This document provides tips for keeping a Plone site lean and optimized for small budgets and resources. Some key recommendations include reducing unnecessary content types and products, following standards, isolating complexity, prioritizing memory for hardware, using caching services like Cloudflare, and protecting against malicious bots and crawlers. The overall message is that a simple, flexible design focused on essentials can keep a Plone site performing well even with limited funds.
talk on Plone documentation, Plone Open Garden 2014. Sorry for no/bad layout, it was using hovercraft (prezi-style) before and this is printed via mozilla...
/dev/fort: you can build it in a week @emwJames Aylett
Imagine a place with no distractions – no IM, no Twitter, in fact no internet access at all. Within, a dozen or more developers, designers, thinkers and doers. And a lot of a food. Now imagine that place is a fort. I talk about why anyone would want to go on holiday to do their day job, the bits of the internet we had to rebuild to work without the internet, and some tips you can use even when you don't have a fort.
talk on Plone documentation, Plone Open Garden 2014. Sorry for no/bad layout, it was using hovercraft (prezi-style) before and this is printed via mozilla...
/dev/fort: you can build it in a week @emwJames Aylett
Imagine a place with no distractions – no IM, no Twitter, in fact no internet access at all. Within, a dozen or more developers, designers, thinkers and doers. And a lot of a food. Now imagine that place is a fort. I talk about why anyone would want to go on holiday to do their day job, the bits of the internet we had to rebuild to work without the internet, and some tips you can use even when you don't have a fort.
My talk at the @media Ajax conference in London in November 2007 about the non-technical steps you can take to make JavaScript and Ajax work for larger teams.
Can we write successful enterprise software without challenging assumptions? Agile doesn't happen in a vacuum. Here's what I discovered using EventStorming as a blade to cut through business, software and organisation dysfunctions. From XP2017 Cologne.
Codemash 2.0.1.4: Tech Trends and Pwning Your Pwn CareerKevin Davis
Discussion about the sessions I attended at Codemash 2.0.1.4 with personal interpretations. Also, some of the softer stuff, I'm teeing up a new discussion called "Pwning Your Pwn Career: Nobody Pwes You Anything"
When you're starting or running a company, how do you choose technology? The prevailing advice du jour is something along the lines of "use the best tool for the job." This is obviously right, but it is also devoid of meaning in an unfortunate way that lets people define "best" and "job" as myopically as they like.
There's an old joke that goes, “The two hardest things in programming are cache invalidation, naming things, and off-by-one errors.” In this talk, we'll discuss the subtle art of naming things – a practice we do every day but rarely talk about.
A production of software stacks is an important part of a healthy software ecosystem. This talk is about most advanced open technology for the software stacks creation and validation, provided by Apache BigTop (incubating). I am going to discuss the advantages of the project, challenges our project and community is facing, and future plans.
Presenter: Konstantin Boudnik, PhD
Graham Thomas - 10 Great but Now Overlooked Tools - EuroSTAR 2012TEST Huddle
EuroSTAR Software Testing Conference 2012 presentation on 10 Great but Now Overlooked Tools by Graham Thomas. See more at: http://conference.eurostarsoftwaretesting.com/past-presentations/
Rethinking Object Orientation - By Kathleen Dollard
Decades after object orientation design altered programming, it’s still evolving, and we’re still learning to use it better. Many changes in the tools we use and how we write applications affect the approach we take to OOD. Some of these changes relate to architecture where approaches like SOA and the layering revolution behind Silverlight alter the place of traditional OOD within the bigger picture of architecture. Other changes are language improvements that alter the very meaning of the phrase “object” from a design point of view. Language features that alter our implementation of logical objects include generics, extension methods, delegates/lambda expressions, partial classes/methods, reflection, anonymous types, and declarative programming.
We’ll also explore the growing role of interfaces as a contractual base in composable applications and explore differences between traditional applications and ecosystem empowering applications. I’m really excited to give this talk to a group with diverse skillsets! Come ready for multi-way conversations because I want to learn from you.
A small story about Open Source projects' specificities. This presentation has been designed for non technical profiles with no previous experience in Open Source projects
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
My talk at the @media Ajax conference in London in November 2007 about the non-technical steps you can take to make JavaScript and Ajax work for larger teams.
Can we write successful enterprise software without challenging assumptions? Agile doesn't happen in a vacuum. Here's what I discovered using EventStorming as a blade to cut through business, software and organisation dysfunctions. From XP2017 Cologne.
Codemash 2.0.1.4: Tech Trends and Pwning Your Pwn CareerKevin Davis
Discussion about the sessions I attended at Codemash 2.0.1.4 with personal interpretations. Also, some of the softer stuff, I'm teeing up a new discussion called "Pwning Your Pwn Career: Nobody Pwes You Anything"
When you're starting or running a company, how do you choose technology? The prevailing advice du jour is something along the lines of "use the best tool for the job." This is obviously right, but it is also devoid of meaning in an unfortunate way that lets people define "best" and "job" as myopically as they like.
There's an old joke that goes, “The two hardest things in programming are cache invalidation, naming things, and off-by-one errors.” In this talk, we'll discuss the subtle art of naming things – a practice we do every day but rarely talk about.
A production of software stacks is an important part of a healthy software ecosystem. This talk is about most advanced open technology for the software stacks creation and validation, provided by Apache BigTop (incubating). I am going to discuss the advantages of the project, challenges our project and community is facing, and future plans.
Presenter: Konstantin Boudnik, PhD
Graham Thomas - 10 Great but Now Overlooked Tools - EuroSTAR 2012TEST Huddle
EuroSTAR Software Testing Conference 2012 presentation on 10 Great but Now Overlooked Tools by Graham Thomas. See more at: http://conference.eurostarsoftwaretesting.com/past-presentations/
Rethinking Object Orientation - By Kathleen Dollard
Decades after object orientation design altered programming, it’s still evolving, and we’re still learning to use it better. Many changes in the tools we use and how we write applications affect the approach we take to OOD. Some of these changes relate to architecture where approaches like SOA and the layering revolution behind Silverlight alter the place of traditional OOD within the bigger picture of architecture. Other changes are language improvements that alter the very meaning of the phrase “object” from a design point of view. Language features that alter our implementation of logical objects include generics, extension methods, delegates/lambda expressions, partial classes/methods, reflection, anonymous types, and declarative programming.
We’ll also explore the growing role of interfaces as a contractual base in composable applications and explore differences between traditional applications and ecosystem empowering applications. I’m really excited to give this talk to a group with diverse skillsets! Come ready for multi-way conversations because I want to learn from you.
A small story about Open Source projects' specificities. This presentation has been designed for non technical profiles with no previous experience in Open Source projects
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
2. Plone can do it all...
It's the 800 pound gorilla of CMS's
Enterprise.
Heavy duty.
And all that jazz...
But...
3. Plone can do it all...
It's the 800 pound gorilla of CMS's
Enterprise.
Heavy duty.
And all that jazz...
But...
sometimes, too much
of a good thing can be,
well, too much!
5. Your mission, should you choose
to accept it...
Fight the flab
Resist the urge to supersize
Plan for the long run
You don't need dodgy diets, wonderpills or an expensive
personal trainer / consultant, just a clear purpose
Remember, staying fit & lean is a process, not a product
7. Reduce, Re-use, Recycle (cont.)
Biggest #fail factor is overdesign.
If your plan is more than 2-3 pages, it probably sucks.
And, it will be outdated next year anyway...
“Just because I can” is not enough justification
for content-types, products or anything else.
8.
9. Reduce, Re-use, Recycle (cont.)
Try to maintain a 'one in – one out' policy on addons
Reduce the content-types
(“News” is just a page with a picture, after all...)
Metadata rules!
As do “Topics”.
Together, they can order most of your content just fine.
10. Recycle bright ideas as well...
There's no shame in using external services. People like Disqus
probably know more about spam-reduction than you, Cloudflare
was born to fight the Slashdot effect.
It's very human to think your organisation is special,
and therefore needs a special navigation and site layout.
You're not. You don't.
Sorry.
“Don't make me think”
11. KISS
Avoid the greatest
& latest framework.
Quite often,
the word 'web-app'
is a codeword for 'frozen in time'. Or 'constant tinkering'.
It can be a step back to that whole 'customized CMS' nightmare.
If your site needs to stay and adapt for a few years,
you should probably be behind the bleeding edge.
It's called that for a reason.
12. Plan sensibly, not frugal
Will your navigation
hold up to hundres of items?
That's why metadata,
and nice ways of searching
like eea.facetedsearch shine...
13. Yeah, yeah, Fashion baby...
Learn to think of
the design of your
site in fashion terms.
Yes, that's the famous
Little Black Dress
14. Haute Couture & Extravaganza
There are only a handful of people on this planet that can get
away with dressing like Lady Gaga.
You're probably not one of them.
Plus, she has 15+ stylists available on a 24/7 basis.
The odds are, you don't
16. So, the Little Black Dress it is.
Most women, and quite a few men, will look stylish in it.
Weddings, bar-mitzva's, funerals, or just a regular night,
be confident that you're dressed for the occasion.
Boring? That's why accessories were invented!
17. Now, re-phrase that in CSS
Start with a clear & clean design. Your visitors and users probably
want to see your content, eventually...
Navigation is not fashion, it's function.
Think of it as wearing sensible shoes.
Fonts, on the other hand, are your sunglasses & handbags.
As are some well-placed js effects.
A few bold statements work better than that Carmen Miranda
look. For the uninitiated, that's the whole fruitbowl on your head.
18. Sideline: fashion disasters...
Stuck with a designer that has only done paper?
Be afraid, be very afraid.
Remedy: show the design on a crappy phone to your boss.
Design is like make-up; it should come off gracefully.
(remember that douche-cartouche/trampstamp that
seemed like such a good idea when you were drunk in Thailand...
now think of Flash intro-pages...)
19. Picking Products
Probably the most demanding task a Plonista faces...
Use a set of criteria to pick the right ones, that go further than
technical stuff like unit-tests.
Although these are Good Things (TM), they're not enough.
Before you start, first figure out what problem the Product is
supposed to solve. In 140 characters, please.
20. Social Testing
Documentation. As in, human-readable documentation.
There's a special place in hell for doctest-only docs.
Doctests are, at best, tests. They're not documentation.
If the author can't describe what it does, why should you care?
Well-filled issue tracker. Issues are good. It means other people
use the product. If they get solved quickly, even better.
Get gmane or similar, and check how responsive the author is on
the mailing lists. Gauge reputation.
21. Garlic & Silver
(or, signs that scream: “avoid!”)
The un-install test. On a full test-site, not a clean buildout.
If it doesn't un-install
cleanly, you're on a highway
to upgrade hell.
Do try after adding a few
content items as well
Re-inventing wheels.
They're round, baby!
22. More Garlic & Silver
Not sticking to established industry standards. Yes, the
author may be smarter than the IPTC consortium.
But clout always wins.
Kitchensink Syndrome.
Remember, *nix is good. Small tools for specific jobs.
No i18n. Yes, even if you're from the Anglosaxon world, this is a
bad sign.
Big stacks. They tend to come crashing down harder.
23. I can haz complexity?
Yes, you can. I love Plomino, SQL, ...
The key, however, is to isolate it.
And, double-check those social tests.
“Too big to fail” is a definite plus
in this case!
If all else fails, you can magically rewrite to another instance.
24. Splurge on the Good Stuff!
The wonder of Open Source gives you access to professional tools.
Might as well use them.
Think LDAP. It might sound like overkill, but I use it in sites
with <20 users. And thank myself regularly for it.
Even if you're the sole integrator/developer, keep your stuff in a
repository. Choose your favourite, but do it. That goes for CSS
files, buildout configs, notes to yourself, the lot. Your future you,
or your successor, will be eternally grateful.
25. Maintenance
Do tick-tock buildouts.
That is, have two exact copies of your site. Update the one, test
on humans, then switch the portnumber or symbolic link over.
Then update the other one.
I can guarantee you that pypi will be down otherwise.
And it will put a red sock in your white laundry.
Diskspace is cheap, your sanity... priceless.
26. Deploying on a budget
You will have to learn some basic *nix skills. Nothing fancy, but a
few choice commands can save your day.
Even for small sites, go for ZEO. One ZEO server, one client will
work fine. Zeopack alone is worth it.
Learn to rewrite to canonical URL's. Google will thank you.
My best results: one system-wide NGINX, one system-wide
Varnish, many sites. Consider using system packages.
27. Deploying on a budget (cont.)
It can be done, Plone runs quite well on budget hardware.
Throw all of your limited resources on memory, the processor is
hardly relevant anymore. Aim for 4gig, that'll do quite a few Plone
sites nicely. More is better. Fast HD a bonus.
Don't go for 99.999 % uptime. If that's what you want, ask for
more budget. Cron that restart!
Most sites are brought down not by visitors, but by....
29. Defend against the robocalypse
Get access to raw logfiles. Piwik and Google Analytics are nice, but
they will only see this kind of visitor:
You know, the kind with Javascript
enabled, the kind that
brush their teeth.
They are not your problem.
30. The evil ones
First, get a sensible robots.txt in place that limits access rate, and
do the Google dance to restrict endless links to different
translations and stuff. Google has many options for taming their
bot, although they're non-standard.
Then there's these robots:
They don't listen to robots.txt
So, do what any robot would do:
31. Exterminate !!!
nginx code snippet:
# Dalek attacks - must exterminate (case insensitive)
# The ~* makes it case insensitive as opposed to just a ~
if ($http_user_agent ~* (Baiduspider|Jullo|Yanga|
Yandex|BLP_bbot|ConveraCrawler) ) {
return 403;
}
32. Still in trouble?
Hardware, even leased , is cheap. Throw some more at the
problem. Look outside your national borders. Or, to a place with
fast fibre-to-the-home. Don't go cloud, it gets expensive!
You might want to consider outsourcing your caching even
further.
Look at Cloudflare. It's free, and quite capable.
33. Almost there...
So, with strict planning, a restrained diet and a mind firmly set on
keeping your site from ballooning, a lean, fast, update-proof site
is in the reach of even small, resource-challenged organisations.
All for the new, low price of... next to nothing.
Great! Free cake for all!
But is that right?
34. Does all this make me a bad person?
Yes, it kind of does.
Many times, smallish NGO's
can be the client from hell...
Embrace it. Smaller organisations
can, and do grow. And the
people working there move
on. One day, you may be
a valuable customer.
35. Give back where you can
Bug reports are cool!
Maybe you can help translating, or write documentation.
But, take the time to learn mailing list etiquette, and the rules for
valuable bug reports.
“What would Ajung say” is a very good mind-check!
36. TL;DR?
- cut back on the Product & content-type carbs. Less is more.
- plan flexible. Upgrades, policy reshuffles will occur.
- design should be simple & elegant, spruce up with fonts
- learn to spot good products. Test for tech & social status.
- isolate complexity
- deploy towards max memory, maybe outsource caching
- robots are evil
KTHXBYE!