PuppetConf 2016: Avoiding Toxic Technical Debt Derivatives – R. Tyler Croy, CloudBees, Inc.

•

0 j'aime•382 vues

Puppet

Technologie

Avoiding Toxic
Tech Debt
Sad Stories By
R Tyler Croy

You will need
independent
infrastructure

Managing secrets
- Certificates
- Signing keys
- API keys / tokens

Access Control
- GitHub Organization
- LDAP
- Artifactory
- Jenkins Matrix Authorization
- SSH keys

Service balkanization
- Virtual machines
- Jails/chroot
- Containers

Security Lifecycle
- Security advisory lists
- Automation => Easier upgrades
- Don't be dumb

"Automating this is hard"
- Difficult services
- Custom packaging
- Monitoring

Incident response
- Application problems
- Resource exhaustion
- Cache issues
- Insufficient file descriptors
- Log rotation

Derployment
- Document deployment processes
- Continuous delivery saves time

Contenu connexe

Tendances

Kali linux and some features [view in Full screen mode]

abdou Bahassou

DevOps is increasingly blending the work of both application and network security professionals. In a quest to move faster, organisations can end up creating security vulnerabilities using the tools and products meant to protect them. What happens when these tools are used insecurely or - even worse - they are just insecure? Technologies discussed will encompass AWS, Puppet, Hudson/Jenkins, Vagrant, Docker and much, much more. Everything from common misconfigurations to remote code execution.

DevOoops (Increase awareness around DevOps infra security) - VoxxedDays Ticin...

Gianluca Varisco

Malware forensics

Sameera Amjad

Bz backtrack.usage

djenoalbania

Hack Attack! An Introduction to Penetration Testing

Steve Phillips

DevSecCon Singapore 2018 - System call auditing made effective with machine l...

DevSecCon

Anatomy of a Cloud Hack

NotSoSecure Global Services

ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...

DynamicInfraDays

Icinga Web 2 is more - Module magic at Icinga Camp San Francisco

Icinga

Slides from a talk given at DevSecCon on 206h October 2016 http://www.devseccon.com/blog/session/automating-owasp-zap/ The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular and best maintained free security tools. In this workshop you will learn how to automate security tests using ZAP. These tests can then be included in your continuous integration / delivery pipeline. Simon will cover the range of integration options available and then walk you through automating ZAP against a test application. The ZAP UI will be used to explain the concepts and python scripting used to drive ZAP via its API – this can then also be used to drive ZAP in daemon mode. This workshop is aimed at anyone interested in automating ZAP for security testing, including developers, functional testers (QA) and security/pentesters.

Automating OWASP ZAP - DevCSecCon talk

Simon Bennetts

せめてログサーバの稟議を通す方法

歩奥山

Packet Capture on AWS. Simple explanation of why security people like to capture packets, how it can be done, potential architectures, and a POC using a WatchGuard Firebox Cloud, the CLI, a bucket, bucket policy, etc. and a lambda function to show that packet capture is possible. Next steps for an actual production solution. Caveat: these slides were written in about one hour. Please refer to the paper for details.

Packet Capture on AWS

Teri Radichel

Dokku your own heroku 21

Amoniac OÜ

Dokku - your own heroku

Aleksandr Simonov

Icinga 2010 at Nagios Workshop

Icinga

Tendances (15)

Kali linux and some features [view in Full screen mode]

DevOoops (Increase awareness around DevOps infra security) - VoxxedDays Ticin...

Malware forensics

Bz backtrack.usage

Hack Attack! An Introduction to Penetration Testing

DevSecCon Singapore 2018 - System call auditing made effective with machine l...

Anatomy of a Cloud Hack

ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...

Icinga Web 2 is more - Module magic at Icinga Camp San Francisco

Automating OWASP ZAP - DevCSecCon talk

せめてログサーバの稟議を通す方法

Packet Capture on AWS

Dokku your own heroku 21

Dokku - your own heroku

Icinga 2010 at Nagios Workshop

Similaire à PuppetConf 2016: Avoiding Toxic Technical Debt Derivatives – R. Tyler Croy, CloudBees, Inc.

Log data contains some of the most valuable raw information you can gather and analyze about your infrastructure and applications. Amid the mess of confusing lines of seemingly random text can be hints about performance, security, flaws in code, user access patterns, and other operational data. Without the proper tools, finding insights in these logs can be like searching for a hay-colored needle in a haystack. In this session you learn what practices and patterns you can easily implement that can help you better understand your log files. You see how you can customize web logs to add more information to them, how to digest logs from around your infrastructure, and how to analyze your log files in near real time.

(WEB301) Operational Web Log Analysis | AWS re:Invent 2014

Amazon Web Services

Securitytools

Richmond Adebiaye

На протяжении многих лет исследования безопасности мобильных приложений показывают, что безопасности мобильные разработчики отдают достаточно мало времени, в связи с чем мы имеем в маркете множество приложений с различными уязвимостями. Попытаемся изменить сложившуюся ситуацию и для этого в докладе рассмотрим, что необходимо знать о безопасности мобильному разработчику. Модель безопасности Android, ключевые уязвимости и способы защиты от них.

Security in Android Applications / Александр Смирнов (RedMadRobot)

Ontico

Advance java session 19

Smita B Kumar

Lares from LOW to PWNED

Chris Gates

How to slice your monolithic webapp using MicroApps architecture

Yonatan Maman

Your data is much safer at home than it is letting some corporation "take care of it" for you, right? Security reviews for some of the top vendors' devices reveal many interesting findings. Like everything else, there are bugs. But knowing what kinds of bugs and how the vendors have responded will allow you to better understand the impact of plugging these devices into your network. Jeremy will show you just how low access control and least privilege are their list of priorities. He'll also explore the amount of test collateral and debug interfaces sloppily left shipping to consumers. From remote roots to stealing social network tokens to just plain weird stuff, he'll expand on how it's not just about what they do, but also what they don't do. And, he'll give you some useful guidelines on how to close the gaps yourself.

Cloud Device Insecurity

Jeremy Brown

"This workshop is for pentesters, security researchers or someone looking to get into IoT security but is reluctant due to the wide range of technologies involved and plethora of different tools. While it does require a considerable amount of knowledge in the domain, it is not as difficult as you may think. In this workshop we will introduce you to some of the important concepts and EXPLIoT framework in a very simple way that can be used for the various IoT attack vectors. The primary focus of this workshop is to introduce the attendees to the open source IoT Security Testing and Exploitation Framework - EXPLIoT (https://gitlab.com/expliot_framework/expliot) and enable them to use as well as extend it by writing plugins for new IoT based exploits and analysis test cases. It’s a flexible and extendable framework that would help the security community in writing quick IoT test cases and exploits. The objectives of the framework are: 1. Easy to use 2. Extendable 3. Support for hardware, radio and IoT protocol analysis EXPLIoT currently supports the following protocols which can be utilized for writing new plugins/exploits: 1. Radio – BLE , Zigbee 2. Network – MQTT, CoAP, DICOM, MODBUS, MDNS, NMAP, TCP, UDP 3. Hardware – CAN, SPI, I2C, UART, JTAG This talk would give attendees a first-hand view of the functionality, how to use it and how to write plugins to extend the framework."

Hacking IoT with EXPLIoT Framework

Priyanka Aash

DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...

Fedir RYKHTIK

Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design

jonmccoy

OpenStack Security Project

Travis McPeak

The recorded version of 'Best Of The World Webcast Series' [Webinar] where Jacob Holcomb speaks on 'RIoT (Raiding Internet of Things)' is available on CISOPlatform. Best Of The World Webcast Series are webinars where breakthrough/original security researchers showcase their study, to offer the CISO/security experts the best insights in information security. For more signup(it's free): www.cisoplatform.com

RIoT (Raiding Internet of Things) by Jacob Holcomb

Priyanka Aash

This talk will demonstrate the importance and value for Managed Service Providers (MSPs) and cloud providers of building their business models around the management of containers. It will also explore the various container technologies being used today and why one might be utilized over another. The object is not to give a technical discussion on the subject, but rather to cover the benefits of Linux containers and how their use can be incorporated into strategies for future business planning and development.

Why Managed Service Providers Should Embrace Container Technology

Sagi Brody

Continuous Delivery helps to keep your software and Docker images updated and deploy new versions in production easily. Microservices are great at reducing the attack vector and limiting the privileges or credentials access of each piece of your application. Containers provide an opportunity to implement better security, small, immutable, single process and purpose. In this session, we will discover real use case examples on how to make your CI/CD pipeline interact with Docker security tools. But security doesn’t stop where your deployment pipeline ends. How can we prepare for 0-days and policy violations that happen at run-time? Can we make it part of the CI/CD process?

CI / CD / CS - Continuous Security in Kubernetes

Sysdig

How we build Vox

Tatsuhiko Miyagawa

Encrypting data at rest is a must-have for any modern SaaS company. And if you run your software stack on Linux, LUKS/dm-crypt [1] is the usual go-to solution. However, as the storage becomes faster, the IO latency, introduced by dm-crypt becomes rather noticeable, especially on IO intensive workloads. At first glance it may seem natural, because data encryption is considered an expensive operation. But most modern hardware (specifically x86 and arm64) platforms have hardware optimisations to make encryption fast and less CPU intensive. Nevertheless, even on such hardware transparent disk encryption performs quite poorly.

stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin

NETWAYS

Linux Desktop Automation

Rui Lapa

Threat hunting on the wire

InfoSec Addicts

Netconf for Peering Automation by Tom Paseka [APRICOT 2015]

APNIC

APRICOT 2015 - NetConf for Peering Automation

Tom Paseka

Similaire à PuppetConf 2016: Avoiding Toxic Technical Debt Derivatives – R. Tyler Croy, CloudBees, Inc. (20)

(WEB301) Operational Web Log Analysis | AWS re:Invent 2014

Securitytools

Security in Android Applications / Александр Смирнов (RedMadRobot)

Advance java session 19

Lares from LOW to PWNED

How to slice your monolithic webapp using MicroApps architecture

Cloud Device Insecurity

Hacking IoT with EXPLIoT Framework

DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...

Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design

OpenStack Security Project

RIoT (Raiding Internet of Things) by Jacob Holcomb

Why Managed Service Providers Should Embrace Container Technology

CI / CD / CS - Continuous Security in Kubernetes

How we build Vox

stackconf 2020 | Speeding up Linux disk encryption by Ignat Korchagin

Linux Desktop Automation

Threat hunting on the wire

Netconf for Peering Automation by Tom Paseka [APRICOT 2015]

APRICOT 2015 - NetConf for Peering Automation

Plus de Puppet

Puppet camp2021 testing modules and controlrepo

Puppet

Puppetcamp r10kyaml

Puppet

2021 04-15 operational verification (with notes)

Puppet

Puppet camp vscode

Puppet

Modules of the twenties

Puppet

Applying Roles and Profiles method to compliance code

Puppet

KGI compliance as-code approach

Puppet

Enforce compliance policy with model-driven automation

Puppet

Keynote: Puppet camp compliance

Puppet

As the leading IT Service Management and IT Operations Management platform in the marketplace, ServiceNow is used by many organizations to address everything from self service IT requests to Change, Incident and Problem Management. The strength of the platform is in the workflows and processes that are built around the shared data model, represented in the CMDB. This provides the ‘single source of truth’ for the organization. Puppet Enterprise is a leading automation platform focused on the IT Configuration Management and Compliance space. Puppet Enterprise has a unique perspective on the state of systems being managed, constantly being updated and kept accurate as part of the regular Puppet operation. Puppet Enterprise is the automation engine ensuring that the environment stays consistent and in compliance. In this webinar, we will explore how to maximize the value of both solutions, with Puppet Enterprise automating the actions required to drive a change, and ServiceNow governing the process around that change, from definition to approval. We will introduce and demonstrate several published integration points between the two solutions, in the areas of Self-Service Infrastructure, Enriched Change Management and Automated Incident Registration.

Automating it management with Puppet + ServiceNow

Puppet

Puppet: The best way to harden Windows

Puppet

Does your company struggle with patching systems? If so, you’re not alone — most organizations have attempted to solve this issue by cobbling together multiple tools, processes, and different teams, which can make an already complicated issue worse. Puppet helps keep hosts healthy, secure and compliant by replacing time-consuming and error prone patching processes with Puppet’s automated patching solution. Join this webinar to learn how to do the following with Puppet: Eliminate manual patching processes with pre-built patching automation for Windows and Linux systems. Gain visibility into patching status across your estate regardless of OS with new patching solution from the PE console. Ensure your systems are compliant and patched in a healthy state How Puppet Enterprise makes patch management easy across your Windows and Linux operating systems. Presented by: Margaret Lee, Product Manager, Puppet, and Ajay Sridhar, Sr. Sales Engineer, Puppet.

Simplified Patch Management with Puppet - Oct. 2020

Puppet

Accelerating azure adoption with puppet

Puppet

Puppet catalog Diff; Raphael Pinson

Puppet

ServiceNow and Puppet- better together, Kevin Reeuwijk

Puppet

Take control of your dev ops dumping ground

Puppet

100% Puppet Cloud Deployment of Legacy Software

Puppet

Puppet User Group

Puppet

Continuous Compliance and DevSecOps

Puppet

The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy

Puppet

Plus de Puppet (20)

Puppet camp2021 testing modules and controlrepo

Puppetcamp r10kyaml

2021 04-15 operational verification (with notes)

Puppet camp vscode

Modules of the twenties

Applying Roles and Profiles method to compliance code

KGI compliance as-code approach

Enforce compliance policy with model-driven automation

Keynote: Puppet camp compliance

Automating it management with Puppet + ServiceNow

Puppet: The best way to harden Windows

Simplified Patch Management with Puppet - Oct. 2020

Accelerating azure adoption with puppet

Puppet catalog Diff; Raphael Pinson

ServiceNow and Puppet- better together, Kevin Reeuwijk

Take control of your dev ops dumping ground

100% Puppet Cloud Deployment of Legacy Software

Puppet User Group

Continuous Compliance and DevSecOps

The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy

Dernier

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

Real Time Object Detection Using Open CV

Khem

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Histor y of HAM Radio presentation slide

vu2urc

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Dernier (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Powerful Google developer tools for immediate impact! (2023-24 C)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Axa Assurance Maroc - Insurer Innovation Award 2024

Finology Group – Insurtech Innovation Award 2024

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Boost Fertility New Invention Ups Success Rates.pdf

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Real Time Object Detection Using Open CV

How to Troubleshoot Apps for the Modern Connected Worker

GenAI Risks & Security Meetup 01052024.pdf

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Histor y of HAM Radio presentation slide

Handwritten Text Recognition for manuscripts and early printed texts

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Exploring the Future Potential of AI-Enabled Smartphone Processors

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Strategies for Landing an Oracle DBA Job as a Fresher

PuppetConf 2016: Avoiding Toxic Technical Debt Derivatives – R. Tyler Croy, CloudBees, Inc.

1. Avoiding Toxic Tech Debt Sad Stories By R Tyler Croy

3. Welcome to the future

4. Welcome to the future

5. You're an ops now

6. You will need independent infrastructure

7. Choosing tools

8. Choosing tools

9. Tech debt

10. Tech debt

11. Tech debt

12. Automation

13. Automation

14. Automation

15. Security

16. Managing secrets

17. Managing secrets - Certificates - Signing keys - API keys / tokens

18. Managing secrets - Certificates - Signing keys - API keys / tokens

19. Access control

20. Access Control - GitHub Organization - LDAP - Artifactory - Jenkins Matrix Authorization - SSH keys

21. Access Control - *GitHub Organization* - LDAP - Artifactory - Jenkins Matrix Authorization - SSH keys

22. Access Control - GitHub Organization - *LDAP* - Artifactory - Jenkins Matrix Authorization - SSH keys

23. Access Control - GitHub Organization - LDAP - *Artifactory* - Jenkins Matrix Authorization - SSH keys

24. Access Control - GitHub Organization - LDAP - Artifactory - *Jenkins Matrix Authorization* - SSH keys

25. Access Control - GitHub Organization - LDAP - Artifactory - Jenkins Matrix Authorization - *SSH keys*

26. Service balkanization

27. Service balkanization - Virtual machines - Jails/chroot - Containers

28. Service balkanization - *Virtual machines* - Jails/chroot - Containers

29. Service balkanization - Virtual machines - *Jails/chroot* - Containers

30. Service balkanization - Virtual machines - Jails/chroot - *Containers*

31. Security Lifecycle

32. Security Lifecycle - Security advisory lists - Automation => Easier upgrades - Don't be dumb

33. Security Lifecycle - *Security advisory lists* - Automation => Easier upgrades - Don't be dumb

34. Security Lifecycle - Security advisory lists - *Automation => Easier upgrades* - Don't be dumb

35. Security Lifecycle - Security advisory lists - Automation => Easier upgrades - *Don't be dumb*

36. Security

37. Security

38.

39. Manual work

40. "Automating this is hard"

41. "Automating this is hard" - Difficult services - Custom packaging - Monitoring

42. "Automating this is hard" - *Difficult services* - Custom packaging - Monitoring

43. "Automating this is hard" - Difficult services - *Custom packaging* - Monitoring

44. "Automating this is hard" - Difficult services - Custom packaging - *Monitoring*

45. Incident response

46. Incident response - Application problems - Resource exhaustion - Cache issues - Insufficient file descriptors - Log rotation

47. Incident response - *Application problems* - Resource exhaustion - Cache issues - Insufficient file descriptors - Log rotation

48. Incident response - Application problems - *Resource exhaustion* - Cache issues - Insufficient file descriptors - Log rotation

49. Incident response - Application problems - Resource exhaustion - *Cache issues* - Insufficient file descriptors - Log rotation

50. Incident response - Application problems - Resource exhaustion - Cache issues - *Insufficient file descriptors* - Log rotation

51. Incident response - Application problems - Resource exhaustion - Cache issues - Insufficient file descriptors - *Log rotation*

52. Laziness

53. Laziness

54. Manual work

55. Manual work

56.

57. Derployment

58. Derployment - Document deployment processes - Continuous delivery saves time

59. Derployment - *Document deployment processes* - Continuous delivery saves time

60. Derployment - Document deployment processes - *Continuous delivery saves time*

61. Derployment

62. Good luck

63. Good luck

64. Go automate

PuppetConf 2016: Avoiding Toxic Technical Debt Derivatives – R. Tyler Croy, CloudBees, Inc.

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (15)

Similaire à PuppetConf 2016: Avoiding Toxic Technical Debt Derivatives – R. Tyler Croy, CloudBees, Inc.

Similaire à PuppetConf 2016: Avoiding Toxic Technical Debt Derivatives – R. Tyler Croy, CloudBees, Inc. (20)

Plus de Puppet

Plus de Puppet (20)

Dernier

Dernier (20)

PuppetConf 2016: Avoiding Toxic Technical Debt Derivatives – R. Tyler Croy, CloudBees, Inc.