Talk given Feb 17, 2016 at Columbus Web Analytics Wednesdays, looking at how web analytics metrics are generated and some of the issues there are with data quality and reporting.
Workflows are a powerful tool to help automate many operational tasks. During an outage there are a number of tasks that are normally performed that can be turned in to workflows. We will dive in to some common use cases and show how workflows can be leveraged to help cut down time to resolution and provide a consistent response during an outage. See how to facilitate a collaborative environment through the use of ChatOps.
StackStorm is an open source event driven automation platform targeted at automating many of the tasks performed by engineers. Essentially, an If This Than That for IT Operations. Allowing users to stitch together atomic actions in to complex workflows and run these workflows based on events from external systems.
5,000 UK Websites Mobile Sitespeed Comparison - Search EliteErudite
In this presentation I go through why a wide range of data is useful in understanding the performance optimisation competitive landscape. It helps us know how fast is fast... helps us add context and boundaries to our projects, as well as helps us know when we're doing a good job or when we need to push harder to get faster.
ApacheCon NA 2019 : Customer segmentation and personalization using apache unomiSerge Huber
In this session, you will learn all that’s new with Apache Unomi, the open source Customer Data platform (that graduated this year) based on the Apache Karaf runtime, and all that’s happened since the last ApacheCon. You will discover how to easily integrate it with an existing website or SPA/PWA using its built-in web tracker, how to build customer segments and how to use the API to personalize the experience for your users. You’ll also learn how you can extend it to do almost anything, using either the built-in rules engine or your own plugins. You will also discover the new Docker compatibility and the upcoming GraphQL API. Finally, you’ll learn what’s next and how you can help the project.
On the eve of what was hoped to be of the biggest traffic days for New York Magazine’s sites, the company was the target of a DDoS attack that caused their sites to go dark. New York quickly turned to Fastly to deflect and overcome the attack. Larry discusses how New York Mag went from zero page views per second to getting back online and recording one of their biggest traffic days of the year with the aid of Fastly’s team and tech. In addition he discusses how New York is leveraging Fastly as part of a larger strategy of performance improvements to deliver the build a better web and deliver the best premium content experience in the context of alternative distribution and consumption channels, such as Google Amp and FB Instant Article.
Technical SEO: Crawl Space Management - SEOZone Istanbul 2014Bastian Grimm
My talk at #SEOZone 2014 in Istanbul covering various aspects of crawl space optimization such as crawler control & indexation strategies as well as site speed.
Workflows are a powerful tool to help automate many operational tasks. During an outage there are a number of tasks that are normally performed that can be turned in to workflows. We will dive in to some common use cases and show how workflows can be leveraged to help cut down time to resolution and provide a consistent response during an outage. See how to facilitate a collaborative environment through the use of ChatOps.
StackStorm is an open source event driven automation platform targeted at automating many of the tasks performed by engineers. Essentially, an If This Than That for IT Operations. Allowing users to stitch together atomic actions in to complex workflows and run these workflows based on events from external systems.
5,000 UK Websites Mobile Sitespeed Comparison - Search EliteErudite
In this presentation I go through why a wide range of data is useful in understanding the performance optimisation competitive landscape. It helps us know how fast is fast... helps us add context and boundaries to our projects, as well as helps us know when we're doing a good job or when we need to push harder to get faster.
ApacheCon NA 2019 : Customer segmentation and personalization using apache unomiSerge Huber
In this session, you will learn all that’s new with Apache Unomi, the open source Customer Data platform (that graduated this year) based on the Apache Karaf runtime, and all that’s happened since the last ApacheCon. You will discover how to easily integrate it with an existing website or SPA/PWA using its built-in web tracker, how to build customer segments and how to use the API to personalize the experience for your users. You’ll also learn how you can extend it to do almost anything, using either the built-in rules engine or your own plugins. You will also discover the new Docker compatibility and the upcoming GraphQL API. Finally, you’ll learn what’s next and how you can help the project.
On the eve of what was hoped to be of the biggest traffic days for New York Magazine’s sites, the company was the target of a DDoS attack that caused their sites to go dark. New York quickly turned to Fastly to deflect and overcome the attack. Larry discusses how New York Mag went from zero page views per second to getting back online and recording one of their biggest traffic days of the year with the aid of Fastly’s team and tech. In addition he discusses how New York is leveraging Fastly as part of a larger strategy of performance improvements to deliver the build a better web and deliver the best premium content experience in the context of alternative distribution and consumption channels, such as Google Amp and FB Instant Article.
Technical SEO: Crawl Space Management - SEOZone Istanbul 2014Bastian Grimm
My talk at #SEOZone 2014 in Istanbul covering various aspects of crawl space optimization such as crawler control & indexation strategies as well as site speed.
Covers building a malware analysis environment for enterprises that don't currently have a dedicated team for such purposes. Presented at Blackhat DC 2010.
Your Web Application Is Most Likely InsecureAchievers Tech
This presentation outline the common security risks in web application today. What they are, how to find if your application is at risk and the remedies.
Rapid Assessment of Web Resources (RAWR) - DerbyCon 3.0Tom Moore
One of the highest threats to organizations today is also one of their most prevalent services available in most cases, web interfaces. The landscape has changed from simple static websites, to fully functional web-based applications that provide access to internal information gold mines. If you’re not testing those of your client organization, expect that someone else is! Our belief is that most organizations have little to no knowledge as to how many internal web resources they have within their environments that could lead to network compromise. By taking an approach to ensure the security of your client’s web interfaces through offensive security, you will find that there is a lot involved – and usually not a lot of time to get from initial scan to report. In this presentation, we’ll introduce RAWR (Rapid Assessment of Web Resources). We’ll cover its inception, hurdles faced, and give some practical advice on how to get the most out of ‘the little dinosaur’. There’s a lot packed in this tool that will help you get a better grasp of the threat landscape that is your client’s web resources. It has been tested from extremely large network environments, down to 5 node networks. It has been fine-tuned to promote fast, accurate, and applicable results in formats that you can use! RAWR will make the mapping phase of your next web assessment efficient and get you producing positive results faster!
6 ways DevOps helped PrepSportswear move from monolith to microservicesDynatrace
Like a lot of online businesses today, PrepSportswear’s success is 100% dependent on the availability, scalability and performance of their digital online services. If the website is down, the business stops. They knew they had to transform their business from that of a retailer with a website to a high caliber IT company that sells products online.
In these webinar slides, Richard Dominguez, PrepSportswear’s Developer in Operations, shares their journey. They transformed from a team operating a monolithic app using waterfall development methodology on an old, hard to maintain code base, to a modern IT organization applying new practices from Agile development, DevOps and a Service-Oriented Architectural approach.
The Impact? PrepSportswear’s Most Successful Online Holiday Shopping Season in Company History! Join us to:
Learn how to identify if you are running a monolithic application that is dragging you down.
Get tips on hiring the right people to inject a DevOps cultural mindset into your organization.
Understand how to break the monolith into smaller pieces that support key lines of business.
Discover where to automate monitoring into your pipeline and platform.
Identify metrics for individual stakeholders (dev vs. test vs. business).
Go forward, celebrate, learn from, and repeat success!
Richard will be joined by Andreas Grabner, Performance Advocate at Dynatrace who will support why monitoring, application and end user metrics have to be a key part of your own transformation!
Richard Dominguez has 9+ years’ experience as both a System Analyst and Software Developer in Test. He has worked on many high profile projects in Microsoft such as Hyper-V, Windows 7 Client Performance, and Windows Phone Services. Richard now works at PrepSportswear as the company’s DevOps engineer. His responsibilities include site reliability, external synthetic testing, release management and overall site performance.
Andreas Grabner has 15+ years’ experience as an architect and developer in the Java and .NET space. In his current role, Andi works as an advocate for high performing applications in both the development and operations areas. He is a regular expert and contributor to large performance communities, a frequent speaker at technology conferences and regularly publishes articles blogs on blog.dynatrace.com
Top 10 DBA Mistakes on Microsoft SQL ServerKevin Kline
From the noted author of SQL in a Nutshell - Microsoft SQL Server is easier to administrate than any other mainstream relational database on the market. But “easier than everyone else” doesn’t mean it’s easy. And it doesn’t mean that database administration on SQL Server is problem free. Since SQL Server frequently grows up from small, home-grown applications, many IT professionals end up encountering issues that others have tackled and solved years ago. Why not learn from those who first blazed the trails of database administration, so that we don’t make the same mistakes over and over again. In fact, wouldn’t you like to learn about those mistakes before they ever happen?
There is a short list of mistakes that, if you know of them in advance, will make your life much easier. These mistakes are the “low hanging fruit” of application design, development, and administration. Once you apply the lessons learned from this session, you’ll find yourself performing at a higher level of efficiency and effectiveness than before.
No reuse without permission. Follow me on social media at kekline and blog at kevinekline.com.
10 things you can do to speed up your web app today 2016Chris Love
Web Sites are to slow and this is costing businesses money. Most performance issues are easy to fix. In this session we review why web performance is important and 10 simple things you can do to make a faster user experience.
Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...rschuppe
Application Performance doesn't come easy. How to find the root cause of performance issues in modern and complex applications? All you have is a complaining user to start with?
In this presentation (mainly in German, but understandable for english speakers) I'd present the fundamentals of trouble shooting and have concrete examples on how to tackle issues.
GDD Japan 2009 - Designing OpenSocial Apps For Speed and ScalePatrick Chanezon
Google Developer Days Japan 2009 - Designing OpenSocial Apps For Speed and Scale
Original slides from Arne Roomann-Kurrik & Chris Chabot with a few Zen quotes and references added by me:-)
Technical SEO Beyond the Audit - Brighton SEO April 2017 - Philip GamblePhilip Gamble
Technical SEO is more than just an audit. Monitoring of technical performance is critical to catch any emerging issues early on. This session will cover practical examples of how to approach technical monitoring, what to look for and examples of real world implementations which have maintained and improved performance.
Log Analytics for Distributed MicroservicesKai Wähner
Log Analytics and Operational Intelligence for Distributed Microservices.
IT systems and applications generate more and more distributed machine data due to millions of mobile devices, Internet of Things, social network users, and other new emerging technologies. However, organizations experience challenges when monitoring and managing their IT systems and technology infrastructure. They struggle with distributed Microservices and Cloud architectures, custom application monitoring and debugging, network and server monitoring / troubleshooting, security analysis, compliance standards, and others.
This session discusses how to solve the challenges of monitoring and analyzing Terabytes and more of different distributed machine data to leverage the “digital business”. The main part of the session compares different open source frameworks and SaaS cloud solutions for Log Management and operational intelligence, such as Graylog , the “ELK stack”, Papertrail, Splunk or TIBCO LogLogic Unity). A live demo will demonstrate how to monitor and analyze distributed Microservices and sensor data from the “Internet of Things”.
The session also explains the distinction of the discussed solutions to other big data components such as Apache Hadoop, Data Warehouse or Machine Learning, and how they can complement each other in a big data architecture.
The session concludes with an outlook to the new, advanced concept of IT Operations Analytics (ITOA). Prsesn
10 Things You Can Do to Speed Up Your Web App TodayChris Love
Web Performance is a serious issues these days. 80% of web performance issues are in the client. Many developers either do not realize what they are leaving on the table and how that affects the success of their application. These are 10 things any web developer can do in about 30-60 minutes to drastically increase page load times and thus increase the application's profitability.
These are the slides from the HostBridge virtual user group meeting that took place on Dec. 2nd 2020. Topics covered include:
- CICS integration script and API development insights
- HostBridge health check experience: BancorpSouth
- CICS integration analytics overview
- Integration analytics customer Q&A: Ingram Micro
- HostBridge future product roadmap
- Customer discussion/Q&A
Premature optimisation: The Root of All EvilFabio Akita
Presentation for the 18th Encontro Locaweb in Curitiba in May, iMasters' DevCommerce and Open Spree Conference in June. It's about how most developers think wrong whey they are making decisions about technologies to choose.
Covers building a malware analysis environment for enterprises that don't currently have a dedicated team for such purposes. Presented at Blackhat DC 2010.
Your Web Application Is Most Likely InsecureAchievers Tech
This presentation outline the common security risks in web application today. What they are, how to find if your application is at risk and the remedies.
Rapid Assessment of Web Resources (RAWR) - DerbyCon 3.0Tom Moore
One of the highest threats to organizations today is also one of their most prevalent services available in most cases, web interfaces. The landscape has changed from simple static websites, to fully functional web-based applications that provide access to internal information gold mines. If you’re not testing those of your client organization, expect that someone else is! Our belief is that most organizations have little to no knowledge as to how many internal web resources they have within their environments that could lead to network compromise. By taking an approach to ensure the security of your client’s web interfaces through offensive security, you will find that there is a lot involved – and usually not a lot of time to get from initial scan to report. In this presentation, we’ll introduce RAWR (Rapid Assessment of Web Resources). We’ll cover its inception, hurdles faced, and give some practical advice on how to get the most out of ‘the little dinosaur’. There’s a lot packed in this tool that will help you get a better grasp of the threat landscape that is your client’s web resources. It has been tested from extremely large network environments, down to 5 node networks. It has been fine-tuned to promote fast, accurate, and applicable results in formats that you can use! RAWR will make the mapping phase of your next web assessment efficient and get you producing positive results faster!
6 ways DevOps helped PrepSportswear move from monolith to microservicesDynatrace
Like a lot of online businesses today, PrepSportswear’s success is 100% dependent on the availability, scalability and performance of their digital online services. If the website is down, the business stops. They knew they had to transform their business from that of a retailer with a website to a high caliber IT company that sells products online.
In these webinar slides, Richard Dominguez, PrepSportswear’s Developer in Operations, shares their journey. They transformed from a team operating a monolithic app using waterfall development methodology on an old, hard to maintain code base, to a modern IT organization applying new practices from Agile development, DevOps and a Service-Oriented Architectural approach.
The Impact? PrepSportswear’s Most Successful Online Holiday Shopping Season in Company History! Join us to:
Learn how to identify if you are running a monolithic application that is dragging you down.
Get tips on hiring the right people to inject a DevOps cultural mindset into your organization.
Understand how to break the monolith into smaller pieces that support key lines of business.
Discover where to automate monitoring into your pipeline and platform.
Identify metrics for individual stakeholders (dev vs. test vs. business).
Go forward, celebrate, learn from, and repeat success!
Richard will be joined by Andreas Grabner, Performance Advocate at Dynatrace who will support why monitoring, application and end user metrics have to be a key part of your own transformation!
Richard Dominguez has 9+ years’ experience as both a System Analyst and Software Developer in Test. He has worked on many high profile projects in Microsoft such as Hyper-V, Windows 7 Client Performance, and Windows Phone Services. Richard now works at PrepSportswear as the company’s DevOps engineer. His responsibilities include site reliability, external synthetic testing, release management and overall site performance.
Andreas Grabner has 15+ years’ experience as an architect and developer in the Java and .NET space. In his current role, Andi works as an advocate for high performing applications in both the development and operations areas. He is a regular expert and contributor to large performance communities, a frequent speaker at technology conferences and regularly publishes articles blogs on blog.dynatrace.com
Top 10 DBA Mistakes on Microsoft SQL ServerKevin Kline
From the noted author of SQL in a Nutshell - Microsoft SQL Server is easier to administrate than any other mainstream relational database on the market. But “easier than everyone else” doesn’t mean it’s easy. And it doesn’t mean that database administration on SQL Server is problem free. Since SQL Server frequently grows up from small, home-grown applications, many IT professionals end up encountering issues that others have tackled and solved years ago. Why not learn from those who first blazed the trails of database administration, so that we don’t make the same mistakes over and over again. In fact, wouldn’t you like to learn about those mistakes before they ever happen?
There is a short list of mistakes that, if you know of them in advance, will make your life much easier. These mistakes are the “low hanging fruit” of application design, development, and administration. Once you apply the lessons learned from this session, you’ll find yourself performing at a higher level of efficiency and effectiveness than before.
No reuse without permission. Follow me on social media at kekline and blog at kevinekline.com.
10 things you can do to speed up your web app today 2016Chris Love
Web Sites are to slow and this is costing businesses money. Most performance issues are easy to fix. In this session we review why web performance is important and 10 simple things you can do to make a faster user experience.
Application Performance Troubleshooting 1x1 - Von Schweinen, Schlangen und Pa...rschuppe
Application Performance doesn't come easy. How to find the root cause of performance issues in modern and complex applications? All you have is a complaining user to start with?
In this presentation (mainly in German, but understandable for english speakers) I'd present the fundamentals of trouble shooting and have concrete examples on how to tackle issues.
GDD Japan 2009 - Designing OpenSocial Apps For Speed and ScalePatrick Chanezon
Google Developer Days Japan 2009 - Designing OpenSocial Apps For Speed and Scale
Original slides from Arne Roomann-Kurrik & Chris Chabot with a few Zen quotes and references added by me:-)
Technical SEO Beyond the Audit - Brighton SEO April 2017 - Philip GamblePhilip Gamble
Technical SEO is more than just an audit. Monitoring of technical performance is critical to catch any emerging issues early on. This session will cover practical examples of how to approach technical monitoring, what to look for and examples of real world implementations which have maintained and improved performance.
Log Analytics for Distributed MicroservicesKai Wähner
Log Analytics and Operational Intelligence for Distributed Microservices.
IT systems and applications generate more and more distributed machine data due to millions of mobile devices, Internet of Things, social network users, and other new emerging technologies. However, organizations experience challenges when monitoring and managing their IT systems and technology infrastructure. They struggle with distributed Microservices and Cloud architectures, custom application monitoring and debugging, network and server monitoring / troubleshooting, security analysis, compliance standards, and others.
This session discusses how to solve the challenges of monitoring and analyzing Terabytes and more of different distributed machine data to leverage the “digital business”. The main part of the session compares different open source frameworks and SaaS cloud solutions for Log Management and operational intelligence, such as Graylog , the “ELK stack”, Papertrail, Splunk or TIBCO LogLogic Unity). A live demo will demonstrate how to monitor and analyze distributed Microservices and sensor data from the “Internet of Things”.
The session also explains the distinction of the discussed solutions to other big data components such as Apache Hadoop, Data Warehouse or Machine Learning, and how they can complement each other in a big data architecture.
The session concludes with an outlook to the new, advanced concept of IT Operations Analytics (ITOA). Prsesn
10 Things You Can Do to Speed Up Your Web App TodayChris Love
Web Performance is a serious issues these days. 80% of web performance issues are in the client. Many developers either do not realize what they are leaving on the table and how that affects the success of their application. These are 10 things any web developer can do in about 30-60 minutes to drastically increase page load times and thus increase the application's profitability.
These are the slides from the HostBridge virtual user group meeting that took place on Dec. 2nd 2020. Topics covered include:
- CICS integration script and API development insights
- HostBridge health check experience: BancorpSouth
- CICS integration analytics overview
- Integration analytics customer Q&A: Ingram Micro
- HostBridge future product roadmap
- Customer discussion/Q&A
Premature optimisation: The Root of All EvilFabio Akita
Presentation for the 18th Encontro Locaweb in Curitiba in May, iMasters' DevCommerce and Open Spree Conference in June. It's about how most developers think wrong whey they are making decisions about technologies to choose.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
5. DATA COLLECTION 2.0:
CLIENT-SIDE JAVASCRIPT, COOKIES
• Easier to implement (“just a few lines
of JavaScript…”)
• Cookies match users closer than IPs
• Much more info available on client-
side
6. HOW DOES CLIENT-SIDE JS WORK?
…SPECIFICALLY GOOGLE ANALYTICS
2 requests - 1st for code, 2nd with measurement
7. TRACKING CODE SNIPPETS
• Sets up command queue
• Loads analytics.js, which does the
real work.
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-34128028-1', 'auto');
ga('send', 'pageview');
</script>
10. SEEMS GREAT, WHAT COULD
POSSIBLY GO WRONG?
Some data still only on the server side…
• Bot traffic (mostly)
• HTTP errors
• Pages we forgot to tag
• Content blocking users
11. SERVER LOGS, AGAIN
• Distributed systems, distributed logs
• As before, but somewhat different
consumers
12. AS ANALYSTS, WHAT’S GIVING
US GRIEF
• Cookie Deleting Users
• Bots
• Analytics “Referrer” Spam
• Ad blocker Users
13. COOKIE DELETING USERS
IS IT STILL ~30%?
• Artificially increases user counts
• Visit after deletion is direct, no attribution
• Stats based on users accounts? flickr: diskant
CC BY-NC 2.0
14. BROWSER FINGERPRINTS
• Survives Cookie deletion
• 2010 EFF Panopticlick: 84% of browsers unique
• Invasive?
• Browser fingerprint + IP in Piwik as cookie fallback
• Can be thought of as next gen User-Agent + IP
15. BOTS
• About 50% of all traffic may be bots (48.5%,
Incapsula 2015)
• Most of these don’t show in GA (yet?)
• Smaller the site, higher the bot % (85% for <1k
visits/day) flickr: skynoir
CC BY-NC 2.0
BOTS
BOTS
BOTS
BOTS
16. ANALYTICS SPAM
• free-social-buttons.biz, top-seo-blah-
blah-blah.com, number-one-analytics.fail
• Way to get traffic, SEO, and lulz since
before 2009
• Not GA specific, just the #1 target
• Two kinds: Crawler & Ghost
17. WHO’S SPAMMING US TODAY?
List of 2016 GA
Spammers from
Analytics Edge
Google is blocking
offenders, but often
not quickly.
18. WHY IS IT SO PREVALENT?
“Ghost” version via Measurement Protocol abuse
$ curl "https://www.google-analytics.com/collect?v=1&t=pageview&tid=UA-XXXX-X&cid=fa0c8140-
eef8-47c5-a244-b4c60cf46f74&dr=http%3A%2F%2Fmyspamsite.pizza&dp=%2Fhome"
Just iterate through UA-XXXX-1 numbers.
19. HOW DO I FIX IT?
• Filters for new traffic, segments for
historical
• Tool available on my site:
quantable.com/spamfilter
• Higher than UA-XX—1 property
tracking id number for new site
20. AD BLOCKING IS MAKING SOME
OF OUR USERS DISAPPEAR
• Blockers such as AdBlock Plus, Ghostery, uBlock
Origin, and Purify can block analytics tools, not just ads
• ABP has largest install base (300M downloads)
• These users are still in your server logs, but may never
show up in your web analytics
21. HOW DOES THE BLOCKING
WORK?
• Long lists of URLs to block loading for, e.g.:
google-analytics.com/analytics.js
/piwik.php
?[AQB]&ndh=1&t=
com/0.gif?
• EasyPrivacy list (used by ABP and others) is over
10,000 lines long and very actively maintained
22. HOW MANY USERS BLOCK GA?
My study showing 8.7% blocking GA
(for one particular site)
blockers
23. HOW DO I COUNT BLOCKERS?
• Can’t really be “fixed” client-side
• Still show up server-side
• May be against GA terms (can’t
circumvent Opt-Out Add-on)
25. THANKS!
slides & recap to be posted at cbuswaw.com
References & Further Reading
Quantable GA Blocking Analysis:
https://www.quantable.com/analytics/how-many-users-block-google-analytics/
GA Tracking Code walkthrough:
http://code.stephenmorley.org/javascript/understanding-the-google-analytics-tracking-code/
GA Measurement Protocol Hit Builder:
https://ga-dev-tools.appspot.com/hit-builder/
Fingerprintjs2:
http://valve.github.io/fingerprintjs2/
Incapsula 2015 Bot Report
https://www.incapsula.com/blog/bot-traffic-report-2015.html
Analytics Edge’s Guide to GA Spam:
http://help.analyticsedge.com/spam-filter/definitive-guide-to-removing-google-analytics-spam/