The document discusses Forkito ACL, an access control list system that aims to simplify and improve upon Joomla's ACL implementation. It covers Forkito ACL's goals of being easy to use and reusable across projects. It summarizes the Joomla fork flavor, Molajo flavor, and planned Nooku flavor. It also describes Forkito ACL's simplified user interface, operational logic, and API for developers to integrate authorization checks.
iPaste is the tool for storing public and password protected pastes on the web (www.iPaste.eu). It is a product aimed mostly for developers, because it allows to collaborate with other people without the need of a git (for medium and large projects, of course, it is recommended to use a git ) or share quickly a textual file over the web.
This document will help you to make correct requests to the iPaste web service.
Utilize the Full Power of GlassFish Server and Java EE SecurityMasoud Kalali
In this session, learn how to utilize Java EE security and what GlassFish Server technology provides to address your security requirements. The presentation goes over how to develop new JASPIC (JSR196) or JACC (JSR-115) moduls and plug them to GlassFish
iPaste is the tool for storing public and password protected pastes on the web (www.iPaste.eu). It is a product aimed mostly for developers, because it allows to collaborate with other people without the need of a git (for medium and large projects, of course, it is recommended to use a git ) or share quickly a textual file over the web.
This document will help you to make correct requests to the iPaste web service.
Utilize the Full Power of GlassFish Server and Java EE SecurityMasoud Kalali
In this session, learn how to utilize Java EE security and what GlassFish Server technology provides to address your security requirements. The presentation goes over how to develop new JASPIC (JSR196) or JACC (JSR-115) moduls and plug them to GlassFish
What is the Joomla Framework and why do we need it?Rouven Weßling
The new Joomla Framework was met with both skepticism and excitement in the community. What is the difference between the Platform and the Framework? Why is it a good idea? And how does this open us up to the wider PHP community? We'd like to give you some answers.
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...Vincenzo Barone
This session will provide an overview of updating a Plone 2 Add On product to Plone 3. I will discuss the methods and tools used to refactor the codebase. This includes pointers on how to use GenericSetup and extension profiles to install your product, moving Zope2 tools to Zope3 utilities, and creation of control panel configlets using formlib. One of the biggest problems we faced in moving our codebase to Plone3 was the lack of readily available sample code to work from. We would like to make an example of the transition of ContentLicensing from Plone2 to Plone3 and provide this resource to the Plone community.
TYPO3 v8 is one of the most important LTS version releases in the TYPO3 History. You may call it the #NextGenerationCMS (Content Management System). It gives TYPO3 the long-awaited major boost in functionality and features. In this blog, you will find detail about the new improvements & features. We hope, this will help #Developers, #Integrators, #Editors & #Administrators to understand #TYPO3 8 in depth, Checkout AtoZ details at http://www.nitsan.in/blog/post/atoz-about-typo3-v8-cms/
Mageguru - magento custom module development Mage Guru
step by-step guide for magento module development. Hire dedicated magento 2 developers from mageguru with 5+ years experience, starting at just $18/hr to render highly robust, scalable and high-performance magento 2 compliment your business requisites.
Understanding Framework Architecture using Eclipseanshunjain
Talk on Framework architectures given at SAP Labs India for Eclipse Day India 2011 - Code attached Here: https://sites.google.com/site/anshunjain/eclipse-presentations
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012Sabuj Kundu
Developing Joomla Extensions
Presented at Joomla User Group Meetup at Dhaka-1212
Please check the event details https://www.facebook.com/events/454288907946824/
What is the Joomla Framework and why do we need it?Rouven Weßling
The new Joomla Framework was met with both skepticism and excitement in the community. What is the difference between the Platform and the Framework? Why is it a good idea? And how does this open us up to the wider PHP community? We'd like to give you some answers.
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...Vincenzo Barone
This session will provide an overview of updating a Plone 2 Add On product to Plone 3. I will discuss the methods and tools used to refactor the codebase. This includes pointers on how to use GenericSetup and extension profiles to install your product, moving Zope2 tools to Zope3 utilities, and creation of control panel configlets using formlib. One of the biggest problems we faced in moving our codebase to Plone3 was the lack of readily available sample code to work from. We would like to make an example of the transition of ContentLicensing from Plone2 to Plone3 and provide this resource to the Plone community.
TYPO3 v8 is one of the most important LTS version releases in the TYPO3 History. You may call it the #NextGenerationCMS (Content Management System). It gives TYPO3 the long-awaited major boost in functionality and features. In this blog, you will find detail about the new improvements & features. We hope, this will help #Developers, #Integrators, #Editors & #Administrators to understand #TYPO3 8 in depth, Checkout AtoZ details at http://www.nitsan.in/blog/post/atoz-about-typo3-v8-cms/
Mageguru - magento custom module development Mage Guru
step by-step guide for magento module development. Hire dedicated magento 2 developers from mageguru with 5+ years experience, starting at just $18/hr to render highly robust, scalable and high-performance magento 2 compliment your business requisites.
Understanding Framework Architecture using Eclipseanshunjain
Talk on Framework architectures given at SAP Labs India for Eclipse Day India 2011 - Code attached Here: https://sites.google.com/site/anshunjain/eclipse-presentations
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012Sabuj Kundu
Developing Joomla Extensions
Presented at Joomla User Group Meetup at Dhaka-1212
Please check the event details https://www.facebook.com/events/454288907946824/
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
7. Joomla fork form == contains changes to 70+ files
due to poor Joomla ACL implementation in application layer
Joomla - ACL hardcoded everywhere
revision 7
FORKITO
8. COVERED PARTS
New forkito ACL library
Joomla library methods are changed to proxies to a new library
methods
Includes internal methods that take care of backwards
compatibility with old Joomla ACL
FORKITO
9. COVERED PARTS
Web application framework layer
Ţ categories
Ţ menus,
Ţ modules,
Ţ plugins
Mainly changes to multiple items queries
FORKITO
10. COVERED PARTS
Application
Ţ Backend components: com_categories, com_menus,
com_modules, com_plugins
Ţ Content components: com_content (back and frontend)
Ţ Pagenavigation plugin-
Contains changes to 37 php and 15 xml files,
most extensive changes to com_users and com_content
FORKITO
11. WHERE I CAN GET IT
git clone git://git.forkito.org/forkito
FORKITO
14. Molajo ? - web application layer will be completely redone
together with components - layer includes hooks for ACL plugins
Just few library overrides (JUser, JCategories, JMenu … )
Joomla compatibility methods removed – extension either uses
Joomla or Forkito ACL
FORKITO
15. Molajo ? - web application layer will be completely redone
together with components - layer includes hooks for ACL plugins
Just few library overrides (JUser, JCategories, JMenu … )
Joomla compatibility methods removed – extension either uses
Joomla or Forkito ACL
yes, it can be done
FORKITO
17. Will come after Molajo flavour
it is expected that only minor changes will be needed in Forkito
ACl for it to work with Nooku framework.
Forkito will represent an addon library here
FORKITO
19. REMOVED VIEW ACCESS LEVELS AND ADDED VIEW TO
ACTIONS
50% less users effort needed, 50% less complicated.
View == action
No need for a separate ACL system for managing view permissions.
onfusing for the user and inefficient from the system point of view.
FORKITO
20. RADICALLY IMPROVED AND SIMPLIFIED USER INTERFACE
Ţ Simple matryx of groups and actions
Ţ One-click permission changes
Ţ Instantly visible changes in inherited values
FORKITO
21. SIMPLIFIED OPERATIONAL LOGIC
Lower level always wins
Global >Component>(Category)>(Item)
Anything set on the lower level beats what was set on the higher
one (denied or allowed)
Assigned permission beats inherited
Users are auto assigned to parent groups, so anything that is set in
parents will affect user's permissions, but only if it is not set
explicitly in assigned groups.
FORKITO
22. SIMPLIFIED OPERATIONAL LOGIC
If one group gives you access you are in
(key analogy)
If you have a key that opens certain doors, it doesn't matter if
another key doesn't work, you still can get in.
When user is allowed to do something trough his membership in
one of the assigned groups, all others are irrelevant.
FORKITO
23. DRY-ED AND RE-ARCHITECTURED
No code repetition
A single method for a single purpose.
Classes reusing other classes methods and not replicating them.
Very low amount of code, will cut off even more in the future.
FORKITO
24. JSON ENCODED RULES REPLACED WITH PERMISSIONS
TABLE
JSON encoded string of permissions, stored in simgle database
field was one of the most horrible ideas ever seen in Joomla
This kind of code crimes should be punishable with at least 100 hits
with a stick.
FORKITO
26. It totally disables any database relations, conditional searches etc.
with enormous impact on performance.
FORKITO
27. To retrieve a list of items user has a permission to view (or edit or
do any action) code would need to query for ALL items, unpack
json string item by item and check permissions each item
separately.
Now imagine you have 100.000 or even 1 million items to inspect
one by one and try to imagine how long that would take and e.g.
how much memory it would consume.
Get the picture?
FORKITO
28. Having JSON in a database == a performance problem
=> you need more efficient system for managing thousands of
users trying to view pages
=> you "solve" the problem by inventing another ACL system
called access levels
FORKITO
29. ALWAYS PRESENT BASIC SYSTEM GROUPS
Groups that cannot be removed or their role changed
While this might seem like a backwards step, this groups are really
corner stones that CMS ACL cannot work without. Equivalent to
unix wheel and anonymous groups roles.
Having groups system can always rely on -> RELIABILITY,
better performance and better security
// including root configuration hack that is not need anymore //
FORKITO
30. ALWAYS PRESENT BASIC SYSTEM GROUPS
Everyone
- Not-authenticated - anonymous visitors
- Authenticated – anyone that is logged in
-- Admins – replacing global core.admin permission (equivalent to
unix wheel group)
FORKITO
35. MULTIPLE ITEMS AUTHORIZATION EXAMPLE
JPluginHelper::_load()
Joomla
$levels = implode(',', $user->getAuthorisedViewLevels());
...
$query->select('folder AS type, element AS name, params')
->from('#__extensions')
->where('enabled >= 1')
->where('type ='.$db->Quote('plugin'))
->where('state >= 0')
->where('access IN ('.$levels.')')
->order('ordering');
FORKITO
36. MULTIPLE ITEMS AUTHORIZATION EXAMPLE
Forkito ACL
$query->select('e.folder AS type, e.element AS name, e.params, e.extension_id,
e.asset_id')
->from('#__extensions AS e')
->where('enabled >= 1')
->where('type ='.$db->Quote('plugin'))
->where('state >= 0')
->order('ordering');
jimport('molajo.access.access');
MAccess::insertFilterQuery($db, $query, 'e.asset_id', 'core.view');
FORKITO
37. MULTIPLE ITEMS AUTHORIZATION EXAMPLE
The same function is used in categories helper, modules helper,
com_content articles model – anywhere where list of items needs
to be filtered
FORKITO
38. USER INTERFACE
Insert acl widget HTML: MHtmlPermissions::aclWidget
Get ready-made acl widget in shape of Joomla form field:
MFormFieldAclwidget
Very simple to include ACL widget in your component layout
FORKITO