Patricia Aas is a C++ programmer and security expert who currently works for TurtleSec. She is concerned about issues like election security, privacy, and the lack of oversight and regulation in the technology industry. She believes technology has introduced fragility to important systems like democracy. However, most people do not understand the implications of technological issues and journalists struggle to explain the problems to the general public. This leaves the industry unregulated and unable to have meaningful public debates around ethics and social impacts.
Survival Tips for Women in Tech (JavaZone 2019) Patricia Aas
Being the only woman on your team can be hard. Many times it’s difficult to know what is only your experience and what is common. In this talk we’ll go through 24 tips (and a few bonus tips) based on well over a decade of experience being the only woman in several teams. If you’re a woman hopefully you’ll walk out with some ideas you can put to work right away, if you’re a man hopefully you’ll walk out with a new perspective and start noticing things in your day-to-day that you didn’t notice before.
https://patricia.no/2018/09/06/survival_tips_for_women_in_tech.html
Keynote: Deconstructing Privilege (C++ on Sea 2019)Patricia Aas
Can you describe a situation that caused you to realize you were privileged?
I have asked many people that question now, and what I have learned is that privilege is an Unconscious Incompetence. Being privileged is a non-event. When we become conscious of it we realize that our privileged experience is not applicable to less privileged people. What happens to them does not happen to us. Only when we become Consciously Incompetent do we realize the need to listen. We need to learn.
In this talk I hope to make you realize that we all have privilege and to start a journey through self reflection to becoming Consciously Incompetent. I hope also to give some indicators and patterns that you can look for in your daily lives to recognize and maybe even to correct imbalances you see.
“Well, most users will have 3D touch by the next iPhone”
“I doubt many visually impaired people even use our product anyway”
“Sarah didn’t say anything during our meeting so she doesn’t seem to have an opinion on the architecture design”
“Don’t worry, users will get it once they use it”
As developers, we make assumptions every day. However, as Alan Alda stated “Your assumptions are your windows on the world. Scrub them off every once in awhile, or the light won't come in.” Whether it is about your users or your teammates, our perceived thoughts drive how we approach software development - for better or worse. This talk will walk through some of the most common assumptions iOS engineers encounter and discuss ways we can learn to think more inclusively when it comes to both feature and app development, as well as within our own teams. We’ll also cover some strategies on how to keep an open mind when approaching these kinds of topics.
Deconstructing Privilege (NDC Oslo 2018)Patricia Aas
Can you describe a situation that caused to realize you were privileged?
I have asked many people that question now, and what I have learned is that privilege is an Unconscious Incompetence. Being privileged is a non-event. When we become conscious of it we realize that our privileged experience is not applicable to less privileged people. What happens to them does not happen to us. Only when we become Consciously Incompetent do we realize the need to listen. We need to learn.
In this talk I hope to make you realize that we all have privilege and to start a journey through self reflection to becoming Consciously Incompetent. I hope also to give some indicators and patterns that you can look for in your daily lives to recognize and maybe even to correct imbalances you see.
Trust, Elections and Twitter (fscons 2017)Patricia Aas
September 1st 2017 the Norwegian government issued a regulation that mandated that all votes in the upcoming parliamentary election (10 days later) had to be counted manually at least once. This talk describes the personal Twitter campaign that preceded it and how the public and the media have power and influence when they join forces.
Actuación procesal ante los Juzgados y Tribunales de Tarragona y Reus. Nuestro objetivo es facilitar el proceso judicial a nuestros abogados y clientes ofreciendo un servicio integral de gestión procesal ágil y eficaz.
Survival Tips for Women in Tech (JavaZone 2019) Patricia Aas
Being the only woman on your team can be hard. Many times it’s difficult to know what is only your experience and what is common. In this talk we’ll go through 24 tips (and a few bonus tips) based on well over a decade of experience being the only woman in several teams. If you’re a woman hopefully you’ll walk out with some ideas you can put to work right away, if you’re a man hopefully you’ll walk out with a new perspective and start noticing things in your day-to-day that you didn’t notice before.
https://patricia.no/2018/09/06/survival_tips_for_women_in_tech.html
Keynote: Deconstructing Privilege (C++ on Sea 2019)Patricia Aas
Can you describe a situation that caused you to realize you were privileged?
I have asked many people that question now, and what I have learned is that privilege is an Unconscious Incompetence. Being privileged is a non-event. When we become conscious of it we realize that our privileged experience is not applicable to less privileged people. What happens to them does not happen to us. Only when we become Consciously Incompetent do we realize the need to listen. We need to learn.
In this talk I hope to make you realize that we all have privilege and to start a journey through self reflection to becoming Consciously Incompetent. I hope also to give some indicators and patterns that you can look for in your daily lives to recognize and maybe even to correct imbalances you see.
“Well, most users will have 3D touch by the next iPhone”
“I doubt many visually impaired people even use our product anyway”
“Sarah didn’t say anything during our meeting so she doesn’t seem to have an opinion on the architecture design”
“Don’t worry, users will get it once they use it”
As developers, we make assumptions every day. However, as Alan Alda stated “Your assumptions are your windows on the world. Scrub them off every once in awhile, or the light won't come in.” Whether it is about your users or your teammates, our perceived thoughts drive how we approach software development - for better or worse. This talk will walk through some of the most common assumptions iOS engineers encounter and discuss ways we can learn to think more inclusively when it comes to both feature and app development, as well as within our own teams. We’ll also cover some strategies on how to keep an open mind when approaching these kinds of topics.
Deconstructing Privilege (NDC Oslo 2018)Patricia Aas
Can you describe a situation that caused to realize you were privileged?
I have asked many people that question now, and what I have learned is that privilege is an Unconscious Incompetence. Being privileged is a non-event. When we become conscious of it we realize that our privileged experience is not applicable to less privileged people. What happens to them does not happen to us. Only when we become Consciously Incompetent do we realize the need to listen. We need to learn.
In this talk I hope to make you realize that we all have privilege and to start a journey through self reflection to becoming Consciously Incompetent. I hope also to give some indicators and patterns that you can look for in your daily lives to recognize and maybe even to correct imbalances you see.
Trust, Elections and Twitter (fscons 2017)Patricia Aas
September 1st 2017 the Norwegian government issued a regulation that mandated that all votes in the upcoming parliamentary election (10 days later) had to be counted manually at least once. This talk describes the personal Twitter campaign that preceded it and how the public and the media have power and influence when they join forces.
Actuación procesal ante los Juzgados y Tribunales de Tarragona y Reus. Nuestro objetivo es facilitar el proceso judicial a nuestros abogados y clientes ofreciendo un servicio integral de gestión procesal ágil y eficaz.
Why Is Election Security So Hard? (Paranoia 2019) Patricia Aas
What makes the domain and requirements of elections so difficult to solve with computers? In this talk we will go through a lot of the requirements of an election and what motivates them, and show how computers surprisingly often introduce more vulnerabilities than they solve when applied to elections.
Elections: Trust and Critical Infrastructure (NDC TechTown 2019)Patricia Aas
Free and correct elections are the linchpin of democracy. For a government to be formed based the will of the people, the will of the people must be heard. Across the world election systems are being classified as critical infrastructure, and they face the same concerns as all other fundamental systems in society.
We are building our critical infrastructure from hardware and software built by nations and companies we can’t expect to trust. How can this be dealt with in Election Security, and can those lessons be applied to other critical systems society depends on today?
Elections, Trust and Critical Infrastructure (NDC TechTown)Patricia Aas
Free and correct elections are the linchpin of democracy. For a government to be formed based the will of the people, the will of the people must be heard. Across the world election systems are being classified as critical infrastructure, and they face the same concerns as all other fundamental systems in society.
We are building our critical infrastructure from hardware and software built by nations and companies we can’t expect to trust. How can this be dealt with in Election Security, and can those lessons be applied to other critical systems society depends on today?
The future *is* technical communicationSarah Maddox
A look at the fast-moving world of technology, the ways people interact with technology, and in particular how technology affects the way we communicate. I’m proposing that communication via technology is core to our experience of the world. We, as technical communicators, are in a very good position to grab the opportunities offered by this technology-rich world.
Sometimes we lose hope. Sometimes we stop believing that something is possible, sometimes we stop believing in ourselves. The future seems bleak and unchangeable, maybe in a downward spiral. Then we need something else to drive us forward. Though we no longer believe our dream is attainable, we might still believe in the way to get there. Believing in the path can be enough to make the next step. This is where Doing The Right Thing comes in. We can chose to do something just because it’s right, even if we don’t believe it will change things. And sudden progress can then give us new hope.
In this talk I will describe a distinction between making progress toward lofty goals and making progress toward easy goals, and how you need a different mental process to pull off the hard stuff.
A vast network of investigative reporters collaborated on a global scale to dive into the financial documents known as the Panama Papers. It took months to sift through the 11.5 million leaked documents. We’ll look at how the data were organized, how such a large, global project was kept secret, and get insights into how reporters started shaping their ongoing stories.
From experience we have learned that almost any surface we expose could have weaknesses. We have to have a plan on how to deal with issues as they arise, and an architecture that allows us to correct and protect in products that are already in use. When security is lifted up to the discretion of the user, however, we often fail to inform their decision properly. The usability of security and the architecture of fixability are closely connected, and both need continued refinement and focus. This talk will describe architectural and organizational features that make it easier to make corrective measures. They are down-to-earth everyday scenarios, illustrated by real world software projects and security incidents. Some of the stories are well known, some are anonymized to protect the innocent. Finally we will show examples of how difficult it is to design the user experience of security.
Designing Socially Impactful Digital ExperiencesCatt Small
Countless people in technology want to use their skills to help others. However, creating a digital product that improves society is harder than it sounds. The successful use of technology in new contexts requires more research, testing, and time than most would like to admit. Countless social good hackathons have been organized, yet many products created during these events fail to become anything more than a mention in a recap article.
In this talk, I described my process of creating SenseU, a mobile sex education game that utilizes a popular form of communication: instant messaging. Using my project as a case study, I highlighted ways that the current state of designing for social good can be improved. Attendees learned ways that technology can successfully help others as well as tips for launching an interactive experience created for social good.
Digital pedagogy in an age of algorithms: What do we DO about data?Bonnie Stewart
This keynote from #THATCampX frames the problems of the web and societal datafication as problems for higher ed. The second talk in a series focusing on building a #prosocial web via complexity, cooperation, and contribution, the focus is on what we in the academy can DO to resist the technocratic systems encroaching on our institutions and our lives, drawing on the model of the Antigonish Movement and #Antigonish2 for inspiration.
How (and why) to Factor Tech Ethics into Your SprinteBranding Ninja
How do you build tech you won't regret? Who is responsible for the code that is released? How do you make tech ethics considerations, including privacy, security, accessibility and inclusion, a part of your regular agile feedback and review processes?
http://2019.aginext.io/Session/tech-ethics/
Some slides transferred poorly from keynote to powerpoint so here are the blanks filled in:
Slide 6: “We kill people based on metadata.” — Michael Hayden (former NSA and CIA director)
Slide 21: "“The most dangerous phrase in the language is, ‘We’ve always done it this way’.” —Grace Hopper (computer scientist, candidate for Most Badass American Award)
Slide 31: “Don’t build something if you don’t have the budget to build the security infrastructure properly. Knowing your limits is also important to behave ethically.” — Ádám Sándor (cloud tech consultant)
Slide 32: "Whose problem is it if data gets stolen? Was it devs not thinking, ops not securing or management not giving enough budget? In these situations, it’s very easy to think ‘This isn’t my own problem, I’m just a cog in the machine.'” — Ádám Sándor (cloud tech consultant)
Thank you!
Digital Summit 2016: The Digital Nomad Marketing StrategyGeoffrey Colon
When you bet on platforms or set up property, you miss where human customer behavior could move. When you crunch too much data, you miss the bits of information that really help you determine how to execute a truly unique and successful business strategy.
While the world is over-inundated with discussions on using platforms like search, social, messaging, email, out of home channels, the digital nomad marketer doesn’t see siloed platforms but a holistic world of opportunity and experiences in which to communicate.
By thinking about how people live and behave in the world is the starting point of all modern marketing strategy and a total inversion from how marketing has been taught and executed for the last 50 years.
Geoffrey Colon works at the intersection of marketing, tech, and popular culture. Data punk, DJ, podcaster, and author, Geoffrey is a communications designer at Microsoft, where he leads a team of disruptive marketers to develop creative and analytical strategies for the company’s search advertising business. Previously he was vice president of digital strategy at Ogilvy & Mather, digital communities supervisor at 360i, and social media specialist at Bond Strategy and Influence. He has written for The Futurist, Advertising Age, and Fast Company, and been quoted in the Wall Street Journal, Billboard Magazine, Advertising Age, Los Angeles Times, and on NPR. Visit Geoffrey Colon at http://geoffreycolon.net or follow him on Twitter @djgeoffe
#DisruptiveFM
We've been told our whole lives ownership is key to success. Even in marketing we are told how much we need to have a paid/owned/earned strategy. But how if this strategic approach that puts an emphasis on ownership is all incorrect? What if the key to success in the 21st century of communications was similar to our economic condition where renting and utilizing resources when necessary is more important? What if we went full circle to the agricultural age due to cloud computing technology and adopted a nomadic strategy? Where we went not where we could grow or gather food but to grown and cultivate partnership relationships. Where we help grow new business models where the lines between employees and customers are blurred?
In this presentation, be pushed to think beyond the normal by Geoffrey Colon, Microsoft communications designer and author of "Disruptive Marketing: What Growth Hackers, Data Punks, and Other Hybrid Thinkers Can Teach Us About Navigating the New Normal" on how to set up a nomadic social by design and agile structure for success whether you're a sole proprietor, small business, NFP, government agency or Fortune 100 company.
What we may have learned in the recent past as a best practice must now be unlearned and relearned constantly so that we stay as flexible as our customers. In the end, it won't matter where you do business, as long as you measure specific KPIs that will help you with growth and customer satisfaction around your product, culture, organization or service.
For more of Geoffrey's thinking, follow him on LinkedIn or Twitter @djgeoffe
NDC TechTown 2023_ Return Oriented Programming an introduction.pdfPatricia Aas
Return Oriented Programming (ROP) is an exploitation technique that folks have often heard of, but don't know the mechanics of. In this talk you will learn how it works, and we will go through some examples to show how it can be used to execute code in contexts where the stack is not executable.
Why Is Election Security So Hard? (Paranoia 2019) Patricia Aas
What makes the domain and requirements of elections so difficult to solve with computers? In this talk we will go through a lot of the requirements of an election and what motivates them, and show how computers surprisingly often introduce more vulnerabilities than they solve when applied to elections.
Elections: Trust and Critical Infrastructure (NDC TechTown 2019)Patricia Aas
Free and correct elections are the linchpin of democracy. For a government to be formed based the will of the people, the will of the people must be heard. Across the world election systems are being classified as critical infrastructure, and they face the same concerns as all other fundamental systems in society.
We are building our critical infrastructure from hardware and software built by nations and companies we can’t expect to trust. How can this be dealt with in Election Security, and can those lessons be applied to other critical systems society depends on today?
Elections, Trust and Critical Infrastructure (NDC TechTown)Patricia Aas
Free and correct elections are the linchpin of democracy. For a government to be formed based the will of the people, the will of the people must be heard. Across the world election systems are being classified as critical infrastructure, and they face the same concerns as all other fundamental systems in society.
We are building our critical infrastructure from hardware and software built by nations and companies we can’t expect to trust. How can this be dealt with in Election Security, and can those lessons be applied to other critical systems society depends on today?
The future *is* technical communicationSarah Maddox
A look at the fast-moving world of technology, the ways people interact with technology, and in particular how technology affects the way we communicate. I’m proposing that communication via technology is core to our experience of the world. We, as technical communicators, are in a very good position to grab the opportunities offered by this technology-rich world.
Sometimes we lose hope. Sometimes we stop believing that something is possible, sometimes we stop believing in ourselves. The future seems bleak and unchangeable, maybe in a downward spiral. Then we need something else to drive us forward. Though we no longer believe our dream is attainable, we might still believe in the way to get there. Believing in the path can be enough to make the next step. This is where Doing The Right Thing comes in. We can chose to do something just because it’s right, even if we don’t believe it will change things. And sudden progress can then give us new hope.
In this talk I will describe a distinction between making progress toward lofty goals and making progress toward easy goals, and how you need a different mental process to pull off the hard stuff.
A vast network of investigative reporters collaborated on a global scale to dive into the financial documents known as the Panama Papers. It took months to sift through the 11.5 million leaked documents. We’ll look at how the data were organized, how such a large, global project was kept secret, and get insights into how reporters started shaping their ongoing stories.
From experience we have learned that almost any surface we expose could have weaknesses. We have to have a plan on how to deal with issues as they arise, and an architecture that allows us to correct and protect in products that are already in use. When security is lifted up to the discretion of the user, however, we often fail to inform their decision properly. The usability of security and the architecture of fixability are closely connected, and both need continued refinement and focus. This talk will describe architectural and organizational features that make it easier to make corrective measures. They are down-to-earth everyday scenarios, illustrated by real world software projects and security incidents. Some of the stories are well known, some are anonymized to protect the innocent. Finally we will show examples of how difficult it is to design the user experience of security.
Designing Socially Impactful Digital ExperiencesCatt Small
Countless people in technology want to use their skills to help others. However, creating a digital product that improves society is harder than it sounds. The successful use of technology in new contexts requires more research, testing, and time than most would like to admit. Countless social good hackathons have been organized, yet many products created during these events fail to become anything more than a mention in a recap article.
In this talk, I described my process of creating SenseU, a mobile sex education game that utilizes a popular form of communication: instant messaging. Using my project as a case study, I highlighted ways that the current state of designing for social good can be improved. Attendees learned ways that technology can successfully help others as well as tips for launching an interactive experience created for social good.
Digital pedagogy in an age of algorithms: What do we DO about data?Bonnie Stewart
This keynote from #THATCampX frames the problems of the web and societal datafication as problems for higher ed. The second talk in a series focusing on building a #prosocial web via complexity, cooperation, and contribution, the focus is on what we in the academy can DO to resist the technocratic systems encroaching on our institutions and our lives, drawing on the model of the Antigonish Movement and #Antigonish2 for inspiration.
How (and why) to Factor Tech Ethics into Your SprinteBranding Ninja
How do you build tech you won't regret? Who is responsible for the code that is released? How do you make tech ethics considerations, including privacy, security, accessibility and inclusion, a part of your regular agile feedback and review processes?
http://2019.aginext.io/Session/tech-ethics/
Some slides transferred poorly from keynote to powerpoint so here are the blanks filled in:
Slide 6: “We kill people based on metadata.” — Michael Hayden (former NSA and CIA director)
Slide 21: "“The most dangerous phrase in the language is, ‘We’ve always done it this way’.” —Grace Hopper (computer scientist, candidate for Most Badass American Award)
Slide 31: “Don’t build something if you don’t have the budget to build the security infrastructure properly. Knowing your limits is also important to behave ethically.” — Ádám Sándor (cloud tech consultant)
Slide 32: "Whose problem is it if data gets stolen? Was it devs not thinking, ops not securing or management not giving enough budget? In these situations, it’s very easy to think ‘This isn’t my own problem, I’m just a cog in the machine.'” — Ádám Sándor (cloud tech consultant)
Thank you!
Digital Summit 2016: The Digital Nomad Marketing StrategyGeoffrey Colon
When you bet on platforms or set up property, you miss where human customer behavior could move. When you crunch too much data, you miss the bits of information that really help you determine how to execute a truly unique and successful business strategy.
While the world is over-inundated with discussions on using platforms like search, social, messaging, email, out of home channels, the digital nomad marketer doesn’t see siloed platforms but a holistic world of opportunity and experiences in which to communicate.
By thinking about how people live and behave in the world is the starting point of all modern marketing strategy and a total inversion from how marketing has been taught and executed for the last 50 years.
Geoffrey Colon works at the intersection of marketing, tech, and popular culture. Data punk, DJ, podcaster, and author, Geoffrey is a communications designer at Microsoft, where he leads a team of disruptive marketers to develop creative and analytical strategies for the company’s search advertising business. Previously he was vice president of digital strategy at Ogilvy & Mather, digital communities supervisor at 360i, and social media specialist at Bond Strategy and Influence. He has written for The Futurist, Advertising Age, and Fast Company, and been quoted in the Wall Street Journal, Billboard Magazine, Advertising Age, Los Angeles Times, and on NPR. Visit Geoffrey Colon at http://geoffreycolon.net or follow him on Twitter @djgeoffe
#DisruptiveFM
We've been told our whole lives ownership is key to success. Even in marketing we are told how much we need to have a paid/owned/earned strategy. But how if this strategic approach that puts an emphasis on ownership is all incorrect? What if the key to success in the 21st century of communications was similar to our economic condition where renting and utilizing resources when necessary is more important? What if we went full circle to the agricultural age due to cloud computing technology and adopted a nomadic strategy? Where we went not where we could grow or gather food but to grown and cultivate partnership relationships. Where we help grow new business models where the lines between employees and customers are blurred?
In this presentation, be pushed to think beyond the normal by Geoffrey Colon, Microsoft communications designer and author of "Disruptive Marketing: What Growth Hackers, Data Punks, and Other Hybrid Thinkers Can Teach Us About Navigating the New Normal" on how to set up a nomadic social by design and agile structure for success whether you're a sole proprietor, small business, NFP, government agency or Fortune 100 company.
What we may have learned in the recent past as a best practice must now be unlearned and relearned constantly so that we stay as flexible as our customers. In the end, it won't matter where you do business, as long as you measure specific KPIs that will help you with growth and customer satisfaction around your product, culture, organization or service.
For more of Geoffrey's thinking, follow him on LinkedIn or Twitter @djgeoffe
NDC TechTown 2023_ Return Oriented Programming an introduction.pdfPatricia Aas
Return Oriented Programming (ROP) is an exploitation technique that folks have often heard of, but don't know the mechanics of. In this talk you will learn how it works, and we will go through some examples to show how it can be used to execute code in contexts where the stack is not executable.
Return Oriented Programming, an introductionPatricia Aas
Return Oriented Programming (ROP) is an exploitation technique that folks have often heard of, but don't know the mechanics of.
In this talk you will learn how it works, and we will go through how it can be used to execute code in contexts where the stack is not executable.
I can't work like this (KDE Academy Keynote 2021)Patricia Aas
Making software products can be fraught with conflicts, where people in different roles may feel sabotaged by others. In this talk I present a model for thinking about the problems we solve and how we solve them, and using that I hope to convince you that team excellence comes from our differences, rather than in spite of them. Hopefully you'll walk away with a deeper understanding of that colleague that never writes tests, or the one that constantly complains that all you do is "make bugs".
Dependency Management in C++ (NDC TechTown 2021)Patricia Aas
C++ has been slow to settle on standardized tools for building and dependency management. In recent years CMake has emerged as the de facto standard for builds, but dependency management still has no clear winner. In this talk I will look into what dependency management might look like in modern C++ projects and how that relates to security.
Introduction to Memory Exploitation (Meeting C++ 2021)Patricia Aas
Stack based exploitation has gotten all the fame, but many platform and compiler mitigations have made it very hard to exploit stack vulnerabilities. Heap based exploits are still very relevant, and since this is black magic for most developers I will here give an introduction to the field.
We keep on thinking we are living in the future, but native exploitation has a rich history, and many times the vulnerabilities and exploitation techniques are decades old. We'll look at some of these, how they have surfaced in recent years and how prepared we are today, armed with modern tooling, to find and fix "classic" vulnerabilities.
We keep on thinking we are living in the future, but native exploitation has a rich history, and many times the vulnerabilities and exploitation techniques are decades old.
We'll look at some of these, how they have surfaced in recent years and how prepared we are today, armed with modern tooling, to find and fix "classic" vulnerabilities.
Introduction to Memory Exploitation (CppEurope 2021)Patricia Aas
Stack based exploitation has gotten all the fame, but many platform and compiler mitigations have made it very hard to exploit stack vulnerabilities. Heap based exploits are still very relevant, and since this is black magic for most developers I will here give an introduction to the field.
Thoughts On Learning A New Programming LanguagePatricia Aas
How should we teach a new language to folks that already know how to program?
How do we use what we already know to leapfrog the learning process?
Based on my personal experience and snippets of natural language theory, we will try to explore the cheats and pitfalls when learning a new programming language, but also dig into how we can make it easier.
Trying to build an Open Source browser in 2020Patricia Aas
A lot of things have been developed over the last 15 years that should make the process of making a browser easier. In this talk we will explore a bunch of different tools, platforms and libraries that could go into making a browser in 2020.
We will also see a live demo of a simple browser built with these OSS projects. We will also discuss the limitations and future work needed to make this work in practice.
Trying to build an Open Source browser in 2020Patricia Aas
A lot of things have been developed over the last 15 years that should make the process of making a browser easier. In this talk we will explore a bunch of different tools, platforms and libraries that could go into making a browser in 2020.
We will also see a live demo of a simple browser built with these OSS projects. We will also discuss the limitations and future work needed to make this work in practice.
DevSecOps for Developers, How To Start (ETC 2020)Patricia Aas
How can you squeeze Security into DevOps? Security is often an understaffed function, so how can you leverage what you have in DevOps to improve your security posture?
Often the culture clash between Security and Development is even more prominent than between Development and Operations. Understanding the differences in how these functions work, and leveraging their similarities, will reveal processes already in place that can be used to improve security. This fine tuning of tools and processes can give you DevSecOps on a shoestring.
The Anatomy of an Exploit (NDC TechTown 2019)Patricia Aas
Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used.
The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks.
The Anatomy of an Exploit (NDC TechTown 2019))Patricia Aas
Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used.
The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks.
Chromium Sandbox on Linux (NDC Security 2019)Patricia Aas
The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers.
However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk.
Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through a simple exploit, how it’s developed and how it’s used. The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as another programming tool. We will mainly be looking at C and x86_64 assembly, so bring snacks.
Trying to prepare your project or organisation to be able to receive vulnerability reports is a daunting task. And often far more complex and cross disciplinary than one first expects.
This talk describes some of the most common challenges and how to counteract them.
Learning a new language is often colored by the language you come from.
As a programmer coming from C++ and Java, with some functional programming background, how did I navigate trying to get a grasp of C#? Should be fun for C# developers, but also educational: How do we teach a new language to folks that already know how to program?
Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used. The goal is to try to get a feeling for the point of view of an "attacker", and to slowly start looking at exploitation as just another programming practice. We will mainly be looking at C and x86_64 assembly, so bring snacks.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
12. @pati_gallardo
Most journalists I talk to about election security
never write anything.
They don’t understand what I’m saying.
They don’t understand the implications.
And if they do,
they don’t understand
how to communicate it to regular people. 12
13. @pati_gallardo
We made a digital world.
And we struggle to protect it
because those that make decisions
don’t understand it.
We sold a story that it’s magic.
And now we can’t explain what’s wrong.
13
16. @pati_gallardo
We can’t explain
how we embed devices in their bodies
that we don’t fully understand
and we are not fully protecting.
@pati_gallardo
16
17. @pati_gallardo
We can’t explain
how this white male dominated industry
keeps on creating things
that are unsuited for people of color or women.
17
22. @pati_gallardo
The Principle of Social Proof
22
“Nobody else is
saying anything?”
“We’ve always
done it this way!”
“These people seem
to think this is fine!”
37. @pati_gallardo
Talking with people that make laws...
They don’t know how to regulate us.
They believe in our propaganda.
They believe in the objective truth of machines.
37
Regulation.
43. @pati_gallardo
In the 90s Norway had
“Hjemme PC Ordningen” and “Datakortet”
which were attempts at making the population computer
literate.
But did we interpret that computer literacy too narrowly?
Today most people can use a computerized device
- but do they understand it?
43