Continuous deployment is a a process that allows companies to release software in minutes instead of days, weeks, or months.
Pascal-Louis Perez will describe how to use continuous deployment to iterate so fast that you run circles around the competition. He will cover the high level concepts as well as the nitty gritty details including examples from the continuous deployment system that he and his team developed at KaChing.
Pascal-Louis is the VP of Engineering and CTO at KaChing, where he practices continuous deployment continuously.
He previously worked at Google and holds a Master's degree in Computer Science from Stanford University.
Chaos Engineering is the discipline of experimenting on a distributed system in order to build confidence in the system’s capability to withstand turbulent conditions in production.
Chaos Engineering – why we should all practice breaking things on purpose by ...Alex Cachia
What can we learn from fire fighters to make the systems we come to depend upon become more robust and resilient? In this talk, I will introduce what Chaos Engineering is and why it is important and share some real case studies of how people like Netflix and Amazon are applying these techniques to create more resilient systems for the benefit of their customers.
Chaos Engineering is the discipline of experimenting on a distributed system in order to build confidence in the system’s capability to withstand turbulent conditions in production.
Chaos Engineering – why we should all practice breaking things on purpose by ...Alex Cachia
What can we learn from fire fighters to make the systems we come to depend upon become more robust and resilient? In this talk, I will introduce what Chaos Engineering is and why it is important and share some real case studies of how people like Netflix and Amazon are applying these techniques to create more resilient systems for the benefit of their customers.
In a rare mash-up, DevOps is increasingly blending the work of both application and network security professionals. In a quest to move faster, organizations can end up creating security vulnerabilities using the tools and products meant to protect them. Both Chris Gates (carnal0wnage) and Ken Johnson (cktricky) will share their collaborative research into the technology driving DevOps as well as share their stories of what happens when these tools are used insecurely as well as when the tools are just insecure.
Technologies discussed will encompass AWS Technology, Chef, Puppet, Hudson/Jenkins, Vagrant, Kickstart and much, much more. Everything from common misconfigurations to remote code execution will be presented. This is research to bring awareness to those responsible for securing a DevOps environment.
[CB16] About the cyber grand challenge: the world’s first all-machine hacking...CODE BLUE
The Cyber Grand Challenge (CGC) was announced in 2013--a first-of-its-kind competition in which fully autonomous systems would compete in a Capture The Flag (CTF) tournament. Starting from over 100 teams consisting of some of the top security researchers and hackers in the world, only 7 teams qualified to the final round. These 7 teams competed against eachother to guard their own software with IDS rules and software patches while attacking the other systems. All of this was done without access to program source code nor access to humans.
This never-before-seen level of autonomy demonstrated the state of the art in areas of computer security including static analysis, automated bug finding, automatic exploit generation, and automatic software patching. Over the course of just 10 hours, these systems competed to analyze over 80 totally new pieces of software, showing capabilities beyond what anyone has ever seen before.
In this talk we will discuss the Cyber Grand Challenge, explaining what it entailed, what the results mean, and how these advances will influence software security in the near future. Additionally, we will share lessons learned from the winning CGC team, and take a look at the future of automatic software analysis.
--- Tyler Nighswander
Tyler has been a computer hacker for several years. While an undergraduate student at Carnegie Mellon University, Tyler was one of the initial members of the hacking team known as the Plaid Parliament of Pwning. This team rose from a small group of students to the number one competitive hacking team in the world. After traveling around the world competing in hacking competitions, Tyler settled down and now works on making humans and computers think more like hackers at ForAllSecure. In 2016, the automated system he helped create won the DARPA Cyber Grand Challenge.
Need to-know patterns building microservices - java oneVincent Kok
Microservices are still the rage—and for good reason. However, like any other emerging architecture, they’re not a silver bullet and anyone who adopts this architecture will need to learn and identify new patterns, patterns you didn’t need to know about in a monolithic world. This session discusses when to make the switch to a microservice architecture and the patterns Atlassian has identified in building microservices. They include patterns in code organization, configuration management, deployment, resilience, and decomposition. After this session, you will be able to identify whether you should give microservice architecture a try and, if so, you will have a toolbox full of patterns to apply in your own situation.
Almost 3 years with Kubernetes and some "war stories", we will take the top-down approach to kubernetes and take a glimpse of the bottom-up and where we could customize it.
Microservices 5 Things I Wish I'd Known - JFall 2017Vincent Kok
Microservices are still the rage—and for good reason. However, like any other emerging architecture, they’re not a silver bullet and anyone who adopts this architecture will need to learn and identify new patterns, patterns you didn’t need to know about in a monolithic world. This session discusses when to make the switch to a microservice architecture and the patterns Atlassian has identified in building microservices. They include patterns in code organization, configuration management, deployment, resilience, and decomposition. After this session, you will be able to identify whether you should give microservice architecture a try and if so, you will have a toolbox full of patterns to apply to your own situation.
Businesses are speeding up development and automating operations to remain competitive and to get large organizations to scale. Project based monolithic application updates are replaced by product teams owning containerized microservices. This puts developers on call, responsible for pushing code to production, fixing it when it breaks, and managing the cost and security aspects of running their microservices. In this world operations skill-sets are either embedded in the microservices development teams, or building and operating API driven platforms. The platform automates stress testing, canary based deployment, penetration testing and enforces availability and security requirements. There are no meetings or tickets to file in the delivery process for updating a containerized microservice, which can happen many times a day, and takes seconds to complete. The role of site reliability engineering moves from firefighting and fixing outages to buiding tools for finding problems and routing those problems to the right developers. SREs manage the incident lifecycle for customer visible problems, and measure and publish availability metrics. This may sound futuristic but Werner Vogels described this as “You build it, you run it” in 2006.
Microservices 5 things i wish i'd known code motionVincent Kok
Microservices are hot! A lot of companies are experimenting with this architectural pattern that greatly benefits the software development process. When adopting new patterns we always encounter that moment where we think 'if only I knew this three months ago'. This talk will be a sneak peak into the world of microservices at Atlassian and reveal what we've learned about microservices: how to arrange, configure and build your code efficiently; deployment and testing; and how to operate effectively in this environment. In this talk you will learn how to immediately apply five simple strategies.
As the world of system and application deployment continues to change, the sys admin and security community needs to change with it. With agile development, continuous deployment, the pace of change in IT has only increased. Add in Dev/Ops and the traditional sys admin and security processes just don’t work. How can you rapidly deliver servers and applications while making sure they are built reliably and securely. Rackspace has been developing a tool to help them design, deploy and security assess complex configurations for customers called Checkmate. This talk will cover the concepts behind and the architecture of Checkmate and how it helps minimize the time to deploy systems and verify they have been created to spec and in a secure state. A discussion of how Checkmate has inspired the concept of Test Driven Security based on the Test Driven Development model familiar to the development world.
Abstract: kaChing powers the largest social investment site on the web with nearly 500,000 registered users. Our mission is to make the investment world open by offering transparent investment vehicles that directly compete with mutual funds.
Over the past year and a half, we have built a large feature set and evolved our software continuously with very short iterations and (almost) no regression. In this talk, I will present our experience building a large test-driven code base from the ground up. Using concrete examples, we will have a look at component based APIs, declarative programming, minimizing the concepts of an API, specific cases of separation of concern and interactions with third-party software. We will look at multiple programming paradigms from languages such as Scala, shell script and Prolog and see how these ideas can be embedded as syntactic sugar in your Java.
This is a presentation I gave to 100+ people at Rev1 Ventures in Columbus, OH. The presentation was about how to define DevOps. Like any new concept, there are multiple and sometimes competing definitions. I've found that implementations of DevOps can change but there are some very common anti-patterns. Lastly, I talk about how we implement DevOps at Bold Penguin.
This session will re-evaluate Cassandra’s relationship with runtime and build systems, pointing out ways that the existing systems fall down, and identifying avenues for improvement. Over the past few years, a number of platforms have emerged for running user code. Container runtimes like Docker, container orchestrators such as Kubernetes, and metrics collections agents like Prometheus and Spectator have all gained popularity and mind-share. Cassandra functionality such as metrics, bootstrapping, and monitoring integrates with the newer paradigms, but in an ad-hoc and improvised fashion. By taking a purposeful approach to integrating with these new methods of deployment, the Cassandra community can more fully benefit from their advertised strengths. The Cassandra build system based on Ant+Ivy dates to the early 2000’s, and reflects legacy complexity that could be avoided with modern build systems. Cassandra’s system package builds are not much better and often fail to integrate with industry standards such as systemd. Iterating on the existing systems is difficult, but this technical debt slows innovation in our build systems. In this talk, we propose solutions to make building, deploying and monitoring Cassandra easy and low overhead, while taking advantage of cloud advancements wherever possible.
Incorporating the AWS Well-Architected Framework into Your Architecture (ARC2...Amazon Web Services
In this session, we discuss how to incorporate the AWS Well-Architected Framework into your architecture. Find out how to ensure that you are well-architected from the outset.
Learn how to use AWS services to automate manual tasks, help teams manage complex environments at scale, and keep engineers in control of the high velocity that is enabled by DevOps. In this session, we will provide an overview of the various AWS development and deployment services and when best to use them. We will show how to build a fully automated infrastructure and software delivery pipeline with AWS CodePipeline, AWS CodeBuild, AWS CloudFormation and AWS CodeDeploy. At the end of the session, a GitHub repository of AWS CloudFormation templates will be provided so you can quickly deploy the same pipeline to your AWS account(s).
Analyze This! CloudBees Jenkins Cluster Operations and AnalyticsCloudBees
More and more organizations are jumping on the Continuous Delivery bandwagon to remain competitive. As they do so, they use Jenkins to on-board teams and to orchestrate their continuous delivery pipelines.
Jenkins Operations Center by CloudBees is the tool that helps organizations run their CI infrastructure at scale.
In this webinar, you will learn about:
* Reference architecture to build resilient Jenkins that onboard teams quickly
* Cluster Operations - helps to manage multiple Jenkins instances simultaneously.
* Want to install a new plugin on a 4 Jenkins masters ? We got that covered!
* CloudBees Analytics - offers insight into build and performance analytics.
* Want to know the number of jobs failing across 4 masters - we've got that covered too!
ShipItCon - Continuous Deployment and Multicloud with Ansible and KubernetesMihai Criveti
Continuous Deployment and Multi-Cloud with Ansible, Packer, OpenSCAP and Kubernetes
Building and automating a multi-cloud pipeline using Ansible, Packer, OpenSCAP and Molecule
Using Kubernetes to orchestrate containers at scale
ShipItCon is a community driven, not-for-profit conference about Software Delivery https://shipitcon.com/
In a rare mash-up, DevOps is increasingly blending the work of both application and network security professionals. In a quest to move faster, organizations can end up creating security vulnerabilities using the tools and products meant to protect them. Both Chris Gates (carnal0wnage) and Ken Johnson (cktricky) will share their collaborative research into the technology driving DevOps as well as share their stories of what happens when these tools are used insecurely as well as when the tools are just insecure.
Technologies discussed will encompass AWS Technology, Chef, Puppet, Hudson/Jenkins, Vagrant, Kickstart and much, much more. Everything from common misconfigurations to remote code execution will be presented. This is research to bring awareness to those responsible for securing a DevOps environment.
[CB16] About the cyber grand challenge: the world’s first all-machine hacking...CODE BLUE
The Cyber Grand Challenge (CGC) was announced in 2013--a first-of-its-kind competition in which fully autonomous systems would compete in a Capture The Flag (CTF) tournament. Starting from over 100 teams consisting of some of the top security researchers and hackers in the world, only 7 teams qualified to the final round. These 7 teams competed against eachother to guard their own software with IDS rules and software patches while attacking the other systems. All of this was done without access to program source code nor access to humans.
This never-before-seen level of autonomy demonstrated the state of the art in areas of computer security including static analysis, automated bug finding, automatic exploit generation, and automatic software patching. Over the course of just 10 hours, these systems competed to analyze over 80 totally new pieces of software, showing capabilities beyond what anyone has ever seen before.
In this talk we will discuss the Cyber Grand Challenge, explaining what it entailed, what the results mean, and how these advances will influence software security in the near future. Additionally, we will share lessons learned from the winning CGC team, and take a look at the future of automatic software analysis.
--- Tyler Nighswander
Tyler has been a computer hacker for several years. While an undergraduate student at Carnegie Mellon University, Tyler was one of the initial members of the hacking team known as the Plaid Parliament of Pwning. This team rose from a small group of students to the number one competitive hacking team in the world. After traveling around the world competing in hacking competitions, Tyler settled down and now works on making humans and computers think more like hackers at ForAllSecure. In 2016, the automated system he helped create won the DARPA Cyber Grand Challenge.
Need to-know patterns building microservices - java oneVincent Kok
Microservices are still the rage—and for good reason. However, like any other emerging architecture, they’re not a silver bullet and anyone who adopts this architecture will need to learn and identify new patterns, patterns you didn’t need to know about in a monolithic world. This session discusses when to make the switch to a microservice architecture and the patterns Atlassian has identified in building microservices. They include patterns in code organization, configuration management, deployment, resilience, and decomposition. After this session, you will be able to identify whether you should give microservice architecture a try and, if so, you will have a toolbox full of patterns to apply in your own situation.
Almost 3 years with Kubernetes and some "war stories", we will take the top-down approach to kubernetes and take a glimpse of the bottom-up and where we could customize it.
Microservices 5 Things I Wish I'd Known - JFall 2017Vincent Kok
Microservices are still the rage—and for good reason. However, like any other emerging architecture, they’re not a silver bullet and anyone who adopts this architecture will need to learn and identify new patterns, patterns you didn’t need to know about in a monolithic world. This session discusses when to make the switch to a microservice architecture and the patterns Atlassian has identified in building microservices. They include patterns in code organization, configuration management, deployment, resilience, and decomposition. After this session, you will be able to identify whether you should give microservice architecture a try and if so, you will have a toolbox full of patterns to apply to your own situation.
Businesses are speeding up development and automating operations to remain competitive and to get large organizations to scale. Project based monolithic application updates are replaced by product teams owning containerized microservices. This puts developers on call, responsible for pushing code to production, fixing it when it breaks, and managing the cost and security aspects of running their microservices. In this world operations skill-sets are either embedded in the microservices development teams, or building and operating API driven platforms. The platform automates stress testing, canary based deployment, penetration testing and enforces availability and security requirements. There are no meetings or tickets to file in the delivery process for updating a containerized microservice, which can happen many times a day, and takes seconds to complete. The role of site reliability engineering moves from firefighting and fixing outages to buiding tools for finding problems and routing those problems to the right developers. SREs manage the incident lifecycle for customer visible problems, and measure and publish availability metrics. This may sound futuristic but Werner Vogels described this as “You build it, you run it” in 2006.
Microservices 5 things i wish i'd known code motionVincent Kok
Microservices are hot! A lot of companies are experimenting with this architectural pattern that greatly benefits the software development process. When adopting new patterns we always encounter that moment where we think 'if only I knew this three months ago'. This talk will be a sneak peak into the world of microservices at Atlassian and reveal what we've learned about microservices: how to arrange, configure and build your code efficiently; deployment and testing; and how to operate effectively in this environment. In this talk you will learn how to immediately apply five simple strategies.
As the world of system and application deployment continues to change, the sys admin and security community needs to change with it. With agile development, continuous deployment, the pace of change in IT has only increased. Add in Dev/Ops and the traditional sys admin and security processes just don’t work. How can you rapidly deliver servers and applications while making sure they are built reliably and securely. Rackspace has been developing a tool to help them design, deploy and security assess complex configurations for customers called Checkmate. This talk will cover the concepts behind and the architecture of Checkmate and how it helps minimize the time to deploy systems and verify they have been created to spec and in a secure state. A discussion of how Checkmate has inspired the concept of Test Driven Security based on the Test Driven Development model familiar to the development world.
Abstract: kaChing powers the largest social investment site on the web with nearly 500,000 registered users. Our mission is to make the investment world open by offering transparent investment vehicles that directly compete with mutual funds.
Over the past year and a half, we have built a large feature set and evolved our software continuously with very short iterations and (almost) no regression. In this talk, I will present our experience building a large test-driven code base from the ground up. Using concrete examples, we will have a look at component based APIs, declarative programming, minimizing the concepts of an API, specific cases of separation of concern and interactions with third-party software. We will look at multiple programming paradigms from languages such as Scala, shell script and Prolog and see how these ideas can be embedded as syntactic sugar in your Java.
This is a presentation I gave to 100+ people at Rev1 Ventures in Columbus, OH. The presentation was about how to define DevOps. Like any new concept, there are multiple and sometimes competing definitions. I've found that implementations of DevOps can change but there are some very common anti-patterns. Lastly, I talk about how we implement DevOps at Bold Penguin.
This session will re-evaluate Cassandra’s relationship with runtime and build systems, pointing out ways that the existing systems fall down, and identifying avenues for improvement. Over the past few years, a number of platforms have emerged for running user code. Container runtimes like Docker, container orchestrators such as Kubernetes, and metrics collections agents like Prometheus and Spectator have all gained popularity and mind-share. Cassandra functionality such as metrics, bootstrapping, and monitoring integrates with the newer paradigms, but in an ad-hoc and improvised fashion. By taking a purposeful approach to integrating with these new methods of deployment, the Cassandra community can more fully benefit from their advertised strengths. The Cassandra build system based on Ant+Ivy dates to the early 2000’s, and reflects legacy complexity that could be avoided with modern build systems. Cassandra’s system package builds are not much better and often fail to integrate with industry standards such as systemd. Iterating on the existing systems is difficult, but this technical debt slows innovation in our build systems. In this talk, we propose solutions to make building, deploying and monitoring Cassandra easy and low overhead, while taking advantage of cloud advancements wherever possible.
Incorporating the AWS Well-Architected Framework into Your Architecture (ARC2...Amazon Web Services
In this session, we discuss how to incorporate the AWS Well-Architected Framework into your architecture. Find out how to ensure that you are well-architected from the outset.
Learn how to use AWS services to automate manual tasks, help teams manage complex environments at scale, and keep engineers in control of the high velocity that is enabled by DevOps. In this session, we will provide an overview of the various AWS development and deployment services and when best to use them. We will show how to build a fully automated infrastructure and software delivery pipeline with AWS CodePipeline, AWS CodeBuild, AWS CloudFormation and AWS CodeDeploy. At the end of the session, a GitHub repository of AWS CloudFormation templates will be provided so you can quickly deploy the same pipeline to your AWS account(s).
Analyze This! CloudBees Jenkins Cluster Operations and AnalyticsCloudBees
More and more organizations are jumping on the Continuous Delivery bandwagon to remain competitive. As they do so, they use Jenkins to on-board teams and to orchestrate their continuous delivery pipelines.
Jenkins Operations Center by CloudBees is the tool that helps organizations run their CI infrastructure at scale.
In this webinar, you will learn about:
* Reference architecture to build resilient Jenkins that onboard teams quickly
* Cluster Operations - helps to manage multiple Jenkins instances simultaneously.
* Want to install a new plugin on a 4 Jenkins masters ? We got that covered!
* CloudBees Analytics - offers insight into build and performance analytics.
* Want to know the number of jobs failing across 4 masters - we've got that covered too!
ShipItCon - Continuous Deployment and Multicloud with Ansible and KubernetesMihai Criveti
Continuous Deployment and Multi-Cloud with Ansible, Packer, OpenSCAP and Kubernetes
Building and automating a multi-cloud pipeline using Ansible, Packer, OpenSCAP and Molecule
Using Kubernetes to orchestrate containers at scale
ShipItCon is a community driven, not-for-profit conference about Software Delivery https://shipitcon.com/
Why do containers suddenly matter so much when they have been around since 1998? Take a look at the potential of OpenStack's Magnum, Murano and Nova-Docker in the context leveraging the incredible interest in Linux Containers brought about by Docker.
Check out www.stackengine.com to learn more about our excellent container management solution.
Traditional application security cannot keep pace with pace of change in applicaiton development - that model is dead. Move beyond the 5 stages of grief and get your agile security on. This talk covers practices that helped the product security team at Rackspace keep up with the rate of change facing modern day application security teams.
Chaos Engineering - The Art of Breaking Things in ProductionKeet Sugathadasa
This is an introduction to Chaos Engineering - the Art of Breaking things in Production. This is conducted by two Site Reliability Engineers which explains the concepts, history, principles along with a demonstration of Chaos Engineering
The technical talk is given in this video: https://youtu.be/GMwtQYFlojU
Just In Time Scalability Agile Methods To Support Massive Growth PresentationTimothy Fitz
Eric Reis and Chris Hondl's MySQL conference presentation on Just In Time Scalability. http://startuplessonslearned.blogspot.com/2008/09/just-in-time-scalability.html
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1MaB0Lv.
Evan Krall talks about Paasta, which is Yelp's platform for running services, built on Docker, Mesos, Marathon, SmartStack, git, and Jenkins. Filmed at qconnewyork.com.
Evan Krall is a Site Reliability Engineer at Yelp, and has been hacking on Docker at Yelp since 2013.
Learn about the Fuchsia RFC Process (https://fuchsia.dev/fuchsia-src/contribute/governance/rfcs/rfc_process): what it is, when it should be used, how it works, and how to make the best of it.
Survey of corporate finance knowledge.
Top-of-mind for the CEO / founder:
- Company creation, and initial share pool
- Raising capital the usual way
- Raising capital via debt
- Raising capital via bridge loans
- Common Shares vs Preferred Shares
- Section 409A, and valuation
- Employee pool growth (and equity plan, e.g. http://www.slideshare.net/wealthfront/wealthfront-equity-plan)
Top-of-mind for employees:
- Shares, Options and valuing a grant
- Exercise
- Tax Scenarios
Developing an Immune System — The Hard and Soft Skills required to avoid OutagesPascal-Louis Perez
In just three years, Square has achieved ubiquitous recognition for mobile card processing grossing over $10B a year in credit card transactions. At the heart of Square's technology are many financial systems which must operate safely, correctly, and sustain rapid growth.
During this tech talk, Pascal will describe the concept of an immune system, go over best practices, share lessons leaned and provide a detailed layering of best practices. This talk will cover non-controversial topics such ad TDD, but from new angles. We'll also cover emerging practices like continuous deployment, and softer areas such as engineering management practices geared towards safety. You'll come out of this session with a fresh perspective on how to build software.
Applying Compiler Techniques to Iterate At Blazing SpeedPascal-Louis Perez
In this session, we will present real life applications of compiler techniques helping kaChing achieve ultra confidence and power its incredible 5 minutes commit-to-production cycle [1]. We'll talk about idempotency analysis [2], dependency detection, on the fly optimisations, automatic memoization [3], type unification [4] and more! This talk is not suitable for the faint-hearted... If you want to dive deep, learn about advanced JVM topics, devoure bytecode and see first hand applications of theoretical computer science, join us.
[1] http://eng.kaching.com/2010/05/deployment-infrastructure-for.html
[2] http://en.wikipedia.org/wiki/Idempotence
[3] http://en.wikipedia.org/wiki/Memoization
[4] http://eng.kaching.com/2009/10/unifying-type-parameters-in-java.html
At kaChing (www.kaching.com), we are on a 5-minute commit-to-production cycle. We have adopted continuous deployment as a way of life and as the natural next step to continuous integration.
In this talk, I will present how we achieved this extreme iteration cycle. We will start at a very high level and look at the two fundamental aspects of software: transformations, which are stateless data operations, and interactions, which deal with state (such as a database, or an e-mail server). With this background we will delve into practical matters and survey kaChing's testing infrastructure by motivating each category of tests with different kind of problems often encountered. Finally, we will look at software patterns that lend themselves to testing and achieving separation of concerns allowing unparalleled software composability.
(This talk will focus on a Java environment even though the discussion will be largely applicable.)
A high-level overview of the Closure Compiler's type system, type checking and type system capabilities. For a full description http://code.google.com/closure/compiler/docs/js-for-compiler.html
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
4. Pivot Our vision of bringing the quality of Ivy League Endowment management to retail is unaltered Powering a marketplace where customers entrust high end managers with their money in separately managed accounts. We are SEC & FINRA regulated. Three years ago, kaChing was a fantasy stock trading app for young adults on facebook. Our strategy was to create an eco system where avid amateurs could rise through the ranks and make it to pro league. Pascal-Louis Perez, kaChing Group Inc.
5. Constant tension between product and development. Right architecture only in the context of how it is used. Initially, you don’t know for sure how something will be used! We’ve adopted proportional investing Build cheap When you spend X hours of time fixing problems Spend a corresponding X hours improving the feature Pascal-Louis Perez, kaChing Group Inc. Build “Right” Features
6. Strive for 80% of the value for 20% of the cost Realize that 80% of what you build will go to waste. Validate before investing more time! Pascal-Louis Perez, kaChing Group Inc. 80/20
7. Errors Are Costly! Continuous Deployment is a mission critical way of running our business which provides tremendous value Errors are costly Brand impact SLA penalties And when you’re regulated, there’s also liabilities Turning the wheels on the software with high confidence provides tremendous business value Pascal-Louis Perez, kaChing Group Inc.
9. What is Continuous Deployment? Continuous, successful and repeatable methodology to deploying code Automates every steps of taking checked in code and making it run on production servers, used by customers Pascal-Louis Perez, kaChing Group Inc.
11. Release is a Marketing ConcernReducing Code Inventory is Engineering’s Job Pascal-Louis Perez, kaChing Group Inc.
12. Homage to Gursky: 'Kirksky‘copyright 2010 by Kirk Crippens Supermarket Analogy (Think Safeway) You don’t close the store to fill the shelves! Continuously get fresh merchandise out For product releases, simply close or hide the aisle
13. Traditional Release Organization Software organized as a tree Trunk is what goes on production, it is The Truth Engineers work on features in branches Features get integrated into trunk Release train on regular cyclic period QA ensures correctness of each train P1 bugs get patched back into the train Flip the switch release Pascal-Louis Perez, kaChing Group Inc.
14. Timeline Pascal-Louis Perez, kaChing Group Inc. QA Stage Release Fix P1 Bugs Development Cut a Release Integrate Patches 1-4 Weeks
15. Timeline, Revisited Pascal-Louis Perez, kaChing Group Inc. Deployment Automated QA Stage Fix P1 Bugs Release Development or Testing Cut a Release Integrate Patches Monitoring Experiments 5-10 Minutes
16. Experiments Split features which are not finished“if press person, show the new home page”if (isInExperiment(NEW_HOME_PAGE)) { …} else { …} Pascal-Louis Perez, kaChing Group Inc. (Yes, this is just like A/B Testing)
17. True Story Investment managers calls, comments about unintuitive trading flow. Improvements are made, and deployed within the next 20 minutes. We call him back “What do you think of the improvement?” Pascal-Louis Perez, kaChing Group Inc.
18. Benefits of Continuous Deployment It allows quick iterations Obsoletes processes, e.g. “cutting a release” Reduces risk Everyone is aware of production No one throws code over the wall Exposes 24x7 operational requirements Trunk stable Pascal-Louis Perez, kaChing Group Inc.
20. kaChing’s Architecture Service oriented system Vertical sharding Everything uses the same platform kawala Coordination using ZooKeeper Data interchange using JSON and Protobufs Pascal-Louis Perez, kaChing Group Inc.
21. Typical Stack Clustered services, multiple instances Replicated databases (e.g. MySQL, Redis, …) Caching (e.g. memcached) Denormalized data (e.g. Voldemort) Pascal-Louis Perez, kaChing Group Inc.
23. Development Trunk stable Small, frequent commits Unreleased features live behind experiments Forward & Backward compatibility Responsive code review Pair difficult problems Trivial rollbacks
24. Testing Philosophy Only automated testing matters If it isn’t tested, it isn’t finished or correct Write testable code Embrace abstractions Testing is cross functional, we all own quality
25. Benefits of TDD It allows quick iterations It empowers engineers to change anything, and as such helps in scaling the team It is more cost effective than debugging It obsoletes the need for functional QA It facilitates continuous refactoring, allowing the code to get better with age It attracts the right kind of engineers Pascal-Louis Perez, kaChing Group Inc.
26. Types of Testing Unit Testing - does the code work? Integration Testing - does the code work together? Regression Testing - learn from your mistakes Frontend Testing - a whole different ballgame
27. Defensive Testing Capture invariants in tests Nightmare scenarios A common conversation at lunch: Alice: What would happen if X blew up? Bob: uh... the site would go down. Fix it, test for it
39. Monitoring Philosophy Prefer business metrics Monitor statistical deviations not absolute values Automatically annotate graphs
40. Monitoring Errors False negatives - errors of omission False positives - errors of implementation
41. End to End Monitoring Run Selenium on production Accessibility, Speed Ad-hoc Keynote - customized for our flows Must control data creation, analytics impact
43. Quarantining Isolate new releases Flexible partitioning of requests Gradually shift load to fresh services Pascal-Louis Perez, kaChing Group Inc.
44. Describing Infrastructure Many moving parts nagios, collectd, backups, services, databases, … Consistency is key Adding new tools should be easy and thorough Standardize best practices Pascal-Louis Perez, kaChing Group Inc.
45. TGIF? Pascal-Louis Perez, kaChing Group Inc. We will be hosting a TGIF in August in our office@pascallouis / @kachingeng
46. References We’re Recruiting jobs@kaching.com kaChing’s blog http://eng.kaching.com kawalahttp://bit.ly/kawala Deployment Infrastructure http://eng.kaching.com/2010/05/deployment-infrastructure-for.html Extreme Testing http://bit.ly/9bOFaA Writing Testable Codehttp://googletesting.blogspot.com/2008/08/by-miko-hevery-so-you-decided-to.html The Testability Explorer Bloghttp://misko.hevery.com ZooKeeperhttp://bit.ly/kc-zookeeper Lessons Learned http://startuplessonslearned.com Pascal-Louis Perez, kaChing Group Inc.