Introduction to Relax and Recover (http://relax-and-recover.org) for automated Linux Disaster Recovery.
Update on the project progress and the details about the current state of UEFI support.
UEFI Firmware Rootkits: Myths and RealitySally Feller
Earlier this month, we teased a proof of concept for UEFI ransomware which was presented at RSA Conference 2017. The HackingTeam, Snowden, Shadow Brokers, and Vault7 leaks have revealed that UEFI/BIOS implants aren't just a theoretical concept but have actually been weaponized by nation states to conduct cyber espionage. Physical access requirements are a thing of the past, these low level implants can be installed remotely by exploiting vulnerabilities in the underlying UEFI system.
Today at BlackHat Asia 2017, we are disclosing two vulnerabilities in two different models of the GIGABYTE BRIX platform:
GB-BSi7H-6500 – firmware version: vF6 (2016/05/18)
GB-BXi7-5775 – firmware version: vF2 (2016/07/19)
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...Moabi.com
Pre-boot authentication software, in particular full hard disk encryption software, play a key role in preventing information theft. In this paper, we present a new class of vulnerability affecting multiple high value pre-boot authentication software, including the latest Microsoft disk encryption technology : Microsoft Vista's Bitlocker, with TPM chip enabled. Because Pre-boot authentication software programmers commonly make wrong assumptions about the inner workings of the BIOS interruptions responsible for handling keyboard input, they typically use the BIOS API without flushing or initializing the BIOS internal keyboard buffer. Therefore, any user input including plain text passwords remains in memory at a given physical location. In this article, we first present a detailed analysis of this new class of vulnerability and generic exploits for Windows and Unix platforms under x86 architectures. Unlike current academic research aiming at extracting information from the RAM, our practical methodology does not require any physical access to the computer to extract plain text passwords from the physical memory. In a second part, we will present how this information leakage combined with usage of the BIOS API without careful initialization of the BIOS keyboard buffer can lead to computer reboot without console access and full security bypass of the pre-boot authentication pin if an attacker has enough privileges to modify the bootloader. Other related work include information leakage from CPU caches, reading physical memory thanks to firewire and switching CPU modes.
UEFI Firmware Rootkits: Myths and RealitySally Feller
Earlier this month, we teased a proof of concept for UEFI ransomware which was presented at RSA Conference 2017. The HackingTeam, Snowden, Shadow Brokers, and Vault7 leaks have revealed that UEFI/BIOS implants aren't just a theoretical concept but have actually been weaponized by nation states to conduct cyber espionage. Physical access requirements are a thing of the past, these low level implants can be installed remotely by exploiting vulnerabilities in the underlying UEFI system.
Today at BlackHat Asia 2017, we are disclosing two vulnerabilities in two different models of the GIGABYTE BRIX platform:
GB-BSi7H-6500 – firmware version: vF6 (2016/05/18)
GB-BXi7-5775 – firmware version: vF2 (2016/07/19)
[DEFCON 16] Bypassing pre-boot authentication passwords by instrumenting the...Moabi.com
Pre-boot authentication software, in particular full hard disk encryption software, play a key role in preventing information theft. In this paper, we present a new class of vulnerability affecting multiple high value pre-boot authentication software, including the latest Microsoft disk encryption technology : Microsoft Vista's Bitlocker, with TPM chip enabled. Because Pre-boot authentication software programmers commonly make wrong assumptions about the inner workings of the BIOS interruptions responsible for handling keyboard input, they typically use the BIOS API without flushing or initializing the BIOS internal keyboard buffer. Therefore, any user input including plain text passwords remains in memory at a given physical location. In this article, we first present a detailed analysis of this new class of vulnerability and generic exploits for Windows and Unix platforms under x86 architectures. Unlike current academic research aiming at extracting information from the RAM, our practical methodology does not require any physical access to the computer to extract plain text passwords from the physical memory. In a second part, we will present how this information leakage combined with usage of the BIOS API without careful initialization of the BIOS keyboard buffer can lead to computer reboot without console access and full security bypass of the pre-boot authentication pin if an attacker has enough privileges to modify the bootloader. Other related work include information leakage from CPU caches, reading physical memory thanks to firewire and switching CPU modes.
Hi,
This presentation contains history of Unix operating system.
Kindly send me your comments to ankitmehta21@gmail.com so it will help me to improve future presentations.
Thanks,
Ankit Mehta
ankitmehta21@gmail.com
"Relax and Recover", an Open Source mksysb for Linux on PowerSebastien Chabrolles
This deck was presented during IBM systems technical university in London (2016).
Have you ever dreamed to have an "MKSYSB like" solution to quickly backup/restore your Linux on Power ? If the answer is YES, the opensource solution named Relax and Recover (ReaR) may be for you. Come to this session to learn more about how to implement and the capabilities of this solution through presentation and live demonstration.
Hi,
This presentation contains history of Unix operating system.
Kindly send me your comments to ankitmehta21@gmail.com so it will help me to improve future presentations.
Thanks,
Ankit Mehta
ankitmehta21@gmail.com
"Relax and Recover", an Open Source mksysb for Linux on PowerSebastien Chabrolles
This deck was presented during IBM systems technical university in London (2016).
Have you ever dreamed to have an "MKSYSB like" solution to quickly backup/restore your Linux on Power ? If the answer is YES, the opensource solution named Relax and Recover (ReaR) may be for you. Come to this session to learn more about how to implement and the capabilities of this solution through presentation and live demonstration.
BITS: Introduction to linux, distributions and installationBITS
This slide is part of the BITS training session: "Introduction to linux for life sciences."
See http://www.bits.vib.be/index.php?option=com_content&view=article&id=17203890%3Abioperl-additional-material&catid=84&Itemid=284
Support helping to make safety backups of your PC before testing secureboot (disclamer), to know about its ubuntu implementation (hardware & firmware), to test it.
Open Source Backup Conference 2014: Rear, by Ralf DannertNETWAYS
ReaR(Relax and Recover) is delivered as part of the SUSE Linux High Availability Extension.
We show -by way of example- how corporations integrate ReaR during Preparation, Testing and Recovery as buildingblock of their disaster recovery strategy.In the technical part we will highlight the AutoYaST/YaST integration with rear-suse.
We will also investigate some of the adaptations, that had to be done to make ReaR work with upcoming SLES12, that will include systemd and grub2 to be able to automatically recover btrfs subvolumes.
Bootkit threats have always been a powerful weapon in the hands of cybercriminals, allowing them to establish persistent and stealthy presence in their victims' systems. The most recent notable spike in bootkit infections was associated with attacks on 64-bit versions of the Microsoft Windows platform, which restrict the loading of unsigned kernel-mode drivers. However, these bootkits aren't effective against UEFI-based platforms. So, are UEFI-based machines immune against bootkit threats (or would they be)?
The aim of this presentation is to show how bootkit threats have evolved over time and what we should expect in the near future. Firstly, we will summarize what we've learned about the bootkits seen in the wild targeting the Microsoft Windows platform: from TDL4 and Rovnix (which was used by the Carberp banking trojan) up to Gapz (which employs one of the stealthiest bootkit infection techniques seen so far). We will review their infection approaches and the methods they have employed to evade detection and removal from the system.
Secondly, we will look at the security of the increasingly popular UEFI platform from the point of view of the bootkit author, as UEFI is becoming a target of choice for researchers in offensive security, and proof-of-concept bootkits targeting Windows 8 OS using UEFI have already been released. We will focus on various attack vectors against UEFI and discuss available tools and what measures should be taken to mitigate against them.
TechMentor Fall, 2011 - Packaging Software for Automated Deployment with Wind...Concentrated Technology
Whether you’ve attended Greg’s earlier sessions or not, you probably recognize the value in automating application installs. The trick is in getting those installs to do their work silently, without prompting for questions. The hard part, indeed the art, is in that packaging of software. Microsoft MVP Greg Shields has been packaging and deploying software for nearly a decade. In this do-not-miss session, he’ll share his secret tricks in getting the job done. And tricks they are! Whether you’re deploying software through Group Policy, System Center Configuration Manager, a Windows deployment solution, or any of the third party options out there, this session contains the knowledge you’ll need for them all. Don’t miss this one. What you learn might just be the most powerful thing you discover all week at TechMentor.
Embedded Recipes 2018 - Yoctoception: Containers in the embedded world - Jéré...Anne Nicolas
Containerisation is a new player in the embedded world. Provisionning and rapid deployment doesn’t really make sense for embedded devices, but the extra security that container partitionning brings to the table is quickly becoming a “must have” for every embedded device.
However, the embedded world has its own constraints. Generic distributions like debian or Fedora are rarely used and tools like dockers can’t build software with custom build-chains the way Yocto or buildroot does it.
This talk will quickly review what are linux containers, why they are usefull in the embedde world, and then will study ways to generate container images using the yocto infrastructure and integrate them in another yocto image without breaking the package-based update system that Yocto provides.
Relax and Recover (ReaR) is an open source bare metal disaster recovery solution for Linux (http://rear.sf.net). This session will introduce you to advanced Linux disaster recovery concepts and will feature a live demonstration on how to automatically recover a failed system with ReaR. Finally, this session will cover common best practice usage scenarios of ReaR and introduce you to basic setup and configuration for ReaR.
The Role of GitOps in IT-Strategy v2 - July 2022 - Schlomo SchapiroSchlomo Schapiro
What is the role of GitOps in IT strategy? This talk gives an overview and puts GitOps into the context of current challenges in IT strategy.
Main aspects are continuous delivery, policy as code, automated governance, compliant-by-default work environments, acceptable means of compliance and a comprehensive automation of all development and operations related processes with the goal of true hands-off operations.
The result places GitOps as a major building block of any modern IT strategy. GitOps helps building essential key IT capabilities. It creates the motivation to truly “fix the basics” via sustainable solutions to enable creating higher level automation solutions. With GitOps engineers can focus much more on business value and spend less effort on boring IT topics.
The GitOps Journey - Schlomo Schapiro - Berlin DevOps Meetup 2021-11Schlomo Schapiro
I will show why GitOps is a major waypoint in the journey from old-style Dev vs. Ops data center operations towards a truly automated hands-off operations future. GitOps is the technological core required for compliance automation, large-scale operations, and lowering the cost of compliance & governance as well as lowering the cost of internal tooling.
GitOps will give us a future, where we all take a step back, watch the bots do the admin job, and where we Dev, Ops, everybody work on improving the bots and invent new automation solutions.
Schlomo Schapiro is an Agile IT and Open Source enthusiast dedicated to advancing an agile mindset and a DevOps-orientated culture in IT. He works as Principal Engineer at Forto in Berlin, is author of several Open Source projects, conference speaker and regularly publishes blog and magazine articles.
See https://schlomo.schapiro.org/2021/04/the-gitops-journey.html for more details.
The Role of GitOps in IT-Strategy - November 2021 - Schlomo Schapiro - Contin...Schlomo Schapiro
What is the role of GitOps in IT strategy? This talk gives an overview and puts GitOps into the context of current challenges in IT strategy.
Main aspects are continuous delivery, policy as code, automated governance, compliant-by-default work environments, acceptable means of compliance and a comprehensive automation of all development and operations related processes with the goal of true hands-off operations.
The result places GitOps as a major building block of any modern IT strategy. GitOps helps building essential key IT capabilities. It creates the motivation to truly “fix the basics” via sustainable solutions to enable creating higher level automation solutions. With GitOps engineers can focus much more on business value and spend less effort on boring IT topics.
https://schlomo.schapiro.org/p/publications.html
The Role of GitOps in IT Strategy - June 2021 - Schlomo SchapiroSchlomo Schapiro
See https://www.youtube.com/watch?v=_uDzXmbiUIg for German-language talk to these slides.
What is the role of GitOps in IT strategy? This talk gives an overview and puts GitOps into the context of current challenges in IT strategy.
Main aspects are continuous delivery, policy as code, automated governance, compliant-by-default work environments, acceptable means of compliance and a comprehensive automation of all development and operations related processes with the goal of true hands-off operations.
The result places GitOps as a major building block of any modern IT strategy. GitOps helps building essential key IT capabilities. It creates the motivation to truly “fix the basics” via sustainable solutions to enable creating higher level automation solutions. With GitOps engineers can focus much more on business value and spend less effort on boring IT topics.
The GitOps Journey - GitOpsCon EU 2021 - Schlomo SchapiroSchlomo Schapiro
I'll show why GitOps is a major waypoint in the journey from old-style Dev vs. Ops data center operations towards a truly automated hands-off operations future.
This talk explains the role of GitOps in IT strategy.
See https://schlomo.schapiro.org/2021/04/the-gitops-journey.html for more details and video of this talk
Want Digitalisation, have Cloud - DevSecOps Days 2021 - Schlomo SchapiroSchlomo Schapiro
Cloud, Automation und DevOps als Treiber der Digitalisierung: Wir zeigen den Weg der Deutschen Bahn in die Zukunft. Unter dem Motto “Fix the Basics” entwickeln wir grundlegende Services für Engineers, die u.a. Security- und Compliance-Prüfungen automatisieren und die Teams dadurch in die Lage versetzen, sich auf die Produktion von Business Value zu fokussieren. Einer dieser Services ist Continuous Delivery as a Service, eine anpassbare, hochautomatisoierte CD-Implementierung, die nach dem Ansatz "compliant by default" eine einfache und richtlinienkonforme Möglichkeit zum Deployment von Software darstellt. Der Vortrag zeigt auf, dass die Automation von Security- und Compliance-Vorgaben bei gleichzeitigem Fokus auf Usability für die Engineers ein kritischer Bestandteil auf dem weg zur Digitalisierung ist. Teams werden in die Lage versetzt, ihren Code nachhaltig qualitativ zu verbessern, die Unternehmen profitieren durch die folgende Innovation und die Fokussierung auf Business-relevante Lösungen.
Vorkenntnisse
Keine Vorkenntnisse erforderlich
Lernziele
* Die enge Beziehung zwischen DevOps, Continuous Delivery und Cloud kennenlernen und verstehen, warum sie eine optimale Arbeitslandschaft für Entwickler bietet.
* "Entwicklerproduktivität" sollte an erster Stelle stehen, da wir so unserem Team helfen, sich auf die Entwicklung neuer Features zu konzentrieren, statt auf die Suche nach dem richtigen Werkzeug.
* Automation ist die Schlüsselfertigkeit, um den Dreiklang DevOps, CD und Cloud erfolgreich zu machen.
* Die Bereitstellung von grundlegenden Services in der Entwicklung versetzt die eigene Entwicklung in die Lage, echte Innovation zu betreiben.
Video: https://youtu.be/U4cHbXYy1FQ
How to combine traditional IT governance with continuous delivery? Not At All!
A highly automated continuous deployment environment creates a whole new world of challenges for companies to meet their compliance and governance requirements. Traditional - manual - processes don’t manage to keep up with quick and frequent releases.
The solution to this conflict of interests is the automation of all compliance checks and the automated certification of every software delivery into production. Sounds obvious and simple, but it is difficult to implement.
The talk shows how we tackle this topic at DB Systel and how we create solutions for automated compliance certification.
See https://bit.ly/5pdops for more materials and the 5 DevOps Principles
Wie passt klassische IT Governance zu Continuous Delivery? Gar nicht!
Eine hochgradig automatisierte Continuous Deployment Welt stellt die Firma vor ganz neue Herausforderungen im Bereich Compliance und Governance. Klassische - manuelle - Prozesse kommen den schnellen und häufigen Releases gar nicht mehr hinterher. Die Lösung ist die Automation aller Governance prüfungen und die automatisierte Zertifizierung jeder Softwarelieferung. Das klingt banal und einfach, ist im Detail jedoch nicht einfach umzusetzen.
Der Vortrag zeigt am konkreten Beispiel der DB Systel, wie wir das Thema angehen und Lösungen für die automatisierte Zertifizierung geschaffen haben.
DevOps ist normal - DevOps Essentials 2019 - Schlomo SchapiroSchlomo Schapiro
Video: https://vimeo.com/348556177
DevOps ist normal – oder etwa doch nicht? Wer kann das schon für seine Firma guten Gewissens sagen?
Während sich die übliche DevOps-Diskussion um das Wie dreht, adressiert Schlomo die Frage, wann DevOps normal geworden ist und was dafür passieren muss, damit alle dieser Meinung sind.
Von einer neuen DevOps-Definition ausgehend stellt der Vortrag eine einfache Argumentationskette für DevOps vor, in der die DevOps-Transformation mit Fahren lernen verglichen wird. So wie es heutzutage normal ist, dass die meisten Erwachsenen einen Führerschein haben, so normal sollte DevOps in jeder IT sein. Diese Analogie lässt sich auch in einem Aufzugsgespräch verwenden, um das Management von der Normalität des DevOps-Ansatzes zu überzeugen.
Mit der DevOps-Definition gelingt es den Teilnehmern, jede DevOps-Diskussion zu gewinnen und damit DevOps zur neuen Normalität zu machen. Am konkreten Beispiel der DB Systel zeigt der Vortrag, wie mit dem Thema DevOps-Teams konstruktiv umgegangen werden kann.
Siehe https://bit.ly/5pdops für weiteres Material und die 5 DevOps Prinzipien
The Devops Driving School - DevOps Gathering 2019 - Schlomo SchapiroSchlomo Schapiro
How to convince your company that DevOps is a transitional mode of operations and the means to a goal instead of goal in itself. What comes after DevOps is “done”?
DevOps is like learning to drive and a “DevOps Team” is like a motor cycle driving school. You learn in theory and practice to survive amongst “live traffic”, where other road participants are not very considerate. You have to comply with a lot of regulations. From early on you drive your motor cycle alone and the driving instructor follows you in his car keeping a safe distance. He talks with you via radio and tells you where to pay attention and how to drive. But you drive all alone and by yourself - amongst live traffic. If you hit a tree and die, it is your own fault. If you cause a crash, it is your own fault. Same about learning DevOps. You are responsible for your product in production with “live traffic” and real customers. If you crash your server, it your own fault. If your code quality causes harm to the company, it is your own fault. Your DevOps Coach sits next to you and talks to you while you type away at your screen, like a driving instructor. In the end you prove your driving skills, get your license and ride happily singing full speed into the sunset. Same about DevOps, after a training period you work alone. You build it - you run it. You go full speed ahead and deliver value over value. Who has a bumper sticker claiming “I have a driving license”? That’s why “DevOps Team” is a passing thing and once you qualify you are just an Engineering Team who are fully responsible for their product end to end. No need to put a claim to what is normal, because DevOps is normal.
Video: https://youtu.be/N2EWEfhQt2M
Compliant by Default - Continuous Delivery at DB Systel - 16.10.2018 - Schlom...Schlomo Schapiro
Learn about the journey of Deutsche Bahn towards Cloud computing, DevOps and agile transformation, with special focus on our Continuous Delivery strategy and implementation. After a brief overview of what is happening at DB Systel, we will show our Continuous Delivery as-a-Service (CDaaS) approach. CDaaS is an integrative approach to Continuous Delivery ensuring governance and security compliance whilst being fully focused on the user experience. We will show the extensibility and simplicity of CDaaS and how it helps DevOps teams improve code quality.
Key take aways are a profound understanding of the intimate relationship between DevOps, Continuous Delivery and Cloud which enables a truly integrated work environment for our developers. By putting ?Developer Productivity? first we ensure that our teams can focus on developing their features over choosing the right tool or knowing all platform topics in-depth
DevOps + Continuous Delivery + Cloud: The Three Drivers of Enterprise Agility...Schlomo Schapiro
More than just buzzwords, true agility depends on the successful combination of DevOps, Continuous Delivery and Cloud platforms. Learn which technology choices have the greatest impact on the company culture. Take DevOps adoption to the next level by introducing DevOps key performance indicators as a measure of your company’s progress. This session presents current developments and projects at DB Systel, the IT company of Deutsche Bahn.
Kubernetes - Shifting the mindset from servers to containers - microxchg 201...Schlomo Schapiro
Kubernetes: Shifting the mindset from servers to containers
With Kubernetes pods and containers several fundamental assumptions of server operations don't apply any more. Some Linux services like SSH even disappear and are provided by Kubernetes instead.
This talk explores the mindset shift that developers and admins of Linux servers have to do in order to fully take advantage of the power of a Kubernetes cluster:
* Servers turn into pods
* Linux application services turn into containers
* Standard services like cron and SSH disappear completely
* How to separate between initialization, run and maintenance phases
* Building pods with multiple containers that work together
Following practical examples from real migration projects participants gain a new understanding of the role of services, init scripts, cron jobs and other standard Linux components. Key takeaways are a better understanding of how to model a complex system on top of Kubernetes and practical tips for migrating servers into Kubernetes containers.
Successfully adopting Kubernetes requires a big change in how developers and admins think about servers - bigger than any change before. Bigger than the change brought by VMs. This talk shows why it pays to change traditional concepts and to embrace the new world of Linux services modularization that Kubernetes stands for.
See Using Kubernetes with Multiple Containers for Initialization and Maintenance (http://blog.schlomo.schapiro.org/2017/06/using-kubernetes-with-multiple.html) for more information and a demo.
Root for all - measuring DevOps adoption - microxchg 2018 - Schlomo SchapiroSchlomo Schapiro
Root for All - Measuring DevOps Adoption
DevOps is about culture and mindset more than about technology - but how do you measure success? How do you know if your company really "does" DevOps?
It turns out that root access to production servers is not only the proverbial holy grail but actually serves as a fact-based measure for the trust and automation levels in an organization.
This talk explores the connection between root access and automation on one hand and DevOps mindsets, cross functional teams and shared responsibility on the other hand. Based on practical experiences, the talk provides concrete suggestions for achieving true DevOps happiness. As a result you will know why in the end there is no harm at all in granting root access to everybody.
Key takeaways are solid arguments that you can use to convince your boss and your peers to take a different approach on root access demonstrating how shared responsibility works for real.
See Root for All - A DevOps Measure? (http://blog.schlomo.schapiro.org/2017/06/root-for-all-devops-measure.html) for more background information.
GUUG FFG 2017 - DevOps for Everybody - A Workplace Strategy for the Digital AgeSchlomo Schapiro
How should our internal IT look in order to be a driving force for a company’s success in the digital age? This proposal is based on all my learnings from the previous 15 years and especially the Agile and DevOps revolution in IT. It takes the concept of a Product Development Organization to apply everywhere and provides a sure path to increase productivity and improve culture through technology. Transforming Corporate IT into a Workplace product takes internal IT out of the proverbial basement and puts it in the front of the internal value chain. Most of the standard tooling for product development also fits the Workplace product. This proposal is written for a typical company that employs both modern web technologies like G Suite and cloud services as well as traditional technologies like Microsoft Office and data centers.
GUUG FFG 2017 - DevOps for Everybody - How the entire company can benefit fro...Schlomo Schapiro
DevOps ist aus der IT nicht mehr wegzudenken und hat sich als Arbeitsweise etabliert, die nicht nur die Qualität und operative Effizienz verbessert, sondern auch eine nachhaltige Entwicklung ermöglicht. In den meisten Unternehmen ist die IT jedoch eine Minderheit. Wie können wir mit den Ideen und Erkenntnissen aus der DevOps Welt die ganze Firma voranbringen? Warum funktioniert die agile Zusammenarbeit nicht automatisch mit anderen Abteilungen? Was macht die ITler so besonders?
Die Schnittstelle zwischen allen Mitarbeitern und IT Themen ist die interne IT. Sie trägt die Verantwortung dafür, dass alle Mitarbeiter mit Hilfe von IT ihre Aufgaben effizient und effektiv erledigen können. Während die interne IT oftmals nur als Kostenstelle betrachtet wird, leistet sie in Wahrheit einen sehr hohen Beitrag zur Wertschöpfungskette: Schlechte Werkzeuge führen direkt zu langsamer Arbeit und frustrieren, gute Werkzeuge befähigen die Mitarbeiter und erhöhen die Freude an der gemeinsamen Arbeit.
Heute leisten es sich viele Unternehmen noch, dass ihre Mitarbeiter auf einer digitalisierten Plattform manuelle Tätigkeiten verrichten. Messgrößen sind etwa die Anzahl der Copy-Paste Vorgänge (Mensch als technische Schnittstelle), die Anzahl an internen Emails mit Dateianhang (Dokumente werden vervielfältigt anstatt sie zentral bereit zu stellen) sowie die Anzahl der Logins die ein Mitarbeiter täglich absolviert (schwach oder gar nicht integrierte Systeme). Die Herausforderungen der fortschreitenden Digitalisierung und Verteuerung von Arbeitskraft erfordern hier auch ein Umdenken.
Der Vortrag zeichnet einen Weg von DevOps in der IT zu einem neuen Denkansatz für den Umgang mit IT im Unternehmen. Dabei entwickeln sich Mitarbeiter von IT Konsumenten zu beteiligten Nutzern, die den Computer als Werkzeug für sich entdecken können. Die interne IT stellt nicht nur gute Services zur Verfügung sondern fokussiert sich auf die Produktivität und Zufriedenheit aller Mitarbeiter.
Do you use Cloud? Why? What about the 15 year legacy of your data center? How many Enterprise vendors tried to sell you their "Hybrid Cloud" solution? What actually is a Hybrid Cloud?
Cloud computing is not just a new way of running servers or Docker containers. The interesting part of any Cloud offering are managed services that provide solutions to difficult problems. Prime examples are messaging (SNS/SQS), distributed storage (S3), managed databases (RDS) and especially turn-key solutions like managed Hadoop (EMR).
Hybrid Cloud is usually understood as a way to unify or standardize server hosting across private data centers and Public Cloud vendors. Some Hybrid Cloud solutions even go as far as providing a unified API that abstracts away all the differences between different platforms. Unfortunately that approach focuses on the lowest common denominator and effectively prevents using the advanced services that each Cloud vendor also offers. However, these services are the true value of Public Cloud vendors.
Another approach to integrating Public Cloud and private data centers is using services from both worlds depending on the problems to solve. Don't hide the cloud technologies but make it simple to use them - both from within the data center and the cloud instances. Create a bridge between the old world of the data center and the new world of the Public Cloud. A good bridge will motivate your developers to move the company to the cloud.
Based upon recent developments at ImmobilienScout24, this talk tries to suggest a sustainable Cloud migration strategy from private data centers through a Hybrid Cloud into the AWS Cloud.
Bridging the security model of the data center with the security model of AWS.
Integrating the AWS identity management (IAM) with the existing servers in the data center.
Secure communication between services running in the data center and in AWS.
Deploying data center servers and Cloud resources together.
Service discovery for services running both in the data center and AWS.
Most of the tools used are Open Source and this talk will show how they come together to support this strategy:
AWS credential provider for employees and data center servers: http://immobilienscout24.github.io/afp/
Cloud Formation automation: https://github.com/ImmobilienScout24/cfn-sphere
Compliancy with European privacy laws: https://github.com/ImmobilienScout24/aws-monocyte
How many log levels do you know? How many log levels are actually useful? What is the practical difference between WARNING and NOTICE?
I believe that in a world of automation, I need only two log levels:
ERROR and everthing else.
ERROR means that I as a human should take action. Everything else is irrelevant for me. All the other log levels are IMHO a remnant of the past from the last century. This ignite talk looks at the WARNING problem from both a Dev and an Ops perspective in order to find a useful definition for the age of automation.
See http://blog.schlomo.schapiro.org/2015/04/warning-is-waste-of-my-time.html for blog article with more info.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
LinuxTag 2013 Relax and Recover - Disaster Recovery for UEFI Systems
1. Relax and Recover:
Disaster Recovery for UEFI Systems
Berlin | 24.05.2013 | Schlomo Schapiro & Schlomo Schapiro
Systemarchitekt, Open Source Evangelist
License: http://creativecommons.org/licenses/by-nc-nd/3.0/
2. Slide 2 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Integrating UEFI into
Relax-and-Recover
by
Gratien D'haese
gratien.dhaese@it3.be
http://j.mp/rear-uefi
3. Slide 3 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Backup != Restore/Recovery
4. Slide 4 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Linux and Disaster Recovery
5. Slide 5 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Disaster Recovery Strategies
Disk Imaging
+ Offline -> no open file issues
+ Simple to restore
Online -> very problematic
No “perfect” open source
tool for Linux available
Copy files and store disk layout
and boot info
+ Online -> no problem
+ Backup independent of disk
layout and sizes
More effort required to
restore (can be scripted)
Maybe consistency
problems, but should be
solved by backup solution
6. Slide 6 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Advantages of a Linux System
All information is stored in files, all files always readable
Operation System and applications can be “slim” - 600MB enough
for complete standard server
Open system – open methods and procedures
All steps of an installation can be scripts: Partitioning, file systems,
boot loader etc.
7. Slide 7 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Disaster Recovery – Media
Most important: External storage!
Bootable media: CD/DVD, USB key, LAN, tape ...
Media usually combination boot and backup media:
Bootable CD/DVD, USB key with backup data on it
LAN boot (PXE) with backup data via CIFS, NFS ...
Bootable tapes - HP OBDR (CD emulation)
Separation between boot media and backup data
Boot the system from a (small) USB key, CD/DVD or LAN
Recover the system with backup software, tar, rsync ...
8. Slide 8 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Disaster Recovery – How It Works
Store the disk layout
Partitioning, LVM and RAID configuration
File systems, file system labels ...
Boot loader (GRUB, GRUB2, LILO, ELILO)
Store the files (tgz, rsync, through backup software ...)
Create bootable rescue media with system configuration (and
backup data)
Can be done online
No business interruption
100% compatible with original systems hard- and software
9. Slide 9 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Disaster Recovery – Rescue Media
Create “rescue linux” from running system
Optimally compatible “tool box”
Clone the system environment
Linux kernel and modules
Device driver configuration
Network configuration
Basic system software and tools
Operate entirely in RAM (initrd)
10. Slide 10 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Disaster Recovery – In Action
Boot system from rescue media
Restore disk layout
Create partitions, RAID configuration and LVM
Create file systems (mkfs, mkswap)
Configure file systems (labels, mount points)
Restore the backup data
Restore the boot loader
Reboot
Done!
11. Slide 11 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Relax and Recover
12. Slide 12 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Relax and Recover – Rear
http://relax-and-recover.org/
GPL Software – Developers in Germany and Belgium
100% Bash script – no GUI and no dependencies
Utilize kernel, modules, binaries of host (kernel ≥ 2.6)
Support any combination of SW/HW RAID, LVM
Internal backup on CIFS, NFS, rsync ...
Boot media on CD/DVD, USB storage and LAN (PXE)
Bootable tapes
Successor of mkCDrec
13. Slide 13 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Rear – Features
Focus on disaster recovery and notnot backup
Tight integration with common backup software – delegate file
backup to backup infrastructure
Simple full backup integrated
Complements backup software:
Backup software: Data storage and retrieval
ReaR: Recover system layout and make it work again
ReaR utilizes the backup software to restore the backup data
Use the best tool for the job
14. Slide 14 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Rear – Backup Software
Supported solutions include:
CommVault Galaxy
IBM Tivoli Storage Manager
Veritas NetBackup
HP Data Protector
Bacula
Duplicity (experimental)
Rsync and other “external” methods
tar.gz archive on NAS share – CIFS, NFS, NCP ...
Very transparent integration
Quick implementation: 2-3 PT programming
Can be easily extended to support other vendors
15. Slide 15 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Rear – Network Integration
Disaster recovery as part of network infrastructure
Backup software – file-level backup storage
Rear – system environment
Boot rescue media via PXE – no physical media required
Very scalable – automated installation of entire disaster
recovery data center
Backup
storageNetwork
infrastructure
Rear
Boot files
PXE
Boot
Backup
Software
16. Slide 16 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Rear – Status
Stable software
i386 and x86_64 well tested
ia64 and ppc works, but less tested
UEFI in rear > 1.14-git
Regular releases (RPM, DEB, TGZ)
Major Linux distributions ship Rear:
SLES11 >= SP1 HA Extension
OpenSUSE >= 11.2 and Fedora >= 11
Community and commercial support available
Regular patch submissions from Rear users
17. Slide 17 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
ReaR - Development
Open Source development model:
Submit patches and feedback – “field testing”
Sponsoring
Modular design:
Rear is a framework to plug together many small Bash scripts
Maximize code reusability
Simple development model (vi works fine)
Little to no “interferences” between different areas of code
Documentation on project homepage
Hierarchical structure
References to source code
18. Slide 18 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
19. Slide 19 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Integration of UEFI into rear (ia64)
Integrity platform (ia64) UEFI support was added long time ago
Using the UEFI standard v1 or v2 (no secure boot)
What do we need to integrate?
/boot/efi : mounted as vfat
/boot/efi/efi/*/elilo.efi : boot loader (same for different
flavors of Linux)
CONSOLE="console=tty1 console=ttyS1" : mandatory
No need to be grubby after recovery as /boot/ef/* is all you need
Create a bootable CDROM which is recognized by UEFI
20. Slide 20 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Integration of UEFI into rear (x86_64)
What do we need for UEFI support on Linux?
Bootable disk with GPT partition table (parted /dev/disk p)
/boot/efi mount point (vfat)
Linux Kernel Config should contain CONFIG_EFI=y
UEFI Runtime Variables/Services Support - 'efivars' kernel module
Check /sys/firmware/efi/vars/ directory
Efibootmgr to manipulate boot entries, order of booting
Create a bootable UEFI capable ISO image
21. Slide 21 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
UEFI / GPT notes
To manipulate disk devices with GPT label we need
Be sure this system uses UEFI
Parted (./conf/Linux-i386.conf:parted)
Gdisk (GPT fdisk utility – not mandatory, but nice to have)
A mounted /boot/efi file system (type vfat)
The efivars kernel module
Efibootmgr utility
Which boot manager is used (grub, elilo, gummiboot, shim,...)
Secure boot used? Recovered system might be unbootable!
22. Slide 22 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Hybrid ISO
24. Slide 24 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
UEFI Status
Currently in HEAD, part of next release
Tested on Fedora 18, Ubuntu 12.10
OpenSuse 12.2 (and 12.3) failed to generate a bootable UEFI ISO
https://bugzilla.novell.com/show_bug.cgi?id=811636
Secure Boot
only working on same system (Key Exchange Keys - KEKs)
P2P, P2V is not possible due to the KEKs
Secure Boot disabled works out of the box
25. Slide 25 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Demo Movie
26. Slide 26 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
github.com/rear
github.com/rear/rear/tree/master/doc/user-guide
27. Slide 27 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Start from the sources
$ git clone git@github.com:rear/rear.git
# yum|zypper install rpm-build lsb mingetty
$ make rpm
$ sudo rpm -ivh rear-1.14-1.git201303211657.noarch.rpm
$ sudo -i
Rear is at your service:
/etc/rear/local.conf
/usr/share/rear/*
Edit /etc/rear/local.conf:
BACKUP=NETFS
OUTPUT=ISO
28. Slide 28 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Writing your own rear scripts
Good to know – everything is a script, even config files
Does rear has an API? Yes, check out our functions:
grep '()' /usr/share/rear/lib/*functions.sh
Rear works with workflows – see other presentations on the basics
Where to drop your script? Use 'rear -s mkbackup' to see all
existing scripts and order of execution
29. Slide 29 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
go.schapiro.org/slides
relax-and-recover.org
30. Slide 30 | Rear: Disaster Recovery for UEFI Systems | Schlomo Schapiro
Kontakt:
Immobilien Scout GmbH
Andreasstraße 10
10243 Berlin
Fon: +49 30 243 01-1229
Email: schlomo.schapiro@immobilienscout24.de
URL: www.immobilienscout24.de
Thank you very much!
Please contact me for further
questions and discussions.
All images are either public domain, used in appropriate
context or taken from openclipart.org