DevOpsCon - The Conference for Continuous Delivery, Microservices, Docker, Clouds & Lean Business | Agile processes, microservices, continuous delivery, container and cloud technologies are essential to the current high performance IT transformation. The DevOps Conference offers you a glimpse at popular topics such as innovative infrastructure and modern lean business culture through hands-on workshops, sessions and keynotes. Join us as we enable shorter delivery cycles, faster changes of functionality and a higher software quality.
Unlock the potential of your product roadmap with DevOps. Enhance planning, streamline development, and accelerate delivery for a more efficient and agile workflow.
@@david2358 then why the backslashes? unix operating systems always use forward slashes....
8 месяцев назад
Reaching 30% of the talk and I hear her speaking about quite basic and obvious security things. And now I m reflecting on her special number 100:10:1 sort of complaining that 1 security is not enough and a daunting role to work alone with the other 10 and 100 devs. I find it a little bit pretentious, if not insulting, to assume that only her, as a security role, would only be concerned let alone be able to apply the best practices of security. Isn't it what a good developer should and probably taking into considerations in his/her everyday work?
Xi o cafezinho tava no centro de um pedido de casamento da vida da gente se fala alguma novidade sobre o cafezinho tava no centro da cidademesmo e um beijo no rosto de um pedido para mim também se eu tô
X brasil ao vivo no RU-vid de manhã e a tarde te falo ok obrigado pela atenção e o cafezinho da tarde para todos vcs estão no centro da igreja e um beijo e um pouco para todos vcs estão fazendo
I'm a bit confused as to why we should not stop continuous integration on security issues. I thought DevSecOps was about involving everyone in security. Isnt breaking the build the best way to involve devs? If the tools cause too much noise, isn't the problem with the tools? I guess it all depends on the team size. I can see in a 100:10:1 organization, you wouldn't want to stop CI on security checks. But in a 10:2:2 organization, it seems reasonable to fail builds.
The same exact case at 10:07 happens to us right now, we have around 30 versions of a service and it's nearly impossible to understand which one to use. In fact, we are stuck in a version (let's say 7) when the 12 is available but the subsequent versions have degradation of performance in some cases, or break too many things or it changes the way of querying causing a ripple effect on too many things.
binary thinking is your my friend or enemy. your a saint or a sinner. your with the facts of with fake news. in reality there the big elephant in the room that is that gray era of uncertainty. this uncertainty is where we derive our facts from but rely on hard evidence that need to be scrutinized trough uncertainty to find truth. without the fringe of ideas there will never be any hard facts but biases instead based on fight or flight friend of foe saint or sinner or fact and fake news. recreating a primitive war mentality is to think in binary. science is not fact or fiction. science is a progress of finding truth or at least agree upon things. its not truth here and lies over there. science is being demolished by binary thinking echo chambers and reinforced bias.
While this talk places a lot of emphasis on the security to go shift-left in the software development cycle, there's no major mention of protection/security of data within those applications. PII data, for example. What're the best practices to ensure security of something as sensitive as the customer's addresses, phone numbers etc?
The funny thing is, I had this problem, in principle, solved over a decade ago.. or at the very least greatly reduce version conflict issues. I even publish some ideas and library code based on those principles several years before this video was posted. But since I'm a nobody and the code was on a personal nobody server instead of some well known site, like github or wordpress, I expect few, if anyone ever took notice of my work. And since I'm not much of a self-promoter, it never not any real momentum.
It's like that about most idea. It's not that someone who has thought of an idea first got recognized, but those whom ideas became implemented into the biggest, most influential products that got remembered.
@12:49 - But you can have multiple versions of classes loaded, IF you use compartmentalized class loaders. As long as multiple versions can run side by side and not interfere with each other (e.g. they don't open a static named temp file which can't be used by more than one version, or instance, at the same time). And also as long as the libraries using different versions keep them hidden, thus incompatible sub-libraries can never directly interact by being exposed to each other.
This is great intro talk to modular monolith, which is probably the most suitable choice for the vast majority of companies out there. Microservices are great but if you have team of 30, 40 developers, it is still an overkill in most cases.
What's interesting is there is an emphasis on a safe product. This would require a 'DevSafeSecOps' process to be implemented to consider safety properties of a system and safety analysis to be carefully considered as part of an agile process, especially for a safety related product or service.
First of all, nice prez! Although, I'd like to ask a question :) I don't seem to find the answer anywhere (it gotta be somewhere, I'm still looking) Anyway, I saw there are two ways implementation of security: 1- Authentication first, you get the token, and then you make requests reroutes through the gateway 2- Everything goes through the gateway, including authentication (it's considered as another microservice) So yeah, everyone shows the 1st implementation, where 2nd is also used but not very common, and I wanna ask why? I mean, if we're in a microservices architecture, why don't I have authentication behind the gateway as well? Is it more complicated (yeah, you'd have to reroute every authorization & authentication endpoints to retrieve the token), but would that be the only reason? Doesn't make sense to me ... Any thoughts?
Documentation. Actually answer the “why” and “how” in your docs. If critical thinking is our job, then strive to provide the tools to allow people to critically think. Document why you have the dependencies you have. That way the person there while you’re on vacation have an actual source to refer to as to why things exist as they do. It blows my mind how little documentation exists in a way to do anything more than provide a basic “just do this and it works!” Example. Make your docs in a fashion that would make you understand how it was written without you having any prior knowledge. I get the demand, but even comments all throughout code can making everyone’s lives better