• Home
    • Phil-Wilkins.uk
  • About
    • Presenting Activities
    • http://phil-wilkins.uk/
    • LinkedIn
  • Books & Publications
    • Logging in Action with Fluentd, Kubernetes and More
      • Logging in Action with Fluentd – Book
      • Fluentd Book Resources
      • Log Generator
    • API & API Platform
      • API Useful Resources
    • Oracle Integration
      • Book Website
      • Useful Reading Sources
  • Resources
    • GitHub
    • Mindmaps Index
    • Patterns Sources
    • Oracle Integration Site

Phil (aka MP3Monster)'s Blog

~ from Technology to Music

Phil (aka MP3Monster)'s Blog

Author Archives: mp3monster

OIC, Aces and Video

01 Tuesday Sep 2020

Posted by mp3monster in General, OIC - ICS, Oracle, Technology

≈ Leave a comment

OIC & Aces

As some may know we have continued to support our book on Oracle Integration through our site Oracle-Integration.cloud with monthly a roundup of new articles and posts coming from the community. Today we posted the August roundup. This compliments our own writing, and the possibility of adding a cookbook to compliment the original book. There are two sources that we don’t take look at too deeply, the use of videos resources and courses. Primarily because these sources cost, or take time to determine what the content covers. Whilst I’m not providing guarantees, two members of the Ace community that I have had regular contact and respect have developed course ware and video content these are:

  • Ankur Jain‘s TechSupper blog and course on Udemy
  • Atul Kumar’s K21 Academy which includes a blog
  • Oracle Learning on You Tube – the Integration content has its own playlist

Running Groovy scripts as JARs

03 Monday Aug 2020

Posted by mp3monster in General

≈ Leave a comment

Tags

book, Groovy, jar, java, logsimulator, package, tool

For those who regularly follow my blog, I like Groovy as a way of scripting given its portability, proximity to Java, its use of the JVM means its really easy to work with. With the extra language features it makes it easy to work with without needing to setup Maven builds to manage dependencies for something simple. As a result, the utils I’ve produced to support Oracle API Platform CS (here) for example are written with Groovy.

However, not everyone is such a fan, or sees Groovy as niche and, to be honest in the last few years Python has made huge in roads in the scripting space. So I can appreciate the preference for Python to be used. This was really brought home to me by a peer review comments for my latest book project. This got me to thinking what options do I have to remove Groovy from the equation, without resulting in needing to mess with maven POM files. The options as I saw it are:

  • Replace any use of Groovy extensions with Java libraries
  • Switch to using Java 11 and the shebang feature (more in a minute)
  • Compile code with Groovyc and package the jars manually including dependencies.

From Java 11, the ability for a single Java file to be executed without compiling etc was introduced – known as shebang (more here). The issue here is a lot of applications have been certified against Java 8, and in an Enterprise environment this is important. Which means either installing Java 11 locally without changing environment variables, or you need to add code to switch Java versions as necessary. The upside being that you can run your code as a script, and then if necessary build it into a jar to distribute. Aside from the need to switch between JDK versions, Java’s language gets ever richer, but Groovy has a nice set of extensions that make JSON object navigation really nice, and these aren’t necessarily in core Java.

Groovy provides a tool to compile Groovy to bytecode for the JVM (i.e. create class files). From which we can create a JAR file with using the javac command. But this doesn’t bundle the Groovy dependencies necessary to run the jar, as a result Groovy still needs to be installed. You could do this through the use of a maven, Gradle or other build tools. But we’re back to creating a POM file or equivalent., and to be honest creating a POM file from scratch is slow going unless everything lines up neatly with file structures, which it won’t because when you produce a script you’re not expecting to need to worry about packages and associated folder structures.

In looking to see if someone had simplified the process I came across this excellent tool scriptjar (more here). Script jar takes the location of the class files, creates a jar file and loads it with the Groovy jar dependencies, and assembles the manifest file etc. Net result, a jar file created in 2 lines that has no Groovy deployment dependencies to use, and will work with older Java versions such as Java 8.

I started out referring to the API tools, but the same mechanism can be applied to the LogSimulator tool I’ve created that allows you to generate or replay existing logs in real-time or faster than real-time, making it easy to test log monitoring setups from a monitored source all the way through (today it only handles log file replaying or the use of the Java native logging).

Meetup – magic of correlations in SOA, BPM and Oracle Integration Cloud

30 Thursday Jul 2020

Posted by mp3monster in Cloud, Dev Meetup, OIC - ICS, Oracle, Technology

≈ 1 Comment

Tags

BPM, correlation, Martien van den Akker, meetup, OIC, Oracle, Presentation, SOA

Earlier this month as part of the Virtual Oracle Developer Meetups, we were very fortunate to have Oracle Ace, Martien van den Akker present on the subject of the magic of correlations in SOA, BPM, and Oracle Integration Cloud. Martien not only presents to the Oracle community but also is very active on the Oracle community sites (community.oracle.com and Cloud Customer Connect) sharing his wealth of knowledge. When it comes to the tough questions about Oracle middleware tech on these platforms, you stand a good chance that Martien will be the one answering your question.

This insightful presentation not only addressed the traditional Oracle Integration approach using SOA and BPM but also contrasted the capabilities as provided by Oracle Cloud. Martien was generous enough to allow us to record the presentation and share it (below), along with the demo resources from:

  • https://github.com/makker-nl/blog/tree/master/CorrelationDemo
  • https://github.com/makker-nl/blog/tree/master/CorrelationDemoOIC

Martien also blogs at https://blog.darwin-it.nl/ which contains a wealth of insightful articles – recommended reading.

Loving Your Logs – bol.com podcast

09 Thursday Jul 2020

Posted by mp3monster in General

≈ Leave a comment

Tags

bol, bol.com, logging, podcast, techlab

Earlier this week I was fortunate enough to be invited to participate in the bol.com’s TechLab podcast on logging. I understand this is the first time that Bol have had an external participant in one of their podcasts, so feeling very honored, not to mention having enjoyed the whole recording process.

bol.com TechLab

bol.com are a European etailer, with a platform based capability. It was really interesting to talk about how they have approached logging in comparison to other organizations I’ve worked with over the years.

I’d recommend checking out not just this podcast (obviously) but others as well given that the guys have been very open about their platform and their experiences.

You can listen to the podcasts from the following links:

  • Spotify
  • Apple
  • Direct from bol.com

Presenting during these strange Covid times (Updated)

16 Tuesday Jun 2020

Posted by mp3monster in General, Technology

≈ Leave a comment

Tags

yatra

The Corona Virus pandemic has had some very odd impacts to the usual technology conferences. We all know that a great number of events have moved from physical to virtual. From a presenter’s perspective has meant the opportunity to present to communities we would normally be less likely submit papers for. For example, the All India Oracle User Group Yatra conference is a significant event in the Oracle Ace/ Groundbreakers calendar – where I have had two papers accepted.

For me to present there, is a challenge as it requires that I lose a week of fee earning time (once you account for the travel). But since the event has gone virtual, I’ve been able to submit a paper, which has been selected …

In addition, the recently postponed Camp Cloud Native which has been lead from the US, has been rescheduled because of the events triggered by the death of George Floyd. As the event is virtual, it wasn’t difficult for the organizers to do the right thing.

With meetups going virtual participating in European events is a lot easier, for example contributing to Aces@Home Episode 3 …

Whilst presenting virtually is the current norm, we are still seeing calls for papers for physical events for October/November this year. It creates a bit of a dilemma. Will it be safe enough to travel? will my family feel comfortable with me travelling (even today we’re hearing news of a serious new outbreak in Beijing)?, will I have to isolate at either end of the journey? Difficult, because I don’t want to submit a paper, and then withdraw at the last minute if circumstances look less secure. Having been involved in user group conference planning, whilst last minute changes will always happen, they can be difficult to cover, so would prefer not to put people in that position.

Whilst I’m not an extrovert by nature, being physically present at a conference, has its plusses – the opportunity to network/meet other Aces to catchup.

So until the physical conference again, be online, be distant, and be safe.

Virtual Developer Meetups

15 Monday Jun 2020

Posted by mp3monster in Cloud, Dev Meetup, development, General, Oracle, Technology

≈ Leave a comment

Tags

charity, development, hackerthon, meetup, Oracle

With the impact of Covid19 on the Meetup community really hitting, the Oracle Developer Meetups across Europe have got together and gone on-line. We’re several events in now, whilst Lucas Jellema (AMIS) and Rolando Carrasco (SPS) are leading the charge with a great series of sessions focusing Oracle Cloud Native services complete with practical labs.

Today was one of my sessions, whilst I only co-hosted, we got to hear a great presentation with a heart warming story which in this challenging times seems all the more appropriate. Christian McCabe (Steltix) and Filip Huysmans (Contribute) presented on how a multinational hackerthon spanning South Africa to Belgium was put together to only help children of Christel House (a charity who work to provide education to those who would not normally get access to it). Not only was the hackerthon engineered to given the students a chance to learn and experience software development in a pretty realistic context, it also provided the school with some software to help their everyday activities, in this case managing books in their library.

The hackerthon yielded a lot of successful outcomes (Steltix wrote about it here), but, what was really interesting is that whilst working with the school, children and interns (from both Steltix and Contribute) took a lot lessons away as well.

The Meetup recording can be found here.

Finally we should thank Geertjan Wielenga who facilitated and supported the development of the hackerthon.

If you want to know more about the virtual meetups then check our meetup page (https://www.meetup.com/Oracle-Developer-Meetup-London) for both virtual events, and when things change so we can all be a lot closer and be sharing pizza again.

Book Project Unveiled – Unified Logging with Fluentd

03 Wednesday Jun 2020

Posted by mp3monster in Books, FluentD, General, Technology

≈ Leave a comment

Tags

book, development, FluentD, logs, manning, MEAP, monitoring, writing

Fluentd is both an open source solution for making log management so much easier to work with, particularly for distributed / multi component solutions. But not only that it is supported by many log analytics tools, and central to several cloud vendors log management services.

The goal of the book is to explain how Fluentd can help us and to use the tool. We can’t cover every possible plugin, so we walk through the use of enough plugins and the way features interact you can extrapolate to other plugins.

Oracle API CS vs OCI API approach to securing gateway configuration

02 Tuesday Jun 2020

Posted by mp3monster in API Platform CS, APIs & microservices, General, Technology

≈ Leave a comment

Tags

API, CLoud Native, IaaS, Linux Foundation, OCI, Oracle, Owasp, PaaS, SaaS, Security, Terraform

A couple of years ago I got to discuss some of the design ideas behind API Platform Cloud Service. One of the points we discussed was how API Platform CS kept the configuration of APIs entirely within the platform, which meant some version management tasks couldn’t be applied like any other code. Whilst we’ve solved that problem (and you can see the various tools for this here API Platform CS tools). The argument made that your API policies are pretty important, if they get into the public domain then people can better understand to go about attacking your APIs and possibly infer more.

Move on a couple of years, Oracle’s 2nd generation cloud is established an maturing rapidly (OCI) and the organisational changes within Oracle mean PaaS was aligned to SaaS (Oracle Integration Cloud, Visual Builder CS as examples) or more cloud native IaaS. The gateway which had a strong foot in both camps eventually became aligned to IaaS (note that this doesn’t mean that the latest evolution of the API platform (Oracle Infrastructure API) will lose its cloud agnostic capabilities, as this is one of unique values of the solution, but over time the underpinnings can be expected to evolve).

Any service that has elements of infrastructure associated with it has been mandated to use Terraform as the foundation for definition and configuration. The Terraform mandate is good, we have some consistency across products with something that is becoming a defacto standard. However, by adopting the Terraform approach does mean all of our API configurations are held outside the product, raising the security risk of policy configuration is not hidden away, but conversely configuration management is a lot easier.

This has had me wondering for a long time, with the use of Terraform how do we mitigate the risks that API CS’s approach was trying to secure? But ultimately the fundamental question of security vs standardisation.

Mitigation’s

Any security expert will tell you the best security is layered, so if one layer is found to be vulnerable, then as long as the next layer is different then you’re not immediately compromised.

What this tells us is, we should look for ways to mitigate or create additional layers of security to protect the security of the API configuration. These principles probably need to extend to all Terraform files, after all it not only identifies security of not just OCI API, but also WAF, networks that are public and how they connect to private subnets (this isn’t an issue unique to Oracle, its equally true for AWS and Azure). Some mitigation actions worth considering:

  • Consider using a repository that can’t be accidentally exposed to the net – configuration errors is the OWASP Top 10. So let’s avoid the mistake if possible. If this isn’t an option, then consider how to mitigate, for example …
    • Strong restrictions on who can set or change visibility/access to the repo
    • Configure a simple regular check that looks to see if your repos have been accidentally made publicly visible. The more frequent the the check the smaller the potential exposure window
  • Make sure the Terraform configurations doesn’t contain any hard coded credentials, there are tools that can help spot this kind of error, so use them. Tools exist to allow for the scanning of such errors.
  • Think about access control to the repository. It is well known that a lot of security breaches start within an organisation.
  • Terraform supports the ability to segment up and inject configuration elements, using this will allow you to reuse configuration pieces, but could also be used to minimize the impact of a breach.
  • Of course he odds are you’re going to integrate the Terraform into a CI/CD pipeline at some stage, so make sure credentials into the Terraform repo are also secure, otherwise you’ve undone your previous security steps.
  • Minimize breach windows through credentials tokens and certificate hanging. If you use Let’s Encrypt (automated certificate issuing solution supported by the Linux Foundation). Then 90 day certificates isn’t new.

Paranoid?

This may sound a touch paranoid, but as the joke goes….

Just because I’m paranoid, it doesn’t mean they’re not out to get me

Fundamental Security vs Standardisation?

As it goes the standardisation is actually a dimension of security. (This article illustrates the point and you can find many more). The premise is, what can be ensured as the most secure environment, one that is consistent using standards (defacto or formal) or one that is non standard and hard to understand?

Cloud Native eParty

29 Friday May 2020

Posted by mp3monster in Cloud, FluentD, General, Technology

≈ Leave a comment

Tags

CLoud Native, conference, eParty, FluentD, virtual

We’ve been told because of current events in the US that this event is going to be rescheduled.

I am pleased to say that I will be talking about Fluentd at the Cloud Native eParty virtual conference on 2nd June 2020. I’ll be presenting at 4pm, and then hanging out on the conference slack channel to answer any more questions people might have.

https://cloudnativeeparty.com/#section-registration

Hope to see you online.

Online Meetup – Tech Italia

14 Tuesday Apr 2020

Posted by mp3monster in APIs & microservices, General, Technology

≈ Leave a comment

Tags

API, meetup, online, Presentation

I presented at an online Meetup on today (Thursday 16th April) with a shortened version of my API technology overview (A quick look at gRPC, GraphQL, REST APIs – Which way to go?).  Aside from an early interruption to the event, the evening was an excellent series of speakers covering a number of API centric subjects.

More about the event and future events – https://www.meetup.com/TechItaliaTuscany/events/269621146/

highres_490068626

Continue reading →

← Older posts
Newer posts →

Oracle Ace Director

TOGAF 9

Logging in Action

Oracle Cloud Integration Book

API Platform Book

Oracle Dev Meetup London

Categories

  • App Ideas
  • Books
    • Book Reviews
    • manning
    • Oracle Press
    • Packt
  • Enterprise architecture
  • General
    • economy
    • LinkedIn
    • Website
  • Music
    • Music Resources
    • Music Reviews
  • Photography
  • Technology
    • APIs & microservices
    • chatbots
    • Cloud
    • Dev Meetup
    • development
    • drone
    • FluentD
    • mindmap
    • OMESA
    • Oracle
      • API Platform CS
        • tools
      • Helidon
      • ITSO & OEAF
      • Java Cloud
      • NodeJS Cloud
      • OIC – ICS
    • TOGAF
    • UKOUG
  • xxRetired

Twitter

  • RT @conf42com: 🔴 ❝Making Logs Work for you with Fluentd❞ Register: conf42.com/Cloud_Native_2… by @mp3monster, Senior Consultant and #TechEvan…Next Tweet: 1 day ago
  • RT @HamillHimself: Smart dog. I only wish I'd thought of hiding behind the couch when I first met him.Next Tweet: 1 day ago
  • RT @WunderlichRd: When providing APIs, offering an SDK makes life much easier on your users. Oracle Cloud Infrastructure API Gateway now s…Next Tweet: 1 day ago
  • RT @HeliFromFinland: Thank you @javedmohammed @OracleSysDev for all the great interviews, your hard work, and your continuos support for th…Next Tweet: 6 days ago
  • Mrs Monster (2nd from left) gets her 5 seconds of fame on SouthToday https://t.co/BRp0r6dvk8Next Tweet: 1 week ago
Follow @mp3monster

OraWorld

OraWorld

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 578 other followers

Blogs I Follow

  • Rick's blog
  • A journey in development
  • Phil (aka MP3Monster)'s Blog
  • RedThunder.Blog
  • A millennial's musings
  • Shalindra's Blogs
  • BTplusMore
  • Creativenauts
  • PaaS Community Blog
  • RedStack
  • Musings of an Enterprise Software Technologist
  • The Open Group Blog
  • SutoCom Solutions
  • Rob's Wall Of Music
  • DataCentricSec.com
  • A World of Events

My Other Web Content & Contributions

  • All My Links
  • Amazon Author entry
  • API Platform
  • Dev Meetup (co-managed)
  • Fluentd Book
  • http://phil-wilkins.uk/
  • ICS Book Website
  • Mindmaps
  • Monster's Photos
  • my Capgemini Profile
  • OMESA
  • Oracle Community Directory
  • Packt Author Bio

RSS

RSS Feed RSS - Posts

RSS Feed RSS - Comments

Calendar

April 2021
M T W T F S S
 1234
567891011
12131415161718
19202122232425
2627282930  
« Mar    

Other Pages

  • About
    • Presenting Activities
  • Books & Publications
    • API & API Platform
      • API Useful Resources
      • Useful Reading Sources
    • Logging in Action with Fluentd, Kubernetes and More
    • Oracle Integration
  • Mindmaps Index
    • Patterns Sources

Speaker Recognition

Open Source Summit Speaker

Flickr Pics

UKOUG volunteersBrightonBrightonBrighton
More Photos

History

Goodreads

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.com

OraNA

Aggregated by OraNA

Blogroll

  • A Journey in Development
  • A Neate Blog
  • Blog by Robert van Mölken (co-author on ICS book)
  • Exigency In Specie
  • Ora World
  • SOA4U

Social

  • View @mp3monster’s profile on Twitter
Follow Phil (aka MP3Monster)'s Blog on WordPress.com

Tags

6 Music Aaron Woody Ace AIA album Ansible API apiary API Platform applications article BBC Big Data blog book books Capgemini cd CEP Cloud code concert conference data Design developer development download ebook enterprise FluentD free fusion Good Morning Nantwich Groovy Helidon integration java JBoss jBPM London Luis Weir meetup Microservices mindmap monitoring Music OIC OIC - ICS OOW Oracle Oracle Press OTN PaaS Packt Packt Publishing Patterns Phill Jupitus playlist podcast Presentation promotion Puppet reading Redhat review Security SeeWhy SOA SOA Suite software Technology TOGAF UKOUG video

Blog at WordPress.com.

Rick's blog

End-to-End OIC to SAP integration

A journey in development

A blog-post by blog-post journey of a ERP Cloud Solutions Degree Apprentice

Phil (aka MP3Monster)'s Blog

from Technology to Music

RedThunder.Blog

Demystifying cloud technologies...

A millennial's musings

Shalindra's Blogs

Technofunctional Blogs

BTplusMore

Business, Technology and more

Creativenauts

Personal, design, inspiration, interests.

PaaS Community Blog

by Jürgen Kress

RedStack

Oracle Cloud Stuff

Musings of an Enterprise Software Technologist

My thoughts on Enterprise Software Technologies...and more.

The Open Group Blog

Achieving business objectives through technology standards

SutoCom Solutions

Success & Satisfaction with the Cloud

Rob's Wall Of Music

Thoughts of a lifelong music hoarder...

DataCentricSec.com

A World of Events

A Blog for Event and Data Analytics

Cancel

You must be logged in to post a comment.

Loading Comments...
Comment
    ×
    Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
    To find out more, including how to control cookies, see here: Our Cookie Policy