jonwaller/gist:6996779

## gistfile1.txt
Security - Kaminski
-------------------

Security is a first-class requirement
Also, performant stable usable

<- All require more than naive checking

Make games (adapting opponent) not puzzles

You know your network <- Your advantage over hackers

Detection works (Prevention... not so much)

Kaminski is an awesome speaker. Super autistic. :p

Find outliers in error logs (Odd pages, unexpected errors)

"Defense in depth" - False poitives happen.


Appurify
--------

...is amazing.

apppurify.webpagetest.org


Chip log
--------

chiplog.quicinc.com

Checks parellisation of requests, etc. Gives a rating.


Webpagetest
-----------

Videos
Comparisons of HAR/Videos


Major Leauge Baseball
---------------------

Wowza transcoding


i18n
----

All on frontend:
Try to avoid
Template tax
Nasty to do multi-language fallbacks

Good idea:
Translation proxies


Slow to fast
------------

WPT-test

[Real life example]


Webpagetest magic
-----------------

Data sent to:
Graphite / Splunk log

You can script a local instance of webpage test using wpt-test (on github)
It just reads a JSON file.

We should show trend of results over time.

Catchpoint is better for multiple locations than local instance of webpagetest

Speedindex (area under graph)

Read about vagrant

Get slides: Shows how to set up local instance of webpagetest

Webpagetest-api <- Node NPM for webpagetest


Where do we go from here?
-------------------------

"No one cares what a CPU is" <- People care about results / use cases

SysAdmins/Techie people have a bad image
-> But get it done

More than DevOps/Rockstar Dev... be in a team. Focusing on the business.

Get on the same page. Rise up. Business level thinking.

Be the "Go to" guy. Be known as the "go to" guy.

Suggestions for SysAdmins:
-Learn code
-Learn communication - Talk in their terms / their goals
-Learn (your) business - What's the flow? What's special about CA? How's the money land in my bank account eventually?
-Learn from others
-Learn to learn better, learn to learn more

"Don't build a house with your eyes closed"

"We're not getting out of our own bubble"

http://www.opsschool.org/en/latest/

Open the veil. Don't hoard knowledge/understanding.


1000ms
------

3G 1000-4000ms to first 40kB
LTE 500-1000ms to first 40kB

Need to prefetch, preresolve, prerender.
Think about "critical rendering path".

Most of the latency is waiting for the network (For top 1mm alexa sites)

You should:
CDN
Gzip
Reuse connections
Correct TLS (No redirects)

HTML -> DOM
CSS -> CSSOM

- Paint blocks on CSS, so get that to client as quick as possible.
- Eliminate blocking JS

See Google PageSpeed insights <- Web tool
- Shows blocking JS and blocking CSS

RTT = Roundtrip time

Inline critical CSS
Load below the fold CSS on onLoad <- If appropriate

<link rel="dns-prefetch">
<link rel="subresource">
<link rel="prefetch"> <-file
<link rel="prerender"> <-html
	Security - Kaminski
	-------------------

	Security is a first-class requirement
	Also, performant stable usable

	<- All require more than naive checking

	Make games (adapting opponent) not puzzles

	You know your network <- Your advantage over hackers

	Detection works (Prevention... not so much)

	Kaminski is an awesome speaker. Super autistic. :p

	Find outliers in error logs (Odd pages, unexpected errors)

	"Defense in depth" - False poitives happen.


	Appurify
	--------

	...is amazing.

	apppurify.webpagetest.org


	Chip log
	--------

	chiplog.quicinc.com

	Checks parellisation of requests, etc. Gives a rating.


	Webpagetest
	-----------

	Videos
	Comparisons of HAR/Videos


	Major Leauge Baseball
	---------------------

	Wowza transcoding


	i18n
	----

	All on frontend:
	Try to avoid
	Template tax
	Nasty to do multi-language fallbacks

	Good idea:
	Translation proxies


	Slow to fast
	------------

	WPT-test

	[Real life example]


	Webpagetest magic
	-----------------

	Data sent to:
	Graphite / Splunk log

	You can script a local instance of webpage test using wpt-test (on github)
	It just reads a JSON file.

	We should show trend of results over time.

	Catchpoint is better for multiple locations than local instance of webpagetest

	Speedindex (area under graph)

	Read about vagrant

	Get slides: Shows how to set up local instance of webpagetest

	Webpagetest-api <- Node NPM for webpagetest


	Where do we go from here?
	-------------------------

	"No one cares what a CPU is" <- People care about results / use cases

	SysAdmins/Techie people have a bad image
	-> But get it done

	More than DevOps/Rockstar Dev... be in a team. Focusing on the business.

	Get on the same page. Rise up. Business level thinking.

	Be the "Go to" guy. Be known as the "go to" guy.

	Suggestions for SysAdmins:
	-Learn code
	-Learn communication - Talk in their terms / their goals
	-Learn (your) business - What's the flow? What's special about CA? How's the money land in my bank account eventually?
	-Learn from others
	-Learn to learn better, learn to learn more

	"Don't build a house with your eyes closed"

	"We're not getting out of our own bubble"

	http://www.opsschool.org/en/latest/

	Open the veil. Don't hoard knowledge/understanding.


	1000ms
	------

	3G 1000-4000ms to first 40kB
	LTE 500-1000ms to first 40kB

	Need to prefetch, preresolve, prerender.
	Think about "critical rendering path".

	Most of the latency is waiting for the network (For top 1mm alexa sites)

	You should:
	CDN
	Gzip
	Reuse connections
	Correct TLS (No redirects)

	HTML -> DOM
	CSS -> CSSOM

	- Paint blocks on CSS, so get that to client as quick as possible.
	- Eliminate blocking JS

	See Google PageSpeed insights <- Web tool
	- Shows blocking JS and blocking CSS

	RTT = Roundtrip time

	Inline critical CSS
	Load below the fold CSS on onLoad <- If appropriate

	<link rel="dns-prefetch">
	<link rel="subresource">
	<link rel="prefetch"> <-file
	<link rel="prerender"> <-html