Adam Shostack's keynote from Appsec PNW 2023, explaining lessons we can learn from bridge engineering as the US adds a Cyber Safety Review Board and software liability.
Chaos engineering open science for software engineering - kube con north am...Sylvain Hellegouarch
This document discusses chaos engineering and the need for more reliable systems. It begins with examples of past engineering failures from NASA space missions. It then discusses the emergence of chaos engineering practices and the formation of a CNCF working group to develop standards. The document outlines deliverables for the working group, including a whitepaper and landscape of chaos engineering tools. It argues that chaos engineering should be viewed as an open science for exploring reliability. It proposes initiatives like the Open Chaos Initiative to share experiments and findings across organizations to improve reliability through collective learning.
Have the Bad Guys Won the Cyber security War...Andrew Hammond
The document discusses cybersecurity threats and how quantum technologies may help address them. It summarizes that while the bad guys have not won the cyber war, they are ahead of the curve. Encryption protects against most threats, and quantum cryptography can protect against quantum computers by providing future-proof security. For a truly secure future, standards, best practices, and ongoing technology development are needed to transition from unsafe to safe and secure cryptography, including the development of quantum-safe and quantum cryptography methods.
The document discusses cybersecurity threats and how quantum technologies may help address them. It summarizes that while bad cyber actors have not yet won, they are ahead of the curve. Encryption protects against most threats, and quantum cryptography can protect against threats from quantum computers by providing future-proof security. For a truly secure future, standards, best practices, and ongoing technology development are needed to transition from currently unsafe cryptography to quantum-safe and quantum-based solutions.
Testing Is How You Avoid Looking StupidSteve Branam
Presented at With The Best IOT online conference, Oct 14 2017: As IOT products become more pervasive, they have an increasing ability to adversely affect the lives of their users and those around them. Testing is the due diligence that closes the engineering loop to verify proper behavior. This presents an introductory overview to testing for IOT products, covering the IOT triad: embedded IOT devices, backend servers, and frontend apps. I talk about the consequences of inadequate testing for companies and individual contributors, and levels and types of testing.
Choking the monolith - The Strangler (Fig) Pattern AppliedTobiasGoeschel
The so called "Strangler Fig" (aka "Strangler") pattern is a much cited strategy for replacing legacy systems with new, often microservice-based architectures. However, it's not actually a microservice pattern, and there are several - quite different - ways to implement it. Are you confused yet?
Fear not: We will have a look at the theory, and then explore together, how Strangler Fig could be used to improve and replace a project worthy being called "The Most Horrible Piece Of Code in the World".
Why defensive research is sexy too.. … and a real sign of skillOllie Whitehouse
This document discusses the importance and challenges of defensive cybersecurity research. It notes that while offensive research may be easier due to exploitable technology vulnerabilities, defensive research is important for protecting systems and data from attackers. Defensive research involves efforts like finding and mitigating vulnerabilities, developing detection and response capabilities, understanding evolving attack techniques, and improving security standards and implementations. The document outlines many open challenges in areas like phishing, malware, memory corruption, and forensics. It argues that to be successful, defensive ideas must be practical, scalable, cost-effective, and widely adopted. The rewards of defensive research are more intangible compared to offensive research, but are still very important for enhancing security.
LJCConf 2013 "Chuck Norris Doesn't Need DevOps"Daniel Bryant
We all hear the term "DevOps" being thrown around on a daily basis, but what does it actually mean? With a little help from everyone's favourite 80's action hero, we'll undergo a whistle-stop tour of the philosophy, culture and tooling behind this buzzword, specifically aimed at Java Developers. We'll also look at a real-world case study from Instant Access Technologies Ltd, and explore the key role that DevOps has played during a successful upgrade of the epoints customer loyalty platform to support increasing traffic. The core discussion will focus on the challenges encountered as we moved from a monolithic app deployed into a data centre on a 'big bang' schedule, to a platform of loosely-coupled components, all being continuously deployed into the Cloud.
Chaos engineering open science for software engineering - kube con north am...Sylvain Hellegouarch
This document discusses chaos engineering and the need for more reliable systems. It begins with examples of past engineering failures from NASA space missions. It then discusses the emergence of chaos engineering practices and the formation of a CNCF working group to develop standards. The document outlines deliverables for the working group, including a whitepaper and landscape of chaos engineering tools. It argues that chaos engineering should be viewed as an open science for exploring reliability. It proposes initiatives like the Open Chaos Initiative to share experiments and findings across organizations to improve reliability through collective learning.
Have the Bad Guys Won the Cyber security War...Andrew Hammond
The document discusses cybersecurity threats and how quantum technologies may help address them. It summarizes that while the bad guys have not won the cyber war, they are ahead of the curve. Encryption protects against most threats, and quantum cryptography can protect against quantum computers by providing future-proof security. For a truly secure future, standards, best practices, and ongoing technology development are needed to transition from unsafe to safe and secure cryptography, including the development of quantum-safe and quantum cryptography methods.
The document discusses cybersecurity threats and how quantum technologies may help address them. It summarizes that while bad cyber actors have not yet won, they are ahead of the curve. Encryption protects against most threats, and quantum cryptography can protect against threats from quantum computers by providing future-proof security. For a truly secure future, standards, best practices, and ongoing technology development are needed to transition from currently unsafe cryptography to quantum-safe and quantum-based solutions.
Testing Is How You Avoid Looking StupidSteve Branam
Presented at With The Best IOT online conference, Oct 14 2017: As IOT products become more pervasive, they have an increasing ability to adversely affect the lives of their users and those around them. Testing is the due diligence that closes the engineering loop to verify proper behavior. This presents an introductory overview to testing for IOT products, covering the IOT triad: embedded IOT devices, backend servers, and frontend apps. I talk about the consequences of inadequate testing for companies and individual contributors, and levels and types of testing.
Choking the monolith - The Strangler (Fig) Pattern AppliedTobiasGoeschel
The so called "Strangler Fig" (aka "Strangler") pattern is a much cited strategy for replacing legacy systems with new, often microservice-based architectures. However, it's not actually a microservice pattern, and there are several - quite different - ways to implement it. Are you confused yet?
Fear not: We will have a look at the theory, and then explore together, how Strangler Fig could be used to improve and replace a project worthy being called "The Most Horrible Piece Of Code in the World".
Why defensive research is sexy too.. … and a real sign of skillOllie Whitehouse
This document discusses the importance and challenges of defensive cybersecurity research. It notes that while offensive research may be easier due to exploitable technology vulnerabilities, defensive research is important for protecting systems and data from attackers. Defensive research involves efforts like finding and mitigating vulnerabilities, developing detection and response capabilities, understanding evolving attack techniques, and improving security standards and implementations. The document outlines many open challenges in areas like phishing, malware, memory corruption, and forensics. It argues that to be successful, defensive ideas must be practical, scalable, cost-effective, and widely adopted. The rewards of defensive research are more intangible compared to offensive research, but are still very important for enhancing security.
LJCConf 2013 "Chuck Norris Doesn't Need DevOps"Daniel Bryant
We all hear the term "DevOps" being thrown around on a daily basis, but what does it actually mean? With a little help from everyone's favourite 80's action hero, we'll undergo a whistle-stop tour of the philosophy, culture and tooling behind this buzzword, specifically aimed at Java Developers. We'll also look at a real-world case study from Instant Access Technologies Ltd, and explore the key role that DevOps has played during a successful upgrade of the epoints customer loyalty platform to support increasing traffic. The core discussion will focus on the challenges encountered as we moved from a monolithic app deployed into a data centre on a 'big bang' schedule, to a platform of loosely-coupled components, all being continuously deployed into the Cloud.
Rust and the coming age of high integrity languagesAdaCore
This document discusses Rust and its role as a "high integrity language" that can help address memory safety issues. It provides an overview of Rust's key features like ownership and borrowing that enforce memory safety. It argues that memory safety is becoming an increasingly important issue and that tools like Rust may see more adoption as industries face growing pressure to address vulnerabilities caused by memory safety problems. While Rust's success depends on broader trends, its focus on memory safety positions it well to help industries grappling with this challenge.
Ibrahim M. El-Sayed discusses Capture the Flag (CTF) competitions and bug bounty programs. CTFs are ethical hacking competitions where participants solve computer security challenges to capture flags and earn points for their team. They have been held since the 1990s and involve categories like pwnable, web, forensics, and crypto challenges. Bug bounty programs allow security researchers to test products for bugs and get rewarded for valid vulnerability reports. Top companies like Facebook, Apple, and Google run prominent bug bounty programs. Both CTFs and bug bounties provide hands-on experience for security careers, but bug bounties more closely mirror real-world vulnerability discovery and have monetary rewards.
Augury and Omens Aside, Part 1: The Business Case for Apache MesosPaco Nathan
The document discusses the business case for Apache Mesos and provides three key points:
1. Mesos enables orders of magnitude in cost savings over prior solutions by facilitating paradigm shifts at multiple levels of the technology stack for cluster computing.
2. Recent news includes the release of Mesos 0.19 and the announcement of the inaugural MesosCon conference.
3. Mesos addresses challenges of running mixed workloads on commodity hardware and scheduling services, which can provide more efficient utilization of computing resources than prior solutions.
From Virtual Reality to Blockchain: Current and Emerging Tech TrendsBohyun Kim
Webinar given for the LibraryLinkNJ, The New Jersey Library Cooperative on May 8, 2018. http://librarylinknj.org/
CC-BY-NC 4.0
[https://creativecommons.org/licenses/by-nc/4.0/]
As technologists, we live partially in the future. We are always making implicit bets based on our predictions of what the future will bring. To better understand our powers of prediction, it can be helpful to look back into the past, to review our biases and best guesses in retrospect. As we seek to understand this next tech cycle, Bryan Cantrill takes us through a series of predictions made over the past two decades to see what actually came to pass, what was stunningly wrong, and what may still be emerging in the industry in 2022 and beyond.
To watch all of the recordings hosted during Scylla Summit 2022 visit our website here: https://www.scylladb.com/summit.
The document discusses definitions of the Internet of Things (IoT). It provides several definitions from various organizations that describe the IoT as connecting physical objects through standard internet protocols and allowing them to generate, exchange and consume data. The document also discusses the evolution of the IoT through different waves, starting with connecting PCs, then people through mobile/cloud, and the current wave of connecting everything through ubiquitous embedded systems like sensors. Finally, the document outlines some of the key enabling technologies and standards that help make the IoT possible, such as 6LoWPAN, CoAP and IEEE protocols.
The Impact of Cloud, Mobile, and Managing the Changing Platforms of Digital Collections presented by Carl Grant, Associate Dean, Knowledge Services & Chief Technology Officer, University of Oklahoma Libraries for the October 16, 2013 NISO Virtual Conference: Revolution or Evolution: The Organizational Impact of Electronic Content.
This talk by Stefan Streichsbier, Co-Founder of GuardRails.io, provides a brief history of how development, operations and security testing have become highly complex. It continues to outline the key problems with traditional security solutions and why in 2020 companies around the world are still figuring out a good way to manage security as part of rapid development cycles. Specifically, the big challenge of introducing and fixing new security issues versus tackling the existing security dept of existing applications.
To quote Bishop Desmond Tutu, “There comes a point where we need to stop just pulling people out of the river. We need to go upstream and find out why they’re falling in.”
After setting the stage, the remainder of the talk will focus on the paradigm shift that security solutions have to incorporate in order to solve the problem of sustainably secure applications on all layers. This will explore how the elements of Speed, Just in time training, and Data science have to be leveraged to empower development teams around the globe to get ahead for once and finally become able to move fast and be safe at the same time.
The 3 core takeaways for the audience are:
1.) Where security practices have gone wrong so far.
2.) What new technologies will cause a paradigm shift in how security is applied at scale.
3.) How security will look like in 5-10 years.
This talk gives an overview of development of software engineering since the term was coined in 1967. The presentation identifies major eras in software development, as well as cross-cutting themes (including abstraction, modularity, user experience, management, and tools), key advances over the 50 years, and some forecasts for the near future. A recurring theme is that hardware advances drove software innovation. The presentation concludes with the observation that software has now become critical global infrastructure and that software engineers must be aware of their responsibility to society. The presentation also contains photos by the author of many of the cities that were host to the International Conference on Software Engineering. This presentation was originally given at the School of Computing at the National University of Singapore and at the SF Bay Area Chapter of the ACM.
Introduction talk at the University of Strathclyde (Scotland) Algorithms Workshop, providing a quick overview of the fundamental and practical reasons why algorithms are/are not technical black boxes. (This talk does not address issues of trade secret or other business reasons for lack of transparency). The presentation was given to an audience of academics and students at the law department.
Jim Spohrer directs IBM's open-source AI efforts and gives a presentation on the future of AI, discussing timelines for solving different AI challenges, leaders in the field, and implications for stakeholders in preparing for both the benefits and risks of advanced AI. The document also includes slides on AI progress benchmarks, computing costs over time, economic growth projections with AI, and other emerging technologies that could have a larger impact than AI.
Software Development in Uncertain Times (VoxxedDays Athens 2022)Michail Argyriou
The document discusses dealing with uncertainty in software development projects. It notes that software projects are threatened by late, unexpected complexity introduced due to uncertainty in requirements, technology, and people. Several "fallacies" that arise due to uncertainty are discussed, such as assuming a project can be completed with a single technology or that adding more people to a late project will make it finish sooner. The document provides examples and recommendations for handling different sources of uncertainty, such as embracing change, avoiding hype, and using redundancy and disaster recovery strategies for unreliable networks.
Artificial Intelligence Risk Assessment using Microsoft Azure Cognitive ServicesRob Eby
Team 4 presented on using AI and cognitive services to assess risk from photographs of cable environments. The current app uses mobile devices to take photos and send them to a storage folder, then a web app interface uses cognitive services on Azure to analyze the photos and return results in real time. Future enhancements may include a database, logic apps, and other improvements to the architecture. The demo showed proof of concept for assisting safety inspections through automated image analysis.
This document provides an overview of a workshop on web science. It includes an agenda with topics such as an introduction to web science, aspects of the web, observing the web through web observatories, modeling aspects of the web, and the past and future of the web. It also provides details about project work sessions and social events during the workshop. Examples of bias in the web are discussed, such as bias in devices, software, content and data, and social networks. Methods for observing and collecting data from the web are addressed, along with challenges around data collection and publishing.
This document discusses the emerging field of social semantic sensor web. It describes how the proliferation of sensors embedded in devices, homes, cars, etc. can be connected to the social web and annotated with semantic technologies. This would allow machines to better understand sensor data, such as using ontologies to infer weather conditions from different sensor readings. The document outlines technologies like the SSN ontology for describing sensors and how sensor data could be attached to social media posts. Finally, it discusses potential applications in areas like disaster management, traffic reporting, and crowdsourcing health data.
This document provides an introduction to a course on digital integrated circuit design. It outlines the aims and objectives of the course, which are to introduce the basics of digital integrated circuit design and allow students to comprehend various issues related to development. The course topics include fabrication, design methodologies and tools, and future trends. It also provides an outline of the course schedule and information on assessment.
Using KeyLines 3.0 to visualize your cyber data at scale
Cyber security analysts face data overload. They work with information on a massive scale, generated at millisecond levels of resolution detailing increasingly complex attacks.
To make sense of this data, analysts need an intuitive and engaging way to explore it: that’s where graph visualization plays a role.
During this session, Corey will show examples of how graph visualization can help users explore, understand and derive insight from real-world cyber security datasets.
You will learn:
• How graph visualization can help you extract insight from cyber data
• How to visualize your cyber security graph data at scale using WebGL
• Why KeyLines 3.0 is the go-to tool for large-scale cyber graph visualization.
This session is suitable for a non-technical audience.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
More Related Content
Similar to From Tacoma Narrows to West Seattle…Appsec Lessons from A Century of Pacific Northwest Bridge Failures
Rust and the coming age of high integrity languagesAdaCore
This document discusses Rust and its role as a "high integrity language" that can help address memory safety issues. It provides an overview of Rust's key features like ownership and borrowing that enforce memory safety. It argues that memory safety is becoming an increasingly important issue and that tools like Rust may see more adoption as industries face growing pressure to address vulnerabilities caused by memory safety problems. While Rust's success depends on broader trends, its focus on memory safety positions it well to help industries grappling with this challenge.
Ibrahim M. El-Sayed discusses Capture the Flag (CTF) competitions and bug bounty programs. CTFs are ethical hacking competitions where participants solve computer security challenges to capture flags and earn points for their team. They have been held since the 1990s and involve categories like pwnable, web, forensics, and crypto challenges. Bug bounty programs allow security researchers to test products for bugs and get rewarded for valid vulnerability reports. Top companies like Facebook, Apple, and Google run prominent bug bounty programs. Both CTFs and bug bounties provide hands-on experience for security careers, but bug bounties more closely mirror real-world vulnerability discovery and have monetary rewards.
Augury and Omens Aside, Part 1: The Business Case for Apache MesosPaco Nathan
The document discusses the business case for Apache Mesos and provides three key points:
1. Mesos enables orders of magnitude in cost savings over prior solutions by facilitating paradigm shifts at multiple levels of the technology stack for cluster computing.
2. Recent news includes the release of Mesos 0.19 and the announcement of the inaugural MesosCon conference.
3. Mesos addresses challenges of running mixed workloads on commodity hardware and scheduling services, which can provide more efficient utilization of computing resources than prior solutions.
From Virtual Reality to Blockchain: Current and Emerging Tech TrendsBohyun Kim
Webinar given for the LibraryLinkNJ, The New Jersey Library Cooperative on May 8, 2018. http://librarylinknj.org/
CC-BY-NC 4.0
[https://creativecommons.org/licenses/by-nc/4.0/]
As technologists, we live partially in the future. We are always making implicit bets based on our predictions of what the future will bring. To better understand our powers of prediction, it can be helpful to look back into the past, to review our biases and best guesses in retrospect. As we seek to understand this next tech cycle, Bryan Cantrill takes us through a series of predictions made over the past two decades to see what actually came to pass, what was stunningly wrong, and what may still be emerging in the industry in 2022 and beyond.
To watch all of the recordings hosted during Scylla Summit 2022 visit our website here: https://www.scylladb.com/summit.
The document discusses definitions of the Internet of Things (IoT). It provides several definitions from various organizations that describe the IoT as connecting physical objects through standard internet protocols and allowing them to generate, exchange and consume data. The document also discusses the evolution of the IoT through different waves, starting with connecting PCs, then people through mobile/cloud, and the current wave of connecting everything through ubiquitous embedded systems like sensors. Finally, the document outlines some of the key enabling technologies and standards that help make the IoT possible, such as 6LoWPAN, CoAP and IEEE protocols.
The Impact of Cloud, Mobile, and Managing the Changing Platforms of Digital Collections presented by Carl Grant, Associate Dean, Knowledge Services & Chief Technology Officer, University of Oklahoma Libraries for the October 16, 2013 NISO Virtual Conference: Revolution or Evolution: The Organizational Impact of Electronic Content.
This talk by Stefan Streichsbier, Co-Founder of GuardRails.io, provides a brief history of how development, operations and security testing have become highly complex. It continues to outline the key problems with traditional security solutions and why in 2020 companies around the world are still figuring out a good way to manage security as part of rapid development cycles. Specifically, the big challenge of introducing and fixing new security issues versus tackling the existing security dept of existing applications.
To quote Bishop Desmond Tutu, “There comes a point where we need to stop just pulling people out of the river. We need to go upstream and find out why they’re falling in.”
After setting the stage, the remainder of the talk will focus on the paradigm shift that security solutions have to incorporate in order to solve the problem of sustainably secure applications on all layers. This will explore how the elements of Speed, Just in time training, and Data science have to be leveraged to empower development teams around the globe to get ahead for once and finally become able to move fast and be safe at the same time.
The 3 core takeaways for the audience are:
1.) Where security practices have gone wrong so far.
2.) What new technologies will cause a paradigm shift in how security is applied at scale.
3.) How security will look like in 5-10 years.
This talk gives an overview of development of software engineering since the term was coined in 1967. The presentation identifies major eras in software development, as well as cross-cutting themes (including abstraction, modularity, user experience, management, and tools), key advances over the 50 years, and some forecasts for the near future. A recurring theme is that hardware advances drove software innovation. The presentation concludes with the observation that software has now become critical global infrastructure and that software engineers must be aware of their responsibility to society. The presentation also contains photos by the author of many of the cities that were host to the International Conference on Software Engineering. This presentation was originally given at the School of Computing at the National University of Singapore and at the SF Bay Area Chapter of the ACM.
Introduction talk at the University of Strathclyde (Scotland) Algorithms Workshop, providing a quick overview of the fundamental and practical reasons why algorithms are/are not technical black boxes. (This talk does not address issues of trade secret or other business reasons for lack of transparency). The presentation was given to an audience of academics and students at the law department.
Jim Spohrer directs IBM's open-source AI efforts and gives a presentation on the future of AI, discussing timelines for solving different AI challenges, leaders in the field, and implications for stakeholders in preparing for both the benefits and risks of advanced AI. The document also includes slides on AI progress benchmarks, computing costs over time, economic growth projections with AI, and other emerging technologies that could have a larger impact than AI.
Software Development in Uncertain Times (VoxxedDays Athens 2022)Michail Argyriou
The document discusses dealing with uncertainty in software development projects. It notes that software projects are threatened by late, unexpected complexity introduced due to uncertainty in requirements, technology, and people. Several "fallacies" that arise due to uncertainty are discussed, such as assuming a project can be completed with a single technology or that adding more people to a late project will make it finish sooner. The document provides examples and recommendations for handling different sources of uncertainty, such as embracing change, avoiding hype, and using redundancy and disaster recovery strategies for unreliable networks.
Artificial Intelligence Risk Assessment using Microsoft Azure Cognitive ServicesRob Eby
Team 4 presented on using AI and cognitive services to assess risk from photographs of cable environments. The current app uses mobile devices to take photos and send them to a storage folder, then a web app interface uses cognitive services on Azure to analyze the photos and return results in real time. Future enhancements may include a database, logic apps, and other improvements to the architecture. The demo showed proof of concept for assisting safety inspections through automated image analysis.
This document provides an overview of a workshop on web science. It includes an agenda with topics such as an introduction to web science, aspects of the web, observing the web through web observatories, modeling aspects of the web, and the past and future of the web. It also provides details about project work sessions and social events during the workshop. Examples of bias in the web are discussed, such as bias in devices, software, content and data, and social networks. Methods for observing and collecting data from the web are addressed, along with challenges around data collection and publishing.
This document discusses the emerging field of social semantic sensor web. It describes how the proliferation of sensors embedded in devices, homes, cars, etc. can be connected to the social web and annotated with semantic technologies. This would allow machines to better understand sensor data, such as using ontologies to infer weather conditions from different sensor readings. The document outlines technologies like the SSN ontology for describing sensors and how sensor data could be attached to social media posts. Finally, it discusses potential applications in areas like disaster management, traffic reporting, and crowdsourcing health data.
This document provides an introduction to a course on digital integrated circuit design. It outlines the aims and objectives of the course, which are to introduce the basics of digital integrated circuit design and allow students to comprehend various issues related to development. The course topics include fabrication, design methodologies and tools, and future trends. It also provides an outline of the course schedule and information on assessment.
Using KeyLines 3.0 to visualize your cyber data at scale
Cyber security analysts face data overload. They work with information on a massive scale, generated at millisecond levels of resolution detailing increasingly complex attacks.
To make sense of this data, analysts need an intuitive and engaging way to explore it: that’s where graph visualization plays a role.
During this session, Corey will show examples of how graph visualization can help users explore, understand and derive insight from real-world cyber security datasets.
You will learn:
• How graph visualization can help you extract insight from cyber data
• How to visualize your cyber security graph data at scale using WebGL
• Why KeyLines 3.0 is the go-to tool for large-scale cyber graph visualization.
This session is suitable for a non-technical audience.
Similar to From Tacoma Narrows to West Seattle…Appsec Lessons from A Century of Pacific Northwest Bridge Failures (20)
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
High performance Serverless Java on AWS- GoTo Amsterdam 2024Vadym Kazulkin
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless community. Java is known for its high cold start times and high memory footprint, comparing to other programming languages like Node.js and Python. In this talk I'll look at the general best practices and techniques we can use to decrease memory consumption, cold start times for Java Serverless development on AWS including GraalVM (Native Image) and AWS own offering SnapStart based on Firecracker microVM snapshot and restore and CRaC (Coordinated Restore at Checkpoint) runtime hooks. I'll also provide a lot of benchmarking on Lambda functions trying out various deployment package sizes, Lambda memory settings, Java compilation options and HTTP (a)synchronous clients and measure their impact on cold and warm start times.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
6. Engineering transformation
• Large bridges are not new
• Compressing stone scales well
• Rope suspension bridges around the world
• Iron
• 1779: wrought iron first used for a full bridge
• 1850s: large scale use
• Later: steel, carbon fiber
• Each transformation required experimentation
8. Example: George Washington Bridge (NY)
• Completed in 1931
• Longest main bridge span until Golden Gate (1937)
• At construction
• 103,000 tons of fabricated steel
• 25,000 tons of wire (106,000 miles!)
• 18,000 tons of masonry
• $59.5 m 1931 dollars (~$1.2 B 2023)
9. 1930s Bridges
George Washington Golden Gate Bronx-Whitestone Tacoma Narrows
Completion 1931 1937 1939 1940
Center span (feet) 3500 4200 2300 2800
Girder depth (feet) 29 25 11 8
Wind truss width 106 90 74 39
Ratio depth:length
(Girder/center span) 1:120 1:168 1:209 1:350
Ratio (Width:length) 1:33 1:47 1:31 1:72
Cost $59.5 m $35 m $19.7 m $6.4 m
From Hobbs, Catastrophe to Triumph,
WSU Press (2006)
10. Bridge failures are obvious
• Formal liability
• Civil
• Criminal
• Informal results
• Reputational
• Professional judgement
11.
12. Investigations
• External — outside the control of the builder
• Often seek to assign criminal or civil liability
• Adversarial
Excerpt from Leveson (2004)
13. Bridges vs software
Bridges
• Laws of physics
• Materials costs dominate
• Investigations
• Liability
Software
• Teaching sand new tricks
• Thinking cost dominates
• Cyber Safety Review Board (2022)
• US National Strategy (2023)
14. Software incident retros
• Currently run by companies,
filtered by PR
• Compare/contrast
• Operational incidents
• Security incidents
15. Cyber Safety Review Board (2022)
• Created by Executive Order on Improving the Nation’s Cybersecurity
• 30 years of calls for “an NTSB for software”
• Culminated in a NSF-funded workshop
• //shostack.org/resources/lessons
20. Software Liability (history)
• Legislative carve outs for software in the 60s/70s
• “No warranty…”
• …
• FTC Start with Security (2010s)
• California, 2016 not implementing CIS top 20 “constitutes a lack
of reasonable security.”
21. Liability (today)
• US National Cybersecurity Strategy
• “Software makers are able to leverage their market position to fully disclaim
liability by contract, further reducing their incentive to follow secure-by-design
principles or perform pre-release testing…” (pg 20)
• Shifting the Balance.. Principles for Security by Design from CISA+10
• FDA’s Refuse to Accept
• State laws (NY DFS, CCPA, WA My Health My Data)
22. Regulation and prescriptiveness
• Regulation is accompanied by prescriptive guidance
• Follow the rules and you’ll be ok (IANAL)
• Examples:
• Building codes specify wire gauge for given # amps, sockets every 6
feet...
• There are rules for driving and a test
• Recklessness as a backstop
23.
24. Specifics are good, right?
• Will liability backfire?
• Hide more incidents
• Hard to be 100%
• Cybersecurity frameworks are expansive, flexible
• Risk management escape hatch?
• What if you’re not 100% on NIST CSF, NYDFS, PCI…
• Are you more liable?
• What’s the acceptable bar for appsec?
25. Sample issues: Which “should” be liabile?
• Sample issues help us form thoughtful judgement
• Vulnerabilities
• Motherboards from Gigabyte insecurely download, run updates
(Eclypsium/Andy Greenberg in Wired, May 31, “Firmware backdoor”)
• Extracting audio from photographs
• Design
• Gear bought in 2010 running on Windows XP
• Gear designed in 2010 running on Windows XP
• (Win 7 was released 2009, XP end of life 2014)
26. Liability and open source
• Assigning liability to open source developers is clearly a bad
idea
• Open source is clearly an economic good
• Code as speech limits liability
• US National strategy:
• “Responsibility must be placed on the stakeholders most capable of taking
action to prevent bad outcomes, not on … the open-source developer of a
component...”
• “Final goods assembly”
• EU’s Cyber Resilience Act is more worrisome
• See Bert Hubert, //berthub.eu
27. Liability — a likely path (USA)
• Safe harbor for
• Those doing the right things (memory safety, threat modeling)
• Not doing the wrong things (shipping with known vulns)
• Open source developers (previous slide)
• Workshop and assembling of knowledge
• Defining the role of professional judgement
28. Change on the order of agile, cloud?
• Investigations, liability are a huge shift
• US, EU proceeding differently
• Investigations, liability might have prevented agile +/or cloud
31. Appsec transformations over 25 years
• SDL/SSDF becoming mainstream, required
• Platform improvements (languages, runtimes, tools)
• Skills for the few augmented by broadly held skills
• How do we achieve this?
• Similar to “the pipeline problem”, but different
32.
33. Ideas underlying Threats
• There are aspects of security every engineer should know
• This will be a massive shift
• Threats are a good lens, because ‘what can go wrong’ motivates
security features + properties in design
• See “A Fully Trained Jedi” (Blackhat) talk for more
38. References/Acks
• //Shostack.org/resources/lessons
• //berthub.eu
• GW Bridge photo, Juli Tejera
https://www.flickr.com/photos/134732149@N02/46765441525/
• Tay bridge remnants, Bruce Galloway
https://www.flickr.com/photos/jbg06003/22828988238/
• Books:
– Petroski, Engineers of Dreams
– Leveson, Engineering a Safer World
– Hobbs, Catastrophe to Triumph
39. abstract
The Pacific Northwest has an abundance of bridges, and most of them
seem to stand up well over the years, with notable exceptions and
problems. What can software learn from them? More importantly, the
software world is shifting to more transparency and
liability. Transparency is coming not only from the normalization of
breach notification and learning from incidents, but also with the
newly introduced CSRB. Liability is coming not only as part of the US
National Strategy, but from a plethora of more local regulation. What
does it mean for appsec practitioners, our employers and the open
source projects we work on?