This document summarizes a presentation about the KillrChat messaging application. KillrChat is a scalable messaging app built using AngularJS, Spring, and Cassandra. It demonstrates de-normalization and provides an exercise for attendees to work with user and chat room management, as well as chat messages. The document outlines the architecture, data models, and solutions for handling concurrent requests to avoid inconsistencies through the use of lightweight transactions in Cassandra.
DOAN DuyHai – Cassandra: real world best use-cases and worst anti-patterns - ...NoSQLmatters
DOAN DuyHai – Cassandra: real world best use-cases and worst anti-patterns
In this session, you'll see how to leverage the best features of Cassandra to solve real world issues (Rate limiting/anti fraud system, account validation, security token …). We'll also highlight some common anti-patterns (queue,partition key miss,CQL3 null) and see how to solve them in the Cassandra way.
DOAN DuyHai – Cassandra: real world best use-cases and worst anti-patterns - ...NoSQLmatters
DOAN DuyHai – Cassandra: real world best use-cases and worst anti-patterns
In this session, you'll see how to leverage the best features of Cassandra to solve real world issues (Rate limiting/anti fraud system, account validation, security token …). We'll also highlight some common anti-patterns (queue,partition key miss,CQL3 null) and see how to solve them in the Cassandra way.
Maintaining the product is one (if not the most) expensive area of the overall product costs. Writing clean code can significantly lower these costs, making it more efficient during the initial development and results in more stable code. In this session participants will learn how to apply C# techniques in order to improve the efficiency, readability, testability and extensibility of code.
Clean Code @Voxxed Days Cluj 2023 - opening KeynoteVictor Rentea
Clean Code principles have become a cornerstone of professional developer teams worldwide. But frameworks and languages have evolved, and so have the challenges we’re facing today while crafting modern applications. Single-page apps, extremely DRY code, microservices, excessive functional programming, and reactive flows have all taken their toll on our code quality. Hop aboard this roundtrip of the most damaging Code Smells as of 2023 and fill your toolbox with a load of practical tricks you can immediately apply to your day-to-day work. All in an entertaining show spiced with live-coding moments.
Rainbow Over the Windows: More Colors Than You Could ExpectPeter Hlavaty
As time goes on operating systems keep evolving, like Microsoft Windows do, it ships new designs, features and codes from time to time. However sometimes it also ships more than bit of codes for complex subsystems residing in its kernel ... and at some future point it starts implementing new designs to prevent unnecessary access to it. However is it safe enough?
As we can see from security bulletins, win32k subsystem attracts lots of attention. It looks that with efforts of many security researchers who has dug into this area, finding bugs here shall becomes pretty tough and almost fruitless. But unfortunately this is not true, as win32k is backed up by very complex logic and large amount of code by nature..
We will present our point of view to Windows graphic subsystem, as well as schema of our fuzzing strategies. We will introduce some unusual areas of win32k, its extensions and how it can breaks even locked environments.
Part of our talk will be dedicated to CVE-2016-0176, the bug we used for this year's Pwn2Own Edge sandbox bypass, from its discovery to its exploitation techniques, which could serves as an example for universal DirectX escape which is independent of graphics vendors.
Making A Game Engine Is Easier Than You ThinkGorm Lai
This is a talk I gave at the Develop Conference 2015 in Brighton. It is a an attempt at making a balanced talk on when it makes sense to make your own technology, and what it takes to get you there.
I've seen projects with shiny, new code render into unmaintainable big balls of mud within 2-3 years. Multiple times. But regardless of whether it's the code base as a whole that's rotten, or whether it's just the UI and User Experience that needs a major overhaul: the question on rewrite vs refactoring will come up sooner or later. Based on years of experience, and a plethora of bad decisions cumulating into epic failures, I'll share my experience on how to have a code base that stays maintainable - even after years. After this talk, you'll have more insight into whether you should refactor or rewrite, and how to do it right from now on.
Active Record 4.0 includes all sorts of exciting support for PostgreSQL! In this presentation, I show many of these improvements, and discuss why these are important for Web developers. If you haven't yet adopted PostgreSQL, now might be a great time and chance to do so.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
2. @doanduyhai
KillrChat presentation!
2
What is KillrChat ?
• scalable messaging app
Why KillrChat ?
• show real life de-normalization
• DIY exercise
• provide real application for attendees
• highlight Cassandra eco-system
7. @doanduyhai
Getting started!
7
Clone the Git repository
git clone https://github.com/doanduyhai/killrchat.git
Go into the ‘killrchat’ folder and launch tests
cd killrchat
mvn clean test
12. @doanduyhai
User’s chat rooms data model!
12
How to store chat rooms for an user ?!
CREATE TABLE killrchat.user_rooms(
login text,
room_name text,
PRIMARY KEY((login), room_name));
• pros: can store huge room count per user (106)
• cons: separated table, needs 1 extra SELECT!
13. @doanduyhai
User’s chat rooms data model!
13
Best choice!
• 1 SELECT fetches all data for a given user
• usually, 1 user is not in more that 1000 rooms at a time
• stores only room name
CREATE TABLE killrchat.users(
login text,
…
chat_rooms set<text>, //list of chat rooms for this user
PRIMARY KEY(login));
14. @doanduyhai
Lightweight Transaction!
14
Avoid creating the same login by 2 different users ?
☞ use Lightweight Transaction!
INSERT INTO killrchat.users(room_name, …)
VALUES (‘jdoe’, …) IF NOT EXISTS ;
Expensive operation!
☞ do you create a new account every day ?!
25. @doanduyhai
Participant joining!
25
Adding new participant!
UPDATE killrchat.chat_rooms SET participants = participants + {…}
WHERE room_name = ‘games’;
❓
What if the creator deletes the room at the same time ?
26. @doanduyhai
Concurrent delete/update!
26
UPDATE chat_rooms SET
participants =
participants + {login: ‘jdoe’, …}
WHERE room_name = ‘games’;
DELETE FROM chat_rooms
WHERE room_name= ‘games’;
result games
participants creator banner ...
{login: ‘jdoe’, …} ∅ ∅ ∅
29. @doanduyhai
Concurrent delete/update!
29
UPDATE chat_rooms SET
participants =
participants + {login: ‘jdoe’, …}
WHERE room_name = ‘games’
IF EXISTS;
DELETE FROM chat_rooms
WHERE room_name= ‘games’
IF creator_login = ‘jdoe’;
Room deleted
30. @doanduyhai
Participant leaving!
30
Removing participant (no read-before-write)!
UPDATE killrchat.chat_rooms SET participants = participants - {…}
WHERE room_name = ‘games’; ❓
What if the creator deletes the room at the same time ?
• we’ll create a tombstone
• tombstone will be garbage-collected by compaction !
31. @doanduyhai
Concurrent delete/update!
31
UPDATE chat_rooms SET
participants =
participants - {login: ‘jdoe’, …}
WHERE room_name = ‘games’;
DELETE FROM chat_rooms
WHERE room_name= ‘games’;
result games
participants creator banner ...
∅ ∅ ∅ ∅
32. @doanduyhai
Deleting room!
32
What if participant leaving at the same time ?
• not a problem, tombstone will be garbage
What if participant joining at the same time ?
☞ use Lightweight Transaction!
Only room creator can delete room, no one else!
☞ use Lightweight Transaction
!
33. @doanduyhai
Deleting room!
33
DELETE killrchat.chat_rooms
WHERE room_name = ‘games’
IF creator_login = <current_user_login>;
Solution
Advantages
• current user login coming from Security context, no cheating !
• slow but how often do you delete rooms ?
37. @doanduyhai
Data model!
37
CREATE TABLE killrchat.chat_room_messages(
room_name text,
message_id timeuuid,
content text,
author text,
// JSON blob {login: …, firstname: …, lastname: …}
system_message boolean,
PRIMARY KEY((room_name), message_id)
) WITH CLUSTERING ORDER BY (message_id DESC);
38. @doanduyhai
Data model!
38
Clustering column message_id order by DESC
• latest messages first
• leverage the new row cache in Cassandra 2.1
Improvements
• current data model limits messages count to ≈ 500 ⨉ 106
• bucketing by day is the right design
PRIMARY KEY((room_name, day), message_id) //day format yyyyMMdd