A Future Without Servers | TechSNAP 358

techsnap-0358-v

The term serverless gets thrown around a lot, but what does it really mean? What are the benefits & the drawbacks? It’s a TechSNAP introduction to Serverless Architecture.

Plus new research with ideas to dramatically improve private web browsing, the growing problem of tracking security vulnerabilities with CVE’s & much more!

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Patreon

Show Notes:

Revamp of ‘Pwned Passwords’ Boosts Privacy and Size of Database

In V2 of Pwned Passwords, launched last week, Hunt updated his password data set from 320 million passwords to 501 million new passwords, pulled from almost 3,000 breaches over the past year.

First, 1Password hashes your password using SHA-1. But sending that full SHA-1 hash to the server would provide too much information and could allow someone to reconstruct your original password. Instead, Troy’s new service only requires the first five characters of the 40-character hash.

tl;dr – a collection of nearly 3k alleged data breaches has appeared with a bunch of data already proven legitimate from previous incidents, but also tens of millions of addresses that haven’t been seen in HIBP before. Those 80M records are now searchable

Apple’s China data migration includes iCloud keys, making data requests easier for authorities

Now, according to Apple, for the first time the company will store the keys for Chinese iCloud accounts in China itself. That means Chinese authorities will no longer have to use the U.S. courts to seek information on iCloud users and can instead use their own legal system to ask Apple to hand over iCloud data for Chinese users, legal experts said.

Researchers Propose Improved Private Web Browsing System

In a paper (PDF) describing Veil, Frank Wang – MIT Computer Science and Artificial Intelligence Laboratory (CSAIL), Nickolai Zeldovich – MIT CSAIL, and James Mickens – Harvard, explain that the system is meant to prevent information leaks “through the file system, the browser cache, the DNS cache, and on-disk reflections of RAM such as the swap file.”

Nearly 8,000 Security Flaws Did Not Receive a CVE ID in 2017

A record-breaking number of 20,832 vulnerabilities have been discovered in 2017 but only 12,932 of these received an official CVE identifier last year, a Risk Based Security (RBS) report reveals.


What is Serverless Architecture? What are its criticisms and drawbacks?

Serverless architectures refer to applications that significantly depend on third-party services (knows as Backend as a Service or “BaaS”) or on custom code that’s run in ephemeral containers (Function as a Service or “FaaS”), the best known vendor host of which currently is AWS Lambda.

The big promise:

  • NO SERVER MANAGEMENT

There is no need to provision or maintain any servers. There is no software or runtime to install, maintain, or administer.
FLEXIBLE SCALING

Your application can be scaled automatically or by adjusting its capacity through toggling the units of consumption (e.g. throughput, memory) rather than units of individual servers.

  • HIGH AVAILABILITY

Serverless applications have built-in availability and fault tolerance. You don’t need to architect for these capabilities since the services running the application provide them by default.

  • NO IDLE CAPACITY

You don’t have to pay for idle capacity. There is no need to pre- or over-provision capacity for things like compute and storage. For example, there is no charge when your code is not running.

Develop, test and deploy in a single environment, to any cloud provider. You don’t have to provision infrastructure or worry about scale. Serverless teams cut time to market in half.

  • Maybe the ultimate layer of abstraction.
  • Your not paying for un-utilized hardware/server time
  • The vendor, like Amazon, is patching/maintaining the server base for you. Removing the developer from the process.
  • Traditional server management roles may start to transition to service management, configuration, and manage all the abstractions AWS gives you. IE the admins role goes from one wrangeling the operating system, to wrangling layers of abstraction and independent services.

The big constraint:

  • No local disk, you send data in, and data comes out.
  • Not ideal for ongoing workloads.

The big secure:

Open Source FaaS:

Serverless Functions Made Simple for Docker and Kubernetes

Feedback

Question? Comments? Contact us here!