<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d8211560\x26blogName\x3dTech+Tips,+Tricks+%26+Trivia\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttp://mvark.blogspot.com/search\x26blogLocale\x3den\x26v\x3d2\x26homepageUrl\x3dhttp://mvark.blogspot.com/\x26vt\x3d-5147029996388199615', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>

Tech Tips, Tricks & Trivia

by 'Anil' Radhakrishna
An architect's notes, experiments, discoveries and annotated bookmarks.

Search from over a hundred HOW TO articles, Tips and Tricks

Azure SQL Database Geo-Restore vs Geo Replication

Tuesday, December 12, 2017
Paraphrased from Azure SQL Databases Disaster Recovery 101

Azure SQL DB Geo-Restore Azure SQL DB Geo Replication
Purpose Geo Restore allows you to recover the database to a different region from backup. The automated backup of all Azure databases is replicated to a secondary region in background. Geo Restore always restores the database from the copy of backup files stored in the secondary region. Geo Replication will create a continuous copy of your database in one or more secondary region(s) (up to 4 secondary replicas). In event of disaster, you can simply failover to one of the secondary region and bring you database back online. You can also configure failover group to recover the databases automatically.
Data Loss RPO of geo restore (Recovery Point Objective, not SLA) - 1 hour 5 seconds
Recovery Time ~12 hours or more less than 30 seconds
Cost & Availability Automatically enabled for all service tiers at no extra cost Active geo-replication (opt-in feature) is available for all database tiers since April 2016Active geo-replication creates up to four online (readable) secondaries in any Azure region. Secondary active geo-replication databases are priced at 100% of primary database prices. The cost of geo-replication traffic between the primary and the online secondary is included in the cost of the online secondary.

Related: Azure SQL Database Service Tiers


This Week I Learned - Week #244

Saturday, December 09, 2017
This Week I Learned -

Migrate Your Virtual Machines to Microsoft Azure - Proof of Concept guide provides guidance for data migration using Azure Migrate

When does it really make sense to use Azure Reserved Instances?

* Jeff Bezos has said that the purpose of Amazon Web Services (AWS) was to remove the burden of “undifferentiated heavy lifting” that companies needed to constantly perform to operate their IT infrastructure. The market has validated this value proposition: AWS reported this year that their revenue grew 42% to $4.1B for the second quarter while Microsoft’s cloud business, Microsoft Azure, grew an astonishing 93% - HBR

MS AI School has learning material on pre-trained AI services like Cognitive Services and Bot Framework, as well as deep learning tools like Azure Machine Learning, Visual Studio Code Tools for AI, and Cognitive Toolkit.

* SQL Server Operations Studio is being called the next step towards modernizing the dated SQL Server Management Studio tool.

Quick, Draw! began as a simple way to let anyone play with machine learning. But these billions of drawings are also a valuable resource for improving machine learning. The data Google gathered from the game powers tools like AutoDraw, which pairs machine learning with drawings from talented artists to help everyone create anything visual, fast.

Sneaky mobile redirects can be created intentionally by a site owner and in some situations mobile-only sneaky redirects happen without the site owner knowingThis behavior can easily escape detection because it's only visible from certain browsers.

* "Talking about learning, we live in amazing times...we have so much content that triaging it becomes a necessity. So instead of trying to follow it all, find people you trust who do a good job collecting and commenting. Then take your time to digest what is out there in your own pace." - Chris Heilmann

* From Martin Honnen's StackOverflow bio - "Now please start using XSLT 3.0 and asking xslt-3.0 questions so I don't get bored". More than a decade ago, the unassuming Martin Honnen helped me & countless others in online JavaScript forums.

* Overheard - "you don't pursue the title of Microsoft MVP, it just lands on you when your stars are aligned"

* India crossed the 400 million internet user mark. Indians are using more data than ever before—4GB on average every month. Google is building India-first products and features - Official Google Blog

Google Go has a tap-first user interface, is light on storage and data, and great on patchy connections

* Another India-first feature is the new “two-wheeler mode” in Google Maps. India is the largest two-wheeler market in the world, and the millions of motorcycle and scooter riders have different navigation needs than drivers of automobiles. Two-wheeler mode in Maps shows trip routes that use “shortcuts” not accessible to cars and trucks. It also provides customized traffic and arrival time estimations. And since so many Indians rely on local landmarks for navigation, two-wheeler mode will show major landmarks on the route so that riders can plan their trip before starting, and don’t have to keep checking the phone on the go.

Credential stuffing - Here’s how that attack works. Because most people have many online accounts (a recent estimate put it at 191 per person on average) they regularly reuse passwords across those accounts. Cybercriminals take advantage of this. In a credential stuffing attack, they take known valid email addresses and passwords from one website breach—for example, the Yahoo breach—and they use those same email addresses and passwords to log in to other websites, such as those of major banks. Two-factor authentication (where, in addition to your password, you must also enter a code sent to your mobile device to log in to a website) helps prevent this issue. Unfortunately, it has extremely low adoption rates since users find it inconvenient and websites that serve consumers are unwilling to make it a mandatory component of logging in.

* One of the most successful public health interventions of all time was the addition of iodine to salt since 1924. Humans need iodine in their diets, but it’s next to impossible to get enough people to consistently alter their diets to ensure they get enough iodine. Instead of trying to change all of society’s behavior, the system itself was altered to correct the problem more or less invisibly.

A beef-eater's view of a cow

Labels: , , , , ,

This Week I Learned - Week #243

Sunday, December 03, 2017
This Week I Learned -

The second edition of The Developer’s Guide to Microsoft Azure is out now

* Azure SQLDB is already architected to have a primary instance and two secondary instances (replicas), all participating into synchronous database replication with quorum voting, zero data loss and automatic failover.

* Azure already has ZRS (Zone Replicated Storage), but is limited to block blob and does not fit in the actual AZ design and implementation. For this reason, it is going under redesign, and once available, will support page Blobs, Tables, Queues and Files.

* SQL Server 2012 is licensed per core, which is considered the equivalent to virtual cores in Azure virtual machine instances. The minimum number of cores that can be assigned to a virtual machine instance is four. This means that Extra Small (A0), Small (A1), Medium (A2), Large (A3) and A6 instances must all be assigned four SQL Server core licences. Extra Large (A4) and A7 instances would need to be assigned eight SQL Server core licences - Azure Licensing FAQ

* The Firefox web browser is looking to alert visitors whenever they visit a website that is known to have suffered a data breach. The in-browser warnings, which are currently being piloted, will rely on data provided by Have I Been Pwned? (HIBP), a website that tracks data breaches and tells users if their personal details have been exposed - ESET Blog

Self-promotion is a delicate art because if you overdo it, you come across as a braggart, and if you underplay, you don’t get the accolades.

How to make the most of the five popular social media platforms

* As of now, Railways bears 43 per cent of the cost of train fare and incurs a loss of about Rs30,000 crore a year in subsidising passenger fares out of which Rs1,600 crore is for concessional fares. Railways recovers only 57% of the expenses incurred for passenger transportation through sale of tickets of all classes - Mint

* Billed as the world's biggest metro rail project in public private partnership, Hyderabad Metro project was taken up in 2012 at a cost of Rs 14,132 crore. Delays have pushed up the cost by over 30 per cent from over Rs 14,100 crore to an estimated Rs 18,800 crore as per industry sources.

Otis won its largest single contract in Indian elevator industry's history. The elevator and escalator company will provide 670 units to the Hyderabad Metro Rail Project.

* The exact location (with latitude, longitude) of the Hyderabad Metro stations are not yet listed on Google Maps or on the official site. For the time being, there are roundabout ways to find the location

Labels: , , ,

HOW TO prevent your Android phone from being compromised

Saturday, December 02, 2017
In  a recent Google Security Blog post titled "Tizi: Detecting and blocking socially engineered spyware on Android", chilling details of how a spyware on Android phones was identified and contained, were candidly disclosed. While the Security team's efforts are to be appreciated, to me it highlighted how constantly vulnerable the info on our phones is.

Excerpts from that article (emphasis mine) -
Tizi is a fully featured backdoor that installs spyware to steal sensitive data from popular social media applications. The Google Play Protect security team discovered this family in September 2017 when device scans found an app with rooting capabilities that exploited old vulnerabilities. The team used this app to find more applications in the Tizi family, the oldest of which is from October 2015. The Tizi app developer also created a website and used social media to encourage more app installs from Google Play and third-party websites.

After gaining root, Tizi steals sensitive data from popular social media apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram. It usually first contacts its command-and-control servers by sending an SMS with the device's GPS coordinates to a specific number. Subsequent command-and-control communications are normally performed over regular HTTPS, though in some specific versions, Tizi uses the MQTT messaging protocol with a custom server. The backdoor contains various capabilities common to commercial spyware, such as recording calls from WhatsApp, Viber, and Skype; sending and receiving SMS messages; and accessing calendar events, call log, contacts, photos, Wi-Fi encryption keys, and a list of all installed apps. Tizi apps can also record ambient audio and take pictures without displaying the image on the device's screen.

To reduce the chance of your device being affected by PHAs (Potentially Harmful Apps) and other threats, Google recommends these 5 basic steps:
* Check permissions: Be cautious with apps that request unreasonable permissions. For example, a flashlight app shouldn't need access to send SMS messages.

The onus is on the user to know about all phone permissions! An Android permission called “Activity Recognition” makes it much easier for developers to work out what you’re doing at any one time. Shazam and SoundHound request the permission, but it isn’t completely clear why.

* Enable a secure lock screen: Pick a PIN, pattern, or password that is easy for you to remember and hard for others to guess.

* Update your device: Keep your device up-to-date with the latest security patches. Tizi exploited older and publicly known security vulnerabilities, so devices that have up-to-date security patches are less exposed to this kind of attack.

* Google Play Protect: Ensure Google Play Protect is enabled.

* Locate your device: Practice finding your device, because you are far more likely to lose your device than install a PHA.

On the same day that I read the Google Security Blog post, I ran into a HBR.org article Hackers Are Targeting Your Mobile Phone. Here Are 15 Ways to Slow Them Down which suggests 15 "simple" steps that will make you a harder target. Couple of the options involve some cost -

Consider installing security software on your phone — but only approved and well-known software (which usually is not free).

Install privacy screens for your devices. (These are tinted screen protectors that prevent bystanders from seeing what’s on your screen.)

Talk about simple!


Azure Availability Zones vs Availability Set

Friday, December 01, 2017
Notes from various Microsoft sources -

Availability Zones (AZ) are fault-isolated locations, within an Azure region, providing redundant power, cooling, and networking. AZs allow your customers to run mission critical applications with high availability and fault tolerance to datacenter failures.

The goal of AZ is to serve and support applications that need to use synchronous data replication (the latency could be around 1.5 - 2.0 ms, official numbers may come after general availability release of AZ).

Azure Virtual Networks (VNETs) and Subnets, are and will remain "regional" entities. Once you will define in a region, they will be visible and usable across all the AZ since Network Resource Manager in Azure is region-wide. There is no AZ specification for these objects, VNETs and Subnets can cross AZ.

[To be verified: Azure Availability Zone does not compare with AWS Availability zones]

Availability sets ensure that the VMs you deploy on Azure are distributed across multiple isolated hardware nodes in a cluster. Doing this ensures that if a hardware or software failure within Azure happens, only a sub-set of your VMs are impacted and that your overall solution remains available and operational.

The now deprecated Affinity Groups were used earlier to group resources together in a datacenter

Azure region-pairs provide an even-larger isolation across an Azure geography for disaster recovery purposes.

Differences -

* 99.90% on single instance VMs with premium storage for an easier lift and shift; no other cloud provider so far provides this.
* 99.95% VM uptime SLA for Availability Sets (AS) to protect for failures within a datacenter.
* 99.99% VM uptime SLA through Availability Zones with loss protection from fire, power, cooling disruption.

Mutually exclusive: Availability Zones and Availability Sets cannot be used together: when creating a Virtual Machine (VM), you will have to specify an AS, or AZ assignment, you cannot do both.

ARM support only - Since there is no Azure Service Management (ASM) API support planned, AZs cannot be used for legacy Cloud Services

Current restrictions:
- Availability Zones are currently supported only in East US 2 & West Europe

- Azure services that support Availability Zones are:
* Linux Virtual Machines
* Windows Virtual Machines
* Zonal Virtual Machine Scale Sets
* Managed Disks
* Load Balancer

- Supported virtual machine size families
* Av2
* Dv2
* DSv2