Running Resillient Workloads with Istio - OpenInfra Days 2019Matt Turner
Remember how cool Kubernetes seemed when you first started using it? A simple, easy API for scalable compute in any cloud: just a Deployment and a Service and you’re done! But as you use it more, you learn that this isn’t really enough. A production system needs requests and limits, liveness checks, HPAs, PDBs, PSPs, etc.
The same is true for Istio, which can solve a lot of the problems with microservices out of the box, but isn’t magic. When you get beyond playing with bookinfo, more configuration is needed to get the most out of it.
In this talk I’ll show you how to:
Identify app versions, deploy canaries and run A/B tests
Set timeouts
Configure retries, with exponential backoff
Enforce rate limits
Enable circuit breakers
Inject faults for testing
I’ll also cover a couple of the big security features:
Enabling mTLS
Using service-to-service access control lists (RBAC)
What is a container? Is it really a “lightweight VM” or is it more like a Linux process? In this talk you'll see exactly what a container is, as Liz builds one from scratch in a few lines of Go code. You'll learn how namespaces, control groups and chroot are used to construct containers, and how they are isolated from each other and from the host machine they run on.
Hacking the Linux Kernel - An IntroductionLevente Kurusa
Introduction to the Linux Kernel. Ever wondered how Linux is going? Ever wondered how to contribute to Linux? Now is your chance to get some hands-on information that will help shape your kernel engineer career.
Video link (paywalled): https://skillsmatter.com/skillscasts/12045-the-life-of-a-packet-in-istio
Istio is a service mesh for Kubernetes that offers advanced networking features. It provides intelligent routing, resiliency, and security features, so that service authors don't have to keep re-implementing them. Istio is rapidly taking off and there are great introductory talks everywhere. However in this session, Matt will explore precisely how it does what it does, following one brave little packet in from the internet and back out again. Matt will share with you a great insight into Istio's full power, and you will also learn about its fascinating architecture.
Running Resillient Workloads with Istio - OpenInfra Days 2019Matt Turner
Remember how cool Kubernetes seemed when you first started using it? A simple, easy API for scalable compute in any cloud: just a Deployment and a Service and you’re done! But as you use it more, you learn that this isn’t really enough. A production system needs requests and limits, liveness checks, HPAs, PDBs, PSPs, etc.
The same is true for Istio, which can solve a lot of the problems with microservices out of the box, but isn’t magic. When you get beyond playing with bookinfo, more configuration is needed to get the most out of it.
In this talk I’ll show you how to:
Identify app versions, deploy canaries and run A/B tests
Set timeouts
Configure retries, with exponential backoff
Enforce rate limits
Enable circuit breakers
Inject faults for testing
I’ll also cover a couple of the big security features:
Enabling mTLS
Using service-to-service access control lists (RBAC)
What is a container? Is it really a “lightweight VM” or is it more like a Linux process? In this talk you'll see exactly what a container is, as Liz builds one from scratch in a few lines of Go code. You'll learn how namespaces, control groups and chroot are used to construct containers, and how they are isolated from each other and from the host machine they run on.
Hacking the Linux Kernel - An IntroductionLevente Kurusa
Introduction to the Linux Kernel. Ever wondered how Linux is going? Ever wondered how to contribute to Linux? Now is your chance to get some hands-on information that will help shape your kernel engineer career.
Video link (paywalled): https://skillsmatter.com/skillscasts/12045-the-life-of-a-packet-in-istio
Istio is a service mesh for Kubernetes that offers advanced networking features. It provides intelligent routing, resiliency, and security features, so that service authors don't have to keep re-implementing them. Istio is rapidly taking off and there are great introductory talks everywhere. However in this session, Matt will explore precisely how it does what it does, following one brave little packet in from the internet and back out again. Matt will share with you a great insight into Istio's full power, and you will also learn about its fascinating architecture.
(auto)Installing BSD Systems
The auto-installation methods you can use to set BSD operating systems up and running
-----
After more than a decade in touch with systems like FreeBSD, not by just consuming them as an end-user but also by working as a sysadmin or by developing 'BSD Powered' solutions, you might fall into pitfalls by not easily finding a way to fully automate their installations. The good news: it's possible and it's not as complicated as you might think!
Today's needs regarding automating things like an O.S. installation can save you a lot of time; Kickstart or Preseed files are not the only ways of doing it. One can even combine or expand it all to add patching and updating routines into the game.
Here we are not talking about a one-click solution or something like querying an API endpoint to provide you with a shiny virtual machine; no. The main idea behind this talk is to present you with a tool-set and ways of (auto)installing your machines, let's say, using a NetBSD operating system; be it virtual, or not.
Inspired by talks like the ones showing how OpenBSD Amsterdam sets its virtual machines up, we get together and share thoughts, ideas and setups to get DHCP, iPXE and diskless systems in our favor to set our infrastructure up and running.
Concerned about the first boot and keeping up with services' configurations and consistencies, we also talk about getting Puppet to watch it for you. Considering plain text passwords no one wishes to host in a Git repository, EYAML to the rescue!
-----
DEMO
* https://share.riseup.net/#Uomo3eX77PLcgicqNFdVXw
* https://share.riseup.net/#rPDzTIcRGEzTYkoUD2MwLw
Istio, The Packet's-Eye View - KubeCon NA 2018Matt Turner
The Istio project reached 1.0 this summer, and is mature enough to have LTS releases. It’s getting a lot of attention, but in a lot of ways it’s still a mystery. You’ve probably read about it, you might have tried it, but do you really understand it? It promises advances routing, security, and resiliency, all for free! In this session I’ll present a practical introduction to the operation of Istio - what features it can bring to your environment.
What’s unique about this talk is that we’ll be exploring the different parts of Istio by following one plucky little packet into the mesh, through it, and out again. As we meet each component we’ll learn why it’s there, what it does, and see a demo of how to configure it for common tasks. This will leave you not only with slides showing example configs, but a valuable mental model and a unique insight into the service mesh’s operation.
Dieser Vortrag zeigt, welchen Herausforderungen im Hosting punkt.de in der jüngeren Vergangenheit gegenüber stand und welche Änderungen gegenüber unserer 2010 vorgestellten "NanoBSD"-Architektur wir seitdem umgesetzt haben. Der proServer hat auf der Seite des Hosting-Anbieters viele der erwünschten Eigenschaften eines "Private Cloud"-Produkts, stellt sich dem Kunden aber wie ein klassischer Root-Server dar. Für Anwendungen, bei denen eine solche Plattform gefordert ist, ein unschätzbarer Vorteil gegenüber reinen Container-Lösungen, die praktisch immer eine speziell angepasste Anwendungs-Architektur benötigen.
Internals of OpenRuko PaaS, an open source Heroku clone implementationRoger Leite
Internals of OpenRuko PaaS (Platform as a Service), an open source Heroku clone implementation. Agenda:
- Cloud definitions
- Inception (from what ideas PaaS came from?)
- Distributed System Architecture
- Philosophies (Ephemeralization and Unix Process Model)
- The twelve-factor app
Best practices to build secure smart contractsGautam Anand
- Quick update in blockchain tech space
- Comparision between tech
- Security in Blockchain (Focusing on ETH Solidity attack vectors)
- Design patterns
- 2 Popular hacks (Case study)
Flux’s Security & Scalability with OCI & Helm Slides.pdfWeaveworks
During this session Kingdon Barrett, OSS Engineer at Weaveworks & Flux Maintainer, will show you how to quickly create scalable and Cosign-verified GitOps configurations with Flux using the same process with two demo environments: one will be a Kustomize Environment and the other a Helm-based environment.
Blockchain and smart contracts, what they are and why you should really care ...maeste
After a brief introduction on what is blockchain technology and how it works under the wood, focusing on Ethereum the next generation blockchain implementation. We will focus on the concept of smart contract introducing it through a simple case study and its standard implementation in ethereum. We will code it using Solidity language deploying and testing it in a live demo on Ethereum test network.
(auto)Installing BSD Systems
The auto-installation methods you can use to set BSD operating systems up and running
-----
After more than a decade in touch with systems like FreeBSD, not by just consuming them as an end-user but also by working as a sysadmin or by developing 'BSD Powered' solutions, you might fall into pitfalls by not easily finding a way to fully automate their installations. The good news: it's possible and it's not as complicated as you might think!
Today's needs regarding automating things like an O.S. installation can save you a lot of time; Kickstart or Preseed files are not the only ways of doing it. One can even combine or expand it all to add patching and updating routines into the game.
Here we are not talking about a one-click solution or something like querying an API endpoint to provide you with a shiny virtual machine; no. The main idea behind this talk is to present you with a tool-set and ways of (auto)installing your machines, let's say, using a NetBSD operating system; be it virtual, or not.
Inspired by talks like the ones showing how OpenBSD Amsterdam sets its virtual machines up, we get together and share thoughts, ideas and setups to get DHCP, iPXE and diskless systems in our favor to set our infrastructure up and running.
Concerned about the first boot and keeping up with services' configurations and consistencies, we also talk about getting Puppet to watch it for you. Considering plain text passwords no one wishes to host in a Git repository, EYAML to the rescue!
-----
DEMO
* https://share.riseup.net/#Uomo3eX77PLcgicqNFdVXw
* https://share.riseup.net/#rPDzTIcRGEzTYkoUD2MwLw
Istio, The Packet's-Eye View - KubeCon NA 2018Matt Turner
The Istio project reached 1.0 this summer, and is mature enough to have LTS releases. It’s getting a lot of attention, but in a lot of ways it’s still a mystery. You’ve probably read about it, you might have tried it, but do you really understand it? It promises advances routing, security, and resiliency, all for free! In this session I’ll present a practical introduction to the operation of Istio - what features it can bring to your environment.
What’s unique about this talk is that we’ll be exploring the different parts of Istio by following one plucky little packet into the mesh, through it, and out again. As we meet each component we’ll learn why it’s there, what it does, and see a demo of how to configure it for common tasks. This will leave you not only with slides showing example configs, but a valuable mental model and a unique insight into the service mesh’s operation.
Dieser Vortrag zeigt, welchen Herausforderungen im Hosting punkt.de in der jüngeren Vergangenheit gegenüber stand und welche Änderungen gegenüber unserer 2010 vorgestellten "NanoBSD"-Architektur wir seitdem umgesetzt haben. Der proServer hat auf der Seite des Hosting-Anbieters viele der erwünschten Eigenschaften eines "Private Cloud"-Produkts, stellt sich dem Kunden aber wie ein klassischer Root-Server dar. Für Anwendungen, bei denen eine solche Plattform gefordert ist, ein unschätzbarer Vorteil gegenüber reinen Container-Lösungen, die praktisch immer eine speziell angepasste Anwendungs-Architektur benötigen.
Internals of OpenRuko PaaS, an open source Heroku clone implementationRoger Leite
Internals of OpenRuko PaaS (Platform as a Service), an open source Heroku clone implementation. Agenda:
- Cloud definitions
- Inception (from what ideas PaaS came from?)
- Distributed System Architecture
- Philosophies (Ephemeralization and Unix Process Model)
- The twelve-factor app
Best practices to build secure smart contractsGautam Anand
- Quick update in blockchain tech space
- Comparision between tech
- Security in Blockchain (Focusing on ETH Solidity attack vectors)
- Design patterns
- 2 Popular hacks (Case study)
Flux’s Security & Scalability with OCI & Helm Slides.pdfWeaveworks
During this session Kingdon Barrett, OSS Engineer at Weaveworks & Flux Maintainer, will show you how to quickly create scalable and Cosign-verified GitOps configurations with Flux using the same process with two demo environments: one will be a Kustomize Environment and the other a Helm-based environment.
Blockchain and smart contracts, what they are and why you should really care ...maeste
After a brief introduction on what is blockchain technology and how it works under the wood, focusing on Ethereum the next generation blockchain implementation. We will focus on the concept of smart contract introducing it through a simple case study and its standard implementation in ethereum. We will code it using Solidity language deploying and testing it in a live demo on Ethereum test network.
Not my problem - Delegating responsibility to infrastructureYshay Yaacobi
Slides for for my talk, appeared on Code-Europe Poznan 12.06.2018
(https://www.codeeurope.pl/en/speakers/yshay-yaacobi)
https://github.com/yshayy/not-my-problem-talk
https://github.com/Yshayy/not-my-problem-talk/blob/master/slides/demo.md
ArcBlock Technical Learning Series introduces Smart Contracts.
During this technical learning session, ArcBlock Engineers take a deep drive into Smart Contracts and introduce critical concepts and functionality to make smart contracts work.
https://www.arcblock.io
During this training, ArcBlock also looks key processes and best practices for developers on how to create, maintain and work with Smart Contracts. Finally, ArcBlock looks at its own use cases and provides several examples demonstrating the concepts and features shown during the training
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE
FIWARE Wednesday Webinar - How to Secure IoT Devices (22nd April 2020)
Corresponding webinar recording: https://youtu.be/_87IZhrYo3U
Live coding session and commentary, demonstrating various techniques and methods for securing the interactions between Devices, IoT Agents and the Context Broker
Chapter: Security
Difficulty: 3
Audience: Any Technical
Presenter: Jason Fox (Senior Technical Evangelist, FIWARE Foundation)
Similar to "Developing a multicurrency, multisignature wallet" by Alex Melville (20)
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
15. Poll: What is the most important part
of any cryptocurrency wallet?
16.
17. Key Management Problem
● Good wallet will create a new address every time it receives a transaction
○ Privacy
18. Key Management Problem
● Good wallet will create a new address every time it receives a transaction
○ Privacy
● This means a new private + public keypair for every new address
1PzGm1KM1Tp4ZphQzoejaz6kJPcd4kRrMw
23. Hierarchical Deterministic Keys (BIP32)
● 1 master seed
● Deterministic method (think hashing) for generating unlimited child keys
○ You only need to remember one 512-bit string
512 Bit
Seed
Seed (hex): 000102030405060708090a0b0c0d0e0f