The document discusses using tokens instead of regular expressions to parse code. It provides an example of tokenizing a PHP code snippet and extracting variable names. The author argues that a tokenizer approach is better than regex for understanding context and structure in code.
PHP 8.0 is expected to be released by the end of the year, so it’s time to take a first look at the next major version of PHP. Attributes, union types, and a just-in-time compiler are likely the flagship features of this release, but there are many more improvements to be excited about. As PHP 8.0 is a major version, this release also includes backwards-incompatible changes, many of which are centered around stricter error handling and more type safety.
This talk will discuss new features already implemented in PHP 8, backwards-compatibility breaks to watch out for, as well as some features that are still under discussion.
PHP 8.0 is expected to be released by the end of the year, so it’s time to take a first look at the next major version of PHP. Attributes, union types, and a just-in-time compiler are likely the flagship features of this release, but there are many more improvements to be excited about. As PHP 8.0 is a major version, this release also includes backwards-incompatible changes, many of which are centered around stricter error handling and more type safety.
This talk will discuss new features already implemented in PHP 8, backwards-compatibility breaks to watch out for, as well as some features that are still under discussion.
(originally presented at YAPC::Europe::2007)
No-one is as critical about something as those that love it dearly. Mark Fowler has been collecting complaints from professional Perl developers for years about what warts still remain with the language when strict and warnings are turned on.
Are these problems unsolvable? A veteran Perl programmer himself Mark attempted to try and solve these issues - and then turned to the experts, the people who write books on Perl, the people who maintain the perl interpreter itself, for help.
This is what he learned...
Comparing the concurrency\thread model of Go and other languages\technologies like Node.JS, Java etc to understand how Go solves the C10K problem
The video for this session is available here: https://www.youtube.com/watch?v=e2QVjmN5IF4
PHP 8.0 comes with many long-awaited features: A just-in-time compiler, attributes, union types, and named arguments are just a small part of the list. As a major version, it also includes some backward-incompatible changes, which are centered around stricter error handling and enhanced type safety. Let's have an overview of the important changes in PHP 8.0 and how they might affect you!
There are a lot of operators in Perl 6, so many that it can be called an OOL: operator oriented language. Here I describe most of them from the angle of contexts, which Perl 6 has also much more than Perl 5.
From typing the test to testing the typeWim Godden
PHP unit testing + new PHPUnit patch for type testing functionality
Seems bullet points are not working and some of the slides are not so clear because of Slideshare conversion.
Presentation given at phpBenelux meeting August 25, 2010
Secure Programming Practices in C++ (NDC Security 2018)Patricia Aas
This talk is for programmers wishing to feel more comfortable navigating the C++ landscape. We will explore the programming culture that has developed around the C++ language. Specifically, we will look at programming patterns that navigate around or through some of the dangerous parts of the C++ language. The goal is to build a set of programming practices based in the “smaller and cleaner language” inside C++. And by doing so, we will also build an awareness around code constructs that can potentially “blows your whole leg off”.
Jenkins Pipeline is a game changing way to write automation jobs with Jenkins. Pipeline supports from simple one-step hello-world type jobs to the most complex parallel pipelines or Docker operations like creation or publication of images. Best of all, they support manual/automated intervention and also an extension mechanism to avoid the DRY effect on your build pipeline. Combining Jenkins Pipeline with Docker can seriously reduce friction in your DevOps efforts.
But Jenkins Pipeline is not the only new thing that are in Jenkins 2.0, there is also UX improvements better out-of-the-box experience and a new website.
Come to this session to learn what’s new in Jenkins 2.0 and how you can improve your Continuous Delivery Pipeline with Jenkins Pipeline as well as see what is coming after Jenkins 2.0.
Clean Coders Hate What Happens To Your Code When You Use These Enterprise Pro...Kevlin Henney
Presented at ACCU (24th April 2015)
It is all to easy to dismiss problematic codebases on some nebulous idea of bad practice or bad programmers. Poor code, however, is rarely arbitrary and random in its structure or formulation. Systems of code, well or poorly structured, emerge from systems of practice, whether effective or ineffective. To improve code quality, it makes more sense to pick apart the specific practices and see their interplay — the cause — than to simply focus on the code itself — the effect. This talk looks at how a handful of coding habits, design practices and assumptions can systematically balloon code and compound its accidental complexity.
Diving into HHVM Extensions (php[tek] 2016)James Titcumb
HHVM is quickly gaining popularity, and it is a pretty exciting time for PHP runtimes. Have you ever wondered what is going on beneath this slick, super-speedy engine? I wondered that myself, so I dived into the internals of HHVM, discovering a treasure trove of awesome stuff. In this talk, I will show you how HHVM works and how it all pieces together through a guided tour of the codebase. I will also show you a couple of ways to write your own incredible HHVM extensions.
Continuous Delivery enables building, testing and deploying of software through build pipelines faster and more frequently with a well known steps.
But how to implement a continuous delivery pipeline in real world? How to translate the theory into practice?
In this session we are going to discuss how Jenkins and Gradle can help you on build this pipeline/workflow and the advantages of implementing this pipeline as code instead of using Jenkins static build steps.
We will start by a really simple Java EE application and learn how to build it with Gradle, automating unit, integration and functional tests, incorporating popular code quality tools, as well as packaging, publishing and deploying the deliverable using Jenkins Workflow as the director of the whole process.
(originally presented at YAPC::Europe::2007)
No-one is as critical about something as those that love it dearly. Mark Fowler has been collecting complaints from professional Perl developers for years about what warts still remain with the language when strict and warnings are turned on.
Are these problems unsolvable? A veteran Perl programmer himself Mark attempted to try and solve these issues - and then turned to the experts, the people who write books on Perl, the people who maintain the perl interpreter itself, for help.
This is what he learned...
Comparing the concurrency\thread model of Go and other languages\technologies like Node.JS, Java etc to understand how Go solves the C10K problem
The video for this session is available here: https://www.youtube.com/watch?v=e2QVjmN5IF4
PHP 8.0 comes with many long-awaited features: A just-in-time compiler, attributes, union types, and named arguments are just a small part of the list. As a major version, it also includes some backward-incompatible changes, which are centered around stricter error handling and enhanced type safety. Let's have an overview of the important changes in PHP 8.0 and how they might affect you!
There are a lot of operators in Perl 6, so many that it can be called an OOL: operator oriented language. Here I describe most of them from the angle of contexts, which Perl 6 has also much more than Perl 5.
From typing the test to testing the typeWim Godden
PHP unit testing + new PHPUnit patch for type testing functionality
Seems bullet points are not working and some of the slides are not so clear because of Slideshare conversion.
Presentation given at phpBenelux meeting August 25, 2010
Secure Programming Practices in C++ (NDC Security 2018)Patricia Aas
This talk is for programmers wishing to feel more comfortable navigating the C++ landscape. We will explore the programming culture that has developed around the C++ language. Specifically, we will look at programming patterns that navigate around or through some of the dangerous parts of the C++ language. The goal is to build a set of programming practices based in the “smaller and cleaner language” inside C++. And by doing so, we will also build an awareness around code constructs that can potentially “blows your whole leg off”.
Jenkins Pipeline is a game changing way to write automation jobs with Jenkins. Pipeline supports from simple one-step hello-world type jobs to the most complex parallel pipelines or Docker operations like creation or publication of images. Best of all, they support manual/automated intervention and also an extension mechanism to avoid the DRY effect on your build pipeline. Combining Jenkins Pipeline with Docker can seriously reduce friction in your DevOps efforts.
But Jenkins Pipeline is not the only new thing that are in Jenkins 2.0, there is also UX improvements better out-of-the-box experience and a new website.
Come to this session to learn what’s new in Jenkins 2.0 and how you can improve your Continuous Delivery Pipeline with Jenkins Pipeline as well as see what is coming after Jenkins 2.0.
Clean Coders Hate What Happens To Your Code When You Use These Enterprise Pro...Kevlin Henney
Presented at ACCU (24th April 2015)
It is all to easy to dismiss problematic codebases on some nebulous idea of bad practice or bad programmers. Poor code, however, is rarely arbitrary and random in its structure or formulation. Systems of code, well or poorly structured, emerge from systems of practice, whether effective or ineffective. To improve code quality, it makes more sense to pick apart the specific practices and see their interplay — the cause — than to simply focus on the code itself — the effect. This talk looks at how a handful of coding habits, design practices and assumptions can systematically balloon code and compound its accidental complexity.
Diving into HHVM Extensions (php[tek] 2016)James Titcumb
HHVM is quickly gaining popularity, and it is a pretty exciting time for PHP runtimes. Have you ever wondered what is going on beneath this slick, super-speedy engine? I wondered that myself, so I dived into the internals of HHVM, discovering a treasure trove of awesome stuff. In this talk, I will show you how HHVM works and how it all pieces together through a guided tour of the codebase. I will also show you a couple of ways to write your own incredible HHVM extensions.
Continuous Delivery enables building, testing and deploying of software through build pipelines faster and more frequently with a well known steps.
But how to implement a continuous delivery pipeline in real world? How to translate the theory into practice?
In this session we are going to discuss how Jenkins and Gradle can help you on build this pipeline/workflow and the advantages of implementing this pipeline as code instead of using Jenkins static build steps.
We will start by a really simple Java EE application and learn how to build it with Gradle, automating unit, integration and functional tests, incorporating popular code quality tools, as well as packaging, publishing and deploying the deliverable using Jenkins Workflow as the director of the whole process.
Fear The Walking Churn: A retention case studySean Porter
A walkthrough of how we reduced churn by 66% in less than 18months at FullContact -- methods, results, and a cheat sheet of apps and techniques for you to try.
And now you have two problems. Ruby regular expressions for fun and profit by...Codemotion
A wise hacker said: Some people, when confronted with a problem, think “I know, I’ll use regular expressions.” Now they have two problems.
Regular expressions are a powerful tool in our hands and a first class citizen in ruby so it is tempting to overuse them. But knowing them and using them properly is a fundamental asset of every developer.
We’ll see hands-on examples of proper Reg Exps usage in ruby code, we’ll also look at bad and ugly cases and learn how to approach writing, testing and debugging regular expressions.
JSARToolKit / LiveChromaKey / LivePointers - Next gen of ARYusuke Kawasaki
I gave a talk about the next generation of AR. Pure ActionScript 3.0 libraries of LiveChromaKey and LivePointers made it at the SparkStudy/09 (Spark project勉強会#09)
Try this at: http://www.kawa.net/text/spark/09/spark.html
Arpad Ray's PHPNW08 slides:
Looking at websites from the perspective of potential attackers is a useful technique not only for security professionals.
This talk demonstrates how to use simple PHP scripts to exploit many common security holes in PHP applications, hopefully giving developers a deeper understanding of what it is they are protecting against.
* Getting around common precautions against SQL injection
* Free spam with SMTP injection
* Making a malicious website to exploit PHP sessions
* The holes every attacker hopes for
* Making use of a newly exploited website
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
2. Who is this Sean guy?
• Web Architect at OmniTI (http://omniti.com/)
• Former Editor-in-Chief of php|architect and former
organizer of php|tek
• PHP Community, Habari, Phergie
• Other conferences (PHP Quebec earlier this year)
• the Twitter: @coates
• Beer Lover (and brewer)
• (I speak too quickly)
3. “A token is a
categorized block of
text. It can look like
anything; it just needs
to be a useful part of
the structured text.”
-Wikipedia
18. “Lexing”
• a Lexer converts a sequence of characters
into tokens
• “Lexical Analysis”
• Lex, Flex, re2c (lexer generators)
19. Static vs. Dynamic
Analysis
• Dynamic: actual execution, practical
implementations such as pen. testing.
• Static: analysis of code, tokens, opcodes,
etc. to determine if a particular action will
take place
• (not the only use for Tokens, though)
20. Out with Regex
• Find all variables
• Regex:
/($[a-z_][a-z0-9_]*)/i
21. Out with Regex
• Find all variables
• Regex:
/($[a-z_][a-z0-9_]*)/i
• context matters:
$str = '$a = 5 + 7; // $b';
29. Difficult validation
made simpler
• Email validation is haaaard!
• Validate logical units separately:
s e a n @ p h p. n e t
30. Difficult validation
made simpler
• Email validation is haaaard!
• Validate logical units separately:
s e a n @ p h p. n e t
Domain
Localpart Separator
31. Difficult validation
made simpler
• Email validation is haaaard!
• Validate logical units separately:
s e a n @ p h p. n e t
• Still hard, but validation is restricted to
different types of data
• BTW, don’t bother (-:
33. Dirty Little Secret
• Most tokenizers (lexers) use regular
expressions to separate tokens
• re2c
• Multiple ways to represent separators,
whitespace, etc.. simplified with regex
39. Tokenizer in Userspace
• token_get_all() returns an array of scalars
and arrays
• A bit hard to work with
• Needs opening tag (<?php or <? depending
on config)
49. Tokalizer
• PHP token analysis wrapper
• Object-oriented
• Normalized
• Includes a partial parser (in PHP, so it’s
slow). Doesn’t work with new 5.3
constructs... yet.
• http://github.com/scoates/tokalizer
52. Token dumps
• text token dump
• definition dump (*cough* currently broken)
• html dump
53. Habari’s HTML
Tokenizer
• Filter user input (can strip tags intelligently)
• Allow plugins to inject/replace whole
blocks of HTML without (developer-facing)
regex
• Facilitate autop, introspection
54. HTMLPurifier
• Intelligently filters/escapes potentially
dangerous data
• Token-based approach
• Really difficult
• Code is slow and memory-intensive, but it’s
extremely complicated