The document discusses various topics related to DevOps including:
1. Different types of shells (login, non-login, interactive, non-interactive, su, sudo su, sudo -i, sudo /bin/bash, sudo -s) and how they affect environment variables and profile files.
2. Stories of organizational "anti-types" that go against DevOps principles like not seeing the need for operations teams.
3. How automation, consistency, and reducing errors leads to stable environments and less unplanned work, allowing teams to focus on delivery.
DevOops & How I hacked you DevopsDays DC June 2015Chris Gates
In a quest to move faster, organizations can end up creating security vulnerabilities using the tools and products meant to protect them. Both Chris Gates and Ken Johnson will share their collaborative research into the technology driving DevOps as well as share their stories of what happens when these tools are used insecurely as well as when the tools are just insecure.
Technologies discussed will encompass AWS Technology, Chef, Puppet, Hudson/Jenkins, Vagrant, Kickstart and much, much more. This talk will most definitely be an entertaining one but a cautionary tale as well, provoking attendees into action. Ultimately, this is research targeted towards awareness for those operating within a DevOps environment.
Docker has several issues that make it unsuitable for managing infrastructure over many years, including frequent breaking changes in new releases, difficulty cleaning up old images, and lack of kernel support. While containers provide benefits like isolation and reproducible environments, monitoring and debugging containers is challenging. Docker also adds security risks compared to traditional infrastructure stacks due to additional layers like registries and daemons.
Docker landed almost two years ago, making it possible to build, ship, and run
any Linux application, on any platform, it was quickly adopted by developers
and ops, like no other tool before. The CI/CD industry even took it to
production long before it was stamped "production-ready."
Why does everyone (or almost!) love Docker? Because it puts powerful
automation abilities within the hands of normal developers. Automation
almost always involves building distribution packages, virtual machine
images, or writing configuration management manifests. With Docker,
those tasks are radically transformed: sometimes they're far easier than before,
other times they're no longer needed at all. Either way, the intervention
of a seasoned sysadmin guru is no longer required.
DevOOPS: Attacks and Defenses for DevOps ToolchainsChris Gates
DevOps toolchains are transforming modern IT, but hackers can undermine their benefits through poorly implemented or vulnerable DevOps tools. Chris Gates and Ken Johnson will share their collaborative attack research into the technology driving DevOps. They will share an attacker's perspective on exploiting DevOps organizations and the countermeasures these organizations should employ.
RSAC 2017
Ken Johnson & Chris Gates
It is a simple introduction to the containers world, starting from LXC to arrive to the Docker Platform.
The presentation is focused on the first steps in the docker environment and the scenarious from a developer point of view.
Devoops: DoJ Annual Cybersecurity Training Symposium Edition 2015Chris Gates
This document summarizes a talk given on DevOps infrastructure security. It discusses how various DevOps tools like GitHub, Jenkins, AWS config files, Chef, and in-memory databases like Redis and Memcache can expose sensitive information if not properly secured. Specific issues covered include exposed Git repositories, weak default credentials, plaintext storage of secrets, and lack of authentication. The document provides recommendations on securing these tools such as enabling authentication, upgrading versions, and segmenting tools from public access.
This document provides techniques for escalating privileges on Windows systems. It begins with an overview of tricks that can grant escalated privileges to users or administrators. Specific techniques discussed include exploiting misconfigurations, using keyloggers, searching for credentials on systems, exploiting Group Policy Preferences files, unattended installation files, Windows Deployment Services, binary path modifications, service configuration issues, and registry permissions problems. The document then covers methods for escalating from an administrative user to SYSTEM level privileges like using Metasploit exploits, Sysinternals tools, binary replacement, and WMIC. It concludes with sections on achieving persistence and bypassing authentication.
Getting root with benign app store apps vsecurityfestCsaba Fitzl
This document discusses macOS privilege escalation techniques using benign App Store apps. It describes how dylib hijacking can be used to gain root privileges by subverting the installation process and dropping files in privileged locations. It provides a demonstration using a "Crontab Creator" app to drop a cronjob that executes a script with root privileges. The document also discusses monitoring tools and how Apple addressed the vulnerability in later versions of macOS.
Shared Object images in Docker: What you need is what you want.Workhorse Computing
Docker images require appropriate shared object files (".so") to run. Rather than assume Ubuntu has the correct lib's, use ldd to get a list and install the ones you know you need. This can reduce the underlying images from GB to a few MB.
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassRob Fuller
This talk is about methodologies and tools that we use or have coded that make our lives and pentest schedule a little easier, and why we do things the way we do. Of course, there will be a healthy dose of Metasploit in the mix.
This document discusses Docker and Puppet for DevOps. It introduces Docker as a lightweight virtualization tool for containers and compares it to virtual machines. Puppet is a configuration management tool. The document outlines how Puppet can be used to install and configure Docker ("Puppetizing Docker") and how Docker can be used to deploy systems configured with Puppet ("Dockerizing Puppet"). It proposes ideas for the future like using Puppet to output Dockerfiles instead of configuring systems directly and having a single Puppet agent manage multiple containers.
Django로 만든 웹 애플리케이션 도커라이징하기 + 도커 컴포즈로 개발 환경 구축하기raccoony
This document provides instructions for dockerizing a Django application with Postgres database. It discusses:
1) Creating a Dockerfile for the Django app and ensuring Postgres dependencies are installed.
2) Running Postgres in a container with environment variables for the database name, user, and password.
3) Configuring the Django settings to connect to the Postgres database using the environment variables.
4) Using docker-compose to define and run the Django and Postgres services on a bridge network, avoiding the need for links. The Django volume mounts the code directory for changes to be reflected.
Running Docker in Development & Production (#ndcoslo 2015)Ben Hall
The document discusses running Docker in development and production. It covers:
- Using Docker containers to run individual services like Elasticsearch or web applications
- Creating Dockerfiles to build custom images
- Linking containers together and using environment variables for service discovery
- Scaling with Docker Compose, load balancing with Nginx, and service discovery with Consul
- Clustering containers together using Docker Swarm for high availability
Vagrant is a well-known tool for creating development environments in a simple and consistent way. Since we adopted in our organization we experienced several benefits: lower project setup times, better shared knowledge among team members, less wtf moments ;-)
In this session I'd like to share our experience, including but not limited to:
- advanced vagrantfile configuration
- vm configuration tips for dev environment: performance, debug, tuning
- our wtf moments
- puphet/phansilbe: hot or not?
- tips for sharing a box
Jump into Squeak - Integrate Squeak projects with Docker & Githubhubx
☛ Install Squeak and dependencies using Docker to avoid complex installation steps
☛ Extend Monticello to use Git for version control and collaboration by adding a MCGitHubRepository class
☛ Saves to Git automatically during Monticello commits, allowing changes to be pushed to a GitHub repository with a single commit
This document provides a summary of Mike Malone's talk on scaling Django web apps. It discusses how Pownce scaled to handle hundreds of requests per second and thousands of database operations per second while serving millions of users, relationships, notes, and terabytes of static data. It also covers some of the common bottlenecks Pownce encountered and eliminated in scaling their Django application, including using caching, load balancing, and queuing to improve performance and scalability.
Getting root with benign app store appsCsaba Fitzl
Csaba Fitzl will discuss techniques for escalating privileges on macOS by abusing the installation process of benign App Store apps. This involves hijacking dylib loading, dropping files in app folders during installation by subverting symlinks, and infecting installers. A demonstration will show creating a "Crontab Creator" app to drop a cronjob file and escalate to root on High Sierra. Recommendations are provided to address these issues, such as verifying app folder ownership and contents during installation.
Regex Considered Harmful: Use Rosie Pattern Language InsteadAll Things Open
The document discusses using the Rosie Pattern Language (RPL) instead of regular expressions for parsing log and data files. RPL aims to address issues with regex like readability, maintainability, and performance. It describes how RPL is designed like a programming language with common patterns. RPL patterns are loaded into the Rosie Pattern Engine which can parse files and annotate text with semantic tags.
RTI against Lodgment of W.P.(criminal) D.NO 2188 of 2017 by Registrar Supreme...Om Prakash Poddar
The document is a request form submitted to the Department of Justice under India's Right to Information Act seeking information from the Registrar of the Supreme Court of India. The requester, Om Prakash, is seeking clarification on 7 points related to the refusal of the Supreme Court registry to register a writ petition on behalf of a senior citizen woman dependent on oxygen. The request form provides details of the petitioner such as name, address, and contact information as well as a description of the information sought and documents submitted in support of the application.
Programowanie AWSa z CLI, boto, Ansiblem i libcloudemMaciej Lasyk
The document describes a session that demonstrates how to program AWS using the AWS CLI, Boto, and Ansible. It provides an agenda for the session that includes a short AWS introduction, demonstrations of the AWS console, AWS CLI, AWS shell, Boto library, Ansible configuration management tool, and Libcloud library. Contact information is also provided for learning more about AWS programming and joining the training organization.
Lodgement Order dated 28.01.2017 of Registrar Supreme Court of IndiaOm Prakash Poddar
Registrar Supreme Court of India refused to register Writ Petition Criminal No........of 2017 titled "OM PRAKASH & ANR VS. UNION OF INDIA & ORS" vide Diary No. 2188 of 2017 under Order XV Rule 5 of Supreme Court Rules, 2013 vide Lodgement Order dated 28.01.2017 on the ground of no reasonable cause received for registration under order XV, Rule 5 of the Supreme Court Rules, 2013 which has suspended the fundamental rights of the petitioners under Article 21 and closed the door of this Hon’ble Court for the petitioners forever.
Writ Petition Criminal NO.......of 2017 vide D.NO.3913 against Registrar Supr...Om Prakash Poddar
Writ Petition Criminal NO.......of 2017 vide D.NO.3913 against Registrar Supreme Court of India for refusal to register Writ (Criminal) D.NO.2188 of 2017
¿Ha valorado el equipo de gobierno la posibilidad de negociar un convenio con la SAREB para recuperar las viviendas vacías de Alcobendas y ponerlas a disposición de los vecinos en un alquiler social?
¿Qué actuaciones o reuniones se han mantenido desde el equipo de gobierno municipal con la SAREB a fin de encontrar un fin social a los inmuebles y aumentar las viviendas disponibles para prevenir situaciones de emergencia social?
High Availability (HA) Explained - second editionMaciej Lasyk
I gave this talk at one of the biggest Linux conferences in Poland: 11 Liux Session that took place in Wrocław on 5/6-04-2014. It was a lightning talk covering subject of High Availability solutions, architecture, planning and deploying.
I gave this talk during first Infosec meetup in Kraków/Poland on 13th March 2014. After viewing this presentation you'll know how and why you should use SELinux (or others LSMs).
Tema 2. al andalus y sus principales etapascopybird
Este documento resume la historia de Al-Ándalus y sus principales etapas. Comenzó con la conquista musulmana de la Península Ibérica en el siglo VIII y pasó por varias fases, incluido el emirato dependiente de Damasco, el emirato independiente de Córdoba, el califato de Córdoba, los reinos de taifas tras la caída del califato, y las invasiones de los almorávides y almohades. Finalmente, sólo sobrevivió el reino nazarí de Granada
La Tierra es el tercer planeta del sistema solar y tiene aproximadamente 4600 millones de años. Está compuesta principalmente de agua y tierra, y es el único planeta conocido que alberga vida. La Tierra gira sobre su eje y orbita alrededor del Sol, y está dividida en placas tectónicas que se mueven y causan fenómenos como terremotos y volcanes. Un sistema de líneas imaginarias llamadas meridianos y paralelos se usa para localizar cualquier punto en la superficie de la Tierra mediante las coordenadas
El documento describe el origen y evolución del castellano. Explica que antes de la llegada de los romanos existían lenguas prerrománicas como el vasco, celta e ibérico. Los romanos introdujeron el latín, que dominó a las otras lenguas excepto al vasco. Del latín vulgar surgieron las lenguas románicas como el catalán, portugués e italiano. Los visigodos y árabes también influyeron en el castellano a través de préstamos lingüísticos. Finalmente, el castellano se desarroll
Porting a command line tool to Android involves cross-compiling the code using the Android NDK toolchain, which may require patching the code to address issues like different file paths, endianness, and library dependencies. While compiling and running static binaries is straightforward, dynamic binaries require position-independent executable (PIE) support added in Android 5. Calling native executables from Android code requires using Runtime.exec() or ProcessBuilder and parsing output streams. Special care needs to be taken to avoid security issues like command injection when passing untrusted inputs to native programs run as root on Android.
Docker … Podman are two close but different tools. What are their differences, what are their commonalities? In this presentation, we propose to present the two tools in order to highlight their differences in design and their specificities, their similarities.
The objective is to allow you to know these tools, from their common roots (Cgroup, namespace,...) to their divergence (socket). From ease of use (Socket) to the hassle (proxy), we will address the strengths and weaknesses of each through our uses of them (build, test,...). We will of course mention our friends the CVEs to feed your thoughts on their security.
Présentation aux Geeks Anonymes Liège par Cyril Soldani, le 13 décembre 2017.
Page des Geeks Anonymes : https://www.recherche.uliege.be/cms/c_9463913/fr/geeks-anonymes
This document provides a step-by-step guide for using Ant, an open-source build automation tool for Java projects. It outlines how to install Ant and the YUI Compressor plugin for JavaScript and CSS minification. The guide then describes a sample folder structure and build script that defines targets for cleaning, compiling, concatenating files, and minifying assets to optimize a website for production.
Fine-tuning your development environment means more than just getting your editor set up just so -- it means finding and setting up a variety of tools to take care of the mundane housekeeping chores that you have to do -- so you have more time to program, of course! I'll share the benefits of a number of yak shaving expeditions, including using App::GitGot to batch manage _all_ your git repos, App::MiseEnPlace to automate getting things _just_ so in your working environment, and a few others as time allows.
Delivered at OpenWest 2016, 13 July 2016
Given at TechMaine's Java Users Group on Feb 26 2008
Why do we need another build tool when we already have Ant? By focusing on convention over configuration, Maven allows you to declaratively define how your project is built, which reduces a lot of the procedural code that you'd need to implement in every build file if you were using Ant. This, along with Maven's built-in management of repositories for project dependencies, allows you to streamline your build process. Ultimately Maven can reduce the amount of time that would otherwise be wasted hunting down jar files and fiddling with boilerplate build scripts.
This presentation covers Maven's core concepts. It introduces the Plugin architecture, and explain how the most popular plugins are used. It also covers the POM concept and how it relates to dependency tracking and repositories.
https://www.facebook.com/groups/InfraEngineer
GIF pack include version
https://docs.google.com/presentation/d/1BTwGPUG6KGwc3xoW1_vU7CmloHXW-ardytNWomPdSy4/edit?usp=sharing
Makefiles in 2020 — Why they still matterSimon Brüggen
Make was created in 1976 by Stuart Feldman at Bell Labs to help build C programs. But how can this 40+ year old piece of software help us develop and maintain our ever-growing amount of cloud-based microservices?
This document provides instructions for installing and configuring TinyOS on Ubuntu Linux. It outlines downloading TinyOS from its website, adding the TinyOS repositories, configuring environment variables, and compiling and pushing applications to sensor motes. Shell scripts are provided to simplify connecting motes, compiling modules, and pushing compiled code. Running the Java listener and GUI are also explained for receiving and viewing sensor data from motes over a TCP/IP network connection.
Joxean Koret - Database Security Paradise [Rooted CON 2011]RootedCON
The document discusses vulnerabilities found in various database software products through analyzing their code and installation directories. Local privilege escalation bugs were found in IBM DB2 and Informix by exploiting how environment variables and shared libraries were handled. Remote code execution bugs were also discovered in UniData and Informix through fuzzing protocols and by exploiting unsafe functions. The document encourages searching for more bugs in database software.
JsDay - It's not you, It's me (or how to avoid being coupled with a Javascrip...Marco Cedaro
General purpose Javascript frameworks are the ones that made the language popular in the past, but right now it is a risk to think about our application development and architecture just in relation to our favorite framework.
This talk highlights risks and suggest some techniques (from design patterns to snippet of code) to avoid being coupled to a specific framework
Author: Jameel Nabbo
Company: UITSEC
This guide contain a practical hands on Linux privilege escalation techniques and methods. based on a real penetration testing experience.
Mothra - A FreeBSD send-pr tool for bugzilla systemDaniel Lin
FreeBSD use bugzilla for PRs management, you need to use browser to send-pr now.
But, if you use Mothra, you could send-pr from command line as you want.
Usage:
- mothra search <keyword>, <days_ago=180>
- mothra submit <summary>, <file_path>
- mothra attach <bug_id>, <file_path>
- mothra browse <bug_id>
- mothra create <summary>
- mothra get <bug_id>
OpenEvent is a Drupal distribution that represents an Event Open Data Model and publishes event data through a self-documented API. It aims to be a generic foundation for cultural organizations to manage and publish their events online. The distribution includes Drupal 7, the Open Data Model, Schema.org mappings, and features like a read-only API. Future plans include moving it to Drupal.org, improving documentation, refactoring custom code into reusable modules, and attending to the issue queue. Lessons learned include benefits of open source like higher developer motivation and easier code sharing.
1. File formats are complex with many stakeholders who interpret specifications differently, leading to divergent implementations over time.
2. Specifications are often incomplete, unclear, non-free, or do not reflect reality, making it difficult to determine what a valid file is.
3. Relying on specifications alone is not sufficient - one must also analyze sample files and code to understand how file formats work in practice.
This document lists various Ruby on Rails plugins and tools across different categories such as authentication, authorization, views, administration, forms, searching, pagination, background processing, state machines, APIs, caching, deployment, scheduling, and testing. Each category lists relevant plugins with their GitHub links. The document also lists some websites for Rails resources. The document is copyrighted to Intridea Inc.
Presentation for openSUSE Asia Summit 2015.
Here I explained what kind of security risk Docker is having, and how can we reduce the risk by using AppArmor.
Similar to Under the Dome (of failure driven pipeline) (20)
This document discusses the history and development of Docker. It notes that Docker was originally created at dotCloud as the engine for their Platform as a Service (PaaS), but in 2013 as PaaS times were hard, Docker was open sourced. Docker was based on LXC and created for a single purpose. dotCloud then pivoted to create Docker Inc. and make Docker their main product. The document also discusses Docker 1.11's integration with runC and systemd, as well as the transition to using the Open Container Initiative specification.
This document discusses Linux security and SELinux. It provides an overview of SELinux and how it works to provide mandatory access control on Linux systems. It discusses how SELinux labels processes and files to confine programs and prevent unauthorized access. It also discusses using SELinux with Docker containers to provide security isolation between containers.
This document discusses integrating security into DevOps practices through continuous delivery. It proposes including security automation and monitoring at each stage of the software development pipeline from development through production. Specific techniques mentioned include performing continuous security scanning, integrating security testing with other testing stages, automating security tasks using tools like Ansible, and sharing security data and lessons learned across teams to improve processes over time. The overall message is that security should be built into delivery rather than treated separately to avoid slowing software releases while still maintaining quality.
Orchestrating docker containers at scale (#DockerKRK edition)Maciej Lasyk
Slightly different version (original is here http://www.slideshare.net/d0cent/orchestrating-docker-containersatscale). This version was presented during first #Docker meetup in Kraków / Poland.
Orchestrating docker containers at scale (PJUG edition)Maciej Lasyk
Slightly changed version (original is here http://www.slideshare.net/d0cent/orchestrating-docker-containersatscale). This version was presented during Polish Java User Group meetup JavaCamp#13 in Kraków / Poland.
Orchestrating Docker containers at scaleMaciej Lasyk
Many of us already poked around Docker. Let's recap what we know and then think what do we know about scaling apps & whole environments which are Docker - based? Should we PaaS, IaaS or go with bare? Which tools to use on a given scale?
This document contains a list of various tools related to terminals, privacy, communication, productivity, and mobile topics. It discusses terminal emulators like guake and iterm2, VPN services like OpenVPN, messaging clients like IRC and XMPP, note taking apps like Evernote and Geeknote, and more. It concludes by inviting questions about any of the topics mentioned.
How could one create very sophisticated, open - source based monitoring solution that is very scalable and easy to deploy?
I gave this talk during on of the biggest Linux conferences in Poland: 11 Linux Session which took place in Wrocław on 5/6-04-2013
Is Red Hat / Fedora / Centos ready for lightweight Docker containers? Is Docker secure enough? How about SELinux? How could we deploy Jboss or Django within Docker / RHEL?
I gave this talk at DevOPS meetup in Krakow at 2014-02-26.
I gave this talk at Krakow/Poland DevOPS meetup. It was a lightning talk covering subject of High Availability solutions, architecture, planning and deploying.
How to run system administrator recruitment process? By creating platform based on open source parts in just 2 nights! I gave this talk in Poland / Kraków OWASP chapter meeting on 17th Octomber 2013 at our local Google for Entrepreneurs site. It's focused on security and also shows how to create recruitment process in CTF / challenge way.
This story covers mostly security details of this whole platform. There's great chance, that I will give another talk about this system but this time focusing on technical details. Stay tuned ;)
How to run system administrator recruitment process? By creating platform based on open source parts in just 2 nights! I gave this talk in Poland / Kraków OWASP chapter meeting on 17th October 2013 at our local Google for Entrepreneurs site. It's focused on security and also shows how to create recruitment process in CTF / challenge way.
This story covers mostly security details of this whole platform. There's great chance, that I will give another talk about this system but this time focusing on technical details. Stay tuned ;)
Data Protection in a Connected World: Sovereignty and Cyber Securityanupriti
Delve into the critical intersection of data sovereignty and cyber security in this presentation. Explore unconventional cyber threat vectors and strategies to safeguard data integrity and sovereignty in an increasingly interconnected world. Gain insights into emerging threats and proactive defense measures essential for modern digital ecosystems.
Details of description part II: Describing images in practice - Tech Forum 2024BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and transcript: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
Are you interested in learning about creating an attractive website? Here it is! Take part in the challenge that will broaden your knowledge about creating cool websites! Don't miss this opportunity, only in "Redesign Challenge"!
INDIAN AIR FORCE FIGHTER PLANES LIST.pdfjackson110191
These fighter aircraft have uses outside of traditional combat situations. They are essential in defending India's territorial integrity, averting dangers, and delivering aid to those in need during natural calamities. Additionally, the IAF improves its interoperability and fortifies international military alliances by working together and conducting joint exercises with other air forces.
An invited talk given by Mark Billinghurst on Research Directions for Cross Reality Interfaces. This was given on July 2nd 2024 as part of the 2024 Summer School on Cross Reality in Hagenberg, Austria (July 1st - 7th)
MYIR Product Brochure - A Global Provider of Embedded SOMs & SolutionsLinda Zhang
This brochure gives introduction of MYIR Electronics company and MYIR's products and services.
MYIR Electronics Limited (MYIR for short), established in 2011, is a global provider of embedded System-On-Modules (SOMs) and
comprehensive solutions based on various architectures such as ARM, FPGA, RISC-V, and AI. We cater to customers' needs for large-scale production, offering customized design, industry-specific application solutions, and one-stop OEM services.
MYIR, recognized as a national high-tech enterprise, is also listed among the "Specialized
and Special new" Enterprises in Shenzhen, China. Our core belief is that "Our success stems from our customers' success" and embraces the philosophy
of "Make Your Idea Real, then My Idea Realizing!"
this resume for sadika shaikh bca studentSadikaShaikh7
I am a dedicated BCA student with a strong foundation in web technologies, including PHP and MySQL. I have hands-on experience in Java and Python, and a solid understanding of data structures. My technical skills are complemented by my ability to learn quickly and adapt to new challenges in the ever-evolving field of computer science.
Are you interested in dipping your toes in the cloud native observability waters, but as an engineer you are not sure where to get started with tracing problems through your microservices and application landscapes on Kubernetes? Then this is the session for you, where we take you on your first steps in an active open-source project that offers a buffet of languages, challenges, and opportunities for getting started with telemetry data.
The project is called openTelemetry, but before diving into the specifics, we’ll start with de-mystifying key concepts and terms such as observability, telemetry, instrumentation, cardinality, percentile to lay a foundation. After understanding the nuts and bolts of observability and distributed traces, we’ll explore the openTelemetry community; its Special Interest Groups (SIGs), repositories, and how to become not only an end-user, but possibly a contributor.We will wrap up with an overview of the components in this project, such as the Collector, the OpenTelemetry protocol (OTLP), its APIs, and its SDKs.
Attendees will leave with an understanding of key observability concepts, become grounded in distributed tracing terminology, be aware of the components of openTelemetry, and know how to take their first steps to an open-source contribution!
Key Takeaways: Open source, vendor neutral instrumentation is an exciting new reality as the industry standardizes on openTelemetry for observability. OpenTelemetry is on a mission to enable effective observability by making high-quality, portable telemetry ubiquitous. The world of observability and monitoring today has a steep learning curve and in order to achieve ubiquity, the project would benefit from growing our contributor community.
What Not to Document and Why_ (North Bay Python 2024)Margaret Fero
We’re hopefully all on board with writing documentation for our projects. However, especially with the rise of supply-chain attacks, there are some aspects of our projects that we really shouldn’t document, and should instead remediate as vulnerabilities. If we do document these aspects of a project, it may help someone compromise the project itself or our users. In this talk, you will learn why some aspects of documentation may help attackers more than users, how to recognize those aspects in your own projects, and what to do when you encounter such an issue.
These are slides as presented at North Bay Python 2024, with one minor modification to add the URL of a tweet screenshotted in the presentation.
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Erasmo Purificato
Slide of the tutorial entitled "Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Emerging Trends" held at UMAP'24: 32nd ACM Conference on User Modeling, Adaptation and Personalization (July 1, 2024 | Cagliari, Italy)
Hire a private investigator to get cell phone recordsHackersList
Learn what private investigators can legally do to obtain cell phone records and track phones, plus ethical considerations and alternatives for addressing privacy concerns.
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsMydbops
This presentation, delivered at the Postgres Bangalore (PGBLR) Meetup-2 on June 29th, 2024, dives deep into connection pooling for PostgreSQL databases. Aakash M, a PostgreSQL Tech Lead at Mydbops, explores the challenges of managing numerous connections and explains how connection pooling optimizes performance and resource utilization.
Key Takeaways:
* Understand why connection pooling is essential for high-traffic applications
* Explore various connection poolers available for PostgreSQL, including pgbouncer
* Learn the configuration options and functionalities of pgbouncer
* Discover best practices for monitoring and troubleshooting connection pooling setups
* Gain insights into real-world use cases and considerations for production environments
This presentation is ideal for:
* Database administrators (DBAs)
* Developers working with PostgreSQL
* DevOps engineers
* Anyone interested in optimizing PostgreSQL performance
Contact info@mydbops.com for PostgreSQL Managed, Consulting and Remote DBA Services
Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threatsanupriti
In the rapidly evolving landscape of blockchain technology, the advent of quantum computing poses unprecedented challenges to traditional cryptographic methods. As quantum computing capabilities advance, the vulnerabilities of current cryptographic standards become increasingly apparent.
This presentation, "Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threats," explores the intersection of blockchain technology and quantum computing. It delves into the urgent need for resilient cryptographic solutions that can withstand the computational power of quantum adversaries.
Key topics covered include:
An overview of quantum computing and its implications for blockchain security.
Current cryptographic standards and their vulnerabilities in the face of quantum threats.
Emerging post-quantum cryptographic algorithms and their applicability to blockchain systems.
Case studies and real-world implications of quantum-resistant blockchain implementations.
Strategies for integrating post-quantum cryptography into existing blockchain frameworks.
Join us as we navigate the complexities of securing blockchain networks in a quantum-enabled future. Gain insights into the latest advancements and best practices for safeguarding data integrity and privacy in the era of quantum threats.
Performance Budgets for the Real World by Tammy EvertsScyllaDB
Performance budgets have been around for more than ten years. Over those years, we’ve learned a lot about what works, what doesn’t, and what we need to improve. In this session, Tammy revisits old assumptions about performance budgets and offers some new best practices. Topics include:
• Understanding performance budgets vs. performance goals
• Aligning budgets with user experience
• Pros and cons of Core Web Vitals
• How to stay on top of your budgets to fight regressions
How Netflix Builds High Performance Applications at Global ScaleScyllaDB
We all want to build applications that are blazingly fast. We also want to scale them to users all over the world. Can the two happen together? Can users in the slowest of environments also get a fast experience? Learn how we do this at Netflix: how we understand every user's needs and preferences and build high performance applications that work for every user, every time.
4. […]
Situations like this only reinforce my deep suspicion of
developers: They're often carelessly breaking things and
then disappearing, leaving Operations to clean up the
Mess.
[…]
“The Phoenix Project”
by Gene Kim, Kevin Behr and George Spafford
8. Conway's law (1968)
organizations which design systems ... are
constrained to produce designs which are copies
of the communication structures of these
organizations
http://en.wikipedia.org/wiki/Conway%27s_law
9. Ruth Malan (2008)
if the architecture of the system and the
architecture of the organization are at odds, the
architecture of the organization wins.
The organizational divides are going to drive the
true seams in the system.
http://traceinthesand.com/blog/2008/02/13/conways-law/
11. Yup, you're gut is telling truth...
This will be another devops indoctrination
12. Yup, you're gut is telling truth...
This will be another devops indoctrination
What did you expect? ;)
13. Yup, you're gut is telling truth...
This will be another devops indoctrination
What did you expect? ;)
This presentation includes gentle product placement
14. Yup, you're gut is telling truth...
This will be another devops indoctrination
What did you expect? ;)
This presentation includes gentle product placement
15. DevOps Anti-Types & patterns
This is a copy/paste from
http://blog.matthewskelton.net/
w/my comments included
Great job Matthew! Thanks!
33. Dead sea effect
→ most talented evaporates
→ the residue
→ maintenance experts & bus factor == 1
http://brucefwebster.com/2008/04/11/the-wetware-crisis-the-dead-sea-effect/
34. → talk. often. and get along
→ take responsibility - from beginning to the end
→ continuous improvement. seriously
→ be brave. don't be silent
→ it's better to be unpolite l/German than polite
l/Englishman
41. C for Culture
A for Automation
M for Monitoring
S for Sharing
42. Automation is big for most sysadmins. We’re
inherently lazy, so the idea of pushing a button
and making programs work for us? Appealing.
Standalone Sysadmin
http://www.standalone-sysadmin.com/blog/2011/04/view-from-the-other-side/
43. → it has to be simple
→ don't reinvent the wheel. don't fabric
→ automate from very beginning
45. → repeatable tasks leads to automation
→ automation leads to consistency
46. → repeatable tasks leads to automation
→ automation leads to consistency
→ consistency reduces errors
47. → repeatable tasks leads to automation
→ automation leads to consistency
→ consistency reduces errors
→ reducing errors leads to stable environment
48. → repeatable tasks leads to automation
→ automation leads to consistency
→ consistency reduces errors
→ reducing errors leads to stable environment
→ stable environment leads to less unplanned work
49. → repeatable tasks leads to automation
→ automation leads to consistency
→ consistency reduces errors
→ reducing errors leads to stable environment
→ stable environment leads to less unplanned work
→ less unplanned work leads to focus on delivery
51. Short story of Anti-Type C
“we don't need ops”
# it's madness with paths for different users and such option as:
# sudo su
# sudo -i
# su -
# su
# that is why we add variables to two places
ENVIRONMENT_FILE = '/etc/environment'
PROFILE_FILE = '/etc/profile'
INITIAL_PATH = '/usr/local/bin:/usr/bin:/bin'
# due to sudo issues (resetting PATH by /etc/sudoers)
# we have to add PATH to /root/.profile as well
52. Short story of Anti-Type C
“we don't need ops”
# it's madness with paths for different users and such option as:
# sudo su
# sudo -i
# su -
# su
# that is why we add variables to two places
ENVIRONMENT_FILE = '/etc/environment'
PROFILE_FILE = '/etc/profile'
INITIAL_PATH = '/usr/local/bin:/usr/bin:/bin'
# due to sudo issues (resetting PATH by /etc/sudoers)
# we have to add PATH to /root/.profile as well
53. Short story of Anti-Type C
“we don't need ops”
Shells:
→ login
→ non-login
→ interactive
→ non – interactive
54. Short story of Anti-Type C
“we don't need ops”
Shells:
→ login
→ non-login
→ interactive
→ non – interactive
→ su
→ sudo su: interactive, non-login, .bashrc
→ sudo su -: interactive, login, /etc/profile;/root/.profile;/root/.bashrc
→ sudo -i: interactive, login, /root/.profile;/root/.bashrc;/root/.login
→ sudo /bin/bash: interactive, non-login, ~/.bashrc
→ sudo -s: reads $SHELL and executes it
55. Short story of Anti-Type C
“we don't need ops”
Shells:
→ login
→ non-login
→ interactive
→ non – interactive
→ su
→ sudo su: interactive, non-login, .bashrc
→ sudo su -: interactive, login, /etc/profile;/root/.profile;/root/.bashrc
→ sudo -i: interactive, login, /root/.profile;/root/.bashrc;/root/.login
→ sudo /bin/bash: interactive, non-login, ~/.bashrc
→ sudo -s: reads $SHELL and executes it
56. Short story of Anti-Type C
“we don't need ops”
Shells:
→ login
→ non-login
→ interactive
→ non – interactive
→ su
→ sudo su: interactive, non-login, .bashrc
→ sudo su -: interactive, login, /etc/profile;/root/.profile;/root/.bashrc
→ sudo -i: interactive, login, /root/.profile;/root/.bashrc;/root/.login
→ sudo /bin/bash: interactive, non-login, ~/.bashrc
→ sudo -s: reads $SHELL and executes it
57. Short story of Anti-Type C
“we don't need ops”
Shells:
→ login
→ non-login
→ interactive
→ non – interactive
→ su
→ sudo su: interactive, non-login, .bashrc
→ sudo su -: interactive, login, /etc/profile;/root/.profile;/root/.bashrc
→ sudo -i: interactive, login, /root/.profile;/root/.bashrc;/root/.login
→ sudo /bin/bash: interactive, non-login, ~/.bashrc
→ sudo -s: reads $SHELL and executes it
58. Short story of Anti-Type C
“we don't need ops”
Shells:
→ login
→ non-login
→ interactive
→ non – interactive
→ su
→ sudo su: interactive, non-login, .bashrc
→ sudo su -: interactive, login, /etc/profile;/root/.profile;/root/.bashrc
→ sudo -i: interactive, login, /root/.profile;/root/.bashrc;/root/.login
→ sudo /bin/bash: interactive, non-login, ~/.bashrc
→ sudo -s: reads $SHELL and executes it
59. Short story of Anti-Type C
“we don't need ops”
Shells:
→ login
→ non-login
→ interactive
→ non – interactive
→ su
→ sudo su: interactive, non-login, .bashrc
→ sudo su -: interactive, login, /etc/profile;/root/.profile;/root/.bashrc
→ sudo -i: interactive, login, /root/.profile;/root/.bashrc;/root/.login
→ sudo /bin/bash: interactive, non-login, ~/.bashrc
→ sudo -s: reads $SHELL and executes it
74. → flat learning curve
→ doesn't required additional resources
→ fit for maintenance jobs / procedures
75. → flat learning curve
→ doesn't required additional resources
→ fit for maintenance jobs / procedures
→ great for any containers as non-daemon
76. → flat learning curve
→ doesn't required additional resources
→ fit for maintenance jobs / procedures
→ great for any containers as non-daemon
→ deals with “deployment specs”
77. → flat learning curve
→ doesn't required additional resources
→ fit for maintenance jobs / procedures
→ great for any containers as non-daemon
→ deals with “deployment specs”
→ might be easily adopted as universal language
84. What if...
→ ./configure && make && make install → .zip
→ Dev & Ops have 2 different build & installation methods?
Plz..
→ pkg repos (or Nexus)
→ use fpm for creating pkgs if needed (demo)
85. C for Culture
A for Automation
M for Monitoring
S for Sharing
87. → make developers create monitoring
→ find yourself between RRD and InfluxDB
→ will product team be able to query your monitoring DB?
→ Etsy case (Ganglia / Graphite)
88. → make developers create monitoring
→ find yourself between RRD and InfluxDB
→ will product team be able to query your monitoring DB?
→ Etsy case (Ganglia / Graphite)
89. → make developers create monitoring
→ find yourself between RRD and InfluxDB
→ will product team be able to query your monitoring DB?
→ Etsy case (Ganglia / Graphite)
90. → make developers create monitoring
→ find yourself between RRD and InfluxDB
→ will product team be able to query your monitoring DB?
→ Etsy case (Ganglia / Graphite)
91. C for Culture
A for Automation
M for Monitoring
S for Sharing
92. → learn on OPS mistakes
→ Major Incident Reports – source of improvement
→ Learn developers about change management
→ Make CM an easy process. Use simple tools.
93. → learn on OPS mistakes
→ Major Incident Reports – source of improvement
→ Learn developers about change management
→ Make CM an easy process. Use simple tools.
94. → learn on OPS mistakes
→ Major Incident Reports – source of improvement
→ Learn developers about change management
→ Make CM an easy process. Use simple tools.
95. → learn on OPS mistakes
→ Major Incident Reports – source of improvement
→ Learn developers about change management
→ Make CM an easy process. Use simple tools.
102. What about DNS?
→ BIND roxx (views etc)
→ KISS: maybe decentralized w/Ansible?
103. view "internal-view" {
match-clients { internal; };
recursion yes;
zone "lasyk.info" IN {
type master;
file "internal.lasyk.info.conf";
allow-transfer { any; }
};
view "external-view" {
match-clients { any; };
recursion no;
zone "lasyk.info" IN {
type master;
file "external.lasyk.info.conf";
allow-transfer { none; };
};
104. view "internal-view" {
match-clients { internal; };
recursion yes;
zone "lasyk.info" IN {
type master;
file "internal.lasyk.info.conf";
allow-transfer { any; }
};
view "external-view" {
match-clients { any; };
recursion no;
zone "lasyk.info" IN {
type master;
file "external.lasyk.info.conf";
allow-transfer { none; };
};
106. Linux Containers = namespaces + cgroups + storage
Linux containers equation
107. Control Groups provide a mechanism for
aggregating/partitioning sets of tasks, and
all their future children, into hierarchical groups
with specialized behavior
control groups (cgroups)
108. →grouping processes
→allocating resources to particular groups
→memory
→network
→CPU
→storage bandwidth (I/O throttling)
→device whitelisting
control groups (cgroups)
109. →grouping processes
→allocating resources to particular groups
→memory
→network
→CPU
→storage bandwidth (I/O throttling)
→device whitelisting
control groups (cgroups)
110. →grouping processes
→allocating resources to particular groups
→memory
→network
→CPU
→storage bandwidth (I/O throttling)
→device whitelisting
control groups (cgroups)
111. →grouping processes
→allocating resources to particular groups
→memory
→network
→CPU
→storage bandwidth (I/O throttling)
→device whitelisting
control groups (cgroups)
112. →grouping processes
→allocating resources to particular groups
→memory
→network
→CPU
→storage bandwidth (I/O throttling)
→device whitelisting
control groups (cgroups)
113. →grouping processes
→allocating resources to particular groups
→memory
→network
→CPU
→storage bandwidth (I/O throttling)
→device whitelisting
control groups (cgroups)
114. →grouping processes
→allocating resources to particular groups
→memory
→network
→CPU
→storage bandwidth (I/O throttling)
→device whitelisting
control groups (cgroups)
124. → hell fast (you'll see)
→ page cache sharing
→ finally in upstream kernel (in rhel from 7.2)
→ finally supported by docker (-s overlay)
→ SELinux not there yet (but will be)
OverlayFS
125. → hell fast (you'll see)
→ page cache sharing
→ finally in upstream kernel (in rhel from 7.2)
→ finally supported by docker (-s overlay)
→ SELinux not there yet (but will be)
OverlayFS
126. → hell fast (you'll see)
→ page cache sharing
→ finally in upstream kernel (in rhel from 7.2)
→ finally supported by docker (-s overlay)
→ SELinux not there yet (but will be)
OverlayFS
127. → hell fast (you'll see)
→ page cache sharing
→ finally in upstream kernel (in rhel from 7.2)
→ finally supported by docker (-s overlay)
→ SELinux not there yet (but will be)
OverlayFS
128. → hell fast (you'll see)
→ page cache sharing
→ finally in upstream kernel (in rhel from 7.2)
→ finally supported by docker (-s overlay)
→ SELinux not there yet (but will be)
OverlayFS
143. Who knows FHS?
→ 'temp' – what it consist?
→ actually: “This Entity Must Persist” ;)
144. Who knows FHS?
→ 'temp' – what it consist?
→ actually: “This Entity Must Persist” ;)
→ Define your FHS!
145. Mikado Method for the win!
→ set a goal
→ experiment
→ visualize
→ rollback
146. Mikado Method for the win!
→ set a goal
→ experiment
→ visualize
→ rollback
147. Mikado Method for the win!
→ set a goal
→ experiment
→ visualize
→ rollback
148. Mikado Method for the win!
→ set a goal
→ experiment
→ visualize
→ rollback
149. Mikado Method for the win!
→ before any work and rollbacks..
→ remember: monitoring & tests are your friends!
→ think about testing strategy – think heatmaps!
150. Ansible & infra layers
Layer 1: bare metal,
Layer 2: VM
Layer 3: container
Networking
Hypervisor + VM provisioning
Storage
Networking
Container's engine & provisioning
Application build
Application env
Network interfaces
Storage mounts
Resources allocation
repo1
repo2
repo3
Much simpler w/one, flat network (for small envs)!
151. Ansible & infra layers
Layer 1: bare metal,
Layer 2: VM
Layer 3: container
Networking
Hypervisor + VM provisioning
Storage
Networking
Container's engine & provisioning
Application build
Application env
Network interfaces
Storage mounts
Resources allocation
repo1
repo2
repo3
Much simpler w/one, flat network (for small envs)!
repo2
Layer 2: VM
Networking
Container's engine & provisioning
repo2
152. Ansible & infra layers
Layer 1: bare metal,
Layer 2: VM
Layer 3: container
Networking
Hypervisor + VM provisioning
Storage
Networking
Container's engine & provisioning
Application build
Application env
Network interfaces
Storage mounts
Resources allocation
repo1
repo2
repo3
Much simpler w/one, flat network (for small envs)!
repo2
Layer 2: VM
Networking
Container's engine & provisioning
repo2
Network interfaces
Storage mounts
repo2
153. Ansible & infra layers
Layer 1: bare metal,
Layer 2: VM
Layer 3: container
Networking
Hypervisor + VM provisioning
Storage
Networking
Container's engine & provisioning
Application build
Application env
Network interfaces
Storage mounts
Resources allocation
repo1
repo2
repo3
Much simpler w/one, flat network (for small envs)!
repo2
Layer 2: VM
Networking
Container's engine & provisioning
repo2
Network interfaces
Storage mounts
repo2
Layer 3: container
Application build
Application env
repo3
155. Ansible & infra layers
Layer 1: bare metal,
Layer 2: VM
Layer 3: container
Networking
Hypervisor + VM provisioning
Storage
Networking
Container's engine & provisioning
Application build
Application env
Network interfaces
Storage mounts
Resources allocation
repo1
repo2
repo3
Much simpler w/one, flat network (for small envs)!
156. → automated service discovery and registration framework
→ ideal for SOA architectures
→ ideal for continuous integration & delivery
→ solves “works on my machine” problem
SmartStack
157. → automated service discovery and registration framework
→ ideal for SOA architectures
→ ideal for continuous integration & delivery
→ solves “works on my machine” problem
SmartStack
haproxy + nerve + synapse + zookeper = smartstack
158. Synapse
→ discovery service (via zookeeper or etcd)
→ installed on every node
→ writes haproxy configuration
→ application doesn't have to be aware of this
→ works same on bare / VM / docker
→ https://github.com/airbnb/nerve
SmartStack