Let’s admit it, the tools for writing CSS aren’t very advanced. For the most part, the people who write tools don’t know about CSS and the people who know about CSS don’t write tools. Quite a conundrum!
In this session, you’ll learn about good tools that can make development faster and maintenance easier. We’ll also talk a bit about where we can go from here.
What tools do we need as sites are becoming more and more complex? We need to get beyond tools whose primary goal is to avoid hand-coding and realize that, as our techniques for writing CSS become more powerful, our tools can too! Session will include:
* Validators
* Preprocessors
* Finding dead rules
* Linting
* CSS3 gradient tools
* Performance measurement tools
* Unit testing
Web Processing Service is one of the hottest new areas of server side development. So hot in fact that that we got in a bit of trouble last year (brawls in the halls, raised voices and a certain lack of fashion sense).
On a more serious note we are really pleased to offer a panel format discussion with leaders from a selection of key web processing service providers.
52N - Bastian Schäffer deegree
GeoServer - Andrea Amie
GeoTools - Jody Garnett
PyWPS - Jachym Cepicky
ZOO-project - Gérald Fenoy
Several of the projects have been able to participate in a "wps-shootou" on interoperability. This is a particularly tough subject as each server is responsible both for advertising processes, but also has an opportunity to schedule the work of other servers. Come and see how they all did (or did not!) function.
Web Processing Service offers an opportunity for your organisation to make use of the web not just for data publication; but also for analysis and modeling. WPS offers a great solution allowing GIS to finally be used in a modern service oriented architecture with applications ranging from climate modeling through to simple GIS functionality for web applications.
Attend this talk for an entertaining discussion on the state of play in the wps market today. There will be an opportunity for questions.
Let’s admit it, the tools for writing CSS aren’t very advanced. For the most part, the people who write tools don’t know about CSS and the people who know about CSS don’t write tools. Quite a conundrum!
In this session, you’ll learn about good tools that can make development faster and maintenance easier. We’ll also talk a bit about where we can go from here.
What tools do we need as sites are becoming more and more complex? We need to get beyond tools whose primary goal is to avoid hand-coding and realize that, as our techniques for writing CSS become more powerful, our tools can too! Session will include:
* Validators
* Preprocessors
* Finding dead rules
* Linting
* CSS3 gradient tools
* Performance measurement tools
* Unit testing
Web Processing Service is one of the hottest new areas of server side development. So hot in fact that that we got in a bit of trouble last year (brawls in the halls, raised voices and a certain lack of fashion sense).
On a more serious note we are really pleased to offer a panel format discussion with leaders from a selection of key web processing service providers.
52N - Bastian Schäffer deegree
GeoServer - Andrea Amie
GeoTools - Jody Garnett
PyWPS - Jachym Cepicky
ZOO-project - Gérald Fenoy
Several of the projects have been able to participate in a "wps-shootou" on interoperability. This is a particularly tough subject as each server is responsible both for advertising processes, but also has an opportunity to schedule the work of other servers. Come and see how they all did (or did not!) function.
Web Processing Service offers an opportunity for your organisation to make use of the web not just for data publication; but also for analysis and modeling. WPS offers a great solution allowing GIS to finally be used in a modern service oriented architecture with applications ranging from climate modeling through to simple GIS functionality for web applications.
Attend this talk for an entertaining discussion on the state of play in the wps market today. There will be an opportunity for questions.
The content:
1. Discuss about famous web attack vector
2. DVWA low security level walkthrough
3. Web Application Security Tools, nikto and nmap
4. Burp Suite Usage
Mikrotik adalah perangkat jaringan yang paling banyak di gunakan oleh kalangan yang menengah kebawah. tidak lain karena mikrotik memang di kenal handal dan harga bersahabat sesuai untuk perusahaan yang menengah kebawah. Jika anda tertarik untuk belajar mikrotik silakan bergabung bersama kami di http://hadsec.com
Image and Music: Processing plus Pure Data with libpd libraryPETER KIRN
Make Your Own Free Tools with Processing, Pure Data
Support slides from a talk to CrashSpace, Los Angeles, the debut workshop on using this Pure Data library for Processing
an overview of the iWantMyName architecture. A catalyst app powered by a RabbitMQ based backend flavored with a lot of CouchDB and sugar coated with some Redis.
The content:
1. Discuss about famous web attack vector
2. DVWA low security level walkthrough
3. Web Application Security Tools, nikto and nmap
4. Burp Suite Usage
Mikrotik adalah perangkat jaringan yang paling banyak di gunakan oleh kalangan yang menengah kebawah. tidak lain karena mikrotik memang di kenal handal dan harga bersahabat sesuai untuk perusahaan yang menengah kebawah. Jika anda tertarik untuk belajar mikrotik silakan bergabung bersama kami di http://hadsec.com
Image and Music: Processing plus Pure Data with libpd libraryPETER KIRN
Make Your Own Free Tools with Processing, Pure Data
Support slides from a talk to CrashSpace, Los Angeles, the debut workshop on using this Pure Data library for Processing
an overview of the iWantMyName architecture. A catalyst app powered by a RabbitMQ based backend flavored with a lot of CouchDB and sugar coated with some Redis.
Fast & Furious: Speed in the Opera browserAndreas Bovens
From its early days, Opera has focused on providing its users with a snappy browsing experience on a wide range of hardware and OSes. In this talk, I look at the latest versions of Opera for desktop, Opera Mobile and Opera Mini and explore how they make web pages super fast.
http://velocityconf.com/velocityeu/public/schedule/detail/22183
Rails ORM De-mystifying Active Record has_manyBlazing Cloud
Rails' ORM layer, ActiveRecord, is an elegant solution for keeping model code simple and modular (aka DRY). Demystifying the way Ruby-on-Rails uses runtime method generation opens a doorway for understanding and provides a foundation for the other ways Rails uses simple conventions to allow sophisticated, concise functionality in a declarative style.
Here is big mystery that you'll be equipped to understand better after playing with the slides
-> If honeys is an array - and honeys has a method create! - then why does an array object [] not have create!
Hive.first.honeys.class
=> Array
[].create!
=> NoMethodError
Hive.first.honeys.create!
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1awkL99.
Details on Pinterest's architeture, its systems -Pinball, Frontdoor-, and stack - MongoDB, Cassandra, Memcache, Redis, Flume, Kafka, EMR, Qubole, Redshift, Python, Java, Go, Nutcracker, Puppet, etc. Filmed at qconsf.com.
Yash Nelapati is an infrastructure engineer at Pinterest where he focusses on scalability, capacity planning and architecture. Prior to Pinterest he was into web development and rapidly prototyping UI. Marty Weiner joined Pinterest in early 2011 as the 2nd engineer. Previously worked at Azul Systems as a VM engineer focused on building/improving the JIT compilers in HotSpot.
Video and slides synchronized, mp3 and slide download available at http://bit.ly/ZWoOFl.
Max Firtman discusses the present mobile ecosystem, why cross-platform is the key to success, HTML5 APIs, challenges with HTML5, when HTML5 is a proper solutions and other. Filmed at qconsf.com.
Max Firtman is a mobile+web developer, trainer, speaker and writer. He is Adobe Community Champion and founder of ITMaster Professional Training. He wrote many books, including "Programming the Mobile Web" and "jQuery Mobile: Up and Running" published by O'Reilly Media. He has a blog about mobile web development at www.mobilexweb.com and he maintains the website www.mobilehtml5.org.
This summer, the US Department of Energy re-launched Energy.gov on Drupal. The technical requirements of the project were driven by an internal need to consolidate the publishing and editorial resources of dozens of program offices. This session will discuss the challenges of developing a platform that will serve the current and future needs of the department, and the tools and techniques we developed along the way. We will also be discussing the projects that will be contributed back to the Drupal community on behalf of the work done for this project.
The technical discussion will include:
New techniques for block creation.
New techniques for page creation with custom block layouts.
State machine-based publishing workflows.
Custom data visualization framework.
API-centric module development.
Materi yang saya sampaikan pada cara Focus Group Discussion (FGD) BSSN mengenai peraturan Voluntary Vulnerability Disclosure Program (VVDP) milik BSSN, berkaitan dengan uji publik peraturan. Semoga bermanfaat
Cybercrime: A threat to Financial industryAmmar WK
Cybercrime to Financial Services, aimed at taking over customer transactions and online banking sessions, also
attacks against the financial institutions
themselves.
Pemateri akan membahas tentang fenomena "bug bounty" di dunia keamanan, membahas juga
mengenai "0day" exploit yang menjadi senjata andalan para pelaku kejahatan siber sampai "APT actor",
dan mengajak bersama-sama untuk membahas apakah benar "bug bounty" dapat membendung dampak dari 0day exploit.
Nowadays, like the technology itself, hacking activities against mobile phone is growing very rapidly, both for mobile devices (operating system) or mobile applications, some applications providers even dedicate a penetration testing activity for applications that they created right before it gets released to the public, while others open a bug bounty programs, and sadly the rest just watch and do nothing.
On the other side, malware developer arround the world also already move their main target and has been developing malware to take over the mobile devices which surely keep all our personal/private and our work, some of it even make us to pay for getting it back.
This talks will be focusing more on the trend of mobile device security lately, mobile security penetration testing activity, also in practice, showing several types of common weaknesses/vulnerabiliies within the mobile applications and how the exploitation is done by the attacker, malware is created and planted, until it is successfully to take over the target mobile device.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
1. Layer7 Denial Of Sevice
Attack Mitigation
IT LESEHAN - y3dips
Saturday, November 12, 11
2. Agenda
• Introduction
• Denial Of Service
• Layer 7 Denial Of Service
• Case Stories
• Demo
• Discussion
Saturday, November 12, 11
3. Introduction
• Freelance IT Security Consultant
• More than 9 years in IT Security
• Founder of “ECHO” one of Indonesian Hacker
Community, established 2003
• Founder of IDSECCONF - Indonesia Security
Conference in Cooperation with DEPKOMINFO
• More Info:
• me@ammar.web.id
• @y3dips
Saturday, November 12, 11
4. Denial of Service
Suatu jenis kegiatan yang bertujuan untuk menggagalkan kerja suatu
sistem secara maksimal baik sebagian atau seluruhnya.
Saturday, November 12, 11
5. DOS
• Stupid Act
• Exhausted also yours
• Old story,
• moby write ddos in 2003 *
• I write apache dos in 2003**
• Well handle by now
*http://ezine.echo.or.id/ezine2/ddos%7EMoby.txt
**http://ezine.echo.or.id/ezine2/dos_buat_apache%7Ey3dips.txt
Saturday, November 12, 11
6. Type of Network DOS
• Layer 4
• Attack layer 4 protocol
• TCP
• SYN, FIN, ACK
• smurf, TRINOO, stacheldart, teardrop
Saturday, November 12, 11
7. Type of Network DOS
• Layer 7
• Attack Layer 7 Protocol
• HTTP, FTP, DNS
• HTTP-slow post, HTTP-GET
Saturday, November 12, 11
18. Ganti Periode Laporan: 201111 - Bulan Nov 2011 Go
Statistik untuk: echo.or.id
Terakhir diupdate: 08 Nov 2011 - 14:20
Periode Laporan: Bulan Nov 2011
Kapan: Monthly history Days of month Hari Jam (Waktu Server)
Siapa: Countries Daftar Lengkap Host Daftar Lengkap Kunjungan Terakhir Alamat IP yang tidak teresolve Robot/Spider Daftar Lengkap
Kunjungan Terakhir
Navigasi: Lama kunjungan Jenis File Halaman yang Dilihat Daftar Lengkap Halaman masuk (entry page) Halaman keluar (exit page) Sistem Operasi
Versi Tidak Diketahui Browser Versi Tidak Diketahui
Referer: Asal Search engine referer Situs referer Pencarian Frase Pencarian Kata Kunci Pencarian
Lainnya: Miscellaneous Kode error HTTP Halaman tidak ditemukan (not found)
Ringkasan
Periode Laporan Bulan Nov 2011
Kunjungan Pertama 01 Nov 2011 - 00:00
Kunjungan Terakhir 08 Nov 2011 - 11:35
Pengunjung Unik Jumlah Kunjungan Halaman Hit Bandwidth
10021 14357 102822 417078 1.45 GB
Traffic viewed *
(1.43 kunjungan/pengunjung) (7.16 Halaman/Kunjungan) (29.05 Hit/Kunjungan) (105.69 KB/Kunjungan)
Traffic not viewed * 88111 145915 395.12 MB
* Not viewed traffic includes traffic generated by robots, worms, or replies with special HTTP status codes.
Monthly history
Jan Feb Mar Apr Mei Jun Jul Agu Sep Okt Nov Des
2011 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011 2011
Bulan Pengunjung Jumlah Halaman Hit Bandwidth
Seems all Legit 11/9/11
Saturday, November 12, 11
29. Mitigation
• Always Have your backup
• No privil8 access to server; LAPORKAN
Saturday, November 12, 11
30. Mitigation
• Had The Privileged
• check netstat -n | grep 80 | wc -l
• block :
• iptables -A INPUT -s x. x. x. x -p tcp -
j TARPIT
• iptables -A INPUT -s x. x. x. x -p tcp -
j DROP
Saturday, November 12, 11
31. TARPITING
Care to Send and double the packet :) ?
http://www.secureworks.com/research/threats/ddos/
Saturday, November 12, 11
32. Hardening Apache
• TimeOut=Default 300 detik atau 5
Menit, disarankan 10 detik
• TimeOut akan melindungi server dari rikues dalam jumlah
besar, dan tidak pernah di putus oleh Attacker, dengan adanya
TimeOut, apabila tidak terjadi transaksi dalam waktu tersebut
(10 detik), maka Apache akan memutus koneksi
Saturday, November 12, 11
33. Hardening Apache
• KeepAlive = On
• KeepAlive akan mengijinkan Berbagai jenis HTTP rikues
dilakukan dalam satu koneksi.
• KeepAlive = 15 detik
• Setting ini akan melindungi Server dari Rikues Keepalive tanpa
transaksi
Saturday, November 12, 11
34. Hardening Apache
• AcceptFilter = http/https data
• Melindungi dari jenis serangan, dimana attacker membuka
koneksi via socket dan membiarkannya tanpa terjadinya
transaksi data. Dengan mendefinisikan data pada http dan
https akan meminimalisir jenis serangan ini.
Saturday, November 12, 11