Mark Mzyk
Engineering Manager with Chef
Find more by Mark Mzyk: https://speakerdeck.com/mmzyk
All Things Open
October 26-27, 2016
Raleigh, North Carolina
Talk given by Michael DeHaan and Greg DeKoenigsberg at All Things Open in October 2014, in which we discussed how we applied open source best practices to grow a large and active community of users and developers.
Student Pipeline to Open Source Communities using HFOSSAll Things Open
Heidi Ellis
Professor at Western New England University
Gregory Hislop
Professor at Drexel University
All Things Open
October 26-27, 2016
Raleigh, North Carolina
Nithya Ruff
SanDisk Inc. - Director of the Open Source Strategy Office
Guy Martin
Autodesk - Director of Open Source Strategy
Monday, Oct 19th
2:30 pm - Case Study
Talk given by Michael DeHaan and Greg DeKoenigsberg at All Things Open in October 2014, in which we discussed how we applied open source best practices to grow a large and active community of users and developers.
Student Pipeline to Open Source Communities using HFOSSAll Things Open
Heidi Ellis
Professor at Western New England University
Gregory Hislop
Professor at Drexel University
All Things Open
October 26-27, 2016
Raleigh, North Carolina
Nithya Ruff
SanDisk Inc. - Director of the Open Source Strategy Office
Guy Martin
Autodesk - Director of Open Source Strategy
Monday, Oct 19th
2:30 pm - Case Study
Velocity Conference NYC 2014 - Real World DevOpsRodrigo Campos
In a world where agility has become a requirement, business and engineering demands have decreed the death of the “Department of No”. This talk will cover the journey of an IT Operations department from a single DevOps team to a business-wide cultural shift that has affected the way people interact and work with each other.
In order to make sure that our DevOps initiative would be successful, we needed to make changes to the corporate organization, rearrange teams and roles in several areas, and make sure that everyone fully understand where we were being headed to.
All these steps will be covered in this talk that will demonstrate some common pitfalls and misconceptions that jeopardize the DevOps adoption, particularly in large enterprises with several compliancy requirements and some outdated bureaucracy.
DOES15 - Mike Bland - Pain Is Over, If You Want ItGene Kim
Mike Bland, Practice Director, 18F
Technology is always the easiest part of any problem. This was true of Google in 2005, when Mike Bland joined the Testing Grouplet’s effort to drive adoption of automated testing throughout a highly successful company as its organization and systems increased in complexity at an alarming and unstoppable rate. This was true in late 2013, when the Healthcare.gov crisis led to a stunningly successful recovery after private industry experts were given clearance to fix the technical issues. It is also true of the U.S federal government today, as Mike has joined 18F as part of the effort to modernize how software is developed and procured, and to steer the culture towards maximum transparency, autonomy and collaboration. This talk will outline Mike’s experiences at Google that shaped his outlook and honed his organizational skills, and describe his efforts to capitalize on the opportunity produced by the Healthcare.gov recovery to effect broad cultural change throughout the federal government.
IPSE QA Freelancer Awards - We are the MakersDavid Walker
The talk I gave at the IPSE Awards on the need for Digital Innovation, the risks of Digital Disruption and how 'Thinking like a freelancer' is good for all of us.
Presented at DOXLON August'15 MeetUp. My update from the initial 6 months at Pearson and how I am trying to drive a real transformation of a 171 year old company to enable better IT Performance.
Jan de Vries - How to convince your boss that it is DevOps that he wantsAgile Lietuva
- We all know that we could implement DevOps a lot faster if we only would have commitment from our boss. We all know that there is a shiny business case for almost every DevOps implementation
- And we all know that the whole company will reap the benefits regarding speed, agility and stability once we implemented DevOps. Actually, it provides good, fast and cheap at the same time. So, what are we waiting for? What is your boss waiting for? What is C-level waiting for?
- That’s something we will do research on in this workshop. We will also share our research on this from the recent past.
- The workshop starts with a presentation about 7 practices that a company should adopt to be able to apply DevOps.
- The technique that we use is called Appreciative Inquiry. To tackle a problem, it discovers the best practices that work, the reason they work and how these combined practices can be used to avoid the problem ahead and create a strategic change. The aim is to build – or even rebuild – organizations around what works, rather than trying to fix what doesn’t.
- So we want to know what your boss is afraid of and what you have already tried to convince him that he is better off with DevOps. You will leave the workshop with the combined Appreciative Inquiry insights of all the attendees
Everyone seems to have an intuitive understanding of ‘architecture’ as the process and product of planning, designing, and constructing. The problem is most people don’t have the same understanding which leads to disagreements about what the process and product entails. The transition from software shipped on physical media to software delivered as services further complicated the conversation as operating services introduces other factors that must be considered on an ongoing basis. These misunderstandings have only been exacerbated as greater speed and scale create new problems necessitating novel emergent solutions. This presentation will attempt to highlight the need for new language with dense semantics about the emerging architectures (because just saying ‘microservices’ is causing more problems than it solves) while also pointing out that many of the struggles people have delivering software are rooted in architecture.
YOUR OPEN SOURCE PROJECT IS LIKE A STARTUP, TREAT IT LIKE ONE, EYAR ZILBERMAN...DevOpsDays Tel Aviv
From idea to execution, the challenges of publishing an open source project are very similar to initializing a startup when it comes to creating a successful product that people will love and use.
Most open source projects are not “taking-off”, although they are really good! This is because developers (which are usually the creators of open source projects) think that writing the code is the hard part and “neglect” the other parts of publishing a good open source project.
In this talk, I will use my experience as a contributor to open source and product head of a startup, to go beyond writing the code itself and cover the other central aspects of creating an open source project, like MVP, product/market fit, marketing and more.
The Changing Role of Release Engineering in a DevOps WorldPerforce
There is no denying that DevOps has shaken up the world of developing and deploying software. With all the buzz around new techniques and technologies, it's easy to get lost in the “We deploy hundreds of times a day!” cacophony and all the new tools. The rise of DevOps is revitalizing age-old topics in release engineering and application lifecycle management, and aspects of software delivery that DevOps doesn’t magically solve. If you're responsible for the release engineering function in your organization, see what the new world looks like and which aspects of the industry it’s leaving behind.
Four years and over 20,000 respondents later, and we have learned a lot about what makes IT and organizational performance awesome. This year we include insights into security, containers, trunk-based development, and lean product management. Tune in for practical take-aways to make your teams' technology transformations even better.
DOES16 London - Scott Potter - DevOps: To Autonomy and BeyondGene Kim
Scott Potter, (former) Head of Digital Engineering, News UK
Transitioning to an organisational structure, a set of skills and capabilities and the desired motivation & behaviours is just the start. Once you start reaping the benefits, your job isn't done.
Scott shares some of his own experiences from the journey that he and his teams took through a DevOps transition, and the role that management took to support the creation of independent teams.
How to Use HipChat to Collaborate and Build Culture - Matthew WeinbergAtlassian
Vector Media Group relies on HipChat for 99 percent of team communication to get more done, while supporting and building our company culture. Learn how we balance productivity (with team rooms where external data is centralized and shared), and silliness (like a bot that renders a founder's animated face whenever they are named in a public room).
Andy is a founder of the Pragmatic Programmers, founder of the Agile Alliance and one of the 17 authors of the Agile Manifesto, and author of nine books. He is an active musician and woodworker, and continues looking for new areas where he can stir things up
01 why of dev ops - devopsguys - magentys - finalDevOpsGroup
"DevOps - Start with Why" talks about some of the factors affecting online business and the IT industry that creates the need for new models of product delivery i.e. DevOps
Running OpenStack on Amazon AWS: In this talk we will demonstrate how to create an exact replica of an on-premises OpenStack configuration in the public cloud (AWS/EC-2, GCE or HP Cloud) and spin multiple copies of this environment in a matter of minutes. We will technically elaborate how we use our own high performance nested hypervisor HVX, and software defined networking - to run OpenStack guests with KVM acceleration on top of any public cloud.
All Things Open 2014 - Day 1
Wednesday, October 22nd, 2014
Mark Hinkle
Senior Director & Citrix Open Source Business Office for Citrix
Cloud
Crash Course in Cloud Computing
Find more of Mark's talks here: http://www.slideshare.net/socializedsoftware
Velocity Conference NYC 2014 - Real World DevOpsRodrigo Campos
In a world where agility has become a requirement, business and engineering demands have decreed the death of the “Department of No”. This talk will cover the journey of an IT Operations department from a single DevOps team to a business-wide cultural shift that has affected the way people interact and work with each other.
In order to make sure that our DevOps initiative would be successful, we needed to make changes to the corporate organization, rearrange teams and roles in several areas, and make sure that everyone fully understand where we were being headed to.
All these steps will be covered in this talk that will demonstrate some common pitfalls and misconceptions that jeopardize the DevOps adoption, particularly in large enterprises with several compliancy requirements and some outdated bureaucracy.
DOES15 - Mike Bland - Pain Is Over, If You Want ItGene Kim
Mike Bland, Practice Director, 18F
Technology is always the easiest part of any problem. This was true of Google in 2005, when Mike Bland joined the Testing Grouplet’s effort to drive adoption of automated testing throughout a highly successful company as its organization and systems increased in complexity at an alarming and unstoppable rate. This was true in late 2013, when the Healthcare.gov crisis led to a stunningly successful recovery after private industry experts were given clearance to fix the technical issues. It is also true of the U.S federal government today, as Mike has joined 18F as part of the effort to modernize how software is developed and procured, and to steer the culture towards maximum transparency, autonomy and collaboration. This talk will outline Mike’s experiences at Google that shaped his outlook and honed his organizational skills, and describe his efforts to capitalize on the opportunity produced by the Healthcare.gov recovery to effect broad cultural change throughout the federal government.
IPSE QA Freelancer Awards - We are the MakersDavid Walker
The talk I gave at the IPSE Awards on the need for Digital Innovation, the risks of Digital Disruption and how 'Thinking like a freelancer' is good for all of us.
Presented at DOXLON August'15 MeetUp. My update from the initial 6 months at Pearson and how I am trying to drive a real transformation of a 171 year old company to enable better IT Performance.
Jan de Vries - How to convince your boss that it is DevOps that he wantsAgile Lietuva
- We all know that we could implement DevOps a lot faster if we only would have commitment from our boss. We all know that there is a shiny business case for almost every DevOps implementation
- And we all know that the whole company will reap the benefits regarding speed, agility and stability once we implemented DevOps. Actually, it provides good, fast and cheap at the same time. So, what are we waiting for? What is your boss waiting for? What is C-level waiting for?
- That’s something we will do research on in this workshop. We will also share our research on this from the recent past.
- The workshop starts with a presentation about 7 practices that a company should adopt to be able to apply DevOps.
- The technique that we use is called Appreciative Inquiry. To tackle a problem, it discovers the best practices that work, the reason they work and how these combined practices can be used to avoid the problem ahead and create a strategic change. The aim is to build – or even rebuild – organizations around what works, rather than trying to fix what doesn’t.
- So we want to know what your boss is afraid of and what you have already tried to convince him that he is better off with DevOps. You will leave the workshop with the combined Appreciative Inquiry insights of all the attendees
Everyone seems to have an intuitive understanding of ‘architecture’ as the process and product of planning, designing, and constructing. The problem is most people don’t have the same understanding which leads to disagreements about what the process and product entails. The transition from software shipped on physical media to software delivered as services further complicated the conversation as operating services introduces other factors that must be considered on an ongoing basis. These misunderstandings have only been exacerbated as greater speed and scale create new problems necessitating novel emergent solutions. This presentation will attempt to highlight the need for new language with dense semantics about the emerging architectures (because just saying ‘microservices’ is causing more problems than it solves) while also pointing out that many of the struggles people have delivering software are rooted in architecture.
YOUR OPEN SOURCE PROJECT IS LIKE A STARTUP, TREAT IT LIKE ONE, EYAR ZILBERMAN...DevOpsDays Tel Aviv
From idea to execution, the challenges of publishing an open source project are very similar to initializing a startup when it comes to creating a successful product that people will love and use.
Most open source projects are not “taking-off”, although they are really good! This is because developers (which are usually the creators of open source projects) think that writing the code is the hard part and “neglect” the other parts of publishing a good open source project.
In this talk, I will use my experience as a contributor to open source and product head of a startup, to go beyond writing the code itself and cover the other central aspects of creating an open source project, like MVP, product/market fit, marketing and more.
The Changing Role of Release Engineering in a DevOps WorldPerforce
There is no denying that DevOps has shaken up the world of developing and deploying software. With all the buzz around new techniques and technologies, it's easy to get lost in the “We deploy hundreds of times a day!” cacophony and all the new tools. The rise of DevOps is revitalizing age-old topics in release engineering and application lifecycle management, and aspects of software delivery that DevOps doesn’t magically solve. If you're responsible for the release engineering function in your organization, see what the new world looks like and which aspects of the industry it’s leaving behind.
Four years and over 20,000 respondents later, and we have learned a lot about what makes IT and organizational performance awesome. This year we include insights into security, containers, trunk-based development, and lean product management. Tune in for practical take-aways to make your teams' technology transformations even better.
DOES16 London - Scott Potter - DevOps: To Autonomy and BeyondGene Kim
Scott Potter, (former) Head of Digital Engineering, News UK
Transitioning to an organisational structure, a set of skills and capabilities and the desired motivation & behaviours is just the start. Once you start reaping the benefits, your job isn't done.
Scott shares some of his own experiences from the journey that he and his teams took through a DevOps transition, and the role that management took to support the creation of independent teams.
How to Use HipChat to Collaborate and Build Culture - Matthew WeinbergAtlassian
Vector Media Group relies on HipChat for 99 percent of team communication to get more done, while supporting and building our company culture. Learn how we balance productivity (with team rooms where external data is centralized and shared), and silliness (like a bot that renders a founder's animated face whenever they are named in a public room).
Andy is a founder of the Pragmatic Programmers, founder of the Agile Alliance and one of the 17 authors of the Agile Manifesto, and author of nine books. He is an active musician and woodworker, and continues looking for new areas where he can stir things up
01 why of dev ops - devopsguys - magentys - finalDevOpsGroup
"DevOps - Start with Why" talks about some of the factors affecting online business and the IT industry that creates the need for new models of product delivery i.e. DevOps
Running OpenStack on Amazon AWS: In this talk we will demonstrate how to create an exact replica of an on-premises OpenStack configuration in the public cloud (AWS/EC-2, GCE or HP Cloud) and spin multiple copies of this environment in a matter of minutes. We will technically elaborate how we use our own high performance nested hypervisor HVX, and software defined networking - to run OpenStack guests with KVM acceleration on top of any public cloud.
All Things Open 2014 - Day 1
Wednesday, October 22nd, 2014
Mark Hinkle
Senior Director & Citrix Open Source Business Office for Citrix
Cloud
Crash Course in Cloud Computing
Find more of Mark's talks here: http://www.slideshare.net/socializedsoftware
RICON 2014 - Build a Cloud Day - Crash Course Open Source Cloud ComputingMark Hinkle
This crash course is designed to give an overview of cloud computing architecture and the open source software that can be used to deploy and manage a cloud computing environment.
Topics to be discussed in this session will include virtualization (KVM, LXC, and Xen Project), orchestration (Apache CloudStack, Eucalyptus, Open Nebula, and OpenStack), and storage (GlusterFS, Ceph, and others). The talk will also provide insight into how to deliver Platform-as-a-Service (PaaS) and what technologies can be used to compliment this evolving cloud computing paradigm.
Systems administrators and IT generalists will leave the discussion with a general overview of the options at their disposal to effectively build and manage their own cloud computing environments using free and open source software and understand the capabilities and benefits of a host of technologies.
Two Parts
Part One: Overview of Cloud Computing, Definition, History, Cloud Service Models, Cloud Storage Types, Visualization etc.
Part Two: Open Source Cloud Computing
Open Source Hyper-visors
Development of CloudStack
Installation Overview
Conclusion
Capgemini is delivering a best of bread user experience and e-business platform in the cloud using open source technologies and cloud service providers. This offering, named Capgemini Immediate, has already attracted several customers in Europe including Royal Mail Group in UK.
The presentation will describe the customers' issues and business contexts, the solution built to address these issues, the Capgemini project approach and engagement model and the reasons to use open source technologies. It will also present the resulting benefits and the key success factors of this new approach.
How (can) Scrum and DevOps Walk Together to Build a High-Quality Product Deli...Scrum Day Bandung
Discussion in fishbowl format to find out how Scrum and DevOps should more power-full if we use it together and properly, then validating with data and convergence of CEO Scrum.org and CEO DevOps Institute.
Agile concepts for quality and process engineers for slideshareYuval Yeret
Excerpt from a session introducing agile concepts for a group of quality engineers in a big enterprise undergoing an agile transition.
The aim was to expose Quality/Process engineers to the concepts of agility and emphasize the impact on process/methodology development, the approach of evolution vs big design up front and its impact on their work. I used a lot of the classic agile examples (a lot of them by Henrik Kniberg) and adjusted for the development of methodology, to show that actually the agile approach should be discovered using an agile process.
Also covers some complexity thinking aspects.
And of course - this is not limited to methodology for IT/product development, but to many kinds of change management.
How to Ship in 8 Weeks or Less (via Cross-Functional Teams)QuekelsBaro
Get you clued up on what the development methodology Shape Up looks like in practice and sneak-peak into what we do at Process Street as our EPD team shares their secrets.
This session is an overview on what DevOps is (to me) and how it impacts traditional organizations the most. DevOps is way more than just continuous delivery! From an Agile (synergetic) mindset, DevOps takes a step beyond and focusses on automation, collaboration and learning. Apart from that I also look forward to what oppurtunities lie ahead when implementing DevOps.
On March 2nd I presented this DevOps Unraveled session for abt 40 IT-managers at business university Nyenrode. This was part of the Masterclass Agile management
(Dutch website http://www.executiveeducation.nl/open-programmas/programmadetails/masterclass-agile-management/sectie/introductie.html ).
Navvia is always looking for ways to improve how we do things and we’ve come to see DevOps as our compass on the road to continual improvement. However, DevOps means different things to different people.
To our company, it has become the rallying cry for organizational change. It is the standard that leads us on a path towards better alignment across teams, enhanced agility, higher quality and the elimination of waste.
What you will learn:
- Why Navvia embarked on DevOps
- An overview of DevOps including common misconceptions
- A case study entitled “a tale of two apps”
- How Navvia is implementing DevOps
- What we’ve learned so far
It’s an exciting journey with the destination being improved customer experience, higher rates of innovation and a faster path to business value.
Agile from the executive floor - defining agility in business terms - Agile P...Yuval Yeret
Many executives feel agile is something those techies do behind closed doors. This is both a misunderstanding and a major risk to achieving a real shift and impact. In this session we will talk about business agility as an existential capability in the 21st century and how lean/agile process/structure/culture achieve it. Even non-executives will learn language that will help them break the glass ceiling by getting support from those at the top.
A talk about DevOps that I gave at a SysARmy meetup while visiting MuleSoft's Buenos Aires DevOps team. I've been thinking a lot recently about what DevOps is, what it means to be a DevOps Engineer (or in my case a DevOps Engineering Manager). Putting this together was really helpful to clarify some ideas I've been kicking around.
De facto DevOps, de facto Agile. Today DevOps is the Manufacturing Revolution of Our Age. There is no escape for us. When got a DevOps, you got a DevOps.
DevOps simply is the combination of cultural philosophies,practices,and tools that increase an organization’s ability to deliver applications and services at high velocity : evolving and improving products at a faster pace than organizations using traditional software development and infrastructure management processes.
Building Reliability - The Realities of ObservabilityAll Things Open
Presented at the ATO RTP Meetup
Presented by Jeremy Proffit, Director of DevSecOps & SRE for Customer Care and Communications, Ally
Title: Building Reliability - The Realities of Observability
Abstract: Join me as we discuss true observability, learn what works and what doesn't. We'll not only discuss dashboards, monitoring and alerting, but how these can be built by automation or included in your IAC modules. We'll talk about how to properly alert staff based on priority to keep your staff and yourself sane. And even discuss architecture and how it impacts reliably and why serverless isn't always the best at being reliable.
Presented at the ATO RTP Meetup
Presented by Peter Zaitsev, Founder of Percona
Title: Modern Database Best Practices
Abstract: There are now more Database choices available for developers than ever before - there are general purpose databases and specialized databases, single node and distributed databases, Open Source, Proprietary databases and databases available exclusively in the cloud. In this presentation we will cover the best practices of choosing database(s) for your applications, best practices as it comes to application development as well as managing those databases to achieve best possible performance, security, availability at the lowest cost.
All Things Open 2023
Presented at All Things Open 2023
Presented by Deb Bryant - Open Source Initiative, Patrick Masson - Apereo Foundation, Stephen Jacobs - Rochester Institute of Technology, Ruth Suehle - SAS, & Greg Wallace - FreeBSD Foundation
Title: Open Source and Public Policy
Abstract: New regulations in the software industry and adjacent areas such as AI, open science, open data, and open education are on the rise around the world. Cyber Security, societal impact of AI, data and privacy are paramount issues for legislators globally. At the same time, the COVID-19 pandemic drove collaborative development to unprecedented levels and took Open Source software, open research, open content and data from mainstream to main stage, creating tension between public benefit and citizen safety and security as legislators struggle to find a balance between open collaboration and protecting citizens.
Historically, the open source software community and foundations supporting its work have not engaged in policy discussions. Moving forward, thoughtful development of these important public policies whilst not harming our complex ecosystems requires an understanding of how our ecosystem operates. Ensuring stakeholders without historic benefit of representation in those discussions becomes paramount to that end.
Please join our open discussion with open policy stakeholders working constructively on current open policy topics. Our panelists will provide a view into how oss foundations and other open domain allies are now rising to this new challenge as well as seizing the opportunity to influence positive changes to the public’s benefit.
Topics: Public Policy, Open Science, Open Education, current legislation in the US and EU, US interest in OSS sustainability, intro to the Open Policy Alliance
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...All Things Open
Presented at All Things Open 2023
Presented by Ashpak Shaikh & Lucy Shen - Intuit
Title: Weaving Microservices into a Unified GraphQL Schema with graph-quilt
Abstract: The magic of GraphQL is that it provides data access through a single endpoint—clean and easy. But as the number of GraphQL microservices your tech stack depends on starts to grow, that single-endpoint purpose becomes a new multi-endpoint problem. Ideally, we would have an orchestrator that could aggregate schemas from multiple microservices into a unified GraphQL schema and route the requests to the appropriate microservice.
Enter graph-quilt, an open source Java library that provides recursive schema stitching and Apollo Federation style schema composition. In this talk, we’ll walk through our GraphQL journey and show you how to use graph-quilt to simplify your data orchestration needs. We will also share our open sourced reference implementation of a highly performant graph-quilt gateway currently being used in production here at Intuit, where we’ve had incredible success in scaling the gateway with 50+ microservices and 150+ clients.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
The State of Passwordless Auth on the Web - Phil NashAll Things Open
Presented at All Things Open 2023
Presented by Phil Nash - Sonar
Title: The State of Passwordless Auth on the Web
Abstract: Can we get rid of passwords yet? They make for a poor user experience and users are notoriously bad with them. The advent of WebAuthn has brought a passwordless world closer, but where do we really stand?
In this talk we'll explore the current user experience of WebAuthn and the requirements a user has to fulfil to authenticate without a password. We'll also explore the fallbacks and safeguards we can use to make the password experience better and more secure. By the end of the session you'll have a vision of how authentication could look in the future and a blueprint for how to build the best auth experience today.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Total ReDoS: The dangers of regex in JavaScriptAll Things Open
Presented at All Things Open 2023
Presented by Phil Nash - Sonar
Title: Total ReDoS: The dangers of regex in JavaScript
Abstract: Regular expressions are complicated and can be hard to learn. On top of that, they can also be a security risk; writing the wrong pattern can open your application up to denial of service attacks. One token out of place and you invite in the dreaded ReDoS.
But how can a regular expression cause this? In this talk we’ll track down the patterns that can cause this trouble, explain why they are an issue and propose ways to fix them now and avoid them in the future. Together we’ll demystify these powerful search patterns and keep your application safe from expressions that behave in a way that is anything but regular.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
What Does Real World Mass Adoption of Decentralized Tech Look Like?All Things Open
Presented at All Things Open 2023
Presented by Karl Mozurkewich - Storj
Title: What Does Real World Mass Adoption of Decentralized Tech Look Like?
Abstract: We delve into the transformative potential of decentralized technology. Beginning with a brief overview of the rise of centralization with the advent of the internet and the counter-shift marked by blockchain we explore the intrinsic characteristics of decentralized and distributed systems, such as trustless operations, peer-to-peer networks, and enterprise application scalability. Various sectors, including finance, supply chains, media and entertainment, data science and cloud infrastructure are on the brink of disruption. The societal implications are vast, with the potential for greater individual empowerment, a greener planet and more viable resource utilization, but concerns about data security persist.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Anastasia Lalamentik - Kaleido
Title: How to Write & Deploy a Smart Contract
Abstract: In this talk, Anastasia Lalamentik, Full Stack Engineer at Kaleido, will walk through how Ethereum smart contracts work and go over related concepts like gas fees, the Ethereum Virtual Machine (EVM), the block explorer, and the Solidity programming language. This is vital to anyone who wants to build a blockchain app and is a great introduction to blockchain technology for newcomers to the space.
By the end of the talk, attendees will better understand how to:
- Write a simple smart contract
- Deploy their smart contract to an Ethereum test network through the latest tools like Hardhat and the MetaMask wallet
- Test interactions with their deployed smart contract and ensure that everything is working properly
Additionally, participants will get to interact with Anastasia's deployed smart contract at the end of the talk. Anastasia’s past talks have attracted and have been attended by a diverse group of participants with a range of experience in the space.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlowAll Things Open
Presented at All Things Open 2023
Presented by Paul Brebner - Instaclustr (by Spot by NetApp)
Title: Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Abstract: In this talk we’ll build a Drone delivery application, and then use it to do some Machine Learning “on the fly”.
In the 1st part of the talk, we'll build a real-time Drone Delivery demonstration application using a combination of two open-source technologies: Uber’s Cadence (for stateful, scheduled, long-running workflows), and Apache Kafka (for fast streaming data).
With up to 2,000 (simulated) drones and deliveries in progress at once this application generates a vast flow of spatio-temporal data.
In the 2nd part of the talk, we'll use this platform to explore Machine Learning (ML) over streaming and drifting Kafka data with TensorFlow to try and predict which shops will be busy in advance.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at the All Things Open 2023 Inclusion and Diversity in Open Source Event
Presented by Efraim Marquez-Arreaza - Red Hat
Title: DEI Challenges and Success
Abstract: In today's world, many companies and organizations have Diversity, Equity and Inclusion (DEI) communities. Red Hat Unidos is a DEI community focused on advocating for the Hispanic/Latine community. In this talk, we would like to share our challenges and success during the past 4-years and plans for the future.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Lydia Cupery - HubSpot
Title: Scaling Web Applications with Background Jobs: Takeaways from Generating a Huge PDF
Abstract: Do you need to perform time-consuming or CPU-intensive processes in your web application but are concerned about performance? That’s where background jobs come in. By offloading resource-intensive tasks to separate worker processes, you can improve the scalability of your web application.
In this talk, I'll share my experience of using background jobs to scale our web application. I'll discuss the challenges my team faced that led us to adopt background jobs. Then, I'll share practical tips on how to design background jobs for CPU-intensive or time-consuming processes, such as generating huge PDFs and batch emailing. I'll wrap up by going over the performance and cost tradeoffs of background jobs.
I'll use Typescript, Express, and Heroku as examples in this talk, but the concepts and best practices that I'll share are applicable to other languages and tools.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Robert Aboukhalil - CZI
Title: Supercharging tutorials with WebAssembly
Abstract: sandbox.bio is a free platform that features interactive command-line tutorials for bioinformatics. This talk is a deep-dive into how sandbox.bio was built, with a focus on how WebAssembly enabled bringing command-line tools like awk and grep to the web. Although these tools were originally written in C/C++, they all run directly in the browser, thanks to WebAssembly! And since the computations run on each user's computer, this makes the application highly scalable and cost-effective.
Along the way, I'll discuss how WebAssembly works and how to get started using it in your own applications. The talk will also cover more advanced WebAssembly features such as threads and SIMD, and will end with a discussion of WebAssembly's benefits and pitfalls (it's a powerful technology, but it's not always the right tool!).
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by K.S. Bhaskar - YottaDB LLC
Title: Using SQL to Find Needles in Haystacks
Abstract: Database journal files capture every update to a database. A database of a few hundred GB can generate GBs worth of journal files every minute at busy times. Troubleshooting and forensices, especially of rare and intermittent problems, such as which process made what update and when, is an exercise of finding needles in haystacks. A similar problem exists with syslogs. A solution is to load the journal files and syslogs into a database, and use SQL to query the database. Bhaskar will present and demonstrate this with a 100% FOSS stack.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Configuration Security as a Game of Pursuit InterceptAll Things Open
Presented at All Things Open 2023
Presented by Wes Widner - Automox
Title: Configuration Security as a Game of Pursuit Intercept
Abstract: In this session we will take a look at the emerging field of cloud security posture management and how we can approach the problem space using a class of board games known as pursuit/intercept. Using the game Scotland Yard as a visual illustration we'll explore the cognitive and technical limitations that all CSPM systems face and what you should look for when evaluating the strengths and weakness of CSPM vendors and approaches.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Carol Huang & Mike Fix - Stripe
Title: Scaling an Open Source Sponsorship Program
Abstract: We already know this: the open-source ecosystem needs further monetary investment from the companies that benefit most from it. Likewise, companies say they want to participate in these initiatives, but find it hard to dedicate resources to open source funding when there isn’t a clear ROI.
This talk discusses how the Open Source Program Office at Stripe built a scalable, sustainable open source sponsorship model that aligns internal company incentives with those of open source maintainers and the community at large. We go over the unique “platformization” of our OSPO that allowed us to create multiple funding models, such as BYOB (Bring Your Own Budget), and share lessons learned from this experience as well as other OSPOs.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Build Developer Experience Teams for Open SourceAll Things Open
Presented at All Things Open 2023
Presented by Arundeep Nagaraj - Amazon Web Services (AWS)
Title: Build Developer Experience Teams for Open Source
Abstract: Open Source has become the default strategy for many IT organizations and Enterprises. However, the constant challenge with Open Source leaders of these organizations has been -
How is my product's developer experience?
Is this the right metric to track?
How can I scale my team to support our products better?
How can I add automation to scale redundant workflows?
If my product involves working with developers, how can I scale to the complexity of the requests and reduce Engineering bandwidth?
The challenges within support of open source products continues to magnify depending on the end user persona whether they are consumers or contributors to your product. Consumers utilize your product, SDK's and API's and are blocked with using it or run into issues, whereas contributors are advanced users of your software that understands the codebase to provide a meaningful contribution back to the product.
The answer to the above is to look at Open Source support as a first-class citizen of your corporate support strategy. To employ the right level of developer focused support as opposed to traditional infrastructure based support is key to scale to the amount of developers using your product. Supporting customers in the open involves more than pure support - building customer / developer experiences (DX) in the open (across platforms and communities) that pivots over the ability of your product's users or developers to be focused on the end-to-end value add. This helps with your active developer growth and retention of users.
Key Takeaways:
- IT leaders of Open Source will learn to employ strategies to build a DX team that engages on multiple platforms
- Work on identifying accurate metrics for product and organization
- Innovate on platforms such as Discord to build a bot and a dashboard
- Ability to leverage customer feedback and iterate over the customer success flywheel
- Distinguish between DX and Developer Advocacy (DA)
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Danny McCormick - Google
Title: Deploying Models at Scale with Apache Beam
Abstract: Apache Beam is an open source tool for building distributed scalable data pipelines. This talk will explore how Beam can be used to perform common machine learning tasks, with a heavy focus on running inference at scale. The talk will include a demo component showing how Beam can be used to deploy and update models efficiently on both CPUs and GPUs for inference workloads.
An attendee can expect to leave this talk with a high level understanding of Beam, the challenges of deploying models at scale, and the ability to use Beam to easily parallelize their inference workloads.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Sudo – Giving access while staying in controlAll Things Open
Presented at All Things Open 2023
Presented by Peter Czanik - One Identity
Title: Sudo – Giving access while staying in control
Abstract: Sudo is used by millions to control and log administrator access to systems, but using the default configuration only, there are plenty of blind spots. Using the latest features in sudo let you watch some previously blind spots and control access to them. Here are four major new features, which arrived since the 1.9.0 release, allowing you see your blind spots:
- configuring a working directory or chroot within sudo often makes full shell access redundant
- JSON-formatted logs give you more details on events and are easier to act on
- relays in sudo_logsrvd make session recording collection more secure and reliable
- you can log and control sub-commands executed by the command run through sudo
Let us take a closer look at each of these.
Previously, there were quite a few situations where you had to give users full shell access through sudo. Typical examples include when you need to run a command from a given directory, or running commands in a chroot environment. You can now configure the working directory or the chroot directory and give access only to the command the user really needs.
Logging is a central role of sudo, to see who did what on the system. Using JSON-formatted log messages gives you even more information about events. What is even more: structured logs are easier to act on. Setting up alerting for suspicious events is much easier when you have a single parser to configure for any kind of sudo logs. You can collect sudo logs not only by local syslog, but also by using sudo_logsrvd, the same application used to collect session recordings.
Speaking of session recordings: instead of using a single central server, you can now have multiple levels of sudo_logsrvd relays between the client and the final destination. This allows session collection even if the central server is unavailable, providing you with additional security. It also makes your network configuration simpler.
Finally, you can log sub-commands executed from the command started through sudo. You can see commands started from a shell. No more unnoticed shell access from text editors. Best of all: you can also intercept sub-commands.
These are just a few of the most prominent features helping you to watch and control previous blind spots on your systems. See these and other possibilities in action in some live demos during our presentation.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Fortifying the Future: Tackling Security Challenges in AI/ML ApplicationsAll Things Open
Presented at All Things Open 2023
Presented by Christine Abernathy - F5, Inc.
Title: Fortifying the Future: Tackling Security Challenges in AI/ML Applications
Abstract: As Artificial Intelligence (AI) and Machine Learning (ML) applications continue to surge, it is crucial to be aware of and address the security risks associated with these technologies. In this talk, Christine will explore AI/ML failure modes, threats, and mitigation strategies. She will guide you through the fundamentals of ML models then introduce you to key security challenges such as adversarial attacks, data poisoning, model inversion, model stealing, and membership inference attacks, using real-world examples to demonstrate their potential impact.
Christine will also discuss privacy and ethical considerations in ML, touching upon techniques like federated learning and shedding light on the current regulatory landscape surrounding security risks. If you are developing AI/ML applications or incorporating AI/ML components into your technology stack, check out this talk. You will walk away with a deeper understanding of the current AI/ML security landscape and a toolkit to help you address these risks, enabling you to build safer, more secure, and privacy-aware applications.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...All Things Open
Presented at All Things Open 2023
Presented by Carlos Santana - AWS
Title: Securing Cloud Resources Deployed with Control Planes on Kubernetes using Governance and Policy as Code
Abstract: Are you concerned about the security of your cloud resources deployed on Kubernetes? Are you struggling to ensure compliance with regulatory requirements while managing your cloud infrastructure? If yes, then this talk is for you!
We will discuss how to secure cloud resources deployed with Crossplane on Kubernetes using Governance and Policy as Code. We will explore how to leverage Governance and Policy as Code tools like Rego, Kyverno, and OPA to ensure security and compliance.
By the end of this talk, you will have a better understanding of the challenges associated with securing cloud resources deployed with Crossplane or ACK on Kubernetes, the importance of Governance and Policy as Code in ensuring security and compliance, and why it is critical to use open source and open standards in these technologies.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
DevOps for Managers
1. DevOps For Managers*
*And Managers at ❤
Get a feel for the room:
How many managers?
How many ICs (individual contributors)?
How many leads (straddle IC and management)?
This is take 1 of this talk - there are many possible variations.
2. Who Am I?
• Mark Mzyk
• Engineering Manager
at Chef
• Organizer:
Triangle DevOps
DevOpsDays Raleigh
Why listen to me?
Engineering Manager for a year at Chef
Dev for 4 previous years at Chef, 9 years in the industry total
5 years organizing Triangle DevOps
Helped organized and emceed 1st DevOpsDays Raleigh
3. –Vinny, My CousinVinny
“What is a DevOp?”
Lead off talking about DevOps
Then present examples of what we do at Chef from a manager’s perspective that fit into DevOps -
which is a higher level view of engineering than an IC (individual contributor) might view things
4. Development +
Operations =
DevOps
It’s simple - combine development and operations and you have DevOps, right?
Leads to the idea of the DevOps team - this isn’t bad, but it’s not the view I prefer
5. “DevOps is a cultural movement that changes how
individuals think about their work, values the diversity of
work done, supports intentional processes that accelerate
the rate by which businesses realize value, and measures
the effect of social and technical change. It is a way of
thinking and a way of working that enables individuals and
organizations to develop and maintain sustainable work
practices. It is a cultural framework for sharing stories and
developing empathy, enabling people and teams to practice
their crafts in effective and lasting ways.”
- Chapter 2,What is Devops?, Effective DevOps
It’s not so simple.
Definition from Effective DevOps.
Also won’t find a spelled out definition in The DevOps Handbook (that I could find on skimming)
It’s complicated, it’s culture - and this is why we therefore often focus on the tools
Tools are visible and interplay with culture, but they are not culture
(Also, vendors can sell tools - I work for one)
7. We watch someone else do it
We say what we hope is the right
incantation
If all goes right …
8. We get dragons! (Hopefully not as scary though).
Do we even know why we got a dragon?
And most of the time, we don’t get a dragon - sometimes it blows up in our face, but often it is just a dud.
9. Blueprint for DevOps
Effective Devops and The DevOps Handbook are two books that I think lay out the best blueprint for achieving a learning focused, DevOps culture.
Just because they give you a blueprint doesn’t mean you’ll be able to follow it exactly or that it’ll be easy.
11. Context Matters
Your company culture is different from Chef’s.
What I describe might be helpful, but you’ll have to figure out how it applies to you.
What we think of as successful DevOps companies - Netflix, Etsy, etc.
They don’t know what works either - but they have a learning culture, keep learning.
The world changes, so we all have to keep learning
12. Kaizen - Continuous Improvement
Kaikaku - Radical Change
Types of Change
From Toyota, Lean Thinking
Most people have heard of kaizen, less so kaikaku
We often hear and think of doing kaizen, but sometimes you need kaikaku
Let’s talk about an example of kaikaku at Chef.
13. Conway’s Law
Any organization that designs a
system (defined broadly) will
produce a design whose structure
is a copy of the organization's
communication structure.
http://melconway.com/Home/Conways_Law.html
15. Fixed Teams
Chef Server
Analytics
Delivery
Example of how teams at Chef used to be - fixed to a product.
Chef then tended to create features for each product - whether it was needed or not.
Chef shipped a lot of software - but it wasn’t moving the needle on the business.
16. Flexible Teams
Chef Server Automate Habitat
Kaikaku - Switched to flexible teams (feature teams)
Enables us to focus on the products and features that need focus
Might have products that aren’t being actively worked for a time
Aligned Business and Product - shipped software that clearly was having an impact
(Also, product names have shifted/changes as business model evolves)
17. Issues
• In a model with rotating teams, how does an
engineer build expertise?
• Emphasizing product alignment led to
deferment to product, loss of some of
engineering’s voice
Teams rotated often - but that meant engineers sometimes lacked stability, felt they couldn’t go deep in an area before shifting away
With the emphasis on feature teams, shipping became focus and emphasis shifted away some from quality, wasn’t clear when or how technical debt should be
addressed
Also - attrition did happen. Sometimes you have to be okay that people will leave over change.
18. Kaizen
• Shift focus from implementing a feature to
achieving an outcome
• Let teams live longer
These are kaizen steps currently in progress
Teams focus on an outcome (Automate Adoption) instead of a feature (GitHub integration)
Team can integrate in the problem space until a sufficient solution is found
Let the teams live longer, but still be willing to switch up things when a team isn’t working or someone needs a change
Do not intent to go back to fixed teams
19. EmbraceVariability
a.k.a
Learn to Live with
Ambiguity
Your world won’t stay the same - so you have to learn how to live with variability and ambiguity
This will vary based on your circumstances - startups will tend toward more variability, enterprises less so (most of the time)
20. – Rands (Michael Lopp)
“Process is documentation
of culture and values.”
From: http://randsinrepose.com/archives/the-process-myth/
At some point you’ll realize you’ll need process
Process helps control variability
Aside: We dislike process when we’ve lost sight of the value it was put in place for
If you can’t remember the why for a process, remove it or change it
21. No Process
Clearly Defined Process
This is the path it will probably take to find the right process. Don’t be afraid to change.
Everyone lives in a different comfort zone -
Some people operate easily with no process and find a way forward.
Others need a clearly defined process to feel comfortable.
Learn where your peers and reports live.
If you are at one extreme, know the other might be your blind spot.
How can you leverage your peers who are in a different place so you end up in a good place as an organization?
22. Define your processes like dirt paths - see what works, try out different things, change while they are easy - let them wind a bit.
Only when they have been successful for a while should you path them and make then more solid
Picture Credits:
“Path” by Tim Green https://flic.kr/p/6TM1w4 https://creativecommons.org/licenses/by/2.0/ No changes made
“Path” by Allen Watkin https://flic.kr/p/4bmtAD https://creativecommons.org/licenses/by-sa/2.0/ No changes made
23. Where to ask for help?
This is a story of winding process at Chef
When a customer facing person needs help from engineering where do they ask?
Observed that they often asked for help in engineering channels, but might go unanswered or sit for a while. What if they needed immediate help?
Set up #eng-escalations channel for immediate help during business hours.
Engineering managers and principal engineers watch room for any activity, mount immediate response
For after hours, have a define pager duty escalation to page an engineering manager - this was easier to put in place than the #eng-escalations channel, because we had
experience here
24. HBR Article - https://hbr.org/1991/05/teaching-smart-people-how-to-learn
To achieve a learning and DevOps culture you will have to combat this
In both yourself and those you manage and work with
We’re all smart - single-loop learning (problem solving) comes easy to us
Double-loop learning (reflection on ourselves) is hard
Read this article - at least twice.
Read it once, reflect on it, then come back and read it again days later.
25. Make Failure Safe
If your people are afraid to fail, your org won’t learn, it won’t improve.
The only way to avoid failure is keep the status quo - but this will result in the long term failure of the business as it doesn’t respond to the change around it.
Without this, nothing else in this presentation will matter.
26. Google’s research into what makes a good team: #1 item - Psychological safety
Without that, nothing else matters. It underpins all else.
If you don’t have safety, you don’t speak up, you lose trust
https://rework.withgoogle.com/blog/five-keys-to-a-successful-google-team/
27. It takes many actions to
build trust, but only one lie
to destroy it.
We know this to be true.
This is why establishing safety is so hard - it’s a continual task.
This is the challenge of being a manager and establishing a DevOps culture.
Your words and actions are endlessly interpreted by everyone around you - and they don’t have the same context you do.
28. Your Actions Establish or
Destroy Safety
Bottom line. How you approach the world sets this up.
29. Blameless Post Mortem
One way to establish safety is blameless post mortem
Recognize we operate in a system and assume positive intent - everyone does the best they can with the information they have - so where did the system fail and how
do we improve?
This is a screenshot of the Chef post mortem template
John Allspaw as spoken and written at length on blameless post mortem
https://codeascraft.com/2012/05/22/blameless-postmortems/
30. Small Actions Matter
• One on Ones
• How you respond to requests
• How you treat outcomes on your team
These are where a true learning culture is built.
Most of these will be seen by one person, or only a few people, but it shapes their perceptions of what you think is important - and if they have safety
It is an ongoing conversation that evolves over time.
Tell the Engineer and Elm story if there is time - unexpected request, but meet halfway, explored it
32. ThankYou
Keep the conversation going,
through conversation we learn and grow.
Twitter: @mzyk83
Email: mm@chef.io
Slacks: @mm
is hiring
Some Slacks I hang out in:
Triangle Devs, Rand’s Leadership, Chef’s Community, eng-managers, DevOpsDays organizer’s