Chaos engineering for start ups and sm es
•
0 likes•71 views
The document discusses chaos engineering for startups and small-to-medium enterprises (SMEs). It defines chaos engineering as intentionally introducing failures or disruptions to test a system's resiliency. It recommends several mitigation strategies for startups and SMEs, including controlling access to code and databases, implementing backups, and using encryption. The document notes that startups and SMEs may lack formal security policies and resources for high-cost solutions, so chaos engineering practices can help prevent single failures from destroying their business.
Report
Share
Report
Share
Download to read offline
Recommended
PyDriller: Python Framework for Mining Software Repositories
PyDriller is a Python framework for mining software repositories from Git (and soon Mercurial) histories. It aims to ease the extraction of information like commit data, file histories, and source code from repositories. PyDriller supports analyzing a project's history and metadata but not direct repository manipulation. It provides lazy-evaluated access to commit and file-level information at speeds from 60 commits/second to 4 commits/second depending on the level of data retrieved. The tool is open source and sees widespread academic and commercial use for software engineering tasks.
Object data manager Tutorials
The document discusses the Object Data Manager (ODM) in AIX. ODM maintains system configuration by saving everything in binary format for security rather than ASCII. It is more robust and secure. ODM manages data by storing configuration files and repositories in locations like /usr/lib/objrepos and /etc/objrepos. Similar to entries in /etc/passwd, ODM uses a component-based structure. Commands like odmchange, odmcreate, odmdelete allow users to manage objects and object classes within ODM.
Steeltoe Meetup Toronto 4-18-2017
This document introduces Steeltoe, an open source toolkit for building cloud-native .NET microservices. Steeltoe helps .NET developers build applications that follow cloud-native principles and can leverage Spring Cloud tools for resilient microservices. It includes components for service discovery, configuration, security, and connecting to common services like MySQL and RabbitMQ. The presentation provides an overview of Steeltoe's capabilities, how it helps with challenges of microservices and distributed systems, and information on getting started and the project's roadmap.
Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)
This document discusses Apache Deltacloud, which allows clients to interact with different cloud platforms through common APIs. Deltacloud supports the EC2 and CIMI standards. It can act as an EC2 frontend to interface with clouds like OpenStack. Deltacloud also implements the CIMI standard developed by DMTF to provide a common REST API for cloud resources across platforms.
Rook: Storage for Containers in Containers – data://disrupted® 2020
In this talk Kim-Norman Sahm and Alexander Trost dive into the challenges of storage for containerized applications on Kubernetes. We'll see how the current state is and how Rook can help with that. We are going to especially look at Ceph run through Rook here, but nonetheless trying not to lose sight of the whole picture. There is a lot to keep in mind storage as is, but everything gets more complex with storage for containers. From what type of storage to how much and how "safe" it should, all questions that should be asked and most of them which should be answered as well. Rook's project site https://rook.io/
Kim-Norman Sahm is CTO of Cloudical. He also works as Executive Cloud Architect at Cloudical. Previously, he was OpenStack Cloud Architect at T-Systems (operational services GmbH) and noris network AG. He is an expert of the technologies OpenStack, Ceph and Kubernetes (CKA).
Alexander Trost works as a DevOps Engineer at Cloudical Deutschlang GmbH and is a Certified Kubernetes Administrator (CKA). He is one of four maintainers of the Rook.io Project and is engaged in several more open source projects, for example a Prometheus exporter for Dell Hardware (Dell OMSA Metrics), k8s-vagrant-multi-node an easy local multi node Kubernetes environment, and others. Besides Containers and Kubernetes he is expert on Software Defined Storage, Golang and Continuous Integration (with GitLab CI). He passionately enjoys working on open source projects, such as Rook, Ancientt and other projects.
Ruby for soul of BigData Nerds
This document discusses big data challenges and trends in data collection, storage, analysis, and stream processing. It introduces tools like Fluentd for data collection and filtering, Hadoop and OpenTSDB for storage, Hadoop Streaming and Hive for analysis, and custom dashboards or services like Tableau for visualization. It also covers stream computing with STORM, describing streams, spouts, bolts, and topologies, and provides an example of visualizing bandwidth usage with RedStorm on JRuby. The document is presented by an engineering team lead who founded BigData.SG and contributes to fluentd, pfeed, and other projects.
Installing a Cluster of Raspberry Pis with Stacki Ace
To fully utilize the power of Raspberry Pis, StackIQ ported Stacki to support the inexpensive single-board computers, creating Stacki Ace: an open-source bare-metal installer for Raspberry Pis.
With the release of Stacki 4.0 comes more improvements in Stacki Ace. The avalanche installer has been added for parallel installation and 20MB images instead of 2GB images are now used to install the backend nodes increasing the installation speed immensely.
This is Greg Bruno's presentation from his webinar on how to create a cluster of Raspberry Pis with Stacki Ace.
S3 security
This document discusses security tools and techniques for exploiting and detecting issues related to Amazon Web Services (AWS) S3 buckets. It introduces tools like Bucket Finder and DNS Recon that can be used to find exposed or misconfigured S3 buckets. It then covers access controls and policies that govern access to S3 buckets. Finally, it outlines several approaches for detecting public or misconfigured S3 objects using services like AWS Config, CloudTrail, Lambda functions, and CloudWatch rules to monitor for changes and automatically remediate issues.
Recommended
PyDriller: Python Framework for Mining Software Repositories
PyDriller is a Python framework for mining software repositories from Git (and soon Mercurial) histories. It aims to ease the extraction of information like commit data, file histories, and source code from repositories. PyDriller supports analyzing a project's history and metadata but not direct repository manipulation. It provides lazy-evaluated access to commit and file-level information at speeds from 60 commits/second to 4 commits/second depending on the level of data retrieved. The tool is open source and sees widespread academic and commercial use for software engineering tasks.
Object data manager Tutorials
The document discusses the Object Data Manager (ODM) in AIX. ODM maintains system configuration by saving everything in binary format for security rather than ASCII. It is more robust and secure. ODM manages data by storing configuration files and repositories in locations like /usr/lib/objrepos and /etc/objrepos. Similar to entries in /etc/passwd, ODM uses a component-based structure. Commands like odmchange, odmcreate, odmdelete allow users to manage objects and object classes within ODM.
Steeltoe Meetup Toronto 4-18-2017
This document introduces Steeltoe, an open source toolkit for building cloud-native .NET microservices. Steeltoe helps .NET developers build applications that follow cloud-native principles and can leverage Spring Cloud tools for resilient microservices. It includes components for service discovery, configuration, security, and connecting to common services like MySQL and RabbitMQ. The presentation provides an overview of Steeltoe's capabilities, how it helps with challenges of microservices and distributed systems, and information on getting started and the project's roadmap.
Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)
This document discusses Apache Deltacloud, which allows clients to interact with different cloud platforms through common APIs. Deltacloud supports the EC2 and CIMI standards. It can act as an EC2 frontend to interface with clouds like OpenStack. Deltacloud also implements the CIMI standard developed by DMTF to provide a common REST API for cloud resources across platforms.
Rook: Storage for Containers in Containers – data://disrupted® 2020
In this talk Kim-Norman Sahm and Alexander Trost dive into the challenges of storage for containerized applications on Kubernetes. We'll see how the current state is and how Rook can help with that. We are going to especially look at Ceph run through Rook here, but nonetheless trying not to lose sight of the whole picture. There is a lot to keep in mind storage as is, but everything gets more complex with storage for containers. From what type of storage to how much and how "safe" it should, all questions that should be asked and most of them which should be answered as well. Rook's project site https://rook.io/
Kim-Norman Sahm is CTO of Cloudical. He also works as Executive Cloud Architect at Cloudical. Previously, he was OpenStack Cloud Architect at T-Systems (operational services GmbH) and noris network AG. He is an expert of the technologies OpenStack, Ceph and Kubernetes (CKA).
Alexander Trost works as a DevOps Engineer at Cloudical Deutschlang GmbH and is a Certified Kubernetes Administrator (CKA). He is one of four maintainers of the Rook.io Project and is engaged in several more open source projects, for example a Prometheus exporter for Dell Hardware (Dell OMSA Metrics), k8s-vagrant-multi-node an easy local multi node Kubernetes environment, and others. Besides Containers and Kubernetes he is expert on Software Defined Storage, Golang and Continuous Integration (with GitLab CI). He passionately enjoys working on open source projects, such as Rook, Ancientt and other projects.
Ruby for soul of BigData Nerds
This document discusses big data challenges and trends in data collection, storage, analysis, and stream processing. It introduces tools like Fluentd for data collection and filtering, Hadoop and OpenTSDB for storage, Hadoop Streaming and Hive for analysis, and custom dashboards or services like Tableau for visualization. It also covers stream computing with STORM, describing streams, spouts, bolts, and topologies, and provides an example of visualizing bandwidth usage with RedStorm on JRuby. The document is presented by an engineering team lead who founded BigData.SG and contributes to fluentd, pfeed, and other projects.
Installing a Cluster of Raspberry Pis with Stacki Ace
To fully utilize the power of Raspberry Pis, StackIQ ported Stacki to support the inexpensive single-board computers, creating Stacki Ace: an open-source bare-metal installer for Raspberry Pis.
With the release of Stacki 4.0 comes more improvements in Stacki Ace. The avalanche installer has been added for parallel installation and 20MB images instead of 2GB images are now used to install the backend nodes increasing the installation speed immensely.
This is Greg Bruno's presentation from his webinar on how to create a cluster of Raspberry Pis with Stacki Ace.
S3 security
This document discusses security tools and techniques for exploiting and detecting issues related to Amazon Web Services (AWS) S3 buckets. It introduces tools like Bucket Finder and DNS Recon that can be used to find exposed or misconfigured S3 buckets. It then covers access controls and policies that govern access to S3 buckets. Finally, it outlines several approaches for detecting public or misconfigured S3 objects using services like AWS Config, CloudTrail, Lambda functions, and CloudWatch rules to monitor for changes and automatically remediate issues.
Sprint 14
The summary provides an overview of the key topics and outcomes from ManageIQ Sprint 14:
1) Sprint 14 ended on October 20th and resulted in 99 pull requests being merged including 40 issues labeled as bugs and 9 as enhancements.
2) A ManageIQ design summit was held with over 70 attendees and 21 sessions covering integration designs and extending ManageIQ capabilities.
3) Several integration designs were discussed including Foreman provider modeling, CloudFormations template parameters, and automating the ManageIQ file system.
4) Additional enhancements discussed were modifying clone options during provisioning, supporting SSL for OpenStack API connections, improving test performance, and adding XFS version 5 support.
FleetDB
FleetDB is a NoSQL document database that uses a schema-free and document-based data model. It stores all data in memory for high performance and persistence. FleetDB supports rich data structures, single document access across multiple tables, clear path to horizontal scalability without migrations, multi-record transactions, and excellent concurrency. Client libraries are available for Java, Python, and Clojure.
Accelerating Spark with Kubernetes
Alluxio can be deployed on Kubernetes to provide data orchestration for analytics frameworks like Spark. Alluxio abstracts data sources and provides a unified namespace, enabling elastic scaling of compute and independent data. It can be deployed with the Alluxio master and workers in separate pods or together with compute frameworks like Spark. A demo was shown of running Spark jobs on Alluxio to get data locality benefits within Kubernetes.
Travis
This document lists various database technologies that can be integrated with Travis CI such as MySQL, PostgreSQL, MongoDB, CouchDB, Redis, Riak, RabbitMQ, Memcached, Cassandra, Neo4J, ElasticSearch, Kestrel, and SQLite3. It also mentions configuring integrations using a .travis.yml file and gaining profits from such integrations.
OpenStack Swift的性能调优
CloudConnect 云计算大会 China 2016
OpenStack Swift的性能调优
Performance Tuning of OpenStack Swift
李明宇 奥思数据 创始⼈& CTO
Email: li.mingyu@ostorage.com.cn
Swift is good at storing small objects like photos and documents.
What’s new in Alluxio 2: from seamless operations to structured data management
Alluxio Online Community Office Hours
Jan 28, 2020
Speakers:
Bin Fan, Alluxio
Calvin Jia, Alluxio
Alluxio 2.0 release was the biggest update since the birth of the project “Tachyon” from UC Berkley’s AmpLab. Gathering feedback from our Open Source Community and enterprise users, Alluxio 2.0 expands the system in three major directions including improving the operability of the system, having more advanced data management, as well as re-architecting the system to be able to scale to 1 billion + file. The system is now cloud native on AWS, Google Cloud, and allow users to enable native deployment with K8s. The new advanced data management enables data migration and replication from diff storage systems.
In this office hour, we introduce what’s new in the Alluxio 2 release, and dive deeper in each major direction the system has expanded on.
In this Office Hour, we will go over:
- Introduction and motivation of focus areas of Alluxio 2
- Overview of cloud native deployment methods
- New data management features
- System scalability improvements
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
In a follow-up to the duo’s offensive focused talk “DevOops, How I hacked you”, they discuss defensive countermeasures and real experiences in preventing attacks that target flaws in your DevOps environments. In this talk, Chris and Ken describe common ways in which DevOps environments fall prey to malicious actors with a focus on preventative steps. The team will present their recommended approach to hardening for teams using AWS, Continuous Integration, GitHub, and common DevOps tools and processes. More specifically, the following items will be demonstrated:
-AWS Hardening
-AWS Monitoring
-AWS Disaster Recovery
-GitHub Monitoring
-OPINT
-Software Development Practices/Processes
-Secure use of Jenkins/Hudson
-Developer laptop hardening (OS X)
Designing for operability and managability
Slide deck presented at https://www.meetup.com/Elasticsearch-Explorers/events/247793898/ meetup on 24th Mar 2018.
StorageQuery: federated querying on object stores, powered by Alluxio and Presto
Alluxio Global Online Meetup
August 25, 2020
For more Alluxio events: https://www.alluxio.io/events/
Speakers:
Abner Ferreira, Simbiose Ventures
Caio Pavanelli, Simbiose Ventures
Bin Fan, Alluxio
Over the last few years, organizations have worked towards the separation of storage and compute for a number of benefits in the areas of cost, data duplication and data latency. Cloud resolves most of these issues but comes to the expense of needing a way to query data on remote storages. Alluxio and Presto are a powerful combination to address the compute problem, which is part of the strategy used by Simbiose Ventures to create a product called StorageQuery - A platform to query files in cloud storages with SQL.
This talk will focus on:
- How Alluxio fits StorageQuery's tech stack;
- Advantages of using Alluxio as a cache layer and its unified filesystem;
- Development of new under file system for Backblaze B2 and fine-grained code documentation;
- ShannonDB remote storage mode.
Spring Roo Add-On Development & Distribution
This document provides an overview of creating and distributing Spring Roo add-ons. It discusses the architectural journey that led to Roo's design, including decisions to use Java and AspectJ rather than creating a new runtime. It also covers getting started with a new add-on using the Add-on Creator, implementation details like using common services and file monitoring, and how to develop add-ons that integrate with the Roo shell and OSGi container. The document concludes with pointers for starters, like reviewing example add-ons and Spring Roo source code.
Git Gerrit Mit Teamforge
The document discusses tools for software development including Git, Gerrit, Jenkins, and TeamForge. It provides an overview of each tool's purpose and how they can integrate together. Key points include that Gerrit allows for code review and Git hosting, Jenkins enables continuous integration, and TeamForge provides an enterprise platform that integrates these tools with additional features for access management, compliance, and application lifecycle management.
OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...
I gave a talk titled "Continuous Integration in data centers“ at OSDC in 2013, presenting ways how to realize continuous integration/delivery with Jenkins and related tools.Three years later we gained new tools in our continuous delivery pipeline, including Docker, Gerrit and Goss. Over the years we also had to deal with different problems caused by faster release cycles, a growing team and gaining new projects. We therefore established code review in our pipeline, improved our test infrastructure and invested in our infrastructure automation.In this talk I will discuss the lessons we learned over the last years, demonstrate how a proper continuous delivery pipeline can improve your life and how open source tools like Jenkins, Docker and Gerrit can be leveraged for setting up such an environment.
Git/Gerrit with TeamForge
As the popularity of Git grows, questions around security and code quality are moving center stage. Learn why the combination of Git/Gerrit and TeamForge form the industry’s leading enterprise-grade solution to manage Git based development programs, both on-premises and in the cloud.
In this webinar, Johannes Nicolai will provide an overview of Git/Gerrit- and why enterprises choose to use the Git-TeamForge integration for unmatched security, scalability and compliance, as well as introduce and demonstrate the power of Gerrit 2.8 with TeamForge:
How you can ensure meeting regulatory and corporate compliance mandates with TeamForge’s tamper-proof audit trails.
How TeamForge provides 100% history protection for accidentally deleted branches and helps you meet the most stringent compliance standards.
How Git, Gerrit and Jenkins reduces the number of manual code reviews by automatically pre-validating builds via Jenkins.
How to graphically design your own review workflows using CollabNet’s Quality Gate Wizard for Gerrit
Promise of DevOps
The document discusses the original promise of DevOps to bridge silos between development and operations teams and enable continuous delivery. It outlines the key tools and trends that emerged over the past 5 years, including Git, Docker, Kubernetes, GitHub Actions, Terraform, and the shift to treating infrastructure as code. The document also presents examples of CI/CD pipelines used by the author's team to provision AWS accounts and deploy environments for applications.
Netflix oss season 2 episode 1 - meetup Lightning talks
The lightning talks covered various Netflix OSS projects including S3mper, PigPen, STAASH, Dynomite, Aegisthus, Suro, Zeno, Lipstick on GCE, AnsWerS, and IBM. 41 projects were discussed and the need for a cohesive Netflix OSS platform was highlighted. Matt Bookman then gave a presentation on running Lipstick and Hadoop on Google Cloud Platform using Google Compute Engine and Cloud Storage. He demonstrated running Pig jobs on Compute Engine and discussed design considerations for cloud-based Hadoop deployments. Finally, Peter Sankauskas from @Answers4AWS discussed initial ideas around CloudFormation for Asgard and deploying various Netflix OSS
Hibernate java and_oracle
The document provides an overview of configuring and using Hibernate, an object-relational mapping tool for Java. It discusses downloading and setting up required libraries, configuring Hibernate properties and mappings, and examples of mapping Java objects to database tables for single entities, primary keys, one-to-many and many-to-many relationships, and reference data. Code samples and explanations are provided for saving, updating, and querying objects using Hibernate.
Helpful pre commit hooks for Python and Django
Pre-commit hooks can help to keep your source code consistent and discover broken code before it makes it into the repository. This lightning talk describes pre-commit hooks that can be helpful when developing with Python, especially when using the Django framework. It also provides consistent example configurations for hooks that have conflicting defaults.
DevOops & How I hacked you DevopsDays DC June 2015
In a quest to move faster, organizations can end up creating security vulnerabilities using the tools and products meant to protect them. Both Chris Gates and Ken Johnson will share their collaborative research into the technology driving DevOps as well as share their stories of what happens when these tools are used insecurely as well as when the tools are just insecure.
Technologies discussed will encompass AWS Technology, Chef, Puppet, Hudson/Jenkins, Vagrant, Kickstart and much, much more. This talk will most definitely be an entertaining one but a cautionary tale as well, provoking attendees into action. Ultimately, this is research targeted towards awareness for those operating within a DevOps environment.
Odoo.sh for Project Managers & Developers
Odoo.sh is a continuous integration hosting platform for Odoo that allows custom and community modules. It facilitates testing, deployment, and debugging of Odoo projects. Key features include being preconfigured and optimized for Odoo, and having DNS, mail servers, backups, and other services already setup. It aims to provide top notch security, high availability, and other features like shell access and monitoring.
Operating PostgreSQL at Scale with Kubernetes
The maturation of containerization platforms has changed how people think about creating development environments and has eliminated many inefficiencies for deploying applications. These concept and technologies have made its way into the PostgreSQL ecosystem as well, and tools such as Docker and Kubernetes have enabled teams to run their own “database-as-a-service” on the infrastructure of their choosing.
All this sounds great, but if you are new to the world of containers, it can be very overwhelming to find a place to start. In this talk, which centers around demos, we will see how you can get PostgreSQL up and running in a containerized environment with some advanced sidecars in only a few steps! We will also see how it extends to a larger production environment with Kubernetes, and what the future holds for PostgreSQL in a containerized world.
We will cover the following:
* Why containers are important and what they mean for PostgreSQL
* Create a development environment with PostgreSQL, pgadmin4, monitoring, and more
* How to use Kubernetes to create your own "database-as-a-service"-like PostgreSQL environment
* Trends in the container world and how it will affect PostgreSQL
At the conclusion of the talk, you will understand the fundamentals of how to use container technologies with PostgreSQL and be on your way to running a containerized PostgreSQL environment at scale!
Automate DBA Tasks With Ansible
Automate DBA tasks with Ansible describes using Ansible to automate database administration tasks. The document discusses installing and configuring Ansible, using modules to execute tasks, organizing tasks into playbooks and roles, and using templates. It provides an example of using Ansible to install an Oracle 11g database including creating directories, templating a response file, running the installer, and applying patches with a custom Oracle patching module.
Protecting confidential files using SE-Linux
This document discusses using SE-Linux to protect confidential PDF files on a Linux system. It describes implementing SE-Linux in targeted mode with a custom module. A special "TopSecret" category is assigned to PDF files. The appserv user is given access to this category to allow the application server to access the PDFs. Strict restrictions are placed on administrator access using sudo, su, SSH, and auditing to log all access attempts to the protected PDF directory. The implementation provides mandatory access control while maintaining manageability for system operators.
More Related Content
What's hot
Sprint 14
The summary provides an overview of the key topics and outcomes from ManageIQ Sprint 14:
1) Sprint 14 ended on October 20th and resulted in 99 pull requests being merged including 40 issues labeled as bugs and 9 as enhancements.
2) A ManageIQ design summit was held with over 70 attendees and 21 sessions covering integration designs and extending ManageIQ capabilities.
3) Several integration designs were discussed including Foreman provider modeling, CloudFormations template parameters, and automating the ManageIQ file system.
4) Additional enhancements discussed were modifying clone options during provisioning, supporting SSL for OpenStack API connections, improving test performance, and adding XFS version 5 support.
FleetDB
FleetDB is a NoSQL document database that uses a schema-free and document-based data model. It stores all data in memory for high performance and persistence. FleetDB supports rich data structures, single document access across multiple tables, clear path to horizontal scalability without migrations, multi-record transactions, and excellent concurrency. Client libraries are available for Java, Python, and Clojure.
Accelerating Spark with Kubernetes
Alluxio can be deployed on Kubernetes to provide data orchestration for analytics frameworks like Spark. Alluxio abstracts data sources and provides a unified namespace, enabling elastic scaling of compute and independent data. It can be deployed with the Alluxio master and workers in separate pods or together with compute frameworks like Spark. A demo was shown of running Spark jobs on Alluxio to get data locality benefits within Kubernetes.
Travis
This document lists various database technologies that can be integrated with Travis CI such as MySQL, PostgreSQL, MongoDB, CouchDB, Redis, Riak, RabbitMQ, Memcached, Cassandra, Neo4J, ElasticSearch, Kestrel, and SQLite3. It also mentions configuring integrations using a .travis.yml file and gaining profits from such integrations.
OpenStack Swift的性能调优
CloudConnect 云计算大会 China 2016
OpenStack Swift的性能调优
Performance Tuning of OpenStack Swift
李明宇 奥思数据 创始⼈& CTO
Email: li.mingyu@ostorage.com.cn
Swift is good at storing small objects like photos and documents.
What’s new in Alluxio 2: from seamless operations to structured data management
Alluxio Online Community Office Hours
Jan 28, 2020
Speakers:
Bin Fan, Alluxio
Calvin Jia, Alluxio
Alluxio 2.0 release was the biggest update since the birth of the project “Tachyon” from UC Berkley’s AmpLab. Gathering feedback from our Open Source Community and enterprise users, Alluxio 2.0 expands the system in three major directions including improving the operability of the system, having more advanced data management, as well as re-architecting the system to be able to scale to 1 billion + file. The system is now cloud native on AWS, Google Cloud, and allow users to enable native deployment with K8s. The new advanced data management enables data migration and replication from diff storage systems.
In this office hour, we introduce what’s new in the Alluxio 2 release, and dive deeper in each major direction the system has expanded on.
In this Office Hour, we will go over:
- Introduction and motivation of focus areas of Alluxio 2
- Overview of cloud native deployment methods
- New data management features
- System scalability improvements
What's hot (6)
What’s new in Alluxio 2: from seamless operations to structured data management
What’s new in Alluxio 2: from seamless operations to structured data management
Similar to Chaos engineering for start ups and sm es
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
In a follow-up to the duo’s offensive focused talk “DevOops, How I hacked you”, they discuss defensive countermeasures and real experiences in preventing attacks that target flaws in your DevOps environments. In this talk, Chris and Ken describe common ways in which DevOps environments fall prey to malicious actors with a focus on preventative steps. The team will present their recommended approach to hardening for teams using AWS, Continuous Integration, GitHub, and common DevOps tools and processes. More specifically, the following items will be demonstrated:
-AWS Hardening
-AWS Monitoring
-AWS Disaster Recovery
-GitHub Monitoring
-OPINT
-Software Development Practices/Processes
-Secure use of Jenkins/Hudson
-Developer laptop hardening (OS X)
Designing for operability and managability
Slide deck presented at https://www.meetup.com/Elasticsearch-Explorers/events/247793898/ meetup on 24th Mar 2018.
StorageQuery: federated querying on object stores, powered by Alluxio and Presto
Alluxio Global Online Meetup
August 25, 2020
For more Alluxio events: https://www.alluxio.io/events/
Speakers:
Abner Ferreira, Simbiose Ventures
Caio Pavanelli, Simbiose Ventures
Bin Fan, Alluxio
Over the last few years, organizations have worked towards the separation of storage and compute for a number of benefits in the areas of cost, data duplication and data latency. Cloud resolves most of these issues but comes to the expense of needing a way to query data on remote storages. Alluxio and Presto are a powerful combination to address the compute problem, which is part of the strategy used by Simbiose Ventures to create a product called StorageQuery - A platform to query files in cloud storages with SQL.
This talk will focus on:
- How Alluxio fits StorageQuery's tech stack;
- Advantages of using Alluxio as a cache layer and its unified filesystem;
- Development of new under file system for Backblaze B2 and fine-grained code documentation;
- ShannonDB remote storage mode.
Spring Roo Add-On Development & Distribution
This document provides an overview of creating and distributing Spring Roo add-ons. It discusses the architectural journey that led to Roo's design, including decisions to use Java and AspectJ rather than creating a new runtime. It also covers getting started with a new add-on using the Add-on Creator, implementation details like using common services and file monitoring, and how to develop add-ons that integrate with the Roo shell and OSGi container. The document concludes with pointers for starters, like reviewing example add-ons and Spring Roo source code.
Git Gerrit Mit Teamforge
The document discusses tools for software development including Git, Gerrit, Jenkins, and TeamForge. It provides an overview of each tool's purpose and how they can integrate together. Key points include that Gerrit allows for code review and Git hosting, Jenkins enables continuous integration, and TeamForge provides an enterprise platform that integrates these tools with additional features for access management, compliance, and application lifecycle management.
OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...
I gave a talk titled "Continuous Integration in data centers“ at OSDC in 2013, presenting ways how to realize continuous integration/delivery with Jenkins and related tools.Three years later we gained new tools in our continuous delivery pipeline, including Docker, Gerrit and Goss. Over the years we also had to deal with different problems caused by faster release cycles, a growing team and gaining new projects. We therefore established code review in our pipeline, improved our test infrastructure and invested in our infrastructure automation.In this talk I will discuss the lessons we learned over the last years, demonstrate how a proper continuous delivery pipeline can improve your life and how open source tools like Jenkins, Docker and Gerrit can be leveraged for setting up such an environment.
Git/Gerrit with TeamForge
As the popularity of Git grows, questions around security and code quality are moving center stage. Learn why the combination of Git/Gerrit and TeamForge form the industry’s leading enterprise-grade solution to manage Git based development programs, both on-premises and in the cloud.
In this webinar, Johannes Nicolai will provide an overview of Git/Gerrit- and why enterprises choose to use the Git-TeamForge integration for unmatched security, scalability and compliance, as well as introduce and demonstrate the power of Gerrit 2.8 with TeamForge:
How you can ensure meeting regulatory and corporate compliance mandates with TeamForge’s tamper-proof audit trails.
How TeamForge provides 100% history protection for accidentally deleted branches and helps you meet the most stringent compliance standards.
How Git, Gerrit and Jenkins reduces the number of manual code reviews by automatically pre-validating builds via Jenkins.
How to graphically design your own review workflows using CollabNet’s Quality Gate Wizard for Gerrit
Promise of DevOps
The document discusses the original promise of DevOps to bridge silos between development and operations teams and enable continuous delivery. It outlines the key tools and trends that emerged over the past 5 years, including Git, Docker, Kubernetes, GitHub Actions, Terraform, and the shift to treating infrastructure as code. The document also presents examples of CI/CD pipelines used by the author's team to provision AWS accounts and deploy environments for applications.
Netflix oss season 2 episode 1 - meetup Lightning talks
The lightning talks covered various Netflix OSS projects including S3mper, PigPen, STAASH, Dynomite, Aegisthus, Suro, Zeno, Lipstick on GCE, AnsWerS, and IBM. 41 projects were discussed and the need for a cohesive Netflix OSS platform was highlighted. Matt Bookman then gave a presentation on running Lipstick and Hadoop on Google Cloud Platform using Google Compute Engine and Cloud Storage. He demonstrated running Pig jobs on Compute Engine and discussed design considerations for cloud-based Hadoop deployments. Finally, Peter Sankauskas from @Answers4AWS discussed initial ideas around CloudFormation for Asgard and deploying various Netflix OSS
Hibernate java and_oracle
The document provides an overview of configuring and using Hibernate, an object-relational mapping tool for Java. It discusses downloading and setting up required libraries, configuring Hibernate properties and mappings, and examples of mapping Java objects to database tables for single entities, primary keys, one-to-many and many-to-many relationships, and reference data. Code samples and explanations are provided for saving, updating, and querying objects using Hibernate.
Helpful pre commit hooks for Python and Django
Pre-commit hooks can help to keep your source code consistent and discover broken code before it makes it into the repository. This lightning talk describes pre-commit hooks that can be helpful when developing with Python, especially when using the Django framework. It also provides consistent example configurations for hooks that have conflicting defaults.
DevOops & How I hacked you DevopsDays DC June 2015
In a quest to move faster, organizations can end up creating security vulnerabilities using the tools and products meant to protect them. Both Chris Gates and Ken Johnson will share their collaborative research into the technology driving DevOps as well as share their stories of what happens when these tools are used insecurely as well as when the tools are just insecure.
Technologies discussed will encompass AWS Technology, Chef, Puppet, Hudson/Jenkins, Vagrant, Kickstart and much, much more. This talk will most definitely be an entertaining one but a cautionary tale as well, provoking attendees into action. Ultimately, this is research targeted towards awareness for those operating within a DevOps environment.
Odoo.sh for Project Managers & Developers
Odoo.sh is a continuous integration hosting platform for Odoo that allows custom and community modules. It facilitates testing, deployment, and debugging of Odoo projects. Key features include being preconfigured and optimized for Odoo, and having DNS, mail servers, backups, and other services already setup. It aims to provide top notch security, high availability, and other features like shell access and monitoring.
Operating PostgreSQL at Scale with Kubernetes
The maturation of containerization platforms has changed how people think about creating development environments and has eliminated many inefficiencies for deploying applications. These concept and technologies have made its way into the PostgreSQL ecosystem as well, and tools such as Docker and Kubernetes have enabled teams to run their own “database-as-a-service” on the infrastructure of their choosing.
All this sounds great, but if you are new to the world of containers, it can be very overwhelming to find a place to start. In this talk, which centers around demos, we will see how you can get PostgreSQL up and running in a containerized environment with some advanced sidecars in only a few steps! We will also see how it extends to a larger production environment with Kubernetes, and what the future holds for PostgreSQL in a containerized world.
We will cover the following:
* Why containers are important and what they mean for PostgreSQL
* Create a development environment with PostgreSQL, pgadmin4, monitoring, and more
* How to use Kubernetes to create your own "database-as-a-service"-like PostgreSQL environment
* Trends in the container world and how it will affect PostgreSQL
At the conclusion of the talk, you will understand the fundamentals of how to use container technologies with PostgreSQL and be on your way to running a containerized PostgreSQL environment at scale!
Automate DBA Tasks With Ansible
Automate DBA tasks with Ansible describes using Ansible to automate database administration tasks. The document discusses installing and configuring Ansible, using modules to execute tasks, organizing tasks into playbooks and roles, and using templates. It provides an example of using Ansible to install an Oracle 11g database including creating directories, templating a response file, running the installer, and applying patches with a custom Oracle patching module.
Protecting confidential files using SE-Linux
This document discusses using SE-Linux to protect confidential PDF files on a Linux system. It describes implementing SE-Linux in targeted mode with a custom module. A special "TopSecret" category is assigned to PDF files. The appserv user is given access to this category to allow the application server to access the PDFs. Strict restrictions are placed on administrator access using sudo, su, SSH, and auditing to log all access attempts to the protected PDF directory. The implementation provides mandatory access control while maintaining manageability for system operators.
Relax-and-Recover Automated Testing
This document discusses automated testing of Relax-and-Recover (ReaR), a disaster recovery tool for Linux. It describes setting up a test environment using Vagrant and virtual machines to automatically test ReaR's backup, restore, and recovery processes. The script brings up VMs for a client and server, performs backup and recovery with ReaR, and allows monitoring the test run through SSH or VNC connections to the VMs. Automating tests in this way helps validate ReaR updates and configurations across Linux distributions.
OSMC 2009 | Nagios Plugins: New features and future projects by Thomas Guyot-...
Nagios-Plugins is the official plugin distribution for Nagios. It includes over 50 plugins written in C and Perl for most basic monitoring tasks. It is currently maintained mostly by volunteers; the current active developers are: Ton Voon (project lead), Holger Weiss, Matthias Elbe and Thomas Guyot-Sionnest.
In this talk Thomas will look into some noteworthy features added recently in the Nagios-Plugins distribution and show how they can be useful in real-life situations. He will especially emphasize on the extra-opts addition which allows moving plugin parameters to one or more .ini files. In a second part Thomas will introduce the current and upcoming projects for Nagios-Plugins.
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
See how Red Hat has leveraged CNCF cloud-native projects Backstage and Kubevirt to build an effective developer experience across the organization.
Security in CI/CD Pipelines: Tips for DevOps Engineers
While DevOps is becoming a new norm for most of the companies, security is typically still behind. The new architectures create a number of new process considerations and technical issues. In this practical talk, we will present an overview of the practical issues that go into making security a part of DevOps processes. Will cover incorporating security into existing CI/CD pipelines and tools DevOps professionals need to know to implement the automation and adhere to secure coding practices.
Join Stepan Ilyin, Chief Product Officer at Wallarm for an engaging conversation where you’ll learn:
Methodologies and tooling for dynamic and static security testing
Composite and OSS license analysis benefits
Secrets and analysis and secrets management approaches in distributed applications
Security automation and integration in CI/CD
Apps, APIs and workloads protection in cloud-native K8s enabled environments
Similar to Chaos engineering for start ups and sm es (20)
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
StorageQuery: federated querying on object stores, powered by Alluxio and Presto
StorageQuery: federated querying on object stores, powered by Alluxio and Presto
OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...
OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...
Netflix oss season 2 episode 1 - meetup Lightning talks
Netflix oss season 2 episode 1 - meetup Lightning talks
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015
OSMC 2009 | Nagios Plugins: New features and future projects by Thomas Guyot-...
OSMC 2009 | Nagios Plugins: New features and future projects by Thomas Guyot-...
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
A Love Story with Kubevirt and Backstage from Cloud Native NoVA meetup Feb 2024
Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps Engineers
Recently uploaded
Mutation Testing for Task-Oriented Chatbots
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Choosing The Best AWS Service For Your Website + API.pptx
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Main news related to the CCS TSI 2023 (2023/1695)
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
What is an RPA CoE? Session 1 – CoE Vision
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Pitangent Analytics & Technology Solutions Pvt. Ltd
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
5th LF Energy Power Grid Model Meet-up Slides
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Demystifying Knowledge Management through Storytelling
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
GNSS spoofing via SDR (Criptored Talks 2024)
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Introduction of Cybersecurity with OSS at Code Europe 2024
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...Edge AI and Vision Alliance
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless community. Java is known for its high cold start times and high memory footprint, comparing to other programming languages like Node.js and Python. In this talk I'll look at the general best practices and techniques we can use to decrease memory consumption, cold start times for Java Serverless development on AWS including GraalVM (Native Image) and AWS own offering SnapStart based on Firecracker microVM snapshot and restore and CRaC (Coordinated Restore at Checkpoint) runtime hooks. I'll also provide a lot of benchmarking on Lambda functions trying out various deployment package sizes, Lambda memory settings, Java compilation options and HTTP (a)synchronous clients and measure their impact on cold and warm start times.
Session 1 - Intro to Robotic Process Automation.pdf
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
📕 Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
💻 Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
Recently uploaded (20)
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
Chaos engineering for start ups and sm es
- 1. Chaos Engineering for start-ups and SMEs Jagdeep Singh Tech Lead, ucreate.it
- 2. Topics ● What is “Chaos Engineering” ● Mitigation and Contingency ○ Code ○ Database ○ User generated content ○ Use uploaded files ○ Server configurations ○ 3rd party tools ● Start-ups and SMEs
- 3. Chaos - “Kay-Aus” - Complete disorder and confusion
- 4. Chaos
- 5. Chaos
- 6. Chaos
- 7. Mitigation and Contingency - Mitigation - What you do before something bad happens - Contingency - What you do after something bad happens
- 8. Code - Control access - Distribute - Backups - Deployed?
- 9. Code - Accessible - Restorable - Git - GitHub - BitBucket - GitLab - Google Source Repositories - (many more options)
- 10. Code
- 11. Database - Control Access (yes, again) - Have Master/Slave setup - Encrypted daily backups - On-deploy backups - Backup of backup (outside primary access)
- 12. Files (user generated) - Control Access (yes, this is very important) - Allow access via API only - Flexible retention policies (AWS/GCP) - Strict backup policy - Files at-rest to be encrypted - Backup of backups (outside primary access)
- 13. Chaos - Nameserver configuration - DNS records (A/MX/CNAME etc) - 3rd party services and tokens (re-generate) - Application admin/non-admin access
- 14. Start-ups and SMEs - More focus on creating and running the business - No policies to drive security - Less understanding/need of impact of a failure - Cannot use high-cost solutions - Single event can destroy the business
- 15. Start-ups and SMEs Who can prevent? If something happens, then who can fix?
- 17. What to do - Read - Learn - Understand - Share - Educate - Ownership - Responsibility
- 18. In the end.... Apply common sense...
- 19. Questions!
- 20. Thanks!