Steve Maraspin gave a presentation on asynchronous and parallel PHP. He began by demonstrating how blocking I/O calls can slow down PHP applications and presented several approaches to address this issue including asynchronous calls, message queues, job servers, forking processes, stream_select, libevent, and React. He discussed the pros and cons of each approach and provided code examples. He concluded by discussing additional asynchronous options for PHP like Hack and Node.js and thanked the audience.
One thing that most programmers do not take the time to understand is the servers that their application lives on. Most know a smattering of Apache configs, PHP configs, and basic information about the OS. This talk will deal with looking at tools that can help you quickly set up a server and how it can help you be a better developer. We'll look at tools like Puppet for server management, OSSEC for log management, different command line tools, and Nagios/Monit for system monitoring.
Introducing PS>Attack: An offensive PowerShell toolkitjaredhaight
PS>Attack is designed to make it easy for Penetration Testers to incorporate PowerShell into their bag of tricks. Its a custom PowerShell console packed with some of the best offensive tools available. It's designed to be easy to use and opsec safe.
A presentation covering some of the interesting things going on with Powershell in the Infosec community. I give a brief overview of what powershell is, then go over some interesting aspects of three different offensive powershell frameworks and finally give a demo of how a local user can escalate to domain admin privileges using just these frameworks.
XCon 2014 => http://xcon.xfocus.org/
In the past was quite common to exploit heap / pool manager vulnerabilities attacking its internal linked structures. However current memory management improve a lot and at current date it is quite ineffective to attack heap in this way. But still those techniques come into hand when we start to looking at linked structures widespread throughout kernel that are unfortunately not hardened enough.
In this presentation we will examine power of these vulnerabilities by famous example “CVE – 2013 - 3660”. Showing bypass on ‘lazy’ assertions of _LIST_ENTRY, present exploitation after party and teleport to kernel.
Incorporating PowerShell into your Arsenal with PS>Attackjaredhaight
This talk serves as a follow up to my Introducing PS>Attack talk and covers some new features that have been added to the tool as well as how to defend an environment against PowerShell based attacks.
Get-Help: An intro to PowerShell and how to Use it for Eviljaredhaight
This talk covers the basics of how PowerShell works and how to use it. It then goes over a lot of the interesting offensive PowerShell tools that are available and gives a demo of using PowerShell to escalate to Domain Admin privileges on a network.
A video of the talk is available here: https://www.youtube.com/watch?v=YSUJNInriiY
One thing that most programmers do not take the time to understand is the servers that their application lives on. Most know a smattering of Apache configs, PHP configs, and basic information about the OS. This talk will deal with looking at tools that can help you quickly set up a server and how it can help you be a better developer. We'll look at tools like Puppet for server management, OSSEC for log management, different command line tools, and Nagios/Monit for system monitoring.
Introducing PS>Attack: An offensive PowerShell toolkitjaredhaight
PS>Attack is designed to make it easy for Penetration Testers to incorporate PowerShell into their bag of tricks. Its a custom PowerShell console packed with some of the best offensive tools available. It's designed to be easy to use and opsec safe.
A presentation covering some of the interesting things going on with Powershell in the Infosec community. I give a brief overview of what powershell is, then go over some interesting aspects of three different offensive powershell frameworks and finally give a demo of how a local user can escalate to domain admin privileges using just these frameworks.
XCon 2014 => http://xcon.xfocus.org/
In the past was quite common to exploit heap / pool manager vulnerabilities attacking its internal linked structures. However current memory management improve a lot and at current date it is quite ineffective to attack heap in this way. But still those techniques come into hand when we start to looking at linked structures widespread throughout kernel that are unfortunately not hardened enough.
In this presentation we will examine power of these vulnerabilities by famous example “CVE – 2013 - 3660”. Showing bypass on ‘lazy’ assertions of _LIST_ENTRY, present exploitation after party and teleport to kernel.
Incorporating PowerShell into your Arsenal with PS>Attackjaredhaight
This talk serves as a follow up to my Introducing PS>Attack talk and covers some new features that have been added to the tool as well as how to defend an environment against PowerShell based attacks.
Get-Help: An intro to PowerShell and how to Use it for Eviljaredhaight
This talk covers the basics of how PowerShell works and how to use it. It then goes over a lot of the interesting offensive PowerShell tools that are available and gives a demo of using PowerShell to escalate to Domain Admin privileges on a network.
A video of the talk is available here: https://www.youtube.com/watch?v=YSUJNInriiY
You didnt see it’s coming? "Dawn of hardened Windows Kernel" Peter Hlavaty
Past few years our team was focusing on different operating systems including Microsoft windows kernel. Honestly our first pwn at Windows kernel was not that challenging. Number of available targets with friendly environment for straightforward pwn, from user up to reliable kernel code execution.
However, step by step, security policies continue to evolve, and it becomes more troublesome to choose ideal attack surface from various sandboxes. In addition, what steps to follow for digging security holes is highly dependent upon the chosen target. In general, a few common strategies are available for researchers to choose: e.g choose “unknown” one which hasn’t been researched before; Select well fuzzed or well audited one, or research on kernel module internals to find “hidden” attack surfaces which are not explicitly interconnected. In the first part of the talk we introduce our methodology of selecting, alongside with cost of tricks around to choose seemingly banned targets, illustrated by notable examples.
After getting hands on potential bug available from targeted sandbox, it is time for Microsoft windows taking hardening efforts to put attacker into corner. Strong mitigations are being introduced more frequently than ever, with promising direction which cuts lots of attack surface off, and a several exploitation techniques being killed. We will show difficulties of developing universal exploitation techniques, and demonstrate needed technical level depending on code quality of target. We will examine how different it becomes with era of Redstone and following versions even with those techniques and good vulnerability in hand. How it changed attacker landscape and how it will (and will not) kill those techniques and applications. However will it really change the game or not?
In order to prevent exploiting mistakes, introduced in developing process, are continuously implemented various security mitigations & hardening on application level and in operating system level as well.
Even when those mitigations highly increase difficulty of exploitation of common bugs in software / core, you should not rely solely on them. And it can help to know background and limits of those techniques, which protect your software directly or indirectly.
In this talk we will take a look at some of helpful mitigations & features introduces past years (x64 address space, SMAP & SMEP, CFG, ...) focusing from kernel point of view. Its benefits, and weak points same time.
In order to harden kernel exploitation as much as possible was introduced variety of features including KASLR, SMEP and sometimes also SMAP.
Even those are powerful techniques their effectiveness rely on their cooperation, environment and their implementation.
We will present new and some not so new exploitation techniques, show ideas behind breaking trough before mentioned security features and why it is possible, and we will take a look at pool spraying on x64 as well.
In the past few years, the bar for exploitation was raised highly, and in the current state of software security it is harder and harder to make successful exploitation on newest operating systems.
But as some systems continue to evolve and introduce new mitigations, the others just freeze a few years behind. In our talk we will focus on rooting Android by two racing conditions vulnerabilities. We will show the differences between level of exploitation needed, and how some mobile vendors are killing offered security features.
Reid Wightman's presentation at AppSec DC 2012. Reid provides background and the lates on Digital Bond's Project Basecamp. New PLC exploit modules include a Stuxnet-type attack on the Modicon Quantum.
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoShakacon
LastPass is a popular password manager that integrates with browsers through plugins. One of the most interesting features is the fact that the encrypted vault is stored in LastPass' servers but they have no access to the content since the master password never leaves the user's machine. All encryption and decryption happens locally. Password managers are a single point of failure by design and therefore they need to be secure. A tool with the sole purpose of storing all your secrets is a important target for any attacker.
The most valuable piece of information is the master password. It is the key to decrypt the data and gain complete access. Research has been done on different attack vectors but the focus is on leaking passwords stored in the vault. This presentation will focus on how it is possible to steal and decrypt the master password. In addition, I will also demonstrate an additional attack vector that results in full access to the vault without the need of the master password. Two different attacks to achieve the same goal, full access to the vault. But given that LastPass supports 2 factor authentication, I will also demonstrate how to bypass it. Last but not least, I will release a Metasploit module that will automate the whole process. Stealing the master password, leaking the encryption key and bypassing 2 factor authentication.
Writing malware while the blue team is staring at youRob Fuller
Talk given at DerbyCon 2016 and RuxCon 2016
Malware authors and reverse engineers have been playing cat and mouse for a number of years now when it comes to writing and reversing of malware. From nation state level malware to the mass malware that infects grandmas and grandpas, mothers and fathers, the different types of malware employ a myriad of techniques to stop those who look at it from guessing the true intent. This talk will be about some of the unorthodox methods employed by some malware to stay hidden from, or out right ignore the reverse engineering community.
hey welcome to Kaustubhs hacking tutorial
this is the second video of series https://www.youtube.com/user/hackerkaustubh
in this tutrial i will perform real attack and take server down
Interoperability with the focus on PHP. Some pure PHP details, internal details are making it interesting for regular PHP developers as well as for extension developers.
As @nicowaisman mentioned in his talk Aleatory Persistent Threat, old school heap specific exploiting is dying. And with each windows SP or new version, is harder to attack heap itself. Heap management adapt quickly and include new mittigation techniques. But sometimes is better to rethink the idea of mittigation and do this technique properly even half version of it will cover all known heap exploit techniques…
Gearman provides a generic application framework to farm out work to other machines or processes that are better suited to do the work. In other words, it is the nervous system for how distributed processing communicates.
ZF2 Modular Architecture - Taking advantage of itSteve Maraspin
Zend Framework 1 had modules. Their name is pretty much everything Zend Framework 2 modules share with them, though. The whole framework architecture has been rewritten to encourage software reuse and extension. In this talk I’ll share our experiences on ZF2 module creation and usage.
You didnt see it’s coming? "Dawn of hardened Windows Kernel" Peter Hlavaty
Past few years our team was focusing on different operating systems including Microsoft windows kernel. Honestly our first pwn at Windows kernel was not that challenging. Number of available targets with friendly environment for straightforward pwn, from user up to reliable kernel code execution.
However, step by step, security policies continue to evolve, and it becomes more troublesome to choose ideal attack surface from various sandboxes. In addition, what steps to follow for digging security holes is highly dependent upon the chosen target. In general, a few common strategies are available for researchers to choose: e.g choose “unknown” one which hasn’t been researched before; Select well fuzzed or well audited one, or research on kernel module internals to find “hidden” attack surfaces which are not explicitly interconnected. In the first part of the talk we introduce our methodology of selecting, alongside with cost of tricks around to choose seemingly banned targets, illustrated by notable examples.
After getting hands on potential bug available from targeted sandbox, it is time for Microsoft windows taking hardening efforts to put attacker into corner. Strong mitigations are being introduced more frequently than ever, with promising direction which cuts lots of attack surface off, and a several exploitation techniques being killed. We will show difficulties of developing universal exploitation techniques, and demonstrate needed technical level depending on code quality of target. We will examine how different it becomes with era of Redstone and following versions even with those techniques and good vulnerability in hand. How it changed attacker landscape and how it will (and will not) kill those techniques and applications. However will it really change the game or not?
In order to prevent exploiting mistakes, introduced in developing process, are continuously implemented various security mitigations & hardening on application level and in operating system level as well.
Even when those mitigations highly increase difficulty of exploitation of common bugs in software / core, you should not rely solely on them. And it can help to know background and limits of those techniques, which protect your software directly or indirectly.
In this talk we will take a look at some of helpful mitigations & features introduces past years (x64 address space, SMAP & SMEP, CFG, ...) focusing from kernel point of view. Its benefits, and weak points same time.
In order to harden kernel exploitation as much as possible was introduced variety of features including KASLR, SMEP and sometimes also SMAP.
Even those are powerful techniques their effectiveness rely on their cooperation, environment and their implementation.
We will present new and some not so new exploitation techniques, show ideas behind breaking trough before mentioned security features and why it is possible, and we will take a look at pool spraying on x64 as well.
In the past few years, the bar for exploitation was raised highly, and in the current state of software security it is harder and harder to make successful exploitation on newest operating systems.
But as some systems continue to evolve and introduce new mitigations, the others just freeze a few years behind. In our talk we will focus on rooting Android by two racing conditions vulnerabilities. We will show the differences between level of exploitation needed, and how some mobile vendors are killing offered security features.
Reid Wightman's presentation at AppSec DC 2012. Reid provides background and the lates on Digital Bond's Project Basecamp. New PLC exploit modules include a Stuxnet-type attack on the Modicon Quantum.
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoShakacon
LastPass is a popular password manager that integrates with browsers through plugins. One of the most interesting features is the fact that the encrypted vault is stored in LastPass' servers but they have no access to the content since the master password never leaves the user's machine. All encryption and decryption happens locally. Password managers are a single point of failure by design and therefore they need to be secure. A tool with the sole purpose of storing all your secrets is a important target for any attacker.
The most valuable piece of information is the master password. It is the key to decrypt the data and gain complete access. Research has been done on different attack vectors but the focus is on leaking passwords stored in the vault. This presentation will focus on how it is possible to steal and decrypt the master password. In addition, I will also demonstrate an additional attack vector that results in full access to the vault without the need of the master password. Two different attacks to achieve the same goal, full access to the vault. But given that LastPass supports 2 factor authentication, I will also demonstrate how to bypass it. Last but not least, I will release a Metasploit module that will automate the whole process. Stealing the master password, leaking the encryption key and bypassing 2 factor authentication.
Writing malware while the blue team is staring at youRob Fuller
Talk given at DerbyCon 2016 and RuxCon 2016
Malware authors and reverse engineers have been playing cat and mouse for a number of years now when it comes to writing and reversing of malware. From nation state level malware to the mass malware that infects grandmas and grandpas, mothers and fathers, the different types of malware employ a myriad of techniques to stop those who look at it from guessing the true intent. This talk will be about some of the unorthodox methods employed by some malware to stay hidden from, or out right ignore the reverse engineering community.
hey welcome to Kaustubhs hacking tutorial
this is the second video of series https://www.youtube.com/user/hackerkaustubh
in this tutrial i will perform real attack and take server down
Interoperability with the focus on PHP. Some pure PHP details, internal details are making it interesting for regular PHP developers as well as for extension developers.
As @nicowaisman mentioned in his talk Aleatory Persistent Threat, old school heap specific exploiting is dying. And with each windows SP or new version, is harder to attack heap itself. Heap management adapt quickly and include new mittigation techniques. But sometimes is better to rethink the idea of mittigation and do this technique properly even half version of it will cover all known heap exploit techniques…
Gearman provides a generic application framework to farm out work to other machines or processes that are better suited to do the work. In other words, it is the nervous system for how distributed processing communicates.
ZF2 Modular Architecture - Taking advantage of itSteve Maraspin
Zend Framework 1 had modules. Their name is pretty much everything Zend Framework 2 modules share with them, though. The whole framework architecture has been rewritten to encourage software reuse and extension. In this talk I’ll share our experiences on ZF2 module creation and usage.
Error Reporting in ZF2: form messages, custom error pages, loggingSteve Maraspin
Errors frustrate users. No matter if it's their fault or applications', risks that they'll lose interest in our product is high. In this presentation, given at the Italian ZFDay 2014, I discuss about these issues and provide some hints for improving error reporting and handling.
Most colleges and universities don't think of themselves as businesses. But they are, just like Apple, McDonalds or Coca-Cola are. They must steal market share from other universities (competition) by being so emotionally important to prospective students (and prospective facility and emerging alumni) that they feel incomplete without it.
This presentation teaches college and university presidents how to think like a business and, most importantly, how to brand themselves so their institutions are preferred.
Monthly health magazine focusing on family and wellness themes. Targeting Hispanic community in Chicago Metro. In publication for five years with total circulation at 32,500.
Barómetro de marzo de GAD3 para ABC
Cuatro de cada cinco españoles creen que volveremos a las urnas el 26 de junio. El PSOE recuperaría a costa de Podemos tras el debate de investidura fallido.
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Chris Tankersley
One thing that most programmers do not take the time to understand is the servers that their application lives on. Most know a smattering of Apache configs, PHP configs, and basic information about the OS. This talk will deal with looking at tools that can help you quickly set up a server and how it can help you be a better developer. We'll look at tools like puppet for server management, OSSEC for log management, different command line tools, and nagios/monit for system monitoring.
One thing that most programmers do not take the time to understand is the servers that their application lives on. Most know a smattering of Apache configs, PHP configs, and basic information about the OS. This talk will deal with looking at tools that can help you quickly set up a server and how it can help you be a better developer. We'll look at tools like puppet for server management, OSSEC for log management, different command line tools, and nagios/monit for system monitoring.
Apache Flink(tm) - A Next-Generation Stream ProcessorAljoscha Krettek
In diesem Vortrag wird es zunächst einen kurzen Überblick über den aktuellen Stand im Bereich der Streaming-Datenanalyse geben. Danach wird es mit einer kleinen Einführung in das Apache-Flink-System zur Echtzeit-Datenanalyse weitergehen, bevor wir tiefer in einige der interessanten Eigenschaften eintauchen werden, die Flink von den anderen Spielern in diesem Bereich unterscheidet. Dazu werden wir beispielhafte Anwendungsfälle betrachten, die entweder direkt von Nutzern stammen oder auf unserer Erfahrung mit Nutzern basieren. Spezielle Eigenschaften, die wir betrachten werden, sind beispielsweise die Unterstützung für die Zerlegung von Events in einzelnen Sessions basierend auf der Zeit, zu der ein Ereignis passierte (event-time), Bestimmung von Zeitpunkten zum jeweiligen Speichern des Zustands eines Streaming-Programms für spätere Neustarts, die effiziente Abwicklung bei sehr großen zustandsorientierten Streaming-Berechnungen und die Zugänglichkeit des Zustandes von außerhalb.
Comment améliorer le quotidien des Développeurs PHP ?AFUP_Limoges
Conférence présentée lors du summer meetup de l'AFUP à Limoges le 19 juin 2018. Son objectif est de présenter plusieurs outils permettant de gagner rapidement en efficacité au quotidien.
Алексей Петров "PHP at Scale: Knowing enough to be dangerous!"Fwdays
Доклад будет посвящён принципам построения высокомаштабируемых приложений на PHP! Множество докладчиков зацикливаются на вопросах производительности “чтения”.
Думаю многие из вас знают: если что-то “тормозит” - включаем кеширование, если что-то “глючит” - выключаем кеширование. Каждый знает, если поставить Memcache перед БД и Varnish после php-fpm, можно добиться отличных результатов в производительности. А если и этого не хватает - тогда можно два, три, четыре Varnish-а…
Но что же делать при интенсивном использовании системы на “запись”? Что делать когда входящих данных много или очень много? Как выглядит Data Processing на PHP? Когда нужно из одного сервера делать два? Когда “умирает”" rabbitmq и нужна kafka? Где заканчивается MySQL и начинается MongoDB? Каким образом система должна эволюционировать? Как от одного состояния переходить в другое и как трансформировать количество в новое качество? Что такое c10k problem? Что происходит при 10000 req/sec? А при 100000 req/sec?
Slides of my talk at the Feb 20th 2020 PMI NIC Event on Requirement Management at Wartsila in Trieste, Italy. I'm highlighting what worked well and what did not during my career, also taking into account recent paradigms such as Cloud and DevOps. I'm also dissecting some of main agile principles and sharing my opinion on how to benefit from them.
The Metaphor Fallacy (in Digital Product Development)Steve Maraspin
Sharing personal thoughts on how metaphors can hinder, rather than help software modeling and design (at different levels). Talk presented at the 2014 Better Software Conference.
La filosofia Lean nello sviluppo di prodotti digitaliSteve Maraspin
Slide del mio intervento presso l'ordine degli Ingegneri di Udine il 12/06/2014. Contemplati diversi ambiti in cui i principi Lean aiutano a migliorare i processi di sviluppo.
Outcome not Output: A Story of Lean UX AdoptionSteve Maraspin
This presentation shares our experience with Lean UX adoption and offers some hints on how to combine User Centered Design activities within an Agile development workflow.
How do we take decisions? Are we fully conscious of what we do when using a system interface? There's a lot of unconscious activity going on while we use a digital product. This talk describes a few important factors interface designers should keep in mind while designing interaction.
Fare con Zend Framework 2 ciò che facevo con ZF1Steve Maraspin
Introduzione a Zend Framework 2 per chi proviene da Zend Framework 1, tenuta allo Zend Framework Day di Milano del 01/02/2013. Introduzione alle nuove caratteristiche e pattern architetturali di ZF2
Zend Framework 2 non è l'evoluzione di ZF, ma un progetto nuovo: il codice è stato riscritto e poche sono le parti in comune con la versione precedente. Lo sviluppatore abituato a ZF1 non ha vita facile, ed è fondato il timore di dover imparare tutto da capo. In questo talk vediamo come cambiare le vecchie abitudini di sviluppatori ZF1, per sfruttare al meglio le potenzialità del nuovo strumento. Attraverso esempi concreti, in cui vedremo all'opera i nuovi pattern e le best practice, mostriamo come - partendo con il piede giusto - il passaggio a ZF2 possa essere meno traumatico del previsto. Il talk è orientato soprattutto a chi già conosce ZF1, ma gli argomenti affrontati possono essere utili anche a chi si avvicina a ZF per la prima volta.
NoSQL Data Stores: Introduzione alle Basi di Dati Non RelazionaliSteve Maraspin
Seconda parte del seminario su NoSQL al DiTeDi di Udine del 15/12/2012. Presentata un'introduzione sulle basi di dati non relazionali e sulle implicazioni che le loro caratteristiche hanno nello sviluppo di applicazioni enterprise.
Polyglot Persistance con PostgreSQL, CouchDB, MongoDB, Redis e OrientDBSteve Maraspin
Pirma parte del seminario su NoSQL al DiTeDi di Udine del 15/12/2012. Affrontato il caso di studio di un'architettura enterprise, basata su datastore relazionali (PostgreSQL) e non (CouchDB, MongoDB, Redis e OrientDB).
NoSQL, No Worries: Vecchi Problemi, Nuove SoluzioniSteve Maraspin
Slide del talk sulle basi di dati non relazionali (NoSQL) al Codemotion di Venezia del 17/11/2012. Presentato un caso di studio di architettura basata su CouchDB, MongoDB, Redis e OrientDB, oltre che diversi concetti relativi ai datastore NoSQL.
Permettere al cliente di apprezzare l'approccio agileSteve Maraspin
Presentazione del 27/09/2012 a Better Software - Firenze, Italia. Raccontata la nostra esperienza e l'approccio utilizzato per garantire la soddisfazione del cliente nel lungo termine
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
Cryptocurrency trading bots are computer programs designed to automate buying, selling, and managing cryptocurrency transactions. These bots utilize advanced algorithms and machine learning techniques to analyze market data, identify trading opportunities, and execute trades on behalf of their users. By automating the decision-making process, crypto trading bots can react to market changes faster than human traders
Hivelance, a leading provider of cryptocurrency trading bot development services, stands out as the premier choice for crypto traders and developers. Hivelance boasts a team of seasoned cryptocurrency experts and software engineers who deeply understand the crypto market and the latest trends in automated trading, Hivelance leverages the latest technologies and tools in the industry, including advanced AI and machine learning algorithms, to create highly efficient and adaptable crypto trading bots
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
131. 131
• Within PHP
• Allows for
parallelism
• Exploits available
CPU cores
Pros Cons
• Feedback (besides exit
status) difficult to get
• Parallelism bound to #
of available CPU cores
• Not to be used within
Apache or web servers
in general
132. Latency Comparison Numbers
L1 cache reference 0.5 ns
Branch mispredict 5 ns
L2 cache reference 7 ns
Mutex lock/unlock 25 ns
Main memory reference 100 ns
Send 1K bytes over 1 Gbps network 10,000 ns
Read 4K randomly from SSD* 150,000 ns
Read 1 MB sequentially from memory 250,000 ns
Round trip within same datacenter 500,000 ns
Read 1 MB sequentially from SSD* 1,000,000 ns
Disk seek 10,000,000 ns
Read 1 MB sequentially from disk 20,000,000 ns
Send packet CA->Netherlands->CA 150,000,000 ns
Let's consider these numbers…
Source: https://gist.github.com/jboner/2841832
133. Latency Comparison Numbers
L1 cache reference 0.5 ns
Branch mispredict 5 ns
L2 cache reference 7 ns
Mutex lock/unlock 25 ns
Main memory reference 100 ns
Send 1K bytes over 1 Gbps network 10,000 ns
Read 4K randomly from SSD 150,000 ns
Read 1 MB sequentially from memory 250,000 ns
Round trip within same datacenter 500,000 ns
Read 1 MB sequentially from SSD 1,000,000 ns
Disk seek 10,000,000 ns
Read 1 MB sequentially from disk 20,000,000 ns
Send packet CA->Netherlands->CA 150,000,000 ns
We got an I/O issue!
Source: https://gist.github.com/jboner/2841832
134. Blocking I/O happens when…
Sending an e-mail
Communicating with Databases
Communicating with other
services
Reading/writing data on Disk
Reading/writing data on Network
…
156. PHP stream_select
156
Runs the equivalent of the select() system call
on the given arrays of streams with a timeout
specified by tv_sec and tv_usec
161. 161
• Within PHP
• Removes I/O
wait overhead
Pros Cons
• Cumbersome
within large
projects
• Performances
could be better
162. Libevent
• API providing a mechanism to execute
a callback when a specific event
occurs on a file descriptor or after a
timeout
• supports /dev/poll, kqueue(2), event
ports, POSIX select(2), Windows
select(), poll(2), and epoll(4)
notification mechanisms
162