Here are the slides from Thomas Uphill's presentation called Puppet Troubleshooting. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Nice and Secure: Good OpSec Hygiene With Puppet! – Peter Sou...Puppet
Here are the slides from Peter Souter's PuppetConf 2016 presentation called Nice and Secure: Good OpSec Hygiene With Puppet!. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Knee deep in the undef - Tales from refactoring old Puppet codebasesPeter Souter
As Puppet pushes into it’s second decade of reign, there are several organisations out there that have been using Puppet for a long time. Sometimes, even since the beginning!
With the EOL announcement Puppet 3.X release, we’ve had a number of customers approach us to help with their upgrade. Normally the upgrade itself is fairly, it’s the code base that gives the biggest challenge, especially those with over 3 years of organic growth.
So let’s spread the word of common anti-patterns and issues that can come back to bite you
We’ll be talking about how Hiera is both the best and worst thing to happen to Puppet, marvel at how people were happily running 0.2 Puppet in production and what hacky solutions that seemed good at the time will come back to bite you!
By the end of this, you’ll hopefully have learnt how to make sure that your Puppet code is defensively coded to to make sure your Puppet code base is healthy for the next decade!
This talk covers a basic methodology for finding and fixing problems in a live system. It covers general techniques for finding the source of issues quickly, workarounds, patching, digging into code, when and how to get help.
Walter Heck, founder of OlinData, presented a step-by-step guide on how to set up a proper puppet repository, complete with the brand new PuppetDB, exported resources and usage of open source modules.
This session will provide mod_perl users with various ways to
identify and solve performance problems with mod_perl 2.0
application code.
Covering a variety of tips and techniques including:
persistent DB connections, cached DBI statements, reducing memory usage by
deploying shared memory, module preloading techniques, avoiding
importing of variables and global variables in general, forking and
subprocess overhead, memory leakages detection and prevention,
tuning Apache configuration directives for best performance by
benchmarking the scripts, object method calls vs. functions, sending
compressed HTML, performance of print calls and buffer flushing.
PuppetConf 2016: Nice and Secure: Good OpSec Hygiene With Puppet! – Peter Sou...Puppet
Here are the slides from Peter Souter's PuppetConf 2016 presentation called Nice and Secure: Good OpSec Hygiene With Puppet!. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Knee deep in the undef - Tales from refactoring old Puppet codebasesPeter Souter
As Puppet pushes into it’s second decade of reign, there are several organisations out there that have been using Puppet for a long time. Sometimes, even since the beginning!
With the EOL announcement Puppet 3.X release, we’ve had a number of customers approach us to help with their upgrade. Normally the upgrade itself is fairly, it’s the code base that gives the biggest challenge, especially those with over 3 years of organic growth.
So let’s spread the word of common anti-patterns and issues that can come back to bite you
We’ll be talking about how Hiera is both the best and worst thing to happen to Puppet, marvel at how people were happily running 0.2 Puppet in production and what hacky solutions that seemed good at the time will come back to bite you!
By the end of this, you’ll hopefully have learnt how to make sure that your Puppet code is defensively coded to to make sure your Puppet code base is healthy for the next decade!
This talk covers a basic methodology for finding and fixing problems in a live system. It covers general techniques for finding the source of issues quickly, workarounds, patching, digging into code, when and how to get help.
Walter Heck, founder of OlinData, presented a step-by-step guide on how to set up a proper puppet repository, complete with the brand new PuppetDB, exported resources and usage of open source modules.
This session will provide mod_perl users with various ways to
identify and solve performance problems with mod_perl 2.0
application code.
Covering a variety of tips and techniques including:
persistent DB connections, cached DBI statements, reducing memory usage by
deploying shared memory, module preloading techniques, avoiding
importing of variables and global variables in general, forking and
subprocess overhead, memory leakages detection and prevention,
tuning Apache configuration directives for best performance by
benchmarking the scripts, object method calls vs. functions, sending
compressed HTML, performance of print calls and buffer flushing.
You hate certificates? Struggling with the Puppet PKI? You'd prefer to get rid of security just to avoid having such trouble? Or no problems as you enjoy the benefits of Puppet Enterprise, but still curious to find out what's going on behind the scenes?
This speech wants to invite you to dive into the beautiful world of X.509 PKI infrastructures. Certificates are like pets. They are cute and lovely as long as you care about them. And grumpy as soon as they get the feeling that you don't.
So let's find out what your pets need to feel comfortable. After a jumpstart introduction into the X.509 wilderness we are going to inspect different ways of handling your whole Puppet (and MCollective) certificate lifecycle.
Security matters!
Physical Web is an important component for the Smart Cities and for monetizing IoT projects. This talk explain what is it and how to implement it using Eddystone protocol.
Building an Ethereum Wallet using Hashicorp VaultJeff Ploughman
Presentation delivered to the DC-Baltimore Hashicorp User Group. DIscussed the mechanics and motivations for building an Ethereum Wallet on top of Hashicorp Vault.
Drupal Camp Brighton 2015: Ansible Drupal Medicine showGeorge Boobyer
In this session we are going to look at the latest craze amongst developers with some Sysadmin responsibilities - Ansible.
As with all trending technologies you can be led to believe that it is the new wonder drug (multi purpose in a jar - if you ain't ill it will fix your car). But in this case we will look at some of the key ways that automated provisioning, configuration and state management can actually cure some of the critical headaches you face securing and managing production infrastructure and Drupal sites - (as with all such wonder drugs seek the advice of your GP before radically changing your lifestyle). Also as a warning once you start delving deeper into the world of web security you'll need a pretty thick skin - denial was a comfortable place to be. We won’t be covering Ansible for use in local development with systems such as VLAD - that hopefully will be the subject of other presentations.
Critically we are going to look at Ansible in a Drupal context with a focus on security and hopefully encourage participation in the development of tighter integration with Drupal site deployment and management as well as security defence measures.
By the end of the session we hope to have been convinced that with the adoption of Ansible you will feel more secure, more efficient and more relaxed about managing your infrastructure and sites and also to show how the principles of collaboration common within the Drupal community can transpose with great effect to the Ansible community . Code examples will be provided to support the topics covered.
The Anatomy of an Exploit (NDC TechTown 2019)Patricia Aas
Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used.
The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks.
This isn’t your uncle’s “what’s a WAF” talk, I’ll be covering as many cool tricks and advance topics related to deploying Web Application Firewalls. I will show you how to write custom scripts using lua and mod_security, and give first hand experiences of how I used scripting with a WAF to put the security team at my previous job ahead of the game when dealing with web app attacks. I will be including the source code for these example scripts which can be used to provide automatic incident response, counter-intelligence and more.
Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used. The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks.
Docker is a very useful tool in every data scientists toolbox. In this talk I present motivations to use Docker and made some live demos of typical tools used in data science, such as RStudio, Jupyter Notebook, or Elasticsearch.
Slides on time management, where I talk about priorities, planning and goals:
- how to set up priorities
- how to plan
- how to define goals
You will find mentions of Randy Pausch presentations, Pareto laws, gamification, and many other nice things.
https://youtu.be/u1UCKzH1YK4
Node Tools For Your Grails Toolbox - Gr8Conf 2013zanthrash
Grails has many tools available but when it comes to front end asset management (compile, concatenate, minify, cache-busting) there are a lot of nice tools coming out of the node.js space,
PuppetConf 2016: High Availability for Puppet – Russ Mull & Zack Smith, PuppetPuppet
Here are the slides from Russ Mull and Zack Smith's presentation High Availability for Puppet. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Successful Puppet Implementation in Large Organizations – Ja...Puppet
Here are the slides from James Sweeny's PuppetConf 2016 presentation called Successful Puppet Implementation in Large Organizations. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
You hate certificates? Struggling with the Puppet PKI? You'd prefer to get rid of security just to avoid having such trouble? Or no problems as you enjoy the benefits of Puppet Enterprise, but still curious to find out what's going on behind the scenes?
This speech wants to invite you to dive into the beautiful world of X.509 PKI infrastructures. Certificates are like pets. They are cute and lovely as long as you care about them. And grumpy as soon as they get the feeling that you don't.
So let's find out what your pets need to feel comfortable. After a jumpstart introduction into the X.509 wilderness we are going to inspect different ways of handling your whole Puppet (and MCollective) certificate lifecycle.
Security matters!
Physical Web is an important component for the Smart Cities and for monetizing IoT projects. This talk explain what is it and how to implement it using Eddystone protocol.
Building an Ethereum Wallet using Hashicorp VaultJeff Ploughman
Presentation delivered to the DC-Baltimore Hashicorp User Group. DIscussed the mechanics and motivations for building an Ethereum Wallet on top of Hashicorp Vault.
Drupal Camp Brighton 2015: Ansible Drupal Medicine showGeorge Boobyer
In this session we are going to look at the latest craze amongst developers with some Sysadmin responsibilities - Ansible.
As with all trending technologies you can be led to believe that it is the new wonder drug (multi purpose in a jar - if you ain't ill it will fix your car). But in this case we will look at some of the key ways that automated provisioning, configuration and state management can actually cure some of the critical headaches you face securing and managing production infrastructure and Drupal sites - (as with all such wonder drugs seek the advice of your GP before radically changing your lifestyle). Also as a warning once you start delving deeper into the world of web security you'll need a pretty thick skin - denial was a comfortable place to be. We won’t be covering Ansible for use in local development with systems such as VLAD - that hopefully will be the subject of other presentations.
Critically we are going to look at Ansible in a Drupal context with a focus on security and hopefully encourage participation in the development of tighter integration with Drupal site deployment and management as well as security defence measures.
By the end of the session we hope to have been convinced that with the adoption of Ansible you will feel more secure, more efficient and more relaxed about managing your infrastructure and sites and also to show how the principles of collaboration common within the Drupal community can transpose with great effect to the Ansible community . Code examples will be provided to support the topics covered.
The Anatomy of an Exploit (NDC TechTown 2019)Patricia Aas
Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used.
The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks.
This isn’t your uncle’s “what’s a WAF” talk, I’ll be covering as many cool tricks and advance topics related to deploying Web Application Firewalls. I will show you how to write custom scripts using lua and mod_security, and give first hand experiences of how I used scripting with a WAF to put the security team at my previous job ahead of the game when dealing with web app attacks. I will be including the source code for these example scripts which can be used to provide automatic incident response, counter-intelligence and more.
Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used. The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks.
Docker is a very useful tool in every data scientists toolbox. In this talk I present motivations to use Docker and made some live demos of typical tools used in data science, such as RStudio, Jupyter Notebook, or Elasticsearch.
Slides on time management, where I talk about priorities, planning and goals:
- how to set up priorities
- how to plan
- how to define goals
You will find mentions of Randy Pausch presentations, Pareto laws, gamification, and many other nice things.
https://youtu.be/u1UCKzH1YK4
Node Tools For Your Grails Toolbox - Gr8Conf 2013zanthrash
Grails has many tools available but when it comes to front end asset management (compile, concatenate, minify, cache-busting) there are a lot of nice tools coming out of the node.js space,
PuppetConf 2016: High Availability for Puppet – Russ Mull & Zack Smith, PuppetPuppet
Here are the slides from Russ Mull and Zack Smith's presentation High Availability for Puppet. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Successful Puppet Implementation in Large Organizations – Ja...Puppet
Here are the slides from James Sweeny's PuppetConf 2016 presentation called Successful Puppet Implementation in Large Organizations. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Feedback about 5 years of Foreman Experience to manage different kinds of infrastructure. A story about Open Source. Given for the 7th Birthday of The Foreman.
From Puppet templates to troubleshooting, writing custom types and getting up and running quickly— you'll learn about it at PuppetConf 2016 in San Diego. Learn more and register at https://puppet.com/puppetconf/.
PuppetConf 2016: Puppet on Windows – Nicolas Corrarello, PuppetPuppet
Here are the slides from Nicolas Corrarello's PuppetConf 2016 presentation called Puppet on Windows. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: A Tale of Two Hierarchies: Group Policy & Puppet – Matt Ston...Puppet
Here are the slides from Matt Stone's PuppetConf 2016 presentation called A Tale of Two Hierarchies: Group Policy & Puppet . Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: The Future of Testing Puppet Code – Gareth Rushgrove, PuppetPuppet
Here are the slides from Gareth Rushgrove's presentation called The Future of Testing Puppet Code. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Site Launch Automation: From Days to Minutes – Kristen Crawf...Puppet
Here are the slides from Kristen Crawford's PuppetConf 2016 presentation called Site Launch Automation: From Days to Minutes. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Enjoying the Journey from Puppet 3.x to 4.x – Rob Nelson, AT&T Puppet
Here are the slides from Rob Nelson's PuppetConf 2016 presentation called Enjoying the Journey from Puppet 3.x to 4.x. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
PuppetConf 2016: Case Study: Puppets in the Government – Kathy Lee (co-author...Puppet
Here are the slides from Kathy Lee's PuppetConf 2016 presentation called Case Study: Puppets in the Government. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
This session will be an overview of highly available components that can be deployed with Puppet Enterprise. It will focus on some of the current Beta support in PuppetDB as well as tips and tricks from the professional services department. The session will cover field solutions ( both supported and unsupported ) that allow architectures to be designed that align with different levels of high availability across the services that support running puppet on agent nodes during an outage of your primary puppet infrastructure.
PuppetConf 2016: How Not to Freak Out When You Start Writing Puppet Modules f...Puppet
Here are the slides from Glenn Sarti's PuppetConf 2016 presentation called How Not to Freak Out When You Start Writing Puppet Modules for Windows. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
使用 Raspberry pi + fluentd + gcp cloud logging, big query 做iot 資料搜集與分析Simon Su
This is a short training for introduce Pi to use fluentd to collect data and use Google Cloud Logging and BigQuery as backend and then use Apps Script and Google Sheet as presentation layer.
Walter Heck, founder of OlinData, presented a step-by-step guide on how to set up a proper puppet repository, complete with the brand new PuppetDB, exported resources and usage of open source modules.
PuppetDB gives users fast, robust, centralized storage for Puppet-produced data. It caches data generated by Puppet, and gives you advanced features at awesome speed with a powerful API.
Learn new things with fun.
Securing the Web without site-specific passwordsFrancois Marier
Has anyone else noticed that the OWASP Top 10 is not changing very much? Especially in the realm of authentication-related problems. I don't claim to have the one true solution for this, but one thing is certain: if we change how things are done on the web and relieve developers from having to store passwords, we can make things better.
We need to let web developers outsource their authentication needs to people who can do it well. Does that mean we should force all of our users to join Facebook? Well not really. That might work for some sites, but outsourcing all of our logins to a single for-profit company isn't a solution that works for the whole web.
The open web needs a better solution. One that enable users to choose their identity provider and shop for the most secure one if that's what they're into. This is the promise behind Persona and the BrowserID protocol. Choose your email provider carefully and let's get rid of all of these site-specific passwords that are just sitting there waiting to be leaked and cracked.
A guide through where to look for errors when they happen in the various parts of Puppet Enterprise ( the console, Live Management, puppet master, Activemq, MCollective, agent), what some of those errors mean, and what warnings and errors are red herrings/normally occurring.
Celia Cottle
Support Engineer, Puppet Labs
Celia Cottle is a Support Engineer at Puppet Labs, where she troubleshoots and resolves issues for Puppet Enterprise customers. She comes from Portland State University, where she worked for the College of Engineering and Computer Science doing technical support, while getting her degree in Communication. She’s been working in IT for over five years and enjoys problem solving, working with a wide range of OSes and software, and the variety of challenges that supporting Puppet Enterprise brings. She currently resides in Portland, Oregon.
Automating it management with Puppet + ServiceNowPuppet
As the leading IT Service Management and IT Operations Management platform in the marketplace, ServiceNow is used by many organizations to address everything from self service IT requests to Change, Incident and Problem Management. The strength of the platform is in the workflows and processes that are built around the shared data model, represented in the CMDB. This provides the ‘single source of truth’ for the organization.
Puppet Enterprise is a leading automation platform focused on the IT Configuration Management and Compliance space. Puppet Enterprise has a unique perspective on the state of systems being managed, constantly being updated and kept accurate as part of the regular Puppet operation. Puppet Enterprise is the automation engine ensuring that the environment stays consistent and in compliance.
In this webinar, we will explore how to maximize the value of both solutions, with Puppet Enterprise automating the actions required to drive a change, and ServiceNow governing the process around that change, from definition to approval. We will introduce and demonstrate several published integration points between the two solutions, in the areas of Self-Service Infrastructure, Enriched Change Management and Automated Incident Registration.
Simplified Patch Management with Puppet - Oct. 2020Puppet
Does your company struggle with patching systems? If so, you’re not alone — most organizations have attempted to solve this issue by cobbling together multiple tools, processes, and different teams, which can make an already complicated issue worse.
Puppet helps keep hosts healthy, secure and compliant by replacing time-consuming and error prone patching processes with Puppet’s automated patching solution.
Join this webinar to learn how to do the following with Puppet:
Eliminate manual patching processes with pre-built patching automation for Windows and Linux systems.
Gain visibility into patching status across your estate regardless of OS with new patching solution from the PE console.
Ensure your systems are compliant and patched in a healthy state
How Puppet Enterprise makes patch management easy across your Windows and Linux operating systems.
Presented by: Margaret Lee, Product Manager, Puppet, and Ajay Sridhar, Sr. Sales Engineer, Puppet.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
4. When you have eliminated all which is impossible,
then whatever remains, however improbable, must
be the truth
Sir Arthur Conan Doyle
4
5. https://goo.gl/8LyZzN
Troubleshooting 101
● document current state
● discover recent changes
○ audit everything, even things you don't touch
○ never assume it's magic
● change one thing at a time
○ if it doesn't fix the problem, revert it
5
1 une uno um unis odin jeden jedward
yksi 一 एक אחד واﺣد
37. https://goo.gl/8LyZzN
Modulus
n = pq
OpenSSL
# openssl rsa -noout -modulus -in ca_key.pem |sha256sum
69578e29c08c130d37c7c0141134f1cc4778445c7b7d1d96d253b86d6bf4ca38
# openssl x509 -noout -modulus -in ca_crt.pem |sha256sum
69578e29c08c130d37c7c0141134f1cc4778445c7b7d1d96d253b86d6bf4ca38
BIG *RSE PRIME
37
38. https://goo.gl/8LyZzN
Modulus
n = pq
OpenSSL
# openssl rsa -noout -modulus -in ca_key.pem |sha256sum
69578e29c08c130d37c7c0141134f1cc4778445c7b7d1d96d253b86d6bf4ca38
# openssl x509 -noout -modulus -in ca_crt.pem |sha256sum
69578e29c08c130d37c7c0141134f1cc4778445c7b7d1d96d253b86d6bf4ca38
BIG *RSE PRIME
$ puppet agent -t
Error: Could not request certificate: The certificate retrieved from the master
does not match the agent's private key.
Certificate fingerprint:
D4:D3:76:F1:6B:51:83:3C:4B:72:69:BF:BC:B0:80:94:79:75:1A:3B:D8:29:F5:EF:81:2C:44:3
5:21:93:CE:FD
To fix this, remove the certificate from both the master and the agent and then
start a puppet run, which will automatically regenerate a certificate.
On the master:
puppet cert clean cottage
On the agent:
1a. On most platforms: find /home/thomas/.puppetlabs/etc/puppet/ssl -name
cottage.pem -delete
1b. On Windows: del "homethomas.puppetlabsetcpuppetsslcertscottage.pem"
/f
2. puppet agent -t
38
The certificate retrieved from the master does not match the agent's
private key.
39. https://goo.gl/8LyZzN
OpenSSL recap
● x509
view certificate
check expiration
check serial number
● crl
revoked cert serial#
● verify
verify cert with CA and/or CRL
● modulus
how the cert was encrypted
39
47. catalog
fails to compile
duplicate resource
modulepath/bad module
name
fails to apply
unpredictable exec
bad/broken service
bad/missing variable
47
55. https://goo.gl/8LyZzN
Bad/Missing Variable
$one = "1"
file {"pcone":
path => "/tmp/pc$one",
ensure => 'directory',
}
file {"pc1":
path => "/tmp/pc1",
ensure => 'file',
}
Info: Caching catalog for puppet.example.com
Error: Evaluation Error: Error while evaluating a Resource
Statement, Cannot alias File[pc1] to ["/tmp/pc1"] at
/root/pc.pp:6; resource ["File", "/tmp/pc1"] already
declared at /root/pc.pp:2 at /root/pc.pp:6:3 on node
puppet.example.com
55
56. https://goo.gl/8LyZzN
Bad/Missing Variable
$PC = 'puppetconf'
pc {'one':
place => "/tmp/$PC",
type => "directory",
}
pc {'two':
place => "/tmp/$PC",
type => "file",
}
define pc (
String $place,
String $type,
) {
file {"$title":
path => $place,
ensure => $type,
}
}
Info: Caching catalog for puppet.example.com
Error: Evaluation Error: Error while evaluating a Resource
Statement, Evaluation Error: Error while evaluating a
Resource Statement, Cannot alias File[two] to
["/tmp/puppetconf"] at /root/define.pp:5; resource ["File",
"/tmp/puppetconf"] already declared at /root/define.pp:5 at
/root/define.pp:5:2 at /root/define.pp:15 on node
puppet.example.com
56
60. https://goo.gl/8LyZzN
Debug Script… just an example
#!/bin/bash
LOG=$(mktemp /tmp/puppet-debug.XXXXXX)
echo Puppet Debug -- $@ -- $(date) | tee $LOG
echo "-- Disk --" | tee -a $LOG
df -h |tee -a $LOG
df -i |tee -a $LOG
echo "-- Mem --" | tee -a $LOG
free | tee -a $LOG
echo "-- Files --" | tee -a $LOG
PUPPET=$(pgrep puppet)
for proc in $PUPPET
do
lsof -p $proc |tee -a $LOG
done
Puppet Debug -- before resolv.conf -- Fri Oct 24 01:13:34 EDT 2014
-- Disk --
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root
6.7G 2.5G 3.9G 39% /
tmpfs 246M 0 246M 0% /dev/shm
/dev/vda1 485M 80M 380M 18% /boot
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/mapper/VolGroup-lv_root
440640 79253 361387 18% /
tmpfs 62783 1 62782 1% /dev/shm
/dev/vda1 128016 50 127966 1% /boot
-- Mem --
total used free shared buffers cached
Mem: 502268 415488 86780 0 22176 172036
-/+ buffers/cache: 221276 280992
Swap: 835580 0 835580
-- Files --
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
puppet 2058 root cwd DIR 253,0 4096 14 /root
puppet 2058 root rtd DIR 253,0 4096 2 /
puppet 2058 root txt REG 253,0 10600 36617 /usr/bin/ruby
puppet 2058 root mem REG 253,0 156928 4134 /lib64/ld-2.12.so
puppet 2058 root mem REG 253,0 1926680 6282 /lib64/libc-2.12.so
60
61. https://goo.gl/8LyZzN
Printing - Template
- scope.to_hash
- reject a few
- sort
- print, one per line
file { "/tmp/puppet-debug.txt":
content => inline_template("<% vars =
scope.to_hash.reject { |k,v| !( k.is_a?(String) &&
v.is_a?(String) ) }; vars.sort.each do |k,v| %><%= k %>=<%=
v %>n<% end %>"),
}
vars = scope.to_hash.reject
{ |k,v| !( k.is_a?(String) &&
v.is_a?(String) ) };
vars.sort.each do |k,v|
k=vn
end
61
69. https://goo.gl/8LyZzN
pry demo
#
69
#
…
From:
/etc/puppetlabs/code/environments/production/modules/pry
/lib/puppet/parser/functions/pry.rb @ line 4
#<Module:0xfb588d1>#real_function_pry:
2: newfunction(:pry) do |args|
3: require 'pry'
=> 4: binding.pry
5: end
[1] pry(#<Puppet::Parser::Scope>)>
puppet agent -tpuppetserver foreground
…
Puppet Server has successfully started and is now ready
to handle requests
exit
…
Puppet Compiled Catalog for xxx.example.com in y.z
seconds
Info: Caching catalog for xxx.example.com
Info: Applying configuration version 'XXX'
70. https://goo.gl/8LyZzN
where to go for help
● IRC #puppet / #puppet-dev
● slack puppetcommunity.slack.com
#pug
#puppet
● google group / mail list
https://groups.google.com/forum/#!forum/puppet-users
● PUG
https://www.meetup.com/Seattle-Puppet-Meetup/
70
71. https://goo.gl/8LyZzN
Summary
Puppet is an HTTPS service
End-to-end (gethostbyname, nc mtr)
OpenSSL is your friend (x509,crl, verify, s_client
make a debug class
remember scope
basic UNIX permissions
71