Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
Cryptography for Java Developers
Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA
About the Speaker
What is Cryptography?
Cryptography in Java – APIs and Libraries
Hashes, MAC Codes and Key Derivation (KDF)
Encrypting Passwords: from Plaintext to Argon2
Symmetric Encryption: AES (KDF + Block Modes + IV + MAC)
Digital Signatures, Elliptic Curves, ECDSA, EdDSA
Live demos and code examples: https://github.com/nakov/Java-Cryptography-Examples
Video (in Bulgarian language): https://youtu.be/ZG3BLXWVwJM
Blog: https://nakov.com/blog/2019/01/26/cryptography-for-java-developers-nakov-at-jprofessionals-jan-2019/
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
Cryptography for Absolute Beginners
Svetlin Nakov @ Sofia Science Festival, May 2019
Video (Bulgarian language): https://youtu.be/-QzFcUkM7_4
Blog: https://nakov.com/blog/2019/05/13/cryptography-for-absolute-beginners-nakov-at-sofia-science-festival-may-2019/
Security is a very important aspect of web applications. In order to protect sensitive data we should use cryptography. But cryptography means security? Absolutely not, especially if developers do not,especially if developers do not use it properly. In this talk I would like to present some best practices in PHP to implement secure cryptography using the extensions mcrypt, Hash and OpenSSL.
Geth is widely used to interact with Ethereum networks. Ethereum software enables a user to set up a
“private” or “testnet” Ethereum chain. This chain will be totally different from main chain.
Component that tell geth that we want to use/create a private Ethereum Chain:
1. Custom Genesis file
2. Custom Data Directory
3. Custom Network Id
4. Disable Node Discovery
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
Cryptography for Java Developers
Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA
About the Speaker
What is Cryptography?
Cryptography in Java – APIs and Libraries
Hashes, MAC Codes and Key Derivation (KDF)
Encrypting Passwords: from Plaintext to Argon2
Symmetric Encryption: AES (KDF + Block Modes + IV + MAC)
Digital Signatures, Elliptic Curves, ECDSA, EdDSA
Live demos and code examples: https://github.com/nakov/Java-Cryptography-Examples
Video (in Bulgarian language): https://youtu.be/ZG3BLXWVwJM
Blog: https://nakov.com/blog/2019/01/26/cryptography-for-java-developers-nakov-at-jprofessionals-jan-2019/
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
Cryptography for Absolute Beginners
Svetlin Nakov @ Sofia Science Festival, May 2019
Video (Bulgarian language): https://youtu.be/-QzFcUkM7_4
Blog: https://nakov.com/blog/2019/05/13/cryptography-for-absolute-beginners-nakov-at-sofia-science-festival-may-2019/
Security is a very important aspect of web applications. In order to protect sensitive data we should use cryptography. But cryptography means security? Absolutely not, especially if developers do not,especially if developers do not use it properly. In this talk I would like to present some best practices in PHP to implement secure cryptography using the extensions mcrypt, Hash and OpenSSL.
Geth is widely used to interact with Ethereum networks. Ethereum software enables a user to set up a
“private” or “testnet” Ethereum chain. This chain will be totally different from main chain.
Component that tell geth that we want to use/create a private Ethereum Chain:
1. Custom Genesis file
2. Custom Data Directory
3. Custom Network Id
4. Disable Node Discovery
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Svetlin Nakov
Crypto-Wallets: A Technical Perspective
Svetlin Nakov @ OpenFest 2018 - https://www.openfest.org/2018/en/
Sofia, 4 November 2018
In this talk the speaker explains the concepts of crypto-wallets used by the blockchain developers to securely keep the private keys controlling the blockchain addresses and crypto-assets. The different wallet types (brain, paper, desktop, mobile, online, hardware) will be introduced and how to build and interact with wallets, sign and send blockchain transactions are demonstrated. The speaker explains the basic concepts and will give examples how to use and interact with keystores (holding a single ECC-based private key) and hierarchical deterministic wallets (HD wallets), which use mnemonic phrases with key-derivation based on the BIP39 and the BIP44 standards to keep multiple private keys.
All attendees are invited to create their own crypto-wallet and to get some testing crypto-coins (Ethereum Ropsten Testnet ethers – ETHt) and to send a few payment transactions on the Testnet.
All concepts are demonstrated with live examples in JavaScript: creating a simple wallet, encrypting and saving it; creating a new random HD wallet and creating an HD wallet from mnemonic phrase, along with deriving private keys.
Learn more at: http://www.nakov.com/blog/2018/11/04/crypto-wallets-a-technical-perspective-nakov-at-openfest-2018/
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Positive Hack Days
Ведущий: Асука Накадзима (Asuka Nakajima)
Практика повторного использования исходного кода позволяет сократить расходы на разработку программного обеспечения. Тем не менее, если в оригинальном исходном коде кроется уязвимость, она будет перенесена и в новое приложение. Докладчик расскажет о необычном способе обнаружения «наследуемых» уязвимостей в бинарных файлах без необходимости обращаться к исходному коду или символьным файлам.
The Security library in VisualWorks went through sweeping changes recently. Main change is replacing native smalltalk implementations of various cryptographic algorithms with pluggable interfaces to external libraries, but also a complete rewrite of the SSL implementation to support all current versions of the protocol (SSL3.0 & TLS 1.0, 1.1 and 1.2). Introducing dependencies on external libraries can complicate deployment, however the resulting pluggability of implementation and perfomance boost we're getting in exchange should more then pay off in terms of widening the scope of potential applications, where the purely native implementation was simply not acceptable. In this talk we will survey these changes and discuss their impact and backward compatibility implications.
Oczyszczacz powietrza i stos sieciowy? Czas na test! Semihalf Barcamp 13/06/2018Semihalf
Podczas wykładu pomijamy jakość filtracji powietrza natomiast skupiamy się na metodach testowania protokołów sieciowych przy wykorzystaniu języka TTCN-3. Sprawdzamy jakie dane nasze domowe urządzenia wysyłają w świat oraz jak można przejąć nad nimi kontrolę.
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...RootedCON
Los procedimientos relacionados con Respuesta a Incidentes y Análisis Forense son diferentes en la nube respecto a cuando se realizan en entornos tradicionales, locales. Veremos las diferencias entre el análisis forense digital tradicional y el relacionado con sistemas en la nube de AWS, Azure o Google Compute Platform. Cuando se trata de la nube y nos movemos en un entorno totalmente virtual nos enfrentamos a desafíos que son diferentes al mundo tradicional. Lo que antes era hardware, ahora es software. Con los proveedores de infraestructura en la nube trabajamos con APIs, creamos, eliminamos o modificamos cualquier recurso con una llamada a su API. Disponemos de balanceadores, servidores, routers, firewalls, bases de datos, WAFs, sistemas de cifrado y muchos recursos más a sin abrir una caja y sin tocar un cable. A golpe de comando. Es lo que conocemos como Infraestructura como código. Si lo puedes programar, lo puedes automatizar. ¿Como podemos aprovecharnos de ello desde el punto de vista de la respuesta a incidentes, análisis forense o incluso hardening automatizado?
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...PROIDEA
Banking Trojans have been part of the financial cybercrime landscape for over a decade, causing losses measured in billions of dollars. On the flip side, the constant evolution of defenses against this type of malware has forced Trojan operators to adjust to security controls designed to keep them out. As a result, many Trojan operators have either disappeared or considerably narrowed their activity scope, but more interestingly, are using novel techniques to achieve their goals. In this talk, we will present three top malware operators active in the wild and their use of automated scripts to tackle their challenges: The notorious Gozi (ISFB) malware used to run its own executable files. Nowadays, it avoids storing malicious payloads on disk and instead, writes a Powershell script to the Windows registry and executes it using a special regex-based run-key. Ramnit, a dated foe that focuses on UK banks, encrypts its payload using a Windows API function with a device-unique key. In every system reboot, it decrypts the payload in-memory and runs it with a Visual Basic script that runs Powershell. This allows Ramnit to avoid running a detectable, executable file as it used to do in the past. BackSwap is a new banking Trojan that attacks financial institutions in Spain. Its dropper is a JavaScript Encoded (JSE) file. When decoded, the dropper results in a 30k lines-of-code script which downloads a binary sample from a remote Command-and-Control server. Together with our audience, we will walk through the research process and share our findings along with our (sometimes) quick-and-dirty solutions. We aim to enhance our participants’ knowledge of today’s bankers and help them get deeper into current-day scripting-related techniques cybercriminals use.
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Svetlin Nakov
Crypto-Wallets: A Technical Perspective
Svetlin Nakov @ OpenFest 2018 - https://www.openfest.org/2018/en/
Sofia, 4 November 2018
In this talk the speaker explains the concepts of crypto-wallets used by the blockchain developers to securely keep the private keys controlling the blockchain addresses and crypto-assets. The different wallet types (brain, paper, desktop, mobile, online, hardware) will be introduced and how to build and interact with wallets, sign and send blockchain transactions are demonstrated. The speaker explains the basic concepts and will give examples how to use and interact with keystores (holding a single ECC-based private key) and hierarchical deterministic wallets (HD wallets), which use mnemonic phrases with key-derivation based on the BIP39 and the BIP44 standards to keep multiple private keys.
All attendees are invited to create their own crypto-wallet and to get some testing crypto-coins (Ethereum Ropsten Testnet ethers – ETHt) and to send a few payment transactions on the Testnet.
All concepts are demonstrated with live examples in JavaScript: creating a simple wallet, encrypting and saving it; creating a new random HD wallet and creating an HD wallet from mnemonic phrase, along with deriving private keys.
Learn more at: http://www.nakov.com/blog/2018/11/04/crypto-wallets-a-technical-perspective-nakov-at-openfest-2018/
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Positive Hack Days
Ведущий: Асука Накадзима (Asuka Nakajima)
Практика повторного использования исходного кода позволяет сократить расходы на разработку программного обеспечения. Тем не менее, если в оригинальном исходном коде кроется уязвимость, она будет перенесена и в новое приложение. Докладчик расскажет о необычном способе обнаружения «наследуемых» уязвимостей в бинарных файлах без необходимости обращаться к исходному коду или символьным файлам.
The Security library in VisualWorks went through sweeping changes recently. Main change is replacing native smalltalk implementations of various cryptographic algorithms with pluggable interfaces to external libraries, but also a complete rewrite of the SSL implementation to support all current versions of the protocol (SSL3.0 & TLS 1.0, 1.1 and 1.2). Introducing dependencies on external libraries can complicate deployment, however the resulting pluggability of implementation and perfomance boost we're getting in exchange should more then pay off in terms of widening the scope of potential applications, where the purely native implementation was simply not acceptable. In this talk we will survey these changes and discuss their impact and backward compatibility implications.
Oczyszczacz powietrza i stos sieciowy? Czas na test! Semihalf Barcamp 13/06/2018Semihalf
Podczas wykładu pomijamy jakość filtracji powietrza natomiast skupiamy się na metodach testowania protokołów sieciowych przy wykorzystaniu języka TTCN-3. Sprawdzamy jakie dane nasze domowe urządzenia wysyłają w świat oraz jak można przejąć nad nimi kontrolę.
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...RootedCON
Los procedimientos relacionados con Respuesta a Incidentes y Análisis Forense son diferentes en la nube respecto a cuando se realizan en entornos tradicionales, locales. Veremos las diferencias entre el análisis forense digital tradicional y el relacionado con sistemas en la nube de AWS, Azure o Google Compute Platform. Cuando se trata de la nube y nos movemos en un entorno totalmente virtual nos enfrentamos a desafíos que son diferentes al mundo tradicional. Lo que antes era hardware, ahora es software. Con los proveedores de infraestructura en la nube trabajamos con APIs, creamos, eliminamos o modificamos cualquier recurso con una llamada a su API. Disponemos de balanceadores, servidores, routers, firewalls, bases de datos, WAFs, sistemas de cifrado y muchos recursos más a sin abrir una caja y sin tocar un cable. A golpe de comando. Es lo que conocemos como Infraestructura como código. Si lo puedes programar, lo puedes automatizar. ¿Como podemos aprovecharnos de ello desde el punto de vista de la respuesta a incidentes, análisis forense o incluso hardening automatizado?
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...PROIDEA
Banking Trojans have been part of the financial cybercrime landscape for over a decade, causing losses measured in billions of dollars. On the flip side, the constant evolution of defenses against this type of malware has forced Trojan operators to adjust to security controls designed to keep them out. As a result, many Trojan operators have either disappeared or considerably narrowed their activity scope, but more interestingly, are using novel techniques to achieve their goals. In this talk, we will present three top malware operators active in the wild and their use of automated scripts to tackle their challenges: The notorious Gozi (ISFB) malware used to run its own executable files. Nowadays, it avoids storing malicious payloads on disk and instead, writes a Powershell script to the Windows registry and executes it using a special regex-based run-key. Ramnit, a dated foe that focuses on UK banks, encrypts its payload using a Windows API function with a device-unique key. In every system reboot, it decrypts the payload in-memory and runs it with a Visual Basic script that runs Powershell. This allows Ramnit to avoid running a detectable, executable file as it used to do in the past. BackSwap is a new banking Trojan that attacks financial institutions in Spain. Its dropper is a JavaScript Encoded (JSE) file. When decoded, the dropper results in a 30k lines-of-code script which downloads a binary sample from a remote Command-and-Control server. Together with our audience, we will walk through the research process and share our findings along with our (sometimes) quick-and-dirty solutions. We aim to enhance our participants’ knowledge of today’s bankers and help them get deeper into current-day scripting-related techniques cybercriminals use.
Lecture on 18 December 2018
Role of Cryptography in Blockchain
RSA and SHA
Blockchain for Beginners
Elective course from the Faculty of Information Technology, Thai - Nichi Institute of Technology, Bangkok for undergraduate students.
#BlockchainTNI2018
Abstract
There is great research going on in the field of data security nowadays. Protecting information from disclosure and breach is of high importance to users personally and to organizations and businesses around the world, as most of information currently are sensitive electronic information transferred over the internet and stored in cloud based system. In this paper, we propose a method to increase the security of messages transferred on the internet, or information stored in the cloud. Our proposed method mainly relies on the Triple Data Encryption Standard (TDES) algorithm. TDES is intact the Data Encryption Standard repeated three times in succession to encrypt data. TDES is considered highly secure as there is no applicable method to break the code itself without knowing the key. We propose to encrypt the key using Cipher Feedback Block algorithm, before using TDES to encrypt data. Such that even when the key is disclosed, the key itself cannot decipher the ciphered text without enciphering the key with CFB. This introduces a new dimension of security to the TDES algorithm.
The method introduced in this paper increases the security of the TDES algorithm using CFB algorithm by increasing the key security, such that it is actually not possible to decipher the text without prior knowledge and agreement of key and algorithms used.
Keywords: Data Encryption Standard, Triple Data Encryption Algorithm, Cipher Feedback Block.
This demand for implementing the most common Transactions,Pay to PubKey Hash,Pay to PubKey,Pay to Script Hash,Multi-Signature and Null Data stemed from the need to have a closer look of how Bitcoin Transactions work in the context of my thesis as an undergraduate student of Department of Applied Informatics at the University of Macedonia,Greece.
Everything I always wanted to know about crypto, but never thought I'd unders...Codemotion
For many years, I had entirely given up on ever understanding the anything about cryptography. However, I’ve since learned it’s not nearly as hard as I thought to understand many of the important concepts. In this talk, I’ll take you through some of the underlying principles of modern applications of cryptography. We’ll talk about our goals, the parts are involved, and how to prevent and understand common vulnerabilities. This’ll help you to make better choices when you implement crypto in your products, and will improve your understanding of how crypto is applied to things you already use.
All levels of security from simple software to Java Cards and cloud encryption service. Unchain the crypto ecosystem.
Visit https://bouncycrypto.com for more details!
We have presented the first version of the library at Black Hat. We put an incredible effort into development to present a “fully functioning prototype” with a profiler.
The library was verified on four types of JavaCards (and JCardSim simulator). It provided all low-level operations to build protocols with Elliptic Curve cryptography (256, 384, 512, and 521 bits):
Bignat - addition, multiplication, modular operations, inversion, etc.
EC point - low-level operations with EC points
EC curve - generation of EC
A Decompiler for Blackhain-Based Smart Contracts BytecodeShakacon
Ethereum is gaining a significant popularity in the blockchain community, mainly due to fact that it is design in a way that enables developers to write decentralized applications (Dapps) and smart-contract using blockchain technology.
Ethereum blockchain is a consensus-based globally executed virtual machine, also referred as Ethereum Virtual Machine (EVM) by implemented its own micro-kernel supporting a handful number of instructions, its own stack, memory and storage. This enables the radical new concept of distributed applications.
Contracts live on the blockchain in an Ethereum-specific binary format (EVM bytecode). However, contracts are typically written in some high-level language such as Solidity and then compiled into byte code to be uploaded on the blockchain. Solidity is a contract-oriented, high-level language whose syntax is similar to that of JavaScript.
This new paradigm of applications opens the door to many possibilities and opportunities. Blockchain is often referred as secure by design, but now that blockchains can embed applications this raise multiple questions regarding architecture, design, attack vectors and patch deployments.
As we, reverse engineers, know having access to source code is often a luxury. Hence, the need for an open-source tool like Porosity: decompiler for EVM bytecode into readable Solidity-syntax contracts – to enable static and dynamic analysis of compiled contracts but also vulnerability discovery.
Най-търсените направления в ИТ сферата за 2024Svetlin Nakov
Най-търсените направления в ИТ сферата?
д-р Светлин Наков, съосновател на СофтУни
София, май 2024 г.
Какво се случва на пазара на труда в ИТ сектора?
Какви са прогнозите за ИТ сектора за напред?
Защо има смисъл да учиш програмиране и ИТ през 2024?
Каква е ролята на AI в ИТ професиите?
Как да започна работа като junior?
Upskill програмите на СофтУни
BG-IT-Edu: отворено учебно съдържание за ИТ учителиSvetlin Nakov
Отворено учебно съдържание по програмиране и ИТ за учители
Безплатни учебни курсове и ресурси за ИТ учители
Разработени курсове към 03/2024 г. в BG-IT-Edu
https://github.com/BG-IT-Edu
Качествени учебни курсове (учебно съдържание) за ИТ учители: презентации + примери + упражнения + проекти + задачи за изпитване + judge система + насоки за учителите
Достъпни безплатно, под отворен лиценз CC-BY-NC-SA
Разработени от СофтУни Фондацията, по инициатива и под надзора на д-р Светлин Наков
Научете повече тук: https://nakov.com/blog/2024/03/27/bg-it-edu-open-education-content-for-it-teachers/
Светът на програмирането през 2024 г.
Продължава ли бумът на технологичните професии? Кои професии ще се търсят? Как да започна?
Прогнозата на д-р Светлин Наков за бъдещето на софтуерните професии в България
Има ли смисъл да учиш програмиране през 2024?
Какво се търси на пазара на труда?
Ще продължи ли търсенето на програмисти и през 2024?
Все още ли е най-търсената професия в технологиите?
Ролята на AI в сферата на софтуерните разработчици
Какво се случва на пазара на труда?
Има ли спад в търсенето на програмисти?
Как да започна с програмирането?
Видео от събитието сме качили във FB: https://fb.com/events/346653434644683
AI Tools for Business and Startups
Svetlin Nakov @ Innowave Summit 2023
Artificial Intelligence is already here!
AI Tools for Business: Where is AI Used?
ChatGPT and Bard in Daily Tasks
ChatGPT and Bard for Creativity
ChatGPT and Bard for Marketing
ChatGPT for Data Analysis
DALL-E for Image Generation
Learn more at: https://nakov.com/blog/2023/11/25/ai-for-business-and-startups-my-talk-at-innowave-summit-2023/
AI Tools for Scientists - Nakov (Oct 2023)Svetlin Nakov
Инструменти с изкуствен интелект в помощ на изследователите
Д-р Светлин Наков @ Anniversary Scientific Session dedicated to the 120th anniversary of the birth of John Atanasoff
Изкуствен интелект при стартиране и управление на бизнес
Семинар във FinanceAcademy.bg
Д-р Светлин Наков
Изкуственият интелект (ИИ) е вече тук!
Къде се ползва ИИ?
ChatGPT – демо
Bard – демо
Claude – демо
Bing Chat – демо
Perplexity – демо
Bing Image Create – демо
Bulgarian Tech Industry - Nakov at Dev.BG All in One Conference 2023Svetlin Nakov
IT industry in Bulgaria: key factors for success and the future. Deep tech, science, innovation, and education and how we can achieve more as an industry?
Dr. Svetlin Nakov
Innovation and Inspiration Manager @ SoftUni
Contents:
How big is the IT industry in Bulgaria?
Number of software professionals in Bulgaria: according to historical data from BASSCOM
Share of the software industry in GDP
Why does Bulgaria have such a successful IT industry?
Education for the tech industry: school education in software professions and profiles (2022/2023)
Education for the tech industry: Students in university in IT specialties (2022/2023)
Education for the IT industry: Learners at SoftUni (2022/2023)
Evolution of the Bulgarian software industry
How much can the industry grow?
Trends in the IT industry: AI progress, the IT market in Bulgaria, deep tech, science, and innovation
AI in the software industry
How to achieve more as an industry? education, deep tech, science, and innovation, entrepreneurship
Introduction
The IT industry in Bulgaria is one of the most successful in the country. It has grown rapidly in recent years and is now a major contributor to the economy. In this talk, Dr. Nakov explores the key factors behind the success of the Bulgarian IT industry, as well as its future prospects.
AI Tools for Business and Personal LifeSvetlin Nakov
A talk at LeaderClass.BG, Sofia, August 2023
by Svetlin Nakov, PhD
The artificial intelligence (AI) is here!
Where is AI used?
ChatGPT - demo
Bing Chat - demo
Bard - demo
Claude - demo
Bing Image Create - demo
Playground AI - demo
In this talk the speaker explains and demonstrates some AI tools for the business and personal life:
ChatGPT: a large language model that can generate text, translate languages, write different kinds of creative content, and answer your questions in an informative way.
Bing Chat: an Internet-connected AI chatbot that can search Internet and answer questions.
Bard: a large language model from Google AI, trained on a massive dataset of text and code, similar to ChatGPT.
Claude: A large AI chatbot, similar to ChatGPT, powerful in document analysis.
Bing Image Create: a tool that can generate images based on text descriptions.
Playground AI: image generator and image editor, based on generative AI.
Дипломна работа: учебно съдържание по ООП - Светлин НаковSvetlin Nakov
Дипломна работа на тема
"Учебно съдържание по обектно-ориентирано програмиране в профилираната подготовка по информатика"
Дипломант: д-р Светлин Наков
Специалност: Педагогика на обучението по информатика и информационни технологии в училище (ПОИИТУ)
Степен: магистър
Пловдивски университет "Паисий Хилендарски"
Факултет по математика и информатика (ФМИ)
Катедра “Компютърни технологии”
Настоящата дипломна работа има за цел да подпомогне българските ИТ учители от системата на средното образование в профилираните гимназии и паралелки, като им предостави безплатно добре разработени учебни програми и качествено учебно съдържание за преподаване в първия и най-важен модул от профил “Софтуерни и хардуерни науки”, а именно “Модул 1. Обектно-ориентирано проектиране и програмиране”.
Чрез изграждането на качествени учебни програми и ресурси за преподаване и пренасяне на добре изпитани образователни практики от автора на настоящата дипломна работа (д-р Светлин Наков) към българските ИТ учители целим значително да подпомогнем учителите в тяхната образователна кауза и да повишим качеството на обучението по програмиране в профилираните гимназии с профил “Софтуерни и хардуерни науки”.
Резултатите от настоящата дипломна работа са вече внедрени в практиката и разработените учебни ресурси се използват реално от стотици ИТ учители в България в ежедневната им работа. Това е една от основните цели и тя вече е изпълнена, още преди защитата на настоящата дипломна работа.
Прочетете повече в блога на д-р Наков: https://nakov.com/blog/2023/07/08/free-learning-content-oop-nakov/
Дипломна работа: учебно съдържание по ООПSvetlin Nakov
Презентация за защита на
Дипломна работа на тема
"Учебно съдържание по обектно-ориентирано програмиране в профилираната подготовка по информатика"
Дипломант: д-р Светлин Наков
Пловдивски университет "Паисий Хилендарски"
Факултет по математика и информатика (ФМИ)
Катедра “Компютърни технологии”
Защитена на: 8 юли 2023 г.
Научете повече в блога на д-р Наков: https://nakov.com/blog/2023/07/08/free-learning-content-oop-nakov
Свободно ИТ учебно съдържание за учители по програмиране и ИТSvetlin Nakov
В тази сесия разказвам за училищното образование по програмиране и ИТ, за професионалните и профилираните гимназии, свързани с програмиране и ИТ, за STEM кабинетите, за българските ИТ учители и тяхната подготовка, за проблемите, с които те се сблъскват, и как можем да им помогнем чрез проекта „Свободно учебно съдържание по програмиране и ИТ“: https://github.com/BG-IT-Edu.
Open Fest 2021, 14 август, София
В света се засилва тенденцията за установяване на STEAM образованието като двигател на научно-техническия прогрес чрез развитие на интердисциплинарни умения в сферата на природните науки, математиката, информационните технологии, инженерните науки и изкуствата в училищна възраст. С масовото изграждане на STEAM лаборатории в българските училища се изостря недостига на добре подготвени STEAM и ИТ учители.
Вярвайки в идеята, че българската ИТ общност може да помогне за решаването на проблема, през 2020 г. по инициатива на СофтУни Фондацията стартира проект за създаване на безплатно учебно съдържание по програмиране и ИТ за учители в подкрепа на училищното технологично образование. Проектът е със свободен лиценз в GitHub: https://github.com/BG-IT-Edu. Учителите получават безплатно богат комплект от съвременни учебни материали с високо качество: презентации, постъпкови ръководства, задачи за упражнения и практически проекти, окомплектовани с насоки, подсказки и решения, безплатна система за автоматизирано тестване на решенията и други учебни ресурси, на български и английски език.
Създадени са голяма част от учебните курсове за професиите "Приложен програмист", "Системен програмист" и "Програмист" в професионалните гимназии. Амбицията на проекта е да се създадат свободни учебни материали и за обученията в профил "Софтуерни и хардуерни науки" в профилираните гимназии.
Целта на проекта “Свободно ИТ учебно съдържание за учители” е да подпомогне българския ИТ учител с качествени учебни материали, така че да преподава на добро ниво и със съвременни технологии и инструменти, за да положи основите на подготовката на бъдещите ИТ специалисти и дигитални лидери на България.
В лекцията разказвам за училищното образование по програмиране и ИТ, за професионалните и профилираните гимназии, свързани с програмиране и ИТ, за STEM кабинетите, за българските ИТ учители и тяхната подготовка, за проблемите с които те се срещат, за липсата на учебници и учебни материали по програмиране, ИТ и по техническите дисциплини и как можем да помогнем на ИТ учителите.
A public talk "AI and the Professions of the Future", held on 29 April 2023 in Veliko Tarnovo by Svetlin Nakov. Main topics:
AI is here today --> take attention to it!
- ChatGPT: revolution in language AI
- Playground AI – AI for image generation
AI and the future professions
- AI-replaceable professions
- AI-resistant professions
AI in Education
Ethics in AI
In this seminar Dr. Svetlin Nakov talks about the programming languages, their popularity, available jobs and trends for 2022-2023.
Modern software development uses dozens of programming languages, along with hundreds of technology frameworks, libraries, and software tools.
This talk will review the most popular programming languages on the labor market: JavaScript, Java, C#, Python, PHP, C++, Go, Swift. It will be briefly stated what each of them is, what it is used for and what is its demand in the IT industry.
Agenda:
The Most Used Programming Languages in 2022:
- Python, Java, JavaScript, C#, C++, PHP
Jobs by Programming Languages in 2022:
- Jobs Worldwide by Programming Language
- Jobs in Bulgaria by Programming Language
Programming Languages Trends for 2023
- Language Popularity Rankings from Stack Overflow, GitHub, PYPL, IEEE, TIOBE, Etc.
Become a Software Developer: How To Start?
IT Professions and How to Become a DeveloperSvetlin Nakov
IT Professions and Their Future
The landscape of IT professions in the tech industry: software developer, front-end, back-end, AI, cloud, DevOps, QA, Java, JavaScript, Python, C#, C++, digital marketing, SEO, SEM, SMM, project manager, business analyst, CRM / ERP consultant, design / UI / UX expert, Web designer, motion designer, etc.
Industry 4.0 and the future of manufacturing, smart cities and digitalization of everything.
What are the most in-demand professions on LinkedIn? Why the best jobs in the world are related to software development and IT?
How to learn coding and start a tech job?
Why anyone can be a software developer?
Dr. Svetlin Nakov
December 2022
GitHub Actions (Nakov at RuseConf, Sept 2022)Svetlin Nakov
Building a CI/CD System with GitHub Actions
Dr. Svetlin Nakov
September 2022
Intro to Continuous Integration (CI), Continuous Delivery (CD), Continuous Deployment (CD), and CI/CD Pipelines
Intro to GitHub Actions
Building CI workflow
Building CD workflow
Live Demo: Build CI System for JS and .NET Apps
How to Become a QA Engineer and Start a JobSvetlin Nakov
How to Become a QA Engineer and Start a Job
Svetlin Nakov, PhD
Sofia, Nov, 2022
1) Why Become а QA Engineer?
2) How to Become a Software Quality Assurance Engineer (QA)?
Learn the Fundamental QA Skills:
Manual QA skills – 30%
Software engineering skills – 20%
QA automation skills – 50%
3) Anyone Can Be a QA Engineer!
4) The QA Program @ SoftUni
https://softuni.bg/qa
Призвание и цели: моята рецепта
д-р Светлин Наков
Как да открия своето призвание в живота и да го направя своя професия?
Съдържание:
1) Светлин Наков - моята история
2) Дигиталните професии
3) Как да намеря своята професия?
Поход на вдъхновителите | Аз мога тук и сега @ Петрич (19 ноември 2022 г.)
What Mongolian IT Industry Can Learn from Bulgaria?Svetlin Nakov
In this talk the speaker Dr. Svetlin Nakov explains the growth of the Bulgarian software industry for the latest 25 years and the key events in its growth.
He gives rich statistical data about Bulgaria, its GDP, and its software industry, which generates nearly 5% of the GDP (in 2022), about the open developer positions (5K in Oct 2022) and the number of software developers in Bulgaria (54K in Oct 2022).
The growth of the number of software developers in Bulgaria, software industry's revenues and their share in the national GDP are traced back from 2022 to 2005.
Similar research about the Mongolian software industry is conducted and available data is compared to Bulgaria and USA.
An interesting parallel is given between Bulgaria and Mongolia in terms of their software engineering talent and industry growth potential.
Finally, Dr. Nakov gives his recommendations about how local Mongolian software companies can reach the global tech market and suggests to use the "outstaffing" business model, targeting the European tech industry and the Asian region.
The talk is given at the "The Future of IT" forum in Ulaanbaatar, Mongolia (October 2022).
How to Become a Software Developer - Nakov in Mongolia (Oct 2022)Svetlin Nakov
In this talk the speaker Svetlin Nakov explains the IT professions and their extremely high demand in the latest years, and gives a recipe how to become a software engineer.
He recommends to spend 1-2 years in studying and practicing software engineering, following a learning curriculum like this:
Basic Coding Course – calculations, data, conditions, loops, IDE
Fundamentals of Programming – arrays, lists, maps, nested structures, text processing, error handling, basic language APIs, problem solving
Object-Oriented Programming – classes, objects, inheritance, …
Databases and ORM – relational DB, SQL, ORM frameworks, XML, JSON
Back-End Development – HTTP, MVC, Web apps, REST
Front-End Development – HTML, CSS, JS, DOM, AJAX, JS Frameworks
Projects – Git, software engineering, teamwork
Example: https://softuni.org/learn
The talk is from the "The Future of IT" forum in Ulaanbaatar, Mongolia (October 2022).
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
6. 6
Uses a pair of keys: public key + private key
Sign / decrypt by private key
Verify / encrypt by public key
Public Key Cryptography
7. 7
Well-known public-key crypto-systems
RSA – based on discrete logarithms
ECC – based on elliptic curves
ECC cryptography is considered more secure
3072-bit RSA key ≈≈ 256-bit ECC key
Most blockchains (like Bitcoin, Ethereum and EOS) use ECC
But be warned: ECC is not quantum-safe!
Public Key Crypto Systems
8. 8
Public / private key cryptography
based on the algebraic structure of
elliptic curves over finite fields
Requires smaller key-size than RSA
for the same security strength
Elliptic curves == set of points {x, y}
such that:
y2 = x3 + ax + b
Example – the Bitcoin elliptic curve:
y2 = x3 + 7 (a = 0; b = 7)
Elliptic Curve Cryptography (ECC)
9. 9
Elliptic curves cryptography (ECC)
Uses ecliptic curves over the finite
field Fp (p is prime, p > 3)
A set of integer coordinates
{x, y}, such that 0 ≤ x, y < p
Staying on the elliptic curve:
y2 ≡ x3 + ax + b (mod p)
Example of elliptic curve over F17:
y2 ≡ x3 + 7 (mod 17)
Elliptic Curves over a Finite Fields
y2 ≡ x3 + 7 (mod 17)
10. 10
A point G over the curve can be
multiplied by an integer k
P = k * G
The result is another point P
staying on the same curve
k == private key (integer)
P == public key (point {x, y})
Very fast to calculate P = k * G
Extremely slow (considered infeasible) to calculate k = P / G
Multiply a Point Over an Elliptic Curve
y2 ≡ x3 + 7 (mod 17)
G
P
11. 11
Elliptic Curves Multiplication in Python
from pycoin.ecdsa import Point
from pycoin.ecdsa import CurveFp
curve = CurveFp(17, 0, 7)
print("Curve = " + str(curve))
G = Point(curve, 15, 13)
print("G = " + str(G))
for k in range(0, 6) :
print(str(k) + " * G = " + str(k * G))
pip install pycoin
12. 12
The elliptic curves over Fp
Have at most 2 points per y
coordinate (odd x and even x)
A public key P(x, y) can be
compressed as C(x, odd/even)
At the curve y2 ≡ x3 + 7 (mod 17)
P(10, 15) == C(10, odd)
mod_sqrt(x3 + 7, 17) == y || 17 - y
Compressing the Public Key
y2 ≡ x3 + 7 (mod 17)
13. 13
ECC operates with a set of EC domain parameters:
T = (p, a, b, G, n, h)
Prime field (prime p), elliptic equation (a, b), base point G(xG, yG),
order of G (prime n), cofactor (h)
The secp256k1 standard (used in Bitcoin) defines 256-bit
elliptic-curve cryptosystem:
Prime field (p) = 2256 - 232 - 977; Equation: y2 = x3 + 7 (a = 0, b = 7)
G = 0x79BE667E …; n = 0xFFF…D0364141; h = 1
ECC Parameters and secp256k1
Learn more at: http://www.secg.org/sec2-v2.pdf, https://en.bitcoin.it/wiki/Secp256k1
14. 14
The private key in secp256k1 is 256-bit integer (32 bytes)
Example of Ethereum private key (encoded as 64 hex digits)
The respective public key is a EC point (2 * 256 bits == 64 bytes)
Can be compressed to 257 bits (Ethereum uses prefix 02 or 03)
Example of compressed public key (33 bytes / 66 hex digits):
Ethereum Addresses and secp256k1
97ddae0f3a25b92268175400149d65d6887b9cefaf28ea2c078e05cdc15a3c0a
027b83ad6afb1209f3c82ebeb08c0c5fa9bf6724548506f2fb4f991e2287a77090
7b83ad6afb1209f3c82ebeb08c0c5fa9bf6724548506f2fb4f991e2287a77090
177316ca82b0bdf70cd9dee145c3002c0da1d92626449875972a27807b73b42e
15. 15
The blockchain address in Ethereum is 20 bytes
Calculated as: last20bytes(keccak256(publicKeyFull))
Example of Ethereum address (encoded as 40 hex digits):
Note: some letters are capital to incorporate a checksum (EIP55)
Digital signatures in secp256k1 are 64 bytes (2 * 32 bytes)
A pair of two 256-bit numbers: [r, s]
Calculated by the well-known ECDSA formulas (see RFC6979)
ECDSA, secp256k1 and Ethereum (2)
0xa44f70834a711F0DF388ab016465f2eEb255dEd0
17. 17
Ethereum uses secp256k1-based ECDSA signatures
ECDSA generates deterministically a random point R (see RFC6979)
Ethereum signatures consists of 3 numbers: [v, r, s]
v – the compressed Y coordinate of the point R (1 byte: 00 or 01)
r – the X coordinate of the point R (256-bit integer, 32 bytes)
s – 256-bit integer (32 bytes), calculated from the signer's private key +
message hash (Ethereum uses keccak256)
Typically encoded as 130 hex digits (65 bytes), e.g. 0x…465c5cf4be401
Given an Ethereum signature [v, r, s], the public key can be recovered
from [R, s, msgHash] also the signer's Ethereum address
Ethereum Signatures
18. 18
Sign Message in Ethereum – Example
import eth_keys, binascii
privKey = eth_keys.keys.PrivateKey(binascii.unhexlify(
'97ddae0f3a25b92268175400149d65d6887b9cefaf28ea2c078e05cdc15a3c0a'))
print('Private key (64 hex digits):', privKey)
signature = privKey.sign_msg(b'Message for signing')
print('Signature: [v = {0}, r = {1}, s = {2}]'.format(
hex(signature.v), hex(signature.r), hex(signature.s)))
print('Signature (130 hex digits):', signature)
19. 19
Verify Message Signature in Etherscan
Verify message signature at https://etherscan.io/verifySig by:
signer address (40 hex digits)
signature (130 hex digits)
original message text
The result is: valid / invalid
22. 22
What is Cryptographic Hash Function?
Some text
Some text
Some text
Some text
Some text
Some text
Some text
20c9ad97c081d63397d
7b685a412227a40e23c
8bdc6688c6f37e97cfbc2
2d2b4d1db1510d8f61e
6a8866ad7f0e17c02b14
182d37ea7c3c8b9c2683
aeb6b733a1
Text Hashed text
Cryptographic
hash function
(almost no collisions)
24. 24
Old hash algorithms: MD5, SHA-0, SHA-1
Withdrawn due to cryptographic weaknesses (collisions found)
SHA-2
Family of functions: SHA-256 (256 bits hash), SHA-512 (512 bits), …
SHA-3
More secure, same hash length (256 bits), known as "Keccak"
RIPEMD-160
Secure hash function, widely used in cryptography, e.g. PGP, Bitcoin
Less secure variations: RIPEMD-128, RIPEMD-256, RIPEMD-320
Secure Hash Functions
25. 25
BLAKE / BLAKE2 / BLAKE2s / BLAKE2b
Fast, secure cryptographic hash function
256-bit (BLAKE-256, BLAKE2s) and 512-bit (BLAKE-512, BLAKE2b)
As of September 2018, no collisions are known for:
SHA256, SHA3-256, Keccak-256, BLAKE2s, RIPEMD160
Brute forcing to find a collision costs: 2128 for SHA256/SHA3-256
and 280 for RIPEMD160 (285 / 253 on quantum computer)
512-bit hashes (SHA-512 / SHA3-512) are Quantum-resistant
Secure Hash Algorithms (2)
27. HMAC and Key Derivation
MAC, HMAC, PBKDF2 and SCrypt
28. 28
HMAC = Hash-based Message Authentication Code
HMAC(key, msg, hash_func) hash
Message hash mixed with a secret shared key
Used for message integrity / authenticity / key derivation
Key derivation function (KDF) == function(password) key
Use HKDF (HMAC-based key derivation), PBKDF2 or SCrypt
PBKDF2, Bcrypt, Scrypt and Argon2 are modern KDFs
Use a lot of iterations + a lot of memory to make it slow
HMAC and Key Derivation
30. 30
Scrypt (RFC 7914) is a strong cryptographic key-derivation function
Memory intensive, designed to prevent ASIC and FPGA attacks
key = Scrypt(password, salt, N, r, p, derived-key-len)
N – iterations count (affects memory and CPU usage), e.g. 16384
r – block size (affects memory and CPU usage), e.g. 8
p – parallelism factor (threads to run in parallel), usually 1
Memory used = 128 * N * r * p bytes, e.g. 128 * 16384 * 8 = 16 MB
Parameters for interactive login: N=16384, r=8, p=1 (RAM=16MB)
Parameters for file encryption: N=1048576, r=8, p=1 (RAM=1GB)
Key Derivation Functions: Scrypt
33. 33
Public / Private Keys, Wallets & Blockchain
private key public key address
transaction
sign by private key
signed
transaction
valid / invalid
verify by address
wallet master
key (seed)
signed
transaction
transaction data
public key: (x, y)
signature: (v, r, s)
34. 34
In blockchain wallets keep private keys, highly encrypted
Simple wallet (keystore) keeps a single private key
Example: https://gist.github.com/nakov/53f869e01c9b573844c48e5966e33a3f
HD wallet (hierarchical wallet) keeps multiple private keys
Hierarchically derived by a master key (seed) by derivation path
The seed is encoded as mnemonic phrase (12 / 24 words)
Example: https://iancoleman.io/bip39
HD Wallets, BIP39, BIP32 / BIP44
hill brave science fox crime quit owner chapter myth vocal chat custom
35. 35
The BIP-32 standard defines how a crypto-wallet can generate
multiple keys + addresses
The wallet is initialized by a
512-bit master key (seed)
HMAC + ECC math used to
generate multiple accounts
Through a derivation path
E.g. m/44'/60'/1'/12
Each account holds private
key public key address
ECC and Wallets: BIP32
36. 36
Most modern crypto wallets start from a 512-bit securely
generated random seed (see the BIP-39 standard)
The seed (root key) can be represented by 12 or 24 words, e.g.
Each word comes from a wordlist of 2048 words
See https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt
1 word == 11 bits of entropy
12 words == 132 bits == 128-bit entropy + checksum (in the last word)
24 words == 264 bits == 256-bit entropy + checksum (in the last word)
Internal Seed in Crypto Wallets
hill brave science fox crime quit owner chapter myth vocal chat custom
39. 39
A single secret key to
encrypt / decrypt
The secret key is usually
derived by a password
Both the sender and the
recipient should know
the secret key
Widely used symmetric
algorithms: AES-128,
AES-256, Twofish, IDEA
Symmetric Encryption
Wallets are typically encrypted using
symmetric ciphers like AES
40. 40
AES is a "block cipher" – encrypts block by block (e.g. 128 bits)
It has several modes of operation (CBC, ECB, CTR, …)
Some modes of operation require initial vector (IV)
Non-secret random salt used to get different result each time
Recommended modes: CBC (Cipher Block Chaining) or CTR (Counter)
It may use a padding algorithm (typically PKCS7) to split the input
data into blocks of fixed block-size (e.g. 128 bits)
It may use password to key derivation: key = Scrypt(pass, salt, …)
It may use MAC to check the password validity: HMAC(text, key)
AES Cipher Settings
44. License
This course (slides, examples, demos, videos, homework, etc.)
is licensed under the "Creative Commons Attribution-
NonCommercial-ShareAlike 4.0 International" license
44
45. Trainings @ Software University (SoftUni)
Software University – High-Quality Education,
Profession and Job for Software Developers
softuni.bg
Software University Foundation
http://softuni.foundation/
Software University @ Facebook
facebook.com/SoftwareUniversity
Software University Forums
forum.softuni.bg