The document discusses dev tooling for a tech startup including AWS, Docker, tmux, vim, and OpenVPN. It focuses on setting up tmux for terminal multiplexing and pairing programming. Instructions are provided for installing tmux along with sharing a tmux pairing session using GitHub keys. Vim is also installed with plugins. All traffic is routed through an OpenVPN Docker container on an AWS instance.
Title: Working Remotely (via SSH) Rocks!
Intro: Consistent & Persistent development environment from any location any client.
"SSH + TMUX + CLI" Rocks!
Nice material about "SSH Tunneling": http://www.slideshare.net/osoco/ssh-tunneling-recipes-10284950
In this talk, Jason will introduce tmux, the terminal multiplexer. He’ll cover why you’d want to use it, and then teach you how to actually use it with practical examples. He’ll teach you his favorite key bindings, and then go into some incredibly handy plugins that you can use that will make your tmux experience so much better. Once you are done learning tmux, you’ll never understand how you got along without it.
Introduction to Tmux - Codementor Tmux Office Hours Part 1Arc & Codementor
What is tmux? tmux is a terminal multiplexer: it enables a number of terminals (or windows), each running a separate program, to be created, accessed, and controlled from a single screen. It is a popular secret weapon of many experienced developers.
Codementor expert Bruno Sutic is the creator of various Tmux plugins. In this Office Hours Bruno will talk about beginning with tmux, but also about more advanced use cases and best practices.
Here's a list of topics Bruno will cover:
why use tmux
tmux basics
best practices
tmux plugin manager - 'TPM'
tmux-resurrect - why use it
tmux-copycat + tmux-yank + tmux-open (how to work with these plugins)
Title: Working Remotely (via SSH) Rocks!
Intro: Consistent & Persistent development environment from any location any client.
"SSH + TMUX + CLI" Rocks!
Nice material about "SSH Tunneling": http://www.slideshare.net/osoco/ssh-tunneling-recipes-10284950
In this talk, Jason will introduce tmux, the terminal multiplexer. He’ll cover why you’d want to use it, and then teach you how to actually use it with practical examples. He’ll teach you his favorite key bindings, and then go into some incredibly handy plugins that you can use that will make your tmux experience so much better. Once you are done learning tmux, you’ll never understand how you got along without it.
Introduction to Tmux - Codementor Tmux Office Hours Part 1Arc & Codementor
What is tmux? tmux is a terminal multiplexer: it enables a number of terminals (or windows), each running a separate program, to be created, accessed, and controlled from a single screen. It is a popular secret weapon of many experienced developers.
Codementor expert Bruno Sutic is the creator of various Tmux plugins. In this Office Hours Bruno will talk about beginning with tmux, but also about more advanced use cases and best practices.
Here's a list of topics Bruno will cover:
why use tmux
tmux basics
best practices
tmux plugin manager - 'TPM'
tmux-resurrect - why use it
tmux-copycat + tmux-yank + tmux-open (how to work with these plugins)
What is tmux? tmux is a terminal multiplexer: it enables a number of terminals (or windows), each running a separate program, to be created, accessed, and controlled from a single screen. It is a popular secret weapon of many experienced developers.
Codementor expert Bruno Sutic is the creator of various Tmux plugins. In this Office Hours Bruno will talk about beginning with tmux, but also about more advanced use cases and best practices.
Here's a list of topics Bruno will cover:
why use tmux
tmux basics
best practices
tmux plugin manager - 'TPM'
tmux-resurrect - why use it
tmux-copycat + tmux-yank + tmux-open (how to work with these plugins)
Remote pairing from the comfort of your own shellevanlight
As ever more developers work from home, the past couple of years have seen an explosion of remote pairing tools. But most of these tools aren't free, open source, and are bandwidth hogs.
There is a better way!
I'm going to show you how I remote pair easily from your shell. Tools we'll cover will include:
vagrant
fog
tmux
emacs and vim
deoplete: The dark powered auto completion plugin for neovimShougo
Unfortunately neovim does not support neocomplete but I need an auto completion plugin. So, I have developed deoplete. Deoplete is an auto completion framework for neovim. I will describe the features and its future works.
Automatiser le setup de vos projets avec Eclipse OomphJérémie Bresson
Slides de ma présentation au Voxxed Day Luxembourg 2016.
http://cfp-voxxed-lux.yajug.org/2016/talk/SHW-4354/Automatiser_le_setup_de_vos_projets_avec_Eclipse_Oomph
Le setup d'un projet dans un IDE va bien au-delà d'un simple git-checkout et/ou d'un import dans le workspace. Plus les outils et les projets sont complexes, plus les taches à effectuer sont nombreuses et prennent du temps. Pourtant lorsqu'il s'agit de contribuer un simple patch, il faut que la barrière à l'entrée soit la plus basse possible.
Eclipse Oomph est une réponse à ce problème. Il s'agit d'un outil qui en un clic va préparer un IDE Eclipse pour travailler sur un projet. L'idée est d'aller de l'installation de la bonne version d'Eclipse et de ses plugins jusqu'à la configuration du workspace : clone du repository git et checkout de la bonne branche, matérialisation des projets, configurations diverses, connexion aux outils connexes au développement (server de build, issue tracker…). L'objectif est d'obtenir un Eclipse «prêt pour coder» pour le contributeur/collaborateur.
Oomph apporte également une solution élégante pour:
1. synchroniser ses réglages personnels entre différentes installations d'Eclipse
2. éviter de retélécharger tout le temps les mêmes plugins
Oomph est un projet Eclipse, développé en open-source et distribué depuis la version Mars d'Eclipse.
Vagrant is a well-known tool for creating development environments in a simple and consistent way. Since we adopted in our organization we experienced several benefits: lower project setup times, better shared knowledge among team members, less wtf moments ;-)
In this session we’d like to share our experience, including but not limited to:advanced vagrantfile configurationvm configuration tips for dev environment: performance,
debug, tuning,
our wtf moments
puphet/phansilbe: hot or not?
packaging a box
Understanding Of Node
Understanding callback execution in the event loop
Understanding require() and modules
Node Packaged Modules (NPM)
Modules
nodeJS in sense of php
Slides from the talk I gave during 2014 edition of IT Night. This lecture is about working in terminal: from choosing a term through picking proper shell, applications and finally finishes on GitHub project which covers this talks' topics.
Puppet Camp Berlin 2015: Felix Frank | Rapid Testing Setups for PuppetNETWAYS
Puppet installations are usually quite robust and require low maintenance. The initial setup is not quite trivial, however. The Puppet master will also become quite a critical system once it is put to work in earnest.
As a result, it can become a somewhat daunting task to perform changes on the master, or conduct more intrusive debugging. This presentation shows how test instances of both the master and agent can be launched with little effort, and how Puppet can be run from source.
Web 3, Week 1: Amazon Web Services for Beginnersjkosoy
In the first week of our 2012 MFADT Web 3 class the students went from GoDaddy to running their own lil web server. Is it perfect? No. Are they experts? Of course not. But at least they have a sandbox to install whatever server stack they want.
I figure there sharing this will be helpful to others. If you've never heard of AWS or just want a little more control over your web hosting beyond what the GoDaddys of the world offer, this tutorial should be a great starting point.
CRaSH the shell for the Java Virtual MachineGR8Conf
CRaSH is the open source shell for the JVM. The shell can be accessed by various ways, remotely using network protocols such as SSH, locally by attaching a shell to a running virtual machine or via a web interface. Commands are written Groovy and can be developed live making the extensibility of the shell easy with quick development cycles. Since the version 1.3, the REPL also speaks the Groovy language, allowing Groovy combination of command using pipes.
CRaSH comes with commands such as thread management, log management, database access and JMX. The session will begin with an introduction to the shell. The main part of the session will focus on showing CRaSH commands development with few examples, showing how easy and powerful the development is.
The audience will learn how to use CRaSH for their own needs: it can be a simple usage or more advanced like developing a command or embedding the shell in their own runtime like a web application or a Grails application.
Adversity is a fact of software security–bad things happen both intentionally and accidentally. In the InfoSec field there is a growing undercurrent of belief that we need to build code that is Rugged meaning code that is survivable, long-lasting and persistent in the face of adversity. When paired with DevOps the Rugged Software movement really begins to hit a nerve. The pairing, aptly called Rugged DevOps is where security becomes an asset to the organization and no longer a drag on innovation.
What is tmux? tmux is a terminal multiplexer: it enables a number of terminals (or windows), each running a separate program, to be created, accessed, and controlled from a single screen. It is a popular secret weapon of many experienced developers.
Codementor expert Bruno Sutic is the creator of various Tmux plugins. In this Office Hours Bruno will talk about beginning with tmux, but also about more advanced use cases and best practices.
Here's a list of topics Bruno will cover:
why use tmux
tmux basics
best practices
tmux plugin manager - 'TPM'
tmux-resurrect - why use it
tmux-copycat + tmux-yank + tmux-open (how to work with these plugins)
Remote pairing from the comfort of your own shellevanlight
As ever more developers work from home, the past couple of years have seen an explosion of remote pairing tools. But most of these tools aren't free, open source, and are bandwidth hogs.
There is a better way!
I'm going to show you how I remote pair easily from your shell. Tools we'll cover will include:
vagrant
fog
tmux
emacs and vim
deoplete: The dark powered auto completion plugin for neovimShougo
Unfortunately neovim does not support neocomplete but I need an auto completion plugin. So, I have developed deoplete. Deoplete is an auto completion framework for neovim. I will describe the features and its future works.
Automatiser le setup de vos projets avec Eclipse OomphJérémie Bresson
Slides de ma présentation au Voxxed Day Luxembourg 2016.
http://cfp-voxxed-lux.yajug.org/2016/talk/SHW-4354/Automatiser_le_setup_de_vos_projets_avec_Eclipse_Oomph
Le setup d'un projet dans un IDE va bien au-delà d'un simple git-checkout et/ou d'un import dans le workspace. Plus les outils et les projets sont complexes, plus les taches à effectuer sont nombreuses et prennent du temps. Pourtant lorsqu'il s'agit de contribuer un simple patch, il faut que la barrière à l'entrée soit la plus basse possible.
Eclipse Oomph est une réponse à ce problème. Il s'agit d'un outil qui en un clic va préparer un IDE Eclipse pour travailler sur un projet. L'idée est d'aller de l'installation de la bonne version d'Eclipse et de ses plugins jusqu'à la configuration du workspace : clone du repository git et checkout de la bonne branche, matérialisation des projets, configurations diverses, connexion aux outils connexes au développement (server de build, issue tracker…). L'objectif est d'obtenir un Eclipse «prêt pour coder» pour le contributeur/collaborateur.
Oomph apporte également une solution élégante pour:
1. synchroniser ses réglages personnels entre différentes installations d'Eclipse
2. éviter de retélécharger tout le temps les mêmes plugins
Oomph est un projet Eclipse, développé en open-source et distribué depuis la version Mars d'Eclipse.
Vagrant is a well-known tool for creating development environments in a simple and consistent way. Since we adopted in our organization we experienced several benefits: lower project setup times, better shared knowledge among team members, less wtf moments ;-)
In this session we’d like to share our experience, including but not limited to:advanced vagrantfile configurationvm configuration tips for dev environment: performance,
debug, tuning,
our wtf moments
puphet/phansilbe: hot or not?
packaging a box
Understanding Of Node
Understanding callback execution in the event loop
Understanding require() and modules
Node Packaged Modules (NPM)
Modules
nodeJS in sense of php
Slides from the talk I gave during 2014 edition of IT Night. This lecture is about working in terminal: from choosing a term through picking proper shell, applications and finally finishes on GitHub project which covers this talks' topics.
Puppet Camp Berlin 2015: Felix Frank | Rapid Testing Setups for PuppetNETWAYS
Puppet installations are usually quite robust and require low maintenance. The initial setup is not quite trivial, however. The Puppet master will also become quite a critical system once it is put to work in earnest.
As a result, it can become a somewhat daunting task to perform changes on the master, or conduct more intrusive debugging. This presentation shows how test instances of both the master and agent can be launched with little effort, and how Puppet can be run from source.
Web 3, Week 1: Amazon Web Services for Beginnersjkosoy
In the first week of our 2012 MFADT Web 3 class the students went from GoDaddy to running their own lil web server. Is it perfect? No. Are they experts? Of course not. But at least they have a sandbox to install whatever server stack they want.
I figure there sharing this will be helpful to others. If you've never heard of AWS or just want a little more control over your web hosting beyond what the GoDaddys of the world offer, this tutorial should be a great starting point.
CRaSH the shell for the Java Virtual MachineGR8Conf
CRaSH is the open source shell for the JVM. The shell can be accessed by various ways, remotely using network protocols such as SSH, locally by attaching a shell to a running virtual machine or via a web interface. Commands are written Groovy and can be developed live making the extensibility of the shell easy with quick development cycles. Since the version 1.3, the REPL also speaks the Groovy language, allowing Groovy combination of command using pipes.
CRaSH comes with commands such as thread management, log management, database access and JMX. The session will begin with an introduction to the shell. The main part of the session will focus on showing CRaSH commands development with few examples, showing how easy and powerful the development is.
The audience will learn how to use CRaSH for their own needs: it can be a simple usage or more advanced like developing a command or embedding the shell in their own runtime like a web application or a Grails application.
Adversity is a fact of software security–bad things happen both intentionally and accidentally. In the InfoSec field there is a growing undercurrent of belief that we need to build code that is Rugged meaning code that is survivable, long-lasting and persistent in the face of adversity. When paired with DevOps the Rugged Software movement really begins to hit a nerve. The pairing, aptly called Rugged DevOps is where security becomes an asset to the organization and no longer a drag on innovation.
Coding Secure Infrastructure in the Cloud using the PIE frameworkJames Wickett
At National Instruments, we have developed an automation and provisioning framework called PIE (Programmable Infrastructure Environment) that we use daily on our devops team. Similar tools are available such as chef or puppet, but what makes PIE unique is its ability to work in multi-cloud deployments (Azure and AWS) along with multiple node OS types (linux and windows). It uses zookeeper to keep state and track dependencies across nodes and services.
When building PIE we actively considered how to implement it in a Rugged way for a DevOps team. As noted in the deck on slide 68, we are Rugged by Design and Devops by Culture. We see these as intersecting domains that have the ability to impact each other. For more info see ruggeddevops.org
You got DevOpsed! Your sysadmin team got renamed as the DevOps team. Developers got prod access. Code deploys to prod happen multiple times a day now. In the eyes of the business, things are great. Yet, the security team continues to be left out and really nothing seems to be better. In fact it feels worse.
Time to learn how to hack some devops for great good.
This talk will equip you with advice and tools to join in on the devops. You will also leave with a sample continuous delivery pipeline that is armed to dangerous and ready to identify security issues in a typical web application stack.
We'll use a range of open source technology including OWASP ZAP, gauntlt, brakeman, nmap, sqlmap, arachni and more.
New Farming Methods in the Epistemological Wasteland of Application SecurityJames Wickett
Over the years, application security (appsec) has made progress, but it has also made some considerable mis-steps. Appsec focuses almost solely on developer awareness and secure development training as remediation. This isn't sustainable and arguably does little good. There is a better way, but we have to separate ourselves from the core assumptions we have made that got us here. Lets journey together to find old truths and better approaches.
We will explore ways to make a change for the better across all levels of the development lifecycle, but we will focus on security testing early on in the development process. From this session, you will learn pragmatic approaches and tooling that will affect your development processes and delivery pipelines. You will walk away with code examples and tools that you can put into practice right away for security and rugged testing.
http://lascon.org
http://lascon2015.sched.org/event/175e3c828095386b2fa0fc660b2502a3
Serverless Security: Are you ready for the Future?James Wickett
Talk from RSA 2017 on Serverless Security and the 4 areas of growth for security in the world of serverless. In this talk, there is also the first release of lambhack, an open source, vulnerable lambda-based serverless stack demoing arbitrary code execution in lambda.
My talk with Jim Kimball on the tyranny of the SLA; in it, we:
- Deconstruct the purpose of the service level agreement
- Discuss pitfalls of aspects of common SLA clauses, including how current SLAs inhibit the development of resilient systems and the cultivation of a DevOps culture
- Explore other potential SLA models that could foster healthier organizational behaviors and dynamics, and ultimately result in better technical outcomes and therefore business outcomes.
Eucalyptus is an open source cloud infrastructure that is API-compatible with Amazon’s EC2. In this talk he’s going to give an introduction to Eucalyptus, its uses, how to install it, and how to interface with it using the Amazon EC2 gem available on github.
An introduction to developing with Node.js and some useful tools to help the development and deployment processes. This talk was given at Asyncjs in Brighton
http://asyncjs.com/intro-nodejs
Pilot Tech Talk #10 — Practical automation by Kamil CholewińskiPilot
See how Kamil Cholewiński talks about Practical automation in Tech Talk episode 10
Visit pilot.co — World’s best engineering and design talent on demand.
YouTube: https://youtu.be/x0eQ7x7xN8o
Pairing with tmux and vim for DevOps Days Austin 2015Scott Baldwin
Remote workers have to use tools that allow them to work in realtime. This lightning talk will show how you can use tmux and vim to maximize your remote collaboration.
Development environments are a necessary part of every developer's workflow. They can also be a great source of friction. What may begin as simply running python my_app.py eventually bloats as you add more apps, more databases, more testing frameworks, and more developers. We'll talk about the evolution of a typical development environment, how it lets us down, and how we try to make it better. We'll end with an introduction to Dusty, a new tool which uses Docker containers to take our development environments to the next level.
Originally presented at PyGotham 2015.
Charm City Linux - Jan 2014 - Web Dev Made Easy - Shell RevolutionChris Stone
I gave this 20-30 minute presentation at Charm City Linux on 1/13/2014. I covered my top command line tools that I wouldn't want to do web dev without. The top 3 are mosh, screen and vagrant. I removed Fish before the presentation because the more I thought about it, I could live without it, and probably preferred not to use it.
A quick rundown of the difference between containers and virtual machines. Why Docker (Container Technology) is super awesome and why you should start using it now!
Presentation I presented at Codemotion 2015 in Rome.
It's about how to build and share reproducible, portable development environments with Vagrant and Docker
Setting up Notifications, Alerts & Webhooks with Flux v2 by Alison DowdneyWeaveworks
Watch the recording here: https://youtu.be/cakxixc-yQk
❗️ Notifications & Alerts ⚠️
When operating a cluster, different teams may wish to receive notifications about the status of their GitOps pipelines. For example, the on-call team would receive alerts about reconciliation failures in the cluster, while the dev team may wish to be alerted when a new version of an app was deployed and if the deployment is healthy.
Webhook Receivers
The GitOps toolkit controllers are by design pull-based. In order to notify the controllers about changes in Git or Helm repositories, you can setup webhooks and trigger a cluster reconciliation every time a source changes. Using webhook receivers, you can build push-based GitOps pipelines that react to external events.
Alison Dowdney, Developer Experience Engineer at Weaveworks and CNCF Ambassador, walks through how to define a provider, an alert, git commit status, exposing the webhook receiver and defining a git repository and receiver.
Resources
Flux2 Documentation: https://fluxcd.io/docs/
Flux Guide: Setup Notifications: https://fluxcd.io/docs/guides/notifications/
Flux Guide: Setup Webhook receivers: https://fluxcd.io/docs/guides/webhook-receivers/
Flux Roadmap: https://fluxcd.io/docs/roadmap/
Alison's Demo Repo: https://github.com/alisondy/flux-demos
Similar to Dev Tooling for your Technohipster Startup using aws, docker, tmux, vim & openvpn (20)
Security in a Site Reliability Engineering (SRE) context with a focus on being pragmatic just makes sense. In this talk, we will look at 4 key areas where SRE and Security tribes can join forces and influence the overall business. This is a lab/discussion session.
A Way to Think about DevSecOps: MEASUREJames Wickett
DevOps and the subsequent move to bring security in under the umbrella of DevSecOps has created a new ethos for security. This is good. But, when things go wrong–and we know they will–are we going to be successful with the DevSecOps model, or will we be left searching yet again?
In an attempt to answer this question, we will look back in history to learn how engineering decisions affect the lives of those around us, with an eye on how to make meaningful progress today.
Along the way, we will highlight the high-performing DevSecOps teams of today and introduce MEASURE, a framework for approaching DevSecOps in your organization. Topics range from empathy to lean to system safety with the hope to frame a new playbook for devs, ops, and security to work together.
----
thanks to Verica https://verica.io and techstrongcon.com
The Security, DevOps, and Chaos Playbook to Change the WorldJames Wickett
DevOps and the subsequent move to bring security in under the umbrella of DevSecOps has created a new ethos for security. This talk will highlight security’s place in DevOps and how topics ranging from empathy to chaos to system safety fit in organizations today. The hope is to uncover a new playbook for devs, ops, and security to work together.
All organizations want to go faster and decrease friction in delivering software. The problem is that InfoSec has historically slowed this down or worse. But, with the rise of CD pipelines and new devsecops tooling, there is an opportunity to reverse this trend and move Security from being a blocker to being an enabler.
This talk will discuss hallmarks of doing security in a software delivery pipeline with an emphasis on being pragmatic. At each phase of the delivery pipeline, you will be armed with philosophy, questions, and tools that will get security up-to-speed with your software delivery cadence.
From DeliveryConf 2020
DevOps and the subsequent move to bring security in under the umbrella of DevSecOps has created a new ethos for security. This is good. But, when things go wrong–and we know they will–are we going to be successful with the DevSecOps model, or will we be left searching yet again?
In an attempt to answer this question, we will look back in time over 120 years to unveil a tale that touches on business, engineering, and resilience. We will see how engineering decisions affect the lives of those around us and even though the world has radically changed over the last century, we are still facing many of the same root challenges.
Along the way, we will highlight the high-performing DevSecOps teams of today and introduce a framework for approaching DevSecOps in your organization. Topics range from empathy to lean to system safety with the hope to frame a new playbook for devs, ops, and security to work together.
From Innotech Austin 2019 and Cloud Austin Nov 2019
A DevSecOps Tale of Business, Engineering, and PeopleJames Wickett
DevOps and the subsequent move to bring security in under the umbrella of DevSecOps has created a new ethos for Security. This is good. But, when things go wrong–and we know they will–are we going to be successful with the DevSecOps model, or will we be left searching yet again?
In an attempt to answer this question, we will look back in time over 120 years to unveil a tale that touches on business, engineering, and resilience. We will see how engineering decisions affect the lives of those around us, and even though the world has radically changed over the last century, we are still facing many of the same root challenges.
Along the way, we will highlight the high-performing DevSecOps teams of today and introduce a framework for approaching DevSecOps in your organization. Topics range from empathy to lean to system safety with the hope to frame a new playbook for devs, ops, and security to work together.
The New Ways of DevSecOps - The Secure Dev 2019James Wickett
Talk given for https://www.thesecuredeveloper.com/events/the-new-ways-of-devsecops
DevOps and the subsequent move bring security in under the umbrella of DevSecOps has created a new an ethos for security. This is good, however moving security and devops closer together in many organizations leaves us with questions of how this merge works in practice. What happens to security? To developers? And where does chaos engineering fit in? This talk highlights security's place in DevOps and how topics ranging from empathy to chaos to system safety fit in organizations today. The hope is to uncover a new playbook for devs, ops, and security to work together.
NewOps Days 2019: The New Ways of Chaos, Security, and DevOpsJames Wickett
DevOps and the subsequent move bring security in under the umbrella of DevSecOps has created a new an ethos for security. This is good, however moving security and devops closer together in many organizations leaves us with questions of how this merge works in practice. What happens to security? To developers? And where does= chaos engineering fit in? This talk highlights security's place in DevOps and how topics ranging from empathy to chaos to system safety fit in organizations today. The hope is to uncover a new playbook for devs, ops, and security to work together.
The New Ways of Chaos, Security, and DevOpsJames Wickett
VMware Thought Leadership Series: The New Ways of Chaos, Security, and DevOps
Abstract:
DevOps and the subsequent move bring security in under the umbrella of DevSecOps has created a new an ethos for security. This is good, however moving security and DevOps closer together in many organizations leaves us with questions of how this merge works in practice. What happens to security? To developers? And where does chaos engineering fit in? This talk highlights security's place in DevOps and how topics ranging from empathy to chaos to system safety fit in organizations today. The hope is to uncover a new playbook for devs, ops, and security to work together.
DevOpsDays Austin: Security in the FaaS LaneJames Wickett
James Wickett and Karthik Gaekwad talk about Serverless Security at DevOps Days Austin.
Security in FaaS isn't what we are used to, but this talk shows you how what we learned in appsec still applies. Using LambHack, which is a vulnerable serverless application written in Go on AWS Lambda using Sparta, we will evaluate how to do security in serverless.
In this talk, we will talk about security strategies and pitfalls in the serverless world. You'll leave with an understanding of how to approach security conversations about serverel
Talk goals:
- How to approach the security concerns in a serverless world.
- Talk about the 'WIP' methodology for serverless security.
- Understand current serverless attacks for things to defend against.
- Learn what different cloud providers (AWS/GKE/Azure/Oracle Cloud) do to protect you in a serverless world.
The Seven Habits of the Highly Effective DevSecOpJames Wickett
DevOps and the subsequent move bring security in under the umbrella of DevSecOps has created a new ethos for security. This is good, however moving security and devops closer together in many organizations leaves us with questions of how this merge works in practice. What happens to security? To developers? And really, what makes a good DevSecOp?
This talk highlights the seven habits that the high-performing DevSecOp of today (and tomorrow) should develop. Topics range from empathy to lean to system safety with the hope to uncover a new playbook for devs, ops, and security to work together.
Serverless Security: A How-to Guide @ SnowFROC 2019James Wickett
Serverless Security: A How-to Guide @ SnowFROC 2019
Covering serverless basics, looking at lambhack, and architectures/models for serverless. Special thanks to Signal Sciences!
DevSecOps brings security to the DevOps party and it is completely changing the security playbook. This talk will cover 10 practices and patterns we have implemented that bring DevSecOps value to everyone involved. This talk will be loaded with examples that will be usable for developers, security and operations teams and you can take home next week to put into practice.
Shannon Lietz, Intuit
James WIckett, Signal Sciences
RSA Conference 2019
Talk from Serverless Days Austin with @iteration1 and @wickett. This talk covers serverless basics and the Secure WIP model as a way to bring security to the conversation.
Discussion of how security is in crisis but DevSecOps offers a new playbook and gives security a path to influence. Taking a look at the WAF space, we look at how Signal Sciences has created feedback between Dev and Ops and Security to create new value.
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
Security is in crisis and it needs a new way to move forward. This talk from Nov 2018, Houston ISSA meeting discusses the tooling needed to rise to the demands of devops and devsecops.
Adversary Driven Defense in the Real WorldJames Wickett
Talk by Shannon Lietz and James Wickett at DevOps Enterprise Summit 2018, Las Vegas.
Talk covers finding real world adversaries and balancing your effort and defenses to adjust for them.
The DevSecOps Builder’s Guide to the CI/CD PipelineJames Wickett
All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at LASCON 2018, in Austin, TX.
All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at OWASP NoVA, Sept 25th, 2018
This talk is half discussion of the DevSecOps 2018 community survey report and half conversation with the crowd in attendance on what they want the future to look like. This was prepared for the July 2018 meetup of DevOps Austin.
The talk was created by @wickett of Signal Sciences and @ernestmueller of AlienVault.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Dev Tooling for your Technohipster Startup using aws, docker, tmux, vim & openvpn
1. dev tooling for your
technohipster startup !
using aws, docker,
tmux, vim !
& openvpn
@wickett
Cloud Austin
12 Clouds of Christmas
2. dev tooling for your
technohipster startup !
using aws, docker,
tmux, vim !
& openvpn
@wickett
Cloud Austin
12 Clouds of Christmas
(random hipster, not @wickett)
3. dev tooling for your
technohipster startup !
using aws, docker,
tmux, vim !
& openvpn
@wickett
Cloud Austin
12 Clouds of Christmas
(random hipster, not @wickett)
7. lets figure out our
dev tooling for working
together
bro!
bro!
bro!
8. tmux
•
Terminal Multi Plexer… like screen, only better
•
Split screen, tabs, saves state across sessions
•
Exiting out of iTerm won’t kill your session
•
Keyboard nav for everything
•
Copy and paste to mac buffer
•
Customize your tmux config
35. We couldn't have done
this without all these fine folks
and projects
https://github.com/jpetazzo/dockvpn
!
https://github.com/adamhjk/adam-vim
!
https://twitter.com/marksim
!
http://docker.io
!
https://github.com/chrishunt/dot-files/blob/master/.tmux.conf
!
blog.quarternotecoda.com/blog/2013/08/05/how-to-vim-plus-tmux/