Agenda
REGISTEROpening Words
DEVOPSDAYS TEL AVIV MINI-TRACK
Keynote | DataOps - Why is it so hard?! // Einat Orr
DataOps is harder than you might think. Supporting the operations of big data environments poses a challenge greater than the known application-level support due to the complexity of managing data together with the application. Why is data adding so much complexity? Well, Data is big, so all systems are now becoming distributed. Data is mutable, and it's hard to create repeatable, automated pipelines. On top of that, the technology is evolving at high speed and change management is messy. In this talk, we will dive into those challenges, explore best practices, and develop empathy for those who manage big data environments.
BREAK
COUCHBASE: Any Scale, Any Load, Always On // Lior King, Senior Solution Engineer
In this session, we’ll learn why Couchbase is an ideal data platform for modern applications, how it delivers scalability, performance, and agility, and why it is a great source of truth.
DevOpsDays Ignites
Pregnancy - Nature's CI/CD // Julia Shub
So you and your partner decide to have a child.
From this point onwards, you can treat it as a CICD project since it's basically the same.
Waste-Oriented, Hunch-Based Web Architecture // Michael Zion
The software engineering field lacks hunch-based decisions.
It's oriented towards making things right, rather than going YOLO and enjoying life.
In my talk I'm suggesting an alternate approach, where production is important, but not as much as the feelings of the person changing production.
Robert joined IBM in 2007 and has held various positions in IBM, all in the field of Service Management. In total, he has over twenty years of experience in enterprise systems in multiple domains spanning development, technical leadership, project management and offering management.
Robert speaks at global conferences for IBM and creates assets that range from internal documentation to published books.
Obviously a major malfunction... Lessons 35 years after the Challenger Disaster // Robert Barron
The Space Shuttle was the most advanced machine ever designed. It was a triumph and a marvel of the modern world.
And on January 1986, shuttle Challenger disintegrated seconds after launch.This session will discuss how and why the disaster occurred and what lessons modern DevOps and SREs can learn.
Resilience Engineering - a Primer // Anton Weiss
Lately we've heard some buzz around the term "resilience engineering" in relation to information systems. Much of it initiated by none other but John Allspaw - the man who inspired the birth of DevOps. My talk will lay out how the ideas of resilience engineering relate to our daily work.
Checking the pulse on DevOps and Observability // Dotan Horovits
What are the biggest obstacles to Observability? Is Observability just the DevOps' responsibility? How many companies actually use tracing? Which open source SW is gaining popularity?
We went and asked this and much more to nearly 1000 engineers across the globe, to check the pulse on DevOps.
The Devil's DevOps // Heidi Waterhouse
An Ignite that plays off Ambrose Bierce's The Devil's Dictionary to present satirical and painfully true definitions of words you hear at conferences all the time.
Monitoring People - An Engineering approach to understanding human KPIs
Monitoring People - An Engineering approach to understanding human KPIs // Erik Zaadi
Feel like understanding systems is easier and more logical than people? Let's challenge that and see how engineering practices such as monitoring and CI can be correlated to understanding and improving humans, you know, those illogical chaotic beings, which are sooooo much different than production.
BREAK
SPONSOR TALKS
APPSFLYER: Death by balloons // Gil Zellner & Elad Leev
Short story about how doing something innocent and safe at scale can go horribly wrong.
AWS: This talk will save you more than 50% of your AWS bill // Boaz Ziniman
Cloud computing changed the way we consume and pay for computing resources. Paying for what you use, and only for that, is key to get the best ROI out of your cloud investment. This session will focus on one solution that can lower your AWS bill on idle computing.
NEXT INSURANCE: DevOps the Next Insurance Way // Moshe Ben Shoham
Next Insurance offers a simple, affordable & tailored business insurance, designed for small businesses. In this short talk, we will provide a glimpse into our CI/CD processes and the cloud infrastructure that allows us to quickly deliver value to our customers and evolve our infrastructure as we identify new opportunities to better serve the small businesses owners. We will describe our DevOps processes, our usage of best-of-breed tools such as Kubernetes, and we will also talk a bit about our current challenges and how we leverage them to grow our people.
BREAKOUT SESSION #1 - HOW TO WRITE YOUR PROFESSIONAL BIO, NUR LEE HAREL | JOIN ON DISCORD IN BREAKOUT CHANNEL
Sometimes during our careers, we are asked to write something about ourselves. It can be an awkward task and most of the time we have no idea what to include, how to sell ourselves, how to make it relevant etc. In this hands-on session, you will learn how to create and improve your professional bio.
CLOUD NATIVE & OSS MINI-TRACK
Keynote | THE WORLD HAS CHANGED - HAVE OUR DESIGNS? // Avishai Ish-Shalom
When we build systems our design and tradeoffs reflect the different scales of the system: the speed of disks, latency of network; They reflect the constraints and abilities of the underlying technologies. But as technology advances some of these assumptions have become invalid. We are no longer running on physical machines for which RDBMS systems were designed; SSD changed pretty much everything in the storage world, but our software was designed for magnetic disks; NVRAM? O/S design is way off. This talk will show how changes in hardware technologies impact design rational of various systems, highlighting the importance of understanding and rethinking the design rational and explore new designs that arise from the new rational.
BREAK
Aerospike: From GBs to PBs at Sub-milli – The Fast Track to Real-time Applications – Live “Magic Show" // Oshrat Ben Avi Zabludovitz and Zohar Elkayam
Cloud Native & OSS Ignites
Rant: Everybody talks about data but nobody talks about storage // Orit Wasserman
We live in a data driven world, and the data needs to be stored somewhere on some storage. This makes the storage a critical resource that may break your application and even lose all your data! Ignoring it just won’t work. You have to choose the right kind of storage for your workload: block, file or object. You need to use it wisely or you will lose performance and scale. You need to consider cost efficiency or pay a large bill in the end of the month You must make sure your data is secure by using best practices, access control and encryption. Don’t forget about Data protection as losing your data is a huge disaster!
Submariner: multi-cluster networking for Kubernetes // NIR YECHIEL
With standard Kubernetes networking, connectivity is limited to a single cluster only, requiring proxies to connect workloads across clusters for migration, disaster-recovery, or geographic locality. Submariner is an open source project that enables high-performance cross-cluster connectivity and Service Discovery between different Kubernetes clusters, either on-premises or in the cloud. With Submariner, your applications and services can span multiple cloud providers, datacenters, and regions.
k3s: From Development to Production at the speed of light // RONEN LEVINSON
With Kubernetes becoming the standard container orchestration tool, we got to a point in which apps are deployed and managed in the same ecosystem for different purposes. As a result, the number of Kubernetes distributions started to rise in order to deal with different scenarios. To name a few: OpenShift, RKE, Tanzu… K3s is one of the newest distributions made by Rancher, which is an open source project that recently joined the list of CNCF Sandbox projects. The main goal of K3s is providing a lightweight k8s distribution using a single binary, while reducing the memory consumed by the orchestration tool.In this lightning talk we will discuss what k3s is, compare it to k8s and see how it can be installed for different purposes: CI, Edge, development and production.
Prior to joining AWS, Boaz worked with a variety of key Israeli startups—managing development and operations teams as well as leading cloud adoption and partnerships with major cloud vendors.
Being good neighbors - Rate limiting in a serverless world // Boaz Ziniman
How do you avoid DDoSing other systems or running out of resources when developing serverless applications? Serverless cloud based applications bring new challenges with their architecture and scaling capabilities. In a perfect world, this should be an advantage only, but we all know by now, that the world ain’t perfect. Integrating serverless with non-serveless systems is a challenge you should take into account and plan accordingly. This session will focus on why rate limiting is so important in serverless systems and how you should design a better system that acts as a better neighbors.
SPOTLIGHT IGNITE
Crash Course: Open Source Licenses // Zeev Suraski
Open Source is an integral part of virtually all modern software development. However, it is often too easy to not realize that some Open Source packages may come with strings attached to them - in the form of their license. In fact, some packages that might seem to be Open Source, may technically not be ones at all.
In the talk, some of the most commonly found licenses and their implications on end users will be discussed: - GPL-style licenses, including Affero GPL - BSD-style licenses - Source-available licenses.
If you’ve never heard about these licenses, or if you did hear about them but never really bothered to understand how they may affect you - attending this talk may be a good idea.
3 DATA DRIVEN BURNOUT INDICATORS // Dan Lines
Burnout is dangerous. Even more so when we can’t see the physical indicators due to being a distributed team. In this lighting talk I discuss the 3 data-driven burnout indicators I use to make sure my team rested and happy. As a manager it’s your responsibility to identify employee burnout and make sure your dev team is rested and healthy. But identifying signs of burnout as a distributed team can be challenging. In this lightning talk I discuss the 3 data-driven burnout indicators I use to make sure my team rested and happy.
BREAK
SPONSOR TALKS
ELASTIC: What Is Great About Modern Monolithic Applications? // Philipp Krenn, Developer Advocate
You only have ONE repository, build artifact, deployment step, process, and version that you can run locally but still scale horizontally. Sounds too good to be true and you think it must be a theoretical example? Far from it…You might even be running such a monolith yourself. Though there are of course some tradeoffs that we are covering as well.
VONAGE: Conversing with machines: tips for creating meaningful voice interactions // Noam Mor, Conversation Design Lead
Voice is one of the first capabilities we acquire as newborns, and one of the last we lose before we leave this world. Voice communication is the fastest, most natural and efficient way to convey an idea, so why is it so hard for machines to understand the human language?
During this five minute talk, I'll share several tips that will help drive engagement when designing virtual assistant conversations, without ever compromising on experience..
TERASKY: How to choose your enterprise-grade Kubernetes? // Lev Andelman, CTO
Kubernetes comes in many sizes and flavors - choosing a future safe solution for your organization might be challenging. In this short talk I'd like to share our experience with Enterprise Kubernetes market leaders.
SITE24X7: ALL IN ONE MONITORING // Elango Vimal, Senior Presales Engineer
User experience plays a significant role in determining the success of a business as businesses globally are on their digital transformation trajectory. While DevOps teams are embracing public / hybrid cloud to run their business applications, they are left to battle diverse operational and technical challenges in providing better user experience, and using multiple tools to achieve this goal.
Learn about the most comprehensive cloud based monitoring tool that helps you to monitor your Full Stack in one single console.
MYSQL: The hottest MySQL topics in 2020 // Vittorio Cioe, Sr.Presales Consultant, Oracle MySQL
Speaking about MySQL... How to.... Security? High Availability? Operations? Cloud? Get a gasp of the hottest MySQL topics of 2020 in a time as short as 5 minutes to be up to date with what is going on in the MySQL world!
SimilarWeb: First steps to developer autonomy // Or Tzabary, Head of Production Engineering
A story on how we identified visibility issues throughout the application deployment lifecycle, made an impact by delivering a solution that we later released to Open Source.
Scylla - A fast, Scalable and Boring Database // Avishai Ish-Shalom, Developer Advocate
What is this Scylla thing we've been hearing about? why write yet another database? Well, there are a lot of great databases out there, but none quite like this one. Scylla is a database built for modern hardware, achieving extreme performance and at the same time being operator friendly and scalable. Did I mention it's open source as well?
BREAKOUT SESSION #2 - TIPS AND TRICKS FOR BETTER TALK PROPOSALS, NUR LEE HAREL | JOIN ON DISCORD IN BREAKOUT CHANNEL
In this hands-on session, I will share some useful tips on how to improve your talk proposal and increase the chances of getting your talk selected, as learned from my experience as a producer of various tech conferences in the past 5 years, such as AngularUP, React Next, Node.TLV and React Week NYC.
DEVSECCON MINI-TRACK
Keynote | Good code, bad OPSEC - Data horror stories from a hacker's perspective // NOAM ROTEM
For the past few years, together with Ran Locar, we're running a side project to find sensitive data exposed by governments and large corporations. Although the code is usually OK from a security POV, in many cases the OPSEC is so bad it makes the effort invested in developing good code - redundant. In this talk we'll cover a few cases unearthed by our project, explore the failures, and discuss ways to prevent such catastrophes from happening on your systems.
BREAK
SNYK: Trick or Treat, Hello Dependency Defeat, Liran Tal
Hello there dear developer building your app on open source dependencies. Did you ever wonder where dependencies go when they die? Oh wait, did you think source code lives forever? Think again! Join me on a journey full of humor and scare across real world incidents to learn how even the mightiest of open source projects got defeated.
DevSecCon TLV Ignites
During my free time i play basketball, run and then eat all the calories i burnt off at a nice restaurant :)
Security Chaos with Load Balancers // Danny Robinson
Whilst testing a directory traversal vulnerability within one of our services, I found that I got different behaviour when testing through a load balancer and direct to the service. This talk is about the research the that followed. Key Findings Discussed: AWS Application Load Balancers share code with NGINX, NGINX parses http urls in a special way which results in a protective behaviour for directory traversal attacks, How I bypassed this protection behaviour, and Quick lessons from the research
HACKER RIGHTS // CHLOÉ MESSDAGHI
Sixty percent of hackers don’t submit vulnerabilities due to the fear of out-of-date legislation, press coverage, and companies misdirected policies. This fear is based on socially constructed beliefs. This talk dives into the brain’s response to fear while focusing on increasing public awareness in order to bring legislation that supports ethical hackers, ending black hoodie and ski mask imagery, and encourage organizations to support bilateral trust within their policies.
WHEN DEVOPS FAILS, MISERABLY // YANIV SIMSOLO
In this presentation I will briefly present some insights on the soft belly of DevOps. Even when SecDevOps is used, there are additional factors that should be understood for having a DevOps system or a DevOps operation secure. Some of the insights that I gain in the past years and most recently as the security manager of a major media company:
- SecDevOps requires more people – security architects and security experts.
- Juniors will not cut it.
- Operational security experts will not do.
- Refer to OWASP IL by me: Should I Trust my Vendor
- Knowledge Gap – a very nefarious serial killer of DevOps, destroyer of security operations
- Ludicrous security tools – some tools are no good. In some ecosystems the best of breed tools is useless.
- Testbenching the 2 best of breed tools, mano-a-mano.
- Orientation on content and delivery
Stopping the hassle of SSH keys by using SSH Certificates // ODED HAREVEN
SSH Keys are known to be a major operational burden, either because of the constant provisioning to target hosts or due to SSH keys that went lost (not to mention employees that took their private keys with them after they left the company…) In this session you’ll learn how to eliminate the need for ssh-keys by using ssh-certificates which in order to profoundly improve efficiency and significantly increase your workloads security posture with just-in-time access and audit.
SPOTLIGHT IGNITE
Sour Mint - The case of malicious advertisement SDK, affecting thousands of mobile apps // DANNY GRANDER
In this talk we will share the details surrounding an SDK distributed by a Chinese ad network. We will share the details of the research methods used to identify the excessive data tracking and remote code execution backdoor in the code, and why it went undetected for more than a year. This talk will share all the details of our research into a popular advertisement SDK affecting billions of consumers of both Android and iOS ecosystems. We will share the details of our research process, leading to the discovery of hidden functionalities in the SDK, including a remote code execution backdoor affecting the privacy and security of billions mobile devices.
Virtually Unforeseeable: Pandemic DevRel // QUINTESSENCE ANX
One of the hardest parts professionally during this pandemic is how to shift a role that was mostly face-to-face and high travel to being 100% virtual - without losing the connection that in person interaction provides. This has led to a lot of growing pains over the past 8 months (!!!), but as a company cornerstoned in process we adapted our workflow to accommodate our New Abnormal. This is a 5 minute talk where I will run through how we shifted our workflow, not just by top loading already virtual content like blog posts but also focusing on other ways that the advocacy team could assist the business as a whole including shifting how to handle virtual events, booth duty, changes in how to present at virtual events, and more.
BREAK
SPONSOR TALKS
StatsCraft MINI-TRACK
Keynote | DO YOU REALLY MEASURE WHAT YOUR USERS EXPERIENCE? (HEBREW) // CARMIT DANON
The system is slowing down, the customers are becoming frustrated, but our monitoring shows all green. Everyone handles performance issues, but how do we measure it properly? Are you really measuring what your users experience? Is it possible to measure everything? In my presentation, I will walk you through some of the blind spots we all have in our monitoring systems, and share from my own experience of dealing with performance issues.
StatsCraft Ignites
SLOs: You're missing the point // Jason Yee
Innovation is how you win customers; reliability is how you keep them. To succeed, you need both. But as organizations adopt Service Level Objectives (SLOs) as part of their Site Reliability Engineering (SRE) practices, they become fixated on reliability and innovation suffers. In this talk, I’ll discuss why you need to spend more time on innovation and how to do it. I’ll also share how you can escape your everyday toil and stressful firefighting to rediscover the fun in engineering—and help your company succeed at the same time!
When she’s not working on robust systems with Aerospike, she is organizing the GopherCon Europe and Cloud Nein conferences, and the Berlin chapters of the Go and Women Techmakers user groups.
Prior to that, she was an Engineering Manager, Software and Hardware Engineer, and a Co-Founder of a mobile start-up.
In her free time, she is wondering if there is life on Mars.
Highway to High Availability // NATALIE PISTUNOVICH
High availability is the holy grail of an architect, ensuring the system’s uptime is achieved for a higher than normal period. This can be achieved with an Active-Active architecture and Active-Passive architecture, which, in turn, can be deployed using different models, eg multi-site clustering and cross datacenter replication. The performance is monitored to ensure the system is meeting the agreed upon SLAs and SLOs.
Let’s understand all those terms, the relationships between them and how to implement those.
Optimizing monitoring for first impressions // ANNA TSIBULSKAYA
On average, any Instagram story gets 2 sec of attention from a person viewing it. Yes, that’s the speed with which we’re already consuming information. But, how much information can you get from a 2sec look at your monitoring? And if you just joined a company and it’s your first production incident today? I’m sure, using the right tools and thinking of monitoring as a product, it’s possible to build intuitive and user-friendly monitoring, which will dramatically reduce the amount of debugging and troubleshooting in your life. My talk is about how to do it, why it’s important to pay attention to it and how to measure results.
The dark side of Flamegraphs. What we can and cannot see // AMIR LANGER
Flamegraph is a visualization of hierarchical data used to show sampling profiling results. We found them to be extremely useful observability tools. At eBay, we use Flamegraphs to triage performance problems and visualize service behaviour in production. In this talk we’ll go over Flamegraphs, their strengths and limitations. We’ll also explore ideas to extend the technology especially in performance regression analysis where the current solution struggles and a view of more than a single Flamegraph is required to compare different runs.
SPOTLIGHT IGNITE
5 Monitoring Anti-Patterns (and how to avoid them) // NATI COHEN
During the past 15 years I was lucky to partake in building and monitoring various production systems. However, while sometimes the monitors and alerts we created were spot-on, and helped us mitigate future failures quickly, other times the dashboards we created were simply useless, and the alerts did nothing but make us miserable. In this talk we will review several common monitoring mistakes my peers and I repeatedly tend to lean towards. We will discuss why these are not the right things to do, and suggest several, hopefully better alternatives.
Take Aways from 400 Virtual Talks since March // PHILIPP KRENN
Virtual talks are the new norm. In theory, they are great — speakers and attendees can join from around the world, infrastructure is cheap and scalable, recordings are simple. But what is happening in reality with problems like Zoom fatigue? What is and what isn’t working? At Elastic, we have done 400 virtual talks and meetups since March. This talk gives an overview of the development over time, specifics in regions, differences in tooling,… and adds some personal anecdotes.
LAST BIO BREAK...AND YOU'LL NEED ONE BEFORE THE CLOSING SESSION - SO BE QUICK!
FUNNNY CANDLE-LIGHTING BY HEATHENS AND OTHER ASPARAGI
DEVOPSDAYS FUNNY TRACK
SPECIAL RANT SESSION | DO YOU KNOW WHAT YOUR PROBLEM IS...? // COREY QUINN
Expect the unexpected in this special live rant session that will be led by....YOU! Now is your chance to let Corey give a good talkin' to, to all of your "favorite" companies. Join our Discord and start suggesting companies for Corey to rant at in the "#rant-session-let-corey-have-it" channel.