Microservices architecture allows a very rich and complex application to be split into loosely coupled components each maintained by an autonomous team possibly using different technology. At least that is the case for back-ends. Front-ends are still largely monolithic, even though frameworks help reduce complexity.
After explaining the basics of Web Components and Atomic Design, I propose how to use them respectively as a technical and organizational framework for building and deploying full-stack microservices. The full user experience is simply a composition of micro-front-ends themselves reusing a project-wide or brand-wide collection of base components.
A demo application is shown to illustrate these concepts.
An exploration of why writers coming to DITA tend to find DITA hard and what we and they can do to help ease the transition from non-DITA to DITA-based authoring of sophisticated technical documents. Presents the martial art Aikido as a metaphor for DITA and as a source of strategies for providers and writers to use as they engage with DITA.
Presentation given by Alex Breeze FIA and Martin Tynan (both Octo Telematics) at "The Actuary as a Data Scientist" Conference (November 2018) organised by the Institute and Faculty of Actuaries.
Also publicly available here: https://www.actuaries.org.uk/learn-and-develop/conference-paper-archive/2018
An exploration of why writers coming to DITA tend to find DITA hard and what we and they can do to help ease the transition from non-DITA to DITA-based authoring of sophisticated technical documents. Presents the martial art Aikido as a metaphor for DITA and as a source of strategies for providers and writers to use as they engage with DITA.
Presentation given by Alex Breeze FIA and Martin Tynan (both Octo Telematics) at "The Actuary as a Data Scientist" Conference (November 2018) organised by the Institute and Faculty of Actuaries.
Also publicly available here: https://www.actuaries.org.uk/learn-and-develop/conference-paper-archive/2018
Niche bloggers up to multinational corporations, they are all interested in monitoring their web traffic and its patterns across time.
Google Analytics is the most widely used solution to keep track of this type of data. It provides a UI for a wide range of reports and possibilities for various types of visualizations.
Moreover, the availability of the Analytics API coupled with the corresponding R packages can now give more options for custom web analyses.
The plan for this talk is to cover the following :
• What is web analytics ? How it works ?
• Interfacing with the Analytics Reporting API via an R package (RGA)
• Practical analytics applications with R
• Discussion
O'Reilly SACON NY 2018 "Continuous Delivery Patterns for Contemporary Archite...Daniel Bryant
Last year at this conference we learned from Mark Richards that modern software has almost completed its evolution toward component-based architectures—seen in the mainstream embrace of self-contained systems (SCS), microservices, and serverless architecture. We all know the benefits of component-based architectures, but there are also many challenges to delivering such applications in a continuous, safe, and rapid fashion. Daniel Bryant shares a series of patterns to help you identify and implement solutions for continuous delivery of contemporary service-based architectures.
Topics include:
- The core stages in the component delivery lifecycle: Develop, test, deploy, operate, and observe
- How contemporary architectures impact continuous delivery and how to ensure that this is factored into the design
- Modifying the build pipeline to support testability and deployability of components (with a hat tip to Jez Humble’s and Dave Farley’s seminal work)
- Commonality between delivery of SCS, microservices, and serverless components
- Continuous delivery, service contracts, and end-to-end validation: The good, the bad, and the ugly
- Validating NFRs within a service pipeline
Lessons learned in the trenches
How to build an ETL pipeline with Apache Beam on Google Cloud DataflowLucas Arruda
Nowadays more and more companies are searching for insights with potential to grow their business by analyzing large amounts of data from many different systems. However, in order to reach this level of Big Data Analysis it's necessary to build an ETL pipeline that allows us to process raw data coming from different sources into an appropriate format that is possible to use against visualization tools such as Tableau.
This kind of data processing can be done by a variety of tools and in this presentation I show how to do it by using an unified programming model created by Google and open-sourced as the name of Apache Beam. We will build a simple pipeline that will be executed in the Cloud by a fully-managed service called Google Cloud Dataflow.
These are the slides from this video Talks # 4: Sebastien Fischman - Pytorch-TabNet: Beating XGBoost on Tabular Data Using Deep Learning : https://www.youtube.com/watch?v=ysBaZO8YmX8
The pytorch-tabnet repository is available here : https://github.com/dreamquark-ai/tabnet
Talk presented at Codemotion 2015.
Although the Request/Response pattern has allowed to build applications that were inconceivable when HTTP was invented, there is an increasing demand of solutions that require to push information to browsers or mobile clients as soon as it is available, using technologies like WebSockets. This has applications in messaging, notifications, games, IoT and collaborative apps, among others.
In this talk we will present the solutions available like socket.io, Faye, Pusher, PubNub or Carotene, how to integrate such services with existent or new codebases, its advantages, the challenges we will find and how to succeed bringing realtime communications to the table.
35C3: EventFahrplan - Lightning Talk - Day 2tobiaspreuss
One app to serve you all. A lightning talk at 35th Chaos Communication Congress in Leipzig at December 28, 2018 about the 35C3 Schedule app for Android.
-----------------------------------------------------------------------------------------
Project repository: https://github.com/EventFahrplan/EventFahrplan
35C3 wiki: https://events.ccc.de/congress/2018/wiki/index.php/Static:Lightning_Talks
Speaker: https://twitter.com/tbsprs
Recording: https://www.youtube.com/watch?v=Z6RC2vElU0U
Original recording: https://media.ccc.de/v/35c3-9566-lightning_talks_day_2
-----------------------------------------------------------------------------------------
Data is being generated all around us – from our smart phones tracking our movement through a city to the city itself sensing various properties and reacting to various conditions. However, to maximise the potential from all this data, it needs to be combined and coerced into models that enable analysis and interpretation. In this talk I will give an overview of the techniques that I have developed for data integration: integrating streams of sensor data with background contextual data and supporting multiple interpretations of linking data together. At the end of the talk I will overview the work I will be conducting in the Administrative Data Research Centre for Scotland.
GraphQL Without a Database | Frontend Developer LoveRoy Derks
Your frontend developers are pushing to get started with GraphQL, but you don’t have the backend capacity to migrate your existing REST APIs to GraphQL? Or you want to have a GraphQL API next to your existing endpoints that are based on REST, without having to rewrite all your controllers? In this talk I’ll show how to wrap existing REST APIs into one single GraphQL endpoint on both the client and server side. This allows you to access the power of GraphQL without having to change any of your existing code or connect to a database.
Flink for Everyone: Self Service Data Analytics with StreamPipes - Philipp Ze...Flink Forward
This talk presents StreamPipes (https://www.streampipes.org), an open source self-service data analytics solution leveraging existing big data technologies such as Apache Flink to provide non-technical users with an easy and intuitive way to connect, analyze and exploit a variety of different streaming data sources for their use.
Newly arising IoT-driven use cases in domains such as manufacturing, smart city or autonomous driving often demand for continuous integration and processing of sensor data in order to derive time-sensitive actions. One example is the optimization of maintenance processes based on the current condition of machines (condition-based maintenance). While this is technically already well supported by the existing big data tool landscape, building such applications still require a crucial set of expertise ranging from general domain expertise, programming skills to deep knowledge on distributed and scalable systems. Such skills are usually not present in hardware-focused manufacturing companies.
To mitigate these shortcomings, StreamPipes allows non-technical users to leverage a graphical editor to model and deploy analytical tasks as pipelines in a drag and drop manner. Pipelines are built based on a toolbox of reusable data adapters, processors and sinks. Toolbox elements encapsulate dedicated algorithms (e.g., filter, aggregation, machine learning classifiers) implemented in big data processing engines such as Apache Flink communicating over an internal distributed messaging system (e.g. Apache Kafka).
In this talk, we present technologies and tools enabling flexible modeling of real-time processing pipelines by domain experts. We motivate our talk by showing real-world examples we gathered from a number of industry projects during the past years in Industrial IoT domains such as manufacturing and supply chain management. For instance, we show how StreamPipes eases the accessibility of big data tools for non-technical users based on examples such as supervising a fleet of autonomous electric delivery vehicles as well as data analytics in one of the largest test areas for autonomous driving in Germany.
5th Qatar BIM User Day, Live modeling techniques on a single projectBIM User Day
Author: Laura Smagin | Atkins
Content:
- Understanding workflows using Revit Server with Clarity
- Utilizing your companies global experts without having to relocate staff for projects
- Using technology to bridge oceans for collaboration and coordination
About the Qatar BIM User Day: Qatar University, HOCHTIEF ViCon and Teesside University proudly take the initiative to facilitate modern and innovative methods in the Gulf construction industry. The focus is Building Information Modeling (BIM), and our aim is to establish a knowledge platform with government, research and industry experts. The User Day aims to help people to share knowledge, discuss new technologies, and identify new potentials for BIM.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Niche bloggers up to multinational corporations, they are all interested in monitoring their web traffic and its patterns across time.
Google Analytics is the most widely used solution to keep track of this type of data. It provides a UI for a wide range of reports and possibilities for various types of visualizations.
Moreover, the availability of the Analytics API coupled with the corresponding R packages can now give more options for custom web analyses.
The plan for this talk is to cover the following :
• What is web analytics ? How it works ?
• Interfacing with the Analytics Reporting API via an R package (RGA)
• Practical analytics applications with R
• Discussion
O'Reilly SACON NY 2018 "Continuous Delivery Patterns for Contemporary Archite...Daniel Bryant
Last year at this conference we learned from Mark Richards that modern software has almost completed its evolution toward component-based architectures—seen in the mainstream embrace of self-contained systems (SCS), microservices, and serverless architecture. We all know the benefits of component-based architectures, but there are also many challenges to delivering such applications in a continuous, safe, and rapid fashion. Daniel Bryant shares a series of patterns to help you identify and implement solutions for continuous delivery of contemporary service-based architectures.
Topics include:
- The core stages in the component delivery lifecycle: Develop, test, deploy, operate, and observe
- How contemporary architectures impact continuous delivery and how to ensure that this is factored into the design
- Modifying the build pipeline to support testability and deployability of components (with a hat tip to Jez Humble’s and Dave Farley’s seminal work)
- Commonality between delivery of SCS, microservices, and serverless components
- Continuous delivery, service contracts, and end-to-end validation: The good, the bad, and the ugly
- Validating NFRs within a service pipeline
Lessons learned in the trenches
How to build an ETL pipeline with Apache Beam on Google Cloud DataflowLucas Arruda
Nowadays more and more companies are searching for insights with potential to grow their business by analyzing large amounts of data from many different systems. However, in order to reach this level of Big Data Analysis it's necessary to build an ETL pipeline that allows us to process raw data coming from different sources into an appropriate format that is possible to use against visualization tools such as Tableau.
This kind of data processing can be done by a variety of tools and in this presentation I show how to do it by using an unified programming model created by Google and open-sourced as the name of Apache Beam. We will build a simple pipeline that will be executed in the Cloud by a fully-managed service called Google Cloud Dataflow.
These are the slides from this video Talks # 4: Sebastien Fischman - Pytorch-TabNet: Beating XGBoost on Tabular Data Using Deep Learning : https://www.youtube.com/watch?v=ysBaZO8YmX8
The pytorch-tabnet repository is available here : https://github.com/dreamquark-ai/tabnet
Talk presented at Codemotion 2015.
Although the Request/Response pattern has allowed to build applications that were inconceivable when HTTP was invented, there is an increasing demand of solutions that require to push information to browsers or mobile clients as soon as it is available, using technologies like WebSockets. This has applications in messaging, notifications, games, IoT and collaborative apps, among others.
In this talk we will present the solutions available like socket.io, Faye, Pusher, PubNub or Carotene, how to integrate such services with existent or new codebases, its advantages, the challenges we will find and how to succeed bringing realtime communications to the table.
35C3: EventFahrplan - Lightning Talk - Day 2tobiaspreuss
One app to serve you all. A lightning talk at 35th Chaos Communication Congress in Leipzig at December 28, 2018 about the 35C3 Schedule app for Android.
-----------------------------------------------------------------------------------------
Project repository: https://github.com/EventFahrplan/EventFahrplan
35C3 wiki: https://events.ccc.de/congress/2018/wiki/index.php/Static:Lightning_Talks
Speaker: https://twitter.com/tbsprs
Recording: https://www.youtube.com/watch?v=Z6RC2vElU0U
Original recording: https://media.ccc.de/v/35c3-9566-lightning_talks_day_2
-----------------------------------------------------------------------------------------
Data is being generated all around us – from our smart phones tracking our movement through a city to the city itself sensing various properties and reacting to various conditions. However, to maximise the potential from all this data, it needs to be combined and coerced into models that enable analysis and interpretation. In this talk I will give an overview of the techniques that I have developed for data integration: integrating streams of sensor data with background contextual data and supporting multiple interpretations of linking data together. At the end of the talk I will overview the work I will be conducting in the Administrative Data Research Centre for Scotland.
GraphQL Without a Database | Frontend Developer LoveRoy Derks
Your frontend developers are pushing to get started with GraphQL, but you don’t have the backend capacity to migrate your existing REST APIs to GraphQL? Or you want to have a GraphQL API next to your existing endpoints that are based on REST, without having to rewrite all your controllers? In this talk I’ll show how to wrap existing REST APIs into one single GraphQL endpoint on both the client and server side. This allows you to access the power of GraphQL without having to change any of your existing code or connect to a database.
Flink for Everyone: Self Service Data Analytics with StreamPipes - Philipp Ze...Flink Forward
This talk presents StreamPipes (https://www.streampipes.org), an open source self-service data analytics solution leveraging existing big data technologies such as Apache Flink to provide non-technical users with an easy and intuitive way to connect, analyze and exploit a variety of different streaming data sources for their use.
Newly arising IoT-driven use cases in domains such as manufacturing, smart city or autonomous driving often demand for continuous integration and processing of sensor data in order to derive time-sensitive actions. One example is the optimization of maintenance processes based on the current condition of machines (condition-based maintenance). While this is technically already well supported by the existing big data tool landscape, building such applications still require a crucial set of expertise ranging from general domain expertise, programming skills to deep knowledge on distributed and scalable systems. Such skills are usually not present in hardware-focused manufacturing companies.
To mitigate these shortcomings, StreamPipes allows non-technical users to leverage a graphical editor to model and deploy analytical tasks as pipelines in a drag and drop manner. Pipelines are built based on a toolbox of reusable data adapters, processors and sinks. Toolbox elements encapsulate dedicated algorithms (e.g., filter, aggregation, machine learning classifiers) implemented in big data processing engines such as Apache Flink communicating over an internal distributed messaging system (e.g. Apache Kafka).
In this talk, we present technologies and tools enabling flexible modeling of real-time processing pipelines by domain experts. We motivate our talk by showing real-world examples we gathered from a number of industry projects during the past years in Industrial IoT domains such as manufacturing and supply chain management. For instance, we show how StreamPipes eases the accessibility of big data tools for non-technical users based on examples such as supervising a fleet of autonomous electric delivery vehicles as well as data analytics in one of the largest test areas for autonomous driving in Germany.
5th Qatar BIM User Day, Live modeling techniques on a single projectBIM User Day
Author: Laura Smagin | Atkins
Content:
- Understanding workflows using Revit Server with Clarity
- Utilizing your companies global experts without having to relocate staff for projects
- Using technology to bridge oceans for collaboration and coordination
About the Qatar BIM User Day: Qatar University, HOCHTIEF ViCon and Teesside University proudly take the initiative to facilitate modern and innovative methods in the Gulf construction industry. The focus is Building Information Modeling (BIM), and our aim is to establish a knowledge platform with government, research and industry experts. The User Day aims to help people to share knowledge, discuss new technologies, and identify new potentials for BIM.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
2. whoami?
William Bartlett, Level 23
programmer
Agile Coach, Java dev,
Container enthusiast
Web Component nut (Polymer)
Former doctoral student
“Use the right tool for the
job”
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 2 / 45
9. Introduction
Issue
Issue
How to build a large product with entirely autonomous multi-disciplinary teams?
Bring microservices to the front-end
Tech solution: distributed web components
Org solution: Atomic Design
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 9 / 45
10. Introduction
Outline
It’s All Relative
Web Components
Atomic Design
Full-stack Microservices
Case Study
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 10 / 45
11. It’s All Relative
Section 2
It’s All Relative
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 11 / 45
14. It’s All Relative
OpenComponents, OpenTable
API for UI components
SSR or not
https://opencomponents.github.io/
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 14 / 45
15. It’s All Relative
Metaframework, CanopyTax
Single SPA
Runtime stitching of micro-frontends.
https://github.com/CanopyTax/single-spa
Example : https://single-spa.surge.sh/
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 15 / 45
16. It’s All Relative
Microservice Websites, Gustaf Nilsson Kotte
Microservice Websites
Scalable development of an evolvable system with great mobile performance.
performance
autonomy ⇒ heterogeneity and scalability
Manifesto
Article
Tools:
Edge-Side Includes
Client-Side Includes
Caching (Varnish)
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 16 / 45
17. It’s All Relative
Other options
JSP/ASP.Net Fragments
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 17 / 45
18. It’s All Relative
Other options
JSP/ASP.Net Fragments
JSP Tag Library
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 17 / 45
19. It’s All Relative
Other options
JSP/ASP.Net Fragments
JSP Tag Library
Struts Tiles
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 17 / 45
20. It’s All Relative
Other options
JSP/ASP.Net Fragments
JSP Tag Library
Struts Tiles
Portlets (Liferay)
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 17 / 45
21. It’s All Relative
Other options
JSP/ASP.Net Fragments
JSP Tag Library
Struts Tiles
Portlets (Liferay)
<iframe>
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 17 / 45
22. Web Components
Section 3
Web Components
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 18 / 45
23. Web Components
Web Components
Web Components
Reusable, modular components for the web.
4 W3C specifications
started in 2011
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 19 / 45
24. Web Components
Demo
Find this demo on CodePen
https://codepen.io/punkstarman/project/editor/AEKqQg
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 20 / 45
26. Web Components
It’s an HTML element
attributes
properties
events
styling
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 22 / 45
29. Web Components
Web Components in the Wild
Google (Polymer)
Chrome
YouTube, Drive, Contacts
Example app: Shop (https://shop.polymer-project.org/)
Electronic Arts
GitHub
Simpla
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 25 / 45
39. Full-stack Microservices
Microservices + Web Components
integration over HTTP
lazy loading
fault tolerance
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 35 / 45
40. Full-stack Microservices
Web Components + Atomic Design
Atomic Design is the methodology needed to develop a system of components efficiently.
Web Components are a solution that can enable Atomic Design.
DNF: integration components (AJAX, state)
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 36 / 45
48. Conclusion
Conclusion
+ Autonomous teams
+ expose API and components
+ RAD
+ choice of framework
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 44 / 45
49. Conclusion
Conclusion
+ Autonomous teams
+ expose API and components
+ RAD
+ choice of framework
− strong coupling between API and UI
− library design > application design
− difficult to isolate dependencies
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 44 / 45
51. Conclusion
Future Work
Dependency and Configuration Injection
Encapsulation of third party services:
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 45 / 45
52. Conclusion
Future Work
Dependency and Configuration Injection
Encapsulation of third party services:
Auth0, Keycloak, Okta, …
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 45 / 45
53. Conclusion
Future Work
Dependency and Configuration Injection
Encapsulation of third party services:
Auth0, Keycloak, Okta, …
Paypal
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 45 / 45
54. Conclusion
Future Work
Dependency and Configuration Injection
Encapsulation of third party services:
Auth0, Keycloak, Okta, …
Paypal
OAuth2 via Web Components: trust?
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 45 / 45
55. Conclusion
Future Work
Dependency and Configuration Injection
Encapsulation of third party services:
Auth0, Keycloak, Okta, …
Paypal
OAuth2 via Web Components: trust?
Logs, monitoring, instrumentation …
William Bartlett (Treeptik) Full-stack Microservices 15 November, 2018 45 / 45