This document provides an overview of tools and techniques for developing Node.js applications. It discusses platforms for creating, deploying, running, debugging, and collaborating on Node.js apps such as Cloud Foundry, Heroku, Git, and Cloud Azure. It also mentions languages tools for Node.js like JavaScript bindings to LibUV, standard libraries, and the V8 JavaScript engine. The document discusses challenges like asynchronous programming and provides solutions like workers and static program analysis. It emphasizes that tooling is especially important for JavaScript and recommends resources like treehugger.js for issues like callback hell.
Writing iOS apps in Javascript is not a new idea, anymore, at least since companies like Appcelerator (Titanium) built entire business models around corresponding frameworks.
And yet, Apple manages to open up two exciting new possibilities during the WWDC 2013: The release of the JavaScriptCore Framework as a public API on iOS and OS X, as well as the announcement of an Objective-C to Javascript Bridge.
I'd like to talk to you about my experiences with these new bridge-technologies, the new ways in which you can use them and finally present to you my own project; Node.app — a Node.js implementation for iOS.
see https://docs.google.com/presentation/d/1qiHUXWhfyjId9OIOSqn1sceiAJs9kRUNLnNUl509HhI/pub?start=false&loop=false&delayms=5000 for higher quality original of this presentation given at EclipseCon Europe 2016 in Ludwigsburg Germany
PHP Mega Meetup, Sep, 2020, Anti patterns in phpAhmed Abdou
PHP is one of the easiest programming languages to use ever and powers more than half of the internet.
With this ease of use, certain common patterns emerge that become harmful. This is especially true when your product or service is not expected to die soon. Some anti-patterns are coding, others are related to operating your service, especially with new docker stacks. We will go over some of the most common pitfalls with a focus on enterprise development.
Bamboo is a continuous integrations server from Atlassian. But Bamboo is much more than that. See, how a modern CI-Server goes further with automated building, testing, deploying, and releasing of your software.
Writing iOS apps in Javascript is not a new idea, anymore, at least since companies like Appcelerator (Titanium) built entire business models around corresponding frameworks.
And yet, Apple manages to open up two exciting new possibilities during the WWDC 2013: The release of the JavaScriptCore Framework as a public API on iOS and OS X, as well as the announcement of an Objective-C to Javascript Bridge.
I'd like to talk to you about my experiences with these new bridge-technologies, the new ways in which you can use them and finally present to you my own project; Node.app — a Node.js implementation for iOS.
see https://docs.google.com/presentation/d/1qiHUXWhfyjId9OIOSqn1sceiAJs9kRUNLnNUl509HhI/pub?start=false&loop=false&delayms=5000 for higher quality original of this presentation given at EclipseCon Europe 2016 in Ludwigsburg Germany
PHP Mega Meetup, Sep, 2020, Anti patterns in phpAhmed Abdou
PHP is one of the easiest programming languages to use ever and powers more than half of the internet.
With this ease of use, certain common patterns emerge that become harmful. This is especially true when your product or service is not expected to die soon. Some anti-patterns are coding, others are related to operating your service, especially with new docker stacks. We will go over some of the most common pitfalls with a focus on enterprise development.
Bamboo is a continuous integrations server from Atlassian. But Bamboo is much more than that. See, how a modern CI-Server goes further with automated building, testing, deploying, and releasing of your software.
A presentation given at DeveloperWeek in San Francisco by Zack Argyle. It goes through important concepts in building out reusable React components, releasing it to Github, and publishing it to NPM. There are best practices and suggestions with an example component.
An presentation on how and why KrakenJS was built, as well as an overview of many useful features of what makes Kraken different from other frameworks.
A lot of people use Docker/rkt, but very often we do not have time to actually understand how they work. So today in half-hour I will show you in a nutshell how that works. My hope is that even after you know how to build a container engine, I can still convince you that the existing tools are worth spending $MM to create and use.
Building a private CI/CD pipeline with Java and Docker in the Cloud as presen...Baruch Sadogursky
A private Java (Maven or Gradle) repository as a service can be setup in the cloud. A private Docker registry as a service can be easily setup in the cloud. But what if you want to build a holistic CI/CD pipeline, and on the cloud of YOUR choice?
In this talk Baruch will take you through steps of setting up a universal artifact repository, which can serve for both Java and Docker. You’ll learn how to build a CI/CD pipeline with traceable metadata from the Java source files all the way to Docker images. Amazon, Azure, and Google Cloud (do you have setup that works on these?) will be used as an example although the recipes shown would be applicable to other cloud as well.
Refactoring @ Mindvalley: Smells, Techniques and PatternsTristan Gomez
Every week my team commits really good, clean code. I decided to get the best of the commits and showcase what makes them good, what smells they address, and what techniques they used.
PyData Frankfurt - (Efficient) Data Exchange with "Foreign" EcosystemsUwe Korn
As a Data Scientist/Engineer in Python, we focus in our work to solve problems with large amounts of data but still stay in Python. This is where we are the most effective and feel comfortable. Libraries like Pandas and NumPy provide us with efficient interfaces to deal with this data while still getting optimal performance. The main problem appears when we have to deal with systems outside of our comfort ecosystem. We need to write cumbersome and mostly slow conversion code that ingests data from there into our pipeline until we can work efficiently. Using Apache Arrow and Parquet as base technologies, we get a set of tools that eases this interaction and also brings us a huge performance improvement. As part of the talk we will show a basic problem where we take data coming from a Java application through Python into using these tools.
Building a private CI/CD pipeline with Java and Docker in the cloud as presen...Baruch Sadogursky
A private Java (Maven or Gradle) repository as a service can be set up in the cloud. A private Docker registry as a service can be easily set up in the cloud. But what if you want to build a holistic CI/CD pipeline on the cloud of your choice?
Baruch Sadogursky walks you through setting up a universal artifact repository, which can serve for both Java and Docker. You’ll learn how to build a CI/CD pipeline with traceable metadata from the Java source files all the way to Docker images. Baruch uses Amazon, Azure, and Google Cloud as examples, although the recipes shown are applicable to other clouds as well.
Talk given at Swift Summit 2016, in San Francisco CA by Sommer Panage. Discusses how GraphQL is beneficial to mobile apps and how it can interface with Swift via up-and-coming code generation.
Metasepi team meeting #16: Safety on ATS language + MCUKiwamu Okabe
* [1] What is Metasepi?
* [2] How to create Metasepi?
* [3] Demo using ATS language
* [4] What is ATS language?
* [5] Why ATS language is safe?
* [6] ATS programming on MCU
Giving back with GitHub - Putting the Open Source back in iOSMadhava Jay
My experience helping take an in house Swift library and making it into an Open Source framework available on GitHub and Package Management repositories like Cocoapods. Any questions or feedback appreciated @madhavajay
Mobile Library Development - stuck between a pod and a jar file - Zan Markan ...Codemotion
Isaac Newton, the father of modern software engineering, called it “Standing on the shoulders of giants”. Modern development is exciting as it gets easier and easier, partly because of the wealth of resources available at our fingertips. One category of these resources are libraries, SDKs, and frameworks. This talk will be a guide into the considerations that go into building a library for both iOS/Swift and Java/Android. We will be taking cues from both my personal experience, as well as from studying how the leaders in the field do it.
Swift is an exciting new language developed by Apple as a replacement for ObjectiveC. It has a modern clean syntax, strong inferential typing support, and uses automatic reference counting to streamline memory management and prevent numerous types of errors. Swift focuses on providing a "safe" compiled language but manages to have an easy-to-learn scripting language "feel".
The language was originally released in 2014, but after it was released as an Open Source project in late 2015, there has been an explosion of interest and work in the language. It's been ported to multiple non-MacOS platforms (e.g, Linux and Android) and extended to support server-side programming in addition to being able to target MacOS, iOS, watchOS, and tvOS.
This talk will present an overview of the development of Swift, review the basic syntax of the language, and discuss some of the philosophy behind its design. After attending this talk, you'll be poised to dive into Swift coding for yourself!
Delivered at OpenWest 2016, 15 July 2016
What is React-Native?
Why React-Native?
How React-Native works in detail?
- Metro bundler
- Main Thread
- Shadow Thread
- Javascript Thread
Yoga Engine
Threads Communication in React-Native
Comparison with Flutter and Native
React-Native Components
Deploying 3 times a day without a downtime @ Rocket Tech Summit in BerlinAlessandro Nadalin
A look at how we try to make our architecture robust, resilient and fun to work with: Namshi is not github or spotify but... ...imitation is the sincerest form of flattery!
A presentation given at DeveloperWeek in San Francisco by Zack Argyle. It goes through important concepts in building out reusable React components, releasing it to Github, and publishing it to NPM. There are best practices and suggestions with an example component.
An presentation on how and why KrakenJS was built, as well as an overview of many useful features of what makes Kraken different from other frameworks.
A lot of people use Docker/rkt, but very often we do not have time to actually understand how they work. So today in half-hour I will show you in a nutshell how that works. My hope is that even after you know how to build a container engine, I can still convince you that the existing tools are worth spending $MM to create and use.
Building a private CI/CD pipeline with Java and Docker in the Cloud as presen...Baruch Sadogursky
A private Java (Maven or Gradle) repository as a service can be setup in the cloud. A private Docker registry as a service can be easily setup in the cloud. But what if you want to build a holistic CI/CD pipeline, and on the cloud of YOUR choice?
In this talk Baruch will take you through steps of setting up a universal artifact repository, which can serve for both Java and Docker. You’ll learn how to build a CI/CD pipeline with traceable metadata from the Java source files all the way to Docker images. Amazon, Azure, and Google Cloud (do you have setup that works on these?) will be used as an example although the recipes shown would be applicable to other cloud as well.
Refactoring @ Mindvalley: Smells, Techniques and PatternsTristan Gomez
Every week my team commits really good, clean code. I decided to get the best of the commits and showcase what makes them good, what smells they address, and what techniques they used.
PyData Frankfurt - (Efficient) Data Exchange with "Foreign" EcosystemsUwe Korn
As a Data Scientist/Engineer in Python, we focus in our work to solve problems with large amounts of data but still stay in Python. This is where we are the most effective and feel comfortable. Libraries like Pandas and NumPy provide us with efficient interfaces to deal with this data while still getting optimal performance. The main problem appears when we have to deal with systems outside of our comfort ecosystem. We need to write cumbersome and mostly slow conversion code that ingests data from there into our pipeline until we can work efficiently. Using Apache Arrow and Parquet as base technologies, we get a set of tools that eases this interaction and also brings us a huge performance improvement. As part of the talk we will show a basic problem where we take data coming from a Java application through Python into using these tools.
Building a private CI/CD pipeline with Java and Docker in the cloud as presen...Baruch Sadogursky
A private Java (Maven or Gradle) repository as a service can be set up in the cloud. A private Docker registry as a service can be easily set up in the cloud. But what if you want to build a holistic CI/CD pipeline on the cloud of your choice?
Baruch Sadogursky walks you through setting up a universal artifact repository, which can serve for both Java and Docker. You’ll learn how to build a CI/CD pipeline with traceable metadata from the Java source files all the way to Docker images. Baruch uses Amazon, Azure, and Google Cloud as examples, although the recipes shown are applicable to other clouds as well.
Talk given at Swift Summit 2016, in San Francisco CA by Sommer Panage. Discusses how GraphQL is beneficial to mobile apps and how it can interface with Swift via up-and-coming code generation.
Metasepi team meeting #16: Safety on ATS language + MCUKiwamu Okabe
* [1] What is Metasepi?
* [2] How to create Metasepi?
* [3] Demo using ATS language
* [4] What is ATS language?
* [5] Why ATS language is safe?
* [6] ATS programming on MCU
Giving back with GitHub - Putting the Open Source back in iOSMadhava Jay
My experience helping take an in house Swift library and making it into an Open Source framework available on GitHub and Package Management repositories like Cocoapods. Any questions or feedback appreciated @madhavajay
Mobile Library Development - stuck between a pod and a jar file - Zan Markan ...Codemotion
Isaac Newton, the father of modern software engineering, called it “Standing on the shoulders of giants”. Modern development is exciting as it gets easier and easier, partly because of the wealth of resources available at our fingertips. One category of these resources are libraries, SDKs, and frameworks. This talk will be a guide into the considerations that go into building a library for both iOS/Swift and Java/Android. We will be taking cues from both my personal experience, as well as from studying how the leaders in the field do it.
Swift is an exciting new language developed by Apple as a replacement for ObjectiveC. It has a modern clean syntax, strong inferential typing support, and uses automatic reference counting to streamline memory management and prevent numerous types of errors. Swift focuses on providing a "safe" compiled language but manages to have an easy-to-learn scripting language "feel".
The language was originally released in 2014, but after it was released as an Open Source project in late 2015, there has been an explosion of interest and work in the language. It's been ported to multiple non-MacOS platforms (e.g, Linux and Android) and extended to support server-side programming in addition to being able to target MacOS, iOS, watchOS, and tvOS.
This talk will present an overview of the development of Swift, review the basic syntax of the language, and discuss some of the philosophy behind its design. After attending this talk, you'll be poised to dive into Swift coding for yourself!
Delivered at OpenWest 2016, 15 July 2016
What is React-Native?
Why React-Native?
How React-Native works in detail?
- Metro bundler
- Main Thread
- Shadow Thread
- Javascript Thread
Yoga Engine
Threads Communication in React-Native
Comparison with Flutter and Native
React-Native Components
Deploying 3 times a day without a downtime @ Rocket Tech Summit in BerlinAlessandro Nadalin
A look at how we try to make our architecture robust, resilient and fun to work with: Namshi is not github or spotify but... ...imitation is the sincerest form of flattery!
Run your JavaScript app for years on a coin cell - JSConf.asia 2016Jan Jongboom
Jan Jongboom - Run your JS app for years on a coin cell. Presentation given during JSConf.asia 2016 in Singapore about mbed, JerryScript, IoT, Johnny Five and JavaScript.
Bei Apps zählt neben Design auch Funktionalität. Apps mit Interaktionsmöglichkeiten halten derzeit Daten meist zentral in einem Backend. Das Implementieren von skalierbaren Backends mit standardisierten Schnittstellen setzt Kompetenzen auf verschiedenen Gebieten voraus. Verschiedene Firmen haben sich dieser Komplexität angenommen und bieten auf Webseiten Backend as a Service (BaaS). Der Vortrag führt am Beispiel in die Thematik BaaS ein und gibt einen Überblick über verschiedene Anbieter.
Confoo - Javascript Server Side : How to startQuentin Adam
nodeJS, claypool, APE, map reduce en nosql, yql... Le javascript server side est un sujet d'actualité, une tendance de fond est en train d'émerger. Et la mise en avant des outils dans la communauté progresse rapidement.
La promesse d'un seul langage sur le client et le serveur d'une application web est très attirante alors que HTML5, les websockets, les webworker, les local storage sont en train de se faire une place dans le futur du web.
Cette conférence a pour but de vous permettre de mieux appréhender cet écosystème à travers son historique, l'exposé des standards émergeant, des avantages et défauts des différentes solutions proposées et en présentant les briques communes.
Quels projets pouvez vous entreprendre sur ces technologies ?
Est-ce possible à intégrer en production ?
L'administration et l'intégration de ces outils au SI d'une entreprise est il possible ?
Ces technologies vont elles s'implanter ou rester des expérimentations de techniciens sous stéroïdes ?
Workshop slides originally given at the WOPR Summit in Atlantic City. Use JavaScript parsers and generators like Shift combined with Puppeteer and Chrome to reverse engineer web applications
Node.js Native AddOns from zero to hero - Nicola Del Gobbo - Codemotion Rome ...Codemotion
This talk is about creating Node.js interfaces for native libraries written in C or C++. It starts with various situations in which you need to build native addons and the common problems in doing that. I'll discuss the reference provided by the new N-API (Node-API) that helps mantainers to support a wide variety of Node.js releases without needing recompilation or abstraction layers. With all these tools and knowledge I'll show you how to build some addons from scratch and how to convert existing addons using the new N-API. The last part is related to future developments about addons.
A Backpack to go the Extra-Functional Mile (a hitched hike by the PROWESS pro...Laura M. Castro
Property-based testing is an already known testing methodology for the Erlang community, with tools such as QuickCheck and PropEr being highly popular among Erlang developers in the last few years. However, they are commonly used for functional testing... Which are the challenges in using them for testing non-functional properties of software? What other tools or libraries are there to help Erlang developers?
Paris Web - Javascript as a programming languageMarco Cedaro
How to setup up a stable javascript continuous integration environment and why you need it. Through a real life example, the talk explains all the benefits of having a development process that brings real control over javascript codebase. A deep analysis of developer and webapps needs and of the tools that fit those requirements.
Quick introduction about Node.js, what is it? What is Node not?
What is V8 engine?
How to Install Node.js
github: https://github.com/elbassel/MEAN-Training.git
Use React tools for better Angular appsMartin Hochel
Angular, React, Vue… they all have their own ecosystem, specific patterns and best practices… For us, the developers, this might become indeed very frustrating as we have to switch between various projects with various libraries… Have no fear, universal solution is here! In this session I will show you how to learn libraries/patterns/tooling only once and apply it everywhere. 🖖
Adding intelligence to your LoRaWAN deployment - The Things Virtual ConferenceJan Jongboom
LoRaWAN devices are typically simple, they grab some sensor data and deliver it back to the network. By adding some embedded machine learning we can make them a lot more intelligent!
Teaching your sensors new tricks with Machine Learning - CENSIS Tech Summit 2019Jan Jongboom
We collect more sensor data than ever, but throw most of it away due to cost, bandwidth or power constraints. In this presentation we'll look at embedded machine learning, pushing intelligence directly to the sensor edge. Given during the CENSIS Tech Summit 2019 in Glasgow, Scotland.
Adding intelligence to your LoRaWAN devices - The Things Conference on tourJan Jongboom
Want to get started? Check the tutorial here: https://www.edgeimpulse.com/blog/adding-machine-learning-to-your-lorawan-device/
Talk about machine learning for IoT devices (TinyML), and everything that it entails. From signal processing to neural networks to classic ML algorithms. Presented in Reading, UK and Hyderabad, India during The Things Conference on Tour.
Machine learning on 1 square centimeter - Emerce Next 2019Jan Jongboom
Machine Learning is widely applied, but the models operate on digital data and run in big data centers. But there's more to the world. This is my presentation from Emerce Next 2019 about pushing ML to the smallest of devices.
Fundamentals of IoT - Data Science Africa 2019Jan Jongboom
As data scientists your job is to create order in the data chaos. But where does this data come from? Real-world data does not magically appear cleanly in your Matlab scripts. This is a talk about the fundamentals of IoT, and how to retrieve data from the real world using sensors and devices. Given during Data Science Africa 2019 in Addis Ababa.
Recording: https://www.youtube.com/watch?v=DxTetwYsXvo&index=1&list=PLiVCejcvpsevQ_I9oDIK6eIgau45fWje2
The Mbed Simulator allows you to cross-compile Mbed OS 5 applications and run them on your computer.
LoRaWAN is great, but it requires so much hardware. As I live on a plane I want something better. Presentation about simulating LoRaWAN devices. Here's a video of the simulator: https://www.youtube.com/watch?v=C1S8knMlX7w
Firmware Updates over LoRaWAN - The Things Conference 2019Jan Jongboom
IoT deployments last for ten years, but that's a long time. Requirements change, vulnerabilities are found, and standards evolve. You'll need a firmware update solution.
Talk during The Things Conference 2019.
Faster Device Development - GSMA @ CES 2019Jan Jongboom
Presentation about interesting open source developments that can be used in conjunction with LTE Cat-M1 and NB-IoT. Presentation from the GSMA IoT workshop at CES 2019.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
7. ins Run
lug /De Collaboration
P bug
Cloudfou
ndry g
st in H
T e eroku
bD AV Git
W e Search
Clou Az ure
Language Analysis d st
o rag
Ftp e
Vim
mo ns
uck e de
Rev isio CLI
Bi tb
t
Open source IDE. Javascript, javascript, javascript. And it looks awesome.\n
Runs in browser. Anywhere in the world.\n
Full lifecycle\n
Time to install Visual Studio, 150 times\n
Fully featured. \n
We’re huge\n
We have over 400.000 lines of code\n
In client side and server side javascript.\n
\n
Non trivial applications in a dynamic language\n
Extremely expressive, scales very well in theory\n
Shoot yourself in the foot a lot.\n
Clear view of the platform\n
1995 LiveWire server. Actual power from the underlying platform\n
* Cross platform library\n* Fastest IO / Networking library on this planet\n* Async up blocking platform API calls\n
File system API\n
However, OS vendors try to abstract that away.\n
Synchronous code flow. Thread blocks.\n
Async code flow. \nNo need for threads because function pointers.\nFS, DNS, Networking, etc.\n
JS bindings to LibUV. Like the DOM.\n
\n
Not exclusive. Lua, C++, SpiderMonkey. \n\nJS most mature, largest set of 3rd party.\n
* No eco system\n* Fast VM\n* Used to async networking\n
* Single threaded\n* Long polling, max 300 conn.\n
Not all your problems going away.\nLet's do a little pop quiz:\n
What happens when I run `server.js` on my MacBook Air. A: it displays 'Hello Moscow', or B: it crashes.\n
\n
\n
\n
All works fine. LibUV abstracts the file system away for me, and manages this all nice and easy. Now I run it on Solaris, where our actual production servers run:\n\n
\n
Now I run it on Solaris, where our actual production servers run:\n\n
It crashes! The default file descriptor limit on Solaris is set to 1.024. If you read more files than that, or open more TCP sockets, or do more DNS requests. YOUR APP WILL CRASH. LibUV is great, but you are still susceptible to OS limits.\n\n
Don't flood your system, use async libraries that can throttle like async\n
In LibUV all APIs are asynchronous\n
Or are they?\n
Take this example of creating a SHA hash of a file\n
We create a nice stream\n
Then react on the events the stream gives. \n\nWho thinks this is a GOOD approach that will not block?\n
It blocks! Be aware of this, or better detect it before it bites you. Checking for blocking calls can be pretty simple actually. All you need is eight lines of javascript in your main app file.\n
If the event loop blocks, timed event like setInterval aren’t executed for a while. This way you get immediate feedback when blocking.\n
\n
Prevent blocking before going live!\n\nSo here are three tips to stop blocking!\n
First: Move blocking calls, that you can’t prevent out of process (forking or spawning)\n
Second: Put a post-commit hook on your repo that searches for function calls that have `Sync`, then fire the guy who committed it.\n
Or use workers\n
But only if the serialization takes less time than the computation itself. It’s great for heavy operations on SMALL objects, but otherwise it’s not worth it.\n
\n
* Weak typed, no static compilation. \n* Fail on production. \n* Use tooling.\n
todo\n
\n
* Has stuff you DONT want to do\n
* Tooling helps you identify problems\n
* Especially for weak typed dynamic languages\n
Spot the number of errors in this code sample\n
\n
\n
\n
With static program analysis, we can annotate this code\n
And spot the errors\n
\n
\n
\n
\n
Open source, work in progress.\n
App doesn’t block, never crashes. \n
Read file method. Who thinks this is a good approach?\n
Oh noes!\n
Insert into database\n
Never make mistakes. Forget the return.\n
Never calling callback.\n
Futures or Promises. Wrap callbacks.\n
But these are the pitifalls when using node, but on an architectural level there are downsides as well. When, due to some sloppy coding, or due to a faulty third party library, an unhandled exception occurs:\n
The first months after launch, there were days that we didn't reach an average uptime of 7 minutes. So monitor your log files very carefully, and use software to daemonize your app, like forever or node.js, so you are back on track very fast.\n
* Review every third party library that you use\n* Use forever or run.js\n* Monitor log files for application crashes\n* Fix problems!\n
The major problem here is that every piece of code runs in the same context as your mission critical systems. That's nice for a hobby website, but when building an IDE like Cloud9, we need stability first. That's why we came up with [Architect](http://github.com/c9/architect).\n\n
Architect is a development framework that originally tackled another problem of building massive applications: dependency management. Package managers are great for the big picture but it gets very complicated if you modularize every tiny bit of your app. Architect takes a different approach: \n
A plugin is a small piece of an application, that consumes other plugins, and expose certain methods. A simple HTTP server plugin would look like:\n
Now the complete inner working of HTTP, routing, etc. is embedded in one plugin, and it exposes one single method for other plugins. Take a 'Hello World' plugin built on top of this.\n
The plugin that consumes http, doesn't need to know anything about the internal working. There is a method available and it can call it.\nArchitect will now resolve the dependency graph at startup, create the plugins in the correct order, and will also display errors when you reference a plugin that is not registered.\n
Architect apps are sets of plugins\n\nAn architect 'Hello world' application is therefore nothing more than a simple configuration file with a list of plugins:\n
And starting up is just calling architect from a node.js file:\n
Plugin lists are awesome, because you can vary the plugin list based on the environment where your application runs. You can enable simple plugins that log all HTTP requests, find globals, etc. on development, but disable them on production.\n
The Cloud9 configuration file (per development environment) was 330 lines long. No one knows which setting is used where and the config object was passed around all the time. Architect solves that by having different configurations per plugin. If the `http` plugin we created has to run on a different port, we can configure that in config.\n
When the plugin is loaded, the configuration will be there. So you always have the settings that matter for THAT specific plugin, and nothing more or less.\n
\n
The plugin system allows for some great sweatness as well when refactoring. Say we want to introduce `connect`, http middleware. We can remove the current `http` plugin, and create a new connect based one.\n
When the API we expose is the same ALL other plugins will just work fine without any work!\n
On the local installable version of Cloud9 we communicate directly with the filesystem. We built a simple `fs` plugin that exposes methods like `readFile`, `writeFile` etc. When you run your app on the hosted version of cloud9, we load a different `fs` plugin, that communicates over a secure network tunnel. Similar functionality, different implementation.\n\n
That solves some stuff, but not crashing an application when a stupid error occurs. There are two features in Architect that help you isolate plugins.\n
A container is a seperate `node` process that contains a set of plugins. The http plugin can run in it's own container, and the hello-world plugin in another. Architect will handle the inter process communication so you don't have to change any of your code. Only an error in `hello` will be out of process! Win, win!\n
The hosted version of Cloud9 consists of two main parts:\n\n1. The IDE, which is the open source IDE with some plugins swapped\n2. Infrastructure code, like a dashboard with your projects\n\nThe infrastructure code and the IDE are completely different. They don't need to communicate. So when we need to open a new IDE instance, we let the infrastructure spawn a new architect process that loads all the plugins required for an IDE! This way every IDE runs in it's own process and a crash at a user's IDE instance won't bubble through to all infrastructure code!\n\nThis is also great because we have several project types, when you load a normal project we won't load the FTP plugins and vice versa. \n
Architect has some other handy features, like easily and transparently reuse node cluster, which allows you to scale out an application to all cores of your server, but feel free to contact me after the event.\n