Keep hearing about Plack and PSGI, and not really sure what they're for, and why they're popular? Maybe you're using Plack at work, and you're still copying-and-pasting `builder` lines in to your code without really knowing what's going on? What's the relationship between Plack, PSGI, and CGI? Plack from first principles works up from how CGI works, the evolution that PSGI represents, and how Plack provides a user-friendly layer on top of that.
Kicking off with Zend Expressive and Doctrine ORM (ZendCon 2016)James Titcumb
You've heard of the new Zend framework, Expressive, and you've heard it's the new hotness. In this talk, I will introduce the concepts of Expressive, how to bootstrap a simple application with the framework using best practices, and how to integrate a third party tool like Doctrine ORM.
Keep hearing about Plack and PSGI, and not really sure what they're for, and why they're popular? Maybe you're using Plack at work, and you're still copying-and-pasting `builder` lines in to your code without really knowing what's going on? What's the relationship between Plack, PSGI, and CGI? Plack from first principles works up from how CGI works, the evolution that PSGI represents, and how Plack provides a user-friendly layer on top of that.
Kicking off with Zend Expressive and Doctrine ORM (ZendCon 2016)James Titcumb
You've heard of the new Zend framework, Expressive, and you've heard it's the new hotness. In this talk, I will introduce the concepts of Expressive, how to bootstrap a simple application with the framework using best practices, and how to integrate a third party tool like Doctrine ORM.
Roll Your Own API Management Platform with nginx and LuaJon Moore
We recently replaced a proprietary API management solution with an in-house implementation built with nginx and Lua that let us get to a continuous delivery practice in a handful of months. Learn about our development process and the overall architecture that allowed us to write minimal amounts of code, enjoying native code performance while permitting interactive codeing, and how we leveraged other open source tools like Vagrant, Ansible, and OpenStack to build an automation-rich delivery pipeline. We will also take an in-depth look at our capacity management approach that differs from the rate limiting concept prevalent in the API community.
One of the most prolific parts of Zend Framework 2 is the Service Manager. Its many nooks and crannies dictate much of what happens inside our Zend Framework 2 applications and is incredibly powerful. Let's look into exactly what the Service Manager allows us to do and how we can take advantage of it for cleaner, and faster, code.
A gentle introduction to Observability and how to setup a highly available monitoring platform across multiple datacenters.
During this talk we will investigate how we can setup and monitor an monitoring setup across 2 DCs using Prometheus, Loki, Tempo, Alertmanager and Grafana. monitoring some services with some lessons learned along the way.
Abstraction, encapsulation, polymorphism, and interfaces: whether you've been programming in PHP for years or are just starting your journey, these terms can be overwhelming even on a good day. Variables, conditionals, those all make sense. But this whole object-oriented thing is way more complicated. Not only that, people that already understand it, act like it's so easy and they talk right over the simple questions and never explain the basic concepts in a way that actually makes sense. In this session, we'll take you through real-life examples of object-oriented terminology in a way that will make sense of all the mumbo jumbo and allow you to utilize object-oriented programming (OOP) immediately.
Small Node.js proxy to turn a paginated JSON REST API into a CSV streaming download. Examples of code and patterns.
Presented at the London Node User Group meetup, April 2014
Roll Your Own API Management Platform with nginx and LuaJon Moore
We recently replaced a proprietary API management solution with an in-house implementation built with nginx and Lua that let us get to a continuous delivery practice in a handful of months. Learn about our development process and the overall architecture that allowed us to write minimal amounts of code, enjoying native code performance while permitting interactive codeing, and how we leveraged other open source tools like Vagrant, Ansible, and OpenStack to build an automation-rich delivery pipeline. We will also take an in-depth look at our capacity management approach that differs from the rate limiting concept prevalent in the API community.
One of the most prolific parts of Zend Framework 2 is the Service Manager. Its many nooks and crannies dictate much of what happens inside our Zend Framework 2 applications and is incredibly powerful. Let's look into exactly what the Service Manager allows us to do and how we can take advantage of it for cleaner, and faster, code.
A gentle introduction to Observability and how to setup a highly available monitoring platform across multiple datacenters.
During this talk we will investigate how we can setup and monitor an monitoring setup across 2 DCs using Prometheus, Loki, Tempo, Alertmanager and Grafana. monitoring some services with some lessons learned along the way.
Abstraction, encapsulation, polymorphism, and interfaces: whether you've been programming in PHP for years or are just starting your journey, these terms can be overwhelming even on a good day. Variables, conditionals, those all make sense. But this whole object-oriented thing is way more complicated. Not only that, people that already understand it, act like it's so easy and they talk right over the simple questions and never explain the basic concepts in a way that actually makes sense. In this session, we'll take you through real-life examples of object-oriented terminology in a way that will make sense of all the mumbo jumbo and allow you to utilize object-oriented programming (OOP) immediately.
Small Node.js proxy to turn a paginated JSON REST API into a CSV streaming download. Examples of code and patterns.
Presented at the London Node User Group meetup, April 2014
10 Excellent Ways to Secure Spring Boot Applications - Okta Webinar 2020Matt Raible
Spring Boot is an efficient way to build Java applications with the Spring Framework. If you’re developing apps that handle sensitive data, you should make sure they’re secure.
This session will cover HTTPS, dependency checking, CSRF, using a CSP to prevent XSS, OIDC, password hashing, and much more!
You’ll learn how to add these features to a real application, using the Java language you know and love.
* Blog post: https://developer.okta.com/blog/2018/07/30/10-ways-to-secure-spring-boot
* Cheat sheet: https://snyk.io/blog/spring-boot-security-best-practices/
* OIDC demo: http://bit.ly/spring-oidc-demo
Software is changing the world. CGC is a Common Gateway Coding as the name says, it is a "common" language approach for almost everything. I want to show how a multi-language approach to infrastructure as code using general purpose programming languages lets cloud engineers and code producers unlocking the same software engineering techniques commonly used for applications.
Hardening cassandra for compliance or paranoiazznate
How to secure a cassandra cluster. Includes details on configuring SSL, setting up a certificate authority and creating certificates and trust chains for the JVM.
The Last Pickle: Hardening Apache Cassandra for Compliance (or Paranoia).DataStax Academy
Security is always at odds with usability, particularly in the context of operations and development. More so when dealing with a distributed system such as Apache Cassandra. In this presentation, we'll walk through the steps required to completely secure a Cassandra cluster to meet most regulatory and compliance guidelines.
Topics will include:
- Encrypting cross-DC traffic
- Different types of at-rest disk encryption options available (and how to tune them)
- Configuring SSL for inter-cluster communication
- Configuring SSL between clients and the API
- Configuring and managing client authentication
Attendees will leave this presentation with the knowledge required to harden Cassandra to meet most guidelines imposed by regulations and compliance.
Kubered -Recipes for C2 Operations on KubernetesJeffrey Holden
Outlines the process of using Kubernetes to deploy command and control infrastructure quickly and efficiently into the AWS cloud. Kubred script available at https://github.com/cloudc2/kubered
University of Virginia
cs4414: Operating Systems
http://rust-class.org
What happened with Apple's SSL implementation
How to make sure this doesn't happen to you!
Sharing data
ARCs in Rust
Scheduling
For embedded notes, see:
The Security library in VisualWorks went through sweeping changes recently. Main change is replacing native smalltalk implementations of various cryptographic algorithms with pluggable interfaces to external libraries, but also a complete rewrite of the SSL implementation to support all current versions of the protocol (SSL3.0 & TLS 1.0, 1.1 and 1.2). Introducing dependencies on external libraries can complicate deployment, however the resulting pluggability of implementation and perfomance boost we're getting in exchange should more then pay off in terms of widening the scope of potential applications, where the purely native implementation was simply not acceptable. In this talk we will survey these changes and discuss their impact and backward compatibility implications.
Comment un hacker voit votre site internet ?
Démonstration d'un point de vue d'une attaque sur un Wordpress.
Petite présentation de veille, de mise en garde, d'outils.
Seattle C* Meetup: Hardening cassandra for compliance or paranoiazznate
Details how to secure Apache Cassandra clusters. Covers client to server and server to server encryption, securing management and tooling, using authentication and authorization, as well as options for encryption at rest.
The 7th June 2012 Linkedin was hacked. More than 6 million LinkedIn passwords was compromised. The real shocking news was not the theft but the fact that the attackers were able to decrypt many of these passwords. Why it happened? The answer is simple: a bad design of the password security. In this talk I presented how to choose "secure" user's passwords and how to safely store it from a programmer's perspective.
This talk has been presented during the MOCA 2012, http://moca.olografix.org/moca2012
Similar to Information security programming in ruby (20)
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
Launch Your Streaming Platforms in MinutesRoshan Dwivedi
The claim of launching a streaming platform in minutes might be a bit of an exaggeration, but there are services that can significantly streamline the process. Here's a breakdown:
Pros of Speedy Streaming Platform Launch Services:
No coding required: These services often use drag-and-drop interfaces or pre-built templates, eliminating the need for programming knowledge.
Faster setup: Compared to building from scratch, these platforms can get you up and running much quicker.
All-in-one solutions: Many services offer features like content management systems (CMS), video players, and monetization tools, reducing the need for multiple integrations.
Things to Consider:
Limited customization: These platforms may offer less flexibility in design and functionality compared to custom-built solutions.
Scalability: As your audience grows, you might need to upgrade to a more robust platform or encounter limitations with the "quick launch" option.
Features: Carefully evaluate which features are included and if they meet your specific needs (e.g., live streaming, subscription options).
Examples of Services for Launching Streaming Platforms:
Muvi [muvi com]
Uscreen [usencreen tv]
Alternatives to Consider:
Existing Streaming platforms: Platforms like YouTube or Twitch might be suitable for basic streaming needs, though monetization options might be limited.
Custom Development: While more time-consuming, custom development offers the most control and flexibility for your platform.
Overall, launching a streaming platform in minutes might not be entirely realistic, but these services can significantly speed up the process compared to building from scratch. Carefully consider your needs and budget when choosing the best option for you.
Zoom is a comprehensive platform designed to connect individuals and teams efficiently. With its user-friendly interface and powerful features, Zoom has become a go-to solution for virtual communication and collaboration. It offers a range of tools, including virtual meetings, team chat, VoIP phone systems, online whiteboards, and AI companions, to streamline workflows and enhance productivity.
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppGoogle
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-fusion-buddy-review
AI Fusion Buddy Review: Key Features
✅Create Stunning AI App Suite Fully Powered By Google's Latest AI technology, Gemini
✅Use Gemini to Build high-converting Converting Sales Video Scripts, ad copies, Trending Articles, blogs, etc.100% unique!
✅Create Ultra-HD graphics with a single keyword or phrase that commands 10x eyeballs!
✅Fully automated AI articles bulk generation!
✅Auto-post or schedule stunning AI content across all your accounts at once—WordPress, Facebook, LinkedIn, Blogger, and more.
✅With one keyword or URL, generate complete websites, landing pages, and more…
✅Automatically create & sell AI content, graphics, websites, landing pages, & all that gets you paid non-stop 24*7.
✅Pre-built High-Converting 100+ website Templates and 2000+ graphic templates logos, banners, and thumbnail images in Trending Niches.
✅Say goodbye to wasting time logging into multiple Chat GPT & AI Apps once & for all!
✅Save over $5000 per year and kick out dependency on third parties completely!
✅Brand New App: Not available anywhere else!
✅ Beginner-friendly!
✅ZERO upfront cost or any extra expenses
✅Risk-Free: 30-Day Money-Back Guarantee!
✅Commercial License included!
See My Other Reviews Article:
(1) AI Genie Review: https://sumonreview.com/ai-genie-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIFusionBuddyReview,
#AIFusionBuddyFeatures,
#AIFusionBuddyPricing,
#AIFusionBuddyProsandCons,
#AIFusionBuddyTutorial,
#AIFusionBuddyUserExperience
#AIFusionBuddyforBeginners,
#AIFusionBuddyBenefits,
#AIFusionBuddyComparison,
#AIFusionBuddyInstallation,
#AIFusionBuddyRefundPolicy,
#AIFusionBuddyDemo,
#AIFusionBuddyMaintenanceFees,
#AIFusionBuddyNewbieFriendly,
#WhatIsAIFusionBuddy?,
#HowDoesAIFusionBuddyWorks
Mobile App Development Company In Noida | Drona InfotechDrona Infotech
Looking for a reliable mobile app development company in Noida? Look no further than Drona Infotech. We specialize in creating customized apps for your business needs.
Visit Us For : https://www.dronainfotech.com/mobile-application-development/
What is Augmented Reality Image Trackingpavan998932
Augmented Reality (AR) Image Tracking is a technology that enables AR applications to recognize and track images in the real world, overlaying digital content onto them. This enhances the user's interaction with their environment by providing additional information and interactive elements directly tied to physical images.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Artificia Intellicence and XPath Extension FunctionsOctavian Nadolu
The purpose of this presentation is to provide an overview of how you can use AI from XSLT, XQuery, Schematron, or XML Refactoring operations, the potential benefits of using AI, and some of the challenges we face.
Do you want Software for your Business? Visit Deuglo
Deuglo has top Software Developers in India. They are experts in software development and help design and create custom Software solutions.
Deuglo follows seven steps methods for delivering their services to their customers. They called it the Software development life cycle process (SDLC).
Requirement — Collecting the Requirements is the first Phase in the SSLC process.
Feasibility Study — after completing the requirement process they move to the design phase.
Design — in this phase, they start designing the software.
Coding — when designing is completed, the developers start coding for the software.
Testing — in this phase when the coding of the software is done the testing team will start testing.
Installation — after completion of testing, the application opens to the live server and launches!
Maintenance — after completing the software development, customers start using the software.
2. @nahi - Twitter, Github
Software Engineer at https://www.treasuredata.com
OSS developer and enthusiast;
committer of CRuby and JRuby
Information Security Specialist
6. (D) S for external C
[F] Encryption in S
[G] Encryption in C
[E] authentication
(C) S for internal C
(B) C for external S
7 Implementation Patterns
(A) C for internal S
(A)
(A)
(B)
(B)
(C)
(D)
[F]
[G]
[E]
[E]
Orange: Implementation target
Gray: External system
7. (D) S for external C
[F] Encryption in S
[G] Encryption in C
[E] authentication
(C) S for internal C
(B) C for external S
7 Implementation Patterns
(A) C for internal S
(A)
(A)
(B)
(B)
(C)
(D)
[F]
[G]
[E]
[E]
Orange: Implementation target
Gray: External system
8. … in Ruby
(A) C for internal S
(B) C for external S
(C) S for internal C
(D) S for external C
[E] authentication
[F] Encryption in S
[G] Encryption in C
(A)
(A)
(B)
(B)
(C)
[E]
[F]
[G]
(D)
[E]
Blue: Acceptable
Orange: Pitfalls
Red: No way
9. Protected communication
Fixed server authentication
➔ SSL configuration:
CBC, SSLv3.0, compression,
TLSv1.0, RC4, DHE1024, …
➔ Fails for wrong endpoint
(A) C for internal S
(A)
(A)
17. Protected communication
Restricted client authentication
➔ SSL configuration
➔ Server key management
➔ Certificate rotation
➔ Fails for unexpected clients
(C) S for internal C
(C)
19. Protected communication
Client authentication
➔ SSL configuration
➔ Server key management
➔ Certificate rotation
➔ Fails for unexpected clients
➔ Recovery from key compromise
You have better solutions (Apache, Nginx, ELB, …)
(D) S for external C
(C)
(D)
20. Client authentication
On unprotected network
➔ Cipher algorithm
➔ Tamper detection
➔ Constant time operation
Use well-known library
[E] authentication
[E]
[E]
21. Data protection at rest
➔ Cipher algorithm
➔ Encryption key management
◆ Storage
◆ Usage authn / authz
◆ Usage auditing
◆ Rotation
➔ Tamper detection
➔ Processing throughput / latency
[F] Encryption in S / [G] in C
[F]
[G]
22. require 'aws-sdk'
class KMSEncryptor
CTX = { 'purpose' => 'odrk05 demonstration' }
GCM_IV_SIZE = 12; GCM_TAG_SIZE = 16
def initialize(region, key_id)
@region, @key_id = region, key_id
@kms = Aws::KMS::Client.new(region: @region)
end
def generate_data_key
resp = @kms.generate_data_key_without_plaintext(
key_id: @key_id, encryption_context: CTX, key_spec: 'AES_128'
)
resp.ciphertext_blob
end
def with_key(wrapped_key)
key = nil
begin
key = @kms.decrypt(
ciphertext_blob: wrapped_key, encryption_context: CTX
).plaintext
yield key
ensure
# TODO: confirm that key is deleted from memory
key.tr!("0-xff".force_encoding('BINARY'), "0")
end
end
23. def encrypt(wrapped_key, plaintext)
with_key(wrapped_key) do |key|
cipher = OpenSSL::Cipher::Cipher.new('aes-128-gcm')
iv = OpenSSL::Random.random_bytes(GCM_IV_SIZE)
cipher.encrypt; cipher.key = key;cipher.iv = iv
iv + cipher.update(plaintext) + cipher.final
end
end
def decrypt(wrapped_key, ciphertext)
with_key(wrapped_key) do |key|
iv, data = ciphertext.unpack("a#{GCM_IV_SIZE}a*")
auth_tag = data.slice!(data.bytesize - GCM_TAG_SIZE, GCM_TAG_SIZE)
cipher = OpenSSL::Cipher::Cipher.new('aes-128-gcm')
cipher.decrypt; cipher.key = key; cipher.iv = iv
cipher.auth_tag = auth_tag
cipher.update(data) + cipher.final
end
end
end
encryptor = KMSEncryptor.new('ap-northeast-1', 'alias/nahi-test-tokyo')
# generate key for each data, customer, or something
wrapped_key = encryptor.generate_data_key
plaintext = File.read(__FILE__)
ciphertext = encryptor.encrypt(wrapped_key, plaintext)
# save wrapped_key and ciphertext in DB, File or somewhere
# restore wrapped_key and ciphertext from DB, File or somewhere
puts encryptor.decrypt(wrapped_key, ciphertext)
jruby-openssl does not
support aes-gcm…
-> next page
24. if defined?(JRuby)
require 'java'
java_import 'javax.crypto.Cipher'
java_import 'javax.crypto.SecretKey'
java_import 'javax.crypto.spec.SecretKeySpec'
java_import 'javax.crypto.spec.GCMParameterSpec'
class KMSEncryptor
# Overrides
def encrypt(wrapped_key, plaintext)
with_key(wrapped_key) do |key|
cipher = Cipher.getInstance('AES/GCM/PKCS5Padding')
iv = OpenSSL::Random.random_bytes(GCM_IV_SIZE)
spec = GCMParameterSpec.new(GCM_TAG_SIZE * 8, iv.to_java_bytes)
cipher.init(1, SecretKeySpec.new(key.to_java_bytes, 0, key.bytesize, 'AES'), spec)
ciphertext = String.from_java_bytes(
cipher.doFinal(plaintext.to_java_bytes), Encoding::BINARY)
iv + ciphertext
end
end
# Overrides
def decrypt(wrapped_key, ciphertext)
with_key(wrapped_key) do |key|
cipher = Cipher.getInstance('AES/GCM/PKCS5Padding')
iv, data = ciphertext.unpack("a#{GCM_IV_SIZE}a*")
spec = GCMParameterSpec.new(GCM_TAG_SIZE * 8, iv.to_java_bytes)
cipher.init(2, SecretKeySpec.new(key.to_java_bytes, 0, key.bytesize, 'AES'), spec)
String.from_java_bytes(cipher.doFinal(data.to_java_bytes), Encoding::BINARY)
end
end
end
end
aes-128-gcm in JRuby!
25. … in Ruby
(A) C for internal S
(B) C for external S
(C) S for internal C
(D) S for external C
[E] authentication
[F] Encryption in S
[G] Encryption in C
(A)
(A)
(B)
(B)
(C)
[E]
[F]
[G]
(D)
[E]
Blue: Acceptable
Orange: Pitfalls
Red: No way