This document contains a sample WARC file with records of different types including requests, responses, metadata, and revisits related to archiving the website http://www.archive.org. It includes headers with information like record IDs, dates, URIs, digests, and record types. The records document the initial capture of an image on the site, later metadata and conversion records, and a sample revisit record showing the resource was not modified.
Ведущий: Макс Мороз
Обзор системы ClusterFuzz, позволяющей осуществить проверку браузера Chrome на наличие уязвимостей в режиме реального времени и получить воспроизводимые результаты исследования каждого конкретного сбоя. Будут продемонстрированы преимущества использования различных санитайзеров и LibFuzzer, библиотеки для направленного фаззинга. Будет приведена подробная статистика видов уязвимостей, найденных в Chrome. Слушатели узнают о подводных камнях распределенного фаззинга; о том, как можно запустить свои собственные фаззеры в инфраструктуре Google и получить вознаграждение за найденные уязвимости.
Security research over Windows #defcon chinaPeter Hlavaty
Past several years Microsoft Windows undergo lot of fundamental security changes. Where one can argue still imperfect and bound to tons of legacy issues, on the other hand those changes made important shifts in attacker perspective. From tightened sandboxing, restricting attack surface, introducing mitigations, applying virtualization up to stronger focus even on win32k. In our talk we will go trough those changes, how it affects us and how we tackle them from choosing targets, finding bugs up to exploitation primitives we are using. While also empathize that windows research is not only about sandbox, and there are many more interesting target to look for.
How to run system administrator recruitment process? By creating platform based on open source parts in just 2 nights! I gave this talk in Poland / Kraków OWASP chapter meeting on 17th October 2013 at our local Google for Entrepreneurs site. It's focused on security and also shows how to create recruitment process in CTF / challenge way.
This story covers mostly security details of this whole platform. There's great chance, that I will give another talk about this system but this time focusing on technical details. Stay tuned ;)
You didnt see it’s coming? "Dawn of hardened Windows Kernel" Peter Hlavaty
Past few years our team was focusing on different operating systems including Microsoft windows kernel. Honestly our first pwn at Windows kernel was not that challenging. Number of available targets with friendly environment for straightforward pwn, from user up to reliable kernel code execution.
However, step by step, security policies continue to evolve, and it becomes more troublesome to choose ideal attack surface from various sandboxes. In addition, what steps to follow for digging security holes is highly dependent upon the chosen target. In general, a few common strategies are available for researchers to choose: e.g choose “unknown” one which hasn’t been researched before; Select well fuzzed or well audited one, or research on kernel module internals to find “hidden” attack surfaces which are not explicitly interconnected. In the first part of the talk we introduce our methodology of selecting, alongside with cost of tricks around to choose seemingly banned targets, illustrated by notable examples.
After getting hands on potential bug available from targeted sandbox, it is time for Microsoft windows taking hardening efforts to put attacker into corner. Strong mitigations are being introduced more frequently than ever, with promising direction which cuts lots of attack surface off, and a several exploitation techniques being killed. We will show difficulties of developing universal exploitation techniques, and demonstrate needed technical level depending on code quality of target. We will examine how different it becomes with era of Redstone and following versions even with those techniques and good vulnerability in hand. How it changed attacker landscape and how it will (and will not) kill those techniques and applications. However will it really change the game or not?
Ведущий: Макс Мороз
Обзор системы ClusterFuzz, позволяющей осуществить проверку браузера Chrome на наличие уязвимостей в режиме реального времени и получить воспроизводимые результаты исследования каждого конкретного сбоя. Будут продемонстрированы преимущества использования различных санитайзеров и LibFuzzer, библиотеки для направленного фаззинга. Будет приведена подробная статистика видов уязвимостей, найденных в Chrome. Слушатели узнают о подводных камнях распределенного фаззинга; о том, как можно запустить свои собственные фаззеры в инфраструктуре Google и получить вознаграждение за найденные уязвимости.
Security research over Windows #defcon chinaPeter Hlavaty
Past several years Microsoft Windows undergo lot of fundamental security changes. Where one can argue still imperfect and bound to tons of legacy issues, on the other hand those changes made important shifts in attacker perspective. From tightened sandboxing, restricting attack surface, introducing mitigations, applying virtualization up to stronger focus even on win32k. In our talk we will go trough those changes, how it affects us and how we tackle them from choosing targets, finding bugs up to exploitation primitives we are using. While also empathize that windows research is not only about sandbox, and there are many more interesting target to look for.
How to run system administrator recruitment process? By creating platform based on open source parts in just 2 nights! I gave this talk in Poland / Kraków OWASP chapter meeting on 17th October 2013 at our local Google for Entrepreneurs site. It's focused on security and also shows how to create recruitment process in CTF / challenge way.
This story covers mostly security details of this whole platform. There's great chance, that I will give another talk about this system but this time focusing on technical details. Stay tuned ;)
You didnt see it’s coming? "Dawn of hardened Windows Kernel" Peter Hlavaty
Past few years our team was focusing on different operating systems including Microsoft windows kernel. Honestly our first pwn at Windows kernel was not that challenging. Number of available targets with friendly environment for straightforward pwn, from user up to reliable kernel code execution.
However, step by step, security policies continue to evolve, and it becomes more troublesome to choose ideal attack surface from various sandboxes. In addition, what steps to follow for digging security holes is highly dependent upon the chosen target. In general, a few common strategies are available for researchers to choose: e.g choose “unknown” one which hasn’t been researched before; Select well fuzzed or well audited one, or research on kernel module internals to find “hidden” attack surfaces which are not explicitly interconnected. In the first part of the talk we introduce our methodology of selecting, alongside with cost of tricks around to choose seemingly banned targets, illustrated by notable examples.
After getting hands on potential bug available from targeted sandbox, it is time for Microsoft windows taking hardening efforts to put attacker into corner. Strong mitigations are being introduced more frequently than ever, with promising direction which cuts lots of attack surface off, and a several exploitation techniques being killed. We will show difficulties of developing universal exploitation techniques, and demonstrate needed technical level depending on code quality of target. We will examine how different it becomes with era of Redstone and following versions even with those techniques and good vulnerability in hand. How it changed attacker landscape and how it will (and will not) kill those techniques and applications. However will it really change the game or not?
Ведущий: Иван Ёлкин
Ведущий фаст-трека расскажет об опыте внедрения Static Analysis Security Tool в QIWI, о сложностях, с которыми сталкивались разработчики. Писать «костыли» или рефакторить код? Что делать, когда мнения клиента и разработчика расходятся? Поведает, сколько строк кода пришлось прочитать и написать до и после запуска сканера, и предложит краткий обзор найденных и упущенных уязвимостей.
XCon 2014 => http://xcon.xfocus.org/
In the past was quite common to exploit heap / pool manager vulnerabilities attacking its internal linked structures. However current memory management improve a lot and at current date it is quite ineffective to attack heap in this way. But still those techniques come into hand when we start to looking at linked structures widespread throughout kernel that are unfortunately not hardened enough.
In this presentation we will examine power of these vulnerabilities by famous example “CVE – 2013 - 3660”. Showing bypass on ‘lazy’ assertions of _LIST_ENTRY, present exploitation after party and teleport to kernel.
Because this system is web application (partially)
Because we based (100%) on FOSS (open-source)
Because security matters
Because OWASP people cares about security and can affect recruitment processes (hopefully) ;)
50 Shades of Fuzzing by Peter Hlavaty & Marco GrassiShakacon
Graphic drivers and their related code are an essential component in every modern operating system. This particular component involves especially complex logic and a huge amount of code, simply because it must handle equally complex tasks.
As we know from history and experience huge and complex code is often also a security risk. Last but not least, in almost all the popular modern operating system, graphics code and logic is running in a highly privileged context such as the kernel, or even in a higher context, such as VMWare graphics component, which essentially implements your graphic card outside the guest into a host process.
Any mistake made into this highly privileged code can lead to a fatal outcome, especially considering that it is often reachable from interesting sandboxes, such as the browser ones. We will go through the internals for various graphic systems, to show similarities and differences, such as windows heart of graphics aka win32k, then OSX/iOS IOKit, and finally, WMWare emulated GPU graphic subsystem. We can then switch gear and showcase some vulnerabilities in these scenarios, discuss effective fuzzing methodologies both specific to a particular target and generic principles of fuzzing graphic subsystems as well.
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
In our recent work we targeted also win32k, what seems to be fruit giving target. @promised_lu made our own TTF-fuzzer which comes with bunch of results in form of gigabytes of crashes and various bugs. Fortunately windows make great work and in February most of our bugs was dead - patched, but not all of them…
Whats left were looking as seemingly unexploitable kernel bugs with ridiculous conditions. We decided to check it out, and finally combine it with our user mode bug & emet bypass. Through IE & flash we break down system and pointed out at weak points in defensive mechanism.
In this talk we will present our research dedicated for pwn2own event this year. We will describe kernel part of exploit in detail*, including bug description, resulting memory corruption conditions & caveats up to final pwn via one of our TTF bugs.
Throughout the talk we will describe how to break various exploit mitigations in windows kernel and why it is possible. We will introduce novel kernel exploitation techniques breaking all what stands { KASLR, SMEP, even imaginary SMAP or CFG } and bring you SYSTEM exec (from kernel driver to system calc).
* unfortunately bug was not fixed at the time of talk, so we do not exposed details about TTF vulnerability, and we skipped directly to some challenges during exploitation, and demonstrate how OS design can overpower introduced exploit mitigations.
In the past few years, the bar for exploitation was raised highly, and in the current state of software security it is harder and harder to make successful exploitation on newest operating systems.
But as some systems continue to evolve and introduce new mitigations, the others just freeze a few years behind. In our talk we will focus on rooting Android by two racing conditions vulnerabilities. We will show the differences between level of exploitation needed, and how some mobile vendors are killing offered security features.
Rainbow Over the Windows: More Colors Than You Could ExpectPeter Hlavaty
As time goes on operating systems keep evolving, like Microsoft Windows do, it ships new designs, features and codes from time to time. However sometimes it also ships more than bit of codes for complex subsystems residing in its kernel ... and at some future point it starts implementing new designs to prevent unnecessary access to it. However is it safe enough?
As we can see from security bulletins, win32k subsystem attracts lots of attention. It looks that with efforts of many security researchers who has dug into this area, finding bugs here shall becomes pretty tough and almost fruitless. But unfortunately this is not true, as win32k is backed up by very complex logic and large amount of code by nature..
We will present our point of view to Windows graphic subsystem, as well as schema of our fuzzing strategies. We will introduce some unusual areas of win32k, its extensions and how it can breaks even locked environments.
Part of our talk will be dedicated to CVE-2016-0176, the bug we used for this year's Pwn2Own Edge sandbox bypass, from its discovery to its exploitation techniques, which could serves as an example for universal DirectX escape which is independent of graphics vendors.
In order to prevent exploiting mistakes, introduced in developing process, are continuously implemented various security mitigations & hardening on application level and in operating system level as well.
Even when those mitigations highly increase difficulty of exploitation of common bugs in software / core, you should not rely solely on them. And it can help to know background and limits of those techniques, which protect your software directly or indirectly.
In this talk we will take a look at some of helpful mitigations & features introduces past years (x64 address space, SMAP & SMEP, CFG, ...) focusing from kernel point of view. Its benefits, and weak points same time.
A Battle Against the Industry - Beating Antivirus for Meterpreter and MoreCTruncer
This talk goes over how stagers work in a different manner. Rather than standard function calls, I show how to utilize the same functionality in a slightly different way. It talks about Veil-Evasion, and a signature that was developed for it. Finally, I get into custom code and showcase three pieces of custom code that completely bypass antivirus.
Ведущий: Иван Ёлкин
Ведущий фаст-трека расскажет об опыте внедрения Static Analysis Security Tool в QIWI, о сложностях, с которыми сталкивались разработчики. Писать «костыли» или рефакторить код? Что делать, когда мнения клиента и разработчика расходятся? Поведает, сколько строк кода пришлось прочитать и написать до и после запуска сканера, и предложит краткий обзор найденных и упущенных уязвимостей.
XCon 2014 => http://xcon.xfocus.org/
In the past was quite common to exploit heap / pool manager vulnerabilities attacking its internal linked structures. However current memory management improve a lot and at current date it is quite ineffective to attack heap in this way. But still those techniques come into hand when we start to looking at linked structures widespread throughout kernel that are unfortunately not hardened enough.
In this presentation we will examine power of these vulnerabilities by famous example “CVE – 2013 - 3660”. Showing bypass on ‘lazy’ assertions of _LIST_ENTRY, present exploitation after party and teleport to kernel.
Because this system is web application (partially)
Because we based (100%) on FOSS (open-source)
Because security matters
Because OWASP people cares about security and can affect recruitment processes (hopefully) ;)
50 Shades of Fuzzing by Peter Hlavaty & Marco GrassiShakacon
Graphic drivers and their related code are an essential component in every modern operating system. This particular component involves especially complex logic and a huge amount of code, simply because it must handle equally complex tasks.
As we know from history and experience huge and complex code is often also a security risk. Last but not least, in almost all the popular modern operating system, graphics code and logic is running in a highly privileged context such as the kernel, or even in a higher context, such as VMWare graphics component, which essentially implements your graphic card outside the guest into a host process.
Any mistake made into this highly privileged code can lead to a fatal outcome, especially considering that it is often reachable from interesting sandboxes, such as the browser ones. We will go through the internals for various graphic systems, to show similarities and differences, such as windows heart of graphics aka win32k, then OSX/iOS IOKit, and finally, WMWare emulated GPU graphic subsystem. We can then switch gear and showcase some vulnerabilities in these scenarios, discuss effective fuzzing methodologies both specific to a particular target and generic principles of fuzzing graphic subsystems as well.
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
In our recent work we targeted also win32k, what seems to be fruit giving target. @promised_lu made our own TTF-fuzzer which comes with bunch of results in form of gigabytes of crashes and various bugs. Fortunately windows make great work and in February most of our bugs was dead - patched, but not all of them…
Whats left were looking as seemingly unexploitable kernel bugs with ridiculous conditions. We decided to check it out, and finally combine it with our user mode bug & emet bypass. Through IE & flash we break down system and pointed out at weak points in defensive mechanism.
In this talk we will present our research dedicated for pwn2own event this year. We will describe kernel part of exploit in detail*, including bug description, resulting memory corruption conditions & caveats up to final pwn via one of our TTF bugs.
Throughout the talk we will describe how to break various exploit mitigations in windows kernel and why it is possible. We will introduce novel kernel exploitation techniques breaking all what stands { KASLR, SMEP, even imaginary SMAP or CFG } and bring you SYSTEM exec (from kernel driver to system calc).
* unfortunately bug was not fixed at the time of talk, so we do not exposed details about TTF vulnerability, and we skipped directly to some challenges during exploitation, and demonstrate how OS design can overpower introduced exploit mitigations.
In the past few years, the bar for exploitation was raised highly, and in the current state of software security it is harder and harder to make successful exploitation on newest operating systems.
But as some systems continue to evolve and introduce new mitigations, the others just freeze a few years behind. In our talk we will focus on rooting Android by two racing conditions vulnerabilities. We will show the differences between level of exploitation needed, and how some mobile vendors are killing offered security features.
Rainbow Over the Windows: More Colors Than You Could ExpectPeter Hlavaty
As time goes on operating systems keep evolving, like Microsoft Windows do, it ships new designs, features and codes from time to time. However sometimes it also ships more than bit of codes for complex subsystems residing in its kernel ... and at some future point it starts implementing new designs to prevent unnecessary access to it. However is it safe enough?
As we can see from security bulletins, win32k subsystem attracts lots of attention. It looks that with efforts of many security researchers who has dug into this area, finding bugs here shall becomes pretty tough and almost fruitless. But unfortunately this is not true, as win32k is backed up by very complex logic and large amount of code by nature..
We will present our point of view to Windows graphic subsystem, as well as schema of our fuzzing strategies. We will introduce some unusual areas of win32k, its extensions and how it can breaks even locked environments.
Part of our talk will be dedicated to CVE-2016-0176, the bug we used for this year's Pwn2Own Edge sandbox bypass, from its discovery to its exploitation techniques, which could serves as an example for universal DirectX escape which is independent of graphics vendors.
In order to prevent exploiting mistakes, introduced in developing process, are continuously implemented various security mitigations & hardening on application level and in operating system level as well.
Even when those mitigations highly increase difficulty of exploitation of common bugs in software / core, you should not rely solely on them. And it can help to know background and limits of those techniques, which protect your software directly or indirectly.
In this talk we will take a look at some of helpful mitigations & features introduces past years (x64 address space, SMAP & SMEP, CFG, ...) focusing from kernel point of view. Its benefits, and weak points same time.
A Battle Against the Industry - Beating Antivirus for Meterpreter and MoreCTruncer
This talk goes over how stagers work in a different manner. Rather than standard function calls, I show how to utilize the same functionality in a slightly different way. It talks about Veil-Evasion, and a signature that was developed for it. Finally, I get into custom code and showcase three pieces of custom code that completely bypass antivirus.
Since 2007 GOFORTUTION.coM is the search engine of tutors & Students in Delhi and all over India .It provides cheapest and best home tutors to students and it also helps to Tutors who are seeking students for home tution. We at Mentor Me provide highly qualified, result oriented, enthusiastic and responsible tutors for all classes, all subjects and in all locations across Delhi & all over India. Here we have tutors for all subjects of CBSE, ICSE,B.com, B.Sc, BBA, BCA,MBA,CA,CS,MCA,BCA,”O” Level, “A” Level etc.GOFORTUTION is a best portal for tutors and students it is not only a site.
Inside the ABC's new Media Transcoding system, MetroDaphne Chong
The ABC recently launched a new video transcoding system to process all the video content for ABC iview, our catch-up TV service.
Metro is a cost-efficient, scalable, cloud-based system that was built using Golang, Node, FFmpeg, and heavily utilises a variety of AWS technology including queues, varied capacity autoscaling, hosted database servers, and notifications. The system has been live since December 2015, and has successfully processed thousands of pieces of content.
Back in 2008, we moved our libraries in new building equipped with 3M RFID hardware.
Since then I examined hardware a little and wrote Open Source driver for it which provide simple HTTP/JSONP interface for it. This allows adding RFID support to Koha's intranet using nothing more than JavaScript include file using jquery.
The RestFS is an experimental project to develop an open-source distributed filesystem for large environments. It is designed to scale up from a single server to thousand of nodes and delivering a high availability storage system with special features for high i/o performance and network optimization for work better in WAN environment.
WebRTC webinar talking about the status of Simulcast in the standards and browser implementations. We also explain what simulcast is, the use cases and what simulcast isn't. Webinar is part of the monthly WebRTC live Q&A sessions by Alex Gouailard, Dan Burnett and Amir Zmora
HKG15-311: OP-TEE for Beginners and Porting ReviewLinaro
HKG15-311: OP-TEE for Beginners and Porting Review
---------------------------------------------------
Speaker: Victor Chong
Date: February 11, 2015
---------------------------------------------------
★ Session Summary ★
Explains the building blocks involved in Security including TrustZone, OP-TEE, Trusted Firmware etc. Goes into detail on how Secure Boot Works.. and Why. Explains how a simple secure Trusted Application interacts with OP-TEE and works. Brief overview on how to port OP-TEE to an ARM platform. Opens discussions for Potential Challenges and Hardware limitations and how they can be overcome.
--------------------------------------------------
★ Resources ★
Pathable: https://hkg15.pathable.com/meetings/250816
Video: https://www.youtube.com/watch?v=Fksx4-bpHRY
Etherpad: http://pad.linaro.org/p/hkg15-311
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2015 - #HKG15
February 9-13th, 2015
Regal Airport Hotel Hong Kong Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
Learn about HTTP/2 and its relationship to HTTP 1.1 and SPDY. Understand core features and how they benefit security and browser efficiency. More that a "what's new" this talk will leave you with an understanding of why choices in HTTP/2 were made. You'll leave knowing what HTTP/2 is and why it is better for clients and servers.
Presentación realizada por Ricardo Santos, miembro del VIAF GDPR Working Group, en la reunión anual de VIAF. La presentación muestra los resultados de una encuesta sobre privacidad de datos de autores en ficheros de autoridad.
Los días 6 y 7 de junio de 2019 la Biblioteca Nacional de España albergó un taller práctico sobre RDA destinado a responsables de proceso técnico de instituciones integradas en el Consejo de Cooperación Bibliotecaria
Los días 6 y 7 de junio de 2019 la Biblioteca Nacional de España albergó un taller práctico sobre RDA destinado a responsables de proceso técnico de instituciones integradas en el Consejo de Cooperación Bibliotecaria
Los días 6 y 7 de junio de 2019 la Biblioteca Nacional de España albergó un taller práctico sobre RDA destinado a responsables de proceso técnico de instituciones integradas en el Consejo de Cooperación Bibliotecaria
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
37. Oracle StorageTek SL8500
• up to 64 tape drives
• up to 8500 tapes
• up to 8 hand pickers
• up to 32 linked libraries
Primary storage
2 libraries
16 PB maximum
Backup storage
2 libraries
16 PB maximum
76. set
group
03/07/1882 28/02/1883 01/03/188302/07/1882
Le Matin
01/07/1882
AIPAIP
AIPAIP
set
Contains nothing but metadata
Curator information, allows to
group AIPs sharing the same
intellectual content
AIPAIP
Must contain files to be
preserved
Each AIP is an autonomous
unit
AIPAIP AIPAIP AIPAIP
94. Web archiving at the British Library
Helen Hockx-Yu
Head of Web Archiving
95. Overview
> Part 1: Background, history and organisation
> Part 2: Web Archiving Tools (including
demos)
> Part 3: Access
> Part 4: Non-print Legal Deposit and future
strategy
29th November 2012 Session 7 -Web archiving at the British Library 2
96. BL Structure
> BL Board and Executive Team
> e-Strategy and Information Systems (eIS)
> IT-based products and services
> Finance and Corporate Services (F&CS)
> Money
> Human Resources
> People
> Operations & Services (O&S)
> Front line services
> Scholarship and Collections (S&C)
> Content (Arts and humanities, Social Sciences, Science, Technology & Medicine)
> Strategic Marketing and Communications (SMC)
> Brand and reputation
29th November 2012 Session 7 -Web archiving at the British Library 3
98. Current web archiving strategy
> Selective archiving of websites that
> reflect the diversity of lives, interests and activities throughout the UK
> contain research value or are of research interest
> feature political, cultural, social and economic events of national interest
> demonstrate innovative use of the web4 areas
> Also prioritise websites at risk and web-only content
> Permission based
> Permission to archive, to provide online access and to preserve. Also ask or 3rd
rights clearance
> 30% success rate, 5% explicit refusal (mostly due to 3rd party rights)
> Online access through UK Web Archive
> Expect to crawl at domain level (from April 2013) for Non-
print Legal Deposit
29th November 2012 Session 7 -Web archiving at the British Library 5
99. The current Web Archiving team
29th November 2012 Session 7 -Web archiving at the British Library 6
Skills Profile
> IT
> Collection management, digital curation
> Management
> Communications
> Web Archiving
100. (Internal Collaboration)
> The Web Archiving Team is involved in the end to end process but work
with other departments / teams in the library
29th November 2012 Session 7 -Web archiving at the British Library 7
Department /Team Activity / Support
S&C
> Subject specialist group
> Curator’s Choice project
Selection, curation
eIS Network, hardware and IT support
O&S
Resource Discovery & Research
Corporate level resource discovery http://explore.bl.uk/
CA&D
Digital Processing
Cataloguing (special collection level)
SMC Publicity, press release, events
The Legal Deposit Programme Domain crawl capability / process and policy
101. Curator’s Choice
> Pilot project with a small group of dedicated curators /
subject specialists
> Special Collections of curator’s choice. Curators take
responsibility for owning, maintaining and growing the
collections over time
> Evolving Role of Libraries in the UK
> Political Action and Communication
> Slavery and Abolition in the Caribbean
> UK relations with the Low Countries
> 19th Century English Literature
> Oral History in the UK
> Film in the UK
> Energy
29th November 2012 Session 7 -Web archiving at the British Library 8
102. Web Archiving Advisory Group
> Provide advice and support to the Web Archiving Team
> Act as a ‘critical friend’ to assist in the development of policy
and practice.
> Specific advice and support on:
> Purpose, vision and benefits.
> Strategic direction and planning.
> Synergy with internal teams and collaboration with
external stakeholders/partners.
> Policy changes and risk management
29th November 2012 Session 7 -Web archiving at the British Library 9
103. (External) Collaboration
> UK Web Archiving Consortium (2004-2007): centralised infrastructure
and development, distributed collections
> UK Web Archive partners, National Archives, Legal Deposit Libraries
(LDLs)
> External Collaborators
> Welcome Library
> Live Art Development Agency
> The Cambridge Innovation Network
> The Women’s Library
> Institute of Historical esearch, University of London
> Individual researchers, specialists
> General public – ca. 20 nominations / week
> National organisations: DPC, JISC
> International: IIPC
29th November 2012 Session 7 -Web archiving at the British Library 10
104. JISC UK Web Domain Dataset (1996-2010)
> Collaboration with JISC and the Internet Archive
> UK Web Domain Dataset (1996-2010) – UK websites
extracted from the Internet Archive's collection and
supported by funding from the JISC
> 35TB research dataset
> No local access to individual websites but access to
secondary dataset allowed
> BL has developed visualisations of the dataset
> JISC funded 2 further projects using this dataset
> Analytical Access to the Domain Dark Archive
> Big Data: Demonstrating the Value of the UK Web Domain Dataset for Social
Science Research
29th November 2012 Session 7 -Web archiving at the British Library 11
105. Web Archiving Tools
> Support key processes: selection, harvesting, storage,
access, preservation
> Mostly open source tools, some developed in-house
> New tools / changes to current tools expected when business
processes change due to non-print Legal Deposit
29th November 2012 Session 7 -Web archiving at the British Library 12
106. Selection Tools
> Selection: decide what websites to archive and to include as
part of a web archive collection
> Selection and Permission Tool: https://wct.bl.uk/selection/
> Submit selection – real time checking of duplicates, fetching meta tags from live
sites
> Collect metadata
> Add contact details
> Suggest crawl frequency
> Permissions management – send emails, direct users to online licence form, store
the completed forms, pass details to WCT (create authorisation record and a
pending target)
> Reports
> Twittervane
29th November 2012 Session 7 -Web archiving at the British Library 13
107. Harvesting Tools
> Harvesting: automated downloading of selected websites
using crawler software; quality assurance regarded as an
element
> The Web Curator Tool (WCT): https://wct.bl.uk/wct/
> Job scheduling
> Metadata
> Access control
> Harvesting (uses Heritirx)
> QA
29th November 2012 Session 7 -Web archiving at the British Library 14
108. Quality Assurance
> Placing more emphasis on intellectual content than
appearance or behaviour of a website
> Use four aspects to define quality:
> Completeness of capture: whether the intended content has been captured as
part of the harvest.
> Intellectual content: whether the intellectual content (as opposed to styling and
layout) can be replayed in the Access Tool.
> Behaviour: whether the harvested copy can be replayed including the behaviour
present on the live site, such as the ability to browse between links interactively.
> Appearance: look and feel of a website.
> Rely on visual comparison, previous harvests & crawl logs
> Recent development of QA module to allow bulk operation,
reduce # of clicks and make QA recommendations
29th November 2012 Session 7 -Web archiving at the British Library 15
109. Supporting Long-term Preservation
> Storing data in WARCs and metadata in METS
> Migrate all legacy data into WARCs
> WCT output WARC files
> Submission Information Package (SIP) profiles for selective
and domain crawls
> Storing descriptive metadata (eg permission information) & technical metadata
(eg crawl log, crawl configurations, virus scan events)
> Ingest archived websites in the Digital Library System (DLS)
> Command line tool generates SIPs
> Providing access from the DLS (in future)
29th November 2012 Session 7 -Web archiving at the British Library 16
110. Demo (45 minutes)
> Selection and Permission Tool (https://wct.bl.uk/selection/)
> Web Curator Tool (https://wct.bl.uk/wct/)
29th November 2012 Session 7 -Web archiving at the British Library 17
111. Access
> Currently 3 ways to access the web archive
> Online through the UK Web Archive
> Catalogue records (of special collections)
> Keywords search through primo (corporate resource
discovery system)
> Conduct researcher survey to understand
requirements
> Analytical access
29th November 2012 Session 7 -Web archiving at the British Library 18
113. Keyword search through Primo
29th November 2012 Session 7 -Web archiving at the British Library 20
114. UK Web Archive
29th November 2012 Session 7 -Web archiving at the British Library 21
> Websites archived by BL and
partners since 2004 (65% by
BL)
> 122,99 websites, 50,866
instances, 13.6TBWARCs
> Over 100,000 unique visits
since 1st April 2012
> Key websites include videos
> Full-text, N-gram, title and
URL search
> Browse by subject / special
collection, visual browsing
http://www.webarchive.org.uk
115. Analytical Access
> Shift of focus from the level of single webpages or websites
to the entire web archive collection.
> Use web archives as datasets
> Support survey, annotation, contextualisation and
visualisation
> Allows discovery of patterns, trends and relationships in
inter-linked web pages
> Extracting value from the “haystacks”
> Helps addresses a number of challenging issues
> Scalability
> Accessibility of individual websites
> Components missed by crawlers
29th November 2012 Session 7 -Web archiving at the British Library 22
116. Visualising the UK Web
> http://www.webarchive.org.uk/ukwa/visualisation
> N-gram search
> Links analysis
> Format Analysis
> Geo-index
> http://www.webarchive.org.uk/bluebox/
> uses the Memento aggregate TimeGate hosted by lanl.gov
> “resource not in archive” – who else has it?
> Open data
> Dataset and APIs for general use
> Enable broader community to re-use, explore and visualise content of web archive
29th November 2012 Session 7 -Web archiving at the British Library 23
118. Non-print Legal Deposit: Time of change
> Expected to be in place in April 2013
> Access restricted to premises of Legal Deposit Libraries
> Library-wide Legal Deposit Programme to develop capability
and end-to-end process
> Web Archiving Team acts as “technical supplier” for a
number of projects
> Still need to work out how current (permission-based)
selective archiving relates to domain crawl under Legal
Deposit
> Will we request permissions for online access?
> Will we stop crawling some of the sites we are crawling now and include them in
the annual / bi-annual broad domain crawl?
> Who does what?
29th November 2012 Session 7 -Web archiving at the British Library 25
119. 29th November 2012 Session 7 -Web archiving at the British Library 26
Web Archiving Strategy
26
Domain Crawl
Event
S
p
e
c
i
a
l
c
o
l
l
e
c
t
i
o
n
S
p
e
c
i
a
l
c
o
l
l
e
c
t
i
o
n
Domain
harvesting:
• Broad
sweep of
.uk domain
• Once or
twice a year
Events & key
sites:
• Events of
national
interest
• Sites need
to be
captured
frequently
Special
Collection:
• Focused,
thematic
collections
• Support
priority
subjects
Key sitesEvent
S
p
e
c
i
a
l
c
o
l
l
e
c
t
i
o
n
S
p
e
c
i
a
l
c
o
l
l
e
c
t
i
o
n
120. Web
Archiving
Workshop
Leïla
Medjkoune,
Internet
Memory
IIPC
workshop,
BNF,
Paris,
November
2012
121. Internet
Memory
Internet
Memory
Founda/on
(European
Archive)
• Established
in
2004
in
Amsterdam
and
then
Paris
• Mission:
Preserve
Web
content
by
building
a
shared
WA
plaJorm
• Ac/ons:
DisseminaLon,
R&D
and
partnerships
with
research
groups
and
cultural
insLtuLons
• Open
Access
Collec/ons:
UK
NaLonal
Archives
&
Parliament,
PRONI,
CERN
and
The
NaLonal
Library
of
Ireland
Internet
Memory
Research
• Spin-‐off
of
IM
established
in
June
2011
in
Paris
• Missions:
Operate
large
scale
or
selecLve
crawls
&
develop
new
technologies
(crawl,
access,
processing
and
extracLon)
122. Internet
Memory
Infrastructure
Green
datacenters
Repository
and
data
access
for
large-‐scale
data
management:
• HDFS
(Hadoop
File
System):
Distributed,
fault-‐tolerant
file
system
• Hbase.
A
distributed
key-‐value
index
• Convenient
model
for
temporal
archives
• MapReduce:
A
distributed
execuLon
framework
• Reliable
mechanism
to
run
an
analysis
job
on
very
large
datasets
123. Internet
Memory
Focused
crawling:
• Automated
crawls
• Quality
focused
crawls
:
– Video
capture,
Twiaer
crawls
– ExecuLon
tools
to
overcome
crawling
issues
on
specific
content
Large
scale
crawling
• Inhouse
developped
distributed
sobware
• Scalable
crawler
(10-‐50
Bn
pages)
• Also
designed
for
focused
crawl
and
complex
scoping
124. Research
projects
and
focus
Web
Archiving
and
Preserva/on
✓ Living
Web
Archives
(2007-‐2010)
✓ Archives
to
Community
MEMories:
(2010-‐2013)
✓ SCAlable
PreservaLon
Environment
(2010-‐2013)
Webscale
data
Archiving
and
Extrac/on
✓ Living
Knowledge
(2009-‐2012)
✓ Longitudinal
AnalyLcs
of
Web
Archive
data
(2010-‐2013)
✓ TrendMiner
(2011-‐2014)
✓ DOPA
(2012-‐2014)
✓ AnnoMarket
(2012-‐2014)
125. Web
Archiving
project
?
OrganisaLonal
challenges:
• SelecLon/QA:
Librarian
/
Archivist,
Quality
assurance
team,
Project
manager
• Content
capture/services
development:
Engineers,
developers,
technicians
• Infrastructure
deployment
and
maintenance:
Engineers,
System
administrators
➥ Web
Archiving
projects
require
strong
competences
and
experienced
human
resources
combined
with
a
scalable
infrastructure
126. IM
Shared
plaJorm
Since
its
creaLon
in
2004,
the
Internet
Memory
FoundaLon
works
in
close
collaboraLon
with
partners
insLtuLons
and
research
groups
through
European
projects:
• To
develop
methods
and
tools
improving
web
archiving
quality
• To
grow
its
experLse
and
technological
taskforce
127. Archivethe.Net
(1)
• To
mutualize
knowledge
and
skills
between
insLtuLons
• To
share
internal
developments
with
partners
insLtuLons
• To
cut
services
and
R&D
costs
128. Archivethe.Net
(2)
• Archivethe.net is a shared web archiving platform
associated to a service.
• The platform is combining new technology and
user needs to ensure a good service quality in
terms of reliability and efficiency
• For whom ? our current partners, our new
partners and … for ourselves
129. Benefits
?
• Integrated
web
archiving
process
:
from
selecLon
to
access
• Ongoing
technological
developments
through
specific
or
common
R&D
projects
• Dedicated
and
highly
skilled
team
to
follow
partners’
projects
• Dedicated
infrastructure
130. How
does
it
work?
(1)
• ATN
is
designed
as
a
Saas
(Sobware
as
a
service)
• The
plaJorm
offers
a
friendly
user
interface
to
record
partners
web
archiving
orders
• A
pipeline
organizes
and
manages
the
producLon
• A
QA
team
ensures
the
quality
of
the
archive
to
meet
partners
requirements
132. ARCOMEM
Archivist
tool
?
Set
and
follow
web
archive
campaigns
• V1:
A
crawler
cockpit
and
a
search
and
retrieval
applicaLon
Intelligent
content
acquisiLon:
• Seeds
URLs
• Keywords
• Social
web
sites
APIs
• Social
Media
Categories
(SMC)
133. SARA
Search
and
retrieval
interface:
• Advance
search
funcLonaliLes
• Filtering
via
faceLng
• SorLng
by
content
type,
Social
media
plaJorm,
text/
image
contextual
informaLon
(event,
enLty,...),
etc.
134. Crawler
Cockpit
Interface
• Create/select
a
campaign
• Describe
campaign
(Ltle,
descripLon,
comments,
etc.)
• Define
scope:
select
criteria
such
as
language,
keyword,
url,
organisaLon,
etc.
• Select
social
media
categories
and
APIs
to
explore
• Set
precedence
rules
for
some
content
type
or
source
(images,
videos,
tweets,
news,
etc.)
136. ARCOMEM
Archivist
Tool
V2
•
Refinement
mode
:
Refine
crawl
parameters
to
improve
crawls
•
Improve
access
applicaLon
(SARA)
:
Preview
funcLon
so
that
the
users
can
review
the
results
of
the
campaign
set
up
137. QA
for
Web
Archives?
IM
QA
is
based
on:
• Tools
internally
developed
• Tools
developed
in
the
context
of
European
projects
•
Automated
processes
•
Knowledge
and
skills
of
our
crawl
engineer
and
QA
teams
138. QA
Methodology
and
tools?
Methodology
• Based
upon
crawler
behaviour
• Based
on
insLtuLons
needs
and
policy
• Can
be
manual
(visual)
or
“automated”
• Can
be
made
at
pre
or
post
crawl
Lme
Tools
• Open
source
tools
such
as
plugins
,
proxies,
etc.
• Internally
developed
tools
(fetchers,
automate
check,
etc.)
• Bug
trackers
to
record
informaLon
and
communicate
with
partner
insLtuLons
139. QA
Methodology
and
tools?
SCApe:
Scalable
PreservaLon
Environments
• Automate
visual
QA
to
detect
rendering
issues:
• Improve
archives
quality
and
cut
QA
costs
• Feed
“preservaLon
watch
and
planning”
tools
• First
test
made
on
over
400
pairs
of
urls
• Inhouse
“ExecuLon
plaJorm”
under
deployment
• Results
and
processes
to
be
disseminated
to
IIPC
members
for
feedback
!
140. Technical
challenges
Capture
• Dynamically
generated
content,
deep
web,
etc.
• Non
HTTP
protocoles
(e.g.:
RTMP)
• Social
media
plaJorms,
...
Access
• Replicate
live
funcLonaliLes
and
look
&
feel
• Provide
access
to
very
large
files
➥ Fast
evolving
technologies
➥ Ephemeral
content
➥ MulLplicaLon
of
producLon
means:
➥ Increase
of
user
generated
content
141. Technical
SoluLons
• ExecuLon
based
crawling
(vs
parsing)
• API
crawling
• ApplicaLon
aware
crawling
• Bespoke
fetchers
➥ OrchestraLon
of
tools
ARCOMEM content acquisition
142. Technical
SoluLons
Access
tool:
• Player
replacement:
reproduce
players
funcLonaliLes
• Adapt
access
soluLon
to
type
of
content/plaJorms
(generic
soluLons)
Storage
infrastructure
/
format:
• Enable
access
to
large
files
• Fast
access
to
large
amount
of
content
to
facilitate
search
&
retrieval
143. Use
cases
• Social
media
capture
and
access:
• You
Tube
• Twiaer
• Flickr,
etc.
• Web
Archiving
related
services:
• RedirecLon
service
• Memento
• Legal
issues
with
captured
content
• Full
text
search
• etc.