18Jul2016

Software as a Service: DockerCon US 2016

There was DockerCon US 2016 in June in Seattle [http://2016.dockercon.com]. Docker community grows from year to year, and this is the largest Docker-centric event. There are a lot of news announced during the sessions, plenty of use-cases described, talks about success stories from enterprise level projects to middle-size Software as a Service solutions.

New Features

There was announced new version of Docker 1.12. It should be released in several weeks. There will be built-in Orchestration and Docker Swarm.

Orchestration is a set of duties for installing, updating and maintaining your infrastructure during lifetime of the application. It doesn’t seem a problem in case of several servers, but if you have more systems to hold under control in your Software as a Service project, then it would not be so easy. Orchestration have to be useful and simple. To achieve both of those goals, the orchestration is built-in into new Docker version.

Docker Swarm

Docker Swarm is a technology to install and maintain a cluster for Docker. Several systems may be joined together and treated as the saem Docker container. There are Swarm manager and worker nodes. They are communicating in secured way via TLS transparently for software developers. We can use docker CLI to create a swarm:

Read more
08Jul2016

Application Development: NaCl and Sodium crypto libraries

Security concepts are very important at line of professional Application Development in enterprise scope. Cryptography helps us to achieve Integrity and Confidentiality as 2 of 3 main Security principles. Protocols needs us to encrypt and decrypt important data, specific content have to be signed and verified. For decades we used RSA, OpenSSL [https://www.openssl.org/] as general-purpose cryptography library and its wrappers. On the other hand, OpenSSL is not so easy to work with. It needs both some level of understanding cryptography and its approaches as a whole and pure implementation aspects of OpenSSL, as well. For now, we have much better approaches. Easy to use, but strong at line of cryptography and implementation.

NaCl

Daniel J. Bernstein (with colleagues) released NaCl library [https://nacl.cr.yp.to/] several years ago. It’s pronounced “slat”. The main goal was to bring easy-to-use solution for software developers, who need just-work cryptography in their projects. Simplicity is the key point of the interface of the framework. On the other hand, it covers all duties of cryptography library and provides all common routines: hashing, public-key encryption, signing and authenticated encryption. E.g., authenticated encryption is an algorithm including 3 steps mixed in one of 3 ways. NaCl provide single interface crypto_box, which is done everything in one step. Such approach is much safer. Developer can’t break something in the flow. Main implementation of the library is in C, C++ and python. C version can be used in embedded Application Development. It doesn’t depend on dynamic memory allocation. There are several implementations of the same function.

Read more