Most Rails users are familiar with ActiveRecord. But what does that mean? What is ActiveRecord's approach to object relational mapping? And what are the alternatives?
This slides shows relationship between python and databases. but this is very short story. not all that python and databases, just part of them. Use your own risk.
Talk was presented at PGConfUS on April 20th, 2016.
___________
With features like foreign data wrappers, Postgres makes it easy for you to integrate rich data stores into your application architectures. Yet sometimes you only have a few rich data structures to deal with, or can’t afford the time and resource cost of running a NoSQL cluster alongside Postgres. Happily Postgres natively supports several document data formats, giving you the best of both worlds in one database. You can keep document oriented data solely within Postgres, or write a foreign table schema that’s naturally compatible with your document database.
At this talk you’ll learn how to access document data stored in Postgres, and write Ruby code to make use of the data with your favorite ORM. We’ll survey the various document stores which are natively supported in Postgres. You’ll learn what are the pros and cons of each data type, and come away understanding which use cases are best suited to each document store.
This slides shows relationship between python and databases. but this is very short story. not all that python and databases, just part of them. Use your own risk.
Talk was presented at PGConfUS on April 20th, 2016.
___________
With features like foreign data wrappers, Postgres makes it easy for you to integrate rich data stores into your application architectures. Yet sometimes you only have a few rich data structures to deal with, or can’t afford the time and resource cost of running a NoSQL cluster alongside Postgres. Happily Postgres natively supports several document data formats, giving you the best of both worlds in one database. You can keep document oriented data solely within Postgres, or write a foreign table schema that’s naturally compatible with your document database.
At this talk you’ll learn how to access document data stored in Postgres, and write Ruby code to make use of the data with your favorite ORM. We’ll survey the various document stores which are natively supported in Postgres. You’ll learn what are the pros and cons of each data type, and come away understanding which use cases are best suited to each document store.
I'm Andrea D'Ubaldo, I am a software developer and cyber security enthusiast. The purpose of this presentation is to warn people about google "hacking".
I don't pretend to teach, I only love sharing knowledge. Hope you enjoy ! Comments and remarks are welcome.
------------------------------------------------
Summary
- What is Google dorks
- Queries syntax
- Queries examples
- Conclusion
Google Dork Definition
"A Google dork is an employee who unknowingly exposes sensitive corporate information on the Internet. The word dork is slang for a slow-witted or in-ept person."
Margaret Rouse
Director, WhatIs.com at TechTarget
@WhatIsDotCom
What is
Google dorks is a powerful advanced search, an instrument to perform queries on Google search engine.
How it works
That queries allows the user to find detailed information over the internet, such files, hidden pages, sensitive documents and so on.
Why use
But...dork queries are considered by many an “hacking technique”. Because of his nature, the dorks can be used for different purposes, often bad purpose and we shall then see...
Queries syntax
a) inurl
Find that word or sentences in the URL
inurl: php?id=
b) related
Find that related websites
related:www.google.com
c) filetype
research by file type
filetype:pdf shakespeare
d) site
Restrict to a specific site
site:fakesite.com
e) intitle
Find that word or sentences in the title of a website
intitle: search
...Other syntax characters and operators.
Examples :
- Search files containing username and password
- Discover vulnerable server, affected by SQL Injection
- Pages containing login portal
- Sensitive directory
Credits and References
What is Google dork? – Margaret Rouse
What is Google dork? - WhatIs.com - TechTarget
whatis.techtarget.com
Conclusion
Be careful and protect your data!
Google hacking
https://en.wikipedia.org/wiki/Google_hacking
Wikipedia.
Google Hacking Database (GHDB)
https://www.exploit-db.com/google-hacking-database/
Exploit Database
Special thanks to all the people who made and released these awesome resources for free:
Presentation template by SlidesCarnival (http://www.slidescarnival.com/)
Photographs by Unsplash (http://unsplash.com/)
jQuery is so easy to write and therefore so easy to write poor code also. As coders are we sure that what we write can easily be digested by the web page? Lets go and see how we can easily improve performance with same code with different approach.
Designing Great APIs: Learning from Jony Ive, Orwell, and the Kano ModelJonathan Dahl
APIs are interfaces, just like UIs. But while a website or a mobile app is designed to be used by a consumer, an API has two very specific audiences in mind: other systems, and the programmers who build them.
A well-designed API can make or break an application. So how do developers build great APIs? What design principles should be followed? We will discuss these questions based on the work of thinkers in the areas of industrial design, writing, and a product development theory.
Aristotle and the Art of Software Development (Agile 2009)Jonathan Dahl
Talk on software development and philosophy, given at Agile 2009 in Chicago. (This is an updated version of a talk I gave at RubyConf 2008 in Orlando.)
I'm Andrea D'Ubaldo, I am a software developer and cyber security enthusiast. The purpose of this presentation is to warn people about google "hacking".
I don't pretend to teach, I only love sharing knowledge. Hope you enjoy ! Comments and remarks are welcome.
------------------------------------------------
Summary
- What is Google dorks
- Queries syntax
- Queries examples
- Conclusion
Google Dork Definition
"A Google dork is an employee who unknowingly exposes sensitive corporate information on the Internet. The word dork is slang for a slow-witted or in-ept person."
Margaret Rouse
Director, WhatIs.com at TechTarget
@WhatIsDotCom
What is
Google dorks is a powerful advanced search, an instrument to perform queries on Google search engine.
How it works
That queries allows the user to find detailed information over the internet, such files, hidden pages, sensitive documents and so on.
Why use
But...dork queries are considered by many an “hacking technique”. Because of his nature, the dorks can be used for different purposes, often bad purpose and we shall then see...
Queries syntax
a) inurl
Find that word or sentences in the URL
inurl: php?id=
b) related
Find that related websites
related:www.google.com
c) filetype
research by file type
filetype:pdf shakespeare
d) site
Restrict to a specific site
site:fakesite.com
e) intitle
Find that word or sentences in the title of a website
intitle: search
...Other syntax characters and operators.
Examples :
- Search files containing username and password
- Discover vulnerable server, affected by SQL Injection
- Pages containing login portal
- Sensitive directory
Credits and References
What is Google dork? – Margaret Rouse
What is Google dork? - WhatIs.com - TechTarget
whatis.techtarget.com
Conclusion
Be careful and protect your data!
Google hacking
https://en.wikipedia.org/wiki/Google_hacking
Wikipedia.
Google Hacking Database (GHDB)
https://www.exploit-db.com/google-hacking-database/
Exploit Database
Special thanks to all the people who made and released these awesome resources for free:
Presentation template by SlidesCarnival (http://www.slidescarnival.com/)
Photographs by Unsplash (http://unsplash.com/)
jQuery is so easy to write and therefore so easy to write poor code also. As coders are we sure that what we write can easily be digested by the web page? Lets go and see how we can easily improve performance with same code with different approach.
Designing Great APIs: Learning from Jony Ive, Orwell, and the Kano ModelJonathan Dahl
APIs are interfaces, just like UIs. But while a website or a mobile app is designed to be used by a consumer, an API has two very specific audiences in mind: other systems, and the programmers who build them.
A well-designed API can make or break an application. So how do developers build great APIs? What design principles should be followed? We will discuss these questions based on the work of thinkers in the areas of industrial design, writing, and a product development theory.
Aristotle and the Art of Software Development (Agile 2009)Jonathan Dahl
Talk on software development and philosophy, given at Agile 2009 in Chicago. (This is an updated version of a talk I gave at RubyConf 2008 in Orlando.)
Programming and Minimalism: Lessons from Orwell and the ClashJonathan Dahl
Programming is writing. A programmer's job is to express abstract ideas in a specific language - just like the poet, the essayist, and the composer. But while writers and composers spend years improving their style, many programmers think style stops with "two-space indentation". This needs to change.
This presentation will discuss style in music, writing, and software. We'll look at such diverse sources as George Orwell, Mozart, and punk music, and will find that much of art revolves around complexity and minimalism - just like software. Finally, we'll look at specific patterns and tools for writing software that is not just effective and efficient, but stylistically beautiful.
Slides to the Hands On Spring Data lab, presented in Paris on Dec 10th, 2012. Code exercises are here: https://github.com/ericbottard/hands-on-spring-data
Sequelize is a promise-based Node.js ORM for Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server. It features solid transaction support, relations, eager and lazy loading, read replication and more.
Python RESTful webservices with Python: Flask and Django solutionsSolution4Future
Slides contain RESTful solutions based on Python frameworks like Flask and Django. The presentation introduce in REST concept, presents benchmarks and research for best solutions, analyzes performance problems and shows how to simple get better results. Finally presents soruce code in Flask and Django how to make your own RESTful API in 15 minutes.
In a world where users have ever higher expectations from the apps they use, having data always available, even when the device is offline has become increasingly important.
In this talk we will go through different ways of saving data on the phone and introduce Realm as a replacement for SQLite and ORM's.
Through an example app it will be demonstrated that thinking "Offline first" not only affects your apps architecture for the better, but also results in happier users.
The primary focus of this presentation is approaching the migration of a large, legacy data store into a new schema built with Django. Includes discussion of how to structure a migration script so that it will run efficiently and scale. Learn how to recognize and evaluate trouble spots.
Also discusses some general tips and tricks for working with data and establishing a productive workflow.
Got data? Let's make it searchable! This interactive presentation will demonstrate getting documents into Solr quickly, provide some tips in adjusting Solr's schema to match your needs better, and finally showcase your data in a flexible search user interface. We'll see how to rapidly leverage faceting, highlighting, spell checking, and debugging. Even after all that, there will be enough time left to outline the next steps in developing your search application and taking it to production.
Slides from a presentation given at Laravel Chicago on November 18, 2014. Goes over the basics of building a REST API using the Laravel framework as well as some handy tips and tools.
Spring Data Requery is alternatives of Spring Data JPA
Requery is lightweight ORM for DBMS (MySQL, PostgreSQL, H2, SQLite, Oracle, SQL Server)
Spring Data Requery provide Query By Native Query, Query By Example and Query By Property like Spring Data JPA
Spring Data Requery is better performance than JPA
In this core java training session, you will learn JDBC Cont. Topics covered in this session are:
• JDBC Continued
• Introduction to Java Enterprise Edition (Java EE)
For more information about this course visit on this link: https://www.mindsmapped.com/courses/software-development/learn-java-fundamentals-hands-on-training-on-core-java-concepts/
#NoXML: Eliminating XML in Spring Projects - SpringOne 2GX 2015Matt Raible
Many Spring projects exist that leverage XML for their configuration and bean definitions. Most Java web applications use a web.xml to configure their servlets, filters and listeners. This session shows you how you can eliminate XML by configuring your Spring beans with JavaConfig and annotations. It also shows how you can remove your web.xml and configure your web components with Java.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
16. An object that wraps a row in a database table or view,
encapsulates the database access, and adds domain logic on
that data.
Martin Fowler, PoEAA, 160.
20. 1. Too much magic.
http://cgi.ebay.com/MEDIEVAL-MAGE-KING-BLACK-TUNIC-COSTUME-SCA-LARP-_W0QQitemZ250373576829QQcmdZViewItemQQimsxZ20090215?IMSfp=TL090215143008r8810#ebayphotohosting
40. An object that wraps a row in a database table or view,
encapsulates the database access, and adds domain logic on
that data.
Martin Fowler, PoEAA, 160.
48. A layer of Mappers (473) that moves data between objects and
a database while keeping them independent of each other and
the mapper itself.
Martin Fowler, PoEAA, 165.
50. Explicit property mapping
class Message
include DataMapper::Resource
property :name, String
property :body, Text
property :created_at, DateTime
validates_presence_of :name
end
56. Chainable finders
class Zoo
def self.open
all(:open => true)
end
def self.big
all(:animal_count.gte => 1000)
end
end
big_open_zoos = Zoo.big.open
57. Associations
class Article
include DataMapper::Resource
property :id, Serial
property :title, String
property :content, Text
belongs_to :author
end
class Author
include DataMapper::Resource
property :id, Serial
property :name, String
has n, :articles
end
Article.all('author.name' => 'Michael')
Because your database and your OO code are unlike things. Different paradigms.
So in a sense, any time you use a relational DB + OO, you’re going to do some sort of object relational mapping.
May be formal or informal.
So data types are not identical
Your DB has a formal definition independent of the use of the data.
This is a big one.
In OO, you follow references - an object can “point” to another object, and so on.
In SQL, you logically join sets of data together.
Any bit of data can be joined to any other bit.
In OO, ideal is to hide as much as you can and only expose a public interface.
declarative vs. active - declare that certain kinds of data are acceptable, vs. actively checking at certain points in time.
SQL doesn’t directly have a concept of inheritance. Fundamental to OO.
Finally, different purposes.
Define structure for data (and hold that data)
vs.
Doing something
So basically, ORM are translators between unlike things. Like any translation,
this isn’t going to be perfectly smooth, and there will always be tradeoffs.
In this talk, Dan and I are going to talk about these tradeoffs by looking at three approaches to ORM with Ruby.
You’re probably familiar with this already, so I won’t show much code here or talk about how to use AR. Instead, let’s talk for a few minutes at a more theoretical level.
In this pattern, an object wraps each DB row. This single object handles both domain logic and database access. What's unique about this?
Other approaches might not treat each row as an object, or might combine multiple rows into a single object.
Others might separate these, filtering the data through a logic layer, instead of exposing both side-by-side.
class User < ActiveRecord::Base
end
That does a _lot_. And from looking at this, you have no idea exactly what it did. You have to check the db schema in order to figure that out.
The good news is that convention dominates. Once you know the conventions, you generally aren't surprised.
This is true, by default. N+1, loads all columns, etc.
It would be really nice if it could do these things.
But at the same time, it provides facilities for these sorts of optimizations.
This is part of the reason that alternative ORMs got started.
The thing is, it isn't true any more. At least not entirely.
This guy, Josh Peek, made Rails 2.2 thread safe.
And this guy, who you may recognize, added the current connection pooling.
The fact is, as a AR developer, you can pretty much forget how to write a join.
This isn't really a limitation of AR - some could say that it’s a feature. But at the same time, you really do need to know SQL if you’re going to use a relational database.
That said, my SQL skills have atrophied as a Rails developer. On our newest project, Luke and I have had to do quite a bit of custom SQL, and we've tried to make our DB layer a bit smarter and more robust. Which leads to the next criticism...
Rails makes polymorphic associations easy and multi-table inheritance hard.
But polymorphic associations: bad idea. Cuts out a join table, but hurts referential integrity. But because it’s easy, you see a lot of it.
Is this a valid criticism? It usually isn’t that hard to fight against AR’s conventions, and most of the time, you don’t want to.
This is bad. Basically, foreign keys require a plugin. Redhill. This plugin works, but isn't all that actively maintained, and some things (constraints) aren't even supported by that.
You can always run a bare connection.execute() statement, but this won't get dumped into your schema.rb file, which is bad.
According to DHH et al, you don't need DB constraints, and you want a dumb DB.
4. Access your database directly.
Company 1 may not exist.
Or
I.e. you make a mistake
I.e. you make a mistake.
This probably isn’t a problem for you, but it might be for some of the other people you work with.
Sequel is a thread-safe DB library with a lightweight ORM
Follows the ActiveRecord pattern
So you don’t have to write much real SQL
So you don’t have to write much real SQL
The Sequel ORM is very similar to AR, at least on the surface.
Does many of the things that Rails does, at least the basics.