- DST has established rules for organizing and securing big data across business units, with each unit representing a separate "data domain"
- Access to data domains is restricted by default between units, but agreements can grant additional access for approved purposes
- The document describes setting up a Linux file system to mirror this structure using users, groups, directories, and access control lists (ACLs) to partition and control access to simulated "data domains" according to the business rules.
Valtech - Big Data & NoSQL : au-delà du nouveau buzzValtech
Frederic Sauzet, Consultant, Valtech
Frederic.Sauzet@valtech.fr
Herve Desaunois, Responsable Technique
Herve.Desaunois@valtech.fr
Ces nouvelles bases de données spécialisées comme Hbase et Neo4j sont de très bonnes solutions pour répondre à de nouvelles problématiques : comme un nombre grandissant de données multi-canales à stocker et à exploiter ou à l’exploitation des graphes sociaux du Web 2.0. Les leaders du Web comme Facebook, Twitter, Google, Adobe, Viadeo se sont emparés de ces solutions très performantes de types NoSQL pour bâtir leur empire de données.
12 core technologies you should learn, love, and hate to be a 'real' technocratlinoj
Presentation at PodCamp New Hampshire 2009
A "dim sum" (light sampling) of core technologies which everyone who considers themselves a "technocrat" should have some understanding and appreciation. Since there's a lot to cover, each topic will move pretty quickly, keeping the descriptions at a conceptual level.
A quick overview of Elasticsearch usage at Dailymotion for video search
Talk given at Elasticsearch Meetup France #7
June 10, 2014
http://www.meetup.com/elasticsearchfr/events/171946592/
Sample Cloud Application Security and Operations Policy [release]LinkedIn
Modern employees have lots of data to work with, and they expect easy-to-use tools that work everywhere they do. To accomplish this, organizations are now taking on a “Cloud First” strategy, and moving critical infrastructure onto hosted providers. This de-centralization means that as ever-increasing amounts of data and processing are shifted out of the direct control of IT and security management, security teams must institute a suite of controls that will ensure the safety of company and customer data. We have developed this Cloud Application Policy Framework to help those responsible for the Confidentiality, Accessibility, and Integrity of corporate data identify the controls that must be in place to successfully complete this mission.
Valtech - Big Data & NoSQL : au-delà du nouveau buzzValtech
Frederic Sauzet, Consultant, Valtech
Frederic.Sauzet@valtech.fr
Herve Desaunois, Responsable Technique
Herve.Desaunois@valtech.fr
Ces nouvelles bases de données spécialisées comme Hbase et Neo4j sont de très bonnes solutions pour répondre à de nouvelles problématiques : comme un nombre grandissant de données multi-canales à stocker et à exploiter ou à l’exploitation des graphes sociaux du Web 2.0. Les leaders du Web comme Facebook, Twitter, Google, Adobe, Viadeo se sont emparés de ces solutions très performantes de types NoSQL pour bâtir leur empire de données.
12 core technologies you should learn, love, and hate to be a 'real' technocratlinoj
Presentation at PodCamp New Hampshire 2009
A "dim sum" (light sampling) of core technologies which everyone who considers themselves a "technocrat" should have some understanding and appreciation. Since there's a lot to cover, each topic will move pretty quickly, keeping the descriptions at a conceptual level.
A quick overview of Elasticsearch usage at Dailymotion for video search
Talk given at Elasticsearch Meetup France #7
June 10, 2014
http://www.meetup.com/elasticsearchfr/events/171946592/
Sample Cloud Application Security and Operations Policy [release]LinkedIn
Modern employees have lots of data to work with, and they expect easy-to-use tools that work everywhere they do. To accomplish this, organizations are now taking on a “Cloud First” strategy, and moving critical infrastructure onto hosted providers. This de-centralization means that as ever-increasing amounts of data and processing are shifted out of the direct control of IT and security management, security teams must institute a suite of controls that will ensure the safety of company and customer data. We have developed this Cloud Application Policy Framework to help those responsible for the Confidentiality, Accessibility, and Integrity of corporate data identify the controls that must be in place to successfully complete this mission.
PuppetConf 2016: A Tale of Two Hierarchies: Group Policy & Puppet – Matt Ston...Puppet
Here are the slides from Matt Stone's PuppetConf 2016 presentation called A Tale of Two Hierarchies: Group Policy & Puppet . Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
BSides Hawaii 2020: Dude, Wheres My Domain AdminsJoel M. Leo
Slides from my talk at BSides Hawaii 2020.
*Attacker pops a workstation on your domain*
*Attacker establishes her foothold and local persistence*
*Attacker begins recon of AD, starting with Domain Admins*
ERROR: The group name could not be found.
Attacker, with a disconcerted look on her face: "Dude, where's my Domain Admins?"
Killchains that involve AD usually involve enumeration of highly-privileged accounts: members of Domain/Enterprise/Builtin Admins, Server Operators, etc. Those groups and their members can be enumerated in AD by default, exposing members as targets of exploitation to obtain those privileges. However, there's a way to use in-the-box AD capabilities to thwart these attempts. Using List Object mode, implicit deny, and AdminSDHolder/SDProp, AD defenders can hide these principals from unprivileged users. In this talk, I'll walk you through the principles, process, and pitfalls, so you can raise the bar on your AD defenses without blowing things up.
OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...NETWAYS
I gave a talk titled "Continuous Integration in data centers“ at OSDC in 2013, presenting ways how to realize continuous integration/delivery with Jenkins and related tools.Three years later we gained new tools in our continuous delivery pipeline, including Docker, Gerrit and Goss. Over the years we also had to deal with different problems caused by faster release cycles, a growing team and gaining new projects. We therefore established code review in our pipeline, improved our test infrastructure and invested in our infrastructure automation.In this talk I will discuss the lessons we learned over the last years, demonstrate how a proper continuous delivery pipeline can improve your life and how open source tools like Jenkins, Docker and Gerrit can be leveraged for setting up such an environment.
Lean Drupal Repositories with Composer and DrushPantheon
Composer is the industry-standard PHP dependency manager that is now in use in Drupal 8 core. This session will show the current best practices for using Composer, drupal-composer, drupal-scaffold, Drush, Drupal Console and Drush site-local aliases to streamline your Drupal 7 and Drupal 8 site repositories for optimal use on teams.
Slides from 10/21 talk at PuppetConf 2016 in San Diego.
The Design Patterns book is more than just a collection of elegant solutions to common problems, it provides us with a vocabulary and framework for analyzing those problems. Discussing and applying design patterns helps shift the focus from the immediate problem to design. As the Puppet community converged on an idea of what "good" code looks like, Puppet design patterns began to emerge and design became more important. With more and more complex software being modeled in Puppet, those design patterns are more relevant than ever before. As the Puppet language takes on more general purpose and orchestration features, the need for good design patterns only grows with every release. This talk will discuss some of those design patterns and the problems that they solve.
The 5 Minute DBA-DBA Skills for Non-DBApercona2013
The presentation provides you with the essential tips to ensure that your database runs smoothly if you are pressed for time.
Percona provides an in-depth review of your database and recommends appropriate changes by performing a complete MySQL health check in which we identify inefficiencies, find problems before they occur, and ensure that your MySQL database is in the best condition.
A free webinar to learn how to make your site secure.
Learn :
- Common problems that are easily overlooked
- Simple solutions to forecast that your website may be under attack
- Easy two step trick using an FTP client to correct a very common mistake
- Hidden gems of data in your site that often indicate a hack or pending hack
- and more
If you own or maintain an open source website, based on Joomla, WordPress or Drupal, you owe it to yourself to attend. Don't fall victim to these common problems that hit even the most savvy of administrator. Join the webinar and learn how you can improve your security at little to no cost.
See you at the webinar. Be prepared to take notes.
Visit www.corephp.com to learn more about 'corePHP'
PuppetConf 2016: A Tale of Two Hierarchies: Group Policy & Puppet – Matt Ston...Puppet
Here are the slides from Matt Stone's PuppetConf 2016 presentation called A Tale of Two Hierarchies: Group Policy & Puppet . Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
BSides Hawaii 2020: Dude, Wheres My Domain AdminsJoel M. Leo
Slides from my talk at BSides Hawaii 2020.
*Attacker pops a workstation on your domain*
*Attacker establishes her foothold and local persistence*
*Attacker begins recon of AD, starting with Domain Admins*
ERROR: The group name could not be found.
Attacker, with a disconcerted look on her face: "Dude, where's my Domain Admins?"
Killchains that involve AD usually involve enumeration of highly-privileged accounts: members of Domain/Enterprise/Builtin Admins, Server Operators, etc. Those groups and their members can be enumerated in AD by default, exposing members as targets of exploitation to obtain those privileges. However, there's a way to use in-the-box AD capabilities to thwart these attempts. Using List Object mode, implicit deny, and AdminSDHolder/SDProp, AD defenders can hide these principals from unprivileged users. In this talk, I'll walk you through the principles, process, and pitfalls, so you can raise the bar on your AD defenses without blowing things up.
OSDC 2016 - Continous Integration in Data Centers - Further 3 Years later by ...NETWAYS
I gave a talk titled "Continuous Integration in data centers“ at OSDC in 2013, presenting ways how to realize continuous integration/delivery with Jenkins and related tools.Three years later we gained new tools in our continuous delivery pipeline, including Docker, Gerrit and Goss. Over the years we also had to deal with different problems caused by faster release cycles, a growing team and gaining new projects. We therefore established code review in our pipeline, improved our test infrastructure and invested in our infrastructure automation.In this talk I will discuss the lessons we learned over the last years, demonstrate how a proper continuous delivery pipeline can improve your life and how open source tools like Jenkins, Docker and Gerrit can be leveraged for setting up such an environment.
Lean Drupal Repositories with Composer and DrushPantheon
Composer is the industry-standard PHP dependency manager that is now in use in Drupal 8 core. This session will show the current best practices for using Composer, drupal-composer, drupal-scaffold, Drush, Drupal Console and Drush site-local aliases to streamline your Drupal 7 and Drupal 8 site repositories for optimal use on teams.
Slides from 10/21 talk at PuppetConf 2016 in San Diego.
The Design Patterns book is more than just a collection of elegant solutions to common problems, it provides us with a vocabulary and framework for analyzing those problems. Discussing and applying design patterns helps shift the focus from the immediate problem to design. As the Puppet community converged on an idea of what "good" code looks like, Puppet design patterns began to emerge and design became more important. With more and more complex software being modeled in Puppet, those design patterns are more relevant than ever before. As the Puppet language takes on more general purpose and orchestration features, the need for good design patterns only grows with every release. This talk will discuss some of those design patterns and the problems that they solve.
The 5 Minute DBA-DBA Skills for Non-DBApercona2013
The presentation provides you with the essential tips to ensure that your database runs smoothly if you are pressed for time.
Percona provides an in-depth review of your database and recommends appropriate changes by performing a complete MySQL health check in which we identify inefficiencies, find problems before they occur, and ensure that your MySQL database is in the best condition.
A free webinar to learn how to make your site secure.
Learn :
- Common problems that are easily overlooked
- Simple solutions to forecast that your website may be under attack
- Easy two step trick using an FTP client to correct a very common mistake
- Hidden gems of data in your site that often indicate a hack or pending hack
- and more
If you own or maintain an open source website, based on Joomla, WordPress or Drupal, you owe it to yourself to attend. Don't fall victim to these common problems that hit even the most savvy of administrator. Join the webinar and learn how you can improve your security at little to no cost.
See you at the webinar. Be prepared to take notes.
Visit www.corephp.com to learn more about 'corePHP'
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
3. • DST has established internal rules around the use of
Big Data
• Data flowing into our data lake is partitioned by,
what we call, Data Domains
• Each DST business unit is in essence at least one
Data Domain
• Data Domains serve as the primary method of
organizing our permission-ing
Big (or not) Data Security
4. • By default, one Business Unit is not granted access
to another’s data
• Agreements between business units are made to
access data for purpose
• Internal Data Scientists are given cross-Business Unit
access to data
• Management mandate to secure data which has not
been explicitly granted access
What This Means
4
5. • These rules result in a very complex matrix of permissions
• Example below
• Data Doman ‘Business Unit A’ may be accessed by Business Unit A and Business
Unit D. Business Units B and C may not access this Data Domain
Complexity
5
BU A BU B BU C BU D
DataDomain
Business Unit A X X
Business Unit B X X
Business Unit C X X X
Third Party Data X X
6. • Let’s deal with just text data on a file system in a Linux server
• Logical approach is to arrange directories to track with the Data Domains
• For permission-ing, create a group and directory for each Data Domain
• Assign the group ownership as appropriate
• Set umask to 007 – new files to have u:rw-, g:rw-, o:--- permissions
Scenario
6
10. • The directory for the Data Domain ‘Business Unit A’ can be accessed by
members of the ‘bua’ group
• How can we grant additional access to the ‘bud’ group, but still restrict
other groups?
Complexity Redux
10
BU A BU B BU C BU D
DataDomain
Business Unit A X X
Business Unit B X X
Business Unit C X X X
Third Party Data X X
11. • POSIX Access Control Lists (ACLs) are the answer to our dilemma
• Not enabled by default. Needs to be enabled at the filesystem level
• mount with the remount and acl options can enable
• mount –o remount –o acl /dev/sda5 /home
• See your system administrator for the permanent enable
The Secret Sauce
11
12. • setfacl is used to set the ACL for a file or directory
• getfacl is used to query and list the ACL of a file or directory
• Our specific need:
• In addition to rwx permissions for the group ‘buag’, add rwx permissions for
the group ‘budg’ to the directory ‘bua’
• In addition to rwx permissions for the group ‘bubg’, add rwx permissions for
the group ‘budg’ to the directory ‘bub’
• In addition to rwx permissions for the group ‘bucg’, add rwx permissions for
the groups ‘bubg’ and ‘budg’ to the directory ‘buc’
• In addition to rwx permissions for the group ‘tpdg’, add rwx permissions for the
groups ‘bucg’ and ‘budg’ to the directory ‘tpd’
The Tools
12
13. • In addition to rwx permissions for the group ‘buag’, add rwx permissions
for the group ‘budg’ to the directory and contents of ‘bua’
• setfacl –R --set u::rwx,g::rwx,o::-,g:budg:rwx bua
• In addition to rwx permissions for the group ‘bubg’, add rwx permissions
for the group ‘budg’ to the directory and contents of ‘bub’
• setfacl –R --set u::rwx,g::rwx,o::-,g:budg:rwx bub
• In addition to rwx permissions for the group ‘bucg’, add rwx permissions
for the groups ‘bubg’ and ‘budg’ to the directory and contents of ‘buc’
• setfacl –R --set u::rwx,g::rwx,o::-,g:bubg:rwx,g:budg:rwx buc
• In addition to rwx permissions for the group ‘tpdg’, add rwx permissions
for the groups ‘bucg’ and ‘budg’ to the directory and contents of ‘tpd’
• setfacl –R --set u::rwx,g::rwx,o::-,g:bucg:rwx,g:budg:rwx tpd
The Commands
13
15. • Hadoop HDFS v2.6 adds POSIX ACLs
• Make sure to turn it on first
hdfs-site.xml
<property>
<name>dfs.namenode.acls.enabled</name>
<value>true</value>
</property>
• Reboot the namenode
• Set an ACL
hdfs dfs -setfacl -m u::rwx,g::rwx,o::-,g:budg:rwx /bua
• See the ACLs
hdfs dfs –getfacl /bua
How To Hadoop It
15
16. • Use a Default ACL for Automatic Application to New Children
sudo setfacl -d --set u::rwx,g::rwx,o::-,g:budg:rwx bua
sudo setfacl -d --set u::rwx,g::rwx,o::-,g:budg:rwx bub
sudo setfacl -d --set u::rwx,g::rwx,o::-,g:bubg:rwx,g:budg:rwx buc
sudo setfacl -d --set u::rwx,g::rwx,o::-,g:bucg:rwx,g:budg:rwx tpd
• And in Hadoop…
hadoop fs -setfacl --set d:u::rwx,d:g::rwx,d:o::-,d:g:budg:rwx bua
hadoop fs -setfacl --set d:u::rwx,d:g::rwx,d:o::-,d:g:budg:rwx bub
hadoop fs -setfacl --set d:u::rwx,d:g::rwx,d:o::-,d:g:bubg:rwx,d:g:budg:rwx buc
hadoop fs -setfacl --set d:u::rwx,d:g::rwx,d:o::-,d:g:bucg:rwx,d:g:budg:rwx tpd
Other Goodies
16
18. • Don’t forget about the sticky bit
• Makes it so that only root or the directory owner can delete files
sudo chmod +t bua
• Use the setgid bit to set new files in a directory to have the same group
owner as the directory.
• Very handy when paired with default ACLS
sudo chmod g+s bua
Last Extra Bits
18