OSCON 2019 "Break me if you can: practical guide to building fault-tolerant s...Alex Borysov
Slides for our O'Reilly Open Source Software Conference "Break me if you can: practical guide to building fault-tolerant systems" talk: https://conferences.oreilly.com/oscon/oscon-or/public/schedule/detail/75311
OSCON 2019 "Break me if you can: practical guide to building fault-tolerant s...Alex Borysov
Slides for our O'Reilly Open Source Software Conference "Break me if you can: practical guide to building fault-tolerant systems" talk: https://conferences.oreilly.com/oscon/oscon-or/public/schedule/detail/75311
Daniel Stenberg discusses some of the most common mistakes users are doing when using libcurl and what to do about them.
Video: https://youtu.be/0KfDdIAirSI
2018 IterateConf Deconstructing and Evolving REST SecurityDavid Blevins
The learning curve for security is severe and unforgiving. Specifications promise infinite flexibility, habitually give old concepts new names, offer endless extensions, and almost seem designed to deliberately confuse. With an eye on architecturual impact, actual HTTP messages, and aggressive distaste for fancy terminology, this session delves into OAuth 2.0 as it pertains to REST and shows how it falls into two camps: stateful and stateless. It then explores a competing Amazon-style approach called HTTP Signatures, ideal for B2B APIs. Finally, it discusses a new internet draft launched this year that combines them both into the perfect two-factor system that could provide a one-stop shop for business as well as mobile REST scenarios.
Is Docker really the security risk that is generally raged about? Or, is this more about understanding where and when a business should consider adoption new and revolutionary infrastructure?
Connecting to the Pulse of the Planet with the Twitter PlatformAndy Piper
How the Twitter Web, Data and Mobile platforms enable developers to connect to the real-time pulse of the planet.
Talk given at the PHP Hampshire meetup in Portsmouth, December 2014
Serverless applications in Python sounds, strange isn’t? In this talk I’ll explain how to build not only crop images or select data from DynamoDB, but build real application, what kind of troubles are we should expect, how to make decision is your task fit into serverless architecture in Python or may be you should use, general approach. How fast serverless applications written in Python, and more important how to scale it.
Serverless Security: Doing Security in 100 millisecondsJames Wickett
Talk on serverless security with a brief history of cloud, containers and now serverless. This talk also features serverless patterns, and security considerations needed in this new environment. This talk was given at AppSecUSA 2016.
Pairing Based Transform Cryptography (Proxy Re-Encryption - PRE)IronCore Labs
Cryptographic Algorithms for Proxy Re-Encryption (PRE), Transform Cryptography and Orthogonal Access Control with Implementation Notes Using Scala and Functional Programming.
(Presented at DEF CON 26)
À partir d’une feuille blanche, vous devez construire une application financière hautement disponible. Elle doit être résiliente, scalable et facilement extensible. Comment faire ? Nous allons relever le défi en partant des principes d’une architecture réactive basée sur des micro-services.
Nous vous proposons d’étudier toutes les problématiques adressées lors de la mise en place de l’application, en passant de l’environnement de développement aux conditions d’exploitations dans le cloud.
Speaker : Nicolas Jozwiak, Xavier Bucchiotty et Vincent Spiewak - Devoxx France 2015
The Past, Present and Future of Real-Time Apps and CommunicationsPhil Leggetter
It has been possible to instantly push information from a web server to a web browser for around 15 years. It's now 2015 and real-time web technology has been mainstream for a while thanks to the experiences offered by applications like Twitter, Facebook, Uber and Google Docs, and more recently the rise of the Internet of Things (IoT). Technology advancements have also played their part with low-level improvements such as WebSockets and WebRTC, and high-level frameworks and hosted solutions such as Pusher. In this talk Phil will cover the past, present and future of real-time communication technology, the realtime web, provide a number of case studies and demonstrations of how the technology is actually used today (it's not just chat and spaceship games!) and discuss where things may go in the future..
Daniel Stenberg discusses some of the most common mistakes users are doing when using libcurl and what to do about them.
Video: https://youtu.be/0KfDdIAirSI
2018 IterateConf Deconstructing and Evolving REST SecurityDavid Blevins
The learning curve for security is severe and unforgiving. Specifications promise infinite flexibility, habitually give old concepts new names, offer endless extensions, and almost seem designed to deliberately confuse. With an eye on architecturual impact, actual HTTP messages, and aggressive distaste for fancy terminology, this session delves into OAuth 2.0 as it pertains to REST and shows how it falls into two camps: stateful and stateless. It then explores a competing Amazon-style approach called HTTP Signatures, ideal for B2B APIs. Finally, it discusses a new internet draft launched this year that combines them both into the perfect two-factor system that could provide a one-stop shop for business as well as mobile REST scenarios.
Is Docker really the security risk that is generally raged about? Or, is this more about understanding where and when a business should consider adoption new and revolutionary infrastructure?
Connecting to the Pulse of the Planet with the Twitter PlatformAndy Piper
How the Twitter Web, Data and Mobile platforms enable developers to connect to the real-time pulse of the planet.
Talk given at the PHP Hampshire meetup in Portsmouth, December 2014
Serverless applications in Python sounds, strange isn’t? In this talk I’ll explain how to build not only crop images or select data from DynamoDB, but build real application, what kind of troubles are we should expect, how to make decision is your task fit into serverless architecture in Python or may be you should use, general approach. How fast serverless applications written in Python, and more important how to scale it.
Similar to Devoxx Ukraine 2018 "Break me if you can: practical guide to building fault-tolerant systems (with examples from REST and gRPC polyglot stacks)"
Serverless Security: Doing Security in 100 millisecondsJames Wickett
Talk on serverless security with a brief history of cloud, containers and now serverless. This talk also features serverless patterns, and security considerations needed in this new environment. This talk was given at AppSecUSA 2016.
Pairing Based Transform Cryptography (Proxy Re-Encryption - PRE)IronCore Labs
Cryptographic Algorithms for Proxy Re-Encryption (PRE), Transform Cryptography and Orthogonal Access Control with Implementation Notes Using Scala and Functional Programming.
(Presented at DEF CON 26)
À partir d’une feuille blanche, vous devez construire une application financière hautement disponible. Elle doit être résiliente, scalable et facilement extensible. Comment faire ? Nous allons relever le défi en partant des principes d’une architecture réactive basée sur des micro-services.
Nous vous proposons d’étudier toutes les problématiques adressées lors de la mise en place de l’application, en passant de l’environnement de développement aux conditions d’exploitations dans le cloud.
Speaker : Nicolas Jozwiak, Xavier Bucchiotty et Vincent Spiewak - Devoxx France 2015
The Past, Present and Future of Real-Time Apps and CommunicationsPhil Leggetter
It has been possible to instantly push information from a web server to a web browser for around 15 years. It's now 2015 and real-time web technology has been mainstream for a while thanks to the experiences offered by applications like Twitter, Facebook, Uber and Google Docs, and more recently the rise of the Internet of Things (IoT). Technology advancements have also played their part with low-level improvements such as WebSockets and WebRTC, and high-level frameworks and hosted solutions such as Pusher. In this talk Phil will cover the past, present and future of real-time communication technology, the realtime web, provide a number of case studies and demonstrations of how the technology is actually used today (it's not just chat and spaceship games!) and discuss where things may go in the future..
Serverless technologies like AWS Lambda has drastically simplified the task of building reactive systems - drop a file into S3 and a Lambda function would be triggered to process it, push an event into a Kinesis stream and magically it'll be processed by a Lambda function in real-time, you can even use Lambda to automate the process of auditing and securing your account by automatically reacting to rule violations to your security policy.
Join us in this talk to see some architectural design patterns that have emerged with Lambda, and how to pick the right event source based on the tradeoffs you want. Here are a few patterns that we'll cover in the talk: pub-sub, cron, push-pull, saga and decoupled invocation.
The Kubernetes audit logs are a rich source of information: all of the calls made to the API server are stored, along with additional metadata such as usernames, timings, and source IPs. They help to answer questions such as “What is overloading my control plane?” or “Which sequence of events led to this problematic situation?”. These questions are hard to answer otherwise—especially in large clusters. At Datadog, we have been running clusters with 1000+ nodes for more than a year and during that time, the audit logs have proved invaluable.
In this presentation, we will first introduce the audit logs, explain how they are configured, and review the type of data they store. Finally, we will describe in detail several scenarios where they have helped us to diagnose complex problems.
With traditional software unit tests, there's never a guarantee that an application will actually function correctly in the production environment. And when you add microservices, remote resources that are accessible over a network, into the mix, testing is more tricky. To make things even harder, microservices typically need to collaborate with additional network-based microservices, making testing even more challenging. Moving to microservices implies a change in the mindset of developers, so will using old testing techniques with new architectures still work?
In this session, you'll learn test strategies that solve the most common issues likely to be encountered when writing tests for a microservices architecture. We will look at how tools such as Arquillian, JUnit, Docker and techniques such as service virtualization, consumer-driven testing and testing in production with Istio can aid in accomplishing this task.
Talk from Serverless Days Austin with @iteration1 and @wickett. This talk covers serverless basics and the Secure WIP model as a way to bring security to the conversation.
Serverless Security: A How-to Guide @ SnowFROC 2019James Wickett
Serverless Security: A How-to Guide @ SnowFROC 2019
Covering serverless basics, looking at lambhack, and architectures/models for serverless. Special thanks to Signal Sciences!
In a monolithic application, different services are developed within same project side by side.
In these kind of applications you don't need to worry about breaking the compatibility between contract interfaces since there is an invisible verifier called compiler that checks that all method calls follows the defined signature.
But in case of microservices, different services are deployed in different runtimes and using different separated networks.
In this scenario, any change on the contract of one service cannot be caught by the compiler since there is no typesafe connection between services..
Now breaking the compatibility between services can be really easy and hard to detect (maybe until your new version of the service is on production).
In this talk we are going to explore why deploying a new version of a service might break everything in microservices architecture, and how to fix with consumer-driven contracts pattern.
Serverless and serverfull - where microservices compliments serverlessJudy Breedlove
Burr Sutter presentation, July 2018, from "The Future of Cloud-Native Apps and Integration"
Similar to Devoxx Ukraine 2018 "Break me if you can: practical guide to building fault-tolerant systems (with examples from REST and gRPC polyglot stacks)" (20)
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Devoxx Ukraine 2018 "Break me if you can: practical guide to building fault-tolerant systems (with examples from REST and gRPC polyglot stacks)"
1. Break Me If You Can
Practical Guide to Building Fault-tolerant Systems
Devoxx Ukraine, November 23, 2018
Alex Borysov, Software Engineer @ Google
Mykyta Protsenko, Software Engineer @ Netflix
2. Who are we?
Alex Borysov
Software Engineer @Google
Mykyta Protsenko
Software Engineer @Netflix
@aiborisov
@mykyta_p
8. @aiborisov
@mykyta_p
RMS Titanic vs Miracle on the Hudson
@aiborisov
@mykyta_p
Willy Stöwer. Public domain. See slide #200 for details. By Greg Lam Pak Ng. CC BY 2.0. See slide #201 for details.
10. @aiborisov
@mykyta_p
Miracle on the Hudson
@aiborisov
@mykyta_p
Fault: Hitting geese at 859 m
Error: Engines shut down
No Failure!
By Greg Lam Pak Ng. CC BY 2.0. See slide #201 for details.
27. @aiborisov
@mykyta_p
service FixtureService {
// Return next line of geese and clouds.
rpc GetFixture (GetFixtureRequest) returns (FixtureResponse);
}
gRPC Gateway Service
@aiborisov
@mykyta_p
28. @aiborisov
@mykyta_p
service FixtureService {
// Return next line of geese and clouds.
rpc GetFixture (GetFixtureRequest) returns (FixtureResponse);
}
+ = Fixture
gRPC Gateway Service
@aiborisov
@mykyta_p
200. @aiborisov
@mykyta_p
Images and Licensing
Images of geese, clouds, pilots, plane, arrows, cup, airport traffic control tower are property of Mykyta Protsenko and Alex Borysov, if not
stated otherwise (see below). All Rights Reserved.
Other images used:
Slide #5: commons.wikimedia.org/wiki/File:FEMA_-_16381_-_Photograph_by_Bob_McMillan_taken_on_09-28-2005_in_Texas.jpg
- Picture by Bob McMillan, the US federal government work, public domain
Slide #6: www.flickr.com/photos/carbonnyc/3290528875
- Picture by David Goehring. Attribution 2.0 Generic (CC BY 2.0): creativecommons.org/licenses/by/2.0
- changes were made
Slide #7: www.flickr.com/photos/carbonnyc/3290528875
- Picture by Camerafiend. Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0): creativecommons.org/licenses/by-sa/3.0/deed.en
- no changes were made
Slides ##8, 9, 135, 136, 155-161: commons.wikimedia.org/wiki/File:Titanic_sinking,_painting_by_Willy_St%C3%B6wer.jpg
- Willy Stöwer. Public domain work of art
201. @aiborisov
@mykyta_p
Images and Licensing
Slides ##8, 10, 13: www.flickr.com/photos/22608787@N00/3200086900
- Picture y Greg Lam Pak Ng. Attribution 2.0 Generic (CC BY 2.0): creativecommons.org/licenses/by/2.0
- no changes were made
Slides ##16-23, 30-34, 68, 77-80, 94-102, 116-118, 123-129, 137-141, 144-147, 171-172:
- Blue Game Boy Color by kure: piq.codeus.net/picture/31994/Blue-Game-Boy-Color
- Attribution 3.0 Unported (CC BY 3.0): creativecommons.org/licenses/by/3.0
- changes were made
Slides ##94-102:
- The Sun by Vinicius615: piq.codeus.net/picture/191706/The-Sun
- Attribution 3.0 Unported (CC BY 3.0): creativecommons.org/licenses/by/3.0
- changes were made
Slide #113:
- Picture by Alex Borysov. Attribution 2.0 Generic (CC BY 2.0): creativecommons.org/licenses/by/2.0
202. @aiborisov
@mykyta_p
Images and Licensing
Slide #141: piq.codeus.net/picture/254492/CVsantahat
- Santa hat for CommanderVideo, CVsantahat by anonymous
- Attribution 3.0 Unported (CC BY 3.0): creativecommons.org/licenses/by/3.0
- no changes were made
Slide #172: piq.codeus.net/picture/423109/UFO
- UFO by anonymous
- Attribution 3.0 Unported (CC BY 3.0): creativecommons.org/licenses/by/3.0
- no changes were made
Slides #186, 187: piq.codeus.net/picture/334023/beer
- beer by Investa
- Attribution 3.0 Unported (CC BY 3.0): creativecommons.org/licenses/by/3.0
- changes were made
203. @aiborisov
@mykyta_p
Images and Licensing
Slides #186, 187: piq.codeus.net/picture/444498/Beer-Bottle
- Beer Bottle by jacklrj
- Attribution 3.0 Unported (CC BY 3.0): creativecommons.org/licenses/by/3.0
- changes were made
Slide #191: https://piq.codeus.net/picture/330338/Deal-With-It
- Deal With It by Shiro
- Attribution 3.0 Unported (CC BY 3.0): creativecommons.org/licenses/by/3.0
- changes were made
Slides ##151, 152: https://commons.wikimedia.org/wiki/File:Whale_WikiWorld.png
- Cartoon illustration has been created by Greg Williams in cooperation with the Wikimedia Foundation
- Attribution 3.0 Unported (CC BY 3.0): creativecommons.org/licenses/by/3.0
- changes were made