Is Red Hat / Fedora / Centos ready for lightweight Docker containers? Is Docker secure enough? How about SELinux? How could we deploy Jboss or Django within Docker / RHEL?
I gave this talk at DevOPS meetup in Krakow at 2014-02-26.
Docker Networking - Common Issues and Troubleshooting TechniquesSreenivas Makam
This document discusses Docker networking components and common issues. It covers Docker networking drivers like bridge, host, overlay, topics around Docker daemon access and configuration behind firewalls. It also discusses container networking best practices like using user-defined networks instead of links, connecting containers to multiple networks, and connecting managed services to unmanaged containers. The document is intended to help troubleshoot Docker networking issues.
An introduction to Docker and docker-compose. Starting from single docker run commands we discover docker file basics, docker-compose basics and finally we play around with scaling containers in docker-compose.
Overview of Docker 1.11 features(Covers Docker release summary till 1.11, runc/containerd, dns load balancing ipv6 service discovery, labels, macvlan/ipvlan)
Docker Security: Are Your Containers Tightly Secured to the Ship?Michael Boelen
Docker is hot, Docker security is not? In this talk the risks, benefits and defenses of Docker are discussed. They are followed up by some best practices, which can you use in your daily activities. What is clear is that there is still a lot to do to get your containers secured.
Event: Docker Amsterdam Meetup - January 2015
This presentation was given by Michael Boelen, January 23rd at Schuberg Philis. The event was organized by Mark Robert Coleman with help of Harm Boertien. With a full house of people, Docker security was discussed.
About the author:
Michael Boelen is founder of CISOfy and researches Linux security to build tools and documentation, to simplify it for others. Examples are tools like Rootkit Hunter and Lynis, blog posts and presentations.
This document provides an overview of a talk about Docker. It introduces Docker features like images, containers, and the workflow. It describes how Docker uses namespaces and control groups for isolation. It compares Docker to virtual machines and explains why Docker is popular. The document then demonstrates Docker through a tutorial of pulling an image, running a container, and viewing container logs. It also discusses the Dockerfile for automating builds.
The document discusses potential issues that can occur with Docker containers and summarizes ways to address some of these issues in 3 sentences or less. It begins by explaining that Docker uses cgroups and namespaces to isolate resources and that exceeding limits of certain resources like open file handles or network interfaces can cause problems. It then summarizes that storage drivers like devicemapper and AUFS can impact disk performance, with AUFS utilizing page caching more efficiently. The document advocates for storage drivers like Btrfs that are more production ready.
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
Docker is a runtime for Linux Containers. It enables "separation of concern" between devs and ops, and solves the "matrix from hell" of software deployment. This presentation explains it all! It also explains the role of the storage backend and compares the various backends available. It gives multiple recipes to build Docker images, including integration with configuration management software like Chef, Puppet, Salt, Ansible. If you already watched other Docker presentations, this is an actualized version (as of mid-November 2013) of the thing!
The document discusses using Docker containers to enable a solar panel monitoring application to support multiple service providers. It describes setting up Docker containers for the TCP data ingestion server and Flask admin application for each provider, linking them to a Cassandra database container. Each provider's instances use a unique Cassandra keyspace to isolate their data. Automating this process using Docker Python APIs allows easily scaling to support additional providers. Lessons learned include Docker providing fast isolation without code changes, and needing improved Docker orchestration and Dockerfile support for multiple commands.
Docker-Hanoi @DKT , Presentation about Docker EcosystemVan Phuc
The document provides an overview of Docker Platform and Ecosystem. It begins with introductions and background on Docker, explaining how Docker solves the problem of dependency hell and portability issues by allowing applications to run in isolated containers that package code and dependencies. It then discusses key components of Docker including Engine, Registry, Machine, Swarm, Compose and tools like Toolbox and Cloud. The document concludes with examples of using Docker for continuous integration pipelines and microservices architectures.
CONTAINERS WORKSHOP DURING SAUDI HPC 2016 : DOCKER 101, DOCKER, AND ITS ECO SYSTEM FOR DISTRIBUTED SYSTEMS by Walid Shaari
This workshop will cover the Theory and hands-on of Docker containers, and Its eco system. The foundations of the Docker platform, including an overview of the platform system components, images, containers and repositories, installation , using Docker containers from repositories e.g. dockerhub, how to create a container using Dockerfile, containers development life cycle. The strategy is to demonstrate through "live demo, and shared exercise" the reuse and customization of components to build a distributed system case service gradually
http://www.hpcsaudi.com/
Container security involves securing containers at both the host and application level. At the host level, Linux technologies like namespaces, cgroups, SELinux, and seccomp provide isolation between containers. Container images are also scanned for vulnerabilities. The OpenShift platform provides additional security features like role-based access control, network policies, encrypted communications, and controls over privileged containers and storage. Application security best practices within containers include using HTTPS, securing secrets, and API management tools.
This document discusses 10 things not to forget before deploying Docker in production. It covers logging, monitoring, secrets, container access, filesystem choices, disk space usage, build optimizations, download speeds, backups, and Docker clusters. Overall, Docker provides benefits for portability and workflows but has some challenges to address for system-wide deployments in production environments.
Short Introduction to Docker. These slides show the basic idea behind the container technology Docker. The slides present the basic features for the daily use with Docker, Docker Compose, Docker Machine and Docker Swarm.
Docker is specially important for DevOps, because it gives Software Developers more control about their dependencies in different environments.
This document discusses Docker security. It begins by introducing Docker and containers, then covers securing Docker images through signing and scanning. It discusses how Docker uses namespaces and cgroups for isolation. It also addresses securing the Docker daemon and containers, as well as operational concerns around deployment, networking, monitoring, and logging of containers. It concludes by looking at future directions like unikernels and serverless architectures.
1. Create a Dockerfile that defines the base image, installs Nginx and any modules, and exposes ports 80 and 443.
2. Build the image from the Dockerfile using "docker build ."
3. Run a container from the new image and publish the ports so Nginx is accessible.
Real-World Docker: 10 Things We've Learned RightScale
Docker has taken the world of software by storm, offering the promise of a portable way to build and ship software - including software running in the cloud. The RightScale development team has been diving into Docker for several projects, and we'll share our lessons learned on using Docker for our cloud-based applications.
This document provides an introduction to Docker. It discusses key Docker concepts like OS virtualization using containers as opposed to virtual machines. Containers isolate processes and filesystems using cgroups, namespaces and UnionFS. Namespaces provide isolation for processes, networking, mounts etc. Cgroups are used to limit, account and isolate resource usage. The document also covers Docker storage and networking as well as security best practices.
This document provides an introduction to Docker and includes instructions for several exercises to help users learn Docker in 90 minutes. The document covers downloading and running Docker containers, creating Docker images, understanding Docker layers, exposing container ports, using Dockerfiles to build images, and sharing images in Docker repositories. The exercises guide users through hands-on experience with common Docker commands and concepts.
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewiredotCloud
This document provides an introduction and overview of Docker and containers. It discusses that Docker is an open source tool that allows applications to be packaged with all their dependencies and run as isolated processes on any machine. Containers provide lightweight virtualization that improves efficiency by sharing resources but still isolating processes. The document outlines how Docker uses containers powered by Linux namespaces and cgroups to package and deploy applications easily and consistently across environments.
I gave this talk during first Infosec meetup in Kraków/Poland on 13th March 2014. After viewing this presentation you'll know how and why you should use SELinux (or others LSMs).
How to use SELINUX (No I don't mean turn it off)Chuck Reeves
Why do we turn off NSA-grade security features? Well early on, SELINUX was complex and confusing. However, the pains of dealing with SELINUX are long gone. In fact, the tools for working with SELINUX have long improved are now so easy, anyone can configure the security layer. Even one bad chmod on a server can leave you vulnerable. However, when SELINUX is running, rogue processes will be prevented from running havoc. You'll learn how easy it is to use SELINUX and how (with little effort) you can configure and troubleshoot this amazing security feature. Stop leaving gaps in your infrastructure and turn it back on.
• Each SELinux access control model is simple, but actually
access control is more complex
• Red Hat puts a lot of effort into SELinux, policy and utils for
SELinux usability
– Enlarging default policy modules
– Encouraging Policy module system
– Analyzing and generating policies from access violation log
Este documento fornece uma introdução ao SELinux, discutindo seu objetivo, plano de ensino e módulos introdutórios. Inclui informações sobre pré-requisitos, instalação e configuração do SELinux, além de abordar contas de usuários e regras de segurança.
This document provides instructions for configuring a Samba file server on CentOS 5.6 using the tdbsam backend for user authentication. Key steps include disabling SELinux and the firewall, installing Samba packages, configuring the smb.conf file to use tdbsam security and set shares, adding users with smbpasswd, and starting the Samba services. Additional notes cover starting Samba services on CentOS 6 and using Webmin as a GUI management tool for Samba.
SELinux Kernel Internals and Architecture - FOSS.IN/2005James Morris
SELinux is a Linux security module that provides mandatory access controls. It labels important system objects like processes, files, and network packets. These labels contain security context information used by SELinux policies to enforce access rules between subjects and objects. The SELinux policy is compiled and loaded into the kernel, where Linux Security Modules hooks mediate critical operations according to the policy.
This document provides an overview of Docker and instructions for installing and using Docker. It discusses what Docker is, the main Docker tools, how to install Docker on different operating systems, and common Docker commands for pulling images, running containers, linking containers, building images with Dockerfiles, and more. The goal is to teach the reader how to containerize a web application using Docker.
Meetup - Red Hat - Techtalks Copenhagen
What are containers, how do they work. and some details about RHEL Atomic
http://www.meetup.com/Red-Hat-Tech-Talks-DK/
The presentation delivered on "Containers in the Enterprise" as a part of the Australia & New Zealand Technical event series.
The presentation agenda:
● What are Linux Containers?
● Enterprise Challenges for Container Adoption and
How Red Hat Solves These
● Kubernetes Architecture in OpenShift 3
● Real World Container Adoption
● Red Hat's Container Roadmap
Containers have the potential to improve the security of typical deployments, but for many the argument has not yet been made convincingly. This talk will describe the existing security technologies around containers, and show how their use can make container-based systems more secure than the alternatives. It will then go further, describing new technologies that allow admins to have even greater confidence in the security of their systems, beyond anything possible with traditional deployment techniques.
In his previous talk, Paul talked about getting your system to work with SELinux. This involved setting the security on your files and directories so that they worked with SELinux. However, many people have customised their Linux installs and want SELinux to do what they say, not the other way around. Sysadmins in particular are not 'run of the mill' users, and they have different requirements to what typically comes out of the box. Situations such as serving web pages from NFS shares or non-standard directories, or installing applications in custom locations, need specialised configuration of SELinux in order to make it work with your needs.
This talk will deal with those situations. Fortunately for Sysadmins, much of the work in developing SELinux policies for Linux has focussed on their requirements. Paul will show you a few of the things behind
the scenes that make your job as a Sysadmin much easier and safer with SELinux.
SELinux provides mandatory access control on Linux systems to complement traditional discretionary access control. It enforces security policies that govern how processes and users can interact with files and resources based on security contexts. Key aspects of SELinux include user and role-based access controls, type enforcement that assigns types to processes and objects to define how they can interact, and multi-level security that assigns sensitivity and compartment labels to provide confidentiality. System administrators can configure SELinux policies and security contexts to enforce integrity and confidentiality.
This was a talk I did in Dublin at an event called Redefining the Enterprise OS Breakfast Briefing - How to meet next-generation IT demands for Linux Containers, Docker, Performance & Systems Management
http://techxperts.eu/events/redefining-the-enterprise-os-breakfast-briefing/
Docker is an open source containerization platform that allows applications to be easily deployed and run across various operating systems and cloud environments. It allows applications and their dependencies to be packaged into standardized executable units called containers that can be run anywhere. Containers are more portable and provide better isolation than virtual machines, making them useful for microservices architecture, continuous integration/deployment, and cloud-native applications.
This document discusses containerized cloud computing and provides an overview of Linux containers. It begins by explaining that containers package applications and dependencies to make them portable, isolated, and easy to deploy. It then discusses how major companies like Google use containers to run all their services and applications. The document covers some common misconceptions about containers and how they differ from traditional virtualization. It also discusses the need for open standards around containers and Red Hat's role in driving standards. Finally, it provides an overview of the OpenShift platform for developing, deploying and managing container-based applications on premises or in the cloud.
This document provides an overview of SELinux, including its introduction, access control mechanisms, policy, administration, and benefits. SELinux is a Linux security module that implements mandatory access controls to confine processes and restrict their access. It defines types for objects like files and directories, domains for processes, and roles to determine what access users and processes have. SELinux policy enforces these controls and can be configured through booleans and modified policy modules. It helps strengthen security by auditing access and confining services like web servers even if they are compromised by an attack.
Philadelphia Best Places to Work Roadshow | OpenTableGlassdoor
The document discusses OpenTable's culture of hospitality and how it aims to reflect this culture externally to attract talent as well as internally through its people programs. It highlights the importance of maintaining a consistent talent brand that aligns with the company's culture, and of building talent programs based on organic cultural aspects while hiring people who fit the culture. The document appears to be from a presentation on OpenTable's culture and talent strategies.
The document discusses running Docker containers on Raspberry Pi devices. It describes how the Hypriot team iteratively developed HypriotOS to make it easy to run Docker on ARM devices like Raspberry Pi through pre-built images. It aims to bring Docker and containers to Internet of Things applications by supporting low-powered boards. The talk covers the goals, approaches, concepts and current status of HypriotOS for enabling Docker containers on ARM and Raspberry Pi.
This document discusses Docker, an open source project that automates the deployment of applications inside software containers. It begins by describing common problems in application deployment and how virtual machines address some issues but introduce overhead. It then summarizes the history and rapid growth of Docker since its launch in 2013. The rest of the document dives into technical aspects of Docker like how images and containers work, comparisons to virtual machines, security considerations, the Docker workflow, and how Docker relates to DevOps and continuous delivery practices.
This document provides an overview of Docker, including:
1. Docker allows containers to reuse operating system resources more efficiently than virtual machines, making them lighter and faster.
2. Docker containers can help avoid version conflicts when programs have multiple versions and allow easy transfer of analysis environments between computers.
3. The workflow involves pulling images, running containers from images, starting/stopping containers, attaching to containers, and committing container changes to new images.
Preparation study for Docker Event
Mulodo Open Study Group (MOSG) @Ho chi minh, Vietnam
http://www.meetup.com/Open-Study-Group-Saigon/events/229781420/
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
In less than two years Docker went from first line of code to major Open Source project with contributions from all the big names in IT. Everyone is excited, but what's in for me - as a Dev or Ops? In short, Docker makes creating Development, Test and even Production environments an order of magnitude simpler, faster and completely portable across both local and cloud infrastructure. We will start from Docker main concepts: how to create a Linux Container from base images, run your application in it, and version your runtimes as you would with source code, and finish with a concrete example.
Il s’agit dans un premier temps de présenter Docker, ses cas d’usage et quelques bonnes pratiques d’utilisation.
Le but est de présenter Docker, son mode de fonctionnement et son écosystème.
Ce qu’il peut apporter et les pièges à éviter
https://github.com/kanedafromparis/prez-fabric8-dmp
V1. This document introduces Vagrant and Docker, tools for efficiently building and running virtual machines and containers. It discusses how Vagrant can be used to create standardized development environments and Docker allows building and sharing applications and their dependencies.
V2. The document then covers how to install, access, customize, and provision Vagrant virtual machines as well as how to build, run, network, and manage Docker containers and images.
V3. Advanced topics discussed include linking containers, using Docker Compose for orchestration, the Docker Hub registry, security considerations, and other Docker tools like Machine for provisioning remote hosts and Swarm for clustering.
Presentato al sesto WebMeetup del Machine Learning / Data Science Meetup Roma: https://www.meetup.com/it-IT/Machine-Learning-Data-Science-Meetup/events/273089965/
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth RushgroveDocker, Inc.
Dockerfiles are great. They provide a zero-barrier-to-entry format for
describing a single Docker image which is immediately clear to anyone
reading them. But with that simplicity comes problems that become
apparent as your adoption of Docker gathers pace.
* Dockerfiles can inherit from other docker images, but images are not
Dockerfiles
* Dockerfile provides no built-in mechanism for creating abstractions,
so as usage grows identical or similar instructions can be duplicated
across many files
* The Docker APi exposes a build endpoint, but the API is very course,
taking Dockerfile as the transport rather than exposing the individual
instructions
* Dockerfiles are just that, files. So they can come from anywhere
The one layer per line in a Dockerfile limitation can lead to an
explosion of layers, which fail to take advantage of the promised
space and performance benefits.
Docker is a containerization platform that allows applications to run in isolated containers using fewer resources than virtual machines. Containers have existed for years on operating systems through features like BSD jails and Linux cgroups, but Docker standardized the container format and created tools to manage the lifecycle of applications in containers. The presentation introduces Docker and demonstrates how to build a simple Apache container using a Dockerfile to define the container configuration and expose the Apache service.
This document discusses containerization and the Docker ecosystem. It provides a brief history of containerization technologies and an overview of Docker components like Docker Engine, Docker Hub, and Docker Inc. It also discusses developing with Docker through concepts like Dockerfiles, images, and Fig for running multi-container apps. More advanced topics covered include linking containers, volumes, Docker Machine for provisioning, and clustering with Swarm and Kubernetes.
An on-going presentation for the Docker workshop on how to integrate docker into Vagrant as a provider. In order to remove the requirement of having a VM, and speedup development environments. It also features Puppet as the configuration management system.
The code can be found in: https://github.com/npoggi/vagrant-docker
http://2016.foss4g.org/talks.html#146
Docker is a growing open-source platform for building and shipping applications as cloud services in so called containers. But containers can be more than that! Following the idea of DevOps, Dockerfiles are a complete scripted definition of an application with all it's dependencies, which can be build and published as ready to use images. As each container is only running "one thing" (e.g. one application, one database, a worker instance), multiple containers can be configured with the help of docker-compose.
More and more geospatial open source projects or third parties provide Dockerfiles. In this talk, we try to give an overview of the existing Docker images and docker-compose configurations for FOSS4G projects. We report on test runs that we conducted with them, informing about the evaluation results, target purposes, licenses, commonly used base images, and more. We will also give a short introduction into Docker and present the purposes that Docker images can be used for, such as easy evaluation for new users, education, testing, or common development environments.
This talk integrates and summarizes information from previous talks at FOSS4G and FOSSGIS conferences, so I'd like to thank Sophia Parafina, Jonathan Meyer, and Björn Schilberg for their contributions.
Dockerizing Symfony2 application. Why Docker is so cool And what is Docker? And what are Containers? How they works? What are the ecosystem of Docker? And how to dockerize your web application (can be based on Symfony2 framework)?
The document discusses Docker and Linux containers. It begins with an overview of traditional server virtualization compared to containers. Containers provide isolation at the process level using kernel namespaces for resources like filesystem, network, users and CPUs. Docker uses device mapper thin provisioning to manage disk images for container filesystems and the networking and cgroups APIs to isolate other resources.
GDG-ANDROID-ATHENS Meetup: Build in Docker with Jenkins Mando Stam
The document discusses automating an Android application build process using Docker and Jenkins. It describes how previously the build was done manually across multiple machines. The proposed solution is to create Docker images with the Android SDK, NDK and other build tools. These images would be used as build agents in Jenkins. Several challenges are addressed such as setting environment variables and running builds interactively in Docker containers. Defining properties files and caching downloads are techniques used to optimize the build process.
Docker allows users to containerize processes and run them anywhere. It provides lightweight virtualization, separation of concerns, and portability. Key Docker concepts include images, containers, repositories, and Dockerfiles used to build images. Images can be built locally or pulled from registries. Containers can link to share resources and volumes can be used for persistent storage. Docker has a growing ecosystem of tools for clustering, service discovery, and PaaS platforms.
This document provides instructions for a lab on using Docker to install and run containers. The objectives are to install Docker, create images and containers, launch applications in containers, and store and access data in containers. It outlines setting up Docker on Ubuntu, pulling existing images like Fedora and running containers from them. Specific steps look at running the "hello-world" container, installing wget in a Fedora container, and persisting data. The last section provides instructions for building a Docker image to run the OwnCloud application in a container, addressing aspects like installing the application, configuring network access, and persisting data and configuration.
Streamline your development environment with dockerGiacomo Bagnoli
These days applications are getting more and more complex. It's becoming quite
difficult to keep track of all the different components an application needs in order to
function (a database, a message queueing system, a web server, a document
store, a search engine, you name it.). How many times we heard 'it worked on my
machine'?. In this talk we are going to explore Docker, what it is, how it works
and how much it can benefit in keeping the development environment consistent.
We are going to talk about Dockerfiles, best practices, tools like fig and vagrant,
and finally show an example of how it applies to a ruby on rails
application.
Similar to RHEL/Fedora + Docker (and SELinux) (20)
Under the Dome (of failure driven pipeline)Maciej Lasyk
The document discusses various topics related to DevOps including:
1. Different types of shells (login, non-login, interactive, non-interactive, su, sudo su, sudo -i, sudo /bin/bash, sudo -s) and how they affect environment variables and profile files.
2. Stories of organizational "anti-types" that go against DevOps principles like not seeing the need for operations teams.
3. How automation, consistency, and reducing errors leads to stable environments and less unplanned work, allowing teams to focus on delivery.
This document discusses integrating security into DevOps practices through continuous delivery. It proposes including security automation and monitoring at each stage of the software development pipeline from development through production. Specific techniques mentioned include performing continuous security scanning, integrating security testing with other testing stages, automating security tasks using tools like Ansible, and sharing security data and lessons learned across teams to improve processes over time. The overall message is that security should be built into delivery rather than treated separately to avoid slowing software releases while still maintaining quality.
This document contains a list of various tools related to terminals, privacy, communication, productivity, and mobile topics. It discusses terminal emulators like guake and iterm2, VPN services like OpenVPN, messaging clients like IRC and XMPP, note taking apps like Evernote and Geeknote, and more. It concludes by inviting questions about any of the topics mentioned.
High Availability (HA) Explained - second editionMaciej Lasyk
I gave this talk at one of the biggest Linux conferences in Poland: 11 Liux Session that took place in Wrocław on 5/6-04-2014. It was a lightning talk covering subject of High Availability solutions, architecture, planning and deploying.
How could one create very sophisticated, open - source based monitoring solution that is very scalable and easy to deploy?
I gave this talk during on of the biggest Linux conferences in Poland: 11 Linux Session which took place in Wrocław on 5/6-04-2013
I gave this talk at Krakow/Poland DevOPS meetup. It was a lightning talk covering subject of High Availability solutions, architecture, planning and deploying.
How to run system administrator recruitment process? By creating platform based on open source parts in just 2 nights! I gave this talk in Poland / Kraków OWASP chapter meeting on 17th Octomber 2013 at our local Google for Entrepreneurs site. It's focused on security and also shows how to create recruitment process in CTF / challenge way.
This story covers mostly security details of this whole platform. There's great chance, that I will give another talk about this system but this time focusing on technical details. Stay tuned ;)
How to run system administrator recruitment process? By creating platform based on open source parts in just 2 nights! I gave this talk in Poland / Kraków OWASP chapter meeting on 17th October 2013 at our local Google for Entrepreneurs site. It's focused on security and also shows how to create recruitment process in CTF / challenge way.
This story covers mostly security details of this whole platform. There's great chance, that I will give another talk about this system but this time focusing on technical details. Stay tuned ;)
AI_dev Europe 2024 - From OpenAI to Opensource AIRaphaël Semeteys
Navigating Between Commercial Ownership and Collaborative Openness
This presentation explores the evolution of generative AI, highlighting the trajectories of various models such as GPT-4, and examining the dynamics between commercial interests and the ethics of open collaboration. We offer an in-depth analysis of the levels of openness of different language models, assessing various components and aspects, and exploring how the (de)centralization of computing power and technology could shape the future of AI research and development. Additionally, we explore concrete examples like LLaMA and its descendants, as well as other open and collaborative projects, which illustrate the diversity and creativity in the field, while navigating the complex waters of intellectual property and licensing.
Data Protection in a Connected World: Sovereignty and Cyber Securityanupriti
Delve into the critical intersection of data sovereignty and cyber security in this presentation. Explore unconventional cyber threat vectors and strategies to safeguard data integrity and sovereignty in an increasingly interconnected world. Gain insights into emerging threats and proactive defense measures essential for modern digital ecosystems.
What's Next Web Development Trends to Watch.pdfSeasiaInfotech2
Explore the latest advancements and upcoming innovations in web development with our guide to the trends shaping the future of digital experiences. Read our article today for more information.
Video traffic on the Internet is constantly growing; networked multimedia applications consume a predominant share of the available Internet bandwidth. A major technical breakthrough and enabler in multimedia systems research and of industrial networked multimedia services certainly was the HTTP Adaptive Streaming (HAS) technique. This resulted in the standardization of MPEG Dynamic Adaptive Streaming over HTTP (MPEG-DASH) which, together with HTTP Live Streaming (HLS), is widely used for multimedia delivery in today’s networks. Existing challenges in multimedia systems research deal with the trade-off between (i) the ever-increasing content complexity, (ii) various requirements with respect to time (most importantly, latency), and (iii) quality of experience (QoE). Optimizing towards one aspect usually negatively impacts at least one of the other two aspects if not both. This situation sets the stage for our research work in the ATHENA Christian Doppler (CD) Laboratory (Adaptive Streaming over HTTP and Emerging Networked Multimedia Services; https://athena.itec.aau.at/), jointly funded by public sources and industry. In this talk, we will present selected novel approaches and research results of the first year of the ATHENA CD Lab’s operation. We will highlight HAS-related research on (i) multimedia content provisioning (machine learning for video encoding); (ii) multimedia content delivery (support of edge processing and virtualized network functions for video networking); (iii) multimedia content consumption and end-to-end aspects (player-triggered segment retransmissions to improve video playout quality); and (iv) novel QoE investigations (adaptive point cloud streaming). We will also put the work into the context of international multimedia systems research.
Interaction Latency: Square's User-Centric Mobile Performance MetricScyllaDB
Mobile performance metrics often take inspiration from the backend world and measure resource usage (CPU usage, memory usage, etc) and workload durations (how long a piece of code takes to run).
However, mobile apps are used by humans and the app performance directly impacts their experience, so we should primarily track user-centric mobile performance metrics. Following the lead of tech giants, the mobile industry at large is now adopting the tracking of app launch time and smoothness (jank during motion).
At Square, our customers spend most of their time in the app long after it's launched, and they don't scroll much, so app launch time and smoothness aren't critical metrics. What should we track instead?
This talk will introduce you to Interaction Latency, a user-centric mobile performance metric inspired from the Web Vital metric Interaction to Next Paint"" (web.dev/inp). We'll go over why apps need to track this, how to properly implement its tracking (it's tricky!), how to aggregate this metric and what thresholds you should target.
The Rise of Supernetwork Data Intensive ComputingLarry Smarr
Invited Remote Lecture to SC21
The International Conference for High Performance Computing, Networking, Storage, and Analysis
St. Louis, Missouri
November 18, 2021
Transcript: Details of description part II: Describing images in practice - T...BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and slides: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
Quantum Communications Q&A with Gemini LLM. These are based on Shannon's Noisy channel Theorem and offers how the classical theory applies to the quantum world.
Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threatsanupriti
In the rapidly evolving landscape of blockchain technology, the advent of quantum computing poses unprecedented challenges to traditional cryptographic methods. As quantum computing capabilities advance, the vulnerabilities of current cryptographic standards become increasingly apparent.
This presentation, "Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threats," explores the intersection of blockchain technology and quantum computing. It delves into the urgent need for resilient cryptographic solutions that can withstand the computational power of quantum adversaries.
Key topics covered include:
An overview of quantum computing and its implications for blockchain security.
Current cryptographic standards and their vulnerabilities in the face of quantum threats.
Emerging post-quantum cryptographic algorithms and their applicability to blockchain systems.
Case studies and real-world implications of quantum-resistant blockchain implementations.
Strategies for integrating post-quantum cryptography into existing blockchain frameworks.
Join us as we navigate the complexities of securing blockchain networks in a quantum-enabled future. Gain insights into the latest advancements and best practices for safeguarding data integrity and privacy in the era of quantum threats.
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Erasmo Purificato
Slide of the tutorial entitled "Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Emerging Trends" held at UMAP'24: 32nd ACM Conference on User Modeling, Adaptation and Personalization (July 1, 2024 | Cagliari, Italy)
Performance Budgets for the Real World by Tammy EvertsScyllaDB
Performance budgets have been around for more than ten years. Over those years, we’ve learned a lot about what works, what doesn’t, and what we need to improve. In this session, Tammy revisits old assumptions about performance budgets and offers some new best practices. Topics include:
• Understanding performance budgets vs. performance goals
• Aligning budgets with user experience
• Pros and cons of Core Web Vitals
• How to stay on top of your budgets to fight regressions
Blockchain and Cyber Defense Strategies in new genre timesanupriti
Explore robust defense strategies at the intersection of blockchain technology and cybersecurity. This presentation delves into proactive measures and innovative approaches to safeguarding blockchain networks against evolving cyber threats. Discover how secure blockchain implementations can enhance resilience, protect data integrity, and ensure trust in digital transactions. Gain insights into cutting-edge security protocols and best practices essential for mitigating risks in the blockchain ecosystem.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/07/intels-approach-to-operationalizing-ai-in-the-manufacturing-sector-a-presentation-from-intel/
Tara Thimmanaik, AI Systems and Solutions Architect at Intel, presents the “Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” tutorial at the May 2024 Embedded Vision Summit.
AI at the edge is powering a revolution in industrial IoT, from real-time processing and analytics that drive greater efficiency and learning to predictive maintenance. Intel is focused on developing tools and assets to help domain experts operationalize AI-based solutions in their fields of expertise.
In this talk, Thimmanaik explains how Intel’s software platforms simplify labor-intensive data upload, labeling, training, model optimization and retraining tasks. She shows how domain experts can quickly build vision models for a wide range of processes—detecting defective parts on a production line, reducing downtime on the factory floor, automating inventory management and other digitization and automation projects. And she introduces Intel-provided edge computing assets that empower faster localized insights and decisions, improving labor productivity through easy-to-use AI tools that democratize AI.
In this follow-up session on knowledge and prompt engineering, we will explore structured prompting, chain of thought prompting, iterative prompting, prompt optimization, emotional language prompts, and the inclusion of user signals and industry-specific data to enhance LLM performance.
Join EIS Founder & CEO Seth Earley and special guest Nick Usborne, Copywriter, Trainer, and Speaker, as they delve into these methodologies to improve AI-driven knowledge processes for employees and customers alike.
7. So.. why Docker?
Looking for some dev-env..
What about XEN/KVM/Virtualbox?
Maciej Lasyk, RHEL + Docker
3/16
8. So.. why Docker?
Looking for some dev-env..
What about XEN/KVM/Virtualbox?
So if looking for lightweight solution – why not LXC?
Maciej Lasyk, RHEL + Docker
3/16
9. So.. why Docker?
Looking for some dev-env..
What about XEN/KVM/Virtualbox?
So if looking for lightweight solution – why not LXC?
Answer is simple – LXC is sitting on lower level
And also – it need more sysop work
Docker just works – it's simpler so devs are :)
Read this for more:
http://stackoverflow.com/questions/17989306/what-does-docker-add-to-just-plain-lxc
Maciej Lasyk, RHEL + Docker
3/16
13. So.. why RHEL/Fedora?
No it's not about flame ;)
RHEL (CentOS) just does the job like Ubuntu / Debian / Gentoo...
Maciej Lasyk, RHEL + Docker
4/16
14. So.. why RHEL/Fedora?
No it's not about flame ;)
RHEL (CentOS) just does the job like Ubuntu / Debian / Gentoo...
Oh maybe in a more mature & stable & secure way
Maciej Lasyk, RHEL + Docker
4/16
15. So.. why RHEL/Fedora?
No it's not about flame ;)
RHEL (CentOS) just does the job like Ubuntu / Debian / Gentoo...
Oh maybe in a more mature & stable & secure way
CVE-2014-0038 & https://github.com/saelo/cve-2014-0038
“Red Hat has previously been paged by its users to enable x32
support in Fedora 18; however, it refused to include it, citing
security concerns.
It affects every user by potentially exposing them to as-yetunfound security bugs for zero gain," Red Hat kernel developer
Dave Jones said at the time.
"In addition to this, it increases the potential attack surface for all
users, 99.9 percent of which will never even use this feature unless we
enable it for additional packages."
Maciej Lasyk, RHEL + Docker
4/16
17. Unprivileged containers - we should talk about it @Infosec
More important – ready for production!
Maciej Lasyk, RHEL + Docker
5/16
18. A little bit of Fedora/RHEL + Docker history
Fedora/RHEL:
first request: 2013-08-23
rls: 2013-11-28/docker-io-0.7.0-6.fc20 (Fedora + EPEL 6)
https://bugzilla.redhat.com/show_bug.cgi?id=1000662
Maciej Lasyk, RHEL + Docker
6/16
19. A little bit of Fedora/RHEL + Docker history
Fedora/RHEL:
first request: 2013-08-23
rls: 2013-11-28/docker-io-0.7.0-6.fc20 (Fedora + EPEL 6)
https://bugzilla.redhat.com/show_bug.cgi?id=1000662
What had to be done?
AUFS replacement with device-mapper (SELinux)
libvirt-lxc in order to integrate with libvirt
Openshift integration (RHEL PaaS)
http://blog.docker.io/2013/09/red-hat-and-docker-collaborate/
Maciej Lasyk, RHEL + Docker
6/16
20. Current status of Docker / RHEL / Fedora
Maciej Lasyk, RHEL + Docker
7/16
21. Current status of Docker / RHEL / Fedora
Fedora 19/20/RawHide + Epel 6:
lxc-0.9.0-2.fc20.x86_64
docker-io-0.8.0-3.fc20.x86_64
https://github.com/dotcloud/docker
v.0.8.1
https://github.com/lxc/lxc
lxc-1.0.0
Maciej Lasyk, RHEL + Docker
7/16
31. Internal docker registry / shipyard
So we'd like to host our own registry
https://github.com/dotcloud/docker-registry
yum install docker-registry (epel: 0.6.3, github 0.6.5)
Maciej Lasyk, RHEL + Docker
12/16
32. Internal docker registry / shipyard
So we'd like to host our own registry
https://github.com/dotcloud/docker-registry
yum install docker-registry (epel: 0.6.3, github 0.6.5)
or just use this samalba/docker-registry
Maciej Lasyk, RHEL + Docker
12/16
33. Internal docker registry / shipyard
So we'd like to host our own registry
https://github.com/dotcloud/docker-registry
yum install docker-registry (epel: 0.6.3, github 0.6.5)
or just use this samalba/docker-registry
Collaboration?
docker export internal_registry > internal_registry.tar
gzip internal_registry.tar
mv internal_registry.tar.gz /vagrant
Or simply host it ;)
Maciej Lasyk, RHEL + Docker
12/16
34. Docker + SELinux
f20 policy:
https://git.fedorahosted.org/cgit/selinux-policy.git/tree/docker.te?h=f20-contrib
What's there?
seinfo -t -x | grep docker
sesearch -A -s docker_t (and the rest)
or just unpack docker.pp with semodule_unpackage
Maciej Lasyk, RHEL + Docker
13/16
35. Docker + SELinux
f20 policy:
https://git.fedorahosted.org/cgit/selinux-policy.git/tree/docker.te?h=f20-contrib
What's there?
seinfo -t -x | grep docker
sesearch -A -s docker_t (and the rest)
or just unpack docker.pp with semodule_unpackage
How to use it?
man docker_selinux :)
Maciej Lasyk, RHEL + Docker
13/16
36. Docker + SELinux
f20 policy:
https://git.fedorahosted.org/cgit/selinux-policy.git/tree/docker.te?h=f20-contrib
What's there?
seinfo -t -x | grep docker
sesearch -A -s docker_t (and the rest)
or just unpack docker.pp with semodule_unpackage
How to use it?
man docker_selinux :)
Remember about permissive domains!
It's only in targeted policy (not for MCS)
Maciej Lasyk, RHEL + Docker
13/16
38. And seriously...
Do you know this guy?
So he has something to tell you...
http://www.youtube.com/watch?v=o5snlP8Y5GY
Maciej Lasyk, RHEL + Docker
14/16