What this talk here: https://vimeo.com/129822165
DevOpsDays Austin Talk.
Computers are hard, and security is even harder. Let's discuss things to do when you have a dedicated Infosec team, and tools you can use when you don't.
Risk of Solutionism in the IoT is squared to Solutionism in WebMarkus Andrezak
Solutionism is doing things for the sake of things, or building things because you can. That may be ok if the risk is clear. The problem is that the world is a complex system with little predictability. Things happen. When building things that interact with real life, we should be cautious and reduce risk by only building things that serve deep needs. We propose to first do proper research on what is required to reduce the number of things to be build and thus reduce risk.
We propose simple tools such as "Jobs to be done" to make research accessible to everyone.
"The Pragmatic Programmer", "Clean Code", "Refactoring" - these are among the classic works that we are told should be on every programmer's bookshelf. Often, they make it to the shelf, but remain unread. Have you ever wondered why these books are considered such beacons to our community? Have you maybe even felt guilty for not reading them all?
We'll go through the "cliff notes" edition of these classics, and maybe even find a few future classics to inspire you to check out what’s on your own bookshelf.
How To Run a 5 Whys (With Humans, Not Robots)Dan Milstein
Slides from a talk at the Lean Startup conference (video link below).
Update: I've interleaved slides covering what I actually talked about onstage.
Update Update: video is up at http://www.ustream.tv/recorded/27482093/highlight/310486
Risk of Solutionism in the IoT is squared to Solutionism in WebMarkus Andrezak
Solutionism is doing things for the sake of things, or building things because you can. That may be ok if the risk is clear. The problem is that the world is a complex system with little predictability. Things happen. When building things that interact with real life, we should be cautious and reduce risk by only building things that serve deep needs. We propose to first do proper research on what is required to reduce the number of things to be build and thus reduce risk.
We propose simple tools such as "Jobs to be done" to make research accessible to everyone.
"The Pragmatic Programmer", "Clean Code", "Refactoring" - these are among the classic works that we are told should be on every programmer's bookshelf. Often, they make it to the shelf, but remain unread. Have you ever wondered why these books are considered such beacons to our community? Have you maybe even felt guilty for not reading them all?
We'll go through the "cliff notes" edition of these classics, and maybe even find a few future classics to inspire you to check out what’s on your own bookshelf.
How To Run a 5 Whys (With Humans, Not Robots)Dan Milstein
Slides from a talk at the Lean Startup conference (video link below).
Update: I've interleaved slides covering what I actually talked about onstage.
Update Update: video is up at http://www.ustream.tv/recorded/27482093/highlight/310486
The Future of Digital Textbooks, Tools of Change, 2010John Warren
Technology is driving change in education as it is in publishing. Distance education has become more common in higher education; universities are putting podcasts, texts, and entire courses online. The spiraling cost of textbooks is rendering higher education unaffordable to many students, particularly in community colleges, where textbook costs often exceed tuition. In the K-12 market, digital textbooks have been making inroads into the classroom; a California initiative aims to replace many high school science and math texts with free, “open source” digital versions, while the new Democratic Leadership Council has proposed a “Kindle in Every Backpack.” While some may think of a digital textbook merely an electronic image of a paper product, others have employed the electronic format in broadening the spectrum of learning. This session examines the emerging future of digital textbooks, including open access; subscriptions; texts bundled with online study resources; innovative texts that include multimedia, simulation models, automated assessments; and business models that will allow publishers to survive and thrive in the future.
The Future of Digital Textbooks, Tools of Change, 2010John Warren
Technology is driving change in education as it is in publishing. Distance education has become more common in higher education; universities are putting podcasts, texts, and entire courses online. The spiraling cost of textbooks is rendering higher education unaffordable to many students, particularly in community colleges, where textbook costs often exceed tuition. In the K-12 market, digital textbooks have been making inroads into the classroom; a California initiative aims to replace many high school science and math texts with free, “open source” digital versions, while the new Democratic Leadership Council has proposed a “Kindle in Every Backpack.” While some may think of a digital textbook merely an electronic image of a paper product, others have employed the electronic format in broadening the spectrum of learning. This session examines the emerging future of digital textbooks, including open access; subscriptions; texts bundled with online study resources; innovative texts that include multimedia, simulation models, automated assessments; and business models that will allow publishers to survive and thrive in the future.
Identify Development Pains and Resolve Them with Idea FlowTechWell
With the explosion of new frameworks, a mountain of automation, and our applications distributed across hundreds of services in the cloud, the level of complexity in software development is growing at an insane pace. With increased complexity comes increased costs and risks. When diagnosing unexpected behavior can take days, weeks, or sometimes months, all while our release is on the line, our projects plunge into chaos. In the invisible world of software development, how do we identify what's causing our pain? How do we escape the chaos? Janelle Klein presents a novel approach to measuring the chaos, identifying the causes, and systematically driving improvement with a data-driven feedback loop. Rather than measuring the problems in the code, Janelle suggests measuring the "friction in Idea Flow", the time it takes a developer to diagnose and resolve unexpected confusion, which disrupts the flow of progress during development. With visibility of the symptoms, we can identify the cause—whether it's bad architecture, collaboration problems, or technical debt. Janelle discusses how to measure Idea Flow, why it matters, and the implications for our teams, our organizations, and our industry.
Why Everyone Needs DevOps Now: My Fourteen Year Journey Studying High Perform...Akamai Technologies
How do great IT organizations simultaneously deliver stellar service levels and fast flow of new features into production? It requires creating a “super-tribe”, where development, test, IT operations and information security genuinely work together to solve business objectives as opposed to throwing each under the bus. In this talk, Gene Kim will describe what successful development organization transformations look like, and how they were achieved from a Dev and Ops perspective. Drawing upon a 14 year study of high performing IT organizations, Gene will share the best known methods, recipes and case studies of how to implement successful DevOps-style transformations. See Gene Kim's Edge Presentation: http://www.akamai.com/html/custconf/edgetv-developers.html#gene-kim
The Akamai Edge Conference is a gathering of the industry revolutionaries who are committed to creating leading edge experiences, realizing the full potential of what is possible in a Faster Forward World. From customer innovation stories, industry panels, technical labs, partner and government forums to Web security and developers' tracks, there’s something for everyone at Edge 2013.
Learn more at http://www.akamai.com/edge
If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that’s not security. That’s obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications and a hundred identical safes with their combinations so that the world’s best safecrackers can study it and you still can’t open the safe, that’s security.
Automating Tactically vs Strategically SauceCon 2020Alan Richardson
One of the biggest concepts that has made a difference to my programming and automating in recent years is the concept of “Tactical vs. Strategic.” Automating tactically might be for a specific purpose, possibly small, possibly a bit rough around the edges, not necessarily completely robust for everyone, etc. And Strategic automation is more critical to long-term aims, maintained and maintainable, etc.
In this talk, Alan Richardson will provide examples of automating both Strategically and Tactically for activities as diverse as supporting testing, marketing and general life. We will also consider how and when to move from automating tactically to strategically, and how the concept has helped me change my programming style and how to write better code.
DevOpsDays Houston 2019 -Kevin Crawley - Practical Guide to Not Building Anot...DevOpsDays Houston
I’ll discuss how my experience of approaching DevOps not as another siloed effort but instead as a discipline by embedding engineers within cross-functional teams who are dedicated to continuously improving the quality of automation across the entire SDLC.
4 Steps to Effectively Integrate DevOps Workflows With Cloud Security PracticesThreat Stack
Most companies value speed over security, which has traditionally been a blocker in delivering software. But with more and more breaches and vulnerabilities reported (Shellshock and Heartbleed to name a just few) it's more important than ever that security gets integrated into the operations process. Here are the top four ways to balance DevOps workflows while maintaining a pragmatic view on security.
Check out some of the thought-provoking presentations delivered at the 2017 BSidesSF conference. For more on BSidesSF, visit: https://www.tripwire.com/state-of-security/security-awareness/events/heres-missed-bsidessf-2017/
In 1628, the Swedish warship Vasa set off on its maiden voyage from Stockholm harbor towards Poland, where a war was raging in the Baltic. Built by 400 craftsmen at the royal shipyard at Stockholm, the ship was richly decorated as a symbol of the king's ambitions for Sweden and himself. It was 69 meters long and was fitted with 64 cannons, and upon completion, it was of the most powerfully armed vessels in the world of that time. Unfortunately, Vasa was too top heavy and dangerously unstable. Despite the lack of stability, the king was eager to see her in battle and pushed her to sea. On the day of departure, a swelling crowd gathered at the harbor to watch the ship leave. Over a hundred crewmen along with women and children were on board as the crew was permitted to take family and guests along for the first part of the passage. After sailing just 1,300 meters, at the first strong breeze, the ship foundered, leaned over and sank. Around 30 people lost their lives.
This is the story of the Vasa and its parallels to software engineering.
A Tale of Two Workflows - ChefConf 2014Pete Cheslock
Watch this talk here: https://www.youtube.com/watch?v=L__8o02od6Q
For an example of the code we used in our CI pipeline to make a Chef Environment from a Berksfile.lock - check out this project:
https://github.com/petecheslock/berks2env
One of the biggest advantages of Chef is it's flexibility, allowing you to customize it at-will to fit your infrastructure needs. While this makes Chef incredibly powerful, it can also be challenging to develop a workflow to manage the day-to-day usage of chef.
Should I use a single repo for all my cookbooks?
One cookbook per repo?
Berkshelf?
Librarian?
Test-Kitchen?
Where does Jenkins(CI) fit it?
What about Testing?
How does this work with my small team? What about my large team? What about my * Distributed Team?
Over the past few years I have been a part of two distinct Chef workflows that take opposite paths about how to solve issues around collaboration, versioning, testing, etc. During the course of this talk I will share:
Details about the requirements that lead us down these 2 paths.
What worked.
What didn't.
How we use many of the tools available to safely test code changes.
How we deploy cookbook changes safely and quickly (and keep uptime our highest priority).
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
19. @petecheslock
It’s time that we recognize that all
these new tools which are helping to
enable our teams to work so well are
also introducing new attack vectors.
20. @petecheslock
risk = (threat) x (probability)
x (business impact)
http://sysadvent.blogspot.com/2014/12/day-24-12-days-of-secdevops.html
- Jen Andre
35. @petecheslock
“FWIW, I have most of a sub-key implementation done, but that
still won’t solve your problem, as it will be years before that
implementation is widely deployed…”
36. @petecheslock
Compile your Source
Build a Package
Sign the Package
Test the Package
Deploy the Package
You can’t hate the curl bash and be OK deploying from Github