As Developers / Managers we almost everyday think and talk about faster / shorter Software Development cycles to increase our market presence/reach. Is there a way to measure how fast we are ?
Speaking of cycle: In Cycling a term “Cadence” is used, which simply means the speed at which you pedal. Cyclists measure this in revolutions per minute, or rpm. Similar to Cadence in Cycling, the cadence of a software team is measured by how fast and how frequent you can take your software live. Can you do this on every day, every week ? Do you have the tools for the same to Scale UP ?
While we try to improve the cadence of the team we have many challenges around Infrastructure Scaling, Test Integration, Configuration Management, Monitoring for uptime, Log Management, Security of Servers, Dev-Test-Prod setups, Maintaining single source of truth for your assets, etc… And how does these changes impact team dynamics ? If you have adopted some strategies have you noticed that your team has improved? do you need more QAs or do you need more sysadmins ? do you really need those many routers, servers or backups?
Rootconf is a conference which tries to address some of the challenges we face when we fine tune our infrastructure to be able to appropriately respond to a business need, while we Scale UP our Cloud or Web Infrastructure.
Developing a good Continuous Integration/Deployment/Testing/Delivery strategy is critical to improve the cadence of your team. Infrastructure and DevOps is an upfront investment human, time & money. The challenge always is whether you’re willing to make that investment right away, or in the future at a much higher cost and effort.
Rootconf is a conference which will help you to plan and develop a strategy map for infrastructure and devops. It will show you the building blocks for reaching a strategy for Infrastructure Scaling, Continuous Integration, Deployment and Delivery.
Rootconf is targeted at individuals, teams and companies that are seeking to scale the effectiveness of their developer teams and performance of their web stacks, thereby increase the Cadence of their software delivery.
Organizations which need a CI and CD strategy to achieve the above will find a substantial headstart in doing so, by attending Rootconf.
14th and 15th May 2014
The Energy and Research Institute,
4th Main Rd, Domlur II Stage,
16th and 17th May 2014
MLR Convention Centre,
J P Nagar 7th Phase,
Brigade Millenium campus,
For questions about submissions or the conference, write to firstname.lastname@example.org
For Rootconf 2014, we are accepting proposals for Full Talks, Crisp Talks & Flash Talks for the Conference, and proposals for hands-on 3 hour workshops on the below topics. For more information on the types of talks, please checkout the Format tab.
- Infrastructure Scaling & Automation
- Treating your infrastructure as code.
- How did you do scaling and what were your automation strategies while you were gunning for scaling.
- Continuous Integration
- Tell us how you have done it for your organization ?
- Any use case around how it impacted your development team / process.
- Reference Tools – Jenkins, Travis CI, CruiseControl, TeamCity.
- Tell us how you have done it for your organization ?
- Any use case on how you reduced your deployment time ? Did you reduce your time to market your product by Adopting CD ?
- Reference Tools – Chef, Puppet, Ansible, Salt
- Automating Testing
- How much manual can be automated ?
- How did you automate ? What tools di you use ?
- What framework(s) did you use ?
- Did you use heavy weight Selenium or Watir or Sahi?
- Tools that work across heterogeneous languages (PHP, Java, C, Mobile)
- Code Security
- Trust no one - including the developer.
- How are you testing your code ?
- Do you run vulnerability testing part of the CI ?
- Best Practices for secure coding
- Server side security
- Data at motion
- Is internet really safe, how do you protect your data. Is HTTPS alone sufficient ?
- Data at rest
- Do you need to implement standards?
- Code Security
- Log monitoring and server monitoring
- The heartbeat / lifeline of your business: tell us more about how you monitor.
- Do you use any of these tools? Graphite, Sentry, CopperEgg, Loggly, Papertrail, Splunk, Nagios, Monit, etc..
- Cloud databases:
- NoSQL Databases (DynamoDB, MongoDB, Couch)
- The good and bad of NoSQL
- Automation challenges of NoSQL
- Automatic remediation of services and servers.
- Process Protection using Service Protector, Monit
- Auto Scaling Groups
- New tools
- Do you have more tools that makes you a better DevOps Engineer ?
Talks can submitted for the following OSes:
The Little Service which wasn't there + Fun with SSH
A session in two parts.
Learn how to setup SSH as a TOR hidden service
In the first part we will
- Set up SSH
- Set up Tor
- Make SSH a TOR Hidden Service
- Connect to the SSH over TOR
Make life fun for SSH attackers
Since now we have a free port 22
- Setup Kippo
- See the logs
- Make life fun for SSH attackers
Linux Server Hardening for the Paranoid
An intermediate level full talk that will tell you how to use TOR Hidden services to truly hide your server and stay hidden from Nation States Adversaries and Hollywood Attackers who Can Kill Everyone Remotely and in Style
I gave a talk on Securing a Linux Web Server in 10 Steps or Less. That talk covered basic principles to think about when you decide to secure your server. I got great feedback for the talk and IMHO it was a nice gentle introduction for beginners.
The only problem is, that talk was incomplete. We can’t effectively talk about security without defining or discussing security against whom. Therefore if you would like to keep your machine safe from Nation State Adversaries come learn how you can do that.
This is not a workshop. There is no point in getting people to do hands-on stuff on a linux server(which is basically a training nightmare) but it would be nice for the following to happen
- Watch the talk Securing a Linux Web Server in 10 Steps or Less
- Folks attending, should have hands-on experience of the command line (BASH)
- Ideally they would have setup a server or two and also have some vague idea about what TOR is
If you can do the following, don’t attend the talk to just heckle me(unless you let me do the sam to you in your talk, then its all cool)
- Know how to setup a TOR hidden service
- Know how to setup a honeypot
- Work for any organisation that resembles a Nation State Adversary
That Web Application Security Guy @ The App Sec Lab
I run The App Sec Lab a security company that helps companies become secure. If you are confused about anything in security come and talk to me and I can help you with a roadmap on how to become secure and stay that way.
TL, DR; I am a funny with an interesting take on things in life that matter - Linux, Security, Having Fun and Teaching cool things to people while they are laughing so that they really really get it.
- Video - https://hasgeek.tv/makash/speaking-in/358-securing-a-linux-web-server-in-10-steps-or-less
- Slides - http://www.slideshare.net/akashm/securing-a-linux-web-server-in-10-steps-or-less
- Funnel - https://funnel.hasgeek.com/rootconf/329-securing-a-linux-web-server-in-10-steps-or-less
- TOR Hidden Services https://www.torproject.org/docs/tor-hidden-service
- TOR as a proxy server https://www.torproject.org/docs/proxychain.html.en
- Kippo http://code.google.com/p/kippo/