POPULARITY
Finally, in the enterprise security news, Lots of new security startups with early stage funding SentinelOne picks up Chris Krebs and Alex Stamos's consulting firm PE firm picks up ActiveState - a company I haven't thought about since I last downloaded ActiveState Perl 1000 years ago Microsoft announces the limited release of Security Copilot Semgrep releases a secrets scanner AGI predicted to come much sooner than you might expect NY State doubles down on cybersecurity regulations to protect its hospitals the young hackers behind Mirai, one of the biggest botnets ever Ransomware groups snitch on businesses to the SEC Show Notes: https://securityweekly.com/esw-340
Finally, in the enterprise security news, Lots of new security startups with early stage funding SentinelOne picks up Chris Krebs and Alex Stamos's consulting firm PE firm picks up ActiveState - a company I haven't thought about since I last downloaded ActiveState Perl 1000 years ago Microsoft announces the limited release of Security Copilot Semgrep releases a secrets scanner AGI predicted to come much sooner than you might expect NY State doubles down on cybersecurity regulations to protect its hospitals the young hackers behind Mirai, one of the biggest botnets ever Ransomware groups snitch on businesses to the SEC Show Notes: https://securityweekly.com/esw-340
Once again, Theresa Lanowitz joins us to discuss Edge Computing, but with a twist this time, as Mani Keerthi Nagotu from SentinelOne joins us as well! As a field CISO, Mani knows all too well the struggles security leaders are going through, given the current market and threat landscape: Maybe not less budget, but more pressure to produce results and justify spending Security leaders being held personally accountable for performance Potential layoffs, and the need to achieve the same goals with less labor and tool overhead Segment Resources https://cybersecurity.att.com/insights-report This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them! We regularly cover significant breaches on this podcast, but it is rare that we have enough information about a major breach to cover in enough detail to devote an entire segment to. Today, we dive into lessons learned from the breach of Okta's customer support system that targeted some other major security vendors. This is part of a troubling trend, where the target of an attack only serves as a jumping off point to other organizations. China's 2023 attack of Microsoft is an example of this. It was easier to attack Microsoft 365, one of the world's largest business SaaS platforms, than to go after each of the 25 individual targets these Chinese actors needed access to. Traditionally, we've thought of lateral movement as something that happens within a network segment, or even within a single organization. Now, we're seeing lateral movement between SaaS platforms, between clouds, from third party vendors to customer, and even from open source project to open source adopters. In this segment, we'll cover five key lessons learned from Okta's breach, from information shared by Okta and three of its customers: 1Password, Cloudflare, and BeyondTrust. Protect Your Session Tokens Monitor for Unusual Behavior SaaS Vendors Are Common Targets Zero Trust Principles Work MFA Isn't a Binary (on or off) Control Segment Resources https://www.valencesecurity.com/resources/blogs/five-lessons-learned-from-oktas-support-site-breach Finally, in the enterprise security news, Lots of new security startups with early stage funding SentinelOne picks up Chris Krebs and Alex Stamos's consulting firm PE firm picks up ActiveState - a company I haven't thought about since I last downloaded ActiveState Perl 1000 years ago Microsoft announces the limited release of Security Copilot Semgrep releases a secrets scanner AGI predicted to come much sooner than you might expect NY State doubles down on cybersecurity regulations to protect its hospitals the young hackers behind Mirai, one of the biggest botnets ever Ransomware groups snitch on businesses to the SEC Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw-340
Once again, Theresa Lanowitz joins us to discuss Edge Computing, but with a twist this time, as Mani Keerthi Nagotu from SentinelOne joins us as well! As a field CISO, Mani knows all too well the struggles security leaders are going through, given the current market and threat landscape: Maybe not less budget, but more pressure to produce results and justify spending Security leaders being held personally accountable for performance Potential layoffs, and the need to achieve the same goals with less labor and tool overhead Segment Resources https://cybersecurity.att.com/insights-report This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them! We regularly cover significant breaches on this podcast, but it is rare that we have enough information about a major breach to cover in enough detail to devote an entire segment to. Today, we dive into lessons learned from the breach of Okta's customer support system that targeted some other major security vendors. This is part of a troubling trend, where the target of an attack only serves as a jumping off point to other organizations. China's 2023 attack of Microsoft is an example of this. It was easier to attack Microsoft 365, one of the world's largest business SaaS platforms, than to go after each of the 25 individual targets these Chinese actors needed access to. Traditionally, we've thought of lateral movement as something that happens within a network segment, or even within a single organization. Now, we're seeing lateral movement between SaaS platforms, between clouds, from third party vendors to customer, and even from open source project to open source adopters. In this segment, we'll cover five key lessons learned from Okta's breach, from information shared by Okta and three of its customers: 1Password, Cloudflare, and BeyondTrust. Protect Your Session Tokens Monitor for Unusual Behavior SaaS Vendors Are Common Targets Zero Trust Principles Work MFA Isn't a Binary (on or off) Control Segment Resources https://www.valencesecurity.com/resources/blogs/five-lessons-learned-from-oktas-support-site-breach Finally, in the enterprise security news, Lots of new security startups with early stage funding SentinelOne picks up Chris Krebs and Alex Stamos's consulting firm PE firm picks up ActiveState - a company I haven't thought about since I last downloaded ActiveState Perl 1000 years ago Microsoft announces the limited release of Security Copilot Semgrep releases a secrets scanner AGI predicted to come much sooner than you might expect NY State doubles down on cybersecurity regulations to protect its hospitals the young hackers behind Mirai, one of the biggest botnets ever Ransomware groups snitch on businesses to the SEC Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw-340
Watch the live stream: Watch on YouTube About the show Sponsored by us: Check out the courses over at Talk Python And Brian's book too! Special guest: Paul Everitt Brain #1: Why I use attrs instead of pydantic Tin Tvrtković, @tintvrtkovic attrs vs dataclasses Since dataclasses are a strict subset of attrs functionality. Recommend using attrs in most cases over dataclasses attrs is faster, has more features, releases more frequently, offers over a wider range of Python versions. attrs vs Pydantic attrs is a library for generating the boring parts of writing classes; Pydantic is that but also a complex validation library. a structuring/unstructuring library, ex converting to json and back attrs has opt-in validation that you have more control over cattrs can be used for structuring/unstructuring converters are opt-in for attrs, built into Pydantic, and can be wrong. example using Pendulum that Pydantic mishandles Summary attrs + cattrs + validators where necessary, converters where necessary will be faster you'll have more control Kind of a “small, sharp, specialized tools” vs “swiss army knife” comparison. Michael #2: mclfy via __dann__ Mcfly is an incredible Ctrl+r replacement McFly replaces your default ctrl-r shell history search with an intelligent search engine that takes into account your working directory and the context of recently executed commands. McFly's suggestions are prioritized in real time with a small neural network. Features Rebinds ctrl-r to bring up a full-screen reverse history search prioritized with a small neural network. Augments your shell history to track command exit status, timestamp, and execution directory in a SQLite database. Maintains your normal shell history file as well so that you can stop using McFly whenever you want. Includes a simple action to scrub any history item from the McFly database and your shell history files. Designed to be extensible for other shells in the future. Written in Rust, so it's fast and safe. Paul #3: Textual and boilerplate removal In the race to make Textual the most talked-about package in Python Bytes history… I'd like to zoom in on a Twitter discussion he had about removing boilerplate I have traditionally been opposed to the convention-over-configuration approach that most successful Python projects have taken I dislike magic variable and file names, prefer explicit is better than implicit, actual symbols Lately, because of…tooling But Will's approach to “boilerplate removal” is compelling, as it remains mypy friendly Still, I find it flawed…code meant to be read 2 years from now…that stuff that is implied-away, worries me Will is great at working-in-the-open, being a gentle, encouraging public figure Brian #4: xdoctest “The xdoctest package is a re-write of Python's builtin doctest module. It replaces the old regex-based parser with a new abstract-syntax-tree based parser (using Python's ast module). The goal is to make doctests easier to write, simpler to configure, and encourage the pattern of test driven development.” “The main enhancements xdoctest offers over doctest are: All lines in the doctest can now be prefixed with >>>. Old-style doctests with ... are still valid. Additionally, the multi-line strings don't require any prefix (but its ok if they do have either prefix). Tests are executed in blocks, rather than line-by-line, thus comment-based directives (e.g. # doctest: +SKIP) are now applied to an entire block, rather than just a single line. Tests without a "want" statement will ignore any stdout / final evaluated value. This makes it easy to use simple assert statements to perform checks in code that might write to stdout. If your test has a "want" statement and ends with both a value and stdout, both are checked, and the test will pass if either matches. Output from multiple sequential print statements can now be checked by a single "got" statement. (new in 0.4.0).” Features I love “The new got/want tester is very permissive by default; it ignores differences in whitespace” You can make doctest normalize whitespace, but why should you have to? Michael #5: Automate the standing desk with python via Joe Riedley, by David Kong “When I first started using it, I was very excited, but I quickly found myself sitting all day, in spite of the fancy desk.” I took off a few screws and … voila! A row of pins neatly exposed right in front. The pins in my control box, when connected correctly, simulate the pressing of the buttons on the front of the box. Raspberry Pi Zero, the simplest, most basic version. It doesn't have all the bells and whistles, but it does everything I needed for this simple project, and it's just $5(!). And the code from gpiozero import LED # The LED library allows easy pin control from time import sleep import randomrelay = LED(17) # I connected the relay to pin 17 and groundwhile True: relay.on() sleep(1) relay.off() sleep(random.randint(45, 60) * 60) Paul #6: Hypermodern Python Cookiecutter I've been noodling with some code the last two years about bringing frontend DX to Python web dev Learning and talking more than adoption Running a modern Python project is a LOT of housekeeping Hypermodern Python Cookiecutter from Claudio Jolowicz teleported me to a state of the art I was looking for Poetry, Nox, GHA, pre-commit, flake8, PyPI uploads from CI, release drafter, Black, prettier, pytest, mypy, Sphinx and friends, GitHub labeler It's NOT AT ALL just a cookiecutter The best part…it's an enormously-detailed user guide, some blog posts with the “why”, it's actively maintained The PR workflow is really well explained and wired up This could be…a course, a webinar Thanks Claudio Extras Michael: ActiveState's 2021 Software Supply Chain Security Survey Python 3.9.7 and 3.8.12 are now available From Shlomi Lanton, on your #2 Brian talked about having a history of all files to find the ones that were updated last, so I created granpa caffinate: you mentioned the MacOS /usr/bin/caffeinate tool on "https://pythonbytes.fm/episodes/show/247/do-you-dare-to-press-.". Follow caffeinate with long-running command to keep awake until done (caffeinate python -c 'import time; time.sleep(10)'), or caffeinate -w "$PID" for an already running task. - via Nathan Henrie Also: wakepy now works correctly on macOS Joke: Meaning
On the second day of Christmas...: Happy Boxing Day!, Two Turtle Doves, Star Wars Retold Using Traditional Malaysian Shadow Puppetry, Prince of Persia, Kosmokrats, Dungeons and Dragons, Star Trek: Discovery, The Flight Attendant, Harper's Island, Windows Froze Again, Why Don't Text Editors Have Autosave?, Why are Audacity's Default Settings so Aggressive?, ActiveState
As Python 2 reaches its end of life, we talk to Jeff Rouse, vice president of product at ActiveState about what this means for organizations and how they can successfully move to Python 3.
Talk Python To Me - Python conversations for passionate developers
Modern cars have become mobile computer systems with many small computers running millions of lines of code. On this episode, we plug a little Python into those data streams. You'll meet Shea Newton, who is a Python developer who has worked on autonomous cars and is currently at ActiveState. Links from the show Shea on Twitter: shnewto Video presentation of PDX Talk: youtube.com Shea's source for PDX Python talk: github.com DonkeyCar: donkeycar.com Roomba Programming: github.com Sponsors Datadog Clubhouse Talk Python Training
Bart Copeland, is the CEO of ActiveState. Since the 90s, millions of developers have used the famous ActiveState distributions of Python, Perl and Tcl. In this episode, Bart narrates ActiveState’s journey, including several pivots and ownership changes. Stay tuned to the end to find out how they were able to pivot to the open source...
Aaron and Brian talk to Bernard Golden (@, VP of Strategy, ActiveState) about the latest from ActiveState, Bernard's extensive writing experience, as how containers are changing the pets vs. cattle model. Interested in the O'Reilly OSCON? Want to register for OSCON now? Use promo code 20CLOUD for 20% off Details to win an OSCON pass coming soon! Check out the OSCON Schedule Free eBook from O'Reilly Media for Cloudcast Listeners! Check out an excerpt from the upcoming Docker Cookbook Links from the show: Why the Enterprise Needs Shadow IT to Succeed Bernard's Third Platform Article Pets, Cattle & Chickens? Topic 1 - For those that aren’t familiar, give everyone a brief introduction. Topic 2 - We spoke to Bart almost two years ago about ActiveState, I’m sure a lot has changed… What about containers? (Pets, Cattle, and Chickens blog) Topic 2.5 - You’re latest article on CIO.com was very interesting. It was about why the Enterprise Needs Shadow IT. Can you tell everyone about it? Topic 3 - You’ve been very open about your support of public cloud and AWS (you wrote the AWS for Dummies Book). What is your position these days now that you daily work is on the Platform side? Topic 4 - Talk of growth on third platform going forward (your blog and IDC report), We’ve said many times on this podcast, starve the old, feed the new. How disruptive is third platform compared to traditional IT going forward? Topic 5 - How and where does PaaS (or just platforms) fit into third platform(s) vs. just straight up microservices/12 factor apps/containers/etc. What are the benefits Topic 6 - Finally, you worked for George Reese at Enstratus/Enstratius. Is he as grumpy is he is in public on Twitter? Music Credit: Nine Inch Nails (nin.com)
Bernard Golden, VP Strategy at ActiveState on Cloud Foundry and OpenStack
Reuven’s hosting solo again, as Allyson is out with a cold. He breaks with tradition and brings on this week’s guests together for a wide-ranging discussion on the role of IT in the enterprise. Bart Copeland (@bart_copeland), CEO and president of ActiveState, talks about private Platform as a Service – bringing PaaS behind the firewall and offering enterprises control and management over their platform. Kevin Behr (@kevinbehr), founder and president of Assemblage Pointe and a co-author of Phoenix Project, joins to talk about his book and applying manufacturing knowledge to high tech. Show timeline: • 0:00 – Introduction and News of the Week • 9:51 – One big interview with Bart Copeland and Kevin Behr • 39:15 – Wrap up
Aaron talks with Bart Copeland (@Bart_Copeland, CEO - ActiveState) and John Wetherall (@bcferrycoder, Developer Evangelist - ActiveState) about how developers are adopting DevOps models and how polyglot PaaS technologies are getting deployed in the Enterprise
In a cloud environment we can’t care about Linux vs. Windows – that’s the opinion of one of this week’s guests, Diane Mueller (@XBRLspy). She’s a cloud evangelist from ActiveState who wrote a unified theory of cloud and believes you should be able to run any language, on any cloud, on any stack. The other guest this week, Kian Saneii (@independa), is the CEO of a company at the convergence of wireless technology, environmental sensors, and cloud computing. His company, Independa, is an integrated cloud health care platform that helps the elderly stay independent longer and safely through a virtual caregiver that is remotely monitored. Show Timeline: • 0:00: Introductions and News of the Week • 9:04: Interview with Kian Saneii • 24:30: Interview with Diane Mueller • 37:59: Wrap Up
Diane Mueller, Director of Enterprise Product Management at ActiveState, talks about Cloud Foundry, private platform-as-a-service (PaaS), Stackato, application deployment, operations support for developers and more!