An Internet weakness: BGP hijacking

As we were talking before BGP is the protocol that reings the Internet (if you didn’t read the last post, check it out here: https://4geeks.io/blog/have-you-ever-thought-about-how-internet-works/). BGP was created with an idea in mind: connect Autonomous Systems (AS) around the world, but security was not taken into account.

    A simple action as change (as AS) my information about the best route that I know for another AS, it could redirect all the traffic to a “blackhole”. Also it could increase the response time for a site or region in a considerable quantity. These actions are known as: BGP hijacking.

    The BGP hijacking (or IP hijacking) could be generated in an accidentally way or on purpose. In 2008, Pakistan wanted to restrict the access from inside the country to the video site www.youtube.com. There was a misleading configuration that derived in all traffic to Youtube went to Pakistan. For sure, the site was unavailable for a few time until the BGP tables were updated with the correct routes.

    Another similar case, this time from Iran in 2017, was looking for censor some websites to its citizens. The politics were applied and effectively those sites were banned in the country , however this rules were propagated to other AS provoking that users from other countries like China or India couldn’t access to them. Zach Julian made a good analysis about the incident and how the rules were propagated. If want to read it, here’s the link: https://know.bishopfox.com/blog/2017/01/in-the-news-a-bgp-hijacking-technical-post-mortem.

Even all the IP addresses from an entire city could got redirected to a blackhole. Image obtained from: https://www.freepik.com/free-photo/keyboard-social-business-young-person_1088171.htm

    An attack generated on purpose, categorized as a Phishing attack, was detected last year: Amazon’s Route 53 service were hijacked and affected all the traffic that went to this service. The attackers redirected the traffic from MyEtherWallet.com, a cryptocurrency website, to an identical fake side and they stole a small amount of currency. With the attack, the users were entered to the correct address, but they were redirected to a fake server located in Russia.

BGP hijacking as a censorship tool

    As we can see, it’s totally possible to restrict content to a province, state or even a country. In a fictional context of a “cyber war”, a group of attackers could make that sides from a whole country cannot be accessed from other places. This could provoke considerable economic losses while the hijacking is active.

    Also a group of institutions could agree to ban another institution or country from their AS and groups that does not have relation with the agreement could be affected by this. For example: AS1 and AS2 want create a “blackhole” effect in all the traffic that is for AS4, so they will not redirect to that AS. Exists another AS (AS3) that depends on AS1 and AS2 to connect to AS4, but the agreement will not allow the traffic to AS4. It does not matter if  AS3 and AS4 has excellent relation, they will not could connect with each other.

It has happened more than 25 years since BGP creation and the protocol still vulnerable to this kind of attacks. Of course, there are strategies to avoid a possible attack, but the BGP hijacking still active and all the internet structures remains on it. It is necessary to move to another protocol more secure than the actual and one that does not allow the censorship to another AS.

Server Side Rendering in React with no configuration

Creating a React application is simple, but especially those who are beginners (included me) in this world of programming, sometimes we let slip certain terms, for example, Server Side Rendering (SSR).

There are many articles dedicated to this topic and certain professions dedicated to this area, for example SEO. But quickly, to place ourselves in this context; our pages/applications have labels with information that allows browsers such as Google to define the theme, category, type of content, among other parameters, which is our focus on the web or where we want to go (target market).

With good practices in the SEO trade, the “crawlers” will give the information to Google, and after a certain analysis the search engine will define the position of our website among the search results.

But React, by default, does not perform this type of task or at least does not offer us the possibility of doing it.

A few months ago we shared with you a blog dedicated to the creation of a React application but with the SSR feature (here). In the small demonstration application we use a small framework called Next JS, who makes SSR work accurate in Javascript applications.

We’ve been working with Next JS, and we can say that it is very good, however it has some characteristics unrelated to React (because Next JS can be added to any JS application) that makes us configure some files in a slightly more complex way; as technology lovers we know that every resource is being improved with the passage of time, and with that comes practicality and ease of use.

Now, we met a new tool called Razzle. It is simply the same work that is done with Next, but Razzle tries to deviate as little as possible from React, as well as configuring as little as possible and therefore brings some of the libraries by default.

For example and perhaps the most valuable thing for those of us who have dealt with the use, is the navigation and Razzle allows you to use react-router-dom already integrated.

Also Razzle is useful with Reason, Vue, Elm and Angular according to their own documentation.

To create the Razzle project just type in your terminal:

npx create-razzle-app app-name

The above command will create the necessary files to start working, start by modifying your App.js in the same way you do with a React project. You can see the configuration of server.js and check the use of express, as well as react-router-dom and react-dom for your backend and frontend work.

yarn start

In conclusion, I am really fascinated by Razzle, the use has been little, we are still in full investigation of the tool, we write this according to the experience we have obtained, therefore if you have something to share about this tool we thank you participate in the comments section to help the community.

It can be simply your appreciation to Razzle or some problem or error that you are getting, so we can help you or someone could also contribute to that solution you need.

We are willing to learn with each contribution assuring us of the benefit of all of us who are in this beautiful and great world of programming.

Meet María Rosales

Marí José is our community manager, she takes care of having our social media activity, but more importantly with quality content. She is from the most south part of San Jose. She really loves what she is doing and help the team by creating activities where we can all be involved, which is really nice actually.

If you see some content or watch our lives streaming transmissions, well, Maria Jose is behind that 🙂

How will you describe yourself?

Honest, responsible, creative, cooperative, good sense of humor, I like to learn from others, work in groups.

What do you do in your free time?

Watch Netflix, read some news, spend time with the fam, meet new places, I love to sleep a LOT, so the most part of the time I prefer to sleep.

Best series you have ever watched?

  1. La Casa de Papel
  2. Jane The Virgin
  3. The Sinner.

Mountain or Beach ?

I prefer the beach, for me, the beach is the happiest place to stay, I love watching the sunsets, hear the waves. With these simple things, I feel so alive, so grateful. But sometimes I prefer the mountain, the calm when you stay it is great.

Do you do sports (adventure, extreme, endurance)?

No, I don’t like so much to do sports. 🙁

Which type of music do you like?

Pop music, reggaeton, urban and sometimes I like to hear Vallenatos, salsa and “baladas”.

What are your top 5 books of all the time?

  1. Diario de Ana Frank
  2. Siddhartha
  3. Cien años de Soledad
  4. Noticia de un Secuestro
  5. I love all the Elvira Sastre books.

What are your top 5 movies of all the time ?

I love all the Marvel movies, and I’m a real fan of Disney movies. So Marvel movies I love the Avengers Saga, and Disney movies, Beauty and Beast, Cinderella, and Sleepy Beauty.

What is the most exciting part of being a community manager?

Interact with the people and create all the content that will be displayed for too many people.

Which is the best part of being part of 4Geeks team?

I think the best part is the diary learning.

What are your goals for this year?

Do my best work here, learn more about marketing digital and finish my degree in Communication and Marketing.

Whenever you need help on how to start making ideas into reality through technology, 4Geeks team is up and ready, just reach out to us at hello@4geeks.io.

3 Most Popular Transactional Email Services for Products

One of the most basic product tasks is sending emails. No matter the interface or device; it can be a web product, a mobile product, TV product, wearable, API, etc.

So your product will send an email to register new users, to restore passwords, shipping notifications, or any message that you need to send to users triggered by internal or external events. It’s very very common for a product send emails. In the market exists some alternatives to send emails that maybe your development team want to know.

In the following 2-3 minutes I will mention the 3 main transactional email services to keep in mind. All of them are handled by their API and several software libraries to integrate with specific software languages.

Ok, here we go:

#1: Mailgun

Mailgun is my favorite transactional email service because of their simplicity to setup and integrate.

In Mailgun you can create sub-accounts, so  you can use each sub-account for each domain with separate lists of email. There’s batch sending features to personalize emails, detailed analytics, and logs, and a powerful parsing engine to turn incoming emails into JSON and route it where you want.

Mailgun is very easy to use,

 

#2: Amazon AWS SES

Amazon Simple Email Service (Amazon SES) is a cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails. You can use the SMTP interface or one of the AWS SDKs to integrate Amazon SES directly into your existing applications.

With Amazon’s email offering, you’ll handle everything on your own. And it’s priced accordingly. There’s no plans to pick from, no tiered feature levels: just a flat fee of $0.10 per thousand emails you send, plus another $0.12 per GB of email attachments sent (up to a max of 10Mb per email message).

If you send from an application hosted in Amazon EC2, the first 62,000 emails you send every month are free.

Read more about this service in their website and learn how to integrate it with your product, examples codes and so.

 

#3: Sendgrid

Sendgrid is one of the most popular email service that recently has been acquired by Twilio.

Similar to Mailgun and AWS SES, you can use Sendgrid to send transactional email via SMTP or via API. Their API documentation is very complete.

Sendgrid includes an user interface to let user compose, send and track marketing emails (and all in between). It includes to add contacts, create segments, create and send campaigns, and view your stats.

 

Want to learn more? Check it out here.

 

Ok. Hope you can find pure value on this post and you can keep in mind these email transactional services to use into your product… it’s useful to send shipping notifications, password recovery, and almost every stage you want to communicate to your users.

Migrate from Google Cloud Messaging to Firebase Cloud Messaging, Step by Step.

Hi 4Geeks Nation!! If you are behind a product development, specifically a mobile app, you want to know this new tool built by Google to send messages (notifications) to your users on your product.

Google launched Firebase Cloud Messaging (FCM) as a new and more powerful tool to manage messaging to mobile devices.

Using FCM, you can notify a client app that new email or other data is available to sync. You can send notification messages to drive user re-engagement and retention. For use cases such as instant messaging, a message can transfer a payload of up to 4KB to a client app.

Look at the FCM schema… it’s beautiful and useful.

So, if you are using the old Google Cloud Messaging and planing to migrate to the new Firebase Cloud Messaging, this video can help you to put all factors on the table.

 

If you need help with this, our software engineers can help you. So, contact us!

Here’s a Demo to Implement Google Cloud Video Intelligence API

Some months ago Google showed to the world how to use their most recent video intelligence product, Google Cloud Video Intelligence API.

Ok, to get context, Cloud Video Intelligence is basically an API that makes videos searchable, and discoverable, by extracting metadata with an easy to use REST API.

You can now search every moment of every video file in your catalog. It quickly annotates videos stored in Google Cloud Storage, and helps you identify key entities (nouns) within your video; and when they occur within the video. Separate signals from noise, by retrieving relevant information within the entire video, shot-by-shot, -or per frame.

Take a look at the following video to understand the power of this tool.

If you working with videos, take your time to learn more about this API. If you are not working directly with videos, feel free to share this post with your boss… maybe it can be useful for next business strategies.

Introducing 4Geeks Teams

You know we are obsessed to help global companies to find their potential, build better products and improve their ROI. Today we are happy to introduce you 4Geeks Teams, a new effort to insert the most possible value on modern companies hungry to get succeed in the information era.

Similar to other products in our portfolio, 4Geeks Teams is built with 100% love, honesty and a rude business mindset.

4Geeks Teams is a powerful product to help principally US-based small and mid-size companies to start their own extended technical team in Latin America, on-demand. All-inclusive rate. You can expect up to 55% cost operation saving on your company starting first month.

We know about all the problems currently US companies is facing related to high operations cost because of government taxes, payroll, office, etc.

Historically some companies were putting their eyes on India to outsource some technical work like web and mobile development, and QA/testing. But this brings with hundreds of new unstoppable problems like team collaborations, timezone, etc.

With us, your engineering or consultants team could be located in any of our delivery centers in Costa Rica or any trusted partner in Latin America. By default your team is fluent in English.

You can hire software developers experts in PythonGoJavaRuby on RailsMicrosoft .NETAngular,PHPNodeJSReact  React Native Flutter (Android, iOS) or Data Analytics.

Payment and contract terms are going to be simple: You will receive only one monthly invoice that includes everything (office, workstation, computer with webcam, etc ). You don’t need to take care about any extra thing, process or legal documentation. Once you apply the 7-days trial period you will receive a complete business audit. After that, if you agree, the contract extends to 6 months. There is no a minimum team members to hire, so you can start with 1, 2 or 3 guys…. or even a 9-people team.

If you run a tech startup, digital agency or software company, maybe 4Geeks Teams is for you.

So, now all your business problems comes to be fixed thanks to 4Geeks Teams.

4Geeks Teams is currently an invite-only product; you can request an invite here.

A Neural Network Playground In The Browser

Well, maybe Neural Network can be a fancy or very new term. The thing is that Neural Network is the “base of” Machine Learning, and other applications like Artificial Intelligence.

A Neural Network it’s a technique for building a computer program that learns from data. It is based very loosely on how we think the human brain works.

First, a collection of software “neurons” are created and connected together, allowing them to send messages to each other.

Next, the network is asked to solve a problem, which it attempts to do over and over, each time strengthening the connections that lead to success and diminishing those that lead to failure.

Web TensorFlow Playground

So, this web tool is an interactive visualization of neural networks, written in TypeScript using d3.js. Go to http://playground.tensorflow.org to start playing just in the browser. I tested it on Google Chrome.

BTW, you can find the source here in TensorFlow’s GitHub.

Neural Network Playground, TensorFlow

I would like to know if you are working on some Neural Network project. Maybe you can get the exposure needed 🙂 Use the comments section below.

Real-time diagnostics from nanopore DNA sequencers on Google Cloud (Proof of Concept)

Guys, I want to share with you a blogpost from Google Cloud Blog, about a proof of concept on real-time diagnostics from nanopore DNA sequencers.

In a healthcare setting, being able to access data quickly is vital. For example, a sepsis  patient’s survival rate decreases by 4% for every hour we fail to diagnose the species causing the infection and and intervene with an appropriate antibiotic regimen.

Typical genomic analyses are too slow. You transport DNA samples from the collection point to a centralized facility to be sequenced and analyzed in a batch process, which can take weeks or even months. Recently, nanopore DNA sequencers have become commercially available that stream raw signal-level data as they are collected and provide immediate access to them. However, processing the data in real-time remains challenging, requiring substantial compute and storage resources, as well as a dedicated bioinformatician. Not only is the process still too slow, it’s also failure-prone, expensive, and doesn’t scale.

We recently built out a proof of concept for genomics researchers and bioinformatics developers that highlights the breadth and depth of Google Cloud’s data processing tools. In this article we describe a scalable, reliable, and cost effective end-to-end pipeline for fast DNA sequence analysis built on Google Cloud and this new class of nanopore DNA sequencers.

We envision four scenarios that can use this application, specifically to detect biocontaminants:

  • Medical professionals
  • Veterinary clinics
  • Agronomists
  • Biosecurity professionals

In all cases, analytical results are made available in a dynamic dashboard for immediate insight, decision-making, and action.

Here’s a video of the University of Queensland’s application performing real-time analysis of DNA nanopore sequencer data:

You can read the full article here.

Open office vs cubicles

Personally, I’m pro-focus, I like to avoid distractions so I can complete my tasks in a better way, with my music and under my own pace. I prefer to avoid distractions, I tend to lost focus quickly. At 4geeks we have been working with both of them, cubicles and open office (this one our current).

There are opinions, and a lot, about what is better. I think there is no science that can predict that. it depends totally on the team and company culture. It depends on people way to work, and deal with distractions.

Productivity

This is where most people can argue as the best or worse condition of having or not open office. For example, at open office if someone start speaking about their perfect vacation to someone, it turns out that this conversation will actually be for the rest of the team, due the space. So, to avoid those kind of distractions and keep productivity, we can save the topic for lunch, or people that doesn’t want to hear about that can perfectly use their headphones and to listen their favorite music.

What I want to say is that depends on every person to choose if they want to stop momentum or continuing it. It’s difficult, but doable. It’s about team culture. When someone requests a little silence, everyone will put volumen down or continue the conversation in the physical or virtual water-cooler. It’s an small society 🙂

Distractions

It goes alongside productivity. But distractions are all around us. We do remote work of course, we love work from anywhere sometimes. So, that means, we can be working at the beach (why not), within the beach comes lots of distractions or activities to do, but we should still be able to continue our work and don’t loose the path. Also, if we work from a coffee show or even our home.

If you can really get concentrated in this lousy world, there is no space for us to do that. We are the owner of how we want to get affected. Even though, we are social animals, a little of talk or distractions are really not big deal. We don’t want to burn out ourselves, we need some space to socialize, open offices are excellent for that.

Using cubicles, most people will say distractions are reduced. Not for me. Since you have more privacy, you can perfectly spend time watching that Netflix show you miss last night, am I right ? Well, yes and no. Again, depends in people and how they do their work. You can be at open office or cubicles, that you will haves yes or yes distractions. It depends on how you deal with them.

Space

Open office will reduce the amount of physical space people has, that’s true. But why do you need big space if you are just spending two days maximum at the office ? I love balance, and for me that’s balance. Some day you can have the space you are 100% in control with, other day you are the coffee shop where there is no such control over environment, but at the office is 50%, you can customized your space with what actual you need (headphones, water, computer, any other small thing), besides that why do we need to put all our Lego collection ? There is no reason for that.

With cubicles we can customize a little more our space, to feel more comfortable, more like home. That’s good. But for me this is not essential to do an amazing job.

Privacy

Cubicles are just excellent to deal with privacy. You can control more your environment and it will create a virtual barrier for people to come over you. It’s better to tell people don’t bother you. It’s easy to be in a cubicle with headphone, so you can ignore easily to someone. In an open office that is more difficult, people will tend to just come to your spot and start talking to you.

Communication

This is vital for teams, bounding is essential to deliver amazing work. We know that. We go with virtual and face to face communication. We need to train ourselves to determine how is the best way to contact someone, slack channel may be slower, so we know that we can send a message to someone asking if the person is available for a quick chat. I love that workflow because, it gives you the ability, to handle you time, if you are focus, you can ask talk at your convenience.

So, it doesn’t depend on the office physical space, depends on teams culture and behaviour.

Culture

It doesn’t matter where you are in the world, company culture is something that has to go through office boundaries. If the company is not living and exhaling their culture, no matter if you go with open or cubicles, your culture will not impact.

I will say that our culture has been distributed better since we move ourselves to open office.


I tend to prefer open office. I like the interaction we can get with it. How te team can get together easily. Also, it helps us on improving our empathy with others and our collaboration.

t the end it doesn’t really matter what option you company want to go with. It depends on the people on your company culture. This is busy world, it depends on us how we interact with all distractions. If you feel that teams productivity is not optimal, maybe your physical office is not the problem, everything starts on changing small behaviors, and find the right talent.

Chatbots for Customer ServiceDownload Report
+