All Things Open 2014 - Day 1
Wednesday, October 22nd, 2014
Olivier Thierry
Chief Marketing Officer of Zimbra
Open Government/Open Data
Why Governments Depend on Open Source for Secure, Private Email
Pretty Good Privacy (PGP) is strong encryption software that enables you to protect your email and files by scrambling them so others cannot read them. It also allows you to digitally "sign" your messages in a way that allows others to verify that a message was actually sent by you. PGP is available in freeware and commercial versions all over the world.
PGP was first released in 1991 as a DOS program that earned a reputation for being difficult. In June 1997, PGP Inc. released PGP 5.x for Win95/NT. PGP 5.x included plugins for several popular email programs.
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...ijcisjournal
Cloud computing technology provides various internet-based services. Many cloud computing vendors are offering cloud services through their own service mechanism. These mechanisms consist of various service parameters such as authentication, security, performance, availability, etc. Customer can access these cloud services through web browsers using http protocols. Each protocol has its own way of achieving the request-response services, authentication, confidentiality and etc. Cloud computing is an internet-based technology, which provides Infrastructure, Storage, Platform services on demand through a browser using HTTP protocols. These protocol features can be enhanced using cloud specific protocol, which provides strong authentication, confidentiality, security, integrity, availability and accessibility. We are proposing and presenting the secure cloud transmission protocol (SCTP) engineering phases which sits on top of existing http protocols to provide strong authentication security and confidentiality using multi-models. SCTP has multi-level and multi-dimensional approach to achieve strong authentication and multi-level security technique to achieve secure channel. This protocol can add on to existing http protocols. It can be used in any cloud services. This paper presents proposed Protocol engineering phases such as Service Specification, Synthesis, Analysis, Modelling, and Implementation model with test suites. This paper is represents complete integration of our earlier proposed and published multilevel techniques
"Inter- application vulnerabilities. hunting for bugs in secure applications"...PROIDEA
For the last couple of years I have been participating in various public and private bug bounty programmes including United Airlines, ING, RBS, EU or Synack. Usually these programmes are run by security-mature companies which take a lot of effort to make sure that their applications are secure. So how is that even possible that they are still vulnerable to well-known issues like XSS or IDOR which should not exist in 2019 anymore? Presentation will share information about common “inter-application” vulnerabilities encountered during testing process and emphasize the need of appropriate security testing at each stage of system life cycle. During 45 minutes long talk I will present several real-life examples of "inter-application" vulnerabilities, explain the root causes of these issues and propose steps which could be taken to avoid these vulnerabilities in the future.
Pretty Good Privacy (PGP) is strong encryption software that enables you to protect your email and files by scrambling them so others cannot read them. It also allows you to digitally "sign" your messages in a way that allows others to verify that a message was actually sent by you. PGP is available in freeware and commercial versions all over the world.
PGP was first released in 1991 as a DOS program that earned a reputation for being difficult. In June 1997, PGP Inc. released PGP 5.x for Win95/NT. PGP 5.x included plugins for several popular email programs.
DEVELOPMENT OF SECURE CLOUD TRANSMISSION PROTOCOL (SCTP) ENGINEERING PHASES :...ijcisjournal
Cloud computing technology provides various internet-based services. Many cloud computing vendors are offering cloud services through their own service mechanism. These mechanisms consist of various service parameters such as authentication, security, performance, availability, etc. Customer can access these cloud services through web browsers using http protocols. Each protocol has its own way of achieving the request-response services, authentication, confidentiality and etc. Cloud computing is an internet-based technology, which provides Infrastructure, Storage, Platform services on demand through a browser using HTTP protocols. These protocol features can be enhanced using cloud specific protocol, which provides strong authentication, confidentiality, security, integrity, availability and accessibility. We are proposing and presenting the secure cloud transmission protocol (SCTP) engineering phases which sits on top of existing http protocols to provide strong authentication security and confidentiality using multi-models. SCTP has multi-level and multi-dimensional approach to achieve strong authentication and multi-level security technique to achieve secure channel. This protocol can add on to existing http protocols. It can be used in any cloud services. This paper presents proposed Protocol engineering phases such as Service Specification, Synthesis, Analysis, Modelling, and Implementation model with test suites. This paper is represents complete integration of our earlier proposed and published multilevel techniques
"Inter- application vulnerabilities. hunting for bugs in secure applications"...PROIDEA
For the last couple of years I have been participating in various public and private bug bounty programmes including United Airlines, ING, RBS, EU or Synack. Usually these programmes are run by security-mature companies which take a lot of effort to make sure that their applications are secure. So how is that even possible that they are still vulnerable to well-known issues like XSS or IDOR which should not exist in 2019 anymore? Presentation will share information about common “inter-application” vulnerabilities encountered during testing process and emphasize the need of appropriate security testing at each stage of system life cycle. During 45 minutes long talk I will present several real-life examples of "inter-application" vulnerabilities, explain the root causes of these issues and propose steps which could be taken to avoid these vulnerabilities in the future.
A presentation explaining the concepts of public key infrastructure. It covers topics like Public Key Infrastructure (PKI) introduction, Digital Certificate, Trust Services, Digital Signature Certificate, TLS Certificate, Code Signing Certificate, Time Stamping, Email Encryption Certificate
Hong Kong Hyperledger Meetup January 2018Tracy Kuhrt
Slides presented at the Hong Kong Hyperledger Meetup in January 2018 (https://www.meetup.com/Hyperledger-HK/events/246767267/) . This is a great opportunity to hear a leading blockchain expert address key technical developments, opportunities and challenges as we start 2018.
You will learn firsthand the latest developments in the global Hyperledger developer community and the progress of projects under the Hyperledger umbrella. Tracy will share latest details on the upcoming Hyperledger Sawtooth 1.0 release and roadmap for Hyperledger Fabric.
We hope you will join us to hear Tracy speak about Hyperledger projects today and what is in store in 2018 for the Hyperledger community, globally and in Asia Pacific, and how you can get involved.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
DEFCON28_2020_EthereumSecurity_PreventingDDoS_VDFGokul Alex
DEFCON is is one of the world's largest and most notable hacker conventions in the world. It an esoteric experience of an elusive kind. It is a daring dream to destroy the dystopian darkness of super surveillance states. Here we are presenting our passion for Blockchain Security in DEFCON 28, based on the theme - 'Preventing DDoS Attacks on Ethereum 2.0 using Verifiable Delay Function Powered Authentication Architectures'. When we teamed up together a month ago, we never ever imagined that we will march into the league of extraordinary hackers to present our beloved blockchain security models in-front of the pioneers and paragons in the security space. We are grateful to all our well wishers in Governments, Private Sector, Academic Institutions, Think Tanks, Research Organisations across the world who has inspired us to deep dive on the creative convergence of cryptography and consensus algorithms to weave this world together. Our session is part of the Block Village stream in the DEFCON 28. Please find further details of the event in the Block Village portal. https://www.blockchainvillage.net/schedule2020
#defcon2020 #defcon28 #cybersecurity #ethereum #blockvillage #blockchainsecurity #blockchainaudit
A novel paradigm in authentication systemIJNSA Journal
Maintaining the security of your computer, network and private/sensitive data against unauthorized access
and a wide variety of security threats can be challenging. Verifying data integrity and authentication are
essential security services in order to secure data transmission process. In this paper we propose a novel
security technique which uses new encryption and decryption algorithms to achieve authenticated
communication and enhanced data integrity. The proposed technique is very complex for attackers to
decode, and it is applicable to client-server architecture.
Introduction to Public Key InfrastructureTheo Gravity
Adonis Fung and I worked on a project where we defined and built PKI (Public Key Infrastructure) for our local development and deployed environments. I gave a talk to our engineers on how PKI works, covering encryption, signing, trust stores, and how the HTTPS handshake works.
Welcome to the world of 'network security' which is an unavoidable term in cyber security. This white paper of Network security encompasses the most significant and predominantly used networking security concepts which are highly important for maintaining your network environment secure.
A presentation explaining the concepts of public key infrastructure. It covers topics like Public Key Infrastructure (PKI) introduction, Digital Certificate, Trust Services, Digital Signature Certificate, TLS Certificate, Code Signing Certificate, Time Stamping, Email Encryption Certificate
Hong Kong Hyperledger Meetup January 2018Tracy Kuhrt
Slides presented at the Hong Kong Hyperledger Meetup in January 2018 (https://www.meetup.com/Hyperledger-HK/events/246767267/) . This is a great opportunity to hear a leading blockchain expert address key technical developments, opportunities and challenges as we start 2018.
You will learn firsthand the latest developments in the global Hyperledger developer community and the progress of projects under the Hyperledger umbrella. Tracy will share latest details on the upcoming Hyperledger Sawtooth 1.0 release and roadmap for Hyperledger Fabric.
We hope you will join us to hear Tracy speak about Hyperledger projects today and what is in store in 2018 for the Hyperledger community, globally and in Asia Pacific, and how you can get involved.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
DEFCON28_2020_EthereumSecurity_PreventingDDoS_VDFGokul Alex
DEFCON is is one of the world's largest and most notable hacker conventions in the world. It an esoteric experience of an elusive kind. It is a daring dream to destroy the dystopian darkness of super surveillance states. Here we are presenting our passion for Blockchain Security in DEFCON 28, based on the theme - 'Preventing DDoS Attacks on Ethereum 2.0 using Verifiable Delay Function Powered Authentication Architectures'. When we teamed up together a month ago, we never ever imagined that we will march into the league of extraordinary hackers to present our beloved blockchain security models in-front of the pioneers and paragons in the security space. We are grateful to all our well wishers in Governments, Private Sector, Academic Institutions, Think Tanks, Research Organisations across the world who has inspired us to deep dive on the creative convergence of cryptography and consensus algorithms to weave this world together. Our session is part of the Block Village stream in the DEFCON 28. Please find further details of the event in the Block Village portal. https://www.blockchainvillage.net/schedule2020
#defcon2020 #defcon28 #cybersecurity #ethereum #blockvillage #blockchainsecurity #blockchainaudit
A novel paradigm in authentication systemIJNSA Journal
Maintaining the security of your computer, network and private/sensitive data against unauthorized access
and a wide variety of security threats can be challenging. Verifying data integrity and authentication are
essential security services in order to secure data transmission process. In this paper we propose a novel
security technique which uses new encryption and decryption algorithms to achieve authenticated
communication and enhanced data integrity. The proposed technique is very complex for attackers to
decode, and it is applicable to client-server architecture.
Introduction to Public Key InfrastructureTheo Gravity
Adonis Fung and I worked on a project where we defined and built PKI (Public Key Infrastructure) for our local development and deployed environments. I gave a talk to our engineers on how PKI works, covering encryption, signing, trust stores, and how the HTTPS handshake works.
Welcome to the world of 'network security' which is an unavoidable term in cyber security. This white paper of Network security encompasses the most significant and predominantly used networking security concepts which are highly important for maintaining your network environment secure.
Open Source and Content Management (+audio)Matt Hamilton
Open Source solutions are becoming more commonplace in corporate IT, with two thirds of companies using Open Source today or planning to use it soon. We've all heard the hype: cheaper to buy, cheaper to run, cheaper to fix. Using Open Source software reduces your risks. But how does this translate to the world of Content Management?
The advantages of Open Source systems go beyond simple cost savings. Content management by its very nature requires a significant level of customisation and integration to meet business requirements. By not prohibiting the inspection and modification of the source code, Open Source enables a level of flexibility not available with proprietary systems.
Open Source enables you to leverage a culture of trust and openness, rather than secrecy. By having access to the source code, a customer can be safe in the knowledge that everything that the software vendor was intended to deliver can be independently verified.
In this talk you will learn how the Open Source community works, how its distributed nature makes it more resilient, and how you can become a part of it and benefit. We will cover the key criteria to consider when evaluating which Open Source CMS is the right fit for your requirements.
All Things Open 2014 - Day 1
Wednesday, October 22nd, 2014
Jason Hibbets
Director of OpenSource.com
Midday Keynote
How Raleigh Became an Open Source City
All Things Open 2014 - Day 2
Thursday, October 23rd, 2014
Doug Turnbull
Search & Big Data Architect for OpenSource Connections
Databases
Stop Worrying & Love the SQL - A Case Study
Developing Apps for Google Glass Using Javascript & RubyAll Things Open
All Things Open 2014 - Day 1
Wednesday, October 22nd, 2014
Lance Gleason
Founder/Lead Architect for Polyglot Programming
Trending/Hardware
Developing Apps for Google Glass Using Javascript & Ruby
Find more by Lance here: https://speakerdeck.com/lgleason
Considerations for Operating an OpenStack CloudAll Things Open
All Things Open 2014 - Day 2
Thursday, October 23rd, 2014
Mark Voelker
Technical Leader with Cisco
Cloud/OpenStack
Considerations for Operating an OpenStack Cloud
What Does Big Data Really Mean for Your Business?All Things Open
All Things Open 2014 - Day 1
Wednesday, October 22nd, 2014
Leslie Hawthorn
Director of Developer Relations for Elasticsearch
Big Data
What Does Big Data Really Mean for Your Business?
JavaScript and Internet Controlled Hardware PrototypingAll Things Open
All Things Open 2014 - Day 1
Wednesday, October 22nd, 2014
Jonathan LeBlanc
Emmy Award Winning Engineer for PayPal
Trending/Hardware
JavaScript and Internet Controlled Hardware Prototyping
Find more by Jonathan here: http://www.slideshare.net/jcleblanc
All Things Open 2014 - Day 2
Thursday, October 23rd, 2014
Michael DeHaan
CTO with Ansible
Greg DeKoenigsberg
VP Community with Eucalyptus Systems
DevOps
Ansible - 1,000,000 Downloads and Counting
Find more by Greg here: http://www.slideshare.net/gregdekoenigsberg
All Things Open 2014 - Day 1
Wednesday, October 22nd, 2014
Jason Hare
Director of Open Data of the Open Data Institute
Open Government/Open Data
Sustainable Open Data Markets
Trademarks and Your Free and Open Source Software ProjectAll Things Open
All Things Open 2014 - Day 1
Wednesday, October 22nd, 2014
Karen Sandler
CEO of Software Freedom Conservancy
Business
Trademarks and Your Free and Open Source Software Project
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Black Duck by Synopsys
It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the CVE (Common Vulnerabilities and Exposures) gap be closed? The GDPR (General Data Protection Regulation) is bearing down on us like a freight train, and it’s past time to include open source security into your GDPR plans.
Plus, an intro to the Open Hub community, looking at security for blockchain apps, and best practices for open source security in container environments are all featured in this week’s cybersecurity and open source security news.
OSCON 2018 Getting Started with Hyperledger IndyTracy Kuhrt
Presented at OSCON 2018. Hyperledger Indy is a distributed ledger built for decentralized identity and is one of the open source frameworks hosted by Hyperledger. It provides tools, libraries, and reusable components for creating and using independent digital identities rooted on blockchains or other distributed ledgers. In this presentation, I introduce The Linux Foundation and Hyperledger. We look at Decentralized Identity Concepts -- identity models, decentralized identity, zero-knowledge proofs, and verifiable credentials. We look at a demo that utilizes Hyperledger Indy and these concepts. We then look at Hyperledger Indy's software stack and roadmap and touch on how you can get involved.
The FIDO Alliance Today: Status and NewsFIDO Alliance
The FIDO Alliance invites you to learn how simplify strong authentication for web services.
This presentation was part of our FIDO Alliance Seminar in Tokyo, Japan, in November, 2015.
Information Flow Control as a Service on Cloud Systemdbpublications
Security as a Service for cloud system are increasing in every prospect since the beginning of the Cloud. Applications on cloud or internet are available everywhere and its access able to anyone who has internet accessibility, there for security for such applications are required there for security maintainers are available from anti-virus, security event management services, authentication, anti-malware and intrusion detection. These security applications maintain the security of such applications but those security solutions will come at a cost which are mostly costly not all internet or cloud users can afford. Hence Information Flow Control as a Services on Cloud Systems has been introduced which will bring a solution for any vulnerability in applications which are available on cloud.Information Flow Control as a Service on cloud System basically based on third party which is trusted party for checking and searching applications’ metadata or source code for vulnerability if any application that is designed or developed in any particular programming language IFCaaS will check that particular application and match them with specific programming language dictionary which has been provided for different types of programming language.
At the Synopsys Security Event - Israel, Tim Mackey, Senior Technical Evangelist at Black Duck by Synopsys presents on open source and containers. For more information, please visit our website at www.synopsys.com/software.
Guy Martin, OIC Head of Digital Marketing, discusses the need for app standards within IoT, and how OIC is structured to begin delivering on a cross-platform common communications layer.
Presented at All Things Open 2022
Presented by Andrew Zigler
Title: Open Source All The Things
Abstract: Open source software is increasingly becoming the number one choice for software developers worldwide because it's considered best in class for its improved security, extensibility and customization, and high-quality tooling. Wouldn’t it be great if your entire software development lifecycle could take place on open source software?
The good news is that it absolutely can! Modern open source tools give your development team everything they need to be productive, from initial planning to production deployment. In this session, you’ll learn how to use 100% open source software to set up a complete development pipeline that includes source code management, CI/CD, service monitoring and notifications, team communications and collaboration, project and task management, and process automation. Attendees will come away with an arsenal of tools they can deploy for their team to become more efficient at the software development process.
Target Audience:
Anyone who works on a software development team and wants to find ways to make their team more productive and facilitate better collaboration. This session is ideal for developers and technical managers who want to use open source tools to reduce context switching and increase the focus time they have to write code.
Open Source & What It Means For Self-Sovereign Identity (SSI)Evernym
Open source and open standards have been two pillars of self-sovereign identity since the beginning. Only by breaking down barriers to both development and production can we ensure that SSI works for everyone, everywhere.
Openness is also at the core of how Evernym operates, and our motivation for launching Sovrin, subsequently donating Hyperledger Indy to the world, and more recently, open-sourcing our own products.
In this webinar, we covered:
- The importance of open source software, and why it's needed for self-sovereign identity
- The open source tools available today, from Hyperledger Indy and Aries to Evernym's Verity
- What Evernym's open-sourcing of Verity means for developers
- Getting started with either open source or our free Sandbox plan
Decentralised Trust: power to the end-user (Jean-Michel Crom, Orange Labs)
Presented at TADSummit 2016, 15-16 Nov, in Stream 3: Project reTHINK: Decentralised Communications
It will be a quick intro about Cloud Security Alliance (CSA). Overview of current cloud security research, events and other opportunities are covered. We will touch cloud security related certifications (for professionals and companies that provide cloud offerings)/ CSA Lviv Chapter membership and active participation will be discussed as well.
How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Join Black Duck and our customer experts on best practices for application security in DevOps.
You’ll learn:
-New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments
-Best practices for designing and incorporating an automated approach to application security into your existing development environment
-Future development and application security challenges organizations will face and what they can do to prepare
Implementing Digital Signatures in an FDA-Regulated EnvironmentPerficient, Inc.
Perficient’s life sciences practice once had a manual, time-consuming and expensive process for signing and collecting validation documents. From handwritten signatures to scanning and shipping documents all over the globe, it was only a matter of time before we made the move to 21 CFR Part 11-compliant digital signatures.
Michelle Engler, an expert in the development of clinical applications, discussed our experience implementing a digital signature solution and how your organization can benefit from one too.
During the presentation, we will covered:
-Cost-benefit analysis
-Solution selection and implementation
-21 CFR Part 11 system validation
-Lessons learned
Similar to Why Governments Depend on Open Source for Secure, Private Email (20)
Building Reliability - The Realities of ObservabilityAll Things Open
Presented at the ATO RTP Meetup
Presented by Jeremy Proffit, Director of DevSecOps & SRE for Customer Care and Communications, Ally
Title: Building Reliability - The Realities of Observability
Abstract: Join me as we discuss true observability, learn what works and what doesn't. We'll not only discuss dashboards, monitoring and alerting, but how these can be built by automation or included in your IAC modules. We'll talk about how to properly alert staff based on priority to keep your staff and yourself sane. And even discuss architecture and how it impacts reliably and why serverless isn't always the best at being reliable.
Presented at the ATO RTP Meetup
Presented by Peter Zaitsev, Founder of Percona
Title: Modern Database Best Practices
Abstract: There are now more Database choices available for developers than ever before - there are general purpose databases and specialized databases, single node and distributed databases, Open Source, Proprietary databases and databases available exclusively in the cloud. In this presentation we will cover the best practices of choosing database(s) for your applications, best practices as it comes to application development as well as managing those databases to achieve best possible performance, security, availability at the lowest cost.
All Things Open 2023
Presented at All Things Open 2023
Presented by Deb Bryant - Open Source Initiative, Patrick Masson - Apereo Foundation, Stephen Jacobs - Rochester Institute of Technology, Ruth Suehle - SAS, & Greg Wallace - FreeBSD Foundation
Title: Open Source and Public Policy
Abstract: New regulations in the software industry and adjacent areas such as AI, open science, open data, and open education are on the rise around the world. Cyber Security, societal impact of AI, data and privacy are paramount issues for legislators globally. At the same time, the COVID-19 pandemic drove collaborative development to unprecedented levels and took Open Source software, open research, open content and data from mainstream to main stage, creating tension between public benefit and citizen safety and security as legislators struggle to find a balance between open collaboration and protecting citizens.
Historically, the open source software community and foundations supporting its work have not engaged in policy discussions. Moving forward, thoughtful development of these important public policies whilst not harming our complex ecosystems requires an understanding of how our ecosystem operates. Ensuring stakeholders without historic benefit of representation in those discussions becomes paramount to that end.
Please join our open discussion with open policy stakeholders working constructively on current open policy topics. Our panelists will provide a view into how oss foundations and other open domain allies are now rising to this new challenge as well as seizing the opportunity to influence positive changes to the public’s benefit.
Topics: Public Policy, Open Science, Open Education, current legislation in the US and EU, US interest in OSS sustainability, intro to the Open Policy Alliance
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Weaving Microservices into a Unified GraphQL Schema with graph-quilt - Ashpak...All Things Open
Presented at All Things Open 2023
Presented by Ashpak Shaikh & Lucy Shen - Intuit
Title: Weaving Microservices into a Unified GraphQL Schema with graph-quilt
Abstract: The magic of GraphQL is that it provides data access through a single endpoint—clean and easy. But as the number of GraphQL microservices your tech stack depends on starts to grow, that single-endpoint purpose becomes a new multi-endpoint problem. Ideally, we would have an orchestrator that could aggregate schemas from multiple microservices into a unified GraphQL schema and route the requests to the appropriate microservice.
Enter graph-quilt, an open source Java library that provides recursive schema stitching and Apollo Federation style schema composition. In this talk, we’ll walk through our GraphQL journey and show you how to use graph-quilt to simplify your data orchestration needs. We will also share our open sourced reference implementation of a highly performant graph-quilt gateway currently being used in production here at Intuit, where we’ve had incredible success in scaling the gateway with 50+ microservices and 150+ clients.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
The State of Passwordless Auth on the Web - Phil NashAll Things Open
Presented at All Things Open 2023
Presented by Phil Nash - Sonar
Title: The State of Passwordless Auth on the Web
Abstract: Can we get rid of passwords yet? They make for a poor user experience and users are notoriously bad with them. The advent of WebAuthn has brought a passwordless world closer, but where do we really stand?
In this talk we'll explore the current user experience of WebAuthn and the requirements a user has to fulfil to authenticate without a password. We'll also explore the fallbacks and safeguards we can use to make the password experience better and more secure. By the end of the session you'll have a vision of how authentication could look in the future and a blueprint for how to build the best auth experience today.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Total ReDoS: The dangers of regex in JavaScriptAll Things Open
Presented at All Things Open 2023
Presented by Phil Nash - Sonar
Title: Total ReDoS: The dangers of regex in JavaScript
Abstract: Regular expressions are complicated and can be hard to learn. On top of that, they can also be a security risk; writing the wrong pattern can open your application up to denial of service attacks. One token out of place and you invite in the dreaded ReDoS.
But how can a regular expression cause this? In this talk we’ll track down the patterns that can cause this trouble, explain why they are an issue and propose ways to fix them now and avoid them in the future. Together we’ll demystify these powerful search patterns and keep your application safe from expressions that behave in a way that is anything but regular.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
What Does Real World Mass Adoption of Decentralized Tech Look Like?All Things Open
Presented at All Things Open 2023
Presented by Karl Mozurkewich - Storj
Title: What Does Real World Mass Adoption of Decentralized Tech Look Like?
Abstract: We delve into the transformative potential of decentralized technology. Beginning with a brief overview of the rise of centralization with the advent of the internet and the counter-shift marked by blockchain we explore the intrinsic characteristics of decentralized and distributed systems, such as trustless operations, peer-to-peer networks, and enterprise application scalability. Various sectors, including finance, supply chains, media and entertainment, data science and cloud infrastructure are on the brink of disruption. The societal implications are vast, with the potential for greater individual empowerment, a greener planet and more viable resource utilization, but concerns about data security persist.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Anastasia Lalamentik - Kaleido
Title: How to Write & Deploy a Smart Contract
Abstract: In this talk, Anastasia Lalamentik, Full Stack Engineer at Kaleido, will walk through how Ethereum smart contracts work and go over related concepts like gas fees, the Ethereum Virtual Machine (EVM), the block explorer, and the Solidity programming language. This is vital to anyone who wants to build a blockchain app and is a great introduction to blockchain technology for newcomers to the space.
By the end of the talk, attendees will better understand how to:
- Write a simple smart contract
- Deploy their smart contract to an Ethereum test network through the latest tools like Hardhat and the MetaMask wallet
- Test interactions with their deployed smart contract and ensure that everything is working properly
Additionally, participants will get to interact with Anastasia's deployed smart contract at the end of the talk. Anastasia’s past talks have attracted and have been attended by a diverse group of participants with a range of experience in the space.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlowAll Things Open
Presented at All Things Open 2023
Presented by Paul Brebner - Instaclustr (by Spot by NetApp)
Title: Spinning Your Drones with Cadence Workflows, Apache Kafka and TensorFlow
Abstract: In this talk we’ll build a Drone delivery application, and then use it to do some Machine Learning “on the fly”.
In the 1st part of the talk, we'll build a real-time Drone Delivery demonstration application using a combination of two open-source technologies: Uber’s Cadence (for stateful, scheduled, long-running workflows), and Apache Kafka (for fast streaming data).
With up to 2,000 (simulated) drones and deliveries in progress at once this application generates a vast flow of spatio-temporal data.
In the 2nd part of the talk, we'll use this platform to explore Machine Learning (ML) over streaming and drifting Kafka data with TensorFlow to try and predict which shops will be busy in advance.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at the All Things Open 2023 Inclusion and Diversity in Open Source Event
Presented by Efraim Marquez-Arreaza - Red Hat
Title: DEI Challenges and Success
Abstract: In today's world, many companies and organizations have Diversity, Equity and Inclusion (DEI) communities. Red Hat Unidos is a DEI community focused on advocating for the Hispanic/Latine community. In this talk, we would like to share our challenges and success during the past 4-years and plans for the future.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Lydia Cupery - HubSpot
Title: Scaling Web Applications with Background Jobs: Takeaways from Generating a Huge PDF
Abstract: Do you need to perform time-consuming or CPU-intensive processes in your web application but are concerned about performance? That’s where background jobs come in. By offloading resource-intensive tasks to separate worker processes, you can improve the scalability of your web application.
In this talk, I'll share my experience of using background jobs to scale our web application. I'll discuss the challenges my team faced that led us to adopt background jobs. Then, I'll share practical tips on how to design background jobs for CPU-intensive or time-consuming processes, such as generating huge PDFs and batch emailing. I'll wrap up by going over the performance and cost tradeoffs of background jobs.
I'll use Typescript, Express, and Heroku as examples in this talk, but the concepts and best practices that I'll share are applicable to other languages and tools.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Robert Aboukhalil - CZI
Title: Supercharging tutorials with WebAssembly
Abstract: sandbox.bio is a free platform that features interactive command-line tutorials for bioinformatics. This talk is a deep-dive into how sandbox.bio was built, with a focus on how WebAssembly enabled bringing command-line tools like awk and grep to the web. Although these tools were originally written in C/C++, they all run directly in the browser, thanks to WebAssembly! And since the computations run on each user's computer, this makes the application highly scalable and cost-effective.
Along the way, I'll discuss how WebAssembly works and how to get started using it in your own applications. The talk will also cover more advanced WebAssembly features such as threads and SIMD, and will end with a discussion of WebAssembly's benefits and pitfalls (it's a powerful technology, but it's not always the right tool!).
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by K.S. Bhaskar - YottaDB LLC
Title: Using SQL to Find Needles in Haystacks
Abstract: Database journal files capture every update to a database. A database of a few hundred GB can generate GBs worth of journal files every minute at busy times. Troubleshooting and forensices, especially of rare and intermittent problems, such as which process made what update and when, is an exercise of finding needles in haystacks. A similar problem exists with syslogs. A solution is to load the journal files and syslogs into a database, and use SQL to query the database. Bhaskar will present and demonstrate this with a 100% FOSS stack.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Configuration Security as a Game of Pursuit InterceptAll Things Open
Presented at All Things Open 2023
Presented by Wes Widner - Automox
Title: Configuration Security as a Game of Pursuit Intercept
Abstract: In this session we will take a look at the emerging field of cloud security posture management and how we can approach the problem space using a class of board games known as pursuit/intercept. Using the game Scotland Yard as a visual illustration we'll explore the cognitive and technical limitations that all CSPM systems face and what you should look for when evaluating the strengths and weakness of CSPM vendors and approaches.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Carol Huang & Mike Fix - Stripe
Title: Scaling an Open Source Sponsorship Program
Abstract: We already know this: the open-source ecosystem needs further monetary investment from the companies that benefit most from it. Likewise, companies say they want to participate in these initiatives, but find it hard to dedicate resources to open source funding when there isn’t a clear ROI.
This talk discusses how the Open Source Program Office at Stripe built a scalable, sustainable open source sponsorship model that aligns internal company incentives with those of open source maintainers and the community at large. We go over the unique “platformization” of our OSPO that allowed us to create multiple funding models, such as BYOB (Bring Your Own Budget), and share lessons learned from this experience as well as other OSPOs.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Build Developer Experience Teams for Open SourceAll Things Open
Presented at All Things Open 2023
Presented by Arundeep Nagaraj - Amazon Web Services (AWS)
Title: Build Developer Experience Teams for Open Source
Abstract: Open Source has become the default strategy for many IT organizations and Enterprises. However, the constant challenge with Open Source leaders of these organizations has been -
How is my product's developer experience?
Is this the right metric to track?
How can I scale my team to support our products better?
How can I add automation to scale redundant workflows?
If my product involves working with developers, how can I scale to the complexity of the requests and reduce Engineering bandwidth?
The challenges within support of open source products continues to magnify depending on the end user persona whether they are consumers or contributors to your product. Consumers utilize your product, SDK's and API's and are blocked with using it or run into issues, whereas contributors are advanced users of your software that understands the codebase to provide a meaningful contribution back to the product.
The answer to the above is to look at Open Source support as a first-class citizen of your corporate support strategy. To employ the right level of developer focused support as opposed to traditional infrastructure based support is key to scale to the amount of developers using your product. Supporting customers in the open involves more than pure support - building customer / developer experiences (DX) in the open (across platforms and communities) that pivots over the ability of your product's users or developers to be focused on the end-to-end value add. This helps with your active developer growth and retention of users.
Key Takeaways:
- IT leaders of Open Source will learn to employ strategies to build a DX team that engages on multiple platforms
- Work on identifying accurate metrics for product and organization
- Innovate on platforms such as Discord to build a bot and a dashboard
- Ability to leverage customer feedback and iterate over the customer success flywheel
- Distinguish between DX and Developer Advocacy (DA)
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Presented at All Things Open 2023
Presented by Danny McCormick - Google
Title: Deploying Models at Scale with Apache Beam
Abstract: Apache Beam is an open source tool for building distributed scalable data pipelines. This talk will explore how Beam can be used to perform common machine learning tasks, with a heavy focus on running inference at scale. The talk will include a demo component showing how Beam can be used to deploy and update models efficiently on both CPUs and GPUs for inference workloads.
An attendee can expect to leave this talk with a high level understanding of Beam, the challenges of deploying models at scale, and the ability to use Beam to easily parallelize their inference workloads.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Sudo – Giving access while staying in controlAll Things Open
Presented at All Things Open 2023
Presented by Peter Czanik - One Identity
Title: Sudo – Giving access while staying in control
Abstract: Sudo is used by millions to control and log administrator access to systems, but using the default configuration only, there are plenty of blind spots. Using the latest features in sudo let you watch some previously blind spots and control access to them. Here are four major new features, which arrived since the 1.9.0 release, allowing you see your blind spots:
- configuring a working directory or chroot within sudo often makes full shell access redundant
- JSON-formatted logs give you more details on events and are easier to act on
- relays in sudo_logsrvd make session recording collection more secure and reliable
- you can log and control sub-commands executed by the command run through sudo
Let us take a closer look at each of these.
Previously, there were quite a few situations where you had to give users full shell access through sudo. Typical examples include when you need to run a command from a given directory, or running commands in a chroot environment. You can now configure the working directory or the chroot directory and give access only to the command the user really needs.
Logging is a central role of sudo, to see who did what on the system. Using JSON-formatted log messages gives you even more information about events. What is even more: structured logs are easier to act on. Setting up alerting for suspicious events is much easier when you have a single parser to configure for any kind of sudo logs. You can collect sudo logs not only by local syslog, but also by using sudo_logsrvd, the same application used to collect session recordings.
Speaking of session recordings: instead of using a single central server, you can now have multiple levels of sudo_logsrvd relays between the client and the final destination. This allows session collection even if the central server is unavailable, providing you with additional security. It also makes your network configuration simpler.
Finally, you can log sub-commands executed from the command started through sudo. You can see commands started from a shell. No more unnoticed shell access from text editors. Best of all: you can also intercept sub-commands.
These are just a few of the most prominent features helping you to watch and control previous blind spots on your systems. See these and other possibilities in action in some live demos during our presentation.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Fortifying the Future: Tackling Security Challenges in AI/ML ApplicationsAll Things Open
Presented at All Things Open 2023
Presented by Christine Abernathy - F5, Inc.
Title: Fortifying the Future: Tackling Security Challenges in AI/ML Applications
Abstract: As Artificial Intelligence (AI) and Machine Learning (ML) applications continue to surge, it is crucial to be aware of and address the security risks associated with these technologies. In this talk, Christine will explore AI/ML failure modes, threats, and mitigation strategies. She will guide you through the fundamentals of ML models then introduce you to key security challenges such as adversarial attacks, data poisoning, model inversion, model stealing, and membership inference attacks, using real-world examples to demonstrate their potential impact.
Christine will also discuss privacy and ethical considerations in ML, touching upon techniques like federated learning and shedding light on the current regulatory landscape surrounding security risks. If you are developing AI/ML applications or incorporating AI/ML components into your technology stack, check out this talk. You will walk away with a deeper understanding of the current AI/ML security landscape and a toolkit to help you address these risks, enabling you to build safer, more secure, and privacy-aware applications.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
Securing Cloud Resources Deployed with Control Planes on Kubernetes using Gov...All Things Open
Presented at All Things Open 2023
Presented by Carlos Santana - AWS
Title: Securing Cloud Resources Deployed with Control Planes on Kubernetes using Governance and Policy as Code
Abstract: Are you concerned about the security of your cloud resources deployed on Kubernetes? Are you struggling to ensure compliance with regulatory requirements while managing your cloud infrastructure? If yes, then this talk is for you!
We will discuss how to secure cloud resources deployed with Crossplane on Kubernetes using Governance and Policy as Code. We will explore how to leverage Governance and Policy as Code tools like Rego, Kyverno, and OPA to ensure security and compliance.
By the end of this talk, you will have a better understanding of the challenges associated with securing cloud resources deployed with Crossplane or ACK on Kubernetes, the importance of Governance and Policy as Code in ensuring security and compliance, and why it is critical to use open source and open standards in these technologies.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
8. Community
Code
Extensions
② Reduced Cost
October 22, 2014 8
Open Source ProjectOpen Source Community
*Industry standard: ~$10 - $20 / line of code
Source: Black Duck Software | Cost, Freedom and Control: The Dividends of Migrating to Open Source
Force
Multiplier
Patches
Add-ons
Modules
Products
Support
Security
OS
Core
OS
Core
9. ③ Product Customization & Flexibility
October 22, 2014 9
The core open source product
+
Product extensions into
your unique environment
The products you want to use
& the solutions you need=
Community Code Extensions
OS
Core
10. ④ Advanced Interoperability
October 22, 2014 10
*Source: According to Black Duck’s Future of Open Source Survey, 2014
Quote: U.S. Digital Services Playbook | Play 8 “Choose a modern technology stack”
68%
Believe Open APIs will reinforce
OSS growth/adoption*
“digitalservicesteamsshouldconsiderusingopensource,cloudbased,
andcommoditysolutionsacrossthetechnologystack”
11. ⑤ Improved Quality
October 22, 2014 11
given enough eyeballs, all bugs are shallow
*Source: According to Black Duck’s Future of Open
Source Survey, 2014 Quote: Linus’ Law
8/10
choose open source based on quality*
13. US Government’s Embrace of OSS
October 22, 2014 13
“Whenwecollaborateintheopen
andpublishourdatapublicly
wecanimprovegovernmenttogether.”
“WhiletheU.S.governmenthas,todate
notissuedguidancerequiringapreferencefor
opensource,ithasclearlyindicatedthat
opensourceproductsaretobegivenat
leastasmuchpreferenceasproprietary
products.”
Quote: U.S. Digital Services Playbook | Play 13 “Default to Open”
Quote: Opensource.com
14. October 22, 2014 14
US Government’s Embrace of OSS
(http://gov-oss.org/)
15. ⑥ Community Involvement
October 22, 2014 15
Top 10 US government organizations using open source
+400
repositories
Source: http://www.govcode.org/stats
16. ⑦ Reusability
October 22, 2014 16
“…allow the public to easily provide fixes and
contributions, and enable reuse by entrepreneurs,
nonprofits, other agencies, & the public.”
= “GitGov”
reusable platform for agencies to rapidly build government services
18. October 22, 2014 18
DHS & the SWAMP = Quality
“…with hundreds of open source software packages
and multiple software assurance tools, we will
improve the community’s understanding of and
access to state-of-the-art software assurance.”
Source: govtech.com
Quote: continuousassurance.org, about us, “outputs”
19. ⑧ Compliance
October 22, 2014 19
Source: PWC, State of Compliance: 2013 Survey
32% rated
Data Privacy &
Confidentiality
the #1
perceived risk
to compliance
Compliance requires…
-> flexibility & customization
-> transparency & auditability
-> open standards & APIs
-> robust security & privacy
20. Summary of Reasons to Use Open Source
① Transparency/Auditability
② Community Involvement
③ Reduced Cost
④ Product Customization & Flexibility
⑤ Advanced Interoperability
⑥ Improved Quality
⑦ Re-Usability
⑧ Compliance
October 22, 2014 20
22. Government & Email Security
Federal Information Processing Standards (FIPS): consistent
use of security & communication guidelines through open standards
• Data Privacy
1. At-rest & in-motion encryption
2. End-to-end encryption
• Identity
1. Digital signature
2. 2-factor authentication
Open source email leverages open standards to provide compliant
cryptographic modules for data encryption
October 22, 2014 22
23. Tenets for Secure Collaboration
October 22, 2014 23
Ability to integrate 2FA & encryption
Ability to provide control over data &
hosting location
Ability to provide transparency on code
base
24. October 22, 2014 24
Over 1,000 government & financial
institutions rely on Zimbra to protect the
security & privacy of their collaboration data.