This document discusses Noah, a system for orchestration and coordination of infrastructure components like configuration management tools, applications, servers, and services. Noah uses a hierarchical data model and API to represent these components as objects that can be manipulated and watched. It aims to address the need for orchestration beyond single nodes and provide synchronization between different aspects of infrastructure.
FRDCSA Temporal Planning and Inferencing for Task Management through the Verb...aindilis
Andrew will show how he am uses PDDL2.1,PDDL2.2,PDDL3, and NPDDL
temporal planners in combination with federated search over various
sources including the FreeKBS knowledge based system (for world state
maintenance and goal and dependency tracking) to develop a personal
task management system, and it's Emacs user interfaces. It is planned
to integrate to various semweb systems.
As presented at ZendCon, Confoo, LaraconEU, ZgPHP, PFCongres and Fronteers User Group. An overview of some intermediate level HTTP features and how they might be useful in practice.
Arpad Ray's PHPNW08 slides:
Looking at websites from the perspective of potential attackers is a useful technique not only for security professionals.
This talk demonstrates how to use simple PHP scripts to exploit many common security holes in PHP applications, hopefully giving developers a deeper understanding of what it is they are protecting against.
* Getting around common precautions against SQL injection
* Free spam with SMTP injection
* Making a malicious website to exploit PHP sessions
* The holes every attacker hopes for
* Making use of a newly exploited website
FRDCSA Temporal Planning and Inferencing for Task Management through the Verb...aindilis
Andrew will show how he am uses PDDL2.1,PDDL2.2,PDDL3, and NPDDL
temporal planners in combination with federated search over various
sources including the FreeKBS knowledge based system (for world state
maintenance and goal and dependency tracking) to develop a personal
task management system, and it's Emacs user interfaces. It is planned
to integrate to various semweb systems.
As presented at ZendCon, Confoo, LaraconEU, ZgPHP, PFCongres and Fronteers User Group. An overview of some intermediate level HTTP features and how they might be useful in practice.
Arpad Ray's PHPNW08 slides:
Looking at websites from the perspective of potential attackers is a useful technique not only for security professionals.
This talk demonstrates how to use simple PHP scripts to exploit many common security holes in PHP applications, hopefully giving developers a deeper understanding of what it is they are protecting against.
* Getting around common precautions against SQL injection
* Free spam with SMTP injection
* Making a malicious website to exploit PHP sessions
* The holes every attacker hopes for
* Making use of a newly exploited website
Finding the right stuff, an intro to Elasticsearch with Ruby/RailsMichael Reinsch
Slides for my introduction to using Elasticsearch with Ruby/Rails, held at Tokyo Rubyist Meetup in October 2015.
In it I'm giving a short overview on how to use Elasticsearch using the official Elasticsearch Gems with a Ruby on Rails project. Starting with a simple example, expanding to multilanguage, multiobject indexes.
Also I'm shortly discussing integration testing and production hosting.
Details on how we capture application data in our access and error logs, as well as how to generate quick reports and graphs from these logs.
This talk was presented at O'Reilly's Velocity Online Conference on October 26, 2011.
PesterSec: Using Pester & ScriptAnalyzer to Detect Obfuscated PowerShellDaniel Bohannon
Slides from presentation: "PesterSec: Using Pester & ScriptAnalyzer to Detect Obfuscated PowerShell" presented at PSConfEU in Hanover, Germany.
For more information: http://www.danielbohannon.com/presentations/
Did you know that your web sites can now talk to actual bluetooth devices around it? With new initiatives like the Physical Web and new APIs like Web Bluetooth, it’s now easier than ever to interact with hardware using nothing but Web technologies. In this talk, you will learn how to broadcast URLs to nearby devices and how to control hardware via bluetooth. All of this using plain old vanilla Javascript.
Increase the speed of Dart software delivery with unit testing, code analysis, headless browser testing, cross-browser and mobile testing, continuous integration, and automated deployments.
An overview of the Django rapid application development framework. Topics include the history of the framework, an architectural overview, how to get started, and a brief comparison to Ruby on Rails.
This talk was given at the Dutch PHP Conference 2011 and details the use of Comet (aka reverse ajax or ajax push) technologies and the importance of websockets and server-sent events. More information is available at http://joind.in/3237.
Slides from presentation: "Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science" originally released at Black Hat USA 2017 & DEF CON by @danielhbohannon and @Lee_Holmes.
For more information: http://www.danielbohannon.com/presentations/
Slides from presentation: "Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)" originally released at Black Hat Asia 2018 in Singapore.
For more information: http://www.danielbohannon.com/presentations/
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...Codemotion
Powered by Python, MongoDB and good intentions the Eve REST API framework allows to effortlessly build and deploy highly customizable, fully featured RESTful Web Services. It is written in Python and it is powered by MongoDB, although SQL backends are supported via community extensions. In this talk I will show the framework features, explain its philosophy, and live-demo it so that you can better understand if Eve can become a valuable asset to your current and future projects.
A brief introduction to using Apache Solr for implementing search for your website.
Download the ppt to see comments which add more detail.
Presented at eBig Java SIG, Oakland, CA. June 2008
Finding the right stuff, an intro to Elasticsearch with Ruby/RailsMichael Reinsch
Slides for my introduction to using Elasticsearch with Ruby/Rails, held at Tokyo Rubyist Meetup in October 2015.
In it I'm giving a short overview on how to use Elasticsearch using the official Elasticsearch Gems with a Ruby on Rails project. Starting with a simple example, expanding to multilanguage, multiobject indexes.
Also I'm shortly discussing integration testing and production hosting.
Details on how we capture application data in our access and error logs, as well as how to generate quick reports and graphs from these logs.
This talk was presented at O'Reilly's Velocity Online Conference on October 26, 2011.
PesterSec: Using Pester & ScriptAnalyzer to Detect Obfuscated PowerShellDaniel Bohannon
Slides from presentation: "PesterSec: Using Pester & ScriptAnalyzer to Detect Obfuscated PowerShell" presented at PSConfEU in Hanover, Germany.
For more information: http://www.danielbohannon.com/presentations/
Did you know that your web sites can now talk to actual bluetooth devices around it? With new initiatives like the Physical Web and new APIs like Web Bluetooth, it’s now easier than ever to interact with hardware using nothing but Web technologies. In this talk, you will learn how to broadcast URLs to nearby devices and how to control hardware via bluetooth. All of this using plain old vanilla Javascript.
Increase the speed of Dart software delivery with unit testing, code analysis, headless browser testing, cross-browser and mobile testing, continuous integration, and automated deployments.
An overview of the Django rapid application development framework. Topics include the history of the framework, an architectural overview, how to get started, and a brief comparison to Ruby on Rails.
This talk was given at the Dutch PHP Conference 2011 and details the use of Comet (aka reverse ajax or ajax push) technologies and the importance of websockets and server-sent events. More information is available at http://joind.in/3237.
Slides from presentation: "Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science" originally released at Black Hat USA 2017 & DEF CON by @danielhbohannon and @Lee_Holmes.
For more information: http://www.danielbohannon.com/presentations/
Slides from presentation: "Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)" originally released at Black Hat Asia 2018 in Singapore.
For more information: http://www.danielbohannon.com/presentations/
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...Codemotion
Powered by Python, MongoDB and good intentions the Eve REST API framework allows to effortlessly build and deploy highly customizable, fully featured RESTful Web Services. It is written in Python and it is powered by MongoDB, although SQL backends are supported via community extensions. In this talk I will show the framework features, explain its philosophy, and live-demo it so that you can better understand if Eve can become a valuable asset to your current and future projects.
A brief introduction to using Apache Solr for implementing search for your website.
Download the ppt to see comments which add more detail.
Presented at eBig Java SIG, Oakland, CA. June 2008
Phing - A PHP Build Tool (An Introduction)Michiel Rook
PHing Is Not GNU make; it's a PHP project build system or build tool based on Apache Ant.
These are slides from my talk during the Unconference at the Dutch PHP 2011 Conference (Amsterdam). During this talk I gave an overview of the features and how to use, adapt and extend Phing.
Accelerated Adoption: HTML5 and CSS3 for ASP.NET DevelopersTodd Anglin
HTML5 and CSS3 have arrived. Are you ready to start adopting these technologies in your web projects? Jump start your understanding of the new rich standards and arm yourself with essential techniques for making the most of HTML5 and CSS3 today. In this half-day workshop, you will learn everything you need to know to effectively start leveraging HTML5 and CSS3 in ASP.NET applications. Learn how HTML5 and CSS3 are removing limits from web design. Discover tools and techniques for adopting HTML5 and CSS3 while still supporting older browsers. Leave with the essential knowledge needed to embrace HTML5 and CSS3 in your next ASP.NET project!
This presentation addresses web app integration testing (a.k.a. browser testing) in Python. It focuses on currently-available tools, including one that I wrote, and looks at some specific integration testing concerns for the Django web framework.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
25. “ I think..and I don't know if anyone would agree, that configuration management is a solved problem at this point, right?”
26. “ I think..and I don't know if anyone would agree, that configuration management is a solved problem at this point, right?” WTF?
27. "The point I want to make..Configuration management is not a solved problem...and it's dangerous to make the mistake to think that the way we do things now is the best way to do them..." - Andrew Clay Shafer
28. “ what I was attempting to say ... is that the current crop of configuration management tools have reached a usable point where they do enough (for now). What we’re seeing as questions now are 'How do I think beyond the single node where this tool is running?'”
29. “ what I was attempting to say (epic fail, I might add) is that the current crop of configuration management tools have reached a usable point where they do enough (for now). What we’re seeing as questions now are ' How do I think beyond the single node where this tool is running? '”
30.
31. Provide mechanisms for coordination between applications, nodes, services, configuration management and other infrastructure aspects
32. Example Use Case 1) Capacity Reached. Tell Noah 2) Noah tells provisioning system 3) Capacity allocated. Tell Noah 4) Noah triggers Puppet on LB 5) Noah triggers Puppet on Nagios Noah Nagios Puppet (app) Load Balancer
34. "ZooKeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services. All of these kinds of services are used in some form or another by distributed applications."
In the beginning we did things manually. This was generally regarded as a very bad idea.
We took notes! (Yes this is on an actual server right now as we speak)
We wrote handbooks!
Then we started writing Shell scripts!
This script is actually broken.
Then we got smart!
In the general scheme of things, we've evolved. We treat our infrastructure as code. We've adopted behaviors and practices that developers have been doing for years. We're green, ship it!
At DevOpsDay Mt. View, a revelation was made.
The response was generally overwhelmingly supportive....
Ideas were “refined”
This is the heart of “orchestration”. This is the problem space that needs addressing right now.
Orchestraton means many things however. Luke mentioned “Command and Control” for instance. Impedence mismatch – mention Capistrano and boatload of “deploy” tools. Something is missing. Mechanisms – traditional orchestration
Just a quick example use case to demonstrate “orchestration”
Znodes are easily grokable. We get “paths”. Programatically friendly. Watches are cool. Downsides:
Have always needed something LIKE ZK. Haven't always had the “luxury” of language bindings. Haven't always needed the full feature set. Another unofficial goal is that it work in a “disconnected” world.
Going over the basics of interacting with Noah. All of this is on the wiki.
Host – node, server Service – http/https/ftp OSI L3 analogy. An open port. Host/Service inspired by Nagios Application – tomcat, apache, rails app. OSI L7 analogy Configuration – httpd.conf, server.xml, database.yml
Ephemerals – Arbitrary blob of information Tag – tags...not much to say here Links – similar to symlinks. Create a custom namespace Watches – Async pluggable callbacks
Explain the general idea behind programatic friendly paths. Operate with standard HTTP verbs – GET, PUT, DELETE
Explain the general idea behind programmatic friendly paths.
Common fields in all GETs
This is a GET to /hosts/
Remember that services must be bound to hosts.
Note the asterix here
JSON version is default in most cases: Accept: application/json to ensure this representation application/octet will ensure that you get a proper mime typed version.
Reminder of the paths
Note that services has a requirement on hostname in the path.
This is what you PUT to each path in previous slide Maybe have to jump back and forth.
Same paths as put. No payload required.
Explain a bit how ZK watches work Mention race condition.
Made up of endpoints and patterns. Persistence will eventually be tunable Supersets If you declare a watch for endpoint on: /hosts You can't declare a watch for endpoint on: /hosts/foo_host Subsets are the reverse
This creates a watch for anything under /applications. When something “changes” under /applications, the change will be send to the endpoint.
Again, watches have the same common fields
Here we're going to add a tag to that new application
Note that every example listed does not actually exist YET
Creator unrelated to the reciever is important. Allows proxy management You can write your own at the cost of fragility
James wrote these. Need to be updated to newest Noah API. Mention that this was supposed to be done before this presentation but there was some “confusion” about the schedule - Functions pull data from/put in Noah - noah_data fact pulls configurations from Noah Cover the mappings
Taking Noah out of the mix for a moment, what's a traditional workflow for managing applications with Puppet?
Problems I've seen Different repos Dev interaction What happens when we add a new setting? How many people run puppet in daemon mode or via cron as opposed to on demand? Rampination.
Adding Noah in the mix Looks a bit more complicated. Noah becomes your System of Record Talk about Volatile settings
This is where I disagree with Luke a little bit. There are valid use cases for “dynamic” configuration. JMX exists.
Explain CI
We currently do this for deploys at VA using a curl script in a bash step You can either trigger the deploy itself or wrap it around a puppet run. Both can be done by CI. Upshot is that you get more templated CI jobs.
This is similar to the original example use case.
The nagios event handler, again, can be implemented as a curl script. If there's a watch attached, you can trigger any number of actions. You can have endpoints in your applications that make it dynamically respond.
This is an immediate win
Ghetto job dependencies Easier than dealing with mysql command lines and escaping.
ZK and Doozer are a bit more complex. Require persistent connections. NoSQL and Nesoi are nice because they're http and json!