The heterogeneity, simplicity and massive volume of connected IoT devices make of them something very vulnerable and difficult to protect. DNS as a transversal service, that all use, provides an efficient and scalable way to protect.
Fog computing optimizes cloud computing by processing and storing data locally at network edges rather than sending all data to the cloud, enabling complex computing on-site and minimizing data transfers. It is better suited for IoT with data processed faster and more efficiently at lower costs. Major companies like Cisco, IBM, and those in banking and insurance are notable users as fog computing is seen as the future of big data handling the projected 50 billion sensors by 2020.
Conoce como reutilizar aplicaciones estándar web ya existentes para una fácil integración con aplicaciones de terceros.
Paolo Carrasco
Especialista en Experiencia de Usuario
10 años de experiencia en el mundo de la tecnología, desarrollando, liderando equipos y ahora en el mundo de la experiencia de diseño.
Fausto Castañeda
Desarrollador Software
Ing. en Electrónica y Redes de la Información, con 6 años de experiencia como desarrollador de software, hardware y telemática.
DevSecCon London 2018: Whatever happened to attack aware applications?DevSecCon
MATTHEW PENDLEBURY
Today’s security detection and response capabilities are usually focused on endpoints and network devices. Applications are often considered a distant cousin, more of a potential liability whose logs should be ingested into remote monitoring solutions such as SIEMs. Projects such as OWASP AppSensor however have loads of promise, putting the application back at the heart of attack detection and response, plus offering a really exciting opportunity to development teams. But these ideas have been around for more than 10 years, and AppSensor itself is getting close to this age, yet they still aren’t commonplace, why might this be? An attack aware application is one that can detect and report suspected malicious events, evaluate a series of events and take action if it suspects that series of events, that when considered together are malicious in nature. Examples of events may be a high number of login attempts over a period, a forceful browsing attempt or an obvious XSS string. Many of these events are routinely intercepted today by inline security appliances such as a Web Application Firewall (WAF). However, suspicious events may also be a lot more contextual to the application such as a change to a parameter that should not be changed. This context may not be available to an external device such as a WAF but it is to the application and this leads to the ability to generate very high-fidelity security alerting and opens the possibility of the application itself making pragmatic defensive choices.
Cisco Paris DevNet Hackathon slideshow - IntroBeMyApp
This document outlines an agenda for a 48-hour hackathon in Paris to invent the city of the future. It will include presentations from Cisco and various technology partners on topics like smart cities, Internet of Things, and cloud platforms. Participants will then pitch project ideas before forming teams and beginning development. Over the weekend, teams will work on their projects, receive mentoring, and do practice pitches. On the final day, projects will be presented to a jury for cash prizes. The goal is to generate innovative ideas for connecting people, data, and devices to improve city services.
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon
COLIN DOMONEY
The advent of DevOps and large scale automation of software construction and delivery has elevated the software supply chain – and its underpinning delivery pipeline – to mission critical status in any modern enterprise. The increased velocity of modern pipelines and the removal of manual checks and balances has meant that modern pipelines are potential single points of failure in the delivery of secure software.
Automotive and consumer electronics industries have long understood the need for both provenance (understanding the origin of materials) and veracity (ensuring the integrity of their manufacturing processes) in their supply chains; this presentation will address threats to software supply chains and practical approaches to reducing the fragility of your supply chain. Several examples of software supply chain failures will be presented and deconstructed to understand the typical failure modes.
At the most elementary level many pipelines are poorly constructed with low levels of repeatability and poor test coverage, in other organisations there is a lack of governance over the supply chain allowing careless or willingly negligent actors to subvert or bypass controls or testing within the pipeline. There is also no standard mechanism to ensure a ‘chain of custody’ within a pipeline due to a lack common interchange format between tools, or a standard manner to represent the steps within a pipeline build process.
This presentation will cover approaches (using ‘people and process’) in enforcing governance within a supply chain by describing best practices used in large-scale AppSec programmes. Several emerging technology initiatives will be presented: Google’s Grafeas is a means to ensure vulnerability information is represented in a uniform manner across all steps of a pipeline process, while In-Toto is a project to formally enforce the integrity of a pipeline process. A reference secure pipeline will be presented demonstrating both tools working in symphony, along with standard open source and commercial AppSec tools.
Finally the pipeline itself may become the Achille’s Heel in an organisation – many pipelines are not sufficiently hardened and are themselves open to attack by use of vulnerable components and their extensible nature, often along with very wide open permissions. Guidance will be given on hardening of typical pipelines, and a fully secured ephemeral Jenkins pipeline will be demonstrated.
Benefits of this Session: The attendee will gain an increased awareness of the pivotal importance of the software supply chain, and gain an understanding of some common failure modes and weaknesses. Most importantly the attendee will come away with practical guidance on enforcing higher levels of governance on their supply chain without reducing delivery velocity, as well as how to harden the pipeline infrastructure itself.
What is a thing of the IoT? Aspiration of things narrated by a 'Thing Interpr...Pratik Desai, PhD
The vision of connecting every networked computer with each other created the Internet we use today from a research project, which got possible because of the open Internet standard and a tangible architecture. In the chaos of buzzwords and marketing campaigns, the Interoperating between connected devices, Things, has been compromise, suffocating the growth of the Internet of Things domain. The interoperability between wearable devices and other IoT components can lead to development of high intelligence applications enabling non-hardware entities to be part of the wearable domain. We propose a semantic web assisted IoT architecture, which implements standard data models described in relationship graphs. The graph based data structure enables reasoning and intelligence at the machine level laying down road for innovations.
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...DevSecCon
ERNESTO BETHENCOURT
At BBVA we are developing the Bank’s Next Global Banking Platform for building, deploying and running banking services of any kind, leveraging on cloud technologies. Security is one of the main components for this new platform and is expected to be self-service and easy to use. But it’s not only technology we are building, it’s a new culture based mainly on DevOps. So, what better opportunity to shift-left and offer developers the tools that they need to easily change their (and security teams) mindsets regarding security? In this talk we will walk you through the strategy that we have adopted to expose security services for enabling secure development but at the same time automating security processes needed by security teams. All this trying to keep it in a low budget (at least for now) by levering on vendors and open-source solutions.
The heterogeneity, simplicity and massive volume of connected IoT devices make of them something very vulnerable and difficult to protect. DNS as a transversal service, that all use, provides an efficient and scalable way to protect.
Fog computing optimizes cloud computing by processing and storing data locally at network edges rather than sending all data to the cloud, enabling complex computing on-site and minimizing data transfers. It is better suited for IoT with data processed faster and more efficiently at lower costs. Major companies like Cisco, IBM, and those in banking and insurance are notable users as fog computing is seen as the future of big data handling the projected 50 billion sensors by 2020.
Conoce como reutilizar aplicaciones estándar web ya existentes para una fácil integración con aplicaciones de terceros.
Paolo Carrasco
Especialista en Experiencia de Usuario
10 años de experiencia en el mundo de la tecnología, desarrollando, liderando equipos y ahora en el mundo de la experiencia de diseño.
Fausto Castañeda
Desarrollador Software
Ing. en Electrónica y Redes de la Información, con 6 años de experiencia como desarrollador de software, hardware y telemática.
DevSecCon London 2018: Whatever happened to attack aware applications?DevSecCon
MATTHEW PENDLEBURY
Today’s security detection and response capabilities are usually focused on endpoints and network devices. Applications are often considered a distant cousin, more of a potential liability whose logs should be ingested into remote monitoring solutions such as SIEMs. Projects such as OWASP AppSensor however have loads of promise, putting the application back at the heart of attack detection and response, plus offering a really exciting opportunity to development teams. But these ideas have been around for more than 10 years, and AppSensor itself is getting close to this age, yet they still aren’t commonplace, why might this be? An attack aware application is one that can detect and report suspected malicious events, evaluate a series of events and take action if it suspects that series of events, that when considered together are malicious in nature. Examples of events may be a high number of login attempts over a period, a forceful browsing attempt or an obvious XSS string. Many of these events are routinely intercepted today by inline security appliances such as a Web Application Firewall (WAF). However, suspicious events may also be a lot more contextual to the application such as a change to a parameter that should not be changed. This context may not be available to an external device such as a WAF but it is to the application and this leads to the ability to generate very high-fidelity security alerting and opens the possibility of the application itself making pragmatic defensive choices.
Cisco Paris DevNet Hackathon slideshow - IntroBeMyApp
This document outlines an agenda for a 48-hour hackathon in Paris to invent the city of the future. It will include presentations from Cisco and various technology partners on topics like smart cities, Internet of Things, and cloud platforms. Participants will then pitch project ideas before forming teams and beginning development. Over the weekend, teams will work on their projects, receive mentoring, and do practice pitches. On the final day, projects will be presented to a jury for cash prizes. The goal is to generate innovative ideas for connecting people, data, and devices to improve city services.
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon
COLIN DOMONEY
The advent of DevOps and large scale automation of software construction and delivery has elevated the software supply chain – and its underpinning delivery pipeline – to mission critical status in any modern enterprise. The increased velocity of modern pipelines and the removal of manual checks and balances has meant that modern pipelines are potential single points of failure in the delivery of secure software.
Automotive and consumer electronics industries have long understood the need for both provenance (understanding the origin of materials) and veracity (ensuring the integrity of their manufacturing processes) in their supply chains; this presentation will address threats to software supply chains and practical approaches to reducing the fragility of your supply chain. Several examples of software supply chain failures will be presented and deconstructed to understand the typical failure modes.
At the most elementary level many pipelines are poorly constructed with low levels of repeatability and poor test coverage, in other organisations there is a lack of governance over the supply chain allowing careless or willingly negligent actors to subvert or bypass controls or testing within the pipeline. There is also no standard mechanism to ensure a ‘chain of custody’ within a pipeline due to a lack common interchange format between tools, or a standard manner to represent the steps within a pipeline build process.
This presentation will cover approaches (using ‘people and process’) in enforcing governance within a supply chain by describing best practices used in large-scale AppSec programmes. Several emerging technology initiatives will be presented: Google’s Grafeas is a means to ensure vulnerability information is represented in a uniform manner across all steps of a pipeline process, while In-Toto is a project to formally enforce the integrity of a pipeline process. A reference secure pipeline will be presented demonstrating both tools working in symphony, along with standard open source and commercial AppSec tools.
Finally the pipeline itself may become the Achille’s Heel in an organisation – many pipelines are not sufficiently hardened and are themselves open to attack by use of vulnerable components and their extensible nature, often along with very wide open permissions. Guidance will be given on hardening of typical pipelines, and a fully secured ephemeral Jenkins pipeline will be demonstrated.
Benefits of this Session: The attendee will gain an increased awareness of the pivotal importance of the software supply chain, and gain an understanding of some common failure modes and weaknesses. Most importantly the attendee will come away with practical guidance on enforcing higher levels of governance on their supply chain without reducing delivery velocity, as well as how to harden the pipeline infrastructure itself.
What is a thing of the IoT? Aspiration of things narrated by a 'Thing Interpr...Pratik Desai, PhD
The vision of connecting every networked computer with each other created the Internet we use today from a research project, which got possible because of the open Internet standard and a tangible architecture. In the chaos of buzzwords and marketing campaigns, the Interoperating between connected devices, Things, has been compromise, suffocating the growth of the Internet of Things domain. The interoperability between wearable devices and other IoT components can lead to development of high intelligence applications enabling non-hardware entities to be part of the wearable domain. We propose a semantic web assisted IoT architecture, which implements standard data models described in relationship graphs. The graph based data structure enables reasoning and intelligence at the machine level laying down road for innovations.
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...DevSecCon
ERNESTO BETHENCOURT
At BBVA we are developing the Bank’s Next Global Banking Platform for building, deploying and running banking services of any kind, leveraging on cloud technologies. Security is one of the main components for this new platform and is expected to be self-service and easy to use. But it’s not only technology we are building, it’s a new culture based mainly on DevOps. So, what better opportunity to shift-left and offer developers the tools that they need to easily change their (and security teams) mindsets regarding security? In this talk we will walk you through the strategy that we have adopted to expose security services for enabling secure development but at the same time automating security processes needed by security teams. All this trying to keep it in a low budget (at least for now) by levering on vendors and open-source solutions.
Gobot Meets IoT : Using the Go Programming Language to Control The “Things” A...Justin Grammens
These are the slides that I presented at the Google DevFest Conference in Minneapolis, MN on March 21st, 2015.
Source code can be found on my github repo at: https://github.com/justingrammens/devfestmn2015
I discuss The Internet of Things, The Go Programming Language and did live demos using an Arduino, Sphero and an ArDrone.
This document summarizes the history and future of the Internet of Things (IoT) community. It discusses several historical IoT milestones from the 1990s to present like GNU/Linux, Arduino, and Raspberry Pi. It also notes that by 2018, nearly 50% of IoT solutions will come from startups less than 3 years old. The document then describes the Athens IoT Meetup group, which it founded in 2015, and discusses some of the IoT technologies and local startups/projects that have been featured at its events. Finally, it introduces TheThingsNetwork - Athens, a decentralized open IoT network run by its users.
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)Kai Wähner
Golang-powered open source IoT project Flogo to build ultra-lightweight integration microservices.
The Internet of Things (IoT) brings up 50 billion devices until 2020, which have to be connected somehow. Challenges include low bandwidth, high latency, non-reliable connectivity and the need for low network costs. Therefore, a gateway is needed remotely on site of the devices to filter, aggregate and send just relevant data into the cloud or data center. This session introduces project Flogo: A 100% open source framework, which allows developing ultra lightweight IoT integration applications with a zero-coding web user interface or design chat bot. Coders can also rely just on code, of course. It is written in Google’s Go programming language and 20-50x more lightweight than similar Java or JavaScript frameworks. Therefore building very lightweight microservices independent of IoT is another good use case for this framework, e.g. for serverless architectures using open source frameworks such as OpenWhisk. The session focuses on live demos and shows how to build microservices and integrate IoT devices using standards such as MQTT, WebSockets, CoaP or REST. The last part of the session compares Project Flogo to other open source IoT projects like Node-RED and SaaS offerings such as AWS IoT.
Please use the Flogo community to discuss or ask questions:
https://community.tibco.com/products/project-flogo
Video recording of these slides:
https://youtu.be/-ThK6BZdoxw
HiPEAC 2019 Workshop - Vision ProcessingTulipp. Eu
The document discusses machine vision and Xilinx's solutions for it. It covers the Zynq and Zynq UltraScale+ architectures, SDSoC for automated algorithm to hardware conversion, libraries and PYNQ for productivity, and reduced precision deep neural networks. The Xilinx University Program provides resources like Vivado, SDSoC and SDAccel design tools, academic boards, workshops and partnerships to support teaching and research in machine vision using Xilinx platforms.
Buzzwords at the Cloud Native era - Paris Container Day 2018Horgix
Talk presenting the concepts of Service Mesh, Serverless and Tracing as simply as possible. This was presented at the Paris Container Day 2018 on 26th June 2018, in front of 100 people.
Below is the abstract of the talk:
Some weeks ago, I was at the KubeCon + CloudNativeCon EU. 3 main topics that
are not as well-known as they should be were mentioned a lot:
- Service Mesh
- Serverless/FaaS
- Modern observability / Tracing
For most people, these topics are really fuzzy since they are somewhat recent.
It's easy to wonder what Service Mesh offers compared to traditional Load Balancing, what technology you should pick among Linkerd, Conduit, Envoy, Istio, when they all seem to do the same things. For Serverless and FaaS, one could wonder what they bring to the table when we already have orchestrators and containers that we can deploy in one command. And finally, it's easy to get lost among all the monitoring paradigms: metrics, logs, tracing... why everyone and every product is onboarding some tracing capabilities recently?
We'll talk about all of this during these 20min. It may seem a lot, but we'll go straight to the point as "what's the need it's looking to address and why should I care"
The internet of things in now , see how golang is a part of this evolutionYoni Davidson
This document discusses how Golang can help with Internet of Things (IoT) development. It summarizes that IoT development requires skills in many areas, from embedded programming to backend development, which makes it challenging. Golang can help unify development by allowing code to run natively on devices and be used for both device and backend code, simplifying context switching. It also discusses examples of using Golang with IoT, including a code sample accessing a webcam from a Raspberry Pi. Recommended Golang packages for IoT are also listed.
The document outlines an agenda for a presentation on tackling cloud computing security. The agenda includes: setting the stage; existing cloud standards; ISACA resources; a proposed approach to tackle cloud security; cloud assurance and contract considerations; and a conclusion. It then provides details on each section, outlining existing cloud standards and frameworks, ISACA tools for cloud security, approaches to governing cloud security based on risk management and extending current practices to third parties, and considerations for operating in the cloud securely.
Modern industrial security attacks are growing in volume
and sophistication, often targeting systems control
infrastructure. A single attack can cost millions of dollars for
offshore drilling services like Diamond Offshore Drilling.
Through Rockwell Automation® Asset Centre and Cisco’s Threat
Detection Services, the company now has systems in place to
help detect and respond to security threats, and expedite the
recovery process for critical infrastructure.
This document discusses effective strategies for managing cyber security risks from a cloud services perspective. It outlines the evolution of cyber threats from simplistic attacks in the past to modern sophisticated nation state and organized crime threats. It emphasizes the increased risks from mobility and use of public and private clouds. The document recommends strategies like engaging external security providers, establishing detection and response teams, elevating the CISO role, including mobility in security plans, and engaging vendor partners to help organizations prepare for and manage cloud security risks.
Carlos Chalico is an instructor at the University of Toronto School of Continuing Studies who teaches courses related to cybersecurity and the Internet of Things (IoT). The document discusses key topics related to IoT including identification, communication, sensitivity and control of IoT devices. It also provides estimates for the growing market value of IoT globally, with projections of $7.1 trillion for the US and $1.8 trillion for China by 2030. Several threats to IoT security are examined, such as insecure interfaces, authentication, network services and lack of encryption. Frameworks for addressing these issues are also presented.
Smart contracts for certification of smart devicesPeter Waher
Testing and certification of different types of electronic devices such as sen-sors, actuators and meters require special laboratories that ascertain that claims made by manufacturers are true, and that the devices comply with regulations. As devices become connected and smarter, connectivity, securi-ty and maturity need to be tested and certified as well. While a manufacturer might be satisfied with a paper certificate for traditional devices, smart con-nected devices have other requirements. Industry 4.0 and Smart City use of smart devices require autonomous and secure discovery and interoperability across domains. Maturity, security and functionality need to be compared at run-time, and in real-time. To accomplish this, certification claims need to be digitally accessible, cryptographically protected against fraud and verifiable by all parties. This requires interoperable standards for the purpose.
This is a story about a cryptojack security incident involving one of CHT customers’ AWS development accounts. I will discuss not only the incident and response, but also some of the ways to prevent this type of event from occurring, how to detect it, and forensics data for which to look.
It’s a personal story/lesson from the field and I would like to share it with people in the industry to help them avoid this pitfall.
About a year ago I was a part of an incident where one of our customers reported a security event involving one of their numerous AWS accounts used for development purposes. The AWS account in question already generated about $20k worth of EC2 compute charges when they discovered this breach. There were about 200 or so top-end, CPU-heavy Windows machines spread out across the world running at 100% CPU for over 2 days, all apparently mining bitcoin.
No CloudTrail audit configuration was enabled for this account so there was no audit data available to identify what happened and who did what.
Our Cloud governance platform captures the state of AWS accounts and configurations, and historical data for some of these settings. Our team spent a few days reconstructing the state of things and how events transpired by looking at our backup data on a timeline. It was clear from our data that one of their admin employee account AWS credentials got compromised/leaked and were used to spin up all these resources. It also appeared that this attack was entirely automated and only needed sufficient AWS credentials as an input. An attacker also covered up their tracks and tried to “frame” another innocent user!
Luckily, the data we had cleared this user’s name and the customer received full AWS credits for the breach to cover the loss, but this was an important lesson for us and for our customer. This was an entirely preventable incident.
We saw a similar pattern/attack on our own infrastructure. The attempt failed due to some simple security measures we’ve taken. I’ll talk about some of the ways to prevent this event from occurring, how to detect it, and the forensics data to look for: things like enforcing MFA, using external Idp, removing the need for the AWS key and secret key by leveraging roles and instance profiles to grant permissions, etc. I will also talk about the importance of having the CloudTrail audit feature enabled by default in AWS.
Edge computing PPT slides and it's benifits and drawbacks1GV20CS058Shivaraj
Edge computing is an approach to distributed computing where computational power and data storage is located closer to the source of data generation rather than in a centralized cloud. This document discusses the rise of edge computing driven by IoT, the need for real-time processing, and inexpensive edge hardware. It outlines key applications of edge computing like smart infrastructure and autonomous vehicles. The document also introduces Eclipse ioFog and Edge Compute Network (ECN) as open source projects for edge computing and discusses challenges around resources, security, and networking at the edge.
The document discusses Sierra Wireless' Open AT application framework, which allows developers to embed applications written in C/C++ into wireless modules. Some key benefits of Open AT include focusing on innovation rather than integration, accelerating application development, reducing costs, and deploying applications on global 2G and 3G networks. Open AT has been successfully used for over 10 years and supports millions of devices worldwide.
The document provides an overview of cloud computing, including its history, models, architecture, security concerns, and importance. Cloud computing allows users to access software and store data on remote servers rather than local hardware. It has evolved from early concepts in the 1950s-60s to platforms like Amazon Web Services today. There are three main service models: Infrastructure as a Service, Platform as a Service, and Software as a Service. Cloud computing also raises issues around data protection, identity management, and compliance with varying legal requirements across jurisdictions. Overall it allows for improved data storage, maintenance, and security compared to traditional computing.
202104 technical challenging and our solutions - golang taipeiRonald Hsu
technical challenging in a MMAU SASS product, and how do we improve reliability in a microservice architecture with improving context passing, service mesh, etc.
This document summarizes the key steps involved in processing a web request from a browser to a server and back. It discusses the TCP/IP protocol suite which handles packaging and transmission of data, URLs which identify web resources, HTTP which is the protocol for requesting and receiving web pages, web caching for reusing stored resources, DNS which translates domain names to IP addresses, TCP connections for transmitting data between devices, and the response from applications on web servers. The document also provides information about career opportunities at Google, focusing on engineering roles.
In this talk, we will briefly review the current trend toward Edge Computing first. Then, characteristics and requirements for the Industrial Edge Computing will be addressed and discussed. Among them, Decentralized Fault-Resilient Architecture, Time-sensitive Operations, Data-centric Computation, Autonomous Systems and Flexibility are the most important ones. Some influential open-source projects for the industrial edge computing will also be introduced in this talk, including Cyclone DDS, ROS2, Autoware and zenoh.
Gobot Meets IoT : Using the Go Programming Language to Control The “Things” A...Justin Grammens
These are the slides that I presented at the Google DevFest Conference in Minneapolis, MN on March 21st, 2015.
Source code can be found on my github repo at: https://github.com/justingrammens/devfestmn2015
I discuss The Internet of Things, The Go Programming Language and did live demos using an Arduino, Sphero and an ArDrone.
This document summarizes the history and future of the Internet of Things (IoT) community. It discusses several historical IoT milestones from the 1990s to present like GNU/Linux, Arduino, and Raspberry Pi. It also notes that by 2018, nearly 50% of IoT solutions will come from startups less than 3 years old. The document then describes the Athens IoT Meetup group, which it founded in 2015, and discusses some of the IoT technologies and local startups/projects that have been featured at its events. Finally, it introduces TheThingsNetwork - Athens, a decentralized open IoT network run by its users.
Flogo - A Golang-powered Open Source IoT Integration Framework (Gophercon)Kai Wähner
Golang-powered open source IoT project Flogo to build ultra-lightweight integration microservices.
The Internet of Things (IoT) brings up 50 billion devices until 2020, which have to be connected somehow. Challenges include low bandwidth, high latency, non-reliable connectivity and the need for low network costs. Therefore, a gateway is needed remotely on site of the devices to filter, aggregate and send just relevant data into the cloud or data center. This session introduces project Flogo: A 100% open source framework, which allows developing ultra lightweight IoT integration applications with a zero-coding web user interface or design chat bot. Coders can also rely just on code, of course. It is written in Google’s Go programming language and 20-50x more lightweight than similar Java or JavaScript frameworks. Therefore building very lightweight microservices independent of IoT is another good use case for this framework, e.g. for serverless architectures using open source frameworks such as OpenWhisk. The session focuses on live demos and shows how to build microservices and integrate IoT devices using standards such as MQTT, WebSockets, CoaP or REST. The last part of the session compares Project Flogo to other open source IoT projects like Node-RED and SaaS offerings such as AWS IoT.
Please use the Flogo community to discuss or ask questions:
https://community.tibco.com/products/project-flogo
Video recording of these slides:
https://youtu.be/-ThK6BZdoxw
HiPEAC 2019 Workshop - Vision ProcessingTulipp. Eu
The document discusses machine vision and Xilinx's solutions for it. It covers the Zynq and Zynq UltraScale+ architectures, SDSoC for automated algorithm to hardware conversion, libraries and PYNQ for productivity, and reduced precision deep neural networks. The Xilinx University Program provides resources like Vivado, SDSoC and SDAccel design tools, academic boards, workshops and partnerships to support teaching and research in machine vision using Xilinx platforms.
Buzzwords at the Cloud Native era - Paris Container Day 2018Horgix
Talk presenting the concepts of Service Mesh, Serverless and Tracing as simply as possible. This was presented at the Paris Container Day 2018 on 26th June 2018, in front of 100 people.
Below is the abstract of the talk:
Some weeks ago, I was at the KubeCon + CloudNativeCon EU. 3 main topics that
are not as well-known as they should be were mentioned a lot:
- Service Mesh
- Serverless/FaaS
- Modern observability / Tracing
For most people, these topics are really fuzzy since they are somewhat recent.
It's easy to wonder what Service Mesh offers compared to traditional Load Balancing, what technology you should pick among Linkerd, Conduit, Envoy, Istio, when they all seem to do the same things. For Serverless and FaaS, one could wonder what they bring to the table when we already have orchestrators and containers that we can deploy in one command. And finally, it's easy to get lost among all the monitoring paradigms: metrics, logs, tracing... why everyone and every product is onboarding some tracing capabilities recently?
We'll talk about all of this during these 20min. It may seem a lot, but we'll go straight to the point as "what's the need it's looking to address and why should I care"
The internet of things in now , see how golang is a part of this evolutionYoni Davidson
This document discusses how Golang can help with Internet of Things (IoT) development. It summarizes that IoT development requires skills in many areas, from embedded programming to backend development, which makes it challenging. Golang can help unify development by allowing code to run natively on devices and be used for both device and backend code, simplifying context switching. It also discusses examples of using Golang with IoT, including a code sample accessing a webcam from a Raspberry Pi. Recommended Golang packages for IoT are also listed.
The document outlines an agenda for a presentation on tackling cloud computing security. The agenda includes: setting the stage; existing cloud standards; ISACA resources; a proposed approach to tackle cloud security; cloud assurance and contract considerations; and a conclusion. It then provides details on each section, outlining existing cloud standards and frameworks, ISACA tools for cloud security, approaches to governing cloud security based on risk management and extending current practices to third parties, and considerations for operating in the cloud securely.
Modern industrial security attacks are growing in volume
and sophistication, often targeting systems control
infrastructure. A single attack can cost millions of dollars for
offshore drilling services like Diamond Offshore Drilling.
Through Rockwell Automation® Asset Centre and Cisco’s Threat
Detection Services, the company now has systems in place to
help detect and respond to security threats, and expedite the
recovery process for critical infrastructure.
This document discusses effective strategies for managing cyber security risks from a cloud services perspective. It outlines the evolution of cyber threats from simplistic attacks in the past to modern sophisticated nation state and organized crime threats. It emphasizes the increased risks from mobility and use of public and private clouds. The document recommends strategies like engaging external security providers, establishing detection and response teams, elevating the CISO role, including mobility in security plans, and engaging vendor partners to help organizations prepare for and manage cloud security risks.
Carlos Chalico is an instructor at the University of Toronto School of Continuing Studies who teaches courses related to cybersecurity and the Internet of Things (IoT). The document discusses key topics related to IoT including identification, communication, sensitivity and control of IoT devices. It also provides estimates for the growing market value of IoT globally, with projections of $7.1 trillion for the US and $1.8 trillion for China by 2030. Several threats to IoT security are examined, such as insecure interfaces, authentication, network services and lack of encryption. Frameworks for addressing these issues are also presented.
Smart contracts for certification of smart devicesPeter Waher
Testing and certification of different types of electronic devices such as sen-sors, actuators and meters require special laboratories that ascertain that claims made by manufacturers are true, and that the devices comply with regulations. As devices become connected and smarter, connectivity, securi-ty and maturity need to be tested and certified as well. While a manufacturer might be satisfied with a paper certificate for traditional devices, smart con-nected devices have other requirements. Industry 4.0 and Smart City use of smart devices require autonomous and secure discovery and interoperability across domains. Maturity, security and functionality need to be compared at run-time, and in real-time. To accomplish this, certification claims need to be digitally accessible, cryptographically protected against fraud and verifiable by all parties. This requires interoperable standards for the purpose.
This is a story about a cryptojack security incident involving one of CHT customers’ AWS development accounts. I will discuss not only the incident and response, but also some of the ways to prevent this type of event from occurring, how to detect it, and forensics data for which to look.
It’s a personal story/lesson from the field and I would like to share it with people in the industry to help them avoid this pitfall.
About a year ago I was a part of an incident where one of our customers reported a security event involving one of their numerous AWS accounts used for development purposes. The AWS account in question already generated about $20k worth of EC2 compute charges when they discovered this breach. There were about 200 or so top-end, CPU-heavy Windows machines spread out across the world running at 100% CPU for over 2 days, all apparently mining bitcoin.
No CloudTrail audit configuration was enabled for this account so there was no audit data available to identify what happened and who did what.
Our Cloud governance platform captures the state of AWS accounts and configurations, and historical data for some of these settings. Our team spent a few days reconstructing the state of things and how events transpired by looking at our backup data on a timeline. It was clear from our data that one of their admin employee account AWS credentials got compromised/leaked and were used to spin up all these resources. It also appeared that this attack was entirely automated and only needed sufficient AWS credentials as an input. An attacker also covered up their tracks and tried to “frame” another innocent user!
Luckily, the data we had cleared this user’s name and the customer received full AWS credits for the breach to cover the loss, but this was an important lesson for us and for our customer. This was an entirely preventable incident.
We saw a similar pattern/attack on our own infrastructure. The attempt failed due to some simple security measures we’ve taken. I’ll talk about some of the ways to prevent this event from occurring, how to detect it, and the forensics data to look for: things like enforcing MFA, using external Idp, removing the need for the AWS key and secret key by leveraging roles and instance profiles to grant permissions, etc. I will also talk about the importance of having the CloudTrail audit feature enabled by default in AWS.
Edge computing PPT slides and it's benifits and drawbacks1GV20CS058Shivaraj
Edge computing is an approach to distributed computing where computational power and data storage is located closer to the source of data generation rather than in a centralized cloud. This document discusses the rise of edge computing driven by IoT, the need for real-time processing, and inexpensive edge hardware. It outlines key applications of edge computing like smart infrastructure and autonomous vehicles. The document also introduces Eclipse ioFog and Edge Compute Network (ECN) as open source projects for edge computing and discusses challenges around resources, security, and networking at the edge.
The document discusses Sierra Wireless' Open AT application framework, which allows developers to embed applications written in C/C++ into wireless modules. Some key benefits of Open AT include focusing on innovation rather than integration, accelerating application development, reducing costs, and deploying applications on global 2G and 3G networks. Open AT has been successfully used for over 10 years and supports millions of devices worldwide.
The document provides an overview of cloud computing, including its history, models, architecture, security concerns, and importance. Cloud computing allows users to access software and store data on remote servers rather than local hardware. It has evolved from early concepts in the 1950s-60s to platforms like Amazon Web Services today. There are three main service models: Infrastructure as a Service, Platform as a Service, and Software as a Service. Cloud computing also raises issues around data protection, identity management, and compliance with varying legal requirements across jurisdictions. Overall it allows for improved data storage, maintenance, and security compared to traditional computing.
202104 technical challenging and our solutions - golang taipeiRonald Hsu
technical challenging in a MMAU SASS product, and how do we improve reliability in a microservice architecture with improving context passing, service mesh, etc.
This document summarizes the key steps involved in processing a web request from a browser to a server and back. It discusses the TCP/IP protocol suite which handles packaging and transmission of data, URLs which identify web resources, HTTP which is the protocol for requesting and receiving web pages, web caching for reusing stored resources, DNS which translates domain names to IP addresses, TCP connections for transmitting data between devices, and the response from applications on web servers. The document also provides information about career opportunities at Google, focusing on engineering roles.
In this talk, we will briefly review the current trend toward Edge Computing first. Then, characteristics and requirements for the Industrial Edge Computing will be addressed and discussed. Among them, Decentralized Fault-Resilient Architecture, Time-sensitive Operations, Data-centric Computation, Autonomous Systems and Flexibility are the most important ones. Some influential open-source projects for the industrial edge computing will also be introduced in this talk, including Cyclone DDS, ROS2, Autoware and zenoh.
Talk about choices of protocals given at Wuthering Bytes 2013. I started with the premise that pub/sub should be the default choice. After further consideration I admitted that there are exceptions to the rule. Praise for MQTT and node.js
How Cloud Providers are Playing with Traditional Data CenterHostway|HOSTING
The keynote presentation discusses how cloud providers are impacting traditional data centers. It notes that as companies grow from startups to established enterprises, their hosting needs change from fully public cloud to hybrid models. The presentation outlines the tradeoffs of different hosting options like owning your own data center, colocation, managed hosting, and public cloud. It argues that a hybrid multi-cloud approach combining on-premises, dedicated, managed, public and other specialty clouds provides the most flexibility, cost savings, and ability to put the right workload in the right environment. Case studies are presented showing how hybrid cloud delivered major cost reductions and performance gains for Explore.org and enabled critical security and compliance requirements for Samsung. The presentation concludes that
This document discusses Google Cloud Platform and how Google powers its own services. It notes that Google is the fourth largest server manufacturer and would be the second largest internet service provider by traffic. It describes how Google builds customized hardware from cheap commodity parts and manages vast numbers of homogeneous servers at scale with software resilience and horizontal layers rather than hardware resilience and vertical stacks. The document also provides an overview of how Google's global data centers, communications network, data storage and distribution, services and APIs, and compute platforms can be utilized to build and scale applications. It includes several customer stories about how companies have used Google Cloud Platform for applications experiencing peak traffic, global data storage, crowd-sourcing weather data, and syncing notes across devices.
Sidiq Permana - Building For The Next Billion UsersDicoding
The document discusses best practices for building mobile apps for the next billion users in emerging markets. It begins by noting that over 1.4 billion Android users exist across more than 130 countries, with 1 billion new users expected by 2017. Key challenges in emerging markets include slow and expensive internet, mobile-first usage, and prepaid plans used by over 95% of users. The document then lists 11 best practices: 1) Prioritize responsiveness, 2) Follow material design, 3) Anticipate user needs, 4) Manage data usage wisely, 5) Optimize for performance, 6) Minimize app size, 7) Use efficient image formats, 8) Consider battery life, 9) Manage memory efficiently, and
Presentation from Grace Hopper Celebration 2016. Topic: Blockchain and Internet of Things (IoT) in the IBM Bluemix platform includes Demo. Speakers: Valerie Lampkin, Sumabala Nair and Carole Corley
Cassandra on Google Cloud Platform (Ravi Madasu, Google / Ben Lackey, DataSta...DataStax
During this session Ben Lackey (DataStax) and Ravi Madasu (Google) will cover best practices for quickly setting up a cluster on Google Cloud Platform (GCP) using both Google Compute Engine (GCE) and Google Container Engine (GKE) which is based on Kubernetes and Docker.
About the Speakers
Ben Lackey Partner Architect, DataStax
I work in the Cloud Strategy group at DataStax where I concentrate on improving the integration between DataStax Enterprise and cloud platforms including Azure, GCP and Pivotal.
Ravi Madasu
Ravi Madasu is a program manager at Google, primarily focused on Google Cloud Launcher. He works closely with ISV partners to make their products and services available on the Google Cloud Platform providing a developer friendly deployment experience. He has 15+ years of experience, working in variety of roles such as software engineer, project manager and product manager. Ravi received a Masters degree in Information Systems from Northeastern University and an MBA from Carnegie Mellon University.
No-Java Enterprise Applications: It’s All About JavaScript [DEV5107]Soham Dasgupta
The document discusses a presentation on building no-Java enterprise applications. It covers topics like the JavaScript ecosystem, simplification, NodeJS, MVVM pattern, theming, unit testing with Jasmine, using the Oracle database with oracledb, security management with Passport JS, linting with ESLint, and building with tools like Gulp, Grunt and npm. The presentation aims to help simplify development of non-Java applications and take advantage of the Node ecosystem and standards.
Manage Your Router with Dynamic Public IPGLC Networks
Webinar topic: Manage Your Router with Dynamic Public IP
Presenter: Achmad Mardiansyah, M. Taufik Nurhuda
In this webinar series, Manage Your Router with Dynamic Public IP
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/d_9hc7RUu58
TrustLeap GWAN - The multicore Future requires Parallelism Programming toolsTWD Industries AG
With 1 GHz in 2000 and 3GHz in 2002 100 GHz CPUs were expected in 2005. A decade later, we still run 3 GHz CPUs:
"We're not going to have faster processors. Instead, making software run faster in the future will mean using parallel-programming techniques. This will be a huge shift."
- The Economist, "Parallel bars"
As time goes, multicore growing, software applications will be increasingly CPU-bound, making efficiency increasingly important:
G-WAN App. server (one single ~200 KiB executable) makes all programming languages scale higher than other solutions.
Cloud computing allows sharing of data, storage, and access to computer resources over the internet. It has three main service models: Infrastructure as a Service (IaaS) provides basic services and hardware that users maintain; Platform as a Service (PaaS) provides software, hardware, and platforms automatically; and Software as a Service (SaaS) provides transparent access to software and hardware. Cloud computing also has four deployment models: public, community, private, and hybrid clouds. While cloud computing provides benefits, it also faces challenges regarding privacy, compliance with regulations, security, and potential abuse.
The document outlines the agenda for Cloudera's Enterprise Data Cloud event in Vienna. It includes welcome remarks, keynotes on Cloudera's vision and customer success stories. There will be presentations on the new Cloudera Data Platform and customer case studies, followed by closing remarks. The schedule includes sessions on Cloudera's approach to data warehousing, machine learning, streaming and multi-cloud capabilities.
Similar to Cloud Computing Talk for PRIA Winter Symposium 2012 by Corey Leong (20)
The SVN® organization shares a portion of their new weekly listings via their SVN Live® Weekly Property Broadcast. Visit https://svn.com/svn-live/ if you would like to attend our weekly call, which we open up to the brokerage community.
Dholera Smart City Latest Development Status 2024.pdfShivgan Infratech
Explore the latest development status of Dholera Smart City in 2024. Discover the progress, infrastructure, and future plans of India's first greenfield smart city.
BEST FARMLAND FOR SALE | FARM PLOTS NEAR BANGALORE | KANAKAPURA | CHICKKABALP...knox groups real estate
welcome to knox groups real estate company in Bangalore. best farm land for sale near Bangalore and madhugiri . Managed farmland near Kanakapura and Chickkabalapur get know more details about the projects .Knox groups is a leading real estate company dedicated to helping individuals and businesses navigate the dynamic real estate market. With our extensive knowledge, experience, and commitment to excellence, we deliver exceptional results for our clients. Discover the perfect foundation for your agricultural aspirations with KNOX Groups' prime farm lands. These aren't just plots; they're the fertile grounds where vibrant crops flourish, livestock thrives, and unique agricultural ventures come to life. At KNOX, we go beyond selling land we curate sustainable ecosystems, ensuring that your journey toward agricultural success is seamless and prosperous.
AVRUPA KONUTLARI ESENTEPE - ENGLISH - Listing TurkeyListing Turkey
Looking for a new home in Istanbul? Look no further than Avrupa Konutlari Esentepe! Our beautifully designed homes provide the perfect blend of luxury and comfort, making them the perfect choice for anyone looking for a high-quality home in the city.
With a wide range of apartment types available, from 1+1 to 4+1, we have something to suit every need and budget. Each apartment is designed with attention to detail and features spacious and bright living areas, making them the perfect place to relax and unwind after a long day.
One of the things that sets Avrupa Konutlari Esentepe apart from other developments is our focus on creating a community that is both comfortable and convenient. Our homes are surrounded by lush green spaces, perfect for enjoying a peaceful stroll or having a picnic with friends and family. Additionally, our complex includes a variety of social and recreational amenities, such as swimming pools, sports fields, and playgrounds, making it easy for residents to stay active and socialize with their neighbors.
https://listingturkey.com/property/avrupa-konutlari-esentepe/
Stark Builders: Where Quality Meets Craftsmanship!shuilykhatunnil
At Stark Builders our vision is to redefine the renovation experience by combining both stunning design and high quality construction skills. We believe that by delivering both these key aspects together we are able to achieve incredible results for our clients and ensure every project reflects their vision and enhances their lifestyle.
Although we are not all related by blood we have created a team of highly professional and hardworking individuals who share the common goal of delivering beautiful and functional renovated spaces. Our tight nit team are able to work together in a way where we pour our passion into each and every project as we have a love for what we do. Building is our life.
Deed 3754 S Honeysuckle Mesa AZ 85212 owner Shawn Freeman - Pamela Brown Nota...
Cloud Computing Talk for PRIA Winter Symposium 2012 by Corey Leong
1. Property Records Industry Association
Real World Cloud Computing
Corey Leong
Executive Director
Global Real Estate And Technology
Consortium (GR8C)
PRIA Winter Symposium Washington DC
March 1, 2012
2. Real World Cloud Computing
● GR8C is a nonprofit science
organization pending 501(c)3
status.
● Founded in June of 2008.
● Offices located in Downtown
Orlando and near Universal Studios.
Property Records Industry Association • www.pria.us
3. REAL WORLD CLOUD COMPUTING
The mission of the GR8C is to
promote the education, operation,
and use of the World Wide Multiple
Listing Service (WWMLS) to its fullest
potential by developing protocols,
specifications, and standards for the
benefit of all people throughout the
world.
Property Records Industry Association • www.pria.us
4. REAL WORLD CLOUD COMPUTING
Major GR8C Milestones:
● In 2010, GR8C received 2
internet reserved ports from IETF
● Ports/Protocols: 32801/MLSN
and 32811/RETP
Property Records Industry Association • www.pria.us
5. REAL WORLD CLOUD COMPUTING
Upcoming Milestones:
● Provide a test environment for beta
OpenMLS registrars by 2013.
● Provide a production environment for
OpenMLS registrars by 2014.
● Invite accredited OpenMLS registrars
by 2016.
● Provide a fully operational and global
World Wide MLS by 2018.
Property Records Industry Association • www.pria.us
6. REAL WORLD CLOUD COMPUTING
Professional Experience:
● 13 years in Real Estate (Former
Salesperson, Broker, Instructor)
● 15 years in Information
Technology (SysAdmin,
Developer, Engineer)
Property Records Industry Association • www.pria.us
7. REAL WORLD CLOUD COMPUTING
Academically:
● B.S. Management Information
Systems, USF
Currently graduate studies at UCF:
● Masters of Nonprofit Management
● Independent Study in Computer
Science for future PhD Program
Property Records Industry Association • www.pria.us
8. REAL WORLD CLOUD COMPUTING
Main Research Area:
Real Estate Science: A new field of
study combining Real Estate concepts
and Computer Science concepts
Property Records Industry Association • www.pria.us
9. REAL WORLD CLOUD
COMPUTING
What is Cloud Computing?
"Cloud computing is a model for enabling
ubiquitous, convenient, on-demand network
access to a shared pool of configurable computing
resources that can be rapidly provisioned and
released with minimal management effort or
service provider interaction." (Citation from NIST)
Property Records Industry Association • www.pria.us
10. REAL WORLD CLOUD COMPUTING
How does the GR8C leverage Cloud
Computing?
● SalesForce
● Amazon Web Services
● Google Apps
Property Records Industry Association • www.pria.us
11. REAL WORLD CLOUD COMPUTING
GR8C Use Case #1
● Corporate Email And GMail
Property Records Industry Association • www.pria.us
12. REAL WORLD CLOUD COMPUTING
Diagram
Property Records Industry Association • www.pria.us
13. REAL WORLD CLOUD COMPUTING
GR8C Use Case #1
Benefits ● Convenient, no cost, no admin
needed
● Users use GMail
● Aliases corporate email
● Firewalls potential email hacking
Risks
● Multiple Points of Failure
● Potential for Downtime
● Messages and files are offsite
Property Records Industry Association • www.pria.us
14. REAL WORLD CLOUD COMPUTING
GR8C Use Case #2
● Corporate Voice Services And Google
Voice
Property Records Industry Association • www.pria.us
15. REAL WORLD CLOUD COMPUTING
Property Records Industry Association • www.pria.us
16. REAL WORLD CLOUD COMPUTING
GR8C Use Case #2
Benefits ● Convenient, no cost, no admin
needed
● Users can use mobile/desk phone
or web
● Aliases corporate phone number
Risks ● Firewalls potential voice spam
● Multiple Points of Failure
● Potential for Downtime
● Messages are stored offsite
Property Records Industry Association • www.pria.us
17. REAL WORLD CLOUD COMPUTING
GR8C Use Case #3
● Corporate Files And Google Docs
Property Records Industry Association • www.pria.us
18. REAL WORLD CLOUD COMPUTING
Property Records Industry Association • www.pria.us
19. REAL WORLD CLOUD COMPUTING
GR8C Use Case #3
Benefits
● Convenient, no cost, no admin
needed
● Users upload many file format
types
● Access from multiple devices
Risks ● Single Point of Failure
● Potential for Downtime
● Documents are stored offsite
Property Records Industry Association • www.pria.us
20. REAL WORLD CLOUD COMPUTING
In Conclusion:
● Cloud Computing Concepts
● GR8C Use Cases
● Benefits
● Risks
Property Records Industry Association • www.pria.us
21. REAL WORLD CLOUD COMPUTING
Thank You!
Property Records Industry Association • www.pria.us
22. Property Records Industry Association
REAL WORLD CLOUD COMPUTING
Corey Leong
GR8C Executive Director
Phone: +1 (407) 584-7828
Email: cleong@gr8c.org
Twitter: @coreyleong, @gr8c, @rescience,
@wwmls
www.GR8C.org