Today's API description languages are great but they don't go far enough to stop you from breaking your API consumers. How should you decide what to do?
Your API spec isn't worth the paper it's written onGareth Jones
You can break your customers almost as easily with a well specified API as with an unspecified one. See examples of how, and what you can do to mitigate the problem.
App Indexing allows apps to be indexed by Google Search, improving discoverability and increasing installs. To implement App Indexing, developers must add intent filters to the app manifest and handle intents in code. They can also restrict indexing or connect the app to a website. Once set up, App Indexing enables features like query autocomplete and Google Now cards to further boost engagement.
Deployment with Elastic Beanstalk at Edinburgh Startup EventAmazon Web Services
In this talk from the AWS Startup Event in Edinburgh, AWS Technical Evangelist Ian Massingham introduces deployment of Docker container with AWS Elastic Beanstalk.
App-Aware Security Testing with Spirent Avalanche NEXTSailaja Tennati
How much security is enough? How to balance performance and security? How to be confident you have the latest content? How real is real-world traffic? These are only some of the many question network operators and security devices vendors ask. Spirent’s latest new powerful and easy to use security testing solution, Spirent Avalanche NEXT generates realistic traffic and attacks to test the performance, scalability and security of today’s application-aware network infrastructure. This short presentations offer a quick overview of this product. How much security is enough? How to balance performance and security? How to be confident you have the latest content? How real is real-world traffic? These are only some of the many question network operators and security devices vendors ask. Spirent’s latest new powerful and easy to use security testing solution, Spirent Avalanche NEXT generates realistic traffic and attacks to test the performance, scalability and security of today’s application-aware network infrastructure. This short presentations offer a quick overview of this product.
Your API Spec Isn’t Worth the Paper It’s Written OnNordic APIs
I’m provoking you with my title. The API definition wars are over. We’re all in OAS seventh heaven. We’re complacent.
But why were we establishing specs in the first place? We want to make our customers happy by NOT FREAKING BREAKING THEM right?
But we still hear that we are? So what are we missing?
I’ll talk about a basket of ways you can break your customers whilst still adhering to your API spec perfectly.
Attendees will leave very worried that they may have broken their customers and just maybe determined not to do so again.
This document discusses using an event-driven microservices architecture with messaging to build applications for the Utah Department of Alcohol Control. It outlines some issues with an initial REST-based approach, such as tight coupling and lack of scalability. The document then presents an alternative event-driven approach using messaging to decouple services and allow independent scaling. It highlights benefits like resilience and reduced network costs, as well as considerations for using an event-driven style.
Your API spec isn't worth the paper it's written onGareth Jones
You can break your customers almost as easily with a well specified API as with an unspecified one. See examples of how, and what you can do to mitigate the problem.
App Indexing allows apps to be indexed by Google Search, improving discoverability and increasing installs. To implement App Indexing, developers must add intent filters to the app manifest and handle intents in code. They can also restrict indexing or connect the app to a website. Once set up, App Indexing enables features like query autocomplete and Google Now cards to further boost engagement.
Deployment with Elastic Beanstalk at Edinburgh Startup EventAmazon Web Services
In this talk from the AWS Startup Event in Edinburgh, AWS Technical Evangelist Ian Massingham introduces deployment of Docker container with AWS Elastic Beanstalk.
App-Aware Security Testing with Spirent Avalanche NEXTSailaja Tennati
How much security is enough? How to balance performance and security? How to be confident you have the latest content? How real is real-world traffic? These are only some of the many question network operators and security devices vendors ask. Spirent’s latest new powerful and easy to use security testing solution, Spirent Avalanche NEXT generates realistic traffic and attacks to test the performance, scalability and security of today’s application-aware network infrastructure. This short presentations offer a quick overview of this product. How much security is enough? How to balance performance and security? How to be confident you have the latest content? How real is real-world traffic? These are only some of the many question network operators and security devices vendors ask. Spirent’s latest new powerful and easy to use security testing solution, Spirent Avalanche NEXT generates realistic traffic and attacks to test the performance, scalability and security of today’s application-aware network infrastructure. This short presentations offer a quick overview of this product.
Your API Spec Isn’t Worth the Paper It’s Written OnNordic APIs
I’m provoking you with my title. The API definition wars are over. We’re all in OAS seventh heaven. We’re complacent.
But why were we establishing specs in the first place? We want to make our customers happy by NOT FREAKING BREAKING THEM right?
But we still hear that we are? So what are we missing?
I’ll talk about a basket of ways you can break your customers whilst still adhering to your API spec perfectly.
Attendees will leave very worried that they may have broken their customers and just maybe determined not to do so again.
This document discusses using an event-driven microservices architecture with messaging to build applications for the Utah Department of Alcohol Control. It outlines some issues with an initial REST-based approach, such as tight coupling and lack of scalability. The document then presents an alternative event-driven approach using messaging to decouple services and allow independent scaling. It highlights benefits like resilience and reduced network costs, as well as considerations for using an event-driven style.
Set Your Content Free! : Case Studies from Netflix and NPRDaniel Jacobson
Last Friday (February 8th), I spoke at the Intelligent Content Conference 2013. When Scott Abel (aka The Content Wrangler) first contacted me to speak at the event, he asked me to speak about my content management and distribution experiences from both NPR and Netflix. The two experiences seemed to him to be an interesting blend for the conference. These are the slides from that presentation.
I have applied comments to every slide in this presentation to include the context that I otherwise provided verbally during the talk.
The document discusses several new AWS networking features:
1) Inter-region VPC peering allows private connectivity between VPCs in different AWS regions. Previously this required complex VPN connectivity.
2) Security groups can now include descriptive text for each rule to improve manageability.
3) VPC CIDR blocks can be expanded to include up to 5 IP ranges, allowing existing VPCs to scale. Previously the CIDR size was fixed.
4) AWS Direct Connect now supports gateways, allowing a single connection to reach resources globally instead of just in the local region. Previously each connection was limited to one region.
5) A new Network Load Balancer provides high performance for TCP workloads in a VPC
Micrsoft Ignite Toronto - BRK3508 - 8 Cloud Design Patterns you ought to knowTaswar Bhatti
Microsoft Ignite Toronto Tour - 8 Cloud Design Pattern you ought to know,.
In software engineering, a design pattern is a general repeatable solution to a commonly occurring problem in software design.
You probably know about the GoF patterns, but did you know there are also Cloud Design Patterns solutions to a commonly occurring problem when building applications in the Cloud.
In this Talk we will go through 8 Cloud Design Patterns that will help you in your Design and Implementation, Data Management, Resiliency and Security; namely
- External Configuration
- Cache Aside
- Federated Identity
- Valet Key
- Gatekeeper
- Circuit Breaker
- Retry
- Strangler
DevOpsDays Baltimore 2018: A Definition of Done for DevSecOps - Gene GotimerDevOpsDays Baltimore
DevOps cannot be achieved without considering many different aspects of software quality, including security. The term DevSecOps was developed to highlight that security was being focused on as part of the pipeline, not a second-class citizen.
Fortunately, DevOps and continuous delivery practices give us opportunities to add different types of security testing to our pipeline so that security can be part of our definition of done. Continuous integration can invoke static analysis tools to test for simple security errors and check if components with known vulnerabilities are being used. Automated deployments and virtualization make dynamic environments available for testing in a production-like setting. Regression test suites can be used to drive traffic through proxies for security analysis. From the code to the systems where the software is being deployed, the process can make sure that security best practices are followed and insecure software is not being produced.
Gene will talk about how to construct a definition of done that focuses on security along with other types of quality in a DevOps pipeline. He will discuss how to define security practices and criteria that are appropriate for our teams and our projects to be confident that we are doing DevSecOps, and how those practices and criteria might mature over time.
Graph API Strategies: CQRS for the API EconomyGareth Jones
This document summarizes Gareth Jones' presentation on Graph API strategies. It discusses using CQRS and Graph APIs to enable self-service and sustain API velocity. Three Graph API approaches are mentioned: GraphQL, OData, and JSONAPI.org. CQRS with a document store and relationship store is presented as a way to separate commands and queries for API sustainability.
Top 10 Lessons Learned from the Netflix API - OSCON 2014Daniel Jacobson
The document discusses lessons learned from Netflix's API strategy over time. It notes that Netflix started with a focus on growing a community of public developers but now prioritizes ensuring subscribers can stream. It also discusses separating concerns between API providers and consumers, embracing differences in audiences, being pragmatic over dogmatic in API decisions, enabling fast iteration, planning for failures, and scaling infrastructure to match growth.
SpringOne Platform 2017
Ryan Baxter, Pivotal
You have heard and seen great things about Spring Cloud and you decide it is time to dive in and try it out yourself. You fire up your browser head to Google and land on the Spring Cloud homepage. Then it hits you, where do you begin? What do each of these projects do? Do you need to use all of them or can you be selective? The number of projects under the Spring Cloud umbrella has grown immensely over the past couple of years and if you are a newcomer to the Spring Cloud ecosystem it can be quite daunting to sift through the projects to find what you need. By the end of this talk you will leave with a solid understanding of the Spring Cloud projects, how to use them to build cloud native apps, and the confidence to get started!
AWS STARTUP DAY 2018 I If, how and when to adopt microservicesAWS Germany
The document discusses adopting a microservices architecture and provides guidance on when and how to transition from a monolithic architecture. It notes that monoliths can work well for simple applications but don't scale as the application and company grow. It then outlines some of the challenges of monolithic architectures including long development cycles and difficulty adding new features. The document introduces microservices as a way to decompose an application into smaller, independent services. It provides examples of microservice anatomy and principles for designing microservices including using appropriate tools, secure service communication, and being considerate within the ecosystem. Finally, it acknowledges that transitioning to microservices is a journey that requires planning and coordination.
The document discusses Spring Cloud Gateway, an API gateway solution for microservices architectures. It begins with an overview of what an API gateway is and its responsibilities. It then covers the basics of Spring Cloud Gateway, including its reactive foundation and routing capabilities using predicates, filters and handlers. The document also discusses design decisions around embedded, facade and cross-cutting gateway patterns. It concludes with a demo of a sample Spring Cloud Gateway configuration routing requests to back services.
DevOps for a Mobile World: Building an iOS or Android Mobile App in the Cloud...Amazon Web Services
Have you ever thought about building a mobile app, but you’re daunted by the technology? Join this session to learn the basics of building native cloud-enabled mobile apps with AWS Mobile Hub. Learn about the tools you need, and then follow along to learn how to build your first mobile app. Understand what AWS offers for mobile app developers, and learn how to build a native app and distribute it through AWS Mobile Hub.
The document discusses microservices and principles for designing services. It describes that microservices advocate creating a system from small, isolated services that each own their data and are scalable and resilient. It outlines four principles: [1] services only rely on each other's public APIs; [2] using the right tool for the job; [3] securing services with defense-in-depth; and [4] being collaborative within the ecosystem.
Crystal clear service interfaces w/ Swagger/OpenAPIScott Triglia
Learn how to better communicate between Python services. We'll use simple-to-follow examples and go from a service with undocumented endpoints to one which has full docs and validation on requests. Learn how to use Swagger tooling for python, including the bravado (client) and pyramid_swagger (server) libraries. In the end, you'll (hopefully!) find nirvana and make the machines do all the hard work for you.
The document discusses Spring Cloud Gateway and API gateways. It provides an overview of what an API gateway is and its responsibilities, including routing, security, monitoring, resiliency and more. It then details the basics of Spring Cloud Gateway, including its reactive foundation and gateway flow involving predicates, filters and handlers. Finally, it discusses design decisions and provides a demo of Spring Cloud Gateway routing requests between services and integrating with Cloud Foundry.
Spyros Garyfallos [Microsoft] | Deploy, Monitor and Manage Your High-Value AI...InfluxData
The document discusses deploying, monitoring, and managing AI workloads at the edge using Azure IoT Edge and InfluxData. It describes how the edge addresses limitations of cloud computing like bandwidth, latency, and privacy concerns by processing data closer to where it is generated. It provides an overview of Azure IoT Edge for building and deploying edge applications and explains how InfluxDB and Telegraf can be used with IoT Edge for collecting and storing IoT sensor data and running queries and machine learning models on that data at the edge.
This is a presentation that I gave to ESPN's Digital Media team about the trajectory of the Netflix API. I also discussed Netflix's device implementation strategy and how it enables rapid development and robust A/B testing.
The document discusses serverless computing and provides an overview of serverless technologies. It begins with an example of how a developer can build an application without servers using AWS serverless services like API Gateway, Lambda, DynamoDB, and S3. It then discusses serverless benefits like automatic scaling, pay per use, and easier management. The rest of the document demonstrates how to develop, deploy, customize and connect serverless applications, including using AWS services for IDEs, CI/CD pipelines, logging, and connecting to enterprise systems and databases. It also covers GraphQL and AWS AppSync for building real-time data APIs on serverless.
The document discusses serverless computing and how it can help developers build applications. It describes how a developer can build a serverless web app using Amazon API Gateway, AWS Lambda, Amazon DynamoDB, and Amazon S3. It then discusses how the developer can customize and share the app using AWS Cloud9 and AWS CodePipeline for continuous integration and delivery. Finally, it covers how the developer can connect the serverless application to enterprise systems like databases and services running in a VPC by using features like API Gateway private integrations and Lambda concurrency controls.
Living on the Edge With Spring Cloud Gateway - Cora IberkleidVMware Tanzu
The document discusses Spring Cloud Gateway, an API gateway solution for microservices architectures. It begins with an overview of API gateway basics and responsibilities. It then covers the foundations and reactive design of Spring Cloud Gateway, including its use of predicates, filters and handlers to process requests. The document outlines some design considerations for different types of gateways and demos Spring Cloud Gateway's capabilities for service discovery, circuit breaking and routing across multiple services. It also previews using the gateway on Cloud Foundry for subscription-based access control and centralized management of concerns like authentication and rate limiting.
The document discusses Microsoft's education platform and opportunities for integration by education apps and systems. It provides an overview of key Microsoft education products like Office 365, Teams, OneNote Class Notebooks, and the Microsoft Store for Education. It outlines various integration points like single sign-on, roster integration, and using tabs, bots, and connectors within Teams. The document encourages developers to build progressive web apps, integrate with APIs for assignments and grades, and provide a personalized call to action for different education roles. It concludes by announcing upcoming features and capabilities on the Microsoft education platform.
Graph API Strategies: CQRS for the sustainable API economyGareth Jones
Self-service change management will power the second wave of the API economy.
Use Graph APIs and REST side by side to implement change-as-a-service for your query customers.
More Related Content
Similar to Your API description isn't worth the paper it's written on
Set Your Content Free! : Case Studies from Netflix and NPRDaniel Jacobson
Last Friday (February 8th), I spoke at the Intelligent Content Conference 2013. When Scott Abel (aka The Content Wrangler) first contacted me to speak at the event, he asked me to speak about my content management and distribution experiences from both NPR and Netflix. The two experiences seemed to him to be an interesting blend for the conference. These are the slides from that presentation.
I have applied comments to every slide in this presentation to include the context that I otherwise provided verbally during the talk.
The document discusses several new AWS networking features:
1) Inter-region VPC peering allows private connectivity between VPCs in different AWS regions. Previously this required complex VPN connectivity.
2) Security groups can now include descriptive text for each rule to improve manageability.
3) VPC CIDR blocks can be expanded to include up to 5 IP ranges, allowing existing VPCs to scale. Previously the CIDR size was fixed.
4) AWS Direct Connect now supports gateways, allowing a single connection to reach resources globally instead of just in the local region. Previously each connection was limited to one region.
5) A new Network Load Balancer provides high performance for TCP workloads in a VPC
Micrsoft Ignite Toronto - BRK3508 - 8 Cloud Design Patterns you ought to knowTaswar Bhatti
Microsoft Ignite Toronto Tour - 8 Cloud Design Pattern you ought to know,.
In software engineering, a design pattern is a general repeatable solution to a commonly occurring problem in software design.
You probably know about the GoF patterns, but did you know there are also Cloud Design Patterns solutions to a commonly occurring problem when building applications in the Cloud.
In this Talk we will go through 8 Cloud Design Patterns that will help you in your Design and Implementation, Data Management, Resiliency and Security; namely
- External Configuration
- Cache Aside
- Federated Identity
- Valet Key
- Gatekeeper
- Circuit Breaker
- Retry
- Strangler
DevOpsDays Baltimore 2018: A Definition of Done for DevSecOps - Gene GotimerDevOpsDays Baltimore
DevOps cannot be achieved without considering many different aspects of software quality, including security. The term DevSecOps was developed to highlight that security was being focused on as part of the pipeline, not a second-class citizen.
Fortunately, DevOps and continuous delivery practices give us opportunities to add different types of security testing to our pipeline so that security can be part of our definition of done. Continuous integration can invoke static analysis tools to test for simple security errors and check if components with known vulnerabilities are being used. Automated deployments and virtualization make dynamic environments available for testing in a production-like setting. Regression test suites can be used to drive traffic through proxies for security analysis. From the code to the systems where the software is being deployed, the process can make sure that security best practices are followed and insecure software is not being produced.
Gene will talk about how to construct a definition of done that focuses on security along with other types of quality in a DevOps pipeline. He will discuss how to define security practices and criteria that are appropriate for our teams and our projects to be confident that we are doing DevSecOps, and how those practices and criteria might mature over time.
Graph API Strategies: CQRS for the API EconomyGareth Jones
This document summarizes Gareth Jones' presentation on Graph API strategies. It discusses using CQRS and Graph APIs to enable self-service and sustain API velocity. Three Graph API approaches are mentioned: GraphQL, OData, and JSONAPI.org. CQRS with a document store and relationship store is presented as a way to separate commands and queries for API sustainability.
Top 10 Lessons Learned from the Netflix API - OSCON 2014Daniel Jacobson
The document discusses lessons learned from Netflix's API strategy over time. It notes that Netflix started with a focus on growing a community of public developers but now prioritizes ensuring subscribers can stream. It also discusses separating concerns between API providers and consumers, embracing differences in audiences, being pragmatic over dogmatic in API decisions, enabling fast iteration, planning for failures, and scaling infrastructure to match growth.
SpringOne Platform 2017
Ryan Baxter, Pivotal
You have heard and seen great things about Spring Cloud and you decide it is time to dive in and try it out yourself. You fire up your browser head to Google and land on the Spring Cloud homepage. Then it hits you, where do you begin? What do each of these projects do? Do you need to use all of them or can you be selective? The number of projects under the Spring Cloud umbrella has grown immensely over the past couple of years and if you are a newcomer to the Spring Cloud ecosystem it can be quite daunting to sift through the projects to find what you need. By the end of this talk you will leave with a solid understanding of the Spring Cloud projects, how to use them to build cloud native apps, and the confidence to get started!
AWS STARTUP DAY 2018 I If, how and when to adopt microservicesAWS Germany
The document discusses adopting a microservices architecture and provides guidance on when and how to transition from a monolithic architecture. It notes that monoliths can work well for simple applications but don't scale as the application and company grow. It then outlines some of the challenges of monolithic architectures including long development cycles and difficulty adding new features. The document introduces microservices as a way to decompose an application into smaller, independent services. It provides examples of microservice anatomy and principles for designing microservices including using appropriate tools, secure service communication, and being considerate within the ecosystem. Finally, it acknowledges that transitioning to microservices is a journey that requires planning and coordination.
The document discusses Spring Cloud Gateway, an API gateway solution for microservices architectures. It begins with an overview of what an API gateway is and its responsibilities. It then covers the basics of Spring Cloud Gateway, including its reactive foundation and routing capabilities using predicates, filters and handlers. The document also discusses design decisions around embedded, facade and cross-cutting gateway patterns. It concludes with a demo of a sample Spring Cloud Gateway configuration routing requests to back services.
DevOps for a Mobile World: Building an iOS or Android Mobile App in the Cloud...Amazon Web Services
Have you ever thought about building a mobile app, but you’re daunted by the technology? Join this session to learn the basics of building native cloud-enabled mobile apps with AWS Mobile Hub. Learn about the tools you need, and then follow along to learn how to build your first mobile app. Understand what AWS offers for mobile app developers, and learn how to build a native app and distribute it through AWS Mobile Hub.
The document discusses microservices and principles for designing services. It describes that microservices advocate creating a system from small, isolated services that each own their data and are scalable and resilient. It outlines four principles: [1] services only rely on each other's public APIs; [2] using the right tool for the job; [3] securing services with defense-in-depth; and [4] being collaborative within the ecosystem.
Crystal clear service interfaces w/ Swagger/OpenAPIScott Triglia
Learn how to better communicate between Python services. We'll use simple-to-follow examples and go from a service with undocumented endpoints to one which has full docs and validation on requests. Learn how to use Swagger tooling for python, including the bravado (client) and pyramid_swagger (server) libraries. In the end, you'll (hopefully!) find nirvana and make the machines do all the hard work for you.
The document discusses Spring Cloud Gateway and API gateways. It provides an overview of what an API gateway is and its responsibilities, including routing, security, monitoring, resiliency and more. It then details the basics of Spring Cloud Gateway, including its reactive foundation and gateway flow involving predicates, filters and handlers. Finally, it discusses design decisions and provides a demo of Spring Cloud Gateway routing requests between services and integrating with Cloud Foundry.
Spyros Garyfallos [Microsoft] | Deploy, Monitor and Manage Your High-Value AI...InfluxData
The document discusses deploying, monitoring, and managing AI workloads at the edge using Azure IoT Edge and InfluxData. It describes how the edge addresses limitations of cloud computing like bandwidth, latency, and privacy concerns by processing data closer to where it is generated. It provides an overview of Azure IoT Edge for building and deploying edge applications and explains how InfluxDB and Telegraf can be used with IoT Edge for collecting and storing IoT sensor data and running queries and machine learning models on that data at the edge.
This is a presentation that I gave to ESPN's Digital Media team about the trajectory of the Netflix API. I also discussed Netflix's device implementation strategy and how it enables rapid development and robust A/B testing.
The document discusses serverless computing and provides an overview of serverless technologies. It begins with an example of how a developer can build an application without servers using AWS serverless services like API Gateway, Lambda, DynamoDB, and S3. It then discusses serverless benefits like automatic scaling, pay per use, and easier management. The rest of the document demonstrates how to develop, deploy, customize and connect serverless applications, including using AWS services for IDEs, CI/CD pipelines, logging, and connecting to enterprise systems and databases. It also covers GraphQL and AWS AppSync for building real-time data APIs on serverless.
The document discusses serverless computing and how it can help developers build applications. It describes how a developer can build a serverless web app using Amazon API Gateway, AWS Lambda, Amazon DynamoDB, and Amazon S3. It then discusses how the developer can customize and share the app using AWS Cloud9 and AWS CodePipeline for continuous integration and delivery. Finally, it covers how the developer can connect the serverless application to enterprise systems like databases and services running in a VPC by using features like API Gateway private integrations and Lambda concurrency controls.
Living on the Edge With Spring Cloud Gateway - Cora IberkleidVMware Tanzu
The document discusses Spring Cloud Gateway, an API gateway solution for microservices architectures. It begins with an overview of API gateway basics and responsibilities. It then covers the foundations and reactive design of Spring Cloud Gateway, including its use of predicates, filters and handlers to process requests. The document outlines some design considerations for different types of gateways and demos Spring Cloud Gateway's capabilities for service discovery, circuit breaking and routing across multiple services. It also previews using the gateway on Cloud Foundry for subscription-based access control and centralized management of concerns like authentication and rate limiting.
Similar to Your API description isn't worth the paper it's written on (20)
The document discusses Microsoft's education platform and opportunities for integration by education apps and systems. It provides an overview of key Microsoft education products like Office 365, Teams, OneNote Class Notebooks, and the Microsoft Store for Education. It outlines various integration points like single sign-on, roster integration, and using tabs, bots, and connectors within Teams. The document encourages developers to build progressive web apps, integrate with APIs for assignments and grades, and provide a personalized call to action for different education roles. It concludes by announcing upcoming features and capabilities on the Microsoft education platform.
Graph API Strategies: CQRS for the sustainable API economyGareth Jones
Self-service change management will power the second wave of the API economy.
Use Graph APIs and REST side by side to implement change-as-a-service for your query customers.
Gareth Jones AllAboutTheAPI KeyNote 2016Gareth Jones
My keynote talk from AllAboutTheAPI.com in Las Vegas July 2016.
Design practices to get you to mastery in the ways of the API.
With a little help from Star Wars cosplayers along the way.
Running Away from JSON APIStrat 2015 EditionGareth Jones
This document provides information for developers about Microsoft OneNote including links to download apps, learn the API, follow updates, read the developer blog, ask questions, find code samples, and submit feature requests. It also includes a link to the ShareKit project on GitHub.
Running Away from JSON (or what I learned building the OneNote API)Gareth Jones
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
Presented at DevSum 12, Stockholm, Sweden.
Build scalable T4 solutions using a composable library approach. Package them for sharing using NuGet. Make sure they have broad reach by making them extensible.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Generating privacy-protected synthetic data using Secludy and Milvus
Your API description isn't worth the paper it's written on
1. YOUR API DESCRIPTION ISN’T WORTH $#%*&!
API STRATEGY AND PRACTICE 2018 NASHVILLE #APISTRAT
GARETH JONES
PRINCIPAL API ARCHITECT
@GARETHJ_MSFT
This Photo by Unknown Author is licensed under CC BY-SA
2. YOU ARE AN API OWNER.
YOU ARE FEELING SMUG.
Open API 3.0
description
Generated
SDKs
Automated
tests
Pervasive
monitoring
This Photo by Unknown Author is licensed under CC BY-SA-NC
3. YOU DEPLOY A NEW BUILD
This Photo by Unknown Author is licensed under CC BY-NC
This Photo by Unknown Author is licensed under CC BY-SA-NC
8. HYRUM’S LAW
With a sufficient number of users of an API,
it does not matter what you promise in the
contract:
all observable behaviors of your system
will be depended on by somebody.
9. NUMBER OF THINGS
GROWS
• Array size grows from 0 to 1
• Array size grows from 1 to n
• Array size grows from < 1 page
to > 1 page
10. SIZES OF
THINGS GROW
Image sizes get big
Overall packet sizes get too big
Example: major
retailer 10mb packet
Android device can’t
handle it with some
json stacks
So my name is Gareth Jones, and I’ve been with Microsoft for over twenty years now, working on APIs for about the last six or so.
I spent a couple of years as an architect for the Microsoft Graph, and more recently in our Education team focusing on building a platform on the Graph for app-builders targeting the classroom.
So I’d like to take half an hour this afternoon to talk about the limits of where we are with API descriptions when it comes to protecting our API consumers from unexpected change.
So you’ve shipped an API to a set of customers. And things are running well.
You’ve followed best practices, you feel in control.
And then…
…you deploy a new build you’re sending data that matches your contract – all your tests are green.
But suddenly - tickets are flying – customers are on the phone – their apps are broken – your boss is NOT happy.
What went wrong?
Whether your API is public facing or internal, it’s essentially a consumer/producer contract. An API specification has many internal benefits to the producer in terms of engineering quality and predictability.
But, like all contracts, the looser it is, the more room for interpretation there is.
And I’m here to tell you folks, that even the best API descriptions out there today have quite a lot of wiggle room in them.
So spec interpretation happens on both sides of the relationship, but the burden of pain is usually felt by the consumers, cos they don’t know what change to expect or what change they SHOULD have anticipated.
But perhaps more importantly - people are busy and maybe even lazy.
This doesn’t just apply to marmalade cats.
So often consuming code will be written to handle just the data that is returned from an API call to the first test account that gets set up.
We tend to focus on not making “breaking changes” in our APIs for some definition of breaking change and then anything we do outside of that definition, we say is the API consumer’s problem.
But what were we trying to achieve with our API in the first place?
Typically we were trying to enable some kind of business relationship.
So who is the burden on in that relationship to ensure success?
There’s a fundamental tension between optimizing for relationship continuity by not making any changes in an API,
and being flexible and agile to meet the changing needs of a business.
*You* have to design where you should land on that spectrum.
And today’s API definition languages and tools might not go far enough out of the box.
Of course, really, this isn’t a completely winnable game.
Hyrum Wright made this great observation – that fundamentally implementations leak to become implicit interfaces.
So let’s talk about some implementation leaks that most commonly cause problems.
This is perhaps the simplest mistake consumers make is rushing to get an implementation shipped.
A test account always had an empty list of Foos.
The initial data only had one bank account per person. But the API is defined as an array.
These initial manifestations in data translate into assumptions in code again and again and again.
They’re wrong – but they happen all the time.
Sometimes at the parsing layer – sometimes at the application code.
It’s not just arrays - often a paged collection handler ignores the next link and only processes the first page.
Other things that grow are the actual payload itself.
Perhaps it’s the JSON running over some buffer – especially on IOT solutions.
Or perhaps test images were all low-res samples but now in production you are returning high-res PNGs..
Can your stack cope? Here’s a real example from my friend Dave, the CEO of APIMetrics.
A major retailer hit a problem when their stack on an Android app couldn’t deal with a JSON packet greater than 10mb.
They hit that limit and … bang.
Perf’s another frequent problem.
Perhaps it’s obvious that if you slow down your API calls you will have unhappy customers, especially if they happen to have called directly from a mobile app.
Think about your sequencing and flows and be super-sensitive to perf of calls that need to happen as predecessors to other calls.
e.g. identity lookups.
But sad to say, even improving your performance can break your customers, if they had undiscovered race conditions based on your previous typical latency.
Auth is often the hardest thing to get right when onboarding to an API.
And auth perhaps breaks more apps than anything else after they have shipped too.
Changes to token default or mandatory lifetimes can make app flows that previously worked well be unusable.
Apps may have gotten away without implementing OAUTH refresh tokens but now need them.
Apps may have used an embedded browser redirect and now you require a separate tab for OAUTH.
Perhaps *you* didn’t even make this change – perhaps it came from your IDP – be vigilant!
Flooding a consumer with 10x the number of webhooks they were previously handling isn’t likely to go well.
Many webhooks handlers don’t implement decent throttling.
Many webhooks handlers try to process the packet inline which isn’t a good practice.
So also simply making the webhook packet more detailed can degrade them.
Lots of APIs redirect for secondary calls to a subdomain outside the initial subdomain of the API.
For example, redirecting to a CDN for image downloads.
Callers can have unfortunate proxy configurations set up to only route to known domains and changing here can break the redirect.
Don’t assume servers have the same freedom to follow all URLs that browser users have.
Note this one can be mentioned in the OAS document but is rarely acted upon today.
If you have lists that only have one element 95 percent of the time, and multiple elements is really an edge case then model it that way.
Have a primary and a list of secondaries.
You’ll give you consumers a much better chance of understanding the likely shape of data to expect.
Provide a mock endpoint for your API for testing that has a really wide diversity of data delivered.
Don’t live with one fixed set. Mix it up ideally.
Push every limit and have slow calls, fast calls, big packets, small ones etc.
Vary anything that can be varied
and start the variance at different points on each session so callers don’t just repeat the same pattern.
If your consumers can cope with such a mock, they will probably cope with your real life data.
Anything which is optional or a preference can be disobeyed by the server under some circumstances.
There might not be enough data to fill a ten-record page.
So sometimes send back five two record pages instead to make sure the client can handle it.
Especially if you have a pre-production mode.
Unusual calling patterns?
More calls?
Less calls?
More 400s?
More 500s?
Average packet size changes in or out?
Consider extending your breaking changes policy to include some of these types of cases.
This isn’t for everyone, but if relationship continuity is your top priority then you might want to set this higher bar.
Then you do whatever you would normally do with a breaking change.
Version the API or format/delay/rollback the change etc.
It has to actually WORK….
Here’s another example from APIMetrics.
Here’s a UK bank’s API for locating ATMs
After a deployment, it was only able to find ATMs in one city in the country.
Perfectly compliant to the spec, but mostly no actual data.
Don’t be afraid to take a heuristic measurement of content across your APIs.
If it changes A LOT – be very suspicious.
So I hope I’ve offered you some food for thought on a wider set of things that can and will break the consumers of your APIs, and just dipped into some strategies for mitigating the problems.
I’d love to chat more about your experiences in this area after the session.
Thanks very much.