Skip to content
Presenter: Joel Byler
- Works at CoverMyMeds
- Helping patients get medication they need to live
- Work mostly in Ruby, some Elixir
- And they’re hiring
- Why learn a new language?
- The Pragmatic Programmer – Andrew Hunt and David Thomas
- Invest regularly in your knowledge portfolio
- They make an analogy to your financial portfolio
- Diversify, and have tools so can sell those skills when they are expensive
- Practice learning
- The more you practice learning, the better you are at it
- Look at problems from a different perspective
- Maybe opens up new doors, work in different field if have the chops
- Elixir
- The basics
- pipe operator
- |>
- takes the results of a function and lets you pass that as the argument to another function
- Elixir is functional language so passes functions around a lot
- function() |> function2 |> function3
- same as function3(function2(function()))
- Pattern matching is big
- in case statements and control statements, pattern matching is used
- Configuration friendly to dependency injection
- = operator is the ‘match’ operator in elixir, not assignment
- Example applications he built to learn Elixir
- Elixir script to automate opening tabs in chrome
- Call ‘open’ system command on mac.
- Elixir script to screen scrape
- A lot of built in support in Elixir
- System libraries
- Help structuring
- Elixir script to search codemash topics
- Elixir app to track attendance at church
- Custom web app to track attendance
- built app in Phoenix
- mvc framework for rails, elixir
- Deployed to heroku, a cloud platform
- Elixir app for point voting in an Agile process
- Elixir app for a time-lapse camera on rasberry pi controller with a camera
- Built on a platform called ‘nerves’
Presenter: Kevin Griffin
- Explained why this talk is named after Magic School Bus
- A skit gone wrong initially, but kept name
- Similar to show want to dive deep into something as Ms. Frizzle does
- Application Insights can help to identify
- What parts of your app are the most hit, so can focus on optimizing those
- Performance of dependencies
- CPU and memory usage
- Min/max/avg response rate
- Error tracking
- What were the options before Application Insights
- Vendors
- New Relic
- App Dynamics
- DataDog
- Stackify
- Home grown logging and performance counters
- IIS Log parsing
- Application Insights Does What?
- Cross platform
- Platforms with libraries that already exist
- .Net
- Node.js
- PHP
- Objective-C
- Python
- Ruby
- Also an api, so if platform not supported with libraries can make your own naked api calls.
- Monitors
- Request rates
- Response times
- Failures
- Tracks dependencies
- Track exceptions
- Browser statistics as well
- Unless they have ad block on
- Page views
- Ajax requests
- User and session tracking
- Performance
- CPU and memory utilization
- What does this cost?
- Depends on what you are doing and what you are monitoring
- Pricing
- Basic
- Free
- 1 G of data storage per month
- 90 days retention
- $.50 per GB Continuous Export
- Enterprise
- $15 per node
- 200 MB per node each day
- 90 days retention
- Unlimited Continuous Export
- Does my app need to run in Azure?
- No, runs off an api, just need API key
- Demo of an app using Application Insights. Woohoo
- Dashboard
- Alerts
- Can setup triggers to pop alerts for important thresholds
- Live Stream
- Users
- Smart Detections
- Availability
- App Map
- Charts
- Mouse over hour gives data for just that hour
- How to add Application Inights
- ‘Configure Application Insights’ menu in Visual Studio
- Walks you through two steps
- Need the SDK, have to install if don’t have
- Add Application Insights nuget package
- Need to create Application Insights resource in Azure
- Visual Studio will walk you through this as well
- Need api key for application insights from new resource
- TelemetryProcessor lets you interrupt telemetry collection and stop or modify processing in certain cases.
Presenter: Rob Keefer
- Example of processor concurrency
- 1 hertz – 1 ‘turn of the crank’ per second
- modern cpu’s 300 Gigahertz – 3 billion per second
- Chess player playing multiple games example
- Player looks to see if player has moved yet, if not moves on to different game
- Processor does this as well, looks at queue, if nothing happening moves to next thread.
- Dual core, similar to having two players servicing many one on one matches.
- Sharing resources means don’t get one for one throughput improvement when adding another core.
- Problems with concurrency
- starting processes
- communicating between processes
- Shared Resources
- Live version of five philosophers blocking problem
- Waiting for two chopsticks
- Deadlock as shown by Dr. Suess Zaks video
- Livelock
- Two people meeting in a hallway, keep blocking by making same moves to mitigate. Still active, so live lock
- Race Condition
- Approaches to managing resource contention
- Traditional – preventive, avoid failure
- Monitor
- Mutex
- Double lock, one to lock resource and one to make sure we are only one with the inner lock.
- Prioritization Algorithms
- Newer approaces – embrace failure
- embrace process death and ressurection
- support atomic functions (then no need to interleave operations)
Presenter: Shannon Wells
- Blockchain
- Trust
- To enable trust between two unrelated parties that want to exchange something of value
- Ledger
- Distributed
- Borderless
- Beyond any one currency or nation
- Level of transparency depends on use case of block chain
- Transaction
- Node
- Any computing device is granted access to the network
- Perform actions, mine etc….
- Network
- Peer to peer.
- All nodes agree on same rules to validate transactions
- How is a block added
- Node broadcasts block to network
- Other nodes verify, when consensus then block is finalized
- Merkle Tree is structure used for chain
- Smart Contracts are code stored in the blockchain that when run add transactions
- Can’t change once deployed
- Free to read, charge to write
- Walked through ethereum smart contract example
Presenter: Josh Wallace
- What does your security team think of devops?
- They slow you down, right?
- In my situation we have no security team, so a little different when dealing with super small team
- How do you inject dynamic analysis into your pipeline if releasing every few minutes as Amazon does
- Should you automate your processes if they are not good?
- Is automation good on its face even if perpetuating a bad practice underneath, especially from a security perspective.
- Applications tend to be tested equally, but now well
- functional testing of security requirements usually not done, if security requirements exist at all
- Do not have to apply the same level of testing and security scrutiny to all applications, level or risk should dictate how thoroughly an app is beat up.
- How do we fix the above situations? Introducing a framework for continuous security! (Crimson and Clover)
- Define our requirements during planning and pre-planning phases
- application inventory
- apps ranked by risk
- secure coding guidelines
- threat modeling
- required security controls based on risk
- All security requirement should be tested
- break the ci build so get feedback immediately
- Testable security requirements are needed
- requirements need to be written in a manner that is testable
- written in dev speak, not security speak
- train developers on security
- Automate security testing, put in pipeline
- Pipeline should be scale-able and flexible, not many
- One good pipeline with if/then logic better than one per app
- Don’t write your own crypto code, ever.
- There are plenty of good, easy to use libraries that are essentially unbreakable