Certificates can be from different issuers. ACME issuer supports certificates from its server. CA supports issuing certificates using a signing key pair. Vault supports issuing certificates using a common vault. Self-signed certificates are issued privately. Venafi certificates supports issuing certificate from a cloud or a platform instance

. 

Although Kubernetes manages the secrets, a consolidator can help with specific secret types. The libraries for this such as cert-manager are quite popular and well documented.   The use of libraries also brings down the code in the application to manage these specific types of secrets. The external dependencies for generating secrets are similar to any other dependency in the application code so these can be registered and maintained in one registry. 

A self-signed certificate is one that is signed with its own private key. Generating a private key and public key is trivial for tools like openssl with the “–t rsa” command line option. We will come to the encryption algorithm rsa a little later. For now, let’s look at the steps for self-signing. First we generate a public-private key pair. Then we create the X509 certificate. Then we sign the certificate with its private key and providing the certificate to sign as well as the certificate with which to sign as the one we just created. 

Algorithms used for creating the keys are called digital signature algorithms. There are two kinds of encryption algorithms - RSA and ECDSA. In both cases, a message signed with the public key can only be opened with the help of the corresponding private key. RSA has historically been more popular with ECDSA gaining support only recently. They are usually compared in terms of bits to denote their security level. Bits is the number of steps taken before an attacker can compromise the security. A 2048-bit RSA public key has a security level of 112 bits. ECDSA needs only 224-bit sized public keys to provide the same security level which provides efficiency for storage. Signing and verification of the signature constitute the two most costly steps performed. The input size plays into this cost for embedded devices. 

We were discussing keys and certificates. The keystore and truststore can be one and the same if the connections are internal. In this case, the client and the server share the same key-certificate. On the other hand, mutual authentication is one where the server and the client present different certificates. In this sequence of message exchanges for mutual authentication between the server and the client, the server initiates the messages. First, the server sends hello message.  Next it sends the certificate, followed by a request to get the client’s certificate and lastly the server-side hello done message. The client responds first with its certificate. Then it sends the session key with the client key exchange message. Then it sends the certificate verify message and changes the cipher spec. Lastly it sends the client-side finished message. The server closes the mutual authentication with the cipher changed message and the server-side finished message. 

There are packages that can manage certificates to secure ingress and these include certificates of different types or from different issuers. The certificates can be self-signed; however, they do not make keystores and truststores. The usefulness of these packages is that they provide a centralized mechanism for managing the certificates. In a Kubernetes cluster, this can be deployed to its own pod. All the certificates required can then be generated from the cert-manager. 

Certificates can be from different issuers. ACME issuer supports certificates from its server. CA supports issuing certificates using a signing key pair. Vault supports issuing certificates using a common vault. Self-signed certificates are issued privately. Venafi certificates supports issuing certificate from a cloud or a platform instance. 

Although Kubernetes manages the secrets, a consolidator can help with specific secret types. The libraries for this such as cert-manager are quite popular and well documented.   The use of libraries also brings down the code in the application to manage these specific types of secrets. The external dependencies for generating secrets are similar to any other dependency in the application code so these can be registered and maintained in one registry. 

We continue discussing keys and certificates. They are used to secure data by using the public key to encrypt and the private key to decrypt. The certificate is used as a stamp of authority. Certificates can include the public key. The certificate then becomes usable to secure the ends of a channel such as https. They may be bundled as keystores and truststores.

Keystores is a combination of key and certificate. It is made available in the form of a file with pfx extension or p12 extension. Many applications prefer accepting a keystore rather than keys and certificates separately. The key Store is essentially a header and a collection of bags. one bag may contain the private key while another may contain the certificate. There can be more than one certificates in the bag. 

The truststores is merely a collection of certificates to be trusted. It could include a certificate chain if the certificates are signed. 

The keystore and truststore can be one and the same if the connections are internal. In this case, the client and the server share the same key-certificate. On the other hand, mutual authentication is one where the server and the client present different certificates. In this sequence of message exchanges for mutual authentication between the server and the client, the server initiates the messages. First, the server sends hello message.  Next it sends the certificate, followed by a request to get the client’s certificate and lastly the server-side hello done message. The client responds first with its certificate. Then it sends the session key with the client key exchange message. Then it sends the certificate verify message and changes the cipher spec. Lastly it sends the client-side finished message. The server closes the mutual authentication with the cipher changed message and the server-side finished message. 

Common issues encountered with generating these bundles is mentioned here: https://github.com/ravibeta/go-pkcs12/commit/db4cf640b9698ad37d9d170a9a75bf49d7425b71 line 427

Today we discuss keys and certificates. They are used to secure data by using the public key to encrypt and the private key to decrypt. The certificate is used as a stamp of authority. Certificates can include the public key. The certificate then becomes usable to secure the ends of a channel such as https.
Keys and certificates are therefore as important to keep safe as passwords. These keys and certificates can be cut as many times as necessary and for different scopes and purposes. When the number of such secrets increases, they have to be managed in a vault or an secret management system. There are external key managers available for this purpose.
let us take a look at their formats. The choice of encryption algorithm provided different content and format for the keys and certificates. over time, different versions became recognized as standards even for the same encryption parameters. Finally, users began requesting them to be bundled as keystores and truststores.
Keystores is a combination of key and certificate. It is made available in the form of a  file with pfx extension or p12 extension. Many applications prefer accepting a keystore rather than keys and certificates separately. The key Store is essentially a header and a collection of bags. one bag  may contain the private key while another may contain the certificate. There can be more than one certificates in the bag.
The truststores is merely a collection of certificates to be trusted. It could include a certificate chain if the certificates are signed.
The generation of these bundles is specified in the RFC and performed with command line tools such as openssl and keytool. Not all languages have libraries to generate these bundles since it is generally not a logic to be included in an application. if the keys and certificates are cut once, they don't need to be modified again.
Common issues encountered with generating these bundles is mentioned here: https://github.com/ravibeta/go-pkcs12/commit/db4cf640b9698ad37d9d170a9a75bf49d7425b71 line 427

Summary of a book titled "The Four" written by Scott Galloway. 

This book is about the DNA of giants and how awe inspiring they are with respect to others. They certainly give the rest of the businesses a whole new meaning given their size. These majestic companies are: 

1) Apple: Cash on hand is nearly the GDP of Denmark. The author uses the metaphor of sex. 

2) Amazon: Market capitalization is about 748 B greater than the sum of all others. The author uses the metaphor of consumption for Amazon 

3) Facebook: Market capitalization per employee is about 21 million. The author uses this company as a symbol of Love since it has perfected the art of interactions that make people happy and “Happiness is love” 

4) Google: ages in reverse as it accrues data harnessing the power of 2 billion people in terms of what they want and what they choose. The author uses the metaphor of God 

With the use of metaphors, the author makes reference to the four horsemen. These four drive prices down, not up and definitely take the profit from others. 

The only competitors the four face are each other. They are also in race with each other to become the operating systems of our lives. And they never fight on other people’s terms. 

The author describes the strengths of each four in the initial part of the book and the story behind their successes. It is easy to relate to the stories and anecdotes but the perspective from the author is both fresh and humorous. 

Amazon, for instance, is said to increase its stock value at the price of decreasing stock value of every other retailer. This has been made possible with cheaper capital for a longer period of time than any firm in modern times. 

With its momentum, Amazon has expanded and become a leader in cloud computing, delivery and fulfilment businesses. Amazon CEO is very daring. He can make a crazy idea practical. The floating warehouses are a bold example. 

Google’s market capitalization of 773 billion is greater than the combined sum of the next big eight media companies. It bolsters confidence in its followers by demarcating the paid from the organic search results. And the followers keep growing with one in six queries have never been asked before. Facebook has been valued at 508 billion and is the single largest social media penetration to nearly 2.2 billion people. At the top of the layers depicting a marketing funnel, there is an awareness layer and Facebook has flooded it. 

Famously Facebook can guess when you are in love by observing the number of timeline posts which increases when you are single and decreases when you are in relationship 

Facebook is the source of news for over 67% of Americans. Google was up 60% and Facebook was up 43% when the rest of the digital advertisers were down 3%. Google and Facebook are known to be a duopoly. It may surprise us that while Twitter captures 82% of the post, Facebook captures 92% of the interactions on social media. 

Apple controlled roughly 19 percent of the smartphone market capitalization but captured 87 percent of the global smartphone profits in 2016. Apple has single-handedly put luxury in everybody’s reach. Among the Four Horsemen, Apple seems to have the best genetics by thriving past the original founder and management team. 

The source of wealth for the ten richest people in Europe seem to be Zara, L’Oreal, H&M, LVMH, Nutella, Aldi, Lidl, Trader Joe’s, Luxottica, and Crate & Barrel. They represent luxury and retail more than any other industry and Apple has mastered the luxury brand. 

Sequences and translations to vectors

Vectors are very useful representations of entities in terms of limited chosen dimension. Sequences are formed from different elements but each sequence can be described by a vector.  The choice of dimensions is helpful to imbue the vectors with some latent significance. When the sequences are uniformly mapped to vectors, they become easy to cluster.

Clusters help in finding ground of sequences. They represent the salient topics within the possible groups. This makes it efficient to determine hidden content with in sequences.

Vectors lend meaning not just by their dimensions but also by the weights matrix associated with them. A softmax classifier helps assign these weights.

Sequence to vectors can use a CBOW architecture that predicts a sequence based on the surrounding sequences and the skip gram that predicts the surrounding sequences based on the current sequence as long as sequences are treated as units that occur in tact together in a collection. This is done in a specific way called the softmax function and it is summarized in a formulation as:
p(wo/wi) = exp(vo dash transpose. vi) / sum of such expectations for i,j ranging over the entire sequence database where vw and vw' are input and output vector representations of sequence w in database W. This is a heavily optimized expression but the idea is that each sequence tries to predict every sequence around it. This results in what is called sequence embedding.

#codingexercise

Node GetSuccessor(Node root)

{

if (root == NULL) return root;

if (root.right)

{

Node current = root.right;

While(current && current.left)

       Current = current.left;

Return current;

}

Node parent = root. parent;

While (parent && parent.right == root)

{

   root = parent;

   parent = parent.parent;

}

return parent;

}

Programmability of sequences
Data formats and Data operators make programmability easier with sequences. Data formats like xml and json have a language for specifying a search path. For example, json representation enables JMESPath (pronounced James Path) query where elements can be extracted and search can be specified via the search operator. These are primarily helpful in Application Programming Interfaces.
Data Operators like the standard query operators that include sorting operators, filtering operators, quantifier operators, projection operators, join operators, partitioning and grouping data operators, generation operators, equality operators, element operators, concatenation operators, and aggregation operators improve the data access and enable a variety of queries and data manipulation.
APIs and SDKs complete the programmability for consumption by applications. These include implementations specific to languages. The availability of SDK in the choice language of the programmer enables the applications to be written easily.
APIs and SDKs also make it easy for the application traffic to be identified, monitored and support troubleshooting with the help of apiKeys, request parameters, caller contexts, http proxy and such other techniques.
#codingexercise

Node GetPredecessor(Node root)
{
if (root == NULL) return root;
if (root.left )
{
Node current = root.left;
While (current && current.right)
Current = current.right;
Return current;
}
Node parent = GetParent(root);
While (parent && parent.left == root)
{
root = parent;
parent = GetParent(root, parent);
}
return parent;
}