Here are the slides from Tray Torrance's PuppetConf 2016 presentation called Can You Manage Me Now? Humanizing Configuration Management at Scale. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: DevOps Where You Wouldn't Have Expected – Thomas Limoncelli,...Puppet
Here are the slides from Thomas Limoncelli's PuppetConf 2016 presentation called DevOps Where You Wouldn't Have Expected. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
"Functional Hostnames and Why they are Bad" by Andrew Fong and Gary Josack of Dropbox at Puppet Camp SF 2013. Find a Puppet Camp near you and learn more about configuration management: puppetlabs.com/community/puppet-camp/
PuppetConf 2016: Multi-Tenant Puppet at Scale – John Jawed, eBay, Inc.Puppet
Here are the slides from John Jawed's PuppetConf 2016 presentation called Multi-Tenant Puppet at Scale. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Scaling Puppet on AWS ECS with Terraform and Docker – Maxime...Puppet
Here are the slides from Maxime Visonneau's PuppetConf 2016 presentation called Scaling Puppet on AWS ECS with Terraform and Docker. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Here are the slides from Gareth Rushgrove's PuppetConf 2016 presentation called Running Puppet Software in Docker Containers. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Here are the slides from Anjuan Simmons' PuppetConf 2016 presentation called Debugging Diversity. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: DevOps Where You Wouldn't Have Expected – Thomas Limoncelli,...Puppet
Here are the slides from Thomas Limoncelli's PuppetConf 2016 presentation called DevOps Where You Wouldn't Have Expected. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
"Functional Hostnames and Why they are Bad" by Andrew Fong and Gary Josack of Dropbox at Puppet Camp SF 2013. Find a Puppet Camp near you and learn more about configuration management: puppetlabs.com/community/puppet-camp/
PuppetConf 2016: Multi-Tenant Puppet at Scale – John Jawed, eBay, Inc.Puppet
Here are the slides from John Jawed's PuppetConf 2016 presentation called Multi-Tenant Puppet at Scale. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Scaling Puppet on AWS ECS with Terraform and Docker – Maxime...Puppet
Here are the slides from Maxime Visonneau's PuppetConf 2016 presentation called Scaling Puppet on AWS ECS with Terraform and Docker. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Here are the slides from Gareth Rushgrove's PuppetConf 2016 presentation called Running Puppet Software in Docker Containers. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Here are the slides from Anjuan Simmons' PuppetConf 2016 presentation called Debugging Diversity. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf. 2016: External Data in Puppet 4 – R.I. PienaarPuppet
Here are the slides from R.I. Pienaar's PuppetConf 2016 presentation called External Data in Puppet 4. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...Puppet
Here are the slides from David Lutterkort's PuppetConf 2016 presentation called The Challenges with Container Configuration. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf track overview: Modern InfrastructurePuppet
From containers to Docker, Mesos and Kubernetes — you'll hear about it at PuppetConf 2016 in San Diego. Learn more and register at https://puppet.com/puppetconf/.
PuppetConf 2016: Best Practices for Puppet in the Cloud – Randall Hunt, Amazo...Puppet
This document summarizes best practices for using Puppet configuration management in the AWS cloud. It describes ServiceChannel's journey from an on-premise infrastructure to migrating to AWS, including initial exploration of single EC2 instances and hybrid on-premise/AWS deployments. Key steps for deploying Puppet in AWS are discussed such as understanding AWS services, network configuration, enabling CloudTrail logging, and using IAM roles. The Puppet Labs AWS module is introduced for provisioning AWS resources through Puppet. Benefits seen from adopting DevOps practices like Puppet in AWS include faster deployment times, increased stability, and shorter recovery windows.
PuppetConf 2016: Implementing Puppet within a Complex Enterprise – Jerry Caup...Puppet
Here are the slides fromJerry Caupain's PuppetConf 2016 presentation called Implementing Puppet within a Complex Enterprise. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Watching the Puppet Show – Sean Porter, Heavy Water OperationsPuppet
Here are the slides from Sean Porter PuppetConf 2016 presentation called Watching the Puppet Show. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf. 2016: Puppet Best Practices: Roles & Profiles – Gary Larizza, PuppetPuppet
Here are the slides from Gary Larizza's PuppetConf 2016 presentation called Puppet Best Practices: Roles and Profiles. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Successful Puppet Implementation in Large Organizations – Ja...Puppet
Here are the slides from James Sweeny's PuppetConf 2016 presentation called Successful Puppet Implementation in Large Organizations. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
- The company that produces GemStone, formerly known as GemStone Systems, is now called GemTalk Systems.
- GemTalk Systems will continue to support GemStone/S 32 indefinitely instead of ending support in 2015 as originally planned.
- A new version of GemStone/S 64, version 3.2, is planned for late 2013 or early 2014 which will include new features like improved indexing, encryption capabilities, and hot standby functionality.
- GemStone/S licensing models will now include perpetual licenses and annual subscriptions in addition to the existing VAR model. A new free Web Edition of GemStone/S will also be offered.
The Windows Azure public cloud platform is one of the three pillars of Microsoft’s Cloud OS vision that will transform the traditional datacenter environment, help businesses unlock insights in data stored anywhere, enable the development of a wide range of modern business applications, and empower IT to support users who work anywhere on any device while being able to manage these devices in a secure and consistent way. Microsoft Azure Training Courses here: http://www.traincanada.com/courses/microsoft/azure/
Savanna is an OpenStack component that allows elastic provisioning of Hadoop clusters in OpenStack. It has a 3 phase roadmap - phase 1 allows basic cluster provisioning which is complete, phase 2 will add advanced configuration and tool integration currently in progress, and phase 3 will enable analytics as a service with a job execution framework. Savanna uses an extensible plugin architecture to provision Hadoop VMs and configure the clusters, integrating with other OpenStack components like Nova, Glance, and Swift.
Smooth your path to successful IT budgeting with Absoft's Technical Roadmap Service. http://www.absoft.co.uk/content/roadmap-for-successful-it-budgeting
Learn about the Open Data Center Alliance Workgroups, Usage Models and Roadmap Structure from the perspective of the Alliance Technical Coordination Committee. This presentation was used in the Nov. 18, 2010 Alliance Webcast delivered by Howard Grodin, VP of Strategic Programs, Terrermark; Alliance Technical Coordination Committee Member, and Ravi Subranamiam, Intel Corporation; Alliance Technical Advisor.
For more information about the Open Data Center Alliance, visit www.opendatacenteralliance.org. You will also find the Webcast recording that accompanies this presentation there.
Overview of America's Leading Manufacterer of Heat Presses and Calendars. For more info go to: http://www.graphicsone.com/go-metalnox-full-line-heat-presses/
The Nuxeo 2015 Roadmap document outlines planned evolutions and improvements to the Nuxeo platform, including enhancements to the document repository, field constraints, blob management, document storage, platform infrastructure, operations on large trees, multi-node management, online services/connectors, UI/client SDK, coding tools, automation scripting, and Java coding. Key goals are to improve scalability, robustness, integration with cloud services, and provide modern tools for building Nuxeo-based applications.
The document provides an update on WSO2's technical developments in 2011 and roadmap highlights for 2012. Major updates in 2011 included improvements to Carbon Core, the Enterprise Service Bus, Governance Registry, and other products. Focus areas for 2012 include tooling, integration, analytics, cloud services, and improvements to Carbon and Stratos foundations. The roadmap highlights new capabilities for API management, Cassandra support, a redesigned Business Activity Monitor, and an automated cloud development platform.
SharePoint 2010 Technical Certification Roadmap
Presenter Name, Title
Microsoft Certifications feature succinct paths to help you become Microsoft Certified.
Different series highlight technology expertise by job function.
Provides a clear, concise way to highlight your specific skill set and validates your abilities at every stage of your professional development
This 5-day Certified Ethical Hacker training course teaches students how to scan, test, hack, and secure their own systems by learning the techniques used by hackers. The course covers topics like footprinting, scanning, enumeration, system hacking, viruses, sniffers, denial of service attacks, session hijacking, web server hacking, web application vulnerabilities, password cracking, SQL injection, and wireless and cryptography attacks. The goal is to help security professionals and network administrators enhance cybersecurity by thinking like an attacker in order to defend systems from real-world threats.
The document provides guidance on using cheat sheets to study for the EC-Council Certified Ethical Hacker exam. It recommends printing out the cheat sheets, copying them by hand multiple times, and adding notes to help master the concepts and recall important information during the exam without needing the original sheets. A chapter map outlines the topics covered in the various cheat sheets to aid preparation.
A trojan is a type of malware that appears to perform a desirable function but hides malicious code that allows unauthorized access to a system. Some key points about trojans:
- Trojans are often disguised as legitimate files to trick users into running them. Common file types used for trojans include executable files (.exe), dynamic link libraries (.dll), scripts (.vbs, .js), and compressed files (.zip, .rar).
- Once activated, a trojan may allow attackers to install additional malware, steal data, use system resources for cryptomining or DDoS attacks, and more.
- Common trojan delivery methods include email attachments, compromised/malicious websites, peer-to-
PuppetConf. 2016: External Data in Puppet 4 – R.I. PienaarPuppet
Here are the slides from R.I. Pienaar's PuppetConf 2016 presentation called External Data in Puppet 4. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...Puppet
Here are the slides from David Lutterkort's PuppetConf 2016 presentation called The Challenges with Container Configuration. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf track overview: Modern InfrastructurePuppet
From containers to Docker, Mesos and Kubernetes — you'll hear about it at PuppetConf 2016 in San Diego. Learn more and register at https://puppet.com/puppetconf/.
PuppetConf 2016: Best Practices for Puppet in the Cloud – Randall Hunt, Amazo...Puppet
This document summarizes best practices for using Puppet configuration management in the AWS cloud. It describes ServiceChannel's journey from an on-premise infrastructure to migrating to AWS, including initial exploration of single EC2 instances and hybrid on-premise/AWS deployments. Key steps for deploying Puppet in AWS are discussed such as understanding AWS services, network configuration, enabling CloudTrail logging, and using IAM roles. The Puppet Labs AWS module is introduced for provisioning AWS resources through Puppet. Benefits seen from adopting DevOps practices like Puppet in AWS include faster deployment times, increased stability, and shorter recovery windows.
PuppetConf 2016: Implementing Puppet within a Complex Enterprise – Jerry Caup...Puppet
Here are the slides fromJerry Caupain's PuppetConf 2016 presentation called Implementing Puppet within a Complex Enterprise. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Watching the Puppet Show – Sean Porter, Heavy Water OperationsPuppet
Here are the slides from Sean Porter PuppetConf 2016 presentation called Watching the Puppet Show. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf. 2016: Puppet Best Practices: Roles & Profiles – Gary Larizza, PuppetPuppet
Here are the slides from Gary Larizza's PuppetConf 2016 presentation called Puppet Best Practices: Roles and Profiles. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Successful Puppet Implementation in Large Organizations – Ja...Puppet
Here are the slides from James Sweeny's PuppetConf 2016 presentation called Successful Puppet Implementation in Large Organizations. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
- The company that produces GemStone, formerly known as GemStone Systems, is now called GemTalk Systems.
- GemTalk Systems will continue to support GemStone/S 32 indefinitely instead of ending support in 2015 as originally planned.
- A new version of GemStone/S 64, version 3.2, is planned for late 2013 or early 2014 which will include new features like improved indexing, encryption capabilities, and hot standby functionality.
- GemStone/S licensing models will now include perpetual licenses and annual subscriptions in addition to the existing VAR model. A new free Web Edition of GemStone/S will also be offered.
The Windows Azure public cloud platform is one of the three pillars of Microsoft’s Cloud OS vision that will transform the traditional datacenter environment, help businesses unlock insights in data stored anywhere, enable the development of a wide range of modern business applications, and empower IT to support users who work anywhere on any device while being able to manage these devices in a secure and consistent way. Microsoft Azure Training Courses here: http://www.traincanada.com/courses/microsoft/azure/
Savanna is an OpenStack component that allows elastic provisioning of Hadoop clusters in OpenStack. It has a 3 phase roadmap - phase 1 allows basic cluster provisioning which is complete, phase 2 will add advanced configuration and tool integration currently in progress, and phase 3 will enable analytics as a service with a job execution framework. Savanna uses an extensible plugin architecture to provision Hadoop VMs and configure the clusters, integrating with other OpenStack components like Nova, Glance, and Swift.
Smooth your path to successful IT budgeting with Absoft's Technical Roadmap Service. http://www.absoft.co.uk/content/roadmap-for-successful-it-budgeting
Learn about the Open Data Center Alliance Workgroups, Usage Models and Roadmap Structure from the perspective of the Alliance Technical Coordination Committee. This presentation was used in the Nov. 18, 2010 Alliance Webcast delivered by Howard Grodin, VP of Strategic Programs, Terrermark; Alliance Technical Coordination Committee Member, and Ravi Subranamiam, Intel Corporation; Alliance Technical Advisor.
For more information about the Open Data Center Alliance, visit www.opendatacenteralliance.org. You will also find the Webcast recording that accompanies this presentation there.
Overview of America's Leading Manufacterer of Heat Presses and Calendars. For more info go to: http://www.graphicsone.com/go-metalnox-full-line-heat-presses/
The Nuxeo 2015 Roadmap document outlines planned evolutions and improvements to the Nuxeo platform, including enhancements to the document repository, field constraints, blob management, document storage, platform infrastructure, operations on large trees, multi-node management, online services/connectors, UI/client SDK, coding tools, automation scripting, and Java coding. Key goals are to improve scalability, robustness, integration with cloud services, and provide modern tools for building Nuxeo-based applications.
The document provides an update on WSO2's technical developments in 2011 and roadmap highlights for 2012. Major updates in 2011 included improvements to Carbon Core, the Enterprise Service Bus, Governance Registry, and other products. Focus areas for 2012 include tooling, integration, analytics, cloud services, and improvements to Carbon and Stratos foundations. The roadmap highlights new capabilities for API management, Cassandra support, a redesigned Business Activity Monitor, and an automated cloud development platform.
SharePoint 2010 Technical Certification Roadmap
Presenter Name, Title
Microsoft Certifications feature succinct paths to help you become Microsoft Certified.
Different series highlight technology expertise by job function.
Provides a clear, concise way to highlight your specific skill set and validates your abilities at every stage of your professional development
This 5-day Certified Ethical Hacker training course teaches students how to scan, test, hack, and secure their own systems by learning the techniques used by hackers. The course covers topics like footprinting, scanning, enumeration, system hacking, viruses, sniffers, denial of service attacks, session hijacking, web server hacking, web application vulnerabilities, password cracking, SQL injection, and wireless and cryptography attacks. The goal is to help security professionals and network administrators enhance cybersecurity by thinking like an attacker in order to defend systems from real-world threats.
The document provides guidance on using cheat sheets to study for the EC-Council Certified Ethical Hacker exam. It recommends printing out the cheat sheets, copying them by hand multiple times, and adding notes to help master the concepts and recall important information during the exam without needing the original sheets. A chapter map outlines the topics covered in the various cheat sheets to aid preparation.
A trojan is a type of malware that appears to perform a desirable function but hides malicious code that allows unauthorized access to a system. Some key points about trojans:
- Trojans are often disguised as legitimate files to trick users into running them. Common file types used for trojans include executable files (.exe), dynamic link libraries (.dll), scripts (.vbs, .js), and compressed files (.zip, .rar).
- Once activated, a trojan may allow attackers to install additional malware, steal data, use system resources for cryptomining or DDoS attacks, and more.
- Common trojan delivery methods include email attachments, compromised/malicious websites, peer-to-
Code quality directly impacts how easy or hard your job is. The higher the quality, the easier it is for anyone (including you) to quickly jump in and get to work. Where do you start? In this session, Tonya Mork will empower you to simplify your code while dramatically increasing its code quality.
It's all about building <human code>, code that is highly human readable and understandable.
This slide deck is from a session I gave for WPSessions. https://wpsessions.com/sessions/code-quality-makes-jobs-easier/
How to support the developers of your API, give them skills and tools to be successful.
Webex of my presentation at https://cisco.webex.com/ciscosales/lsr.php?AT=pb&SP=MC&rID=62417452&rKey=caa6309156837b7a
Security professionals often call people “the weakest link.” We claim that they'll always make mistakes, however hard we try, and throw up our hands. But the simple truth is that we can help people do well at a wide variety of security tasks, and it’s easy to get started. Building on work in usable security and threat modeling, this session will give you actionable, proven ways to secure people.
(Source: RSA USA 2016-San Francisco)
The key points of maintainable code according to the document are:
1) Code should be written to be easily read and understood. Methods and classes should not go on for too many lines to hold the reader's context.
2) Code should leverage existing libraries rather than reinventing the wheel for common tasks.
3) Guard clauses and failure fast approaches like exceptions help simplify code flow and make errors obvious.
4) Null values and unnecessary complexity like nested if statements should be avoided when possible.
Chat bots been have popping up everywhere for silly things, but what if they can help us make the world more safe and secure? The work of designing secure systems often involves iterating over designs with a team but what if you don’t have a team? What if you could iterate over system design and analysis in a chat window and have a design document with safety constraints as the end product? This talk will present an original chat bot that will do just that
The document discusses anti-patterns and code smells that can occur in software development. It defines anti-patterns as poor solutions to recurring problems that happen when developers lack experience or apply patterns incorrectly. Several common anti-patterns are described, such as the Blob (overly large class), Lava Flow (unused code), and Golden Hammer (overusing a single concept). Code smells are also defined as indicators that code may need refactoring, and examples like duplicated code, long methods, and switch statements are provided. Overall refactoring techniques are recommended to improve code quality by addressing these issues.
I will represent multiple case studies to convey the message that if you think limited, you will be limited. Bug bounty approach has degraded the quality of penetration testing, for both the customers as well as the practitioners. It is hard for the customer to differentiate between a good penetration testing and a quick and dirty top-10 or top-25 approach.
https://nsconclave.net-square.com/pentesters-mindset.html
This document discusses various anti-patterns and best practices in coding. It covers topics like avoiding magic numbers, proper use of #define, implicit type conversions, assertions, encapsulation, short and descriptive variable names, dead code, and name spacing. The key messages are to form good habits, optimize code for humans, learn rules well to know when to break them, avoid assumptions without assertions, and use proper encapsulation, short methods and naming.
Design patterns - The Good, the Bad, and the Anti-PatternBarry O Sullivan
The slides from my talk on design patterns, and when good design patterns turn bad. I go through various patterns I've seen abused (by myself as well as others) and I offer advice on how to avoid these mistakes. Design patterns are a tool, use the right one for the job,
This document discusses secure software engineering practices, including:
1) Using architecture to structure applications so they mitigate exploits by limiting the impact of vulnerabilities.
2) Conducting code reviews with a variety of reviewers to catch issues and avoid "inbred" groupthink.
3) Using automated code checkers and complexity metrics to efficiently find security bugs, though their results still require manual review.
Everyone knows you ought to threat model, but in practical reality it turns out to be tricky. If past efforts to threat model haven't panned out, perhaps part of the problem is confusion over what works, and how the various approaches conflict or align. This talk captures lessons from years of work helping people throughout the software industry threat model more effectively. It's designed to help security pros, developers and systems managers, all of whom will leave with both threat modeling lessons from Star Wars and a proven foundation, enabling them to threat model effectively.
How Credential Stuffing is Evolving - PasswordsCon 2019Jarrod Overson
Slides for talk given at PasswordsCon Sweden 2019. Credentials Stuffing is an automated attack that exploits users who reuse passwords by taking breached credentials and replaying them across sites.
Extension methods, nulls, namespaces and precedence in c#Paul Houle
Extension methods are the most controversial feature that Microsoft has introduced in
C# 3.0. Introduced to support the LINQ query framework, extension methods make
it possible to define new methods for existing classes.
Although extension methods can greatly simplify code that uses them, many are
concerned that they could transform C# into something that programmers find
unrecognizable, or that C#’s namespace mechanisms are inadequate for managing
large systems that use extension methods. Adoption of the LINQ framework,
however, means that extension methods are here to stay, and that .net
programmers need to understand how to use them effectively, and, in particular,
how extension methods are different from regular methods.
This article discusses three ways in which extension methods differ from regular
methods:
1. Extension methods can be called on null objects without throwing an exception
2. Extension methods cannot be called inside of a subclass
Extension methods, nulls, namespaces and precedence in c#Paul Houle
Extension methods allow calling methods on null objects without exceptions and add methods to existing classes without modifying them. However, extension methods have different precedence than regular methods and can cause conflicts if defined in multiple namespaces. To avoid issues, extension methods should be defined carefully, null values should be checked, and namespaces should be managed properly.
This document discusses using AI techniques like chatbots and neural networks to help automate the process of finding software vulnerabilities. It summarizes that traditional fuzzing and symbolic execution approaches are slow, and benefit from good initial test cases. A chatbot was trained on existing human-generated test cases to see if it could produce new test cases that achieve similar code coverage levels as humans. While the chatbot underperformed humans, it was much faster and in some cases came close to human performance. Further research into improving chatbots and combining them with symbolic execution may lead to more effective automated vulnerability discovery tools.
Similar to PuppetConf 2016: Can You Manage Me Now? Humanizing Configuration Management at Scale – Tray Torrance, Twitter (20)
Puppet camp2021 testing modules and controlrepoPuppet
This document discusses testing Puppet code when using modules versus a control repository. It recommends starting with simple syntax and unit tests using PDK or rspec-puppet for modules, and using OnceOver for testing control repositories, as it is specially designed for this purpose. OnceOver allows defining classes, nodes, and a test matrix to run syntax, unit, and acceptance tests across different configurations. Moving from simple to more complex testing approaches like acceptance tests is suggested. PDK and OnceOver both have limitations for testing across operating systems that may require customizing spec tests. Infrastructure for running acceptance tests in VMs or containers is also discussed.
This document appears to be for a PuppetCamp 2021 presentation by Corey Osman of NWOPS, LLC. It includes information about Corey Osman and NWOPS, as well as sections on efficient development, presentation content, demo main points, Git strategies including single branch and environment branch strategies, and workflow improvements. Contact information is provided at the bottom.
The document discusses operational verification and how Puppet is working on a new module to provide more confidence in infrastructure health. It introduces the concept of adding check resources to catalogs to validate configurations and service health directly during Puppet runs. Examples are provided of how this could detect issues earlier than current methods. Next steps outlined include integrating checks into more resource types, fixing reporting, integrating into modules, and gathering feedback. This allows testing and monitoring to converge by embedding checks within configurations.
This document provides tips and tricks for using Puppet with VS Code, including links to settings examples and recommended extensions to install like Gitlens, Remote Development Pack, Puppet Extension, Ruby, YAML Extension, and PowerShell Extension. It also mentions there will be a demo.
- The document discusses various patterns and techniques the author has found useful when working with Puppet modules over 10+ years, including some that may be considered unorthodox or anti-patterns by some.
- Key topics covered include optimization of reusable modules, custom data types, Bolt tasks and plans, external facts, Hiera classification, ensuring resources for presence/absence, application abstraction with Tiny Puppet, and class-based noop management.
- The author argues that some established patterns like roles and profiles can evolve to be more flexible, and that running production nodes in noop mode with controls may be preferable to fully enforcing on all nodes.
Applying Roles and Profiles method to compliance codePuppet
This document discusses adapting the roles and profiles design pattern to writing compliance code in Puppet modules. It begins by noting the challenges of writing compliance code, such as it touching many parts of nodes and leading to sprawling code. It then provides an overview of the roles and profiles pattern, which uses simple "front-end" roles/interfaces and more complex "back-end" profiles/implementations. The rest of the document discusses how to apply this pattern when authoring Puppet modules for compliance - including creating interface and implementation classes, using Hiera for configuration, and tools for reducing boilerplate code. It aims to provide a maintainable structure and simplify adapting to new compliance frameworks or requirements.
This document discusses Kinney Group's Puppet compliance framework for automating STIG compliance and reporting. It notes that customers often implement compliance Puppet code poorly or lack appropriate Puppet knowledge. The framework aims to standardize compliance modules that are data-driven and customizable. It addresses challenges like conflicting modules and keeping compliance current after implementation. The framework generates automated STIG checklists and plans future integration with Puppet Enterprise and Splunk for continued compliance reporting. Kinney Group cites practical experience implementing the framework for various military and government customers.
Enforce compliance policy with model-driven automationPuppet
This document discusses model-driven automation for enforcing compliance. It begins with an overview of compliance benchmarks and the CIS benchmarks. It then discusses implementing benchmarks, common challenges around configuration drift and lack of visibility, and how to define compliance policy as code. The key points are that automation is essential for compliance at scale; a model-driven approach defines how a system should be configured and uses desired-state enforcement to keep systems compliant; and defining compliance policy as code, managing it with source control, and automating it with CI/CD helps achieve continuous compliance.
This document discusses how organizations can move from a reactive approach to compliance to a proactive approach using automation. It notes that over 50% of CIOs cite security and compliance as a barrier to IT modernization. Puppet offers an end-to-end compliance solution that allows organizations to automatically eliminate configuration drift, enforce compliance at scale across operating systems and environments, and define policy as code. The solution helps organizations improve compliance from 50% to over 90% compliant. The document argues that taking a proactive automation approach to compliance can turn it into a competitive advantage by improving speed and innovation.
Automating it management with Puppet + ServiceNowPuppet
As the leading IT Service Management and IT Operations Management platform in the marketplace, ServiceNow is used by many organizations to address everything from self service IT requests to Change, Incident and Problem Management. The strength of the platform is in the workflows and processes that are built around the shared data model, represented in the CMDB. This provides the ‘single source of truth’ for the organization.
Puppet Enterprise is a leading automation platform focused on the IT Configuration Management and Compliance space. Puppet Enterprise has a unique perspective on the state of systems being managed, constantly being updated and kept accurate as part of the regular Puppet operation. Puppet Enterprise is the automation engine ensuring that the environment stays consistent and in compliance.
In this webinar, we will explore how to maximize the value of both solutions, with Puppet Enterprise automating the actions required to drive a change, and ServiceNow governing the process around that change, from definition to approval. We will introduce and demonstrate several published integration points between the two solutions, in the areas of Self-Service Infrastructure, Enriched Change Management and Automated Incident Registration.
This document promotes Puppet as a tool for hardening Windows environments. It states that Puppet can be used to harden Windows with one line of code, detect drift from desired configurations, report on missing or changing requirements, reverse engineer existing configurations, secure IIS, and export configurations to the cloud. Benefits of Puppet mentioned include hardening Windows environments, finding drift for investigation, easily passing audits, compliance reporting, easy exceptions, and exporting configurations. It also directs users to Puppet Forge modules for securing Windows and IIS.
Simplified Patch Management with Puppet - Oct. 2020Puppet
Does your company struggle with patching systems? If so, you’re not alone — most organizations have attempted to solve this issue by cobbling together multiple tools, processes, and different teams, which can make an already complicated issue worse.
Puppet helps keep hosts healthy, secure and compliant by replacing time-consuming and error prone patching processes with Puppet’s automated patching solution.
Join this webinar to learn how to do the following with Puppet:
Eliminate manual patching processes with pre-built patching automation for Windows and Linux systems.
Gain visibility into patching status across your estate regardless of OS with new patching solution from the PE console.
Ensure your systems are compliant and patched in a healthy state
How Puppet Enterprise makes patch management easy across your Windows and Linux operating systems.
Presented by: Margaret Lee, Product Manager, Puppet, and Ajay Sridhar, Sr. Sales Engineer, Puppet.
The document discusses how Puppet can be used to accelerate adoption of Microsoft Azure. It describes lift and shift migration of on-premises workloads to Azure virtual machines. It also covers infrastructure as code using Puppet and Terraform for provisioning, configuration management using Puppet Bolt, and implementing immutable infrastructure patterns on Azure. Integrations with Azure services like Key Vault, Blob Storage and metadata service are presented. Patch management and inventory of Azure resources with Puppet are also summarized.
This document discusses using Puppet Catalog Diff to analyze the impact of changes between Puppet environments or catalogs. It provides the command line usage and options for Puppet Catalog Diff. It also discusses how to integrate Puppet Catalog Diff into CI/CD pipelines for automated impact analysis when merging code changes. Additional resources like GitHub projects and Dev.to posts are provided for learning more about diffing Puppet environments and catalogs.
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
ServiceNow and Puppet can be integrated in four key areas: 1) Self-service infrastructure allows non-Puppet experts to control infrastructure through a ServiceNow interface; 2) Enriched change management automatically generates ServiceNow change requests from Puppet changes and populates them with impact details; 3) Automated incident registration forwards details of configuration drift corrections in Puppet to ServiceNow to create incidents; and 4) Up-to-date asset management would periodically upload Puppet inventory data to ServiceNow to keep the CMDB accurate without disruptive discovery runs.
This document discusses how Puppet Relay uses Tekton pipelines to orchestrate containerized workflows. It provides an overview of how Tekton fits into the Relay architecture, with Tekton controllers managing taskrun pods to execute workflow steps defined in YAML. Triggers can initiate workflows based on events, with reusable and composable steps for tasks like provisioning infrastructure or clearing resources. Relay also includes features for parameters, secrets, outputs, and approvals to customize workflows. An ecosystem of open source integrations provides sample workflows and steps for common use cases.
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
This document discusses deploying legacy software into the AWS cloud using Puppet. It proposes modeling AWS resources like security groups, autoscaling groups, and launch configurations as Puppet resources. This would allow Puppet to provision the underlying AWS infrastructure and configure servers launched in autoscaling groups. It acknowledges challenges around server reboots but suggests they can be addressed. In summary, it argues custom Puppet resources can easily model AWS resources and using Puppet to configure autoscaling servers is possible despite some challenges around rebooting servers during deployment.
This document discusses a partnership between Republic Polytechnic's School of Infocomm and Puppet to promote DevOps practices. It introduces several people involved with the partnership and outlines their mission to prepare more IT companies and individuals for jobs in the DevOps field through training courses. The document describes some short courses offered on DevOps topics and using the Puppet and Microsoft Azure platforms. It provides an example of how Republic Polytechnic has automated infrastructure configuration using Puppet to save time and reduce errors. There is a request at the end for readers to register their interest in DevOps by completing a survey.
This document discusses continuous compliance and DevSecOps best practices followed by financial services organizations.
Continuous compliance is defined as an ongoing process of proactive risk management that delivers predictable, transparent, and cost-effective compliance results. It involves continuously monitoring compliance controls, providing real-time alerts for failures and remediation recommendations, and maintaining up-to-date policies. Best practices for continuous compliance discussed include defining CIS controls and benchmarks, achieving transparent compliance dashboards and automated fixes for breaches.
DevSecOps is introduced as bringing security earlier in the application development lifecycle to minimize vulnerabilities. It aims to make everyone accountable for security. Challenges discussed include security teams struggling to keep up with DevOps pace and
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
The document discusses using Puppet and Vault together to dynamically manage SSL certificates. Puppet can use the vault_cert resource to request signed certificates from Vault and configure services to use the certificates. On Windows, some additional logic is needed to retrieve certificates' thumbprints and bind services to certificates using those thumbprints. This approach provides automated certificate renewal and distribution across platforms.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
3. Problem Space
Millions of LoC
Thousands of Nodes
Hundreds of Contributors
Several Coding Styles
Disparate Agent Versions
3
4. Problem Space
• Actively Hostile Codebase
• What even are types?
if enc_query(‘something’, ‘false’) == ‘true’ { … }
if enc_query(‘something’, ‘false’) != ‘false’ { … }
if enc_query(‘something’, undef ) == undef { … } # impossible
ThreadCount <%= @workers.to_i %>
“I ran Puppet, and it painted me a Picasso [with errors]”
“Sharp and Pointy by Design”
Hard to reason about by accident
4
5. Factoring the Problem
Code Hygiene (Dupe Code, Linting)
Coding Best Practices
Customer Education & Assistance
Software Lifecycle Management
5
6. Plan of Attack: Code Hygiene
Identify Duplicate Code
Refactor Common Code to Modules
Scope Linter Violations
Increase Linter Compliance
Enable Linting in SCM Hooks
6
7. Plan of Attack: Coding Best Practices
Adopt Role/Profile
Make Amends with the AutoLoader
Eradicate Multi-Resource Stanzas
$ grep -ri ‘foo’ puppet/modules
puppet/modules/role/manifests/bar.pp:22 include ::foo
puppet/modules/role/manifests/baz.pp:36 include ::foo
puppet/modules/role/manifests/qux.pp:44 ’foo’:
7
8. Plan of Attack: Customer Education
Be the Code You Want to See in Your Repo
Mingle With the People
Teach Them to Fish
8
9. Plan of Attack: Upgrades
Unify Your Masters
Agents Will Follow
Future-proof the Process
9
10. On SCM Migrations
Evolution: Good
• Better Tooling
• Better Branching
Revolution: Bad
• “I’ve only ever used $otherSCM, so we should, too!”
• “If it’s good enough for the Linux kernel, it’s good
enough for me!”
• “Isn’t $currentSCM really really old?”
10
11. Are We There Yet?
The boss wants to know…
11
Image provided by Wikipedia
12. You Are NEVER There
Those who don’t learn from the past,
Are doomed to refactor it.
Over and over and over.
12
Image provided by @imwithstoopid13 — deviantart