This is the talk I gave on DynCon 2011 about Cloud9 IDE. Unfortunately lots of it was live coding and it hasn't been (obviously) captured in the slides.
In this webcast, Sarah O’Keefe discusses the results of Scriptorium’s 2011 survey on structured authoring. Topics include adoption rates, tools, implementation costs, lessons learned, and much more.
This presentation is from a TechSoup webinar. You can view the archive page (https://cc.readytalk.com/cc/schedule/display.do?udc=peinch14k2ix) for a recording and links to all of the many open source tools that were discussed. We have a lively conversation on our community forum (http://bit.ly/oslib) as Cindy and Kyle answered questions we didn't get to during the webinar.
This webinar will cover specific open source tools (some of which you may not have heard of before!) that work well for libraries and the benefits and challenges associated with their use. Meadville Public Library uses open source software on 90% of their public access computers.
Cindy Murdock Ames, IT Services Director and Kyle Hall, the library's on-staff developer, will share recommendations for libraries considering open source software and how to get started successfully. Cindy has been using open source software for over 10 years, which has allowed the library to save licensing costs and have more control over its computing environment. The library uses open source tools for their websites, e-mail, Internet firewall, wireless router, proxying, filtering, and productivity software. They use thin clients for Internet access and Koha for the circulation and public catalogs.
This is the talk I gave on DynCon 2011 about Cloud9 IDE. Unfortunately lots of it was live coding and it hasn't been (obviously) captured in the slides.
In this webcast, Sarah O’Keefe discusses the results of Scriptorium’s 2011 survey on structured authoring. Topics include adoption rates, tools, implementation costs, lessons learned, and much more.
This presentation is from a TechSoup webinar. You can view the archive page (https://cc.readytalk.com/cc/schedule/display.do?udc=peinch14k2ix) for a recording and links to all of the many open source tools that were discussed. We have a lively conversation on our community forum (http://bit.ly/oslib) as Cindy and Kyle answered questions we didn't get to during the webinar.
This webinar will cover specific open source tools (some of which you may not have heard of before!) that work well for libraries and the benefits and challenges associated with their use. Meadville Public Library uses open source software on 90% of their public access computers.
Cindy Murdock Ames, IT Services Director and Kyle Hall, the library's on-staff developer, will share recommendations for libraries considering open source software and how to get started successfully. Cindy has been using open source software for over 10 years, which has allowed the library to save licensing costs and have more control over its computing environment. The library uses open source tools for their websites, e-mail, Internet firewall, wireless router, proxying, filtering, and productivity software. They use thin clients for Internet access and Koha for the circulation and public catalogs.
In this talk Emil Fredriksson and David Poblador i Garcia explain how Spotify builds its infrastructure in order to deliver millions of songs to millions of users.
We explain how we manage to support our development teams to build features by developing a highly scalable infrastructure.
What are some practical uses for Domain Specific Languages (DSL)? And how do you go about designing DSLs, implementing them in Groovy, creating tests for your models and evolving the structure of the languages over time?
In this fast paced session, Peter Bell will examine a real world Groovy DSL, how it was designed and implemented, the testing strategies employed and the options for evolving the structure (grammar) of the DSL.
If you've built DSLs but want to go further, or if you've still not figured out how a DSL might help you to build better, more maintainable apps more quickly and easily, come along and learn more about creating practical, maintainable DSLs for your projects.
Just a thought . . . If you are interested in this talk you might also be interested in Core Gradle: Gradle, a Build System for Java Workshop and Graeme Rocher's Groovy and Grails Workshop
Cloudlytics is a Log analysis tool that helps you track all your Amazon S3 and CloudFront logs.
1) Why Log Processing
2) Use Cases
3) Sample Reports
4) What's Next
Using AWS, Terraform, and Ansible to Automate Splunk at ScaleData Works MD
The DreamPort Splunk Project; How We Use AWS, Terraform, and Ansible to Automate Everything About a Splunk Cluster
At DreamPort, we use cloud platforms, infrastructure-as-code tooling, configuration tools, automation software, and container technologies to very quickly design, develop, and prototype projects. This particular talk focuses on the tools used to deploy and configure a Splunk cluster for a particular project we recently ran. We will cover the deployment, configuration, and orchestration of a large 16 node Splunk cluster using tools that are a core set to DreamPort's cloud infrastructure toolbox; AWS, Terraform, Ansible, and Docker.
It is recommended that attendees have a general understanding of AWS, Linux, Splunk, and Docker, and know about automation tools such as Terraform and Ansible.
Attendees will learn how to use AWS, Terraform, Ansible, and Docker to deploy a large Splunk cluster, how to use Ansible to orchestrate and manage the Splunk cluster, and how to use Ansible to orchestrate and manage the Splunk cluster.
-------------------------------------------------
Bill Cawthra is a Principal Cloud Infrastructure Architect for CyberPoint, managing project-related cloud systems and platforms. He works primarily on the AWS platform, using various automation tools to rapidly deploy and manage infrastructure. Bill has over 18 years of experience in computers and technology, working in a range of fields, including construction, DoD, health care, and social media.
Resumable File Upload API using GridFS and TUSkhangtoh
TUS is a resumable file upload protocol and with MongoDB GridFS, we build an API for uploading files through a REST API and show how to scale this API horizontally using MongoDB as the storage for these files.
Singapore MongoDB User Group March Meetup
Disqus talks about how they scale their Python web application to over 500 million visitors a month.
Video is available here: http://pycon.blip.tv/file/4880330/
In this talk Emil Fredriksson and David Poblador i Garcia explain how Spotify builds its infrastructure in order to deliver millions of songs to millions of users.
We explain how we manage to support our development teams to build features by developing a highly scalable infrastructure.
What are some practical uses for Domain Specific Languages (DSL)? And how do you go about designing DSLs, implementing them in Groovy, creating tests for your models and evolving the structure of the languages over time?
In this fast paced session, Peter Bell will examine a real world Groovy DSL, how it was designed and implemented, the testing strategies employed and the options for evolving the structure (grammar) of the DSL.
If you've built DSLs but want to go further, or if you've still not figured out how a DSL might help you to build better, more maintainable apps more quickly and easily, come along and learn more about creating practical, maintainable DSLs for your projects.
Just a thought . . . If you are interested in this talk you might also be interested in Core Gradle: Gradle, a Build System for Java Workshop and Graeme Rocher's Groovy and Grails Workshop
Cloudlytics is a Log analysis tool that helps you track all your Amazon S3 and CloudFront logs.
1) Why Log Processing
2) Use Cases
3) Sample Reports
4) What's Next
Using AWS, Terraform, and Ansible to Automate Splunk at ScaleData Works MD
The DreamPort Splunk Project; How We Use AWS, Terraform, and Ansible to Automate Everything About a Splunk Cluster
At DreamPort, we use cloud platforms, infrastructure-as-code tooling, configuration tools, automation software, and container technologies to very quickly design, develop, and prototype projects. This particular talk focuses on the tools used to deploy and configure a Splunk cluster for a particular project we recently ran. We will cover the deployment, configuration, and orchestration of a large 16 node Splunk cluster using tools that are a core set to DreamPort's cloud infrastructure toolbox; AWS, Terraform, Ansible, and Docker.
It is recommended that attendees have a general understanding of AWS, Linux, Splunk, and Docker, and know about automation tools such as Terraform and Ansible.
Attendees will learn how to use AWS, Terraform, Ansible, and Docker to deploy a large Splunk cluster, how to use Ansible to orchestrate and manage the Splunk cluster, and how to use Ansible to orchestrate and manage the Splunk cluster.
-------------------------------------------------
Bill Cawthra is a Principal Cloud Infrastructure Architect for CyberPoint, managing project-related cloud systems and platforms. He works primarily on the AWS platform, using various automation tools to rapidly deploy and manage infrastructure. Bill has over 18 years of experience in computers and technology, working in a range of fields, including construction, DoD, health care, and social media.
Resumable File Upload API using GridFS and TUSkhangtoh
TUS is a resumable file upload protocol and with MongoDB GridFS, we build an API for uploading files through a REST API and show how to scale this API horizontally using MongoDB as the storage for these files.
Singapore MongoDB User Group March Meetup
Disqus talks about how they scale their Python web application to over 500 million visitors a month.
Video is available here: http://pycon.blip.tv/file/4880330/
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1awkL99.
Details on Pinterest's architeture, its systems -Pinball, Frontdoor-, and stack - MongoDB, Cassandra, Memcache, Redis, Flume, Kafka, EMR, Qubole, Redshift, Python, Java, Go, Nutcracker, Puppet, etc. Filmed at qconsf.com.
Yash Nelapati is an infrastructure engineer at Pinterest where he focusses on scalability, capacity planning and architecture. Prior to Pinterest he was into web development and rapidly prototyping UI. Marty Weiner joined Pinterest in early 2011 as the 2nd engineer. Previously worked at Azul Systems as a VM engineer focused on building/improving the JIT compilers in HotSpot.
But We're Already Open Source! Why Would I Want To Bring My Code To Apache?gagravarr
So, your business has already opened sourced some of it's code? Great! But now, someone's asking you about giving it to these Apache people? What's up with that, and why isn't just being open source enough?
In this talk, we'll look at several real world examples of where companies have chosen to contribute their existing open source code to the Apache Software Foundation. We'll see the advantages they got from it, the problems they faced along the way, why they did it, and how it helped their business. We'll also look briefly at where it may not be the right fit.
Wondering about how to take your business's open source involvement to the next level, and if contributing to projects at the Apache Software Foundation will deliver RoI, then this is the talk for you!
Similar to The Reluctant SysAdmin : 360|iDev Austin 2010 (20)
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Communications Mining Series - Zero to Hero - Session 1
The Reluctant SysAdmin : 360|iDev Austin 2010
1. The Reluctant
SysAdmin
Managing the Server side of a Client-
Server iPhone App
Jen Harvey, Voxilate
@jen_h
360|iDev Austin
Nov 10 2010
Wednesday, November 17, 2010
2. • Me: Network security background,
OSS & Linux fangirl
• Currently: Co-founder of Voxilate with
Steven Hugg
• Last year: Traveling the country while
bootstrapping the company, building
iPhone apps on the road
A little background...
Wednesday, November 17, 2010
3. HeyTell
• HeyTell Voice Messenger allows users
to share short voice messages &
location
• Released February 2010
• Have been building, managing,
deploying, re-deploying, updating,
expanding, scaling on the road ever
since...
Wednesday, November 17, 2010
4. • Map of travels, 360iDev San Jose!
360|iDev San Jose!
Wednesday, November 17, 2010
5. Current Objectives
• Keep over 1 million users happy &
using our app
• Maintain respectable uptime &
performance while adding new
features & expanding our reach
• Get a little sleep at night
• Share what we’ve learned so that
others who embark on similar
journeys can also sleep!
Wednesday, November 17, 2010
6. Agenda
• Why a Server?
• Choose Your Poison
• Build It Out
• Lock It Down
• Maintain & Monitor
Wednesday, November 17, 2010
8. Metrics!
• What metrics are valuable to you?
• Number of total users
• Number of active users per day/
month/year
• Number of whatever-it-is-you-do all
day (for us, submitted messages)
• Number of customers vs. users
• Busiest times of day/week/month?
grep is
awesome
Wednesday, November 17, 2010
9. Track app usage &
errors
•Speed
customer
support
•Understand
how users
really use
your app
•Be alerted
when errors
occur
•Really useful
for beta
testing to
determine app
viability
Wednesday, November 17, 2010
10. Provide value-added
content
• Virtual goods or in-app purchase
goodies
• User-to-User or User-to-Public content
sharing
• Run your own analytics or ad servers
Wednesday, November 17, 2010
11. Basic Web Server
• Informational site for game
• Customer service site
• FAQ hosting
• Note: This is not what we’re focusing
on in this talk, but the info here is
pretty general purpose! :)
Wednesday, November 17, 2010
12. Control your own Push
Notifications
• Don’t need an external service (free)
• Can be a little painful to set up, but
resources & libraries exist on web for
PHP, Java, Python, Ruby...
• Additional insight when users run
into Push Notification issues
Wednesday, November 17, 2010
17. We’re lucky! So many
hosting options!
Wednesday, November 17, 2010
18. Cloud: Infrastructure as
a Service
• Pay-as-you-go systems deployment
• Amazon Web Services (EC2, S3,
RDS, ELB, ...)
• Microsoft Azure
• VMWare vCloud
• Rackspace Cloud (formerly Mosso)
• ...
Wednesday, November 17, 2010
19. Cloud: Platform as a Service
• Write your app for the platform,
interact via API, provider handles
scaling and administrative tasks:
• Heroku (for Ruby enthusiasts, built
on EC2)
• Google App Engine (Java, Python,
JRuby...)
• Engine Yard (Ruby)
• ...
Wednesday, November 17, 2010
20. Virtual Private Servers
(VPS)
• You pay for a dedicated server,
sometimes a VM, sometimes
hardware
• Rackspace
• Slicehost
• Linode
• ...
Wednesday, November 17, 2010
21. Your Mom’s Basement
• Or your office.
• You don’t find sleep essential, do you?
• (No, really, this is fantastic if you have
a large team & money to build
out...but as an indie, you are likely to
have neither)
Wednesday, November 17, 2010
22. Considerations
• What’s your preferred language & OS?
Write and work with what you know!
• How much responsibility/flexibility/
portability do you want/need to have?
• What’s your budget? GAE & AWS have
free tiers to give you a taste & likely
have enough horsepower to start with.
Wednesday, November 17, 2010
23. My advice:
Go with what you
know & feel
comfortable with
Wednesday, November 17, 2010
24. We chose Amazon Web
Services
• Quick & flexible & full of building
blocks:
• Load balancers
• Hosted MySQL & SimpleDB
• Multiple availability zones
• Lots of h/w & memory configs
• S3 redundant storage
Wednesday, November 17, 2010
25. And...
• Great APIs: Command line tools & lots
of libraries
• Can script anything or integrate w/
web app
• Can do some management tasks
from phone
• Huge user community - many ways
to obtain support
Wednesday, November 17, 2010
26. Also...
• Quick & simple to prototype system
architecture
• Easy to bring up identical-to-
production test beds with same
configuration as production - but with
discrete & separate security grouping
• Published Service Level Agreement
and Security Practices documentation
Wednesday, November 17, 2010
27. Cons
• Handle scaling (& everything else)
yourself - just because your app is “in
the cloud,” doesn’t mean it
automatically scales
• Harder to set up, pre-built machine
images available, but still need to
customize/secure
• Instances are ephemeral (but I like this because
of the way it forces you to architect)
Wednesday, November 17, 2010
29. A note on scaling early
• Be prepared to do it
• Know it’s coming if you’re successful
and architect/code with the
understanding that you’re the guy/gal
who’s going to have to make it work
when it comes
• Don’t overarchitect early on
• Slow, hypeless ramp-up & predictable
viral growth can help here
Wednesday, November 17, 2010
30. Cool! We have a Enterprise-Grade(TM)
horizontal webscale scaling solution!
Uh, it’s getting
corrupted every
12 hours.
SHUT
DOWN
EVERYTHING
Wednesday, November 17, 2010
31. Build with security in
mind
• Develop & build your custom software
with security in mind
• You know what anomalous behavior
is/can be
• Put on the adversary’s hat - what
could they do? What’s the worst
outcome? Is it worth building in
protection for certain scenarios?
Wednesday, November 17, 2010
33. • Single Linux-based
machine image we
use to build
everything on top of
• Document changes
for future migrations
(I ♥script)s
• On deployment, bolt-
on the pieces we need
& config changes
• If a host goes down,
we can bring up an
identical host in
known state in
minutes, swap out
their IPs and run the
post-mortem once
we’ve normalized
Voltron Core
Wednesday, November 17, 2010
34. • Essential logs & configuration files
periodically stored on S3
• Rotate logs frequently, especially as
you grow
• Don’t store passwords or keys in
configs, populate these on deploy (I
abuse sed, you may use something
more elegant)
Wednesday, November 17, 2010
38. Ready to setup our new domain name?
Hey, do CNAMEs
have a “.” at the
end?
D’OH!
Let’s wait 2
hours for it to
expire...
Wednesday, November 17, 2010
39. Find your possible points of failure
(rusty robot joints)
• DNS - if your hostname doesn’t
resolve, your app can’t get home
• Are backups working?
• Storage and/or database - what
happens when/if they go away?
• DDoS (intentional or not...)
Wednesday, November 17, 2010
40. • Deal with small amounts of failure
gracefully (cache, limited
functionality)
• Don’t put your web server &
application server components on the
same *anything*
Wednesday, November 17, 2010
41. But you will, without a doubt, run into a
‘flesh wound’ issue
Wednesday, November 17, 2010
42. How you handle it is
pivotal
Wednesday, November 17, 2010
43. The database is bogged down. I think this
one feature is causing it.
Does anyone even
know we have that
feature?
That feature’s
GONE!
Wednesday, November 17, 2010
44. • Twitter
• Facebook
• Respond to customer support emails
(have cut & pastable friendly
response - small team has no time for
personal emails in crisis)
• You may feel like it’s the end of the
world, but this, too, shall pass
Customer
Communication == Key
Wednesday, November 17, 2010
45. Hey, guys, Justin Bieber just announced
he’s using us on Twitter!
Cool. Who’s that?
Gah! Server’s
melted! Users
revolt!
Wednesday, November 17, 2010
46. Helpful tip for high-
traffic systems
• If you’re looking to max out
connections on a single Linux-based
system, think about:
• Memory & file handles (see also:
ulimit tweaking)
• Connection tracking as relates to
memory (look up netfilter/tcp stack
tweaking)
Wednesday, November 17, 2010
48. Yes, security is your
problem
• If you are storing users personal
information, you are subject to laws
and regulations in the US, specific
states, and foreign countries
• Many jurisdictions define personal
information differently
• Most regulations require a written
policy and best practices for security
Wednesday, November 17, 2010
49. So what’s best practices?
• Secure your perimeter
• Secure your services
• Detect, alert on, and block suspicious
activity
• Protect your users and encrypt user
information in transit and at rest
• Have written policies and plans
Wednesday, November 17, 2010
50. Secure Your Perimeter
• AWS has (at least) two walls
• One is its “security group” context
• One is your image’s local firewall
• Block everything by default, open only
the ports you need
• No root login
• Passwordless login only (use key
pairs)
Wednesday, November 17, 2010
51. Secure your services
• Services should not run as root (for
ex., www-data for apache2)
• Service usernames should not have
shell login access
• Monitor for security vulnerabilities &
upgrade when needed
• Build security into custom software
Wednesday, November 17, 2010
52. For host-based intrusion detection - I
love OSSEC:
• Quick & easy, lightweight, Open
Source, free
• Alerts on logs - extensive default
ruleset but can customize alerting
for your specific app
• Daily Tripwire & rootkit checks
• Active response: can block IPs on
suspicious behavior
Detect & Alert
Wednesday, November 17, 2010
53. • If you need to store user
information, encrypt in transit and
at rest
• If you need data from your systems
locally, use encryption end-to-end --
down to encrypting your drive
• Use SSL in the great wide world, it’s
not that hard!
Protect Your Users
Wednesday, November 17, 2010
54. Why use SSL?
• Protects your users from sending
personal data over the Internet in the
clear
• Protects you from neophyte reverse
engineers
Wednesday, November 17, 2010
55. On Using SSL
• EC2 Load Balancer now allows SSL
termination - https to the LB, http
inside data center
• Small & bootstrapped like us? Use
StartSSL - free certs. Go to someone
like DigiCert for nifty wildcard certs
once you’ve got the resources.
Wednesday, November 17, 2010
56. The CCATS Issue
• These guys rule: http://www.zetetic.net/
blog/2009/08/03/mass-market-encryption-
commodity-classification-for-iphone-
applications-in-8-easy-steps/
• Can deploy to US & Canada
immediately, then expand reach after
approval
• Took us just over a month to obtain
• Check w/Apple first; may not be
required anymore.
Wednesday, November 17, 2010
57. User Passwords
• Many users will use the same
password for everything--banks &
FourSquare.
• There’s nothing you can do about it.
• Databases full of email addresses and
passwords are attractive targets for
this reason
Wednesday, November 17, 2010
58. Don’t be an attractive target...don’t
make personal information necessary
to use the service, if at all possible
Wednesday, November 17, 2010
59. Allow mechanisms for users to update
or clear their information at any time
without your intervention
Wednesday, November 17, 2010
60. Whenever possible, educate users about
protecting their privacy (this leads to
all good - more educated users, fewer
complaints, more trust, more goodwill,
more/happier users!)
Wednesday, November 17, 2010
61. • Have a policy for purging data/
accounts/etc. that you don’t need and
follow it
• Automate this or build it into the app
if you can
• Have a written policy for data
breaches and intrusions
• Write down instructions for yourself--
this’ll keep you sane if you ever have a
real breach or a false alarm
Wednesday, November 17, 2010
62. • Keep a list of the services you use, one
quick & dirty thing to do is scrape
vulnerability feeds like feed://
nvd.nist.gov/download/nvd-rss.xml
for your service names
• When security issues are reported
and new versions released, patch out
of band, test, replace (pretty easy to
do with EC2!)
Wednesday, November 17, 2010
63. Your users & piece of
mind are totally
worth it!
This will save you
time & sanity in the
long run
Wednesday, November 17, 2010
65. Planning Maintenance
• If you can, use a load balancer and
switch out backend servers
• Have backup systems in working state
for fall-back
• Track usage statistics throughout
your app’s lifetime - schedule
maintenance for “slowest” time period
Wednesday, November 17, 2010
66. 00 02 04 06 08 10 12 14 16 18 20 22
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
The User Rollercoaster
(# connections/hour, GMT)
Sunday, 11:00
GMT it is, then.
Wednesday, November 17, 2010
67. Keep a Calendar
• Keep a calendar of important dates:
• Developer certificate expirations
• SSL certificate expiration
• APNS certificate expiration
• Domain name registry expiration
Wednesday, November 17, 2010
68. Monitor Uptime
• Check out Pingdom - set thresholds to
be alerted when servers are slow or
inaccessible
• Configure OSSEC to alert on
conditions that precipitate an “issue”
• Set alerts or automated account
recharges for *everything* that could
block app functionality
• Make sure someone’s always
accessible
Wednesday, November 17, 2010
69. Hey, the server’s down. Where are you
guys?
I’m on a BOAT!
I’m on a
PLANE, yo!
Wednesday, November 17, 2010
73. Managing on the Run
• Phone SSH client (CommandBot on
Droid, iSSH on iPhone)
• EC2 Management client (Decaf on
Droid, iAWSManager on iPhone)
• Separate Support Account email setup
on phone
• Notepad app with customer support
FAQ answers
Wednesday, November 17, 2010
74. Other lifesavers on the
run
• Reliable 3G service
• Mobile broadband card and/or
tethering setup
• Netbook or small laptop
Wednesday, November 17, 2010
75. Summary
• On hosting: Go with what you know
• Architect with failure & future scaling
issues in mind
• Lock it down: Keep your data & your
users safe
• Monitoring & maintenance: Make
your systems work for you
• Good luck! You can do it!
Wednesday, November 17, 2010