Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/28ePA2L.
Sylvan Clebsch talks about using Pony in a fintech environment to build high-performance tools. Pony is a new actor-model language that's statically typed and ahead-of-time compiled (using LLVM), with a fully concurrent garbage collector and a data-race free type system. Filmed at qconlondon.com.
Sylvan Clebsch is the designer of the Pony programming language. He has worked in industry for 24 years, on fintech, milsims, video games, peer networking, VOIP, identity management, crypto, and embedded OSes. He is currently working on distributed Pony.
The talk covers foundations and applications of implicit function types. It is an updated and more condensed version of the "What to Leave Implicit Talk" given at CurryOn/PLDI 2017.
The talk covers foundations and applications of implicit function types. It is an updated and more condensed version of the "What to Leave Implicit Talk" given at CurryOn/PLDI 2017.
Getting started with typescript and angular 2Knoldus Inc.
The Typescript is getting popular day by day, mainly because of its use in angular 2 and its type annotation in these slides i give a brief introduction to typescript and how it works with angular2
A quick introduction to the object-oriented programming language Smalltalk, part of a full lecture on Programming Paradigms at UCL university in Belgium, focussing on the programming languages Smalltalk, Ruby and Java, with reflection and meta programming as underlying theme.
Microservices for performance - GOTO Chicago 2016Peter Lawrey
How do Microservices and Trading Systems overlap?
How can one area learn from the other?
How can we test components of microservices?
Is there a library which helps us implement and test these services?
Beyond Breakpoints: A Tour of Dynamic AnalysisC4Media
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2dXUUTG.
Nathan Taylor provides an introduction to the dynamic analysis research space, suggesting integrating these techniques into various internal tools. Filmed at qconnewyork.com.
Nathan Taylor is a software developer currently employed at Fastly, where he works on making the Web faster through high performance content delivery. Previous gigs have included hacking on low-level systems software such as Java runtimes at Twitter and, prior to that, the Xen virtual machine monitor in grad school.
As software engineers we do trade-offs every day. We often need to pick between things like space vs time or budget vs scope. Or sometimes the amount of creative waste we can afford to have. And when we make the decision we need to be in full comprehension of both the upside and downside of a particular choice. In this talk we will discuss why our organization decided to move from Python to Java. We will go over each tradeoff we decided to do and the motivation behind it.
Building and deploying LLM applications with Apache AirflowKaxil Naik
Behind the growing interest in Generate AI and LLM-based enterprise applications lies an expanded set of requirements for data integrations and ML orchestration. Enterprises want to use proprietary data to power LLM-based applications that create new business value, but they face challenges in moving beyond experimentation. The pipelines that power these models need to run reliably at scale, bringing together data from many sources and reacting continuously to changing conditions.
This talk focuses on the design patterns for using Apache Airflow to support LLM applications created using private enterprise data. We’ll go through a real-world example of what this looks like, as well as a proposal to improve Airflow and to add additional Airflow Providers to make it easier to interact with LLMs such as the ones from OpenAI (such as GPT4) and the ones on HuggingFace, while working with both structured and unstructured data.
In short, this shows how these Airflow patterns enable reliable, traceable, and scalable LLM applications within the enterprise.
https://airflowsummit.org/sessions/2023/keynote-llm/
Getting started with typescript and angular 2Knoldus Inc.
The Typescript is getting popular day by day, mainly because of its use in angular 2 and its type annotation in these slides i give a brief introduction to typescript and how it works with angular2
A quick introduction to the object-oriented programming language Smalltalk, part of a full lecture on Programming Paradigms at UCL university in Belgium, focussing on the programming languages Smalltalk, Ruby and Java, with reflection and meta programming as underlying theme.
Microservices for performance - GOTO Chicago 2016Peter Lawrey
How do Microservices and Trading Systems overlap?
How can one area learn from the other?
How can we test components of microservices?
Is there a library which helps us implement and test these services?
Beyond Breakpoints: A Tour of Dynamic AnalysisC4Media
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2dXUUTG.
Nathan Taylor provides an introduction to the dynamic analysis research space, suggesting integrating these techniques into various internal tools. Filmed at qconnewyork.com.
Nathan Taylor is a software developer currently employed at Fastly, where he works on making the Web faster through high performance content delivery. Previous gigs have included hacking on low-level systems software such as Java runtimes at Twitter and, prior to that, the Xen virtual machine monitor in grad school.
As software engineers we do trade-offs every day. We often need to pick between things like space vs time or budget vs scope. Or sometimes the amount of creative waste we can afford to have. And when we make the decision we need to be in full comprehension of both the upside and downside of a particular choice. In this talk we will discuss why our organization decided to move from Python to Java. We will go over each tradeoff we decided to do and the motivation behind it.
Building and deploying LLM applications with Apache AirflowKaxil Naik
Behind the growing interest in Generate AI and LLM-based enterprise applications lies an expanded set of requirements for data integrations and ML orchestration. Enterprises want to use proprietary data to power LLM-based applications that create new business value, but they face challenges in moving beyond experimentation. The pipelines that power these models need to run reliably at scale, bringing together data from many sources and reacting continuously to changing conditions.
This talk focuses on the design patterns for using Apache Airflow to support LLM applications created using private enterprise data. We’ll go through a real-world example of what this looks like, as well as a proposal to improve Airflow and to add additional Airflow Providers to make it easier to interact with LLMs such as the ones from OpenAI (such as GPT4) and the ones on HuggingFace, while working with both structured and unstructured data.
In short, this shows how these Airflow patterns enable reliable, traceable, and scalable LLM applications within the enterprise.
https://airflowsummit.org/sessions/2023/keynote-llm/
Describes the features of programming languages and the complexities they incur in the compilers and virtual machines. Illustrates with examples from Java, Python, Swift and Node. Also introduces Open Managed Runtime (OMR)
Near real-time anomaly detection at Lyftmarkgrover
Near real-time anomaly detection at Lyft, by Mark Grover and Thomas Weise at Strata NY 2018.
https://conferences.oreilly.com/strata/strata-ny/public/schedule/detail/69155
The large O’Reilly survey on serverless adoption indicated that the majority of enterprises have not yet adopted serverless. They have cited the following concerns as main factors: security, the steep learning curve, vendor lock-in, integration/debugging and observability of serverless applications.
In this talk, I will share my views on these concerns and present how Waylay IO has addressed these challenges. Waylay IO’s mission is to finally unlock all promised benefits of serverless computation, with an intuitive and developer-friendly low-code platform.
The Art of The Event Streaming Application: Streams, Stream Processors and Sc...confluent
Have you ever imagined what it would be like to build a massively scalable streaming application on Kafka, the challenges, the patterns and the thought process involved? How much of the application can be reused? What patterns will you discover? How does it all fit together? Depending upon your use case and business, this can mean many things. Starting out with a data pipeline is one thing, but evolving into a company-wide real-time application that is business critical and entirely dependent upon a streaming platform is a giant leap. Large-scale streaming applications are also called event streaming applications. They are classically different from other data systems; event streaming applications are viewed as a series of interconnected streams that are topologically defined using stream processors; they hold state that models your use case as events. Almost like a deconstructed real-time database.
In this talk, I step through the origins of event streaming systems, understanding how they are developed from raw events to evolve into something that can be adopted at an organizational scale. I start with event-first thinking, Domain Driven Design to build data models that work with the fundamentals of Streams, Kafka Streams, KSQL and Serverless (FaaS).
Building upon this, I explain how to build common business functionality by stepping through the patterns for: – Scalable payment processing – Run it on rails: Instrumentation and monitoring – Control flow patterns Finally, all of these concepts are combined in a solution architecture that can be used at an enterprise scale. I will introduce enterprise patterns such as events-as-a-backbone, events as APIs and methods for governance and self-service. You will leave talk with an understanding of how to model events with event-first thinking, how to work towards reusable streaming patterns and most importantly, how it all fits together at scale.
Kakfa summit london 2019 - the art of the event-streaming appNeil Avery
Have you ever imagined what it would be like to build a massively scalable streaming application on Kafka, the challenges, the patterns and the thought process involved? How much of the application can be reused? What patterns will you discover? How does it all fit together? Depending upon your use case and business, this can mean many things. Starting out with a data pipeline is one thing, but evolving into a company-wide real-time application that is business critical and entirely dependent upon a streaming platform is a giant leap. Large-scale streaming applications are also called event streaming applications. They are classically different from other data systems; event streaming applications are viewed as a series of interconnected streams that are topologically defined using stream processors; they hold state that models your use case as events. Almost like a deconstructed real-time database.
In this talk, I step through the origins of event streaming systems, understanding how they are developed from raw events to evolve into something that can be adopted at an organizational scale. I start with event-first thinking, Domain Driven Design to build data models that work with the fundamentals of Streams, Kafka Streams, KSQL and Serverless (FaaS).
Building upon this, I explain how to build common business functionality by stepping through the patterns for: – Scalable payment processing – Run it on rails: Instrumentation and monitoring – Control flow patterns Finally, all of these concepts are combined in a solution architecture that can be used at an enterprise scale. I will introduce enterprise patterns such as events-as-a-backbone, events as APIs and methods for governance and self-service. You will leave talk with an understanding of how to model events with event-first thinking, how to work towards reusable streaming patterns and most importantly, how it all fits together at scale.
Azure Service Fabric and the Actor Model: when did we forget Object Orientation?João Pedro Martins
Session presented at DDD event in TVP/Microsoft UK HQ. Introduction to Azure Service Fabric, and focus on the actor model (formerly known as Project Orleans), with demos and documentation on how it is supported in Service Fabric. Goal: ask ourselves why did we really replace OO with "stateless services".
Overview of QP Frameworks and QM Modeling Tools (Notes)Quantum Leaps, LLC
The embedded software industry is in the midst of a major revolution. Tremendous amount of new development lays ahead. This new software needs an actual architecture that is safer, more extensible, and easier to understand than the usual "free-threading" approach of a traditional Real-Time Operating System (RTOS).
Quantum Leaps' software frameworks and tools provide such a modern, reusable architecture based on active objects (actors), hierarchical state machines, software tracing, graphical modeling, and automatic code generation.
Considerations for Abstracting Complexities of a Real-Time ML Platform, Zhenz...HostedbyConfluent
Considerations for Abstracting Complexities of a Real-Time ML Platform, Zhenzhong XU | Current 2022
If you are a data scientist or a platform engineer, you probably can relate to the pains of working with the current explosive growth of Data/ML technologies and toolings. With many overlapping options and steep learning curves for each, it’s increasingly challenging for data science teams. Many platform teams started thinking about building an abstracted ML platform layer to support generalized ML use cases. But there are many complexities involved, especially as the underlying real-time data is shifting into the mainstream.
In this talk, we’ll discuss why ML platforms can benefit from a simple and ""invisible"" abstraction. We’ll offer some evidence on why you should consider leveraging streaming technologies even if your use cases are not real-time yet. We’ll share learnings (combining both ML and Infra perspectives) about some of the hard complexities involved in building such simple abstractions, the design principles behind them, and some counterintuitive decisions you may come across along the way.
By the end of the talk, I hope data scientists can walk away with some tips on how to evaluate ML platforms, and platform engineers learned a few architectural and design tricks.
Streaming a Million Likes/Second: Real-Time Interactions on Live VideoC4Media
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/39NIjLV.
Akhilesh Gupta does a technical deep-dive into how Linkedin uses the Play/Akka Framework and a scalable distributed system to enable live interactions like likes/comments at massive scale at extremely low costs across multiple data centers. Filmed at qconlondon.com.
Akhilesh Gupta is the technical lead for LinkedIn's Real-time delivery infrastructure and LinkedIn Messaging. He has been working on the revamp of LinkedIn’s offerings to instant, real-time experiences. Before this, he was the head of engineering for the Ride Experience program at Uber Technologies in San Francisco.
Next Generation Client APIs in Envoy MobileC4Media
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2x0Fav8.
Jose Nino guides the audience through the journey of Mobile APIs at Lyft. He focuses on how the team has reaped the benefits of API generation to experiment with the network transport layer. He also discusses recent developments the team has made with Envoy Mobile and the roadmap ahead. Filmed at qconlondon.com.
Jose Nino works as a Software Engineer at Lyft.
Software Teams and Teamwork Trends Report Q1 2020C4Media
How do we cope with an environment that has been radically disrupted, where people are suddenly thrust into remote work in a chaotic state? What are the emerging good practices and new ideas that are shaping the way in which software development teams work? What can we do to make the workplace a more secure and diverse one while increasing the productivity of our teams? This report aims to assist technical leaders in making mid- to long-term decisions that will have a positive impact on their organisations and teams and help individual contributors find the practices, approaches, tools, techniques, and frameworks that can help them get a better experience at work - irrespective of where they are working from.
Understand the Trade-offs Using Compilers for Java ApplicationsC4Media
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2QCmmJ0.
Mark Stoodley examines some of the strengths and weaknesses of the different Java compilation technologies, if one was to apply them in isolation. Stoodley discusses how production JVMs are assembling a combination of these tools that work together to provide excellent performance across the large spectrum of applications written in Java and JVM based languages. Filmed at qconsf.com.
Mark Stoodley joined IBM Canada to build Java JIT compilers for production use and led the team that delivered AOT compilation in the IBM SDK for Java 6. He spent the last five years leading the effort to open source nearly 4.3 million lines of source code from the IBM J9 Java Virtual Machine to create the two open source projects Eclipse OMR and Eclipse OpenJ9, and now co-leads both projects.
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2y2yPiS.
Colin McCabe talks about the ongoing effort to replace the use of Zookeeper in Kafka: why they want to do it and how it will work. He discusses the limitations they have found and how Kafka benefits both in terms of stability and scalability by bringing consensus in house. He talks about their progress, what work is remaining, and how contributors can help. Filmed at qconsf.com.
Colin McCabe is a Kafka committer at Confluent, working on the scalability and extensibility of Kafka. Previously, he worked on the Hadoop Distributed Filesystem and the Ceph Filesystem.
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2SXXXiD.
Katharina Probst talks about what it means to act like an owner and why teams need ownership to be high-performing. When team members, regardless of whether they have a formal leadership role or not, act like owners, magical things can happen. She shares ideas that we can apply to our own work, and talks about how to recognize when we don’t live up to our own expectations of acting like an owner. Filmed at qconsf.com.
Katharina Probst is a Senior Engineering Leader, Kubernetes & SaaS at Google. Before this, she was leading engineering teams at Netflix, being responsible for the Netflix API, which helps bring Netflix streaming to millions of people around the world. Prior to joining Netflix, she was in the cloud computing team at Google, where she saw cloud computing from the provider side.
Does Java Need Inline Types? What Project Valhalla Can Bring to JavaC4Media
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2T04Lw4.
Sergey Kuksenko talks about the performance benefits inline types bring to Java and how to exploit them. Inline/value types are the key part of experimental project Valhalla, which should bring new abilities to the Java language. Filmed at qconsf.com.
Sergey Kuksenko is a Java Performance Engineer at Oracle working on a variety of Java and JVM performance enhancements. He started working as Java Engineer in 1996 and as Java Performance Engineer in 2005. He has had a passion for exploring how Java works on modern hardware.
Do you need service meshes in your tech stack?
This on-line guide aims to answer pertinent questions for software architects and technical leaders, such as: what is a service mesh?, do I need a service mesh?, how do I evaluate the different service mesh offerings? In software architecture, a service mesh is a dedicated infrastructure layer for facilitating service-to-service communications between microservices, often using a sidecar proxy.
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2UgQ3BU.
Christie Wilson describes what to expect from CI/CD in 2019, and how Tekton is helping bring that to as many tools as possible, such as Jenkins X and Prow. Wilson talks about Tekton itself and performs a live demo that shows how cloud native CI/CD can help debug, surface and fix mistakes faster. Filmed at qconsf.com.
Christie Wilson is a software engineer at Google, currently leading the Tekton project. Over the past decade, she has worked in the mobile, financial and video game industries. Prior to working at Google she led a team of software developers to build load testing tools for AAA video game titles, and founded the Vancouver chapter of PyLadies.
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2S7lDiS.
Sasha Rosenbaum shows how a CI/CD pipeline for Machine Learning can greatly improve both productivity and reliability. Filmed at qconsf.com.
Sasha Rosenbaum is a Program Manager on the Azure DevOps engineering team, focused on improving the alignment of the product with open source software. She is a co-organizer of the DevOps Days Chicago and the DeliveryConf conferences, and recently published a book on Serverless computing in Azure with .NET.
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/36epVKg.
Todd Montgomery discusses the techniques and lessons learned from implementing Aeron Cluster. His focus is on how Raft can be implemented on Aeron, minimizing the network round trip overhead, and comparing single process to a fully distributed cluster. Filmed at qconsf.com.
Todd Montgomery is a networking hacker who has researched, designed, and built numerous protocols, messaging-oriented middleware systems, and real-time data systems, done research for NASA, contributed to the IETF and IEEE, and co-founded two startups. He currently works as an independent consultant and is active in several open source projects.
Architectures That Scale Deep - Regaining Control in Deep SystemsC4Media
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2FWc5Sk.
Ben Sigelman talks about "Deep Systems", their common properties and re-introduces the fundamentals of control theory from the 1960s, including the original conceptualizations of Observability & Controllability. He uses examples from Google & other companies to illustrate how deep systems have damaged people's ability to observe software, and what needs to be done in order to regain control. Filmed at qconsf.com.
Ben Sigelman is a co-founder and the CEO at LightStep, a co-creator of Dapper (Google’s distributed tracing system), and co-creator of the OpenTracing and OpenTelemetry projects (both part of the CNCF). His work and interests gravitate towards observability, especially where microservices, high transaction volumes, and large engineering organizations are involved.
ML in the Browser: Interactive Experiences with Tensorflow.jsC4Media
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/39SddUL.
Victor Dibia provides a friendly introduction to machine learning, covers concrete steps on how front-end developers can create their own ML models and deploy them as part of web applications. He discusses his experience building Handtrack.js - a library for prototyping real time hand tracking interactions in the browser. Filmed at qconsf.com.
Victor Dibia is a Research Engineer with Cloudera’s Fast Forward Labs. Prior to this, he was a Research Staff Member at the IBM TJ Watson Research Center, New York. His research interests are at the intersection of human computer interaction, computational social science, and applied AI.
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2s9T3Vl.
Colin Eberhardt looks at some of the internals of WebAssembly, explores how it works “under the hood”, and looks at how to create a (simple) compiler that targets this runtime. Filmed at qconsf.com.
Colin Eberhardt is the Technology Director at Scott Logic, a UK-based software consultancy where they create complex application for their financial services clients. He is an avid technology enthusiast, spending his evenings contributing to open source projects, writing blog posts and learning as much as he can.
User & Device Identity for Microservices @ Netflix ScaleC4Media
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2S9tOgy.
Satyajit Thadeshwar provides useful insights on how Netflix implemented a secure, token-agnostic, identity solution that works with services operating at a massive scale. He shares some of the lessons learned from this process, both from architectural diagrams and code. Filmed at qconsf.com.
Satyajit Thadeshwar is an engineer on the Product Edge Access Services team at Netflix, where he works on some of the most critical services focusing on user and device authentication. He has more than a decade of experience building fault-tolerant and highly scalable, distributed systems.
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2Ezs08q.
Justin Ryan talks about Netflix’ scalability issues and some of the ways they addressed it. He shares successes they’ve had from unintuitively partitioning computation into multiple services to get better runtime characteristics. He introduces us to useful probabilistic data structures, innovative bi-directional data passing, open-source projects available from Netflix that make this all possible. Filmed at qconsf.com.
Justin Ryan is Playback Edge Engineering at Netflix. He works on some of the most critical services at Netflix, specifically focusing on user and device authentication. Years of building developer tools has also given him a healthy set of opinions on developer productivity.
Make Your Electron App Feel at Home EverywhereC4Media
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2Z4ZJjn.
Kilian Valkhof discusses the process of making an Electron app feel at home on all three platforms: Windows, MacOS and Linux, making devs aware of the pitfalls and how to avoid them. Filmed at qconsf.com.
Kilian Valkhof is a Front-end Developer & User-experience Designer at Firstversionist. He writes about various topics, from design to machine learning, on his personal website, kilianvalkhof.com and is a frequent contributer to open source software. He is part of the Electron governance team that oversees the development of the Electron framework.
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/344PnB1.
Steve Klabnik goes over the deep details of how async/await works in Rust, covering concepts like coroutines, generators, stack-less vs stack-ful, "pinning", and more. Filmed at qconsf.com.
Steve Klabnik is on the core team of Rust, leads the documentation team, and is an author of "The Rust Programming Language." He is a frequent speaker at conferences and is a prolific open source contributor, previously working on projects such as Ruby and Ruby on Rails.
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2OUz6dt.
Chris Riccomini talks about the current state-of-the-art in data pipelines and data warehousing, and shares some of the solutions to current problems dealing with data streaming and warehousing. Filmed at qconsf.com.
Chris Riccomini works as a Software Engineer at WePay.
Automated Testing for Terraform, Docker, Packer, Kubernetes, and MoreC4Media
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2rm4hFD.
Yevgeniy Brikman talks about how to write automated tests for infrastructure code, including the code written for use with tools such as Terraform, Docker, Packer, and Kubernetes. Topics covered include: unit tests, integration tests, end-to-end tests, dependency injection, test parallelism, retries and error handling, static analysis, property testing and CI / CD for infrastructure code. Filmed at qconsf.com.
Yevgeniy Brikman is the co-founder of Gruntwork, a company that provides DevOps as a Service. He is the author of two books published by O'Reilly Media: Hello, Startup and Terraform: Up & Running. Previously, he worked as a software engineer at LinkedIn, TripAdvisor, Cisco Systems, and Thomson Financial.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
2. InfoQ.com: News & Community Site
• 750,000 unique visitors/month
• Published in 4 languages (English, Chinese, Japanese and Brazilian
Portuguese)
• Post content from our QCon conferences
• News 15-20 / week
• Articles 3-4 / week
• Presentations (videos) 12-15 / week
• Interviews 2-3 / week
• Books 1 / month
Watch the video with slide
synchronization on InfoQ.com!
https://www.infoq.com/presentations/
pony
3. Purpose of QCon
- to empower software development by facilitating the spread of
knowledge and innovation
Strategy
- practitioner-driven conference designed for YOU: influencers of
change and innovation in your teams
- speakers and topics driving the evolution and innovation
- connecting and catalyzing the influencers and innovators
Highlights
- attended by more than 12,000 delegates since 2007
- held in 9 cities worldwide
Presented at QCon London
www.qconlondon.com
4. What is Pony?
Pony is an actor-model capabilities-secure native language
@ponylang
Freenode: #ponylang
http://ponylang.org
5. What do I want you to walk away with?
Pony has a powerful, data-race free, concurrency-aware type system
The Pony runtime can help you solve hard concurrency problems
You might be able to use Pony for fintech in production now
13. What do we want?
Tools that help us exploit our domain knowledge to write profit-
maximising systems
To maximise profit, tools must be as fast and as correct as possible
Some examples:
Aeron
Cap'n Proto
OpenOnload
29West LBM
14. How do those tools help?
Each tool manages a collection of hard problems
They aren't single purpose mini-libraries
They completely encapsulate the solution
They are not (necessarily) drop-in replacements for existing code
18. Actor-model concurrency
An object combines state-management with synchronous methods
(functions)
An actor combines state-management with asynchronous methods
(behaviours)
19. What does an actor have that an object
doesn't?
In addition to fields, an actor has a message queue and its own heap
Actor heaps are independently garbage collected, and the actors
themselves are garbage collected
It's ok to have millions of actors in a program (they're cheap)
20. What can actors do?
1. Handle the next message in their queue
2. Modify their own state
3. Create other actors
4. Send messages to actors
21. Pony actors
In Pony, actors have no blocking constructs
They handle each message by executing a behaviour
That behaviour is logically atomic: it cannot witness any heap
mutation it does not itself perform
All communication between actors is by message passing
22. Order
actor Order
embed _state: OrderState
let _exch_conn: ExchangeConn
embed _exch_order: ExchangeOrder
embed _observers: MapIs[OrderObserver tag, OrderObserver] =
_observers.create()
These are just the fields: some state, an exchange connection (all
traffic about an order needs to go over the same connection), and a
collection of observers.
23. How cheap is an actor?
240 byte overhead vs. an object (156 on a 32-bit architecture)
No CPU time overhead: only on a scheduler queue when there is
work to be done
24. Order Information
class val OrderInfo
let client_id: String
let instrument: String
let side: Side
let qty: U32
let price: U32
new val create(client_id': String, instrument': String, side': Side,
qty': U32, price': U32)
=>
client_id = client_id'
instrument = instrument'
side = side'
qty = qty'
price = price'
A simple immutable data structure
The type isn't immutable, but this particular constructor returns
immutable objects
25. Order State
class OrderState
embed info: OrderInfo
embed fills: Array[Fill] = fills.create()
var cum_qty: U32 = 0
var status: Status = PendingNew
new create(client_id: String, instrument: String, side: Side,
qty: U32, price: U32)
=>
info = OrderInfo(client_id, instrument, side, qty, price)
Mutable order state, notice the embedded OrderInfoand the
generic Array[Fill]
26. Creating an Order
new create(exch_conn: ExchangeConn, info: OrderInfo,
observers: (ReadSeq[OrderObserver] iso | None) = None)
=>
_state = OrderState(info)
_exch_conn = exch_conn
_exch_order = ExchangeOrder(this, info)
try
let obs = consume observers as ReadSeq[OrderObserver]
for observer in obs.values() do
_observers(observer) = observer
observer.initial_state(_state)
end
end
_exch_conn.place(_exch_order)
There's a lot going on here!
Notice the isolated (iso) readable sequence (ReadSeq) of order
observers: ReadSeq[OrderObserver] iso
It's in a union type with Noneand defaults to None
27. Adding and removing observers
be observe(some: OrderObserver iso) =>
let some' = consume ref some
_observers(some') = some'
some'.initial_state(_state)
be unobserve(some: OrderObserver tag) =>
try
(_, let some') = _observers.remove(some)
some'.dispose(_state)
end
To add an observer, we send the order a message (befor behaviour)
The argument is an isolated order observer OrderObserver iso
To remove an observer, we send the identity of the observer to
remove, as an OrderObserver tag
28. iso, val, tag, what?
These type annotations are called reference capabilities (rcaps)
Rcaps make Pony data-race free
And the data-race freedom guarantee is exploited in the runtime
29. Powerful, concurrency-aware type system
Reference capabilities (rcaps) for data-race freedom
Nominal (trait) and structural (interface) typing
Algebraic data types (union, intersection, tuple)
Generics and parametric polymorphism
Fully reified types
No "null"
No uninitialised or partially initialised values
Weak dependent types are on the way
32. Rcaps are type annotations
Every reference to an object indicates a level of isolation or
immutability
x: Foo iso // An isolated Foo
x: Foo val // A globally immutable Foo
x: Foo ref // A mutable Foo
x: Foo box // A locally immutable Foo (like C++ const)
x: Foo tag // An opaque Foo
This affects how you can use a reference (read, write, alias, send)
33. Rcaps are about deny, not allow
Rather than grant permissions, an rcap prevents certain kinds of
other rcaps to the same object
This is used to enforce the golden rule of data-race freedom:
"If I can write to it, nobody else can read from it"
37. Rcaps use local typing, not global analysis
Data-race freedom using rcaps is handled by the compiler during
type checking
There is no global static analysis step
Ensuring data-race freedom doesn't get harder for the compiler as
your code base grows
This is one part of composable concurrency
39. Back to the Order: getting a fill
be fill(some: Fill) =>
_state.fills.push(some)
_state.cum_qty = _state.cum_qty + some.qty
_state.status = match _state.status
| New if _state.cum_qty >= _state.info.qty => Filled
| PartiallyFilled if _state.cum_qty >= _state.info.qty => Filled
| PendingNew | Rejected => Invalid
else
_state.status
end
for observer in _observers.values() do
observer.fill(_state, some)
end
When a Fillis received, the order state is updated
Observers are notified of the fill and the new order state
This is a behaviour (be), so it happens asynchronously
40. An observer might be synchronous or
asynchronous
interface OrderObserver
fun ref initial_state(order: OrderState box) => state_change(order)
fun ref state_change(order: OrderState box) => None
fun ref fill(order: OrderState box, some: Fill) => None
fun ref dispose(order: OrderState box) => None
An OrderObserveris a strutural type: anything that has these
methods is an OrderObserver
An observer may execute code synchronously, send asynchronous
messages, or both
42. Use cheap messages to move the code to
the data
interface val OrderReport[A: Any #share]
fun apply(order: OrderState box): A ?
actor Order
be report[A: Any #share](generator: OrderReport[A], promise: Promise[A]) =>
try
promise(generator(_state))
else
promise.reject()
end
We send a report generating function to the order and either fulfil or
reject a promise with the generated report, instead of
asynchronously asking for the order state
44. Why unbounded?
If the queue was bounded, what would we do when the queue was
full?
Block or fail?
Blocking can deadlock and introduce unbounded producer jitter
Failing means application-specific failure handling every time a
message is sent
46. Pushing a message on to a queue
bool messageq_push(messageq_t* q, pony_msg_t* m)
{
m->next = NULL;
pony_msg_t* prev = (pony_msg_t*)_atomic_exchange(&q->head, m);
bool was_empty = ((uintptr_t)prev & 1) != 0;
prev = (pony_msg_t*)((uintptr_t)prev & ~(uintptr_t)1);
_atomic_store(&prev->next, m);
return was_empty;
}
A single atomic operation, wait-free, integrated empty queue
detection
The _atomic_storedoesn't need an atomic op on X86 or ARM
48. Is this the best possible queue?
Probably not!
This is an area with lots of research and engineering happening
This particular queue relies on specifics of the Pony runtime to be
efficient
Particularly the underlying memory allocator
49. Zero-copy messages
The type system guarantees the program is data-race free
Messages can be passed by reference instead of being copied
Without locking or atomic reference counting
51. Scheduler threads
The Pony runtime can be started with any number of scheduler
threads
Defaults to the physical core count
The program doesn't have to be aware of the thread count
52. What's does a scheduler thread consist of?
1. A kernel thread pinned to a core
2. A single-producer multiple-consumer queue of actors with
pending messages
3. A message queue for quiescence detection
4. A pool allocator
53. SPMC Queue
Similar to the MPSC message queue
Unbounded, non-intrusive
Zero atomic operations to push an actor on to the queue
CAS loop to pop an actor off of the queue
54. Pushing an actor on to a scheduler queue
void mpmcq_push_single(mpmcq_t* q, void* data)
{
mpmcq_node_t* node = POOL_ALLOC(mpmcq_node_t);
node->data = data;
node->next = NULL;
// If we have a single producer, don't use an atomic instruction.
mpmcq_node_t* prev = q->head;
q->head = node;
prev->next = node;
}
Hey, that says MPMC!
Yeah, the same code with a different push function is used for an
MPMCQ
A runtime has only one MPMCQ (the inject queue) and we won't
cover it
55. Popping an actor off of a scheduler queue
void* mpmcq_pop(mpmcq_t* q)
{
mpmcq_dwcas_t cmp, xchg;
mpmcq_node_t* next;
cmp.aba = q->tail.aba;
cmp.node = q->tail.node;
do
{
// Get the next node rather than the tail. The tail is either a stub or has
// already been consumed.
next = _atomic_load(&cmp.node->next);
// Bailout if we have no next node.
if(next == NULL)
return NULL;
So that's a bit more complicated
56. Message Batching
A scheduler thread executes a batch of messages on an actor
This is to amortise the cost of popping an actor off a scheduler
queue
Today this is a fixed number, in the future it will be dynamic
57. Why are scheduler queues SPMC?
When an actor is sent a message...
If the actor's message queue wasn't empty
Then it is already on some scheduler thread: do nothing
If the actor's message queue was empty
Then the actor wasn't scheduled anywhere
Schedule it on the queue of the thread that is sending the
message
Because the actor's working set probably isn't in cache
So get cache locality for the message contents, if possible
Only the scheduler thread ever puts an actor on its own queue
58. That's the SP, what about the MC?
If a scheduler thread has no actors on its queue, it picks another
scheduler thread and tries to steal an actor
This is why we need MC
"Near" cores are mildly preferred
Because cache and NUMA
But the preference isn't too strong, to clustering and spending too
much time trying to steal from scheduler threads with no available
work
59. Actors with pending messages tend to
stay on the same core
It's more important to use all available cores than to keep an actor
always on the same core
A scheduler thread never gives up its only available actor, to avoid
ping-pong scheduling
Once a core has work, it won't steal any more unless it runs out of
work
Because cache and NUMA
60. Quiescence detection
Scheduler threads are actually actors
They use a quiescence detection messaging protocol to terminate a
program
The protocol is I/O aware, and can correctly terminate a program
before all actors are garbage collected
A program has terminated when it is not listening for input, there
are no pending messages, and no new messages will ever be
generated
62. Back pressure questions
What is a "loaded" message queue and how can it be cheaply
determined? Is it as simple as a non-empty queue?
What is a scheduler priority? Not a priority queue (too slow)
Use a separate list of "deprioritised" actors?
Is influencing the message batch count enough?
Should a scheduler thread with only "deprioritised" actors try to
steal work?
64. GC'ing an actor heap
Actors GC their own heaps independent of other actors
Mark-and-don't sweep algorithm
O(n) on reachable graph
Unreachable memory has no impact
66. GC'ing objects shared across heaps
Rcaps allows isolated (iso), immutable (val), and opaque (tag) objects
to be safely passed by reference (zero-copy) between actors
Objects in messages or reachable by other actors must be protected
from premature collection
67. Use a message protocol
Deferred distributed weighted reference counting
The shape of the heap does not influence the reference count
Trace objects reachable from a message on send and receive
No round trips or acknowledgement messages
Actors can still independently collect heaps without coordination
68. Shared object GC is a distributed system
An actor can't know what other actors can reach an object it has
allocated
Or what undelivered messages the object may be reachable from
The object must not be collected prematurely but must be collected
in a timely manner
Teaser: this has been extended to the distributed runtime
69. Immutability and tracing
Isolated (iso) objects must trace their fields in messages
Because they can be mutated by an actor other than the allocator
Immutable (val) objects need not be traced, either in message or by
any non-allocating actor when reached during heap GC
Because the allocator can safely be responsible for tracing an
immutable graph
Sharing an immutable object graph amongst N actors does not
increase aggregate GC times
70. Adrian's write up
Ownership and Reference Counting Based Garbage Collection in the
Actor World
http://blog.acolyer.org/2016/02/18/ownership-and-reference-
counting-based-garbage-collection-in-the-actor-world/
71. GC'ing actors
An extension of the same protocol allows actors themselves to be
GC'd
It's an even more complex distributed system
A cycle detector (implemented as a system actor) is required
Plus a CNF-ACK protocol that can cheaply determine that a view of
an actor's topology received in the past was a true view of the global
state when it was recieved
73. Come get involved!
Join our community of industry developers, tooling developers,
library writers, compiler hackers, type system theorists, students,
and hobbyists.
Why not you?
@ponylang
Freenode: #ponylang
http://ponylang.org
74. Watch the video with slide synchronization on
InfoQ.com!
https://www.infoq.com/presentations/pony