Presentation slides used duing Apache Stratos Hangout-VI. The Slides explain, how we can design a RESTful API layer for Stratos admin operations. Talks about, #REST #Carbon #Stratos #CXF #OSGi
Appswitch: Pune Docker Kubernetes meetup 28 July, 2018Ashish Puri
Appswitch questions the status quo of networking in container/ Docker/ Kubernetes world and provides an alternate to overlays network with better performance and less complexity.
Prometheus was recently accepted into the Cloud Native Computing Foundation, making it the second project after Kubernetes to be given their blessing and acknowledging that Prometheus and Kubernetes make an awesome combination. In this talk we'll cover common patterns for running Prometheus on Kubernetes, how to monitor services on Kubernetes, and some cool tips and hacks to ensure you get the most out of your Prometheus + Kubernetes deployment.
Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)Brian Brazil
Prometheus is a next-generation monitoring system. Since being publicly announced last year it has seen wide-spread interest and adoption. This talk will look at the concepts behind monitoring with Prometheus, and how to use it with Kubernetes which has direct support for Prometheus.
Appswitch: Pune Docker Kubernetes meetup 28 July, 2018Ashish Puri
Appswitch questions the status quo of networking in container/ Docker/ Kubernetes world and provides an alternate to overlays network with better performance and less complexity.
Prometheus was recently accepted into the Cloud Native Computing Foundation, making it the second project after Kubernetes to be given their blessing and acknowledging that Prometheus and Kubernetes make an awesome combination. In this talk we'll cover common patterns for running Prometheus on Kubernetes, how to monitor services on Kubernetes, and some cool tips and hacks to ensure you get the most out of your Prometheus + Kubernetes deployment.
Monitoring Kubernetes with Prometheus (Kubernetes Ireland, 2016)Brian Brazil
Prometheus is a next-generation monitoring system. Since being publicly announced last year it has seen wide-spread interest and adoption. This talk will look at the concepts behind monitoring with Prometheus, and how to use it with Kubernetes which has direct support for Prometheus.
Introduction to Laravel 5.6 new features by perfect web solutionsImran Qasim
in this presentation, you will get to know quickly what new features have been added to LARAVEL 5.6. so to learn more about LARAVEL 5.6 kindly visit official documentation of LARAVEL 5.6 at laravel.com
Thank You!
The presentation slides used during WSO2Con 2011 tutorial session. The tutorial included hands on sessions as well. The slides named as 'demo' refers to hadns-on sessions/demos.
Using Istio to Secure & Monitor Your ServicesAlcide
Good observability in a microservice architecture is not easy. Istio can help to remove the complexity from developers and leave the work to the operator. Learn how to gain a deeper understanding of using Istio for monitoring tasks, while using Istio security features to secure your microservices and spot security anomalies.
For the recorded webinar: https://bit.ly/2KNaGmc
Introduction to Laravel 5.6 new features by perfect web solutionsImran Qasim
in this presentation, you will get to know quickly what new features have been added to LARAVEL 5.6. so to learn more about LARAVEL 5.6 kindly visit official documentation of LARAVEL 5.6 at laravel.com
Thank You!
The presentation slides used during WSO2Con 2011 tutorial session. The tutorial included hands on sessions as well. The slides named as 'demo' refers to hadns-on sessions/demos.
Using Istio to Secure & Monitor Your ServicesAlcide
Good observability in a microservice architecture is not easy. Istio can help to remove the complexity from developers and leave the work to the operator. Learn how to gain a deeper understanding of using Istio for monitoring tasks, while using Istio security features to secure your microservices and spot security anomalies.
For the recorded webinar: https://bit.ly/2KNaGmc
Building RESTful services using SCA and JAX-RSLuciano Resende
REST is an important aspect of the Web 2.0 world. Building RESTful services can be a challenge as REST is just an architectural style. JAX-RS emerges as the programming model that guides Java developers to develop services in REST. On the other hand, we often need to assemble services, including RESTful and traditional ones, into an enterprise composite application. SCA gives us the power to define and composite services in a technology neutral fashion. This talk is to share the interesting ideas to combine the power of both SCA and JAX-RS that we explore in Apache Tuscany project with the JAX-RS runtime from Apache Wink project. The Tuscany Java SCA runtime provides the integration with REST services out of the box via several extensions. Tuscany REST binding (binding.rest) leverage JAX-RS annotations to map business operations to HTTP operations such as POST, GET, PUT and DELETE to provide a REST view to SCA services. The REST binding also allows SCA components to invoke existing RESTful services via a JAX-RS annotated interfaces without messing around HTTP clients. JAX-RS applications and resources can be dropped into the SCA assembly as JAX-RS implementation (implementation.jaxrs). Tuscany also enrich the JAX-RS runtime with more databindings to provide support for data representations and transformation without the interventions from application code. This session will teach you how to model, implement, invoke and expose RESTful services using SCA and JAX-RS. We'll walk you through a sample application developed using Apache Tuscany and Wink.
This presentation gives a high level concepts and more of code to take a stab at developing a simple Restful server. I targeted people who would like to build a simple RESTFul server from scratch and experiment.
(DEV309) From Asgard to Zuul: How Netflix’s Proven Open Source Tools Can Help...Amazon Web Services
Learn how you can leverage the many Netflix Open Source tools to help grow your services to web-scale, and make them robust and resilient. We cover a variety of the OSS components-from operational tools like Asgard and Simian Army, to core services and libraries like Zuul, Eureka, Archaius, and Hystrix, plus a variety of security and big data tools. We walk through a sample application to illustrate how the many components fit together to build a cohesive solution.
S314011 - Developing Composite Applications for the Cloud with Apache TuscanyLuciano Resende
Today's cloud environments pose new challenges for application developers: hiding cloud infrastructure from business logic, assembling components on heterogeneous and distributed cloud environments, and optimizing the provisioning of the required cloud resources. This session will demonstrate how to use Apache Tuscany and the Service Component Architecture (SCA) to develop, build, and run an application composed of several service components in a distributed cloud environment. We'll illustrate how to encapsulate cloud infrastructure services as SCA components to simplify the construction and assembly of the application and how to move components around and rewire the application to adjust to new business and cloud deployment conditions.
2.1 Identify the structure of a web application and web archive file, the name of the WebApp deployment descriptor, and the name of the directories where you place the following:
The WebApp deployment descriptor
The WebApp class files
Any auxiliary JAR files
2.2 Match the name with a description of purpose or functionality, for each of the following deployment descriptor elements:
Servlet instance
Servlet name
Servlet class
Initialization parameters
URL to named servlet mapping
Alfresco Web Content Management Roadmap - 3.2 and BeyondAlfresco Software
Review the technical implementation of Alfresco Web Content Management, including architecture, and technology stack, and current direction forward. Clustering, High Availability, Web Delivery RUntime, Technology Agnosticism, SURF component services, and the Forms service are covered. Different use cases are also reviewed.
In this talk, I'll show you how you can build Alfresco ADF applications using the new version 3.0.0. The new ADF versions include a number of new features and some breaking changes with the past that will make your life easier, I'll show you how to take advantage of it and embrace the change.
2.1 Identify the structure of a web application and web archive file, the name of the WebApp deployment descriptor, and the name of the directories where you place the following:
The WebApp deployment descriptor
The WebApp class files
Any auxiliary JAR files
2.2 Match the name with a description of purpose or functionality, for each of the following deployment descriptor elements:
Servlet instance
Servlet name
Servlet class
Initialization parameters
URL to named servlet mapping
The presentation provides overview of JAX-RS 2.0 and the cool new things that come with it. It also provides an introduction to OData which is a protocol proposed by Microsoft for data interchange.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
2. Outline
● Carbon admin services and how frontend components
interacts with them
● Stratos controller API (existing) and its UI components.
● What it takes to deploy a web-app in Carbon kernel
● Accessing core OSGi services by means of
CarbonContext API
● JAX-RS web-app exposing admin services of Stratos -
big picture
● How Custom web-app frontend/command line tooling
can interact with the deployed REST apis.
3. Carbon Admin Services
- The component which hosts JSP frontends are known as frontend
component
- Backend engine exposes the API via WS
Carbon Backend
Component - OSGi
services
Web-Services Interface
FrontEnd
Component
4. Implementation Class and a
Descriptor File
- There is an implementation class A.K.A. web-
service wrapper class.
- Its defined in a metafile called services.xml
5. Implementation Class
public class RepositoryAdminService {
/**
* Use this method to add a P2 repository to the system.
*
* @param location of the repository to be added
* @param nickName of the repository to be added
* @return true only if the operation is successful
* @throws AxisFault if an exception occurs while adding the repository
*/
public boolean addRepository(String location, String nickName)
/**
* Use this method to update an existing repository
*
* @param prevLocation current location of the repository
* @param prevNickName current name of the repository
* @param updatedLocation new location of the repository
* @param updatedNickName new name of the repository
* @throws AxisFault if an exception occurs while updating the repository
*/
public void updateRepository(String prevLocation, String prevNickName,
String updatedLocation, String updatedNickName)
6. Service Meta File
<service name="RepositoryAdminService" scope="transportsession">
<schema schemaNamespace="http://org.apache.axis2/xsd" elementFormDefaultQualified="true"/>
<transports>
<transport>https</transport>
</transports>
<module ref="ComponentMgtModule"/>
<description>
To administer all the repositories where the installable features are available.
</description>
<parameter name="ServiceClass">org.wso2.carbon.feature.mgt.services.prov.
RepositoryAdminService</parameter>
8. Deploying a WebApp in Carbon
Kernel
- Kernel packs an embedded Apache Tomcat
- However there is no /webapps directory
- We have to deploy our webapp
programmatically.
- Writing a Deployer would do...
9. Accessing Carbon Server Runtime
from a Co-Hosted WebApp.
- CarbonContext API allows us to access Carbon Runtime
details.
Carbon Server Runtime (OSGi Services)
Co-Hosted
WebApp
:)
10. CarbonContext API...
public String getTenantDomain(boolean resolve)
public int getTenantId(boolean resolve)
public Object getOSGiService(Class clazz)
11. RESTful API for Stratos Backend
Services...
- Using CarbonContext API and co-hosted
external webapp, we retrieve Stratos backend
services.
- We can write a JAX-RS wrapper.
- JAX-RS deployment model is webapp. :)
13. Implementation Details..
- CXF based JAX-RS webapp
- Wink based webapp.
Personally prefer CXF runtime. But open for
discussion..
14. API Consumers...
- Stratos-CLI can make use of the new API
- Stratos Controller frontend can a webapp
talking to the new API
- The SC frontend can be hosted in a separate
servlet container, or..
- Can be hosted in the same server instance
15. Securely exposing those APIs...
- BasicAuth
- Has to be integrated with the Carbon user-store for
tenant level authentication
- Multitenancy handled as well using CarbonContext
APIs.
- OAuth ?