The document discusses object-oriented design principles. It covers SOLID principles like single responsibility, open/closed, Liskov substitution, interface segregation and dependency inversion. Other topics include composition over inheritance, DRY principle, inversion of control, YAGNI, law of Demeter, principle of least astonishment and MVP. Specific examples are provided to illustrate how these principles can be applied, such as handling changes to authentication mechanisms in a home access system design. The Liskov substitution principle is explained in more detail.
How much do we know about Object-Oriented Programming?Sandro Mancuso
This talk goes through many of the Object-Oriented Programming principles and characteristics. Things that all developers should have in mind while writing code.
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]Alex Pruden
Slides accompanying zkStudyClub talk: Zero-Knowledge Proofs Security, in Practice. JP Aumasson (co-creator of the BLAKE hash function family) will share his experience doing security auditing for various projects that use zero-knowledge proofs. He will describe his approach, the common pitfalls in the different components of a proof system, as well as a catalog of bugs that have been discovered in various projects
This document describes how a robot assessor can automate the process of vulnerability assessments by executing common security tools. The robot assessor uses heuristics to discover services on a target, determine which tools to run, execute those tools via APIs, and record the results. This allows vulnerability assessments to be initiated with a single command, freeing up analysts to focus on analysis rather than repetitive tasks. Several examples are provided of how the robot assessor would automate running tools like nmap, Nikto, sqlmap, and more.
• For a full set of 950+ questions. Go to
https://skillcertpro.com/product/ceh-v11-certified-ethical-hacker-exam-questions/
• SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
• It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
• SkillCertPro updates exam questions every 2 weeks.
• You will get life time access and life time free updates
• SkillCertPro assures 100% pass guarantee in first attempt.
The document provides 10 rules for safer code in order to prevent security vulnerabilities:
1. Do not use eval() or evaluate strings as code.
2. Do not use pickle for serialization as it is unsafe and not secure.
3. Use ORM queries and query parameters instead of direct SQL to prevent SQL injection.
4. Be careful of XSS vulnerabilities in templates, DOM manipulations, and uploads. Escape variables and user input.
5. Securely store passwords and tokens and do not leak them.
6. Review sudo() usage and do not allow blind writes from public methods.
7. Use CSRF tokens for HTTP POST forms to prevent CSRF attacks.
10 Rules for Safer Code [Odoo Experience 2016]Olivier Dony
In this talk, we will cover the top 10 development mistakes that lead to security issues. Olivier Dony will go through all the security issues we have had over the past 3 years and give tips on how to avoid the traps for safer Odoo code.
This document discusses performance aware software defined networking (SDN) using sFlow and OpenFlow. It describes how sFlow provides visibility into network performance by exporting packet samples and interface counters. When combined with OpenFlow's programmable control plane, sFlow and OpenFlow enable feedback control applications to monitor and control network performance in real-time. Examples given include using sFlow and OpenFlow for DDoS mitigation and load balancing large flows.
How much do we know about Object-Oriented Programming?Sandro Mancuso
This talk goes through many of the Object-Oriented Programming principles and characteristics. Things that all developers should have in mind while writing code.
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]Alex Pruden
Slides accompanying zkStudyClub talk: Zero-Knowledge Proofs Security, in Practice. JP Aumasson (co-creator of the BLAKE hash function family) will share his experience doing security auditing for various projects that use zero-knowledge proofs. He will describe his approach, the common pitfalls in the different components of a proof system, as well as a catalog of bugs that have been discovered in various projects
This document describes how a robot assessor can automate the process of vulnerability assessments by executing common security tools. The robot assessor uses heuristics to discover services on a target, determine which tools to run, execute those tools via APIs, and record the results. This allows vulnerability assessments to be initiated with a single command, freeing up analysts to focus on analysis rather than repetitive tasks. Several examples are provided of how the robot assessor would automate running tools like nmap, Nikto, sqlmap, and more.
• For a full set of 950+ questions. Go to
https://skillcertpro.com/product/ceh-v11-certified-ethical-hacker-exam-questions/
• SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
• It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
• SkillCertPro updates exam questions every 2 weeks.
• You will get life time access and life time free updates
• SkillCertPro assures 100% pass guarantee in first attempt.
The document provides 10 rules for safer code in order to prevent security vulnerabilities:
1. Do not use eval() or evaluate strings as code.
2. Do not use pickle for serialization as it is unsafe and not secure.
3. Use ORM queries and query parameters instead of direct SQL to prevent SQL injection.
4. Be careful of XSS vulnerabilities in templates, DOM manipulations, and uploads. Escape variables and user input.
5. Securely store passwords and tokens and do not leak them.
6. Review sudo() usage and do not allow blind writes from public methods.
7. Use CSRF tokens for HTTP POST forms to prevent CSRF attacks.
10 Rules for Safer Code [Odoo Experience 2016]Olivier Dony
In this talk, we will cover the top 10 development mistakes that lead to security issues. Olivier Dony will go through all the security issues we have had over the past 3 years and give tips on how to avoid the traps for safer Odoo code.
This document discusses performance aware software defined networking (SDN) using sFlow and OpenFlow. It describes how sFlow provides visibility into network performance by exporting packet samples and interface counters. When combined with OpenFlow's programmable control plane, sFlow and OpenFlow enable feedback control applications to monitor and control network performance in real-time. Examples given include using sFlow and OpenFlow for DDoS mitigation and load balancing large flows.
This presentation discusses the use of Garbled Circuits for improving security and simplifying implementation of Secure Credential Management Systems (SCMS) in the Automotive industry
To detect network intrusions protects a computer network from unauthorized users, including perhaps insiders. The intrusion detector learning task is to build a predictive model (i.e. a classifier) capable of distinguishing between "bad" connections, called intrusions or attacks, and "good" normal connections
Overcoming (organizational) scalability issues in your Prometheus ecosystemQAware GmbH
Cloud Native Night, July 2020, online: Talk of Jürgen Etzlstorfer (@jetzlstorfer, Dynatrace)
== Please download slides if blurred! ==
Abstract:
Prometheus is considered a foundational building block when running applications on Kubernetes and has become the de-facto open-source standard for visibility and monitoring in Kubernetes environments.
Your first starting points when operating Prometheus are most probably configuring scraping to pull your metrics from your services, building dashboards on top of your data with Grafana, or defining alerts for important metrics breaching thresholds in your production environment. in your production environment.
As soon as you are comfortable with Prometheus as your weapon of choice, your next challenges will be scaling and managing Prometheus for your whole fleet of applications and environments. As the journey “From Zero to Prometheus Hero” is not trivial you will find obstacles on the way. In this talk we are highlighting the most common challenges we have seen and provide guidance on how to overcome them. Finally, we are discussing a solution to get you there more quickly to build automated, future-proof observability with Prometheus showing Keptn as one possible implementation.
About Jürgen:
Jürgen is a core contributor to the Keptn open-source project and responsible for the strategy and integration of self-healing techniques and tools into the Keptn framework. He also loves to share his experience, most recently at conferences on Kubernetes based technologies and automation.
More information:
Overview: https://github.com/keptn/community
Github: https://github.com/keptn/keptn
Website: https://keptn.sh
Google Group: https://groups.google.com/forum/#!forum/keptn
Twitter: https://twitter.com/keptnProject
________________________________________________
Follow us on:
https://twitter.com/qaware
https://www.linkedin.com/company/qaware-gmbh
https://github.com/qaware
www.qaware.de
How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)Vladimir Kochetkov
The document discusses developing secure web applications and changing developer mindsets. It recommends focusing on eliminating vulnerabilities at the cause rather than just addressing consequences. Developers should take a weakness-centric approach and understand how functional weaknesses can lead to vulnerabilities. The document provides examples of secure and insecure code snippets and explains how proper input validation and parameterized queries can fix vulnerabilities. It also includes summaries of threat modeling and the basics of developing securely.
SCADA deep inside:protocols and software architectureqqlan
Speakers: Alexander Timorin, Alexander Tlyapov, Gleb Gritsai
This talk will feature a technical description and a detailed analysis of such popular industrial protocols as Profinet DCP, IEC 61850-8-1 (MMS), IEC 61870-5-101/104, based on case studies. We will disclose potential opportunities that those protocols provide to attackers, as well as the authentication mechanism of the Siemens proprietary protocol called S7.
Besides protocols, the results of the research called Siemens Simatic WinCC will be presented. The overall component interaction architecture, HTTP protocols and interaction mechanisms, authorization and internal logic vulnerabilities will be shown.
The talk will be concluded with a methodological approach to network protocol analysis, recommendation, and script release.
The document summarizes application security best practices. It discusses who is responsible for application security and design considerations like authentication, authorization, privacy and data integrity. It then covers security principles like designing for security by default and in deployment. Top application vulnerabilities like SQL injection, cross-site scripting and access control issues are explained along with remedies. Finally, it provides checklists for designers, developers and testers to follow for application security.
How to write clean & testable code without losing your mindAndreas Czakaj
If you create software that is to be developed continuously over several years you'll need a sustainable approach to code quality.
In our early days of AEM development, however, we used to struggle with code that is rigid, hard to test and full of LOG.debug calls.
In this talk I will share some development best practices we have found that really work in actual AEM based software, e.g. to achieve 100% code coverage and provide high confidence in the code base.
Spoiler alert: no new libraries, frameworks or tools are required - once you know the ideas, plain old TDD and the S.O.L.I.D. principles of Clean Code will do the trick.
by Andreas Czakaj, mensemedia Gesellschaft für Neue Medien mbH
Presented at the adaptTo() 2017 conference in Berlin (https://adapt.to/2017/en/schedule/how-to-write-clean---testable-code-without-losing-your-mind.html).
Presentation video can be found on YouTube (https://www.youtube.com/watch?v=JbJw5oN_zL4)
This document discusses using Node.js for enterprise applications. It recommends a layered architecture approach with the domain model at the center. It also discusses applying design principles like SOLID and patterns like GRASP to Node.js projects for reliability, maintainability and other enterprise requirements. Schema-driven development is presented as an approach to generate artifacts like database schemas and type definitions from domain schemas.
Going through the SOC2 audit preparation and audit process at Lexop taught us quite a few interesting lessons as far as security, infrastructure and processes are concerned ... and we'd like to share some of these with you. This presentation will not only be focused on coding but also on what we went through on our way to becoming a SOC2 compliant ruby shop.
Bio
Michel Jamati, CTO and co-founder at Lexop, has accompanied the startup through 2 accelerator programs, 8.1M$ in financing, and many a sleepless night. He received a Bachelors in Computer Engineering from McGill, with a minor in Business and a specialty in Artificial Intelligence, before working for a decade in the Aerospace industry where he scoured the globe tinkering with full flight simulators for the World's biggest airlines.
In his free time, he enjoys feeding his newborn son (who's never thanked him for it) and pestering his sister . He's also an avid sports player and sci-fi reader, and has been a Big Brother for the last 5 years to one of the coolest kid out there.
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...DefconRussia
The document discusses the architecture and security of WinCC SCADA software. It describes how WinCC uses various components like CCEServer and WebNavigatortRT to manage requests and render human-machine interfaces. Authentication is performed through a two-stage process involving a SQL database and generated credentials. Internal protocols like CAL are used to transmit data between components via shared memory sections. Security issues include hardcoded passwords, weak encryption, and lack of access controls.
The document discusses several common vulnerabilities: buffer overflows, incomplete mediation, command injection attacks, inference, and cross-site scripting. Buffer overflows occur when a program writes more data to a buffer than it was designed to hold, overwriting adjacent memory and potentially changing execution. Incomplete mediation involves exposing sensitive data without checks. Command injection attacks involve inserting commands through user input. Inference involves deriving sensitive data from non-sensitive data. Cross-site scripting involves injecting client-side scripts to hijack user sessions. The document provides examples and implications of each vulnerability.
Wi-Fi: diagnosi lato client/edge
Sonde di Synthetic Monitoring permettono di avere il corretto Feedback necessario per la gestione di infrastrutture di rete complesse
The document discusses practical incident response in heterogeneous environments and overcoming limitations of traditional approaches. It proposes utilizing intelligence-driven investigation and actionable IOCs to more flexibly shape the triage process across different operating systems. Examples are provided of using software fingerprinting and debugging symbols to attribute malware and build structured knowledge bases of attackers.
Implementare e gestire soluzioni per l'Internet of Things (IoT) in modo rapid...Amazon Web Services
The document discusses building and managing secure, scalable IoT solutions using AWS IoT. It covers key AWS IoT services like the device gateway, rules engine, device shadows, security features, and AWS Greengrass. Greengrass allows running local compute, messaging, and device state synchronization on IoT devices and extends AWS IoT capabilities to edge devices. The document also provides an overview of how Italian utility company Enel is using AWS IoT services for their GoodLife home energy management project and evolving their IoT architecture to handle more projects.
The document discusses a framework for automated intrusion response using reinforcement learning. It involves creating a digital twin of the target infrastructure, learning defender strategies through simulation, and evaluating strategies. The goal is to develop self-learning systems that can optimize intrusion response over time as attacks evolve.
This document summarizes the key lessons learned from converting a legacy robotics project from Objective-C to Swift. It discusses issues with the original Objective-C code like silent nil failures, weak type safety with NSCoding, and problems with error handling. The document then covers how Swift addresses these issues through features like optional values, type safety, value types, and improved error handling with enums, throws, and do-catch. Overall, converting to Swift reduced the code base size by 75%, removed classes of bugs, found subtle bugs earlier, and allowed new features by making the code more robust.
In a dynamic infrastructure world, let's stop pretending credentials aren't public knowledge in an organization and just assume that they have already been leaked, now what?
The document describes experiments related to system security and digital forensics.
The first experiment involves using static code analysis tools like RATS and Flawfinder to analyze code samples for vulnerabilities. The second experiment describes installing and using the vulnerability scanner Nessus to scan systems for known vulnerabilities.
The third experiment explores using the website copier HTTrack to download a website from the internet to a local directory while preserving the directory structure and links. The fourth experiment demonstrates configuring router security using passwords and access lists on Cisco Packet Tracer to filter traffic between VLANs and networks.
This presentation discusses the use of Garbled Circuits for improving security and simplifying implementation of Secure Credential Management Systems (SCMS) in the Automotive industry
To detect network intrusions protects a computer network from unauthorized users, including perhaps insiders. The intrusion detector learning task is to build a predictive model (i.e. a classifier) capable of distinguishing between "bad" connections, called intrusions or attacks, and "good" normal connections
Overcoming (organizational) scalability issues in your Prometheus ecosystemQAware GmbH
Cloud Native Night, July 2020, online: Talk of Jürgen Etzlstorfer (@jetzlstorfer, Dynatrace)
== Please download slides if blurred! ==
Abstract:
Prometheus is considered a foundational building block when running applications on Kubernetes and has become the de-facto open-source standard for visibility and monitoring in Kubernetes environments.
Your first starting points when operating Prometheus are most probably configuring scraping to pull your metrics from your services, building dashboards on top of your data with Grafana, or defining alerts for important metrics breaching thresholds in your production environment. in your production environment.
As soon as you are comfortable with Prometheus as your weapon of choice, your next challenges will be scaling and managing Prometheus for your whole fleet of applications and environments. As the journey “From Zero to Prometheus Hero” is not trivial you will find obstacles on the way. In this talk we are highlighting the most common challenges we have seen and provide guidance on how to overcome them. Finally, we are discussing a solution to get you there more quickly to build automated, future-proof observability with Prometheus showing Keptn as one possible implementation.
About Jürgen:
Jürgen is a core contributor to the Keptn open-source project and responsible for the strategy and integration of self-healing techniques and tools into the Keptn framework. He also loves to share his experience, most recently at conferences on Kubernetes based technologies and automation.
More information:
Overview: https://github.com/keptn/community
Github: https://github.com/keptn/keptn
Website: https://keptn.sh
Google Group: https://groups.google.com/forum/#!forum/keptn
Twitter: https://twitter.com/keptnProject
________________________________________________
Follow us on:
https://twitter.com/qaware
https://www.linkedin.com/company/qaware-gmbh
https://github.com/qaware
www.qaware.de
How to Develop a Secure Web Application and Stay in Mind? (PHDays 3)Vladimir Kochetkov
The document discusses developing secure web applications and changing developer mindsets. It recommends focusing on eliminating vulnerabilities at the cause rather than just addressing consequences. Developers should take a weakness-centric approach and understand how functional weaknesses can lead to vulnerabilities. The document provides examples of secure and insecure code snippets and explains how proper input validation and parameterized queries can fix vulnerabilities. It also includes summaries of threat modeling and the basics of developing securely.
SCADA deep inside:protocols and software architectureqqlan
Speakers: Alexander Timorin, Alexander Tlyapov, Gleb Gritsai
This talk will feature a technical description and a detailed analysis of such popular industrial protocols as Profinet DCP, IEC 61850-8-1 (MMS), IEC 61870-5-101/104, based on case studies. We will disclose potential opportunities that those protocols provide to attackers, as well as the authentication mechanism of the Siemens proprietary protocol called S7.
Besides protocols, the results of the research called Siemens Simatic WinCC will be presented. The overall component interaction architecture, HTTP protocols and interaction mechanisms, authorization and internal logic vulnerabilities will be shown.
The talk will be concluded with a methodological approach to network protocol analysis, recommendation, and script release.
The document summarizes application security best practices. It discusses who is responsible for application security and design considerations like authentication, authorization, privacy and data integrity. It then covers security principles like designing for security by default and in deployment. Top application vulnerabilities like SQL injection, cross-site scripting and access control issues are explained along with remedies. Finally, it provides checklists for designers, developers and testers to follow for application security.
How to write clean & testable code without losing your mindAndreas Czakaj
If you create software that is to be developed continuously over several years you'll need a sustainable approach to code quality.
In our early days of AEM development, however, we used to struggle with code that is rigid, hard to test and full of LOG.debug calls.
In this talk I will share some development best practices we have found that really work in actual AEM based software, e.g. to achieve 100% code coverage and provide high confidence in the code base.
Spoiler alert: no new libraries, frameworks or tools are required - once you know the ideas, plain old TDD and the S.O.L.I.D. principles of Clean Code will do the trick.
by Andreas Czakaj, mensemedia Gesellschaft für Neue Medien mbH
Presented at the adaptTo() 2017 conference in Berlin (https://adapt.to/2017/en/schedule/how-to-write-clean---testable-code-without-losing-your-mind.html).
Presentation video can be found on YouTube (https://www.youtube.com/watch?v=JbJw5oN_zL4)
This document discusses using Node.js for enterprise applications. It recommends a layered architecture approach with the domain model at the center. It also discusses applying design principles like SOLID and patterns like GRASP to Node.js projects for reliability, maintainability and other enterprise requirements. Schema-driven development is presented as an approach to generate artifacts like database schemas and type definitions from domain schemas.
Going through the SOC2 audit preparation and audit process at Lexop taught us quite a few interesting lessons as far as security, infrastructure and processes are concerned ... and we'd like to share some of these with you. This presentation will not only be focused on coding but also on what we went through on our way to becoming a SOC2 compliant ruby shop.
Bio
Michel Jamati, CTO and co-founder at Lexop, has accompanied the startup through 2 accelerator programs, 8.1M$ in financing, and many a sleepless night. He received a Bachelors in Computer Engineering from McGill, with a minor in Business and a specialty in Artificial Intelligence, before working for a decade in the Aerospace industry where he scoured the globe tinkering with full flight simulators for the World's biggest airlines.
In his free time, he enjoys feeding his newborn son (who's never thanked him for it) and pestering his sister . He's also an avid sports player and sci-fi reader, and has been a Big Brother for the last 5 years to one of the coolest kid out there.
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...DefconRussia
The document discusses the architecture and security of WinCC SCADA software. It describes how WinCC uses various components like CCEServer and WebNavigatortRT to manage requests and render human-machine interfaces. Authentication is performed through a two-stage process involving a SQL database and generated credentials. Internal protocols like CAL are used to transmit data between components via shared memory sections. Security issues include hardcoded passwords, weak encryption, and lack of access controls.
The document discusses several common vulnerabilities: buffer overflows, incomplete mediation, command injection attacks, inference, and cross-site scripting. Buffer overflows occur when a program writes more data to a buffer than it was designed to hold, overwriting adjacent memory and potentially changing execution. Incomplete mediation involves exposing sensitive data without checks. Command injection attacks involve inserting commands through user input. Inference involves deriving sensitive data from non-sensitive data. Cross-site scripting involves injecting client-side scripts to hijack user sessions. The document provides examples and implications of each vulnerability.
Wi-Fi: diagnosi lato client/edge
Sonde di Synthetic Monitoring permettono di avere il corretto Feedback necessario per la gestione di infrastrutture di rete complesse
The document discusses practical incident response in heterogeneous environments and overcoming limitations of traditional approaches. It proposes utilizing intelligence-driven investigation and actionable IOCs to more flexibly shape the triage process across different operating systems. Examples are provided of using software fingerprinting and debugging symbols to attribute malware and build structured knowledge bases of attackers.
Implementare e gestire soluzioni per l'Internet of Things (IoT) in modo rapid...Amazon Web Services
The document discusses building and managing secure, scalable IoT solutions using AWS IoT. It covers key AWS IoT services like the device gateway, rules engine, device shadows, security features, and AWS Greengrass. Greengrass allows running local compute, messaging, and device state synchronization on IoT devices and extends AWS IoT capabilities to edge devices. The document also provides an overview of how Italian utility company Enel is using AWS IoT services for their GoodLife home energy management project and evolving their IoT architecture to handle more projects.
The document discusses a framework for automated intrusion response using reinforcement learning. It involves creating a digital twin of the target infrastructure, learning defender strategies through simulation, and evaluating strategies. The goal is to develop self-learning systems that can optimize intrusion response over time as attacks evolve.
This document summarizes the key lessons learned from converting a legacy robotics project from Objective-C to Swift. It discusses issues with the original Objective-C code like silent nil failures, weak type safety with NSCoding, and problems with error handling. The document then covers how Swift addresses these issues through features like optional values, type safety, value types, and improved error handling with enums, throws, and do-catch. Overall, converting to Swift reduced the code base size by 75%, removed classes of bugs, found subtle bugs earlier, and allowed new features by making the code more robust.
In a dynamic infrastructure world, let's stop pretending credentials aren't public knowledge in an organization and just assume that they have already been leaked, now what?
The document describes experiments related to system security and digital forensics.
The first experiment involves using static code analysis tools like RATS and Flawfinder to analyze code samples for vulnerabilities. The second experiment describes installing and using the vulnerability scanner Nessus to scan systems for known vulnerabilities.
The third experiment explores using the website copier HTTrack to download a website from the internet to a local directory while preserving the directory structure and links. The fourth experiment demonstrates configuring router security using passwords and access lists on Cisco Packet Tracer to filter traffic between VLANs and networks.
The Comprehensive Guide to Validating Audio-Visual Performances.pdfkalichargn70th171
Ensuring the optimal performance of your audio-visual (AV) equipment is crucial for delivering exceptional experiences. AV performance validation is a critical process that verifies the quality and functionality of your AV setup. Whether you're a content creator, a business conducting webinars, or a homeowner creating a home theater, validating your AV performance is essential.
Enhanced Screen Flows UI/UX using SLDS with Tom KittPeter Caitens
Join us for an engaging session led by Flow Champion, Tom Kitt. This session will dive into a technique of enhancing the user interfaces and user experiences within Screen Flows using the Salesforce Lightning Design System (SLDS). This technique uses Native functionality, with No Apex Code, No Custom Components and No Managed Packages required.
Orca: Nocode Graphical Editor for Container OrchestrationPedro J. Molina
Tool demo on CEDI/SISTEDES/JISBD2024 at A Coruña, Spain. 2024.06.18
"Orca: Nocode Graphical Editor for Container Orchestration"
by Pedro J. Molina PhD. from Metadev
Superpower Your Apache Kafka Applications Development with Complementary Open...Paul Brebner
Kafka Summit talk (Bangalore, India, May 2, 2024, https://events.bizzabo.com/573863/agenda/session/1300469 )
Many Apache Kafka use cases take advantage of Kafka’s ability to integrate multiple heterogeneous systems for stream processing and real-time machine learning scenarios. But Kafka also exists in a rich ecosystem of related but complementary stream processing technologies and tools, particularly from the open-source community. In this talk, we’ll take you on a tour of a selection of complementary tools that can make Kafka even more powerful. We’ll focus on tools for stream processing and querying, streaming machine learning, stream visibility and observation, stream meta-data, stream visualisation, stream development including testing and the use of Generative AI and LLMs, and stream performance and scalability. By the end you will have a good idea of the types of Kafka “superhero” tools that exist, which are my favourites (and what superpowers they have), and how they combine to save your Kafka applications development universe from swamploads of data stagnation monsters!
14 th Edition of International conference on computer visionShulagnaSarkar2
About the event
14th Edition of International conference on computer vision
Computer conferences organized by ScienceFather group. ScienceFather takes the privilege to invite speakers participants students delegates and exhibitors from across the globe to its International Conference on computer conferences to be held in the Various Beautiful cites of the world. computer conferences are a discussion of common Inventions-related issues and additionally trade information share proof thoughts and insight into advanced developments in the science inventions service system. New technology may create many materials and devices with a vast range of applications such as in Science medicine electronics biomaterials energy production and consumer products.
Nomination are Open!! Don't Miss it
Visit: computer.scifat.com
Award Nomination: https://x-i.me/ishnom
Conference Submission: https://x-i.me/anicon
For Enquiry: Computer@scifat.com
Nashik's top web development company, Upturn India Technologies, crafts innovative digital solutions for your success. Partner with us and achieve your goals
What is Continuous Testing in DevOps - A Definitive Guide.pdfkalichargn70th171
Once an overlooked aspect, continuous testing has become indispensable for enterprises striving to accelerate application delivery and reduce business impacts. According to a Statista report, 31.3% of global enterprises have embraced continuous integration and deployment within their DevOps, signaling a pervasive trend toward hastening release cycles.
How Can Hiring A Mobile App Development Company Help Your Business Grow?ToXSL Technologies
ToXSL Technologies is an award-winning Mobile App Development Company in Dubai that helps businesses reshape their digital possibilities with custom app services. As a top app development company in Dubai, we offer highly engaging iOS & Android app solutions. https://rb.gy/necdnt
What to do when you have a perfect model for your software but you are constrained by an imperfect business model?
This talk explores the challenges of bringing modelling rigour to the business and strategy levels, and talking to your non-technical counterparts in the process.
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...Luigi Fugaro
Vector databases are transforming how we handle data, allowing us to search through text, images, and audio by converting them into vectors. Today, we'll dive into the basics of this exciting technology and discuss its potential to revolutionize our next-generation AI applications. We'll examine typical uses for these databases and the essential tools
developers need. Plus, we'll zoom in on the advanced capabilities of vector search and semantic caching in Java, showcasing these through a live demo with Redis libraries. Get ready to see how these powerful tools can change the game!
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...XfilesPro
Wondering how X-Sign gained popularity in a quick time span? This eSign functionality of XfilesPro DocuPrime has many advancements to offer for Salesforce users. Explore them now!
🏎️Tech Transformation: DevOps Insights from the Experts 👩💻campbellclarkson
Connect with fellow Trailblazers, learn from industry experts Glenda Thomson (Salesforce, Principal Technical Architect) and Will Dinn (Judo Bank, Salesforce Development Lead), and discover how to harness DevOps tools with Salesforce.
Stork Product Overview: An AI-Powered Autonomous Delivery FleetVince Scalabrino
Imagine a world where instead of blue and brown trucks dropping parcels on our porches, a buzzing drove of drones delivered our goods. Now imagine those drones are controlled by 3 purpose-built AI designed to ensure all packages were delivered as quickly and as economically as possible That's what Stork is all about.
2. 2
Topics
SOLID Design Principles
– https://en.wikipedia.org/wiki/SOLID
Composition over inheritance (aka Composite reuse principle)
– https://en.wikipedia.org/wiki/Composition_over_inheritance
Don't Repeat Yourself - DRY
– https://en.wikipedia.org/wiki/Don%27t_repeat_yourself
Inversion of Control - IoC (aka Hollywood Principle)
– https://en.wikipedia.org/wiki/Inversion_of_control
You Aren't Gonna Need It - YAGNI
– https://en.wikipedia.org/wiki/You_aren%27t_gonna_need_it
Law of Demeter - LoD (aka Principle of Least Knowledge)
– https://en.wikipedia.org/wiki/Law_of_Demeter
Principle of Least Astonishment - PoLA
– https://en.wikipedia.org/wiki/Principle_of_least_astonishment
Minimum Viable Product - MVP
– http://en.wikipedia.org/wiki/Minimum_viable_product
3. SOLID Design Principles
Software inevitably changes/evolves over time (maintenance, upgrade)
Single responsibility principle (SRP)
– Every class should have only one reason to be changed
– If class "A" has two responsibilities, create new classes "B" and "C" to handle each responsibility in
isolation, and then compose "A" out of "B" and "C"
Open/closed principle (OCP)
– Every class should be open for extension (derivative classes), but closed for modification (fixed
interfaces)
– Put the system parts that are likely to change into implementations (i.e. concrete classes) and define
interfaces around the parts that are unlikely to change (e.g. abstract base classes)
Liskov substitution principle (LSP)
– Every implementation of an interface needs to fully comply with the requirements of this interface
(requirements determined by its clients!)
– Any algorithm that works on the interface, should continue to work for any substitute implementation
Interface segregation principle (ISP)
– Keep interfaces as small as possible, to avoid unnecessary dependencies
– Ideally, it should be possible to understand any part of the code in isolation, without needing to look up
the rest of the system code
Dependency inversion principle (DIP)
– Instead of having concrete implementations communicate directly (and depend on each other),
decouple them by formalizing their communication interface as an abstract interface based on the
needs of the higher-level class
3
4. 4
… is this a good design?
Unlock Use Case
«destroy»
opt
«create»
sk := getNext()
logTransaction( k, val )
activate( "lock" )
: Controller : Checker : KeyStorage : DeviceCtrl : Logger
: PhotoObsrv
dl := isDaylight()
alt
[else]
enterKey()
k : Key
val := checkKey( k )
loop
activate( "bulb" )
val == true
dl == false
compare(k, sk)
[for all stored keys]
numOfAttempts++
alt numOfAttempts == maxNumOfAttempts
activate( "alarm" )
denyMoreAttempts()
[else]
prompt: "try again"
Time
6. Purpose of Design Principles
Principles are used to diagnose problems with
designs
Patterns are used to address the problems
6
7. Examples of Software Change
What could change in the home access system: means of
user authentication and the controlled devices. These
sources of change are independent, so one should not
affect the code for the other
Scenario #1: replace numeric-code based keys with
magnetic card or RFID chip
– What part of the system needs to be replaced?
– What is the “interface” seen by the rest of the system that needs to
remain invariant?
Scenario #2: same as above
– Policy for handling dictionary attacks becomes inadequate: what
kind of attack can be mounted by an adversary in case of
magnetic or RFID codes?
– What policy (or policies) are appropriate for this scenario?
7
8. Device Driver
8
Policy Layer for
Safe Home Access
Dependencies for
Ordinary Layered Style
Mechanism Layer for
Safe Home Access
Utility Layer for
Safe Home Access
Device Controller
Key Descriptor Key Validator
depends-on
depends-on
What is needed:
- User’s identifier (“key”)
- Set of valid keys
- Mechanism to validate the user’s key
Valid Keys Storage
User Authenticator Arrival Manager
Key Reader File or Database
Note the dependencies from top to bottom
That is, higher-level modules depend on the lower-level modules
Any changes in lower-level modules may propagate up to the higher levels
9. Need Inverted Dependencies
Low-level modules are more likely to change
High-level modules are more likely to remain
stable: they implement the business policies, which
is the purpose of the system
and is unlikely to change
Dependency Inversion Principle (DIP)
9
10. 10
Example Business Policy
& Mechanism
IF key ValidKeys THEN disarm lock and turn lights on
ELSE
increment failed-attempts-counter
IF failed-attempts-counter equals maximum number allowed
THEN block further attempts and raise alarm
Controller
# numOfAttemps_ : long
# maxNumOfAttempts_ : long
+ enterKey(k : Key)
– denyMoreAttempts()
11. Safe Home Access Policy Level
Detailed statement of the problem:
– Read the numeric code typed-in by the user
– Validate the code, and
– Set the voltage high to disarm the lock, turn on the light
Abstract statement of the problem:
– Acquire the user code
– Validate the code, and
– Enable access and assist user’s arrival activties
11
12. Dependency Inversion Principle
Instead of high-level module (policy) depending on
low-level module (mechanism/service/utility):
– High-level module defines its desired interface for the
low-level service (i.e., high-level depends on itself-
defined interface)
– Lower-level module depends on (implements) the
interface defined by the high-level module
– Dependency inversion
(from low to high, instead the opposite)
12
13. «interface»
PolicyServiceInterface
13
Dependency Inversion Pattern
Package diagram
Defined by policy-package owner
Policy Package
client : PolicyClass
server : PolicyServiceClass
depends-on
(«uses»)
depends-on
(«implements»)
Mechanism Package
Note the dependencies from bottom to top
Both Policy Class and Policy Service Class depend on Policy Service Interface
but the former uses (and defines) the interface and the latter implements the interface
developer A
developer B
14. Additional Object: Intruder Detector?
Based on an invalid key decides an intruder
However, the notion of a “dictionary attack” may not make sense
for non-numeric keys, not acquired from a keypad
If the “key” is a magnetic-card code, it cannot be assumed that
the user made a mistake and should be given another try
– If a key is transmitted wirelessly, it may be intercepted and
reproduced
What if the “key” is user’s fingerprint or another biometric
feature?
– A biometric identifier could be faked, although also user may have
dirty or greasy fingers which would prevent correct fingerprint-based
identification
or user’s face may not be properly illuminated…
Need a new intruder-detection mechanism …
14
15. Examples of Software Change
What could change in the home access system: means of
user authentication and the controlled devices. These
sources of change are independent, so one should not
affect the code for the other
Scenario #1: replace numeric-code based keys with
magnetic card or RFID chip
– What part of the system needs to be replaced?
– What is the “interface” seen by the rest of the system that needs to
remain invariant?
Scenario #2: same as above
– Policy for handling dictionary attacks becomes inadequate: what
kind of attack can be mounted by an adversary in case of
magnetic or RFID codes?
– What policy (or policies) are appropriate for this scenario?
15
16. … where is the “interface”
when the ID mechanism changes?
KeyChecker
+ checkKey(k : Key) : boolean
– compare(k : Key, sk : Key) : boolean
Key
– code_ : string
– timestamp_ : long
– doorLocation_ : string
KeyStorage
+ getNext() : Key
KeyReader
+ acquireKey() : Key
Controller
# numOfAttemps_ : long
# maxNumOfAttempts_ : long
+ enterKey(k : Key)
– denyMoreAttempts()
sensor
reader
validKeys
devCtrl
DeviceCtrl
# devStatuses_ : Vector
+ activate(dev : string) : boolean
+ deactivate(dev :string) : boolean
+ getStatus(dev : string) : Object
PhotoSObsrv
+ isDaylight() : boolean
checker
k
17. «interface»
KeyValidityCheckInterface
checkKey(k: Key) : Enum
17
Dependency Inversion Pattern
Package diagram
Policy Package
client : DoorPolicyControl
depends-on
(«uses»)
depends-on
(«implements»)
Mechanism Package
Previous solution: Intrusion detection mechanism was entangled with door policy and hidden
Current solution: Intrusion detection mechanism moved from Policy Level to Mechanism Level
developer A
developer B
- valid
- invalid
- intruder
Defined by policy-package owner
(developer A)
server : KeyValidityChecker
checkKey(k: Key) : Enum
helper : IntrusionDetector
checkIntrusion(k: Key) : Bool
18. Liskov Substitution Principle
Every implementation of an interface needs to fully
comply with the requirements of this interface
Any algorithm that works on the interface, should
continue to work for any substitute implementation
18
19. Liskov Substitution Principle
This principle is often misinterpreted that the two
objects are equivalent if they provide the same API
– However, the API is a program-level interface that does not
capture the use of the object’s methods, attributes, nor its
dependency graph
– The API cannot represent the preconditions, postconditions,
invariants, etc.
– An object’s LSP substitute must ensure that the physical
aspects for resource footprint do not affect the rest of the
system
Dependency graph of the substituted object must be
completely replaced with the dependency graph of its
substitute object
19