Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradarsangam biradar
presented at https://events.docker.com/events/details/docker-hyderabad-presents-docker-hyderabad-meetup-19-docker-kubernetes-iot-docker101-workshop/
at MobileIron India
6th Floor, Western Pearl, Survey No. 13, Kondapur, Hitech City Rd, Kothaguda
Hyderabad, 500084
date : 14 sept 19
Securing your AWS Deployments with Spinnaker and Armory EnterpriseDevOps.com
Customers are challenged today by a constant struggle between velocity and governance. What they want is consistent, secure, and scalable software deployments, but their security teams also need to be able to identify possible issues early in the development process to allow for proactive modification to the deployment process to ensure compliance in the cloud.
Join us for a webinar on “Securing AWS Deployments with Spinnaker and Armory Enterprise” to learn:
How to experiment while still enforcing deployment policies
How to build reusable modules that reduce the number of stages needed for deployment
How lockable pipelines enforce continuous delivery to release orchestration best practices
Running Azure PaaS Anywhere using KubernetesJorge Arteiro
Azure now allows you to run Web Apps, Azure Functions, Logic Apps, API management, event grid, and more on any Kubernetes cluster that's CNCF certified and running anywhere.
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...Docker, Inc.
Slides from Diptanu Choudhury's talk at DockerCon SF 2015
Talk Description:
Netflix has a complex micro-services architecture that is operated in an active-active manner from multiple geographies on top of AWS. Amazon gives us the flexibility to tap into massive amounts of resources, but how we use and manage those is a constantly evolving and ever-growing task. We have developed Titan to make cluster management, application deployments using Docker and process supervision much more robust and efficient in terms of CPU/memory utilization across all of our servers in different geographies.
Titan, a combination of Docker and Apache Mesos, is an application infrastructure gives us a highly resilient and dynamic PAAS, that is native to public clouds and runs across multiple geographies. It makes it easy for us to manage applications in our complex infrastructure and gives us the ability to make changes in the IAAS layer without impacting developer productivity or sacrificing insight into our production infrastructure.
Introducing Pico - A Deep Learning Platform using Docker & IoT - Sangam Biradarsangam biradar
presented at https://events.docker.com/events/details/docker-hyderabad-presents-docker-hyderabad-meetup-19-docker-kubernetes-iot-docker101-workshop/
at MobileIron India
6th Floor, Western Pearl, Survey No. 13, Kondapur, Hitech City Rd, Kothaguda
Hyderabad, 500084
date : 14 sept 19
Securing your AWS Deployments with Spinnaker and Armory EnterpriseDevOps.com
Customers are challenged today by a constant struggle between velocity and governance. What they want is consistent, secure, and scalable software deployments, but their security teams also need to be able to identify possible issues early in the development process to allow for proactive modification to the deployment process to ensure compliance in the cloud.
Join us for a webinar on “Securing AWS Deployments with Spinnaker and Armory Enterprise” to learn:
How to experiment while still enforcing deployment policies
How to build reusable modules that reduce the number of stages needed for deployment
How lockable pipelines enforce continuous delivery to release orchestration best practices
Running Azure PaaS Anywhere using KubernetesJorge Arteiro
Azure now allows you to run Web Apps, Azure Functions, Logic Apps, API management, event grid, and more on any Kubernetes cluster that's CNCF certified and running anywhere.
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...Docker, Inc.
Slides from Diptanu Choudhury's talk at DockerCon SF 2015
Talk Description:
Netflix has a complex micro-services architecture that is operated in an active-active manner from multiple geographies on top of AWS. Amazon gives us the flexibility to tap into massive amounts of resources, but how we use and manage those is a constantly evolving and ever-growing task. We have developed Titan to make cluster management, application deployments using Docker and process supervision much more robust and efficient in terms of CPU/memory utilization across all of our servers in different geographies.
Titan, a combination of Docker and Apache Mesos, is an application infrastructure gives us a highly resilient and dynamic PAAS, that is native to public clouds and runs across multiple geographies. It makes it easy for us to manage applications in our complex infrastructure and gives us the ability to make changes in the IAAS layer without impacting developer productivity or sacrificing insight into our production infrastructure.
DCEU 18: From Monolith to MicroservicesDocker, Inc.
Jeff Nickoloff - Co-founder, Topple
Growth can be challenging to address once monolithic systems begin to fail under strain or internal software development processes begin to slow the release cadence. Many organizations are looking to microservices architecture to solve these application issues, whether they plan to write new applications or rewrite the monoliths into microservices. This talk will highlight the common technical and cultural issues that will make microservice architectures a challenge to adopt and maintain. Issues include impact of Dunbar's Number and Conway's Law, build-time vs runtime continuous integration, evolution of testability, API versioning impact, logistics overhead, artifact management, and strategies for iteration in a distributed environment. Attendees will learn: - How and why microservice architectures and ownership end up falling along organizational lines (and why that is a good thing) - How we can learn from monolith tooling to inform our tooling in a microservice environment - How you can achieve operational excellence at scale taking a logistical approach with Docker.
Serverless security - how to protect what you don't see?Sqreen
Protecting serverless is a new topic. This presentation aims at showing what new security challenges it brings, and how CISO and security teams should approach it.
The serverless space evolves fast and there is no convergence on best practices yet. The switch to a serverless architecture involves several changes, for instance developers doing much more ops with serverless, deploying 20 times more services than previously...
Keeping your Kubernetes Cluster SecureGene Gotimer
From NOVA Cloud and Software Engineering Group meetup, Feb. 17, 2021 https://youtu.be/a5uPm1mPLKQ.
Hardening a Kubernetes cluster happens at different levels. We have to examine the nodes where Kubernetes is running. We want to secure the Kubernetes objects and workloads and review the files we used to create them. And we need to look for vulnerabilities in the containers we are using. Gene will show you some open-source tools that can find issues and vulnerabilities at each layer. All of them can be used in a pipeline to build your Kubernetes cluster safely and keep it secure.
Gene Gotimer is the meetup organizer and a DevSecOps Senior Engineer at Steampunk, focusing on agile processes, secure development practices, and automation. Gene feels strongly that repeatability, quality, and security are all strongly intertwined; each depends on the other two, making agile and DevSecOps that much more crucial to software development.
“The Elements of Style” is one of the most important and foundational guidelines on how to write well. It has effectively summarized, in a list of seminal guidelines, how to harness the power of the English language to write high quality prose of almost any kind.
In computing, we have similar guides for various technologies. Python offers “The Zen Of Python”, Ruby has “The Rails Doctrine”, and so on...
One of the powers these documents wield is that they help serve as a “north star” that guides an entire community toward the same goals.
I believe we need a similar guide for Kubernetes. It would describe how app developers and operators should think about and use the features in Kubernetes to build and deploy reliable, stable apps. Armed with such a guide, we could all hope to better understand the “essence” of Kubernetes in pursuit of building better cloud native apps.
We don’t have anything like this today, but many in the Kubernetes community have strong, detailed opinions for what should go in this guide. Much of it is tribal knowledge or scattered in blog posts.
In this talk, I’ll try to bring many of these opinions together and lay out an “Elements of Kubernetes” guide for app developers and operators alike. I’ll do so by relating each “element” to stories and details I’ve seen in the community that reveal what makes a good Kubernetes and cloud native app.
This talk was given at KubeCon / CloudNativeCon 2017 on December 7th, 2017 in Austin, TX
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusKublr
In a microservices world, applications consist of dozens, hundreds, or even thousands of components. Manually deploying and verifying deployment quality in production is virtually impossible. Kubernetes, which natively supports rolling updates, enables blue-green application deployments with Spinnaker. However, gradual rollouts is a feature that doesn't come out-of-the-box but can be achieved by adding Istio and Prometheus to the equation.
During this meetup, Slava Koltovich, CEO of Kublr, and Oleg Atamanenko, Senior Software Architect, discussed canary release implementations on Kubernetes with Spinnaker, Istio, and Prometheus. They examined the role of each tool in the process and how they are all connected. During a demo, they demonstrated a successful and a failed canary release, and how these tools enable IT teams to properly roll out changes to their customer base without any downtime.
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...Docker, Inc.
Entergy, a large utility company headquartered in New Orleans, LA has launched an initiative to modernize their application infrastructure. During the initial analysis, Entergy recognized the existing legacy infrastructure’s lack of compatibility with more recent operating systems would stand in the way of progress. As a result, containerization was fast-tracked as the solution that can help them with the various tenants of their strategy: hyperconvergence, SaaS (ServiceNow), and workload portability. Docker Enterprise proved to be the right solution to migrate roughly 850 legacy applications from Windows Server 2003 and 2008 to Windows Server 2016 quickly, securely and economically. Entergy IT has now delivered the ability for the business to run applications on-premise, in the cloud, and future-proofed the applications for migration to new versions of Windows Server. In this session, Entergy will talk about how they are modernizing their infrastructure to become more agile, secure, and enable workload portability.
Title: Making Kubernetes Easier
Kubernetes. Wonderful technology but the learning curve to production may be long. In this session we'll look at how we partnered with the community to make it easier, from setting up collaborative development environments and ensuring DevOps, to scaling production in unpredictable scenarios, while keeping it under good monitoring from the moment you spin it up. Demos and code heavy.
Netflix Open Source: Building a Distributed and Automated Open Source Programaspyker
Netflix has been using and contributing to open source for several years. Over the years, Netflix has released over one hundred Netflix Open Source (aka NetflixOSS) libraries, servers, and technologies. Netflix engineers benefit by accepting contributions and gathering feedback with key collaborators around the world. Users of NetflixOSS from many industries benefit from our solutions including Big Data, Build and Delivery Tools, Runtime Services and Libraries, Data Persistence, Insight, Reliability and Performance, Security and User Interface. With such a large and mature open source program, Netflix has worked on approaches and tools that help manage and improve the NetflixOSS source offerings and communities. Netflix has taken a different approach to building support for open source as compared to other Internet scale companies. Come to this session to learn about the unique approaches Netflix has taken to both distribute and automate the responsibilities of building a world-class open source program.
1. Overview of DevOps
2. Infrastructure as Code (IaC) and Configuration as code
3. Identity and Security protection in CI CD environment
4. Monitor Health of the Infrastructure/Application
5. Open Source Software (OSS) and third-party tools, such as Chef, Puppet, Ansible, and Terraform to achieve DevOps.
6. Future of DevOps Application
DCEU 18: From Monolith to MicroservicesDocker, Inc.
Jeff Nickoloff - Co-founder, Topple
Growth can be challenging to address once monolithic systems begin to fail under strain or internal software development processes begin to slow the release cadence. Many organizations are looking to microservices architecture to solve these application issues, whether they plan to write new applications or rewrite the monoliths into microservices. This talk will highlight the common technical and cultural issues that will make microservice architectures a challenge to adopt and maintain. Issues include impact of Dunbar's Number and Conway's Law, build-time vs runtime continuous integration, evolution of testability, API versioning impact, logistics overhead, artifact management, and strategies for iteration in a distributed environment. Attendees will learn: - How and why microservice architectures and ownership end up falling along organizational lines (and why that is a good thing) - How we can learn from monolith tooling to inform our tooling in a microservice environment - How you can achieve operational excellence at scale taking a logistical approach with Docker.
Serverless security - how to protect what you don't see?Sqreen
Protecting serverless is a new topic. This presentation aims at showing what new security challenges it brings, and how CISO and security teams should approach it.
The serverless space evolves fast and there is no convergence on best practices yet. The switch to a serverless architecture involves several changes, for instance developers doing much more ops with serverless, deploying 20 times more services than previously...
Keeping your Kubernetes Cluster SecureGene Gotimer
From NOVA Cloud and Software Engineering Group meetup, Feb. 17, 2021 https://youtu.be/a5uPm1mPLKQ.
Hardening a Kubernetes cluster happens at different levels. We have to examine the nodes where Kubernetes is running. We want to secure the Kubernetes objects and workloads and review the files we used to create them. And we need to look for vulnerabilities in the containers we are using. Gene will show you some open-source tools that can find issues and vulnerabilities at each layer. All of them can be used in a pipeline to build your Kubernetes cluster safely and keep it secure.
Gene Gotimer is the meetup organizer and a DevSecOps Senior Engineer at Steampunk, focusing on agile processes, secure development practices, and automation. Gene feels strongly that repeatability, quality, and security are all strongly intertwined; each depends on the other two, making agile and DevSecOps that much more crucial to software development.
“The Elements of Style” is one of the most important and foundational guidelines on how to write well. It has effectively summarized, in a list of seminal guidelines, how to harness the power of the English language to write high quality prose of almost any kind.
In computing, we have similar guides for various technologies. Python offers “The Zen Of Python”, Ruby has “The Rails Doctrine”, and so on...
One of the powers these documents wield is that they help serve as a “north star” that guides an entire community toward the same goals.
I believe we need a similar guide for Kubernetes. It would describe how app developers and operators should think about and use the features in Kubernetes to build and deploy reliable, stable apps. Armed with such a guide, we could all hope to better understand the “essence” of Kubernetes in pursuit of building better cloud native apps.
We don’t have anything like this today, but many in the Kubernetes community have strong, detailed opinions for what should go in this guide. Much of it is tribal knowledge or scattered in blog posts.
In this talk, I’ll try to bring many of these opinions together and lay out an “Elements of Kubernetes” guide for app developers and operators alike. I’ll do so by relating each “element” to stories and details I’ve seen in the community that reveal what makes a good Kubernetes and cloud native app.
This talk was given at KubeCon / CloudNativeCon 2017 on December 7th, 2017 in Austin, TX
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusKublr
In a microservices world, applications consist of dozens, hundreds, or even thousands of components. Manually deploying and verifying deployment quality in production is virtually impossible. Kubernetes, which natively supports rolling updates, enables blue-green application deployments with Spinnaker. However, gradual rollouts is a feature that doesn't come out-of-the-box but can be achieved by adding Istio and Prometheus to the equation.
During this meetup, Slava Koltovich, CEO of Kublr, and Oleg Atamanenko, Senior Software Architect, discussed canary release implementations on Kubernetes with Spinnaker, Istio, and Prometheus. They examined the role of each tool in the process and how they are all connected. During a demo, they demonstrated a successful and a failed canary release, and how these tools enable IT teams to properly roll out changes to their customer base without any downtime.
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...Docker, Inc.
Entergy, a large utility company headquartered in New Orleans, LA has launched an initiative to modernize their application infrastructure. During the initial analysis, Entergy recognized the existing legacy infrastructure’s lack of compatibility with more recent operating systems would stand in the way of progress. As a result, containerization was fast-tracked as the solution that can help them with the various tenants of their strategy: hyperconvergence, SaaS (ServiceNow), and workload portability. Docker Enterprise proved to be the right solution to migrate roughly 850 legacy applications from Windows Server 2003 and 2008 to Windows Server 2016 quickly, securely and economically. Entergy IT has now delivered the ability for the business to run applications on-premise, in the cloud, and future-proofed the applications for migration to new versions of Windows Server. In this session, Entergy will talk about how they are modernizing their infrastructure to become more agile, secure, and enable workload portability.
Title: Making Kubernetes Easier
Kubernetes. Wonderful technology but the learning curve to production may be long. In this session we'll look at how we partnered with the community to make it easier, from setting up collaborative development environments and ensuring DevOps, to scaling production in unpredictable scenarios, while keeping it under good monitoring from the moment you spin it up. Demos and code heavy.
Netflix Open Source: Building a Distributed and Automated Open Source Programaspyker
Netflix has been using and contributing to open source for several years. Over the years, Netflix has released over one hundred Netflix Open Source (aka NetflixOSS) libraries, servers, and technologies. Netflix engineers benefit by accepting contributions and gathering feedback with key collaborators around the world. Users of NetflixOSS from many industries benefit from our solutions including Big Data, Build and Delivery Tools, Runtime Services and Libraries, Data Persistence, Insight, Reliability and Performance, Security and User Interface. With such a large and mature open source program, Netflix has worked on approaches and tools that help manage and improve the NetflixOSS source offerings and communities. Netflix has taken a different approach to building support for open source as compared to other Internet scale companies. Come to this session to learn about the unique approaches Netflix has taken to both distribute and automate the responsibilities of building a world-class open source program.
1. Overview of DevOps
2. Infrastructure as Code (IaC) and Configuration as code
3. Identity and Security protection in CI CD environment
4. Monitor Health of the Infrastructure/Application
5. Open Source Software (OSS) and third-party tools, such as Chef, Puppet, Ansible, and Terraform to achieve DevOps.
6. Future of DevOps Application
Implementing Fast IT Deploying Applications at the Pace of Innovation Cisco DevNet
Fast innovation requires Fast IT: the new model for IT that transforms the way we deliver new business application capabilities to our clients.
Cisco IT has created solutions that enable automated provisioning of environments and fast deployment of cloud applications through “Software Development-as-a-Service”.
In this session, we’ll provide a hands-on experience of how application teams use an automated toolset to combine quality and agility, while reducing operational expense. We’ll also provide a view of the key technologies that enable this solution.
Finally, there’s a quick glimpse into what’s next: containerization and IOE Application Enablement.
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
Whether you’re working exclusively on Azure or with multiple cloud environments, there are certain things you should consider when moving assets to the public cloud. As with any cloud deployment, security is a top priority, and moving your workloads to the Azure cloud doesn’t mean you’re not responsible for the security of your operating system, applications, and data.
Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your environment is secure. In this session, we will discuss step-by-step what you need to do to secure access at the administrative, application and network layers.
Are Your Containers as Secure as You Think?DevOps.com
With the growing popularity of Container technology comes the growth of container-based attacks – but understanding your security needs will keep you ahead of the game.
Container adoption is skyrocketing, growing 40% in the last year. And it makes sense – the agility, operational efficiencies and cost savings of containerized environments are huge benefits. But as more organizations rush to leverage containers, security is increasingly becoming a major concern and is the top roadblock to container deployment. What do you need to know (and do) to keep your container environments safe?
TechTalk 2021: Peran IT Security dalam Penerapan DevOpsDicodingEvent
Di Indonesia, 19,4% perusahaan sudah mulai menggunakan layanan cloud publik. Stapi sering kali saat perusahan sudah mengadopsi cloud, mereka baru menyadari betapa rumitnya penerapan cloud. Akibatnya, banyak perusahaan yang stuck dalam operasional aplikasi yang baru ini.
Hadirlah DevOps yang memberi layanan lebih cepat dan mendorong inovasi sekaligus meningkatkan produktivitas, komunikasi, dan keterlibatan karyawan. Tapi hadirnya layanan yang lebih cepat membuat risiko dalam penerapan aplikasi meningkat sebesar 53% upaya pencurian data menyasar aplikasi itu sendiri. Oleh karena itu, sangat penting bagi perusahaan untuk mengubah mindset dari menerapkan keamanan untuk kepatuhan ke metode yang lebih proaktif dengan memanfaatkan prinsip-prinsip DevOps dalam tool dan proses keamanan mereka.
Hmm jadi penasaran bagaimana sih memaksimalkan peran keamanan dalam penerapan Devops supaya berjalan dengan lacar? Hal ini akan kita bahas bersama 2 orang pembicara yang expert dibidangnya, yaitu Rei Munisati (Head of IT Security & Risk Compliance, Home Credit Indonesia) dan Taro Lay (Co-Founder Kalama Cyber Security) pada Tech Talk 2021 Live dengan tema "Peran IT Security dalam Penerapan DevOps."
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
More organisations are embracing DevOps and automation to realise compelling business benefits, such as more frequent feature releases, increased application stability, and more productive resource utilization. However, many security and compliance monitoring tools have not kept up. In fact, they often represent the largest single remaining barrier to continuous delivery.
Patterns and Pains of Migrating Legacy Applications to KubernetesQAware GmbH
Open Source Summit 2018, Vancouver (Canada): Talk by Josef Adersberger (@adersberger, CTO at QAware), Michael Frank (Software Architect at QAware) and Robert Bichler (IT Project Manager at Allianz Germany)
Abstract:
Running applications on Kubernetes can provide a lot of benefits: more dev speed, lower ops costs and a higher elasticity & resiliency in production. Kubernetes is the place to be for cloud-native apps. But what to do if you’ve no shiny new cloud-native apps but a whole bunch of JEE legacy systems? No chance to leverage the advantages of Kubernetes? Yes you can!
We’re facing the challenge of migrating hundreds of JEE legacy applications of a German blue chip company onto a Kubernetes cluster within one year.
The talk will be about the lessons we've learned - the best practices and pitfalls we've discovered along our way.
Patterns and Pains of Migrating Legacy Applications to KubernetesJosef Adersberger
Running applications on Kubernetes can provide a lot of benefits: more dev speed, lower ops costs, and a higher elasticity & resiliency in production. Kubernetes is the place to be for cloud native apps. But what to do if you’ve no shiny new cloud native apps but a whole bunch of JEE legacy systems? No chance to leverage the advantages of Kubernetes? Yes you can!
We’re facing the challenge of migrating hundreds of JEE legacy applications of a German blue chip company onto a Kubernetes cluster within one year.
The talk will be about the lessons we've learned - the best practices and pitfalls we've discovered along our way.
DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...Cisco DevNet
Nowadays, we heard a lot regarding micro services and DevOps but then, what are the impacts for an application development and how to really achieve this? The demo will demonstrate the benefits of using Docker (and related tools / technologies) for a micro services application and then having a continuous integration / tests / deployment workflow on CCS/Nimbus.
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
The SolarWinds attack brought additional scrutiny software supply chain security, but concerns about organizations’ software supply chains have been discussed for a number of years. Development organizations’ shift to DevOps or DevSecOps has pushed teams to adopt new technologies in the build pipeline – often hosted by 3rd parties. This has resulted in build pipelines that expose a complicated and often uncharted attack surface. In addition, modern products also incorporate code from a variety of contributors – ranging from in-house developers, 3rd party development contractors, as well as an array open source contributors.
This talk looks at the challenge of developing secure build pipelines. This is done via the construction of a threat model for an example software build pipeline that walks through how the various systems and communications along the way can potentially be misused by malicious actors. Coverage of the major components of a build pipeline – source control, open source component management, software builds, automated testing, and packaging for distribution – is used to enumerate likely attack surface exposed via the build process and to highlight potential controls that can be put in place to harden the pipeline against attacks. The presentation is intended to be useful both for evaluating internal build processes as well as to support the evaluation of critical external vendors’ processes.
Why modern cloud infrastructure require automationGerald Crescione
Modern Cloud Infrastructures require automation and call for Infrastructure as Code. But mastering Infrastructure as Code is complex. Here's why a CI/CD can help
Gopher Labs brings you tutorials that help you get hands-on experience using Golang. Here you will find complete documentation of labs and tutorials that will help you, no matter if you are a beginner, SysAdmin, IT Pro or Developer. Yes, you read it right ! Its $0 learning platform. You don’t need any infrastructure. Most of the tutorials runs on Play with GO Platform. This is a free browser based learning platform for you. Hence, we have everything ready for you to get started with.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
10. DAST , SCA
• Dynamic Analysis and Security Testing (DAST)
• Dynamic application security testing (DAST) is a
type of black-box security testing in which tests are
performed by attacking an application from the
outside.
• Pros
• #1 Technology independent
• #2 Low false positives
• #3 Identifies configuration issues
• Cons
• #1 Not highly scalable
• #2 No code visibility
• #3 Slow scans
11. IAST
• IAST typically is implemented by deploying agents
and sensors in the application post build. The agent
observes the application’s operation and analyzes
traffic flow to identify security vulnerabilities. It
does this by mapping external signatures or
patterns to source code, which allows it to identify
more complex vulnerabilities.
• IAST test results are usually reported in real time via
a web browser, dashboard, or customized report
without adding extra time to the CI/CD pipeline.
IAST results can also be combined with other issues
tracking tools.
Pros
• #1 Low Number of False Positives
• #2 Instant Feedback
• #3 Highly Scalable
Cons
• #1 Limited Language Coverage
• #2 Requires a Mature Test Environment
• #3 Not Widely Adopted
12. Configuration Drift
• configuration drift occurs whenever someone
makes a change to the production environment
without recording those changes and without
ensuring complete parity between staging and
production. And, although it’s unintentional, it can
end in unanticipated bugs and the resulting flurry of
pleas for rapid incident response.
• Critical package updates are made at breakneck
speeds to address a security vulnerability or
incident and often ignore procedure in favor of
speed.
• When testing servers, a developer may make a
manual configuration change to better document
or track a bug, which could help define that issue,
but if the configuration change isn’t changed
back, it will cause drift.
• Adding more resources to bolster server
configuration can help systems cope with peak
load times but are often unplanned or
undocumented, eventually leading to
configuration drift.
13. RASP
• RASP is a technology that runs on a server and kicks
in when an application runs. It's designed to detect
attacks on an application in real time
14. Secret Management
• Often credentials are store in config files
• Leakage can result in abuse scenario
• Secrets management allows you to tokenize the
information
15. Infrastructure as code
• Infrastructure as a code allows you to document &
version control the infra
• It also allows you to perform audit on the
infrastructure
• Docker / K8s infra relies on base images
• Environment is as secure as the base images
• Base images need to be minimal in nature & need to
be assessed to identify inherited vulnerabilities
16. Cloud Native Security approach to security
• Different Service Providers Approach Security
Differently
• All of them provide some of the ingredient In-house
• Irrespective of cloud providers some tools will need
to be sourced
• Static code analysis tool
• Dynamic Code Analysis Tool
• Software Composition Analysis
• Vulnerability Management Tool
17. Terrascan
• Terrascan detects security vulnerabilities and
compliance violations across your Infrastructure as
Code. Mitigate risks before provisioning cloud
native infrastructure. Run locally or integrate with
your CICD.
• Documentation: https://docs.accurics.com/projects
/accurics-terrascan
• Discuss: https://community.accurics.com
Features
• 500+ Policies for security best practices
• Scanning of Terraform (HCL2)
• Scanning of Kubernetes (JSON/YAML), Helm v3,
and Kustomize v3
• Support for AWS, Azure, GCP, Kubernetes and
GitHub
• Accurics Discord Server ! Join Community
• https://discord.gg/G6EyMg4kCP