The document discusses cleaning up a messy WordPress site that had not been updated in a long time. Key steps include:
1) Creating a subdomain to work on without affecting the live site.
2) Cloning the original site to the subdomain for cleanup.
3) Reviewing all plugins, widgets, and themes to determine which are active, up-to-date, deprecated, and in use.
4) Removing inactive or unused elements, updating out-of-date elements, replacing deprecated elements, and cleaning up junk.
Beyond Local Development w/Kalabox (SFDUG July 2015)Alec Reynolds
Web developers have an Age Old Problem: to work on websites, we need to install and run web server technology (databases, HTTP servers, etc.) on our local computers. In a time when the tools we use to develop and run websites are growing at an exponential rate, we need an updated toolkit that goes beyond "local development."
Enter Kalabox.
Kalabox is a single tool that gives developers all the tools they need to code, test, and go live with their websites. This presentation covers some of the basic problems that Kalabox tries to solve, as well as some of the basic features of Kalabox.
5 Essential Techniques for Building Fault-tolerant SystemsAtlassian
Building add-ons for Atlassian products today means building a Connect add-on and running it as a service in your own infrastructure, or a PaaS provider’s infrastructure, or (more commonly) a set of microservices. While this has many benefits, the transition from monolithic to distributed systems brings with it additional failure modes that simply do not manifest in the world of local function calls. Join Atlassian developer Diego Berrueta for a walk-through of 5 resilience techniques that will help keep your services rock-solid in the face of unreliable, slow, or faulty systems.
Diego Berrueta, Engineering Principal, Atlassian
Every test tells a story, but some tell a better story than others. Every test illustrates a specific path through the system to achieve a specific goal, but some paths are clearer than others. Valuable tests are the ones that both tell a compelling story, and can stand the test of time, providing value not only as acceptance tests but also as living documentation and easily maintainable regression tests.
In this session, John will invite you to come on a journey of discovery to learn how to write clean, clear and maintainable tests using the Journey Pattern, an innovative new approach to writing automated acceptance tests that are easier to understand, easier to extend and easier to maintain. You will also witness a demonstration of these principles in action, with live coding of Serenity BDD automated tests.
At Etsy our approach to development is to make small, incremental, continuous changes to the site. Deploying code to production anywhere between 20 to 40 times a day requires not only technical tooling, but also a culture that allows for and encourages innovation, confidence backed by actual data and comprehensive tests, and blameless post-mortems that allow for a feedback loop we can learn from and improve.
WordPress London Developer Operations For BeginnersStewart Ritchie
Dev Ops is hard and can seem like another language. This talk given at WordPress London hopes to help new developers, project managers and agency owners a chance to improve the WordPress Dev Ops Workflow
You can find more Developer Operations work at http://poweredbycoffee.co.uk
This presentation talks about the concepts of continuous Integration with TFS as an example platform on whihc you can implement this concept but it can apply to open source platforms as well
Beyond Local Development w/Kalabox (SFDUG July 2015)Alec Reynolds
Web developers have an Age Old Problem: to work on websites, we need to install and run web server technology (databases, HTTP servers, etc.) on our local computers. In a time when the tools we use to develop and run websites are growing at an exponential rate, we need an updated toolkit that goes beyond "local development."
Enter Kalabox.
Kalabox is a single tool that gives developers all the tools they need to code, test, and go live with their websites. This presentation covers some of the basic problems that Kalabox tries to solve, as well as some of the basic features of Kalabox.
5 Essential Techniques for Building Fault-tolerant SystemsAtlassian
Building add-ons for Atlassian products today means building a Connect add-on and running it as a service in your own infrastructure, or a PaaS provider’s infrastructure, or (more commonly) a set of microservices. While this has many benefits, the transition from monolithic to distributed systems brings with it additional failure modes that simply do not manifest in the world of local function calls. Join Atlassian developer Diego Berrueta for a walk-through of 5 resilience techniques that will help keep your services rock-solid in the face of unreliable, slow, or faulty systems.
Diego Berrueta, Engineering Principal, Atlassian
Every test tells a story, but some tell a better story than others. Every test illustrates a specific path through the system to achieve a specific goal, but some paths are clearer than others. Valuable tests are the ones that both tell a compelling story, and can stand the test of time, providing value not only as acceptance tests but also as living documentation and easily maintainable regression tests.
In this session, John will invite you to come on a journey of discovery to learn how to write clean, clear and maintainable tests using the Journey Pattern, an innovative new approach to writing automated acceptance tests that are easier to understand, easier to extend and easier to maintain. You will also witness a demonstration of these principles in action, with live coding of Serenity BDD automated tests.
At Etsy our approach to development is to make small, incremental, continuous changes to the site. Deploying code to production anywhere between 20 to 40 times a day requires not only technical tooling, but also a culture that allows for and encourages innovation, confidence backed by actual data and comprehensive tests, and blameless post-mortems that allow for a feedback loop we can learn from and improve.
WordPress London Developer Operations For BeginnersStewart Ritchie
Dev Ops is hard and can seem like another language. This talk given at WordPress London hopes to help new developers, project managers and agency owners a chance to improve the WordPress Dev Ops Workflow
You can find more Developer Operations work at http://poweredbycoffee.co.uk
This presentation talks about the concepts of continuous Integration with TFS as an example platform on whihc you can implement this concept but it can apply to open source platforms as well
Dev Ops is hard and can seem like another language. This talk given at WordCamp Belfast hopes to help new developers, project managers and agency owners a chance to improve the WordPress Dev Ops Workflow
Limited WiP Society Melbourne Meetup August 2018
DevOps is one of those terms that is used by many people, but is often misunderstood. In this session we will discuss DevOps, what it is/how it can be used. We will also discuss the basics of Kanban to see how the two relate and how Kanban can assist in your DevOps implementation & rollout.
The Four Principles of Atlassian Performance TuningAtlassian
There are typically four primary variables that influence the performance of an Atlassian application: users, application admins, add-on developers, and system administrators. Each plays a different role and its impact on performance can be profound at scale. Dan Hardiker, Chief Technical Officer at Adaptavist who's advised Fortune 500 companies on their Atlassian implementations, will share best practices and demonstrate how to use the process of "monitor, measure, mitigate" to identify key performance bottlenecks and provide data that your organization can use to optimize performance.
Dan Hardiker, CTO, Adaptavist
Scaling to 150,000 Builds a Month... and BeyondAtlassian
Continuous integration is the lifeblood of any software house and is extremely important in a fast growing organization like Atlassian. Join team lead Peter Leschev to hear how the Build Engineering team at Atlassian have scaled the infrastructure, team, and Bamboo over their 4-year journey of continuous improvement to provide a build platform that supports the 5000+ builds Atlassian developers run every day.
Continuous Delivery with TFS msbuild msdeployPeter Gfader
If you are deploying your software manually, you are doing it wrong.
If you deploying once a month, you are doing it wrong.
If you as a developer are deploying from Visual Studio by clicking "Publish", you are doing it wrong.
If a bug-fix takes you 1 hour but your customer needs to wait a week until he gets it, you are doing it wrong.
Manual deployments are NOT fun. See a good way on how to automate the deployment with TFS 2010, msbuild and msdeploy.
Embrace chatOps, stop installing deployment software by Geshan Manandhar at C...Codemotion Dubai
Are you still deploying with capistrano? It is high time to put the chat bots to work. Using chatops to deploy your software gives visibility to all team members. It also gives a consistent interface to deploy. Software Engineers do not need to install any extra software to deploy. Ops is happy because software engineers do not need SSH access to servers anymore. Namshi is a Rocket Internet e-commerce venture in Dubai. At Namshi, we deploy all our apps with chatbots built with hubot. In this session, I will uncover some real life use cases of chat bots at Namshi.
Launching websites is hard, 60% of websites fail to launch on time.
The Pantheon Launch Team launches several large enterprise sites every week, and supports hundreds of self-serve customers daily. They have helped marketing teams launch hundreds of sites and they have seen it all.
Learn their secrets to success.
At Etsy about 150 engineers deploy a single monolithic application more than 60 times a day. This process of deploying small changesets continuously enables us to build up and release robust features and detect and fix bugs extremely fast. All while serving over a billion page views per month. Developing and deploying at such a high velocity however only works because product developers and designers, infrastructure and operations engineers and the security team work closely together. We have an extremely open culture of sharing (inside and outside the company) and make sure we run into as few surprises as possible by bringing everybody on the same page about changes.
Why is Performance important?
Applications in general
Web applicaitons
What can we as devs do?
Tips: How to optimize
Web applications, Silverlight, Backend, …
Regression
How to maintain performance over time
How to get faster over time
Discussion: What tips do you have in your toolbox?
Make yourself replaceable at DevOpsCon 2016 BerlinErno Aapa
"Make yourself replaceable" presentation from DevOpsCon 2016 Berlin, about how to distribute your knowledge and information to build culture which change team to DevOps mindset
Cloud-Native Builds & Deployments in Bitbucket PipelinesAtlassian
Pipelines is Bitbucket Cloud's new integrated build and release tool, and we're on a mission to give every development team a painless build and release process. Matt Ryall, Pipelines Product Manager, will talk about new features in Pipelines to enable Docker builds and database testing in your builds, and how teams are replacing their legacy build system with Pipelines to save valuable developer time. A must-see talk for teams deploying to the cloud.
Dev Ops is hard and can seem like another language. This talk given at WordCamp Belfast hopes to help new developers, project managers and agency owners a chance to improve the WordPress Dev Ops Workflow
Limited WiP Society Melbourne Meetup August 2018
DevOps is one of those terms that is used by many people, but is often misunderstood. In this session we will discuss DevOps, what it is/how it can be used. We will also discuss the basics of Kanban to see how the two relate and how Kanban can assist in your DevOps implementation & rollout.
The Four Principles of Atlassian Performance TuningAtlassian
There are typically four primary variables that influence the performance of an Atlassian application: users, application admins, add-on developers, and system administrators. Each plays a different role and its impact on performance can be profound at scale. Dan Hardiker, Chief Technical Officer at Adaptavist who's advised Fortune 500 companies on their Atlassian implementations, will share best practices and demonstrate how to use the process of "monitor, measure, mitigate" to identify key performance bottlenecks and provide data that your organization can use to optimize performance.
Dan Hardiker, CTO, Adaptavist
Scaling to 150,000 Builds a Month... and BeyondAtlassian
Continuous integration is the lifeblood of any software house and is extremely important in a fast growing organization like Atlassian. Join team lead Peter Leschev to hear how the Build Engineering team at Atlassian have scaled the infrastructure, team, and Bamboo over their 4-year journey of continuous improvement to provide a build platform that supports the 5000+ builds Atlassian developers run every day.
Continuous Delivery with TFS msbuild msdeployPeter Gfader
If you are deploying your software manually, you are doing it wrong.
If you deploying once a month, you are doing it wrong.
If you as a developer are deploying from Visual Studio by clicking "Publish", you are doing it wrong.
If a bug-fix takes you 1 hour but your customer needs to wait a week until he gets it, you are doing it wrong.
Manual deployments are NOT fun. See a good way on how to automate the deployment with TFS 2010, msbuild and msdeploy.
Embrace chatOps, stop installing deployment software by Geshan Manandhar at C...Codemotion Dubai
Are you still deploying with capistrano? It is high time to put the chat bots to work. Using chatops to deploy your software gives visibility to all team members. It also gives a consistent interface to deploy. Software Engineers do not need to install any extra software to deploy. Ops is happy because software engineers do not need SSH access to servers anymore. Namshi is a Rocket Internet e-commerce venture in Dubai. At Namshi, we deploy all our apps with chatbots built with hubot. In this session, I will uncover some real life use cases of chat bots at Namshi.
Launching websites is hard, 60% of websites fail to launch on time.
The Pantheon Launch Team launches several large enterprise sites every week, and supports hundreds of self-serve customers daily. They have helped marketing teams launch hundreds of sites and they have seen it all.
Learn their secrets to success.
At Etsy about 150 engineers deploy a single monolithic application more than 60 times a day. This process of deploying small changesets continuously enables us to build up and release robust features and detect and fix bugs extremely fast. All while serving over a billion page views per month. Developing and deploying at such a high velocity however only works because product developers and designers, infrastructure and operations engineers and the security team work closely together. We have an extremely open culture of sharing (inside and outside the company) and make sure we run into as few surprises as possible by bringing everybody on the same page about changes.
Why is Performance important?
Applications in general
Web applicaitons
What can we as devs do?
Tips: How to optimize
Web applications, Silverlight, Backend, …
Regression
How to maintain performance over time
How to get faster over time
Discussion: What tips do you have in your toolbox?
Make yourself replaceable at DevOpsCon 2016 BerlinErno Aapa
"Make yourself replaceable" presentation from DevOpsCon 2016 Berlin, about how to distribute your knowledge and information to build culture which change team to DevOps mindset
Cloud-Native Builds & Deployments in Bitbucket PipelinesAtlassian
Pipelines is Bitbucket Cloud's new integrated build and release tool, and we're on a mission to give every development team a painless build and release process. Matt Ryall, Pipelines Product Manager, will talk about new features in Pipelines to enable Docker builds and database testing in your builds, and how teams are replacing their legacy build system with Pipelines to save valuable developer time. A must-see talk for teams deploying to the cloud.
Don't hate, automate. lessons learned from implementing continuous deliverySolano Labs
This presentation on Continuous Delivery is from the November 2013 Automated Testing San Francisco meetup that took place at Constant Contact. The author/presenter is Matt Wilson, CTO of Lab Zero. Matt has advised clients at various industries including consumer brands, non-profits, start-ups, and financial services on Agile development, web application development, and other technology leadership challenges. This overview on Continuous Delivery highlights some of the best practices that Lab Zero has distilled, based on their many client engagements.
---
About Matt Wilson:
Matt is an enthused agile developer, architect, and consultant. He enjoys building elegant web services in Ruby. He believes that high-fives are underrated and measures the success of his day by how many he's seen.
Prior to joining Lab Zero, Matt's work history includes: Co-founder/Architect at Earfl.com, Architect at Kodak Gallery, Developer at Westwave Communications, Engineer at Motorola, and Developer at Coldwell Banker.
About Lab Zero:
Lab Zero Innovations, Inc. provides web application development and technology leadership consulting. Our client relationships include staff augmentation, pure software development, project management, system integration, advisor/leadership roles. Contact us about your next project.
Scaling Up Lookout was originally presented at Lookout's Scaling for Mobile event on July 25, 2013. R. Tyler Croy is a Senior Software Engineer at Lookout, Inc. Lookout has grown immensely in the last year. We've doubled the size of the company—added more than 80 engineers to the team, support 45+ million users, have over 1000 machines in production, see over 125,000 QPS and more than 2.6 billion requests/month. Our analysts use Hadoop, Hive, and MySQL to interactively manipulate multibillion row tables. With that, there are bound to be some growing pains and lessons learned.
Does Git make you angry inside? In this workshop you will get a gentle introduction to working efficiently as a Web developer in small teams, or as a solo developer. We'll focus on real world examples you can actually use to make your work faster and more efficient. Windows? OSX? Linux? No problem, we'll get you up and running with Git, no matter what your system. Yes, this is an introductory session. This is for people who feel shame that they don't know how to "clone my github project", wish they too could "get the gist", and get mad when people say "just diff me a patch" as if it's something as easy as making a mai thai even though you have no rum. No, you don't have to have git installed to attend. You don't even need to know where the command line is on your computer.
Siterise for OpenText Web Experience Management, Portal, and Tempo Social.Gregory Guttmann
Siterise unifies and simplifies all of your OpenText / Vignette Web Experience Management, Portal, and Tempo Social environments, providing single-console access to Development, Staging, and Production. Get the most from your OpenText Customer Experience Management (CEM) platform.
A Tale of Two Workflows - ChefConf 2014Pete Cheslock
Watch this talk here: https://www.youtube.com/watch?v=L__8o02od6Q
For an example of the code we used in our CI pipeline to make a Chef Environment from a Berksfile.lock - check out this project:
https://github.com/petecheslock/berks2env
One of the biggest advantages of Chef is it's flexibility, allowing you to customize it at-will to fit your infrastructure needs. While this makes Chef incredibly powerful, it can also be challenging to develop a workflow to manage the day-to-day usage of chef.
Should I use a single repo for all my cookbooks?
One cookbook per repo?
Berkshelf?
Librarian?
Test-Kitchen?
Where does Jenkins(CI) fit it?
What about Testing?
How does this work with my small team? What about my large team? What about my * Distributed Team?
Over the past few years I have been a part of two distinct Chef workflows that take opposite paths about how to solve issues around collaboration, versioning, testing, etc. During the course of this talk I will share:
Details about the requirements that lead us down these 2 paths.
What worked.
What didn't.
How we use many of the tools available to safely test code changes.
How we deploy cookbook changes safely and quickly (and keep uptime our highest priority).
Support/ maintenance travails - Why and how to audit legacy sitesSuchi Garg
As a Technical Team Lead in Continuous Delivery, I work mainly with support/ maintenance offerings. Taking an existing site over from another team (internal OR external) is often a very daunting task. Thats where Site Audits come into the picture. Some questions which site audits answer are:
How much is the code "hacked" - probably the most important question for all developers
Have the best practices been followed?
Is the server capable of handling the site?
Top level listing of technical debts
and many more such questions....
In this session, I will talk about the importance of site audits, the timing of site audits and also some tools and techniques which need to be used when auditing a site.
3 Steps to Maintain & Cleanse your WordPress sitePaul Cook
Like your wardrobe, even your website needs cleaning and maintaining. For this process, follow these steps and ensure safety and the quality of performance.
Code Coverage for Total Security in Application MigrationsDana Luther
So the time has come to take the leap and upgrade your application to a new major version of the underlying framework, or, perhaps, to an entirely different framework... how do you ensure that none of your functionality or usability is impacted by a potentially drastic rewrite of the underlying systems? How can you move forward with 100% confidence in your migrated codebase? Testing, testing and more testing. Using a combination of unit, functional and acceptance tests can give you the certainty you need. In this talk, we will go over key strategies for ensuring that you begin with full code coverage and move forward with confidence.
https://slocumthemes.com/build-perfect-wordpress-website/
NOT downloadable from here. Please, download from Slocum page
How To Build The Perfect
WordPress Website
A 9-Part course by SlocumThemes.com
Continuous (Production) Integration: Ruby on Rails Application Monitoring wit...jnewland
Feature: Ruby on Rails Application Monitoring with Cucumber
In order to ensure continuous application availability
A developer should be able to assert the behavior of production apps
From the outside in
Without using antiquated monitoring tools
To protect revenue
Confoo-Montreal-2016: Controlling Your Environments using Infrastructure as CodeSteve Mercier
Slides from my talk at ConFoo Montreal, February 2016. A presentation on how to apply configuration management (CM) principles for your various environments, to control changes made to them. You apply CM on your code, why not on your environments content? This presentation will present the infrastructure as code principles using Chef and/or Ansible. Topics discussed include Continuous Integration, Continuous Delivery/Deployment principles, Infrastructure As Code and DevOps.
Helping Ops Help You: Development’s Role in Enabling Self-Service OperationsRundeck
Presented by Damon Edwards, co-founder of Rundeck, at JAX DevOps and Finance London, April 5, 2017.
DevOps has provided plenty of lessons for how to speed up the pace of delivery and frequency of deployments. But, delivery and deployment only covers one part of the day-to-day life for developers in large enterprises.
What about what happens after deployment? In most cases, increasing the pace of delivery and frequency of deployment just increases the operational support load, work interrupts, and context switching that has always cut deeply into a development team’s time.
This talk focuses on the successful design patterns that high-performing, large scale organizations have applied to reduce the operational burden and support costs across their entire organization. Specifically, we’ll look at how they apply DevOps principles to improving the post-deployment lifecycle and how Developers play the key role in reducing the difficultly and cost of operations activity for everyone.
See a Demo of Rundeck Enterprise :
https://www.rundeck.com/see-demo
--or--
Download Rundeck Open Source here:
https://rundeck.com/open-source
Connect:
Stack Overflow community: https://stackoverflow.com/questions/tagged/rundeck
Github: https://github.com/rundeck/rundeck/issues
Twitter: https://twitter.com/Rundeck
Facebook: https://www.facebook.com/RundeckInc/
LinkedIn: www.linkedin.com › company › rundeck-inc
Paris Web - Javascript as a programming languageMarco Cedaro
How to setup up a stable javascript continuous integration environment and why you need it. Through a real life example, the talk explains all the benefits of having a development process that brings real control over javascript codebase. A deep analysis of developer and webapps needs and of the tools that fit those requirements.
Joomla Day Austin Texas 2011 - Part 4 features Alex Andreae and Jeremy Wilken doing Joomla extensions development as well as Joe LeBlanc and Brian Edgerton doing Joomla site deployment
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
4. What do I mean “Their Mess”?
“Their” as in handed to you as an existing website.
“Mess” A Site that hasn’t had updates run in too
long.
Not in a Generic Messy Sense but technical.
“Things” are or might-be broken.
The admin site looks like… it’s a wreck.
5. How do we get here?
WordPress needs maintenance.
Some small business owners can’t keep up.
Some managers can’t keep up.
Managed WordPress can help but…
6. The Impact of a “Mess”
Functional failure
Exploits & Hacking
Deprecated Plugins or Widgets
Sloooooow Performance
7. Where to begin?
Start with an overall system review
How bad is it?
Are there obvious issues?
Less obvious issues?
Just too much “Junk” laying around?
8. When it’s “Bad”
In my sample case, our client had an installation that had not
been actively managed in some time.
• Plugins needing multiple updates • Plugins were deprecated (unsupported)
• Their theme needed an update • A “Fair” amount of complexity…
• Client was interested in a new look but…
9. So I did a Review…
Review all *present* Plugins, Widgets, & Themes
This required a simple spreadsheet with a status for each.
Determine for each item are they:
Active?
Up-to-date?
Deprecated?
In Use?
10. The Steps
Is it critical? Back up now!
This was on “GoDaddy” so we’re using their toolkit.
11. Create a sub-domain
Log into your Cpanel or
Equivalent
In the Domains Area, click
“Subdomains” and add one
called “devsite” - you can use any
name that feels right to you.
Don’t work on the live site, use a sub-
domain like devsite.realdomain.com …
12. Now to the “Installatron”
Godaddy uses Installatron for managing numerous
software installations including WordPress.
Click it, click it good….
13. Now “Clone” the original site.
Clone it, Clone it good…. (and make sure it’s online)
(when you go to devsite.realdomain.com now you should see the clone.)
14. Active/Inactive
For Inactive items, should they remain?
Up-to-date
Which items require running an update? Note them. Also is core WordPress up-to-
date?
Deprecated?
If an item is deprecated (no longer developed/supported) is it required? Is there a
replacement?
In Use?
Some items may simply not be used even if they are Active, Updated and
Supported.
Now we need to take action and clean up the devsite.
15. Remove elements which should be removed.
(and confirm with each removal that “devsite" is functional and un-affected)
Update plug-ins, themes, widgets, etc.
(also of course, confirm after each update that everything seems fine)
Deprecated but required? Find Replacements and learn them.
This client had a reusable-content plug in which was deprecated.
We located and installed a replacement and had to rebuild the reusable
content.In Use?
Noting “Mystery Plugins” we removed things that seemed clearly not in
use.
We also ran new backups from InstallaTron as the clean up
commenced.
16. Remove elements which should be removed?
check!
Update plug-ins, themes, widgets etc.
check!
Deprecated’s Replaced or Vanquished?
check!
In Use?
check!
17. When the Devsite is clean…
Once the Devsite clone was fully cleaned up and running,
we needed to export and import recent blog entries that had
been missed during the transitional period.
We also needed to consider a third party service which uses
a software based gateway to post entries to this website. We
had to work directly with them to assure they would be
posting to the new system.
Our work isn’t complete yet.
18. Take it live!
The current live site then needed to be shut down.
That makes it available for cloning.
Pick an off-peak time.
This time we cloned from the Devsite to the Live.
and…
Hi, I’m Jonny, My business is StormDesigns. I’ve been designing for websites and print media for a little while. I don’t consider myself expert level with WordPress but I have a broad skillset and WordPress is an essential ingredient in that.
That said, if any experts in the room have anything to add when I’m complete please go ahead.
Look up ^^
^^
(^^ then) …help but do i trust it entirely with complicated websites where I really want eyes-on active engagement in the update process.
^^
And the but… is that they had a decent, responsive, live website (apbeit sluggish). Starting from scratch wouldn’t have been time considerate. We had an interest in getting a handle on this website before rebuilding it.
Installatron’s “Clone” duplicates all of the site files, the php documents, images, database, users and related settings. This gives you a duplicate of your live site, but completely isolated. You can also add htaccess permissions to limit access.
All of this via the WP-Admin Control Panel…
(In use): We also looked at elements that were not in use but were “function agnostic” (before removing stuff - assume nothing)
(at end of slide)… and the level of customer tech support from that provider didn’t work to exceed my expectations.