Updates on Rootconf Pune:
- Rootconf Pune will be held at YMCA Pune, 382, New Rasta Peth, Near Quarter Gate, Pune - 411011
- We have announced the first set of talks on https://hasgeek.com/rootconf/2019-pune/schedule.
- DNS deep dive workshop will be held on 22 September here: https://hasgeek.com/rootconf/2019-dns-deep-dive-workshop-pune/
Rootconf speaker Kushal Das highly recommends attending the DNS deep dive workshop: https://twitter.com/kushaldas/status/1148464949888335873
Who should attend Rootconf Pune?
- DevOps engineers
- Site Reliability Engineers (SRE)
- Security and DevSecOps professionals
- Software engineers
- Network engineers
The Pune edition will bring new ideas, new community members and novel problem-solving approaches around:
- Security, including automating security
- Network management
- Distributed systems, especially problems that Indian companies are solving
Rootconf Pune will be held on 21 September at YMCA Pune – 382, New Rasta Peth, Near Quarter Gate, Pune - 411011
To know more about Rootconf, check out the following resources:
For information about the event, tickets (bulk discounts automatically apply on 5+ and 10+ tickets) and speaking, call Rootconf on 7676332020 or write to email@example.com
The Art of Exfiltration: Digital Skimming
by Arjun BMDigital skimming is a threat which many CISOs admit, keeps them up at night. This talk is a comprehensive analysis, articulated from a rare combination of theoretical understanding and applied practical experience of this threat. The real-life hands-on operational experience the speaker has had in dealing with this threat is invaluable information. The talk is crisp, concise and purposeful - focused at providing key take-aways to the audience and equipping them with the capability to strengthen security controls within their own organization. The value of the message outweighs the time invested by the audience. INTRODUCTION TO DIGITAL SKIMMING WHAT IS A DIGITAL SKIMMING ATTACK? MODUS OPERANDI OF THE ATTACK THREAT ACTORS AND ATTACK VECTORS ANATOMY OF A DIGITAL SKIMMING ATTACK CHALLENGES IN DEALING WITH THIS ATTACK COUNTERMEASURES AND REMEDIATION STEPS CONCLUSION
T K Sourabh
eBPF: BPF kernel InfrastructureIntroduction to eBPF Tracing applications tcpdump: Beginning of BPF What is eBPF? Features Use-cases How does eBPF works? BPF syscall, maps, prog types How is BPF safe? Overview of eBPF verfier How to use eBPF? System requirements Writing eBPF program in python using BCC(BPF compiler collection) frontends, DSL etc XDP Overview XDP real life-scenario Test setup Benchmark comparison between iptables and XDP Takeaways Q&A
Implementing distributed tracing in FaaS
by Bhavin GandhiWhat is observability? - Logging and metrics - Distributed tracing About Fission - Fission function environments About Jaeger - Instrumenting applications using client libraries Architecture of demo application - Kafka as message queue Instrumenting the functions - Modifications made to the Fission’s environments - Propagating the context through Kafka Changes made to Fission Changes made to Jaeger’s Python library
Birds of Feather (BOF) session on: let's talk about fuzzing
by Huzaifa SidhpurwalaFuzz testing or Fuzzing is a Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injection in an automated fashion. Security engineers have been using fuzzing for quite some time now and it has yeilded excellent results. Google runs a full fledged project called oss-fuzz which aims to fuzz various upstream projects to find and fix security flaws in them. This BoF discusses fuzzing in general, various techniques etc, and talks about how one can get started.
Software/Site Reliability of Distributed SystemsConsider a sample application: A number that user sends an SMS text to of the form “Remind <date format> about <y>.” When it’s due, a service calls you back. User is charged for each SMS and reminders that they answer. Where all do you think this can start failing? Static Failures: Disks Network CPU Memory Behaviour Failures: Degradation Latency Freshness Correctness DDos What are the right tools and strategies to measure and monitor these failure points? What is the cost of measuring or leaving it un-measured? There are Queues in the system. How do you monitor synchronous and asynchronous architectures? The load has started to increase, but before we discuss strategies Let’s discuss CAP quickly. How do we decide if we need sharding, better CPU or Clustering? How do we add backups? Should they be asynchronous or synchronous? Criteria to consider before picking up a strategy. So far, we have been reactive about failures. How do we move to a proactive model? And Meanwhile, could you trace that request from that particular user for me? At what stage and how do we start injecting reliability as a part of the Software development process? Lastly, while all of this is said to improve and fix things, how do we prove that it does? How do you validate that MySQL replicas come back when the master dies. The only way to know is by simulating. How do we set up Simulations? A decade ago it used to be called FMEA; now it’s called Chaos Engineering. And oh, we should also discuss Site vs Software Reliability.