Presentations
This presentation will teach anyone how to use Red Hat's Free developer license to build your Home Lab with up to 16 nodes.
You'll learn how to:
- Create a Red Hat account
- Download
- Install
- Register subscriptions
- Get started with KVM virtualization on the desktop using cockpit.
- Secure your environment using Ansible
Download dependencies here: https://github.com/AbstractInfrastructure/sigstore-intro-tutorial
You’re familiar with containers and Kubernetes, but suddenly people are talking about supply chains, and you’re pretty sure they don’t mean the Suez Canal. Join Jeffrey Sica and Bob Killen for an in-depth look at the nuts, bolts, and metaphorical shipping containers that make up modern container supply chain security. They’ll demo sigstore and show how container signing automation works with Kubernetes. You’ll leave prepared to make decisions that will keep your org unstuck.
We will discuss the work we've done to bring back multi-active logical replication (MMR) in a new derivative of pgLogical. We'll also cover how we implement geosharding in support of low latency, cross-region scale-out and data residency use cases. For the latter we'll focus on enhancements we've made to ensure PII doesn't cross national or regional borders. Finally we'll show a demonstration of multi-active bidirectional replication across 3 continents and 2 clouds, showcasing low latency for database users across multiple geographies.
SMP support in the FreeRTOS Kernel enables one instance of the FreeRTOS kernel to schedule tasks across multiple identical processor cores, which can be helpful for embedded applications in areas like IoT. This session will showcase the FreeRTOS Raspberry Pi Pico port to demonstrate support for SMP in the FreeRTOS Kernel.
Orgs continue to hire for devops engineers recreating silos and fostering a "feral devops" culture where every dev and op are on their own. Mitigations include opening channels of communication, identifying gaps in training/enablement and reviewing on-call health. By listening and gathering feedback about the state of shared responsibility you can progress on your devops journey.
Microsoft is facing an existential threat in Europe. Satya Nadella decided to bet the future of Microsoft on SaaS and Cloud. Step by step, Microsoft is deprecating their on premises products and replacing them with pure cloud Software as a Service products. US Legislation like the Cloud Act and other new laws create more doubts in Europe about its dependence on US cloud services. Politicians are stepping forward and initiatives like GAIA-X propose building a federated European alternative. The term Digital Sovereignty pops up all over Europe. Open Source Software becomes political
Just a casual discussion of the Fediverse and the communities therein.
Collecting complex legislative data from hundreds of government websites isn't all sunshine & rainbows. We'll cover some of the strangest things the Open States team has encountered with scraping these sites: from awful APIs to entire government offices disappearing. Most official sources have been easy enough to find, while others have been more tricky, with at least one coming from IP address scribbled on a napkin. Since we're also an open source project, we have some struggles with things like getting helpful issue submissions and ensuring clarity around the project ecosystem.
Log4jshell, which has been considered the biggest 0 day vulnerability of this decade, is still affecting thousands of servers worldwide. If you were affected, would it have been any different if you had used eBPF? Since eBPF provides us with a unique visibility directly into any Kubernetes workload on a single shared kernel - the answer is yes. This talk will take Log4jshell as an example and show how it could have been detected and prevented in real time by using eBPF based purely open source tools. We’ll finish by showing how Security Teams can use these tools and prepare for their next CVE
Not familiar with the OWASP API Security top 10? Curious about the state-of-the-art in API security? This list of API vulnerabilities is one every developer should know. In this presentation, we’ll go over the 10 vulnerabilities using examples from real-life or sample applications. Beyond the core points of the Top Ten, we’ll also take a look at:
- How Cloud Center of Excellence teams can help an organization's infosec.
- What vulnerability chains are and how they can be prevented.
- Open source mitigation strategies and how to implement them tl;dr - secure your app logic!