Designing a secure software development process with DevOpsMike Long
This talk will describe how to design a secure SDLC for regulated organizations.
By applying techniques from DevOps and security disciplines, you will learn how to design in compliance needs into your process, to provide a provable process and audit trail.
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...Burr Sutter
We can be brilliant developers, but we won’t succeed—and won’t lead our organizations to succeed—without a new perspective (if you will) and new assumptions about the components of the “technology ecosystem” that are fundamentally critical to our success. This includes the operators, QA team, DBAs, security folks, and even the pure business contingent—in most cases, each of these individuals and groups plays a critical role in the success of what we create and give birth to as developers. What we do in isolation might be genius, but if we insulate ourselves—especially with arrogance—from these colleagues, neither our code nor our organizations will realize their full potential, and most will fail. The bottom line is that our old ways are no longer viable, and as the elite within our industry, we will be the leaders and heroes who discard old assumptions and adopt a new perspective in this exciting journey to digital transformation—where the impossible can become reality.
Slides from my DevOpsExpo London talk "From oops to NoOps".
They tell you in these conferences that DevOps is not about tools, but about culture. And they are partially right. I am going to tell you that it’s not only about culture or tools but also abstractions.
It is a lot about how you see software and its value. About our mental model of what software is: how it runs, evolves, and interacts with the other facets of an enterprise.
We used to view software as code. As a state of code. Now we think about software as change, as a flow. A dynamic system where people, machines, and processes interact continuously.
At Platform.sh we spend a bunch of time asking ourselves not “How do you build?” - or even “How do you build consistently?” - but rather “What does it mean to consistently build in a world where change is good?” A world that lets you push security fixes into production as soon as they’re available because you don’t want to be an Equifax but you do want stability.
In this presentation, I will go over what we think software is and why having the right ideas about software will help you get your culture right and your tooling aligned, as well as gain in productivity, and general happiness and well-being.
DEVOPS & THE DEATH AND REBIRTH OF CHILDHOOD INNOCENCEDrupalCamp Kyiv
Remember when the internet was pure and unspoiled? In our innocence we saw the promise of renewal of the world through connecting, sharing, and creating online. We became developers and hackers because we wanted to understand how things work, to take them apart, and build quirky (and sometimes useful) things just for the pleasure of it.
In the earliest decades of the Internet Epoch the Internet was a playground. We happily coded directly on production systems. And it was fine, as many Great Things were created. But the Internet has matured, and has now become Big Business. Developers have matured too, and good thing they did! So many people now rely on what we’ve built, for security, for privacy, for the paycheck at the end of the month. We matter.
Maturity has come at a price though, and deploying well tested code into complex applications with polyglot teams working with heterogeneous stacks, all while maintaining compliance with GDPR, HIPAA, PCI, etc. has taken all of the childhood innocence out of the web. Now even the simplest website seems like Hard Work.
In this talk I will show how we can, and should, regain our joyful demeanor, how we can use the maturity of the most innovative tools around us to start hacking like crazy again. Without regressing on agility, testing, compliance, scalability or robustness. I use the metaphor of childhood innocence to explain how the complexity of modern cloud computing, in combination with increasing quality expectations and compliancy, has curtailed the creative freedom of developers, and as a whole, organisational motivation.
Together with a lack of resources and idea time, this leads to lower and slower product innovation. We are, however, at the brink of a paradigm shift in cloud computing that will give developers and hackers their mojo again. This talk will zoom into the key elements of this paradigm shift, and provide an overview of the basic concepts and operational practices of the new age of developer innocence.
https://drupalcampkyiv.org/node/81
Designing a secure software development process with DevOpsMike Long
This talk will describe how to design a secure SDLC for regulated organizations.
By applying techniques from DevOps and security disciplines, you will learn how to design in compliance needs into your process, to provide a provable process and audit trail.
Teaching Elephants to Dance (and Fly!) A Developer's Journey to Digital Trans...Burr Sutter
We can be brilliant developers, but we won’t succeed—and won’t lead our organizations to succeed—without a new perspective (if you will) and new assumptions about the components of the “technology ecosystem” that are fundamentally critical to our success. This includes the operators, QA team, DBAs, security folks, and even the pure business contingent—in most cases, each of these individuals and groups plays a critical role in the success of what we create and give birth to as developers. What we do in isolation might be genius, but if we insulate ourselves—especially with arrogance—from these colleagues, neither our code nor our organizations will realize their full potential, and most will fail. The bottom line is that our old ways are no longer viable, and as the elite within our industry, we will be the leaders and heroes who discard old assumptions and adopt a new perspective in this exciting journey to digital transformation—where the impossible can become reality.
Slides from my DevOpsExpo London talk "From oops to NoOps".
They tell you in these conferences that DevOps is not about tools, but about culture. And they are partially right. I am going to tell you that it’s not only about culture or tools but also abstractions.
It is a lot about how you see software and its value. About our mental model of what software is: how it runs, evolves, and interacts with the other facets of an enterprise.
We used to view software as code. As a state of code. Now we think about software as change, as a flow. A dynamic system where people, machines, and processes interact continuously.
At Platform.sh we spend a bunch of time asking ourselves not “How do you build?” - or even “How do you build consistently?” - but rather “What does it mean to consistently build in a world where change is good?” A world that lets you push security fixes into production as soon as they’re available because you don’t want to be an Equifax but you do want stability.
In this presentation, I will go over what we think software is and why having the right ideas about software will help you get your culture right and your tooling aligned, as well as gain in productivity, and general happiness and well-being.
DEVOPS & THE DEATH AND REBIRTH OF CHILDHOOD INNOCENCEDrupalCamp Kyiv
Remember when the internet was pure and unspoiled? In our innocence we saw the promise of renewal of the world through connecting, sharing, and creating online. We became developers and hackers because we wanted to understand how things work, to take them apart, and build quirky (and sometimes useful) things just for the pleasure of it.
In the earliest decades of the Internet Epoch the Internet was a playground. We happily coded directly on production systems. And it was fine, as many Great Things were created. But the Internet has matured, and has now become Big Business. Developers have matured too, and good thing they did! So many people now rely on what we’ve built, for security, for privacy, for the paycheck at the end of the month. We matter.
Maturity has come at a price though, and deploying well tested code into complex applications with polyglot teams working with heterogeneous stacks, all while maintaining compliance with GDPR, HIPAA, PCI, etc. has taken all of the childhood innocence out of the web. Now even the simplest website seems like Hard Work.
In this talk I will show how we can, and should, regain our joyful demeanor, how we can use the maturity of the most innovative tools around us to start hacking like crazy again. Without regressing on agility, testing, compliance, scalability or robustness. I use the metaphor of childhood innocence to explain how the complexity of modern cloud computing, in combination with increasing quality expectations and compliancy, has curtailed the creative freedom of developers, and as a whole, organisational motivation.
Together with a lack of resources and idea time, this leads to lower and slower product innovation. We are, however, at the brink of a paradigm shift in cloud computing that will give developers and hackers their mojo again. This talk will zoom into the key elements of this paradigm shift, and provide an overview of the basic concepts and operational practices of the new age of developer innocence.
https://drupalcampkyiv.org/node/81
At some point, the code you write today will be deleted and replaced with something new. This talk will discuss the life cycle of a large code base, and how to manage it over time to accommodate rewrites, giving examples from a major rewrite of the Firefox build and release pipeline over the last two years. You'll learn how to replace components of a running distributed system while keeping it operational, the proverbial replacing the wing of an airplane in flight.
OSDC 2019 | Feature Branching considered Evil by Thierry de PauwNETWAYS
With DVCSs, branch creation became very easy, but it comes at a certain cost. Long living branches break the flow of the software delivery process, impacting stability and throughput. The session explores why teams are using feature branches, what problems are introduced by using them and what techniques exist to avoid them altogether. It explores exactly what’s evil about feature branches, which is not necessarily the problems they introduce – but rather, the real reasons why teams are using them. After the session, you’ll understand a different branching strategy and how it relates to CI/CD.
DevOps – what is it? Why? Is it real? How to do it?Sailaja Tennati
DevOps is one of the hottest trends in engineering/IT process evolution. Depending on whom you listen to DevOps has the potential to solve all the problems of product innovation, time to market, quality and cost all at once. Marc Hornbeek presented his own views of real world DevOps, pitfalls and suggested approaches.
Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...Burr Sutter
We can be brilliant developers, but we won’t succeed—and won’t lead our organizations to succeed—without a new perspective (if you will) and new assumptions about the components of the “technology ecosystem” that are fundamentally critical to our success. This includes the operators, QA team, DBAs, security folks, and even the pure business contingent—in most cases, each of these individuals and groups plays a critical role in the success of what we create and give birth to as developers. What we do in isolation might be genius, but if we insulate ourselves—especially with arrogance—from these colleagues, neither our code nor our organizations will realize their full potential, and most will fail. The bottom line is that our old ways are no longer viable, and as the elite within our industry, we will be the leaders and heroes who discard old assumptions and adopt a new perspective in this exciting journey to digital transformation—where the impossible can become reality.
Documentation avoidance for developersPeter Hilton
However good your code, other people never seem to get it. Instead they ruin your day (and your productivity) by asking questions and expecting documentation. You need to know how to explain code without getting stuck in meetings or spending half your time on the only thing you hate more than meetings: writing documentation. Instead, you aim for constructive laziness: tactics that give you more time to write code.
This talk teaches you how to avoid writing documentation, by making it unnecessary or delegating the work to someone else. You will also learn how to deal with the awkward situation when you can’t get away with avoidance or delegation, and have to write the documentation yourself.
This talk explores what we talk about when we talk about code, how we do it, and the tools we use. You can often find a better tool than documentation, but not always. Not everyone writes detailed specifications these days, but remote working and distributed teams make written explanations more valuable than ever. Talking face to face requires less effort, but you rarely or never meet the authors of most of the code you see. Software craftsmanship has failed to make written documentation unnecessary. Instead we shall turn to README-Driven Development, comments evasion, documentation-avoidance, just-in-time documentation and the art of not writing it in the first place.
Forget Process, Focus on People - Peter LeesonITCamp
Quality is not created by processes, controls, measurements and audits. Quality is not created by testing and reviewing. Quality is created by the people who do the work. In this talk, a process improvement consultant will tell you why you should forget about process and focus on what really matters: the people doing the work. FP2 is a review of what needs to be in place in order to deliver high-quality products and services without the levels of bureaucracy and supervision so frequently expected by management and consultants selling their solutions. Let’s change the world together.
Thierry de Pauw - Feature Branching considered Evil - Codemotion Milan 2018Codemotion
With DVCSs branch creation became very easy, but it comes at a certain cost. Long living branches break the flow of the software delivery process, impacting stability and throughput. The session explores why teams are using feature branches, what problems are introduced by using them and what techniques exist to avoid them altogether. It explores exactly what's evil about feature branches, which is not necessarily the problems they introduce - but rather, the real reasons why teams are using them. After the session, you'll understand a different branching strategy and how it relates to CI/CD.
Meeting-avoidance for self-managing developersPeter Hilton
How and when to avoid meetings and have more time to write code
Meetings are a problem for any organisations, because they dull the attention-span of otherwise intelligent people, and prevent otherwise productive people from getting any work done. Software developers suffer more than most, because they can’t even pretend that they’re getting any work done when they’re sitting in meetings. After all, getting your laptop out and writing code during a meeting is (rightly) considered rude.
This presentation introduces various approaches that software developers can use to reduce the number of meetings in their organisation, so they have more time to write code. In particular, developer contributions to project management can drastically reduce the number of meetings.
Do you already know what big ball of mud means?
And code smell?, Is your nose prepared to detect them?
Can you affirm that you are commited with the mantainability?
Do you have architectural sensibility to avoid these kind of situations? Or you are comfortable with the inertia of the day-to-day task of patching the holes. (it doesn't matter if it works..)
While much attention has been focused on high-level software architectural patterns, what is, in effect, the de-facto standard software architecture is seldom discussed.
This talk is intended to identify and summarize the causes that lead to misusing our time on complex maintenance, and give tips and best practices to avoid the big ball of mud and to achieve the best quality products.
Achieving Secure DevOps: Overcoming the Risks of Modern Service DeliveryPerforce
DevOps and Continuous Delivery practices are attracting the attention of many organizations looking to increase the speed of their application delivery, yet doing so the wrong way can risk both quality and security. In this webinar, Forrester analysts Kurt Bittner and Rick Holland will share their insights on how DevOps and Security teams can work better together to meet these challenges, along with best practices for bringing greater security to product development and delivery.
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"Aaron Rinehart
This session will cover the foundations DevSecOps and the application of Chaos Engineering for Cyber Security. We will cover how the craft has evolved by sharing some lessons learned driving digital transformation at the largest healthcare company in the world, UnitedHealth Group. During the session we will talk about DevSecOps, Rugged DevOps, Open Source, and how we pioneered the application of Chaos Engineering to Cyber Security.
We will cover how DevSecOps and Security Chaos Engineering allows for teams to proactively experiment on recurring failure patterns in order to derive new information about underlying problems that were previously unknown. The use of Chaos Engineering techniques in DevSecOps pipelines, allows incident response and engineering teams to derive new information about the state of security within the system that was previously unknown.
As far as we know Chaos Engineering is one of the only proactive mechanisms for detecting systemic availability and security failures before they manifest into outages, incidents, and breaches. In other words, Security focused Chaos Engineering allows teams to proactively, safely discover system weakness before they disrupt business outcomes.
During this talk we're going to talk about DevOps from cultural perspective and why is it very important from company perspective to focus more on cultural development rather than on thinking about DevOps as one another reason to deploy the cutting-edge technologies stack.
Agile * Agile Principles * Agile Practices * Pair Programming * Extreme Programming * SOLID design principles * SDLC * Software Development
After working 10 years in multiple major "from-scratch" development projects, I finally got a chance to work in a truly Agile development project. Here is my take on how to make Agile work for your project.
How to write maintainable code - Peter Hilton - Codemotion Amsterdam 2017Codemotion
The problem that new technology doesn’t fix is unmaintainable code. Clean code with good tests is essential, but not enough. This talk introduces techniques like getting better at naming, explaining code with tests, the few code comments you actually need, README-driven development and writing Minimum Viable Documentation. After the excitement of adopting new technology and software craftsmanship comes the horror of your next software maintenance project. As Jean-Paul Sartre said*, ‘Hell is other people’s code’. Whatever your level, your future happiness depends on maintainable code.
You are already the Duke of DevOps: you have a master in CI/CD, some feature teams including ops skills, your TTM rocks ! But you have some difficulties to scale it. You have some quality issues, Qos at risk. You are quick to adopt practices that: increase flexibility of development and velocity of deployment. An urgent question follows on the heels of these benefits: how much confidence we can have in the complex systems that we put into production? Let’s talk about the next hype of DevOps: SRE, error budget, continuous quality, observability, Chaos Engineering.
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1fjTxvB.
Trisha Gee and Todd Montgomery attack the technology industry’s sacred cows by exposing the motivations that hide behind them. They discuss how these motivations lead us into practices that hinder rather than help us deliver quality software. Also, they discuss why some organisations seem to be achieving things that the traditional corporate IT departments can only dream of. Filmed at qconnewyork.com.
Todd Montgomery is Ex-NASA researcher, Chief Architect at Kaazing. Trisha Gee is Java Champion and Engineer.
At some point, the code you write today will be deleted and replaced with something new. This talk will discuss the life cycle of a large code base, and how to manage it over time to accommodate rewrites, giving examples from a major rewrite of the Firefox build and release pipeline over the last two years. You'll learn how to replace components of a running distributed system while keeping it operational, the proverbial replacing the wing of an airplane in flight.
OSDC 2019 | Feature Branching considered Evil by Thierry de PauwNETWAYS
With DVCSs, branch creation became very easy, but it comes at a certain cost. Long living branches break the flow of the software delivery process, impacting stability and throughput. The session explores why teams are using feature branches, what problems are introduced by using them and what techniques exist to avoid them altogether. It explores exactly what’s evil about feature branches, which is not necessarily the problems they introduce – but rather, the real reasons why teams are using them. After the session, you’ll understand a different branching strategy and how it relates to CI/CD.
DevOps – what is it? Why? Is it real? How to do it?Sailaja Tennati
DevOps is one of the hottest trends in engineering/IT process evolution. Depending on whom you listen to DevOps has the potential to solve all the problems of product innovation, time to market, quality and cost all at once. Marc Hornbeek presented his own views of real world DevOps, pitfalls and suggested approaches.
Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...Burr Sutter
We can be brilliant developers, but we won’t succeed—and won’t lead our organizations to succeed—without a new perspective (if you will) and new assumptions about the components of the “technology ecosystem” that are fundamentally critical to our success. This includes the operators, QA team, DBAs, security folks, and even the pure business contingent—in most cases, each of these individuals and groups plays a critical role in the success of what we create and give birth to as developers. What we do in isolation might be genius, but if we insulate ourselves—especially with arrogance—from these colleagues, neither our code nor our organizations will realize their full potential, and most will fail. The bottom line is that our old ways are no longer viable, and as the elite within our industry, we will be the leaders and heroes who discard old assumptions and adopt a new perspective in this exciting journey to digital transformation—where the impossible can become reality.
Documentation avoidance for developersPeter Hilton
However good your code, other people never seem to get it. Instead they ruin your day (and your productivity) by asking questions and expecting documentation. You need to know how to explain code without getting stuck in meetings or spending half your time on the only thing you hate more than meetings: writing documentation. Instead, you aim for constructive laziness: tactics that give you more time to write code.
This talk teaches you how to avoid writing documentation, by making it unnecessary or delegating the work to someone else. You will also learn how to deal with the awkward situation when you can’t get away with avoidance or delegation, and have to write the documentation yourself.
This talk explores what we talk about when we talk about code, how we do it, and the tools we use. You can often find a better tool than documentation, but not always. Not everyone writes detailed specifications these days, but remote working and distributed teams make written explanations more valuable than ever. Talking face to face requires less effort, but you rarely or never meet the authors of most of the code you see. Software craftsmanship has failed to make written documentation unnecessary. Instead we shall turn to README-Driven Development, comments evasion, documentation-avoidance, just-in-time documentation and the art of not writing it in the first place.
Forget Process, Focus on People - Peter LeesonITCamp
Quality is not created by processes, controls, measurements and audits. Quality is not created by testing and reviewing. Quality is created by the people who do the work. In this talk, a process improvement consultant will tell you why you should forget about process and focus on what really matters: the people doing the work. FP2 is a review of what needs to be in place in order to deliver high-quality products and services without the levels of bureaucracy and supervision so frequently expected by management and consultants selling their solutions. Let’s change the world together.
Thierry de Pauw - Feature Branching considered Evil - Codemotion Milan 2018Codemotion
With DVCSs branch creation became very easy, but it comes at a certain cost. Long living branches break the flow of the software delivery process, impacting stability and throughput. The session explores why teams are using feature branches, what problems are introduced by using them and what techniques exist to avoid them altogether. It explores exactly what's evil about feature branches, which is not necessarily the problems they introduce - but rather, the real reasons why teams are using them. After the session, you'll understand a different branching strategy and how it relates to CI/CD.
Meeting-avoidance for self-managing developersPeter Hilton
How and when to avoid meetings and have more time to write code
Meetings are a problem for any organisations, because they dull the attention-span of otherwise intelligent people, and prevent otherwise productive people from getting any work done. Software developers suffer more than most, because they can’t even pretend that they’re getting any work done when they’re sitting in meetings. After all, getting your laptop out and writing code during a meeting is (rightly) considered rude.
This presentation introduces various approaches that software developers can use to reduce the number of meetings in their organisation, so they have more time to write code. In particular, developer contributions to project management can drastically reduce the number of meetings.
Do you already know what big ball of mud means?
And code smell?, Is your nose prepared to detect them?
Can you affirm that you are commited with the mantainability?
Do you have architectural sensibility to avoid these kind of situations? Or you are comfortable with the inertia of the day-to-day task of patching the holes. (it doesn't matter if it works..)
While much attention has been focused on high-level software architectural patterns, what is, in effect, the de-facto standard software architecture is seldom discussed.
This talk is intended to identify and summarize the causes that lead to misusing our time on complex maintenance, and give tips and best practices to avoid the big ball of mud and to achieve the best quality products.
Achieving Secure DevOps: Overcoming the Risks of Modern Service DeliveryPerforce
DevOps and Continuous Delivery practices are attracting the attention of many organizations looking to increase the speed of their application delivery, yet doing so the wrong way can risk both quality and security. In this webinar, Forrester analysts Kurt Bittner and Rick Holland will share their insights on how DevOps and Security teams can work better together to meet these challenges, along with best practices for bringing greater security to product development and delivery.
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"Aaron Rinehart
This session will cover the foundations DevSecOps and the application of Chaos Engineering for Cyber Security. We will cover how the craft has evolved by sharing some lessons learned driving digital transformation at the largest healthcare company in the world, UnitedHealth Group. During the session we will talk about DevSecOps, Rugged DevOps, Open Source, and how we pioneered the application of Chaos Engineering to Cyber Security.
We will cover how DevSecOps and Security Chaos Engineering allows for teams to proactively experiment on recurring failure patterns in order to derive new information about underlying problems that were previously unknown. The use of Chaos Engineering techniques in DevSecOps pipelines, allows incident response and engineering teams to derive new information about the state of security within the system that was previously unknown.
As far as we know Chaos Engineering is one of the only proactive mechanisms for detecting systemic availability and security failures before they manifest into outages, incidents, and breaches. In other words, Security focused Chaos Engineering allows teams to proactively, safely discover system weakness before they disrupt business outcomes.
During this talk we're going to talk about DevOps from cultural perspective and why is it very important from company perspective to focus more on cultural development rather than on thinking about DevOps as one another reason to deploy the cutting-edge technologies stack.
Agile * Agile Principles * Agile Practices * Pair Programming * Extreme Programming * SOLID design principles * SDLC * Software Development
After working 10 years in multiple major "from-scratch" development projects, I finally got a chance to work in a truly Agile development project. Here is my take on how to make Agile work for your project.
How to write maintainable code - Peter Hilton - Codemotion Amsterdam 2017Codemotion
The problem that new technology doesn’t fix is unmaintainable code. Clean code with good tests is essential, but not enough. This talk introduces techniques like getting better at naming, explaining code with tests, the few code comments you actually need, README-driven development and writing Minimum Viable Documentation. After the excitement of adopting new technology and software craftsmanship comes the horror of your next software maintenance project. As Jean-Paul Sartre said*, ‘Hell is other people’s code’. Whatever your level, your future happiness depends on maintainable code.
You are already the Duke of DevOps: you have a master in CI/CD, some feature teams including ops skills, your TTM rocks ! But you have some difficulties to scale it. You have some quality issues, Qos at risk. You are quick to adopt practices that: increase flexibility of development and velocity of deployment. An urgent question follows on the heels of these benefits: how much confidence we can have in the complex systems that we put into production? Let’s talk about the next hype of DevOps: SRE, error budget, continuous quality, observability, Chaos Engineering.
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1fjTxvB.
Trisha Gee and Todd Montgomery attack the technology industry’s sacred cows by exposing the motivations that hide behind them. They discuss how these motivations lead us into practices that hinder rather than help us deliver quality software. Also, they discuss why some organisations seem to be achieving things that the traditional corporate IT departments can only dream of. Filmed at qconnewyork.com.
Todd Montgomery is Ex-NASA researcher, Chief Architect at Kaazing. Trisha Gee is Java Champion and Engineer.
A recap of interesting points and quotes from the May 2024 WSO2CON opensource application development conference. Focuses primarily on keynotes and panel sessions.
How to survive your technology career transition from old-school IT to the new-school of cloud and devops using the power of community and side projects.
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
Hiring and retaining software development talent is next to impossible for AEC firms and other industries alike.
Join us and guest speakers from HOK, a leader in the AEC industry, as they share their success in navigating the tight talent market through the use of no-code solutions and FME.
Discover how HOK approached the process of building a custom tool to automate the creation of projects and user management for Trimble Connect and ProjectSight.
Using a mix of traditional and no-code in FME, our guest speakers will reveal how the team bridged the resource gap and used the available talent pool, producing the mission-critical web app “Trajectory”.
They will also dive into details, illustrating first-hand how JSON data was used as a “glue” between two development groups.
Learn how embracing FME as a no-code solution can unlock potential within your teams, foster collaboration, and drive efficiency.
Ensuring Cloud Native Success: The Greenfield JourneyVMware Tanzu
Speaker: Coté, Director, Technical Marketing, Pivotal
Are you being asked to put more cloud in your strategy? If you’re like most people, the answer is a definite yes. The word “cloud” can mean so many things, however, that making an actionable strategy is impossible. At Pivotal, we divide cloud into two distinct parts: migrating as many legacy applications into SaaS as possible and focusing on perfecting the software you build in-house that runs your business. Gartner is predicting that by 2020, 75% of applications used to support digital businesses will be built in-house. If you’re one of these companies, you’ll need to quickly evaluate how you develop and run your custom written software.
We believe that soon, every company will either be a software company or losing to a competitor who is. It’s time to focus on the craft of managing the software development life-cycle, and this brief, but dense webinar will help launch your efforts to become a software defined business.
Join us for the first installment of this 3 part webinar session: The Greenfield Journey https://pivotal.io/platform/webinar/ensuring-cloud-native-success-the-greenfield-journey
From DevOps culture to retrospectives, see what you can expect to learn — and who you'll be learning from — at PuppetConf 2016 in San Diego. Learn more and register at https://puppet.com/puppetconf/.
JCConf.tw 2022 - DevOps for Java developersIxchel Ruiz
In recent years, how we approach development has dramatically changed with the rise of DevOps, Cloud Computing, and Container technologies. Many stakeholders at our organizations are ecstatic about Shift Left, DevSecOps and VSM, but how are we as Java developers embracing this new cultural shift?
In this session we will explore the most common Critical Challenges to Adopt DevOps Culture in
Software Organizations, best practices and some excellent news with success stories.
Two years ago at Devoxx UK we talked about DevOps, what it was, why it was important and how to get started. Boy, was it scary. Now we’re wiser. More battle-scarred. The large scale of the challenge for application writers exploiting cloud and DevOps is clearer, but so is the path forward. Understanding the DevOps approach is important, but equally you must understand specific deployment technologies, security issues, operational reliability, and how to drive organisational transformation. Whether creating simple applications or sophisticated microservice architectures many of the challenges are the same. Join us to learn how you can apply this within your team and company.
Making Observability Actionable At Scale - DBS DevConnect 2019Squadcast Inc
Many organisations already possess a vast amount of existing data about production systems. As customer expectations evolve, organisations are often challenged to find more proactive ways of dealing with traditionally reactive incident response activity. In this talk, we discuss approaches to unlock value from this data by making it truly actionable. Understanding production failure modes better, enriching technical and business context effectively, decomposing response activity into shared primitives, actions and workflows, and overall, sharing and augmenting this active knowledge repository on a continuous basis are key takeaways. Through case studies, we'll discuss how we can accomplish this by engineering your observability processes and tooling to work for human-in-the-loop interpretation and response rather than a purely human-reliant strategy.
Stefan Geissler kairntech - SDC Nice Apr 2019 Stefan Geißler
Describes the Kairntech approach to real-world NLP/AI requirements, putting an emphasis on the quick and efficient creation and curation of training data sets.
Why we don’t use the Term DevOps: the Journey to a Product Mindset - Destinat...Henning Jacobs
While the adoption of DevOps makes teams move faster with reduced dependency on central operations, it can constrain teams who lack the skills to self-manage the full application and infrastructure stack.
The way to overcome this challenge is creating an internal platform and treating it as a world-class product offering. “Applying product management to internal platforms means establishing empathy with internal consumers (read: developers) and collaborating with them on the design. Platform product managers establish roadmaps and ensure the platform delivers value to the business and enhances the developer experience”, via ThoughtWorks Technology Radar.
In this talk, Henning Jacobs will walk you through how Zalando adopted a customer-first mindset with regards to its developer tooling. He will show the effect on developer satisfaction when internal platforms are given the same respect as external product offerings. Henning will furthermore tell his story about how Zalando moved from a classical infrastructure team to a product mindset with strong focus on building a world-class developer experience. Henning shares both their learnings and challenges going through this transition, and the impact it has on the daily life of Zalando’s customers (developers).
This talk was given in Aarhus on 4th of June 2019.
Open Source can be a great foundation for building a business. That being said, keeping the balance between community building and commercial activities can be tricky. In this talk I want to share my experience and practical tips, which can help you leverage OS and boost your business, while meeting fantastic people and learning a lot in the process.
These are the slides used in my #devone (www.devone.at) keynote presentation:
DevOps is one of the most abused and overrated marketing terms in the last years! That’s not an alternative fact! It’s just Andi’s opinion! Yet - it is a very real thing that allowed many software companies to transform the way they think about software engineering. DevOps can mean something totally different thought depending on who you are and what type of business your company is doing. To clarify things, Andi gives us insights on how he explains the benefits to “DevOps Newbies” and how software companies around the world implement it in their own ways. Andi will answer: What does it really mean for developers, testers and operators? What will change? How does Facebook deploy twice a day without big issues? How does DevOps work in financial, government or healthcare where you have tight regulations? Does it mean Devs are responsible for Ops? Does it only work in the cloud? Or can we apply it to “old fashioned” on premise software as well? Learn for yourself and make up your own mind on whether DevOps is just a marketing term or something that can benefit you!
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
This presentation, created by Syed Faiz ul Hassan, explores the profound influence of media on public perception and behavior. It delves into the evolution of media from oral traditions to modern digital and social media platforms. Key topics include the role of media in information propagation, socialization, crisis awareness, globalization, and education. The presentation also examines media influence through agenda setting, propaganda, and manipulative techniques used by advertisers and marketers. Furthermore, it highlights the impact of surveillance enabled by media technologies on personal behavior and preferences. Through this comprehensive overview, the presentation aims to shed light on how media shapes collective consciousness and public opinion.
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
2. ABOUT
This presentation was aimed at colleagues of mine to give them a recap of my
attendance on the Codemotion 2015 Berlin
I summarized some of the talks and picked some mentionable quotes. The
presentation is based completely on my notes and memory (and will likely not cover
everything)
It’s impossible to condense two days in a half an hour presentation; Go see the
originals: https://t.co/4b4KTJUaT0
2
3. DAY ONE
Key Note: A programmer is…
Patterns for “infrastructure-as-code”
The Autoscout24 Technology Change – crazy or trendsetting?
DevOoops (increase awareness around DevOps infra security)
Attacks, Lies and the Underground World
Hiring Great People: how we improved our recruiting process to build a great team
A Life Less Manual - 8 Years of Test Automation
Agile Strategic Philosophy – Agile decision making based on Sun Tzu's "The Art of
War"
3
4. KEY NOTE: A PROGRAMMER IS…
What is a programmer?
The first „coders“ have been women (ENIAC
“girls”)
Where does the word “programmer”
come from?
A programmer needs to be bad with
people? (hint: no)
4
Image Credit: (U. S. Army Photo), Public Domain
https://upload.wikimedia.org/wikipedia/commons/3/3b/Two_women_operating_ENIAC.gif
Speaker:
Birgitta Böckeler
@birgitta410
5. PATTERNS FOR “INFRASTRUCTURE-AS-CODE”
We need to be able to „program our
infrastructure“
Three components:
Image
State declaration
Tasks
Pattern
Secret Isolation
Configuration discovery
Community Module Wrapper
…
Anti pattern
Golden Image
Data as Code
„Funny File Copying“
…
5
Speaker:
Andrey Adamovich
@codingandrey
6. THE AUTOSCOUT24 TECHNOLOGY CHANGE –
CRAZY OR TRENDSETTING?
Autoscout24 is moving from on premise
.NET monolith to JVM (Scala) micro
services in the cloud (AWS)
One of the driving questions: „Do you
attract talent?“
They found lots of good people, but seldom
these people teach them something new.
With these move they try to harness open-
source projects and other high profile projects
Transition from monolith to micro service
via divide and conquer
Transition to cloud was and is expensive.
But they are going faster than ever
„It‘s not about saving money, it‘s about going
faster“
Investing in the future (EBItda)
6
Speaker:
Simon Hohenadl
@SimonHoh
7. DEVOOOPS (INCREASE AWARENESS AROUND
DEVOPS INFRA SECURITY)
General security problems in the DevOps life
GitHub: Use the search for passwords, access-Tokens, servers…
CI-Server Jenkins is often unprotected in the web -> Jenkins is often installed as root…
Redis, ElasticSearch, Puppet and Ansible are also not protected by default
Search Engine for „open“ server
Shodan.io
7
Speaker:
Gianluca Varisco
@gvarisco
8. ATTACKS, LIES AND THE UNDERGROUND WORLD
Some facts and busted myths about cybercrime
„Your computer is not of interest, it‘s to much work. Windows XP on the other hand…“
A security measurement needs only to make it uneconomic to hack you.
The real value for a hacker and your perceived value may differ.
Your credit card with $1300? That‘s $5 on the black market
Your computing power on a server? Bitcoin mining will make it profitable!
8
Speaker:
Andrea Pompili
9. HIRING GREAT PEOPLE: HOW WE IMPROVED OUR
RECRUITING PROCESS TO BUILD A GREAT TEAM
Three pillars for hiring:
Sourcing candidates
Accessing candidates
Onboarding new colleagues
Sourcing: How to reach new people
Accessing: How to get these people to
apply at your company
Onboarding: Give new employees a
helping hand
Lessons learned
Reflect your recruitment process
„Metrics, Metrics everywhere“
Involve your team
Value social over technical skill – cultural fit
Value diversity
Respect the candidate
Hiring checklists and agenda
Reboot your team with interns and grads
Hire great people
9
Speaker:
Pietro Di Bello
@pierodibello
10. A LIFE LESS MANUAL - 8 YEARS OF TEST
AUTOMATION I
Test are important: 2/3 of code is test code
Selenium tests: extra layer of „driver“ in the frontend test code -> Contains definition
where an element is, so only one place needs to be fixed
Interface for DateTime -> „Time Machine“ can improve test
Book: “Continuous Delivery: Reliable Software Releases through Build, Test, and
Deployment Automation (Addison Wesley Signature Series)“
10
Speaker:
Michael Barker
@mikeb2701
11. A LIFE LESS MANUAL - 8 YEARS OF TEST
AUTOMATION II
Tool for checking intermittency and performance of tests
How often does a test fail?
Are there tests which take longer than before?
Tool reschedules failed test again to see if they work. This test is still marked broken but you have a
hint that parallelism or the order might be the reason
Three reasons for failing test
Bad Code
Bad Test
Environmental
11
Speaker:
Michael Barker
@mikeb2701
12. AGILE STRATEGIC PHILOSOPHY – AGILE DECISION
MAKING BASED ON SUN TZU'S "THE ART OF WAR"
Bachelor thesis on agile planning
Mapped all aspects of the book to modern markets (special focus on mobile game
development)
12
Speaker:
Huel Fuchsberger
@theaztecfox
13. DAY TWO
Key Note: Python, Inc.
Boxcars and Cabooses: When one more XHR is too much
100% Server-less: Writing Hyper-scalable Applications without Servers
Creating Better Teams Through Tools
10 days, 500K users: How we built a realtime mobile social network in South Africa
Optimizing for readability
Desired State: Containing Chaos with Kubernetes
13
14. KEY NOTE: PYTHON, INC.
Good talk on how one would handle a programming language if it were a startup
Applied different business analysis on her favorite language Python
How do I increase market share?
How can I get/stay attractive to different target groups?
Search for one project and fix that
14
Speaker:
Jessica McKellar
@jessicamckellar
15. BOXCARS AND CABOOSES: WHEN ONE MORE XHR
IS TOO MUCH
Salesforce.com api restructure
Boxcars:
CRUD API require a lot of requests
/composite/Batch
Multiple requests in one JSON (up to 25)
References are possible
Tree API for hierarchical data
API Limits in HTTP Header
Caboose:
High frequency request (logs) send
trailing at an „normal“ request, if one is
happen in an interval
15
Speaker:
Peter Chittum
@pchittum
16. 100% SERVER-LESS: WRITING HYPER-SCALABLE
APPLICATIONS WITHOUT SERVERS
AWS Lambda provides a platform to create „one function“ services
Subscribing to events possible
16
Speaker:
Oliver Arafat
@oliverarafat
17. CREATING BETTER TEAMS THROUGH TOOLS I
Positive stimuli –> 12% more productive
teams
What creates happiness
Autonomy
No interruptions
No time pressure
Team communication is a problem
People are stressed if they get interrupted or
unproductive
Centralized task management tool (Mail,
skype…) to reduce context switches
Persistent communication (searchable, serves as
documentation afterwards) Example: Google
Docs
For micro services respect Conways law
17
Speaker:
Laura Frank
@rhein_wein
18. CREATING BETTER TEAMS THROUGH TOOLS II
Continuous Deployment reduces
Disruption
Distraction
„Branch driven deployment“
Merge/commit to a special „release“ branch
pushes everything to production
Team shares responsibility for
deployment.
„Kill switch“ for commits other than that which
have the tag „fix-deployment“
Incident Management
Don‘t confuse priority with urgency!
„Priority measures how important a task is, relative to other
tasks“
“Urgency is a measure of how quickly the task must be
completed”
Each developer need the ability to solve
problems assigned to him (rights, knowledge,
processes)
„Post-Mortem“ after an incident
18
Speaker:
Laura Frank
@rhein_wein
19. 10 DAYS, 500K USERS: HOW WE BUILT A REALTIME
MOBILE SOCIAL NETWORK IN SOUTH AFRICA
Used an open source in-app messaging stack (buddycloud) to create a wifi-chat
19
Speaker:
Simon Tennant
@buddycloud
20. OPTIMIZING FOR READABILITY I
Clean Code!
„Write once, read often“
Readable code -> Saving time
Comments are an excuse of the code not
being clearer
Comments only for the „why“ not the
„what“
One language -> The business language
Code bases is a bit like a garden:
Without maintenance wild weed (and bad
practices) take over
No broken windows
Where one bad habit occurs more will follow
„Magical time does not happen“
Boy scout rule – Leave the place cleaner than
you found him
20
Speaker:
Tobias Pfeiffer
@PragTob
21. OPTIMIZING FOR READABILITY II
Opportunistic refactoring
80 % code coverage is bad -> 20 % are never executed!
Code review culture
„Brown bag lunches“
Pair programming
21
Speaker:
Tobias Pfeiffer
@PragTob
22. DESIRED STATE: CONTAINING CHAOS WITH
KUBERNETES
Kubernetes is the container management tool from Google
Google uses a common descendent to Kubernetes in house. (Even Google has legacy
code!)
All services on Google are container based
2 Billion container started per week
These containers can be managed by Kubernetes
22
Speaker:
Robert Kubis
@hostirosti
23. TAKEAWAY
Conferences are a great way to get insights in new technologies
Chances are good, someone had the same problem as you!
(Chances are good that you don‘t know that you have a problem…)
The Codemotion gave a good overview in beginner and intermediate task on a
broad spectrum of topics
23