The document is a tutorial about designing and implementing a wiki database and application using Howdah. It discusses designing the database and application, defining API contracts, adding user authentication and authorization features including administrative users, and adding a new feature to the user profile page to list pages edited by each user. Security, permissions, and data confidentiality are important considerations throughout the design process.
Making everything better with OSGi - a happy case study in building a really ...mfrancis
OSGi Community Event 2014
Abstract:
The WebSphere Application Server Liberty Profile makes extensive use of OSGi technologies to achieve a dynamic, compact, flexible and powerful application server. Using a foundation of Equinox, Subsytems, Configuration Admin, Metatype, and Declarative Services, we built a right-sized elastically-capable runtimes which allows users to get going with (almost) zero-setup, (almost) zero-hardware, and (really) zero-migration.
This talk will discuss how Liberty uses OSGi, what OSGi gives us, why OSGi services are the best thing since sliced bread, what we've learned, and our development best practices.
Speaker Bio:
Holly Cummins is a senior software engineer developing enterprise middleware with the IBM WebSphere, and a committer on the Apache Aries project. She is a co-author of Enterprise OSGi in Action and has spoken at Devoxx, JavaZone, The ServerSide Java Symposium, JAX London, GeeCon, and the Great Indian Developer Summit, as well as a number of user groups.
Chad Udell - Developers are from Mars, Designers are from Venus360|Conferences
Where’s the love? Well, often when two coworkers from very different backgrounds are expected to work together, it can be tough to find. Designers and developers can indeed get along with a little foresight on process and understanding of the obstacles along the project’s path. Join Chad Udell in discovering some of those key differences and learn how to overcome them in order to create a blissful state of collaboration
Making everything better with OSGi - a happy case study in building a really ...mfrancis
OSGi Community Event 2014
Abstract:
The WebSphere Application Server Liberty Profile makes extensive use of OSGi technologies to achieve a dynamic, compact, flexible and powerful application server. Using a foundation of Equinox, Subsytems, Configuration Admin, Metatype, and Declarative Services, we built a right-sized elastically-capable runtimes which allows users to get going with (almost) zero-setup, (almost) zero-hardware, and (really) zero-migration.
This talk will discuss how Liberty uses OSGi, what OSGi gives us, why OSGi services are the best thing since sliced bread, what we've learned, and our development best practices.
Speaker Bio:
Holly Cummins is a senior software engineer developing enterprise middleware with the IBM WebSphere, and a committer on the Apache Aries project. She is a co-author of Enterprise OSGi in Action and has spoken at Devoxx, JavaZone, The ServerSide Java Symposium, JAX London, GeeCon, and the Great Indian Developer Summit, as well as a number of user groups.
Chad Udell - Developers are from Mars, Designers are from Venus360|Conferences
Where’s the love? Well, often when two coworkers from very different backgrounds are expected to work together, it can be tough to find. Designers and developers can indeed get along with a little foresight on process and understanding of the obstacles along the project’s path. Join Chad Udell in discovering some of those key differences and learn how to overcome them in order to create a blissful state of collaboration
Presentation for the 34th Ruby-Kansai meeting. Credits: some of the images inside are from the Jeff Lindsay's presentations "Web Hooks and the Programmable World of Tomorrow" and "Using Web Hooks" (see the presenter notes below the slides)
Presentatie voor http://www.detoekomstvandm.nl/ waar direct marketeers praten over de toekomst van het vak. DM moet leren luisteren en vervolgens de online conversatie aangaan.
In this semi-technical talk, Fred Benenson, Creative Commons' Product Manager will describe best practices for integrating CC licenses and CC licensed content in video. Also covered will be the various ways in which CC licenses are expressed currently on platforms and in communities, as well as future directions for the public licensing scheme in the video ecosphere. Particular attention will be paid to best practices for attribution, RDFa and HTML5 markup, Ogg Theora license expression and creation of standardized video assets for CC licensing in digital content.
More info available here:
http://wiki.creativecommons.org/RDFa
Choosing the right software architecture for your project is very important. Besides the framework decision there are many other key issues you need to take into account and which have an impact on such things like maintainability, scalability and also the frequency of possible deployments. In this session you will to learn why you have to remove Co-dependency in your source code, which patterns there are for successful scaling and how the choosen framework influences your architecture.
Content Management Selection and StrategyIvo Jansch
A presentation I did at the IMS 2009 event in London, helping organizations define a content management system strategy and helping them with the selection of CMS systems.
My talk on Innovation in Open Networks at the Queen Rania Center for Entrepreneurship Entrepreneurship Week program on May 20, 2009. Similar to some past presentations with limited new material for those who have seen my other presentations.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Presentation for the 34th Ruby-Kansai meeting. Credits: some of the images inside are from the Jeff Lindsay's presentations "Web Hooks and the Programmable World of Tomorrow" and "Using Web Hooks" (see the presenter notes below the slides)
Presentatie voor http://www.detoekomstvandm.nl/ waar direct marketeers praten over de toekomst van het vak. DM moet leren luisteren en vervolgens de online conversatie aangaan.
In this semi-technical talk, Fred Benenson, Creative Commons' Product Manager will describe best practices for integrating CC licenses and CC licensed content in video. Also covered will be the various ways in which CC licenses are expressed currently on platforms and in communities, as well as future directions for the public licensing scheme in the video ecosphere. Particular attention will be paid to best practices for attribution, RDFa and HTML5 markup, Ogg Theora license expression and creation of standardized video assets for CC licensing in digital content.
More info available here:
http://wiki.creativecommons.org/RDFa
Choosing the right software architecture for your project is very important. Besides the framework decision there are many other key issues you need to take into account and which have an impact on such things like maintainability, scalability and also the frequency of possible deployments. In this session you will to learn why you have to remove Co-dependency in your source code, which patterns there are for successful scaling and how the choosen framework influences your architecture.
Content Management Selection and StrategyIvo Jansch
A presentation I did at the IMS 2009 event in London, helping organizations define a content management system strategy and helping them with the selection of CMS systems.
My talk on Innovation in Open Networks at the Queen Rania Center for Entrepreneurship Entrepreneurship Week program on May 20, 2009. Similar to some past presentations with limited new material for those who have seen my other presentations.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
2. Why?
Howdah is for people who really “get” databases
Howdah treats your database as code. Procedures,
and hand-written SQL.
Would you automate python generation? Then why
SQL?
Just because it’s not code you’re comfortable with,
doesn’t make it any less code.
2
Tuesday, October 20, 2009
3. What shall we build?
Today, we’ll be talking about designing and
implementing a Wiki.
3
Tuesday, October 20, 2009
4. Why a Wiki?
Canonical example
Simple enough to define in an afternoon
Complex enough to require in-depth exploration
4
Tuesday, October 20, 2009
5. Why a Wiki?
Public and Private permissions/users
Read/write collaborative model
5
Tuesday, October 20, 2009
6. Design vs. Code
Speaking more on Design than on Code
Why is more important than How.
How is still important
6
Tuesday, October 20, 2009
12. Database
Based on our Application design, what expansions do
we need?
12
Tuesday, October 20, 2009
13. Database
Based on our Application design, what expansions do
we need?
Why do we need them?
13
Tuesday, October 20, 2009
14. Application
With the new DB features, what changes?
14
Tuesday, October 20, 2009
15. Application
With the new DB features, what changes?
What new ideas are evident?
15
Tuesday, October 20, 2009
16. Application
With the new DB features, what changes?
What new ideas are evident?
Do the changes make things easier?
16
Tuesday, October 20, 2009
17. STEP 3:
API CONTRACTS
17
Tuesday, October 20, 2009
18. Database
Defining our API
What stored procedures do we need?
18
Tuesday, October 20, 2009
19. Database
Defining our API
What stored procedures do we need?
What should they do?
19
Tuesday, October 20, 2009
20. Database
Defining our API
What exceptions do we need?
20
Tuesday, October 20, 2009
21. Database
Defining our API
What exceptions do we need?
Null data
Bad data
No such record
21
Tuesday, October 20, 2009
22. Application
Defining our API
What models do we need?
22
Tuesday, October 20, 2009
23. Application
Defining our API
What exceptions do we need?
23
Tuesday, October 20, 2009
24. Application
Defining our API
What exceptions do we need?
What do DB exceptions become?
What HTTP responses should the exceptions
raise?
24
Tuesday, October 20, 2009
25. Application
Defining our API
What views do we need?
25
Tuesday, October 20, 2009
26. Application
Defining our API
What views do we need?
What views are read-only? Read-write? Write-only?
26
Tuesday, October 20, 2009
27. STEP 4:
FIRST EXPANSION
USERS
27
Tuesday, October 20, 2009
28. Database
Users
User system!
28
Tuesday, October 20, 2009
29. Database
Users
User system!
VerticallyChallenged for users
29
Tuesday, October 20, 2009
30. Database
Users
User system!
VerticallyChallenged for users
How to set up VC
30
Tuesday, October 20, 2009
31. Database
Users
Stored Procedures - How do we adapt them?
How does this affect our API contract?
31
Tuesday, October 20, 2009
32. Application
Users
Using @needs to define permissions
How should views be protected?
32
Tuesday, October 20, 2009
33. Application
Users
Using @needs to define permissions
How should views be protected?
Should anonymous users have write permission?
33
Tuesday, October 20, 2009
34. Application
Users
Permissions violations
What should no user return?
What should a bad user return?
What should insufficient permissions return?
34
Tuesday, October 20, 2009
35. Application
Users
Why - Are there better mechanisms?
35
Tuesday, October 20, 2009
36. STEP 5:
ADMINISTRATIVE
USERS
36
Tuesday, October 20, 2009
37. Database
Administrators
What delineates an admin?
What special things can an admin do?
Should admins be otherwise normal users?
37
Tuesday, October 20, 2009
38. Database
Administrators
Root-level permissions:
Should the database superuser ever be allowed to log
in from the web app?
38
Tuesday, October 20, 2009
39. Database
Administrators
Root-level permissions:
Should the database superuser ever be allowed to log
in from the web app?
Why?
39
Tuesday, October 20, 2009
40. Application
Administrators
What delineates an Admin?
40
Tuesday, October 20, 2009
41. Application
Administrators
Design
Are there special admin-only views?
How do we protect admin privileges?
Are there user-specific views? Do admins have
permission to access those?
Is anything changed by the DB layer?
41
Tuesday, October 20, 2009
42. Application
Administrators
Should administrators be able to view everything?
42
Tuesday, October 20, 2009
43. Application
Administrators
Should administrators be able to view everything?
What about privileged information?
HIPAA, lawyer confidentiality
43
Tuesday, October 20, 2009
44. Application
Administrators
Should administrators be able to view everything?
What about privileged information?
HIPAA, lawyer confidentiality
How can we protect privileged information like this?
Can we ever guarantee protection? How?
44
Tuesday, October 20, 2009
45. STEP 6:
A NEW FEATURE
45
Tuesday, October 20, 2009
46. A New Feature
Let’s add a user profile page
Specifically list the pages that a user has edited
46
Tuesday, October 20, 2009
47. Database
A New Feature
Design first!
47
Tuesday, October 20, 2009
48. Database
A New Feature
Design first!
Do we need new stored procedures?
What are they?
Who has access to them?
Does this require write access?
48
Tuesday, October 20, 2009
49. Application
A New Feature
What does the app need to support this?
49
Tuesday, October 20, 2009
50. Application
A New Feature
What does the app need to support this?
What views do we need?
50
Tuesday, October 20, 2009
51. Application
A New Feature
What does the app need to support this?
What views do we need?
Who has access to the views?
Logged-in users only?
51
Tuesday, October 20, 2009
52. Application
A New Feature
What about security and data confidentiality?
What security issues could be present?
52
Tuesday, October 20, 2009
53. Application
A New Feature
What about security and data confidentiality?
What security issues could be present?
Do we list entries that a user may not have read
access to?
53
Tuesday, October 20, 2009
54. Application
A New Feature
What about security and data confidentiality?
What security issues could be present?
Do we list entries that a user may not have read
access to?
Should we list nothing, instead?
Why do it like this? Are there better solutions?
54
Tuesday, October 20, 2009