The document summarizes the history and development of the TOMOYO Linux project. It discusses how the project started in 2003 without a goal of mainlining. Over time, through meetings with developers like Russell Coker and encouragement from the Japanese Linux community, the project shifted its focus to mainlining. This involved reworking the code to use the Linux Security Modules interfaces and submitting patches to the Linux kernel mailing list. While progress was slow with little feedback, the project gained more attention through conferences like OLS and FOSDEM. The document expresses the project's ongoing goal of fully merging TOMOYO Linux with the mainline kernel.
Esteban Lorenzano presents Reef, a Javascript/Ajax component framework for Seaside. Reef allows developers to build Ajax interactions into Seaside applications using a transparent component model. It uses a dispatcher architecture with jQuery and supports callbacks, context, decorations, and plugins to extend components. Developers are encouraged to try Reef and provide feedback.
This document discusses Mars, a framework for building native applications for OSX, iPhone, and iPad using Pharo. It describes Mars' architecture which uses the Objective-C bridge to connect Pharo and Cocoa/CocoaTouch. Views map to Objective-C controls while controllers handle callbacks. The model uses an adaptor to work with different models. Problems with deadlocks are being addressed. The future includes more testing, documentation, and potentially ports to other platforms.
Plone Conference 2010 – Where we go from hereEric Steele
The document outlines 14 rules for Plone's future, including communicating Plone's direction, acknowledging weaknesses, playing to strengths like security and UI, deciding on target users, making "today what tomorrow will want" (TTW) easier, leveraging outside technologies, backporting innovations, keeping the platform modern, shrinking dependencies, avoiding breaking changes, improving installability, making distributions important, and focusing on quality.
Kernel Development: Drawing Lessons from "Mistakes" (Japan Linux Symposium 2009)Toshiharu Harada, Ph.D
Every kernel developer knows that Linux comes with plenty of precious documentation as an integral part. From coding style to how to post patches, almost everything has been documented. However, history shows that error is human nature. Sometimes developers do not well know Don’ts, but there are also cases when they make mistakes despite being aware of such rules. Why this happen is unsolved, but a documentation, so far missing, of the consequences of this misbehavior could discourage it. The presenter is project manager of TOMOYO Linux, a security enhancement feature merged in version 2.6.30. Thinking open-minded, he decided to share the errors his project made, wishing it could be a helpful warning to other projects, especially newcomers. In this presentation, it will try to explain the mistake circumstances in TOMOYO Linux project, highlighting the thoughts of project members and the community reactions. No prior kernel development experiences are necessary.
Continuous Integration Testing for Plone Using HudsonEric Steele
The document discusses continuous integration and Hudson/Buildbot for automated testing. It describes concepts of continuous integration like maintaining a source repository, automating builds, making builds self-testing, and integrating with version control systems. Specifics of Hudson are covered, including installation, configuration of jobs/projects, triggers, build steps, and plugins. The document also provides details on code analysis with tools like zptlint, test coverage, and integrating buildout with Hudson for continuous integration of Plone projects.
The document discusses iBizLog, a platform for small businesses and independent professionals to create e-commerce websites. It provides features like customizable templates, shopping carts, and social networking integration. The platform is built using Pharo and Seaside, and runs on Gemstone using a custom storage mechanism called "Voyage". Over 1500 businesses have used iBizLog in the past year to set up their online stores.
The document discusses various topics from the Iterating Plone presentation at Plone Symposium East 2012, including the roles and processes of the Plone Release Manager and Framework Team. It outlines the planned features and timeline for upcoming Plone releases 4.2, 4.3, and 5. Key initiatives include transitioning to Dexterity as the default content type system, Diazo for theming, and CMSUI. Regular sprints are held around the world to collaborate on Plone development.
Drupal security - Configuration and processGábor Hojtsy
This document discusses Drupal security best practices. It introduces the presenters and defines common security threats like cross-site scripting. It demonstrates how malicious javascript could hijack an admin account. Charts show the most common vulnerabilities and input formats are discussed as a way to control user input. The document stresses keeping software updated, using backups, and following secure development practices.
Esteban Lorenzano presents Reef, a Javascript/Ajax component framework for Seaside. Reef allows developers to build Ajax interactions into Seaside applications using a transparent component model. It uses a dispatcher architecture with jQuery and supports callbacks, context, decorations, and plugins to extend components. Developers are encouraged to try Reef and provide feedback.
This document discusses Mars, a framework for building native applications for OSX, iPhone, and iPad using Pharo. It describes Mars' architecture which uses the Objective-C bridge to connect Pharo and Cocoa/CocoaTouch. Views map to Objective-C controls while controllers handle callbacks. The model uses an adaptor to work with different models. Problems with deadlocks are being addressed. The future includes more testing, documentation, and potentially ports to other platforms.
Plone Conference 2010 – Where we go from hereEric Steele
The document outlines 14 rules for Plone's future, including communicating Plone's direction, acknowledging weaknesses, playing to strengths like security and UI, deciding on target users, making "today what tomorrow will want" (TTW) easier, leveraging outside technologies, backporting innovations, keeping the platform modern, shrinking dependencies, avoiding breaking changes, improving installability, making distributions important, and focusing on quality.
Kernel Development: Drawing Lessons from "Mistakes" (Japan Linux Symposium 2009)Toshiharu Harada, Ph.D
Every kernel developer knows that Linux comes with plenty of precious documentation as an integral part. From coding style to how to post patches, almost everything has been documented. However, history shows that error is human nature. Sometimes developers do not well know Don’ts, but there are also cases when they make mistakes despite being aware of such rules. Why this happen is unsolved, but a documentation, so far missing, of the consequences of this misbehavior could discourage it. The presenter is project manager of TOMOYO Linux, a security enhancement feature merged in version 2.6.30. Thinking open-minded, he decided to share the errors his project made, wishing it could be a helpful warning to other projects, especially newcomers. In this presentation, it will try to explain the mistake circumstances in TOMOYO Linux project, highlighting the thoughts of project members and the community reactions. No prior kernel development experiences are necessary.
Continuous Integration Testing for Plone Using HudsonEric Steele
The document discusses continuous integration and Hudson/Buildbot for automated testing. It describes concepts of continuous integration like maintaining a source repository, automating builds, making builds self-testing, and integrating with version control systems. Specifics of Hudson are covered, including installation, configuration of jobs/projects, triggers, build steps, and plugins. The document also provides details on code analysis with tools like zptlint, test coverage, and integrating buildout with Hudson for continuous integration of Plone projects.
The document discusses iBizLog, a platform for small businesses and independent professionals to create e-commerce websites. It provides features like customizable templates, shopping carts, and social networking integration. The platform is built using Pharo and Seaside, and runs on Gemstone using a custom storage mechanism called "Voyage". Over 1500 businesses have used iBizLog in the past year to set up their online stores.
The document discusses various topics from the Iterating Plone presentation at Plone Symposium East 2012, including the roles and processes of the Plone Release Manager and Framework Team. It outlines the planned features and timeline for upcoming Plone releases 4.2, 4.3, and 5. Key initiatives include transitioning to Dexterity as the default content type system, Diazo for theming, and CMSUI. Regular sprints are held around the world to collaborate on Plone development.
Drupal security - Configuration and processGábor Hojtsy
This document discusses Drupal security best practices. It introduces the presenters and defines common security threats like cross-site scripting. It demonstrates how malicious javascript could hijack an admin account. Charts show the most common vulnerabilities and input formats are discussed as a way to control user input. The document stresses keeping software updated, using backups, and following secure development practices.
Kernel Development: Drawing Lessons From "Mistakes" (Japan Linux Symposium 2009)guest40cf23
The document summarizes lessons learned from mistakes made during the development of the TOMOYO Linux project. It describes several errors made in initial patch submissions, such as not including patches, ignoring coding style standards, and proposing new APIs instead of using existing ones. Community members provided valuable feedback that helped correct these issues. The presenter hopes sharing these experiences will help other projects, especially newcomers, avoid similar pitfalls when contributing code to the Linux kernel.
Slides from the Kyoto Study Group organized during LocJAM Japan 2016 - Introduction to LocJAM Japan, the game localization process and Ikinari Maou, the game we are offering for translation this time.
This document provides lessons on how to become a hacker. It discusses preparing for a long journey, finding mentors, distinguishing yourself, going interactive, holding your hands, playing instead of just commenting, starting now and restarting often. It also discusses getting a computing and free software culture through writing and reading. The document encourages fixing your email, marrying your text editor, mastering version control and TODO lists, learning to make bug reports, scratching your own and others' itches, learning a programming language, understanding users' environments, and learning to test and write English. It concludes by discussing getting involved in a free software community.
This 1st presentation in the training "Introduction to linux for bioinformatics" gives an introduction to Linux, and the concepts by which Linux operates.
Ubuntu is a free and open-source operating system based on Debian GNU/Linux. It was first released in 2004. The document provides details about:
- The history and development of Unix and Linux operating systems.
- Popular Linux distributions such as Slackware, Redhat, Debian, Ubuntu, and their key features.
- The philosophy of Ubuntu which emphasizes free and open-source software.
- The Ubuntu release cycle and timeline for long-term support releases.
- Basic instructions for installing Ubuntu on a computer or via a USB drive in 6-9 steps.
At PloneConf 2019 in Ferrara I had a feeling of realization, That I had a misconception of the current state of Plone and development. In talks at the conference I also have seen that others have the same problem, as we speak of very different things.
The overall question that raised is “What is Plone for you?” and what is the future of Plone.
For me Plone is a vision, to empower users. Volto caries this vision. Therefore I can only recommend to endorse Volto as the future of Plone.
This document provides an overview of open source software and its use in libraries. It discusses the history of open source beginning in the 1960s and key events and definitions that helped establish it. Popular open source library software is outlined like Koha, Evergreen, and VuFind. Features they provide are highlighted. Other sections cover open source digital repositories, federated searching tools, and commercial support options available. Benefits and challenges of using open source software in libraries are examined.
LocJam is a game localization contest held between April 5-13, 2014. This presentation covers all the localization insights that Richard Mark Honeywood gave in workshop in Tokyo on April 6.
Topics include:
- Familiarization
- Glossary and style guide
- Editing
Day 1 slides UNO summer 2010 robotics workshop Raj Dasgupta
The document provides an overview of the first day of a high school robotics workshop. It introduces the workshop leaders and participants. It covers basic concepts in robotics through presentations and videos. It assigns students to teams to work on building a robot simulator. The plan for day 2 is to program intelligence into the robot simulator. Students are given homework to discuss problems robots could help solve.
This document provides an introduction to computer architecture for a workshop on embedded systems. It begins with the presenters introducing themselves and outlines the course. It then discusses key concepts in computer architecture like the computer stack, different types of processors, performance metrics, memory hierarchy, pipelining, real-time operating systems, and multicore processors. The goal is to equip participants with foundational knowledge of computer architecture that will help them in their work on embedded systems.
GNOME 3.0 Accessibility: State of the Union (Desktop Summit 2011)Igalia
By Alejandro Piñeiro.
In GNOME, accessibility is a core value that touches all aspects of the system.
From the infrastructure, to the graphical toolkit, to the applications, to the assistive technologies, accessibility has been a central consideration from the very early days. As a result, GNOME 2.0 not only has compelling accessibility today, but it also provides a rich and stable base for future accessibility work.
This year (2011) was released GNOME 3.0, the first major release of GNOME since GNOME 2.0 on 2002.
As a major relase GNOME 3.0 involves several changes on the technology layers of GNOME affecting the accessibility support in several aspects. Some examples: bonobo deprecation, new desktop (GNOME Shell) using a new technology (Clutter), etc.
Since the annoucement of GNOME 3.0 and those technologies changes the accessibility community was working in order to get the best support on this major release, including two accessibility hackfests during 2010.
In general, the purpose of this presentation is:
Introduce accessibility on GNOME.
Briefly explain the technologies changes between GNOME 2.0 and GNOME 3.0
How this affects accessibility support?
Community reaction?
Briefly explain the status of GNOME 3.0
What works?
What doesn't works?
Plans towards GNOME 3.2
Day2: Conceptualización, teorización e investigación en nuevas alfabetizacionesMichele Knobel
The document discusses various methods for collecting and analyzing data for research on online communities and fan fiction writing. It describes collecting observational notes, videos, photos, artifacts, transcripts of spoken word, and written texts. It also discusses analyzing data for patterns, coding themes, and categorizing data from spoken words, written words, and "reader reviews." Lastly, it provides some ethical considerations and recommendations for interviews.
- The document summarizes an OpenStack upstream training report from June 19, 2014.
- The training covered topics like the OpenStack release cycle, contribution workflow, and tools like Gerrit. It included exercises on using DevStack and contributing code.
- On the second day, there was a contribution simulation exercise using Lego and participants had to plan their own contributions.
- The report shared the author's thoughts on bringing the training to Japan and continuing to contribute code to OpenStack by communicating well and not giving up on reviews.
How to create/improve OSS product and its community (revised)SATOSHI TAGOMORI
1) The document discusses how to create and improve open source software (OSS) projects and their communities. It addresses questions around the purpose of the OSS, languages used, versioning, and community engagement.
2) Key recommendations for building community include using English, being open to contributions, demonstrating stability and maintenance, and having a pluggable architecture.
3) The document debates tradeoffs like clean code vs quick contributions, focused vs feature-rich software, and localized vs global development and highlights the need to choose approaches given limitations. Overall it stresses continuous improvement over time.
A deep dive into what makes Plan 9 a unique operating system. Built as a successor to Unix at Bell Labs, Plan 9 is a distributed operating system in the true sense.
I've uploaded my own Japanese translation of Jos's speech at Stanford University at http://www.slideshare.net/haradats/youve-got-to-find-what-you-love-jobs-says.
If you treasure the original speech like I do, why don't you make and share your version in your language?
This kit is a LaTeX template including the speech text. All you need is replace "*Your*" with translations and compile.
Enjoy.
Hint:
To adjust the horizontal positions of paragraphs, \baselineskip is handy.
Note:
The original text which has been published at the Stanford University is slightly different from the spoken words. My guess is that Stanford text is based on Job's memo received from Jobs.
More Related Content
Similar to Realities of Mainlining -- Case of the TOMOYO Linux project
Kernel Development: Drawing Lessons From "Mistakes" (Japan Linux Symposium 2009)guest40cf23
The document summarizes lessons learned from mistakes made during the development of the TOMOYO Linux project. It describes several errors made in initial patch submissions, such as not including patches, ignoring coding style standards, and proposing new APIs instead of using existing ones. Community members provided valuable feedback that helped correct these issues. The presenter hopes sharing these experiences will help other projects, especially newcomers, avoid similar pitfalls when contributing code to the Linux kernel.
Slides from the Kyoto Study Group organized during LocJAM Japan 2016 - Introduction to LocJAM Japan, the game localization process and Ikinari Maou, the game we are offering for translation this time.
This document provides lessons on how to become a hacker. It discusses preparing for a long journey, finding mentors, distinguishing yourself, going interactive, holding your hands, playing instead of just commenting, starting now and restarting often. It also discusses getting a computing and free software culture through writing and reading. The document encourages fixing your email, marrying your text editor, mastering version control and TODO lists, learning to make bug reports, scratching your own and others' itches, learning a programming language, understanding users' environments, and learning to test and write English. It concludes by discussing getting involved in a free software community.
This 1st presentation in the training "Introduction to linux for bioinformatics" gives an introduction to Linux, and the concepts by which Linux operates.
Ubuntu is a free and open-source operating system based on Debian GNU/Linux. It was first released in 2004. The document provides details about:
- The history and development of Unix and Linux operating systems.
- Popular Linux distributions such as Slackware, Redhat, Debian, Ubuntu, and their key features.
- The philosophy of Ubuntu which emphasizes free and open-source software.
- The Ubuntu release cycle and timeline for long-term support releases.
- Basic instructions for installing Ubuntu on a computer or via a USB drive in 6-9 steps.
At PloneConf 2019 in Ferrara I had a feeling of realization, That I had a misconception of the current state of Plone and development. In talks at the conference I also have seen that others have the same problem, as we speak of very different things.
The overall question that raised is “What is Plone for you?” and what is the future of Plone.
For me Plone is a vision, to empower users. Volto caries this vision. Therefore I can only recommend to endorse Volto as the future of Plone.
This document provides an overview of open source software and its use in libraries. It discusses the history of open source beginning in the 1960s and key events and definitions that helped establish it. Popular open source library software is outlined like Koha, Evergreen, and VuFind. Features they provide are highlighted. Other sections cover open source digital repositories, federated searching tools, and commercial support options available. Benefits and challenges of using open source software in libraries are examined.
LocJam is a game localization contest held between April 5-13, 2014. This presentation covers all the localization insights that Richard Mark Honeywood gave in workshop in Tokyo on April 6.
Topics include:
- Familiarization
- Glossary and style guide
- Editing
Day 1 slides UNO summer 2010 robotics workshop Raj Dasgupta
The document provides an overview of the first day of a high school robotics workshop. It introduces the workshop leaders and participants. It covers basic concepts in robotics through presentations and videos. It assigns students to teams to work on building a robot simulator. The plan for day 2 is to program intelligence into the robot simulator. Students are given homework to discuss problems robots could help solve.
This document provides an introduction to computer architecture for a workshop on embedded systems. It begins with the presenters introducing themselves and outlines the course. It then discusses key concepts in computer architecture like the computer stack, different types of processors, performance metrics, memory hierarchy, pipelining, real-time operating systems, and multicore processors. The goal is to equip participants with foundational knowledge of computer architecture that will help them in their work on embedded systems.
GNOME 3.0 Accessibility: State of the Union (Desktop Summit 2011)Igalia
By Alejandro Piñeiro.
In GNOME, accessibility is a core value that touches all aspects of the system.
From the infrastructure, to the graphical toolkit, to the applications, to the assistive technologies, accessibility has been a central consideration from the very early days. As a result, GNOME 2.0 not only has compelling accessibility today, but it also provides a rich and stable base for future accessibility work.
This year (2011) was released GNOME 3.0, the first major release of GNOME since GNOME 2.0 on 2002.
As a major relase GNOME 3.0 involves several changes on the technology layers of GNOME affecting the accessibility support in several aspects. Some examples: bonobo deprecation, new desktop (GNOME Shell) using a new technology (Clutter), etc.
Since the annoucement of GNOME 3.0 and those technologies changes the accessibility community was working in order to get the best support on this major release, including two accessibility hackfests during 2010.
In general, the purpose of this presentation is:
Introduce accessibility on GNOME.
Briefly explain the technologies changes between GNOME 2.0 and GNOME 3.0
How this affects accessibility support?
Community reaction?
Briefly explain the status of GNOME 3.0
What works?
What doesn't works?
Plans towards GNOME 3.2
Day2: Conceptualización, teorización e investigación en nuevas alfabetizacionesMichele Knobel
The document discusses various methods for collecting and analyzing data for research on online communities and fan fiction writing. It describes collecting observational notes, videos, photos, artifacts, transcripts of spoken word, and written texts. It also discusses analyzing data for patterns, coding themes, and categorizing data from spoken words, written words, and "reader reviews." Lastly, it provides some ethical considerations and recommendations for interviews.
- The document summarizes an OpenStack upstream training report from June 19, 2014.
- The training covered topics like the OpenStack release cycle, contribution workflow, and tools like Gerrit. It included exercises on using DevStack and contributing code.
- On the second day, there was a contribution simulation exercise using Lego and participants had to plan their own contributions.
- The report shared the author's thoughts on bringing the training to Japan and continuing to contribute code to OpenStack by communicating well and not giving up on reviews.
How to create/improve OSS product and its community (revised)SATOSHI TAGOMORI
1) The document discusses how to create and improve open source software (OSS) projects and their communities. It addresses questions around the purpose of the OSS, languages used, versioning, and community engagement.
2) Key recommendations for building community include using English, being open to contributions, demonstrating stability and maintenance, and having a pluggable architecture.
3) The document debates tradeoffs like clean code vs quick contributions, focused vs feature-rich software, and localized vs global development and highlights the need to choose approaches given limitations. Overall it stresses continuous improvement over time.
A deep dive into what makes Plan 9 a unique operating system. Built as a successor to Unix at Bell Labs, Plan 9 is a distributed operating system in the true sense.
I've uploaded my own Japanese translation of Jos's speech at Stanford University at http://www.slideshare.net/haradats/youve-got-to-find-what-you-love-jobs-says.
If you treasure the original speech like I do, why don't you make and share your version in your language?
This kit is a LaTeX template including the speech text. All you need is replace "*Your*" with translations and compile.
Enjoy.
Hint:
To adjust the horizontal positions of paragraphs, \baselineskip is handy.
Note:
The original text which has been published at the Stanford University is slightly different from the spoken words. My guess is that Stanford text is based on Job's memo received from Jobs.
My own Japanese translation of the legendary Steven Jobs's speech at the Stanford university.
Browser version available in http://slides.com/haradats/deck#/
この翻訳および文書の作成は、2015年10月23日に芝浦工業大学で行った講義、「人生をより良く生きるためのプレゼンーション入門」の資料として作成したものです。
PDFファイルは下記でダウンロードできます。
http://www11.plala.or.jp/tsh/stanford.pdf
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
This document discusses the advantages and disadvantages of label-based access control versus pathname-based access control. It notes that while label-based access control is robust against changes to pathnames and namespaces, the location and name of a file still have meaning in terms of how the system behaves and provides services. The document argues that restricting pathname changes is important for preventing unintended system behavior and maintaining system availability. It suggests that both label-based and pathname-based access controls are needed and that the LSM should support both.
TOMOYO Linux is an extension of the Linux kernel that adds process tracing capabilities. It automatically stores the "process invocation history" which shows how each process was created. This allows users to browse the entire process tree and see the relationships between running processes. The TOMOYO Linux policy editor provides a command line interface to view the stored process histories on a system and monitor actions caused by each process. TOMOYO Linux can help provide visibility into process activity and is maintained as an open source project with repositories of patched kernels and tools.
This document provides an introduction to securing Linux systems. It begins by explaining the types of exploits that can compromise Linux systems and gain root access. It then discusses how traditional Linux security methods like discretionary access controls (DAC) and firewalls are insufficient to prevent exploits. The document introduces mandatory access controls (MAC) as an enhancement that can restrict what programs are allowed to do even with root privileges. It emphasizes that MAC systems require security policies to define which accesses should be allowed or denied to provide protection while maintaining usability. The goal of secure Linux extensions is to grant necessary access according to policies while rejecting all other access attempts.
This document summarizes the key differences between SELinux and TOMOYO Linux access control systems. SELinux focuses on restricting programs based on security labels, while TOMOYO Linux focuses on restricting programs based on their process invocation history and parameters. The document argues that while label-based access control has limitations in guaranteeing information flow, TOMOYO Linux can help reinforce access control by restricting programs' actions and parameters within the kernel.
This document discusses the TOMOYO Linux access control system. It describes two versions of TOMOYO - version 1.6 which does not use Linux Security Modules (LSM) and version 2.2 which modifies TOMOYO to use LSM. The document then provides examples of how TOMOYO can provide access control based on file/directory names and parameters to address scenarios like restricting file uploads and executions. It argues that while label-based access control controls permissions, name-based controls like TOMOYO can address additional factors around how file contents are processed once in userspace.
The document proposes a method called "login authentication multiplexing" to strengthen login authentication security by enforcing multiple authentications rather than a single authentication. It involves placing extra authentication programs after the initial login that must be passed before accessing protected resources. This approach reduces vulnerabilities, allows flexible policies, and prevents damage until all authentications are passed. Practical issues like restricting shell access and remote access programs are also discussed.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Zilliz
Join us to introduce Milvus Lite, a vector database that can run on notebooks and laptops, share the same API with Milvus, and integrate with every popular GenAI framework. This webinar is perfect for developers seeking easy-to-use, well-integrated vector databases for their GenAI apps.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Securing your Kubernetes cluster_ a step-by-step guide to success !
Realities of Mainlining -- Case of the TOMOYO Linux project
1. Realities of Mainlining
- Case of the TOMOYO Linux Project -
Toshiharu Harada
<haradats@nttdata.co.jp>
<haradats@gmail.com>
NTT DATA CORPORATION
July 9, 2008
2. TOMOYO Linux
✴ “pathname-based” Mandatory Access Control (MAC)
enhancements
✴ Started as a R&D project of NTT DATA
CORPORATION in 2003
✴ Available as open source since Nov. 2005
✴ LiveCD is available
✴ http://tomoyo.sourceforge.jp/wiki-e/?TomoyoLive
✴ TOMOYO is a registered trademark of NTT DATA CORPORATION
4. Instructions
✴ During the presentation, I will ask a couple
of questions to the guests.
✴ Guests have the plate and are expected to
show us the answer.
5. Instructions
✴ During the presentation, I will ask a couple
of questions to the guests.
✴ Guests have the plate and are expected to
show us the answer.
7. Question
• Have you ever heard of “TOMOYO Linux”
I tried TOMOYO Linux and liked it
Yes
What is it?
8. March 2003
✴ Project launched at Kayabacho in
Japan without
✴ kernel development experiences
✴ specific goal
✴ smart, experienced project manager
9. When we started
✴ We didn’t know the words “mainline”,
“upstream” and “OLS”
✴ We never thought of making our
work to be merged in the Linux
kernel
✴ But now mainline is our major
concern
10. There has been changes
✴ We met many people
✴ Some people told us, some suggested, some
demanded ...
11. April 2006
Meeting with Russell
✴ Russell Coker has visited Japan
✴ We showed him an early version TOMOYO
Linux and received some comments
✴ He was the first person that suggested
mainlining
12. ✴ “Use the Linux auditing for event logging”
✴ “Use LSM interfaces. If you can entirely use
LSM interfaces then TOMOYO can be a
candidate for inclusion ...”
✴ “I suggest is to have equivalence classes (let’s
call them domains).This means that “vi” and
“emacs” will be considered to have identical
security properties ...”
✴ We have done the above by now
13. He wrote to me
✴ “If you mostly use LSM interfaces then you will
save significant amount of work in terms of
maintaining support for new kernels and also
save development work for everyone who
wants to use your system along with other
patches.”
✴ Full statements with Japanese translation is
found at http://lists.sourceforge.jp/mailman/
archives/tomoyo-users/2006-April/000062.html
14. Dec. 8, 2006
✴ Satoru Ueda of CELF (Consumer Electronics
Linux Forum) asked me to demonstrate TOMOYO
Linux at their technical meeting.
✴ http://tree.celinuxforum.org/CelfPubWiki/
JapanTechnicalJamboree12
✴ I spoke to them,
✴ “please send requests/questions in Japanese”
✴ “please use TOMOYO Linux”
✴ And got ...
15. Unexpected Comments
✴ They said
✴ “We want to use only in-tree modules”
✴ “Why don’t you try mainlining?”
✴ “Think global go out the world”
✴ “Try submitting ELC2007 (Embedded
Linux Conference 2007)”
16. Feb. 8, 2007
✴ Hiro Yoshioka of Miracle Linux gently
asked me to introduce TOMOYO Linux to
a pretty famous Japanese community,YLUG
(Yokohama Linux Users Group)
✴ I accepted as usual not knowing what
would happen ...
17. Feb. 8, 2007
✴ Hiro Yoshioka of Miracle Linux gently
asked me to introduce TOMOYO Linux to
a pretty famous Japanese community,YLUG
(Yokohama Linux Users Group)
✴ I accepted as usual not knowing what
would happen ...
18. Feb. 8, 2007
✴ Hiro Yoshioka of Miracle Linux gently
asked me to introduce TOMOYO Linux to
a pretty famous Japanese community,YLUG
(Yokohama Linux Users Group)
✴ I accepted as usual not knowing what
would happen ...
Hiro Yoshioka (YLUG)
19. Feb. 8, 2007
✴ Hiro Yoshioka of Miracle Linux gently
asked me to introduce TOMOYO Linux to
a pretty famous Japanese community,YLUG
(Yokohama Linux Users Group)
✴ I accepted as usual not knowing what
would happen ...
Hiro Yoshioka (YLUG) Masahiro Itoh (BlueQuartz)
20. Feb. 8, 2007
✴ Hiro Yoshioka of Miracle Linux gently
asked me to introduce TOMOYO Linux to
a pretty famous Japanese community,YLUG
(Yokohama Linux Users Group)
✴ I accepted as usual not knowing what
would happen ...
Hiro Yoshioka (YLUG) Masahiro Itoh (BlueQuartz) Hideaki Yoshifuji (Usagi)
21. “We will fix you!”
✴ It was a meeting of the Hell
✴ They compelled us to try mainlining
✴ We were scolded and they told us to see
the world
✴ They even demanded us to challenge OLS
✴ It was only 7 days to the deadline and I
didn’t know what OLS was :-) huh!
23. March 2007
✴ ELC2007 and OLS2007, both
submissions were accepted despite of
my expectations
✴ The beginning of the hard days
24. We worked hard
✴ Jumped in the LKML AppArmor threads
✴ Started making new TOMOYO Linux
patches that use LSM
✴ We wanted to post them to LKML
before OLS2007
25. Apr. 18, 2007
ELC2007!
✴ We had
✴ 2 sessions (presentation and tutorial)
✴ Not many people came to our session as
expected, but ...
28. Suggestions
from the Heaven
✴ “Try making TOMOYO Linux to be merged”
✴ “Talk with AppArmor people”
✴ We were encouraged, very very deeply
✴ We’ve followed the above advices before
OLS2007
29. TOMOYO Linux
LKML logs
• We are maintaining a Wiki page to follow
our postings.
• http://tomoyo.sourceforge.jp/wiki-e/?
WhatIs#mainlining
• Each posting is linked to a corresponding
LWN.net article.
30. June 13, 2007
✴ LKML debut of TOMOYO Linux
✴ We wrote URL to reduce the e-mail size ...
✴ Not in LKML standard coding style ...
✴ Tabs were not properly handled ...
✴ Full of failures
31. Message from
Mr. SELinux
✴ Stephen Smalley sent me a message
✴ “If you really want feedback or to get your code
into the kernel, you need to do more than post a
URL to the code - you need to break your code
down into a number of patches and post them...”
✴ I appreciated his consideration
32. Message from Japanese
community
✴ from Goto-san @fujitsu
✴ “You should choose mm tree or rc as base of
the patches”
✴ “Be careful to follow the LKML standard
CodingStyle (checkpatch.pl might
help)”
✴ “Use quilt”
✴ We didn’t understand those basic rules
33. How to start
• It’s simple, just give it a try
• You don’t have to be perfect (as we were)
• There are people who would help you
• You just need to “go out” to be visible
34. What You Need to Join the
kernel development
✴ The source code of Linux
✴ Enormous documentations and genius tools
are included as part of Linux
✴ Mail program that understands threads
and ...
35. What You Need to Join the
kernel development
✴ The source code of Linux
✴ Enormous documentations and genius tools
are included as part of Linux
✴ Mail program that understands threads
and ...
Courage
36. Where to find the
source?
• Visit www.kernel.org
• Browse LXR sites
• http://tomoyo.sourceforge.jp/cgi-bin/
lxr/source
• http://lxr.linux.no/
• Use Git (http://git.or.cz/)
37. Jun. 29, 2007
Ottawa!
(photo: just waiting for the time of our very first session at OLS)
38. ✴ Stephen Smalley, Chris Wright, Joshua
Brindle, Seth Arnold, Hadi Nahari and
other secure-OS guys came to my session
✴ What a pleasure!
45. anyway ...
✴ It was a really wonderful experience
✴ We met many people
✴ We found we were with community
✴ Unforgettable day
✴ I wrote a wiki page
✴ http://tomoyo.sourceforge.jp/wiki-e/?
OLS2007-BOF
46. OLS2007
The night of miracle
✴ Stephen spared his time to talk with
US after the session!!!
✴ He suggested us TOMOYO Linux get
married with SELinux or AppArmor
47. OLS2007
The night of miracle
✴ Stephen spared his time to talk with
US after the session!!!
✴ He suggested us TOMOYO Linux get
married with SELinux or AppArmor
48. Oct. 2, 2007
✴ Linus suddenly appeared in SMACK thread
and spoke out loud
✴ I’m tired of this “only my version is correct”
crap. The whole and only point of LSM was
to get away from that.
✴ Linus’ message sounded like a chance
(sorry for James ...), so we rushed to
prepare the 3rd posting
49. “only my version is
correct” crap?
• Linus’ words raised me questions
• I didn’t think SELinux people (or James)
meant only SELinux was correct ...
• Single solid security vs. choices
50. Questions?
• Should Linux have multiple choices for
fundamental security mechanism?
Yes
No
Other (let me say!)
51. Oct. 11, 2007
Shock
• We got 0 (zero) feedbacks for our 4th
posting
• This is sort of TOMOYO Linux project’s
difficulties
52. ✴ Positive feedbacks are always Good!
✴ Negative feedbacks and NACK are
“Not BAD”
✴ No feedbacks is BAD
53. Question
• How can this (*no* feedbacks)
happen?
• What should we do when there is no
feedbacks?
54. Nov. 29, 2007
PacSec2007
Dragos in Tokyo
http://sourceforge.jp/projects/tomoyo/document/PacSec2007-handout.pdf
55. Dec. 25, 2007
Posted Security Goal
✴ Serge E. Hallyn has suggested to enhance
✴ TOMOYO provides no sort of information flow
control
✴ TOMOYO is purely restrictive
✴ Learning mode is primary source of policy so you
depend on change of behavior to detect intruders
✴ but any intruder who attempts to do something
which the compromised software wouldn’t have
done should be stopped and detected
63. Paul, James and ...
• Are we missing someone? ... NO
• HE has sent Tetsuo personal messages
several times as well as Stephen
• If you move, you will know there are
people to help you
67. Jul. 9, 2008 (today)
Current Status
✴ We are still in the middle of our way
✴ It might take a month, a year or a decade,
but we know we will never give up
✴ Merging TOMOYO Linux started as our
mission, but now they are our
personal goals
✴ We found joys in ourselves
68. Question
• Do you think TOMOYO will be merged
someday?
Send me the patches and I will
merge them in my git tree
Someday, maybe
... I don’t want to mention now
72. HIM
(page 13 of 14)
http://www.celinux.org/elc08_presentations/morton-elc-08.ppt
please read and find HIM
73. HIM
(page 13 of 14)
http://www.celinux.org/elc08_presentations/morton-elc-08.ppt
please read and find HIM
74.
75. _
─ ─
● ●
| __ __ | “ i f t h e r e ʼs something in it for me”?
/ ∩ ⊃
( | |
. “ | |
76. You can also ask ME
• I think I am a kind of nice person
• I will help you if I can
• I have legs, too (not great, though)
ImpressIT
77. You can also ask ME
• I think I am a kind of nice person
• I will help you if I can
• I have legs, too (not great, though)
_
─ ─
● ●
| __ __ |
/ ∩ ⊃
( | |
. “ | |
ImpressIT
79. I came to find
✴ There were many people to help us
✴ We were not required the perfectness
✴ Every experiences are real treasures ...
✴ Go out and find your story and treasures
80. Mainlining
✴ it’s not easy, but it’s not impossible, either
✴ painful sometimes, but not all time
✴ yes, we are enjoying the whole process even
in the difficulties
✴ we can try because now we know it’s worth
81. Mainlining
✴ it’s not easy, but it’s not impossible, either
✴ painful sometimes, but not all time
✴ yes, we are enjoying the whole process even
in the difficulties
✴ we can try because now we know it’s worth
It’s worth
82. What you need
• Read the documents, first (almost
everything is already there)
• Start to live within the LKML and subscribe
LWN
• Attend community events and meetings
(they will not kill you)
84. With a little help
from my friend
• http://elinux.org/TomoyoLinux
• http://tomoyo.sourceforge.jp/
• http://sourceforge.jp/projects/tomoyo/
Thank you (^_^)/~
see you @ols2008