DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDocker, Inc.
The document discusses how NGINX can help with interconnecting microservices at scale using containers. It provides an example docker-compose configuration that sets up Consul for service discovery, Registrator to register services with Consul, and NGINX Plus to load balance requests across multiple containers and automatically generate its configuration from Consul. The live demo shows how scaling a service results in new containers being automatically registered with Consul and load balanced by NGINX.
DCEU 18: From Monolith to MicroservicesDocker, Inc.
Jeff Nickoloff - Co-founder, Topple
Growth can be challenging to address once monolithic systems begin to fail under strain or internal software development processes begin to slow the release cadence. Many organizations are looking to microservices architecture to solve these application issues, whether they plan to write new applications or rewrite the monoliths into microservices. This talk will highlight the common technical and cultural issues that will make microservice architectures a challenge to adopt and maintain. Issues include impact of Dunbar's Number and Conway's Law, build-time vs runtime continuous integration, evolution of testability, API versioning impact, logistics overhead, artifact management, and strategies for iteration in a distributed environment. Attendees will learn: - How and why microservice architectures and ownership end up falling along organizational lines (and why that is a good thing) - How we can learn from monolith tooling to inform our tooling in a microservice environment - How you can achieve operational excellence at scale taking a logistical approach with Docker.
Serverless security - how to protect what you don't see?Sqreen
Protecting serverless is a new topic. This presentation aims at showing what new security challenges it brings, and how CISO and security teams should approach it.
The serverless space evolves fast and there is no convergence on best practices yet. The switch to a serverless architecture involves several changes, for instance developers doing much more ops with serverless, deploying 20 times more services than previously...
Andrew Spyker presented on the Netflix Cloud Platform and ZeroToDocker project. The following key points were discussed:
- ZeroToDocker provides Docker images of Netflix OSS projects like Eureka, Zuul and Asgard to more easily evaluate the technologies. However, the images are not intended for direct production use.
- A demo showed running a microservices application and supporting Netflix OSS services like Eureka and Zuul using Docker containers on a single machine.
- While Docker aids development and evaluation, additional tooling is needed to operationalize containers at production scale across multiple hosts for tasks like networking, security, logging and scheduling. Competing ecosystems are emerging to address these needs.
Keeping your Kubernetes Cluster SecureGene Gotimer
From NOVA Cloud and Software Engineering Group meetup, Feb. 17, 2021 https://youtu.be/a5uPm1mPLKQ.
Hardening a Kubernetes cluster happens at different levels. We have to examine the nodes where Kubernetes is running. We want to secure the Kubernetes objects and workloads and review the files we used to create them. And we need to look for vulnerabilities in the containers we are using. Gene will show you some open-source tools that can find issues and vulnerabilities at each layer. All of them can be used in a pipeline to build your Kubernetes cluster safely and keep it secure.
Gene Gotimer is the meetup organizer and a DevSecOps Senior Engineer at Steampunk, focusing on agile processes, secure development practices, and automation. Gene feels strongly that repeatability, quality, and security are all strongly intertwined; each depends on the other two, making agile and DevSecOps that much more crucial to software development.
The document discusses using Open Policy Agent (OPA) to enforce guardrails and security policies in Kubernetes clusters. It provides examples of sample policies for OPA that restrict which image registries pods can use and prevent conflicting ingress hosts. It also summarizes key features of OPA such as its declarative policy language, sidecar deployment model, and community support from many major companies using it for admission control, authorization, risk management and other use cases.
This webinar discusses Kubescape, an open-source Kubernetes security tool that provides a single pane of glass for monitoring and securing Kubernetes clusters. It can check for misconfigurations, vulnerabilities, RBAC issues, secrets, and network policies. The webinar demonstrates how to run Kubescape with read-only access in 3 minutes to scan a cluster. It also outlines Kubescape's capabilities for compliance monitoring, risk analysis, image scanning, and RBAC visualization. Future roadmap items include admission control, audit logging, vulnerability relevancy, and a dashboard.
This document provides an overview and best practices for securing Kubernetes (K8s) clusters. It discusses common threats like exposed dashboards, APIs, and etcd stores. It also covers risks from within the cluster like compromised nodes and pods or vulnerabilities in container images. The document recommends 10 essential practices for securing K8s like image scanning, role-based access control, security boundaries, upgrades, pod security policies, node hardening, audit logging, and host/container logging. It emphasizes the importance of a security-aware development process and provides resources for further information.
This document discusses event-driven scripting for Kubernetes using Brigade. Brigade allows asynchronous, event-driven scripting that chains together containers to create workflows using Kubernetes as the workload execution substrate. It provides flow control that wraps container execution without being opinionated about what the containers do. Brigade supports use cases like CI/CD, GitOps, and report generation. Events originate from external systems and enter Brigade via event gateways like GitHub or Slack. Projects subscribe to events and define workers to handle events by running scripts in containers. Jobs can also be created to handle discrete tasks. Brigade features include Git integration, shared volumes, user authentication, and an ecosystem of gateways and SDKs. It emphasizes events while tools like Argo emphasize
“The Elements of Style” is one of the most important and foundational guidelines on how to write well. It has effectively summarized, in a list of seminal guidelines, how to harness the power of the English language to write high quality prose of almost any kind.
In computing, we have similar guides for various technologies. Python offers “The Zen Of Python”, Ruby has “The Rails Doctrine”, and so on...
One of the powers these documents wield is that they help serve as a “north star” that guides an entire community toward the same goals.
I believe we need a similar guide for Kubernetes. It would describe how app developers and operators should think about and use the features in Kubernetes to build and deploy reliable, stable apps. Armed with such a guide, we could all hope to better understand the “essence” of Kubernetes in pursuit of building better cloud native apps.
We don’t have anything like this today, but many in the Kubernetes community have strong, detailed opinions for what should go in this guide. Much of it is tribal knowledge or scattered in blog posts.
In this talk, I’ll try to bring many of these opinions together and lay out an “Elements of Kubernetes” guide for app developers and operators alike. I’ll do so by relating each “element” to stories and details I’ve seen in the community that reveal what makes a good Kubernetes and cloud native app.
This talk was given at KubeCon / CloudNativeCon 2017 on December 7th, 2017 in Austin, TX
AKS Azure Kubernetes Services Workshop Jorge ArteiroJorge Arteiro
Jorge Arteiro is an open source consultant at Microsoft who works with Azure, Kubernetes, microservices, and API management. He is a speaker at various events and a former Azure MVP. In this presentation, he discusses Azure Kubernetes Services (AKS), including the cluster architecture, integrating with Azure VNets, using Azure VM scale sets for node pools, and deploying applications from source code to Kubernetes using Helm. He demonstrates local Kubernetes and installation of client tools like the Azure CLI and Helm before taking questions.
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusKublr
In a microservices world, applications consist of dozens, hundreds, or even thousands of components. Manually deploying and verifying deployment quality in production is virtually impossible. Kubernetes, which natively supports rolling updates, enables blue-green application deployments with Spinnaker. However, gradual rollouts is a feature that doesn't come out-of-the-box but can be achieved by adding Istio and Prometheus to the equation.
During this meetup, Slava Koltovich, CEO of Kublr, and Oleg Atamanenko, Senior Software Architect, discussed canary release implementations on Kubernetes with Spinnaker, Istio, and Prometheus. They examined the role of each tool in the process and how they are all connected. During a demo, they demonstrated a successful and a failed canary release, and how these tools enable IT teams to properly roll out changes to their customer base without any downtime.
This document summarizes zero-downtime deployment strategies with Kubernetes. It discusses what zero-downtime deployment is and why it is important on Kubernetes. It then covers container-native application design, challenges developers may face, and the twelve-factor app methodology. Finally, it details strategies for stateless APIs, worker/console apps, and persistent connections, including use of liveness probes, prestop hooks, queues, and cleanup signals to ensure zero downtime during deployments.
DCSF 19 Mitigating Legacy Windows Operating System Vulnerabilities with Docke...Docker, Inc.
Entergy, a large utility company headquartered in New Orleans, LA has launched an initiative to modernize their application infrastructure. During the initial analysis, Entergy recognized the existing legacy infrastructure’s lack of compatibility with more recent operating systems would stand in the way of progress. As a result, containerization was fast-tracked as the solution that can help them with the various tenants of their strategy: hyperconvergence, SaaS (ServiceNow), and workload portability. Docker Enterprise proved to be the right solution to migrate roughly 850 legacy applications from Windows Server 2003 and 2008 to Windows Server 2016 quickly, securely and economically. Entergy IT has now delivered the ability for the business to run applications on-premise, in the cloud, and future-proofed the applications for migration to new versions of Windows Server. In this session, Entergy will talk about how they are modernizing their infrastructure to become more agile, secure, and enable workload portability.
Andrew Spyker presented on Netflix's cloud platform and open source projects. Some key points included:
- Netflix has migrated from monolithic architectures to microservices and continuous delivery enabled by their open source libraries and services.
- Their platform focuses on elasticity, high availability through automation, and operational visibility.
- Netflix uses technologies like Eureka, Ribbon, Hystrix, and Servo to enable scalability, resilience, and monitoring across their distributed systems.
- They contribute over 50 open source projects to help others adopt their cloud-native approaches and are working on data and UI related projects.
Title: Making Kubernetes Easier
Kubernetes. Wonderful technology but the learning curve to production may be long. In this session we'll look at how we partnered with the community to make it easier, from setting up collaborative development environments and ensuring DevOps, to scaling production in unpredictable scenarios, while keeping it under good monitoring from the moment you spin it up. Demos and code heavy.
Netflix Open Source: Building a Distributed and Automated Open Source Programaspyker
Netflix has been using and contributing to open source for several years. Over the years, Netflix has released over one hundred Netflix Open Source (aka NetflixOSS) libraries, servers, and technologies. Netflix engineers benefit by accepting contributions and gathering feedback with key collaborators around the world. Users of NetflixOSS from many industries benefit from our solutions including Big Data, Build and Delivery Tools, Runtime Services and Libraries, Data Persistence, Insight, Reliability and Performance, Security and User Interface. With such a large and mature open source program, Netflix has worked on approaches and tools that help manage and improve the NetflixOSS source offerings and communities. Netflix has taken a different approach to building support for open source as compared to other Internet scale companies. Come to this session to learn about the unique approaches Netflix has taken to both distribute and automate the responsibilities of building a world-class open source program.
This document summarizes endtest.dev, an end-to-end test automation service that allows users to easily add test coverage to web applications. Key features include a web-based test editor, cloud-based test running powered by Google, and integration with GitHub and GitLab. Tests are triggered manually or by schedulers and run on Google Cloud infrastructure, with results, logs and errors stored in cloud storage and databases. Social media and communication channels are provided to help users and track the project's progress since its December 2021 start date.
Policy as code what helm developers need to know about securityLibbySchulze
1) The document discusses a 3 step process for securing Helm charts: define security requirements, use policy as code to encode the requirements, and implement guardrails like scans to ensure the requirements are met.
2) It provides examples of writing Rego policy that checks for secrets in environment variables, privilege escalation settings, and running as root.
3) Tools like Terrascan can scan Helm charts and infrastructure as code for policy violations and be integrated into CI/CD pipelines to prevent insecure configurations from being deployed.
This document discusses a webinar about integrating infrastructure as code (IaC) security into the development lifecycle using Checkov. It notes that nearly half of open source Terraform and CloudFormation templates contain security issues. Checkov is introduced as an open source IaC scanning tool that supports multiple frameworks and cloud providers. The benefits of Checkov include lower remediation times, reduced security incidents, and simplifying compliance. Integrations with DevOps tools and the Cloud Native Application Platform Approach (CNAPP) are also discussed. A demo of Checkov is then shown including using it with VS Code and Azure DevOps.
1. Overview of DevOps
2. Infrastructure as Code (IaC) and Configuration as code
3. Identity and Security protection in CI CD environment
4. Monitor Health of the Infrastructure/Application
5. Open Source Software (OSS) and third-party tools, such as Chef, Puppet, Ansible, and Terraform to achieve DevOps.
6. Future of DevOps Application
Implementing Fast IT Deploying Applications at the Pace of Innovation Cisco DevNet
Fast innovation requires Fast IT: the new model for IT that transforms the way we deliver new business application capabilities to our clients.
Cisco IT has created solutions that enable automated provisioning of environments and fast deployment of cloud applications through “Software Development-as-a-Service”.
In this session, we’ll provide a hands-on experience of how application teams use an automated toolset to combine quality and agility, while reducing operational expense. We’ll also provide a view of the key technologies that enable this solution.
Finally, there’s a quick glimpse into what’s next: containerization and IOE Application Enablement.
This document discusses ongoing security for embedded Linux devices. It describes Timesys' security notification service which monitors Common Vulnerabilities and Exposures (CVEs) and notifies customers of relevant issues. The service filters CVE data, disambiguates package names, and flags false positives. Notifications are sent via a RESTful API or through a LinuxLink user account. The meta-timesys layer integrates these security features into builds using OpenEmbedded RPB BSP. Ongoing security helps minimize known vulnerabilities over the product lifecycle.
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
Whether you’re working exclusively on Azure or with multiple cloud environments, there are certain things you should consider when moving assets to the public cloud. As with any cloud deployment, security is a top priority, and moving your workloads to the Azure cloud doesn’t mean you’re not responsible for the security of your operating system, applications, and data.
Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your environment is secure. In this session, we will discuss step-by-step what you need to do to secure access at the administrative, application and network layers.
Devops architecture involves three main categories of infrastructure: IT infrastructure (version control, issue tracking, etc.), build infrastructure (build servers with access to source code), and test infrastructure (deployment, acceptance, and functional testing). Continuous integration involves automating the integration of code changes, while continuous delivery ensures code is always releasable but actual deployment is manual. Continuous deployment automates deployment so that any code passing tests is immediately deployed to production. The document discusses infrastructure hosting options, automation approaches, common CI/CD workflows, and provides examples of low and medium-cost devops tooling setups using open source and proprietary software.
Are Your Containers as Secure as You Think?DevOps.com
With the growing popularity of Container technology comes the growth of container-based attacks – but understanding your security needs will keep you ahead of the game.
Container adoption is skyrocketing, growing 40% in the last year. And it makes sense – the agility, operational efficiencies and cost savings of containerized environments are huge benefits. But as more organizations rush to leverage containers, security is increasingly becoming a major concern and is the top roadblock to container deployment. What do you need to know (and do) to keep your container environments safe?
This document provides an overview of Docker and cloud native training presented by Brian Christner of 56K.Cloud. It includes an agenda for Docker labs, common IT struggles Docker can address, and 56K.Cloud's consulting and training services. It discusses concepts like containers, microservices, DevOps, infrastructure as code, and cloud migration. It also includes sections on Docker architecture, networking, volumes, logging, and monitoring tools. Case studies and examples are provided to demonstrate how Docker delivers speed, agility, and cost savings for application development.
TechTalk 2021: Peran IT Security dalam Penerapan DevOpsDicodingEvent
Di Indonesia, 19,4% perusahaan sudah mulai menggunakan layanan cloud publik. Stapi sering kali saat perusahan sudah mengadopsi cloud, mereka baru menyadari betapa rumitnya penerapan cloud. Akibatnya, banyak perusahaan yang stuck dalam operasional aplikasi yang baru ini.
Hadirlah DevOps yang memberi layanan lebih cepat dan mendorong inovasi sekaligus meningkatkan produktivitas, komunikasi, dan keterlibatan karyawan. Tapi hadirnya layanan yang lebih cepat membuat risiko dalam penerapan aplikasi meningkat sebesar 53% upaya pencurian data menyasar aplikasi itu sendiri. Oleh karena itu, sangat penting bagi perusahaan untuk mengubah mindset dari menerapkan keamanan untuk kepatuhan ke metode yang lebih proaktif dengan memanfaatkan prinsip-prinsip DevOps dalam tool dan proses keamanan mereka.
Hmm jadi penasaran bagaimana sih memaksimalkan peran keamanan dalam penerapan Devops supaya berjalan dengan lacar? Hal ini akan kita bahas bersama 2 orang pembicara yang expert dibidangnya, yaitu Rei Munisati (Head of IT Security & Risk Compliance, Home Credit Indonesia) dan Taro Lay (Co-Founder Kalama Cyber Security) pada Tech Talk 2021 Live dengan tema "Peran IT Security dalam Penerapan DevOps."
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
More organisations are embracing DevOps and automation to realise compelling business benefits, such as more frequent feature releases, increased application stability, and more productive resource utilization. However, many security and compliance monitoring tools have not kept up. In fact, they often represent the largest single remaining barrier to continuous delivery.
Patterns and Pains of Migrating Legacy Applications to KubernetesQAware GmbH
Open Source Summit 2018, Vancouver (Canada): Talk by Josef Adersberger (@adersberger, CTO at QAware), Michael Frank (Software Architect at QAware) and Robert Bichler (IT Project Manager at Allianz Germany)
Abstract:
Running applications on Kubernetes can provide a lot of benefits: more dev speed, lower ops costs and a higher elasticity & resiliency in production. Kubernetes is the place to be for cloud-native apps. But what to do if you’ve no shiny new cloud-native apps but a whole bunch of JEE legacy systems? No chance to leverage the advantages of Kubernetes? Yes you can!
We’re facing the challenge of migrating hundreds of JEE legacy applications of a German blue chip company onto a Kubernetes cluster within one year.
The talk will be about the lessons we've learned - the best practices and pitfalls we've discovered along our way.
Patterns and Pains of Migrating Legacy Applications to KubernetesJosef Adersberger
Running applications on Kubernetes can provide a lot of benefits: more dev speed, lower ops costs, and a higher elasticity & resiliency in production. Kubernetes is the place to be for cloud native apps. But what to do if you’ve no shiny new cloud native apps but a whole bunch of JEE legacy systems? No chance to leverage the advantages of Kubernetes? Yes you can!
We’re facing the challenge of migrating hundreds of JEE legacy applications of a German blue chip company onto a Kubernetes cluster within one year.
The talk will be about the lessons we've learned - the best practices and pitfalls we've discovered along our way.
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon
This document summarizes Tim Mackey's presentation at DevSecCon. It discusses the importance of security driven development practices like using trusted components, continuous integration processes that include security testing, and digitally signing container images. It warns that while infrastructure teams aim to provide security, vulnerabilities can still exist, and advocates continually evaluating the trust of components used. The document predicts disclosure of security issues will increase and outlines penalties for data breaches under new regulations like GDPR. It emphasizes automating awareness of open source dependencies to keep pace with DevOps.
DEVNET-1169 CI/CT/CD on a Micro Services Applications using Docker, Salt & Ni...Cisco DevNet
Nowadays, we heard a lot regarding micro services and DevOps but then, what are the impacts for an application development and how to really achieve this? The demo will demonstrate the benefits of using Docker (and related tools / technologies) for a micro services application and then having a continuous integration / tests / deployment workflow on CCS/Nimbus.
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
The SolarWinds attack brought additional scrutiny software supply chain security, but concerns about organizations’ software supply chains have been discussed for a number of years. Development organizations’ shift to DevOps or DevSecOps has pushed teams to adopt new technologies in the build pipeline – often hosted by 3rd parties. This has resulted in build pipelines that expose a complicated and often uncharted attack surface. In addition, modern products also incorporate code from a variety of contributors – ranging from in-house developers, 3rd party development contractors, as well as an array open source contributors.
This talk looks at the challenge of developing secure build pipelines. This is done via the construction of a threat model for an example software build pipeline that walks through how the various systems and communications along the way can potentially be misused by malicious actors. Coverage of the major components of a build pipeline – source control, open source component management, software builds, automated testing, and packaging for distribution – is used to enumerate likely attack surface exposed via the build process and to highlight potential controls that can be put in place to harden the pipeline against attacks. The presentation is intended to be useful both for evaluating internal build processes as well as to support the evaluation of critical external vendors’ processes.
Why modern cloud infrastructure require automationGerald Crescione
Modern Cloud Infrastructures require automation and call for Infrastructure as Code. But mastering Infrastructure as Code is complex. Here's why a CI/CD can help
Dockerize Spago Self Contained ML & NLP Library & Deploy on Okteto Cloud Usin...sangam biradar
This document discusses using Docker for machine learning and natural language processing projects. It introduces Spago, an open source machine learning library written in Go, and demos deploying a Spago project to Kubernetes using Okteto. The key points are:
- Docker is useful for ML development as it allows packaging models and code into containers for scalable and reproducible deployments.
- Spago is a pure Go library for NLP tasks like named entity recognition and question answering that aims to optimize CPU usage.
- Okteto allows easily deploying Docker Compose stacks to Kubernetes with minimal configuration.
- A live demo then shows deploying a Spago project to Kubernetes with Okteto.
This document provides an introduction to the Rust programming language. It discusses Rust's memory safety features, variable bindings, functions, control flow statements like if/else and loops, data types like tuples and vectors, and borrowing rules. It also covers Rust concepts like ownership, slices, pattern matching, and destructuring. Examples are provided to demonstrate various Rust language features.
Okteto For Kubernetes Developer :- Container Camp 2020 sangam biradar
Okteto is a development platform that allows developers to build and test Kubernetes applications directly in Kubernetes clusters without disrupting their development workflow. It works with local Kubernetes clusters like Minikube as well as remote clusters on cloud providers. Developers can use Okteto to get production-like environments in sandboxed Kubernetes namespaces to develop and test their code directly in a Kubernetes cluster.
This document discusses Okteto, a Kubernetes development platform that allows developers to build and test Kubernetes applications locally or in the cloud. It introduces Okteto Cloud, which provides free access to secure Kubernetes namespaces for remote development. The document demonstrates how to install Okteto CLI, configure access to an Okteto Cloud namespace, deploy sample applications, and get started with cloud native development on Okteto. It also discusses Helm and how it can be used to deploy and manage Kubernetes applications.
5 cool ways to get started with Cloud Native Development ( with Okteto)sangam biradar
This document introduces 5 cool ways to get started with cloud native development: 1) Okteto Stacks for developing with docker-compose in the cloud native world, 2) Okteto Push to push code to Kubernetes in seconds, 3) VS Code Remote for remote development environments in Kubernetes from VS Code, 4) Okteto Actions to build, preview, and ship cloud native apps from Github, and 5) OpenFaaS + Okteto for the easiest way to develop and debug serverless functions. It provides demo links and invites stars, feedback, issues and pull requests on Github.
This document discusses using TensorFlow with Golang for machine learning tasks like image recognition. It provides instructions for cloning a GitHub repository containing a sample project that uses a pre-trained TensorFlow model within a Golang application to classify images. The application is built as a Docker image to perform image recognition by taking URLs as arguments and returning potential labels and probabilities. The document also briefly mentions the possibility of training custom models from Golang in TensorFlow.
kikstart journey of Golang with Hello world - Gopherlabs sangam biradar
This document summarizes key concepts in Go programming including packages, functions, parameters vs arguments, and more. It discusses how every Go file begins with a package name, and the "main" package is the entry point for a program. Functions need to be capitalized to be accessible outside a package. It also provides review questions and references for further reading on Go.
The document provides an overview of functions in Go including function definitions, parameters and arguments, returning values, func expressions, closures, callbacks, recursion, and defer statements. It begins with basic concepts like defining functions and calling them, then covers more advanced topics like func expressions where a function is assigned to a variable, closures which allow functions to access variables from the enclosing scope, callbacks where functions are passed as arguments to other functions, and recursion where functions call themselves. Examples are provided for each concept using Go playground links. The document aims to explain how functions work and behave as first-class citizens in Go, providing a hands-on tutorial of key function-related ideas.
Decision making - for loop , nested loop ,if-else statements , switch in goph...sangam biradar
This document discusses decision making in Golang. It provides an overview of loops including for, while, break, continue, and nested loops. It also covers conditionals such as if, else if, else, switch statements, and logical operators. Code examples are provided for each concept via links to an online Golang playground. The author is identified as Sangam Biradar, a Docker community leader who writes tutorials on Golang.
This document provides an overview of Go programming concepts including slices, maps, structs, make, and new. It includes links to interactive code examples demonstrating how to use slices to store and access elements, maps to associate keys with values, and structs to group related data. The key differences between make and new are explained, where make is used to initialize slices, maps, and channels, and new returns a pointer to a newly allocated zero value.
The document provides instructions for getting started with Okteto Cloud, a platform for developing and deploying containerized applications. It summarizes how to install the Okteto CLI, configure access to an Okteto Cloud namespace, and deploy sample applications written in Go, Python, Node.js, and Ruby by applying Kubernetes manifest files and using Okteto commands. It also lists credentials and links for the service.
This document introduces Gopherlabs and provides information about the Go programming language. It discusses why Go was created, its key features like performance, concurrency, and being compiled, and how it is used by many large companies. It provides resources for learning more about Go including the Gopherlabs website and recommends starting to learn Go if you haven't already.
September 7, 2019 Cloud Native and Containerisation (Joint Meetup with Docke...sangam biradar
The document summarizes a presentation given by Sangam Biradar on Docker internals. It introduces the key building blocks of containers like namespaces, control groups, copy-on-write storage and union filesystems. It then explains the container runtime and demonstrates how to create a minimal Docker container using Golang. The presentation outlines the key components and how they work together to provide operating-system-level virtualization and isolation for containers.
This document discusses using Docker on IoT devices like Raspberry Pi. It provides steps to set up a Docker Swarm cluster on Raspberry Pi and create a Docker container to blink an LED connected to a Raspberry Pi. Some key points covered include why IoT needs Docker due to limited hardware resources, setting up the Docker Swarm cluster, creating a Dockerfile and Python script to blink an LED, building the Docker image, and running the container on Raspberry Pi. Examples codes for the Dockerfile, Python script and commands to build/run the container are also included.
The DealBook is our annual overview of the Ukrainian tech investment industry. This edition comprehensively covers the full year 2023 and the first deals of 2024.
Are you interested in dipping your toes in the cloud native observability waters, but as an engineer you are not sure where to get started with tracing problems through your microservices and application landscapes on Kubernetes? Then this is the session for you, where we take you on your first steps in an active open-source project that offers a buffet of languages, challenges, and opportunities for getting started with telemetry data.
The project is called openTelemetry, but before diving into the specifics, we’ll start with de-mystifying key concepts and terms such as observability, telemetry, instrumentation, cardinality, percentile to lay a foundation. After understanding the nuts and bolts of observability and distributed traces, we’ll explore the openTelemetry community; its Special Interest Groups (SIGs), repositories, and how to become not only an end-user, but possibly a contributor.We will wrap up with an overview of the components in this project, such as the Collector, the OpenTelemetry protocol (OTLP), its APIs, and its SDKs.
Attendees will leave with an understanding of key observability concepts, become grounded in distributed tracing terminology, be aware of the components of openTelemetry, and know how to take their first steps to an open-source contribution!
Key Takeaways: Open source, vendor neutral instrumentation is an exciting new reality as the industry standardizes on openTelemetry for observability. OpenTelemetry is on a mission to enable effective observability by making high-quality, portable telemetry ubiquitous. The world of observability and monitoring today has a steep learning curve and in order to achieve ubiquity, the project would benefit from growing our contributor community.
UiPath Community Day Kraków: Devs4Devs ConferenceUiPathCommunity
We are honored to launch and host this event for our UiPath Polish Community, with the help of our partners - Proservartner!
We certainly hope we have managed to spike your interest in the subjects to be presented and the incredible networking opportunities at hand, too!
Check out our proposed agenda below 👇👇
08:30 ☕ Welcome coffee (30')
09:00 Opening note/ Intro to UiPath Community (10')
Cristina Vidu, Global Manager, Marketing Community @UiPath
Dawid Kot, Digital Transformation Lead @Proservartner
09:10 Cloud migration - Proservartner & DOVISTA case study (30')
Marcin Drozdowski, Automation CoE Manager @DOVISTA
Pawel Kamiński, RPA developer @DOVISTA
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
09:40 From bottlenecks to breakthroughs: Citizen Development in action (25')
Pawel Poplawski, Director, Improvement and Automation @McCormick & Company
Michał Cieślak, Senior Manager, Automation Programs @McCormick & Company
10:05 Next-level bots: API integration in UiPath Studio (30')
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
10:35 ☕ Coffee Break (15')
10:50 Document Understanding with my RPA Companion (45')
Ewa Gruszka, Enterprise Sales Specialist, AI & ML @UiPath
11:35 Power up your Robots: GenAI and GPT in REFramework (45')
Krzysztof Karaszewski, Global RPA Product Manager
12:20 🍕 Lunch Break (1hr)
13:20 From Concept to Quality: UiPath Test Suite for AI-powered Knowledge Bots (30')
Kamil Miśko, UiPath MVP, Senior RPA Developer @Zurich Insurance
13:50 Communications Mining - focus on AI capabilities (30')
Thomasz Wierzbicki, Business Analyst @Office Samurai
14:20 Polish MVP panel: Insights on MVP award achievements and career profiling
Sustainability requires ingenuity and stewardship. Did you know Pigging Solutions pigging systems help you achieve your sustainable manufacturing goals AND provide rapid return on investment.
How? Our systems recover over 99% of product in transfer piping. Recovering trapped product from transfer lines that would otherwise become flush-waste, means you can increase batch yields and eliminate flush waste. From raw materials to finished product, if you can pump it, we can pig it.
Quantum Communications Q&A with Gemini LLM. These are based on Shannon's Noisy channel Theorem and offers how the classical theory applies to the quantum world.
Hire a private investigator to get cell phone recordsHackersList
Learn what private investigators can legally do to obtain cell phone records and track phones, plus ethical considerations and alternatives for addressing privacy concerns.
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Chris Swan
Have you noticed the OpenSSF Scorecard badges on the official Dart and Flutter repos? It's Google's way of showing that they care about security. Practices such as pinning dependencies, branch protection, required reviews, continuous integration tests etc. are measured to provide a score and accompanying badge.
You can do the same for your projects, and this presentation will show you how, with an emphasis on the unique challenges that come up when working with Dart and Flutter.
The session will provide a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across an organization with multiple repos. It will also look at the ongoing maintenance involved once scorecards have been implemented, and how aspects of that maintenance can be better automated to minimize toil.
MYIR Product Brochure - A Global Provider of Embedded SOMs & SolutionsLinda Zhang
This brochure gives introduction of MYIR Electronics company and MYIR's products and services.
MYIR Electronics Limited (MYIR for short), established in 2011, is a global provider of embedded System-On-Modules (SOMs) and
comprehensive solutions based on various architectures such as ARM, FPGA, RISC-V, and AI. We cater to customers' needs for large-scale production, offering customized design, industry-specific application solutions, and one-stop OEM services.
MYIR, recognized as a national high-tech enterprise, is also listed among the "Specialized
and Special new" Enterprises in Shenzhen, China. Our core belief is that "Our success stems from our customers' success" and embraces the philosophy
of "Make Your Idea Real, then My Idea Realizing!"
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/07/intels-approach-to-operationalizing-ai-in-the-manufacturing-sector-a-presentation-from-intel/
Tara Thimmanaik, AI Systems and Solutions Architect at Intel, presents the “Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” tutorial at the May 2024 Embedded Vision Summit.
AI at the edge is powering a revolution in industrial IoT, from real-time processing and analytics that drive greater efficiency and learning to predictive maintenance. Intel is focused on developing tools and assets to help domain experts operationalize AI-based solutions in their fields of expertise.
In this talk, Thimmanaik explains how Intel’s software platforms simplify labor-intensive data upload, labeling, training, model optimization and retraining tasks. She shows how domain experts can quickly build vision models for a wide range of processes—detecting defective parts on a production line, reducing downtime on the factory floor, automating inventory management and other digitization and automation projects. And she introduces Intel-provided edge computing assets that empower faster localized insights and decisions, improving labor productivity through easy-to-use AI tools that democratize AI.
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Erasmo Purificato
Slide of the tutorial entitled "Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Emerging Trends" held at UMAP'24: 32nd ACM Conference on User Modeling, Adaptation and Personalization (July 1, 2024 | Cagliari, Italy)
Performance Budgets for the Real World by Tammy EvertsScyllaDB
Performance budgets have been around for more than ten years. Over those years, we’ve learned a lot about what works, what doesn’t, and what we need to improve. In this session, Tammy revisits old assumptions about performance budgets and offers some new best practices. Topics include:
• Understanding performance budgets vs. performance goals
• Aligning budgets with user experience
• Pros and cons of Core Web Vitals
• How to stay on top of your budgets to fight regressions
Interaction Latency: Square's User-Centric Mobile Performance MetricScyllaDB
Mobile performance metrics often take inspiration from the backend world and measure resource usage (CPU usage, memory usage, etc) and workload durations (how long a piece of code takes to run).
However, mobile apps are used by humans and the app performance directly impacts their experience, so we should primarily track user-centric mobile performance metrics. Following the lead of tech giants, the mobile industry at large is now adopting the tracking of app launch time and smoothness (jank during motion).
At Square, our customers spend most of their time in the app long after it's launched, and they don't scroll much, so app launch time and smoothness aren't critical metrics. What should we track instead?
This talk will introduce you to Interaction Latency, a user-centric mobile performance metric inspired from the Web Vital metric Interaction to Next Paint"" (web.dev/inp). We'll go over why apps need to track this, how to properly implement its tracking (it's tricky!), how to aggregate this metric and what thresholds you should target.
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsMydbops
This presentation, delivered at the Postgres Bangalore (PGBLR) Meetup-2 on June 29th, 2024, dives deep into connection pooling for PostgreSQL databases. Aakash M, a PostgreSQL Tech Lead at Mydbops, explores the challenges of managing numerous connections and explains how connection pooling optimizes performance and resource utilization.
Key Takeaways:
* Understand why connection pooling is essential for high-traffic applications
* Explore various connection poolers available for PostgreSQL, including pgbouncer
* Learn the configuration options and functionalities of pgbouncer
* Discover best practices for monitoring and troubleshooting connection pooling setups
* Gain insights into real-world use cases and considerations for production environments
This presentation is ideal for:
* Database administrators (DBAs)
* Developers working with PostgreSQL
* DevOps engineers
* Anyone interested in optimizing PostgreSQL performance
Contact info@mydbops.com for PostgreSQL Managed, Consulting and Remote DBA Services
Data Protection in a Connected World: Sovereignty and Cyber Securityanupriti
Delve into the critical intersection of data sovereignty and cyber security in this presentation. Explore unconventional cyber threat vectors and strategies to safeguard data integrity and sovereignty in an increasingly interconnected world. Gain insights into emerging threats and proactive defense measures essential for modern digital ecosystems.
Quality Patents: Patents That Stand the Test of TimeAurora Consulting
Is your patent a vanity piece of paper for your office wall? Or is it a reliable, defendable, assertable, property right? The difference is often quality.
Is your patent simply a transactional cost and a large pile of legal bills for your startup? Or is it a leverageable asset worthy of attracting precious investment dollars, worth its cost in multiples of valuation? The difference is often quality.
Is your patent application only good enough to get through the examination process? Or has it been crafted to stand the tests of time and varied audiences if you later need to assert that document against an infringer, find yourself litigating with it in an Article 3 Court at the hands of a judge and jury, God forbid, end up having to defend its validity at the PTAB, or even needing to use it to block pirated imports at the International Trade Commission? The difference is often quality.
Quality will be our focus for a good chunk of the remainder of this season. What goes into a quality patent, and where possible, how do you get it without breaking the bank?
** Episode Overview **
In this first episode of our quality series, Kristen Hansen and the panel discuss:
⦿ What do we mean when we say patent quality?
⦿ Why is patent quality important?
⦿ How to balance quality and budget
⦿ The importance of searching, continuations, and draftsperson domain expertise
⦿ Very practical tips, tricks, examples, and Kristen’s Musts for drafting quality applications
https://www.aurorapatents.com/patently-strategic-podcast.html
GDG Cloud Southlake #34: Neatsun Ziv: Automating AppsecJames Anderson
The lecture titled "Automating AppSec" delves into the critical challenges associated with manual application security (AppSec) processes and outlines strategic approaches for incorporating automation to enhance efficiency, accuracy, and scalability. The lecture is structured to highlight the inherent difficulties in traditional AppSec practices, emphasizing the labor-intensive triage of issues, the complexity of identifying responsible owners for security flaws, and the challenges of implementing security checks within CI/CD pipelines. Furthermore, it provides actionable insights on automating these processes to not only mitigate these pains but also to enable a more proactive and scalable security posture within development cycles.
The Pains of Manual AppSec:
This section will explore the time-consuming and error-prone nature of manually triaging security issues, including the difficulty of prioritizing vulnerabilities based on their actual risk to the organization. It will also discuss the challenges in determining ownership for remediation tasks, a process often complicated by cross-functional teams and microservices architectures. Additionally, the inefficiencies of manual checks within CI/CD gates will be examined, highlighting how they can delay deployments and introduce security risks.
Automating CI/CD Gates:
Here, the focus shifts to the automation of security within the CI/CD pipelines. The lecture will cover methods to seamlessly integrate security tools that automatically scan for vulnerabilities as part of the build process, thereby ensuring that security is a core component of the development lifecycle. Strategies for configuring automated gates that can block or flag builds based on the severity of detected issues will be discussed, ensuring that only secure code progresses through the pipeline.
Triaging Issues with Automation:
This segment addresses how automation can be leveraged to intelligently triage and prioritize security issues. It will cover technologies and methodologies for automatically assessing the context and potential impact of vulnerabilities, facilitating quicker and more accurate decision-making. The use of automated alerting and reporting mechanisms to ensure the right stakeholders are informed in a timely manner will also be discussed.
Identifying Ownership Automatically:
Automating the process of identifying who owns the responsibility for fixing specific security issues is critical for efficient remediation. This part of the lecture will explore tools and practices for mapping vulnerabilities to code owners, leveraging version control and project management tools.
Three Tips to Scale the Shift Left Program:
Finally, the lecture will offer three practical tips for organizations looking to scale their Shift Left security programs. These will include recommendations on fostering a security culture within development teams, employing DevSecOps principles to integrate security throughout the development
Video traffic on the Internet is constantly growing; networked multimedia applications consume a predominant share of the available Internet bandwidth. A major technical breakthrough and enabler in multimedia systems research and of industrial networked multimedia services certainly was the HTTP Adaptive Streaming (HAS) technique. This resulted in the standardization of MPEG Dynamic Adaptive Streaming over HTTP (MPEG-DASH) which, together with HTTP Live Streaming (HLS), is widely used for multimedia delivery in today’s networks. Existing challenges in multimedia systems research deal with the trade-off between (i) the ever-increasing content complexity, (ii) various requirements with respect to time (most importantly, latency), and (iii) quality of experience (QoE). Optimizing towards one aspect usually negatively impacts at least one of the other two aspects if not both. This situation sets the stage for our research work in the ATHENA Christian Doppler (CD) Laboratory (Adaptive Streaming over HTTP and Emerging Networked Multimedia Services; https://athena.itec.aau.at/), jointly funded by public sources and industry. In this talk, we will present selected novel approaches and research results of the first year of the ATHENA CD Lab’s operation. We will highlight HAS-related research on (i) multimedia content provisioning (machine learning for video encoding); (ii) multimedia content delivery (support of edge processing and virtualized network functions for video networking); (iii) multimedia content consumption and end-to-end aspects (player-triggered segment retransmissions to improve video playout quality); and (iv) novel QoE investigations (adaptive point cloud streaming). We will also put the work into the context of international multimedia systems research.
10. DAST , SCA
• Dynamic Analysis and Security Testing (DAST)
• Dynamic application security testing (DAST) is a
type of black-box security testing in which tests are
performed by attacking an application from the
outside.
• Pros
• #1 Technology independent
• #2 Low false positives
• #3 Identifies configuration issues
• Cons
• #1 Not highly scalable
• #2 No code visibility
• #3 Slow scans
11. IAST
• IAST typically is implemented by deploying agents
and sensors in the application post build. The agent
observes the application’s operation and analyzes
traffic flow to identify security vulnerabilities. It
does this by mapping external signatures or
patterns to source code, which allows it to identify
more complex vulnerabilities.
• IAST test results are usually reported in real time via
a web browser, dashboard, or customized report
without adding extra time to the CI/CD pipeline.
IAST results can also be combined with other issues
tracking tools.
Pros
• #1 Low Number of False Positives
• #2 Instant Feedback
• #3 Highly Scalable
Cons
• #1 Limited Language Coverage
• #2 Requires a Mature Test Environment
• #3 Not Widely Adopted
12. Configuration Drift
• configuration drift occurs whenever someone
makes a change to the production environment
without recording those changes and without
ensuring complete parity between staging and
production. And, although it’s unintentional, it can
end in unanticipated bugs and the resulting flurry of
pleas for rapid incident response.
• Critical package updates are made at breakneck
speeds to address a security vulnerability or
incident and often ignore procedure in favor of
speed.
• When testing servers, a developer may make a
manual configuration change to better document
or track a bug, which could help define that issue,
but if the configuration change isn’t changed
back, it will cause drift.
• Adding more resources to bolster server
configuration can help systems cope with peak
load times but are often unplanned or
undocumented, eventually leading to
configuration drift.
13. RASP
• RASP is a technology that runs on a server and kicks
in when an application runs. It's designed to detect
attacks on an application in real time
14. Secret Management
• Often credentials are store in config files
• Leakage can result in abuse scenario
• Secrets management allows you to tokenize the
information
15. Infrastructure as code
• Infrastructure as a code allows you to document &
version control the infra
• It also allows you to perform audit on the
infrastructure
• Docker / K8s infra relies on base images
• Environment is as secure as the base images
• Base images need to be minimal in nature & need to
be assessed to identify inherited vulnerabilities
16. Cloud Native Security approach to security
• Different Service Providers Approach Security
Differently
• All of them provide some of the ingredient In-house
• Irrespective of cloud providers some tools will need
to be sourced
• Static code analysis tool
• Dynamic Code Analysis Tool
• Software Composition Analysis
• Vulnerability Management Tool
17. Terrascan
• Terrascan detects security vulnerabilities and
compliance violations across your Infrastructure as
Code. Mitigate risks before provisioning cloud
native infrastructure. Run locally or integrate with
your CICD.
• Documentation: https://docs.accurics.com/projects
/accurics-terrascan
• Discuss: https://community.accurics.com
Features
• 500+ Policies for security best practices
• Scanning of Terraform (HCL2)
• Scanning of Kubernetes (JSON/YAML), Helm v3,
and Kustomize v3
• Support for AWS, Azure, GCP, Kubernetes and
GitHub
• Accurics Discord Server ! Join Community
• https://discord.gg/G6EyMg4kCP