Most API providers focus on solving all three of the key challenges for APIs: data gathering, data formatting and data delivery. All three of these functions are critical for the success of an API, however, not all should be solved by the API provider. Rather, the API consumers have a strong, vested interest in the formatting and delivery. As a result, API design should be addressed based on the true separation of concerns between the needs of the API provider and the various API consumers.
This presentation goes into the separation of concerns. It also goes into depth in how Netflix has solved for this problem through a very different approach to API design.
This presentation was given at the following API Meetup in SF:
http://www.meetup.com/API-Meetup/events/171255242/
Developer Experience (DX) as a Fitness Function for Platform TeamsAndy Marks
Co-delivered with Fendy Liauw on Wednesday May 9. See https://www.eventbrite.com.au/e/developer-experience-as-a-fitness-function-for-platform-teams-tickets-44697308854?aff=TWNetwork for details
Why does Spotify use a microservices architecture? What are the benefits and challenges we've encountered? How does our organizational model support our architecture?
Video of the talk is posted on YouTube: https://youtu.be/7LGPeBgNFuU
Keeping The Auditor Away: DevOps Audit Compliance Case StudiesGene Kim
GenOrganizations and development teams are moving beyond waterfall models to those embracing a continuous delivery/DevOps-style set of processes. The deployment of doing tens, hundreds, or even thousands of deploys per day as 'normal' does not align to the SDLC, separation of duties, and common controls expected by auditors.
In this presentation, we will describe what auditors look for in a compliance audit, how to develop alternate control procedures that fulfill those reporting requirements, how to avoid “red flags” that indicate inadequate controls, and real world case studies and reporting artifacts.
Gene Kim has been studying high performing IT organizations since 1999 and helped develop the SOX scoping guidelines with the Institute of Internal Auditors in 2005. James DeLuccia IV is the leader for the Ernst & Young Americas Certification Services, James oversees all of the audits against common industry standards, and champions several global program implementation roll-outs. Developing and 'translating' the control environment behaviors of clients, such as Google, Amazon, Workday, and others is difficult. This discussion will bridge the needs of auditors with the community of developers by sharing examples, discussing the assurance expectations, and how to communicate to pass an audit.
Securing your Amazon SageMaker model development in a highly regulated enviro...Amazon Web Services
Amazon SageMaker is a fully managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale. In this session, we dive deep into the security configurations of Amazon SageMaker components, including notebooks, distributed and batch training, and hosting endpoints. We also review Vanguard’s implementation of key controls in a highly regulated environment. These include fine-grained access control, end-to-end encryption in transit, encryption at rest with AWS KMS customer-managed customer master keys (CMKs), private connectivity to all Amazon SageMaker APIs, and comprehensive audit trails for resource and data access.
Developer Experience (DX) as a Fitness Function for Platform TeamsAndy Marks
Co-delivered with Fendy Liauw on Wednesday May 9. See https://www.eventbrite.com.au/e/developer-experience-as-a-fitness-function-for-platform-teams-tickets-44697308854?aff=TWNetwork for details
Why does Spotify use a microservices architecture? What are the benefits and challenges we've encountered? How does our organizational model support our architecture?
Video of the talk is posted on YouTube: https://youtu.be/7LGPeBgNFuU
Keeping The Auditor Away: DevOps Audit Compliance Case StudiesGene Kim
GenOrganizations and development teams are moving beyond waterfall models to those embracing a continuous delivery/DevOps-style set of processes. The deployment of doing tens, hundreds, or even thousands of deploys per day as 'normal' does not align to the SDLC, separation of duties, and common controls expected by auditors.
In this presentation, we will describe what auditors look for in a compliance audit, how to develop alternate control procedures that fulfill those reporting requirements, how to avoid “red flags” that indicate inadequate controls, and real world case studies and reporting artifacts.
Gene Kim has been studying high performing IT organizations since 1999 and helped develop the SOX scoping guidelines with the Institute of Internal Auditors in 2005. James DeLuccia IV is the leader for the Ernst & Young Americas Certification Services, James oversees all of the audits against common industry standards, and champions several global program implementation roll-outs. Developing and 'translating' the control environment behaviors of clients, such as Google, Amazon, Workday, and others is difficult. This discussion will bridge the needs of auditors with the community of developers by sharing examples, discussing the assurance expectations, and how to communicate to pass an audit.
Securing your Amazon SageMaker model development in a highly regulated enviro...Amazon Web Services
Amazon SageMaker is a fully managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale. In this session, we dive deep into the security configurations of Amazon SageMaker components, including notebooks, distributed and batch training, and hosting endpoints. We also review Vanguard’s implementation of key controls in a highly regulated environment. These include fine-grained access control, end-to-end encryption in transit, encryption at rest with AWS KMS customer-managed customer master keys (CMKs), private connectivity to all Amazon SageMaker APIs, and comprehensive audit trails for resource and data access.
Release wednesdays and the agile release train uploadChris Smith
This presentation describes why and how our development teams sustain a deliberate, weekly release cadence and use a train metaphor to drive planning. It describes the significant benefits realized by teams using this approach to deliver both greenfield and legacy software products.
40 DevSecOps Reference Architectures for you. See what tools your peers are using to scale DevSecOps and how enterprises are automating security into their DevOps pipeline. Learn what DevSecOps tools and integrations others are deploying in 2019 and where your choices stack up as you consider shifting security left.
Presentation de Scaled Agile Framework (en français)
Slides présentés lors du Meetup du 08/02/2018 à la Wild Code School à Paris.
Nom du meetup: Soyez Agile en Chaussettes ( https://www.meetup.com/fr-FR/meetup-group-IzAHXpzE/events/246009044/?_xtd=gqFyqTE4NjY4MTY4M6FwpGZ1bGw&from=ref
)
Organisé par Abbeal.
4e Sujet presenté par Pierre MEDINA @pmedina
Build security into CI/CD pipelines for effective security automation on AWS ...Amazon Web Services
Realizing DevSecOps and effectively implementing security into CI/CD pipelines on AWS remains a challenging proposition for most organizations today. In this session, we share the essential principles of achieving security automation in your CI/CD pipelines and across the build, deploy, and run phases of your applications. Finally, we conclude with a demonstration of security automation across all three phases of your applications that are deployed on AWS infrastructure, showing you how to bring security automation to your organization today.
This is my vision on the future of Uber community organization. It broadly covers the following topics for the community operations in CEE region:
/ Key success factors
/ Mission and values
/ Stakeholder management
/ Value proposition
/ Map of goals
/ Metrics
/ Initiatives
/ Organizational model
/ Modus operandi
/ Roll-out
/ Costs & benefits
/ How to write a success story
In small development organizations, software teams are usually able to deliver value independently of other teams. In these organizations, it is easy to give teams total autonomy. What happens as the company and systems grow to where there are multiple teams to organize and deliver value together? Usually the response from the leadership team is to align the teams, but that alignment is usually at the expense of the teams’ autonomy. How are teams supposed to be both aligned and autonomous? What is the role of leadership in both aligning the teams around a common purpose and building the environment so the teams remain autonomous?
In this session we’re going to learn how to be an empowering leader who uses alignment as a pre-condition to high autonomy. We’ll learn a recipe for creating alignment and how having alignment and autonomy relates to Daniel Pink’s Autonomy, Mastery, Purpose and to David Marquet’s Leader’s Give Control models.
You can increase development speed and encourage best practices by enabling CI/CD across your organization through repeatable patterns and infrastructure-as-code templates. This is achieved by creating and maintaining easily extensible infrastructure-as-code patterns for creating new services and automatically deploying them using CI/CD. In this session, we will dive deep into building a production-ready, multi-account, at scale CI/CD pipeline using your own Jenkins with Infrastructure at Code using AWS CloudFormation and discuss best practices for building DevOps capabilities for your applications running on AWS.
More with LeSS - An Introduction to Large Scale Scrum by Tim AbbottAgile ME
While there are multiple Scrum Scaling Frameworks, Large Scale Scrum is the leading framework for Scrum Scaling that truly drives success. More than just a prescription, we'll discuss the thinking and organizational tools as well as some of the practices that make LeSS truly unique.
When DevOps talks meet DevOps tactics, companies find that Continuous Integration is the make or break point. And implementing CI is one thing, but sustainable CI takes a little bit more consideration. CI is not all about releases, it is also about knowing more about how your software delivery pipeline works, it's weak points, and how you are doing over time.
Join CloudBees and cPrime as we discuss best practices for facilitating DevOps pipelines with Jenkins Workflow and reveal how the workflow engine of Jenkins CI and “Agilecentric” Devops practices together, support complex control structures, shortens the development cycle, stabilizes environments and reduces defects.
Netflix Edge Engineering Open House Presentations - June 9, 2016Daniel Jacobson
Netflix's Edge Engineering team is responsible for handling all device traffic for to support the user experience, including sign-up, discovery and the triggering of the playback experience. Developing and maintaining this set of massive scale services is no small task and its success is the difference between millions of happy streamers or millions of missed opportunities.
This video captures the presentations delivered at the first ever Edge Engineering Open House at Netflix. This video covers the primary aspects of our charter, including the evolution of our API and Playback services as well as building a robust developer experience for the internal consumers of our APIs.
Maintaining the Netflix Front Door - Presentation at Intuit MeetupDaniel Jacobson
This presentation goes into detail on the key principles behind the Netflix API, including design, resiliency, scaling, and deployment. Among other things, I discuss our migration from our REST API to what we call our Experienced-Based API design. It also shares several of our open source efforts such as Zuul, Scryer, Hystrix, RxJava and the Simian Army.
Release wednesdays and the agile release train uploadChris Smith
This presentation describes why and how our development teams sustain a deliberate, weekly release cadence and use a train metaphor to drive planning. It describes the significant benefits realized by teams using this approach to deliver both greenfield and legacy software products.
40 DevSecOps Reference Architectures for you. See what tools your peers are using to scale DevSecOps and how enterprises are automating security into their DevOps pipeline. Learn what DevSecOps tools and integrations others are deploying in 2019 and where your choices stack up as you consider shifting security left.
Presentation de Scaled Agile Framework (en français)
Slides présentés lors du Meetup du 08/02/2018 à la Wild Code School à Paris.
Nom du meetup: Soyez Agile en Chaussettes ( https://www.meetup.com/fr-FR/meetup-group-IzAHXpzE/events/246009044/?_xtd=gqFyqTE4NjY4MTY4M6FwpGZ1bGw&from=ref
)
Organisé par Abbeal.
4e Sujet presenté par Pierre MEDINA @pmedina
Build security into CI/CD pipelines for effective security automation on AWS ...Amazon Web Services
Realizing DevSecOps and effectively implementing security into CI/CD pipelines on AWS remains a challenging proposition for most organizations today. In this session, we share the essential principles of achieving security automation in your CI/CD pipelines and across the build, deploy, and run phases of your applications. Finally, we conclude with a demonstration of security automation across all three phases of your applications that are deployed on AWS infrastructure, showing you how to bring security automation to your organization today.
This is my vision on the future of Uber community organization. It broadly covers the following topics for the community operations in CEE region:
/ Key success factors
/ Mission and values
/ Stakeholder management
/ Value proposition
/ Map of goals
/ Metrics
/ Initiatives
/ Organizational model
/ Modus operandi
/ Roll-out
/ Costs & benefits
/ How to write a success story
In small development organizations, software teams are usually able to deliver value independently of other teams. In these organizations, it is easy to give teams total autonomy. What happens as the company and systems grow to where there are multiple teams to organize and deliver value together? Usually the response from the leadership team is to align the teams, but that alignment is usually at the expense of the teams’ autonomy. How are teams supposed to be both aligned and autonomous? What is the role of leadership in both aligning the teams around a common purpose and building the environment so the teams remain autonomous?
In this session we’re going to learn how to be an empowering leader who uses alignment as a pre-condition to high autonomy. We’ll learn a recipe for creating alignment and how having alignment and autonomy relates to Daniel Pink’s Autonomy, Mastery, Purpose and to David Marquet’s Leader’s Give Control models.
You can increase development speed and encourage best practices by enabling CI/CD across your organization through repeatable patterns and infrastructure-as-code templates. This is achieved by creating and maintaining easily extensible infrastructure-as-code patterns for creating new services and automatically deploying them using CI/CD. In this session, we will dive deep into building a production-ready, multi-account, at scale CI/CD pipeline using your own Jenkins with Infrastructure at Code using AWS CloudFormation and discuss best practices for building DevOps capabilities for your applications running on AWS.
More with LeSS - An Introduction to Large Scale Scrum by Tim AbbottAgile ME
While there are multiple Scrum Scaling Frameworks, Large Scale Scrum is the leading framework for Scrum Scaling that truly drives success. More than just a prescription, we'll discuss the thinking and organizational tools as well as some of the practices that make LeSS truly unique.
When DevOps talks meet DevOps tactics, companies find that Continuous Integration is the make or break point. And implementing CI is one thing, but sustainable CI takes a little bit more consideration. CI is not all about releases, it is also about knowing more about how your software delivery pipeline works, it's weak points, and how you are doing over time.
Join CloudBees and cPrime as we discuss best practices for facilitating DevOps pipelines with Jenkins Workflow and reveal how the workflow engine of Jenkins CI and “Agilecentric” Devops practices together, support complex control structures, shortens the development cycle, stabilizes environments and reduces defects.
Netflix Edge Engineering Open House Presentations - June 9, 2016Daniel Jacobson
Netflix's Edge Engineering team is responsible for handling all device traffic for to support the user experience, including sign-up, discovery and the triggering of the playback experience. Developing and maintaining this set of massive scale services is no small task and its success is the difference between millions of happy streamers or millions of missed opportunities.
This video captures the presentations delivered at the first ever Edge Engineering Open House at Netflix. This video covers the primary aspects of our charter, including the evolution of our API and Playback services as well as building a robust developer experience for the internal consumers of our APIs.
Maintaining the Netflix Front Door - Presentation at Intuit MeetupDaniel Jacobson
This presentation goes into detail on the key principles behind the Netflix API, including design, resiliency, scaling, and deployment. Among other things, I discuss our migration from our REST API to what we call our Experienced-Based API design. It also shares several of our open source efforts such as Zuul, Scryer, Hystrix, RxJava and the Simian Army.
Maintaining the Front Door to Netflix : The Netflix APIDaniel Jacobson
This presentation was given to the engineering organization at Zendesk. In this presentation, I talk about the challenges that the Netflix API faces in supporting the 1000+ different device types, millions of users, and billions of transactions. The topics range from resiliency, scale, API design, failure injection, continuous delivery, and more.
The term "scale" for engineering often is used to discuss systems and their ability to grow with the needs of its users. This is clearly an important aspect of scaling, but there are many other areas in which an engineering organization needs to scale to be successful in the long term. This presentation discusses some of those other areas and details how Netflix (and specifically the API team) addresses them.
Scaling the Netflix API - From Atlassian Dev DenDaniel Jacobson
The term "scale" for engineering often is used to discuss systems and their ability to grow with the needs of its users. This is clearly an important aspect of scaling, but there are many other areas in which an engineering organization needs to scale to be successful in the long term. This presentation discusses some of those other areas and details how Netflix (and specifically the API team) addresses them.
Many API programs get launched without a clear understanding as to WHY the API should exist. Rather, many are focused on WHAT the API consists of and HOW it should be targeted, implemented and leveraged. This presentation focuses on establishing the need for a clear WHY proposition behind the decision. The HOW and then WHAT will follow from that.
This presentation also uses the history of the Netflix API to demonstrate the power, utility and importance of knowing WHY you are building an API.
Set Your Content Free! : Case Studies from Netflix and NPRDaniel Jacobson
Last Friday (February 8th), I spoke at the Intelligent Content Conference 2013. When Scott Abel (aka The Content Wrangler) first contacted me to speak at the event, he asked me to speak about my content management and distribution experiences from both NPR and Netflix. The two experiences seemed to him to be an interesting blend for the conference. These are the slides from that presentation.
I have applied comments to every slide in this presentation to include the context that I otherwise provided verbally during the talk.
Revolutions have a common pattern in technology and this is no different for the API space. This presentation discusses that pattern and goes through various API revolutions. It also uses Netflix as an example of how some revolutions evolved and where things may be headed.
Join us to learn how you can use SPA, an open-source Java library built around object-oriented annotations, to simplify your interactions with the Salesforce REST API. We'll demonstrate how to use these annotations as the foundation for serializing REST representations, and highlight Salesforce-specific annotations we have added to enable more powerful programming interactions.You?ll learn some of the features of this SPA library and examine Java examples of how to use them.
History and Future of the Netflix API - Mashery Evolution of DistributionDaniel Jacobson
Presentation on the history and future of the Netflix API. This presentation walks through how the API was formed, why it needs a redesign and some of the principles that will be applied in the redesign effort.
This presentation was given at the Mashery Evolution of Distribution session in San Francisco on June 2, 2011.
The term "scale" for engineering often is used to discuss systems and their ability to grow with the needs of its users. This is clearly an important aspect of scaling, but there are many other areas in which an engineering organization needs to scale to be successful in the long term. This presentation discusses some of those other areas and details how Netflix (and specifically the API team) addresses them.
Asgard, the Grails App that Deploys Netflix to the CloudJoe Sondow
Overview and technical exploration of Asgard, a graphical web console created by Netflix for cloud deployments and operations. Presented at the GR8 Conference in Copenhagen, Denmark, June 8, 2012.
Apple Keynote version with animations available at http://bit.ly/asgardgr8denmark
I gave this presentation to the engineering team at PayPal. This presentation discusses the history and future of the Netflix API. It also goes into API design principles as well as concepts behind system scalability and resiliency.
Talk about the Netflix API and how it serves as the front door for Netflix device UIs. Topics include: API design, resiliency patterns, scalability, and enabling fast dev/deploy cycles.
Leveraging Microservice Architectures & Event-Driven Systems for Global APIsconfluent
Speaker: Ben Stopford, Technologist, Office of the CTO, Confluent
Are events the new API? Event driven systems provide some unique properties, particularly for microservice architectures, as they can be used both for notification as well as for state transfer. This lets systems run in a broad range of use cases that cross geographies, clouds and devices.
In this talk we will look at what event driven systems are; how they provide a unique contract for services to communicate and share data and how stream processing tools can be used to simplify the interaction between different services, be them closely coupled or largely disconnected.
Ben is a technologist working in the Office of the CTO at Confluent Inc (the company behind Apache Kafka®). He’s worked on a wide range of projects, from implementing the latest version of Kafka’s replication protocol through to developing strategies for streaming applications. Before Confluent Ben led the design and build of a company-wide data platform for a large investment bank. His earlier career spanned a variety of projects at ThoughtWorks and UK-based enterprise companies. He is the author of the book “Designing Event Driven Systems,” O’Reilly, 2018.
Watch the recording: https://videos.confluent.io/watch/8MLuNHnE3uSZPgstdzSk4Q?.
What is API - Understanding API SimplifiedJubin Aghara
What is API/Getting started with API/Understanding API
The document will give you a basic idea of the following:
- What is API
- Real-world examples
- REST and SOAP
- Protocol layer
- Data format (JSON and XML)
- REST HTTP API example
- Which one to go for
- Tools to get started
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...Core Security
Did you know that we released a new way to integrate Core Access with your target systems without a custom connector? Did you know it’s free? Join us to learn about how to use the Core Connector API to tie into your web-services or API enabled target systems.
Reducing the time to get actionable insights from data is important to all businesses, and customers who employ batch data analytics tools are exploring the benefits of streaming analytics. Learn best practices to extend your architecture from data warehouses and databases to real-time solutions. Learn how to use Amazon Kinesis to get real-time data insights and integrate them with Amazon Aurora, Amazon RDS, Amazon Redshift, and Amazon S3. The Amazon Flex team describes how they used streaming analytics in their Amazon Flex mobile app, used by Amazon delivery drivers to deliver millions of packages each month on time. They discuss the architecture that enabled the move from a batch processing system to a real-time system, overcoming the challenges of migrating existing batch data to streaming data, and how to benefit from real-time analytics.
apidays London 2023 - API Programs - Security by Design, Privacy by Default, ...apidays
apidays London 2023 - APIs for Smarter Platforms and Business Processes
September 13 & 14, 2023
API Programs - Security by Design, Privacy by Default
Frederick Purcell, Software solution owner at eXate
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Talk from the API Management Meeting, San Francisco, 9/11/2013. Covering how APIs change the way be build applications. Also covers why the API Economy will be a complex distributed system.
DevOps in the Amazon Cloud – Learn from the pioneersNetflix suroGaurav "GP" Pal
DevOps helps accelerate the delivery of software applications through automation and by removing Development & Operations silos. The Netflix Platform Engineering team has developed a robust data pipeline solution called SURO that has been open sourced. Come learn from the experiences of pioneers like Netflix how they are leveraging the data pipeline for new and innovative use cases. This is the presentation by Danny Yuan, Netflix Platform Engineering Team on operational and monitoring aspects of applications on cloud platforms.
Join us as we take a deep dive into the architecture of the Salesforce1 Platform, explain how multitenancy actually works, and how it affects you as a developer. Showing the technology we use and the design principles we adhere to, you'll see how our platform teams manage three major upgrades a year without causing any issues to existing development. We'll cover the performance and security implications around the platform to give you an understanding of how limits have evolved. By the end of the session, you'll have a better grasp of the architecture underpinning Force.com and understand how to get the most out of it.
The data services marketplace is enabled by a data abstraction layer that supports rapid development of operational applications and single data view portals. In this presentation yo will learn services-based reference architecture, modality, and latency of data access.
- Reference architecture for enterprise data services marketplace
- Modality and latency of data access
- Customer use cases and demo
This presentation is part of the Denodo Educational Seminar , and you can watch the video here goo.gl/vycYmZ.
Big Data Day LA 2016/ Big Data Track - Building scalable enterprise data flow...Data Con LA
Connecting enterprise systems has always been a tough task. Modern IoT applications have exacerbated the issue by the need to integrate legacy systems with novel high velocity data streams. Various patterns like messaging, REST, etc. have been proposed, but they necessitate rearchitecting the integration layer which is extremely arduous. In this talk we will show you how to use Apache NiFi to solve your data integration, movement and ingestion problems. Next, we will examine how Apache NiFi can be used to construct durable, scalable and responsive IoT apps in conjunction with other stream processing and messaging frameworks.
This presentation was given by David Maier @magicable @munichnosql may 2014. The code can be found https://github.com/dmaier-couchbase/cbl-android-tasklist
Integração de Dados com Apache NIFI - Marco Garcia CetaxMarco Garcia
Nessa apresentação vamos mostrar um pouco mais sobre essa ferramenta de integração open source, também um pouco sobre o produto Hortonworks Data Flow (HDF).
Como Nifi é possível integrar fontes distintas como APIs, Bancos de Dados, Hadoop, HDFS, etc.
Similar to Netflix API - Separation of Concerns (20)
Netflix API: Keynote at Disney Tech ConferenceDaniel Jacobson
Disney held the first in a series of internal technical conferences in Orlando, FL, this one focused entirely on APIs. These slides are from my keynote presentation which kicked off the event. The slides focus on the Netflix API, API design, anti-patterns, technical revolutions, resiliency, scaling, test frameworks and other constructs that support the Netflix infrastructure.
Techniques for Scaling the Netflix API - QCon SFDaniel Jacobson
This presentation was from QCon SF 2011. In these slides I discuss various techniques that we use to scale the API. I also discuss in more detail our effort around redesigning the API.
APIs for Internal Audiences - Netflix - App Dev ConferenceDaniel Jacobson
API programs, typically thought of as a public program to see what public developer communities can build with a company's data, are becoming more and more critical to the success of mobile and device strategies. This presentation takes a look at Netflix's and NPR's strategies that lead to tremendous growth and discusses how Netflix plans to take this internal API strategy to the next level.
This is my presentation from the Business of APIs Conference in SF, held by Mashery (http://www.apiconference.com).
This talk talks briefly about the history of the Netflix API, then goes into three main categories of scaling:
1. Using the cloud to scale in size and internationally
2. Using Webkit to scale application development in parallel to the flexibility afforded by the API
3. Redesigning the API to improve performance and to downscale the infrastructure as the system scales
When viewing these slides, please note that they are almost entirely image-based, so I have added notes for each slide to detail the talking points.
This is a presentation that I gave to ESPN's Digital Media team about the trajectory of the Netflix API. I also discussed Netflix's device implementation strategy and how it enables rapid development and robust A/B testing.
This presentation demonstrates the great successes of the Netflix API to date. After some introspection, however, there is an opportunity to better prepare the API for the future. This presentation also offers a few ideas on how the Netflix API architecture may change over time.
NPR: Digital Distribution Strategy: OSCON2010Daniel Jacobson
When launching the API at OSCON in 2008, NPR targeted four audiences: the open source community; NPR member stations; NPR partners and vendors; and finally our internal developers and product managers. In its short two-year life, the NPR API has grown tremendously, from only a few hundred thousand requests per month to more than 60M. The API, furthermore, has enabled tremendous growth for NPR in the mobile space while facilitating more than 100% growth in total page views in the last year.
NPR's Digital Distribution and Mobile StrategyDaniel Jacobson
The NPR API has been the great enabler to achieve rapid development in the mobile space. That is, because we have our rich and powerful API, our mobile team is free to pursue the development of their mobile products without being encumbered by limited internal development resources. The touch-point between the mobile product and our content is fixed which means the mobile team can focus on design and usability for the specific platform.
These slides demonstrate some of the usage and metrics of the NPR API. In addition to the flow of an NPR story from creation to distribution, I also tried to provide a reasonable sampling of the more popular or interesting implementations.
These slides are from the OpenID UX Summit at Sears in Chicago. We discuss the newly formed Adoption Committee for OpenID, NPR's identity sharing strategy, Sears' OpenID case study, PBS' case study, and the goal towards a federated public media identity.
This presentation shows the same NPR story displayed in a wide range of platforms. The content, through the principles of COPE, is pushed out to all of these destinations through the NPR API. Each destination, meanwhile, uses the appropriate content for that presentation layer.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
3. Data Gathering
Data Formatting
Data Delivery
Security
Authorization
Authentication
System Scaling
Discoverability
Data Consistency
Translations
Throttling
Orchestration
APIs Do
Lots of Things!
These are some of the
many things APIs do.
4. Data Gathering
Data Formatting
Data Delivery
Security
Authorization
Authentication
System Scaling
Discoverability
Data Consistency
Translations
Throttling
Orchestration
APIs Do
Lots of Things!
These three are at the core.
All others ultimately
support them.
5. Definitions
• Data Gathering
– Retrieving the requested data from one or many local
or remote data sources
• Data Formatting
– Preparing a structured payload to the requesting
agent
• Data Delivery
– Delivering the structured payload to the requesting
agent
11. Why do most API providers provide
everything?
• API design tends to be easier for teams closer
to the source
• Centralized API functions makes them easier
to support
• Many APIs have a large set of unknown and
external developers
12. Why do most API providers provide
everything?
• API design tends to be easier for teams closer
to the source
• Centralized API functions makes them easier
to support
• Many APIs have a large set of unknown and
external developers
13. Data Gathering Data Formatting Data Delivery
API Consumer
API Provider
Separation of Concerns
To be a better provider, the API should address the
separation of concerns of the three core functions
14. Data Gathering Data Formatting Data Delivery
API Consumer
Don’t care how data
is gathered, as long
as it is gathered
API Provider
Care a lot about
how the data is
gathered
Separation of Concerns
15. Data Gathering Data Formatting Data Delivery
API Consumer
Don’t care how data
is gathered, as long
as it is gathered
Each consumer cares a
lot about the format
for that specific use
API Provider
Care a lot about
how the data is
gathered
Only cares about the
format to the extent it
is easy to support
Separation of Concerns
16. Data Gathering Data Formatting Data Delivery
API Consumer
Don’t care how data
is gathered, as long
as it is gathered
Each consumer cares a
lot about the format
for that specific use
Each consumer cares a
lot about how payload
is delivered
API Provider
Care a lot about
how the data is
gathered
Only cares about the
format to the extent it
is easy to support
Only cares about
delivery method to the
extent it is easy to
support
Separation of Concerns
17. Because of our separation of
concerns, the Netflix API team is
enabled to focus on different charters
18. Key Responsibilities
• Broker data between services and UIs
• Maintain a resilient front-door
• Scale the system vertically and horizontally
• Maintain high velocity
• Provide detailed insights into the system health
Most companies focus on a small handful of device implementations, most notably Android and iOS devices.
At Netflix, we have more than 1,000 different device types that we support. Across those devices, there is a high degree of variability. As a result, we have seen inefficiencies and problems emerge across our implementations. Those issues also translate into issues with the API interaction.
For example, screen size could significantly affect what the API should deliver to the UI. TVs with bigger screens that can potentially fit more titles and more metadata per title than a mobile phone. Do we need to send all of the extra bits for fields or items that are not needed, requiring the device itself to drop items on the floor? Or can we optimize the deliver of those bits on a per-device basis?
Different devices have different controlling functions as well. For devices with swipe technologies, such as the iPad, do we need to pre-load a lot of extra titles in case a user swipes the row quickly to see the last of 500 titles in their queue? Or for up-down-left-right controllers, would devices be more optimized by fetching a few items at a time when they are needed? Other devices support voice or hand gestures or pointer technologies. How might those impact the user experience and therefore the metadata needed to support them?
The technical specs on these devices differ greatly. Some have significant memory space while others do not, impacting how much data can be handled at a given time. Processing power and hard-drive space could also play a role in how the UI performs, in turn potentially influencing the optimal way for fetching content from the API. All of these differences could result in different potential optimizations across these devices.
Many UI teams needing metadata means many requests to the API team. In the one-size-fits-all API world, we essentially needed to funnel these requests and then prioritize them. That means that some teams would need to wait for API work to be done. It also meant that, because they all shared the same endpoints, we were often adding variations to the endpoints resulting in a more complex system as well as a lot of spaghetti code. Make teams wait due to prioritization was exacerbated by the fact that tasks took longer because the technical debt was increasing, causing time to build and test to increase. Moreover, many of the incoming requests were asking us to do more of the same kinds of customizations. This created a spiral that would be very difficult to break out of…
Many other companies have seen similar issues and have introduced orchestration layers that enable more flexible interaction models.
Odata, HYQL, ql.io, rest.li and others are examples of orchestration layers. They address the same problems that we have seen, but we have approached the solution in a very different way.
We evolved our discussion towards what ultimately became a discussion between resource-based APIs and experience-based APIs.
The original OSFA API was very resource oriented with granular requests for specific data, delivering specific documents in specific formats.
The interaction model looked basically like this, with (in this example) the PS3 making many calls across the network to the OSFA API. The API ultimately called back to dependent services to get the corresponding data needed to satisfy the requests.
In this mode, there is a very clear divide between the Client Code and the Server Code. That divide is the network border.
And the responsibilities have the same distribution as well. The Client Code handles the rendering of the interface (as well as asking the server for data). The Server Code is responsible of gathering, formatting and delivering the data to the UIs.
And ultimately, it works. The PS3 interface looks like this and was populated by this interaction model.
But we believe this is not the optimal way to handle it. In fact, assembling a UI through many resource-based API calls is akin to pointillism paintings. The picture looks great when fully assembled, but it is done by assembling many points put together in the right way.
We have decided to pursue an experience-based approach instead. Rather than making many API requests to assemble the PS3 home screen, the PS3 will potentially make a single request to a custom, optimized endpoint.
In an experience-based interaction, the PS3 can potentially make asingle request across the network border to a scripting layer (currently Groovy), in this example to provide the data for the PS3 home screen. The call goes to a very specific, custom endpoint for the PS3 or for a shared UI. The Groovy script then interprets what is needed for the PS3 home screen and triggers a series of calls to the Java API running in the same JVM as the Groovy scripts. The Java API is essentially a series of methods that individually know how to gather the corresponding data from the dependent services. The Java API then returns the data to the Groovy script who then formats and delivers the very specific data back to the PS3.
In this model, the border between Client Code and Server Code is no longer the network border. It is now back on the server. The Groovy is essentially a client adapter written by the client teams.
And the distribution of work changes as well. The client teams continue to handle UI rendering, but now are also responsible for the formatting and delivery of content. The API team, in terms of the data side of things, is responsible for the data gathering and hand-off to the client adapters. Of course, the API team does many other things, including resiliency, scaling, dependency interactions, etc. This model is essentially a platform for API development.
If resource-based APIs assemble data like pointillism, experience-based APIs assemble data like a photograph. The experience-based approach captures and delivers it all at once.