Describes Outside-In development and Behvaiour Driven Development. Illustrates basic Cucumber usage within a Rails app and then goes over more advanced topics such as JS as web services.
Getting big without getting fat, in perlDean Hamstead
Thoughts on keeping your perl code lean as your code base gets bigger. Ideas on API structure for plugins and modules which can help. Some recommended option settings and module suggestions for handling configuration. A passing reference to logging.
A variety of pop culture, tech and start up culture references to keep things interesting.
All feedback welcome
Presented 18/08/2015 at Sydney PM
It contains different concepts of Object Oriented PHP like cloning of object, Inheritance, function overriding, Final function, Error Handling, Exception Handling, Custom error handling class, Uploading a file to the server with different criteria like file size, file type, file extension etc. are discussed in this presentation.
Kindly look at it and give comments to improve it as good as possible ways.
Describes Outside-In development and Behvaiour Driven Development. Illustrates basic Cucumber usage within a Rails app and then goes over more advanced topics such as JS as web services.
Getting big without getting fat, in perlDean Hamstead
Thoughts on keeping your perl code lean as your code base gets bigger. Ideas on API structure for plugins and modules which can help. Some recommended option settings and module suggestions for handling configuration. A passing reference to logging.
A variety of pop culture, tech and start up culture references to keep things interesting.
All feedback welcome
Presented 18/08/2015 at Sydney PM
It contains different concepts of Object Oriented PHP like cloning of object, Inheritance, function overriding, Final function, Error Handling, Exception Handling, Custom error handling class, Uploading a file to the server with different criteria like file size, file type, file extension etc. are discussed in this presentation.
Kindly look at it and give comments to improve it as good as possible ways.
Day 1 of 7-days "JavaScript and Rich User Interfaces" training for my colleagues. It covers XMLHttpRequest, iframe, img cookie transport, script transport, JSONP, comet.
This prototype works, but it's not pretty, and now it's in production. That legacy application really needs some TLC. Where do we start? When creating long lived applications, it's imperative to focus on good practices. The solution is to improve the whole development life cycle; from planning, better coding and testing, to automation, peer review and more. In this talk, we'll take a quick look into each of these areas, looking at how we can make positive, actionable change in our workflow.
Slide links:
- https://lumberjack.rareloop.com
- https://docs.lumberjack.rareloop.com
- https://github.com/Rareloop/lumberjack-bedrock-installer
- https://github.com/Rareloop/lumberjack
- https://github.com/Rareloop/lumberjack-validation
- https://github.com/Rareloop/hatchet
- https://lizkeogh.com/2017/08/31/reflecting-reality/amp
- https://www.upstatement.com/timber
- https://roots.io/bedrock
- https://scotch.io/bar-talk/s-o-l-i-d-the-first-five-principles-of-object-oriented-design
- https://github.com/zendframework/zend-diactoros
- https://www.php-fig.org
- http://php-di.org
---
Often WordPress themes are not easy to change, maintain or fun to work on. This can rule WordPress out as a viable option for bespoke, non-trivial websites.
In this talk we’ll dive into how this happens & look at how we can benefit from software engineering techniques to help make your code easier to change. I’ll also show how using Lumberjack, a powerful MVC framework built on Timber, can be used to power-up your themes.
Dip Your Toes in the Sea of Security (ConFoo YVR 2017)James Titcumb
Security is an enormous topic, and it’s really, really complicated. If you’re not careful, you’ll find yourself vulnerable to any number of attacks which you definitely don’t want to be on the receiving end of. This talk will give you just a taster of the vast array of things there is to know about security in modern web applications, such as writing secure PHP web applications and securing a Linux server. Whether you are writing anything beyond a basic brochure website, or even developing a complicated business web application, this talk will give you insights to some of the things you need to be aware of.
Kicking off with Zend Expressive and Doctrine ORM (ConFoo YVR 2017)James Titcumb
You've heard of Zend's new framework, Expressive, and you've heard it's the new hotness. In this talk, I will introduce the concepts of Expressive, how to bootstrap a simple application with the framework using best practices, and finally how to integrate a third party tool like Doctrine ORM.
Webinar: AngularJS and the WordPress REST APIWP Engine UK
The WordPress REST API, in conjunction with a JavaScript MVC framework such as AngularJS, opens up endless opportunities for developers to build new types of plugins and customize user experiences. This webinar goes in-depth into how to use AngularJS with the WordPress REST API. Together, these tools help you tie systems together to customize user experiences, build plugins, and advance your business in new, innovative ways that are only limited by your imagination!
What is covered in these slides:
-How to make custom admin interfaces using REST API & Angular JS
-2 practical examples of specific use cases:
-Starting point - Simple example of creating a customized post editor with AngularJS.
-End point - Using AngularJS to build a plugin admin screen using Ingot A/B testing plugin as an example.
With more and more sites falling victim to data theft, you've probably read the list of things (not) to do to write secure code. But what else should you do to make sure your code and the rest of your web stack is secure ? In this tutorial we'll go through the basic and more advanced techniques of securing your web and database servers, securing your backend PHP code and your frontend javascript code. We'll also look at how you can build code that detects and blocks intrusion attempts and a bunch of other tips and tricks to make sure your customer data stays secure.
Reviews the basis of using JavaScript within WordPress. How to load in scripts correctly and move PHP data into JavaScripts for later use. Presented at WordCamp Las Vegas 2013
Keeping the frontend under control with Symfony and WebpackIgnacio Martín
Webpack tutorial with tips for Symfony users. Topics covered include: current frontend trends, setup, loaders, dev tools, optimization in production, bundle splitting and tips and tricks for using webpack with existing projects.
Symfony Munich Meetup 2016.
This prototype works, but it’s not pretty, and now it’s in production. That legacy application really needs some TLC. Where do we start? When creating long lived applications, it’s imperative to focus on good practices. The solution is to improve the whole development life cycle; from planning, better coding and testing, to automation, peer review and more. In this talk, we’ll take a quick look into each of these areas, looking at how we can make positive, actionable change in our workflow.
Day 1 of 7-days "JavaScript and Rich User Interfaces" training for my colleagues. It covers XMLHttpRequest, iframe, img cookie transport, script transport, JSONP, comet.
This prototype works, but it's not pretty, and now it's in production. That legacy application really needs some TLC. Where do we start? When creating long lived applications, it's imperative to focus on good practices. The solution is to improve the whole development life cycle; from planning, better coding and testing, to automation, peer review and more. In this talk, we'll take a quick look into each of these areas, looking at how we can make positive, actionable change in our workflow.
Slide links:
- https://lumberjack.rareloop.com
- https://docs.lumberjack.rareloop.com
- https://github.com/Rareloop/lumberjack-bedrock-installer
- https://github.com/Rareloop/lumberjack
- https://github.com/Rareloop/lumberjack-validation
- https://github.com/Rareloop/hatchet
- https://lizkeogh.com/2017/08/31/reflecting-reality/amp
- https://www.upstatement.com/timber
- https://roots.io/bedrock
- https://scotch.io/bar-talk/s-o-l-i-d-the-first-five-principles-of-object-oriented-design
- https://github.com/zendframework/zend-diactoros
- https://www.php-fig.org
- http://php-di.org
---
Often WordPress themes are not easy to change, maintain or fun to work on. This can rule WordPress out as a viable option for bespoke, non-trivial websites.
In this talk we’ll dive into how this happens & look at how we can benefit from software engineering techniques to help make your code easier to change. I’ll also show how using Lumberjack, a powerful MVC framework built on Timber, can be used to power-up your themes.
Dip Your Toes in the Sea of Security (ConFoo YVR 2017)James Titcumb
Security is an enormous topic, and it’s really, really complicated. If you’re not careful, you’ll find yourself vulnerable to any number of attacks which you definitely don’t want to be on the receiving end of. This talk will give you just a taster of the vast array of things there is to know about security in modern web applications, such as writing secure PHP web applications and securing a Linux server. Whether you are writing anything beyond a basic brochure website, or even developing a complicated business web application, this talk will give you insights to some of the things you need to be aware of.
Kicking off with Zend Expressive and Doctrine ORM (ConFoo YVR 2017)James Titcumb
You've heard of Zend's new framework, Expressive, and you've heard it's the new hotness. In this talk, I will introduce the concepts of Expressive, how to bootstrap a simple application with the framework using best practices, and finally how to integrate a third party tool like Doctrine ORM.
Webinar: AngularJS and the WordPress REST APIWP Engine UK
The WordPress REST API, in conjunction with a JavaScript MVC framework such as AngularJS, opens up endless opportunities for developers to build new types of plugins and customize user experiences. This webinar goes in-depth into how to use AngularJS with the WordPress REST API. Together, these tools help you tie systems together to customize user experiences, build plugins, and advance your business in new, innovative ways that are only limited by your imagination!
What is covered in these slides:
-How to make custom admin interfaces using REST API & Angular JS
-2 practical examples of specific use cases:
-Starting point - Simple example of creating a customized post editor with AngularJS.
-End point - Using AngularJS to build a plugin admin screen using Ingot A/B testing plugin as an example.
With more and more sites falling victim to data theft, you've probably read the list of things (not) to do to write secure code. But what else should you do to make sure your code and the rest of your web stack is secure ? In this tutorial we'll go through the basic and more advanced techniques of securing your web and database servers, securing your backend PHP code and your frontend javascript code. We'll also look at how you can build code that detects and blocks intrusion attempts and a bunch of other tips and tricks to make sure your customer data stays secure.
Reviews the basis of using JavaScript within WordPress. How to load in scripts correctly and move PHP data into JavaScripts for later use. Presented at WordCamp Las Vegas 2013
Keeping the frontend under control with Symfony and WebpackIgnacio Martín
Webpack tutorial with tips for Symfony users. Topics covered include: current frontend trends, setup, loaders, dev tools, optimization in production, bundle splitting and tips and tricks for using webpack with existing projects.
Symfony Munich Meetup 2016.
This prototype works, but it’s not pretty, and now it’s in production. That legacy application really needs some TLC. Where do we start? When creating long lived applications, it’s imperative to focus on good practices. The solution is to improve the whole development life cycle; from planning, better coding and testing, to automation, peer review and more. In this talk, we’ll take a quick look into each of these areas, looking at how we can make positive, actionable change in our workflow.
Keep hearing about Plack and PSGI, and not really sure what they're for, and why they're popular? Maybe you're using Plack at work, and you're still copying-and-pasting `builder` lines in to your code without really knowing what's going on? What's the relationship between Plack, PSGI, and CGI? Plack from first principles works up from how CGI works, the evolution that PSGI represents, and how Plack provides a user-friendly layer on top of that.
Optimizing AngularJS Application, that include with some useful best practices to in AngularJS. The best practices defined here is well stablished in Angular team itself and developers in community.
SF Grails - Ratpack - Compact Groovy Webapps - James WilliamsPhilip Stehlik
Slides for SF Grails meetup.
Ratpack, a micro web framework for Groovy, "inspired by the excellent Sinatra framework for Ruby, aims to make Groovy web development more classy."
We are happy to have James Williams (Co-Creator of Griffon) to be presenting!
With more and more sites falling victim to data theft, you've probably read the list of things (not) to do to write secure code. But what else should you do to make sure your code and the rest of your web stack is secure ? In this tutorial we'll go through the basic and more advanced techniques of securing your web and database servers, securing your backend PHP code and your frontend javascript code. We'll also look at how you can build code that detects and blocks intrusion attempts and a bunch of other tips and tricks to make sure your customer data stays secure.
Reliable observability at scale: Error Budgets for 1,000+Fred Moyer
Observability and reliability engineering have been on a convergent course for several years. Error Budgets joined the reliability lexicon of engineering organizations in 2016 with the release of the SRE book. The intersection of observability and reliability has largely been the domain of specialists for practical implementation. How can one democratize these techniques to put them in the hands of a thousand engineers at once?
At Zendesk we developed simple algorithms and practical approaches for implementing SLIs, SLOs, and Error Budgets at scale using a number of observability tools. This talk will show the approaches developed and how we were able to manage observability instrumentation across dozens of teams quickly in a complex ecosystem (CDN, UI, middleware, backend, queues, dbs, queues, etc).
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
2. Qpsmtpd
● Perl SMTP daemon written by Ask Bjørn Hansen
● “mod_perl” of smtp
● Plugin API makes writing extensions fun
● Works with Qmail, Postfix, and Exim
● Stock plugins include spam and virus protection
● If you've tried to extend a C based smtp
daemon you've felt pain at some point
3. Setting it up
● Read the article by Matt Sergeant [1]
● Install using RPMs if you can
http://wiki.qpsmtpd.org/rpm-install_howto
● Installing from source is easy also
http://wiki.qpsmtpd.org/quick-install_howto
● Telnetting to port 25 works for testing...
● SWAKS is your friend [3]
● qpsmtpd@perl.org is also your friend
4. My config file
/home/smtpd/qpsmtpd/config/plugins
auth/auth_vpopmail_sql # set db auth in the plugin code
denysoft_greylist redhotpenguin.com taperfriendlymusic.org
quit_fortune
check_earlytalker
count_unrecognized_commands 4
check_relay
# require_resolvable_fromhost
# ^^ enable this to prevent zombies
check_delivery normal 1 127.0.0.1 vppmail dbuser dbpass
5. My config file
/home/smtpd/qpsmtpd/config/plugins
# rhsbl <- these blacklist plugins blacklist
# dnsbl <- yahoo.com et al. sometimes!
check_badmailfrom
check_badrcptto
check_spamhelo
# sender_permitted_from
rcpt_ok # this is the last rcpt plugin
6. My config file
/home/smtpd/qpsmtpd/config/plugins
virus/klez_filter
spamassassin reject_threshold 20 munge_subject_threshold 5
virus/clamav
# here is my first qpsmtpd application
craigslist recipient craig_qp@redhotpenguin.com site
http://www.craigslist.org login fred@redhotpenguin.com
password fredspass
queue/qmail-queue # leave enabled to forward the email
7. Many plugins available
● http://wiki.qpsmtpd.org/plugins
● Spam
● Virus
● Authentication – Vpopmail, PAM, text file, LDAP...
● Plugins are generally geared towards keeping the
spam out, and letting the good mail through
8. Your first plugin
● Start with good examples
● Read Matt Sergeant's O'reilly article [1]
● Read the source for existing plugins
● perldoc README.plugins ;)
9. A simple subject filter
● Spam filters don't catch everything
block_subject [ all | [ domain1, domain2 ... ] ]
sub init {
my ($self, $qp, @domains) = @_;
unless (defined $domains[0]) {
die “block_subject needs proper confign”;
}
$self->{_args}->{domains} = @domains;
my $content = <<”SUBJECTS”;
YOUR REPRESENTATIVE ASSISTANCE IS NEEDED
Message From eBay Member
The Ultimate Online Pharmaceutical
SUBJECTS
10. A simple subject filter
my @subjects = split(“n”, $block_content);
$self->{_args}->{subjects} = @subjects;
$self->log(LOGDEBUG,
“Blocking subjects $block_content”);
}
sub hook_data_post {
my ($self, $transaction) = @_;
if ($self->{_args}->{domains}->[0] eq 'all') {
if ($self->_blocked_subject($transaction)) {
return DENY;
}
}
else {
11. A simple subject filter
# Check each domain
my @recip_domains = map { $_->host }
$transaction->recipients;
foreach my $domain (@recip_domains) {
# Deny the email if the subject is in our blacklist
if (grep { $_ =~ m/^$domain$/ } @{$self->{_args}->{domains}
&& $self->blocked_subject($transaction))
{
return DENY;
}
}
}
return DECLINED;
}
12. A simple subject filter
sub blocked_subject {
my ($self, $transaction) = @_;
my $subject = $transaction->header->get('Subject');
chomp($subject);
if (grep { $_ =~ m/$subject$/i } @{$self->{_args}->{subjects}})
{
$self->log(LOGINFO, “block_subject invoked for $subject”);
return 1;
}
return;
}
13. SMTP Applications?
● SMTP to HTTP Gateways
● Automate tedious processes
● Use emails to interact with applications
● Today's PDAs have IMAP based email
but aren't very good at serving web pages
14. A Practical Application
● The problem at hand
● A couple hundred things we couldn't sell
● Throwing away is bad for the environment
(and costs money)
● http://www.craigslist.org - someone wants it
● But taking a picture of everything and posting
an ad to Craigslist is a lot of clicking
● I don't like to click, I like to write Perl
15. A Practical Application
● Possible solutions
● No internet connection
● I could make a list of the items at hand
● Call a friend and have him post
( no images though, and one less friend )
● Or drive to local shop with wireless
and click away
16. A Practical Application
● My phone has a built in camera and
email client
● I could take pictures and email them to
myself with a description, and post from
home
● That's repeating myself though, and too
much work
17. A Practical Application
● A Qpsmtpd plugin to solve this problem?
● It came down to being Lazy
● Being able to post an item at will is
preferable to batching transactions
● Bonus points for a per item picture,
response rates for items with pictures
are much higher than without
18. A Waste of Time?
● At 3 minutes overhead per item the
transaction overhead is 7.5 hours for
150 items
● At 30 seconds overhead per item the
transaction overhead is 75 minutes for
150 items
● Total time spent thinking, coding,
testing and deploying was about 3 hours
● Bonus points for writing fun code!
19. The Source
● Initialization
use WWW::Mechanize;
use Data::Dumper;
sub init {
my ($self, $qp, %args) = @_;
$self->{_args} = %args;
$self->{_mech} = WWW::Mechanize->new;
$self->log(LOGDEBUG, “Craigslist plugin init: n” .
Dumper(%args));
}
20. The Source
● Start processing after all data is received
● Check authorization first
sub hook_data_post {
my ($self, $transaction) = @_;
return DECLINED unless
(($transaction->recipients->[0]->address eq
$self->{_args}->{recipient})
&& $self->qp->connection->relay_client);
21. The Source
● Get the subject and body
my $subject = $transaction->header->get('Subject');
my $body;
while ( my $line = $transaction->body_getline ) {
$body .= $line;
}
use Email::MIME;
my $em = Email::MIME->new($subject . $body);
22. The Source
● Get the attached images and save them
use Email::MIME::Attachment::Stripper;
my $stripper =
Email::MIME::Attachment::Stripper->new($em);
my $attachments = $stripper->attachments;
if (@attachments) {
foreach my $at (@attachments) {
my $fh;
open($fh, “>”, “/tmp/” . $at->{filename}) || die $!;
print $fh $at->{payload};
close($fh);
}
}
23. The Source
● Login to http://www.craigslist.org
$self->{_mech}->get($self->{_args}->{site});
$self->{_mech}->submit_form(
form_name => “login”,
fields => {
inputEmailHandle => $self->{_args}->{login},
inputPassword => $self->{_args}->{password}
});
if (! $self->{_mech}->success ) {
$transaction->body_write(“Error during login”);
return DECLINED;
}
24. The Source
● Login to www.craigslist.org
$self->{_mech}->get($self->{_args}->{site});
$self->{_mech}->submit_form(
form_name => “login”,
fields => {
inputEmailHandle => $self->{_args}->{login},
inputPassword => $self->{_args}->{password}
});
if (! $self->{_mech}->success ) {
$transaction->body_write(“Error during login”);
return DECLINED;
}
25. The Source
● Walk the website
$self->{_mech}->follow_link(
text_regex => qr/wanted/ );
if (! $self->{_mech}->success ) {
$transaction->body_write(“Error following wanted link”);
return DECLINED;
}
# ... click through a few more links to get to ad posting
26. The Source
● Post the ad
$self->{_mech}->submit_form(
form_number => 1,
button => 'imagesForm',
fields => {
PostingTitle => $subject,
PostingBody => $body,
Ask => 0,
});
if (! $self->{_mech}->success) {
$transaction->body_write(“Error, could not post ad”);
return DECLINED;
}
27. The Source
● Post the images
foreach my $at (@attachments) {
$self->{_mech}->submit_form(
form_number => 1,
fields => { file1 => '/tmp/' . $at->{filename} }
);
if (! $self->{_mech}->success) {
$transaction->write_body(
“Error adding image “ . $at->{filename});
return DECLINED;
}
unlink('/tmp/' . $at->{filename});
}
28. We're done
● Grab the PDA
● Take a picture
● Compose an email
● Receive a flood of responses
( still need to write that part of the app )
29. Perl did the work
● No clicking (except taking the photo)
● No dealing with a cumbersome web
based application
● Our energy goes to where it's needed most
● All we had to do was code up a defined process
30. Recommended API Practices
● Run your application last after all other
plugins, before the queue plugin
● Forward the email to the sender as a
receipt
● Use a separate To: address for each app,
one that isn't vulnerable to dictionary attacks
31. Giving feedback to the User
● Indicate success or failure
● Let them know why it failed -
$transaction->write_body(“Why it failed”);
● Be strict in what you accept – the spammers
will find your openings eventually
32. Recommended AAA Approaches
● Require users to authenticate via SMTP auth
- as secure as normal SMTP transactions
$self->qp->connection->relay_client == 1
● Combine username with To: address and
match that against sender address, fairly
secure but not unbreakable
To: fred_craigslist@domain.com,
From: fred@fredsdomain.com
● Greylisting can help here but remember
that zombies can retry with dictionary attacks
33. Recommended AAA Approaches
● Require the user register their email address
and verify they are a real person
● Don't use a password in the email -
most users have one password and will
blissfully use it here as well
● Use good judgement in weighing ease of
use vs. security in authentication – err on
the side of security.
34. Recommended AAA Approaches
● Don't use this approach to build secure
apps unless you _really_ know what you
are doing. Better yet, just don't do it.
● Don't send sensitive information in plain
text email
● This approach is about making automated
tasks easy from insecure clients (PDAs).
Proceed as such.
35. More Ideas
● Reply to those annoying “DO NOT REPLY”
emails from Bugzilla, et al.
● Check the weather
● Check the traffic report
● Next bus
● Post to a picture blog from your PDA
● Any process that is repeatable and boring
36. Credits
● The Qpsmtpd community
● Ask Bjørn Hansen for authoring Qpsmtpd
● Matt Sergeant and Robert Spier for
listening to my crazy ideas on #qpsmtpd
37. References
[1] – Using Qpsmtpd, Matt Sergeant
http://www.oreillynet.com/pub/a/sysadmin/2005/09/15/qpsmtpd.html
[2] – The Qpsmtpd Wiki
http://wiki.qpsmtpd.org
[3] – SWAKS
http://jetmore.org/john/code/#swaks
38. Slides
These slides are freely available at
http://www.redhotpenguin.com/talks
Thank you NPW 2006!