In this talk I will try explain the memory internals of Python and discover how it handles memory management and object creation.
The idea is explain how objects are created and deleted in Python and how garbage collector(gc) functions to automatically release memory when the object taking the space is no longer in use.
I will review the main mechanims for memory allocation and how the garbage collector works in conjunction with the memory manager for reference counting of the python objects.
Finally, I will comment the best practices for memory managment such as writing efficient code in python scripts.
In this talk I will try explain the memory internals of Python and discover how it handles memory management and object creation.The idea is explain how objects are created and deleted in Python and how garbage collector(gc) functions to automatically release memory when the object taking the space is no longer in use.
Also I will review the main mechanisms for memory allocation and how the garbage collector works in conjunction with the memory manager for reference counting of the python objects.
Finally, I will comment the best practices for memory managment such as writing efficient code.
These could be the main talking points:
-Introduccition to memory management
-Garbage collector and reference counting with python
-Review the gc module for configuring the python garbage collector
-Best practices for memory managment
Robust C++ Task Systems Through Compile-time ChecksStoyan Nikolov
Task-based (aka job systems) engine architectures are becoming the de-facto standard for AAA game engines and software solutions. The talk explains how the task system in the Hummingbird game UI engine was designed to both be convenient and to avoid common programmer pitfalls. Advanced C++ techniques are employed to warn and shield the developer from errors at compile time.
Odessapy2013 - Graph databases and PythonMax Klymyshyn
Page 10 "Я из Одессы я просто бухаю." translation: I'm from Odessa I just drink. Meaning his drinking a lot of "Vodka" ^_^ (@tuc @hackernews)
This is local meme - when someone asking question and you will look stupid in case you don't have answer.
Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...Data Con LA
"At OpenX we not only use the tools in big data ecosystems to solve our business problems, but also explore the cutting edge algorithms for practical uses. HyperLogLog is one of the algorithm that we use intensively in our internal system. It has really low computation cost and can easily plug into map-reduce framework (hadoop or spark). Some of the applications that worth to highlight are:
* high cardinality test
* distinct count of unique users over time
* Visualize hyperloglog for fraud detection"
Probabilistic data structures. Part 2. CardinalityAndrii Gakhov
The book "Probabilistic Data Structures and Algorithms in Big Data Applications" is now available at Amazon and from local bookstores. More details at https://pdsa.gakhov.com
In the presentation, I described common data structures and algorithms to estimate the number of distinct elements in a set (cardinality), such as Linear Counting, HyperLogLog, and HyperLogLog++. Each approach comes with some math that is behind it and simple examples to clarify the theory statements.
In this talk I will try explain the memory internals of Python and discover how it handles memory management and object creation.The idea is explain how objects are created and deleted in Python and how garbage collector(gc) functions to automatically release memory when the object taking the space is no longer in use.
Also I will review the main mechanisms for memory allocation and how the garbage collector works in conjunction with the memory manager for reference counting of the python objects.
Finally, I will comment the best practices for memory managment such as writing efficient code.
These could be the main talking points:
-Introduccition to memory management
-Garbage collector and reference counting with python
-Review the gc module for configuring the python garbage collector
-Best practices for memory managment
Robust C++ Task Systems Through Compile-time ChecksStoyan Nikolov
Task-based (aka job systems) engine architectures are becoming the de-facto standard for AAA game engines and software solutions. The talk explains how the task system in the Hummingbird game UI engine was designed to both be convenient and to avoid common programmer pitfalls. Advanced C++ techniques are employed to warn and shield the developer from errors at compile time.
Odessapy2013 - Graph databases and PythonMax Klymyshyn
Page 10 "Я из Одессы я просто бухаю." translation: I'm from Odessa I just drink. Meaning his drinking a lot of "Vodka" ^_^ (@tuc @hackernews)
This is local meme - when someone asking question and you will look stupid in case you don't have answer.
Big Data Day LA 2015 - Large Scale Distinct Count -- The HyperLogLog algorith...Data Con LA
"At OpenX we not only use the tools in big data ecosystems to solve our business problems, but also explore the cutting edge algorithms for practical uses. HyperLogLog is one of the algorithm that we use intensively in our internal system. It has really low computation cost and can easily plug into map-reduce framework (hadoop or spark). Some of the applications that worth to highlight are:
* high cardinality test
* distinct count of unique users over time
* Visualize hyperloglog for fraud detection"
Probabilistic data structures. Part 2. CardinalityAndrii Gakhov
The book "Probabilistic Data Structures and Algorithms in Big Data Applications" is now available at Amazon and from local bookstores. More details at https://pdsa.gakhov.com
In the presentation, I described common data structures and algorithms to estimate the number of distinct elements in a set (cardinality), such as Linear Counting, HyperLogLog, and HyperLogLog++. Each approach comes with some math that is behind it and simple examples to clarify the theory statements.
Hadoop meetup : HUGFR Construire le cluster le plus rapide pour l'analyse des...Modern Data Stack France
Construire le cluster le plus rapide pour l'analyse des datas : benchmarks sur un régresseur par Christopher Bourez (Axa Global Direct)
Les toutes dernières technologies de calcul parallèle permettent de calculer des modèles de prédiction sur des big datas en des temps records. Avec le cloud est facilité l'accès à des configurations hardware modernes avec la possibilité d'une scalabilité éphémère durant les calculs. Des benchmarks sont réalisés sur plusieurs configuration hardware, allant de 1 instance à un cluster de 100 instances.
Christopher Bourez, développeur & manager expert en systèmes d'information modernes chez Axa Global Direct. Alien thinker. Blog : http://christopher5106.github.io/
Get started with Lua - Hackference 2016Etiene Dalcol
Lua is a very fast, elegant and powerful dynamic language. It’s an excellent tool for robust applications or slim embedded systems. It found a niche in game development with big names such as “Grim Fandango”, “World of Warcraft” and “Angry Birds”. This talk will present what makes Lua different from other interpreted languages, the evolution of the Lua ecosystem, some key concepts of the language, and show you why Lua is the next language to add to your skill set.
Monitoring Your ISP Using InfluxDB Cloud and Raspberry PiInfluxData
When a large group of people change their habits, it can be tricky for infrastructures! Working from home and spending time indoor today means attending video calls and streaming movies and tv shows. This leads to increased internet traffic that can create congestion on the network infrastructure. So how do you get real-time visibility into your ISP connection? In this meetup, Mirko presents his setup based on a time series database and Raspberry Pi to better understand his ISP connection quality and speed — including upload and download speeds. Join us to discover how he does it using Telegraf, InfluxDB Cloud, Astro Pi, Telegram and Grafana! Finally, proof that your ISP connection is (or is not) as fast as it promises.
Slides for the Cluj.py meetup where we explored the inner workings of CPython, the reference implementation of Python. Includes examples of writing a C extension to Python, and introduces Cython - ultimately the sanest way of writing C extensions.
Also check out the code samples on GitHub: https://github.com/trustyou/meetups/tree/master/python-c
Hadoop meetup : HUGFR Construire le cluster le plus rapide pour l'analyse des...Modern Data Stack France
Construire le cluster le plus rapide pour l'analyse des datas : benchmarks sur un régresseur par Christopher Bourez (Axa Global Direct)
Les toutes dernières technologies de calcul parallèle permettent de calculer des modèles de prédiction sur des big datas en des temps records. Avec le cloud est facilité l'accès à des configurations hardware modernes avec la possibilité d'une scalabilité éphémère durant les calculs. Des benchmarks sont réalisés sur plusieurs configuration hardware, allant de 1 instance à un cluster de 100 instances.
Christopher Bourez, développeur & manager expert en systèmes d'information modernes chez Axa Global Direct. Alien thinker. Blog : http://christopher5106.github.io/
Get started with Lua - Hackference 2016Etiene Dalcol
Lua is a very fast, elegant and powerful dynamic language. It’s an excellent tool for robust applications or slim embedded systems. It found a niche in game development with big names such as “Grim Fandango”, “World of Warcraft” and “Angry Birds”. This talk will present what makes Lua different from other interpreted languages, the evolution of the Lua ecosystem, some key concepts of the language, and show you why Lua is the next language to add to your skill set.
Monitoring Your ISP Using InfluxDB Cloud and Raspberry PiInfluxData
When a large group of people change their habits, it can be tricky for infrastructures! Working from home and spending time indoor today means attending video calls and streaming movies and tv shows. This leads to increased internet traffic that can create congestion on the network infrastructure. So how do you get real-time visibility into your ISP connection? In this meetup, Mirko presents his setup based on a time series database and Raspberry Pi to better understand his ISP connection quality and speed — including upload and download speeds. Join us to discover how he does it using Telegraf, InfluxDB Cloud, Astro Pi, Telegram and Grafana! Finally, proof that your ISP connection is (or is not) as fast as it promises.
Slides for the Cluj.py meetup where we explored the inner workings of CPython, the reference implementation of Python. Includes examples of writing a C extension to Python, and introduces Cython - ultimately the sanest way of writing C extensions.
Also check out the code samples on GitHub: https://github.com/trustyou/meetups/tree/master/python-c
Pythran: Static compiler for high performance by Mehdi Amini PyData SV 2014PyData
Pythran is a an ahead of time compiler that turns modules written in a large subset of Python into C++ meta-programs that can be compiled into efficient native modules. It targets mainly compute intensive part of the code, hence it comes as no surprise that it focuses on scientific applications that makes extensive use of Numpy. Under the hood, Pythran inter-procedurally analyses the program and performs high level optimizations and parallel code generation. Parallelism can be found implicitly in Python intrinsics or Numpy operations, or explicitly specified by the programmer using OpenMP directives directly in the Python source code. Either way, the input code remains fully compatible with the Python interpreter. While the idea is similar to Parakeet or Numba, the approach differs significantly: the code generation is not performed at runtime but offline. Pythran generates C++11 heavily templated code that makes use of the NT2 meta-programming library and relies on any standard-compliant compiler to generate the binary code. We propose to walk through some examples and benchmarks, exposing the current state of what Pythran provides as well as the limit of the approach.
Despite being a slow interpreter, Python is a key component in high-performance computing (HPC). Python is easy to use. C++ is fast. Together they are a beautiful blend. A new tool, pybind11, makes this approach even more attractive to HPC code. It focuses on the niceties C++11 brings in. Beyond the syntactic sugar around the Python C API, it is interesting to see how pybind11 handles the vast difference between the two languages, and what matters to HPC.
Too Much Data? - Just Sample, Just Hash, ...Andrii Gakhov
Code & Supply | Pittsburgh Meetup | May 31, 2019
Probabilistic Data Structures and Algorithms (PDSA) is a common name of data structures based on different hashing techniques. They have been incorporated into Spark SQL. They are also used by Amazon Redshift and Google BigQuery, Redis and Elasticsearch, and many others. Consequently, PDSA is not just some interesting academic topic.
Book "Probabilistic Data Structures and Algorithms for Big Data Applications" (ISBN: 978-3748190486 ) https://pdsa.gakhov.com
Java/Scala Lab: Анатолий Кметюк - Scala SubScript: Алгебра для реактивного пр...GeeksLab Odessa
SubScript - это расширение языка Scala, добавляющее поддержку конструкций и синтаксиса аглебры общающихся процессов (Algebra of Communicating Processes, ACP). SubScript является перспективным расширением, применимым как для разработки высоконагруженных параллельных систем, так и для простых персональных приложений.
A talk given at PHP Cambridge all about Python
The slides cover Python from any other programmer's prospective - but the talk as given involved comparisons to PHP.
Linux kernel tracing superpowers in the cloudAndrea Righi
The Linux 4.x series introduced a new powerful engine of programmable tracing (BPF) that allows to actually look inside the kernel at runtime. This talk will show you how to exploit this engine in order to debug problems or identify performance bottlenecks in a complex environment like a cloud. This talk will cover the latest Linux superpowers that allow to see what is happening “under the hood” of the Linux kernel at runtime. I will explain how to exploit these “superpowers” to measure and trace complex events at runtime in a cloud environment. For example, we will see how we can measure latency distribution of filesystem I/O, details of storage device operations, like individual block I/O request timeouts, or TCP buffer allocations, investigating stack traces of certain events, identify memory leaks, performance bottlenecks and a whole lot more.
A major problem in computer science is performing element counting, distinct element counts, and presence checks on enormous streams of data, in real-time, at scale, without breaking the bank or over-complicating our apps. In this talk, we’ll learn how to address these issues using probabilistic data structures. We’ll learn what a probabilistic data structure is, we’ll learn about the guts of the Count-Min Sketch, Bloom Filter, and HyperLogLog data structures. And finally, we’ll talk about using them in our apps at scale.
Despite being a slow interpreter, Python is a key component in high-performance computing (HPC). Python is easy to use. C++ is fast. Together they are a beautiful blend. A new tool, pybind11, makes this approach even more attractive to HPC code. It focuses on the niceties C++11 brings in. Beyond the syntactic sugar around the Python C API, it is interesting to see how pybind11 handles the vast difference between the two languages, and what matters to HPC.
Similar to Python Memory Management 101(Europython) (20)
Herramientas de benchmarks para evaluar el rendimiento en máquinas y aplicaci...Jose Manuel Ortega Candel
Los benchmarks son programas que permiten evaluar el rendimiento de un sistema, componente o proceso en comparación con otros sistemas similares. Son herramientas esenciales para medir y comparar el rendimiento de hardware, software y sistemas en diferentes áreas. El objetivo es dar a conocer las principales herramientas de benchmark que disponemos hoy en día para medir el rendimiento.
Entre los puntos a tratar podemos destacar:
-Introducción a Benchmarks: Definición y propósito de los benchmarks en la medición del rendimiento
-Tipos de Benchmarks: Benchmarks sintéticos vs. Benchmarks del mundo real.Benchmarks específicos para CPU, memoria, almacenamiento, y gráficos
-Selección de Benchmarks: Consideraciones al elegir benchmarks según el tipo de aplicación y los objetivos de evaluación
En el mundo actual, las APIs juegan un papel importante en la creación de aplicaciones y servicios robustos y flexibles. Sin embargo, con la expansión de las APIs, también surge la necesidad de abordar los desafíos de seguridad asociados.
En esta charla, exploraremos en detalle el OWASP Top 10 de Seguridad en APIs, una lista de las principales vulnerabilidades que los desarrolladores y equipos de seguridad deben tener en cuenta al diseñar, desarrollar y asegurar sus APIs. Por último, comentaremos las mejores prácticas para mitigar los riesgos y garantizar la seguridad de tus APIs. Entre los puntos a tratar podemos destacar:
1.Introducir el concepto de seguridad en las APIs
2.OWASP Top 10 y su importancia para la seguridad en APIs
3.Actualización del OWASP Top 10 security en 2023
4.Herramientas para evaluar y mejorar la seguridad de tus APIs.
5.Estrategias y mejores prácticas para garantizar la seguridad de tus APIs.
La seguridad en aplicaciones web es un aspecto fundamental para garantizar la protección de los datos y la confidencialidad de los usuarios. Si nuestro objetivo es aprender como Django gestiona la seguridad, PyGoat es una aplicación desarrollada con Django vulnerable de forma intencionada que puede ser utilizada para aprender a asegurar nuestras aplicaciones Django.
En esta charla, analizamos como Django gestiona la seguridad utilizando la aplicación vulnerable Pygoat, identificando los problemas de seguridad subyacentes. Aprenderemos sobre vulnerabilidades de seguridad comunes como las que aparecen en el OWASP Top 10 en aplicaciones Django y cómo solucionarlas para que podamos mantener nuestras aplicaciones a salvo de atacantes.
Entre los puntos a tratar podemos destacar:
Introducción a la seguridad en aplicaciones Django
Pygoat como ejemplo de aplicación vulnerable
Vulnerabilidades OWASP top 10 y mitigación
Ciberseguridad en Blockchain y Smart Contracts: Explorando los Desafíos y Sol...Jose Manuel Ortega Candel
En la actualidad, la tecnología blockchain y los smart contracts están revolucionando la forma en que interactuamos con la información y realizamos transacciones. Sin embargo, esta innovación no está exenta de desafíos en cuanto a la ciberseguridad se refiere. En esta charla, exploraremos los desafíos desde el punto de vista de la ciberseguridad en blockchain y smart contracts, así como las soluciones y enfoques para mitigar los riesgos asociados. A medida que continuamos adoptando estas tecnologías disruptivas, es fundamental comprender y abordar adecuadamente los aspectos de seguridad para minimizar los posibles riesgos. Entre los puntos a tratar podemos destacar:
1. Fundamentos de Blockchain y Smart Contracts 2. Desafíos de Seguridad en Blockchain 3. Seguridad en Smart Contracts 4. Auditorías y Pruebas de Seguridad en smart contracts
In the latest versions of K8s there has been an evolution regarding the definition of security strategies at the level of access policies to the cluster by users and developers. The security contexts (securityContext) allow you to define the configurations at the level of access control and privileges for a pod or container in a simple way using keywords in the configuration files.
To facilitate the implementation of these security strategies throughout the cluster, new strategies have emerged such as the Pod Security Policy (PSP) where the cluster administrator is in charge of defining these policies at the cluster level with the aim that developers can follow these policies.
Other interesting projects include Open Policy Agent (OPA) as the main cloud-native authorization policy agent for creating policies and managing user permissions for access to applications.
The objective of this talk is to present the evolution that has occurred in security strategies and how we could use them together, as well as analyze their behavior in accessing resources. Among the points to be discussed we can highlight:
-Introduction to security strategies in K8s environments
-Pod Security Admission(PSA) vs Open Policy Agent (OPA)
-Combination of different security strategies together
-Access to resources in privileged and non-privileged mode
In the latest versions of K8s there has been an evolution regarding the definition of security strategies at the level of access policies to the cluster by users and developers. The security contexts (securityContext) allow you to define the configurations at the level of access control and privileges for a pod or container in a simple way using keywords in the configuration files.
To facilitate the implementation of these security strategies throughout the cluster, new strategies have emerged such as the Pod Security Policy (PSP) where the cluster administrator is in charge of defining these policies at the cluster level with the aim that developers can follow these policies.
Other interesting projects include Open Policy Agent (OPA) as the main cloud-native authorization policy agent for creating policies and managing user permissions for access to applications.
The objective of this talk is to present the evolution that has occurred in security strategies and how we could use them together, as well as analyze their behavior in accessing resources. Among the points to be discussed we can highlight:
*Introduction to security strategies in K8s environments
*Pod Security Admission(PSA) vs Open Policy Agent (OPA)
*Combination of different security strategies together
*Access to resources in privileged and non-privileged mode
No production system is complete without a way to monitor it. In software, we define observability as the ability to understand how our system is performing. This talk dives into capabilities and tools that are recommended for implementing observability when running K8s in production as the main platform today for deploying and maintaining containers with cloud-native solutions.
We start by introducing the concept of observability in the context of distributed systems such as K8s and the difference with monitoring. We continue by reviewing the observability stack in K8s and the main functionalities. Finally, we will review the tools K8s provides for monitoring and logging, and get metrics from applications and infrastructure.
Between the points to be discussed we can highlight:
-Introducing the concept of observability
-Observability stack in K8s
-Tools and apps for implementing Kubernetes observability
-Integrating Prometheus with OpenMetrics
La computación distribuída es un nuevo modelo de computación que surgió con el objetivo de resolver problemas de computación masiva donde diferentes máquinas trabajan en paralelo formando un clúster de computación.
En los últimos años han surgido diferentes frameworks como Apache Hadoop, Apache Spark y Apache Flink que permiten resolver este tipo de problemas donde tenemos datos masivos desde diferentes fuentes de datos.
Dentro del ecosistema de Python podemos destacar las librerías de Pyspark y Dask de código abierto que permiten la ejecución de tareas de forma paralela y distribuida en Python.
Entre los puntos a tratar podemos destacar:
Introducción a la computación distribuida
Comparando tecnologías de computación distribuida
Frameworks y módulos en Python para computación distribuida
Casos de uso en proyectos Big Data
En los últimos años, las arquitecturas cloud han evolucionado a un modelo serverless que trae como principales ventajas la posibilidad de ejecutar código sin aprovisionar ni administrar servidores. Este tipo de arquitecturas permite ejecutar el código en una infraestructura con alta disponibilidad y escalado automático, así como capacidades de monitorización de forma automática. Sin embargo, estos tipos de arquitecturas introducen un conjunto completamente nuevo de implicaciones de seguridad que deben tenerse en cuenta al crear sus aplicaciones.
El OWASP Serverless Top 10 es una excelente referencia para conocer los posibles riesgos de seguridad y las consecuencias de implementar una arquitectura serverless, así como también cómo mitigarlos.
En esta charla se analizará el estado actual de la seguridad en arquitecturas serverless, los principales riesgos y cómo podríamos mitigarlos de una forma sencilla. Entre los puntos a tratar podemos destacar:
-Introducción a las arquitecturas serverless
-Seguridad en arquitecturas serverless y OWASP Serverless Top 10
-Pentesting sobre aplicaciones serverless
-Mejoras prácticas de seguridad al trabajar en entornos cloud
La adopción de arquitecturas basadas en microservicios ha crecido de manera exponencial en los últimos años. Cuando se trata de obtener la máxima seguridad utilizamos lo que se denomina arquitecturas de “confianza cero” (zero trust architecture). Las arquitecturas de este tipo establecen mecanismos de autenticación y autorización entre nuestros propios microservicios, aumentando de esta manera la seguridad en entornos altamente regulados.
El objetivo de esta charla es dar a conocer los principios básicos para construir aplicaciones utilizando arquitecturas zero trust y algunas herramientas para realizar auditorías de seguridad en entornos cloud. Entre los puntos a tratar podemos destacar:
Introducción a DevSecOps y modelado de amenazas
Modelo de confianza cero(zero trust) en la nube
Mejoras prácticas a nivel de permisos y estrategias de seguridad al trabajar en entornos cloud
Herramientas de análisis orientadas al pentesting en entornos cloud
Python has become the most widely used language for machine learning and data science projects due to its simplicity and versatility.
Furthermore, developers get to put all their effort into solving an Machine Learning or data science problem instead of focusing on the technical aspects of the language.
For this purpose, Python provides access to great libraries and frameworks for AI and machine learning (ML), flexibility and platform independence
In this talk I will try to get a selection of libraries and frameworks that can help us introduce in the Machine Learning world and answer the question that all people is doing, What makes Python the best programming language for machine learning?
In this talk I will show how to save secret keys in Docker containers and K8s in production and best practices for saving and securing distribution of secrets. With Docker and k8s secrets we can manage information related to keys that are needed at runtime but cannot be exposed in the Docker image or source code repository. These could be the main talking points:
1.Challenges of security and secret keys in containers
2.Best practices for saving and securing distribution of secrets in Docker Containers
3.Managing secrets in Kubernetes using volumes and sealed-secrets
4.Other tools for distributing secrets in containers like Hashicorp Vault and KeyWhiz
One of the best practices from a security point of view is to introduce the management of the certificates that we are going to use to support protocols such as SSL / TLS. In this talk we will explain cert-manager and his implementation in K8s as a native Kubernetes certificate management controller that allows us to manage connection certificates and secure communications through SSL/TLS protocols. Later I will explain the main functionalities and advantages that cert-manager provides, for example it allows us to validate that the certificates we are using in different environments are correct. Finally, some use cases are studied in which to use cert-manager and the integration with other services such as Let's Encrypt or HashiCorp Vault.
Python se ha convertido en el lenguaje más usado para desarrollar herramientas dentro del ámbito de la seguridad. Esta charla se centrará en las diferentes formas en que un analista puede aprovechar el lenguaje de programación Python tanto desde el punto de vista defensivo como ofensivo.
Desde el punto de vista defensivo Python es una de las mejores opciones como herramienta de pentesting por la gran cantidad de módulos que nos pueden ayudar a desarrollar nuestras propias herramientas con el objetivo de realizar un análisis de nuestro objetivo.
Desde el punto de vista ofensivo podemos utilizar Python para recolección de información de nuestro objetivo de forma pasiva y activa. El objetivo final es obtener el máximo conocimiento posible en el contexto que estamos auditando. Entre los principales puntos a tratar podemos destacar:
1.Introducción a Python para proyectos de ciberseguridad(5 min)
2.Herramientas de pentesting(10 min)
3.Herramientas Python desde el punto de vista defensivo(10 min)
4.Herramientas Python desde el punto de vista ofensivo(10 min)
Python se ha convertido en el lenguaje más usado para desarrollar herramientas dentro del ámbito de la seguridad. Esta charla se centrará en las diferentes formas en que un analista puede aprovechar el lenguaje de programación Python tanto desde el punto de vista defensivo como ofensivo.
Desde el punto de vista defensivo Python es una de las mejores opciones como herramienta de pentesting por la gran cantidad de módulos que nos pueden ayudar a desarrollar nuestras propias herramientas con el objetivo de realizar un análisis de nuestro objetivo.
Desde el punto de vista ofensivo podemos utilizar Python para recolección de información de nuestro objetivo de forma pasiva y activa. El objetivo final es obtener el máximo conocimiento posible en el contexto que estamos auditando. Entre los principales puntos a tratar podemos destacar:
1.Introducción a Python para proyectos de ciberseguridad(5 min)
2.Herramientas de pentesting(10 min)
3.Herramientas Python desde el punto de vista defensivo(10 min)
4.Herramientas Python desde el punto de vista ofensivo(10 min)
Shodan es una de las plataformas de hacking más utilizadas en todo el mundo que nos brinda un completo motor de búsqueda avanzado desde el que podemos encontrar cualquier dispositivo conectado a la red junto con sus servicios activos, puertos abiertos y posibles vulnerabilidades.
En esta charla mostraremos las principales herramientas que podemos utilizar para maximizar nuestras búsquedas en Shodan, así como desarrollar nuestros propios scripts con python para automatizar las búsquedas.
Entre los puntos a tratar podemos destacar:
-Filtros y búsquedas personalizadas en Shodan
-Detectando vulnerabilidades con Shodan
-Buscar bases de datos abiertas en Shodan
-Shodan desde lineas de comandos con ShodanCLI
La charla trataría sobre cómo usar el stack Elasticsearch, Logstash y Kibana (ELK) para respuestas ante incidentes, monitorización de logs y otras tareas relacionadas con los equipos blue team. Por ejemplo, podríamos analizar los registros basados en autenticación y eventos del sistema operativo.
Entre los puntos a tratar podemos destacar:
-Introducción al estándar ELK y cómo nos puede ayudar para crear nuestro laboratorio de análisis.
-Comentar las diferentes fuentes de datos que podríamos usar (eventos del sistema operativo, capturas de red).
-Indexación y búsqueda de datos en ElasticSearch.
-Recopilación y manipulación de datos con LogStash.
-Creación de dashboards con Kibana.
-Ejemplo de aplicación para alertar sobre eventos basados en la autenticación en el sistema operativo.
The world is advancing towards accelerated deployments using DevOps and cloud native technologies. In architectures based on microservices, container monitoring and management become even more important as we need to scale our application.
In this talk, I will show how to monitor and manage docker containers to manage the status of your applications. We will review how to monitor for security events using open source solutions to build an actionable monitoring system for Docker and Kubernetes.
Through a web interface, tools such as cadvisor, portainer and rancher give us a global overview of the containers you are running as well as facilitate their management.
These could be the main points to discuss:
Challenges in containers and architectures distributed from the point of view of monitoring and administration
Most important metrics that we can use to measure container performance.
Tools for monitoring and management of containers such as cadvisor, sysdig and portainer
Rancher as a platform for the administration of Kubernetes
In this talk I will speak about main tips for integrating Security into DevOps. I will share my knowledge and experience and help people learn to focus more on DevOps Security. In addition to the so-called best practices, the development of efficient, readable, scalable and secure code, requires the right tools for security development.
These could be the main talking points:
-How to integrate security into iteration and pipeline application development with containers.
-How to secure development environments.
-DevOps security best practices
En los últimos años, muchas de las soluciones de seguridad están utilizando el aprendizaje automático para detectar y prevenir las principales amenazas como malware o detección de anomalías en las redes. El objetivo de los algoritmos de machine learning es construir modelos que permitan predecir con la mayor precisión posible si ante nuevas entradas de datos, nuestro algoritmo va a ser capaz de predecir si se trata
de malware o se ha detectado un comportamiento anómalo. Para ello disponemos varios tipos de modelos como regresión, clasificación, agrupación en clústeres, árboles de decisión, entre otros.
En esta charla explicaré los conceptos principales sobre el aprendizaje automático aplicado a la ciberseguridad a través de diferentes casos de uso y ejemplos. Comenzaremos explicando los algoritmos principales que podemos usar para hacer nuestras predicciones, aplicando estos conceptos en el campo de la seguridad. Se comentarán ejemplos que permitirán evaluar las mejores técnicas de aprendizaje automático en función del problema de seguridad que se plantea.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
3. Agenda
● Introduction to memory management
● Garbage collector and reference
counting with python
● Review the gc module for configuring
the python garbage collector
● Best practices for memory managment
4. Introduction to memory management
● Memory management is the process of
efficiently allocating, de-allocating, and
coordinating memory so that all the
different processes run smoothly and can
optimally access different system
resources.
9. Python Objects in Memory
● Each variable in Python acts as an object
● Python is a dynamically typed language
which means that we do not need to
declare types for variables.
18. Reference counting
● Python manages objects by using reference
counting
● Reference counting works by counting the
number of times an object is referenced by
other objects in the application.
● When references to an object are removed,
the reference count for an object is
decremented.
19. ● A reference is a container object pointing at
another object.
● Reference counting is a simple technique
in which objects are allocated when there is
reference to them in a program
Reference counting
24. ● Easy to implement
● Objects are immediately deleted when
reference counter is 0
✗ Not thread-safe
✗ Doesn’t detect cyclic references
✗ space overhead - reference count is
stored for every object
Reference counting
28. >>> def ref_cycle():
... list = [1, 2, 3, 4]
... list.append(list)
... return list
Garbage collector(GC) reference cycle
29. Garbage collector(GC) reference cycle
import gc
for i in range(8):
ref_cycle()
n = gc.collect()
print("Number of unreachable objects collected by GC:", n)
print("Uncollectable garbage:", gc.garbage)
print("Number of unreachable objects collected by GC:",
gc.collect())
32. Best practices for memory management
● Using gc.collect() carefully
print("Collecting...")
n = gc.collect()
print("Number of unreachable objects collected:", n)
print("Uncollectable garbage:", gc.garbage)
34. ● Using with context manager for working
with files
with open('data.txt', 'r') as file:
data = ','.join(line.strip() for line in file)
Best practices for memory management
35. ● Avoid List Slicing with [:]
list= [1,2,3,4]
list[1:3]
list[slice(1,3)]
Best practices for memory management