Sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. It features solid transaction support, relations, eager and lazy loading, read replication and more.
Spring - Part 2 - Autowiring, Annotations, Java based Configuration - slidesHitesh-Java
In this Java Spring Training session, you will learn Spring AOP – Aspect Oriented Programming. Topics covered in this session are:
For more information, visit this link:
• Spring framework
• Inversion of Control
• Dependency Injection – Two types
• Defining beans using XML
• Inheriting beans
• Auto-wiring
• Annotations based configuration
• Java based configuration
https://www.mindsmapped.com/courses/software-development/spring-fundamentals-learn-spring-framework-and-spring-boot/
netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers.
iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different netfilter modules) and the chains and rules it stores.
Many systems use iptables/netfilter, Linux's native packet filtering/mangling framework since Linux 2.4, be it home routers or sophisticated cloud network stacks.
In this session, we will talk about the netfilter framework and its facilities, explain how basic filtering and mangling use-cases are implemented using iptables, and introduce some less common but powerful extensions of iptables.
Shmulik Ladkani, Chief Architect at Nsof Networks.
Long time network veteran and kernel geek.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
Some billions of forwarded packets later, Shmulik left his position as Jungo's lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud-based service, focusing around virtualization systems, network virtualization and SDN.
Recently he co-founded Nsof Networks, where he's been busy architecting network infrastructure as a cloud-based service, gazing at internet routes in astonishment, and playing the chkuku.
Presentation done at Kamailio World 2013, Berlin, Germany - several options for scalability of SIP routing with Kamailio, from configuration file tricks to stateless and stateful load balancing with dispatcher module.
Sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. It features solid transaction support, relations, eager and lazy loading, read replication and more.
Spring - Part 2 - Autowiring, Annotations, Java based Configuration - slidesHitesh-Java
In this Java Spring Training session, you will learn Spring AOP – Aspect Oriented Programming. Topics covered in this session are:
For more information, visit this link:
• Spring framework
• Inversion of Control
• Dependency Injection – Two types
• Defining beans using XML
• Inheriting beans
• Auto-wiring
• Annotations based configuration
• Java based configuration
https://www.mindsmapped.com/courses/software-development/spring-fundamentals-learn-spring-framework-and-spring-boot/
netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers.
iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different netfilter modules) and the chains and rules it stores.
Many systems use iptables/netfilter, Linux's native packet filtering/mangling framework since Linux 2.4, be it home routers or sophisticated cloud network stacks.
In this session, we will talk about the netfilter framework and its facilities, explain how basic filtering and mangling use-cases are implemented using iptables, and introduce some less common but powerful extensions of iptables.
Shmulik Ladkani, Chief Architect at Nsof Networks.
Long time network veteran and kernel geek.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
Some billions of forwarded packets later, Shmulik left his position as Jungo's lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud-based service, focusing around virtualization systems, network virtualization and SDN.
Recently he co-founded Nsof Networks, where he's been busy architecting network infrastructure as a cloud-based service, gazing at internet routes in astonishment, and playing the chkuku.
Presentation done at Kamailio World 2013, Berlin, Germany - several options for scalability of SIP routing with Kamailio, from configuration file tricks to stateless and stateful load balancing with dispatcher module.
Revisiting CephFS MDS and mClock QoS SchedulerYongseok Oh
This presents the CephFS performance scalability and evaluation results. Specifically, it addresses some technical issues such as multi core scalability, cache size, static pinning, recovery, and QoS.
5 things you didn't know nginx could dosarahnovotny
NGINX is a well kept secret of high performance web service. Many people know NGINX as an Open Source web server that delivers static content blazingly fast. But, it has many more features to help accelerate delivery of bits to your end users even in more complicated application environments. In this talk we'll cover several things that most developers or administrators could implement to further delight their end users.
High Availability Content Caching with NGINXNGINX, Inc.
On-Demand Recording:
https://www.nginx.com/resources/webinars/high-availability-content-caching-nginx/
You trust NGINX to be your web server, but did you know it’s also a high-performance content cache? In fact, the world’s most popular CDNs – CloudFlare, MaxCDN, and Level 3 among them – are built on top of the open source NGINX software.
NGINX content caching can drastically improve the performance of your applications. We’ll start with basic configuration, then move on to advanced concepts and best practices for architecting high availability and capacity in your application infrastructure.
Join this webinar to:
* Enable content caching with the key configuration directives
* Use micro caching with NGINX Plus to cache dynamic content while maintaining low CPU utilization
* Partition your cache across multiple servers for high availability and increased capacity
* Log transactions and troubleshoot your NGINX content cache
본 자료는 WildFly, JBoss AS7, JBoss EAP6에 대한 교육 자료입니다. 처음 접하시는 분들이나 세팅이 필요한 분들은 본 자료를 활용하시면 됩니다.
교육이 필요하시면 오픈소스컨설팅 페이스북에 글을 남겨주세요.
https://www.facebook.com/osckorea?ref=hl
Attack monitoring using ElasticSearch Logstash and KibanaPrajal Kulkarni
With growing trend of Big data, companies are tend to rely on high cost SIEM solutions. However, with introduction of open source and lightweight cluster management solution like ElasticSearch this has been the highlight of the year. Similarly, the log aggregation has been simplified by logstash and kibana providing a visual look to the complex data structure. This presentation will exactly cater to this need of having a appropriate log analysis+Detecting Intrusion+Visualizing data in a powerful interface.
Practical information for Alfresco integration with AOS (Sharepoint Protocol), Google Drive, Microsoft 365, ONLYOFFICE and Collabora Online.
Additionally ADW support for ONLYOFFICE is provided by https://github.com/atolcd/adf-onlyoffice-extension#installation
Learn how to load balance your applications following best practices with NGINX and NGINX Plus.
Join this webinar to learn:
- How to configure basic HTTP load balancing features
- The essential elements of load balancing: session persistence, health checks, and SSL termination
- How to load balance MySQL, DNS, and other common TCP/UDP applications
- How to have NGINX Plus automatically discover new service instances in an auto-scaling or microservices environment
I needed to ramp-up my Dev team on RESTful systems. Existing content on this topic was either too terse or too verbose.
So I created this deck as a necessary and sufficient tutorial on REST. The goal was for my Devs to walk away with enough of an understanding to be (and want to be) dangerous.
So here it is...REST in 18 slides (ok, 21 slides if you include Cover, References, and Thank You). This is more text-heavy than I prefer, but I needed an excuse to try out SlideShare so I opted for a presentation format.
Basic concept of nginx , Apache Vs Nginx , Nginx as Loadbalancer , Nginx as Reverse proxy , Configuration of nginx as load balancer and reverse proxy .
The attached is a summary of terms, description of constructs, integration alternatives and more in the networking world of Kubernetes, Openshift and AWS
Rate Limiting with NGINX and NGINX PlusNGINX, Inc.
On-demand recording: https://www.nginx.com/resources/webinars/rate-limiting-nginx/
Learn how to mitigate DDoS and password-guessing attacks by limiting the number of HTTP requests a user can make in a given period of time.
This webinar will teach you how to:
* How to protect application servers from being overwhelmed with request limits
* About the burst and no‑delay features for minimizing delay while handling large bursts of user requests
* How to use the map and geo blocks to impose different rate limits on different HTTP user requests
* About using the limit_req_log_level directive to set logging levels for rate‑limiting events
About the webinar
A delay of even a few seconds for a screen to render is interpreted by many users as a breakdown in the experience. There are many reasons for these breakdowns in the user experience, one of which is DDoS attacks which tie up your system’s resources.
Rate limiting is a powerful feature of NGINX that can mitigate DDoS attacks, which would otherwise overload your servers and hinder application performance. In this webinar, we’ll cover basic concepts as well as advanced configuration. We will finish with a live demo that shows NGINX rate limiting in action.
VMware ESXi - Intel and Qlogic NIC throughput difference v0.6David Pasek
We are observing different network throughputs on Intel X710 NICs and QLogic FastLinQ QL41xxx NIC. ESXi hardware supports NIC hardware offloading and queueing on 10Gb, 25Gb, 40Gb and 100Gb NIC adapters. Multiple hardware queues per NIC interface (vmnic) and multiple software threads on ESXi VMkernel is depicted and documented in this paper which may or may not be the root cause of the observed problem. The key objective of this document is to clearly document and collect NIC information on two specific Network Adapters and do a comparison to find the difference or at least root cause hypothesis for further troubleshooting.
While traditional on-prem systems have always been a target from internal and external attackers, recent times have seen increased attacks on Hadoop cloud deployments. Hadoop systems are going to be increasingly targeted due to the large volume of data that it stores. Many Hadoop installations on cloud are publicly accessible without any security measures which pose threat to exfiltration of large datasets and possibly crypto-mining on this infrastructure with its huge distributed compute capability.
Apache Knox provides multiple layers of security related to authentication, service-level authorization and web application security controls out of the box for multiple Hadoop components.
Apache Knox provides configuration to prevent common OWASP Top 10 security risks e.g. Cross-site Request Forgery (CSRF), Cross Site Scripting (XSS), MIME Content Type sniffing, Clickjacking, etc. We will also discuss controls like HTTP Strict Transport Security which prevents SSL Downgrade attacks and CORS filter for allowing applications to make cross domain requests only to specifically allowed hosts through XHR. Support to include/exclude Cipher suites and exclude SSL protocols enables compliance with hardening guidelines provided by CIS for application servers.
Knox has several supported authentication mechanisms with Kerberos underneath e.g. LDAP over SSL, AD, PAM based auth for Unix users, integration with Identity Providers like Okta, etc. Also, capabilities like Trusted Proxy, Single Sign-On auth, Hostmap Provider, Identity Assertion Provider, Client Authentication enhances the overall security posture.
We will also cover the typical kill-chain methodology tailored to Hadoop ecosystem which will help formulate the preventive measures against future compromises.
IP tables-the linux firewall. This link shows the pdf document that you can download.This is a useful document for the beginners, lays the attention to know more about the topic.
Revisiting CephFS MDS and mClock QoS SchedulerYongseok Oh
This presents the CephFS performance scalability and evaluation results. Specifically, it addresses some technical issues such as multi core scalability, cache size, static pinning, recovery, and QoS.
5 things you didn't know nginx could dosarahnovotny
NGINX is a well kept secret of high performance web service. Many people know NGINX as an Open Source web server that delivers static content blazingly fast. But, it has many more features to help accelerate delivery of bits to your end users even in more complicated application environments. In this talk we'll cover several things that most developers or administrators could implement to further delight their end users.
High Availability Content Caching with NGINXNGINX, Inc.
On-Demand Recording:
https://www.nginx.com/resources/webinars/high-availability-content-caching-nginx/
You trust NGINX to be your web server, but did you know it’s also a high-performance content cache? In fact, the world’s most popular CDNs – CloudFlare, MaxCDN, and Level 3 among them – are built on top of the open source NGINX software.
NGINX content caching can drastically improve the performance of your applications. We’ll start with basic configuration, then move on to advanced concepts and best practices for architecting high availability and capacity in your application infrastructure.
Join this webinar to:
* Enable content caching with the key configuration directives
* Use micro caching with NGINX Plus to cache dynamic content while maintaining low CPU utilization
* Partition your cache across multiple servers for high availability and increased capacity
* Log transactions and troubleshoot your NGINX content cache
본 자료는 WildFly, JBoss AS7, JBoss EAP6에 대한 교육 자료입니다. 처음 접하시는 분들이나 세팅이 필요한 분들은 본 자료를 활용하시면 됩니다.
교육이 필요하시면 오픈소스컨설팅 페이스북에 글을 남겨주세요.
https://www.facebook.com/osckorea?ref=hl
Attack monitoring using ElasticSearch Logstash and KibanaPrajal Kulkarni
With growing trend of Big data, companies are tend to rely on high cost SIEM solutions. However, with introduction of open source and lightweight cluster management solution like ElasticSearch this has been the highlight of the year. Similarly, the log aggregation has been simplified by logstash and kibana providing a visual look to the complex data structure. This presentation will exactly cater to this need of having a appropriate log analysis+Detecting Intrusion+Visualizing data in a powerful interface.
Practical information for Alfresco integration with AOS (Sharepoint Protocol), Google Drive, Microsoft 365, ONLYOFFICE and Collabora Online.
Additionally ADW support for ONLYOFFICE is provided by https://github.com/atolcd/adf-onlyoffice-extension#installation
Learn how to load balance your applications following best practices with NGINX and NGINX Plus.
Join this webinar to learn:
- How to configure basic HTTP load balancing features
- The essential elements of load balancing: session persistence, health checks, and SSL termination
- How to load balance MySQL, DNS, and other common TCP/UDP applications
- How to have NGINX Plus automatically discover new service instances in an auto-scaling or microservices environment
I needed to ramp-up my Dev team on RESTful systems. Existing content on this topic was either too terse or too verbose.
So I created this deck as a necessary and sufficient tutorial on REST. The goal was for my Devs to walk away with enough of an understanding to be (and want to be) dangerous.
So here it is...REST in 18 slides (ok, 21 slides if you include Cover, References, and Thank You). This is more text-heavy than I prefer, but I needed an excuse to try out SlideShare so I opted for a presentation format.
Basic concept of nginx , Apache Vs Nginx , Nginx as Loadbalancer , Nginx as Reverse proxy , Configuration of nginx as load balancer and reverse proxy .
The attached is a summary of terms, description of constructs, integration alternatives and more in the networking world of Kubernetes, Openshift and AWS
Rate Limiting with NGINX and NGINX PlusNGINX, Inc.
On-demand recording: https://www.nginx.com/resources/webinars/rate-limiting-nginx/
Learn how to mitigate DDoS and password-guessing attacks by limiting the number of HTTP requests a user can make in a given period of time.
This webinar will teach you how to:
* How to protect application servers from being overwhelmed with request limits
* About the burst and no‑delay features for minimizing delay while handling large bursts of user requests
* How to use the map and geo blocks to impose different rate limits on different HTTP user requests
* About using the limit_req_log_level directive to set logging levels for rate‑limiting events
About the webinar
A delay of even a few seconds for a screen to render is interpreted by many users as a breakdown in the experience. There are many reasons for these breakdowns in the user experience, one of which is DDoS attacks which tie up your system’s resources.
Rate limiting is a powerful feature of NGINX that can mitigate DDoS attacks, which would otherwise overload your servers and hinder application performance. In this webinar, we’ll cover basic concepts as well as advanced configuration. We will finish with a live demo that shows NGINX rate limiting in action.
VMware ESXi - Intel and Qlogic NIC throughput difference v0.6David Pasek
We are observing different network throughputs on Intel X710 NICs and QLogic FastLinQ QL41xxx NIC. ESXi hardware supports NIC hardware offloading and queueing on 10Gb, 25Gb, 40Gb and 100Gb NIC adapters. Multiple hardware queues per NIC interface (vmnic) and multiple software threads on ESXi VMkernel is depicted and documented in this paper which may or may not be the root cause of the observed problem. The key objective of this document is to clearly document and collect NIC information on two specific Network Adapters and do a comparison to find the difference or at least root cause hypothesis for further troubleshooting.
While traditional on-prem systems have always been a target from internal and external attackers, recent times have seen increased attacks on Hadoop cloud deployments. Hadoop systems are going to be increasingly targeted due to the large volume of data that it stores. Many Hadoop installations on cloud are publicly accessible without any security measures which pose threat to exfiltration of large datasets and possibly crypto-mining on this infrastructure with its huge distributed compute capability.
Apache Knox provides multiple layers of security related to authentication, service-level authorization and web application security controls out of the box for multiple Hadoop components.
Apache Knox provides configuration to prevent common OWASP Top 10 security risks e.g. Cross-site Request Forgery (CSRF), Cross Site Scripting (XSS), MIME Content Type sniffing, Clickjacking, etc. We will also discuss controls like HTTP Strict Transport Security which prevents SSL Downgrade attacks and CORS filter for allowing applications to make cross domain requests only to specifically allowed hosts through XHR. Support to include/exclude Cipher suites and exclude SSL protocols enables compliance with hardening guidelines provided by CIS for application servers.
Knox has several supported authentication mechanisms with Kerberos underneath e.g. LDAP over SSL, AD, PAM based auth for Unix users, integration with Identity Providers like Okta, etc. Also, capabilities like Trusted Proxy, Single Sign-On auth, Hostmap Provider, Identity Assertion Provider, Client Authentication enhances the overall security posture.
We will also cover the typical kill-chain methodology tailored to Hadoop ecosystem which will help formulate the preventive measures against future compromises.
IP tables-the linux firewall. This link shows the pdf document that you can download.This is a useful document for the beginners, lays the attention to know more about the topic.
linux operating system is spreading all over the world among users day after day, in this slide you can know more about linux operating system and specialy linux firewall which is called ip table.
This presentation describes the term firewall and it's concepts and provides basic information about it's unix-based software implementations: ebtables, arptables and iptables. This document is a part of a powerpoint presentation which I also uploaded. Made as a project for university course
Кластеризации поисковых запросов в IpythonМихаил Жуковец
Примеры практической реализации методов кластеризации ключевых слов на языке python с применением библиотеки scikit-learn. Реализованы два популярных алгоритма - K-Means и иерархическая кластеризация. В качестве признаков ключевых слов приведены примеры для семантического состава фраз и кластеризация по ТОП.
Performance optimization of virtual network infrastructure (RUS, OpenStack Me...Vadim Ponomarev
Event: OpenStack Meetup St.Petersburg 26.07.2016 (https://www.meetup.com/OpenStack-Russia-St-Petersburg/events/241112848/)
In this talk, I explained how TCP/IP stack works on all levels. How Linux kernel reads data from network card memory, how bits of data become a frame and they become a packet of traffic. the most interesting part of this talk - is how to tune TCP/IP stack for the real load on production systems.
Разработка OpenFlow-коммутатора на базе сетевого процессора EZchipARCCN
Доклад Васина Вячеслава (ЦПИКС) на семинаре Консорциума университетов по изучению и развитию передовых технологий в сфере компьютерных сетей. 20 октября 2016 года
Доклад Кулагина И.И., Пазникова А.А., Курносова М.Г. "Оптимизация информационных обменов в параллельных PGAS-программах" на 3-й Всероссийской научно-технической конференции «Суперкомпьютерные технологии» (СКТ-2014)
29 сентября – 4 октября 2014 г., с. Дивноморское
6. Цепочки
● Цепочка – последовательность правил.
● Последовательность обработки правил в
цепочке.
● Политика по-умолчанию.
● Пользовательские цепочки, jump.
14. Пример работы
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -A INPUT -m state
--state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo0 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80
-j ACCEPT
iptables -A OUTPUT -m state
--state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o lo0 -j ACCEPT
iptables -A OUTPUT -d 192.168.128.1/32 -p udp
-m udp --dport 53 -j ACCEPT
iptables -A OUTPUT -d 192.168.128.4/32 -p tcp
-m tcp --dport 25 -j ACCEPT
15. Утилиты 2
● iptables -L -nv --line-numbers
● modprobe :-)
● iptables-save/iptables-restore
# Generated by iptables-save v1.4.2
*filter
:INPUT ACCEPT [2681429:2895113549]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1534731:149800594]
:test - [0:0]
-A INPUT -j test
-A OUTPUT -j test
COMMIT
# Completed on Wed Mar 25 16:08:20 2009
● ip6tables{,-save,-restore}
16. TCPMSS
“This target is used to overcome criminally
braindead ISPs or servers which block
"ICMP Fragmentation Needed" or "ICMPv6
Packet Too Big" packets.”
iptables -t mangle -A FORWARD
-m tcp -p tcp
--tcp-flags SYN,RST SYN
-j TCPMSS --clamp-mss-to-pmtu