The document summarizes a transition from a LAMP stack (Linux, Apache, MySQL, PHP) to a LNLP stack (Linux, Nginx, NoSQL, PHP-FPM). It discusses moving from Apache to Nginx as the web server for improved performance under load. It also discusses moving from MySQL to a NoSQL database like MongoDB for flexibility with data structures and large datasets. Finally, it discusses moving from mod_php to PHP-FPM to improve PHP performance and flexibility. Steps are provided to install and configure Nginx, PHP-FPM and MongoDB on Ubuntu. Benchmark results show improved request throughput and reduced response times with the new stack configuration.
Boyan Ivanov - latency, the #1 metric of your cloudShapeBlue
No two clouds are the same. Yet the leading clouds all have one thing in common: they deliver on metrics, which matter to the customer. In this session we'll dissect leading clouds, to show why low latency is the thing that makes a cloud stand out.
Ankara Cloud Meetup 6. Etkinlik Scaling Real-Time Messaging on Cloud Sunumuİbrahim Gürses
Ankara Cloud Meetup'ın 6. etkinliğinde Ozan Yerli Scaling Real-Time Messaging on Cloud konusundan bahsediyor.
Ankara Cloud Meetup linki : https://www.meetup.com/Ankara-Cloud-Meetup/
BİO : Ozan Yerli , CEO of Connected2.me
Connected2.me, tanıdığın veya tanımadığın insanlarla anonim olarak konuşmanı sağlayan sosyal ağ uygulamasıdır. 10 milyon aktif kullanıcı tarafından mesajlaşmak için Mobil ve Web'den kullanmaktadır.
Как сделать высоконагруженный сервис, не зная количество нагрузки / Олег Обле...Ontico
Существует множество архитектур и способов масштабирования систем. Сегодня многие компании мигрируют в облачные сервисы или используют контейнеры. Но действительно ли это так необходимо и нужно ли следовать трендам?
В данном докладе мне бы хотелось рассказать об архитектуре, которую я спланировал и внедрил в компании InnoGames. Архитектура, не требующая вмешательства администратора в случае лавинообразного увеличения нагрузки и, что ещё более важно, умеющая редуцироваться в случае отсутствия её для экономии затрат.
Вы узнаете об опыте создания сервиса с очень непростыми критериями и поймёте, что не обязательно платить в 3 раза дороже за AWS или любую подобную систему.
- Что такое CRM. Зачем нам этот сервис.
- Инфраструктура.
-- Graphite. Почему он должен быть надежным и быстрым.
-- Puppet + gitlab.
-- Балансировка нагрузки.
-- Наше облако. Зачем нам openstack, когда есть serveradmin!? Как роль сервера определяется несколькими атрибутами в веб-интерфейсе.
-- Nagios + аггрегаторы. Другой взгляд на то, как мониторить сервисы через Graphite.
-- Мониторинг кластеров. Clusterhc и Grafsy.
-- Brassmonkey. Как мы написали своего сисадмина на python.
-- Бэкапы.
- Архитектура CRM3.
- Autoscaling или как проанализировать кучу данных и принять решения.
Boyan Ivanov - latency, the #1 metric of your cloudShapeBlue
No two clouds are the same. Yet the leading clouds all have one thing in common: they deliver on metrics, which matter to the customer. In this session we'll dissect leading clouds, to show why low latency is the thing that makes a cloud stand out.
Ankara Cloud Meetup 6. Etkinlik Scaling Real-Time Messaging on Cloud Sunumuİbrahim Gürses
Ankara Cloud Meetup'ın 6. etkinliğinde Ozan Yerli Scaling Real-Time Messaging on Cloud konusundan bahsediyor.
Ankara Cloud Meetup linki : https://www.meetup.com/Ankara-Cloud-Meetup/
BİO : Ozan Yerli , CEO of Connected2.me
Connected2.me, tanıdığın veya tanımadığın insanlarla anonim olarak konuşmanı sağlayan sosyal ağ uygulamasıdır. 10 milyon aktif kullanıcı tarafından mesajlaşmak için Mobil ve Web'den kullanmaktadır.
Как сделать высоконагруженный сервис, не зная количество нагрузки / Олег Обле...Ontico
Существует множество архитектур и способов масштабирования систем. Сегодня многие компании мигрируют в облачные сервисы или используют контейнеры. Но действительно ли это так необходимо и нужно ли следовать трендам?
В данном докладе мне бы хотелось рассказать об архитектуре, которую я спланировал и внедрил в компании InnoGames. Архитектура, не требующая вмешательства администратора в случае лавинообразного увеличения нагрузки и, что ещё более важно, умеющая редуцироваться в случае отсутствия её для экономии затрат.
Вы узнаете об опыте создания сервиса с очень непростыми критериями и поймёте, что не обязательно платить в 3 раза дороже за AWS или любую подобную систему.
- Что такое CRM. Зачем нам этот сервис.
- Инфраструктура.
-- Graphite. Почему он должен быть надежным и быстрым.
-- Puppet + gitlab.
-- Балансировка нагрузки.
-- Наше облако. Зачем нам openstack, когда есть serveradmin!? Как роль сервера определяется несколькими атрибутами в веб-интерфейсе.
-- Nagios + аггрегаторы. Другой взгляд на то, как мониторить сервисы через Graphite.
-- Мониторинг кластеров. Clusterhc и Grafsy.
-- Brassmonkey. Как мы написали своего сисадмина на python.
-- Бэкапы.
- Архитектура CRM3.
- Autoscaling или как проанализировать кучу данных и принять решения.
Unless you have a problem which scales to many independent tasks easily e.g. web services, you may find that the best way to improve throughput is by reducing latency. This talk starts with Little's Law and it's consequences for high performance computing.
Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016Zabbix
At DBC we are running docker and other container types in a mesos/marathon cluster environment. I will demonstrate how we collect statistics, logs etc. and monitor this environment, showing configuration examples, data flows and templates.
Some of the covered topics:
- Mesos master and agents
- Marathon Framework
- Docker engine
- Containers
- Zookeeper
- Elasticserach/ELK
A talk I gave at the Boston Web Performance Meetup in August 2014.
Performance is one of the most challenging issues in modern web app design, in large part because modeling, testing, and validating performance before deploying to production is so challenging. While many ops teams have nailed down the problem of re-creating pre-production environments that closely mimic production, those environments frequently rely on known-good components beyond the application code itself: AWS ELB, F5 load balancers, CDNs, Varnish, and more.
Testing plug-in components like that can be challenging, because their performance characteristics don't directly align with application metrics.
- How many simultaneous users can my load balancer support? - What sort of network load will I put on my CDN (i.e., how much will it cost?) - How do different user behavior patterns affect performance?
In this meetup, we'll introduce a novel tool in this toolbox: tcpreplay, an open-source tool for replaying packet capture files back at an application. By replaying user traffic to a staging environment, you can test the effects of
- Network saturation to the load balancer - High numbers of users / IPs - Lots of traffic to your other monitoring tools!
Высокопроизводительный инференс глубоких сетей на GPU с помощью TensorRT / Ма...Ontico
Производительность инференса - одна из самых серьезных проблем при внедрении DL приложений, так как она определяет, какое впечатление от сервиса останется у конечного пользователя, а также какова будет цена внедрения этого продукта. Таким образом, для инференса важно быть высокопроизводительным и энергоэффективным. TensorRT автоматически оптимизирует обученную нейронную сеть для максимальной производительности, обеспечивая существенное ускорение по сравнению с обычными часто используемыми фреймворками.
Из презентации вы узнаете, какие оптимизации применяются в TensorRT, как его использовать и увидите, насколько он быстр в избранных задачах.
Although we don't use it for the core web application, most other places in Launchpad that have to deal with concurrency issues do it using Twisted. This talk will survey these areas and talk about issues we've found and design patterns we've found helpful.
Responding rapidly when you have 100+ GB data sets in JavaPeter Lawrey
One way to speed up you application is to bring more of your data into memory. But how to do you handle hundreds of GB of data in a JVM and what tools can help you.
Mentions: Speedment, Azul, Terracotta, Hazelcast and Chronicle.
Mitigating Security Threats with Fastly - Joe Williams at Fastly Altitude 2015Fastly
Fastly Altitude - June 25, 2015. Joe Williams, Computer Operator at GitHub discusses using a CDN to mitigate security threats.
Video of the talk: http://fastly.us/Altitude2015_Mitigating-Security-Threats-2
Joe's bio: Joe Williams is a Computer Operator at GitHub, and joined their infrastructure team in August 2013. Joe's passion for distributed systems, queuing theory and automation help keep the lights on. When not behind a computer you can generally find him riding a bicycle around Marin, CA.
Unless you have a problem which scales to many independent tasks easily e.g. web services, you may find that the best way to improve throughput is by reducing latency. This talk starts with Little's Law and it's consequences for high performance computing.
Erik Skytthe - Monitoring Mesos, Docker, Containers with Zabbix | ZabConf2016Zabbix
At DBC we are running docker and other container types in a mesos/marathon cluster environment. I will demonstrate how we collect statistics, logs etc. and monitor this environment, showing configuration examples, data flows and templates.
Some of the covered topics:
- Mesos master and agents
- Marathon Framework
- Docker engine
- Containers
- Zookeeper
- Elasticserach/ELK
A talk I gave at the Boston Web Performance Meetup in August 2014.
Performance is one of the most challenging issues in modern web app design, in large part because modeling, testing, and validating performance before deploying to production is so challenging. While many ops teams have nailed down the problem of re-creating pre-production environments that closely mimic production, those environments frequently rely on known-good components beyond the application code itself: AWS ELB, F5 load balancers, CDNs, Varnish, and more.
Testing plug-in components like that can be challenging, because their performance characteristics don't directly align with application metrics.
- How many simultaneous users can my load balancer support? - What sort of network load will I put on my CDN (i.e., how much will it cost?) - How do different user behavior patterns affect performance?
In this meetup, we'll introduce a novel tool in this toolbox: tcpreplay, an open-source tool for replaying packet capture files back at an application. By replaying user traffic to a staging environment, you can test the effects of
- Network saturation to the load balancer - High numbers of users / IPs - Lots of traffic to your other monitoring tools!
Высокопроизводительный инференс глубоких сетей на GPU с помощью TensorRT / Ма...Ontico
Производительность инференса - одна из самых серьезных проблем при внедрении DL приложений, так как она определяет, какое впечатление от сервиса останется у конечного пользователя, а также какова будет цена внедрения этого продукта. Таким образом, для инференса важно быть высокопроизводительным и энергоэффективным. TensorRT автоматически оптимизирует обученную нейронную сеть для максимальной производительности, обеспечивая существенное ускорение по сравнению с обычными часто используемыми фреймворками.
Из презентации вы узнаете, какие оптимизации применяются в TensorRT, как его использовать и увидите, насколько он быстр в избранных задачах.
Although we don't use it for the core web application, most other places in Launchpad that have to deal with concurrency issues do it using Twisted. This talk will survey these areas and talk about issues we've found and design patterns we've found helpful.
Responding rapidly when you have 100+ GB data sets in JavaPeter Lawrey
One way to speed up you application is to bring more of your data into memory. But how to do you handle hundreds of GB of data in a JVM and what tools can help you.
Mentions: Speedment, Azul, Terracotta, Hazelcast and Chronicle.
Mitigating Security Threats with Fastly - Joe Williams at Fastly Altitude 2015Fastly
Fastly Altitude - June 25, 2015. Joe Williams, Computer Operator at GitHub discusses using a CDN to mitigate security threats.
Video of the talk: http://fastly.us/Altitude2015_Mitigating-Security-Threats-2
Joe's bio: Joe Williams is a Computer Operator at GitHub, and joined their infrastructure team in August 2013. Joe's passion for distributed systems, queuing theory and automation help keep the lights on. When not behind a computer you can generally find him riding a bicycle around Marin, CA.
Supercharging your PHP pages with mod_lsapi in CloudLinux OSCloudLinux
We’ve got big news - mod_lsapi is the fastest and most reliable way to serve PHP pages with Apache. It is a drop-in replacement for SuPHP, FCGID, RUID2, and ITK, has a low memory footprint and understands PHP directives from .htaccess files. It also supports PHP accelerators. It is fully compatible with PHP Selector, which allows end users to select the specific version of PHP they need. Here, learn more about this new production-ready feature, how it works and why it is so powerful.
Working with files in PHP can be a fun and a frustrating task; one you never know when you'll be asked to do. In our first beginner PHP talk, we'll go over how to work with files and some of the most common built in functions to help accomplish your tasks.
Let's look at the many "flavors" of PHP, why they are there, how they work and when to use them. We'll also dive a little into the PHP core design pattern of using SAPIs to access the true core application.
اِنجیناِکس (به انگلیسی: nginx) یک کارساز وب با حجم پایین و کارایی بالا است که تحت مجوز بیاسدی منتشر میشود. این کارساز وب در یونیکس، گنو/لینوکس، بیاسدی، مک او اس و ویندوز اجرا میشود. بر طبق گفتهٔ نتکرافت، در حال حاضر ۱۲.۰۷٪ از دامنههای اینترنت از این کارساز استفاده میکنند.
این پروژه در سال ۲۰۰۱ بنیان نهاده شد و توسط یک توسعهدهنده مستقل به نام ایگور سیسووف (به انگلیسی: Igor Sysoev) به مرحله اجرا درآمد تا در یکی از وبسایتهای پرترافیک به نام رامبرلر به خدمت گرفته شود که این وبسایت در تاریخ سپتامبر ۲۰۰۸، روزانه بیش از ۵۰۰ میلیون درخواست HTTP داشته است. در حال حاضر وبسایتهای سرشناسی همچون فیسبوک، نتفلیکس، وردپرس، سورسفورج و ... از انجیناکس استفاده میکنند.[۶] در نسخه ۵٫۲ اوپنبیاسده که در نوامبر ۲۰۱۲ عرضه شد هم نرمافزار انجیناکس به صورت پیشفرض در سیستم قرار داده شد تا جایگزینی باشد برای آپاچی ۱٫۳. در نهایت در سال ۲۰۱۴ آپاچی از درخت کد منبع اوپنبیاسدی حذف شد.
Streaming is an internal operation that moves data from node to node over a network which. It is the foundation of various Scylla cluster operations, e.g., add node, decommission node and rebuild node. Repair is another important operation that detects the mismatch between multiple replicas on different nodes and synchronize the replicas. In this talk we will cover recent changes and performance improvements to streaming and repair. We will introduce the new Scylla streaming and the brand new row level repair that will be released in the upcoming scylla releases.
An attempt to see how node is faster than (PHP+Acpache) stack where situations are similar and none of them are tweaked from their default configuration
On the way to low latency (2nd edition)Artem Orobets
This is the second edition of the story about how we struggled to implement strict latency requirements in a service implemented with Java and how we managed to do that.
The most common latency contributors are an in-process locking, thread scheduling, I/O, algorithmic inefficiencies and, of course, garbage collector.
I will share our experience of dealing with the causes. And tell what you can do to prevent them from affecting the production.
1. About Nginx
2. Benchmark test with concurrent request between Apache2.2 Vs Nginx ( with Vanilla configuration)
2.1 Benchmark on Big Image
2.2 Benchmark on Static Content File i,e. (. HTML)
2.3 Benchmark on PHP file (phpinfo())
3. Discuss Architecture of Nginx and Test result
4. How to configure PHP with Fast CGI on Nginx (Basic)
5. Question Answers
Windows Azure provides you with the capabilities to infinitely scale your applications, but how do you achieve this effectively and efficiently. In this session we will introduce the patterns and anti-patterns of scalability on the Windows Azure platform, demonstrating how to leverage connected systems technologies like the Azure AppFabric Service Bus to achieve scale, and an implementation of some of these patterns that demonstrates how to cost effectively scale your architectures.
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1VfmmLC.
David Riddoch talks about the technologies that make very high performance networking possible on commodity servers and networks, with a special focus on kernel bypass technologies including sockets acceleration and NFV. These techniques give user-space applications direct access the network adapter hardware, making possible sub-microsecond latencies and millions of messages per second per thread. Filmed at qconlondon.com.
David Riddoch leads the development of the Solarflare Open IP stack.
Infinit's reactor C++ framework allows developers to program in a natural way without having to deal with complex thread-based flows that decrease maintainability and efficiency.
Talk given at the Erlang User Conference, june 2013, Stockholm, about the performance of Zotonic, the Erlang Web Framework and CMS.
It highlights Zotonic's architecture, performance charts and provides a glimpse into the future of this web development framework.
Datagrids with Symfony 2, Backbone and BackgridGiorgio Cefaro
These are the slides of the code-centered presentation I did with Eugenio Pombi at the Javascript User Group Roma and the PHP User Group Roma.
In this presentation we try to show many powerful features of symfony2 and its bundles to work as a backend system for single page applications.
On the client side we describe how we made a javascript editable grid using Backbone.js and its plugin for grids Backgrid.js.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
From LAMP to LNNP
1. From LAMP to LNNP
A Transition from
Linux Apache Mysql (mod_)PHP
to
Linux (what else?) Nginx Nosql PHP(-FPM)
Giorgio Cefaro
http://giorgiocefaro.com
@giorrrgio
5. Vs
From Wikipedia:
Nginx uses an asynchronous event-driven approach to handling requests
which can provide more predictable performance under high loads,
in contrast to the Apache HTTP server model that defaults to a threaded
or process-oriented approach to handling requests
6.
7. PHP Hello world benchmarks
Ab -k -n 50000 -c 10 http://10.0.0.3/test.php
Concurrency Level: 10 Concurrency Level: 10
Time taken for tests: 31.796 seconds Time taken for tests: 18.646 seconds
Complete requests: 50000 Complete requests: 50000
Failed requests: 0 Failed requests: 0
Write errors: 0 Write errors: 0
Keep-Alive requests: 0 Keep-Alive requests: 49509
Total transferred: 8450000 bytes Total transferred: 12928406 bytes
HTML transferred: 550000 bytes HTML transferred: 550000 bytes
Requests per second: 1572.54 Requests per second: 2681.54
[#/sec] (mean) [#/sec] (mean)
Time per request: 6.359 [ms] Time per request: 3.729 [ms]
(mean) (mean)
Time per request: 0.636 [ms] Time per request: 0.373 [ms]
(mean, across all concurrent requests) (mean, across all concurrent requests)
Transfer rate: 259.53 Transfer rate: 677.11
[Kbytes/sec] received [Kbytes/sec] received
Load average: 4.38, 1.29, 0.46 Load average: 3.00, 0.89, 0.32
8. PHP Hello world benchmarks
Ab -k -n 50000 -c 100 http://10.0.0.3/test.php
Concurrency Level: 100 Concurrency Level: 100
Time taken for tests: 28.143 seconds Time taken for tests: 18.398 seconds
Complete requests: 50000 Complete requests: 50000
Failed requests: 0 Failed requests: 0
Write errors: 0 Write errors: 0
Keep-Alive requests: 0 Keep-Alive requests: 49573
Total transferred: 8450000 bytes Total transferred: 12931199 bytes
HTML transferred: 550000 bytes HTML transferred: 550000 bytes
Requests per second: 1776.66 Requests per second: 2717.69
[#/sec] (mean) [#/sec] (mean)
Time per request: 56.285 [ms] Time per request: 36.796 [ms]
(mean) (mean)
Time per request: 0.563 [ms] Time per request: 0.368 [ms]
(mean, across all concurrent requests) (mean, across all concurrent requests)
Transfer rate: 293.22 Transfer rate: 686.39
[Kbytes/sec] received [Kbytes/sec] received
Load average: 13.70, 3.54, 1.20 Load average: 38.49, 10.07, 3.41
9. PHP Hello world benchmarks
Ab -k -n 50000 -c 1000 http://10.0.0.3/test.php
Concurrency Level: 1000 Completed 5000 requests
Time taken for tests: 64.339 seconds Completed 10000 requests
Complete requests: 50000 Completed 15000 requests
Failed requests: 474 apr_socket_recv: Connection reset by
(Connect: 0, Receive: 0, Length: peer (104)
474, Exceptions: 0) Total of 17522 requests completed
Write errors: 0
Non-2xx responses: 474
Total transferred: 8522996 bytes
HTML transferred: 626314 bytes
Requests per second: 777.13 [#/sec]
(mean)
Time per request: 1286.778 [ms]
(mean)
Time per request: 1.287 [ms]
(mean, across all concurrent requests)
Transfer rate: 129.37
[Kbytes/sec] received
Load average: 20.50, 7.13, 2.64 Load average: 36.86, 9.02, 3.03
10. Static HTML benchmarks
ab -n 50000 -c 10 http://10.0.0.3/test.html
Concurrency Level: 10 Concurrency Level: 10
Time taken for tests: 14.023 seconds Time taken for tests: 11.887 seconds
Complete requests: 50000 Complete requests: 50000
Failed requests: 0 Failed requests: 0
Write errors: 0 Write errors: 0
Total transferred: 10650000 bytes Total transferred: 13950000 bytes
HTML transferred: 250000 bytes HTML transferred: 250000 bytes
Requests per second: 3565.47 Requests per second: 4206.43
[#/sec] (mean) [#/sec] (mean)
Time per request: 2.805 [ms] Time per request: 2.377 [ms]
(mean) (mean)
Time per request: 0.280 [ms] Time per request: 0.238 [ms]
(mean, across all concurrent requests) (mean, across all concurrent requests)
Transfer rate: 741.65 Transfer rate: 1146.09
[Kbytes/sec] received [Kbytes/sec] received
11. Static HTML benchmarks
ab -n 50000 -c 100 http://10.0.0.3/test.html
Concurrency Level: 100 Concurrency Level: 100
Time taken for tests: 12.785 seconds Time taken for tests: 11.875 seconds
Complete requests: 50000 Complete requests: 50000
Failed requests: 0 Failed requests: 0
Write errors: 0 Write errors: 0
Total transferred: 10650000 bytes Total transferred: 13950000 bytes
HTML transferred: 250000 bytes HTML transferred: 250000 bytes
Requests per second: 3910.97 Requests per second: 4210.42
[#/sec] (mean) [#/sec] (mean)
Time per request: 25.569 [ms] Time per request: 23.751 [ms]
(mean) (mean)
Time per request: 0.256 [ms] Time per request: 0.238 [ms]
(mean, across all concurrent requests) (mean, across all concurrent requests)
Transfer rate: 813.51 Transfer rate: 1147.17
[Kbytes/sec] received [Kbytes/sec] received
12. Static HTML benchmarks
ab -n 50000 -c 100 http://10.0.0.3/test.html
Concurrency Level: 100 Concurrency Level: 100
Time taken for tests: 12.785 seconds Time taken for tests: 11.875 seconds
Complete requests: 50000 Complete requests: 50000
Failed requests: 0 Failed requests: 0
Write errors: 0 Write errors: 0
Total transferred: 10650000 bytes Total transferred: 13950000 bytes
HTML transferred: 250000 bytes HTML transferred: 250000 bytes
Requests per second: 3910.97 Requests per second: 4210.42
[#/sec] (mean) [#/sec] (mean)
Time per request: 25.569 [ms] Time per request: 23.751 [ms]
(mean) (mean)
Time per request: 0.256 [ms] Time per request: 0.238 [ms]
(mean, across all concurrent requests) (mean, across all concurrent requests)
Transfer rate: 813.51 Transfer rate: 1147.17
[Kbytes/sec] received [Kbytes/sec] received
13. Static HTML benchmarks
ab -n 10000 -c 1000 http://10.0.0.3/test.html
Concurrency Level: 1000 Completed 1000 requests
Time taken for tests: 4.915 seconds Completed 2000 requests
Complete requests: 10000 Completed 3000 requests
Failed requests: 0 Completed 4000 requests
Write errors: 0 Completed 5000 requests
Total transferred: 2130000 bytes Completed 6000 requests
HTML transferred: 50000 bytes Completed 7000 requests
Requests per second: 2034.45 Completed 8000 requests
[#/sec] (mean) Completed 9000 requests
Time per request: 491.533 [ms] apr_socket_recv: Connection reset by
(mean) peer (104)
Time per request: 0.492 [ms] Total of 9561 requests completed
(mean, across all concurrent requests)
Transfer rate: 423.18
[Kbytes/sec] received
16. NoSQL?
● SQL, tables, relations, JOINS...
● Just documents, graphs, key-value pairs.
● Really useful when working with a huge quantity of data
● Really useful when working with data that you want not staticly
structured
● Really useful for statistical or real-time analyses for growing list
of elements
17. My NoSql choice: MongoDB
● Data in MongoDB is stored in JSON-like documents
● horizontal scalability, auto-sharding to distribute data across many
nodes (auto balancing, easy scaling)
● full consistency and transactional updates
● Data integrity is guaranteed through journalling and replication
● Supported by Doctrine2 through Mongo
● Warning: not fully ACID* compliant (missing some transactional use
cases)
* atomicity, consistency, isolation, durability
19. Apache with modphp works
but...
● Every apache forked process is fat with all its modules
loaded, though before-fork code is shared among processes
● PHP is part of the apache process itself
● You have to load PHP even when you serve static files
(server memory footprint)
● You have to rely on a unique PHP version for all you apps
20. ...we can do better: FastCGI PHP
● Multiple versions of PHP, each executed by a different user
● Reduces the memory footprint of your web server for static
files
● PHP can be executed on a separate machine
21. We can do even better! PHP-
FPM
● FastCGI Process Manager
● PHP daemonization
pid file, log file, setsid(), setuid(), setgid(), chroot()
● Adaptive process spawning
Dynamic number of processes, depending on the load
● Worker level configuration
uid/gid/chroot/environment and different php.ini for each worker
● Logging stdout and stderr
● Forcing the completion of process if set_time_limit() fails
22. Workers, Daemons, WTF?
● At startup a configurable number of workers ar launched,
waiting for requests
● Once requests arrive if needed workers are spawned
● Each worker serves a request
● You can fine tune the behaviour to adapt it to your machine
24. Hot to install Nginx + PHP-FPM on
Ubuntu
● Version 1.1.19 of nginx is included in the standard ubuntu
12.04 repo
● Unofficial PPA for current stable and development versions
sudo add-apt-repository ppa:nginx/stable
sudo apt-get update
sudo apt-get install nginx
sudo apt-get install php5-fpm php5-cgi
25. A simple nginx host
configuration
#/etc/nginx/sites-available/default
server {
listen 80;
server_name localhost;
index index.php;
root /var/www;
location ~* .php$ {
#prevent cgi.fix_pathinfo=1 security hole
if (!-f $request_filename) {
return 404;
}
fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
}
26. Installing MongoDB
● Available through the standard Ubuntu repo
● 10gen repositories have fresher stable versions
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
#add to /etc/apt/sources.list
deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen
sudo apt-get update
sudo apt-get install mongodb-10gen
sudo apt-get install php5-mongo
● Mongo is the 10gen-supported PHP driver for MongoDB
● Missing phpMyAdmin? Try phpMoAdmin :-)
27. Using Mongo: a simple example
Source: http://www.php.net/manual/en/mongo.tutorial.php