Tech Guides

Everybody is facing a battle these days. Though it may not be immediately apparent, it is already affecting a majority of the global population. This battle is not fought with bombs, planes, or tanks or with any physical weapons for that matter. This battle is for our online privacy. A survey made last year discovered 69% of data breaches were related to identity theft. Another survey shows the number of cases of data breaches related to identity theft has steadily risen over the last 4 years worldwide. And it is likely to increase as hackers are gaining easy access more advanced tools. The EU’s GDPR may curb this trend by imposing stricter data protection standards on data controllers and processors. These entities have been collecting and storing our data for years through ads that track our online habits-- another reason to protect our online anonymity. However, this new regulation has only been in force for over a month and only within the EU. So, it's going to take some time before we feel its long-term effects. The question is, what should we do when hackers out there try to steal and maliciously use our personal information? Simple: We defend ourselves with tools at our disposal to keep ourselves completely anonymous online. So, here’s a list you may find useful. 1. VPNs A VPN helps you maintain anonymity by hiding your real IP and internet activity from prying eyes. Normally, your browser sends a query tagged with your IP every time you make an online search. Your ISP takes this query and sends it to a DNS server which then points you to the correct website. Of course, your ISP (and all the servers your query had to go through) can, and will likely, view and monitor all the data you course through them-- including your personal information and IP address. This allows them to keep a tab on all your internet activity. A VPN protects your identity by assigning you an anonymous IP and encrypting your data. This means that any query you send to your ISP will be encrypted and no longer display your real IP. This is why using a VPN is one of the best ways to keeping anonymous online. However, not all VPNs are created equal. You have to choose the best one if you want airtight security. Also, beware of free VPNs. Most of them make money by selling your data to advertisers. You’ll want to compare and contrast several VPNs to find the best one for you. But, that’s sooner said than done with so many different VPNs out there. Look for reviews on trustworthy sites to find the best vpn for your needs. 2. TOR Browser The Onion Router (TOR) is a browser that strengthens your online anonymity even more by using different layers of encryption-- thereby protecting your internet activity which includes “visits to Web sites, online posts, instant messages, and other communication forms”. It works by first encasing your data in three layers of encryption. Your data is then bounced three times-- each bounce taking off one layer of encryption. Once your data gets to the right server, it “puts back on” each layer it has shed as it successively bounces back to your device. You can even improve TOR by using it in combination with a compatible VPN. It is important to note, though, that using TOR won’t hide the fact that you’re using it. Some sites may restrict allowances made through TOR. 3. Virtual machine A Virtual machine is basically a second computer within your computer. It lets you emulate another device through an application. This emulated computer can then be set according to your preferences. The best use for this tool, however, is for tasks that don’t involve an internet connection. It is best used for when you want to open a file and want to make sure no one is watching over your shoulder. After opening the file, you then simply delete the virtual machine. You can try VirtualBox which is available on Windows, Linux, and Mac. 4. Proxy servers A proxy server is an intermediary between your device and the internet. It’s basically another computer that you use to process internet requests. It’s similar to a virtual machine in concept but it’s an entirely separate physical machine. It protects your anonymity in a similar way a VPN does (by hiding your IP) but it can also send a different user agent to keep your browser unidentifiable and block or accept cookies but keep them from passing to your device. Most VPN companies also offer proxy servers so they’re a good place to look for a reliable one. 5. Fake emails A fake email is exactly what the name suggests: an email that isn’t linked to your real identity. Fake emails aid your online anonymity by not only hiding your real identity but by making sure to keep you safe from phishing emails or malware-- which can be easily sent to you via email. Making a fake email can be as easy as signing up for an email without using your real information or by using a fake email service. 6. Incognito mode “Going incognito” is the easiest anonymity tool to come by. Your device will not store any data at all while in this mode including: your browsing history, cookies, site data, and information entered in forms. Most browsers have a privacy mode that you can easily use to hide your online activity from other users of the same device. 7. Ad blockers Ads are everywhere these days. Advertising has and always will be a lucrative business. That said, there is a difference between good ads and bad ads. Good ads are those that target a population as a whole. Bad ads (interest-based advertising, as their companies like to call it) target each of us individually by tracking our online activity and location-- which compromises our online privacy. Tracking algorithms aren’t illegal, though, and have even been considered “clever”. But, the worst ads are those that contain malware that can infect your device and prevent you from using it. You can use ad blockers to combat these threats to your anonymity and security. Ad blockers usually come in the form of browser extensions which instantly work with no additional configuration needed. For Google Chrome, you can choose either Adblock Plus, uBlock Origin, or AdBlock. For Opera, you can choose either Opera Ad Blocker, Adblock Plus, or uBlock Origin. 8. Secure messaging apps If you need to use an online messaging app, you should know that the popular ones aren’t as secure as you’d like them to be. True, Facebook messenger does have a “secret conversation” feature but Facebook hasn’t exactly been the most secure social network to begin with. Instead, use tools like Signal or Telegram. These apps use end-to-end encryption and can even be used to make voice calls. 9. File shredder The right to be forgotten has surfaced in mainstream media with the onset of the EU’s General Data Protection Regulation. This right basically requires data collecting or processing entities to completely remove a data subject’s PII from their records. You can practice this same right on your own device by using a “file shredding” tool. But the the thing is: Completely removing sensitive files from your device is hard. Simply deleting it and emptying your device’s recycle bin doesn’t actually remove the file-- your device just treats the space it filled up as empty and available space. These “dead” files can still haunt you when they are found by someone who knows where to look. You can use software like Dr. Cleaner (for Mac) or Eraser (for Win) to “shred” your sensitive files by overwriting them several times with random patterns of random sets of data. 10. DuckDuckGo DuckDuckGo is a search engine that doesn’t track your behaviour (like Google and Bing that use behavioural trackers to target you with ads). It emphasizes your privacy and avoids the filter bubble of personalized search results. It offers useful features like region-specific searching, Safe Search (to protect against explicit content), and an instant answer feature which shows an answer across the top of the screen apart from the search results. To sum it up: Our online privacy is being attacked from all sides. Ads legally track our online activities and hackers steal our personal information. The GDPR may help in the long run but that remains to be seen. What's important is what we do now. These tools will set you on the path to a more secure and private internet experience today. About the Author Dana Jackson, an U.S. expat living in Germany and the founder of PrivacyHub. She loves all things related to security and privacy. She holds a degree in Political Science, and loves to call herself a scientist. Dana also loves morning coffee and her dog Paw.   [divider style="normal" top="20" bottom="20"] Top 5 cybersecurity trends you should be aware of in 2018 Twitter allegedly deleted 70 million fake accounts in an attempt to curb fake news Top 5 cybersecurity myths debunked  

Cybersecurity trends seem to be changing at an incredible rate. That poses new opportunities for criminals and new challenges for the professionals charged with securing our systems. High profile  attacks not only undermine trust in huge organizations, they also highlight a glaring gap in how we manage cybersecurity in a rapidly changing world. It also highlighted that attackers are adaptive and incredibly intelligent, evolving their techniques to adapt to new technologies and new behaviors. The big question is what the future will bring. What cybersecurity trends will impact the way cybersecurity experts work - and the way cybercriminals attack - for the rest of 2018 and beyond. Let’s explore some of the top cyber security trends and predictions of 2018: Artificial Intelligence and machine learning based cyber attacks and defenses AI and ML have started impacting major industries in various ways, but one of the most exciting applications is in cybersecurity. Basically, Artificial Intelligence and Machine Learning algorithms can learn from past events in order to help predict and identify vulnerabilities within a software system. They can also be used to detect anomalies in behavior within a network. A report from Webroot claims that more than 90% of cybersecurity professionals use AI to improve their security skills. However, while AI and machine learning can help security professionals, it is also being used by cybercriminals too. It seems obvious: if cyber security pros can use AI to identify vulnerabilities, so can people that seek to exploit them. Expect this back and forth to continue throughout 2018 and beyond. Ransomware is spreading like fire Storing data on the cloud has many benefits, but it can be an easy target for cyber criminals. Ransomware is one such technique - criminals target a certain area of data and hold it to ransom. It’s already a high profile cyber security concern. Just look at WannaCry, Petya, Meltdown, and Spectre, some of the biggest cyber security attacks in 2017. The bigger players (Google, AWS, and Azure) of the cloud market are trying to make it difficult for attackers, but smaller cloud service providers end up paying customers for data breaches. The only way these attacks can be reduced is by performing regular back-ups, updating security patches, and strengthening real-time defenses. Complying with GDPR GDPR (General Data Protection) is an EU regulation that tightens up data protection and privacy for individuals within the European Union. The ruling includes mandatory rules that all companies will have to follow when processing and storing personal data. From 25 May, 2018, General Data Protection (GDPR) will come into effect where important changes will be implemented to the current data protection directive. To mention a few it will include increased territorial scope,stricter consent laws, elevated rights and more. According to Forrester report 80% companies will fail to comply with GDPR out of which 50% would choose not to, considering the cost of compliance. Penalties for non-compliance would reach upto €20m or 4% of worldwide annual turnover, whichever is greater. The rise of Cyberwar Taking current cybersecurity scenario into consideration, there are high possibilities 2018 will be the year of international conflict in cyberspace. This may include cyber crimes on government and financial systems or their infrastructure and utilities. Chances are cyber-terrorism groups will target sensitive areas like banks, press, government, law-enforcement and more similar areas. The Ashley Madison attack – which involved attackers threatening to release personal information about users if the site was not shut down – shows that ideological motivated attacks are often very targeted and sophisticated with the goal of data theft and extortion. The attack on Ashley Madison is testament to the fact that companies need to be doing more as attackers become more motivated. You should not be surprised to see cyber-attacks going beyond financial benefits. The coming year can witness cyber crimes which are politically motivated that is designed to acquire intelligence to benefit a particular political entity. These methods can also be used to target electronic voting system in order to control public opinion. These kind of sophisticated attacks are usually well-funded and lead to public chaos. Governments will need to take extensive checks to ensure their network and ecosystem is well protected. Such instances might lead to loss of right to remain anonymous on the web. Like everything else, this move will also have two sides of the coin. Attacking cyber currencies and blockchain systems Since Bitcoin and Blockchain were booming in the year 2017, it becomes a crucial target area for hackers. Chances are attackers may target smaller blockchain systems who opt for weaker cryptographic algorithms to increase performance. On the other hand, the possibility of cryptographic attack against Bitcoin can be minimum. The major worry here would about attacking a block with minimum security practices, but eventually that block could lead to larger blockchain system. One of the major advantage for attackers here is they don’t really need to know who the opposite partner is, as only a verified participant is authorised to execute the trade. Here, trust or risk plays an important part and that is blockchain’s sweet spot. For example: Receiving payments in government issued currencies have higher possibilities of getting caught but there is a higher probability of succeeding in cryptocurrency payments. Well, this may be the end of this article but is not an end to the way things might turn out to be in 2018. We still stand midway through another year and the war of cyberthreats rages. Don’t be surprised to hear something different or new as malicious hackers keep trying newer techniques and methodologies to destroy a system. Related links WPA3: Next-generation Wi-Fi security is here The 10 most common types of DoS attacks you need to know 12 common malware types you should know

The world is abuzz with automation. It is everywhere today and becoming an integral part of organizations and processes. Software testing, an intrinsic part of website/app/software development has also been taken over by test automation tools. However, as it happens in many software markets, a surplus of tools complicates the selection process. We have identified top 5 testing frameworks, used by most developers for automating the testing process. These automation testing frameworks cover a broad range of devices and support different scripting languages. Each framework has their own uniques pros, cons, and learning approaches. Selenium [box type="shadow" align="" class="" width=""]Creators: Jason Huggins Language: Java Current version: 3.11.0 Popularity: 11,031 stars on GitHub[/box] Selenium is probably the most popular test automation framework, primarily used for testing web apps.  However, selenium can also be used in cloud-based services, load-testing services and for monitoring, quality assurance, test architecture, regression testing, performance analysis, and mobile testing. It is open source; i.e., the source code can be altered and modified if you want to customize it for your testing purposes. It is flexible enough for you to write your own script and add functionality to test scripts and the framework. The Selenium suite consists of four different tools: Selenium IDE, Selenium Grid, Selenium RC, and Selenium WebDriver. It also supports a wide range of programming languages such as C#, Java, Python, PHP, Ruby, Groovy, and Perl. Selenium is portable, so it can be run anywhere, eliminating the need to configure it specifically for a particular machine. It becomes quite handy when you are working in varied environments and platforms supporting various system environments - Windows, Mac, Linux and browsers - Chrome, Firefox, IE, and Headless browsers. Most importantly, Selenium has a great community which implies more forums, more resources, examples, and solved problems. Appium [box type="shadow" align="" class="" width=""]Creators: Dan Cuellar Language: C# Current version: 1.8.1 Popularity: 7,432 stars on GitHub[/box] Appium is an open source test automation framework for testing native, hybrid, and mobile web applications. It allows you to run automated tests on actual devices, emulators (Android), and simulators (iOS). It provides cross-platform solutions for native and hybrid mobile apps, which means that the same test cases will work on multiple platforms (iOS, Android, Windows, Mac).  Appium also allows you to talk to other Android apps that are integrated with App Under Test (AUT). Appium has a client-server architecture. It extends the WebDriver client libraries, which are already written in most popular programming languages. So, you are free to use any programming language to write the automation test scripts. With Appium, you can also run your test scripts in the cloud using services such as Sauce Labs and Testdroid. Appium is available on GitHub with documentations and tutorial to learn all that is needed. The Appium team is alive, active, and highly responsive as far as solving an issue is concerned. Developers can expect a reply after no more than 36 hours, after an issue is opened. The community around Appium is also pretty large and growing every month. Katalon Studio [box type="shadow" align="" class="" width=""]Creators: Katalon LLC. Language: Groovy Current version: 5.4.2[/box] Katalon Studio is another test automation solution for web application, mobile, and web services. Katalon Studio uses Groovy, a language built on top of Java. It is built on top of the Selenium and Appium frameworks, taking advantage of these two for integrated web and mobile test automation. Unlike Appium, and Selenium, which are more suitable for testers who possess good programming skills, Katalon Studio can be used by testers with limited technical knowledge. Katalon Studio has a interactive UI with drag-drop features, select keywords and test objects to form test steps functionalities. It has a manual mode for technically strong users and a scripting mode that supports development facilities like syntax highlighting, code suggestion and debugging. On the down side, Katlon has to load many extra libraries for parsing test data, test objects, and for logging. Therefore, it may be a bit slower for long test cases as compared to other testing frameworks which use Java. Robot Framework [box type="shadow" align="" class="" width=""]Creators: Pekka Klärck, Janne Härkönen et al. Language: Python Current version: 3.0.4 Popularity: 2,393 stars on GitHub[/box] Robot Framework is a Python-based, keyword-driven, acceptance test automation framework. It is a general purpose test automation framework primarily  used for acceptance testing and streamlines it into mainstream development, thus giving rise to the concept of acceptance test driven development (ATDD). It was created by Pekka Klärck as part of his master's thesis and was developed within Nokia Siemens Networks in 2005. Its core framework is written in Python, but it also supports IronPython (.NET), Jython (JVM) and PyPy. The Keyword driven approach simplifies tests and makes them readable. There is also provision for creating reusable higher-level keywords from existing ones. Robot Framework stands out from other testing tools by working on easy-to-use tabular test files that provide different approaches towards test creation. It is the extensible nature of the tool that makes it so versatile. It can be adjusted into different scenarios and used with different software backend such as by using Python and Java libraries, and also via different API’s. Watir [box type="shadow" align="" class="" width=""]Creators: Bret Pettichord, Charley Baker, and more. Language: Ruby Current version: 6.7.2 Popularity: 1126 stars on GitHub[/box] Watir is powerful test automation tool based on a family of ruby libraries. It stands for Web Application Testing In Ruby. Watir can connect to databases, export XML, and structure code as reusable libraries, and read data files and spreadsheets all thanks to Ruby. It supports cross-browser and data-driven testing and the tests are easy to read and maintain. It also integrates with other BBD tools such as Cucumber, Test/Unit, BrowserStack or SauceLabs for cross-browser testing and Applitools for visual testing. Whilst Watir supports only Internet Explorer on Windows, Watir-WebDriver, the modern version of the Watir API based on Selenium,  supports Chrome, Firefox, Internet Explorer, Opera and also can run in headless mode (HTMLUnit). [dropcap]A[/dropcap]ll the frameworks that we discussed above offer unique benefits based on their target platforms and respective audiences. One should avoid selecting a framework based solely on technical requirements. Instead, it is important to identify what is suitable to developers, their team, and the project. For instance, even though general-purpose frameworks cover a broad range of devices, they often lack hardware support. And frameworks which are device-specific often lack support for different scripting languages and approaches. Work with what suits your project and your team requirements best. Selenium and data-driven testing: An interview with Carl Cocchiaro 3 best practices to develop effective test automation with Selenium Writing Your First Cucumber Appium Test

Over the last couple of weeks the world has been watching on as rescuers attempted to find, and then save, a young football team from Tham Luang caves in Thailand. Owing to a remarkable coordinated effort, and a lot of bravery from the team (including one diver who died), all 12 boys were brought back to safety. Tech played a big part in the rescue mission too - from drones to subterranean radios. But it wanted to play a bigger role - or at least Elon Musk wanted it to. Musk and his submarine has been a somewhat bizarre subplot to this story, and while you can't fault someone for offering to help out in a crisis, you might even say it was unnecessary. Put simply, Elon Musk's involvement in this story is a fable about the worst aspects of tech-solutionism. It offers an important lesson for anyone working in tech how not to solve problems. Bringing a tiny submarine to a complex rescue mission that requires coordination between a number of different agencies, often operating from different countries is a bit like telling someone to use Angular to build their first eCommerce store. It's like building an operating system from scratch because your computer has crashed. Basically, you just don't need it. There are better and more appropriate solutions - like Shopify or WooCommerce, or maybe just rebooting your system. Lesson 1: Don't insert yourself in problems if you're not needed Elon Musk first offered his support to the rescue mission in Thailand on July 4. It was a response to one of his followers. https://twitter.com/elonmusk/status/1014509856777293825 Musk's first instincts were measures, saying that he suspects 'the Thai government has got this under control' but it didn't take long for his mind to change. Without any specific invitation or coordination with the parties leading the rescue mission, Musk's instincts to innovate and create kicked in. This sort of situation is probably familiar to anyone who works in tech - or, for that matter, anyone who has ever had a job. Perhaps you're the sort of person who hears about a problem and your immediate instinct is to fix it. Or perhaps you've been working on a project, someone hears about it, and immediately they're trying to solve all the problems you've been working on for weeks or months. Yes, sometimes it's appealing, but on the other side it can be incredibly annoying and disruptive. This is particularly true in software engineering where you're trying to solve problems at every level - from strategy to code. There's rarely a single solution. There's always going to be a difference of opinion. At some point we need to respect boundaries and allow the right people to get on with the job. Lesson 2: Listen to the people involved and think carefully about the problem you're trying to solve One of the biggest challenges in problem solving is properly understanding the problem. It's easy to think you've got a solution after a short conversation about a problem but there may be nuances you've missed or complexities that aren't immediately clear. Humility can be a very valuable quality when problem solving. It allows everyone involved to think clearly about the task at hand; it opens up space for better solutions. As the old adage goes, when every problem looks like a nail, every solution looks like a hammer. For Musk, when a problem looks like kids stuck in an underwater cave, the solution looks like a kid-sized submarine. Never mind that experts in Thailand explained that the submarine would not be 'practical.' For Musk, a solution is a solution. "Although his technology is good and sophisticated it’s not practical for this mission" said Narongsak Osatanakorn, one of the leaders of the rescue mission, speaking to the BBC and The Guardian. https://twitter.com/elonmusk/status/1016110809662066688 Okay, so perhaps that's a bit of a facetious example - but it is a problem we can run into, especially if we work in software. Sometimes you don't need to build a shiny new SPA - your multi-page site might be just fine for its purpose. And maybe you don't need to deploy on containers - good old virtual machines might do the job for you. In these sort of instances it's critical to think about the problem at hand. To do that well you also need to think about the wider context around it - what infrastructure is already there? If we change something, is that going to have a big impact on how it's maintained in the future? In many ways, the lesson here recalls the argument put forward by the Boring Software Manifesto in June. In it, the writer argued in favor of things that are 'simple and proven' over software that is 'hyped and volatile'. Lesson 3: Don't take it personally if people decline your solutions Problem solving is a collaborative effort, as we've seen. Offering up solutions is great - but it's not so great when you react badly to rejection. https://twitter.com/elonmusk/status/1016731812159254529 Hopefully, this doesn't happen too much in the workplace - but when your job is to provide solutions, it doesn't help anyone to bring your ego into it. In fact, it indicates selfish motives behind your creative thinking. This link between talent, status and ego has been developing for some time now in the tech world. Arguably Elon Musk is part of a trend of engineers - ninjas, gurus, wizards, whatever label you want to place on yourself - for whom problem-solving is as much an exercise in personal branding as it is actually about solving problems. This trend is damaging for everyone - it not only undermines people's ability to be creative, it transforms everyone's lives into a rat race for status and authority. That's not only sad, but also going to make it hard to solve real problems. Lesson 4: Sometimes collaboration can be more inspiring than Elon Musk Finally, let's think about the key takeaway here: everyone in that cave was saved. And this wasn't down to some miraculous invention. It was down to a combination of tools - some of them even pretty old. It wasn't down to one genius piece of engineering, but instead a combination of creative thinking and coordinated problem solving that used the resources available to bring a shocking story to a positive conclusion. Working in tech isn't always going to be a matter of life and death - but it's the collaborative and open world we want to work in, right?

Whether it’s for work or pleasure, we are all spending more time online than ever before. Given how advanced and user-friendly modern technology is, it is not surprising that the online world has come to dominate the offline. However, as our lives are increasingly digitized, the need to keep us and our information secure from criminals has become increasingly obvious. Recently, a virtually unknown marketing and data-aggregation company Exactis has fallen victim to a major data breach. According to statements, the company might’ve been responsible for exposing up to 340 million individual records on a publicly accessible server. In this time and age, data breaches are not a rare occurrence. Major corporations face cybersecurity problems on a daily basis. Clearly, there is a thriving criminal market for hackers. But how can the average internet user keep safe? Knowing these 5 myths will definitely help you get started! Myth 1: A Firewall keeps me safe As you would expect, hackers know a great deal about computers. The purpose of what they do is to gain access to systems that they should not have access to. According to a research conducted by Breach Investigation Reports, cybersecurity professionals only regard 17% of threats as being highly challenging. This implies that they view the vast majority of what they do as very easy. All businesses and organizations should maintain a firewall, but it should not lull you into a false sense of security. A determined hacker will use a variety of online and offline techniques to get into your systems. Just last month, Cisco, a well known tech company, has discovered 24 security vulnerabilities in their firewalls, switches, and security devices. On June 20, the company released the necessary updates, which counteract those vulnerabilities. While firewalls are a security measure, it is essential to understand that they are susceptible to something known as a zero-day attack. Zero-day attacks are unknown, or newly designed intrusions that target vulnerabilities before a security patch is released. Myth 2: HTTPS means I’m secure Sending information over an HTTPS connection means that the information will be encrypted and secured, preventing snooping from outside parties. HTTPS ensures that data is safe as it is transferred between a web server and a web browser. While HTTPS will keep your information from being decrypted and read by a third party, it remains vulnerable. Though the HTTPS protocol has been developed to ensure secure communication, the infamous DROWN attack proved everyone wrong. As a result of DROWN more than 11 million HTTPS websites’ had their virtual security compromised. Remember, from the perspective of a hacker, who’s looking for a way to exploit your website, the notion of unbreakable or unhackable does not exist. Myth 3: My host ensures security This is a statement that’s never true. Hosting service providers are responsible for thousands of websites, so it is absurd to think that they can manage security on each one individually. They might have some excellent general security policies in place, yet they can’t ensure total security for quite a few reasons. Just like any other company that collects and maintains data, hosting providers are just as susceptible to cyber attacks. Just last year, Deep Hosting, a Dark Web hosting provider, suffered a security breach, which led to some sites being exported. It’s best not to assume that your host has it covered when it comes to your security. If you haven’t set the protections up yourself, consider them non-existent until you’ve seen and configured them. Myth 4: No Internet connection means no virtual security threats This is a pervasive myth, but a myth nonetheless. Unless you are dealing with a machine that is literally never allowed to connect to a network, at some point, it will communicate with other computers. Whenever this happens, there is the potential for malware and viruses to spread. In some instances, malware can infect your operating system via physical data sharing devices like USB drives or CDs. Infecting your computer with malware could have detrimental outcomes. For instance, a ransomware application can easily encrypt vast quantities of data in just a few moments. Your best bet to maintain a secure system at all times is by running a reliable antimalware tool on your computer. Don’t assume that just because a computer has remained offline, it can’t be infected. In 2013 first reports came in that scientist have developed a prototype malware that might be able to use inaudible audio signals to communicate. As a result of that, a malicious piece of software could communicate and potentially spread to computers that are not connected to a network. Myth 5: A VPN ensures security VPNs can be an excellent way of improving your overall online security by hiding your identity and making you much more difficult to trace. However, you should always be very careful about the VPN services that you use, especially if they are free. There are many free VPNs which exist for nefarious purposes. They might be hiding your IP address (many are not), but their primary function is to siphon away your personal data, which they will then sell. The simplest way to avoid these types of thefts is to, first of all, ensure that you thoroughly research and vet any service before using it. Check this list to be sure that a VPN service of your choice does not log data. Often a VPNs selling point is security and privacy. However, that’s not the case at all times. Not too long ago, PureVPN, a service that stated in its policies that it maintains a strict no-log approach at all times, have been exposed to lying. As it turns out, the company handed over information to the FBI regarding the activity of a cyberbully, Ryan Lin, who used a number of security tools, including PureVPN, to conceal his identity. [dropcap]M[/dropcap]any users have fallen prey to virtual security myths and suffered detrimental consequences. Cybersecurity is something that we should all take more seriously, especially as we are putting more of our lives online than ever before. Knowing the above 5 cybersecurity myths is a useful first step in implementing better practices yourself. About the author   Harold Kilpatrick is a cybersecurity consultant and a freelance blogger. He's currently working on a cybersecurity campaign to raise awareness around the threats that businesses can face online.   Cryptojacking is a growing cybersecurity threat, report warns Top 5 cybersecurity assessment tools for networking professionals How can cybersecurity keep up with the rapid pace of technological change?

A design pattern is a reusable solution to a recurring problem in software design. It is not a finished piece of code but a template that helps to solve a particular problem or family of problems. In this article, we will talk about the Gang of Four design patterns. The gang of four, authors Erich Gamma, Richard Helm, Ralph Johnson and John Vlissides, initiated the concept of Design Pattern in Software development. These authors are collectively known as Gang of Four (GOF). We are going to focus on the design patterns from the Scala point of view. All different design patterns can be grouped into the following types: Creational Structural Behavioral These three groups contain the famous Gang of Four design patterns.  In the next few subsections, we will explain the main characteristics of the listed groups and briefly present the actual design patterns that fall under them. This article is an excerpt from Scala Design Patterns - Second Edition by Ivan Nikolov. In this book, you will learn how to write efficient, clean, and reusable code with Scala. Creational design patterns The creational design patterns deal with object creation mechanisms. Their purpose is to create objects in a way that is suitable to the current situation, which could lead to unnecessary complexity and the need for extra knowledge if they were not there. The main ideas behind the creational design patterns are as follows: Knowledge encapsulation about the concrete classes Hiding details about the actual creation and how objects are combined We will be focusing on the following creational design patterns in this article: The abstract factory design pattern The factory method design pattern The lazy initialization design pattern The singleton design pattern The object pool design pattern The builder design pattern The prototype design pattern The following few sections give a brief definition of what these patterns are. The abstract factory design pattern This is used to encapsulate a group of individual factories that have a common theme. When used, the developer creates a specific implementation of the abstract factory and uses its methods in the same way as in the factory design pattern to create objects. It can be thought of as another layer of abstraction that helps to instantiate classes. The factory method design pattern This design pattern deals with the creation of objects without explicitly specifying the actual class that the instance will have—it could be something that is decided at runtime based on many factors. Some of these factors can include operating systems, different data types, or input parameters. It gives developers the peace of mind of just calling a method rather than invoking a concrete constructor. The lazy initialization design pattern This design pattern is an approach to delay the creation of an object or the evaluation of a value until the first time it is needed. It is much more simplified in Scala than it is in an object-oriented language such as Java. The singleton design pattern This design pattern restricts the creation of a specific class to just one object. If more than one class in the application tries to use such an instance, then this same instance is returned for everyone. This is another design pattern that can be easily achieved with the use of basic Scala features. The object pool design pattern This design pattern uses a pool of objects that are already instantiated and ready for use. Whenever someone requires an object from the pool, it is returned, and after the user is finished with it, it puts it back into the pool manually or automatically. A common use for pools are database connections, which generally are expensive to create; hence, they are created once and then served to the application on request. The builder design pattern The builder design pattern is extremely useful for objects with many possible constructor parameters that would otherwise require developers to create many overrides for the different scenarios an object could be created in. This is different to the factory design pattern, which aims to enable polymorphism. Many of the modern libraries today employ this design pattern. As we will see later, Scala can achieve this pattern really easily. The prototype design pattern This design pattern allows object creation using a clone() method from an already created instance. It can be used in cases when a specific resource is expensive to create or when the abstract factory pattern is not desired. Structural design patterns Structural design patterns exist in order to help establish the relationships between different entities in order to form larger structures. They define how each component should be structured so that it has very flexible interconnecting modules that can work together in a larger system. The main features of structural design patterns include the following: The use of the composition to combine the implementations of multiple objects Help build a large system made of various components by maintaining a high level of flexibility In this article, we will focus on the following structural design patterns: The adapter design pattern The decorator design pattern The bridge design pattern The composite design pattern The facade design pattern The flyweight design pattern The proxy design pattern The next subsections will put some light on what these patterns are about. The adapter design pattern The adapter design pattern allows the interface of an existing class to be used from another interface. Imagine that there is a client who expects your class to expose a doWork() method. You might have the implementation ready in another class, but the method is called differently and is incompatible. It might require extra parameters too. This could also be a library that the developer doesn't have access to for modifications. This is where the adapter can help by wrapping the functionality and exposing the required methods. The adapter is useful for integrating the existing components. In Scala, the adapter design pattern can be easily achieved using implicit classes. The decorator design pattern Decorators are a flexible alternative to sub classing. They allow developers to extend the functionality of an object without affecting other instances of the same class. This is achieved by wrapping an object of the extended class into one that extends the same class and overrides the methods whose functionality is supposed to be changed. Decorators in Scala can be built much more easily using another design pattern called stackable traits. The bridge design pattern The purpose of the bridge design pattern is to decouple an abstraction from its implementation so that the two can vary independently. It is useful when the class and its functionality vary a lot. The bridge reminds us of the adapter pattern, but the difference is that the adapter pattern is used when something is already there and you cannot change it, while the bridge design pattern is used when things are being built. It helps us to avoid ending up with multiple concrete classes that will be exposed to the client. You will get a clearer understanding when we delve deeper into the topic, but for now, let's imagine that we want to have a FileReader class that supports multiple different platforms. The bridge will help us end up with FileReader, which will use a different implementation, depending on the platform. In Scala, we can use self-types in order to implement a bridge design pattern. The composite design pattern The composite is a partitioning design pattern that represents a group of objects that are to be treated as only one object. It allows developers to treat individual objects and compositions uniformly and to build complex hierarchies without complicating the source code. An example of composite could be a tree structure where a node can contain other nodes, and so on. The facade design pattern The purpose of the facade design pattern is to hide the complexity of a system and its implementation details by providing the client with a simpler interface to use. This also helps to make the code more readable and to reduce the dependencies of the outside code. It works as a wrapper around the system that is being simplified and, of course, it can be used in conjunction with some of the other design patterns mentioned previously. The flyweight design pattern The flyweight design pattern provides an object that is used to minimize memory usage by sharing it throughout the application. This object should contain as much data as possible. A common example given is a word processor, where each character's graphical representation is shared with the other same characters. The local information then is only the position of the character, which is stored internally. The proxy design pattern The proxy design pattern allows developers to provide an interface to other objects by wrapping them. They can also provide additional functionality, for example, security or thread-safety. Proxies can be used together with the flyweight pattern, where the references to shared objects are wrapped inside proxy objects. Behavioral design patterns Behavioral design patterns increase communication flexibility between objects based on the specific ways they interact with each other. Here, creational patterns mostly describe a moment in time during creation, structural patterns describe a more or less static structure, and behavioral patterns describe a process or flow. They simplify this flow and make it more understandable. The main features of behavioral design patterns are as follows: What is being described is a process or flow The flows are simplified and made understandable They accomplish tasks that would be difficult or impossible to achieve with objects In this article, we will focus our attention on the following behavioral design patterns: The value object design pattern The null object design pattern The strategy design pattern The command design pattern The chain of responsibility design pattern The interpreter design pattern The iterator design pattern The mediator design pattern The memento design pattern The observer design pattern The state design pattern The template method design pattern The visitor design pattern The following subsections will give brief definitions of the aforementioned behavioral design patterns. The value object design pattern Value objects are immutable and their equality is based not on their identity, but on their fields being equal. They can be used as data transfer objects, and they can represent dates, colors, money amounts, numbers, and more. Their immutability makes them really useful in multithreaded programming. The Scala programming language promotes immutability, and value objects are something that naturally occur there. The null object design pattern Null objects represent the absence of a value and they define a neutral behavior. This approach removes the need to check for null references and makes the code much more concise. Scala adds the concept of optional values, which can replace this pattern completely. The strategy design pattern The strategy design pattern allows algorithms to be selected at runtime. It defines a family of interchangeable encapsulated algorithms and exposes a common interface to the client. Which algorithm is chosen could depend on various factors that are determined while the application runs. In Scala, we can simply pass a function as a parameter to a method, and depending on the function, a different action will be performed. The command design pattern This design pattern represents an object that is used to store information about an action that needs to be triggered at a later time. The information includes the following: The method name The owner of the method Parameter values The client then decides which commands need to be executed and when by the invoker. This design pattern can easily be implemented in Scala using the by-name parameters feature of the language. The chain of responsibility design pattern The chain of responsibility is a design pattern where the sender of a request is decoupled from its receiver. This way, it makes it possible for multiple objects to handle the request and to keep logic nicely separated. The receivers form a chain where they pass the request and, if possible, they process it, and if not, they pass it to the next receiver. There are variations where a handler might dispatch the request to multiple other handlers at the same time. This somehow reminds us of function composition, which in Scala can be achieved using the stackable traits design pattern. The interpreter design pattern The interpreter design pattern is based on the ability to characterize a well-known domain with a language with a strict grammar. It defines classes for each grammar rule in order to interpret sentences in the given language. These classes are likely to represent hierarchies as grammar is usually hierarchical as well. Interpreters can be used in different parsers, for example, SQL or other languages. The iterator design pattern The iterator design pattern is when an iterator is used to traverse a container and access its elements. It helps to decouple containers from the algorithms performed on them. What an iterator should provide is sequential access to the elements of an aggregate object without exposing the internal representation of the iterated collection. The mediator design pattern This pattern encapsulates the communication between different classes in an application. Instead of interacting directly with each other, objects communicate through the mediator, which reduces the dependencies between them, lowers the coupling, and makes the overall application easier to read and maintain. The memento design pattern This pattern provides the ability to roll back an object to its previous state. It is implemented with three objects—originator, caretaker, and memento. The originator is the object with the internal state; the caretaker will modify the originator, and a memento is an object that contains the state that the originator returns. The originator knows how to handle a memento in order to restore its previous state. The observer design pattern This design pattern allows the creation of publish/subscribe systems. There is a special object called subject that automatically notifies all the observers when there are any changes in the state. This design pattern is popular in various GUI toolkits and generally where event handling is needed. It is also related to reactive programming, which is enabled by libraries such as Akka. We will see an example of this towards the end of this book. The state design pattern This design pattern is similar to the strategy design pattern, and it uses a state object to encapsulate different behavior for the same object. It improves the code's readability and maintainability by avoiding the use of large conditional statements. The template method design pattern This design pattern defines the skeleton of an algorithm in a method and then passes some of the actual steps to the subclasses. It allows developers to alter some of the steps of an algorithm without having to modify its structure. An example of this could be a method in an abstract class that calls other abstract methods, which will be defined in the children. The visitor design pattern The visitor design pattern represents an operation to be performed on the elements of an object structure. It allows developers to define a new operation without changing the original classes. Scala can minimize the verbosity of this pattern compared to the pure object-oriented way of implementing it by passing functions to methods. Choosing a design pattern As we already saw, there are a huge number of design patterns. In many cases, they are suitable to be used in combinations as well. Unfortunately, there is no definite answer regarding how to choose the concept of designing our code. There are many factors that could affect the final decision, and you should ask yourselves the following questions: Is this piece of code going to be fairly static or will it change in the future? Do we have to dynamically decide what algorithms to use? Is our code going to be used by others? Do we have an agreed interface? What libraries are we planning to use, if any? Are there any special performance requirements or limitations? This is by no means an exhaustive list of questions. There is a huge amount of factors that could dictate our decision in how we build our systems. It is, however, really important to have a clear specification, and if something seems missing, it should always be checked first. By now, we have a fair idea about what a design pattern is and how it can affect the way we write our code. We've iterated through the most famous Gang of Four design patterns out there, and we have outlined the main differences between them. To know more on how to incorporate functional patterns effectively in real-life applications, read our book Scala Design Patterns - Second Edition. Implementing 5 Common Design Patterns in JavaScript (ES8) An Introduction to Node.js Design Patterns

Customer purchase does not necessarily depend on the need for the product; instead, it often depends on how well the product has been advertised. Most advertising companies target customer emotions and experiences to sell their product. However, with the increasing online awareness, intrusive ads and an oversaturated advertising space, customers rely more on online reviews before purchasing any product. Companies have to think out-of-the-box to get the customers engaged with their product! Augmented Reality can help companies fetch their audience back by creating an interactive buying experience on their device that converts their casual browsing activity into a successful purchase. It is estimated that there are around 4 billion users in the world who are actively engaged on the internet. This shows that over half of the world’s population is active online which means having an online platform will be beneficial, but there’s a large audience that requires engaging within the right way because it’s becoming the norm. For now, AR is still fairly new in the advertising world but it’s expected that by 2020, AR revenue will outweigh VR (Virtual Reality) by about $120 billion and it’s no surprise this is the case. Ways AR can benefit businesses There are many reasons why AR could be beneficial to a business: Creates Emotional Connection AR provides the platform for advertising companies to engage with their audiences in a unique way, using an immersive advertisement to create a connection that brings the consumers emotions into play. A memorable experience encourages them to make purchases because psychologically, it was an experience that they’ve had like no other and one they’re unlikely to get elsewhere. It can also help create exposure. Because of the excitement that users had, they’ll encourage others to try it too. Saves Money It’s amazing to think that such advanced technology can be cheaper than your traditional method of advertising. Print advertising can still be an extremely expensive method in many cases given that it is a high volume game and due to the costs of applying an ad on the front page of a publication. AR ads can vary depending on the quality but even some of the simplest forms of AR advertising can be affordable. Increases Sales Not only is AR a useful tool for promoting goods and services, but it also provides the opportunity to increase conversions. One issue that many customers have is whether the goods they are purchasing are right for them. AR removes this barrier and enables them to ‘try out’ the product before they purchase, making it more likely for the customer to buy. Examples of AR advertising Early adopters have already taken up the technology for showcasing their services and products. It’s not mainstream yet but as the above figures suggest, it won’t be long before AR becomes widespread. Here are a few examples of companies using AR technology in their marketing strategy. IKEA’s virtual furnitures IKEA is the famous Swedish home retailer who adopted the technology back in 2013 for their iOS app. Their idea allowed potential purchasers to scan their catalogue with their mobile phone and then browse their products through the app. When they selected something that they think might be suitable for their home they could see the virtual furniture through their app or tablet in their living space. This way customers could judge whether it was the right product or not. Pepsi Max’s Unbelievable Campaign Pepsi didn’t necessarily use the technology to promote their product directly but instead used it to create a buzz for the brand. They installed screens into an everyday bus shelter in London and used it to layer virtual images over a real-life camera. Audiences were able to interact with the video in the bus shelter through the camera that was installed on the bus shelter. The video currently has over 8 million views on Youtube and several shares have been made through social networks. Lacoste’s virtual trial room on a marker Lacoste launched an app that used marker-based AR technology where users were able to stand on a marker in the store that allowed them to try on different LCST branded trainers. As mentioned before, this would be a great way for users to try on their apparel before deciding whether to purchase it. Challenges businesses face with integrating AR into their advertising plan Although AR is an exciting prospect for businesses and many positives can be taken from implementing it into advertising plans, it has its fair share of challenges. Let’s take a brief look into what these could be. Mobile Application is required AR requires a specific type of application in order to work. For consumers to engage themselves within an AR world they’ll need to be able to download the specific app to their mobile first. This means that customers will find themselves downloading different applications for the companies that released their app. This is potentially one of the reasons why some companies have chosen not to invest in AR, yet. Solutions like augmented reality digital placement (ARDP) are in the process of resolving this problem. ARDP uses media-rich banners to bring AR to life in a consumer’s handheld device without having to download multiple apps. ARDP would require both AR and app developers to come together to make AR more accessible to users. Poor Hardware Specifications Similar to video and console games, the quality of graphics on an AR app greatly impacts the user experience. If you think of the power that console systems output, if a user was to come across a game they played that had poor graphics knowing the console's capabilities, they will be less likely to play it. In order for it to work, the handheld device would need enough hardware power to produce the ideal graphics. Phone companies such as Apple and Samsung have done this over time when they’ve released new phones. So in the near future, we should expect modern smartphones to produce top of the range AR. Complexity in the Development Phase Creating an AR advertisement requires a high level of expertise. Unless you have AR developers already in your in-house team, the development stage of the process may prove difficult for your business. There are AR software development toolkits available that have made the process easier but it still requires a good level of coding knowledge. If the resources aren’t available in-house, you can either seek help from app development companies that have AR software engineering experience or you could outsource the work through websites such as Elance, Upwork, and Guru. In short, the development process in ad creation requires a high level of coding knowledge. The increased awareness of the benefits of implementing AR advertising will alert developers everywhere and should be seen as a rising opportunity. We can expect an increase in demand for AR developers as those who have the expertise in the technology will be high on the agenda for many advertising companies and agencies who are looking to take advantage of the market to engage with their customers differently. For projects that involve AR development, augmented reality developers should be at the forefront of business creative teams, ensuring that the ideas that are created can be implemented correctly. [author title="About Jamie Costello"] Jamie Costello is a student and an aspiring freelance writer based in Manchester. His interests are to write about a variety of topics but his biggest passion concerns technology. He says, “When I'm not writing or studying, I enjoy swimming and playing games consoles”.[/author]   Read Next Adobe glides into Augmented Reality with Adobe Aero Understanding the hype behind Magic Leap’s New Augmented Reality Headsets Apple’s new ARKit 2.0 brings persistent AR, shared augmented reality experiences and more    

If you’re following the news, chances are you’ve heard about Virtual Reality or VR headsets like Oculus, Samsung Gear, HTC Vive etc. Trending terms and buzzwords are all good for a business or tech that’s novel and yet to be adopted by the majority of consumers. But the proof of the pudding is when people have started using the tech. And the first reactions to mobile VR are not at all good. This has even made the founder of Oculus Rift, John Carmack to give a statement, “We are coasting on novelty, and the initial wonder of being something people have never seen before”. The jury is out on present day Mobile VR technologies and headsets -  ‘It Sucks’ in its present form. If you want to know why and what can make it better then read ahead. Hardware are expensive Mobile headsets are costly, mostly in the $399- $799 range. The most successful VR headset till date is Google Cardboard. The reason - it’s dirt cheap and it doesn’t need too much set up and customization. Such a high price at the initial launching phase of any tech is going to make the users worried. Not many people would want to buy an expensive new toy without knowing exactly how it’s going to be. VR games don’t match up to video game quality The initial VR games for mobile were very poor. There are 13 billion mobile gamers across the world, undeniably a huge market to tap into. But we have to keep in mind that these gamers have already access to high quality games which they can play just by tapping their mobile screen. For them to strap on that headset and get immersed in VR games, the incentive needs to be too alluring to resist. The current crop of VR games lack complexity, their UI design is not intuitive enough to hold the attention of a user for longer duration of time, especially when playing a VR game means strapping up that head gear. These VR games also take too much time to load which is a huge negative for VR games. The hype vs reality gap is improving, but it’s painfully slow The current phase of VR is the initial breakthrough stage where there are lot of expectations from it. But the games and apps are not upto the mark and hence those who have used it are giving it a thumbs down. The word of mouth publicity is mostly negative and this is creating a negative impact on mobile VR as a whole. The chart below shows the gap between initial expectation and the reality of VR and how it might shape up in the near future according to Unity's CEO John Riccitiello. AR vs VR vs MR: A concoction for confusion The popularity of Augmented Reality (AR) and the emergence of Mixed Reality - an amalgamation of both AR and VR have distracted the developers as per which platform and what methodology to adapt. The UX and UI design are quite different for both AR and VR and MR and hence all of these three disciplines would need dedicated development resources. For this to happen, these disciplines would have to be formalized first and until that time, the quality of the apps will not improve drastically. No unified VR development platform Mobile VR is dependant on SDKs and primarily on the two game engines Unity and Unreal Engine that have come up with support for VR game development. While Unity is one of the biggest names in game development industry, a dedicated and unified VR development platform is still missing in action. As for Unity and Unreal Engine their priority will not be VR any time soon. Things can change if and when some tech giant like Google, Microsoft, Facebook etc. will dedicate their resources to create VR apps and Games for mobile. Although Google has cardboard, Facebook unveiled React VR and support for AR development, Microsoft has their own game going on with Hololens AR and MR development, the trend that started it all still seems to be lost among its newer cousins. I think, VR will be big, but it will have to wait till its implementation by some major business or company. Till then, we will have to wear our ghastly headsets and imagine that we are living in the future. Game developers say Virtual Reality is here to stay Microsoft introduces SharePoint Spaces, adds virtual reality support to SharePoint Build a Virtual Reality Solar System in Unity for Google Cardboard  

One of the important things that you can use Wireshark for is application analysis and troubleshooting. When the application slows down, it can be due to the LAN (quite uncommon in wired LAN), the WAN service (common due to insufficient bandwidth or high delay), or slow servers or clients. It can also be due to slow or problematic applications. The purpose of this article is to get into the details of how applications work, and provide relevant guidelines and recipes for isolating and solving these problems. In the first recipe, we will learn how to find out and categorize applications that work over our network. Then, we will go through various types of applications to see how they work, how networks influence their behavior, and what can go wrong. Further, we will learn how to use Wireshark in order to resolve and troubleshoot common applications that are used in an enterprise network. These are Microsoft Terminal Server and Citrix, databases, and Simple Network Management Protocol (SNMP). This is an excerpt from Network Analysis using Wireshark 2 Cookbook - Second Edition written by Nagendra Kumar Nainar, Yogesh Ramdoss, Yoram Orzach. Find out what is running over your network The first thing to do when monitoring a new network is to find out what is running over it. There are various types of applications and network protocols, and they can influence and interfere with each other when all of them are running over the network. In some cases, you will have different VLANs, different Virtual Routing and Forwardings (VRFs), or servers that are connected to virtual ports in a blade server. Eventually, everything is running on the same infrastructure, and they can influence each other. There is a common confusion between VRFs and VLANs. Even though their purpose is quite the same, they are configured in different places. While VLANs are configured in the LAN in order to provide network separation in the OSI layers 1 and 2, VRFs are multiple instances of routing tables to make them coexist in the same router. This is a layer 3 operation that separates between different customer's networks. VRFs are generally seen in service provider environments using Multi-Protocol Label Switching (MPLS) to provide layer 3 connectivity to different customers over the same router's network, in such a way that no customer can see any other customer's network. In this recipe, we will see how to get to the details of what is running over the network, and the applications that can slow it down. The term blade server refers to a server enclosure, which is a chassis of server shelves on the front and LAN switches on the back. There are several different acronyms for it; for example, IBM calls them blade center and HP calls them blade system. Getting ready When you get into a new network, the first thing to do is connect Wireshark to sniff what is running over the applications and protocols. Make sure you follow these points: When you are required to monitor a server, port-mirror it and see what is running on its connection to the network. When you are required to monitor a remote office, port-mirror the router port that connects you to the WAN connection. Then, check what is running over it. When you are required to monitor a slow connection to the internet, port-mirror it to see what is going on there. In this recipe, we will see how to use the Wireshark tools for analyzing what is running and what can cause problems. How to do it... For analyzing, follow these steps: Connect Wireshark using one of the options mentioned in the previous section. You can use the following tools: Navigate to Statistics | Protocol Hierarchy to view the protocols that run over the network and the percentage of the total traffic Navigate to Statistics | Conversations to see who is talking and what protocols are used In the Protocol Hierarchy feature, you will get a window that will help you analyze who is talking over the network. It is shown in the following screenshot: In the preceding screenshot, you can see the protocol distribution: Ethernet: IP, Logical-Link Control (LLC), and configuration test protocol (loopback) Internet Protocol Version 4: UDP, TCP, Protocol Independent Multicast (PIM), Internet Group Management Protocol (IGMP), and Generic Routing Encapsulation  (GRE) If you click on the + sign, all the underlying protocols will be shown. To see a specific protocol throughput, click down to the protocols as shown in the following screenshot. You will see the application average throughput during the capture (HTTP in this example): Clicking on the + sign to the left of HTTP will open a list of protocols that run over HTTP (XML, MIME, JavaScripts, and more) and their average throughput during the capture period. There's more... In some cases (especially when you need to prepare management reports), you are required to provide a graphical picture of the network statistics. There are various sources available for this, for example: Etherape (for Linux): http://etherape.sourceforge.net/ Compass (for Windows): http://download.cnet.com/Compass-Free/3000-2085_4-75447541.html?tag=mncol;1 Analyzing Microsoft Terminal Server and Citrix communications problems Microsoft Terminal Server, which uses Remote Desktop Protocol (RDP) and Citrix metaframe Independent Computing Architecture (ICA) protocols, are widely used for local and remote connectivity for PCs and thin clients. The important thing to remember about these types of applications is that they transfer screen changes over the network. If there, are only a few changes, they will require low bandwidth. If there many changes, they will require high bandwidth. Another thing is that the traffic in these applications is entirely asymmetric. Downstream traffic takes from tens of Kbps up to several Mbps, while the upstream traffic will be at most several Kbps. When working with these applications, don't forget to design your network according to this. In this recipe, we will see some typical problems of these applications and how to locate them. For the convenience of writing, we will refer to Microsoft Terminal Server, and every time we write Microsoft Terminal Server, we will refer to all applications in this category, for example, Citrix Metaframe. Getting ready When suspecting a slow performance with Microsoft Terminal Server, first check with the user what the problem is. Then, connect the Wireshark to the network with port-mirror to the complaining client or to the server. How to do it... For locating a problem when Microsoft Terminal Server is involved, start with going to the users and asking questions. Follow these steps: When users complain about a slow network, ask them a simple question: Do they see the slowness in the data presented on the screen or when they switch between windows? If they say that the switch between windows is very fast, it is not a Microsoft Terminal Server problem. Microsoft Terminal Server problems will cause slow window changes, picture freezes, slow scrolling of graphical documents, and so on. If they say that they are trying to generate a report (when the software is running over Microsoft Terminal Server), but the report is generated after a long period of time, this is a database problem and not Microsoft Terminal Server or Citrix. When a user works with Microsoft Terminal Server over a high-delay communication line and types very fast, they might experience delays with the characters. This is because Microsoft Terminal Server is transferring window changes, and with high delays, these windows changes will be transferred slowly. When measuring the communication line with Wireshark: Use I/O graphs to monitor the line Use filters to monitor the upstream and the downstream directions Configure bits per second on the y axis You will get the following screenshot: In the preceding screenshot, you can see a typical traffic pattern with high downstream and very low upstream traffic. Notice that the Y-Axis is configured to Bits/Tick. In the time between 485s and 500s, you see that the throughput got to the maximum. This is when applications will slow down and users will start to feel screen freezes, menus that move very slowly, and so on. When a Citrix ICA client connects to a presentation server, it uses TCP ports 2598 or 1494. When monitoring Microsoft Terminal Server servers, don't forget that the clients access the server with Microsoft Terminal Server and the servers access the application with another client that is installed on the server. The performance problem can come from Microsoft Terminal Server or the application. If the problem is an Microsoft Terminal Server problem, it is necessary to figure out whether it is a network problem or a system problem: Check the network with Wireshark to see if there are any loads. Loads such as the one shown in the previous screenshot can be solved by simply increasing the communication lines. Check the server's performance. Applications like Microsoft Terminal Server are mostly memory consuming, so check mostly for memory (RAM) issues. How it works... Microsoft Terminal Server, Citrix Metaframe, and applications simply transfer window changes over the network. From your client (PC with software client or thin client), you connect to the terminal server; and the terminal server, runs various clients that are used to connect from it to other servers. In the following screenshot, you can see the principle of terminal server operation: There's more... From the terminal server vendors, you will hear that their applications improve two things. They will say that it improves manageability of clients because you don't have to manage PCs and software for every user; you simply install everything on the server, and if something fails, you fix it on the server. They will also say that traffic over the network will be reduced. Well, I will not get into the first argument. This is not our subject, but I strongly reject the second one. When working with a terminal client, your traffic entirely depends on what you are doing: When working with text/character-based applications, for example, some Enterprise Resource Planning (ERP) screens, you type in and read data. When working with the terminal client, you will connect to the terminal server that will connect to the database server. Depending on the database application you are working with, the terminal server can improve performance significantly or does not improve it at all. We will discuss this in the database section. Here, you can expect a load of tens to hundreds of Kbps. If you are working with regular office documents such as Word, PowerPoint, and so on, it entirely depends on what you are doing. Working with a simple Word document will require tens to hundreds of Kbps. Working with PowerPoint will require hundreds of Kbps to several Mbps, and when you present the PowerPoint file with full screen (the F5 function), the throughput can jump up to 8 to 10 Mbps. Browsing the internet will take between hundreds of Kbps and several Mbps, depending on what you will do over it. High resolution movies over terminal server to the internet-well, just don't do it. Before you implement any terminal environment, test it. I once had a software house that wanted their logo (at the top-right corner of the user window) to be very clear and striking. They refreshed it 10 times a second, which caused the 2 Mbps communication line to be blocked. You never know what you don't test! Analyzing the database traffic and common problems Some of you may wonder why we have this section here. After all, databases are considered to be a completely different branch in the IT environment. There are databases and applications on one side and the network and infrastructure on the other side. It is correct since we are not supposed to debug databases; there are DBAs for this. But through the information that runs over the network, we can see some issues that can help the DBAs with solving the relevant problems. In most of the cases, the IT staff will come to us first because people blame the network for everything. We will have to make sure that the problems are not coming from the network and that's it. In a minority of the cases, we will see some details on the capture file that can help the DBAs with what they are doing. Getting ready When the IT team comes to us complaining about the slow network, there are some things to do just to verify that it is not the case. Follow the instructions in the following section to make sure you avoid the slow network issue. How to do it... In the case of database problems, follow these steps: When you get complaints about the slow network responses, start asking these questions: Is the problem local or global? Does it occur only in the remote offices or also in the center? When the problem occurs in the entire network, it is not a WAN bandwidth issue. Does it happen the same for all clients? If not, there might be a specific problem that happens only with some users because only those users are running a specific application that causes the problem. Is the communication line between the clients and the server loaded? What is the application that loads them? Do all applications work slowly, or is it only the application that works with the specific database? Maybe some PCs are old and tired, or is it a server that runs out of resources? When we are done with the questionnaire, let's start our work: Open Wireshark and start capturing packets. You can configure port-mirror to a specific PC, the server, a VLAN, or a router that connects to a remote office in which you have the clients. Look at the TCP events (expert info). Do they happen on the entire communication link, on specific IP address/addresses, or on specific TCP port number/numbers? This will help you isolate the problem and check whether it is on a specific link, server, or application. When measuring traffic on a connection to the internet, you will get many retransmissions and duplicate ACKs to websites, mail servers, and so on. This is the internet. In an organization, you should expect 0.1 to 0.5 percent of retransmissions. When connecting to the internet, you can expect much higher numbers. But there are some network issues that can influence database behavior. In the following example, we see the behavior of a client that works with the server over a communication line with a round trip delay of 35 to 40 ms. We are looking at the TCP stream number 8 (1) and the connection started with TCP SYN/SYN-ACK/ACK. I've set this as a reference (2). We can see that the entire connection took 371 packets (3): The connection continues, and we can see time intervals of around 35 ms between DB requests and responses: Since we have 371 packets travelling back and forth, 371 x 35 ms gives us around 13 seconds. Add to this some retransmissions that might happen and some inefficiencies, and this leads to a user waiting for 10 to 15 seconds and more for a database query. In this case, you should consult the DBA on how to significantly reduce the number of packets that run over the network, or you can move to another way of access, for example, terminal server or web access. Another problem that can happen is that you will have a software issue that will reflect in the capture file. If you have a look at the following screenshot, you will see that there are five retransmissions, and then a new connection is opened from the client side. It looks like a TCP problem but it occurs only in a specific window in the software. It is simply a software procedure that stopped processing, and this stopped the TCP from responding to the client: How it works... Well, how databases work was always be a miracle to me. Our task is to find out how they influence the network, and this is what we've learned in this section. There's more... When you right-click on one of the packets in the database client to the server session, a window with the conversation will open. It can be helpful to the DBA to see what is running over the network. When you are facing delay problems, for example, when working over cellular lines over the internet or over international connections, the database client to the server will not always be efficient enough. You might need to move to web or terminal access to the database. An important issue is how the database works. If the client is accessing the database server, and the database server is using files shared from another server, it can be that the client-server works great; but the problems come from the database server to the shared files on the file server. Make sure that you know all these dependencies before starting with your tests. And most importantly, make sure you have very professional DBAs among your friends. One day, you will need them! Analyzing SNMP SNMP is a well-known protocol that is used to monitor and manage different types of devices in a network by collecting data and statistics at regular intervals. Beyond just monitoring, it can also be used to configure and modify settings with appropriate authorization given to SNMP servers. Devices that typically support SNMP are switches, routers, servers, workstations, hosts, VoIP Phones, and many more. It is important to know that there are three versions of SNMP: SNMPv1, SNMPv2c, and SNMPv3. Versions v2c and v3, which came later, offer better performance and security. SNMP consists of three components: The device being managed (referred to as managed device). SNMP Agent. This is a piece of software running on the managed device that collects the data from the device and stores it in a database, referred to as the Managed Information Base (MIB) database. As configured, this SNMP agent exports the data/statistics to the server (using UDP port 161) at regular intervals, and also any events and traps. SNMP server, also called Network Management Server (NMS). This is a server that communicates with all the agents in the network to collect the exported data and build a central repository. SNMP server provides access to the IT staff managing network; they can monitor, manage, and configure the network remotely. It is very important to be aware that some of the MIBs implemented in a device could be vendor-specific. Almost all the vendors publicize these MIBs implemented in their devices. Getting ready Generally, the complaints we get from the network management team are about not getting any statistics or traps from a device(s) for a specific interval, or having completely no visibility to a device(s). Follow the instructions in the following section to analyze and troubleshoot these issues. How to do it... In the case of SNMP problems, follow these steps. When you get complaints about SNMP, start asking these questions: Is this a new managed device that has been brought into the network recently? In other words, did the SNMP in the device ever work properly? If this is a new device, talk to relevant device administrator and/or check the SNMP-related configurations, such as community strings. If SNMP configurations looks correct, make sure that the NMS's IP address configured is correct and also check the relevant password credentials. If SNMP v3 is in use, which supports encryption, make sure to check encryption-related settings like transport methods. If the setting and configuration looks valid and correct, make sure the managed devices have connectivity with the NMS, which can be verified by simple ICMP pings. If it is a managed device that has been working properly and didn't report any statistics or alerts for a specific duration: Did the device in discussion have any issues in the control plane or management plane that stopped it from exporting SNMP statistics? Please be aware that for most devices in the network, SNMP is a least-priority protocol, which means that if a device has a higher-priority process to work on, it will hold the SNMP requests and responses in the queue. Is the issue experienced only for a specific device or for multiple devices in the network? Did the network (between managed device and NMS) experience any issue? For example, during any layer 2 spanning-tree convergence, traffic loss could occur between the managed device and SNMP server, by which NMS would lose visibility to the managed devices. As you can see in the following picture, an SNMP Server with IP address 172.18.254.139 is performing SNMP walk with a sequence of GET-NEXT-REQUEST to a workstation with IP address 10.81.64.22, which in turn responds with GET-RESPONSE. For simplicity, the Wireshark filter used for these captures is SNMP. The workstation is enabled with SNMP v2c, with community string public. Let's discuss some of the commonly seen failure scenarios. Polling a managed device with a wrong SNMP version As I mentioned earlier, the workstation is enabled with v2c, but when the NMS polls the device with the wrong SNMP version, it doesn't get any response. So, it is very important to make sure that the managed devices are polled with the correct SNMP version. Polling a managed device with a wrong MIB object ID (OID) In the following example, the NMS is polling the managed device to get a number of bytes sent out on interfaces. The MIB OID for byte count is .1.3.6.1.2.1.2.2.1.16, which is ifOutOctets. The managed device in discussion has two interfaces, mapped to OID .1.3.6.1.2.1.2.2.1.16.1 and .1.3.6.1.2.1.2.2.1.16.2. When NMS polls the device to check the statistics for the third interface (which is not present), it returns a noSuchInstance error. How it works... As you have learned in the earlier sections, SNMP is a very simple and straightforward protocol and all its related information on standards and MIB OIDs is readily available in the internet. There's more... Here are some of the websites with good information about SNMP and MIB OIDs: Microsoft TechNet SNMP: https://technet.microsoft.com/en-us/library/cc776379(v=ws.10).aspx Cisco IOS MIB locator: http://mibs.cloudapps.cisco.com/ITDIT/MIBS/servlet/index We have learned to perform enterprise-level network analysis with real-world examples like Analyzing Microsoft Terminal Server and Citrix communications problems. Get to know more about security and network forensics from our book Network Analysis using Wireshark 2 Cookbook - Second Edition. What’s new in Wireshark 2.6 ? Top 5 penetration testing tools for ethical hackers 5 pen testing rules of engagement: What to consider while performing Penetration testing

Real time analytics is a watchword for the tech and marketing industries (or mar-tech if you like terrible neologisms). But it simply isn't delivering the impact it should for many businesses today. Research by Harvard Business Review Analytics Services, done with support from SAS, Accenture and Intel, found that while businesses are spending more time and money on real time analytics, they're not seeing the impact they want. So, although 70% of enterprises who took part in the research say they have increased spending on real time analytics, only 16% said they're actually very effective in using real time analytics across different channels. Clearly something isn't working. We're seeing a big gap between expectations and effectiveness. And, like everything in tech, it probably isn't the technology's fault. All of the data here suggests that we're all thinking about real time analytics in a way that is far too abstract. We've set expectations about what 'real time analytics' can and should do and set about building projects that should, in theory, support the business. We're thinking about real time analytics in a way that is far too abstract. But therein lies the problem - the data indicates that we're all thinking about real time analytics from a business perspective, not a customer one. Of course, all of the capabilities listed above are ultimately about supporting the customer in some way. But the thinking is backward. Customer touch points should be at the forefront of every business' collective mind when exploring real time analytics. Anything less is never going to be as effective as you want it to be. Read next: Why your app needs real time mobile analytics  Joining the dots between real time analytics and customers Of course, it might be that there's something unspoken here. It's not so much that we're thinking the wrong way round, but instead that the data is simply saying that bridging the gap between analytics and customers is hard. And it is, of course. It's hard because it forces us to change the way we work and organize. We might even need to rethink who should be driving the data strategy. Teams need to talk Arguably, there's not quite enough alignment between different teams - marketing on the one hand, data, and development are all dependent on one another, but they're possibly not working together in the way they should. CTOs, CIOs aren't working closely enough with CMOs. You can't build an analytics strategy without properly understanding all the customer touch points - what they are now, and what that should look like in the future. Real time analytics is a 'full stack problem' It also needs to be thought of as a 'full stack problem'. By this I don't mean that it's down to your full stack developers to solve (although they might be involved). Instead it's a problem that takes in every bit of the software stack. It's no good having an incredible vision if you haven't built the analytics capabilities into your front end. If your platform is old and held together with a bit of string, it's going to be difficult to fully realize your data-heavy dreams. This was something flagged up in the research with 70% of respondents claiming legacy systems were making data integration a huge challenge. Similarly, there's no point talking about self-service analytics if you're not going to build an internal tool that's actually usable. Integration is fine, but then you need people to actually use the data - and to know why they're using it. Whether you build an awesome tool in-house or find a perfect analytics solution, you need to be confident people are going to actually make use of your real time analytics you've finally achieved. Start from customer touch points Putting the customer first is, however, the first rule of real time analytics. Start with the key touch points for customers. That might require an audit of the current situation as well as some creative thinking about what might work in the future. Starting with these touch points is also crucial for how analytics is shared and used internally. As I've already said, there's no point having highly available analytics if stakeholders don't actually know what they're doing with the data that's there. This means every stakeholder needs to work backwards from every point they may influence the customer - whether that's a button, an email, a piece of content  - and consider how and what data is going to be most useful to them. Real time analytics takes time Although research suggests that implementing real time analytics is challenging, we maybe just need to accept that some of these things take time. They are a mix of technological and cultural issues we need to untie and work through. It can be frustrating - especially as the next few years will probably throw up new innovations just as we think we've cracked this one. The important thing is that collaboration and communication is key, as well as making sure everyone understands who the customer is and what they want to achieve. Simple really, right?

Design patterns have provided many ways to simplify the development of software applications. Now that organizations are beginning to tackle applications that leverage new sources and types of big data, design patterns for big data are needed. These big data design patterns aim to reduce complexity, boost the performance of integration and improve the results of working with new and larger forms of data. This article intends to introduce readers to the common big data design patterns based on various data layers such as data sources and ingestion layer, data storage layer and data access layer. This article is an excerpt from Architectural Patterns by Pethuru Raj, Anupama Raman, and Harihara Subramanian. In this book, you will learn the importance of architectural and design patterns in business-critical applications. Data sources and ingestion layer Enterprise big data systems face a variety of data sources with non-relevant information (noise) alongside relevant (signal) data. Noise ratio is very high compared to signals, and so filtering the noise from the pertinent information, handling high volumes, and the velocity of data is significant. This is the responsibility of the ingestion layer. The common challenges in the ingestion layers are as follows: Multiple data source load and prioritization Ingested data indexing and tagging Data validation and cleansing Data transformation and compression The preceding diagram depicts the building blocks of the ingestion layer and its various components. We need patterns to address the challenges of data sources to ingestion layer communication that takes care of performance, scalability, and availability requirements. In this section, we will discuss the following ingestion and streaming patterns and how they help to address the challenges in ingestion layers. We will also touch upon some common workload patterns as well, including: Multisource extractor Multidestination Protocol converter Just-in-time (JIT) transformation Real-time streaming pattern Multisource extractor An approach to ingesting multiple data types from multiple data sources efficiently is termed a Multisource extractor. Efficiency represents many factors, such as data velocity, data size, data frequency, and managing various data formats over an unreliable network, mixed network bandwidth, different technologies, and systems: The multisource extractor system ensures high availability and distribution. It also confirms that the vast volume of data gets segregated into multiple batches across different nodes. The single node implementation is still helpful for lower volumes from a handful of clients, and of course, for a significant amount of data from multiple clients processed in batches. Partitioning into small volumes in clusters produces excellent results. Data enrichers help to do initial data aggregation and data cleansing. Enrichers ensure file transfer reliability, validations, noise reduction, compression, and transformation from native formats to standard formats. Collection agent nodes represent intermediary cluster systems, which helps final data processing and data loading to the destination systems. The following are the benefits of the multisource extractor: Provides reasonable speed for storing and consuming the data Better data prioritization and processing Drives improved business decisions Decoupled and independent from data production to data consumption Data semantics and detection of changed data Scaleable and fault tolerance system The following are the impacts of the multisource extractor: Difficult or impossible to achieve near real-time data processing Need to maintain multiple copies in enrichers and collection agents, leading to data redundancy and mammoth data volume in each node High availability trade-off with high costs to manage system capacity growth Infrastructure and configuration complexity increases to maintain batch processing Multidestination pattern In multisourcing, we saw the raw data ingestion to HDFS, but in most common cases the enterprise needs to ingest raw data not only to new HDFS systems but also to their existing traditional data storage, such as Informatica or other analytics platforms. In such cases, the additional number of data streams leads to many challenges, such as storage overflow, data errors (also known as data regret), an increase in time to transfer and process data, and so on. The multidestination pattern is considered as a better approach to overcome all of the challenges mentioned previously. This pattern is very similar to multisourcing until it is ready to integrate with multiple destinations (refer to the following diagram). The router publishes the improved data and then broadcasts it to the subscriber destinations (already registered with a publishing agent on the router). Enrichers can act as publishers as well as subscribers: Deploying routers in the cluster environment is also recommended for high volumes and a large number of subscribers. The following are the benefits of the multidestination pattern: Highly scalable, flexible, fast, resilient to data failure, and cost-effective Organization can start to ingest data into multiple data stores, including its existing RDBMS as well as NoSQL data stores Allows you to use simple query language, such as Hive and Pig, along with traditional analytics Provides the ability to partition the data for flexible access and decentralized processing Possibility of decentralized computation in the data nodes Due to replication on HDFS nodes, there are no data regrets Self-reliant data nodes can add more nodes without any delay The following are the impacts of the multidestination pattern: Needs complex or additional infrastructure to manage distributed nodes Needs to manage distributed data in secured networks to ensure data security Needs enforcement, governance, and stringent practices to manage the integrity and consistency of data Protocol converter This is a mediatory approach to provide an abstraction for the incoming data of various systems. The protocol converter pattern provides an efficient way to ingest a variety of unstructured data from multiple data sources and different protocols. The message exchanger handles synchronous and asynchronous messages from various protocol and handlers as represented in the following diagram. It performs various mediator functions, such as file handling, web services message handling, stream handling, serialization, and so on: In the protocol converter pattern, the ingestion layer holds responsibilities such as identifying the various channels of incoming events, determining incoming data structures, providing mediated service for multiple protocols into suitable sinks, providing one standard way of representing incoming messages, providing handlers to manage various request types, and providing abstraction from the incoming protocol layers. Just-In-Time (JIT) transformation pattern The JIT transformation pattern is the best fit in situations where raw data needs to be preloaded in the data stores before the transformation and processing can happen. In this kind of business case, this pattern runs independent preprocessing batch jobs that clean, validate, corelate, and transform, and then store the transformed information into the same data store (HDFS/NoSQL); that is, it can coexist with the raw data: The preceding diagram depicts the datastore with raw data storage along with transformed datasets. Please note that the data enricher of the multi-data source pattern is absent in this pattern and more than one batch job can run in parallel to transform the data as required in the big data storage, such as HDFS, Mongo DB, and so on. Real-time streaming pattern Most modern businesses need continuous and real-time processing of unstructured data for their enterprise big data applications. Real-time streaming implementations need to have the following characteristics: Minimize latency by using large in-memory Event processors are atomic and independent of each other and so are easily scalable Provide API for parsing the real-time information Independent deployable script for any node and no centralized master node implementation The real-time streaming pattern suggests introducing an optimum number of event processing nodes to consume different input data from the various data sources and introducing listeners to process the generated events (from event processing nodes) in the event processing engine: Event processing engines (event processors) have a sizeable in-memory capacity, and the event processors get triggered by a specific event. The trigger or alert is responsible for publishing the results of the in-memory big data analytics to the enterprise business process engines and, in turn, get redirected to various publishing channels (mobile, CIO dashboards, and so on). Big data workload patterns Workload patterns help to address data workload challenges associated with different domains and business cases efficiently. The big data design pattern manifests itself in the solution construct, and so the workload challenges can be mapped with the right architectural constructs and thus service the workload. The following diagram depicts a snapshot of the most common workload patterns and their associated architectural constructs: Workload design patterns help to simplify and decompose the business use cases into workloads. Then those workloads can be methodically mapped to the various building blocks of the big data solution architecture. Data storage layer Data storage layer is responsible for acquiring all the data that are gathered from various data sources and it is also liable for converting (if needed) the collected data to a format that can be analyzed. The following sections discuss more on data storage layer patterns. ACID versus BASE versus CAP Traditional RDBMS follows atomicity, consistency, isolation, and durability (ACID) to provide reliability for any user of the database. However, searching high volumes of big data and retrieving data from those volumes consumes an enormous amount of time if the storage enforces ACID rules. So, big data follows basically available, soft state, eventually consistent (BASE), a phenomenon for undertaking any search in big data space. Database theory suggests that the NoSQL big database may predominantly satisfy two properties and relax standards on the third, and those properties are consistency, availability, and partition tolerance (CAP). With the ACID, BASE, and CAP paradigms, the big data storage design patterns have gained momentum and purpose. We will look at those patterns in some detail in this section. The patterns are: Façade pattern NoSQL pattern Polyglot pattern Façade pattern This pattern provides a way to use existing or traditional existing data warehouses along with big data storage (such as Hadoop). It can act as a façade for the enterprise data warehouses and business intelligence tools. In the façade pattern, the data from the different data sources get aggregated into HDFS before any transformation, or even before loading to the traditional existing data warehouses: The façade pattern allows structured data storage even after being ingested to HDFS in the form of structured storage in an RDBMS, or in NoSQL databases, or in a memory cache. The façade pattern ensures reduced data size, as only the necessary data resides in the structured storage, as well as faster access from the storage. NoSQL pattern This pattern entails getting NoSQL alternatives in place of traditional RDBMS to facilitate the rapid access and querying of big data. The NoSQL database stores data in a columnar, non-relational style. It can store data on local disks as well as in HDFS, as it is HDFS aware. Thus, data can be distributed across data nodes and fetched very quickly. Let's look at four types of NoSQL databases in brief: Column-oriented DBMS: Simply called a columnar store or big table data store, it has a massive number of columns for each tuple. Each column has a column key. Column family qualifiers represent related columns so that the columns and the qualifiers are retrievable, as each column has a column key as well. These data stores are suitable for fast writes. Key-value pair database: A key-value database is a data store that, when presented with a simple string (key), returns an arbitrarily large data (value). The key is bound to the value until it gets a new value assigned into or from a database. The key-value data store does not need to have a query language. It provides a way to add and remove key-value pairs. A key-value store is a dictionary kind of data store, where it has a list of words and each word represents one or more definitions. Graph database: This is a representation of a system that contains a sequence of nodes and relationships that creates a graph when combined. A graph represents three data fields: nodes, relationships, and properties. Some types of graph store are referred to as triple stores because of their node-relationship-node structure. You may be familiar with applications that provide evaluations of similar or likely characteristics as part of the search (for example, a user bought this item also bought... is a good illustration of graph store implementations). Document database: We can represent a graph data store as a tree structure. Document trees have a single root element or sometimes even multiple root elements as well. Note that there is a sequence of branches, sub-branches, and values beneath the root element. Each branch can have an expression or relative path to determine the traversal path from the origin node (root) and to any given branch, sub-branch, or value. Each branch may have a value associated with that branch. Sometimes the existence of a branch of the tree has a specific meaning, and sometimes a branch must have a given value to be interpreted correctly. The following table summarizes some of the NoSQL use cases, providers, tools and scenarios that might need NoSQL pattern considerations. Most of this pattern implementation is already part of various vendor implementations, and they come as out-of-the-box implementations and as plug and play so that any enterprise can start leveraging the same quickly. NoSQL DB to Use Scenario Vendor / Application / Tools Columnar database Application that needs to fetch entire related columnar family based on a given string: for example, search engines SAP HANA / IBM DB2 BLU / ExtremeDB / EXASOL / IBM Informix / MS SQL Server / MonetDB Key Value Pair database Needle in haystack applications (refer to the Big data workload patterns given in this section) Redis / Oracle NoSQL DB / Linux DBM / Dynamo / Cassandra Graph database Recommendation engine: application that provides evaluation of Similar to / Like: for example, User that bought this item also bought ArangoDB / Cayley / DataStax / Neo4j / Oracle Spatial and Graph / Apache Orient DB / Teradata Aster Document database Applications that evaluate churn management of social media data or non-enterprise data Couch DB / Apache Elastic Search / Informix / Jackrabbit / Mongo DB / Apache SOLR Polyglot pattern Traditional (RDBMS) and multiple storage types (files, CMS, and so on) coexist with big data types (NoSQL/HDFS) to solve business problems. Most modern business cases need the coexistence of legacy databases. At the same time, they would need to adopt the latest big data techniques as well. Replacing the entire system is not viable and is also impractical. The polyglot pattern provides an efficient way to combine and use multiple types of storage mechanisms, such as Hadoop, and RDBMS. Big data appliances coexist in a storage solution: The preceding diagram represents the polyglot pattern way of storing data in different storage types, such as RDBMS, key-value stores, NoSQL database, CMS systems, and so on. Unlike the traditional way of storing all the information in one single data source, polyglot facilitates any data coming from all applications across multiple sources (RDBMS, CMS, Hadoop, and so on) into different storage mechanisms, such as in-memory, RDBMS, HDFS, CMS, and so on. Data access layer Data access in traditional databases involves JDBC connections and HTTP access for documents. However, in big data, the data access with conventional method does take too much time to fetch even with cache implementations, as the volume of the data is so high. So we need a mechanism to fetch the data efficiently and quickly, with a reduced development life cycle, lower maintenance cost, and so on. Data access patterns mainly focus on accessing big data resources of two primary types: End-to-end user-driven API (access through simple queries) Developer API (access provision through API methods) In this section, we will discuss the following data access patterns that held efficient data access, improved performance, reduced development life cycles, and low maintenance costs for broader data access: Connector pattern Lightweight stateless pattern Service locator pattern Near real-time pattern Stage transform pattern The preceding diagram represents the big data architecture layouts where the big data access patterns help data access. We discuss the whole of that mechanism in detail in the following sections. Connector pattern The developer API approach entails fast data transfer and data access services through APIs. It creates optimized data sets for efficient loading and analysis. Some of the big data appliances abstract data in NoSQL DBs even though the underlying data is in HDFS, or a custom implementation of a filesystem so that the data access is very efficient and fast. The connector pattern entails providing developer API and SQL like query language to access the data and so gain significantly reduced development time. As we saw in the earlier diagram, big data appliances come with connector pattern implementation. The big data appliance itself is a complete big data ecosystem and supports virtualization, redundancy, replication using protocols (RAID), and some appliances host NoSQL databases as well. The preceding diagram shows a sample connector implementation for Oracle big data appliances. The data connector can connect to Hadoop and the big data appliance as well. It is an example of a custom implementation that we described earlier to facilitate faster data access with less development time. Lightweight stateless pattern This pattern entails providing data access through web services, and so it is independent of platform or language implementations. The data is fetched through restful HTTP calls, making this pattern the most sought after in cloud deployments. WebHDFS and HttpFS are examples of lightweight stateless pattern implementation for HDFS HTTP access. It uses the HTTP REST protocol. The HDFS system exposes the REST API (web services) for consumers who analyze big data. This pattern reduces the cost of ownership (pay-as-you-go) for the enterprise, as the implementations can be part of an integration Platform as a Service (iPaaS): The preceding diagram depicts a sample implementation for HDFS storage that exposes HTTP access through the HTTP web interface. Near real-time pattern For any enterprise to implement real-time data access or near real-time data access, the key challenges to be addressed are: Rapid determination of data: Ensure rapid determination of data and make swift decisions (within a few seconds, not in minutes) before the data becomes meaningless Rapid analysis: Ability to analyze the data in real time and spot anomalies and relate them to business events, provide visualization, and generate alerts at the moment that the data arrived Some examples of systems that would need real-time data analysis are: Radar systems Customer services applications ATMs Social media platforms Intrusion detection systems Storm and in-memory applications such as Oracle Coherence, Hazelcast IMDG, SAP HANA, TIBCO, Software AG (Terracotta), VMware, and Pivotal GemFire XD are some of the in-memory computing vendor/technology platforms that can implement near real-time data access pattern applications: As shown in the preceding diagram, with multi-cache implementation at the ingestion phase, and with filtered, sorted data in multiple storage destinations (here one of the destinations is a cache), one can achieve near real-time access. The cache can be of a NoSQL database, or it can be any in-memory implementations tool, as mentioned earlier. The preceding diagram depicts a typical implementation of a log search with SOLR as a search engine. Stage transform pattern In the big data world, a massive volume of data can get into the data store. However, all of the data is not required or meaningful in every business case. The stage transform pattern provides a mechanism for reducing the data scanned and fetches only relevant data. HDFS has raw data and business-specific data in a NoSQL database that can provide application-oriented structures and fetch only the relevant data in the required format: Combining the stage transform pattern and the NoSQL pattern is the recommended approach in cases where a reduced data scan is the primary requirement. The preceding diagram depicts one such case for a recommendation engine where we need a significant reduction in the amount of data scanned for an improved customer experience. The implementation of the virtualization of data from HDFS to a NoSQL database, integrated with a big data appliance, is a highly recommended mechanism for rapid or accelerated data fetch. We discussed big data design patterns by layers such as data sources and ingestion layer, data storage layer and data access layer. To know more about patterns associated with object-oriented, component-based, client-server, and cloud architectures, read our book Architectural Patterns. Why we need Design Patterns? Implementing 5 Common Design Patterns in JavaScript (ES8) An Introduction to Node.js Design Patterns

IoT has been around for a while now and big players like Google, Apple and Amazon have been creating buzz around smart devices over past couple of years. But 2018 is seeing a particular interest in smart speakers. That’s no surprise after Amazon succeeding with Echo it was obvious that other market leaders would love to compete in this area. Speaking about competition, Google recently revealed impressive set of enhancements to their not so old Google Home at Google I/O 2018. Like Amazon Echo, Google Home has entered the arena where users can interact with Home to play music, get personal assistance, and control their smart home. With Google being backed with their omnipresent search engine, Echo’s place of staying on top looks a little dicey. With that being said, let's get into the crux of the discussion keeping in mind three major components: Entertainment Personal assistant Smart home controller Entertainment The ideal purpose of a speaker is to entertain you with music but here your smart speaker can interact with you and play your favourite tracks. So, if you are at a moderate distance from your device all you have to do is wake the Echo with the command “Alexa” and Google Home with “Okay Google”. Don’t close your options here as both devices provide users with alternative commands such as the Echo wakes up with "Echo," "Amazon" or "Computer" and Home with "Hey Google”. Both these devices do a fair job of hearing users as they are always listening and their built-in microphone can listen to users over moderate background disturbance. These devices offer almost similar means of connection where your Echo can be plugged in to your existing home system while Home is capable of controlling any Google Cast-enabled speaker. When it comes to connecting these devices to your TV, Home does the job well by partially controlling a CEC (Consumer Electronics Control) supported television. On the other hand, Echo needs to be integrated with Fire TV in order to control your TV. With this you must have already guessed the winner but this does not end here, Google Home has a upper hand when it comes to connecting to multiple speakers to play a single song. Amazon Echo being more than a year older still misses this feature. Personal assistant Considering the variety of personal services Google offers (Google calendar, GTasks, and Google Maps) you must be expecting a straight win for Home here as well. However, Echo hasn’t stayed behind in this race. Echo uses Alexa as its digital assistant whereas Home uses the Google assistant, the digital assistant that is shipped with other Google products such as Pixel, to respond to voice commands. So, if you ask Google Home Who is Harry Potter?, you will get a definite answer from Home. You can follow that question with Which other movie is he associated with?, Home will again provide you a definite answer as it inferred the ‘he’ you referred to is actor Daniel Radcliffe. Similarly, Echo kept up with its standards when Alexa is asked about the weather. Then, when asked How about Thursday?, the response received is accurate despite the word ‘weather’ not being used in the follow-up question. Surprisingly Google falls short when it comes to updating personal tasks. The Echo can set reminders and stack-up a to-do list which the Google Home still cannot. But it would just be a matter of time to see these features added in Google Home. When it comes to assisting a group of people, Google Home supports upto 6 multiple users and when trained is capable of recognizing family member’s voice as long as they don’t sound similar. So, if one of the family members asks for a traffic or calendar update Home will customize the response depending on which member has asked for an update. Unfortunately, Echo lacks this capability. Google Home is still in its initial stages of enhancing its functionalities but already seems to be superior. Apart from a few, Home shares a lot of capabilities that are on Echo and in addition it supports recognizing family members and responding accordingly, so Google steals the show here as well. Smart Home Controller Another major functionality of a smart speaker is controlling your smart home. Both of these devices have displayed versatile functionalities but the winner in this area is a total surprise. Although Echo has a 2 year head start in this market Google Home hasn’t been that far behind in the race. Google has managed to integrate better with IFTTT (If This Then That) than that of Echo. This integration helps in crafting customizable commands. In a nutshell Home has more command options than Echo. So if a bulb is called “desk lamp” in the Philips app, Alexa will not respond to anything other than “desk lamp”. This comes with an additional support twist where you can group all lights and command Alexa to turn on/off all lights and the job’s done. The downside here is that without this grouping you would have to control your appliances with specific names. Well, with Google Home that’s not the case. You can assign a nickname to your home appliance and it would follow your orders. So while you must group your appliances on Echo, Google Assistant automatically groups a particular category of smart appliances helping you refer to it with your choice of command. Although Google Home has a upper hand in customizing commands, Echo is a much better device in terms of home automation control as it supports a vast variety of home appliances unlike Home. So, this time the winner is Amazon Echo. It is kind of difficult to make a clear choice as each of these have their advantages over disadvantages. If home automation is something that matters the most to you, Amazon Echo would be an apt choice. On the other hand, if personal assistant and music is all that your looking for Google Home fits perfectly. So, what are you waiting for, say the command and get things done for you. Related Links Windows 10 IoT Core: What you need to know How to build an Arduino based ‘follow me’ drone ROS Melodic Morenia released

Certifications have always proven to be one of the best ways to boost one’s IT career. Irrespective of the domain you choose, you will always have an upperhand if your resume showcases some valuable IT certifications. Certified professionals attract employers as certifications are an external validation that an individual is competent in that said technical skill. Certifications enable individuals to start thinking out of the box, become more efficient in what they do, and execute goals with minimum errors. If you are looking at enhancing your skills and increasing your salary, this is a tried and tested method. Here are the top 10 IT certifications that will help you in uprising your IT career. AWS Certified Solution Architect - Associate: AWS is currently the market leader in the public cloud. Packt Skill Up Survey 2018 confirms this too. Source: Packt Skill Up Survey 2018 AWS Cloud from Amazon offers a cutting-edge platform for architecting, building, and deploying web-scale cloud applications. With rapid adaptation of cloud platform the need for cloud certifications has also increased. IT professionals with some experience of AWS Cloud, interested in designing effective Cloud solutions opt for this certification. This exam promises to scale your ability of architecting and deploying secure and robust applications on AWS technologies. Individuals who fail to pass an exam must wait 14 days before they are eligible to retake the exam. There isn’t any attempt limit for this exam. AWS Certification passing scores depend on statistical analysis and are subject to change. Exam Fee: $150 Average Salary: $119,233 per annum Number of Questions: 65 Types of Question: MCQ Available Languages: English, Japanese AWS Certified Developer - Associate: This is another role-based AWS certification that has gained enough traction for industries to keep it as a job validator. This exam helps individuals validate their software development knowledge which helps them develop cloud applications on AWS. IT professionals with hands-on experience in designing and maintaining AWS-based applications should definitely go for this certification to stand-out. Individuals who fail to pass an exam must wait 14 days before they are eligible to retake the exam. There isn’t any attempt limit for this exam. AWS Certification passing scores depend on statistical analysis and are subject to change. Exam Fee: $150 Average Salary: $116,456 per annum Number of Questions: 65 Types of Question: MCQ Available Languages: English, Simplified Chinese, and Japanese Project Management Professional (PMP) Project management Professional is one of the most valuable certifications for project managers. The beauty of this certification is that it not only teaches individuals creative methodologies but makes them proficient in any industry domain they look forward to pursuing. The techniques and knowledge one gets from this certification is applicable in any industry globally. This certification promises that PMP certified project managers are capable of completing projects on time, in a desired budget and ensure meeting the original project goal. Exam Fee: Non-PMI Members: $555/ PMI Members: $405 Average Salary: $113,000 per annum Number of Questions: 200 Type of Question: A combination of Multiple Choice and Open-end Passing Threshold: 80.6% Certified Information Systems Security Professional (CISSP) CISSP is one of the globally recognized security certifications. This cybersecurity certification is a great way to demonstrate your expertise and build industry-level security skills. On achieving this certification users will be well-versed in designing, engineering, implementing, and running an information security program. Users need at least 5 years of minimum working experience in order to be eligible for this certification. This certification will help you measure your competence in designing and maintaining a robust environment. Exam Fee: $699 Average Salary: $111,638 per annum Number of Questions: 250 (each question carries 4 marks) Type of Question: Multiple Choice Passing Threshold: 700 marks CompTIA Security+ CompTIA Security+ certification is a vendor neutral certification used to kick-start one’s career as a security professional. It helps users get acquainted to all the aspects related to IT security. If you are inclined towards systems administration, network administration, and security administration, this is something that you should definitely go for. With this certification users learn the latest trends and techniques in risk management, risk mitigation, threat management and intrusion detection. Exam Fee: $330 Average Salary: $95,829 per annum Number of Questions: 90 Type of Question: Multiple Choice Available Languages: English (Japanese, Portuguese and Simplified Chinese estimated Q2 2018) Passing Threshold: 750/900 CompTIA Network+ Another CompTIA certification! Why? CompTIA Network+ is a certification that helps individuals in developing their career and validating their skills to troubleshoot, configure, and manage both wired and wireless networks. So, if you are an entry-level IT professional interested in managing, maintaining, troubleshooting and configuring complex network infrastructures then, this one is for you. Exam Fee: $302 Average Salary: $90,280 per annum Number of Questions: 90 Type of Question: Multiple Choice Available Languages: English (In Development: Japanese, German, Spanish, Portuguese) Passing Threshold: 720 (on a scale of 100-900) VMware Certified Professional 6.5 – Data Center Virtualization (VCP6.5-DCV) Yes, even today virtualization is highly valued in a lot of industries. Data Center Virtualization Certification helps individuals develop skills and abilities to install, configure, and manage a vSphere 6.5 infrastructure. This industry-recognized certification validates users’ knowledge on implementing, managing, and troubleshooting a vSphere V6.5 infrastructure. It also helps IT professionals build a  foundation for business agility that can accelerate the transformation to cloud computing. Exam Fee: $250 Average Salary: $82,342 per annum Number of Questions: 46 Available language: English Type of Question: Single and Multiple Choice Passing Threshold: 300 (on a scale of 100-500) CompTIA A+ Yet another CompTIA certification that helps entry level IT professionals have an upper hand. This certification is specially for individuals interested in building their career in technical support or IT operational roles. If you are thinking more than just PC repair then, this one is for you. By entry level certification I mean this is a certification that one can pursue simultaneously while in college or secondary school. CompTIA A+ is a basic version of Network+ as it only touches basic network infrastructure issues while making you proficient as per industry standards. Exam Fee: $211 Average Salary:$79,390 per annum Number of Questions: 90 Type of Question: Multiple Choice Available Languages: English, German, Japanese, Portuguese, French and Spanish Passing Threshold: 72% for 220-801 exam and 75% for 220-802 exam Cisco Certified Networking Associate (CCNA) Cisco Certified Network Associate (CCNA) Routing and Switching is one of the most important IT certifications to stay up-to date with your networking skills. It is a foundational certification for individuals interested in a high level networking profession. The exam helps candidates validate their knowledge and skills in networking, LAN switching, IPv4 and IPv6 routing, WAN, infrastructure security, and infrastructure management. This certification not only validates users networking fundamentals but also helps them stay relevant with skills needed to adopt next generation technologies. Exam Fee: $325 Average Salary:$55,166-$90,642 Number of Questions: 60-70 Available Languages: English, Japanese Type of Question: Multiple Choice Passing Threshold: 825/1000 CISM (Certified Information Security Manager) Lastly, we have Certified Information Security Manager (CISM), a nonprofit certification offered by ISACA that caters to security professionals involved in information security, risk management and governance. This is an advanced-level certification for experienced individuals who develop and manage enterprise information security programs. Only users who hold five years of verified experience, out of which 3 year of experience in infosec management, are eligible for this exam. Exam Fee: $415- $595 (Cheaper for members) Average Salary: $52,402 to $243,610 Number of Questions: 200 Passing Threshold: 450  (on a scale of 200-800) Type of Question: Multiple Choice Are you confused as to which certification you should take-up? Well, leave your noisy thoughts aside and choose wisely. Pick-up an exam that is inclined to your interest. If you want to pursue IT security don’t end-up going for Cloud certifications. No career option is fun unless you want to pursue it wholeheartedly. Take a right step and make it count. Why AWS is the prefered cloud platform for developers working with big data? 5 reasons why your business should adopt cloud computing Top 5 penetration testing tools for ethical hackers  

In the recently held AWS Summit in San Francisco, Amazon announced the general availability of two of its premium offerings - Amazon Transcribe and Amazon Translate. What’s so special about the two products is that customers will now be able to see the power of Artificial Intelligence in action, and use it to solve their day-to-day problems. These offerings from AWS will make it easier for startups and companies looking to adopt and integrate AI into their existing process and simplify their core tasks - especially pertaining to speech and language processing. Effective speech-to-text conversion with Amazon Transcribe In the AWS summit keynote, Amazon Solutions Architect Niranjan Hira expressed his excitement talking about the features of Amazon Transcribe; the automatic speech recognition service by AWS. This API can be integrated with the other tools and services offered by Amazon such as Amazon S3, and Quicksight. Source: YouTube Amazon Transcribe boasts wonderful features like: Simple API: It is very easy to use the Transcribe API to perform speech to text conversion, with minimum need for programming. Timestamp generation: The speech when converted to text also includes the timestamps for every word, so that tracking the word becomes easy and hassle-free. Variety of use-cases: The Transcribe API can be used to generate accurate transcripts of any audio or video file, of varied quality. Subtitle generation becomes easier using this API especially for low-quality audio recordings - customer service calls are a very good example. Easy to read text: Transcribe uses the cutting edge deep learning technology to parse text from speech without any errors. With appropriate punctuations and grammar in place, the transcripts are very easy to read and understand. Machine translation simplified with Amazon Translate Amazon Translate is a machine translation service offered by Amazon. It makes use of neural networks and advanced deep learning techniques to deliver accurate, high-quality translations. Key features of Amazon Translate include: Continuous training: The architecture of this service is built in such a way that the neural networks keep learning and improving. High accuracy: The continuous learning by the translation engines from new and varied datasets results in a higher accuracy of machine translations. The machine translation capability offered by this service is almost 30% more efficient than human translation. Easy to integrate with other AWS services: With a simple API call, Translate allows you to integrate the service within third party applications to allow real-time translation capabilities. Highly scalable: Regardless of the volume, Translate does not compromise the speed and accuracy of the machine translation. Know more about Amazon Translate from Yoni Friedman’s keynote at the AWS Summit. With all the businesses slowly migrating to cloud, it is clear all the cloud vendors - mainly Amazon, Google and Microsoft - are doing everything they can to establish their dominance. Google recently launched Cloud ML for GCP which offers machine learning and predictive analytics services improving businesses. Microsoft’s Azure Cognitive Services offer effective machine translation services as well, and are slowly gaining a lot of momentum. With these releases, the onus was on Amazon to respond, and they have done so in style. With the Transcribe and Translate APIs, Amazon’s goal of making it easier for startups and small-scale businesses to adopt AWS and incorporate AI seems to be on track. These services will also help AWS distinguish their cloud offerings, given that computing and storage resources are provided by rivals as well. Read more Verizon chooses Amazon Web Services(AWS) as its preferred cloud provider Tensor Processing Unit (TPU) 3.0: Google’s answer to cloud-ready Artificial Intelligence Amazon is selling facial recognition technology to police

If you’re new to programming or have just a bit of experience, you’re probably thoroughly confused, wondering whether what you’ve been told all this while was bogus! If you’re an experience developer, you’re probably laughing (or scorning) at the title by now, wondering if I was high when I wrote the article. What I’m about to tell you is something that I’ve seen happen, and could be professionally beneficial to you. Although, I must warn you that it’s not what everyone is going to approve of, so read further but implement at your own risk. Okay, so I was saying, learn the framework, not the language. I’m going to explain why to take this approach, keeping two sets of audience in mind. The first, are total newbies, who’re probably working in some X field and now want to switch roles but have realised that with all the buzz of automation and the rise of tech, the new role demands a basic understanding of programming. The latter are developers who probably have varied levels of experience with programming, and now want to get into a new job, which requires them to have a particular skill. Later I will clearly list down the benefits of taking this approach. Let’s take audience #1 first. You’re a young Peter Parker just bitten by the programming bug You’re completely new to programming and haven’t the slightest clue about what it’s all about. You can spend close to a month trying to figure out a programming language like maybe Python or Java and then try to build something with it. Or you could jump straight into learning a framework and building something out of it. Now, in both cases we’re going to assume that you’re learning from a book, a video course or maybe a simple online tutorial. When you choose to learn the framework and build something, you’re going with the move fast and break things approach, which according to me, is the best way that anyone can learn something new. Once you have something built in front of you, you’re probably going to remember it much easier than when you’re just learning something theoretical first and then tried to apply it in practice at a later stage. How to do it? Start by understanding your goals first. Where do you want to go from where you are currently at. Now if your answer was that you wanted to get into Web Development, to build websites for a living, you have your first answer. What you need to do next is to understand what skills your “dream” company is actually looking for. You’ll understand that from the Job Description and a little help from someone technical. If the skill is web development, look for the accompanying tools/frameworks. Say for example, you found it was Node. Start learning Node! Pick up a book/video/tutorial that will help you build something as you learn. Spend at least a good week getting used to stuff. Have it reviewed by someone knowledgeable and watch carefully as the person works. You’ll be able to relate quite easily to what is going on, and will pick up some really useful tips and tricks quickly. Keep practicing another week, you’ll start getting good at it. Why will it work? Well, to be honest, several organisations work primarily with frameworks on a number of projects, mainly because frameworks simplify the building of large applications. Very rarely will you find the need to work with the vanilla language. By taking the Framework-first approach, you’re gaining the skill, i.e. web development, fast, rather than worry about using the medium or tool that will enable you to build it. You’re not spending too much time on learning the foundations, which you may never use in your development. Another example - Say you’ve been longing to learn how to build games, but don’t know how to program. Plus C++ is a treacherous language for a newbie to learn. Don’t worry at all! Just start learning how to work with Unreal Engine or any other game engine/framework. Use its in-built features, like Blueprints, which allows you to drag and drop things to build your game, and voila! You have your very own game! ;) You’re a Ninja wielding a katana in Star Wars Now you’re the experienced one, you probably have a couple of apps under your belt and are looking to learn a new skill, maybe because that’s what your dream company is looking for. Let’s say you’re a web developer, who now wants to move into mobile or enterprise application development. You’re familiar with JavaScript but don’t really want to take the time to learn a new language like C#. Don’t learn it, then. Just learn Xamarin or .NET Core! In this case, you’re already familiar with how programming works, but all that you don’t know is the syntax and working of the new language, C#. When you jump straight into .NET Core, you’ll be able to pick up the nitty gritties much faster than if you were to learn C# first and then start with .NET Core. No harm done if you were to take that path, but you’re just slowing down your learning by picking up the language first. Impossible is what? I know for a fact that by now, half of you are itching to tear me apart! I encourage you to vent your frustration in the comments section below! :) I honestly think it’s quite possible for someone to learn how to build an application without learning the programming language. You could learn how to drive an automatic car first and not know a damn thing about gears, but you’re still driving, right? You don’t always need to know the alphabet to be able to hold a conversation. At this point, I could cross the line by saying that this is true even in the the latest most cutting edge tech domain: machine learning. It might be possible even for buddying Data Scientists to start using Tensorflow straight away without learning Python, but I’ll hold my horses there. Benefits of learning a Framework directly There are 4 main benefits of this approach: You’re learning to become relevant quickly, which is very important, considering the level of competition that’s out there You’re meeting the industry requirements of knowing how to work with the framework to build large applications You’re unconsciously applying a fail-fast approach to your learning, by building an application from scratch Most importantly, you’re avoiding all the fluff - the aspects you may never use in languages or maybe the bad coding practices that you will avoid altogether As I conclude, it’s my responsibility to advise you that not learning a language entirely can be a huge drawback. For example, suppose your framework doesn’t address the problem you have at hand, you will have to work around the situation by working with the vanilla language. So when I say forget the language, I actually mean for the time being, when you’re trying to acquire the new skill fast. But to become a true expert, you must learn to master both the language and framework together. So go forth and learn something new today! Should software be more boring? The “Boring Software” manifesto thinks so These 2 software skills subscription services will save you time – and cash Minko Gechev: “Developers should learn all major front end frameworks to go to the next level”