Cloud Natives Zurich: How to master Distributed Systems & Commit Signing

Join our next Meetup to gain practical insights into common mistakes in distributed systems and learn how to enhance your security measures in the Software Development Life Cycle through Commit Signing. Don't miss out on this opportunity to learn from experts and improve your systems!

17:00 – 17:15 Registration
17:15 – 17:20 Welcome & Introduction

17:20 – 17:50 Adam Ralph | Software Consultant and Trainer, Particular Software
Five common mistakes with distributed systems
Does your system involve more than one computer? Then you have a distributed system. While distributed systems can be highly effective, it's easy to get things wrong. Sometimes, so wrong, it would be better to run everything on one big, expensive, machine. Usually this stems from one or more common mistakes, all of which I've made myself over the years, but as they say—learning comes from doing.

Join me and learn how to detect, avoid, and fix these mistakes and streamline your distributed systems for years to come.

17:55 – 18:25 Ondrej Halaska | Professional Software Engineer, ti&m
Enhancing a security posture within SDLC with commit signing
Would you like to know where a source code originates from? How to ensure that the developers pushing their code into a remote repository are those who claim to be? How to validate the identity of developers? What if the source code was tampered with? These questions should be addressed by security engineers or architects at the beginning of the Software Development Life Cycle alongside the proposed mitigation strategy. One of the mitigation strategies is to leverage commit signing based on OpenPGP standard. But how to achieve a good developers' experience when implementing such a new feature?
Let me share my experience of why every git project should have the commit signing functionality in its baseline setup and how to accomplish a good developers' experience at the same time. I will talk about how commit signing and commit verification work under the hood, two possible architecture solutions on how to automate commit signing (on-prem and cloud-based), and how to keep a good developer's experience alongside with collection of statistical data on how many projects are using commit signing.

18:25 – 18:30 Outlook
18:30 – 20:30 Networking