As some 200 million Chinese migrant workers head home for the Lunar New Year holiday, they face an unprecedented crisis of unemployment and a lack of social protections. Many factories have closed and fired workers, forcing over 10 million migrants to return home early. One couple who lost their toy factory jobs returned home empty-handed with no prospects for work after the holiday. The unemployment is causing concern for social stability as migrant workers have come to rely on non-farm incomes that are now at risk of declining. The government is implementing programs to create jobs and training for unemployed workers. Experts warn of a difficult time but do not expect massive unrest, as farmers have resilience and fallback options of informal support networks and returning to their home villages.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
1. 两亿甚至更多的中国出外打工人员这个周末回家过年,他们面临着一场前所未有的危机:失业和不健全的社会保障网。
每年一度的春节假日是家庭团聚、回顾过去、展望未来的日子。对中国的农民来说,新年还是为来年去哪里工作制定具体计划的时候。过去这些年,很
多人每年从遥远的外地带着打工挣来的大把钞票回家,年后又和新的打工者一起出发。
但是今年,很多人年前回家的时候并没指望年后再回去。中国媒体报导说,由于工厂关闭,工人被解雇,1,000 多万在外务工人员几周前就回到农村老家
了。例 如,在中国中部的正阳县,25,000 名打工者去年 12 月份丢掉工厂的工作后就回家了,占该地区出外务工人员的 60%以上。
这种情况已经 开始令人感受到痛苦了。现年 35 岁的蔡琴来自中国西南部贫穷的贵州省某村庄,是一家工厂的工人。自从七年前她跟随丈夫到沿海地区
打工以来,每年的春节都是 全家快乐的时刻。她们两个人每个月的工资加起来已经涨到 2,000 元(合 292 美元),两口子用存款盖了房子,还负担这蔡
琴小叔子上高中的学费。
但今年他们回家的心情却是喜忧参半。蔡琴和丈夫工作的玩具工厂毗邻香港,去年 11 月份关门,他们俩只好提前回家。以前过年他们总会带着衣服和其
他礼物回家,这次却两手空空。蔡琴说,不知道年后怎么办,想起来就头疼。
这 种情况引起人们对中国社会稳定的严重担忧,农村人口仍然占中国人口的大部分。根据中国官方数据,自 1990 年以来,农民收入已经增长了六倍。
非农业收入对 农村家庭的重要性与日俱增。根据中国国家统计局(National Bureau of Statistics of China)的数据,中国农村家庭 2007 年人均年收入中有
1,596 元为工资收入,占总收入的比例为 39%,高于 1990 年的 20%。
加州大学尔湾分校(University of California in Irvine)研究中国国内人口流动的教授多萝西•梭林格(Dorothy Solinger)表示,过去几年,不论打工者处境多么
艰难,他们都是向上流动的,而现在可能变成向下流动的趋势。
这 给中国共产党提出了挑战,共产党通过维持 30 年的经济高速增长巩固了其地位的合法性。政府正在推出各项措施,给失业的打工者找事做。中国南
部的广东省是出 口大省,已经有几千家工厂停业,省劳动局去年 12 月份公布相关规章,鼓励当地政府机构要求下级政府部门为失业的农民工创造就业
机会或提供必要帮助。劳动局 也开始向失业人员提供免费的就业服务和培训课程,向打算自主创业的人给予资金援助。
不过专家认为出现大规模骚乱的可能性不大。中国农民具 有很强的忍耐力;他们也有非正式互助网络,例如大家庭,以及村里约束力很强的富帮穷非正
式义务。中国社会科学院(Chinese Academy of Social Sciences)人口流动专家王春光表示,这段时间会很艰难,但他认为社会稳定不会出现严重问题。
周三在北京西站候车准 备回家过年的农民工心态乐观,虽然他们估计下个月回来后新工作要难找得多。河南省裴村店村农民翟远辉说,“我肯定能找到
事情做”。他已经在北京呆了三年, 做零工,挣钱贴补家用。他说,“我在北京只是到处打散工,每个月就能挣 1,000 元左右;没来北京的时候,我一年
挣上 2,000 元就算是幸运了。
翟远辉坐在一条叠着的毯子(他随身携带的少量财产之一)上说,“我知道回来以后工作不好找,僧多粥少。不过需要的话我什么都能做,只要有活儿,
不论大小我都接;我有盼头。”翟远辉和他的朋友说,如果形势糟糕透顶,他们随时都可以回农村老家种地,家里种的粮食足够吃了。
As some 200 million or more migrant laborers head home this weekend to celebrate the Lunar New
Year, they are facing an unprecedented crisis: unemployment and a fraying safety net.
The annual holiday is a time for far-flung families to gather together, look back over the past year and
plan for the future. For rural Chinese it is something more: a time to make concrete plans about where
they will work next year. In years' past, many have returned home flush with cash from their distant
adventures, and set out after the holiday with new migrants in tow.
But this year, many are heading home with no prospect of returning to their jobs. Chinese media report
that upwards of 10 million former migrant workers have been back on the farm already for weeks, as
factories have shuttered and summarily fired their employees. In central China's Zhenyang County, for
example, 25,000 migrants returned home in December -- more than 60% of the migrant labor force in
the area -- after losing their factory jobs.
The impact is already painful. For Cai Qin, a 35-year-old factory worker from a village in China's
impoverished southwestern province of Guizhou, Spring Festival has been a joyous family occasion
ever since she set out with her husband for the coast seven years ago. The couple's combined wages
have risen to 2,000 yuan, or $292, a month, and they have used their savings to build a house and pay
for high school tuition for Ms. Cai's brother-in-law.
But this year, their homecoming has been bittersweet. The toy factory near Hong Kong where Ms. Cai
and her husband worked closed in November, sending the couple home early. In previous years, they
would return with clothes and other gifts, but this time they arrived empty-handed. 'We don't know
what to do after the holidays,' Ms. Cai said. 'Our heads hurt just to think about it.'
Cases like this are causing serious concerns about social stability in China, where rural residents still
make up most of the population. Rural incomes have risen sixfold since 1990, according to official
2. Chinese data. Income from work off the farm has become increasingly important to most rural
households. According to the National Bureau of Statistics of China, 1,596 yuan, or 39%, of per capita
annual income of the nation's rural households, came from wages in 2007, up from 20% in 1990.
'In past years, regardless of how miserable their situation was, migrants had upward mobility,' says
Dorothy Solinger, a professor at the University of California in Irvine, who studies China's internal
migration. 'Now it's potentially downward mobility.'
That poses a challenge to the Communist Party, which has staked its legitimacy on delivering three
decades of high-speed growth. Already, concerned governments are responding with programs to keep
unemployed migrants busy. In southern Guangdong province, China's export engine where thousands
of manufacturers have gone out of business, the provincial labor bureau released regulations in
December encouraging local government agencies to require local governments to create jobs or
provide necessary assistance to laid-off migrant workers. The bureau also started providing free job
services and training courses for the unemployed, and financial assistance for those who want to start
their own businesses.
Experts warn, however, against predicting massive unrest. Chinese peasants are resilient and have an
informal network of help, ranging from extended families to strong informal obligations in villages for
the wealthy to help out the poor. 'It will be a very difficult time,' says Wang Chunguang, an expert on
migration at the Chinese Academy of Social Sciences, 'but I don't expect serious problems with social
instability.'
At the Beijing West Railway Station on Wednesday, migrant workers waiting for trains to go home for
the New Year were optimistic, even though they anticipate having much more difficulty finding new
jobs when they return next month. 'I'm sure I will find something here,' said Zhai Yuanhui, a farmer
from Peicundian village in Henan province who has spent three years in Beijing doing odd jobs to earn
more money for his family. 'I can make about 1,000 yuan per month in Beijing just doing small jobs
here and there. . . . Before coming here I was lucky to earn 2,000 yuan in a whole year.'
Sitting atop a folded blanket -- one of the few possessions he carries around -- he said, 'I know it will
be difficult to find a job when I come back. There are more people looking for work, and fewer
openings. But I'll do whatever I have to -- wherever a small thing can be done, I will do it. I have hope.'
And in the worst-case scenario, Mr. Zhai and his friends say they can always return to their farm,
where there is plenty of home-grown food to eat.