Peter Hoddie's keynote for IEEE at CES 2016. He explores upcoming trends for developers in the IoT space, scriptable IoT leading us to the right standards, and JavaScript for the IoT.
Communication protocols in Embedded Systems. This presentation focused mainly on lower level protocols. Ideal for the beginner to build understanding on these protocols like I2C, USB, SPI etc.
This presentation gives a brief over view of Embedded Systems. It describes the common characteristics of Embedded systems, the design metrics, processor technologies and also summarizes differences between Microcontrollers and Microprocessors.
Channelization is a multiple-access method in which the available bandwidth of a link is shared in time, frequency, or through code, between different stations. The three channelization protocols are FDMA, TDMA, and CDMA
Switching concepts Data communication and networksNt Arvind
This slide explains you about the different types of sxitching networks like circuit switched network , datagram network , virtual circuit network , message switched network
Peter Hoddie, Kinoma VP, gave a talk at the IoT-themed API-Craft meet-up at the Tradeshift HQ in San Francisco. He discusses connectivity, the challenges and demands of IoT, and how Kinoma is building a set of APIs for the IoT.
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
The Internet of Fails - Where IoT (the Internet of Things) has gone wrong and how we’re making it right. By Mark Stanislav @mstanislav, Senior Security Consultant, Rapid7
Communication protocols in Embedded Systems. This presentation focused mainly on lower level protocols. Ideal for the beginner to build understanding on these protocols like I2C, USB, SPI etc.
This presentation gives a brief over view of Embedded Systems. It describes the common characteristics of Embedded systems, the design metrics, processor technologies and also summarizes differences between Microcontrollers and Microprocessors.
Channelization is a multiple-access method in which the available bandwidth of a link is shared in time, frequency, or through code, between different stations. The three channelization protocols are FDMA, TDMA, and CDMA
Switching concepts Data communication and networksNt Arvind
This slide explains you about the different types of sxitching networks like circuit switched network , datagram network , virtual circuit network , message switched network
Peter Hoddie, Kinoma VP, gave a talk at the IoT-themed API-Craft meet-up at the Tradeshift HQ in San Francisco. He discusses connectivity, the challenges and demands of IoT, and how Kinoma is building a set of APIs for the IoT.
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
The Internet of Fails - Where IoT (the Internet of Things) has gone wrong and how we’re making it right. By Mark Stanislav @mstanislav, Senior Security Consultant, Rapid7
13 practical tips for writing secure golang applicationsKarthik Gaekwad
Writing secure applications in a new language is challenging. Here are some tips to help get you started for writing secure code in golang. Presented at Lascon 2015
Transforming Consumer Banking with a 100% Cloud-Based Bank (FSV204) - AWS re:...Amazon Web Services
Customer demands for higher levels of service and value, constantly evolving technology capabilities, and stringent regulatory requirements are all powerful forces reshaping retail banking. Built exclusively on AWS, Starling Bank’s 100% cloud-based, mobile-only banking solution satisfies regulators in terms of its resilience, security, and reliability. It also satisfies consumers by giving them greater control over their data, streamlining the account opening process, accelerating payments, and providing access to innovative new services developed from scratch with open APIs, a developer platform, integration with Apple Pay, Google Pay, and Fitbit Pay and a custom backend ledger and payments integrations. Starling Bank is leading the open banking revolution. In this session, learn how Starling Bank delivers value to their customers and innovates at a very fast pace in a sector that can be slow to evolve.
Abusing bleeding edge web standards for appsec gloryPriyanka Aash
"Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns previously accepted as risks. With the most basic controls complete, attention is shifting toward mitigating more complex threats. As a result of the drive to control for these threats client-side, standards such as SubResource Integrity (SRI), Content Security Policy (CSP), and HTTP Public Key Pinning (HPKP) carry larger implementation risks than others such as HTTP Strict Transport Security (HSTS). Builders supporting legacy applications actively make trade-offs between implementing the latest standards versus accepting risks simply because of the increased risks newer web standards pose.
In this talk, we'll strictly explore the risks posed by SRI, CSP, and HPKP; demonstrate effective mitigation strategies and compromises which may make these standards more accessible to builders and defenders supporting legacy applications; as well as examine emergent properties of standards such as HPKP to cover previously unforeseen scenarios. As a bonus for the breakers, we'll explore and demonstrate exploitations of the emergent risks in these more volatile standards, to include multiple vulnerabilities uncovered quite literally during our research for this talk (which will hopefully be mitigated by d-day)."
(Source: Black Hat USA 2016, Las Vegas)
Talk from IoT World in Santa Clara, May 12, 2016. How to make IoT objects interoperable and adapble by adding JavaScript. Introduces XS6 open source JavaScript engine optimized for embedded development. Hat tip to Hallelujah the Hills for the epigrams.
This is a talk about some of the higher level topics that you need to think when design an Android app. These include architecture, security, hybrid apps, SDKs, logging, and testing.
The Hardcore Stuff I Hack:
This talk is going to give a run through of some of the technical challenges paul and his team have overcome over the years - in as much hardcore detail as possible
Coding Secure Infrastructure in the Cloud using the PIE frameworkJames Wickett
At National Instruments, we have developed an automation and provisioning framework called PIE (Programmable Infrastructure Environment) that we use daily on our devops team. Similar tools are available such as chef or puppet, but what makes PIE unique is its ability to work in multi-cloud deployments (Azure and AWS) along with multiple node OS types (linux and windows). It uses zookeeper to keep state and track dependencies across nodes and services.
When building PIE we actively considered how to implement it in a Rugged way for a DevOps team. As noted in the deck on slide 68, we are Rugged by Design and Devops by Culture. We see these as intersecting domains that have the ability to impact each other. For more info see ruggeddevops.org
Speed and agility are the most expected in today’s analytics tools. The quicker you get from idea to insights, the more you can innovate & perform ad-hoc data analysis. I will be talking about how we can use AWS serverless architecture to stream IoT data, managed by python. We can be up and running in minutes―starting small, but able to easily grow to millions of devices and billions of messages.
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxlior mazor
Stay safe, grab a drink and join us virtually for our upcoming "The Hacking Game - A Road to Post Exploitation" meetup
to learn how hackers can compromise the software supply chain, advanced data protection methods on WebLogic Server and
how to use AI in order to protect your software.
Agenda:
17:00 - 17:10 - 'Opening words' - by Gidi Farkash (CISO at Pipl Security)
17:10 - 17:40 - 'Tracking Attackers in Open Source Supply Chain - Lessons Learned' - by Jossef Harush Kadouri (Head of Software Supply Chain Security at Checkmarx)
17:40 - 18:20 - 'WebLogic - The Road to Post Exploitation' - by Amit German (Cyber Security Researcher at Pentera)
18:20 - 19:00 - 'AI In The Hands of Application Security' - by Brit Glazer (Head of Information Security at Unit)
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
2. @kinoma
Overview
• Looking ahead five years, based on what is happening
today.
• What does the code we program need to do?
• How will we be writing that code?
• Who will be doing the programming?
5. @kinoma
Consumer expectations
• These things are better than their predecessors
• Do more
• More configurable
• More reliable
• These things can work together with other things to
do even more useful stuff
6. @kinoma
Two kinds of standards
• To underpin markets
where massive
investment needed
• DVD (manufacturing
factories)
• 5G (cell towers)
• Wi-Fi (chips)
• MPEG compression
(silicon, software,
toolchain)
• To formalize (and
clean-up) existing
practice
• HTTP
• JSON
• JavaScript
• HTML
• MPEG-4 file format
7. @kinoma
Standards in IoT
• Industry impulse is to
create a new standard
• Define boundaries of
new product
categories
• Ensure interoperability
9. @kinoma
Too much. Too soon.
• It isn’t obvious what we want to do in the big picture
• Trying to create “underpinning” standards
• Not necessary for this market – investment level is
already unbelievably high
• Leading to bad standards
• Too much functionality
• Allow for too many possible futures
• Too big and complex to be practical
10. @kinoma
IoT needs time to evolve
• Experiments to discover what is possible
• Experience to know what works in the real world
• Too early for new standards
• Plenty of existing standards to build on
11. • Many suggest sending everything through the cloud
• Cloud acts as intermediary between devices and services
• Problems
• Too much data
• Internet isn’t always available
• Who’s cloud?
• Security – moving data around unnecessarily @kinoma
The cloud
12. • Devices must be able to communicate directly with
• Any cloud service
• Any other IoT device
• Any mobile app
@kinoma
Direct
15. The Killer App for IoT is the same as the
Killer App for PC and mobile:
The ability to run the apps you choose.
@kinoma
No single killer app
16. @kinoma
User-installed apps on IoT devices?
• Devices aren’t powerful enough.
• Too difficult for anyone but the most experienced
embedded programmers.
• It won’t be reliable.
• A security nightmare.
Insanity!
18. @kinoma
Let’s use a standard to help
• JavaScript is the closest thing we have to a
universal programming language
Web (Desktop)
Mobile (Apps and Web)
Server
Embedded
19. @kinoma
High level programming languages
on embedded systems
Relatedly, writing software to control drones,
vending machines, and dishwashers has become
as easy as spinning up a website. Fast, efficient
processors … are turning JavaScript into a
popular embedded programming language—
unthinkable less than a decade ago.
20. JavaScript for IoT
@kinoma
• JSON built in – de facto data format of the
web
• Exceptionally portable – OS independent
• Helps eliminate memory leaks so devices
can run for a very long time – garbage
collector
21. Secure foundation
@kinoma
• Sandbox
• Core language provides no access to network, files, hardware,
screen, audio, etc.
• Scripts can only see and do what the system designer chooses
to provide
• Secure – many classes of security flaws in native code are
nonexistent
• Uninitialized memory
• Stack overflow
• Buffer overruns
• Mal-formed data injection
22. First truly major enhancements to the language.
ES6 contains more than 400 individual changes
including:
• Classes – familiar tool for inheritance
• Promises – clean, consistent asynchronous
operation
• Modules – reusable code libraries
• ArrayBuffer – work with binary data
JavaScript 6th Edition – Features for IoT
@kinoma
23. @kinoma
How small a system can run
JavaScript?
• 512 KB RAM
• 200 MHz ARM Cortex M4
• Wi-Fi b/g
• Most complete ES6 implementation anywhere
• Open source
25. @kinoma
HTTP Client
let HTTPClient = require("HTTPClient");
let http = new HTTPClient(url);
http.onTransferComplete = function(status) {
trace(`Transfer complete : ${status}n`);
};
http.onDataReady = function(buffer) {
trace(String.fromArrayBuffer(buffer));
};
http.start();
26. @kinoma
HTTP Server
let HTTPServer = require("HTTPServer");
let server = new HTTPServer({port: 80});
server.onRequest = function(request) {
trace(`new request: url = ${request.url}n`);
request.addHeader("Connection", "close");
request.response();
};
27. @kinoma
I2C Accelerometer
let accel = new I2C(1, 0x53);
let id = accel.readChar(0x00);
if (0xE5 != id)
throw new Error(`unrecognized id: ${id}`);
accel.write(0x2d, [0x08]);
accel.write(0x38, [(0x01 << 6) | 0x1f]);
let status = accel.readByte(0x39);
let tmp = accel.readByte(0x32);
let x = (tmp << 8) | accel.readByte(0x33);
tmp = accel.readByte(0x34);
let y = (tmp << 8) | accel.readByte(0x35);
tmp = accel.readByte(0x36);
let z = (tmp << 8) | accel.readByte(0x37);
28. @kinoma
Adding ES6 to your product
• Just a few steps to get the basics working
• Get XS6 from GitHub
• Build it with your product
• Entirely ANSI C – likely builds as-is
• All host OS dependencies in three files
xs6Host.c, xs6Platform.h, and xs6Platform.6
• Update as needed for your host OS / RTOS
31. Reading environment variables
To allow a script to do this trace(getenv("XS6") + "n");
trace(getenv("XSBUG_HOST") + "n");
xsResult = xsNewHostFunction(xs_getenv, 1);
xsSet(xsGlobal, xsID("getenv"), xsResult);
void xs_getenv(xsMachine* the)
{
xsStringValue result = getenv(xsToString(xsArg(0)));
if (result)
xsResult = xsString(result);
}
Implement xs_getenv in C
Add getenv function to
the virtual machine
32. Going deeper
• JavaScript is also great for building the
product
• App logic
• Communication
• Network protocols
• Hardware
@kinoma
33. @kinoma
Why use JavaScript to build your
product?
• Get it working faster
• Iterate incredibly fast
• Leverage code and techniques
developed by other JS developers
• Hardware independent; easy to re-use
in your next generation
• Re-use JavaScript code with Node.js cloud
service, mobile apps, and web pages
• Much easier to find JavaScript
programmers
34. Avoid the “100% pure” trap
• It doesn’t make sense to code
everything in script
• Native code is great
• Fast
• Access to native functionality
• Access to hardware functions
• Re-use of proven, reliable code
• Secure
35. @kinoma
But, you may say
JavaScript isn’t type
safe. My manager
insists….
JavaScript isn’t good
for big projects.
Google told me… Modules
JavaScript
isn’t fast
41. @kinoma
Scriptable is scalable
• Your organization can’t implement everything itself
• Interactions with other devices
• Mobile experience
• Interactions with cloud service
• Building partnerships directly is slow, expensive, and limited
• Opening your product to Apps let’s individuals and
companies integrate your product with theirs
• Brings new abilities, new customers, access to new
markets
42. @kinoma
Scriptable IoT will lead us to the
right standards
• New “standard objects” for IoT to augment JavaScript built-
ins
• Common programming models
• Modules / libraries that are common across devices
• Perhaps enhancements to JavaScript for needs of IoT
43. @kinoma
Scriptable will realize potential of IoT
• We can’t organize to connect all
these devices and services
together
• This is not a central design /
control problem
• Organic exploration and growth
• Consumers will get the magic they
expect, just as the mobile app
ecosystem snapped into place
Programmer
I lead an engineering team. I don’t manage.
You are have probably run my code.
Apple TrueType (!)
Apple QuickTime
MPEG-4
Palm phones (lots of them)
Sony cameras
Sony Reader
HP Printers (I think we can safely mention that here, without going into depth)
You are likely using the standards work I helped with on MPEG-4 daily.
You may well have some with you now
And I’m probably running your code. And since this is IEEE, at this moment, I’m probably using standards some of you helped create.
For purposes of this presentation - any thing with a CPU and radio.
Halo Smoke Alarm
ADT with LG security
iDevices Light Socket
Essence WeRHome alarm system
Hunter Signal fan
Most recently, Jon Bruner wrote in the O'Reilly Hardware Newsletter looking ahead to 2016 wrote "High level programming languages on embedded systems" was one of the top 4 trends this year, saying:
..writing software to control drones, vending machines, and dishwashers
has become as easy as spinning up a website. Fast, efficient processors
like those on the Raspberry Pi are turning JavaScript into a popular
embedded programming language—unthinkable less than a decade ago.
Most recently, Jon Bruner wrote in the O'Reilly Hardware Newsletter looking ahead to 2016 wrote "High level programming languages on embedded systems" was one of the top 4 trends this year, saying:
..writing software to control drones, vending machines, and dishwashers
has become as easy as spinning up a website. Fast, efficient processors
like those on the Raspberry Pi are turning JavaScript into a popular
embedded programming language—unthinkable less than a decade ago.