SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the HTTPS protocol and allows secure connections from a web server to a browser and vice-versa.

How to install the certificate using Let’s Encrypt?

You can follow the official docs or directly use Certbot to install the certificates for your server (like Apache, Nginx etc.) and OS (Linux, CentOS etc.)

What is the problem?

Let’s encrypt needs to be renewed every 90 days, and once configured on your server, it starts sending you emails a few weeks before the actual expiry date. Which is good but kind of annoying as well, if you like to keep your mailbox clean.

So we need to manually trigger the cerbot renew command from each server to renew SSL certificates, which is ok to some extent.

Let’s imagine a hypothetical scenario where you have to renew multiple SSL Certificates whose expiry date is very close. Isn’t that tedious to manually enter each server just to trigger the certbot to renew your certificates?

So, can’t we have a permanent solution? The obvious answer is, YES WE CAN!

What's the solution?

Step 1: Obtain Permanent Keys from Cloudflare

The first step in setting up SSL with permanent keys from Cloudflare is to obtain the necessary keys. This can be done by navigating to the "SSL/TLS" tab in your Cloudflare account, and selecting "Create Certificate" under the "Origin Certificates" section. You will then need to enter the domain name for which you want to generate the certificate and click "Next".

Click on Create Certificate and select the default RSA (2048) key type and choose your certificate validity period (During this period you never had to renew your certificates)

Make sure to copy and store the keys in safer vault storage,

Step 2: Configure Nginx (Reverse Proxy)

Once you have obtained the permanent keys, you can now configure Nginx to use them. This can be done by adding the following code to your Nginx configuration file, typically located at /etc/nginx/nginx.conf:

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /path/to/your_certificate.crt;
    ssl_certificate_key /path/to/your_private_key.key;
}

This code configures Nginx to listen on port 443 (the default port for HTTPS) and use the specified SSL certificate and private key for the domain example.com. Replace the path to your certificate and private key and domain name with the actual values from your Cloudflare account.

Step 3: Test the Configuration Once you have configured Nginx to use the permanent keys from Cloudflare, you can test the configuration by visiting your website using https://. If the configuration is set up correctly, you should see the padlock icon in the browser indicating that the connection is secure.

In conclusion, using permanent keys for SSL from Cloudflare in Nginx is a simple process that can be done by obtaining the necessary keys from Cloudflare, configuring Nginx to use them, and testing the configuration. This will provide an additional layer of security for your website and ensure that sensitive information is protected.

Note*: You will need to have Nginx installed on your server, and this is just a basic example, You should also consider configuring additional security features like HSTS (HTTP Strict Transport Security) and OCSP stapling (Online Certificate Status Protocol) to further secure your website.*

Many of us come into contact with OAuth when browsing around the Web, and most of us aren’t even aware of its existence. OAuth(Open Authentication) is a system that grants third-party websites limited access to user accounts, for example, your Twitter or Facebook accounts.

It lets visitors interact within the site without requiring new account registration or releasing your username and password to third parties.

In this guide, I’d like to introduce the concept of OAuth and how it can apply to developers. There are a lot of technical details involved in the implementation of your OAuth application.

OAuth is an open-standard authorization protocol that allows users to share their private resources (e.g. data, files) stored on one site with another site without having to give away their credentials, typically a password. In this article, we will show you how to integrate Microsoft OAuth into Portainer, a popular open-source tool for managing containerized applications.

Prerequisites: You must have deployed and exposed your portainer application over HTTPS.

Step 1: Register your application with Azure Active Directory (AAD)

Login to your [Azure Portal](https://portal.azure.com/) and choose App registration, click on new app registration to create a new app and update your application URL.

Once done, click on the API-Permissions menu and choose the below permissions to grant access to the OAuth app, (Enable only the relevant needed access) and hit save.

Finally, click on the Certificates & Secrets menu to create a new client secret & id, and copy and store the secrets securely.

Step 2: Configure Portainer with your AAD application

After configuring Portainer with your AAD application, you can now enable OAuth in the Portainer settings. This can be done by navigating to the "Authentication" tab and selecting "Microsoft" as the authentication method.

Update the client ID under the Tenant ID field and the client secret under the Application key, for Application ID head on to the Azure portal and click on your application to view the Application ID.

Step 3: Test the integration

To test that the integration is working correctly, you can log in to Portainer with your Microsoft account. If everything is set up correctly, you should be able to access the Portainer dashboard without any issues.

In summary, integrating Microsoft OAuth into Portainer is a straightforward process that can be completed in four steps: registering your application with Azure Active Directory, configuring Portainer with your AAD application, enabling OAuth in the Portainer settings, and testing the integration. This will provide an added level of security and ease of access for users.

"The cloud" refers to servers that are accessed over the Internet, and the software and databases that run on those servers. Cloud servers are located in data centers all over the world.

Characteristics of cloud computing

• Network access to cloud services
• Pay only what you need from a measured service
• Multi-tenancy – many customers in same space
• On-demand self-service to scalable resources
• High bandwidth links to and between datacenters

Who is using cloud computing? Organizations of every type, size, and industry are using the cloud for a wide variety of use cases, such as data backup, disaster recovery, email, virtual desktops, software development and testing, big data analytics, and customer-facing web applications.

Microsoft Azure platform provides all or many of the below features by default or out of the box.

Scalability

• Ability of system to scale by adding or removing resources.
• Resources could be like any resources including VM, database storage and more.

Elasticity

• Elasticity is the ability of a system to scale dynamically.

Agility

• The ability to react quickly and allocate and deallocate resources in a very short time.
• In the on premise world requesting resource and allocation might take weeks to months of time depending upon the resource.
• In the cloud, resource spin up would happen in minutes and at maximum it would take a few hours for heavy resources.

Fault Tolerance

• Ability of system to remain up and running during component and service failures
• Major Azure cloud services have built in fault tolerance.

Disaster recovery

• Disaster recovery is the ability of a system to recover from an event that has taken down the service
• Disaster recovery can be easily set by setting replication in different regions.

High Availability

• Availability is a measure of system uptime.

Large public cloud services have near-global reach

Service Model

Azure offers 3 service Models

• Iaas (Infrastructure as a service)
• PaaS (Platform as a service)
• SaaS (Software as a service)

Infrastructure as a Service (IaaS)

With Infrastructure as a Service customers access raw computing resources in the form of storage space, various sizes of virtual machine, networking services, and other related management tools.

• Customers pay for time and space on a server(s).
• Responsible to install and manage their own operating system and software.

Examples: Azure Stack, ExpressRoute

Platform as a Service (PaaS)

Platform as a Service offers customers direct access to services rather than to raw computing resources for application design and deployment.

• The PaaS model provides metered (pay as you go) access to services.
• Cloud service is responsible for individual virtual machines, and managing basic resources.

Examples: Azure App Service & IoT device analytics

Cloud service models

Azure Compute service

Let's first understand what a compute service is... Compute resources are infrastructure resources that provide processing capabilities in the cloud. For example, virtual clusters, virtual resource pools, and physical servers are all compute resources.

Azure compute provides the infrastructure you need to run your apps. Tap in to compute capacity in the cloud and scale on demand. Containerize your applications, deploy Windows and Linux virtual machines (VMs) and take advantage of flexible options for migrating VMs to Azure. With comprehensive support for hybrid environments, deploy how and where you want to. Azure compute also includes a full-fledged identity solution, so you gain managed end-point protection and Active Directory support which helps secure access to on-premises and cloud apps.

How to choose an Azure compute service

Azure offers a number of ways to host your application code. The term compute refers to the hosting model for the computing resources that your application runs on. If your application consists of multiple workloads, evaluate each workload separately. A complete solution may incorporate two or more compute services.

• “Lift and shift” is a strategy for migrating a workload to the cloud without redesigning the application or making code changes (this is also known as re-hosting). If you lift and shift without re-architecting, you should reserve your compute instances to reduce cost whilst you look to rearchitect later, as you’re already aware of the resource utilization on your workloads.
• Cloud optimized is a strategy for migrating to the cloud by refactoring an application to take advantage of cloud-native features and capabilities.

Azure Virtual machines

The virtual machine is an initial IaaS stage in Azure compute options. This is the most common compute service which is used on all cloud platform widely. So when we create a virtual machine on an Azure portal then we have to deal with some important configuration parameters:

• The Network Interface gets public and private IP address.
• The virtual machine can have multiple disks mounted as per needs.

Some important characteristics of the virtual machine are:

• You don’t have to manage the underlying physical servers.
• Deploy any type of workload
• You can stop the virtual machine whenever you don’t want the virtual machine to run
• You can also control the traffic flow using network security groups
• You can also monitor different underlying metrics like CPU Utilization and Network Utilization

Pros of Azure Virtual machines

• Scalability
• Data Security/Compliance
• High Availability
• Cost-Effective

Cons of Azure Virtual machines

• Requires Management
• Requires Platform Expertise

Also, read Azure scale sets (Virtual Machine Scale Set) that play an important role in cloud computing which provides more elasticity and scalability.

Azure App Services

Setting up a web application presents many challenges: Scaling, Load-Balancing, Patch Management, Configuration Management, Security/Compliance, to name a few. In order for applications to run without issue and without downtime, it is important to deploy these applications with minimum in-service capacity. In addition, it is important to keep the OS and platform versions up to date. However, that is a cumbersome task, needing a lot of operation overhead and expertise.

To make an application highly available in Microsoft Azure, a number of cloud services must be implemented. An application gateway, for instance, is important for distributing traffic. Virtual Machines that scale based on demand are also important. Resources must be provisioned individually, yet integrating them can take a large amount of time.

Azure App Service helps solve these issues and reduces operational overhead so that developers can concentrate on web development instead of spending more time on infrastructure setup.

When we choose a service to deploy our application, it's often a choice between control, flexibility and ease of use. Cloud services offer greater control over the apps but increases developer responsibility.

Azure App Service, on the other hand, is a Platform as a Service (PAAS) that is quick to build, deploy and scale the application. It helps build enterprise ready applications quickly, accelerating time-to-go-live, all while reducing the overall day to day responsibility of managing the platform.

Pros of Azure App Service

• Built-in HTTPS support
• Multiple languages and frameworks
• Production Ready Environment
• DevOps integration
• Security and compliance

Cons of Azure App Service

• Pricing is High
• Fixed Domain Name (Deployment of apps under cheap domain names)
• No Remote Desktop
• No Performance Counters

Azure Batch Service

Most of the enterprise and large applications run the lots of automated tasks in the background which can include anything like processing data, bringing new output, calculations, processing billing, testing software etc. In such applications the role and design are equally important for high-performance computing (HPC) and running processes in parallel to get a job DONE.

Azure batch gives you the power to use ‘Azure batch service’ which provides the facility to run large-scale parallel and high-performance computing (HPC) batch jobs efficiently in Azure without capital investment. This service is recommended to use the large-scale execution and run the parallel tasks like image analysis processing, data injection, processing data, software test case execution and much more.

How does it work? You need a Batch account to use the Batch service. Most Batch solutions also use an associated Azure Storage account for file storage and retrieval.

• Upload the input files and applications to process the input file into Azure Storage account. These input files can be anything consisting of data to process it.
• Create of pool of nodes (virtual machines) to execute the processes. This also consists of configuration of machines like O.S., size of nodes etc.

Then, create a job and its associated tasks to perform the actions. Azure batch service automatically schedules the job in the pool of nodes to execute it.

• Before executing the tasks, service will download the files and applications from Azure storage to provide and execute on the node.
• Once the job of execution of tasks is started then application can connect to batch service and monitor the progress of execution over HTTPs.
• As the job completes Azure batch service upload the output to Azure storage. We can also fetch this output file from the node directory file system.
• Then our client application can download the output files from Azure storage.

Pros of Azure Batch

• Cost-effective – with proper pool management you only pay for the time the workload is executed.
• Elastic – you can easily match VM configuration and workflow to your demands. You can choose from general usage A-tier to N-tier VMs with hundreds of RAM memory and dozens of processors.

Cons of Azure Batch

• Complex – Azure Batch system might be difficult to manage. Setting up the whole system: pools, jobs, and tasks might be confusing for beginners and it needs some experience to make Azure batch reliable and cost-effective.
• Limited support – Lack of in-depth documentation and poor developer support. As Azure - Batch is still strongly developed by Microsoft and the service is used mostly by big companies, it did not live to see thorough documentation and community support yet.

Azure Functions

Azure Functions is an event driven server less compute platform that lets you implement code that is triggered by events that happen in Azure or other third party services. With Azure Functions you don't need to explicitly provision or manage infrastructure in order to run the event-triggered code.

Azure Functions can be used to achieve decoupling, high throughput, reusability and shared. Being more reliable, it can also be used for the production environments.

How Do You Call Azure Function?

Azure Functions can be called when triggered by the events from other services. Being event driven, the application platform has capabilities to implement code triggered by events occurring in any third-party service or on-premise system.

How Long Can Azure Functions Run?

For any Azure Functions, a single Function execution has a maximum of 5 minutes by default to execute. If the Function is running longer than the maximum timeout, then the Azure Functions runtime can end the process at any point after the maximum timeout has been reached.

Azure Container Instances

Azure Container Instances allows you to run a container without provisioning virtual machines or having to use container orchestrators like Kubernetes or DC/OS. Container Instances are useful when you just want a container without orchestration.

Pros of using Azure Container Instances

• Faster startup times
• Full Container access
• Compliant deployments
  • Hypervisor-level security
  • Customer data (Protection)

Cons of using Azure Container Instances

• Hard to orchestrate multiple containers.
• Hard to manage data flow or network access across them.

Since managing multiple containers in runtime is bit harder we use Azure Container Apps which provides multiple container support and platform integrational support with each other in a easier way. to learn more about it click here

Azure Kubernetes Service

Kubernetes is a fast-growing platform for managing containerized applications, storage, and networking components. It allows developers and administrators to focus on application workloads, not infrastructure components. Kubernetes provides a convenient, declarative way to deploy large numbers of containers, with a powerful set of APIs for management tasks.

Kubernetes can be complex to install and maintain, especially when running in production and at an enterprise scale. To reduce the complexity of key management and deployment operations, such as scalability and Kubernetes updates, you can use Azure Kubernetes Service (AKS), which offers managed Kubernetes services. To simplify the process, Azure manages the AKS control plane, and customers pay only for the AKS nodes the application runs on. AKS is based on the Azure Kubernetes Service Engine, which was released by Microsoft as open source.

The reference architecture is composed of:

Azure Kubernetes Service (AKS)—at the center of the architecture is AKS.

Kubernetes cluster—a cluster running your workloads, deployed on AKS. With AKS you only manage agent nodes; AKS assumes responsibility for the Kubernetes control plane.

Virtual network—AKS creates a virtual network in which agent nodes can be deployed. In advanced scenarios, you can create a virtual network first, to give you more control over configuration of subnets, local connections, IP addresses, etc.

Ingress—the ingress provides an HTTP/HTTPS path to access cluster services. Behind it, you will typically deploy an API Gateway to manage authentication and authorization.

Azure Load Balancer—created when the NGINX ingress controller is implemented. Used to route incoming traffic to the ingress.

External data storage—microservices are usually stateless and save data to external data stores, such as relational databases like Azure SQL Database or NoSQL stores like Cosmos DB.

Azure Active Directory (AD)—AKS has its own Azure AD identity, used to generate and control Azure resources for Kubernetes deployments. In addition to these mechanisms, Microsoft recommends using Azure AD to establish user authentication in client applications that use the Kubernetes cluster.

Azure Container Registry (ACR)—used to store your organization’s Docker images and use them to deploy containers to the cluster. ACR can also leverage authentication by Azure AD. Another option is to store Docker images in a third party registry, like Docker Hub.

Azure Kubernetes Service Use Cases:

We’ll take a look at different use cases where AKS can be used.

• Migration of existing applications: You can easily migrate existing apps to containers and run them with Azure Kubernetes Service. You can also control access via Azure AD integration and SLA-based Azure Services like Azure Database using Open Service Broker for Azure (OSBA).
• Simplifying the configuration and management of microservices-based Apps: You can also simplify the development and management of microservices-based apps as well as streamline load balancing, horizontal scaling, self-healing, and secret management with AKS.
• Bringing DevOps and Kubernetes together: AKS is also a reliable resource to bring Kubernetes and DevOps together for securing DevOps implementation with Kubernetes. Bringing both together, it improves the security and speed of the development process with Continuous Integration and Continuous Delivery (CI/CD) with dynamic policy controls.
• Ease of scaling: AKS can also be applied in many other use cases such as ease of scaling by using Azure Container Instances (ACI) and AKS. By doing this, you can use AKS virtual node to provision pods inside Azure Container Instance (ACI) that start within a few seconds and enables AKS to run with required resources. If your AKS cluster is run out of resources, if will scale-out additional pods automatically without any additional servers to manage in the Kubernetes environment.
• Data streaming: AKS can also be used to ingest and process real-time data streams with data points via sensors and perform quick analysis.

Azure Spring Service

Spring Cloud Azure is an open-source project that provides seamless spring integration with Azure services. It gives developers a Spring-idiomatic way to connect and consume Azure services, with only need few lines of configuration and minimal code changes. Once you’re ready to run your spring app in the cloud, we recommend Azure Spring Cloud. Azure Spring Cloud is a fully managed Spring Cloud service, built and supported by the same team as Spring Cloud Azure.

It was the result of joint effort of Microsoft and VMware to provide an easy development experience when building cloud-native applications depending on Spring Boot, Spring Cloud, and integrating with Azure Cloud components.

Why use Azure Spring Cloud?

Being able to view your data in a single UI makes troubleshooting errors and issues much easier. Now, Spring Boot developers can enjoy that benefit in New Relic One. With Microsoft Azure’s latest integration, you can simply send your application data directly to New Relic One.

Deployment of applications to Azure Spring Cloud has so many benefits, such as:

• Efficiently migrate existing Spring apps and manage cloud scaling and costs.
• Modernize apps with Spring Cloud patterns to improve agility and speed of delivery.
• Run Java at cloud scale and drive higher usage without complicated infrastructure.
• Develop and deploy rapidly without containerization dependencies.
• Monitor production workloads efficiently and effortlessly.

Azure Service Fabric

Azure Service Fabric handles infrastructure needs, deployment, and scaling, allowing developers to spend more time on features. Service Fabric powers core Azure infrastructure and other Microsoft services, and you can use this technology in your own software solutions to achieve high-availability, better reliability, scalability, and performance. In this course, learn about the platform's main benefits, as well as how to build Service Fabric applications for the cloud or on premises. Instructor Rodrigo Díaz Concha details the benefits of Service Fabric as a distributed microservices platform, the Service Fabric application model, as well as its overall development cycle. He also shows how to create Service Fabric clusters from the Azure Portal and CLI, develop container-based Service Fabric microservices solutions, and more.

Security responsibilities

Security is one of the most important aspects of any architecture. Good security provides confidentiality, integrity, and availability assurances against deliberate attacks and abuse of your valuable data and systems. Losing these assurances can harm your business operations and revenue, and your organization's reputation.

The various cloud services require different levels of customer engagement and responsibility for security.

Here is a link for best practices to be followed in Azure click here

Azure Security click here

Conclusion

With more than 200 services and numerous benefits, Microsoft Azure is undoubtedly the fastest-growing cloud computing platform being adopted by businesses. In fact, Microsoft Azure’s total revenue is expected to surpass $19 billion by 2020. This growth in the implementation of Azure by businesses is creating various opportunities for professionals well-versed in this technology.

So, if you are interested in a career in Azure, this is the right time to jump in. The best way to start your career in Azure is by getting certified with Azure.

I hope you enjoyed this post, and that you'll come back for the next one!

Feel free to subscribe my email newsletter for future updates and connect with me on GitHub and Twitter.

This article will compare the features of Python and Rust, as well as the pros and cons of each, so you can decide which one will work best for your next project. First, let’s define each of these languages.

What is Rust?

Rust was developed from C++ with more safe scripts in 2010. The language is open source. Rust has a high-performance graph when compared with C++ or C language. Rust has many curly brackets and indentation is not necessary at all. Memory management is done through the RAII convention in Rust. Rust compiler is able to infer the type of variable, argument, function from the context or syntax it is typed. Now type state is removed from Rust that is achieved through branding pattern.

There is a Builder pattern in Rust that allows describing the current state of an object into the type of that object. Rust does not have classes as defined but it works with type structures and implementations. There were many changes while the version was updated in Rust. This reason made Rust less popular among developers. Inheritance and polymorphism are supported in Rust. There is no automated garbage collection in Rust. Safe Rust and unsafe Rust makes users select Rust language programming for their development to be on the safer side.

fn main () {
println! ("Hello World!");
}
println! is the macro in this program.

Even though Rust is a newer language compared to Python, it has quickly gained popularity within the developer community and is the most loved technology, according to the 2021 StackOverflow developer survey. Rust can also be used in many different domains such as:

• System developments
• Web applications
• Embedded systems
• Blockchain
• Game engines

Advantages of Rust

• Rust is performance-oriented compared to other languages with its fast and memory-efficient architecture with no runtime or garbage collection.
• Enforces strict safe memory allocations and secure coding practices.
• Direct safe control over low-level resources. (Comparable to C/C++)

Disadvantages of Rust

• Relatively higher learning curve compared to languages like Python. A higher degree of coding knowledge is required to use Rust efficiently.
• Low level of monkey patching support.
• The compiler can be slow compared to other languages.

What is Python?

Python is a programming language designed to help developers work more efficiently and integrate systems more effectively. Like Rust, Python is multiparadigm and designed to be extensible. You can use lower-level API calls, such as CPython, if speed is paramount.

Python, which dates all the way back to 1991 when it was introduced by Guido van Rossum, is notable for its code readability, elimination of semicolons, and curly brackets.

Besides its extensible nature, Python is an interpreted language, which makes it slower than most compiled languages. As you might expect given its maturity, Python has a large ecosystem of libraries and a large, dedicated community.

Advantages of Python

• Python has a relatively smaller learning curve compared to other languages. It can provide a simpler development experience without compromising functionality. The asynchronous coding style allows developers to easily handle complex coding requirements.

• A massive collection of libraries and frameworks is available. Python has gained an impressive number of libraries and frameworks due to its maturity and popularity. As a developer, there is a high chance that you can find a library or framework for any kind of functionality.

• Python integrates with a wide variety of software, including enterprise applications and databases. It can be easily integrated with other languages like PHP and .NET.

Disadvantages of Python

• Python is slower compared to compiled options such as C++ and Java since it is an interpreted language.
• While Python is easy to debug, some errors won’t be shown until runtime.

Read our comparisons of (Python to Go)click here

Rust vs Python: All Essential Differences

Here is the list of essential differences between Rust and Python

Rust vs Python Performance

Rust provides better performance than Python. Rust offers developers a solid balance of high performance and security, as well as faster processing. Rust is about twelve times faster, and its performance is comparable to C and C++, but Python is slower. Yes, Python is known for being “slow” in some situations, but this doesn’t matter in most cases. This is a minor element that will not affect the majority of projects.

Rust vs Python Security

Managing computer memory safely and efficiently is one of the most difficult tasks for any programming language. Security is one of the best aspects of Rust. Python has a garbage collector that looks for and cleans up unused memory as the program runs.

Rust is extremely safe. There is a higher emphasis on fixing memory leaks and other security issues. Memory leaks are addressed in many of its key principles.

Rust vs Python Low-level language

It is one of the primary differences in Rust is a low-level programming language. It is a great option for embedded and bare-metal development due to its direct access to hardware and memory.

Rust is best for developers who have limited resources and need to ensure that their software does not fail. Whereas the high-level language Python is better suited to fast prototypes.

Rust vs Python Dynamic And Static Typing

Python is a dynamic type system, which makes creating software easier for programmers. Whereas Rust is a static type system requiring programmers to declare parameters, i.e., constants and function arguments, it supports Python-like dynamic typing within the function body. “None” is a valuable feature in Rust that allows programmers to deal with exceptions at build time, ensuring that the program executes smoothly for the user.

Rust vs Python Easiness to Code & Learn

The most significant, but also the most subjective, part of this comparison is learning and coding experience. Everyone wants their first programming language to be simple to learn but versatile to pursue various programming careers.

Beginners generally take one to two weeks to start building projects, whereas it only takes a few days for them to start building projects in other competitive languages.

In comparison to Rust, Python is much easier to learn. Python is a great language for beginners because of its extremely short learning curve. The syntax of Python is extremely simple to read, understand, and code, even for beginners.

So, which one is right for me?

As we have seen, the Python vs Rust debate is not a simple one to solve. Both of them have advantages and disadvantages but are overall great, versatile and powerful programming languages which are rightly popular in the developer community.

In general, Python provides a simpler development experience and is easier to get started with. It also has a bigger community and wider resource base to choose from, so offers better extensibility for potentially larger projects. Python can be used across many disciplines, from web application development to DevOps, scientific scripting, machine learning and enterprise apps. This versatility, combined with the ease of use, makes it easy to see why Python is so popular.

Rust, meanwhile, should be the preferred option if speed and security are your priorities. Its performance-orientation and memory safety make it ideal for projects such as system development, file systems, game engine development, virtual reality (VR) and embedded integrations. These options make it clear that Rust will only continue to gain in popularity, and as it matures, its documentation and extensibility will improve too.

I hope you enjoyed this post, and that you'll come back for the next one!

Feel free to subscribe my email newsletter and connect with me on GitHub or Twitter

Python is the language to use for readable, shareable code—hence the large community around it.

Technically, Go is a procedural, functional language built for speed, and Python is an object-oriented, imperative, functional, and procedural language. Go supports concurrency, the ability of an algorithm to run its steps out of order, and Python doesn’t.

If you’re choosing between Go and Python, it’s likely because both of these languages are quickly growing and extremely marketable. While Go trails behind Python in terms of its raw community code base, it’s rapidly becoming one of the most important languages in the market.

Python is two decades older than Go. But that doesn’t mean that Go is going to knock Python off of its throne. Today, we’re going to take a deeper look at Go language, Python, and when you should use one language over the other.

In short, if you are working with data and your audience is people, use Python. If you are working with servers, use Go.

A Python’s tale

Ask some developers and you will hear that there was nothing before Python and there will be nothing after it. Over the years, it has managed to gain a cult-like following because it is a very good programming language. The internet is filled with wonders created using Python.

Python is old, in terms of programming years. It was first conceptualized back in 1991. And with age comes certain advantages. It has a wide following which translates to it being stable and well documented. In most cases, you will find libraries for almost everything and code samples for just about everything you can think of. What this means for devs and businesses is that the choice of using Python comes with it a wealth of experience and coding just waiting to be accessed.

There are plenty of open-source projects that use Python as a base, so in most cases, you are not starting from scratch. It is well integrated into enterprise applications and can be used in machine language and AI applications. But it does have its downsides. For one, it is not ideal for memory-intensive tasks, a bit on the slow side for executions and unsuitable for mobile application development.

Speaking of Golang(Go)

Developed at Google back in 2009. Go was a solution to a problem. Its aim was to create a language that took away all the baggage and excesses found in languages such as C++. This gives it a performance and speed boost that makes working with it a delight. Plus, most developers picking up Go for the first time are not going to be left adrift as the familiar elements and ease of use would come as a pleasant surprise.

This is not to say the language is perfect in all cases. While it takes speed and elegance to the next level, it does, however, leave behind some a few things to be desired. For one, it does not have an extensive library, nor support for inheritance. In addition, there is no GUI library or object-oriented programming support. What it does have going for it is a lightweight thread (Goroutines), smart standard library, strong built-in security and is easy to code with minimal syntax.

Why use GO language?

Here, are important reasons for using Go language:

• It allows you to use static linking to combine all dependency libraries and modules into one single binary file based on the type of the OS and architecture.
• Go language performed more efficiently because of CPU scalability and concurrency model.
• Go language offers support for multiple libraries and tools, so it does not require any 3rd party library.
• It’s statically, strongly typed programming language with a great way to handle errors

Why use Python language?

Here, are reasons for using Python language:

• Python is a powerful object-oriented programming language.
• Uses an elegant syntax, making the program you write easier to read.
• Python comes with a large standard library, so it supports many common programming tasks.
• Runs on various types of computers and operating systems: Windows, macOS, Unix, OS/2, etc.
• Very simple syntax compared to Java, C, and C++ languages.
• Extensive library and handy tools for developers
• Python has its auto-installed shell
• Compared with the code of other languages, python code is easy to write and debug. Therefore, its source code is relatively easy to maintain.
• Python is a portable language so that it can run on a wide variety of operating systems and platforms.
• Python comes with many prebuilt libraries, which makes your development task easy.
• Python helps you to make complex programming simpler. As it internally deals with memory addresses, garbage collection.
• Python provides an interactive shell that helps you to test the things before its actual implementation.
• Python offers database interfaces to all major commercial DBMS systems.

Key Differences

Below mentioned are the key differences between Python and Golang:

• As Python is a scripting language, it has to be interpreted, while Golang is quicker most of the time as it does not have to count on anything at runtime.
• Python is an ideal language that comes equipped with an easy-to-understand syntax, making it more readable and flexible. Golang is also in the prime league when it comes to clear syntax, which holds zero unnecessary components.
• Python doesn’t come with a built-in concurrency mechanism, whereas Go is packed with a built-in concurrency mechanism.
• Talking about safety, Python is a well-typed compiled language thereby incorporating a layer of security, while Golang is very decent because every variable should have a type connected with it. It implies a programmer cannot give away the details, which will further lead to flaws.
• Python is less verbose compared to Go to accomplish the same functionality.
• Python comes with dozens of libraries as opposed to Go, but gradually Go is also improving in this area.
• Python still earns the upper hand when it comes to syntax, making it very user-friendly.
• Python is considered the best when you have to solve data science problems, while Go is best suited for system programming.
• Python is a dynamically typed language, while Golang is a statically typed language, which helps you to detect flaws at compile-time, further reducing serious glitches later in the production.
• Python is the best choice for basic programming. Python can become complex if one prefers to build complicated systems. But with Go, the same task can be executed quickly without getting into the subtleties of programming language.
• Python is more compact than Golang.

Which to choose?

While Python has remained a community favorite retaining the #2 spot in the first quarter of 2019 for the fastest programming language on GitHub in terms of pull requests (+17%), Golang isn’t so far behind and is hot on its heels at #4 (+8%). The choice between Golang vs Python becomes even more blurry. Regardless, there are a few things to be considered when selecting which might be right for you.

Scalability: Golang was created with scalability in mind. It comes with inbuilt concurrency to handle multiple tasks at the same time. Python uses concurrency but it is not inbuilt; it implements parallelism through threads. This means that if you are going to work with large data sets, then Golang would seem to be a more suitable choice.

Performance: Python is not known to be memory or CPU friendly but with its huge number of libraries, Python performs efficiently for basic development tasks. Golang comes with build-in features and it is more suitable for microservices software architectures.

Applications: Python shines when used to write codes for artificial intelligence, data analytics, deep learning, and web development. Whereas Golang has been used for system programming, it is loved by developers who use it for cloud computing and cluster computing applications.

Community & Library: As mentioned earlier, Python’s age gives it certain advantages. One of which is the number of libraries it has and the large community that supports it. Golang, on the other hand, is still a growing language and does not have the number of libraries and community support that Python commands. Yet we should not count Go out just yet. Its rate of growth and adoption is incredible and it is expanding every day.

Execution: If speed is the name of the game, then Golang wins by a mile.

After taking all these into account, your use case will be the determining factor in which language to adopt. Given a scenario where you are setting up a development team to create microservices, Golang would be the more reasonable choice here as its both fast, easy to code with and can scale excellently well. Python, on the other hand, is more geared towards AI, ML and data analysis.

So going head to head, Go would come out on top in most cases and is considered to be a valid alternative to using Python. Developers need to choose a programming language considering their nature and size of the development project as well as the skill set of those involved.

The good news, however, is that regardless of choice, both languages are ever-evolving. While Golang might seem like an obvious choice in most cases, the Python community isn’t just sitting back and doing nothing. Both languages are expanding and growing. This means that we will be seeing more functionality and improvement in the future.

Proxy is a server that sits in between a client and an actual server. Word "proxy" defines, someone or something acting on behalf of something else. In computer science proxy means one server acting on behalf of other servers. A proxy server is a server (or computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers.

A client connects to the proxy server, requesting for some service (file, connection, web page) available from a different server and the proxy server evaluates the request as a way simplify and control its complexity. Proxies were invented to add structure and encapsulation to distributed systems.

Without an online proxy, your device communicates directly with web servers. All the websites that communicate with your browser can see your device and speak with it directly. In other words, your IP address is public knowledge and exposed. But what if you want to get rid of all that public exposure? A web proxy or other proxy server sits in front of the client or a network of clients and handles this traffic on its behalf. This proxy server is another device that's connected to both the internet as well as your device, and it has its own IP address. Your device speaks only to the proxy server, and the proxy forwards all communication onward to the internet at large thus keeps the IP hidden at plain sight.

What does a proxy server do, exactly?

A proxy server plays many vital roles in managing the traffic and nodes across a network. Here's a few of the primary uses for a proxy server:

Firewalls: A firewall is a type of network security system that acts as a barrier between a network and the wider internet. Security professionals configure firewalls to block unwanted access to the networks they are trying to protect, often as an anti-malware or anti-hacking countermeasure. A proxy server between a trusted network and the internet is the perfect place to host a firewall designed to intercept and either approve or block incoming traffic before it reaches the network.

Content filters: Just as online proxies can regulate incoming connection requests with a firewall, they can also act as content filters by blocking undesired outgoing traffic. Companies may configure proxy servers as content filters to prevent employees from accessing the blocked websites while at work.

Bypassing content filters: That's right - you can outsmart a web proxy with another proxy. If your company's proxy has blocked your favorite website, but it hasn't blocked access to your personal proxy server or favorite web proxy, you can access your proxy and use it to reach the websites you want.

Caching: Caching refers to the temporary storage of frequently accessed data, which makes it easier and faster to access it again in the future. Internet proxies can cache websites so that they'll load faster than if you were to send your traffic all the way through the internet to the websites server. This reduces latency - the time it takes for data to travel through the internet.

Sharing internet connections: Businesses or even homes with a single internet connection can use a proxy server to funnel all their devices through that one connection. Using a Wi-Fi router and wireless-capable devices is another solution to this issue.

Wait - isn't that the same as a VPN?

Proxies and VPNs both connect you to the internet via an intermediary server, but that's where the similarities end. While an online proxy simply forwards your traffic to its destination, a VPN encrypts all traffic between your device and the VPN server.

Types of Proxy Server

Reverse Proxy Server: The job of a reverse proxy server to listen to the request made by the client and redirect to the web server which is present on different servers.

Web Proxy Server: Web Proxy forwards the HTTP requests, only URL is passed instead of a path. The request is sent to particular the proxy server responds. Examples, Apache, HAP Proxy.

Anonymous Proxy Server: This type of proxy server does not make an original IP address instead these servers are detectable still provides rational anonymity to the client device.

Transparent Proxy: This type of proxy server is unable to provide any anonymity to the client, instead, the original IP address can be easily detected using this proxy. But it is put into use to act as a cache for the websites. A transparent proxy when combined with gateway results in a proxy server where the connection requests are sent by the client then, then IP are redirected. Redirection will occur without the client IP address configuration. HTTP headers present on the server-side can easily detect its redirection.

CGI Proxy: CGI proxy server developed to make the websites more accessible. It accepts the requests to target URLs using a web form and after processing its result will be returned to the web browser. It is less popular due to some privacy policies like VPNs, but it still receives a lot of requests also. Its usage got reduced due to excessive traffic that can be caused to the website after passing the local filtration and thus leads to damage to the organization.

Suffix Proxy: Suffix proxy server basically appends the name of the proxy to the URL. This type of proxy doesn't preserve any higher level of anonymity. It is used for bypassing the web filters. It is easy to use and can be easily implemented but is used less due to the more number or web filter present in it.

Tor Onion Proxy: This server aims at online anonymity to the user's personal information. It is used to route the traffic through various networks present worldwide to arise difficulty in tracking the users' address and prevent the attack of any anonymous activities. It makes it difficult for any person who is trying to track the original address. In this type of routing, the information is encrypted in a multi-fold's layer. At the destination, each layer is decrypted one by one to prevent the information to scramble and receive original content. This software is open-source and free of cost to use.

DNS Proxy: DNS proxy take requests in the form of DNS queries and forward them to the Domain server where it can also be cached, moreover flow of request can also be redirected and often hosted internally to an Organization.

Apart from the above types, the commonly used proxies are forward proxy server and reverse proxy server which are built to manage web services and client services on demand.

Forward Proxy Server:

A forward proxy is one who acts as a different requestor, so this proxy encapsulates the original identity of the requestor. Forward proxy can be used by the client to bypass restrictions in purpose to visit websites that are blocked by government, company or etc. Another usage of forward proxy is it can also act as a cache server. If the content is downloading multiple times, the proxy can cache the content on the server so when next time someone is downloading the same content, the proxy will send the content that is previously stored.

Reverse Proxy Server:

A proxy server is a go-between or intermediary server that forwards requests for content from multiple clients to different servers across the Internet. A reverse proxy server is a type of proxy server that typically sits behind the firewall in a private network and directs client requests to the appropriate backend server. A reverse proxy provides an additional level of abstraction and control to ensure the smooth flow of network traffic between clients and servers.

A reverse proxy operates by:

• Receiving a user connection request.
• Completing a TCP three-way handshake, terminating the initial connection.
• Connecting with the origin server and forwarding the original request.

Common use cases of Reverse Proxy scenarios:

There is a multitude of scenarios and use cases in which having a reverse proxy can make all the difference to the speed and security of your corporate network. By providing you with a point at which you can inspect traffic and route it to the appropriate server, or even transform the request, a reverse proxy can be used to achieve a variety of different goals.

Load balancing: A reverse proxy server can act as a traffic cop that sits in front of your backend servers and distributes client requests across a group of servers in a manner that maximizes speed and capacity utilization while ensuring no server is overloaded, which can degrade performance. If a server goes down, the load balancer redirects traffic to the remaining online servers.

Web acceleration: Reverse proxies can compress inbound and outbound data, as well as cache commonly requested content, both of which speed up the flow of traffic between clients and servers. They can also perform additional tasks such as SSL encryption to take load off your web servers, thereby boosting their performance

Security and anonymity: By intercepting requests headed for your backend servers, a reverse proxy server protects their identities and acts as an additional defense against security attacks. It also ensures that multiple servers can be accessed from a single record locator or URL regardless of the structure of your local area network.

What are the Benefits of a Reverse Proxy Server?

Benefits of reverse proxy servers include:

• Load balancing
• Global server load balancing (GSLB)
• Caching content and web acceleration for improved performance
• More efficient and secure SSL encryption, and
• Protection from DoS attacks and related security issues.

Load balancing is the process of distributing network traffic across multiple servers. This ensures no single server bears too much demand. By spreading the work evenly, load balancing improves application responsiveness. It also increases availability bf applications and websites for users. Modern applications cannot run without load balancers

Reverse Proxy vs Forward Proxy

In contrast, a forward proxy server is also positioned at your network's edge but regulates outbound traffic according to preset policies in shared networks. Additionally, it disguises a client's IP address and blocks malicious incoming traffic.

Forward proxies are typically used internally by large organizations, such as universities and enterprises to,

• Block employees from visiting certain websites.
• Monitor employee online activity.
• Block malicious traffic from reaching an origin server.
• Improve the user experience by caching external site content.

Benefits and Risks

Now that you know everything about proxies, here's a list of some of the benefits and risks associated with using them.

Benefits

• Secure and private internet browsing.
• Ability to get around geo-location restrictions.
• Better network performance.
• Ability to control what websites clients have access to.
• Many types to choose from to suit specific needs.

Risks

• Your requests might return really slow.
• Free or cheap proxies could be set up by hackers or government agencies.
• There are plenty more benefits and risks to using any of the proxy server types. That's why it is important to only connect to proxy servers you trust. When you are connected to a trusted proxy, the risks should have been taken into account in the configurations so you have less to worry about.

Proxy Server Risks: Free installation does not invest much in backend hardware or encryption. It will result in performance issues and potential data security issues. If you install a "free" proxy server, treat very carefully, some of those might steal your credit card numbers.

Browsing history log: The proxy server stores your original IP address and web request information is possibly unencrypted form and saved locally. Always check if your proxy server logs and saves that data - and what kind of retention or law enforcement cooperation policies they follow while saving data.

No encryption: No encryption means you are sending your requests as plain text. Anyone will be able to pull usernames and passwords and account information easily. Keep a check that proxy provides full encryption whenever you use it.

Conclusion:

Proxy and reverse proxy may sound similar but are different in terms of use cases and benefits. Both add the element of anonymity, proxy hides the identity of the client whereas the reverse proxy conceals the identity of the server. So, if you want to protect clients in your internal network, put them behind a forward proxy. On the other hand, if you intend to protect servers, put them behind a reverse proxy with proper firewall implementations enabled.

DNS or Domain Name Systems is a translation system that allows the users to browse the internet with a language we're comfortable with. Instead of typing and memorizing long sequences of numbers we can use names and letters (hostname). This "address book" is distributed around the world, stored on domain name servers that all communicate with each other. This distribution helps speed things up as there are multiple locations for the directory. This reduces load and reduces travel time.

Example: www.google.com
Actual IP: 8.8.8.8

How Exactly Does the DNS Work?

When a user tries to visit a website, initially the request is submitted, the computer will first search for its IP address, found on the local DNS cache memory. If successful, it will display the website immediately to the user. If it's unable to locate the IP address, the search query will then go to the recursive server which is maintained by the ISP (Internet Service Provider) to try and fetch the IP address. If the IP address is accurately located, the website will be displayed to the user.

The ISP will usually maintain a cache of IP addresses frequently accessed by their customers (e.g. commonly viewed websites such as Facebook or YouTube), so the chances of locating the requested websites are rather high. If the IP address can't be located, the recursive server directs the query to the root nameserver. If it's found here, the website is displayed. If not, the user query goes to the TLD nameserver, and if it's still not found, the destination the query goes to would be the authoritative server. This is where the IP address will be located, and the website will be retrieved and displayed to the user.

So, essentially, there are 4 levels the user query can go through to resolve a domain name into a computer-friendly IP address and display a website to a user. The recursive server will usually cache the IP address by extracting it from the authoritative server so it's readily accessible to users the next time they request it. There is usually a period the recursive server will cache the IP address for before it refreshes itself It's called the 'time to live. The usually directs the recursive server on how long to cache the IP address for when the communication between servers occurs.

To put it simply, one user search query leads to a whole series of queries and responses, almost like a chain reaction, to find and display a website in the blink of an eye!

DNS Resolution

DNS resolution is the process of converting a hostname into an IP address. Four operations are required to load a webpage.

The recursor is a server designed to receive queries from clients. It'll act as a middleman between the client and the DNS name server. It'll return data from its cache if it exists or will directly lookup the root name server.

The root name server contains information that makes up the root zone, which is the global list of top-level domains. The root zone contains:

Generic top-level domains such as .com, .net, and .org Country-code top-level domains such as in for India.

Top-level domain name server

A top-level domain (TLD) is the highest level of domain name in the root zone of the DNS of the internet. The Internet Corporation for Assigned Names and Numbers (ICANN) looks after most top-level domains.

Authoritative name server

The authoritative name server is the last operation in the name-server query. If the authoritative name server has access to the requested record, it'll return the IP address for the requested hostname back to the DNS recursor. This server holds the actual DNS records (A, CNAME, etc.) for a particular domain.

An Overview of DNS Querying:

A Recursive Name Server is a DNS server that receives DNS queries for informational purposes. These types of DNS servers do not store DNS records. When a DNS query is received, it will search in its cache memory for the host address tied to the IP address from the DNS query. If the recursive name server has the information, then it will return a response to query sender. If it does not have the record, then the DNS query will be sent to other recursive name servers until it reaches an authoritative DNS server that can supply the IP address.

An Authoritative DNS Server is a DNS server that stores DNS records (A, NAME, MX, TXT, etc.) for domain names. These servers will only respond to DNS queries for locally stored DNS zone files.

What is a DNS record?

DNS records (aka zone files) are instructions that live in authoritative DNS servers and provide information about a domain including what IP address is associated with that domain and how to handle requests for that domain. These records consist of a series of text files written in what is known as DNS syntax. DNS syntax is just a string of characters used as commands that tell the DNS server what to do. All DNS records also have a 'TTL', which stands for time-to-live, and indicates how often a DNS server will refresh that record.

What are the most common types of DNS record?

A record - The record that holds the IP address of a domain.

AAAA record - The record that contains the IPv6 address for a domain (as opposed to A records, which list the IPv4 address).

NAME record - Forwards one domain or subdomain to another domain, does NOT provide an IP address.

MX record - Directs mail to an email server. Learn more about the MX record.

TXT record- Lets an admin store text notes in the record. These records are often used for email security.

NS record - Stores the name server for a DNS entry.

SO record - Store's admin information about a domain.

SRV record - Specifies a port for specific services.

PTR record - Provides a domain name in reverse-lookups.

What are some of the less commonly used DNS records?

AFSDB record - This record is used for clients of the Andrew File System (AFS) developed by Carnegie Melon. The AFSDB record functions to find other AS cells. APL record - The 'address prefix list' is an experiment record that specifies lists of address ranges.

CAA record - This is the 'certification authority authorization' record, it allows domain owners state which certificate authorities can issue certificates for that domain. If no CAA record exists, then anyone can issue a certificate for the domain. These records are also inherited by subdomains.

DNSKEY record - The 'DNS Key Record' contains a public key used to verify Domain Name System Security Extension (DNSSEC) signatures.

CDNSKEY record - This is a child copy of the DNSKEY record, meant to be transferred to a parent.

CERT record - The 'certificate record' stores public key certificates.

CHID record - The 'DHCP Identifier' stores info for the Dynamic Host Configuration Protocol (DHCP), a standardized network protocol used on IP networks.

DNAME record - The 'delegation name' record creates a domain alias, just like NAME, but this alias will redirect all subdomains as well. For instance, if the owner of 'example.com' bought the domain 'website.net' and gave it a NAME record that points to 'example.com', then that pointer would also extend to 'blog. website.net' and any other subdomains.

HIP record - This record uses 'Host identity protocol', a way to separate the roles of an IP address, this record is used most often in mobile computing.

IPSECKEY record - The 'IPSEC key' record works with the Internet Protocol Security (IPSEC), an end-to-end security protocol framework and part of the Internet Protocol Suite (TCP/IP).

LOC record - The location record contains geographical information for a domain in the form of longitude and latitude coordinates.

NAPTR record - The 'name authority pointer' record can be combined with an SRV record to dynamically create URI to point to base on a regular expression.

NSEC record - The 'next secure record' is part of DNSSEC, and it's used to prove requested DNS resource record does not exist

RRSIG record - The 'resource record signature' is a record to store digital signatures used to authenticate records in accordance with DNSSEC.

RP record - This is the 'responsible person' record, and it stores the email address of the person responsible for the domain.

SSHFP record - This record stores the 'SSH public key fingerprints', SSH stands for Secure Shell and it's a cryptographic networking protocol for secure communication over an unsecure network.

What is dnsmasq and how it can be used?

Dnsmasq is free software providing DNS caching, DHCP, router advertisement and network boot features. It will decrease CPU and network usage and avoid DNS resolution failure by providing the cache.

It sounds great because DNS Cache will bring many advantages to your service & system.

• Lesser CPU usage.
• Lesser Network usage (Low latency in terms of the transaction for the service).
• Avoid the failure of resolving DNS (As there is cache).

Now it's the time to talk about what you need to be cautious about when you are using dnsmasq.

Dnsmasq Vulnerabilities

DNS masquerade is a widely used open-source DNS resolver used by many projects and hardware firmware worldwide, from Kubernetes (Kube-dns) to routers and other products. dnsmasq is the service providing the cache, so it will always be the target for DNS cache poisoning.

What should I do for dnsmasq vulnerabilities?

Many devices likely remain unpatched for the security patch and have overlooked the dnsmasq vulnerability. dnsmasq has been getting more popular and is responsive for the security vulnerability updates. So, if you update your dnsmasq software on time, your system will be safe.

DNS Poisoning

DNS cache poisoning, also known as DNS spoofing, is the act of entering false information by an attacker into a DNS cache, so that DNS queries return an incorrect response and users are directed to the wrong websites. This can be used by the attacker to be redirecting online traffic or stealing user credentials or user sensitive information.

Risks of DNS Poisoning

1. Data theft - Attacker may steal personal information (login credentials, account details, credit card numbers).
2. Malware infection - When users are directed to the attacker's fake website, attacker may install viruses or malware on their servers. So, the user will get harm.

How to prevent from DNS Poisoning

When we consider about the prevention. To prevent DNS spoofing, user-end protections are limited. Website owners and server providers are a bit more empowered to protect themselves and their users. To appropriately keep everyone safe, both parties must try to avoid spoofs.

The prevention measures for server providers and website owners are as follows:

1. Use tools for DNS spoofing detection.
2. End to end encryption.
3. Use Domain name system security extension (DNSSEC).

The prevention measures for endpoint users are as follows:

1. Never click on an unrecognized link.
2. Daily scan our system for viruses or malware.
3. Solve poisoning by flushing our DNS cache.
4. Use VPN (Virtual private network).

DNSSEC (Domain Name System Security Extensions) overview

The Domain Name System Security Extensions (DNSSEC) is an Internet standard that adds security mechanisms to the Domain Name System (DNS). It ensures both the authenticity and integrity of the DNS data, It is used to analyze the internally generated DNSSEC queries needed to build the chain-to-trust. This feature is enabled by default and can be useful to provide additional details about DNSSEC transactions.

A (local) DNS resolver can use DNSSEC to verify that the DNS zone data it receives has not been modified and is indeed identical to the authoritative zone. DNSSEC was developed mainly as means against DNS cache poisoning. It secures the transmission of resource records by means of digital signatures using asymmetric so-called public-key cryptography. If you are not familiar with the concept, think of it as a cleverly designed lock, where one key lock and one key unlocks. In DNSSEC, you get the unlocking public key, while the locking key is kept private. The owners of the authoritative server on which the zone to be secured is located signs each individual record using their private keys. DNS clients can validate this signature with the owner's public key to verify said authenticity and integrity.

A separate zone signing key (a pair consisting of a public and private key) is generated for each zone to be secured. The public part of the zone key is included in the zone file as a DNSKEY resource record. The private key is used to digitally sign each individual record of this zone. For this purpose, a new record type is provided, the RRSIG Resource Record, which contains the signature to the associated DNS record. For each transaction, the associated RRSIG record is supplied in addition to the actual resource record. The requesting resolver can then validate the signature using the public zone key.

DNSKEY records are used to propagate public keys through DNS: The owner of the key stores it as DNSKEY record on a publicly accessible DNS server. Anyone who needs this public key sends a corresponding DNSKEY request. You receive the public key in response. The procedure thus corresponds to any other DNS requests, for instance ordinary IP addresses. In practice however, this type of propagation is not sufficient since a complete zone could be forged. The public key must therefore either be introduced manually into the resolver as a trusted key or the associated DS resource record must be published in the overlying zone. The trusted key of the root zone (the uppermost level of the DNS hierarchy) is known by your Pi-hole and is hard-coded.

For a complete picture, we also need DS (Delegation Signer) records. Those are used to chain DNSSEC-signed zones. This allows multiple DNS zones to be combined into a chain of trust and validated via a single public key. The basic idea is to chain all the zones involved and use only the topmost one as the secure entry point. The security-providing and critical part is that DS record can be calculated from the DNSKEY, but not vice versa thanks to the used asynchronous cryptography.

Digital signatures: Signatures generated with DNSSEC are contained within the DNS zone itself in the new resource records which are called RRSIG (resource record signature) records. When a resolver issues a query for a name, the RRSIG record is returned in the response. A public cryptographic key called a DNSKEY is needed to verify the signature. The DNSKEY is retrieved by a DNS server during the validation process.

Zone signing Sign in a zone with DNSSEC means that you are individually signing all the records contained in the zone. This makes it possible to add, modify, or delete records in the zone without re-signing the entire zone. It is only necessary to re-sign the updated records.

DNSKEY A DNSKEY resource record stores a public cryptographic key that is used to verify a signature. The DNSKEY record is used by a DNS server during the validation process. DNSKEY records can store public keys for a zone signing key (ZSK) or a key signing key (KSK).

NSEC If the DNS server responds that no record was found, this response also needs to be validated as authentic and if there is no resource record, then there is no RRSIG record also. The answer to this problem is the Next Secure (NSEC) record. NSEC records create a chain of links between signed resource records. When a query is submitted for a nonexistent record, the DNS server returns the SEC record prior to where the nonexistent record would have been in the order. This allows for something called authenticated denial of existence.

NSEC3 is a replacement or alternative to SEC that has the additional benefit of preventing "zone walking" which is the process of repeating NSEC queries to retrieve all the names in a zone. A zone can be signed with either NSEC or NSEC3, but not both.

Delegation Singer A DS record is a DNSSEC record type that is used to secure a delegation. DS records are used to build authentication chains to child zones.

Trust anchors DNSKEY and DS resource records are also called trust anchors or trust points. A trust anchor must be distributed to all nonauthoritative DNS servers that will perform DNSSEC validation of DNS responses for a signed zone. If the DNS server is running on a domain controller, trust anchors are stored in the forest directory partition in Active Directory Domain Services (AD DS) and can be replicated to all domain controllers in the forest. On standalone DNS servers, trust anchors are stored in a file named TrustAnchors DNS.

DNSSEC Key Management

DNSSEC key management strategy includes planning for key generation, key storage, key expiration, and key replacement. Together, key expiration and replacement in DNSSEC is called key rollover.

How DNSSEC works?

DNSSEC uses digital signatures and cryptographic keys to validate that DNS responses are authentic. DNS zone can be secured with DNSSEC using a process called zone signing. Signing a zone with DNSSEC adds validation support to a zone without changing the basic mechanism of a DNS query and response. Validation of DNS responses occurs using digital signatures that are included with DNS responses. These digital signatures are contained in new, DNSSEC-related resource records that are generated and added to the zone during zone signing.

When a DNSSEC-aware recursive or forwarding DNS, server receives a query from a DNS client for a DNSSEC-signed zone, it will request that the authoritative DNS server also send DNSSEC records and then attempt to validate the DNS response using these records. A recursive or forwarding DNS server recognizes that the zone supports DNSSEC if it has a DNSKEY, also called a trust anchor, for that zone.

DNSSEC validation A recursive DNS server uses the DNSKEY resource record to validate responses from the authoritative DNS server by decrypting digital signatures that are contained in DNSSEC-related resource records, and then by computing and comparing hash values. If hash values are the same, it provides a reply to the DNS client with the DNS data that is requested, such as a host (A) resource record. If hash values are not the same, it replies with a SERVFAIL message. In this way, a DNSSEC-capable, resolving DNS server with a valid trust anchor installed protects against DNS spoofing attacks whether DNS clients are DNSSEC-aware.

DNS Server Vulnerabilities

DNS is too important to do without, but it's difficult to defend. In fact, DNS services are an excellent target for attack. Taking out an organization's DNS service renders it unreachable to the rest of the world except by IP address. If "f5.com" failed to be published online, every single Internet site and service we ran would be invisible. This means web servers, VPNs, mail services, file transfer sites everything. Even worse, if hackers could change the DNS records, then they could redirect everyone to sites they controlled. Imagine going to "www.f5.com" and landing on a page full of banner ads. Since DNS is built upon cooperation between millions of servers and clients over insecure and unreliable protocols, it is uniquely vulnerable to disruption, subversion, and hijacking. Here's a quick rundown of the known major DNS attacks.

Denial of Service

Denial-of-service attacks are not limited to DNS but taking out DNS decapitates an organization. Why bother flooding thousands of web sites when killing a single service does it all for you? The most famous DoS attacks against DNS are the recent Dyn, Inc. DDoS attacks which exceeded 40 gigabytes of noise blared at their DNS services. Dyn was running DNS services for many major organizations, so when they were drowned by a flood of illegitimate packets, so were companies like Amazon, Reddit, FiveThirtyEight, and Visa.

There are many ways to knock out DNS service, the simplest being a stream of garbage from thousands of compromised hosts (bots) in a DDoS attack. Instead of clogging up the pipe, attackers can also overwork the server with DNS Query Flood6 attacks from thousands of bots.

DNS can also be subverted for use as a denial-of-service weapon against other sites by way of DNS Amplification/Reflection. This works because DNS almost always returns a larger set of data than what was queried. A simple DNS query asking for F5.com only amounts to a few hundred bytes at most, while the response will be several orders of magnitude larger. This way an attacker can amplify network traffic through DNS servers, building up a tsunami from a ripple. Since DNS runs over UDP, it's a simple matter for attackers to craft fake packets spoofing a query source, so if they can fake thousands of queries from the victim's IP address, that tsunami of responses will return to overwhelm the victim. A bonus for the attacker is that, to the victim, it will appear as if a huge number of DNS servers are attacking it. All the while, the attacker stays safely hidden.

DNS Hijacking

Who owns what domain name and what DNS servers are designated to answer queries are managed by Domain Registrars, these are commercial services, such as GoDaddy, Nom, and Network Solutions Inc., where there are registered accounts storing this information, if attackers can hack those accounts, they can repoint a domain to a DNS server they control. Attacks like this have affected the New York Times 9, Linkedin, Dell, Harvard University, Coca Cola, and many others.

DNS Server Vulnerabilities

Because DNS services are software, they are likely to contain bugs. It's possible that some of these bugs will create software vulnerabilities that attackers can exploit. That's just the way it is with all software written by imperfect carbon-based life forms. Luckily, DNS is old (so we've had time to find most of the bugs) and simple (so bugs are easy to spot), but problems have cropped up. In 2015, there was a rather significant hole found in BIND, an open-source DNS server running much of the Internet10. Called CVE-2015-547711 (no cute name, thank you), BIND allowed an attacker to crash a DNS server with a single crafted query.

Another software vulnerability in DNS servers is the Recursive DNS spoof cache poisoning technique, which means that an attacker can temporarily change DNS database entries by issuing specifically crafted queries.

DNS Data Leakage

You can't run an unauthenticated Internet database full of important information without the occasional risk of leaking out something important. Attackers will often repeatedly query DNS servers as a prelude to an attack, looking for interesting Internet services that may not be widely known. For example, an organization may have a site called vpn.example.com which it doesn't advertise to anyone except its employees. If an attacker discovers this site, they've just found a new potential target in an attack. DNS records can also aid phishing expeditions by using known server names in their phony baloney emails.

Many organizations run DNS on the inside of the network, advertising local area network (LAN) resources for workstations. Some smaller organizations run split-horizon DNS servers that offer up Internet DNS services to the world as well as these LAN-based DNS services on the same box. A wrong configuration on that DNS server can lead to some devastating DNS data leakages as internal names and addresses are shared with attackers. Even giants can be tripped up by this seemingly simple vulnerability.

Final thoughts:

So, there you have it! It is clear how the DNS is critical to the functioning of the internet! As the internet grows and grows, so too does the DNS and the number of domain names and IP addresses register. Knowing how the DNS works and keeping in mind some of the best practices is pivotal to positive user experience as well as the success of your own website.

docker build

Create an image from a Dockerfile.

docker build [options] .
  -t "app/container_name"    # name
  --build-arg APP_HOME=$APP_HOME    # Set build-time variables

docker run

Deploys the container from docker image.

docker run [options] IMAGE
  # see `docker create` for options

Example

Run a command in an image.

docker run -it debian:buster /bin/bash

Manage containers

docker Create

docker create [options] IMAGE
  -a, --attach               # attach stdout/err
  -i, --interactive          # attach stdin (interactive)
  -t, --tty                  # pseudo-tty
      --name NAME            # name your image
  -p, --publish 5000:5000    # port map (host:container)
      --expose 5432          # expose a port to linked containers
  -P, --publish-all          # publish all ports
      --link container:alias # linking
  -v, --volume `pwd`:/app    # mount (absolute paths needed)
  -e, --env NAME=hello       # env vars

Example

Create a container from an image.

$ docker create --name app_redis_1 \
  --expose 6379 \
  redis:3.0.2

docker Exec

Command to login to the container,

docker exec [options] CONTAINER COMMAND
  -d, --detach        # run in background
  -i, --interactive   # stdin
  -t, --tty           # interactive

Example

Run commands in a container.

docker exec app_web_1 tail logs/development.log
docker exec -t -i app_web_1 rails c

docker start/stop

Start/stop a container.

docker start [options] CONTAINER
  -a, --attach        # attach stdout/err
  -i, --interactive   # attach stdin

docker stop [options] CONTAINER

docker ps

Manage containers using ps/kill.

docker ps
docker ps -a
docker kill $ID

docker logs

See what's being logged in an container.

docker logs $ID
docker logs $ID 2>&1 | less
docker logs -f $ID # Follow log output

Images

docker images

Manages images.

$ docker images
  REPOSITORY   TAG        ID
  ubuntu       12.10      b750fe78269d
  me/myapp     latest     7b2431a8d968

docker images -a   # also show intermediate

docker rmi

Deletes images.

docker rmi b750fe78269d

Clean up

Clean all

Cleans up dangling images, containers, volumes, and networks (ie, not associated with a container)

docker system prune

Additionally remove any stopped containers and all unused images (not just dangling images)

docker system prune -a

Containers

# Stop all running containers
docker stop $(docker ps -a -q)

# Delete stopped containers
docker container prune

Images

Delete all the images

docker image prune [-a]

Volumes

Delete all the volumes

docker volume prune

Sevices

To view list of all the services runnning in swarm

docker service ls

To see all running services

docker stack services stack_name

to see all services logs

docker service logs stack_name service_name

To scale services quickly across qualified node

docker service scale stack_name_service_name=replicas

Clean up

To clean or prune unused (dangling) images

docker image prune

To remove all images which are not in use containers , add - a

docker image prune -a

To prune your entire system

docker system prune

To leave swarm

docker swarm leave

To remove swarm ( deletes all volume data and database info)

docker stack rm stack_name

To kill all running containers

docker kill $(docekr ps -q )

Also see

• Getting Started (docker.io)

Containerization and virtualization, both, are methods of deploying many isolated services on the same platform and they are both prominent tools within the hosting world. Both are a means for storing data within hosting platforms. And although both terms are becoming increasingly referenced, they are often confused.

Which is the better option? That topic is frequently up for debate and is unfortunately not easily answered. The truth is that the right option depends on each user’s needs. This article will first provide a rundown of both technologies to answer this question. It discusses their uses, the situations where they perform best, and compares the advantages and disadvantages of virtualization vs containerization.

Let’s understand both the concepts before diving into the differences between them.

What is Virtualization ?

Virtualization also refers to the process of creating many instances of operating systems on the same computer.

These instances are called virtual machines. For the applications running over these virtual machines, it appears as if they are working on a system dedicated to that particular application.

Virtualization is not possible without the hypervisor. A hypervisor, or virtual machine monitor, is the software or firmware layer that enables multiple operating systems to run side-by-side, all with access to the same physical server resources. The hypervisor orchestrates and separates the available resources (computing power, memory, storage, etc.), aligning a portion to each virtual machine as needed.

Examples of virtualization tools include VirtualBox, Hyper-V, VMWare Workstation Player, amongst many others.

Though Virtualization also has some shortcomings. Running multiple VMs at the same time on Host OS leads to performance breakdown/degradation. The reason behind this is because the guest OS runs on the top of host OS, which will have its own kernel and dependencies, this takes up a large mass of system resources like Hard Disk, Processor and RAM.

What is Containerization ?

Containers are a lighter-weight, more agile way of handling virtualization — since they don't use a hypervisor, you can enjoy faster resource provisioning and speedier availability of new applications.

Rather than spinning up an entire virtual machine, containerization packages together everything needed to run a single application or microservice (along with runtime libraries they need to run). The container includes all the code, its dependencies and even the operating system itself. This enables applications to run almost anywhere — a desktop computer, a traditional IT infrastructure or the cloud.

Containers use a form of operating system (OS) virtualization. Put simply, they leverage features of the host operating system to isolate processes and control the processes’ access to CPUs, memory and desk space.

Many containers share the same operating system even though they run different isolated applications. Containerization allows developers to create applications faster without having to worry about bugs when the application is run on a computing environment different than the one on which it was developed.

Containerization tools include Kubernetes, Docker, Rocket, Podman etc...

Containers vs. VMs: What are the differences?

In traditional virtualization, a hypervisor virtualizes physical hardware. The result is that each virtual machine contains a guest OS, a virtual copy of the hardware that the OS requires to run and an application and its associated libraries and dependencies. VMs with different operating systems can be run on the same physical server. For example, a VMware VM can run next to a Linux VM, which runs next to a Microsoft VM, etc.

Instead of virtualizing the underlying hardware, containers virtualize the operating system (typically Linux or Windows) so each individual container contains only the application and its libraries and dependencies. Containers are small, fast, and portable because, unlike a virtual machine, containers do not need to include a guest OS in every instance and can, instead, simply leverage the features and resources of the host OS.

Which Is Better: Virtualization or Containerization?

In comparing virtualization vs containerization, we see that each technology serves a different purpose. Determining the better option relies heavily on the user’s application needs and required server capacity. Virtualization and containerization are both data storage methods that create self-contained virtual packages. But, when comparing virtualization vs containerization, it will help to consider the following factors before deciding which one is right for your needs.

1. Speed
2. Resources
3. Security and isolation
4. Portability and application sharing
5. Operating system requirements
6. Application lifecycle

Choosing one method over the other is a big decision. IT managers should consider all of the significant differences before taking the plunge. To help you decide more efficiently, we’ve created a quick overview in the table below.

Wrapping Up

Considering all the differences above, it is quite safe to say that containers and virtual machines can’t necessarily be used interchangeably.

Each has its benefits and specific scenarios where the other does not provide practical application. It is dependent on the user as to which system works best for them in the current scenario, and then, they can choose between Containerization and Virtualization.

1. Install Docker on your machine

For Linux (Ubuntu/Debian Based distros):

sudo apt install docker.io

For MacOSX: you can follow this link
For Windows: you can follow this link

For Windows (Enable WSL2 backend for optimized performance)

Finally, verify that Docker is installed correctly

sudo docker run hello-world

2. Create your project

Create a new directory and two files main.py and Dockerfile.

main.py -- contains python code for web server.
Dockerfile -- this file contains the structure of container.
requirements.txt-- this is a dependency file for python web server(flask).

Kindly add this code to your main.py to initiate web server,

from flask import Flask

app = Flask(__name__)

@app.route('/')
def hello_world():
 return 'Hello World'


if __name__ == '__main__':
    app.run(debug=True, host='0.0.0.0', port=5000)

add the below dependency to requirements.txt file,

Flask==2.1.2

3. Edit the Docker file

The first step to take when you create a Docker file is to access the DockerHub website. This site contains many pre-designed images to save your time (for example: all images for linux or code languages).

In our case, we will type ‘Python’ in the search bar. The first result is the official image created to execute Python. Perfect, we’ll use it!

# Start by pulling the python image
FROM python:3.8-alpine

# Copy every content from the local file to the image
COPY . /app

# switch working directory
WORKDIR /app

# install the dependencies and packages in the requirements file
RUN pip install -r /app/requirements.txt

# run the python code
CMD ["python", "main.py" ]

Let’s go over the instructions in this Dockerfile

FROM python:3.8-alpine: Since Docker allows us to inherit existing images, we install a Python image and install it in our Docker image. Alpine is a lightweight Linux distro that will serve as the OS on which we install our image

COPY ./requirements.txt /app/requirements.txt: Here, we copy the requirements file and its content (the generated packages and dependencies) into the app folder of the image

WORKDIR /app: We proceed to set the working directory as /app, which will be the root directory of our application in the container RUN pip install -r requirements.txt: This command installs all the dependencies defined in the requirements.txt file into our application within the container

COPY . /app: This copies every other file and its respective contents into the app folder that is the root directory of our application within the container

ENTRYPOINT [ "python" ]: This is the command that runs the application in the container

CMD [ "main.py" ]: Finally, this appends the list of parameters to the EntryPoint parameter to perform the command that runs the application. This is similar to how you would run the Python app on your terminal using the python main.py command.

4. Build the Docker image

Let’s proceed to build the image with the command below:

docker image build -t flask_docker .

5. Run the container

After successfully building the image, the next step is to run an instance of the image. Here is how to perform this:

docker run -p 5000:5000 -d --name new_app flask_docker

This command deploys the container with the python flask server running on port 5000, Here is the output of our application when we send a request to localhost:5000 on our browser,

Track the container status

The below command displays the list of all running active containers, check if your deployed container is in running status!

docker ps -a

6. Useful commands for Docker

List your images

docker images

Delete a specific image

docker image rm [image name]

List all existing containers (running and not running)

docker ps -a

Stop a specific container

docker stop [container name]

Delete a specific container

docker rm [container name]

Display logs of a container

docker logs [container name]

Note: If you want to learn more about Dockerfiles, check out Best practices for writing Dockerfiles.

7. Conclusion

In this article, we built a simple Flask app and containerized it with Docker. You can refer to this post every time you need a simple and concrete example on how to create your first Docker application. If you have any questions or feedback, feel free to ask.

We will try to look at the things that make Docker so special and learn how you can build, deploy, and fetch applications using Docker & Docker Hub using just a few steps.

Docker is an open source containerization platform.
It enables developers to package applications into containers—standardized executable components combining application source code with the operating system (OS) libraries and dependencies required to run that code in any environment. Docker has been a game-changer since its release in 2013.

Why use Docker?

You have probably heard the iconic phrase "It works on my machine". Well, why don't we give that machine to the customer?

• Improved—and seamless—portability
• Even lighter weight and more granular updates
• Automated container creation
• Container versioning
• Container reuse
• Shared container libraries

Docker architecture

Docker uses a client-server architecture. The client talks to the Docker daemon, which does the heavy lifting of building, running, and distributing your Docker containers. The Docker client and daemon can run on the same system, or you can connect a Docker client to a remote Docker daemon. The Docker client and daemon communicate using a REST API, over UNIX sockets or a network interface. Another Docker client is Docker Compose, that lets you work with applications consisting of a set of containers.

Core components of Docker

1. Docker file
2. Docker Image
3. Docker Container
4. Docker Engine
5. Docker registry

Dockerfile

A Dockerfile is a script that consists of a set of instructions on how to build a Docker image. These instructions include specifying the operating system, languages, environment variables, file locations, network ports, and other components needed to run the image. All the commands in the file are grouped and executed automatically.

Docker Image

• It is a file, comprised of multiple layers, used to execute code in a Docker container.
• They are a set of instructions used to create docker containers.

Docker Container

It is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings.

Docker Engine

The Docker Engine (DE) is installed on the host machine and represents the core of the Docker system. It is a lightweight runtime system and the underlying client-server technology that creates and manages containers.

Docker Engine consists of three components:

• Server - the Docker daemon (dockerd), which is responsible for creating and managing containers.
• Rest API - establishes communication between programs and Docker and instructs dockerd what to do.
• Command Line Interface (CLI) - used for running Docker commands.

Docker Registry

A Docker registry is a storage and distribution system for named Docker images. The same image might have multiple different versions, identified by their tags.

A Docker registry is organized into Docker repositories , where a repository holds all the versions of a specific image. The registry allows Docker users to pull images locally, as well as push new images to the registry.

DockerHub

DockerHub is a hosted registry solution by Docker Inc. Besides public and private repositories, it also provides automated builds, organization accounts, and integration with source control solutions like Github and Bitbucket.

To Wrap Up

Docker is a game-changer. But it is not a one-size-fits-all solution.

Whether you like it or not, this technology has a future. There are some developers and development agencies that hate Docker and try to eliminate it from all their ongoing projects. At the same time, there are specialists who containerize everything they can because they see Docker as a panacea. Perhaps, you should not join either camp. Stay impartial, stay objective, and make a decision depending on a particular situation.

Inconsistent Libraries

Initially i used to install the TensorFlow with the improper versions of CUDA & Cudnn often leads me to several problems, even a slight mismatch in versions of libraries and binaries are a trouble some process to fix so i recommend everyone to follow the above chart and install the right versions on your machine.

Microsoft Visual C + + 2015 redistributable update 3 is not installed

In order for the Tensorflow modules to work perfectly it needs run-time components of Visual C++ libraries. So download and install the below libraries in case u face issues.

https://www.microsoft.com/en-us/download/details.aspx?id=52685

Updating Environment Path to Windows (Set your PATH)

After installation of CUDA and Cudnn libraries don’t forget to add its path to ensure that TensorFlow can find CUDA, you should go to the system environment and add them as mentioned below.

export PATH="/c/Program Files/NVIDIA GPU Computing Toolkit/CUDA/v9.0/bin:$PATH"
export PATH="/c/Program Files/NVIDIA GPU Computing Toolkit/CUDA/v9.0/extras/CUPTI/libx64:$PATH"
export PATH="/c/tools/cuda/bin:$PATH"

Cudart64 dll Error

When running the tensorflow code, initially we get an error cudart64 which prevents GPU execution. I recommend you to extract the DDL script from zip and paste it to,

C:\Windows\System32

https://drive.google.com/file/d/10kKz9YRRmTtMj4vZHTt8fNrrrbgD2ooU/view

Test Tensorflow GPU installation

To verify successful installation of tensorflow, try running this in your machine and hope fully it completes without any errors.

import tensorflow as tf 
#Device Name
print('Device Name: '+tf.test.gpu_device_name())
# Version-check
print('Version: '+tf.__version__)
#CUDA Support
print('CUDA Support: '+str(tf.test.is_built_with_cuda()))

Installation Setup

We will cover the following steps:

1. Install Anaconda & Python
2. Install/ Update GPU Drivers
3. Install CUDA Toolkit & cuDNN
4. Add Environment Variables to the PATH in Windows
5. Install TensorFlow & Keras
6. Verify the package run

(Step-1) Installation of Anaconda

In this step, kindly download the Anaconda Python package manager for your platform (Windows/Linux) and install it accordingly.

https://www.anaconda.com/products/distribution

(Step-2) Install GPU Drivers — CUDA 10.1 requires 418.x or higher

Now, Choose your appropriate graphics driver and install it, I recommend you to update to the latest version for better performance.

NVIDIA Drivers: https://www.nvidia.com/Download/index.aspx?lang=en-us

(STEP-3) Install CUDA Toolkit — TensorFlow supports CUDA 10.1 (TensorFlow >= 2.1.0)

Note: Kindly choose the CUDA version according to your Nvidia GPU version to avoid errors. {: .prompt-tip }

Note: Kindly choose the CUDA version according to your Nvidia GPU version to avoid errors.

1. Choose the desired platform and download it Cuda Toolkit

Make sure you have the right CUDA version and drivers installed else the setup won't work!

1. Install CUDA Toolkit with default settings and usually it takes time so bare with it!

(Step-4) Adding Cudnn libraries

Cudnn libraries provide accelerated performance on GPU usage, so we need to add it in for smoother and efficient performance.

https://developer.nvidia.com/cudnn-download-survey

It will prompt you to create an account, go ahead and sign up and download the appropriate version for your platform.

Now extract the Cudnn libraries zip file and copy all the files to

“C:\Program Files\NVIDIA GPU Computing Toolkit\CUDA\v10.2”

location and overwrite the files on that location.

(Step-5) Add Environment Variables to the PATH in Windows

1. Open Run using (Win + R) and type sysdm.cpl and press Enter
2. Under System Properties, please select the Tab Advanced.
3. In Environment Variables go to System variables
4. Click on Add and save the below path,
5. Click ok and Save it.

Variable name = CUDA_PATH

Variable value = C:\Program Files\NVIDIA GPU Computing Toolkit\CUDA\v10.0

(Step-6) Install TensorFlow & Keras

Open command prompt and type in,

pip install tensorflow-gpu

After successful installation try running this below program to verify its successful setup.

import tensorflow as tf
# Device Name
print('Device Name: '+tf.test.gpu_device_name()
# Version-check
print('Version: '+tf.__version__)
# CUDA Support
print('CUDA Support: '+str(tf.test.is_built_with_cuda()))

If you face any library missing issue then kindly download the below zip extract it and paste it over

https://drive.google.com/file/d/10kKz9YRRmTtMj4vZHTt8fNrrrbgD2ooU/view?usp=sharing

C:\Windows\System32

In case u need packages and setup directly, then you can refer my Github Repo

https://github.com/rexdivakar/Deep-Learning-Setup

Congratulations! 😉 You have successfully created an environment for using TensorFlow, Keras (with Tensorflow backend) over GPU on Windows!

Built with Python 3

Prerequisites:

• Python It is preinstalled in Ubuntu 20.04. To check the version use command:

  python3 --version
  

  If it is not preinstalled for some reason, proceed here and download as per requirement. Run the following command in terminal to download the required packages for running the tool locally :
• Using requirements file :

pip3 install -r requirements.txt

• Directly download packages:

  pip3 install requests==2.24.0
  pip3 install matplotlib==3.2.2
  pip3 install slackclient==2.9.3
  

Install the package

Run the following terminal commands to install the package on the given distros.

• Terminal: shell

pkg install python3

pip3 install notifly

• Ubuntu/Debian

sudo apt install python3-pip

pip3 install notifly

• Arch

sudo pacman -S python3-pip

pip3 install notifly

This may take a while depending on the network speed.

Working of the tool

Telegram

To see how the tool works,

1. Create the telegram bot.

2. Getting the bot API token

   1. Search and go to _@Botfather_ .
   2. Message /mybots .
   3. Select the bot.
   4. Select the API token displayed in message.
   5. Copy and use in sample code.

   from notifly import telegram              #import the package    
   x = telegram.Notifier('bot API token')   #create object of class Notifier
   x.send_message('message')                #send message
   x.send_image("image address")            #send image(.jpg or .png format)
   x.send_file("file address")              #send document
   x.session_dump()                         #creates folder named 'downloads' in local folder, downloads/saves message,chat details for current session in 'sessio_dump.json' file
   

3. Run sample code.

Discord

To see how the tool works,

1. Create server.

2. Create and copy server webhooks instruction and use in sample code.

   from notifly import discord
   x = discord.Notifier(r'webhook')         #create object of class Notifier
   x.send_message('message')                #send message
   x.send_file("file address")              #send file
   x.send_file("image address")             #send image
   

3. Run sample code.

Slack

To see how the tool works,

1. Create app. Follow these steps,
   1. Go here to create a new API for slack.
   2. Choose to Create an App .
   3. Enter App Name and select workspace. Click Create App.
   4. Under Add features and functionality select Incoming Webhooks and Activate Incoming Webhooks.
   5. Scroll down, select Add New Webhook to Workspace and select a channel from the drop down.This channel name is used as an argument in the sample code. Click Allow.
   6. Select OAuth & Permissions from left-sidebar.
   7. Under Scopes > Bot Token Scopes click Add an OAuth Scope and add the following scopes,
      chat:write   chat:write.public   files:write   users:write
   8. Scroll up, under OAuth Tokens for Your Team copy the Bot User OAuth Access Token to use in sample code.
   9. Click Reinstall to Workspace, select channel and click Allow.

2. Write sample code.

   from notifly import slack
   x= slack.Notifier('token', channel='channel-name')      #create object of class Notiflier
   x.send_message('message')      #send message
   x.send_file("image or file address")      #send image/file
   

3. Run sample code.

Tensorflow Integration

Plug and play feature for your tensorflow callbacks

# create your notifier using above methods
from notifly import discord
notifier = discord.Notifier(r'webhook') 
class MyNotifierCallback:

    @notifier.notify_on_epoch_begin(epoch_interval=1, graph_interval=1, hardware_stats_interval=1)
    def on_epoch_begin(self, epoch, logs=None):
        pass

    @notifier.notify_on_epoch_end(epoch_interval=1, graph_interval=1, hardware_stats_interval=1)
    def on_epoch_end(self, epoch, logs=None):
        pass

    @notifier.notify_on_train_begin()
    def on_train_begin(self, logs=None):
        pass

    @notifier.notify_on_train_end()
    def on_train_end(self, logs=None):
        pass

model.fit(callbacks=[MyNotifierCallback()])

Learn more about Notifly ✨

Read the wiki pages which has all the above steps in great detail with some examples as well 🤩🎉.

Contributing

1. Fork the Project
2. Create your Feature Branch

   git checkout -b feature/mybranch

3. Commit your Changes

   git commit -m 'Add something'

4. Push to the Branch

   git push origin feature/mybranch

5. Open a Pull Request
   
   Follow the given commands or use the amazing GitHub GUI
   Happy Contributing