few years. As a final point, the analysis includes forecasts and historic data making it a beneficial asset for experts, industry executives, presentation, sales & product managers, consultants, and every other person or organization looking for essential market data and statistics.

Key Details & USPs of the Existing Report Study:          

• Worldwide-level market size of NoSQL Market in terms of Volume (K Units) and Value (USD Million) for historical period (2016 – 2019) and projected years (2020 – 2026)
• Region-level (North America, Europe, Asia Pacific, Latin America, and Middle East & Africa) market size of NoSQL Market in terms of Volume (K Units) and Value (USD Million) for historical period (2016 – 2019) and projected years (2020 – 2026)
• Country-level (U.S., Canada, Germany, UK, France, Spain, Italy, China, Japan, India, South Korea, Southeast Asia, Brazil, Mexico, GCC, South Africa, RoW) market size of NoSQL Market in terms of Volume (K Units) and Value (USD Million) for historical period (2016 – 2019) and projected years (2020 – 2026)
• Type market size bifurcated into its individual Product Type (Concentration, Temperature, Combustion, Conductivity, and Others) in terms of Volume (K Units) and Value (USD Million) for historical period (2016 – 2019) and projected years (2020 – 2026)
• Demand Side and Supply Side Perspective and analysis
• Company/Players/Manufacturers/Vendors/Service Providers Market Share
• Competitive Landscape, Competition Matrix, and Player Positioning Analysis
• Market Dynamics, Trends, Factors affecting market growth during upcoming year
• Key Buyers and End-User Analysis
• Value Chain & Supply Chain Analysis including Distribution and Sales Channels as well as Forward and Backward Integration scenarios
• Manufacturing Cost Structure Analysis
• Key Raw Materials Analysis
• Key Pricing Strategies adopted in the market
• Key Marketing Strategies adopted in the market
• Porters Five Forces Analysis
• SWOT Analysis
• PESTLE Analysis

Request corona virus impact analysis on sectors and market

Exclusive Offer: Flat Up to 40% Discount on this report : https://www.mraccuracyreports.com/check-discount/211522

What Reports Provides

• Full in-depth analysis of the parent market
• Important changes in market dynamics
• Segmentation details of the market
• Former, on-going, and projected market analysis in terms of volume and value
• Assessment of niche industry developments
• Market share analysis
• Key strategies of major players
• Emerging segments and regional markets
• Testimonials to companies in order to fortify their foothold in the market.

Also, Research Report Examines:

• Competitive companies and manufacturers in global market
• By Product Type, Applications & Growth Factors
• Industry Status and Outlook for Major Applications / End Users / Usage Area

Thanks for reading this article; you can also get individual chapter wise section or region wise report version like North America, Europe or Asia.

Contact Us:

MR Accuracy Reports

30 Crawley Lane, West Sussex,

RH10 7EG, United Kingdom

Tel – USA +1 8045001224,

APAC- +91 7350728100.

Email   : [email protected]

Website : www.mraccuracyreports.com

https://themarketeagle.com/

Article originally posted on InfoQ. Visit InfoQ

It has been a fairly significant week in the OpenJDK ecosystem.

Two of the JEPs related to the delivery of Pattern Matching have reached Candidate status.

They are Pattern Matching for switch and records and array Patterns

As previously reported by InfoQ, Pattern Matching is one of the major deliverables of Project Amber, which is making steady progress towards delivery, but which will definitely not produce final versions of its long-awaited features in time for Java 17 LTS.

Two security-related features have also made progress:

Remove RMI Activation and Dynamic Deserialization Features, which builds upon earlier work to lock down (and ultimately deprecate) the Java serialization mechanism.

In other security news, the Java applet API is now Targeted for Removal in Java 17

The applet API was one of Java’s original selling points – as a way of delivering rich client applications in the browser – and has been present since Java 1.0. In recent years, however, all mainstream browsers have removed support for this API as the browser has matured as an application delivery platform.

Java 17, nevertheless, will mark a sad milestone as this API is finally removed. With the removal of the Solaris port in Java 15, this will be the end of the road for the original vision of Java as a platform.

Moving on from OpenJDK and Java 17, it has also been 17 Years since the original version of Spring – version 1.0 – was released

The Eclipse Foundation has also had a big week – the formal announcement of the formation of Eclipse Adoptium (the successor to AdoptOpenJDK) – and the news that Eclipse will be given access to the Java TCK – but also the Jetty Project announcing the release of Jetty 11

Around the rest of the ecosystem, an open-source extension to VS Code for visualizing Java applications was announced (via Reddit).

Open Liberty has released version 21.0.0.3 which supports MicroProfile 4.0

The Weld dependency injection framework announced release 4.0.1 – alongside 3.1.7 this largely deals with reflective access issues, in response to the release of Java 16, and the further tightening of access expected in Java 17.

Posted on nosqlgooglealerts. Visit nosqlgooglealerts

Article originally posted on InfoQ. Visit InfoQ

This past week was marked by the online streaming of Cloud Builders Conf and the release of Unity 2020 LTS. InfoQ examined these and a number of smaller stories in the .NET ecosystem from the week of March 22th, 2021.

Cloud Builders Conf is a Ukraine-based conference targeting cloud developers using .NET and JAVA, with speakers from companies such as Microsoft, Google, and Amazon. This year’s speakers included well-known names from the .NET community, such as Scott Hunter and Cecil L. Phillip – both at Microsoft. Hunter presented the first .NET session of the event, a hands-on overview on how to build cloud-native apps with .NET 5. During this session, Hunter also confirmed that this year’s edition of Microsoft Build is scheduled for the end of May. Other interesting sessions in the conference included a deep dive on Dapr (presented by Phillip) and sessions on Azure services and functions. The event ended with a very interesting discussion on choreography versus orchestration, presented by Mete Atamel, developer advocate at Google.

Another interesting event this week was the second part of the monthly WinUI Community Call, hosted by Microsoft. Initially scheduled for last week, this month’s edition had to be separated into two parts due to technical difficulties. In the first part of the event (streamed last week), the WinUI team presented the new WinUI 3 and discussed the new shipping process introduced with Project Reunion. The second part of the event featured a one-hour presentation and Q&A with the guests Jerome Laban and François Tanguay – respectively CTO and CEO of Uno Platform – about developing cross-platform WinUI apps with Uno.

The Unity team released Unity 2020 LTS and Unity 2021.1 Tech Stream. The LTS release is a mature build containing all tech stream releases from the previous calendar year. The Tech Stream release includes a new lifecycle model for the built-in package manager and the first features related to visual scripting, one of the top priorities for this year’s releases.

Following last week’s updates, Akka.NET released a new maintenance version (v1.4.18) with some non-breaking changes. You can find the release notes for this version here. Other releases of this week include a new major version of the Json.NET framework (v13.0.1) and a maintenance release for NLog (v4.7.9)

Article originally posted on Data Science Central. Visit Data Science Central

There are many ways chaos is defined, each scientific field and each expert having its own definitions. We share here a few of the most common metrics used to quantify the level of chaos in univariate time series or data sets. We also introduce a new, simple definition based on metrics that are familiar to everyone. Generally speaking, chaos represents how predictable a system is, be it the weather, stock prices, economic time series, medical or biological indicators, earthquakes, or anything that has some level of randomness. 

In most applications, various statistical models (or data-driven, model-free techniques) are used to make predictions. Model selection and comparison can be based on testing various models, each one with its own level of chaos. Sometimes, time series do not have an auto-correlation function due to the high level of variability in the observations: for instance, the theoretical variance of the model is infinite. An example is provided in section 2.2 in this article  (see picture below), used to model extreme events. In this case, chaos is a handy metric, and it allows you to build and use models that are otherwise ignored or unknown by practitioners.  

Figure 1: Time series with indefinite autocorrelation; instead, chaos is used to measure predictability

Below are various definitions of chaos, depending on the context they are used for. References about how to compute these metrics, are provided in each case.

Hurst exponent

The Hurst exponent H is used to measure the level of smoothness in time series, and in particular, the level of long-term memory. H takes on values between 0 and 1, with H = 1/2 corresponding to the Brownian motion, and H = 0 corresponding to pure white noise. Higher values correspond to smoother time series, and lower values to more rugged data. Examples of time series with various values of H are found in this article, see picture below. In the same article, the relation to the detrending moving average (another metric to measure chaos) is explained. Also, H is related to the fractal dimension. Applications include stock price modeling.

Figure 2: Time series with H = 1/2 (top), and H close to 1 (bottom)

Lyapunov exponent

In dynamical systems, the Lyapunov exponent is used to quantify how a system is sensitive to initial conditions. Intuitively, the more sensitive to initial conditions, the more chaotic the system is. For instance, the system xn+1 = xn – INT(xn), where INT represents the initial conditions, is very sensitive to the initial condition x0. A very small change in the value of x0 results in values of xn that are totally different even for n as low as 45. See how to compute the Lyapunov exponent, here.

Fractal dimension

A one-dimensional curve can be defined parametrically by a system of two equations. For instance x(t) = sin(t), y(t) = cos(t) represents a circle of radius 1, centered at the origin. Typically, t is referred to as the time, and the curve itself is called an orbit. In some cases, as t increases, the orbit fills more and more space in the plane. In some cases, it will fill a dense area, to the point that it seems to be an object with a dimension strictly between 1 and 2. An example is provided in section 2 in this article, and pictured below. A formal definition of fractal dimension can be found here.

Figure 3: Example of a curve filling a dense area (fractal dimension  >  1)

Approximate entropy

In statistics, the approximate entropy is a  metric used to quantify regularity and predictability in time series fluctuations. Applications include medical data, finance, physiology, human factors engineering, and climate sciences. See the Wikipedia entry, here.

It should not be confused with entropy, which measures the amount of information attached to a specific probability distribution (with the uniform distribution on [0, 1] achieving maximum entropy among all continuous distributions on [0, 1], and the normal distribution achieving maximum entropy among all continuous distributions defined on the real line, with a specific variance). Entropy is used to compare the efficiency of various encryption systems, and has been used in feature selection strategies in machine learning, see here.

Independence metric 

Here I discuss some metrics that are of interest in the context of dynamical systems, offering an alternative to the Lyapunov exponent to measure chaos. While the Lyapunov exponents deals with sensitivity to initial conditions, the classic statistics mentioned here deals with measuring predictability for a single instance (observed time series) of a dynamical systems. However, they are most useful to compare the level of chaos between two different dynamical systems with similar properties. A dynamical system is a sequence xn+1 = T(xn), with initial condition x0. Examples are provided in my last two articles, here and here. See also here. 

A natural metric to measure chaos is the maximum autocorrelation in absolute value, between the sequence (xn), and the shifted sequences (xn+k), for k = 1, 2, and so on. Its value is maximum and equal to 1 in case of periodicity, and minimum and equal to 0 for the most chaotic cases. However, some sequences attached to dynamical systems, such as the digit sequence pictured in Figure 1 in this article, do not have theoretical autocorrelations: these autocorrelations don’t exist because the underlying expectation or variance is infinite or does not exist. A possible solution with positive sequences is to compute the autocorrelations on yn = log(xn) rather than on the xn‘s.

In addition, there may be strong non-linear dependencies, and thus high predictability for a sequence (xn), even if autocorrelations are zero. Thus the desire to build a better metric. In my next article, I will introduce a metric measuring the level of independence, as a proxy to quantify chaos. It will be similar in some ways to the Kolmogorov-Smirnov metric used to test independence and illustrated here, however, without much theory, essentially using a machine learning approach and data-driven, model-free techniques to build confidence intervals and compare the amount of chaos in two dynamical systems: one fully chaotic versus one not fully chaotic. Some of this is discussed here.

I did not include the variance as a metric to measure chaos, as the variance can always be standardized by a change of scale, unless it is infinite.

To receive a weekly digest of our new articles, subscribe to our newsletter, here.

About the author:  Vincent Granville is a data science pioneer, mathematician, book author (Wiley), patent owner, former post-doc at Cambridge University, former VC-funded executive, with 20+ years of corporate experience including CNET, NBC, Visa, Wells Fargo, Microsoft, eBay. Vincent is also self-publisher at DataShaping.com, and founded and co-founded a few start-ups, including one with a successful exit (Data Science Central acquired by Tech Target). You can access Vincent’s articles and books, here.