ConFoo Montreal - Approaches for application request throttling

1. The document discusses real-time programming in Java, including an overview of real-time systems, real-time operating systems, and challenges in real-time programming. 2. It describes the Real-Time Specification for Java (RTSJ), which aims to make Java suitable for real-time applications by adding features like priority-based scheduling, memory areas, and asynchronous event handling. 3. The document also discusses real-time garbage collection techniques and limitations, and the future of real-time Java with standards like RTSJ and Safety-Critical Java.

Android applications are an interesting target for reverse engineering. They are written in Java, which is tradi- tionally good to decompile and are executed by Google’s custom Java virtual machine, making them interesting to study. In this paper we present the basic methods and approaches as well as the necessary tools to reverse engineer Android applications. We discuss how to change Android applications and show alternative approaches including man-in-the-middle attacks and automation.

Android is a Linux-based architecture. In addition to the original Linux driver, Android need other additional device driver, like Android Logger, Binder, Low Memory killer, Power Management for android(wakelock), ASHMEM, etc out of which ashmem ,logger and binder are all character device drivers.

Ruby threads are limited due to the Global Interpreter Lock. Therefore, the best way to do parallel computing with Ruby is to use multiple processes but how do you get these processes to communicate? This session will provide some strategies for handling multi-process communication in Ruby, with a focus on the use of TupleSpaces. A TupleSpace provides a repository of tuples that can be accessed concurrently to implement a Blackboard system. Ruby ships with a built-in implementation of a TupleSpace with the Rinda library. During the session, Luc will demonstrate how to use Rinda and will highlight other libraries/projects that facilitate interprocess communication and parallel computing in Ruby.

Binder is what differentiates Android from Linux, it is most important internal building block of Android, it is a subject every Android programmer should be familiar with

With growth in app market it is essential to guard our android apps against possible threats, in this presentation we will walk through various tools and techniques which some one can use to reverse engineer an android app, we will see how some one can get access to APP DB, CODE, API, PREFERENCES. We will also see different tools and techniques to guard our app against possible threats from code obfuscation with tools like dexgaurd to newer methods like verification of api calls using google play services. This session was taken in Barcamp 13 bangalore http://barcampbangalore.org/bcb/bcb13/reverse-engineering-an-android-app-securing-your-android-apps-against-attacks and bangalore android user group meetup Jan meetup http://www.meetup.com/blrdroid/events/100360682/

Slides of my Perl 6 DBDI (database interface) talk at YAPC::EU in August 2010. Please also see the fun screencast that includes a live demo of perl6 using a perl5 DBI driver: http://timbunce.blip.tv/file/3973550/

This document summarizes a presentation on reverse engineering obfuscated Android applications. It discusses reverse engineering techniques like static and dynamic analysis. It covers analyzing the Android application package (APK) file format and tools like apktool, smali, baksmali, and dex2jar. Common obfuscation techniques like string encryption, call hiding using reflection, and native code are also summarized. The document concludes by recommending further reading on tools and the arms race between attackers and defenders applying obfuscation.

Here you will learn - What is Multithreading What is concurrency Process Vs Thread  Improvements and issues with concurrency Limits of concurrency gains Concurrency issues Threads pools with the Executor Framework AsyncTask and the UI Thread Code

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1SJ7PSV. Alex Blewitt talks about Swift, the open source released in December 2015 and available on Linux as well as OSX and iOS. He looks at the open-source project, how applications and libraries can be built for both platforms, the differences between the different builds and how Swift works under the hood. Filmed at qconlondon.com. Alex Blewitt has over 20 years of experience in Objective-C and has been using Apple frameworks since NeXTSTEP 3.0. He currently works for a financial company in London and writes for the online technology news site InfoQ, as well as other books for Packt Publishing. He also has a number of apps on the App Store through Bandlem Limited.

The .NET Garbage Collector (GC) is really cool. It helps providing our applications with virtually unlimited memory, so we can focus on writing code instead of manually freeing up memory. But how does .NET manage that memory? What are hidden allocations? Are strings evil? It still matters to understand when and where memory is allocated. In this talk, we’ll go over the base concepts of .NET memory management and explore how .NET helps us and how we can help .NET – making our apps better. Expect profiling, Intermediate Language (IL), ClrMD and more!

Experiments were conducted utilizing OMR technologies in Ruby MRI. OMR is an open source toolkit that implements language-agnostic parts of a managed runtime. It allows incremental development of new runtimes and consumption of advanced functionality. A preview of Ruby integrated with OMR included garbage collection, just-in-time compilation, and diagnostic tooling improvements. Further work was suggested to improve performance and remove limitations of the Ruby interpreter.

Peter Lawrey is the CEO of Chronicle Software. He has 7 years experience working as a Java developer for investment banks and trading firms. Chronicle Software helps companies migrate to high performance Java code and was involved in one of the first large Java 8 projects in production in December 2014. The company offers workshops, training, consulting and custom development services. The talk will cover reading and writing lambdas, capturing vs non-capturing lambdas, transforming imperative code to streams, mixing imperative and functional code, and taking Q&A.

We experience a growing number of mobile phones, tablets, phablets, foldables, smart TV, watches or home assistants and similar devices flooding the market almost every day. If you want to create a responsive web application with the best user experience you need dynamic adaptive content according to all relevant aspects of your device. That’s the reason for Device Description Repositories (DDR). This session provides an overview of the W3C DDR standard for Mobile Device recognition and the OpenDDR project. Followed by a live demo of extensions to Spring MVC and the Jakarta MVC standard, plus .NET using C# and VB.NET leveraging the power of OpenDDR to simplify the development of cross device web applications. All offer automatic device detection based on OpenDDR, configuration of user preferences, automatically forward to the most appropriate view for a particular device or device type. As well as device aware templates, view engines and more.

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1GHc3rO. Alex Blewitt introduces the history behind Swift, why it was created, how it differs from Objective-C and how Swift is compiled and executed under the covers. Alex goes into details about how LLVM is used, the way that memory is managed, how objects are laid out, and a prediction of the way Swift and Objective-C will evolve over time. Filmed at qconlondon.com. Dr Alex Blewitt has over 20 years of experience in Objective-C and has been using Apple frameworks since NeXTSTEP 3.0. He upgraded his NeXTstation for a TiBook when Apple released Mac OS X in 2001 and has been developing on it ever since. He is author of the recently published Swift Essentials.

Speaking from experience building a SaaS: users are insane. If you are lucky, they use your service, but in reality, they probably abuse. Crazy usage patterns resulting in more requests than expected, request bursts when users come back to the office after the weekend, and more! These all pose a potential threat to the health of our web application and may impact other users or the service as a whole. Ideally, we can apply some filtering at the front door: limit the number of requests over a given timespan, limiting bandwidth, ... In this talk, we’ll explore the simple yet complex realm of rate limiting. We’ll go over how to decide on which resources to limit, what the limits should be and where to enforce these limits – in our app, on the server, using a reverse proxy like Nginx or even an external service like CloudFlare or Azure API management. The takeaway? Know when and where to enforce rate limits so you can have both a happy application as well as happy customers.

Speaking from experience building a SaaS: users are insane. If you are lucky, they use your service, but in reality, they probably abuse. Crazy usage patterns resulting in more requests than expected, request bursts when users come back to the office after the weekend, and more! These all pose a potential threat to the health of our web application and may impact other users or the service as a whole. Ideally, we can apply some filtering at the front door: limit the number of requests over a given timespan, limiting bandwidth, ... In this talk, we’ll explore the simple yet complex realm of rate limiting. We’ll go over how to decide on which resources to limit, what the limits should be and where to enforce these limits – in our app, on the server, using a reverse proxy like Nginx or even an external service like CloudFlare or Azure API management. The takeaway? Know when and where to enforce rate limits so you can have both a happy application as well as happy customers.

Speaking from experience building MyGet.org: users are insane. If you are lucky, they use your service, but in reality, they probably abuse. Crazy usage patterns resulting in more requests than expected, request bursts when users come back to the office after the weekend, and more! These all pose a potential threat to the health of our web application and may impact other users or the service as a whole. Ideally, we can apply some filtering at the front door: limit the number of requests over a given timespan, limiting bandwidth, ... In this talk, we’ll explore the simple yet complex realm of rate limiting. We’ll go over how to decide on which resources to limit, what the limits should be and where to enforce these limits – in our app, on the server, using a reverse proxy like Nginx or even an external service like CloudFlare or Azure API management. The takeaway? Know when and where to enforce rate limits so you can have both a happy application as well as happy customers.

Speaking from experience building a SaaS: users are insane. If you are lucky, they use your service, but in reality, they probably abuse. Crazy usage patterns resulting in more requests than expected, request bursts when users come back to the office after the weekend, and more! These all pose a potential threat to the health of our web application and may impact other users or the service as a whole. Ideally, we can apply some filtering at the front door: limit the number of requests over a given timespan, limiting bandwidth, ... In this talk, we’ll explore the simple yet complex realm of rate limiting. We’ll go over how to decide on which resources to limit, what the limits should be and where to enforce these limits – in our app, on the server, using a reverse proxy like Nginx or even an external service like CloudFlare or Azure API management. The takeaway? Know when and where to enforce rate limits so you can have both a happy application as well as happy customers.

This document discusses how hackers may attempt to exploit APIs and outlines strategies for using HATEOAS to improve API security. It notes that hackers will automatically fuzz APIs using tools to find vulnerabilities. It recommends using HATEOAS to enforce state-based navigation through the API, adding tracking data to links, and having a "front door" endpoint to validate requests and limit guessable paths, reducing opportunities for exploitation. Overall, the document argues that while HATEOAS aims to help clients, naively implementing it does not improve security, and the engine of application state concept should be used thoughtfully to enforce valid request flows and detect unexpected behavior.

In the enterprise there are rarely simple solutions to highly nuanced problems that satisfy all needs. Several customers might each ask "How do I make Jira/Confluence faster?" and each require a different answer. Using this example, this talk will pick apart the inputs, outputs, concerns, and realities of answering a short question with a long answer. We'll then discuss real-world examples from our own internal instances, to give you a taste of the process we've gone through to solve our own performance problems, and to show why there is no simple playbook; "it depends" on a lot! The key takeaways are: * The importance of having a shared definition of performance * The importance of having agreed-upon priorities, including what isn't important * The importance of measuring (allthethings) and understanding them * The thing you think is the problem might not be the problem, and vice versa. * The real world and the ideal world tend to look nothing alike!

In this talk I'll look at the How, Why and What of monitoring and show you how you can use Prometheus to gain insight into your Python applications.

This document summarizes a talk on using monitoring as an entry point for collaboration. It discusses using the Prometheus monitoring system to collect metrics and expose them using exporters. Grafana is then used to visualize the metrics and create dashboards focused on business metrics like requests, errors, and durations. These metrics provide observability across teams and enable alerting when business services are impacted.

This document contains the slides from a workshop on observability presented by Kevin Crawley of Instana and Single Music. The workshop covered distributed tracing using Jaeger and Prometheus, challenges with open source monitoring tools, and advanced use cases for distributed tracing demonstrated through Single Music's experience. The agenda included labs on setting up Kubernetes and applications, monitoring metrics with Grafana and Prometheus, distributed tracing with Jaeger, and analytics use cases.

This document discusses a presentation on fraud detection application architectures using Hadoop. It provides an overview of different fraud use cases and challenges in implementing Hadoop-based solutions. Requirements for the applications include handling high volumes, velocities and varieties of data, generating real-time alerts with low latency, and performing both stream and batch processing. A high-level architecture is proposed using Hadoop, HBase, HDFS, Kafka and Spark to meet the requirements. Storage layer choices and considerations are also discussed.

The document discusses performance optimization and benchmarking for Apache web servers. It covers measuring performance metrics like requests per second, latency, and scalability. Common bottlenecks like file descriptors, memory usage, and CPU overload are examined. Next generation improvements for platforms like Linux, Solaris, and 64-bit architectures that can boost Apache performance are also reviewed.

Timely was born to visualize and analyze metric data at a scale untenable for existing solutions. We're returning to talk about what we've achieved over the past year, provide a detailed look into production architecture and discuss additional features added within the past year including alerting and support for external analytics. – Speakers – Drew Farris Chief Technologist, Booz Allen Hamilton Drew Farris is a software developer and technology consultant at Booz Allen Hamilton where he helps his client solve problems related to large scale analytics, distributed computing and machine learning. He is a member of the Apache Software Foundation and a contributing author to Manning Publications’ “Taming Text” and the Booz Allen Hamilton “Field Guide to Data Science”. Bill Oley Senior Lead Engineer, Booz Allen Hamilton Bill Oley is a senior lead software engineer at Booz Allen Hamilton where he helps his clients analyze and solve problems related to large scale data ingest, storage, retrieval, and analysis. He is particularly interested in improving visibility into large scale systems by making actionable metrics scalable and usable. He has 16 years of experience designing and developing fault-tolerant distributed systems that operate on continuous streams of data. He holds a bachelor's degree in computer science from the United States Naval Academy and a master's degree in computer science from The Johns Hopkins University. — More Information — For more information see http://www.accumulosummit.com/

Reactive programming allows for non-blocking and concurrent executions. It is designed to be more efficient by using fewer threads and less memory. This makes applications more resilient and scalable to handle high connection volumes and traffic variability. The developer experience is improved through actionable stacktraces and debugging of reactive flows.

Presented by Stephane Maldini at Reactive Enterprise with Reactor and Spring in Toronto on June 13th, 2019.

This document discusses best practices for inter-process communication in microservices architectures. It covers various options for synchronous and asynchronous communication between services including RPC, publish/subscribe, and request/response patterns. It also discusses service discovery, load balancing, serialization formats, transport protocols, failure handling techniques like circuit breakers and bulkheads, monitoring, and debugging distributed requests across microservices.

Collecting logs from the entire stateless environment is challenging parts of the application lifecycle. Correlating business logs with operating system metrics to provide insights is a crucial part of the entire organization. We will see the technical presentation on how to manage a large amount of the data in a typical environment with microservices.

Collecting logs from the entire stateless environment is challenging parts of the application lifecycle. Correlating business logs with operating system metrics to provide insights is a crucial part of the entire organization. What aspects should be considered while you design your logging solutions?

In this series of 15-minute technical flash talks you will learn directly from Amazon CloudFront engineers and their best practices on debugging caching issues, measuring performance using Real User Monitoring (RUM), and stopping malicious viewers using CloudFront and AWS WAF.

Session Presentation by Brian Kelly Microservices appear simple to build on the surface, but there's more to creating them than just launching some code running in a container. This talk outlines 10 important questions that should be answered about any new microservice before development begins on it - - and certainly before it gets deployed into production.

Presented at the BDAM meetup in Palo Alto on Sept 14th. Jags Ramnarayan, CTO, SnappyData, discusses an ad analytics use case running on SnappyData.

The C# nullability features help you minimize the likelihood of encountering that dreaded System.NullReferenceException. Nullability syntax and annotations give hints as to whether a type can be nullable or not, and better static analysis is available to catch unhandled nulls while developing your code. What's not to like? Introducing explicit nullability into an existing code bases is a Herculean effort. There's much more to it than just sprinkling some `?` and `!` throughout your code. It's not a silver bullet either: you'll still need to check non-nullable variables for null. In this talk, we'll see some techniques and approaches that worked for me, and explore how you can migrate an existing code base to use the full potential of C# nullability.