Tsunami of Technologies. Are we prepared?
Slide from workshop with open source community in Malaysia.
"Bengkel Bersama Komuniti Sumber Terbuka Bilangan 1 Tahun 2020" in De Baron Resort, Langkawi, Kedah, Malaysia
Faster and Easier Software Development using Docker Platformmsyukor
Faster and Easier Software Development using Docker Platform presentation for Workshop with Open Source Community 1/2019 organized by MAMPU Malaysia under project Open Source Development and Capabilities Program (OSDeC) for Public Sector in Malaysia on January 29, 2019 at Port Dickson, Negeri Sembilan, Malaysia.
How Secure Is Your Container? ContainerCon Berlin 2016Phil Estes
A conference talk at ContainerCon Europe in Berlin, Germany, given on October 5th, 2016. This is a slightly modified version of my talk first used at Docker London in July 2016.
Rooting Out Root: User namespaces in DockerPhil Estes
This talk on the progress to bring user namespace support into Docker was presented by Phil Estes at LinuxCon/ContainerCon 2015 on Wednesday, Aug. 19th, 2015
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
A Docker security talk that Salman Baset and Phil Estes presented at the Tokyo OpenStack Summit on October 29th, 2015. In this talk we provided an overview of the security constraints available to Docker cloud operators and users and then walked through a "lessons learned" from experiences operating IBM's public Bluemix container cloud based on Docker container technology.
Faster and Easier Software Development using Docker Platformmsyukor
Faster and Easier Software Development using Docker Platform presentation for Workshop with Open Source Community 1/2019 organized by MAMPU Malaysia under project Open Source Development and Capabilities Program (OSDeC) for Public Sector in Malaysia on January 29, 2019 at Port Dickson, Negeri Sembilan, Malaysia.
How Secure Is Your Container? ContainerCon Berlin 2016Phil Estes
A conference talk at ContainerCon Europe in Berlin, Germany, given on October 5th, 2016. This is a slightly modified version of my talk first used at Docker London in July 2016.
Rooting Out Root: User namespaces in DockerPhil Estes
This talk on the progress to bring user namespace support into Docker was presented by Phil Estes at LinuxCon/ContainerCon 2015 on Wednesday, Aug. 19th, 2015
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
A Docker security talk that Salman Baset and Phil Estes presented at the Tokyo OpenStack Summit on October 29th, 2015. In this talk we provided an overview of the security constraints available to Docker cloud operators and users and then walked through a "lessons learned" from experiences operating IBM's public Bluemix container cloud based on Docker container technology.
Introduction to docker. Docker is open source framework that provides "container virtualization". This does not need hypervisor rather works directly with Kernel. It needs x64 Linux and kernel 3.8+ to provide virtualization
Container Security: How We Got Here and Where We're GoingPhil Estes
A talk given on Wednesday, Nov. 16th at DefragCon (DefragX) on a historical perspective on container security with a look to where we're going in the future.
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...Edureka!
This DevOps Docker Tutorial on what is docker ( Docker Tutorial Blog Series: https://goo.gl/32kupf ) will help you understand how to use Docker Hub, Docker Images, Docker Container & Docker Compose. This tutorial explains Docker's working Architecture and Docker Engine in detail. This Docker tutorial also includes a Hands-On session around Docker by the end of which you will learn to pull a centos Docker Image and spin your own Docker Container. You will also see how to launch multiple docker containers using Docker Compose. Finally, it will also tell you the role Docker plays in the DevOps life-cycle.
The Hands-On session is performed on an Ubuntu-64bit machine in which Docker is installed.
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...Jérôme Petazzoni
Docker, the container Engine and Platform, is coming to Oracle Solaris! This is the talk that Jérôme Petazzoni (Docker) and Jesse Butler (Oracle) gave at Oracle Open World in November 2015.
Docker allows you to package, distribute and run a piece of software, including everything it needs to run: code, runtime, tools, libraries – anything you can install on a server. This guarantees that it will run and behave the same on any environment.
We will be showcasing the following Docker tools and features: Docker Engine, Docker Registry, Docker Compose, Docker Machine, Docker Swarm, Docker Networking
Next to introducing you to these tools, Tom Verelst will also be covering the following topics: Containerisation, Immutable Infrastructure, Docker Orchestration, Continuous Integration with Docker
Presentation sources: https://github.com/tomverelst/docker-presentation
Youtube video: https://www.youtube.com/watch?v=heBI7oQvHZU
A brief introduction to Docker Container technology done at Gurgaon Docker Container Meetup on 30-Jan-2016.
Includes command to launch a simple 2 container linked application that hosts a Etherlite web application.
Slides from my DockerCon EU 2017 Talk.
Find the abstract below:
"In this talk, we'll discover how Docker comes to the rescue of the Ops Team, while rebuilding from scratch our monitoring infrastructure. We'll start by quickly describing the challenges, to focus on why and how using docker saved the project. From fixing dependencies and isolation issues, implementing rolling upgrades and new features hot addition, to building a completely modular, scalable and resilient infrastructure, we'll talk about why CI/CD workflows, docker tooling and Docker Swarm were the key to success."
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...Patrick Chanezon
In two years, Docker hit the sweet spot for devs and ops, with tools for building, shipping, and running distributed apps architected as a set of collaborating microservices packaged as Linux containers. One area of the Docker ecosystem that saw a lot of innovation in the past year is container orchestration systems. This session compares and contrasts various Docker orchestration systems (Swarm, Machine, and Compose), the batteries included with Docker itself, Mesos, Kubernetes, CoreOS/Fleet, Deis, Cloud Foundry, and Tutum. It includes a demo of how to deploy a Java 8 app with MongoDB on several of these systems. The goal of the session is to give you a framework to help evaluate how these systems can meet your particular requirements.
Demo code at https://github.com/chanezon/docker-tips/blob/master/orchestration-networking/README.md
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
With the announcement of the OCI by Solomon Hykes at last summer's DockerCon, a Docker-contributed reference implementation of the OCI spec, called runC, was born. While some of you may have tried runC or have a history of poking at the OS layer integration library to Linux namespaces, cgroups and the like (known as libcontainer), many of you may not know what runC offers. In this talk Phil Estes, Docker engine maintainer who has also contributed to libcontainer and runC, will show what's possible using runC as a lightweight and fast runtime environment to experiment with lower-level features of the container runtime. Phil will introduce a conversion tool called "riddler", which can inspect and convert container configurations from Docker into the proper OCI configuration bundle for easy conversion between the two environments. He'll also demonstrate how to make custom configurations for trying out security features like user namespaces and seccomp profiles.
WSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App FactoryWSO2
Containerization is now becoming the most efficient way of developing and deploying software solutions in the cloud. It provides means of running applications with less resource usage, fast startup times, portability across machines, lightweight & layered container images, container image registries, multi-tenancy and many more additional advantages. Docker embraced this space by fulfilling the above requirements and attracting the industry within a very short period of time. Google solved container cluster management features by initiating the Kubernetes project over a decade of experience on running container technologies at scale. Now Kubernetes is in the process of adding more advanced PaaS features such as autoscaling, multicloud or region deployments and composite application model with best of breed ideas and practices from the community.
WSO2 App Factory and WSO2 App Cloud are application Platform as a Service (aPaaS) that provide application development and hosting deployed through these technologies. In this tutorial we will demonstrate how WSO2 products can be run on Kubernetes and the latest WSO2 App Cloud features.
A talk given at Docker London on Wednesday, July 20th, 2016. This talk is a fast-paced overview of the potential threats faced when containerizing applications, married to a quick run-through of the "security toolbox" available in the Docker engine via Linux kernel capabilities and features enabled by OCI's libcontainer/runc and Docker.
A video recording of this talk is available here: https://skillsmatter.com/skillscasts/8551-container-security
Introduction to docker. Docker is open source framework that provides "container virtualization". This does not need hypervisor rather works directly with Kernel. It needs x64 Linux and kernel 3.8+ to provide virtualization
Container Security: How We Got Here and Where We're GoingPhil Estes
A talk given on Wednesday, Nov. 16th at DefragCon (DefragX) on a historical perspective on container security with a look to where we're going in the future.
What is Docker | Docker Tutorial for Beginners | Docker Container | DevOps To...Edureka!
This DevOps Docker Tutorial on what is docker ( Docker Tutorial Blog Series: https://goo.gl/32kupf ) will help you understand how to use Docker Hub, Docker Images, Docker Container & Docker Compose. This tutorial explains Docker's working Architecture and Docker Engine in detail. This Docker tutorial also includes a Hands-On session around Docker by the end of which you will learn to pull a centos Docker Image and spin your own Docker Container. You will also see how to launch multiple docker containers using Docker Compose. Finally, it will also tell you the role Docker plays in the DevOps life-cycle.
The Hands-On session is performed on an Ubuntu-64bit machine in which Docker is installed.
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...Jérôme Petazzoni
Docker, the container Engine and Platform, is coming to Oracle Solaris! This is the talk that Jérôme Petazzoni (Docker) and Jesse Butler (Oracle) gave at Oracle Open World in November 2015.
Docker allows you to package, distribute and run a piece of software, including everything it needs to run: code, runtime, tools, libraries – anything you can install on a server. This guarantees that it will run and behave the same on any environment.
We will be showcasing the following Docker tools and features: Docker Engine, Docker Registry, Docker Compose, Docker Machine, Docker Swarm, Docker Networking
Next to introducing you to these tools, Tom Verelst will also be covering the following topics: Containerisation, Immutable Infrastructure, Docker Orchestration, Continuous Integration with Docker
Presentation sources: https://github.com/tomverelst/docker-presentation
Youtube video: https://www.youtube.com/watch?v=heBI7oQvHZU
A brief introduction to Docker Container technology done at Gurgaon Docker Container Meetup on 30-Jan-2016.
Includes command to launch a simple 2 container linked application that hosts a Etherlite web application.
Slides from my DockerCon EU 2017 Talk.
Find the abstract below:
"In this talk, we'll discover how Docker comes to the rescue of the Ops Team, while rebuilding from scratch our monitoring infrastructure. We'll start by quickly describing the challenges, to focus on why and how using docker saved the project. From fixing dependencies and isolation issues, implementing rolling upgrades and new features hot addition, to building a completely modular, scalable and resilient infrastructure, we'll talk about why CI/CD workflows, docker tooling and Docker Swarm were the key to success."
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...Patrick Chanezon
In two years, Docker hit the sweet spot for devs and ops, with tools for building, shipping, and running distributed apps architected as a set of collaborating microservices packaged as Linux containers. One area of the Docker ecosystem that saw a lot of innovation in the past year is container orchestration systems. This session compares and contrasts various Docker orchestration systems (Swarm, Machine, and Compose), the batteries included with Docker itself, Mesos, Kubernetes, CoreOS/Fleet, Deis, Cloud Foundry, and Tutum. It includes a demo of how to deploy a Java 8 app with MongoDB on several of these systems. The goal of the session is to give you a framework to help evaluate how these systems can meet your particular requirements.
Demo code at https://github.com/chanezon/docker-tips/blob/master/orchestration-networking/README.md
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
With the announcement of the OCI by Solomon Hykes at last summer's DockerCon, a Docker-contributed reference implementation of the OCI spec, called runC, was born. While some of you may have tried runC or have a history of poking at the OS layer integration library to Linux namespaces, cgroups and the like (known as libcontainer), many of you may not know what runC offers. In this talk Phil Estes, Docker engine maintainer who has also contributed to libcontainer and runC, will show what's possible using runC as a lightweight and fast runtime environment to experiment with lower-level features of the container runtime. Phil will introduce a conversion tool called "riddler", which can inspect and convert container configurations from Docker into the proper OCI configuration bundle for easy conversion between the two environments. He'll also demonstrate how to make custom configurations for trying out security features like user namespaces and seccomp profiles.
WSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App FactoryWSO2
Containerization is now becoming the most efficient way of developing and deploying software solutions in the cloud. It provides means of running applications with less resource usage, fast startup times, portability across machines, lightweight & layered container images, container image registries, multi-tenancy and many more additional advantages. Docker embraced this space by fulfilling the above requirements and attracting the industry within a very short period of time. Google solved container cluster management features by initiating the Kubernetes project over a decade of experience on running container technologies at scale. Now Kubernetes is in the process of adding more advanced PaaS features such as autoscaling, multicloud or region deployments and composite application model with best of breed ideas and practices from the community.
WSO2 App Factory and WSO2 App Cloud are application Platform as a Service (aPaaS) that provide application development and hosting deployed through these technologies. In this tutorial we will demonstrate how WSO2 products can be run on Kubernetes and the latest WSO2 App Cloud features.
A talk given at Docker London on Wednesday, July 20th, 2016. This talk is a fast-paced overview of the potential threats faced when containerizing applications, married to a quick run-through of the "security toolbox" available in the Docker engine via Linux kernel capabilities and features enabled by OCI's libcontainer/runc and Docker.
A video recording of this talk is available here: https://skillsmatter.com/skillscasts/8551-container-security
OASIS: open source and open standards: internet of thingsJamie Clark
How FOSS projects and open ICT standards often interact in a virtuous cycle. Recent examples, and a list of IoT-relevant open standards projects at OASIS. Feb 2014
A Data Modelling Framework to Unify Cyber Security KnowledgeVaticle
Cyber security companies collect massive amounts of heterogenous data coming from a huge number of sources. These describe hundreds of different data types, such as vulnerabilities, observables, incidents, and malwares. While this data is highly complex (with many types of relations, type hierarchies, and rules), its structure doesn't significantly change between organisations. However, without a publicly available data model, organisations end up modelling the same data in different ways: in other words, reinventing the wheel, and wasting their resources. This modelling complexity makes scaling cyber security applications extremely difficult.
That's why efforts are underway to provide ready-made solutions for typical cyber security use cases which provide the flexibility to expand for specific requirement of individual setups. The combination of those efforts have created a lot of inter-related knowledge silos (e.g. CVE, CAPEC, CWE, CVSS, Cocoa, MITRE, VERIS, STIX, MAEC). To unify these silos, various ontologies have been proposed by researchers, with different levels of granularity - from specific use cases like defence exercises, to more comprehensive cases like the UCO project.
During this talk, you’ll learn about the OmnibusCyber Project, an open-source, ready-made solution that aggregates cyber security knowledge silos, based on TypeDB. TypeDB’s framework offers the expressivity, safety, and inference properties required to implement a knowledge graph without the complexity associated with the OWL/RDF semantic frameworks.
Malware's Most Wanted: Linux and Internet of Things MalwareCyphort
Marion Marschalek speaks about Linux and Internet of things Malware.
Occasionally we see samples coming out of our pipe which do not fit with the stream of malware, such as clickjackers, banking Trojans and spybots. These exotic creatures are dedicated to target platforms other than the Windows operating system. While they make up for a significantly smaller portion than the load of Windows malware, Cyphort labs has registered a rise in Linux and Internet of Things Malware (IoT) malware. A number of different families has been seen. But what is their level of sophistication and the associated risk? This webinar provides an overview of Linux and IoT malware that Cyphort labs has spotted in the wild and gives an insight into the development of these threats and the direction they are taking.
IoTWorld 2016 OSS Keynote Param Singh, Ian SkerrettParam Singh
Emergent Open Source IoT Ecosystem
There is a vibrant open source ecosystem developing around all layers of the IoT software stack. These technologies, when woven together, have the potential of propelling the Internet of things forward exponentially. Open source provides a trusted space where device vendors and software companies can reliably share components essential to interconnect the currently splintered IoT ecosystem.
Come see what is happening and how you can leverage open source IoT software right now.
Ian Skerrett, VP of Marketing, Eclipse Foundation
Param Singh, CEO, iotracks; IoT Advisor, City of San Francisco
https://iotworldevent.com/iot-open-source-summit/
This work is licensed under a Creative Commons Attribution 4.0 International License.
Understanding what is IoT security
What is the scope of IoT security
Uses of IoT and where do we see it in our daily life
Possible attack surface and likelihood of IoT-related attacks
IoT specific security assessment (understanding approach, IoT protocols, how it is a combination of different type assessments)
The myths of IoT security and the way it has progressed in past few years and how far fetched it can be.
Available Resources and Tools
Open Source Insight: Apache Struts Exploits, Cloudera IPO Risks & the Next Cy...Black Duck by Synopsys
Seven days into the cruelest month and the redesigned NVD already has 255 CVEs listed, including a slew of discovered vulnerabilities in various Huawei.
Dusun Gateway Hardware For Developer White Paper.pdfYongxiaoCheng
With the development of the Internet of Things industry, more and more industries adopt the Internet of Things technology to solve the pain points of the industry and meet the needs of the industry. IoT Gateway is the core component of the Internet of things, which plays the role of the bridge between the device and the cloud platform.
IoT gateway device by Dusun IoT is mainly used by IoT developers to quickly develop gateway hardware products. It has hardware openness and software open source. Gateway developers can do on-board development, system-driven development, and application layer development on the gateway to meet the needs of different types of developers. And the developer gateway adopts a modular design, with flexible assembly characteristics. Similar to the assembly of computers, developers choose their own configuration and requirements, developers and manufacturers can quickly assemble the finished gateway.
Challenges for Developers of IoT Solutions
Developers need suitable hardware platforms to meet different requirements, processing capabilities, interfaces, and runnable systems, which pose challenges for gateway developers.
Developers relative to their own familiar
development environment, will speed up
development, often hardware manufacturers do a system adaptation, which will increase the difficulty and time of development.
Protocol is the basis of gateway, gateway needs many built-in protocol stacks, and the migration of protocol stacks will be a challenge for developers.
Gateway application development involves the transplantation and adaptation of third-party software, which needs to be pre-adapted by gateway hardware manufacturers, which is a big challenge for hardware manufacturers.
Developers mainly focus on the development of technology. When the software is developed, it will take a long time to finish productization, which will greatly extend the PoC time and business model feasibility of the IoT solution.
Solutions for Developers of IoT Solutions
Build multi-dimensional, rich hardware platforms, MIPS, ARM, X86, NPU.
Hardware platform for a
variety of systems, Windows, Linux, OpenWRT, Debian, Buildroot, Android, etc.
Hardware platform for a
variety of systems, Windows, Linux, OpenWRT, Debian, Buildroot, Android, etc.
Hardware manufacturers
should adapt the third-party software and quickly iterate the SDK of the gateway.
Batch hardware products, and complete the wireless
authentication of the
product, the installation of
software can be mass
Production.
Dusun IoT Gateway Hardware for Developers
For different industries and different scenarios, different gateway processing chips are used, the main frequency is from 580MHz to 2GHz, the chip architecture is MIPS, ARM, X86, and the working environment level is from consumer to industrial to vehicle level. Computing power from 0.6Tops to 82Tops. It covers multiple wireless protocols, ZigBee, Z-Wave, Bluetooth, LoRaWAN, Wi-Fi, and supports 4G LTE, Ethernet, etc.
The Ultimate List of Opensource Software for #docker #decentralized #selfhost...Panagiotis Galinos
A list and description for interesting open source software for
#docker #decentralized #selfhosted #privacy #security
It has a description and an indicative image for each one.
Open Source Edge Computing Platforms - OverviewKrishna-Kumar
IEEE 11th International Conference - COMSNETS 2019 - Last MilesTalk - Jan 2019. This talk is for Beginner or intermediate levels only. Kubernetes and related edge platforms are discussed.
Watch this talk on YouTube: https://youtu.be/-3K74I7t7CQ
Securing the Software Supply Chain has become a focus of cybersecurity efforts the world over. One aspect of this is with the generation and verification of a Software Bill of Materials (SBOM). But what is an SBOM and how would you go about setting this up for your cloud native container/applications/pipeline?
The Flux team recently published a blog on this very topic and how they’ve gone about implementing these measures. During this session, Dan Luhring, OSS Engineering Manager at Anchore, will dive into SBOMs - what they are, why you need them, some common use cases and how to get your pipeline ready for SBOM generation and verification using the Flux SBOM as an example.
Resources
Anchore: A comprehensive, continuous security and compliance platform to protect your cloud-native applications.
Anchore’s OSS tools featured during this session:
- Syft: A CLI tool for generating a Software Bill of Materials (SBOM) from container images and file systems
- Grype: An easy-to-integrate open source vulnerability scanning tool for container images and file systems.
Speaker Bios:
Dan Luhring heads up OSS at Anchore, where he leads the software engineering team that develops Syft and Grype. Dan is drawn deeply into the cloud native security space, where he focuses on container workflows and developer experience. Dan believes in making software more secure by making life better for software engineers and security practitioners. Dan is a maintainer of Sigstore’s Cosign project, and he loves partnering with other people to find solutions to daunting challenges.
Priyanka (aka “Pinky”) is a Developer Experience Engineer at Weaveworks. She has worked on a multitude of topics including front end development, UI automation for testing and API development. Previously she was a software developer at State Farm where she was on the delivery engineering team working on GitOps enablement. She was instrumental in the multi-tenancy migration to utilize Flux for an internal Kubernetes offering. Outside of work, Priyanka enjoys hanging out with her husband and two rescue dogs as well as traveling around the globe.
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year.
Open Source Insight is your weekly news resource for open source security and cybersecurity news!
The Right Tools for IoT Developers – Dan Gross @ Eclipse IoT Day ThingMonk 2016Benjamin Cabé
Video available at: https://www.youtube.com/watch?v=P8Hk5Ir8fXo
Samsung has introduced the Samsung ARTIK IDE for IoT Developers. This new set of tools is based on Eclipse Che and is designed to make it easy to build, deploy and manage IoT applications. This presentation will demonstrate why creating the right tools for IoT developers make it quicker and easier for IoT application development.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Tsunami of Technologies. Are we prepared?
1. 1
TSUNAMI OF TECHNOLOGIES
ARE WE PREPARED?
FEBRUARY 3, 2020FEBRUARY 3, 2020FEBRUARY 3, 2020FEBRUARY 3, 2020
MOHD SYUKOR ABDULMOHD SYUKOR ABDULMOHD SYUKOR ABDULMOHD SYUKOR ABDUL
2. 2
AGENDA
Open SourceOpen Source
Hardware
Architecture
Hardware
Architecture
Post QuantumPost Quantum
2FA
Authentication
2FA
Authentication
Web TechsWeb Techs
Decentralized
Identity
Decentralized
Identity
Software
Development
Software
Development
Programming
Languages
Programming
Languages
Cross Platform
UI
Cross Platform
UI
Web
Framework
Web
Framework
Mobile
Development
Mobile
Development
Our
Preparation
Our
Preparation
Tech TrendsTech Trends
01 02 03 04 05 06 07 08START
END 15 14 13 12 11 10 09
UI Design
Concept
UI Design
Concept
Development
Tools
Development
Tools
7. 7
Too Many Technologies …
Blockchain Robotics
Drones
Internet of
Things
Machine Learning
Distributed
Ledger Tech
Virtual Reality
Augmented
Reality
Automation
Machine to
Machine
Autonomous
Vehicle
5G Network
3D Printing
Artificial
Intelligent
Decentralized
Identity
Self Sovereign
Identity
Big Data
Analytics
Predictive
Analytics
Predictive
Maintenance
Cloud
Distributed Cloud
Edge Computing
Fog Computing
Sentiment
Analysis
DevSecOps
Agile
RISC-V
Quantum
Computing
Post Quantum
Cryptography
DevOps
Penetration
Testing
Software Testing
Container
Technology
Serverless
Deep Learning
Open Source
Open Standard
Software Defined
Network
CI/CD
Multi-Factor
Authentication
Two-Factor
Authentication
Decentralized
Web
10. 10
Why Open Source?
Open source is becoming the backbone for driving
digital innovation.
Open-source software is used within mission-
critical IT workloads by over 95% of the IT
organizations worldwide, whether they are aware
of it or not.
To foster open innovation and to exploit new ideas
at a lower cost.
Vibrancy and helpfulness of community support
and documentation in the community forms.
To prevent vendor lock-in.
No single entity has exclusive control over an open-
source project.
Use best practices for development.
Source: Gartner – What Innovation Leaders Must Know About Open-Source Software
12. 12
New Hardware Architecture … RISC-V
Source: RISC-V Foundation, SiPEED, SiFive, YouTube
Open source Instruction Set Architecture (ISA).
Start at University of California, Berkeley in
2010 and contributors all around the world.
Permissive open source license.
Open specification make it easier for
developers.
Boards for RISC-V available since 2018 (SiFive,
SiPEED, LowRISC).
RISC-V came in 32bits (RV32) and 64bits
(RV64) version.
Designed for general purpose computing and
also for the Internet of Things (IoT).
Some boards came with AI processors.
14. 14
Post Quantum Cryptography (PQC)
Source: NIST - Post-Quantum Cryptography
If large-scale quantum computers are ever built, they will be able to break many of
the public-key cryptosystems currently in use.
This would seriously compromise the confidentiality and integrity of digital
communications on the Internet and elsewhere.
Post-quantum cryptography (sometimes referred to as quantum-proof, quantum-
safe or quantum-resistant) refers to cryptographic algorithms (usually public-key
algorithms) that are thought to be secure against an attack by a quantum
computer.
Post-Quantum Cryptography Standardization is a project start on 2016 by NIST to
standardize post-quantum cryptography.
Currently on Round 2 Post-Quantum Cryptography Standardization, there 17
algorithms for Public-key Encryption and Key-establishment Algorithms, and 9
algorithms for Digital Signature Algorithms.
• How long does encryption need to
be secure (x years)
• How long to re-tool existing
infrastructure with quantum safe
solution (y years)
• How long until large-scale quantum
computer is built (z years)
16. 16
{ Two, Multi}-Factor Authentication
Source: SoloKeys, NitroKeys, Google OpenSK, FreeOTP, PrivacyIDEA
Multi-factor authentication (MFA) is an authentication
method in which a computer user is granted access
only after successfully presenting two or more pieces
of evidence (or factors) to an authentication
mechanism.
Two-factor authentication (also known as 2FA) is a
type, or subset, of multi-factor authentication. It is a
method of confirming users' claimed identities by
using a combination of two different factors:
(1) something they know,
(2) something they have, or
(3) something they are.
17. 17
Open Source 2FA Security Key – Google OpenSK
Source: Google OpenSK
Google launched OpenSK on Jan 30, 2020 — an open-source
project that lets developers build their own 2FA security keys.
OpenSK supports both the FIDO U2F and FIDO2 standards.
OpenSK is written in Rust and runs on TockOS for better
isolation and cleaner OS abstractions.
Rust has strong memory safety which can help protect against
logical attacks, whilst TockOS offers a sandboxed architecture
for better isolation of the security key applet, drivers, and
kernel.
With this early release, developers will be able to flash OpenSK
on a Nordic chip dongle.
The Nordic chip dongle supports all of the major features of
FIDO2, such as NFC, Bluetooth Low Energy, USB, and a
dedicated hardware crypto core.
Current firmware implementation is based on the published
CTAP2.0 specifications of FIDO standards.
Current OpenSK supported cryptography algorithms: ECDSA,
ECC secp256r1, HMAC-SHA256 and AES256.
GitHub repo: https://github.com/google/OpenSK
19. 19
Decentralized Web
Source: Solid (MIT), Inrupt
The decentralized web, also called web 3.0 is
a vision of the next generation internet as a
peer to peer network built around blockchain
technology, where users own their own data,
data is portable, computing and storage
resources are provided by end-users within
distributed networks, apps run locally on end-
user devices and platforms are decentralized
and autonomous.
Tim Berners-Lee, Father of the World Wide
Web, working on a project called Solid, an
open-source project built on the existing web
meant to give people control over their own
data.
Using Solid, users can keep their data
wherever they choose, rather than being
forced to store it on centralized servers.
20. 20
InterPlanetary File System (IPFS)
Source: IPFS, IADIS
IPFS is a peer-to-peer network for storing and
accessing files, websites, applications, and
data in a distributed file system.
Content is accessible through peers that
might relay information or store it (or do
both), and those peers can be located
anywhere in the world.
The file, and all of the blocks within it, is
given a unique fingerprint called a
cryptographic hash.
Some blockchain/DLT used IPFS for storing
large files/documents such as MRI images.
BlockchainBlockchainBlockchainBlockchain----based Distributed Electronic Health Recordsbased Distributed Electronic Health Recordsbased Distributed Electronic Health Recordsbased Distributed Electronic Health Records
22. 22
Self Sovereign Identity (SSI)
Source: Decentralized Identity Foundation, Sovrin SSI, IBM Blockchain, Hyperledger Indy
Solving the identity silo problem
begins with a digital identity that
you literally own, not just control
— a “self-sovereign” identity.
Emerging Standards
23. 23
IMAGINE!!!
Source: Me
Gov.MY Quantum Safe National DLT
Gov.MY National DID
BANK XYZ
issue “Kad Pengenalan”
issue “Lesen Memandu”
issue “Akaun KWSP”
issue “Kad OKU”
NATIONAL CITIZEN IDENTITY SYSTEM
National Citizen
Digital Wallet
show claim
verify proof
countersign
claim
25. 25
DevOps / DevSecOps
Source: DevOps & DevSecOps
DevOps is an IT mindset that encourages
communication, collaboration, integration and
automation among software developers and IT
operations in order to improve the speed and
quality of delivering software.
DevSecOps is the philosophy of
integrating security practices
within the DevOps process.
30. 30
New Programming Language … Zig
Source: ZigLang
Zig is a general-purpose programming language designed for
robustness, optimality, and maintainability
Created by Andrew Kelley in 2016.
Zig competes with C instead of depending on it.
Supports multi architectures.
Cross-compiling is a first-class use case.
Zig supports building for WebAssembly out of the box.
Came with Zig Build System.
Supports: Windows, Linux, FreeBSD and MacOS.
Current version: 0.5.0 (Oct 1, 2019)
31. 31
New Programming Language … Deno
Source: DenoLand
Deno is a secure runtime for JavaScript and TypeScript.
Created in 2018 by Ryan Dahl, the creator of NodeJS, to fix
flaws in NodeJS and to create modern development platform.
Deno is built on Rust, V8, TypeScript and Tokio.
Very experimental and for brave heart developers.
Target version 1.0 in early 2020.
Supports: Windows, Linux and MacOS.
Current version: v0.31.0 (Jan 24, 2020)
32. 32
WebAssembly (Wasm)
Source: WebAssembly (https://webassembly.org/)
WebAssembly (abbreviated Wasm) is a binary instruction format for a
stack-based virtual machine.
Wasm is designed as a portable target for compilation of high-level
languages like C/C++/Rust, enabling deployment on the web for client
and server applications.
WebAssembly aims to execute at native speed by taking advantage of
common hardware capabilities available on a wide range of platforms.
WebAssembly will enforce the same-origin and permissions security
policies of the browser.
WebAssembly modules will be able to call into and out of the JavaScript
context and access browser functionality through the same Web APIs
accessible from JavaScript.
WebAssembly 1.0 has shipped in 4 major browser engines (Chrome,
Edge, Firefox, Safari) and supported in over 20 different programming
languages.
33. 33
WebAssembly & LLVM De facto Relationship
Source: https://itnext.io/the-anatomy-of-webassembly-writing-your-first-webassembly-module-using-c-c-d9ee18f7ac9b
34. 34
The Resurgence of .NET Core
Source: Microsoft
.NET Core is an open-source, general-purpose
development platform maintained by Microsoft
and the .NET community on GitHub.
It's cross-platform (supporting Windows,
macOS, and Linux) and can be used to build
device, cloud, and IoT applications.
The latest version is .NET Core 3.1 and is a long-
term supported (LTS) release.
.NET Core also come with Blazor that lets you
build interactive web UIs using C# instead of
JavaScript.
Blazor apps are composed of reusable web UI
components implemented using C#, HTML, and
CSS. Both client and server code is written in C#,
allowing you to share code and libraries.
Blazor utilized WebAssembly to deliver .NET
core into the browser platform.
35. 35
Polyglot Programming
Source: Oracle GraalVM
The GraalVM Polyglot API
lets you embed and run
code from guest
languages in JVM-based
host applications.
GraalVM offers a comprehensive ecosystem
supporting a large set of languages (Java and
other JVM-based languages, JavaScript, Ruby,
Python, R, and C/C++ and other LLVM-based
languages) and running them in different
deployment scenarios (OpenJDK, NodeJS, Oracle
Database, or standalone).
37. 37
Cross Platform UI - Qt
Source: Qt
Qt (pronounced "cute") is a widget toolkit
for creating graphical user interfaces as
well as cross-platform applications that
run on various software and hardware
platforms with little or no change in the
underlying codebase while still being a
native application with native
capabilities and speed.
Qt is available under both commercial
licenses and open source.
Supported platform: Linux, Windows,
MacOS, Android, iOS and embedded
platform.
Supported programming languages: C++,
Python, Rust, C#, WebAssembly, Go,
NodeJS
39. 39
Web Framework – Vue.js
Source: Vue.js
Vue.js is a progressive, incrementally-
adoptable JavaScript framework for building UI
on the web.
It is designed from the ground up to be
incrementally adoptable, and can easily scale
between a library and a framework depending
on different use cases.
It consists of an approachable core library that
focuses on the view layer only, and an
ecosystem of supporting libraries that helps
you tackle complexity in large Single-Page
Applications.
Vue.js supports all browsers that are ES5-
compliant (IE8 and below are not supported).
Vue’s gentle learning curve steals the hearts of
beginners and advanced developers.
42. 42
The Rise of Flutter
Source: Flutter Website & GitHub
Flutter is an open source Google’s UI toolkit for
building beautiful, natively compiled
applications for mobile, web, and desktop from
a single codebase.
Flutter is designed for fast development,
expressive and flexible UI, and optimized for
native performance.
Flutter programming is done using Dart
programming language.
Flutter's layered architecture gives you control
over every pixel on the screen, and its powerful
compositing capabilities let you overlay and
animate graphics, video, text and controls
without limitation. Flutter includes a full set of
widgets that deliver pixel-perfect experiences
on both iOS and Android.
Visual Studio Code (VSCode) is one of the editor
used by many Flutter developer to build the
Flutter apps.
Current version: Flutter 1.14.6 (Jan 28, 2020)
Website: https://flutter.dev/
44. 44
The rise of Visual Studio Code
Source: Microsoft
Visual Studio Code is a lightweight but
powerful source code editor which runs on
your desktop and is available for Windows,
macOS and Linux.
It comes with built-in support for JavaScript,
TypeScript and Node.js and has a rich
ecosystem of extensions for other languages
(such as C++, C#, Java, Python, PHP, Go,
Flutter) and runtimes (such as .NET and Unity).
The Docker extension makes it easy to build,
manage, and deploy containerized
applications from Visual Studio Code.
In the Stack Overflow 2019 Developer Survey,
Visual Studio Code was ranked the most
popular developer environment tool, with
50.7% of 87,317 respondents claiming to use
it.
Current Version: 1.41 (November 2019)
Website: https://code.visualstudio.com/
48. 48
Our Preparation?
AVOID FAILURES
AND
COLATERAL DAMAGES
AVOID FAILURES
AND
COLATERAL DAMAGES
5W-1H:
WHAT to prepare?
WHY to prepare?
WHERE to prepare?
WHEN to prepare?
WHO to prepare?
HOW to prepare?
ARE WEARE WEARE WEARE WE
PREPAREDPREPAREDPREPAREDPREPARED????
49. 49
Our Preparation?
PEOPLE:
Is my organization optimized
for success?
TECHNOLOGY:
Am I leveraging technology
appropriately?
PROCESS:
Do my processes align with
my business objectives?
PEOPLE:
Is my organization optimized
for success?
TECHNOLOGY:
Am I leveraging technology
appropriately?
PROCESS:
Do my processes align with
my business objectives?
50. 50
Our Preparation?
Source: Adapted from Deloitte, PwC
How is your business integrating the adoption of emerging technologies with business strategy?
How many, and which technology forces do you believe provide the strongest backbone for
future innovation in your business?
How effective is your organization’s drive toward agility?
What infrastructure and technical platforms do you have in place today?
What experience do you want your customers, employees, and partners to have when they
engage with your organization?
How do you measure each new digital initiative against its alignment to organizational values
and impact on stakeholder?
Are you considering strategy, finance and risk in every steps of decision making?
Some “Deep Learning” to dive …
plus et cetera
51. 51
Our Preparation?
Source: Adapted from Deloitte, PwC
Proactively evaluate how to use technology in a way that is aligned with your company’s purpose and
core values.
Develop an approach to technology that aligns with your organization’s general compliance and
business policies.
Tailor budgeting, funding, and reporting processes to meet the evolving technology needs of the
business.
Lifelong upskilling.
Use the right tools.
Collaborative, responsive, and creative personnel with a big-picture view can bridge technology and
business to deliver value.
Create communities where personnel can share best practices.
Some “Predictive Maintenance” to explore …
plus et cetera