The document discusses how the 1998 film The Big Lebowski is analogous to building a cloud computing environment. It outlines various characters from the film that represent different roles in a cloud project, such as the Boss, Unbelievers, Business stakeholders, Experts, and a Wise Sage. The document argues that building a cloud, like the plot of the film, requires navigating people with different perspectives through rules and expertise to achieve the desired outcome.
Shaun of the Dead - Camera Shots, Angles, FocusMr Smith
An image test for Shaun of the Dead where students have to decide what camera shot and angle are being used, what scene in the film the shot comes from and any other relevant info they can decipher.
Automating Security Response with ServerlessMichael Ducy
Serverless (or Functions as a Service) tends to get thrown in the "paradigms nice for developers" bucket, but Serverless can provide meaningful benefits to Operations, DevOps, and SRE teams. In a world where everything is presented or controlled via an API, Serverless' event driven, api first philosophy can help these teams create new levels of automation that were typically the realm of runbook tooling.
In this talk we'll cover the various open source Serverless frameworks and platforms available. We'll show how to automate basic day to day operational task with Serverless functions. Finally, we will show how to build an open source, automated, Serverless based, event driven pipeline to automatically secure and protect a Kubernetes cluster.
Rethinking Open Source in the Age of CloudMichael Ducy
The last several years has brought explosive growth to the realm of open source. Many new projects have started, and many have went on to become foundational components of running applications at scale. Cloud providers have focused on a strategy of embracing open source not only to help build value added services, but to also make it easy to use open source on their compute platforms. Open source companies have reacted by changing their software licenses in an attempt to cut out the Cloud providers.
So what does this mean for the future of open source? In this talk we’ll revisit some of the foundational tenets of open source, and compare these ideas to where open source has evolved. We’ll also talk about the pros and cons, and maybe unintended consequences, of Cloud based computing.
Open source security tools for Kubernetes.Michael Ducy
Cloud Native platforms such as Kubernetes help developers to easily get started deploying and running their applications at scale. But as this access to compute starts to become ubiquitous, how you secure and maintain compliance standards in these environments becomes extremely important.
In this talk, we'll cover the basics of securing Cloud Native platforms such as Kubernetes. We will also cover open source tools - such as Clair, Anchore, and Sysdig Falco - that can be used to maintain a secure computing environment. Attendees will walk away with a good understanding of the challenges of securing a Cloud Native platform and practical advice on using open source tools as part of their security strategy.
Effective security requires a layered approach. If one layer is comprised, the additional layers will (hopefully) stop an attacker from going further. Much of container security has focused on the image build process and providing providence for the artifacts in a container image, and restricting kernel level tunables in the container runtime (seccomp, SELinux, capabilities, etc). What if we can detect abnormal behavior in the application and the container runtime environment as well? In this talk, we’ll present Falco - an open source project for runtime security - and discuss how it provides application and container runtime security. We will show how Falco taps Linux system calls to provide low level insight into application behavior, and how to write Falco rules to detect abnormal behavior. Finally we will show how Falco can trigger notifications to stop abnormal behavior, notify humans, and isolate the compromised application for forensics. Attendees will leave with a better understanding of the container security landscape, what problems runtime security solves, & how Falco can provide runtime security and incident response.
You just got “done” with the transformation of your organization (or parts of it) to leverage more DevOps practices, and now the next hot thing is taking over the industry: containers, Cloud Native, SRE, GitOps, Kubernetes, etc. What’s a DevOps Manager to do? Throw away the last few years and rebrand the team as Cloud Native SREs?
Technological advancement not only provides advancement in “what” a modern technology architecture looks like, it can also provide advancement in the processes and the day to day of an organization’s technology teams. We’ve seen this before in the move from mainframe to client-server, and client-server to Cloud.
In this presentation I’ll talk about the relationship of DevOps to Cloud Native technologies, and help make sense of all the jargon - containers, microservices, orchestration (and Kubernetes), SRE, GitOps, etc. I’ll also talk about how some processes & practices in the world of DevOps change when leveraging these technologies. Attendees will leave with a base understanding of what a DevOps operating model looks like when leveraging modern Cloud Native technologies.
Securing your Container Environment with Open SourceMichael Ducy
Cloud Native platforms such as Kubernetes and Cloud Foundry help developers to easily get started deploying and running their applications at scale. But as this access to compute starts to become ubiquitous, how you secure and maintain compliance standards in these environments becomes extremely important. In this talk we'll cover the basics of securing Cloud Native platforms such as Kubernetes. We will also cover open source tools - such as Clair, Anchore, and Sysdig Falco - that can be used to maintain secure computing environment. Attendees will walk away with a good understanding of the challenges of securing a Cloud Native platform and practical advice on using open source tools as part of their security strategy.
Monitoring & Securing Microservices in KubernetesMichael Ducy
Application running in containers provide a myriad of choices to the end developer. But how do you provide the necessary services to monitor and secure these applications running in platforms such as Kubernetes. This presentation covers some common sense principles to monitor and secure your Kubernetes based applications.
We talked about the Sysdig open source projects (Sysdig and Falco), as well as the Sysdig Container Intelligence Platform, Sysdig Monitor and Sysdig Secure.
Principles of Monitoring MicroservicesMichael Ducy
Containers and Microservices have radically changed how you get visibility into your applications. As developers have started to leverage orchestration systems on top of containers, the game is changing yet again. What was a simple application on a host before is now a sophisticated, dynamically orchestrated, multi-container architecture. It’s amazing for development - but introduces a whole new set of challenges for monitoring and visibility.
In this talk we’ll lay out five key principles for monitoring microservices and the containers they are based on. These principles take into account the operational difference of containers and microservices when compared to traditional architectures.
This talk is for the operator that needs to help development teams understand how visibility of apps has changed, and help teams implement these ideas. You’ll walk away with a good understanding of the challenges of monitoring microservices and how you can set your team up for success.
A survey of problems involved in building containers and build tools such as:
buildah
nixos-container
ansible-container
Smith
Distroless
Buildkit
Source to Image (s2i)
Habitat
Monoliths, Myths, and Microservices - CfgMgmtCampMichael Ducy
Moving from a monolithic based architecture to a more microservices architecture can be fraught with challenges. We'll talk about some of these challenges and some common myths associated with trying to strangle the Monolith. We'll also talk about config management and automation's critical role in helping you move to a microservices architecture, and how our monolithic approach to automation changes in the new world.
Moving from a monolithic based architecture to a more microservices architecture can be fraught with challenges. This talk covers some of these challenges and some common myths associated with trying to strangle the Monolith. We will also talk a bit about the open source project Habitat (habitat.sh), and how it can help you move towards microservices.
Deployment pipelines seem to go hand in hand with any mention of DevOps. Why do pipelines matter and how do the principles of DevOps intertwine with the idea of treating everything as an artifact in a pipeline?
Shaun of the Dead - Camera Shots, Angles, FocusMr Smith
An image test for Shaun of the Dead where students have to decide what camera shot and angle are being used, what scene in the film the shot comes from and any other relevant info they can decipher.
Automating Security Response with ServerlessMichael Ducy
Serverless (or Functions as a Service) tends to get thrown in the "paradigms nice for developers" bucket, but Serverless can provide meaningful benefits to Operations, DevOps, and SRE teams. In a world where everything is presented or controlled via an API, Serverless' event driven, api first philosophy can help these teams create new levels of automation that were typically the realm of runbook tooling.
In this talk we'll cover the various open source Serverless frameworks and platforms available. We'll show how to automate basic day to day operational task with Serverless functions. Finally, we will show how to build an open source, automated, Serverless based, event driven pipeline to automatically secure and protect a Kubernetes cluster.
Rethinking Open Source in the Age of CloudMichael Ducy
The last several years has brought explosive growth to the realm of open source. Many new projects have started, and many have went on to become foundational components of running applications at scale. Cloud providers have focused on a strategy of embracing open source not only to help build value added services, but to also make it easy to use open source on their compute platforms. Open source companies have reacted by changing their software licenses in an attempt to cut out the Cloud providers.
So what does this mean for the future of open source? In this talk we’ll revisit some of the foundational tenets of open source, and compare these ideas to where open source has evolved. We’ll also talk about the pros and cons, and maybe unintended consequences, of Cloud based computing.
Open source security tools for Kubernetes.Michael Ducy
Cloud Native platforms such as Kubernetes help developers to easily get started deploying and running their applications at scale. But as this access to compute starts to become ubiquitous, how you secure and maintain compliance standards in these environments becomes extremely important.
In this talk, we'll cover the basics of securing Cloud Native platforms such as Kubernetes. We will also cover open source tools - such as Clair, Anchore, and Sysdig Falco - that can be used to maintain a secure computing environment. Attendees will walk away with a good understanding of the challenges of securing a Cloud Native platform and practical advice on using open source tools as part of their security strategy.
Effective security requires a layered approach. If one layer is comprised, the additional layers will (hopefully) stop an attacker from going further. Much of container security has focused on the image build process and providing providence for the artifacts in a container image, and restricting kernel level tunables in the container runtime (seccomp, SELinux, capabilities, etc). What if we can detect abnormal behavior in the application and the container runtime environment as well? In this talk, we’ll present Falco - an open source project for runtime security - and discuss how it provides application and container runtime security. We will show how Falco taps Linux system calls to provide low level insight into application behavior, and how to write Falco rules to detect abnormal behavior. Finally we will show how Falco can trigger notifications to stop abnormal behavior, notify humans, and isolate the compromised application for forensics. Attendees will leave with a better understanding of the container security landscape, what problems runtime security solves, & how Falco can provide runtime security and incident response.
You just got “done” with the transformation of your organization (or parts of it) to leverage more DevOps practices, and now the next hot thing is taking over the industry: containers, Cloud Native, SRE, GitOps, Kubernetes, etc. What’s a DevOps Manager to do? Throw away the last few years and rebrand the team as Cloud Native SREs?
Technological advancement not only provides advancement in “what” a modern technology architecture looks like, it can also provide advancement in the processes and the day to day of an organization’s technology teams. We’ve seen this before in the move from mainframe to client-server, and client-server to Cloud.
In this presentation I’ll talk about the relationship of DevOps to Cloud Native technologies, and help make sense of all the jargon - containers, microservices, orchestration (and Kubernetes), SRE, GitOps, etc. I’ll also talk about how some processes & practices in the world of DevOps change when leveraging these technologies. Attendees will leave with a base understanding of what a DevOps operating model looks like when leveraging modern Cloud Native technologies.
Securing your Container Environment with Open SourceMichael Ducy
Cloud Native platforms such as Kubernetes and Cloud Foundry help developers to easily get started deploying and running their applications at scale. But as this access to compute starts to become ubiquitous, how you secure and maintain compliance standards in these environments becomes extremely important. In this talk we'll cover the basics of securing Cloud Native platforms such as Kubernetes. We will also cover open source tools - such as Clair, Anchore, and Sysdig Falco - that can be used to maintain secure computing environment. Attendees will walk away with a good understanding of the challenges of securing a Cloud Native platform and practical advice on using open source tools as part of their security strategy.
Monitoring & Securing Microservices in KubernetesMichael Ducy
Application running in containers provide a myriad of choices to the end developer. But how do you provide the necessary services to monitor and secure these applications running in platforms such as Kubernetes. This presentation covers some common sense principles to monitor and secure your Kubernetes based applications.
We talked about the Sysdig open source projects (Sysdig and Falco), as well as the Sysdig Container Intelligence Platform, Sysdig Monitor and Sysdig Secure.
Principles of Monitoring MicroservicesMichael Ducy
Containers and Microservices have radically changed how you get visibility into your applications. As developers have started to leverage orchestration systems on top of containers, the game is changing yet again. What was a simple application on a host before is now a sophisticated, dynamically orchestrated, multi-container architecture. It’s amazing for development - but introduces a whole new set of challenges for monitoring and visibility.
In this talk we’ll lay out five key principles for monitoring microservices and the containers they are based on. These principles take into account the operational difference of containers and microservices when compared to traditional architectures.
This talk is for the operator that needs to help development teams understand how visibility of apps has changed, and help teams implement these ideas. You’ll walk away with a good understanding of the challenges of monitoring microservices and how you can set your team up for success.
A survey of problems involved in building containers and build tools such as:
buildah
nixos-container
ansible-container
Smith
Distroless
Buildkit
Source to Image (s2i)
Habitat
Monoliths, Myths, and Microservices - CfgMgmtCampMichael Ducy
Moving from a monolithic based architecture to a more microservices architecture can be fraught with challenges. We'll talk about some of these challenges and some common myths associated with trying to strangle the Monolith. We'll also talk about config management and automation's critical role in helping you move to a microservices architecture, and how our monolithic approach to automation changes in the new world.
Moving from a monolithic based architecture to a more microservices architecture can be fraught with challenges. This talk covers some of these challenges and some common myths associated with trying to strangle the Monolith. We will also talk a bit about the open source project Habitat (habitat.sh), and how it can help you move towards microservices.
Deployment pipelines seem to go hand in hand with any mention of DevOps. Why do pipelines matter and how do the principles of DevOps intertwine with the idea of treating everything as an artifact in a pipeline?
Changing the Way Development and Operations WorksMichael Ducy
DevOps, DevOps, Every where but not a drop to drink. Everyone talks about DevOps, but what does it really mean at the heart of it. To summarize, Increasing the flow of work through IT.
CloudStack Day 14 - Automation: The Key to Hybrid CloudMichael Ducy
Often Hybrid Cloud is talked about in terms of migrating entire VMs. This is fraught with problems, and can be better acheived by using automation to move a VMs configuration instead of the entire VM.
Ignite talk from Cloudstack Collab Conference EU 2013 held in Amsterdam.
C. Northcote Parkinson is quickly becoming widely quoted for ideas like "Bike Shedding". Let's talk quickly about Parkinson's Law and Parkinson's Law of Triviality and why Bureaucracies are so slow.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DudeOps: Why The Big Lebowski is About Building a Cloud
Talk about yourself but try not to be a prat.
At the heart of cloud implementations, the biggest challenge is not the technical aspects. While the technical details are challenging, as with any technology, they can be overcome. The more challenging aspect tends to be the organization management that is required to be successful. Take for example this picture from the civil war. These troops were ready to be deployed to the front line, yet there were no trains available to take them to the front line. In the end, they had to march several hundred miles to head into battle.
Enter the Dude. The Big Lebowski is a 1998 film on the trial and tribulations of Jeffrey Lebowski, also known as The Dude. The Dude is mistaken one day for another Jeffrey Lebowski, a rich businessman, whose wife owes money to a known pornographer. Two thugs enter The Dude’s house demanding payment, and proceed to micturate on The Dude’s rug. The Dude, upon advice from his friend Walter, meets with The Big Lebowski, to demand compensation for his soiled rug. This begins The Dude’s adventure.
During the story, The Dude meets a variety of players. Each one of these players have their own motivation, and The Dude must manage each accordingly. Much like your Cloud Journey; you will meet many different characters, and you need the skills to manage each person accordingly.
The Big Lebowski. Big is the one The Dude attempts to ask for compensation from for the thugs peeing on his rug. Of course, the Big Lebowski isn’t amused, and refuses compensation. The Dude tells Big’s assistant that Big gave him “any rug in the house”. Later, when Big’s wife is “kidnapped”, Big hires the Dude to be the bag man for the ransom. As we later learn, Big never gave the Dude the money, and instead gave him a ringer. This could be very much like a boss in your organization. He gives you a task, and sets you for failure right out of the gate. Or it could be another supervisor that will look to sabotage your Cloud project. But with all bosses, they have weaknesses. Big Lebowski’s weakness, as his daughter points out, is vanity. And honestly that is the case for many leaders of organizations. Altho it sounds like a cliche, making your boss (or other leaders in your org) look successful is key to being successful with any IT project.
There are always some unbelievers in the organization. For the Dude, his unbelievers were nihilists. The nihilists were the supposed kidnappers of the Big Lebwoski’s wife, and while they believed in “Nothing”, they were strong capitalists in the sense they realized money was an important means to an end. After threatening the Dude with castration, and that keeping wildlife, an amphibious rodent, for uh, domestic, you know, within the city they meet the Dude for a final showdown. The dude attempts to pay off the nihilists, but Walter has other plans and proceeds to kick the nihilists asses. Much like the Dude did, you will encounter nihilists on your journey to cloud. From an organizational management perspective, you can try buying them off, but unfortunately that doesn’t always work. Sometimes you just have to kick some ass.
When Big Lebowski’s daughter discovers the “kidnapping” of her step-mother, as well as a large withdrawal of money from a charitable foundation her father runs, she steps in to prevent the possible embezzlement of money from the “Little Lebowski Urban Achievers”. Maude is much like the Business stakeholders in your company. She has the overarching long term goals of the organization in mind, and seeks to resolve problems quickly and with little overhead. At the end of the day, the Business doesn’t give a shit about VPC, m1.large, IOPs, etc. They care about bringing in more revenue, increasing profit margin, reducing expenses, increasing EPS, and building a healthy business. Where many Cloud projects fail, is they only focus on solving the technical challenges, or technical problems in the IT organization. The Business doesn’t give a shit if you offer “Beans and Biscuits” as a Service, they care about making money. Find a business problem, not a technical one, and use technology to solve that problem for the business.
Not much to say here. Nobody fucks with the Jesus. I suggest you don’t as well.
Donny, one of the Dude’s bowling buddies, was a pacifist who loved surfing, and bowling. He died, as so many of his generation did, before his time, like so many bright flowering young men, at Khe San and Lan Doc (voice rising) AND HILL 364! While Donny was sat on the sidelines, when he needed to deliver, he could, and he gave very little resistance to the plans of Walter and the Dude. Many organizations have pacifists, those who love their jobs, will come in and execute, and will give very little resistance. These people are important to your cloud project. They are the doers and the manpower that you need, and they allow you to build alliances, maybe across teams or across your organization. Cloud impacts many people and many teams, and the stronger and broader the alliances you can build the better to achieving the goal of your project.
Oh yes, the Expert. Walter, the Dude’s other bowling buddy was an expert. He was an expert in everything from warfare, to negotiation, to spinal injuries, rulings of the supreme court, and more. Everyone has this guy in their organization. He been around forever, and has done everything. He might quip that he did Cloud 20 years ago on a Mainframe. He’ll be quick to quote you CAP theorem and Amdahl’s law, while doing very little to move your Cloud project forward.
He’ll also be quick to tell you that there are rules. There are ways of doing things that have been in place since 1996 and we need to continue to do things the exact same way because of some outage in the Summer of 1995. So how do you deal with this guy (or gal). First off, don’t step over the line, and if you do, mark it zero. Some strategies that have worked well for me in the past for these personalities are the following: Acknowledge his superior knowledge, then move on. Making these people feel important by validating them is one way to neutralize them. Second, isolate the person. Give them an important (or seemingly important) task that is not part of the project’s critical path, preferably something they can work on independently.
But what you don’t want to do is to burn this person. This person isn’t the expert for no reason. He (or she) has been around the organization for a long time, and someone in the leadership organization finds this person valuable. Keep them included, and keep them happy.
Similar to the expert, The Wise Sage is willing to give advice, but isn’t offended if it isn’t followed. Find these people, find what experience they have to offer, and use what you need.
In the end you don’t want the characters in your organization to “kill your fucking cloud”