Dating Vandalized

Colorful gradient-filled Landing Page for Katerina Lyadova and Melissa Hughes' new book, Dating Vandalized. The purchase buttons link out to Amazon (for digital format) and to a store section using WooCommerce within the WordPress website. Quite neat how the navigation overlay includes a bonus image of the book on tablet.

(The Free Chapters preview is in a separate section but in the format of a page reader so I'm allowing it in )

by Rob Hope via One Page Love

Ember House

Ember is a financial wealth management firm that offers a highly personalized service to its clients and accompaniment oriented towards personal wellness through good money management.
by via Awwwards - Sites of the day

Small Business Owners Listen Up – Facebook Advertising Can Save You Money While Increasing Your ROI

Facebook has grown into the largest social media. The social media platform boasts with more active users than the entire Chinese population today. Feedough reports that Facebook has 1.79 billion monthly active user accounts, which accounts for approximately 23% of the worldwide population. At...

[ This is a content summary only. Visit our website http://ift.tt/1b4YgHQ for full links, other content, and more! ]

by DIW via Digital Information World

Ask the UXperts: Taking Your Research to the Next Level — Panel Discussion

Web Design Weekly #284

Headlines

Casting Graphite in Gold

Daniel Eden shares some broad themes that he has found lead to happier, more productive relationships between Designers and Engineers that are often overlooked when working together. (daneden.me)

Creating truly universal React component systems
(medium.com)

Sponsor Web Design Weekly and reach over 24,800 passionate designers and developers

Articles

A Working Pattern Library

Ethan Marcotte shares a few tips on how organisations can continue to build upon and utilise all the ground work that went into creating a pattern library, as opposed to leaving it to become redundant. (ethanmarcotte.com)

Why I Chose React Over Vue

If you are curious on which one to use for your next project this post by Steven Poulton is to the point and easy to digest. (medium.com)

The Best Way to Learn Development Skills (While Getting Paid)

Michael Mangialardi shares some ideas on how you can put in a little extra effort whilst learning a particular skill set with the possibility of getting financial rewards at the same time. (hackernoon.com)

Modern routing for publishers

A look into the evolution of the Financial Times routing layer over the last couple of years. (matt.chadburn.co.uk)

Treat your Build Pipeline as a Product (medium.com)

Tools / Resources

Webpack 3: Official Release

Hot on the heels of V2, V3’s main features include scope hoisting and magic comments. Migrating from Webpack 2 to 3 is as easy as running the upgrade commands in your terminal. Get upgrading folks. (medium.com)

Free eBook: How to start a WordPress maintenance business

Our 50+ page eBooks covers everything you need to know to start your WordPress maintenance business. (godaddy.com)

How to get the most out of the JavaScript console

If you want to take your debugging to the next level then this post by Darryl Pargeter is highly recommended. Darryl takes a deeper look into the console object and some of the other methods that come with it. (medium.freecodecamp.com)

Inclusive Components

A blog all about designing inclusive web interfaces. (inclusive-components.design)

Migrating from Jekyll+Github Pages to Hugo+Netlify (sarasoueidan.com)

Accept Stripe Payments with React and Express (robinwieruch.de)

Inspiration

How To Give Helpful Product Design Feedback (mikeindustries.com)

Connect: behind the front-end experience (stripe.com)

Jobs

Senior Designer at Fathom

We’re looking for an experienced, hands-on, versatile designer who can demonstrate both finesse and flair across a variety of mediums including app, web and print. Someone who can think deeply, speak clearly, loves collaboration and is ready to grow into a leadership role. (fathomhq.com)

Freelance Digital Designer (Contract) at Sendle

We require a Designer to redesign and provide an atomic style guide for Sendle which will be implemented in HubSpot. Experience with HubSpot and HTML/CSS will be an obvious advantage, but not essential. (sendle.com)

Need to find passionate developers or designers? Why not advertise in the next newsletter

Last but not least…

The Append-Only Stylesheet Problem (css-tricks.com)

The post Web Design Weekly #284 appeared first on Web Design Weekly.

by Jake Bresnehan via Web Design Weekly

Introduction to Kubernetes: How to Deploy a Node.js Docker App

While container technology has existed for years, Docker really took it mainstream. A lot of companies and developers now use containers to ship their apps. Docker provides an easy to use interface to work with containers.

However, for any non-trivial application, you will not be deploying "one container", but rather a group of containers on multiple hosts. In this article, we'll take a look at Kubernetes, an open-source system for automating deployment, scaling, and management of containerized applications.

Prerequisites: This article assumes some familiarity with Docker. If you need a refresher, check out Understanding Docker, Containers and Safer Software Delivery.

What Problem Does Kubernetes Solve?

With Docker, you have simple commands like docker run or docker stop to start/stop a container respectively. Unlike these simple commands that let you do operations on a single container, there is no docker deploy command to push new images to a group of hosts.

Many tools have appeared in recent times to solve this problem of "container orchestration"; popular ones being Mesos, Docker Swarm (now part of the Docker engine), Nomad, and Kubernetes. All of them come with their pros and cons but, arguably, Kubernetes has the most mileage at this point.

Kubernetes (also referred to as 'k8s') provides powerful abstractions that completely decouple application operations such as deployments and scaling from underlying infrastructure operations. So, with Kubernetes, you do not work with individual hosts or virtual machines on which to run you code, but rather Kubernetes sees the underlying infrastructure as a sea of compute on which to put containers.

Kubernetes Concepts

Kubernetes has a client/server architecture. Kubernetes server runs on your cluster (a group of hosts) on which you will deploy your application. And you typically interact with the cluster using a client, such as the kubectl CLI.

Pods

A pod is the basic unit that Kubernetes deals with, a group of containers. If there are two or more containers that always need to work together, and should be on the same machine, make them a pod. A pod is a useful abstraction and there was even a proposal to make them a first class docker object.

Node

A node is a physical or virtual machine, running Kubernetes, onto which pods can be scheduled.

Label

A label is a key/value pair that is used to identify a resource. You could label all your pods serving production traffic with "role=production", for example.

Selector

Selections let you search/filter resources by labels. Following on from the previous example, to get all production pods your selector would be "role=production".

Service

A service defines a set of pods (typically selected by a "selector") and a means by which to access them, such as single stable IP address and corresponding DNS name.

Deploy a Node.js App on GKE using Kubernetes

Now, that we are aware of basic Kubernetes concepts, let's see it in action by deploying a Node.js application on Google Container Engine (referred to as GKE). You'll need a Google Cloud Platform account for the same (Google provides a free trial with $300 credit).

1. Install Google Cloud SDK and Kubernetes Client

kubectl is the command line interface for running commands against Kubernetes clusters. You can install it as a part of Google Cloud SDK. After Google Cloud SDK installs, run the following command to install kubectl:

$ gcloud components install kubectl

or brew install kubectl if you are on Mac. To verify the installation run kubectl version.

You'll also need to setup the Google cloud SDK with credentials for your Google cloud account. Just run gcloud init and follow the instructions.

2. Create a GCP project

All Google Cloud Platform resources are created under a project, so create one from the web UI.

Set the default project ID while working with CLI by running:

gcloud config set project {PROJECT_ID}

3. Create a Docker Image of your application

Here is the application that we'll be working with: express-hello-world. You can see in the Dockerfile that we are using an existing Node.js image from dockerhub. Now, we'll build our application image by running:

$ docker build -t hello-world-image . 

Run the app locally by running:

docker run --name hello-world -p 3000:3000 hello-world-image

If you visit localhost:3000 you should get the response.

4. Create a cluster

Now we'll create a cluster with three instances (virtual machines), on which we'll deploy our application. You can do it from the fairly intuitive web UI by going to container engine page or by running this command:

Continue reading %Introduction to Kubernetes: How to Deploy a Node.js Docker App%

by Jatin Shridhar via SitePoint

How to Choose a DDoS Protection Service for Your Websites

This article was sponsored by Incapsula. Thank you for supporting the partners who make SitePoint possible.

Unless you’ve taken the necessary steps to protect your websites, they’re highly vulnerable to DDoS attacks. Now you might think of a DDoS attack as the attack that knocked out French news sites after the country’s election in May. Or you may think of the attack in October 2016 when subscribers couldn’t access the New York Times or Wired because hackers used DDoS to attack the DNS provider. In those cases, the system was hit with so many requests from bots around the globe that they couldn’t handle legitimate requests. And that, in a nutshell, is a DDoS attack. It’s flooding the service with so many requests that the system grinds to a halt.

But today DDoS attacks comes in many flavors. They have evolved from simply flooding the firewall or DNS servers with noise, to targeting an enterprise’s infrastructure and web applications. It’s actually attacking you from inside your enterprise.

A Surge in Application DDoS Attacks

Unlike network layer DDoS attacks like the one on the New York Times, application layer DDoS attacks typically needs less volume of traffic to do their damage. Application layer campaigns repeatedly making calls to applications, such as websites, web apps, servers and plugins, slowing or stopping the applications altogether by taxing the resources of the server it resides on.

Internet facing web applications are vulnerable to a myriad of attacks such as cross-site scripting (XSS) and SQL injection. An application attack also differs from a perimeter - or Layer 3 attack in because a hacker uses targeted commands to take an application down and ties up the server’s resources.

On the whole, DDoS attacks are on the rise, and the kind that attacked French newspapers is not the where the surge is coming from. The largest increase increase in DDoS attacks is hitting servers that host web applications.

For example, for four quarters in a row, Incapsula recorded a decrease in the number of network layer assaults, which it says fell to 269 per week compared to 568 in the second quarter 2015. In contrast, it saw yet another spike in the number of application layer assaults, which reached an all-time high of 1,099 per week.

Security experts predict that Internet facing enterprises will experience DDoS attacks more than once a year. “It’s not a question of if, but rather when you will be attacked,” Tim Matthews, Imperva’s vice president of marketing told Dark Reading.

The reason for the surge in DDoS attacks on applications is two fold.

First, the number of application is on the rise. In 2016, half of the organizations surveyed indicated that they are looking to releasing and maintaining custom applications.

The other reason for the rise in DDoS attacks is due mainly to the abundance of resources available to hackers -- and wannabe hackers. Not long ago it was quite difficult to build a force of bots to attack a given resource. Now, for little to no money, anyone could acquire the hacking software on the dark web, or for as little as $5 they can hire someone to do it for them. In 2015, a high school student paid for a DDoS attack on his school.

The Cost

Any DDoS attack costs the business’ reputation and eventually customers, because the customer really doesn’t care what kind of DDoS was invoked, whether it was a network layer or application layer attack; they only know they cannot complete a transaction. For example, a DDoS attack on an application brought down an undisclosed U.S. college in February. The attack created a network outage for more than two days preventing students, parents and staff from logging in. The school was effectively shut down in that time.

In the case of a school, the monetary loss is difficult to quantify, but for a business that sells widgets, it gets expensive very fast. In terms of dollars, a single hour of downtime can cost a business as much as $20,000. And that doesn’t factor the soft costs attributed to the loss of reputation and future sales. After all, users might wonder how well the business is protecting client data when it can’t even protect itself.

DevOps Needs a Secure Environment for Their Apps

Coupling the spike in DDoS attacks on applications, and the low cost and ease of creating an attack as well as the results from a business impact analysis, it’s clear that developers need to prepare for an attack.

But like most of IT, DevOps have viewed security as an obstacle to delivery targets. According to Gartner, implementing information security policies and teams creates a perception that it prevents developers from delivering value. What’s worse, most developers didn’t learn secure coding in school, and if they’re not coding with security in mind, it leaves applications open to attacks.

Garner also reports that developers need to change their practice. It says, “Information security architects must integrate security at multiple points into DevOps workflows in a collaborative way that is largely transparent to developers, and preserves the teamwork, agility and speed of DevOps and agile development environments, delivering "DevSecOps."

So while developers are improving their skills and are reminded nearly every day that they need to build security into their code, there are a lot of apps in the wild right now which are ripe for attack. The fastest way to mitigate this vulnerability is to buy a service that provides a web application firewall (WAF). It’s an appliance or cloud-based service or combination of both that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules, many types of web attacks can be identified and blocked. It’s a matter of routing traffic through the WAF before it hits your application servers.

How to Choose a DDoS Protection Service for Your Website

It’s time to go shopping for a web application firewall but there are far too many options. Not all WAF and support staff are same. Some make big claims but struggle with various attack complexities. Most are cloud based and the better ones can be set up in a just a few minutes.

Here is a set of questions that you should ask your WAF sales rep:

Continue reading %How to Choose a DDoS Protection Service for Your Websites%

by Dino Londis via SitePoint